* Posts by Charles 9

8586 posts • joined 10 Jun 2009

Wait, wait – I got it this time, says FCC as it swings again at rip-off US TV cable boxes

Charles 9
Silver badge

Re: We're from the government.

Oh? Would you rather it be "The Reap an Rape Your Rear End Multinational Company Who's Cornered the Market" saying they're here to help you?

There ARE things scarier than the government.

0
0
Charles 9
Silver badge

Re: cut the cord

"The only reason to have cable TV at all is live sports. Otherwise, the internet provides far better, watch-anytime, alternatives."

Not if you want to record them and be able to watch them unplugged. Internet stream providers are wise and protect the streams up the wazoo, including many times using Protected Media Path which tends to block screen scrapers and HDMI recorders by invoking HDCP. At least the cable box I use doesn't protect the Component path, meaning I can still record HDTV off of it with a second box (and I used it extensively during the Olympics), all of which comes out unprotected meaning (after a little transcoding), I can watch the end results anytime on any device capable of handling AVC, AAC, and Matroska (thankfully, it's a large and growing list) without any need for a "by your leave" from the upstream provider: see it once, see it for a long time to come, even if the source disappears.

1
0
Charles 9
Silver badge

Re: We want it Simple.

But the CableCARD was under the media company's control. I'm looking for something under the GOVERNMENT'S control, with a mandated carry requirement and fines for noncompliance, much as the local channel requirement works. Given a choice between the devil of private enterprise and the demon of the government, I'd rather have the government. At least there I'm less likely to be left with a monopolistic Hobson's Choice.

Frankly, I wonder why no one hasn't filed a charge of cartel behavior yet, which IS in the anti-competition books...

0
0
Charles 9
Silver badge

Re: We want it Simple.

There's also the satellite and fiber providers who seem to have their own standards. Suppose the FCC mandates one standard to rule ALL of them: cable, satellite, AND fiber so that it shouldn't matter WHERE you go or WHOM you subscribe. Just stick the cable in your box and you're good to go. In fact, why not mandate the standard so that it's easy to just stick a module into the back of your TV (not built-in as that allows Planned Obsolescence) and be on your way?

PS. I mean this just for basic tuning. Recording and so on, OK let's keep that in a separate box.

0
0
Charles 9
Silver badge

Re: loop the loop

It's unworkable because the media companies (this won't just be about cable but also satellite and fiber, and because of that could also have an effect on the local channel obligation, too) don't want to lose their captive market in that area. NO ONE wants to lose a captive market.

1
0

HP Ink buys Samsung's printer business for a BILLION dollars

Charles 9
Silver badge

I actually called it right. I figured it to be about the size of an office copier (looking at the feet and the touchscreen), and the bottom shot shows I was damn close (a little bigger at most).

0
0
Charles 9
Silver badge

Re: And tomorrow...

"Dell make some pretty decent printers too"

I believe most of those are rebadged Lexmarks.

15
0

PCI Council wants upgradeable credit card readers ... next year

Charles 9
Silver badge

Re: Fuzznugets!

"At the moment, that doesn't seem to be a deterrent. It seems to me that most companies look at the costs and decide security isn't important enough to pay for."

In other words, they're gambling they don't get hit and pay a LOT more than the compliance costs as a result. That kind of attitude makes the problem intractable. The only way to make them take notice is to make the threat existential. Only problem is that these companies keep tens of thousands of vulnerable, innocent people employed in a shrinking job market.

0
0
Charles 9
Silver badge

Re: Fuzznugets!

""Securing" end terminals when all the recent major breaches have targeted insecure back offices of large companies non-compliant with even tenth of existing PCI standards."

Part of the reason for the push to EMV is to defuse this problem. EMV transactions use one-time codes, meaning if the numbers are nicked, they're still useless.

0
0
Charles 9
Silver badge

Re: Why don't they simply have a socketed ROM?

"Restaurant staff have more important things to worry about (like being able to afford next month's rent) than checking for fraudulent seals."

Except if the hack is traced back to them and their seals are found to be wrong, THEY get the blame AND the bill. Forget next month's rent at that point...

0
0
Charles 9
Silver badge

Re: Fuzznugets!

"Actually enforcing PCI DSS and having consequences for ignoring it would be far far bigger result than preventing me to target a grocery store where customers have maybe $10 left on their accounts to nick."

As I understand it, there ARE consequences in place since the beginning of this year. If there's a hack traced to you and you're not EMV compliant, YOU get to foot the bill. Many that don't use it are either in the middle of the lengthy software certification process or are gambling: putting off the upfront costs in hopes they don't get stung.

0
0
Charles 9
Silver badge

Re: Disposable credit cards

Many places won't take ephemeral cards because they know they can be easily associated with money laundering. Even gift cards are iffy, as online retailers like Amazon and PayPal have in the past rejected their use in online transactions. The retailers want to see REAL cards, with a real name, real mailing address, and usually something backing it up like a bank or an employer.

0
0
Charles 9
Silver badge

Re: Why don't they simply have a socketed ROM?

The seals are tamper-evident and only held by the manufacturer. You'd need an insider to have an identical seal.

0
0
Charles 9
Silver badge

Re: Why not ask the l33t h4x0rs

Problem is, if a hack's traced back to them, THEY foot the bill.

0
0

SOHOpeless Seagate NAS boxen become malware distributors

Charles 9
Silver badge

Re: It is a really stupid idea for most people to make any SOHO device internet visible.

It may be stupid, but it's what the customers demand, so you can't win. If you don't do it, you don't get any business and someone else just rises up and fills the demand, hook or crook. As a comedian once said, "You can't fix Stupid."

0
0
Charles 9
Silver badge

If I recall, that's one reason PBS channels started encoding time signals in their VBI area, so that stuff like VCRs could set themselves. Because let's face it, setting the time was similar to setting a digital watch.

1
0

VW Dieselgate engineer sings like a canary: Entire design team was in on it – not just a few bad apples, allegedly

Charles 9
Silver badge

He was trying to get away with it. But now that that's not an option, he opted to spill first.

3
0
Charles 9
Silver badge

Re: They couldn't —but they did

"It's a balance.

Fast.

Clean.

Efficient.

Pick any two.

They have it run fast+efficient on the road, and clean+efficient in the test room. By greatly reducing power output."

But now the standards are trending towards "All or Nothing, toot sweet" because of all the competing and justified demands. Clean because of pollution (eg. asthma) concerns, efficient because the cost of fossil fuels is trending up again (plus the matter of being reliant on unreliable foreign powers), fast because it won't sell otherwise plus you can also say this goes to range--they want enough of a tank so it can go a couple hundred miles at a fill.

0
0

Peccant pwners post 670,000 Pokémon punter MD5 passwords

Charles 9
Silver badge

Re: @Lee, They DARE to give password advice?!?!

"But it all comes down to one's own personal perceived risk assessment and, as always, a balance between the risks and the inconvenience of any measures to mitigate those risks"

But sometimes those concerns can hit extremes. Take my earlier example: a very bad memory. I mean bad enough that "correcthorsebatterystaple" turns into "donkeyenginepaperclipwrong" the following day. I personally know people whose memory is just that bad, yet they're expected to use the Internet.

0
0
Charles 9
Silver badge

Except then you're vulnerable to LOCAL hacking, especially by the janitorial crew and the like. It seems you can't win. You either get hacked locally, hacked remotely, or hacked by both at the same time.

And lastly, I've known people who tried to remember things by writing down notes...only to forget the notes.

2
0
Charles 9
Silver badge

So what do you do if you have a bad memory and no place to store a password safe?

0
0

Read the damning dossier on the security stupidity that let China ransack OPM's systems

Charles 9
Silver badge

Re: In hindsight and foresight

And then you just end up with worse and a shoestring budget.

0
0

Come in HTTP, your time is up: Google Chrome to shame leaky non-HTTPS sites from January

Charles 9
Silver badge

Re: Unsupported browser

And here's another angle. They could just ALTER the content to their pleasing (and your DISpleasing) and there'd be nothing you could do to stop it because it's outside your scope. Again, that was something the Chinese Cannon did, and who's to say no one else could do it? Remember, anything in the clear is like a postcard, and what's to stop ANYONE along the chain SWITCHING the postcard?

0
1
Charles 9
Silver badge

Re: Unsupported browser

Although I use it myself, I also note that it's not the leanest app out there; my device at least has the specs to run it smoothly. For those with bottom-of-the-line phones, this may prove too cumbersome to use.

0
0
Charles 9
Silver badge

Re: @Charles 9 Chinese Cannon

"Do you execute untrusted code (which could be malware) from a http protocol site? I doubt it. If it were https, a lot of people would think it's legit and code would be executed."

One, it doesn't have to be code; it could be a direct HTML exploit that has no code in it whatsoever, like a malformed CSS exploit (and CSS is standard in HTML 4+). Two, it can be one of the MANY sites where local script execution is REQUIRED for the site to function (an AJAX setup, for example, JavaScript is the J). And it's too late to say ditch JavaScript and go back to the bad ol' days because consumers expect faster feedback on their actions (especially for time-sensitive stuff like eBay).

We are rapidly descending into a DTA world where we need a way to stop even the edge routers from sniffing in (because they could be controlled by a repressive state).

0
0
Charles 9
Silver badge

Re: @Charles 9 Chinese Cannon

"It's a theoretical attack in the same sense as saying it would be terrible if a hacker was able to put a USB stick loaded with malware in a computer at a nuclear power plant control room. Given that it requires physical access to the room, if somebody can access it, you've got much bigger security issues than that USB stick."

Given this is the likely avenue of Stuxnet, which if you'll recall jumped an airgap, I wouldn't necessarily call that theoretical.

"If it's inline, it would also need to point at the same domain and I would need to be able to download it using exactly the same route, so the MitM attack would need to intercept all traffic, not just inject the link to malware."

The key is to to inject the malware--INLINE--straight into the HTML so it doesn't HAVE to go outside its domain to pwn your connection. Once you're pwned, it can do whatever the damn well it pleases.

0
0
Charles 9
Silver badge

Re: Unsupported browser

But what if you get targeted for something like Chinese Cannon, which doesn't require physical presence (it can be done MitM)?

0
3
Charles 9
Silver badge

Re: Nope

EVERYTHING needs SSL. Don't Trust Anyone. ANYTHING in the clear can be messed with.

1
3
Charles 9
Silver badge

Re: This is proper and important step and I hope other browsers will do the same

"HTTP simply wasn't built for this -- it was devised to be one-way only. Two-way communication was strictly e-mail, Usenet, IRC, FTP or telnet, followed by transport layer security for them."

That's basically saying THE INTERNET wasn't built for this, and it wasn't. It wasn't built on the basis of DIStrust, and there's not much you can really do about it since you can do the same with ANY protocol out there. HTTP is simply the protocol de facto; given how the Internet works, you can do the same with ANY protocol, secured or not, with the right resources, since true attestation is impossible. Indeed, given the resources of states to be able to legally compel any private organization within its borders, we have to assume true attestation cannot be achieved full stop. Sovereignty trumps everything in that regard.

IOW, there's no turning back. We can't even go back to the Sears catalog since the State is also savvy enough to impersonate Sears...or anyone else they have to, for that matter.

0
0
Charles 9
Silver badge

Re: @Charles 9 Chinese Cannon

"I won't accept cross-site side loading, so the malware doesn't get displayed or executed."

It wouldn't be cross-site but inline. And you can't MitM HTTPS without the certificate's private section, in which case like you said you're beyond screwed. Hopefully, though, safeguarding that should be easier to do.

0
1
Charles 9
Silver badge

Re: Many sites have no need at all for HTTPS

Oh? What if it gets MitM'd by something like the Chinese Cannon? The content is irrelevant: only that it's in the clear and therefore can be injected with malware on the fly.

0
4
Charles 9
Silver badge

Re: This is proper and important step and I hope other browsers will do the same

"But the reality is that most webmasters of small sites will not implement a cert and as others have mentioned, Chrome will become the boy who cried wolf."

So what happens when webmasters find their sites are being shunned because they don't use HTTPS? Doesn't this become a "sink or swim" situation?

1
1
Charles 9
Silver badge

Re: Fuck Google and the Adsense Whore they rode in on.

Two words: Chinese Cannon. Silent HTTP Switcheroonies WILL be weaponized in the future.

2
1

Sony wins case over pre-installed Windows software

Charles 9
Silver badge

Re: Economic Behavior Of Consumers

It's what's known as a Vicious Cycle. Mircosoft totally dominates the end-user OS so software makers concentrate on that OS (because the return isn't there for alternatives anymore), which reinforces the decision to stick with Windows, and so on. And since there's money involved throughout the cycle, normal business sense makes the cycle self-reinforcing.

2
0
Charles 9
Silver badge

Re: Is there some point missing ?

No, removing the OS (on your own, easy enough) is neutral because last I checked you don't have to pay for the privilege of formatting your drive. And since Linux only sets you back a spare USB drive, that's a negligible cost as well.

0
1
Charles 9
Silver badge

Re: Is there some point missing ?

Actually, the bottom line means they paid YOU for the license. The laptop is cheaper WITH it than WITHOUT it. It's like this kind of oddity: five-stick packs of gum are 4/$1. Meanwhile, a 15-stick big pack costs $1.50. Guess what? You can pay 50 cents less but still get 5 more sticks. That's kinda what's happening. Which means you might as well get the bundled laptop. No one's forcing you to actually USE it. It's not like Microsoft will show up at your door and demand their subsidy back. You win, and the dealer doesn't care (since they'll have receipts and can get their subsidy regardless of what you do). In fact, the loser here would be Microsoft ponying up for something you don't use.

1
1
Charles 9
Silver badge

Re: Simple

He's saying take the subsidized laptop (which because of the subsidy has a lower bottom-line than a bare laptop) and simply remove the OS from it. The dealer wouldn't care (they get paid as long as it's sold). Only Microsoft would lose because they pay out for an unused OS and no metrics.

3
0
Charles 9
Silver badge

Re: "without pre-installed software"

For example, Broadcom WiFi and modem chips, both of which require proprietary firmware that's only supported in Windows. Since they've practically cornered the market for these uses on laptops, finding one with a chipset that works in Linux is a crapshoot.

0
7

Printers now the least-secure things on the internet

Charles 9
Silver badge

Re: Great product idea?

"And the other key thing that is missing is some kind of accreditation for routers where an independent company audits the devices for the ability to do what they should do, and nothing more. Best of luck getting that off the ground :-)"

Correct, because there's no such thing as a truly-independent auditor that couldn't be influenced in some way by a big company with deep pockets or simply the whims of their sovereign ruler.

0
0
Charles 9
Silver badge

Re: Great product idea?

"But this presupposes you have a reliable router, not one that has firmware that constantly re-enables features you thought you'd disabled. They are expensive..."

...which means your idea is dead in the water. You have to make something that's not only turnkey-simple enough for Joe Stupid to not mess up, but they have to be able to actually afford it.

0
0
Charles 9
Silver badge

Re: Insidious

"Presumably to confirm that you are using 3rd party toner and invalidating the warranty ; avoiding the usual trick of removing the original toner catridges and then putting them back if a fault appears."

And there are those that simply don't care because the printer is secondhand and without warranty anyway. Next thing you'll know they'll add some new requirement that'll let them prevent resale of all existing printers...

0
0
Charles 9
Silver badge

Re: Product upgrade time

"hand wash your clothes, Build you own, Laundromats, refurbish older machines.... and on and on and on (pun intended)."

Handwashing means giving up a precious day (of work or leisure) every week, laundromats will be Big Brother posts, and few have the skills to roll their own, especially since water and electricity are tricky things when in close proximity. As for old machines, they can make a law that mandates connected devices AND render old devices not legal for resale.

0
0
Charles 9
Silver badge

Re: I wouldn't connect it to the Internet

"This is where legislation is needed. It should be enshrined in law that any consumer device that does not require internet connectivity to perform its core function should be able to work without internet connectivity."

Then it's game over because the manufacturers have the legislators' ears. The law will go the other way and mandate internet connections for public safety issues (say an appliance catches fire while you're away, just to list an excuse), with all non-connected device not legal for resale.

2
0
Charles 9
Silver badge

"It will phone home to tell the manufacturer what products you use so they can profile you for targeted advertising on the inbuilt screen."

Honest question. How will the refrigerator know what I put in and take out of it? It's not like it has a laser scanning net inside the door, which probably won't work anyway if the barcode's stripped off or turned face-down or whatever...

0
0

EU court: Linking to pirated stuff doesn't breach copyright... except when it does

Charles 9
Silver badge

Now you're making an argument. Something a computer can process on its own to lead you into trouble is one thing (there's the possibility it happens without your direct action), but if it's just a plaintext, then you've made it the equivalent of the address scibbled on a slip of paper (now human interaction IS required).

0
0
Charles 9
Silver badge

"Perhaps if companies stopped wasting time and resources on rubbish like this and actually concentrated on hammering the infringer, this question wouldn't arise. After all, if there's no pirate copy, there's nothing to link to. Duh."

HOW? When sovereignty gets in the way? Take FileFactory, which is based in Hong Kong, which is in turn part of China, who probably couldn't give a rodent's rear end about whether or not it's infringing on content from rival powers.

0
0
Charles 9
Silver badge

Re: And the worst part..

"The party who truly violated copyrights, those who put those pictures online in the first place, are fully ignored."

Sometimes, it's not so much that as they're protected by foreign powers. The international nature of the Internet means this tends to happen more often.

0
0

IBM lifts lid, unleashes Linux-based x86 killer on unsuspecting world

Charles 9
Silver badge

Re: Awesome

"It's for when you print a document which is designed to be put in a ring binder which has tabbed dividers to allow sections to be found quickly."

I thought so.

In layman's terms, they want sections to always start on a right-hand page. When printed out under normal duplexing, right-hand pages are always odd. "Intentionally blank" pages are always even (left-hand) and would be covered by the divider when someone picks up the tab and flips it.

1
0

When you've paid the ransom but you don't get your data back

Charles 9
Silver badge

"In my view everyone who uses a computer should be trained in general security, how to spot these emails and made to sign a waiver saying that if an infection is proven to come from them they pay the ransom if no other method of recovery is available. Also stop USB drive usage, documents can easily be transferred using cloud storage (free accounts for personal use) so there should be no need to ever have to plug one in."

But what if the one who made the mistake is an executive or some other "over your head" position? As for USB storage, the cloud's not trusted for confidential data and is inefficient for large transfers (because one end or the other could be metered or on allowance).

0
0
Charles 9
Silver badge

"They're worried about being fined for data lose or because the data is highly confidential? I'd argue that the ransomware encrypted data is now considerably safer than it obviously was in their hands to begin with!"

Not if copies get passed off to the bad guys as well. They'd know the key so would be able to decrypt them (or they can be passed in the clear before they were encrypted).

0
0

Forums