* Posts by Charles 9

5065 posts • joined 10 Jun 2009

Lawyer: Cops dropped robbery case rather than detail FBI's StingRay phone snoop gizmo

Charles 9
Silver badge

Re: @LucreLout - @Gordon

"But this case *isn't* about a phone being stolen, it's about the Police very probably using illegal methods to snoop on phones in the same way that GCHQ and NSA want to snoop on what everyone does online in the hope that, in the massive haystack of data they collect, there may be a needle."

But when the needle's made of explodium so it doesn't react to magnets or x-rays, making it indistinguishable from the haystack, how do you find it before it explodes, takes hundreds of people with it, and YOU get the blame for not finding it in time?

0
2
Charles 9
Silver badge

How far are they willing to go? Suppose the next target is a murderer? Will they be willing to risk innocent lives to keep Stingray secret? What if a dropped case results in new victims who then sue on the grounds of miscarriage of justice?

4
0

America was founded on a dislike of taxes, so how did it get the IRS?

Charles 9
Silver badge

But those same states typically charge you for obtaining an ID card. If it's a requirement to vote to possess such an ID, that amounts to a poll tax, and that runs afoul of the forbidden laws list of Article I, Section 9.

0
1
Charles 9
Silver badge

Re: Wouldn't work there, unless I planned on living there until the end

Well, even cosmetic house improvements need to be checked they don't pose other risks. For example, you have to keep a certain amount of open space between you and any adjacent streets so people and cars can properly see around corners. You can't put up anything fragile and likely to fall off or fly in the wind and hit someone. And so on.

0
0
Charles 9
Silver badge

Re: USD $24 for 10 gallons of gas

"Gas prices went up in California, because we use a special gasoline formulation to reduce smog, so gas normally sold outside of California can't be loaded on a tanker truck and sold in-state."

That's also why most cars in the US are built to the tighter California emission standard (anyone watching an American game show with a car in it may have once heard "California emissions" being listed as the features on the cars, meaning the additional stuff needed to make the car California-compliant).

0
0

Your city's not smart if it's vulnerable, says hacker

Charles 9
Silver badge

Re: It's only taxpayers money, who cares?

And if "do nothing" and "go manual" aren't options for legal or "political" reasons?

0
0

Nvidia's GTX 900 cards lock out open-source Linux devs yet again

Charles 9
Silver badge

Re: One of the reasons I abandoned them years ago

"Why this assumption? Because the game developers won't write for Linux or Mac?"

EXACTLY. Even TODAY, with Valve actively encouraging Linux development to push the Steam Box, most games coming out are Windows-ONLY.

0
0
Charles 9
Silver badge

Re: A solution for the wrong problem

nVidia already has a toehold in the portables with their Tegra SoC. And their APU lines points to a similar direction for AMD. Sounds to me like that base is covered. Meanwhile, in performance gaming, the PC will still have a place for years to come, and as long as there's a demand for performance gaming, the incumbent (Windows) will always have the edge. Portables will never take that away or everyone would be gaming on laptops now.

What nVidia did with Valve was simply a CYA move, but they could easily abandon it, especially if Windows X boosts the PC profile again.

0
0
Charles 9
Silver badge

Re: A solution for the wrong problem

When the Steam OS comes of age, nVidia and AMD will make Valve bend over. Valve needs them for good graphics performance. They can stick to Windows.

1
9

Verizon FLICKS FINGER at Netflix with skinny à la carte-style TV package for fibre munchers

Charles 9
Silver badge

Re: Business as usual then...

So you fire back you're a caeliac with a religious objection to the soup. See how they fire back.

(That's how some people can get food into a cinema or sports arena—medically-ordered diets mean they can't have anything else, so taking the food away becomes a crime.)

0
0
Charles 9
Silver badge

Re: fug ESPN

Only two problems.

One, ESPN is one of the earliest and most popular cable channels. Basically, any sports fan will demand it as a prerequisite. If ESPN can command a princely sum, it's because the demand is there.

Two, ESPN is owned by Disney, who also owns ABC, one of the big broadcast networks. ABC is basically a must carry so Disney can leverage this in negotiations. Not to mention Disney is ANOTHER of those highly-popular "prerequisite" channels.

2
0

Ebook price-fix saga: Official Apple peeler says probe is fruitless

Charles 9
Silver badge

Re: Laws are only for poor people

But it's not really Apple's style. Plus conceding to Amazon could be a point of no return in a market war where integration matters.

0
0

FCC hit with SEVENTH net neutrality lawsuit

Charles 9
Silver badge

Re: Sounds good to me!

You know Japan and South Korea are a) small and b) dense. Show me a large, sparse country with better Internet, then we'll talk (you won't--Canadians complain more than Americans and let's not start with Russia).

2
1
Charles 9
Silver badge

Re: Sounds good to me!

Then counters on the grounds that privately-owned data lines are both an unfair labor practice and a potential threat to national security.

2
0

Googley TENTACLES reach towards YOUR email

Charles 9
Silver badge

Re: Google

Not with all the services they provide with no viable substitutes...

1
1

Android lands on Microsoft's money-machine island fortress

Charles 9
Silver badge

Re: QNX surely?

Licensing costs IIRC. Also it's x86 arm isn't as robust as its ARM arm.

0
0
Charles 9
Silver badge

Re: No camera?

But that means having a second device to power the camera, which they'll just own first. And running extra data channels gets expensive, so it's one channel or bust.

0
1
Charles 9
Silver badge

Re: Excellent!

More DISCLOSED vulnerabilities which would in turn be patched up. I'd call that a better shot than fewer disclosed vulnerabilities and a whole bunch of undisclosed zero-day bugs hiding in the darknet.

22
2
Charles 9
Silver badge

Re: Excellent!

"LOL @ Android and secure in the same sentence."

As I recall, there was no hide or hair mentioned of the Android application framework, only the Linux core behind that framework, which last I checked is still pretty tight. The last vulnerability I could pick up came from the baseline Linux kernel, not from anything Google did to it, and that's since been fixed.

IOW, perhaps the article's rather misnamed as the new OS is closer to Chrome OS (a web-based thin client) than Android.

23
1

Health apps and wearables make you nervous, not fit, say boffins

Charles 9
Silver badge

" you may be hit by a bus tomorrow, and in this situation if you are killed immediately fitness won't help. If you're hospitalised for a prolonged period, then it will."

Fitness may also alter the odds of actually surviving the impact. Different body types offer different resistance to the impact of the bus, resulting in different possibilities. A fat person has more impact-absorbing lard but may lack strength in the bones a fitter person is likely to have, and so on. Just saying.

0
0
Charles 9
Silver badge

Re: “Humanity is wasting its time on monitoring life rather than getting on and living it.”

But what happens when the moment symptoms appear is already past the point of no return? Isn't that why there's a concern for checking out every little variance? In case it's something extremely serious where time is of the essence?

1
1

Chrome version 42 will pour your Java coffee down the drain: Plugin blocked by default

Charles 9
Silver badge

"How much you can sandbox it all really depends on the app itself and of course many need access to all manner of local and remote resources that seriously restrict what you are able to do to secure it."

Some antiquated software also drives antiquated hardware and therefore CAN'T be virtualized (and the hardware itself can't be replaced because there's no substitute or it's still being amortized). NOW what?

1
1
Charles 9
Silver badge

"f that's the case then why not leave it in there for a couple of years more to allow the sys admins time to beg the PHB for money to redevelop the applet that should never have been written in the first place."

Because Catch-22 applies here. As long as NPAPI works, the PHB will never see a reason to put down for a new version. PHB's are reactive, not proactive and will only put down when their own neck's on the line: IOW, when something breaks.

1
1
Charles 9
Silver badge

Re: Although plugin vendors are dancing to Google's tune

Unless Google is claiming NPAPI is too old TO sandbox properly. We don't know if Apple's approach is breaking stuff since the MacOS presence is relatively small. Meanwhile, like I said, Firefox's is off by default, which leads me to suspect it's likely to break things. If the only way to properly sandbox NPAPI breaks too much, then perhaps Google has a point.

1
1
Charles 9
Silver badge

Re: Not the end of the world

Trouble is, non-interactive web pages are more trouble then they're worth now, so you're caught between Scylla and Charybdis. The ONLY way you can attract enough e-business is to render yourself vulnerable. So do you sink or swim with the sharks?

1
1
Charles 9
Silver badge

Re: Goodbye Chrome

But what happens when the only alternatives lead to pwning, which leave users in a bind: the ONLY browsers they can use to work leave them with their butts in the breeze, so to speak, basically putting am minefield between them and their work and in the dilemma of neither being able to stand still nor move forward.

1
5
Charles 9
Silver badge

Re: Although plugin vendors are dancing to Google's tune

Java's supposed to be sandboxed, too. Guess what happened? Malware found ways to escape sandboxes, so perhaps Google doesn't consider a sandbox much of an assurance. Firefox added the capability, too, but it's not on by default. Probably because of the risk of the access restrictions breaking essential plugins: another concern of any form of new access restriction.

2
2
Charles 9
Silver badge

Re: Sigh...

Except because we're only human, every single implementation would be vulnerable to some human mistake. The chief (and irremovable) reason software is vulnerable is because it or something else along the line is made by humans.

1
1
Charles 9
Silver badge
Facepalm

The "better browsers" BREAK the antiquated-yet-irreplaceable plugins on which your business relies. What's your answer to an antiquated-yet-irreplaceable piece of custom software that's too expensive to replace yet so insecure and rickety it can break at any moment?

3
0

Finally, Mozilla looks at moving away from 'insecure' HTTP. Maybe

Charles 9
Silver badge

Re: I don't understand the "false security" argument ...

But the attack surface has grown to the point that ANY public web page can be an attack vector. That's how Drive-By Attacks work. It's like animal fighters picking any house with the door unlocked to hold their fights. It's just not safe to leave the door unlocked anymore because it can become a big problem at any time. IOW, it's reached the point that a certain level of security is ALWAYS necessary.

PS. To the guy who's worried about their family pictures being picked off the wire, how about your website being co-opted into a botnet or DDoS node instead?

0
3
Charles 9
Silver badge

Re: Not https as it is right now

"Self Signed plus DNSSEC plus a signature in DNS is enough to verify that the site is what it claims to be at least as far as DNS goes (which is good enough for 99% of cases.. it flags MITM and government/corporate snooping which is what we're interested in).. DANE solves the same problem."

What about government MITM using the actual key, which they can co-opt? They can flood a web of trust and spoof any lighthouse sites, too.

1
0
Charles 9
Silver badge

Self-generated certificates and offline key exchange?

1
1
Charles 9
Silver badge

But REAL real security usually involved hoop-jumping the general public isn't willing to jump. You have to come up with a system that's BOTH extremely secure AND ridiculously easy to use. Given the normal scale of secure-vs-ease of use, I don't think that's possible.

7
0

Don't collect bugs, invest in fly-spray says bug bounty operator

Charles 9
Silver badge

Re: Kool Running Hot Brains Needed for that APT ACT App, theodore.

"Until such times as that happens, theodore, in all of the places and spaces that really matter and effectively driver the future..."

And that time will never come since humans are fallible, and the bad guys only have to be lucky once...

As the article linked in the article notes, failure is unacceptable but also inevitable.

1
0

You. FTC. Get over here. Google is INVADING our children's MINDS – anti-ad campaigners

Charles 9
Silver badge

Re: Ummmm

They developed techniques during the '94 World Cup, which the US hosted, to allow for in line ads without having to resort to a lot of commercials. Many sporting events around the world use such techniques now. Also, American sports have the decency to limit most ads to the grounds and walls (auto racing is an exception-cars and uniforms there).

0
0

'Linus Torvalds is UNFIT for the WORKPLACE!' And you've given the world what, exactly?

Charles 9
Silver badge

"To go back to the TV tuner example, Linux provides a whole raft of TV tuner drivers. They all run in kernel space. BSD doesn't provide any TV tuner drivers, but provides a kernel mode character driver that can be used to communicate with USB devices. The Linux drivers are then run entirely in user space, communicating using this simple kernel driver. Performance + inability for a TV card to oops your system."

And while that may suffice for stuff like TV tuners, high-performance devices like 3D graphics and high-throughput (GBit+/sec) networking tend to need to be in kernel space due to the severe performance penalties involved in context switching. I've heard work on hybrid dual-space drivers but I haven't seen their application in graphics and certain other performance-intensive applications.

0
0

Grandmaster FLUSH: Chess champ booted for allegedly cheating with iPod app in the loo

Charles 9
Silver badge

Re: Endgames

But the tricky part is figuring out early moves. Even chess has a limited move set towards the end game as pieces are removed and routes are cut off (particularly if the king is under threat--check cuts the number of possibilities drastically).

0
0
Charles 9
Silver badge

Re: Fact and fiction mix

But now the casinos have to watch out for linked smart watches and camera glasses (the latter in particular because there could be actual prescription lenses in the frame, rendering them a medical necessity due to otherwise-poor vision).

0
0
Charles 9
Silver badge

Re: Apple Watch is next

Go is much more difficult for computers simply because the number of positions is much greater (19x19 vs. 8x8) and because it's a game of placing rather than moving, so each turn has a much higher number of possibilities which then cascade in a look-ahead system. Shogi is tougher for a computer to lick because its move set is more varied.

0
0

This open-source personal crypto-key vault wants two things: To make the web safer ... and your donations

Charles 9
Silver badge

But to build a high-security module that's resistant to acoustic, electrical, and other forms of side-channel attacks, you need way more than a halfway-competent designer. You basically need an expert or three poring over every little detail for a significant amount of time. It also means going beyond the FPGA design and onto a more-dedicated chip design where every detail, even on the electrical level, can be scrutinized with the utmost care.

1
0
Charles 9
Silver badge

Re: More anonymity for criminals and terrorists

Cash doesn't necessarily allow the underworld to work, it's just the easiest thing for them to use over barter or a substitute currency like gold dust. If all cash were to disappear tomorrow, they'd quickly settle on something else, much as how the world of Fallout happened to settle on bottlecaps...

4
0

Dev gives HBO free math tips to nail Game of Thrones pirate leakers

Charles 9
Silver badge

But watermarking of this nature is basically a variant of steganography, and there are already various techniques in the know to mangle stego. Even the vaunted Cinavia audio watermark has been shown to be vulnerable.

0
0
Charles 9
Silver badge

Re: Here's an Idea...

No, it's not common sense. That doesn't give enough time for advertisers to get the time they pay for, and recall that advertisers can usually pay more than any group of end-users can come up with, which is why many systems today are ad-based even when users are willing to pay (because the amount they'd have to pay to make up the difference would make them balk).

0
0
Charles 9
Silver badge

Re: Obvious idea.

It's a technique used for product placement these days, but IIRC they don't do it yet for HD broadcasts due to the re-encoding load this places.

0
0
Charles 9
Silver badge

Re: individual copies? easy then

Unless you BAKE the watermarks into the actual encode, anything you try will be easy to strip. And once you bake them in, you'll fall into the pit of having to encode the episode multiple times for each screener, which given they're 1080p will take a noticeable amount of time even with professional hardware, and even then the pirates have been noted to take watermarked copies and work on scrubbing them later.

0
0
Charles 9
Silver badge

Re: Translation

And here are why your ideas won't work:

"1. Get the translators to come to your studio to do the translation and don't let them in or out with any media or recording equipment. I believe Apple had this approach when previewing the Watch to some devs."

They'll refuse to put down the travel expenses because it wouldn't be worth it for them. It's MUCH easier and less expensive to send a disc or hard drive than a translation team. If they're THAT paranoid, they can courier the copy with an agent from THEIR studio, with all the expenses that implies.

"2. Remove all the bits where nobody is speaking before sending it for translation. It would probably make the movie unwatchable."

Don't forget signs and other visual translations, at which point it would probably become barely watchable and worth a pirate's time.

"3. Obscure a significant portion of the image with a big black rectangle. Again, it would make it unwatchable."

It also removes key context needed for some translating to make sense. Recall that English isn't exactly the most precise of languages.

"4. Send each scene to a different translation bureau - chances of them all being dishonest is smaller."

As another poster noted, consistency is essential for a good translation, which means it has to be a single firm throughout the run or else inherent translation variations build up to result in misnterpretation which can occur at key plot points, ruining the experience.

1
0
Charles 9
Silver badge

Answer's probably no for two reasons. Making custom encodes for each of the screeners and translators is going to take a good deal of time, even with professional hardware. Second, custom encodes make the videos unsuitable for sending pressed BDs, which are the only way you can send ones protected by ROM-Marks (it's part of the spec). At least a short run of about 100 copies can be justified going through the process of making the press master.

0
0
Charles 9
Silver badge

They'll take it anyway. They take copies that emblazon "THIS IS A SCREENER," for crying out loud.

0
0
Charles 9
Silver badge

Re: Make it big and loud

Given the time it would take to encode each one for each screener/translator, not to mention the problem that this would also make them unsuitable for pressing (and you can only get a ROM-Mark with a pressed BD), how do you make a short-run screener unsuitable for pirating?

I suspect that ANY screener/translator copy is worth pirating. I see bootlegs with burned "THIS IS A SCREENER" subtitles here and there. If pirates are willing to take blatantly-obvious watermarked copies, few things will be taboo for them.

3
0
Charles 9
Silver badge

Re: Physical Copies

IIRC they're in high-def and some translators have shoddy Internet access, so it's physical or bust. Besides, even for an Internet copy, a determined foe would use an HDCP stripper combined with an HDMI recorder.

1
0

Forums