* Posts by Charles 9

3877 posts • joined 10 Jun 2009

German freemail firms defend AdBlock-nobbling campaign

Charles 9
Silver badge

Re: Pah!

Key word ALMOST. Sometimes, they ARE the exclusive source, leaving you, like I said in a Hobson's choice (as in Take It or Leave It). Or ALL the alternatives are similarly blockaded (I've seen that happen). It provokes some thinking on whether or not it's REALLY worth it.

This is only going to get worse as more and more sites adopt ad-detection-detection and raise clickwalls and other blockades to stop them. I think if it developed into a tech war, the server has the ultimate advantage since they can just require subscription which opens the legal door for data mining.

0
0
Charles 9
Silver badge

Re: Pah!

They counter with clickwalls and captive markets. When you're the ONLY source of something popular AND you've created your site such that ANYONE coming with with AdBlock, NoScript, or whatever is firmly told "Access Denied until you turn that crap off," you're kinda left in a Hobson's Choice.

0
0

Anti-snoop Blackphone hits shelves in June: NOW we'll see how much you value privacy

Charles 9
Silver badge

Re: As long as it runs Android...

> True. Although if you encrypt securely with a decent key higher up the stack all the radio/WiFi sees is encrypted traffic.

Not unless the plods have other parts of the system borked like the OS core, the CPU, or a hardware security chip: areas where the key HAS to be readable in order to be useable. Meaning even if you encrypt before the modem/radio chip, they'll still know how to decrypt it.

> No, there are no better alternatives. But that was my point Android is no better or worse starting place than any other mobile OS. At the moment its security credentials (like most other OS) are lacking.

Meaning, all other things being equal, the price tag wins. Meaning AOSP (price tag $0) wins. Yes, it needs serious security hardening, but as you've said yourself you need to do that ANYWAY, so don't handicap yourself by paying for an OS license on top of that.

0
0
Charles 9
Silver badge

Re: As long as it runs Android...

And now to address each point:

1) Most Andorid handsets come bundled with (closed source) vendor bloatware. Some of which can be disabled some of which cannot. Possibly not the fault of the OS, but thats the way it is.

These are vendors interested in data mining. This one is figuring on the opposite, so bloatware should be reduced to just Silent Circle and a few essentials.

2) Android is not really open source. The source code/apis for dual SIM functionality has never been released.

Got any better alternatives besides the Android Open-Source Project? Ubuntu's too new, QNX has to be licensed to use, and Blackberry's in limbo. Besides, do any of them support dual SIMs? The main reason it's not community-supported goes to your next point below.

3) Modem/radio part of the firmware tends to be vendor specific. Lots of scope for NSA abuse there. (Maybe not part of the Android OS but you won't get far without it)

If you can't trust the radio or modem chip, you're basically screwed since these chips are usually patent-encumbered meaning an open version of such won't exist. And if it's not the NSA poking backdoors in the hardware, it's their Russian or Chinese counterparts. Why not just X-ray each lot that comes in to make sure their pattern matches a known-good spec?

(Going back to dual SIMs, there's more than one way to make it work. Dual SIM controllers are as closed as radio and modem chips. THAT'S why they're not community-supported.)

4) Even in a stripped down Android with no Gapps (including Cyanogenmod) it reaches out to Google servers. Specifically clients3.l.google.com (check getDefaultUrl() in the ConnectivityService). This at the moment is fairly harmless, but could be exploited in the future and there may be others.

Is this true even of non-Google Android devices like the Amazon Kindles and B&N Nooks? Besides, something like that should be easy to edit in the source. It's just that many open-source distros don't bother.

5) Apps can and do request lots of permissions. These cannot be turned off. You either install the app or you do not. Is it the OS role to police the apps? Maybe not, but it could be improved. Like disabling perm by perm after installation.

Not even with App Ops or a similar security program? And there are versions that work with the latest Android 4.4.2 KitKat.

1
0
Charles 9
Silver badge

Re: Question

What you describe is similar to the Freenet system which uses hashes and generated keys as resource locators. The main problem with your idea (and with Freenet) is routing. Part of the reason IP works as it does is it allows switches and other routing hardware to map out where certain packets have to go. It's actually very important because it conserved bandwidth which can add up as you go up the backhaul. Without that routing information, you end up having to poll the whole network to try to find the destination, and it's never going to be as snappy as the open Internet because efficiency leaves traces that plods can sniff out. IOW, INefficiency is pretty much required to improve security, creating a tug of war between the two since both have practical implications.

2
0
Charles 9
Silver badge

Re: The long necked chicken

So the only way these phones could add to the security of the user would be to keep a connection to "the other guy" 24*7¹. Somehow I don't think that people value their security enough that they'd be prepared for that much of a bill every month.

That's part of how Freenet works, doesn't it? It keeps connecting to all sorts of peers 24/7. Only trick right now keeping this from working on mobile network is usage caps. If phones had usage to spare, then perhaps they can obfuscate by holding lots of fake conversations between each other. Then how would the spooks distinguish the real conversation from the chaff?

1
0

Icahn and I will: Carl's war on eBay goes NUCLEAR over Skype

Charles 9
Silver badge
Meh

Re: Tricky to parse those first paragraphs.

That's what I was noting. OK, so Ichan's a jerk, but that doesn't preclude him having a point. Unless someone can show us otherwise, these could be seen as cases of failure of fiduciary duty, insider trading, or both.

2
0
Charles 9
Silver badge

Re: Jackass

Honest question here. Aren't SOME things regulated by law, such as fiduciary duty? Isn't that why such things as insider trading are legal no-no's?

What I'm getting at is that Ichan seems to be alleging either failure of fiduciary duty (selling at an avoidable loss) or insider trading, either of which IS a legal matter. Ichan may be a jerk, but even jerks have a point sometimes, so has anyone taken a serious look at his allegation. If so, why doesn't it have merit?

3
1

IM demo for TOR coming soon

Charles 9
Silver badge

Re: Sir

The real goal is to make the connection look like an innocuous connection like a web session. Trouble is, innocuous sessions are typically wide-open and easy to inspect. Trying to do anything outside that purview, such as using exotic flags, is going to trip flags.

Frankly, given the current state of the Internet, I don't think it's possible to "hide in plain sight" and get a detailed message anything past a knowledgeable and savvy power who outlaws all encryption as a matter of course and can routinely sniff connections. The reason being just about anything you try will either (a) leave telltale clues when you try to parse it as it appears, or (b) is vulnerable to mangling such that the end product retains purpose as it appears but ruins stego (ex. whitespace-washing text, resizing images, resampling/recoding audio, etc.). You could probably get away with pre-arranged signal images and the like, but anything spontaneous or detailed would probably require another approach (if any is possible).

0
0
Charles 9
Silver badge

It can only do so much. A savvy power would know real binary data would be formatted. That's why the "magic numbers" technique works. Attempt to obfuscate and they'll try to parse it, which will likely produce telltale clues. As for steganography, mangling inputs should break all but the most robust (and lowest bitrate) systems.

0
0

RSA booked TV's Stephen Colbert to give the final speech. This is what happened next

Charles 9
Silver badge

Re: Unless you don't live in the US.

Not even after Waco, Ruby Ridge, and ESPECIALLY Oklahoma City, all perpretrated by natural-born Americans?

1
0

Boeing going ... GONE: Black phone will SELF-DESTRUCT in 30 secs

Charles 9
Silver badge

Re: Another Boeing Project 25?

And aren't there electronics and even chemicals sensitive to X-rays? What if the phone has a lead lining or other form of X-ray shielding?

1
0
Charles 9
Silver badge

BECAUSE it's so open. They can gut out all the insecure stuff and replace it without having to relicense or pay anything for the base. QNX, for example, requires licensing. Besides, the Linux-based Android kernel includes SELinux, which they helped to develop.

1
0
Charles 9
Silver badge

Re: Security on Phones

The Cold Boot attack. Perhaps encrypt the RAM and use a secure SoC where only the CPU can read the key. There's already commercial examples of such systems.

0
0

Bitcoin or bust: MtGox files for bankruptcy protection

Charles 9
Silver badge

Re: Maybe they really _are_ lost

So paper money can't be incinerated into invisible particulate matter and coinage can't be melted down into a useless amalgamation of base metals? You may still have stuff left afterward, yes, but whatever the heck it IS, the one thing it certainly ISN'T is money. Besides, by law, there has to be a way to retire old money so that fresh currency can take its place.

0
0
Charles 9
Silver badge

Re: Strange...

According to Coinbase, which is one of the more legitimate sites with proper accounting, bank ties, and legal paperwork filed, as of the time of this message, about $560 per.

1
0

LOHAN chap brews up 18% ABV 'V2' rocket fuel

Charles 9
Silver badge

Re: No Duty on Brewing

Alcohol tax revenues go to the STATE, as the fed washed its hands of all alcohol-rated taxation with the 21st Amendment (the A in ATF deals mainly with transport, not with production—IOW bootleggers and smugglers). The reason alcohol laws are so uniform across states is because they tie federal road funds to certain alcohol-related prerequisites (like a minimum age of 21). Licensing is issued by the state (for example, the Virginia Alcoholic Beverage Control board), and they DO have reason to regulate for safety reasons. Many moonshine stills are in the woods, so if the moonshine there catches fire, there's a potential forest fire to deal with. Also, victims of exploding stills may not be well to do, meaning the government has to help foot the cost of healthcare for the injured. So you see, the money and the safety angle are intertwined.

0
0
Charles 9
Silver badge

Re: Beyond 18% ABV...

Try a Samuel Adams Utopias. They worked long and hard to come up with the right yeast strain. AFAIK, they made it to 50 proof (25% ABV): the strongest purely-fermented alcoholic beverage known. Some claim higher but those are either jacked or fortified.

2
0
Charles 9
Silver badge

Re: No Duty on Brewing

/ believe the prohibition has less to do with safety and more to do with control of a desireable commodity and, of course, tax revenue

If that were true, homebrews would be subject to similar restrictions (after all, most people drink beer, not booze, and drink more of it). Nah, safety's the bigger issue here. Not only do some unscrupulous shiners sell the foreshot, but there have been instances of accidents occurring at moonshine stills (either the shine catches fire or a bad setup causes the boiler to explode).

2
0
Charles 9
Silver badge

Re: No Duty on Brewing

Sounds a lot like the general rules in America (it varies from state to state). Homebrews are generally accepted as long as they're not sold commercially. Distillation requires a license. As I recall, controlling the toxic "foreshot" is one thing, I think another reason has to do with fire codes (since you're using heat to distill and the final result can potentially be flammable).

0
0

Fukushima radioactivity a complete non-issue on West Coast: Also for Fukushima locals, in fact

Charles 9
Silver badge

Re: Just remember...

US Law requires distilled spirits (and wine/beer) to be radioactive. Sure it is a bit indirect, but the law DOES require it.

Let's talk context. The reason for this requirement is that they want to make sure the ethanol used in the drink came from plant products rather than petroleum. They do this by testing for the presence of radioactive Carbon-14 (which would be pretty fresh in plant-based alcohols in contrast to petroleum-based ones).

0
0
Charles 9
Silver badge

Perhaps we can ask the residents of New Hampshire or Cornwall. Both are situated on significant granite deposits.

0
0

Final LOHAN test flights codenamed 'Punch' and 'Judy'

Charles 9
Silver badge

Re: says

Funny. I saw those names and thought something else entirely: an anime involving outer space bounty hunters.

So it begs the question, which came first: Cowboy Bebop or Girl Genius?

On third thought, perhaps something prior to both used those names in the past, and each independently took them on.

0
0

NO WONDER Big Blue dropped it: IBM server biz BOMBED in Q4

Charles 9
Silver badge

A flood of red ink tends to evoke the metaphor "bleeding money" instead.

I agree that "IMPLODED" is a better term, although by the time I type this they've settled on "BOMBED" which evokes a similar image.

1
0

Prez Obama cyber-guru: Think your data is safe in an EU cloud? The NSA will raid your servers

Charles 9
Silver badge

Re: Your data

They don't have to trump it. They just IGNORE it: "Ink On A Page". It's not like you can vote in anyone else to replace them (no one even gets on the ballot unless they're in on the plot). And the average American is to apathetic (or busy trying to earn a living) to organize a massive uprising a la Kiev.

2
0
Charles 9
Silver badge

Re: @Charles 9

So someone wanting to get your stuff would need to successfully hack into a US and Chinese cloud provider, and crack the encryption.

You forget the very real possibility the NSA and its chinese counterpart routinely hack into EACH OTHER. Meaning it's passing fair one encounters the other's file, puts two and two together, and obtains a copy of the other's file, reducing the number of places you have to hack. Furthermore, merely finding something like this would likely draw an investigation into who did something this elaborate.

1
0
Charles 9
Silver badge

Re: Like most crime you can't stop a *really* determined criminal.

As if that's stopped the NSA before. Remember Stuxnet? It penetrated an airgap...

0
0
Charles 9
Silver badge

Re: @Eguro

As I understand it, there are encrypted filesystem programs already in existence that can operate on a file image. A CLOUD file image could perhaps be done in a stretch. As for the other piece, that's just a keyfile, and you can make that just about anything of your choice. As for hardening the image file, many of them can use multiple algos for extra strength. It reduces the throughput, but with a cloud file the network is the bottleneck anyway.

0
0
Charles 9
Silver badge

Re: @Eguro

Not impossible. Once one realizes you need the other copy, they'll just hack into EACH OTHER. Which they've already been doing.

0
0

Hey 4G bods: We need to make 'phonecalls' with our 'voices', too

Charles 9
Silver badge

Re: "Most systems currently expect the call to drop, which means you’ll have to redial."

Guess we'll have to agree to disagree, because my experience was the exact opposite of yours. My N95 missed half the time while the Android rarely missed. Meanwhile, I'm used to saying "Call" because I once had a *1G* phone that allowed voice calling. Flip open the phone and it asked, "Who would you like to call?" Android's a touch more complicated than that these days, but then again I also use the extra functionality, too.

0
0
Charles 9
Silver badge

Re: "Most systems currently expect the call to drop, which means you’ll have to redial."

I'm the other way with touch and speak dialing: probably because it MISSED half the time.

BTW, I thought most Android phones with Google Voice Search understand a "Call" command?

0
1
Charles 9
Silver badge

Re: Really ?

It's guaranteed by law in the US as well, last I checked. As long as the changeover follows certain procedures, you can port your number from carrier to carrier.

0
0

Aaah-CHOOO! Brit boffins say WiFi can 'sneeze' malware

Charles 9
Silver badge

Re: Mainframe infected by nasties ..

If I recall, that was only true if the mainframe ran on Harvard architectures which separated the code and data. Trouble was, Harvard architectures prevented certain useful things such as varying forms of compilation like Just-In-Time and other situations where code and data are one and the same.

Plus that's just one way to pwn a machine. What about Return-Oriented Programming, which cherry-picks existing code instead?

3
0

Samsung and Apple BEWARE: Huawei is coming to eat your lunch

Charles 9
Silver badge

Re: Pronouciation

If you study the Japanese kana tables (what are essentially the Japanese version of the alphabet--only they represent phonemes), you'll see many different consonants being represented there: including "ra", "ro", etc. But there's none starting in "l". It's just the way their language developed. I can see why the connection was made, though, since similar tongue motions are done with the Japnaese style of "r" and the English "l" (which also involves lightly touching the palette). The point is that this idiosyncracy in language presents a "lost in translation" problem sometimes. I'm not implying anything good or bad about it; happens all the time between distant languages. I once heard an African tongue (one that involved lots of tongue motion, I think) that made me think in wonder, "How did a language like that develop?"

0
0
Charles 9
Silver badge

Re: Pronouciation

Even then, there is never any guarantee that hear an audio clip in the same way as a native speaker, specifically if your ears were exposed to the difference between 'rip' and 'lip' during a short period in your infanthood, you will never be able to distinguish them in adulthood (hence many racist jokes about Japanese pronunciation of European words).

I thought the Japanese R/L mixup came from their alphabet, which doesn't distinguish between them (basically, their alphabet has the R consonant, but not the L--when they have to accommodate an L from a foreign language, they use the R which is closest). I know a few Japanese writers and artists have actually played on this ambiguity as jokes or whatever.

0
0

Jolla announces Sailfish OS 1.0, says Android love-fest soon to come

Charles 9
Silver badge

Re: Unique opportunity for Sailfish

Chris, no, don't. I'm having enough of this prompting garbage on iOS where EVERY BLOODY TIME I get prompted that switching on WiFi would be so much better than saving my battery and not supporting positional accuracy for whichever 3rd party that is not close enough to government to simply demand cell triangulation - an extra trick they use is swapping "OK" and "Settings" around so you always have to look before you can stop it. And don't get me started on the mail app where every single mailbox will tell me it cannot talk to the server, despite that the OS itself knows full well that cell data is off or airplane mode is enabled. It's only funny the first time.

You may not, but someone sufficiently paranoid might like it. The point I want to make is that the ultimate decision should fall to the user, not the coder, not the phone maker. If the user wants to be prompted every 5 minutes, it's his/her call. The OS should allow, encourage, even REQUIRE the user make these calls about their apps.

0
0
Charles 9
Silver badge

Re: Samsung Galaxy, Google Nexus, and Sony Xperia phones

They can hook up with the Android modders to help with that. It didn't take long for the S4 to have a significant modding community, if XDA is any indication. They've already delved deep into custom installs and getting around various protection systems including KNOX. I've been tracking it since I'm not too fond of TouchWiz (memory hog) and have been using AOSP-based ROMs for a leaner, meaner phone.

0
0
Charles 9
Silver badge

Re: Samsung Galaxy, Google Nexus, and Sony Xperia phones

Well, it would be pretty safe to say the S4 series, the Nexus 5, and the Z series, respectively, for starters. How far back each goes, no one knows, but as those represent the top of the line (or close to it) currently in circulation, those are probably the safest bets.

1
0
Charles 9
Silver badge

Re: Unique opportunity for Sailfish

Actually, we can. What's being stated is that the base Android OS is too lax on security (owing to a model intended to coax developers, not to woo users). The hope is that Sailfish will be built with user-selectable security being baked right into the kernel where it can't be removed. Thus, when a Sailfish app asks for something, it can be controlled by the user to a meticulous degree. For example, instead of being forced to say "yes, you have network access" or "no" in broad, you can perhaps be able to have it prompt you, either the first time or (and here's where it can top iOS) EVERY time or in specific timed intervals. With this level of control and a "deny-by-default" attitude, it would be very tough for anything underhanded (like perhaps Google Play Services) to slip in under the radar.

0
0

Samsung brandishes quad-core Galaxy S5, hopes nobody wants high specs

Charles 9
Silver badge

Re: Brilliant

More bits also mean more registers. More registers means doing things in less cycles. Doing things in less cycles mean less running the processor at full speed. Less running the processor at full speed saves battery.

Depends on where the information comes from to begin with. If you have to fetch stuff from memory, then you take the hit no matter what, either with one 64-bit swipe or 2 32-bit ones (and it's only natural that energizing 64 wires takes more energy than energizing 32 of them).

If you can optimize your routines to use additional registers, OK, but there's also the tradeoff of having more registers in use at once (again, energizing a maximum 64 registers vs. a maximum 32). Also, some operations can't be optimized well to use the registers, perhaps because it's memory-heavy or is otherwise of a nature where a ton of registers isn't going to be so useful (sorta like how GPGPU computing is not ideal for video encoding--it's process-divergent and memory-heavy).

1
0
Charles 9
Silver badge

Re: Brilliant

Tell me. What can you do with a 64-bit phone that you can't with a 32-bit one? More bits likely draw more power, and more RAM probably isn't needed for at least another generation. Sure, mapping storage would be neat, but isn't the flash the bottleneck?

2
0
Charles 9
Silver badge

Question. About this heart rate monitor? Is it more or less an infrared sensor that does it much like an app I've seen in the Play store that can use the camera's ability to see infrared to do the same trick?

0
0

MIT wants quasars to help put free will to rest

Charles 9
Silver badge

I think that's the intention. See if there is a correlation between two things 13 billion light years apart, then how would classical mechanics explain it (since under that, it would take that long for one to react to the other simply due to the limitations of the speed of light)? And I would assume the two quasars would be chosen such that we wouldn't be equidistant between them, removing that possible coincidence.

0
0

Mobe operators, need to check your network? There’s an app for that

Charles 9
Silver badge

They can't control the customers too well. Thus this bridge. You use the mobe so the tech can go where people go, but you control the variables and use a hired hand to make the results more precise and reliable.

0
0

Beware Greeks bearing lists: Bank-raiding nasty Zeus smuggles attack orders in JPEGs

Charles 9
Silver badge

Re: Steganography to hide the whole thing

The big trick would be to conceal the payloads in ways that can withstand mangling, image conversion, and so on. Many hosting sites will routinely alter images to make them easier to store and transmit, and the extent of these alterations can break many stegos to date: including perhaps this method or a variant of concealing it in the EXIF data. I will admit that a 1080-sized wallpaper gives more real estate to work with, but that's again reduced by the robustness requirement.

0
0

TV scraper Aereo pulled off air in six US states after tellyco court injunction victory

Charles 9
Silver badge

Re: Crucial difference

"If wee little paperclip antennas installed in racks in the basement data centers actually worked, then why does everyone else spend so much time up on the roof struggling to get an OTA HD signal? Why doesn't Aereo drop this service model and start selling these amazing "antennas" to the public? Perhaps the same technology can be applied to directly detect signals from deep space missions using nothing more than a slightly larger paperclip?"

Because location is part of the reason Aereo works. Aereo carefully picks their facilities to optimize the reception, much like transmitters use tall masts and prefer the tops of hills and the like: the clearer your line of sight, the better. Put it this way: no matter how good your setup, trying to get good reception in a valley (or a concrete canyon) is pretty much going to be hit or miss: bad line of sight compounded with reflection echoes.

0
0
Charles 9
Silver badge

Re: Beer analogy

They pay by the eyeball on the TV. Thing is, TV watching has spread out lately, and the TV auditors lack the means to measure things like Aereo, computers, even DVRs.TV shifting been a brewing storm for the advertisers for a few years now because to date they lack a reliable means of measuring shifting.

0
0
Charles 9
Silver badge

Re: Crucial difference

"Also, insects have antennae; televisions have antennas. Once a loan-word has acquired a new meaning, it follows modern English pluralisation rules in its new sense."

Last I checked, it should be all or nothing. Multi-mast WiFI setups still use "ae" IIRC. Put it this way: either insects have antennas or wireless systems have antennae: no vacillating.

It's like with the "mouse" and "house" question. Why don't we say "mouses" or "hice"?

2
1

US Senate bill would mandate 'kill switch' on all smartphones

Charles 9
Silver badge

Re: dumb question but...

Plus what if the phone never gets the kill signal in the first place because it gets shielded before the kill signal is ever sent? Then it's sent someplace where the kill signal isn't supported?

0
0

Forums