* Posts by Charles 9

5718 posts • joined 10 Jun 2009

Europe wants end to anonymous Bitcoin transactions

Charles 9
Silver badge

Re: $US

Because the US are one step ahead. They passed regulations last year that forces Bitcoin exchanges in the US to keep accounts and records (Coinbase is legit, for example). Those that try to avoid the regs get pursued by the authorities. And they know to be useful you have to get the BTC back to actual currency, so they look for conversion points.

0
3

Internet idiots make hoax bomb threats to UK, Aus, French schools

Charles 9
Silver badge

Re: $10 bet

$50 says someone else uses them as a smokescreen to cover up an ACTUAL attack?

0
0

Why the Sun is setting on the Boeing 747

Charles 9
Silver badge

Re: >the aircraft that made Boeing into the global leader it is today

DC planes IIRC were made by McDonnel Douglas.

0
0
Charles 9
Silver badge

Re: *errrrr* No.

The El Al crash, right. I was just about to reference it. Two failures on the same side does make things trickier, raises the risk of loss of control.

And IIRC a tail engine failure did lead once to a crash because it managed to knock out ALL FOUR of the hydraulic systems, including the one on the opposite side, making it a Failsafe Failure.

0
0

T-Mobile USA’s BingeOn is a smash hit. So what now?

Charles 9
Silver badge

Re: "Throttling" is the "nice" word for it

What about more towers and backhaul to reduce congestion?

0
0
Charles 9
Silver badge

Re: "Throttling" is the "nice" word for it

"Total utopian bollocks. In what world is it fair that my realtime-dependant streaming service should get the same priority as Johnny Nobend uploading pictures of his dinner to Facebook?"

Yes, because the Internet is NOT designed that way (it's designed for robustness, NOT latency). If you need low-latency networking that badly, plunk down for your own specialized infrastructure the way we used to do it. That's why dedicated carriers like UPS have their own vehicle fleets, including airplanes, so they're not beholden to third-party couriers.

0
0
Charles 9
Silver badge

Ever thought Google and YouTube refuse to participate because there are strings attached?

2
0
Charles 9
Silver badge

Re: "Throttling" is the "nice" word for it

It's simple. No picking winners. You handle all data equally, regardless of what anyone else says. If you run out of space, you split the difference evenly across all contenders. That's the only way to be fair, and if your data model doesn't like it, tough shakes and get in the queue. It's the ONLY way to be honestly fair.

1
1
Charles 9
Silver badge

Re: unfair hybrid charging

People don't want their data to be the same...until it's the other guy's data that's the winner. Since you can't pick winners without complaints, the only way to be fair is to pick no winner at all. That way, at worst, everyone complains but at least they're on the same boat.

1
1
Charles 9
Silver badge

Re: "Throttling" is the "nice" word for it

Just curious. As someone noted, without some kind of vetting (which then breaks neutrality), you could have people cheating. How do you stay neutral AND simultaneously guard against cheating?

0
1
Charles 9
Silver badge

Re: The moral of the story

Bandwidth is a limited resource, especially wireless (which raises physical limitations). You either ration ALL or ration NONE; otherwise, you're picking winners which isn't fair.

2
3

Smart toys spring dumb vulns. Again. This time: Cuddly bears, watches

Charles 9
Silver badge

Re: Scary State Secrets

Put it this way. The kind of secrets that would either render them a "bad country" that others will immediately embargo or (worse) directly threaten their very existence.

1
0
Charles 9
Silver badge

It's almost to the point that perhaps legislatures have to get into the act and put a cork in all this IoT stuff. This kinda feels like the days of the foot x-ray machine: people throwing stuff against the wall to see if they stuck, not realizing some of them are going THROUGH the wall. Perhaps once someone finds a way to use an IoT item used everyday to jump air gaps and potentially reveal scary state secrets (like espionage info or nuclear data), then they'll be forced to act in the name of sovereign security.

3
0

Sure, encrypt your email – while your shiny IoT toothbrush spies on you

Charles 9
Silver badge

Re: The problem is that cloud services are allowed for such things

So what if you're in the supermarket trying to recall if you have milk in the fridge or not? It'd be too much effort to go home just to check (if you go home, you might as well not come back), and your memory really isn't that swift. An app like that could save some serious time and money, particularly if you're in an edge case like you just got off the late shift and you're trying to get a quick gallon before the store closes.

PS. Since milk is perishable, it may not be wise to just get it anyway since you may not get through it before it sours.

0
0
Charles 9
Silver badge

Re: IoT - "you'll get what you deserve"

Going without a TV can be considered much like going without electricity: you could, but man is it gonna suck, especially as other forms of information gathering become no-mans'-lands (like the Internet) or fall by the wayside (like the newspaper).

2
0
Charles 9
Silver badge
Black Helicopters

Re: IoT - "you'll get what you deserve"

"Its also easy to forget that many shops have stopped selling TV's that aren't smart! Sure, don't connect it, but what if your neighbor's kid does when you're out one day, and you don't discover it for six months!"

Or worse, it comes with Whispernet, OTA, or Powerline communication capabilities that you can't kill without killing the TV AND voiding the warranty (and you can't even Faraday-cage a Powerline network)? I bet pretty soon chatback will become a standard, essential feature of all electric appliances in the future such that trying to kill the feature kills the device cold.

And as for moving to the forest, there's the matter of the satellites...

4
1
Charles 9
Silver badge

Re: Orwell

You haven't been keeping up with the Presidential campaigns, have you? Or all the arguing at the Flat Earth Society? It's happening, and the worst part is that people are completely blind to that revelation. They're spoon-fed lies, told it's the truth, and believe it with such absolute conviction that they will argue with everyone else about it until Doomsday.

9
1

Samsung trolls Google, adds adblockers to phones

Charles 9
Silver badge

Then the adwalls start popping up everywhere and people are left with a choice: bend over or bow out...of the Internet.

0
0
Charles 9
Silver badge

Re: Two fingers to google then?

Given their current financials, it might as well be. Look, until it puts them in the red, Google/Alphabet won't budge. Fiduciary duty mandates it.

0
0
Charles 9
Silver badge

Re: Not the most urgent job

And even that's starting to get dicey. More and more root detectors are popping up, starting a sort of retaliation: Go Stock or Go Home being the battle cry.

0
0
Charles 9
Silver badge

Web page size was important because people were still connecting to the Internet on 14.4kbps modems (I know I did, upgrading to a 28.8k in the late 90's was considered a big step up until I built a machine that could tap the campus Ethernet network). With overhead, that meant you pretty much had to cram everything into documents of a few KB or less to avoid the user (or browser) giving up. Nowadays, dial-up Internet is considered Stone Age (since even the boonies can use satellite).

0
0
Charles 9
Silver badge

Re: What are you going to do about it, Alphabet?

"I'm not convinced of that. Unless they control the entire stack of my device, what stops me from routing anything I identify as an ad to /dev/null ?"

With Marshmallow, they pretty much get you from the ground floor. Even without dm-verity, they can make the ads part and parcel with the stuff you want, so you end up with a Take It Or Leave It scenario. In other words, you block the ads, you block the content as well, leaving you empty. Leaving It basically means abandoning Android. Thing is, Apple and Microsoft, basically, the rest of the market for anyone who cares, do the same thing except maybe in other ways. If all roads lead to Tartarus and you can't go back the way you came, what do you do?

0
0
Charles 9
Silver badge

Re: If nothing else ...

Thing is, none of these do much for ads in APPS, for which you need an OS-level firewall to block.

0
0
Charles 9
Silver badge

Re: Industry examples

"I don't root my phone for my own reasons, and i don't think i should need to, in order to have control of the network details the way i do on a laptop.... eg. set fixed DNS for all connections (open DNS) and allow user access to a hosts file of some kind (perhaps a non root hosts file, so it could be separated from the core system stuff google doesn't want you to mess with)."

And you know why that won't happen? Two things. First, malware can mess with a user-mode hosts file and redirect you to more malware, particularly privilege escalation that'll let them pwn the phone. Second, and more importantly, this'll let you block Google. Thus why all this dm-verity stuff that's becoming enforced with Marshmallow. It's not Google's way or the highway, and if you take the highway, you're completely on your own.

0
0
Charles 9
Silver badge

Re: Adverts are not the essence of the problem ...

Trouble is, the ONLY way to get phone-goers attention these days is to be loud and proud. Odds are if ads were as unobtrusive as you wanted, people wouldn't even notice them (which is why banner ads are not really in vogue these days).

0
1
Charles 9
Silver badge

Re: If nothing else ...

But what about when you're on the go? And BTW, NRF doesn't work on LTE because NRF is IPv4-only (LTE supports IPv6).

0
0

Rooting your Android phone? Google’s rumbled you again

Charles 9
Silver badge

Re: Google has no incentive to make it easy for you to remove that stuff

So they're not worried about it backfiring, as in more cruft means more likely they WON'T get the phone?

Personally, I'd be more interested in a plain vanilla Android phone, but Nexus phones don't offer SD slots or removable batteries, which are both make-or-break requirements for me.

1
0
Charles 9
Silver badge

PCI would be interested in Apple Pay and Android Pay as both use EMV over NFC, which provides much the same level of security as the Chip: both use nonces, so even if the data gets stolen, it's of no use to credit card thieves, plus both require explicit user consent to unlock the feature (thus why you can't use them without actual lockscreens), preventing even an NFC skimmer posing as a merchant from going unnoticed.

0
0
Charles 9
Silver badge

Re: Maybe I just don't get it

"Google doesn't use a secure element for Android Pay - they use host card emulation. That's a software based solution so they can't allow rooted devices to use it because it would defeat the security - it also means compromising the security of Android compromises its security. Google made that choice because requiring a secure element would lock out the lower end Android phones that choose not to include it for cost reasons."

And by doing so, they improved uptake of Google Wallet which helped keep NFC on the map until EMV-on-NFC came along (Apple Pay and Android Pay both use this now. Google Wallet virtual cards are being retired IIRC). The main reason for this move in Android Pay is at the behest of the banks who basically made it a prerequisite. Given this security requirement, Google may be more inclined to set up a hardware-based trusted path for future Android phones and in particular for Android N going forward. It's more affordable to do it now especially since Apple are helping bring economies of scale to the Secure Element market.

0
0
Charles 9
Silver badge

You do know there are a bunch of multimedia- and MMS-based exploits open in most Android versions. If you have an unmodded KitKat, you're one of those in trouble.

0
2
Charles 9
Silver badge

All iPhones that can use Apple Pay have Secure Elements. Google tried that in the past but were ahead of their time: SE's then were expensive and finnicky. Perhaps all Android Pay phones using Android N or whatever in future will have to incorporate a Secure Element, too. This will mitigate the need for root checks if push comes to shove. Another possibility (at least with ARM) is to use TrustZones or other hardware-based encrypted-execution zones again where not even root can intrude.

0
0
Charles 9
Silver badge

Re: Google Play

I can only see this being enforced on systems with Marshmallow, which enforces the dm-verity system integrity program all the way from bootup.

0
0
Charles 9
Silver badge

I think they're working on it with Marshmallow and improved overlay support, but with carriers still able to have final say, some give and take is involved (such as TouchWiz and T-Mobile WiFi Calling). Perhaps they'll have a better solution by the time of Android N. They may also decide to bring back the Secure Element or something similar to establish some Trusted Path.

0
0
Charles 9
Silver badge

Re: Rooting...isn't what it was.

Well, as soon as they'll let me perform a complete (nandroid) backup from stock, just in case there's a severe corruption (have had this happen after a few Sleeps of Death), and perhaps a user-configurable firewall, and the ability to update Android without carrier intervention, then I'll hand no more need for root.

4
0
Charles 9
Silver badge

Re: No problem here

That's entirely up to them since they can always check the Agent tag. Then again, it becomes a case of pick your poison: open yourself to hacking or starve yourself of practically your entire clientele.

0
0

Intel's SGX security extensions: Secure until you look at the detail

Charles 9
Silver badge

Re: Anybody out there want to do a helicopter-level comparison

That sounds more or less accurate. Whereas TrustZone is a binary "protected/unprotected" demarcation, SGX can have multiple protected enclaves, each exclusive to each other except where inter-process communication is necessary.

1
0
Charles 9
Silver badge

The thing is that the malware could both create a protected world for itself AND hook onto those necessary inter-process parts of the legitimate processes (protected or not) and still be able to wreak havoc while simultaneously staying protected in its own little bunker. After all, no program is an island these days. Programs eventually need to get in touch with other programs (like a web browser contacting the TCP/IP stack), and these links can still be tapped.

0
2
Charles 9
Silver badge

That said, the situation does appear to be an intractable problem of "Whom do you trust?" If a program can secure its own enclave, absolutely nothing will prevent a malware from doing the same thing, thus bunkering itself beyond hope of extrication. If you trust any other party (be it Intel or whatever), Trent gets a big fat target on his back.

0
2

State Department finds 22 classified emails in Hillary’s server, denies wrongdoing

Charles 9
Silver badge

Re: Thursday's lunch menu

I would think it DOES matter since if they were classified AFTER they were received, then ex post facto kicks in and no one can be at fault for handling stuff that was only classified after the fact. Unless the material was classified in some way BEFORE it was put on a non-classified machine, there's no standing.

1
4
Charles 9
Silver badge

Re: Thursday's lunch menu

But here's the big question. Were the e-mails in question classified BEFORE or AFTER they ended up on the server?

1
2

Why a detachable cabin probably won’t save your life in a plane crash

Charles 9
Silver badge

I don't think it was the loo. Rather it was one of the flight attendants in the backwards-facing attendant's seat all the way in the back of the plane (which broke up in mid-flight) and landed upside-down, meaning she didn't get the full brunt of the impact. The top crumpled, taking most of the impact while she (strapped in) didn't fall the rest of the way.

1
0
Charles 9
Silver badge

Re: I'll tell you one thing...

I think the problem is that CFIT sensors can be fooled, throw false alarms, or be overridden. As long as there is meat in the cockpit, there's always the risk of a CFIT. Also, many CFITs occur during the already-dangerous landing phase, where planes are supposed to be close to the ground, rendering a CFIT sensor useless.

1
0
Charles 9
Silver badge

Re: Looks as though it requires a high-wing aircraft configuration.

"I've actually wondered whether it would be feasible to have a plane where you can basically slide the entire passenger deck out of the actual plane into a gate area so you can have passengers leaving and boarding over the entire length of the plane instead of through a limited number of doors, then having to get past other people who have seats closer to the door you came in through."

Airlines are looking into the concept. However, the logistics behind such a change would be so radical compared to today that any consideration into the detachable passenger cabin is considered long-term at best. Plus there's the matter of maintaining the craft's structural integrity with such an idea.

2
0
Charles 9
Silver badge

Re: 'Without life rafts'

Perhaps, but usually when such a situation occurs, search craft start tracing the plane's flight path to look for something nice, bright, and large like the escape chute life raft. Once it's located, they can coordinate with other craft to drop supplies as needed and/or contact nearby shipping. The only reason crash searches have taken so long lately is because, like I said, the crashes were not of a survivable nature and the end result was a traceless crash: no life rafts or the like to find.

I may be wrong, but don't most life rafts also carry EPIRB that start broadcasting when they're deployed, allowing for a quicker search (and again, weren't deployed with all the sea crashes to date)?

2
0
Charles 9
Silver badge

Re: Really?

"without liferafts, etc."

You do know those escape slides double as life rafts in the event of a water landing. The main reason you don't hear of sea rescues after aircraft crashes are because, AFAWK, none were survivable. When an aircraft loses control at high altitude, it either regains control before long and then diverts or just continues on down at such speed you might as well be crashing into a wall at that point in terms of physical ability to survive.

11
3

Most of the world still dependent on cash

Charles 9
Silver badge

But how do they charge their phones in an area with no electricity?

PS. Reminds me of the short where Paddington tried to sell a vacuum cleaner to a man on gas.

1
1

AI no longer needs to fake it. Just don't try talking to your robots

Charles 9
Silver badge

Re: @Nifty always something else next

"we also need to provide alternatives to work which are not self destructive."

The problem being ANY alternative to work is likely to be self-destructive because it becomes all "give" and no "take" unlike work which has both. Without something to balance the equation in terms of greater good, things will get ugly; this is why Utopian Communism doesn't work in real life.

0
1

Cops hate encryption but the NSA loves it when you use PGP

Charles 9
Silver badge

Internet must be awfully slow for you (TOR is slow enough with, what, three proxies). Plus if the plods REALLY wanted you, they'll just trace your proxies then pwn the first link in the chain to trace back to you.

0
0
Charles 9
Silver badge

Re: So the next logical question...

You're basically asking how to mail a letter without an address: barring telepathy, no. SOMEONE has to be able to know where the letter's going, and that alone can be exploited by the plods. About the only way you can avoid this is to go there in person using only private transportation (public will find a way to log you), and even then they may note something by your absence.

RE: "NAT at the ISP level is not widespread and not an obstacle if you are the local intelligence agency."

That's not the case in Asia, where they have billions of people and not enough addresses to go around, thus they were among the first to do carrier-grade NAT. Unless you're saying the plods were one-step ahead and mandated identifiable traces on all computer hardware before they were even sold.

0
0
Charles 9
Silver badge

Re: An old but solved problem

What kind of data would be illegal for an automated mangler to alter such that it wasn't illegal already, thus putting the onus on the uploader?

0
0

Forums