3700 posts • joined 10 Jun 2009
Re: "Free" market prices
So that brings up a new problem: How does one encourage people to turn in bugs like a white-hat when the opposition is a type for whom money is no object?
Re: It's all good
"As for coke and meths well they should be marketed like champagne and vodka. Cocaine is very popular in the USA and certain British politicians."
The trouble is these some of these drugs can have side effects: FATAL ones. Cocaine can cause fatal heart attack and certain opiates like heroin can cause your heart to stop. In ONE controlled dose. I think even Ecstasy can do that in one pill. Drugs that can kill when used as directed MUST be controlled for the same reason we control uses of strong acids and the like: they're life-threatening.
Re: It's all good
"All drugs should be controlled. I believe we should have stronger controls on alcohol as one of the most dangerous, addictive and socially harmful drugs available."
But also SO ingrained in many cultures that people would sooner declare war on their countries than declare war on their vices. Look at America's Prohibition era. If people want something badly enough, they'll get it in spite of God, Man, or the Devil. That's why the US hasn't even tried anything serious with tobacco: it's in the same boat.
Re: Except it doesn't deter theft
Then explain the people who rob, mug, even KILL...JUST for the phone. Taking the phone to prevent them calling 911 because you've robbed everything else on them is one thing, but mugging them and taking JUST the phone smacks of a targeted mugging.
Re: Bricked trying to organize a protest...
"the crowd sourced gatherings that we have seen in the mid-east, just might have to resort to 60's style communications to get a decent protest into action. And no one will be able to video it... when the authorities brick all the phones in the area !!"
You forget. THEY control the NETWORK. The most common tactic they use in such a case is blackouts. What's to say they also don't OTA updates with spyware built into them?
Because you can defeat the tracking the same way you can defeat the killswitch: with a faraday bag. Inside, it's invisible to the network, and as long as it's invisible to the network, there's no way they can get to the phone.
Re: Can you think of any other consumer good @ Alan Denman
Yes, my WALLET. And since it's UNpowered, there's sod all that can be done to "killswitch" a wallet.
Besides, what's to stop thieves from carrying faraday bags to block any killswitch signals? Then they can switch it to airplane mode through the bag or take it to a faraday cage to download all the stuff at their leisure, flash a new firmware that doesn't respond to the killswitch (and probably includes malware backdoors so they can double-dip), and THEN fence it, confident it won't brick.
Re: Browser support (JPEG2000)
"Yes, but JPEG2000 is required for PDF 1.5"
Maybe that's why I typically see PDFs at v1.4 instead.
Re: Who cares about saving space over jpeg?
"Even if it could store megapixel images in a single byte it would never displace jpeg, because saving space or bandwidth for images is a problem that no longer exists in today's world. The inevitable patents, and even if made freely available, inevitable patent trolls who will claim patents on various things it does, make switching from jpeg to something new not worth whatever storage/bandwidth could be saved."
Thing is, if you ALREADY have patents for the tech when the trolls come knocking, you can use them as a defense and threaten a patent war. That's what Google did against MPEG-LA concerning VP8 tech. With defensive patents, you can threaten to invalidate the troll patents, and if your primary mode of business isn't patent-related, you have more lenient winning conditions than the trolls: all you have to do is not lose, giving you an advantage if the fight goes to court as a mutual nullification doesn't hurt you.
I think that's one reason PNG was accepted over GIF--when the LZW codec used by GIF was enforced, sentiment swung towards PNG which used the more-lenient Deflation (trading off animation for RGB color support).
Re: In a world where selfie and cat videos rule the web
Actually, compression is what allows YouTube to thrive.
Without the ability to deliver these videos (and the attached ADS) over narrow mobile pipes, where would YouTube be now?
Re: Browser support
Which was why I mentioned Google. They're in a unique position to be able to (a) simultaneously saturate both the browser and mobile markets with the tech thanks to Chrome and Android, respectively, and (b) not really the type to patent troll: only using patents defensively and getting their revenues in other ways.
Re: Will it matter?
Probably because any patents related to JPEG have expired by that point, forcing the tech into the public domain.
Re: Congratulations - excellent work!
"Of course, they then took this further, realising that, as the source of information was seemingly voltage regulation, there should be ways to measure this more directly. In one of their experiments they get the same information from connecting a voltage probe to a CAT5 cable connected to a switch - at the switch end."
That's an interesting feat, given that CAT5 cables are UNshileded (being a UTP cable).
If the camera can see infrared (which can pass through the tape), maybe.
Re: I'm more worring about hacked "Smartphones"
"I think perhaps you need to realise there are other phones on the market other than ones made by Apple and a good number of them do indeed have normal removable batteries."
I think perhaps you need to realise that companies OTHER than Apple are building phones with permanent batteries. Recent phones from the likes of HTC and Motorola spring to mind. Indeed, due to a demand for more battery life (and, if you're paranoid, a desire to steal control away from users), more phone manufacturers are doing this. I personally don't trust this (I insist on being able to yank a battery in case of a sleeplock or wakelock), but consumers aren't the only voice in the matter, and the consumer doesn't always win in this market.
(JOKE RIPOSTE) I think that's the plan. If it's so transparent the hackers see THROUGH it, they can't see the cipher data meaning they don't know where to hack. Encryption where my data becomes invisible would be rather nice IMO (END)
But seriously, the easiest way to get data encrypted on a widespread basis is to make the process turnkey simple, and a transparent (automatic on-the-fly) process can be a step in the right direction if done properly.
As for the paranoia, you might wanna just wring your hands of the whole affair. Let's face it; few things have as much resources as a state, and if ONE state hasn't subverted half the programmers and coders in the world, then the Russians, Chinese, and Arabs have probably polished off the rest. Which basically makes it a case of "Don't Trust Anyone," which means nothing gets done anymore.
Because the tool that can hide you from the government can also be used to subvert and destroy it. That's always been the dilemma of governments that give some sort of liberties: those very liberties can be turned against the government, so the government is basically underpinned on trust. Which becomes more complicated in a country like the United States which was founded on DIStrust of government.
So someone needs to tell as many people as possible that, due to the business models involved (where just ONE trace is all it takes), anonymity has become black-and-white. Either data is untraceably anonymous or it's not anonymous at all: nothing in between.
Makes me think to the general polarization of society in general, to the point that I can't help but think the ultimate outcome will either be NO anonymity (resulting in a police state) or TOTAL anonymity (resulting in anarchy).
Re: Techie question.... @Jamie
Even so, if your client has been pwned without your knowledge (due to a drive-by, for example), they could disguise the fact they stole your key by replacing any DISPLAYS of their key with your original one (false facades are common in malware now). In that event, how would you be able to tell that the key you see is the key you're actually using?
Re: Techie question....
No, because if they pwn YOUR end, they can STEAL your public key (what allows you to contact the server), replace it with THEIRS, and use your key to create a secure MITM.
As for the NSA being able to do it, considering that SSL proxy is a known technique in the workplace, I wouldn't put it beyond them, throwing a spanner into the whole trust issue. Since the NSA is a state authority, and since no outside state can really be trusted, it poses the problem of trying to establish a new trust system that's capable of resisting the resources of something as powerful as a state while still being useable for the average Joe. The closest approach to date has been a kind of peer-based reputation system, but even that can be gamed by the state. Any attempt to control this would almost have to require attribution which would defeat the idea of anonymity on the Internet.
Re: if the sites which host the workarounds are blocked...
That would just be considered a site hosting a workaround that gets blocked, too. Put it this way. A workaround for a workaround is still a workaround.
Frankly, I think all the tail-chasing is just an exercise to build evidence for whitelisting, which can deny by default.
Re: this will end in disaster
What about a whitelist? Then it's deny-by-default.
Re: Change the DNS server...
So even if you poll DNS directly from your PC, it'll still change the DNS request to BT? What about an obfuscated or off-default DNS request?
Re: Who cares!!!
"all am going to say is look at chinas firewall and your see why filters will not work"
IIRC China's system doesn't outlaw all encrypted traffic and doesn't work on a whitelist system (meaning you can ONLY go to those sites they've vetted, meaning new sites are blocked by default). Without this "deny by default, deny when in doubt" attitude, things will still be able to slip through.
Re: First they came for the DNS
If that were true, it wouldn't be able to block an encrypted connection because encrypted data, by definition, can't be sniffed. Has anyone been hit with a "Site Blocked" message while using HTTPS that's either direct to the IP or using a third-party DNS? If so, then IP checking must be in place at the least (how else would they catch a connection for which the only thing they know is the IP).
Re: Why anonymous in concept for democracy is important
In other words, because the average person lacks the desire or capability to think in terms other than black and white, the inevitable outcome of society (ANY society) is polarization into either totalitarianism or anarchy: most likely the former as the latter will likely devolve into the former given time.
"Yes, but HAVEGE originates from a French institute (http://www.irisa.fr/caps/projects/hipsor/index.php) and so is likely to fart in your general direction, you son of silly persons."
It's not like it's being used directly. In Linux, it's used like most other HW generators are: shoveled into the kernel entropy pool where the kernel then does the scrubbing. In that context it's at worst harmless and at best quite useful.
And failing that I can go back to the webcam generator, since I've been monkeying with the code personally, I know what's going on. The original code did plenty of whitening, but in my tests using a cheap webcam with the lens taped over (and just to be sure, it's face-down) it couldn't pass FIPS 180-2 tests until after I gave it a further parity scrub. Beats waiting on an Entropy Key.
Re: Linux wasn't using RDRAND directly
Question 1: How would the processor know it is dealing with RDRAND output if the data becomes one degree removed (ex: MOV'd into a general register before XORing)?
Question 2: How would the Linux RNG, which IINM relies more on various CSPRNG techniques that are well-removed from RDRAND, be compromised so as to correlate to RDRAND without it appearing in the source in some way?
Re: "You could make a random number generator"
I've personally grown fond of a webcam entropy generator and have actually been fiddling with it to make it more suitable as an RNG (mostly in finding better ways to scrub). Not that I've actually needed it as a source of entropy, as it seems HAVEGED can do the job pretty well, be it on your computer or your Android phone.
Re: Collection points..
The whole business is a classic tradeoff between consolidation and turnaround time. Consolidated delivery centers provide the benefit of lower logistics costs, but now Amazon is seeing the other side of the coin: the fact that people will pay for instant gratification (thus why big boxers like Walmart still work; for some, there's nothing like walking out, goodies in hand, and they feel the added taxes and so on are worth it to get right blanking now), meaning having warehouses closer to the customer costs money but saves time.
Actually, plenty of hospitals ALREADY use pneumatic delivery for transporting small things from department to department.
Re: Stream Your Own TV
To do that, you need a device with DLNA capability. And believe me, I check the specs carefully on those things. Trouble is, many of them have (a) spotty codec support, (b) lousy UIs, or (c) both. The closest thing I've found to a repurposed PC is the WD TV Live, but its video quality leaves plenty to be desired. And no, the Raspberry solution tends to be laggy at high resolutions.
Many "network-enabled" players don't really support DLNA but rather support the "usual suspects" like Pandora and YouTube.
Plus your TV capture cars only supports OTA programming. My programming tends to come through digital cable, requiring a box, so it's more complicated.
Re: "...a tiny TV antenna each in a nearby data centre..."
IINM, though, the transition to DTV reduces the need for aerials. It's not like you need a very strong signal to get a very good picture. All the data is now focused on a pretty tight frequency range and is digital, meaning a different kind of antenna can do the job (which is why you don't see rabbit ears in stores anymore--only those flat antenna plates).
But I like to use ART, and Xposed and ART don't mix. Anyway, I have a build that includes a working Privacy Guard built-in. I've set it to default to blocking new apps that I install. That way it's hard to be caught off guard.
Re: I'll side with the Against but Sympathetic crowd
But you do. Controlling the acts that give your privacy away is HARD...because SO MANY things give hints as to your identity. It's like the skill needed to do some actual work on your car like changing the oil or swapping wheels: many people don't care about it and let the experts do it, but if you want to do it yourself, it's considered wise to read the manual first lest you break something.
Re: Broken model?
"The current model where the app declares what it needs, in a take it or leave it manner, and apparently is free to lie (my impression at the moment is that the only recourse to actually enforce a restriction is to cancel the install - or uninstall if you manage to catch the app red-handed) looks completely backwards to me."
The problem was that the model was demanded by the developers. Basically, it was either Google conceding to them or they would never have strayed from Apple's system, crippling Android in a vulnerable moment. And even now, they can't change it too radically for fear of devs walking away. And it's the devs that help make the real money for Google by making people use Android phones.
Re: Obeying aircraft mode
Last I checked, Airplane mode is a separate setting that overrules all the data settings (WiFi, Mobile Data, Bluetooth, etc.), like an outer lid covering the multiple inner lids. An app cannot turn WiFi on while in Airplane Mode. Now I know some apps are capable of switching Airplane Mode on and off, but I have to recall whether or not they can only do it under root permissions, because I don't recall Airplane Mode being a listed app permission.
Re: I'll side with the Against but Sympathetic crowd
So hide it behind an Expert toggle. There's a develop options menu that's normally hidden, but if you know the access key (tap the Build in About Phone a bunch of times), you can get access to them. Similarly, keep expert options covered unless a specific setting is turned on (with appropriate warnings given like for External Apps permission).
Re: Outrageous permissions
What about if lets you take pictures to integrate with the program?
It's been something I've been thinking about. Perhaps in future, Google should demand that app makers provide not just an access list but also an EXPLANATION for each and every permission. For example, if an app needs to take a picture, there must be an explanation (written by the developer) such as "We use the camera so you can take pictures for your avatar." (for some communication program) or "We take pictures to process in the cloud for product recognition." (for something like Goggles).
Re: Some creepy apps out there
The trouble was that Android had to appease the developers, who pretty much insisted on permission control or they wouldn't develop alongside Apple (which at the time was their comfort zone).
Re: Ask The Physicist
"When polished metals reflect more than 95% of visible and longer wavelength light the only colour which can avoid almost trivial countermeasures is ultra violet."
I think the need to get it to at least 99%. Otherwise, the 5% that DOES get absorbed would deform and defeat the polish, allowing the other 95% back in again to finish it off.
Re: Easy fix
"[*] There's a chance that if it's satellite-based, there's already a significant latency, about 230ms out to a geostationary satellite and back plus whatever other processing time is required."
People can be patient enough to wait on the lag of a voice conversation. Sat phones are sometimes used in the news for video transmissions in remote locations where better equipment isn't available, so people are getting used to the idea of a laggy conversation.
So noted. You can see this attitude in the Manhattan Project. Fat Man (the Plutonium bomb) required a very precise arrangement of explosives to set off the implosion chain reaction properly (this was why the Trinity test--Trinity was a plutonium bomb similar to Fat Man), and even then Trinity was estimated to have only managed to achieve about 20% fission of its payload. OTOH, Little Boy seemed simple enough to pull off: fire off one U-235 slug at high speed into another (although IIRC the main reason for not testing the Uranium Gun design was lack of materials--still proved to be valid).
Re: FIVE HUNDRED TONS of highly-enriched uranium
That said, in the greater scheme of things, I'd call this not a bad deal at all. No force of arms, and we take a good number of potential civilisation-wrecking weapons out of service and put their good bits to use in less-belligerent ways. It would depend on the final price tag, but I consider it money well spent.
Re: What a laugh and interesting read the comments in this article are.
A lot of the fear of nuclear incidents comes from the fear of long-term (meaning decades or more) of no-man's lands. Bhopal was tragic, yes. But after the disaster's passed, the mess can still be cleaned up. Even Times Beach (dioxin contamination) was wiped clean and is habitable again after a determined effort. Can't say the same about Pripyat, where a fair chunk is still too deadly to even approach.
Re: Goiana incident
"As far as nasty isotopes go, the most dangerous are alpha and beta emitters with long half lives such as 90Sr and suchlike as these irradiate over a long time and bioaccumulate."
I can understand alpha and beta emitters to be murder once they're in you, but what about gamma emitters that are so hard to contain? At least alpha and beta emitters can be contained easily enough while outside, but gamma rays pass through a whole lotta stuff, making them pretty dangerous even when some distance away from the body.
Re: My counter prediction
"Yes, PC hardware is more expensive (Due to subsidies on consoles), but over the life of the product will end up cheaper due to the lower cost of games, and not having to shell out a monthly fee to play online. With an expected generation life of 10 years, to play online for that period would cost you about £400 with XBOne for example. Factor that in and suddenly the TCO of a Steam box is way, way lower."
Most of the current-gen consoles AREN'T subsidized. They're actually selling at a small but actual profit because of some vertical integration, bulk deals, and the fact that PC hardware is a lot more commoditized than before. Those hard drives are a bit small compared to the multi-TB jobbers out now, the GPUs aren't exactly cutting-edge. About the only thing close to being subsidized is the AMD CPU, but I suspect some things missing or undercut may explain the lowball. Then there's the matter of brand loyalty and internal development projects. Sony and Microsoft won't be letting their signature enterprises go anytime soon.
As for paying for online, consider the "ten cents" scenario. Sometimes, people just won't see a value in something UNLESS they're paying for it. To them, free stuff is f-d up stuff and they wouldn't touch it with a 39 1/2' pole. As for cheaper prices, that only applies to games that have been out for some time. Steam games are rarely that way at initial release, plus there are those who don't want to waste their download allowances and would sooner give up gaming than give up DISCs. That's something both Microsoft and Sony learned quickly, which is why their consoles STILL have optical drives (IN SPITE of intentions to do otherwise).
Re: Hate to say it but
Easy enough if you plug each hole you come across. Hard to phone home when you can't phone, period. And if anyone complains, tell them their machine is full of holes and needs to be fixed and to read the T&Cs again.
Re: End software patents, everywhere, immediately.
Just because something is intangible doesn't mean it doesn't have power (literally). Energy is intangible, for example. We can't feel radio waves (and many electromagnetic waves pass THROUGH us) yet we can harness them for assorted ends.
Plus, remember the adage "scientia est potentia" ("Knowledge is power.") This applies not just to specific topic but also to knowledge IN BROAD (like the concept of radioactivity, polished in the late 19th century). You're stuck on the concept that concepts are always specific. I'm recognizing that concepts can be broad as well, and copyrights ONLY cover specifics; they're not useful enough for generalities since you can end-run around that with a second implementation (that's why I brought up the Compaq BIOS--it specifically defeated a COPYRIGHT, but what if IBM held a PATENT on the concept of a Basic Input/Output System). All this attitude about patents being a whole "protection" racket a la the mafia is an overreach and smacks of "Gimme! Gimme!" entitlement. That kind of attitude can make conceptualizers think, "Blow this for a lark!" and keep their ideas to themselves, just as they can for inventors. Remember, information wants to be free, but people are greedy; you have to play with that hand or new ideas die in their heads and you can't tell when it'll come again (has anyone given thought to how much knowledge was lost in the Alexandria Library disaster?). You need the incentive to make them come out, BUT at the same time it should be recognized that they can only exploit their idea for so long, which is why I keep saying limit conceptual and software patents to terms like three years. Is that really too much to ask?
Re: A curse on the inventor of PS2
"As for being under desks, why not simply rotate the cpu case so you *could* see the sockets?"
Because sometimes, be they on or under desks, PCs are locked down, tied down, or otherwise in a position (think inside a specialized cubby-hole) where they can't be moved, meaning you have to take the cable to the device.
PS. I've seen PS2 connectors get mangled just by manual labor. Since socket orientation doesn't always correspond to the plug, it's STILL difficult to know which way is supposed to be up (consider sockets on PCI (Express) cards where all the connectors are UPSIDE-DOWN). People can twist and turn those plugs to the point that those literally-wire-thin pins get bent, if not snap altogether. A GOOD connector design needs to prevent that point from happening. The current USB A plug design and standard B plug do a good job at this but are too big for today's smaller devices, and the smaller B versions, while honest attempts, have their drawbacks.
- +Comment Trips to Mars may be OFF: The SUN has changed in a way we've NEVER SEEN
- OnePlus One cut-price Android phone on sale to all... for 1 HOUR
- MARS NEEDS WOMEN, claims NASA pseudo 'naut: They eat less
- Back to the ... drawing board: 'Hoverboard' will disappoint Marty McFly wannabes
- Vid Google opens new Inbox – email for people too dumb to use email