* Posts by Charles 9

6613 posts • joined 10 Jun 2009

Why a detachable cabin probably won’t save your life in a plane crash

Charles 9
Silver badge

Re: Pointless Idea

There's also the matter of the infamous CFIT (controlled flight into terrain), where the pilots think they're flying through the air but then suddenly go CRUNCH. CFITs typically have zero warning and are already at ground level while going above takeoff speed, meaning physics dictates everyone's pretty much screwed.

3
0
Charles 9
Silver badge

Re: Reminds me of something Spike Milligan once said:

I guess this was before that one time when an aircraft suddenly depressurized in mid-flight, knocking everyone out and probably causing all aboard to die of hypoxia before the plane finally ran out of fuel and crashed into a mountain hours later.

4
0

State Department finds 22 classified emails in Hillary’s server, denies wrongdoing

Charles 9
Silver badge

Here's a very honest and serious question.

The article notes that some of the e-mails won't be released, even redacted, because they're part of Special Access Programs, basically "deny it even exists" clearance even above "top secret".

Here's the question. Given the nature of security, is it even possible for unclassified data to be reclassified, especially to SAP level, after it was previously disseminated in an unclassified level? It's sort of like a "genie out of the bottle" situation in that you can declassify something to a lower level but you can't classify something from a lower level to a higher level. The material has to originate at the higher level from the beginning. I know a bit about it because I had family in the military who had to deal with classification levels, and I've personally seen military media carrying things like green "Unclassified" designations.

8
0

T-Mobile USA’s BingeOn is a smash hit. So what now?

Charles 9
Silver badge

The main reason for the complaints has been that BingeOn picks winners. It says these servers are free while the rest eat into your data allowance. That's discrimination and against Net Neutrality.

10
1

VirusTotal bashes bad BIOSes with forensic firmware fossicker

Charles 9
Silver badge

The point is that the option will always remain open, which is something the EEPROMers may not have seen as necessary in a less-security-conscious world. Sure, there's the risk of flashing dodgy bits, but the point is that you don't end up like with those MacBooks: locked out. Worst comes to worst, you can always RE-flash. As for scenario #1, you're talking about someone able to subvert at the hardware level, meaning probably state-level adversaries. That's pretty much "bend over because you're screwed" territory because that's subversion at the physical level: the Nineteen Eighty-Four Panopticon. At that point, you're in DTA Mode because nothing is safe anymore.

0
1
Charles 9
Silver badge

Sounds like what's needed is some kind of fallback, built directly into the hardware so it can never be overridden, that allows you to reflash a firmware from some other source. Needs to be mandatory as a security measure.

0
0

US still lagging on broadband but FCC promises change is coming

Charles 9
Silver badge

Re: Nothing new here ...

One problem. Thailand is also much SMALLER. Now if you can show a place like Canada (which is larger than the US with fewer people) with universal high speed Internet even as far as Nunavut, then you might have an excuse.

0
0
Charles 9
Silver badge

Re: Politics

It's a political issue because Republicans are generally of the opinion that if you want it badly enough, PAY FOR IT—and most Republicans are of a high-enough income bracket that they can. You can't afford it? Tough, better luck next life...

1
0
Charles 9
Silver badge

Does all this talk of broadband rollout take into account the vast area the United States encompasses?

1
2

31 nations sign data-sharing pact to tax multinationals

Charles 9
Silver badge

Here comes the big problem. How do you tackle corporate money shuffling without violating sovereignty?

2
0

Intel and Micron's XPoint: Is it PCM? We think it is

Charles 9
Silver badge

Re: Duck

How about a miniature goose with a duck call?

3
0

Cops hate encryption but the NSA loves it when you use PGP

Charles 9
Silver badge

Re: Oh really

That's why, if they're REALLY interested in you, they'll spear-fish, drive-by, or use any and all means to pwn you at the endpoint: outside any encryption of obfuscation envelopes (because, at the end, the content MUST be decrypted for you to be able to employ it, seeing as we're not in Ghost in the Shell levels of technology where we keep cryptochips in our bodies as of yet.

0
0
Charles 9
Silver badge

Re: constant traffic component of OpSec

How do you reconcile that with a low bandwidth cap?

0
0
Charles 9
Silver badge

Re: An old but solved problem

Plus what if the server routinely alters uploaded pictures, potentially mangling most stego?

0
0
Charles 9
Silver badge

Re: No catch yer with Captcha

But they can still snag you when you're trying to set up that code. First Contact is always the most vulnerable phase.

0
0

Open source plugin aims to defeat link rot

Charles 9
Silver badge

Re: Hosts

Windows has it where it is due to it being the location of the TCP/IP stack. No such thing as /etc here.

As for protection, find one that's not only free but simple: turnkey simple, or Joe Ordinary won't get it.

PS. Why not use localhost? It resolves instantly, never goes out on the wire, and can be handled to your tastes, unlike any other number you can think of.

3
0

AI no longer needs to fake it. Just don't try talking to your robots

Charles 9
Silver badge

Re: @Nifty always something else next

I was noting that. The primary reason humans are kept around is because they usually have some role to fill in the greater machine of society. Take that role away, and some difficult questions need to be answered. If we go by the well-oiled machine of Mother Nature, the cold solution is to reduce the population down (removing the unemplyables) to where those jobs that still need a human to do them remain. Trouble is that humans don't react to well to such a scenario, which is why stories like "The Cold Equations" make us uncomfortable. Sure, it sounds nice that people could do like the Federation and just have a basic income, but it all breaks down when you start asking who's going to PAY for all that.

1
0
Charles 9
Silver badge

Japanese Medical AI...reminds me of an anime movie I watched once on the subject, called "Roujin Z". It's thought-provoking (it also touched on the matter of an increasingly-elderly population) but also decently funny.

2
0

Death to clunky, creaky rip-off cable boxes – here's how it will happen

Charles 9
Silver badge

Re: Interesting

The reason DSL doesn't work too well in America mainly falls to two things: (lack of) population density and the historic wiring of telephone lines. DSL bandwidth falls off over distance, so if the local telephone exchange is too far away (due to being in a rural setting or because the old telephone wiring was too convoluted), then you're SOL. I should know, I looked into DSL back when home broadband was in its infancy, and the telephone company (who BTW is usually as much a local monopoly as the cable company) said I was in the extreme range of the technology, meaning I was likely to have issues).

0
0
Charles 9
Silver badge

Re: Are those CableCARD ports

The VESA Feature Connector. That was intended for the likes of MPEG-2 decoder cards (that were needed in the late 90's to let computers watch DVDs at a watchable rate) and 3D Accelerator cards. The Feature Connector meant they could hook up to the graphics memory without having to go through the computer bus. I think that faded because bus standard kept changing and it became easier to just use the VGA piggyback method. Some like the 3dfx Voodoos simply switched between the base card and it, others (usually DVD decoders) used chroma-keying.

0
0
Charles 9
Silver badge

Re: Interesting

The only difference in the US being that baseline channels, for historical reasons, are sent in analog in the clear, meaning cable-ready analog TVs didn't need the box at all. It's only when you get to digital cable that the boxes are a necessity, and the cable companies played it cagey by making sure, except for the local channels until recently, again for historical reasons, all the channels were encrypted. In other words, it's closer to your situation now but there are still legacy traces.

1
0
Charles 9
Silver badge

Re: A First Step

Actually, there's a roadblock to that. They proposed something like that called the Downloadable Conditional Access System (DCAS). Only problem was the FCC had already demanded that the control module be transportable, meaning it can't be part of a TV for fear of lock-in. So it was CableCARD or bust.

Meanwhile, the FCC is trying to work on a successor to CableCARD called AllVid. I believe Cox's Contour system is at least partially based on AllVid.

0
0
Charles 9
Silver badge

CableCARD's been on a bumpy ride, plus there's the matter of finding a third-party box capable of using it, particularly the V2 cards that allow you to do Video On Demand.

0
0
Charles 9
Silver badge

Re: Death to cable(and sat) box

Unless like me you're in a bad reception area. All the local channels break up in my area, so it's another supplier or no TV, period.

0
0
Charles 9
Silver badge

Re: This is LONG overdue but they missed one thing.

The reason the cable companies were able to lobby to turn off ClearQAM is because they can (fair enough) claim unfair treatment versus digital satellite (DirectTV and Dish), who HAVE to encrypt their channels due to their signals transmitting nationwide yet not every channel is allowed nationwide due to local network restrictions which are actually mandated by the FCC (due to them originating in OTA broadcast which the FCC regulates). Unlike satellite, cable companies, being capable of operating in local clusters, are capable of tailoring their channel lineups per area to deal with the local channels without too much interference.

So you see, it's kind of a no-win situation unless the FCC takes the bold step to declare that cable and satellite are too different to be seen as subject to the same regulations.

PS. Even before the ClearQAM shutoff, ONLY local channels were transmitted in the clear; fair enough, as all the other channels are paywalled while the local channels were being sent in the clear OTA anyway. I loved that capability since it let me record NBC during the Olympics (I have an alternate system set up in time for Rio).

0
0
Charles 9
Silver badge

Thing is, since the cable companies settled on DOCSIS, cable internet has seen steady progress, and with DOCSIS 3.1 1Gbps over copper coax is tantalizingly close. So that's saying something. I think most of the push for DOCSIS came from the likes of Motorola and company (IOW, the cable modem makers) who weren't too pleased with having to tune their cable modems for different ISPs.

Now, there is a CableCARD standard out there to allow for a third-party STB to interact with a cable company. Look at the back of a cable STB and you just may find the CableCARD slot secured with a CARD in it. Problem is, for whatever reason, those boxes aren't available to the average consumer. Then there's the matter of the rental fees for those CARDs: usually almost as high as the boxen: at those rates, why bother?

1
0

Brit censors endure 10-hour Paint Drying movie epic

Charles 9
Silver badge

Re: Meh

They have to let every frame show in case of a secret frame (one you can only see clearly if you pause right on that frame). A fast-forward runs the risk of skipping the frame.

1
0

'Unikernels will send us back to the DOS era' – DTrace guru Bryan Cantrill speaks out

Charles 9
Silver badge

Re: Unikernel, No-kernel, whatever

So what are you saying? That all this will do is encourage hypervisor/Red Pill attacks?

0
0
Charles 9
Silver badge

Re: Forth

So what happens when you get caught between a reliability requirement and necessary complexity? Does it become a case of A Bridge Too Far?

0
1
Charles 9
Silver badge

Re: I assume...

I think that's what some of the commenters are saying: that in a containerized/virtualized environment, there's still a degree of separation in play: in this case between the guest and the host. And this degree of separation is more significant than the one between kernelland and userland; there's more abstraction between host and guest, which is why VMs can transport.

2
0

Five technologies you shouldn't bother looking out for in 2016

Charles 9
Silver badge

Re: Please not VR...again...

But there's still the matter of Simulation Sickness, and that's not going to go away for the same reason seasickness won't go away: because it's biologically-triggered. The very thing that we want to see in VR is the same thing that makes us sick: part and parcel, and the closer to realistic we get, the worse the problem will become.

1
0

Eight budget-friendly 1TB SSD data packers for real people

Charles 9
Silver badge

I don't know. You could say the same thing about tape drives, yet the consumer end hasn't seen any trickle down since the days of Travan cartridges. Suppose enterprise-class SSD retain some fundamental characteristic that, like LTO, makes it useful for business but still too expensive for the consumer end.

0
0

Stop the music! Booby-trapped song carjacked vehicles – security prof

Charles 9
Silver badge

Re: Automatic firmware updates

You're screwed either way. Either they pwn you via the unpatched exploit or they pwn you via an evil update. And for all you know, there's a wireless connection to that bus and you don't even know it or have the capability to remove it.

1
0
Charles 9
Silver badge

I do since the tape deck is worn out, there's no AUX port, and it's the stock 6-CD changer deck and I can't be asked to plunk down the few hundred it'll take to replace it as it's double-height.

0
0

Five reasons why the Google tax deal is imploding

Charles 9
Silver badge

Re: Think about it...

Maybe not 16%, but SOME appreciable amount. Otherwise, one of the many other businesses that would also benefit from the tax cut would decide to use the new leeway to undercut the competition. Competition is what keeps companies honest since they can't keep their prices high without risking losing business.

1
5

Show us the code! You should be able to peek inside the gadgets you buy – FTC commish

Charles 9
Silver badge

Re: Open Source FTW

"That would be a clear flag to everyone that the company practices do not stand the light of day!"

Not if it's "hidden in plain sight" using a gestalt of very subtle adjustments that are legitimate in and of themselves but when put together just so create the exploit. Remember, we're talking some of the highest stakes there are. Nothing is taboo.

"I believe such regulations would do wonders to embedded code quality even if very few people actually inspected the code: it would force companies to stick to proper configuration management process. Any short-cuts (such as shipping code with patches that only exist on some developers laptop) would make impossible for others to replicate the build."

Unless you use techniques like evil compilers or just go beyond the firmware and use state-level tricks like subverting more basic hardware chips. Eventually, you hit stuff that CAN'T be opened up due to copyrights, trade secrets, or even patents, which means you're going to have to trust SOMEONE. Only problem is, with these kinds of stakes, ANYONE can be bought (or pushed out of the way and replaced with someone pliable).

1
0
Charles 9
Silver badge

Re: Open Source FTW

"The best way to improve IoT security is to name, shame, and fine offenders. Source code is nice, but it's irrelevant without strong consumer protection."

What's to stop unscrupulous dealers then from seeing this coming, vanishing, and reappearing under some new cover in a game of Whack-A-Mole?

0
0
Charles 9
Silver badge

Re: We need another Underwriters Labs!

Nothing can really test for resistance to sabotage for the simple reason there's always an ultimate saboteur that no system can defeat: the one who PUT IN the anti-sabotage system in the first place. Even if you attempt to use multiple layers, you can just replace the single saboteur with a team: each member having put up one of the layers. And given the stakes involved in governmental elections, you can't count out such a scenario.

0
0
Charles 9
Silver badge

Re: The code is not enough

Unless the NSA can run shadow code that never shows up in compiled code, hiding somewhere in the hardware beyond even an X-ray...

0
0
Charles 9
Silver badge

Re: Electronic Voting/Counting Machines?

The problem is that a resourceful adversary can go beyond the code, to the chips where you eventually run afoul of trade secrets and patent protection. They can subvert hardware and hide it within the physical structure of the voting machines, and they can act outside the encryption envelope, defeating even a custom compile and making it exceedingly difficult to detect, even with an X-ray. At some point, you're going to have to trust SOMEONE, and when a state with a big purse (and probably backed up by big boots) comes in, it's hard to say if ANYONE is safe.

0
0
Charles 9
Silver badge

Re: Open Source FTW

Or it might do wonders for source code spyware obfuscation techniques. Or they could take the simple route and cheat...including bribing the enforcers...

1
13
Charles 9
Silver badge

"Both agreed there needed to be more dialogue to find a solution that worked for everyone. "

Given that some WANT to data mine and others want to block said mining, that puts them in direct, exclusive competition. It's opponents such as these that bring up the phrase, "You can't please everyone."

0
0

Kentucky to build 3,400-mile state-owned broadband network – and a fight is brewing

Charles 9
Silver badge

Re: The Business of America is Business

Sorry, pal. We're already in the handbasket. The choices this November are going to be between Dumb and Dumber (and maybe Dumbest on the outside), and that assuming Dumber's even on the ballot.

As for breaking the companies up, we tried that with Ma Bell. They just put themselves back together with acquisitions and threats to pull up stakes otherwise.

0
0

For fsck's SAKKE: GCHQ-built phone voice encryption has massive backdoor – researcher

Charles 9
Silver badge

Re: They all have the same flaw...

That still leaves the matter of the First Contact problem, where the parties have never met before. Plus, a resourceful adversary like a state can probably punch through an encrypted conversation almost as easily as an unencrypted one, making bad crypto worse than no crypto because it leads to a false sense of security.

0
0

West Virginia mulls mother of all muni networks – effectively a state-wide, state-run ISP

Charles 9
Silver badge

Re: The private companies had years to get this construction done.

Sure they do. They want it to be all or nothing. Either you do the middle mile AND the last mile, or you do neither.

0
0
Charles 9
Silver badge

Re: Run the layer 2 network as a gov utility, run the layer 3 as a private biz

Most utilities in America are run that way: as de jure monopolies (mostly to prevent NIMBY issues with redundant infrastructure. Thing is, people STILL complain about cheating and corruption by these regulated monopolies. Like I said, you can't win.

0
0
Charles 9
Silver badge

Re: Run the layer 2 network as a gov utility, run the layer 3 as a private biz

But Americans DON'T TRUST the government to do it right. And before you mention roads, let me remind you of some significant wear-and-tear issues and at least one tragic Interstate bridge collapse. There are those who say the government should get out of the way of EVERYTHING: including the military.

So basically, it's a no-win situation. They don't trust the government to do it right, and any private enterprise will always attach strings. Pick your poison. Most around here will take the latter.

0
0
Charles 9
Silver badge

Re: Run the layer 2 network as a gov utility, run the layer 3 as a private biz

I think because without the exclusivity agreement, none of the ISPs are willing to plunk down, especially to rural communities far from a trunk line. And the ISPs aren't dumb enough to kowtow to government-run lines, meaning either they have control from end to end or the government will have to operate the whole thing including the last mile, which raises socialism scares.

0
0
Charles 9
Silver badge

Re: Run the layer 2 network as a gov utility, run the layer 3 as a private biz

What about companies like Google that have high speed internal fiber? And how would the government regulate flow and who's allowed and who's not? Sounds a bit like the problem of trying to separate utility supply from utility transport.

0
0

How to help a user who can't find the Start button or the keyboard?

Charles 9
Silver badge

Re: The joys of answering the phone

What about if it's NEXT TO the washroom?

0
0

Forums