* Posts by Charles 9

3877 posts • joined 10 Jun 2009

Blame Silicon Valley for the NSA's data slurp... and what to do about it

Charles 9
Silver badge

Re: @Repeat (pete 2) The law is not the answer

Thing is, what if the government you describe gets overthrown and the new leader(s) simply say, "Unlock everything or your family will have never existed." The main problem with your system is that it has to rely on perfect trust. Once the trust is broken, anywhere along the line, it's in the open again.

That's always been the big problem with encryption. At some point, for the data to be usable, it has to be DEcrypted. and that's where you're most vulnerable, because THIS is where trust comes in.

Thing is, we're just about at a point where you can't trust ANYONE. Which means it can all boil down two one of two scenario. Either we go into total paranoia, and all socialization will cease because we can't trust anyone, or we surrender to the inevitable result of a world where trust cannot be guaranteed: sooner or later (usually sooner), no secret will be safe and pray that civilization doesn't hinge on a secret.

3
0
Charles 9
Silver badge

Re: The law is not the answer

Trouble is, what if BOTH sides claim ownership? Then it's big guy vs. little guy again, and the big guy has all the lawyers. They can come up with the legally-verifiable claims of ownership, real or made-up. Plus they may even be able to subvert the legal system itself. It's just straight out bullying, and he has your lunch, a bat, AND a posse. Anything YOU can assert, THEY can assert with more force (and even if you strip rights from businesses, what's to stop them creating a "designee"?).

4
1

HTC: Shipping Android updates is harder than you think – here's why

Charles 9
Silver badge

Re: And that's the big problem in the mobile world

Three words: Vendor Lock-In.

The SoC makers DON'T WANT to use a common design. Their designs are basically trade secrets and are under no pressure from the phone makers to open up since integration is the buzzword in that market.

0
0
Charles 9
Silver badge

Re: And that's the big problem in the mobile world

Thing is, the homebrew coders are still behind the 8-ball because of the driver blobs (which the chipmakers will never release since they're trade secrets), and the hacks that are used to get around them are either grafted blobs or imperfect attempts to duplicate the functions.

As for your (B), considering this is happening with ALL the phone makers apart from Apple (who could care less because they ALSO own the market where the older phones get their apps), your statement basically precludes anyone EVER getting another phone ever again.

0
0
Charles 9
Silver badge

Re: at least 2 steps are problems of their own making

1) Actually, they do. The UI is one of the FEW ways a phone maker can produce a lock-in. With stock Android, people can jump to another phone maker and not lose anything. That's why EACH of the big phone makers have custom UIs, be they Sense, TouchWiz, or whatever. Even Google's default UI, the one they use for the Nexus devices, has a heavy Google bias with Google Now and so on baked in. And since a lot of the UI components require low-level (think root-level) operations (such as access to some of the hardware), it MUST be baked in. Besides, they don't want anyone ripping the UI out.

2) It's not just the chipsets (which does have a factor--each carrier can have different frequency requirements, especially in the US--and they can't necessarily be reset by drivers; sometimes they need a whole other set of chips). And note that the onus is on the handset maker because if the carrier disagrees with the finished product, they can cancel their purchase contract, meaning the phone maker is out big money; it's in their interest to make sure the carrier completes the contract--so they get PAID.

0
0
Charles 9
Silver badge

It also works because Apple controls BOTH ends of the iPhone experience: the phone AND the software. Since they BOTH make the phones AND run the app markets, they get paid either way. Old phones still need apps, so Apple can milk old phones for app revenues. That option isn't available to the Android handset makers because Google runs that market. The ONLY revenue stream available to the handset makers comes from the handsets themselves.

0
0
Charles 9
Silver badge

Re: This is the difference between Apple and Android

"Other then a few top sellers the carriers just don't care. Is upgrading the phones people already have on contract going to make them more money today?"

Heck yeah! They ALREADY got their money from the carrier (and if you upgrade early, the carrier will get you back either with a termination fee or a higher upgrade price, depending on the terms). More phone churn = more revenues to the phone makers.

"I currently use a Nexus 4 and will never buy another phone from a mobile operator. They can stuff their custom apps and services!"

Show me a Nexus with an SDXC slot and a removable battery and I'll consider it. Until then, I don't consider Google any better than the other big boys.

0
0
Charles 9
Silver badge

Re: Built In Obsolescence

It's gonna take a long time. Don't forget that they can recycle the old phones to help get materials for the new ones.

0
0
Charles 9
Silver badge

"its clear that if HTC buy a million of X component, will make sure have access to the driver source code."

But typically under NDAs; the chipmakers aren't stupid. It's one thing for a chip manufacturer to share trade secrets with a major partner, but implying this should cause the code to be released before all and sundry is too far of a stretch.

0
0
Charles 9
Silver badge

Re: It's Linux. It's Open Sores Software. Write Your Own Fucking Upgrade.

The manufacturers DON'T WANT open interfaces. For them, it's vendor lock-in, and since the phone market relies heavily on integration (SoCs, etc.), the "roll your own" element that helps drive open standards isn't there. So the manufacturers will jealously guard their trade secrets, much as nVidia and AMD keep their cutting-edge GPU driver code in blobs (so as to prevent sneaking peeks).

0
0
Charles 9
Silver badge

Re: HTC is not in a business of updates

And how pray tell do they do that when NONE of the other handset makers maintain an exclusive app market? It's the App Market that allows Apple to milk since even old phones need apps, and every app the old phones buy means they take a cut.

0
0
Charles 9
Silver badge

Re: HTC is not in a business of updates

"Even within the Android ecosystem manufacturers can create brand loyalty. Samsung owners will buy newer Samsung devices if they think they will get better support than HTC and vice versa. It's harder to do, but it still worth the effort."

Not when brand loyalty is too mercurial. Put it this way. One bad story and plenty of once-loyal customers will jump ship. Then there are people like me who have NO brand loyalty. I jumped from HTC to Samsung,but only on a consideration of features at the time. Should I need a new phone, the process will repeat. Since Google provides the common ground for Android, there's little need to stick with a particular brand unless you REALLY like their specific offerings (and no, I don't--I junked TouchWiz and installed a custom ROM pretty quick).

At least Apple has the closest we have to a captive market. If you wanna keep your apps and so on, you MUST stick with Apple. Plus since Apple controls BOTH the hardware AND the software, they can afford to milk their older phones with the app revenues. Since (IMBW) none of the handset makers run their own app markets, milking isn't an option.

0
0

Snowden leak journo leaks next leak: NSA, GCHQ dying to snoop on your gadgets mid-flight

Charles 9
Silver badge

Re: I don't get it

And THAT'S exactly what they want to tap into if you read the article.

6
1

Snowden to warn Brits on Xmas telly: Your children will NEVER have privacy

Charles 9
Silver badge

Re: Definition required

"Well sure, unknowns can kill you, but until it has presented itself it is a mere possibility, not an actual threat. You can't prepare, or even begin to prepare, for possibilities, for unknowns, you simply don't know how. By attempting the impossible you are reducing the effect of your defensive resources."

Two words: contingency planning. Learn to expect the unexpected.

"The other type of existential threat is the kind on which you have no input or control. In your Cold War example there was precisely zero you could do about that. Nothing."

That's assuming helplessness, but we can't think that way. Because, while the threat exists, it's hard to tell whether or not we CAN or CANNOT influence the threat. Indeed, in the Cold War, many times the actions of each side caused reactions on the OTHER side, giving concrete evidence of having an influence.

0
0
Charles 9
Silver badge

Re: Definition required

Ever heard the phrase, "What you DON'T know can kill you"? Just because you don't know of a threat doesn't remove it as a threat. A snake in the grass, a hidden hole in the ground, a sniper on the roof. If it can hurt or kill you, it's a threat regardless of your knowledge of it. And think about how the Cold War played out: two superpowers each staring at an existential threat in the opponent. Existential threats trip human instinct and there's basically no way we know to defuse that.

1
0
Charles 9
Silver badge

Re: Definition required

"You defend against the known and maintain agility and extra capacity to deal with unknowns. Defending against and unknown is the height of folly, cause it's unknown you know..."

The trouble is, what if every threat against you, known AND unknown, is EXISTENTIAL? The one threat that's no holds barred is the existential threat: deal with it or die, no exceptions.

0
0
Charles 9
Silver badge

Re: An Alien XSSXXXX Concept or SMARTR App .... for Clouds Hosting Advanced Operating Systems*

""Insanity: doing the same thing over and over again and expecting different results."

Thing is, when you do the same thing over and over and ACTUALLY GET a different result, you're praised for your persistence.

0
0
Charles 9
Silver badge

Re: Definition required

But the firewalls were all relative and based on a level of trust. What happens when no one trusts each other anymore because everyone has a chip on someone else?

0
0
Charles 9
Silver badge

Re: Definition required

"You kept up with everyone else, so there was a balance. You also knew who could be trusted with sensitive information and who could be relied on to gossip to anyone who would listen. You had a reasonable expectation of privacy."

But when the community is small enough or connected enough, then it's hard to hide things from ANYONE because SOMEONE with loose lips will notice and spread the word. The very FACT you were trying to cover things up DREW attention to you. Before it was the rumor mill, then it was the tabloids, now it's the Internet.

2
2
Charles 9
Silver badge

Re: Definition required

"Privacy is the most fundamental protection an individual has. Without it all other protections, rights and freedoms are as good as worthless."

Well, what happened back in the old days when there was basically no expectation of privacy because everyone in the community kept up with you?

2
4
Charles 9
Silver badge

Re: Kids DON'T WANT privacy

I don't know. What happened back in the old village days when everyone pretty much knew what everyone else was doing because there were enough eyes and gossip to go around?

3
1

Ubuntu desktop is so 2013... All hail 2014 Ubuntu mobile

Charles 9
Silver badge

Re: Monitors and Paint

Not necessarily. A dock that can connect a phone to an HDTV can just as easily hook you up to a mouse and keyboard. That's how laptop docks work, and with a little polish, the same can be done with smartphones. The main obstacle is a standardized way of doing this breakout, as most phones only have the one USB port, and AFAIK you can't do MHL, USB OTG, AND recharging simultaneously on the one port, so an alternative is needed. Perhaps using wireless display casting and Bluetooth for the mouse and keyboard, leaving the port free for charging (perhaps use that as a triggering mechanism), and this is just one idea.

3
0
Charles 9
Silver badge

Re: Why?

I think the article was hinting at a Janus approach: phone in your hand, computer in a dock (and the dock would provide the necessary breakouts for attaching mice, keyboards, etc.). The phone and the dock tech isn't mature enough just yet, but it's tantalizingly close.

4
0
Charles 9
Silver badge

Re: I've given up on complaining about Ubuntu....

For me, the escape has been Xubuntu. For its spate of quirks, XFCE for me provides a nice middle ground: functional but not too demanding.

6
0
Charles 9
Silver badge

Re: Mint and Mageia bypassed Ubuntu as the most used Linux desktop distros

"To be crystal clear about my point - no one in the world give a slightest damn about Linux desktops, let alone their sandpit wars. Get over it and buy a Mac if you can't stand Windows."

And if I hate Windows AND Mac AND routinely work in graphics so need a GUI no matter what?

9
1
Charles 9
Silver badge

Re: Microsoft's failure is Canonical's failure.

Didn't the article mention docks as a possible way for mobile devices to bridge the gap and become PCs (complete with mice and keyboards) one they become powerful enough (almost there IMO--more and more full-fat retail games are appearing on Android).

1
0
Charles 9
Silver badge

Re: Microsoft's failure is Canonical's failure.

But unlike Microsoft, Linux desktop users may be a dying breed. Seems to me like this is a leap of faith with nothing else left to lose (either they get thrown under the bus or they fall to attrition in any event).

7
16

We don't need no STEENKIN' exploit brokers: Let's FLATTEN all bug bounties

Charles 9
Silver badge

Re: "Free" market prices

So that brings up a new problem: How does one encourage people to turn in bugs like a white-hat when the opposition is a type for whom money is no object?

1
0

Silk Road 2.0 busted! At least two arrests as federal crackdown begins

Charles 9
Silver badge

Re: It's all good

"As for coke and meths well they should be marketed like champagne and vodka. Cocaine is very popular in the USA and certain British politicians."

The trouble is these some of these drugs can have side effects: FATAL ones. Cocaine can cause fatal heart attack and certain opiates like heroin can cause your heart to stop. In ONE controlled dose. I think even Ecstasy can do that in one pill. Drugs that can kill when used as directed MUST be controlled for the same reason we control uses of strong acids and the like: they're life-threatening.

1
6
Charles 9
Silver badge

Re: It's all good

"All drugs should be controlled. I believe we should have stronger controls on alcohol as one of the most dangerous, addictive and socially harmful drugs available."

But also SO ingrained in many cultures that people would sooner declare war on their countries than declare war on their vices. Look at America's Prohibition era. If people want something badly enough, they'll get it in spite of God, Man, or the Devil. That's why the US hasn't even tried anything serious with tobacco: it's in the same boat.

4
0

Proposed California law demands anti-theft 'kill switch' in all smartphones

Charles 9
Silver badge

Re: Except it doesn't deter theft

Then explain the people who rob, mug, even KILL...JUST for the phone. Taking the phone to prevent them calling 911 because you've robbed everything else on them is one thing, but mugging them and taking JUST the phone smacks of a targeted mugging.

0
0
Charles 9
Silver badge

Re: Bricked trying to organize a protest...

"the crowd sourced gatherings that we have seen in the mid-east, just might have to resort to 60's style communications to get a decent protest into action. And no one will be able to video it... when the authorities brick all the phones in the area !!"

You forget. THEY control the NETWORK. The most common tactic they use in such a case is blackouts. What's to say they also don't OTA updates with spyware built into them?

0
0
Charles 9
Silver badge

Re: Duuh!

Because you can defeat the tracking the same way you can defeat the killswitch: with a faraday bag. Inside, it's invisible to the network, and as long as it's invisible to the network, there's no way they can get to the phone.

0
0
Charles 9
Silver badge

Re: Can you think of any other consumer good @ Alan Denman

Yes, my WALLET. And since it's UNpowered, there's sod all that can be done to "killswitch" a wallet.

Besides, what's to stop thieves from carrying faraday bags to block any killswitch signals? Then they can switch it to airplane mode through the bag or take it to a faraday cage to download all the stuff at their leisure, flash a new firmware that doesn't respond to the killswitch (and probably includes malware backdoors so they can double-dip), and THEN fence it, confident it won't brick.

0
0

Picture this: Data-wrangling boffins say they have made JPEGs OBSOLETE

Charles 9
Silver badge

Re: Browser support (JPEG2000)

"Yes, but JPEG2000 is required for PDF 1.5"

Maybe that's why I typically see PDFs at v1.4 instead.

1
0
Charles 9
Silver badge

Re: Who cares about saving space over jpeg?

"Even if it could store megapixel images in a single byte it would never displace jpeg, because saving space or bandwidth for images is a problem that no longer exists in today's world. The inevitable patents, and even if made freely available, inevitable patent trolls who will claim patents on various things it does, make switching from jpeg to something new not worth whatever storage/bandwidth could be saved."

Thing is, if you ALREADY have patents for the tech when the trolls come knocking, you can use them as a defense and threaten a patent war. That's what Google did against MPEG-LA concerning VP8 tech. With defensive patents, you can threaten to invalidate the troll patents, and if your primary mode of business isn't patent-related, you have more lenient winning conditions than the trolls: all you have to do is not lose, giving you an advantage if the fight goes to court as a mutual nullification doesn't hurt you.

I think that's one reason PNG was accepted over GIF--when the LZW codec used by GIF was enforced, sentiment swung towards PNG which used the more-lenient Deflation (trading off animation for RGB color support).

0
0
Charles 9
Silver badge

Re: In a world where selfie and cat videos rule the web

Actually, compression is what allows YouTube to thrive.

Without the ability to deliver these videos (and the attached ADS) over narrow mobile pipes, where would YouTube be now?

0
0
Charles 9
Silver badge

Re: Browser support

Which was why I mentioned Google. They're in a unique position to be able to (a) simultaneously saturate both the browser and mobile markets with the tech thanks to Chrome and Android, respectively, and (b) not really the type to patent troll: only using patents defensively and getting their revenues in other ways.

1
1
Charles 9
Silver badge

Re: Will it matter?

Probably because any patents related to JPEG have expired by that point, forcing the tech into the public domain.

3
0

Code-busters lift RSA keys simply by listening to the noises a computer makes

Charles 9
Silver badge

Re: Congratulations - excellent work!

"Of course, they then took this further, realising that, as the source of information was seemingly voltage regulation, there should be ways to measure this more directly. In one of their experiments they get the same information from connecting a voltage probe to a CAT5 cable connected to a switch - at the switch end."

That's an interesting feat, given that CAT5 cables are UNshileded (being a UTP cable).

0
0

Macbook webcams CAN spy on you - and you simply CAN'T TELL

Charles 9
Silver badge

If the camera can see infrared (which can pass through the tape), maybe.

0
0
Charles 9
Silver badge

Re: I'm more worring about hacked "Smartphones"

"I think perhaps you need to realise there are other phones on the market other than ones made by Apple and a good number of them do indeed have normal removable batteries."

I think perhaps you need to realise that companies OTHER than Apple are building phones with permanent batteries. Recent phones from the likes of HTC and Motorola spring to mind. Indeed, due to a demand for more battery life (and, if you're paranoid, a desire to steal control away from users), more phone manufacturers are doing this. I personally don't trust this (I insist on being able to yank a battery in case of a sleeplock or wakelock), but consumers aren't the only voice in the matter, and the consumer doesn't always win in this market.

0
0

Don't listen to Snowden ... Intel: We've switched on CPU crypto for Hadoop

Charles 9
Silver badge

Re: Bah!

(JOKE RIPOSTE) I think that's the plan. If it's so transparent the hackers see THROUGH it, they can't see the cipher data meaning they don't know where to hack. Encryption where my data becomes invisible would be rather nice IMO (END)

But seriously, the easiest way to get data encrypted on a widespread basis is to make the process turnkey simple, and a transparent (automatic on-the-fly) process can be a step in the right direction if done properly.

As for the paranoia, you might wanna just wring your hands of the whole affair. Let's face it; few things have as much resources as a state, and if ONE state hasn't subverted half the programmers and coders in the world, then the Russians, Chinese, and Arabs have probably polished off the rest. Which basically makes it a case of "Don't Trust Anyone," which means nothing gets done anymore.

1
0

Steelie Neelie: EU biz can use YOUR private data WITHOUT PERMISSION

Charles 9
Silver badge

Because the tool that can hide you from the government can also be used to subvert and destroy it. That's always been the dilemma of governments that give some sort of liberties: those very liberties can be turned against the government, so the government is basically underpinned on trust. Which becomes more complicated in a country like the United States which was founded on DIStrust of government.

0
0

French gov used fake Google certificate to read its workers' traffic

Charles 9
Silver badge

Re: Techie question.... @Jamie

Even so, if your client has been pwned without your knowledge (due to a drive-by, for example), they could disguise the fact they stole your key by replacing any DISPLAYS of their key with your original one (false facades are common in malware now). In that event, how would you be able to tell that the key you see is the key you're actually using?

0
0

No anon pr0n for you: BT's network-level 'smut' filters will catch proxy servers too

Charles 9
Silver badge

Re: if the sites which host the workarounds are blocked...

That would just be considered a site hosting a workaround that gets blocked, too. Put it this way. A workaround for a workaround is still a workaround.

Frankly, I think all the tail-chasing is just an exercise to build evidence for whitelisting, which can deny by default.

1
0
Charles 9
Silver badge

Re: this will end in disaster

What about a whitelist? Then it's deny-by-default.

0
0
Charles 9
Silver badge

Re: Change the DNS server...

So even if you poll DNS directly from your PC, it'll still change the DNS request to BT? What about an obfuscated or off-default DNS request?

0
0
Charles 9
Silver badge

Re: Who cares!!!

"all am going to say is look at chinas firewall and your see why filters will not work"

IIRC China's system doesn't outlaw all encrypted traffic and doesn't work on a whitelist system (meaning you can ONLY go to those sites they've vetted, meaning new sites are blocked by default). Without this "deny by default, deny when in doubt" attitude, things will still be able to slip through.

0
0
Charles 9
Silver badge

Re: First they came for the DNS

If that were true, it wouldn't be able to block an encrypted connection because encrypted data, by definition, can't be sniffed. Has anyone been hit with a "Site Blocked" message while using HTTPS that's either direct to the IP or using a third-party DNS? If so, then IP checking must be in place at the least (how else would they catch a connection for which the only thing they know is the IP).

2
1

Forums