Feeds

* Posts by Charles 9

3700 posts • joined 10 Jun 2009

Revealed: Malware that forces weak ATMs to spit out 'ALL THE CASH'

Charles 9
Silver badge

Re: "32-bit Windows-powered ATM"

"I think I'd rather have no network connection and out of date AV signatures. One less way in for thieves."

Unfortunately, ATMs REQUIRE some form of callback access; otherwise, they can't link back to the banks to verify transactions. That's why ALL ATM's require at least a telephone line.

2
0

Twitter sues US government for right to disclose NOTHING

Charles 9
Silver badge

Re: "Court orders received - even if that number is zero."

The requirement ALSO states it must be broad enough that no reasonable conclusion can be drawn from the range. IOW, your range is too specific. They're looking for something more like "between zero and ten million" on the grounds that the mere disclosure of that exact number can tip off criminals.

1
0
Charles 9
Silver badge

Re: If you're reading this....

What if they compel you to lie and order you to "not adjust your 'If you're reading this...' in any way"?

0
1

Consumers agree to give up first-born child for free Wi-Fi – survey

Charles 9
Silver badge

Re: Epic misunderstanding of email there...

To a point, you are correct. However, the recipient's credentials can be sniffed since POP3 is normally a cleartext connection that requires a login. That's why most ISPs are adding in the STARTTLS extension which allows for transitioning to a secured connection before authentication occurs.

0
1

Will we ever can the spam monster?

Charles 9
Silver badge

Re: Anti-spam-iotics

No, more like the flu. You can try to wipe it out but it adapts too quickly. You say UNIX and Win7 are pretty secure...until someone combines a toehold exploit with a privilege escalation and BOOM, you're dead meat again. The thing about this security business is you have to be lucky all the time, they only have to be lucky once. And they have millions of targets (and growing) to choose from.

0
0

Uni boffins: 'Accurate' Android AV app outperforms most rivals

Charles 9
Silver badge

Re: Virus?

Perhaps, but by most accounts that better describes a Trojan Horse (a malicious payload disguised as a legit program but not a legit program in and of itself). For it to be a virus, it has to piggyback on a legitimate third-party program or medium the way the flu does.

1
0

CONSUMERISM IS PAST ITS SELL-BY DATE: Die now, pay later

Charles 9
Silver badge

Re: Spotting the problem is easy.

"So what other solutions are there? Altruistic approaches don't scale beyond small communities as they violate the basics of human nature, communism is far too prone to mismanagement and corruption. Labor-driven free-market economics may be an ultimately self-destructive approach, and require the unhealthy habits of consumerism to function in an age of automation, but it seems to be the only one we have."

What about the unspeakable admission that there are simply too many people for the system to maintain itself and that what's needed is some degree of population reduction?

0
4
Charles 9
Silver badge

Re: It's TPTB fault, including the Banksters and the Vatican cult(s).

"This stinking vile mess needs to be demolish ASAP and replaced by something simpler without gangster middlemens' 'help', based on genuine value."

We once did, but the middlemen are like roaches: they keep coming back. No matter how much you try to remove or outlaw them, they'll weasel their way back in. It's part of the human condition; somewhere along the line, someone's gonna cheat...AND get away with it.

7
0
Charles 9
Silver badge

Re: Excellent article

"Once a way of producing cheap (relatively) safe energy is discovered, we really won't have any reasonable excuses for consumerism."

Not quite. We'll also need better ways to harness that energy. Converting it to compact and portable petrochemical fuel is a start, but what's needed beyond ubiquitous energy is, as another commenter put it, something approaching the Star Trek replicator: a means of converting energy into arbitrary forms of matter. Or perhaps a lesser stretch, through the use of energy, transforming ubiquitous but not-so-useful matter into not-so-ubiquitous but more-useful matter.

2
1
Charles 9
Silver badge

Re: Food

"So far as I can tell - and im in no way a communist, certainly left of center but no ones brother, comrade - the USSR collapsed due to corruption more than anything else, corruption of the founding ideas and global petty corruption on a day to day level."

But that corruption points to a fundamental human condition which makes the Utopia unachievable. Quite simply, humans are animals, and at our basest level, animals will seek to find a way to get a leg up on our fellow man. Why? The ones at the top get to spread the most genes; IOW, it's reproductive and survival instinct so ingrained as to be nigh impossible to root out. I think Karl Marx and Friedrich Engels underestimated our ability to control instinct. We'll band together against threat, as we should which is why you see tremendous organization in war, and threat is what led to the Bolshevik Revolution, not to mention the French and American Revolutions, but in peacetime, it's back to me vs. you at some level. And this conflict will reach across the spectrum, from sibling rivalry to neighborhood spats to community disagreements all the way up to backroom deals, backstabbing, wheeling and dealing at the highest levels of government.

6
0
Charles 9
Silver badge

Re: No Solution

"I agree completely with your article but the bit at the end is missing; the solution to the woes that you have pointed out."

Perhaps the lack of a solution points to the real problem behind the problem: the average human seems to lack that critical ability to think beyond tomorrow, either due to stress or due to gross stupidity. Either way, the point becomes, "Why worry about five years when we won't see past tomorrow?"

And that manifests in our growing inability to trust outsiders. It's rapidly becoming a race to full DTA mode. We can't trust private enterprise and the capitalistic model because there's disincentive to think long-term (as I noted earlier, no business can survive on a one-and-done). But the only other institute capable of a long-term solution, the state, isn't trusted either since its very existence (and the stability it provides) rapidly results in cronyism and corruption, undermining the very goals we seek from them. So if you can't trust others, you can't trust the state, and you lack the means to do it yourself, who's left?

2
0
Charles 9
Silver badge

Re: never forget though

"you are up against the light bulb principle too"

Hmm, interesting way to put it. West of the Atlantic, it tends to be known as the Vacuum Cleaner Principle, as we're familiar with Kirby and Electrolux vacuum cleaners that have been around for three generations or so, yet you don't see them still being sold today. It's always Hoover or Oreck or whatever. That's the thing about one-offs. Sure, you can steal the market by selling a one-off...but then you starve yourself out of the market because once you sell it, you never hear from the customer again.

Some things just don't work on a capitalistic incentive because the focus will always be on the short term: on repeat business. You need a different incentive to get long-term work done like permanent medical solutions (cures and permanent vaccines vs. treatment regimens).

5
0

Why US Feds and g-men kick up a stink about a growing smartphone encryption trend

Charles 9
Silver badge

Re: End to end encryption changes nothing.

And if the very act of getting that warrant tips the crooks off?

0
0

How the FLAC do I tell MP3s from lossless audio?

Charles 9
Silver badge

Re: DOUBLE-BLIND-TEST

But how are we to distinguish if what the person perceives as difference is really difference and not placebo effect (here's a challenge: can the person tell between 'recognize speech" and "wreck a nice beach")? That's why you need multiple people, to average out any bias inherent to an individual.

0
0
Charles 9
Silver badge

Re: One thing which hasn't been mentioned re MP3 encoding

Another commenter already tried the Audacity bit, subtract-mixing the encoded file over the lossless one and noted that, especially at high bitrates, the resultant delta is generally very small, like a tiny warble of noise along the centerline of the graph. Admitted, there could be some spikes along the line where perceptual coding can't handle things so well such as at high-frequency noise (eg. cymbals), but is says something to the "pretty good enough" factor.

1
0

HEVC patent prices are out. Look who's NOT at the codec party: Microsoft and Google

Charles 9
Silver badge

"Well, all the broadcasters and their roadmaps at IBC involve HEVC. There is equipment available for them that can handle it, and the amount of that will increase quite substantially over the coming years. TV makers are already rolling out HEVC kit (yes, of variable quality in some cases), but it's coming."

OK, so HEVC does have a head start with content and hardware providers. That's significant since it means Google may be late to the party again unless they can steal a march on MPEG-LA (which is still possible, forcing the content providers to scramble), but it would mean Google convincing chip makers to implement VP9 in silicon in volume on both the encoding and decoding end. And hardware is not exactly Google's strong suit. Unlike companies like Apple, Google isn't well-known for dictating exacting hardware terms.

@Charlie Clark: Trouble is, while Android does dominate the mobile market, most of that market is towards the lower end of videos which are still the domain of AVC. Furthermore, a sizeable chunk of that market is still held by Apple, who would sooner see Hell freeze than support The Enemy with their codec because it's Bad For Business, and Apple still has significant pull with content providers. HEVC is going to be, at least at first, primarily used for high-resolution content where mobile data would struggle. This would leave high-speed home networks, which means the playback device will likely be the TV or an STB hooked to it. And the TV end of the market happens to be where HEVC is focusing right now, particularly with content providers and chipset makers.

1
0
Charles 9
Silver badge

Re: Dear Faultline

That's the thing. HEVC isn't exactly an established standard yet unless you're saying a slew of HEVC encoding suites are already available to them. Now, granted, MPEG-LA isn't charging a mint for the use of the codec, but Google's offering VP9 gratis and offering a guaranteed line of devices it'll support. Those are two pretty good incentives right there.

1
0

US Attorney Gen latest to roast Apple, Google mobe encryption

Charles 9
Silver badge

Re: What laws?

And if the concrete evidence is in HOSTILE TERRITORY?

0
0

Spies, avert eyes! Tim Berners-Lee demands a UK digital bill of rights

Charles 9
Silver badge

Re: Here We Go Again. @Charles 9

"Perhaps you haven't noticed that by simply making the haystack bigger they're not making it any easier to find the needle?"

Perhaps you haven't noticed that the size of the haystack isn't that big of an issue when you've got a magnet, an x-ray machine, or something else that lets you pick out the interesting stuff from all the chaff (that's what the computers are for).

As for the odds, that doesn't mean much either, because you're talking things like plane crashes and meteorite impacts. Sure, the odds are slim, but when they DO happen, they happen BIG (IOW, they're low-incidence but high-consequence). This isn't like your average law-enforcement deal where plods can just investigate things after the fact because after the face is just too damn late when the threat is existential.

1
0
Charles 9
Silver badge

Re: It is not my own government I am most worried about.

You'll never convince the software makers to loosen their terms since many of them have captive markets with no honest competition, especially in the professional field. Let's face it. Except for the most basic of things, GIMP is no Photoshop, and I still haven't found anything that approaches the level of features in Premiere or After Effects. All the software maker has to do to (which many are transitioning anyway) is to render all of their transactions leases or subscriptions. At which point, all the buyer can do is accept the limits of the agreement or go without.

When the town only has one well (and practically no way to make another), do you dehydrate yourself to spite its owner?

1
3
Charles 9
Silver badge

Re: @FormerKowloonTonger Lest We Forget.

"Wolesale indiscriminate collection of data on the citizens of a country by those who govern is completely different."

So is a world where a single man can potentially ruin civilisation if you're not careful. That's the thing about eternal vigilance. One bad apple can spoil the whole bunch. One determined nihilist with time, and resources can unleash pure hell (and with technology progressing as it is, one cannot discount the possibility of something like a rampant viral plague like avian flu). Know any other way to combat a lone-wolf existential threat?

0
4
Charles 9
Silver badge

Re: Here We Go Again.

But what if it's not "a little temporary safety," but "the only thing standing between you and utter oblivion"? We already know some people are insane enough to desire The End of the World as We Know It, and technology is making the possibility easier to reach. Furthermore, it's against our instinct to allow an existential threat to linger.

1
8

PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai

Charles 9
Silver badge

Re: Dummy

"I was under the impression that the 'separation' by NAT routers was kinda a byproduct, and can easily be worked into a 6 only router* by just blocking anything coming in over the WAN interface by default, allowing port forwarding much the same as IPv4 + NAT, but just not requiring the IP address MAPPING, as in instead of "anything coming in on the WAN on port 80, map to port 6680 of 192.168.1.230" you'd simply say "Anything coming in on 3D8B:0004:773A:FB01:: port 80, route straight through" ?"

A byproduct, maybe, but a welcomed one, because local net addresses are just that: they're not meant to be exposed to the Internet, and most network stacks will interpret this as such. If not, some link in the chain is likely to realize, "Hey, this isn't a proper internet address" and reject the connection. IOW, odds are if you tried to use a local net address to connect to a LAN address behind a firewall, odds are the firewall won't even be aware of it.

Sometimes, the best defense is stealth, as in making it look as if your machine doesn't exist. Think of it like a hotel or hospital where the rooms can't be direct-dialed from the outside (room-to-room calling is unaffected) but have to go through the front desk first. The front desk is the NAT firewall in this case even if outgoing calls are being routed automatically. If you tried to direct-dial a room, odds are the number is invalid and the phone company will block you, not even reaching the front desk.

1
2
Charles 9
Silver badge

Re: Dummy

There's an IPv4 address space in IPv6, and there are ways to bridge between them. One concern has been firewall penetration, as NAT provided an additional layer of security by separating the address spaces naturally. Also, some businesses run OLD (Pre-IPv6) hardware they can't replace. A sudden changeover would isolate them.

2
0

Turn OFF your phone or WE'LL ALL DI... live? Europe OKs mobes, tabs non-stop on flights

Charles 9
Silver badge

Re: Ban the voice!

"It's about time that the myth was busted over safety concerns. If there was *EVER* the possibility that a PED could have downed an aircraft, they would *NEVER* have been permitted on board. They would have been confiscated at security."

But unlike other things, the PED has several factors that make wholesale confiscation thorny.

1. They're ubiquitous, meaning most passengers have them. The wholesale confiscation of something most passengers have can be ornerous, especially when...

2. They're not easily replaced. People grumble about the liquids bit, but that's offset because one can usually just resupply at their destination. About the only people who have a problem are those with large quantity of prescription fluids. In which case, they'll have to go into checked luggage. But...

3. They're sensitive to temperature extremes AND contain Lithium. Since there's no guarantee a luggage hold will be climate-controlled, the PED might be exposed to damaging temperature extremes and such. Furthermore, lithium is a fire risk (prone to spontaneous combustion), which is why it's banned in luggage holds (at least in a carry-on it can be pulled out in an emergency).

4. They're considered an essential accessory to many: a link back to base. Meaning if they can't take the PED, they're not going. That puts a financial pressure on the airlines catching them between Scylla and Charybdis. If they cave, the PED might down the plane, but if they don't, the lack of passengers might torpedo the business.

0
0
Charles 9
Silver badge

Re: Don't get too upset

I don't know. People are used to the lag with video sat phones seen on newscasts. If they're aware of this, they may peg this as the cost of using their phones on an airplane.

0
0
Charles 9
Silver badge

Re: Don't get too upset

How did they block Skype if someone was tunneling? Did they block tunnels?

0
0

Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'

Charles 9
Silver badge

I think the article notes however that domains cost real money and are generally held for a decent length of time (say at least one year), so there's an incentive to reuse the domains, just not right away. IOW, a malcontent wanting to maximize the RoI on the domain will want to figure out how long to lay the domain low before using it again.

Furthermore, the algorithm used to generate the domain names has to be portable since the malware has to know the code, too. This requirement also reduces the odds of changing the algorithm in mid-flight since doing so requires a way to pass along the new technique to the botnet, some nodes of which may fall out of the loop before being updated.

2
0

Bash bug: Shellshocked yet? You will be ... when this goes WORM

Charles 9
Silver badge

Re: Smartphone vulnerability?

"Cyanogen 11.2

/system/xbin/bash."

This appears to be specific to custom ROMs. Mine's a lightly-touched TouchWiz job, and bash is missing from it. Which lends credence to my supposition that most Android installs lack bash and are thus safe for now.

0
0
Charles 9
Silver badge

Re: Smartphone vulnerability?

I may be wrong, but I think Android's default is the basic Bourne Shell sh. Bash has to be explicitly installed, and I think that takes a rooted phone. Since sh isn't robust enough to be vulnerable to the same problem as bash, most Android implementations should be safe. Besides, most Android rooters tend towards Busybox, which is also safe.

0
0
Charles 9
Silver badge

Re: "since most of them can't be patched"

"Can you compile the update of Bash for a BT Home Hub, or do you have to wait for BT to push out a full firmware update?"

Are we SURE this devices uses bash? As the article and several comments note, embedded devices are strapped for space and are more likely to use a compact implementation like that in busybox, which isn't affected. Other network-facing devices are just as likely to be running BSD than Linux, and BSD prefers the C shell csh (usually TENEX C Shell or tcsh) over the Bourne shell sh(and the bug in this case is specific to the Bourne-Again Shell bash).

0
0

Govt control? Hah! It's IMPOSSIBLE to have a successful command economy

Charles 9
Silver badge

You can extend this idea even further and ask yourself why pharmaceuticals never put serious work into full cures and permanent vaccines. An economist can easily answer the question: there's no long-term return on a one-and-done. That's why it's always treatment regimens and short-term vaccines where there's always a need for a return trip, guaranteeing one of those economic paradises: a captive market which guarantees repeat business. The only way to break this cycle is to seek an entity that isn't in it for money. About the only type of entity with both enough power and an ability to detach from a money motive is a state.

0
0

Euro chiefs: Hi Google. Here's how to REALLY protect everyone's privacy. Hello? Hello?

Charles 9
Silver badge

Re: In the last few years

I suppose this is why no country has gone the extra step to require express, explicit, and direct consent (IOW, full opt-in) in order to obtain any PID or share it anywhere outside the direct context of the site. Also why no country expressly bans requesting such PID as a requirement for the use of a site barring direct commerce (exchanging actual money for goods/services).

The service providers can simply go, "Sod this" and take their ball and go home, blocking all access to that part of the world.

0
2

Fake tape detectors, 'from the stands' footie and UGH! Internet of Things in my set-top box

Charles 9
Silver badge

Re: "Fake tape detectors..."

I can understand insertions and distortions, but you're saying these forensics can also detect cuts to existing material (in your case, cutting out the "our opponents would say"), even though nothing was added that was different from the original source material with all its background characteristics?

0
0
Charles 9
Silver badge

Re: "Fake tape detectors..."

The part at the end where "doctored" tapes are submitted with cleverly-edited audio and such.

"A common trope in a lot of drama, pirated or otherwise, is where the protagonist hands on a recording that could have been faked, or altered."

1
0

ISPs' post-net-neutrality world is built on 'bribes' says Tim Berners-Lee

Charles 9
Silver badge

Re: Right upto the point where the Netflix exec demonstrated on camera

"They aren't using DPI, they would just use ports to identify types of traffic, so an unencrypted proxy wouldn't change anything. A proxy running on the same port Netflix sends video on would be interesting."

And if the ports are randomized? Or routed through nonstandard ports? Or wrapped in more traditional traffic like HTTP?

0
0
Charles 9
Silver badge

Re: Right upto the point where the Netflix exec demonstrated on camera

Then why doesn't someone counter the claim by showing the same trick works with an UNENCRYPTED proxy?

0
0
Charles 9
Silver badge

Then what about companies like Comcast that have vertical integration? They not only own the pipes but also the content to send along it (Comcast owns NBC Universal)? It's like the railroads also owning the timber land. They now have a natural (and fiduciary) interest to favor their own sources (Comcast will want to prefer NBC/Universal content, the railroad will prefer timber from their own land). Trouble is, this creates a conflict between private property rights and monopoly behavior, especially if the transit line is the one and only line available.

2
0

THE DEATH OF ECONOMICS: Aircraft design vs flat-lining financial models

Charles 9
Silver badge

Re: Where's Worstall?

"But you must concede, both are on a rather different order of magnitude than things like aluminium or land."

A different order of magnitude, yes...lower. Especially time. "Your days are numbered" comes to mind. No matter how much we want to fight it, our time comes eventually, so every living thing as far as we know has a time limit. Meanwhile, how much energy can one human or one community amass in any given time period and put to practical use?

0
0
Charles 9
Silver badge

Re: Where's Worstall?

"But people also value the lovely software that some of you guys around here write. And that requires no resource use (time and effort, yes, but none of those "finite resources") in manufacture. But it's still an addition to value added and thus is part of GDP."

You still need a finite resource even for software: you need energy: energy to think of the design, energy to exert yourself, energy to employ tools and machines to carry out your design, and (especially here) energy to actually put your stuff to use. In addition, you need time to do everything. Both energy and time are inherently finite.

2
2
Charles 9
Silver badge

Re: If you give a politician 1£ ...

"And that leads to another facet of the popular vote, maybe the hardest of all: you should learn all you can about the subject before voting and if you feel that you do not know enough d o n o t vote!!"

But then you run into the problem of "blissful ignorance." Everyone who goes to vote believes in his or her mind that they DO know all they can about whoever they want to vote. And there's no way to objectively test this because ANY test is a product of man (even a computer program must be programmed by a man at some point), which means SOME form of bias creeps in. And even if we make the test standard the same as for naturalization I would bet people are willing to screw both parties over. IOW, the potential for self-sustaining corruption is endemic to the human condition. There's just no way to escape it long-term, and even correcting their appearances short-term are difficult.

1
0

Moon landing was real and WE CAN PROVE IT, says Nvidia

Charles 9
Silver badge

Re: The Russians are still the best evidence...

"It was a tit for tat agreement - the Russians kept schtum about the hoax Moon landings in return for the Americans not revealing that Sputnik was in fact a balloon."

But that would imply the Russkies threw the Space Race at a time when a lot of national pride was on the line in the middle of the Cold War (not to mention less than a decade after the Cuban Missile Crisis). IOW, the Soviets were competing with the Americans. If the landing was fake all the Russians had to do to deflate the Americans was to film themselves first. Why throw the race if the solution was so simple? If they pulled it off, Sputnik could be safely ignored or simply blown off as American lies.

1
0
Charles 9
Silver badge

Re: The Russians are still the best evidence...

"In fact the best evidence against the hoax is the recording technology available at the time. It was physically impossible to do what the hoaxers claim was done."

What about black tech. No one knew the Americans had a practical and flying stealth fighter for decades. Even the SR-71 (which was still low-radar) was black tech. Under the auspices of black tech, it may have been possible to have tech beyond anything possible in the civilian world.

0
0
Charles 9
Silver badge
Joke

Re: Return journey

" It's just a matter of finding out what moon dust is good for"

I hear a rather kooky "scientist" who built a weird laboratory some 5km under a salt mine just happened to notice that mixing it into a gel and painting a surface with it made it quite conductive to quantum spatial portals. Unfortunately, the same man also discovered moon dust is not meant to be taken internally...

1
0

Troll hunter Rackspace turns Rotatable's bizarro patent to stone

Charles 9
Silver badge

Re: Class Action?

But then who foots the bill? The legislature is unlikely to set aside the budget; there are bigger fish to fry.

0
0

Special pleading against mass surveillance won't help anyone

Charles 9
Silver badge

Re: Constitution

"What the UK needs more and more as time goes by is a written binding constitution with rules written into it that make changes that affect citizens rights via Parliamentary Sovereingty or any other means difficult to make without going to the people via referendum."

That'll never work. In the end, ANY form of agreement is ONLY as binding as the parties are willing to go along with it. Once one side decides it's not worth their time, it becomes merely ink on a page. This is especially true when one of the parties is a sovereign state because one fundamental thing everyone overlooks is the very definition of "sovereign".

4
0

Poverty? Pah. That doesn't REALLY exist any more

Charles 9
Silver badge

Re: sorry...

"Simply statistics. If a company has 1000 people and 1 gets ill, if you are the ill one you are going to have sufficient problems that might make it impossible to work. I know someone who recently died from diabetes complications - a terrible way to go I can assure you all- but their employer did not eject them. This is why healtcare should be universal - we can quibble about the implementation but not the need."

But now take it to a more perverted end. The overall costs involved might make it cheaper to train a replacement for you from scratch. As far as the employer (and perhaps his/her investors) are concerned, let Darwin sort you out.

2
0

Who needs hackers? 'Password1' opens a third of all biz doors

Charles 9
Silver badge

Re: It's all down to the stupid....

And the boss couldn't threaten to dismiss them?

0
0
Charles 9
Silver badge

Re: Two factor ...

So they just develop a portable biometric scanner. They can use a putty or jelly to snag your fingerprint, a syringe to get blood for DNA. Pretty sure they can whip up a vein scanner eventually. Put it this way: something you are may as well be something you have, for anything we can whip up to detect a live presence, someone else can whip up to simulate said presence.

0
0

Facebook's Oculus unveils 360-degree VR head tracking Crescent Bay prototype

Charles 9
Silver badge

Or perhaps electrode helmets like in other VR sci-fis. I frankly don't know if we can sufficiently fool the brain without doing something too radical. Seeing as how the brain has to many sensory inputs to draw from: namely the entire nervous system which includes all the tactile neurons associated with out skin. Without full five-sense illusion, the potential always exists for Simulation Sickness.

0
0