* Posts by Charles 9

16605 publicly visible posts • joined 10 Jun 2009

Universal basic income is a great idea, which is also why it won't happen

Charles 9

Re: We already pay people to do nothing

Point is, people will cheat. There will be people who will attempt identity theft to steal someone else's benefits. Used to be a common crime to steal old-age benefit checks.

Charles 9

Re: Alternative systems.

Few "useless" people see themselves as useless, so there will be a pushback, and any attempt at a "B Ark" solution would probably hit Murphy's Law and be countered with a Captain Peachfuzz.

Charles 9

Re: It works..

Shelf stacking of odd-shaped items and cleaning of old, contorted sewers requires a level of dexterity not available to robot technology yet. Thus why no robo-plumbers as of yet.

Elderly care introduces Uncanny Valley issues since most will insist on human-to-human contact.

Charles 9

Re: Next step for welfare

As the comedian once said, "You Can't Fix Stupid," but that raises the thorny question of what to do with people who just don't get it...but still have family who may worry about them.

Charles 9

Re: UBI is the future

"There's nothing stopping those workers doing that now except the lack of sufficient better employers. I can't see why UBI should improve that situation."

There's a greater chance they'll go "sod this" and walk away from the workforce. UBI may not be enough, but people may pool and get by for long enough to make employers reconsider standards of work when the available work pool shrinks.

I'll grant you, employers may pivot to other tactics, though, like getting machines to do the work instead or finding a more-reliable source of cannon fodder.

Charles 9

Re: We already pay people to do nothing

You accepted a REDUNDANCY offer. Redundancy, voluntary or not, is considered getting laid off, as INVOLUNTARY redundancy usually follows if there aren't enough takers.

Voluntary termination means things like two weeks notice, or simply walking away of your own volition.

Charles 9

Re: fast forward.

No, it was the Black Death which sent a shock through the human capital supply. Hard to farm without farmers.

Google Chrome to block file downloads – from .exe to .txt – over HTTP by default this year. And we're OK with this

Charles 9

Re: Doesn't make any sense

How recursive is it, because now you can be talking about ZIPs IN ZIPs?

Charles 9

Re: Sounds OK

Blame the tragedy on humanity itself. People are Stupid, Stupid can't be trusted, and while You Can't Fix Stupid, Stupid can easily take the rest of us with them. If you want to solve your problem, solve this one first. My thought is that we need to evolve a better human first.

Charles 9

Re: Serious overreach

"Warning people is fine -- "

Until people IGNORE the warnings. Remember Click Fatigue?

Charles 9

Re: Doesn't make any sense

Well then, Open Document and OOXML files are going to trip it up, because guess what they are at their most basic level? Magic Number scanners are going to get tripped up by the increasing use of ZIP as a basic container format.

Charles 9

Re: Doesn't make any sense

"(Its an obvious fact but obviously not well known because my workplace bans the sending and receiving of ZIP files so you have to rename them to send them outside the building)"

Just be glad your firewall doesn't do magic number scanning to check for trick files, then, because it'll get tripped up by the fact a lot of modern formats are actually containers based on (guess what?) ZIPs. The Magic Number trick isn't as useful as it once was because of this.

Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks

Charles 9

Re: And this is why drivers should only be in user space

How about high-throughput networking which requires very low latency to avoid choking?

Charles 9

Re: And this is why drivers should only be in user space

Plus it wouldn't stop flaws in the kernel itself being used to escalate privileges. Plus how do you deal with latency-sensitive stuff without context thrashing?

Built to last: Time to dispose of the disposable, unrepairable brick

Charles 9

Re: Used cars vs. new ones

What about a two-year-old ex-lease? Since that's a legal contract, there's an obligation to keep the car in working order, right?

Astroboffins may have raged at Elon's emissions staining the sky, but all those satellites will be more boon than bother

Charles 9

Re: If balloons are economically feasible, why are satellites?

Well, one claim is that latency will actually be better because data travels faster through the air than through a solid medium.

Charles 9

Re: Nuts

I'm surprised this plan hasn't already been red-flagged by SOME exchange due to the potential for latency arbitage.

Charles 9

"Some hundreds of kilometres of rock are available to block the yammering of Earth. With the advangage of lower gravity and less environmental hazards, telescopes could be built bigger, more flexible and probably cheaper and they would never run out of volunteers - I'd be one - to act as maintenance men and operators."

But since Luna has no breathable atmosphere, and since you'd still need a link back to Earth, that sort of puts a floor on the maintenance costs. Just think how much it cost for each Apollo mission.

Charles 9

I suspect costs will hit a floor eventually, determined by sheer physics; namely, it takes A LOT of energy to move something from the ground to orbit, and there aren't a tremendous amount of resources once you're up there.

Charles 9

Re: Jamming

If you're a country like China, you really wouldn't care (my country, my rules). And I would think it would be pretty easy to detect ground stations, stationary or not, simply by detecting their transmissions, which would be both of a specific frequency range and a certain minimum level of power.

American bloke hauls US govt into court after border cops 'cuffed him, demanded he unlock his phone at airport'

Charles 9

Re: Good luck

If you're BORN in the United States, jus soli is in effect because of the 14th Amendment (reinforced by the Wong Kim Ark SCOTUS decision). The man can officially run for President. Where in the Constitution does authority allow for the stripping of birthright citizenship?

PS. If you say, "What Constitution?", then all bets are off anyway.

Charles 9

Re: Just say "Yes Sir"

OR you have no choice. If your work relies on carrying lots of confidential data in a NOT-spot...

Charles 9

Re: Just say "Yes Sir"

"If everyone had your attitude, the British would still rule India and black people would still get lynched in Mississippi."

Doesn't always work. Look what happened in the Middle East. It's like why Agateans in the late Terry Pratchett's Interesting Times never noticed anyone on horseback: anyone who did died. Similarly, if the customary response to someone resisting a jackboot is a bullet or 10 to the brain, people start preferring the jackboot. Always be wary of someone who is ready to say, "Well, if that's the way YOU want it..."

ICANN't approve the sale of .org to private equity – because California's Attorney General has... concerns

Charles 9

Re: not the word I would of picked

I sincerely hope the above was not intentional, or that would the ultimate irony. Perhaps one should be up to there with oneself at this rate.

Charles 9

Re: Good

"Isn't it awful when some nanny state tires to stop people harming themselves and other people?"

Is it any more awful when some Laissez-faire state lets people do as they please and stupid people end up taking innocent people with them, including perhaps someone close to you?

And incidentally, it's kinda hard keeping your air clean when you live in a thermal inversion zone like Los Angeles County. Why do you think "California Emissions" were a thing decades back?

LCD pwn System: How to modulate screen brightness to covertly transmit data from an air-gapped computer... slowly

Charles 9

I believe CTRL-ALT-LED is based on that. Thing is, this technique works even with a user logged in unless the user in question regularly handles things in the red spectrum. Plus it can work indirectly (meaning the camera doesn't have to directly see the screen; the reflection off a wall IIRC is enough, and most facilities don't have flat black walls).

Facebook mulls tagging pics with 'radioactive' markers to trace the origin of photos used to build image-recog AI

Charles 9

Re: Almost entirely pointless

How are they going to do that without access to the clean sources? And without the clean sources, how can one be sure they got rid of all the stego, given many stego techniques can withstand various levels of alteration?

Charles 9

Re: Eggheads? No, more likely PR drones.

X-rays can't be radioactive (they're electromagnetic radiation), but some sources certainly would be (the most common way, though, is to emit high-energy electrons at tungsten, which isn't itself radioactive).

Google keeps tracking you even when you specifically tell it not to: Maps, Search won't take no for an answer

Charles 9

Still think there are ways around it, especially if computation is done on the phone (limiting available data). Get enough "noisy" data from a necessarily-limited dataset and you can "de-noise" it enough to be usable. It's classic de-anonymization.

At last, the fix no one asked for: Portable home directories merged into systemd

Charles 9

And if it turns out to be someone OVER IT's head, like an executive?

Charles 9

Re: Solved this problem years ago

And if the server went down? Or something on the network decided to have a bad day? And what about hot-desking between OFFLINE machines?

There are already Chinese components in your pocket – so why fret about 5G gear?

Charles 9

Which then makes you wonder, what about other parts of the world? Or is what we're seeing fundamental to the human condition?

IOW, will a better political system require a better human first?

Remember those infosec fellas who were cuffed while testing the physical security of a courthouse? The burglary charges have been dropped

Charles 9

Not really. They can petition to get the charge expunged (removed from record) since they were cleared of wrongdoing (6th Amendment presumption of innocence).

Charles 9

Re: "...elevating the alignment between security professionals and law enforcement."

The sheriff in question was out of the loop and claimed jurisdiction due to federalism (the building was of municipal jurisdiction, the state normally doesn't get involved in municipal matters under federalism). If you tried something like the above on him, he probably would've added additional charges, sued to have the terms declared null and void, and try to fine the people involved several times over.

That's the problem when you start dealing with government agencies: sovereignty gets involved (which means someone's going to claim overriding authority--that includes contracts).

What is WebAssembly? And can you really compile C/C++ to it? And it'll run in browsers? Allow us to explain in this gentle introduction

Charles 9

Re: WSAI sounds like something that needs to be VERY off by default.

Sorry my butt! No one knew that ship was full of poison. Call the ship back to port before it sinks and pollutes all our water! I'd much rather such things be either standalone apps or thin clients presented by protocols such as VNC. It's the simplest way to make most of the Internet much safer and more secure. This is one time we MUST stop stupid before he takes the rest of us with them.

Charles 9

Re: WSAI sounds like something that needs to be VERY off by default.

You can't exploit a VM that isn't there, and with VMs, Red Pills are all the rage these days. The question should REALLY be, "Do we REALLY need this?" To reduce the chance of an exploit, reducing the surface area helps.

Charles 9

Re: Seems familiar

"Wasm's "means of accessing the outside" is whatever the embedder chooses to expose. In a browser that means exactly the same access to the outside world as JavaScript - the DOM, canvas, web audio etc. with all the same cross origin & security model checks. Anything that a browser stops you doing in JS it would also stop you doing in wasm."

And IIRC some scripts were able to escape those security measures, and the risk will always be there, meaning the ONLY way to keep the browser safe is to ignore Joe Stupid's demands and not offer the feature at all.

Charles 9

Re: "if you’re a company developing a new application, why make it native?"

Did your code also take into consideration RTL languages? Different filesystems and other logistical differences? Was it smart enough to recognize different architectural limitations (like the <256-char and >256-char limit depending on whether or not you were using Unicode in Windows)?

Charles 9

Re: Runs outside the browser

"Can any grey beard name _one_ attack vector of wasm code you write running outside of a browser that is not significantly less of a risk than _any_ other mechanism for running code you have in 2020?"

Yes, actually: the same attack vectors that existed before. If you're going to do anything new, why not make it have fewer potential vulnerabilities? And if you say that's the price of admission, I contend the price is too high and a new approach is needed: Joe Stupid be damned.

Charles 9

Re: Also want more security info

Funny thing about traps: some nutters are clever enough to escape them, so I don't necessarily trust the runtime.

Charles 9

Re: Of course it completely ignores the main problem of any program code in the browser...

"As for crypto miners, I suggest you look at the sites you're visiting."

I suggest you look up a Drive-By Attack and see why that doesn't always work.

Charles 9

Re: Of course it completely ignores the main problem of any program code in the browser...

Or better yet, just use something already out there, like VNC?

Charles 9

Re: Heard all these promises before.. about 25 years ago...

Just because it's popular doesn't mean it's right. Shoe x-rays? Thalidomide? Just remember the amygdala hijack: humans can be suckered easily by appealing to their emotions, and ad men have become masters of this.

Remember the Clipper chip? NSA's botched backdoor-for-Feds from 1993 still influences today's encryption debates

Charles 9

Re: In the end ...

If a tree falls on someone's head and no one else is around, does anyone really give a soaring screw?

Or, to put to mind Rincewind, "You still wind up dead."

Charles 9

Re: In the end ...

"We either have a system that ensures some kind of dictatorship (benign or otherwise); or allow that 'stupid' will occasionally/often win the day and live with the consequences."

Consequences including taking the rest of us with them. Thus why you can't escape American imperialism or Facebook: because you get caught up by Stupid even without your intervention. So I say you MUST find a way to argue with Stupid. Otherwise, you're basically conceding we're stranded up the mountain, staring up at the avalanche and realizing the only option left is to curl up and pray.

Charles 9

Re: here we go again

You HAVE to consider overall rates because removing low-hanging fruit can simply make people seek other trees. Consider that neither the UK nor the US are very high in the per-capita suicide rates overall while two of the worst (Japan and South Korea) have strict gun-control laws. If they can't shoot themselves, they'll throw themselves in front of cars and trains, off of buildings, or just poison themselves. Frankly, crime rates and suicide rates can probably correlate more to environment and culture than anything else (the countries with the highest suicide rates, for example, are either broken socially or have crazy high social standards for success--for overall homicide rates, look for hotspots like southern California that inflate the stats for the rest of the country).

Charles 9

Re: In the end ...

"Some will not like it.

But then you can't please everyone."

But if you don't, you end up with people like Donald Trump up top. See the problem? If the voters demand unicorns and you tell them STFU, the next person to come along with a horn glued to a horse gets people voted out, and then you get what we're seeing now: solid proof that your approach doesn't work.

'Trust no one' is good enough for the X Files but not for software devs: How do you use third-party libs and stay secure, experts mull on stage

Charles 9

Re: It's actually not that hard

"You believe that anyone who disagrees with you is a "howler monkey", and present your opinions using a range of emphases that attempt to ram them down the throats of others (again, despite stating your own dislike for those that do exactly this) instead of engaging in calm, rational and meaningful debate."

Or perhaps one's speaking from the trenches and from firsthand experience. If someone's personally been to No Man's Land, they're going to have a different perspective, especially if one's been personally betrayed in the past. It's all a matter of trust. The article is saying we have to have SOME level of trust to get things done, but he disagrees on the exact level. Me? I'm reminded of the phrase, "If you want something done right..."

Charles 9

Re: It's actually not that hard

"It sounds to me that your problem isn't JSON, but the proliferation of third-party libraries built to handle it. There are plenty of programming languages with either built-in support for JSON, or with "official" libraries, or reference implementations of serialisers / deserialisers. JSON is, at the end of the day, just a way of formatting data so that it can be easily passed around as a string in a platform-independent way."

It's that last part that gets you. No one can ever agree on most things: not even what counts as a "reference" implementation.

Frankly, the only way to be sure your code works consistently is to not rely on outside control. Or rather, if you must, lock it in place such as with an internal copy or static linking (thus the need for flatpacks and other implementations of multiple conflicting versions of the same library). IOW, move away from global dependencies and keep them local in scope. Close to the vest is the safest way to avoid a switcheroo.

Charles 9

Re: Unless

I would think that would make it easier, not harder, as a sneaky saboteur can just hide among the noise, concealing things by scattering them among more-useful features and make the exploit by gestfault. I mean, it's not like there's someone poring over every little connection, is there? Probably not given the scram example you cited that slipped through. You say, "Many eyes...", I say, "Too many cooks..."