* Posts by Charles 9

6613 posts • joined 10 Jun 2009

Test burn on recycled SpaceX rocket shows almost all systems are go

Charles 9
Silver badge

But the clamp can have a larger margin of error AND could potentially be able to clamp the rocket beyond the unstable point, which you cannot guarantee with a passive barge rolling in unexpectedly unstable seas. Also, thrusting into the clamp can be employed as a motive force, like how lever action closes the clamps of a grab arm. Use a decent diameter cone, like how mid-air refueling boom has a margin, plus with such a rig there's a greater margin of vertical velocity error versus trying to land on a rolling deck.

0
0
Charles 9
Silver badge

I'm pretty sure SpaceX have done their homework on this, but perhaps someone can enlighten me on exactly why they need to recover their first stage by means of a controlled landing rather than something simpler like say some kind of flexible webbing to catch it as it falls a short distance or some kind of docking clamp system with room for error, thus reducing the odds of hard collisions.

1
0

Microsoft’s Get Windows 10 nagware shows signs of sentience

Charles 9
Silver badge

Re: Turn off updates - problem solved.

Except last I checked TeamViewer and Join.me are both potential avenues for malware themselves from their respective publishers. Plus what happens when the GWX stuff gets piggybacked into mandatory security patches, making it a Take It Or Leave It proposition?

0
1
Charles 9
Silver badge

Re: Works for me.

Don't be surprised if a mandatory security update sneaks that back in in another form.

1
0
Charles 9
Silver badge
Joke

Re: An idea

Guessing Microsoft, I think they'll install it anyway and send you the bill.

PS. Though I'm kidding right now, I dread to think it's not really a joke.

1
0
Charles 9
Silver badge

"PS. LibreOffice remains an unfinished, under-featured knockoff. Does itr have macros yet?"

It certainly does. I've used LibreOffice Basic and other languages for some time now.

0
0
Charles 9
Silver badge

Re: That's a nice OS you have there, Microsoft

Go ahead and try, they'll say. They'll be after your head when their WINDOWS-ONLY software won't work on it...

And BTW, the software that'll get you in trouble won't work on WINE, either...

0
1
Charles 9
Silver badge

Re: and the winners are...

And then they get slammed when they find out their tax software or the latest came won't run on Linux. Even most consumer software is Windows-only with no analogue on other systems. So before you jump ship, you BETTER make sure the lifeboat's fully stocked.

1
1
Charles 9
Silver badge

They won't try, under the risk that another update links GWX to tightly to the OS so that trying to remove GWX elements risks bricking, meaning the AV vendors can be staring down the barrel of a lawsuit.

0
1
Charles 9
Silver badge

Re: BULLOCKS

If Linux is all that, where are all the games? And I'm not just talking indie stuff, either. I'm talking the latest mainstream games like Fallout 4. Why aren't they on Linux or SteamOS in spite of all the pushing by Valve?

0
2
Charles 9
Silver badge

"Luckily Linux seems not to honour that crappery on files but removing Microsoft malware from the registry can be a problem."

There are some things even root can't remove. Like things under control of the kernel like a zombie process (something locked in something like an I/O wait state that'll never clear). That was the thing with that North Korean OS mentioned a while back. A lot of the Big Brother stuff is baked straight into the kernel, to the point that not even root can mess with it.

2
0

Confirmed: How to stop Windows 10 forcing itself onto PCs – your essential guide

Charles 9
Silver badge

Re: "Upgrade" will be pushed down to everyone's throats, as security patch if nothing else helps.

"So it will happen when semi-voluntary updates stop: Only way to stop it is to stop updates, as long as you still can do it."

Then you get caught between Scylla and Charybdis when a zero-day total-pwn exploit appears in drive-bys, meaning you face a dilemma: get the necessary security update and get pwned by Microsoft or go without and get pwned by the malware. And going Linux is not an option because most games require a to-the-metal Windows install (especially once DX12 hits mainstream--VMs don't work well with the cutting edge).

0
0
Charles 9
Silver badge

Re: Give MS feedback

Nah, they'll just start filtering the mail en masse and dumping anything resembling a rant into the incinerator. Only something that directly influences their finances or their investors will get their attention. That usually requires legal action, but Microsoft also has plenty of legal bases covered.

0
0
Charles 9
Silver badge

Re: How to stop Windows 10 forcing itself onto PCs – your essential guide

Don't buy anything, just stick with what you've got because, frankly, most games require it since they're not WINE or VM-friendly.

0
0

Council of Europe gets tough on net neutrality

Charles 9
Silver badge

Re: QoS...

But they ARE selling what they can actually deliver, as an "up to" only describes a maximum, not a minimum. Anyway, minimum speed is frequently beyond their control--weak links in any given communication can come from one of the myriad links along the way, meaning minimum speed is impossible to deliver. So how are you going to deal with this kind of market where the ONLY thing you can guarantee is a maximum?

0
0
Charles 9
Silver badge

And then there's the matter of obfuscation. How will an ISP do QoS when the bulk of traffic is encrypted and thus hard to inspect?

0
0

Debug code cracked case in hunt for mystery Silverlight zero day

Charles 9
Silver badge

Re: Silverlight

No chance. There are plenty of systems that REQUIRE Silverlight to run, just as there are expensive systems that REQUIRE Flash to run. Unless there's an exploit that can run their damage into 8 or 9 figures, the accountants will have no justification to switch out the expensive piece of kit.

0
0

Nvidia GPUs give smut viewed incognito a second coming

Charles 9
Silver badge

Re: A couple of lines of C will fix this

Unless the program is performance-sensitive and needs to hand off quickly. That's the thing with GPUs; they're built for high performance, and things like memory wipes are time-consuming. How do you reconcile the two?

0
0
Charles 9
Silver badge

"One can also check an executable before it becomes a process (pretty sure scanners do this) and by watching the _actions_ of a process: You want to open SMTP?"

But what if the malware waits until it becomes a process AND disguises its malware act as a legitimate act (Yes, I have to open SMTP--I'm an e-mail client!)? Then you need more sophisticated sniffing that can also work outside an encryption envelope, meaning it has to be able to see the process while running.

0
0
Charles 9
Silver badge

Re: Linux Nvidia here

Not just you. Happens with my AMD card, too. Think is has to do with the HDMI standard more than anything in that it has issues with displays being turned off.

0
0
Charles 9
Silver badge

Re: I imagine NVIDIA are in the clear

"A GPU driver could use a similar scheme and (as already mentioned) certainly has the bandwidth to make it affordable."

But not the TIME. GPUs are normally built for high performance, so there are frequently zero-time context switches (a freed buffer has to immediately go to another application, with no chance to wait because, like I said, performance is demanded). Now you're in a security-vs-speed dilemma, and people why buy performance GPUs will demand the latter.

0
0
Charles 9
Silver badge

Re: Lotgs of hot air in this thread

"Going incognito doesn’t hide your browsing from your employer"

That copout is due to hypervisor capabilities in enterprise settings. Basically, Incognito can do squat against an agent that can snoop at all programs actively running. Basically, that scenario is like getting caught with a salacious book wide open. You can't do much against that kind of eye.

Nevertheless, Chrome should be obligated to perform due diligence when handling incognito windows. It should, as standard security procedure, retain the information for no more than is absolutely necessary to function, meaning any information it no longer needs should be immediately wiped clean to minimize administrative/hypervisor/root-class malware spying.

1
0
Charles 9
Silver badge

"If any program (let's restrict that to non-root UID) can see another's memory then privacy and security is gone."

Then we're essentially doomed. Anti-malware, anti-cheat, basically any defensive program worth its salt MUST be able to see into other processes to make sure they're not malicious, and if THEY have to do this to be able to function, any other program can pretend to be this, too. We've gone into a Quis custodiet ipsos custodes? situation, and there's no easy answers to that.

0
0
Charles 9
Silver badge

But Google created the content AND presented it on an OS with GPU compositing, meaning they KNEW their stuff would show up on the GPU's RAM. As as saying goes, "You made the mess. You clean it up." There's not much Google can do with active Incognito pages in GPU RAM since it must be in an accessible state for the GPU to put it on the screen. But once the page closes, Google should assume the memory won't be cleaned up on its own, so it should zero or otherwise blank the page before releasing it.

2
0
Charles 9
Silver badge

Re: I've been waiting for someone to notice this vulnerability

Then it should be an option on the free() call, unless it's a free called by the program's termination (in which case it can an automatic wipe; performance becomes less of an issue in the graceful termination phase). That way, the program can judge if the memory needs to be wiped (for example, because sensitive memory is involved--they'll want to clean it regardless and doing it this way minimizes the chances of a read by elevated code). As for abnormal termination (essentially "nuking" an app), then perhaps only then should the OS intervene and wipe the program's memory space as it's performing an intervention. Any other method should leave it the program's responsibility.

0
0
Charles 9
Silver badge

Re: I've been waiting for someone to notice this vulnerability

"This bug is common in graphics drivers... not familiar enough with the inner workings of OpenGL to know but I'd assume the driver could zero framebuffer and texture memory when deallocated/no longer used. Maybe this is hard or non-performant."

The problem is that memory wipes take time, and GPUs are typically built for high performance, meaning it's a trade-off. Speed frequently clashes with security, unfortunately. And in a paranoid system, one should assume their mess won't be cleaned up for them.

PS. Why should the memory be wiped on the alloc? Shouldn't it be wiped on the free instead?

2
0
Charles 9
Silver badge

"The O/S certainly should clear memory that has been owned by a different process. Otherwise, as has been said above, there are at least privacy issues. It absolutely has to clear memory previously owned by a process with a different UID."

But what if the program in question is a recovery tool that NEEDS to see that memory? One size can't fit all here, and the principle of DTA dictates that ultimate responsibility falls to the program that made the data (the origin point, if you will, the point of first responsibility). If you don't trust another program to see their data, it should be wiped before you release it. And before you say the OS should do this (maybe not wipe on the alloc but on the free instead), remember that bulk memory operations mean an unavoidable performance hit, and if the OS is designed for high performance, such a hit may not be desired.

1
1
Charles 9
Silver badge

"On a well designed OS, the apps should not even be aware that other apps are running and each app should be able to consider its own memory space private and secure. We're not quite there yet, but it's a good aspiration ;-)"

Can't. There are times when an app NEEDS to know another app or module is running. Example, what good is a web browser without an Internet connection, which means knowing the socket driver is available, which may or may not be in Userland (depends on the OS, but microkernels by design would put everything non-essential into Userland). And there are such things as "ethical" process snoopers like anti-malware and anti-cheat programs.

3
0
Charles 9
Silver badge

Re: been like this for years

This has been a known exploit since the earliest days of personal computing. It was quite common to quickly reboot a machine and discover troves of information left by the last program running (I used to do this quite a bit in the latter days of using my Commodore 128). I recall very few programs have the know-how to interrupt the warm boot sequence to erase their code to block this (I think Lenslok-protected games actually cared).

4
0
Charles 9
Silver badge

Re: Video driver clearing memory

Basic defensive SECURITY programming says Don't Trust ANYONE. That goes backwards AND forwards. In other words, don't make assumptions of inputs AND don't release anything you don't want seen since anything you release COULD be seen. So like I said, Chrome should wipe any Incognito pages before releasing their framebuffers on the assumption that they don't want the contents to be visible to anything else.

There's also the matter of the KISS principle. Assume the least work was done on your request, and do yourself the least amount to accomplish your goal since you may be subject to delays or repetition that result in small delays adding up. Why should Diablo blank their framebuffer if they're just going to immediately overwrite it anyway?

10
0
Charles 9
Silver badge

Why is it a bug in Diablo? They initialize the memory with their first frame of rendering. What happened to the framebuffer before them is, frankly, none of their business. It should fall on Google to ensure that when a Incognito page is closed, it's blanked BEFORE it's released. In security terms, this is a memory leak on THEIR part.

28
1
Charles 9
Silver badge

Re: Video driver clearing memory

"But doesn't an O/S kernel zero out regular memory before handing it to an application?"

Why should it? The memory you get from an allocation should be considered to be "undefined", and therefore it should be the applications' responsibility to handle it accordingly, using as you said common memory-fill techniques if necessary.

"GPUs are often touted as having large memory bandwidth, so surely they can use a bit of that to zero out a newly allocated region?"

Again, that's if they WANT that. If you're allocating the framebuffer to say play a video, then zeroing is redundant. You let the video take care of that.

I'm agreeing with the point that if an application is touting a low-trace operating mode, the onus is on the application to ensure low-trace operation.

10
8

UN privacy head slams 'worse than scary' UK surveillance bill

Charles 9
Silver badge

Re: The more I think about all this

But plenty of poor are poor of their own doing, some sick are beyond help, some bums are too proud to accept shelter, and as a comedian said, "You can't fix stupid.". Also, as others say, "Haters gonna hate." Some people want to destroy you simply because you exist, and people today won't accept even minimal levels of personal risk. So what do you do when people are threatening to vote you out unless you stop such an enemy scenario?

0
0

13,000 Comcast customers complain to FCC over data caps

Charles 9
Silver badge

Re: Data caps are just a small problem by comparison

All fine and dandy. But how do you force the issue?

0
0

Boffins switch on pinchfist incandescent bulb

Charles 9
Silver badge

Re: TCO? @ Jonathan Richards 1

"On the other hand if "they" had ensured that there was enough clean nuclear power available ...."

There are those who would argue that emboldened term is an oxymoron.

1
0
Charles 9
Silver badge

Re: TCO?

" This has now been exposed, though known by anyone expert for years. You need about 20W + of CFL or LED to light the same area to same brightness as a 100W lamp."

Funny. From what you say, the packages I read on a regular basis would then be accurate, because the 100W incandescent analogue in CFL is rated 26W (over 20 as you said). The watt ratio is roughly 4:1. A 9W CFL is roughly supposed to put out as much light as a 40W incandescent, a 15W a 60W, and I think an 18W a 75W.

1
0

American cable giants go bananas after FCC slams broadband rollout

Charles 9
Silver badge

Re: Fsck all of them...

Have you tried threatening them with a lawyer? Given your Internet is wireless, this falls directly into the FCC's purview (since wireless bandwidth has to come from the feds first), so unless they can show where the data use comes from, you can claim they're defrauding you.

0
0
Charles 9
Silver badge

Re: Comcast and Co disagree

That's assuming the trenches aren't already covered up. If they are, then that's an added expense. Remember, a lot of the infrastructure in America has already been installed. This is one reason New York is so difficult to wire up (200+ years of densely-packed existing infrastructure to work around).

As for the local monopolies, that's basically a necessary evil. For these small, poor, isolated communities, it was basically take the sweetheart deal or stay in the dark, because NO company would be willing to plunk down to build out to the boonies without some assurance of RoI. If there were to be restricted by law, the numbers wouldn't add up and they wouldn't even try. Remember, wires in America are more often than not privately owned, and companies frequently reserve the ultimate option to call Leave It and declare No Deal.

0
0
Charles 9
Silver badge

Re: A serious problem

What you describe demonstrates capitalism in action. Business customers draw a higher rate, can frequently be metered, and can sign longer-term contracts. These buildings probably agreed to chip in for the gigabit rollout to their area as part of the contract. For an area to get additional coverage (which means extra infrastructure which means additional costs), you usually need either connections (such as getting in on new construction while the ground's already torn up), numbers (if an entire neighborhood contracts to sign up for gas, internet, or whatever, the utility has better incentive to plunk down), or money (affluent areas can usually pony up if they want it badly enough).

This has always been the problem with rural Internet coverage. They lack any of the three. They're sparsely populated, frequently of a lower standard of living, and as a result the community as a whole is lacking in capital. That's why many of them get tied up in sweetheart deals: it's the prime condition the companies will insist before they're willing to go out on a limb.

0
0

Exploit kits throw Flash bash party, invite Crypt0l0cker, spam bots

Charles 9
Silver badge

Re: Frends don't let friends install Flash

But the few that remain become that much more difficult to deal with. What do you do when your very-expensive enterprise system requires Flash to control it? Switching it out is not an option due to the accountants, who tend to be able to trump the security team (after all, accountants can influence the IT budget).

0
0
Charles 9
Silver badge

Re: vulnerable

You can avoid Flash vulnerabilities by not using Flash, but many people don't have that option, requiring flash in their everyday activities. And yes, if they want to infect people badly enough and they can acquire one (this can be tough; usually it's states and other powerful agencies that hoard them), they MIGHT use a zero-day vulnerability.

As for Windows 10, that's still done by Adobe IIRC. The only company helping Adobe with Flash is Google, and only in regards to Linux and Chrome.

1
1

How hard can it be to kick terrorists off the web? Tech bosses, US govt bods thrash it out

Charles 9
Silver badge

Re: Free Speech is Liberty

What makes you think they didn't come from ISIS. I mean, three men with material essential to any serious farmer commited quite a bit of mayhem 20 years ago, and technology means more and more power can be obtained by an individual over time. What's to say a lone wolf couldn't wreak national-scale mayhem today and we just don't want to admit it for the sake of our sanity?

0
0
Charles 9
Silver badge

"Disaster ensues."

Then you're basically saying, "Damned if you do, damned if you don't". If it isn't the government screwing you, it's robber barons (think the GIlded Age). Somewhere along the line, SOMEONE will have the chutzpah AND the capability to usurp, one way or the other, and since this is basic human instinct when they see a zero-sum game (it's you or the other guy), we'll never see this go away.

Which may be why no "people-centric" government doesn't seem to last for too long in historical terms. Every one of them degenerates or collapses due to simple human nature.

0
0
Charles 9
Silver badge

Furthermore, what happens when a crisis hits, like a war, and you NEED the government to rally and protect you from the enemy? World War II was a legit example. No single state could muster the forces necessary to defeat the combined Axis Powers, and since we were also deep in the Jim Crow era, there was also considerable friction between northern and southern states. Only the central government can override these frictions and unite the nation in war.

So IOW, you MUST trust the central government at some point, or there's no point in a government to begin with.

0
1
Charles 9
Silver badge

Re: A possible answer !!

But what downsides are there back home? Before you say "terrorism," note that some people hate you for your mere existence. I believe they call that, "Haters gonna hate."

As far as the home turf is concerned, doing nothing is not an option, and the people DEMAND a robust solution. Otherwise, they'll vote you out. So what's a country who demands they be doing something effective to do when there is NO such thing as something effective to do?

0
3
Charles 9
Silver badge

"The problem is that people came to trust government at all."

And the problem behind the problem is that your average person isn't interested in anything as remote as that. They just want to see tomorrow, that's all. The simpler their lives can be, the better. It takes a certain amount of enlightenment to be able to question things around you; most don't have the intellect for that.

1
1
Charles 9
Silver badge

The enemy doesn't NEED backdoors, just a general idea. Unlike us, bound by Rules of Engagement, the enemy can attack indiscriminately. There's no such thing as neutrals to them: there's allies, enemies, and sympathizers, and the latter two are fair game. Thus civilians get targeted instead of, say, military installations.

1
11

Catalan town hall seriously downsizes monarch

Charles 9
Silver badge

Re: Inventive?

That's why I said "can" instead of "will". In places where freedom of speech is not strongly assured, dissing the country's leadership will draw at best dirty looks and at worst LEOs. Your mention of the Sex Pistols expression probably showed England is tolerant enough to let the isolated case slide as a nonviolent protest. In the Catalan case, it appears to be somewhere in between: a summons to explain oneself.

0
0

T-Mobile US boss John Legere calls bulls*** on video throttling claims

Charles 9
Silver badge

Re: Pink?

So what happens when you tunnel into YouTube through a VPN? Now T-Mobile only sees scrambled data. How will they know what you're doing?

0
0
Charles 9
Silver badge

Re: When Unlimited != Unlimited

The reason "setup" and "login" came into vogue is because the style you cite is considered grammatically correct: dangling prepositions (proper style says prepositions MUST have an object, as in "up the creek" or "in the hole").

0
0

Forums