* Posts by Charles 9

6887 posts • joined 10 Jun 2009

Florida U boffins think they've defeated all ransomware

Charles 9
Silver badge

Re: For what it's worth

"Speaking as someone who has been called upon to fix friend's PCs, I sometime think it would be nice if every consumer PC sold came with external HDDs and an image back up system by default. :)"

Two problems with that approach.

One, sleeper infections exist that stay quiet for a while so as to get themselves INTO backups, meaning restoring the backup just gets you infected again (since you probably won't know which files contain the payload and a smart one will hide in multiple locations, including WITHIN legitimate programs).

Two, you overestimate the intelligence of the average computer user. Given an external hard drive, they'll probably find some way to break or usurp it. Didn't the late Terry Pratchett write once that if there was an End of the World button, the paint wouldn't even have time to dry?

0
0
Charles 9
Silver badge

Re: Next gen ransomware

"However, I still think the best approach is one where user programs don't get direct access to the files, they request a server and there should then be a means for the server to verify the requesting program - cryptowhatnot doesn't get the ability to read and write your spreadsheet and it's not the recognised client to get the server to do that for it."

All you do then is switch the target from the program to the server. What man can create on a computer, man can usurp.

0
0
Charles 9
Silver badge

And what if it's an OFFLINE machine?

0
0

Smartphones aren't tiny PCs, but that's how we use them in the West

Charles 9
Silver badge

"What's not clear in all this is how the system guards against fake codes. I take it there must be some dynamic element in generating the code."

Probably by way of a one-time code. The phone sends the code to the bank, the store reads the barcode and sends that information along, the bank lines it up, and gives the OK to the store.

1
0
Charles 9
Silver badge

Re: unique

"Moreover card payments are usually made over interoperable networks using common standards."

But in China, the standards don't exist, cards are easily FAKED, and they don't use Chips. Meanwhile, ANYONE who is is anyone has a phone there. So pulling out the phone is no big shakes for them as they usually have it on hand ANYWAY.

2
0
Charles 9
Silver badge

Re: Barcode Scanner on Play or FDroid

Funny, I happen to have a Symbol (Motorola) barcode scanner normally seen at POS units and so on. It seems to handle barcodes more readily than the Android Barcode Scanner. Pull the trigger, and it usually gets it in under a second as long as it has a reasonable line of sight to the target, doesn't even have to wait to focus. Plus unlike the Android scanner, it seems to comprehend light-on-dark barcodes as easily as the standard dark-on-light.

0
0
Charles 9
Silver badge

Re: It boils down to the Chinese writing...

"If their ability to pay for things depends on it, they'll know..."

Don't be so sure. Some people can't remember a PIN to save their lives, which is why they eventually fall back on cash...which means they get left out of cashless environments.

0
0
Charles 9
Silver badge

Re: Advantage of QR over NFC

"Crims can steal from NFC bank cards 40cm away without you noticing until the bill arrives."

HOW when Android Pay and Apple Pay both require you to UNLOCK your phone first? And if my phone goes off but not the store's PIN Pad, that raises a red flag right there.

1
5
Charles 9
Silver badge

Re: Forward or backward?

Never thought of it that way. We westerners have it easy when it comes to e-communication because we only have to wrestle with about 40-60 symbols at a time depending on the nature of the conversation. Phone input systems can do 40-60 symbols easily enough. Several thousand? That's going to require a different approach.

0
0
Charles 9
Silver badge

I think most of that is taken up in the US by Google Wallet, PayPal, and similar systems, all of which have been in place for a while already.

Heck, even Walmart's recently taken up the mobile payment craze using QR Codes (through their app, so it isn't a URL IINM).

0
0
Charles 9
Silver badge

Re: I liked the BBC campaign...

These QR Codes work because they can be built with error codes that allows part of the barcode to be mangled and still be readable. If you see a barcode with a logo in the middle, it's relying on the error code to recover the spot the logo covers up.

0
0
Charles 9
Silver badge

Re: Paying for fuel

The US doesn't have such laws at present, but the fuel pumps here are leaning more towards NFC, especially with NFC payment on the rebound with Android and Apple Pay. Sonic Drive-In uses a numeric code combined with their app. When you want to pay by app, you punch the code (likely a one-time-use code coordinated with a central clearinghouse) in the app and the clearinghouse coordinates the purchase.

0
0
Charles 9
Silver badge

Re: Rubbish

For limited uses barcodes of all sorts can be used. 7-Eleven has a partnership with PayNearMe that lets people pay all sorts of bills (or even buy Greyhound bus tickets) using PayNearMe barcodes they just take to a nearby 7-Eleven. It can be printed or displayed on their phone.

And airlines are already using PDF417 2D barcodes on their boarding passes. People who check in online can print them out themselves.

2
0
Charles 9
Silver badge

Re: QR codes are a great way to point people at malmare

The most likely candidate for exploits in China is the State, and they don't need it since they control the phones in other ways...

2
0
Charles 9
Silver badge

Re: It boils down to the Chinese writing...

But how do you do two-factor security when many people are too stupid to KNOW anything?

2
1
Charles 9
Silver badge

Re: QR Codes are still around....

What's changed is that QR codes can be poisoned, so each one is viewed with at least some trepidation. The Chinese possess a level of trust in the system the west doesn't have. It all relies on a chain whereby a single link could cause real trouble if it's usurped (and it probably is, by the state, but most of them don't care).

51
0

EU operators’ 5G manifesto misses the point

Charles 9
Silver badge

But 2G still has its uses for low-power, low-data applications like embedded devices (IoT).

Anyway, my current beef is all this talk of priorities and so on. What happens in say a very crowded city when the spectrum gets saturated? Neutrality insists on equal time because otherwise people get left out which is unequal treatment of citizens and so on, whereas prioritization takes the capitalist approach, allowing those who can afford it to buy better access by shelling out more money. The MNO's are in the troublesome position of having to find a way to keep as many customers as possible and minimize defections but caught between Scylla and Charybdis in that, no matter what choices they make, they'll lose customers and money.

0
0

Kill Flash now. Or patch these 36 vulnerabilities. Your choice

Charles 9
Silver badge

Re: >> giving the update the "Priority 1" ranking

So how do you put food on the table then, especially when every other town is in the same boat AND they talk to each other?

0
0

SCADA malware caught infecting European energy company

Charles 9
Silver badge

Re: Impressive analysis, but infection vector not apparent

"Lock it down, secure it, get maintainence agreements including code fixes for the life time of the kit in the original contract when buying, take steps to establish a in house policy and responsibilities and delegation to keep it patched and integral but sticking it in a vm isn't going to help, especially as the next step would be to combine all of those windows machines into a single host, giving yet another vector for a sophsiticated attack to jump about sight unseen by any network probes.."

Um, who's got the budget for that who can get it past the accountants? Most higher-ups don't take a long view, especially if they have investors (also very short-sighted) to appease.

0
0
Charles 9
Silver badge

Re: A third tier AV company

When your basic infrastructure depends on a third party, who by default can never be completely trusted, you have a problem.

Problem is, EVERYTHING relies on trusting a third party. So what happens to civilization?

0
0
Charles 9
Silver badge

Re: Never as easy as it seems from an armchair

"This is why we need the law to step in and for security folks to draw up regulations, including things like operating in a VM as an essential attribute, otherwise no sale (and no insurance or license for a business which fails to follow the rules)."

But the vendors have more bribing power than the citizens. They can just lie and bribe anyone they need to swear by it. Or they can make themselves "too big to fail" as in if they go, so does a good chunk of the country.

1
0

In mourning for Nano, chap crafts 1k-loc text editor

Charles 9
Silver badge

Re: Single line?

"Bollox! A line is defined by the language and it's definition of EOL"

Bollock on the bollocks! If any form of text overflows the single line on display, then by definition it's not a single (as in ONE) line anymore. We'd never say that of text, code, or whatever, so I stand my ground. A single-line program is only such if it takes up no more than a single screen line; no ifs, ands, or buts.

10 PRINT "HELLO, WORLD!"

THAT is a single-line program.

0
0
Charles 9
Silver badge

Single line?

Horse hockey! I only call a program a single line if it occupies a single line on the screen: no overflowing or any of that garbage. Instead, we should be judging short-program lengths by character count, not line. Let's see people produce a complete game or utility when restricted to, what, 40 characters.

8
1

Linus Torvalds in sweary rant about punctuation in kernel comments

Charles 9
Silver badge

It wouldn't have to be THAT sophisticated. Syntax highlighters know the trick. You just have to be able to understand string demarcations as well as comment demarcations to realize you don't want to process those comment lines.

0
0
Charles 9
Silver badge

That's the style I use. I don't know how Linus would personally feel about it, but based on the examples, I don't think he'd be too annoyed with it. I think what ticked him off was poor formatting and poor consideration for editing in future. That style doesn't seem to trip those landmines.

0
0
Charles 9
Silver badge

Re: How do I get <tt> to work?

The counter is that you SHOULD be doing double-slash comments if they're inline like that. No right asterisk necessary anymore there.

0
0
Charles 9
Silver badge

Re: Change over time

"You can't deal with arrogant people politely. You have to tear them a new one, or they won't listen."

But you can't be TOO rude to them, either, or you make them retort, "Yeah, well $#$ YOU!" and then double down, making them even less receptive to change.

0
0
Charles 9
Silver badge

"For comments on lines of code, I prefer to use the double slash.

For block comments I generally have a slash followed by a line of asterisks, followed by one or more lines of text (no asterisks), followed by a line of asterisks ending in a slash. Separates the block visually, nice symmetry, easy to edit."

That's my style, too, and I tend to keep a certain structure. Each section of code (declarations, definitions, etc.) I use a simple block comment: Line, Section name in all caps, Line. Functions I use a detailed block quote that spells out what it's supposed to do, what goes in, what comes out.

And the reason I use lots of comments is because I realize different people think in different ways. The path of logic I took to get something done may not be the same one someone else uses, and as result following actual code can sometimes derail people simply due to different experiences. Since I've personally had to go through the act myself with someone else's sparsely-commented code, I can speak from experience; it can be a slog, and many of us have deadlines. So the inline comments act like breadcrumbs to map out the paths within functions like the blocks act as signposts to show goals and other things in a broader sense.

1
0
Charles 9
Silver badge

But as Woza noted, what if they start nesting? Plus the commenting techniques works better in editors with syntax highlighting since commenting the code will make it look obvious it's non-functional.

0
0
Charles 9
Silver badge

"A comment in assembler? There ain't no memory for comments in assembler!"

I would think comments IMPROVE the assembly process, since it can IGNORE any line that (IIRC) begins with a semicolon.

0
0

Bomb-disposal robot violently disposes of Dallas cop-killer gunman

Charles 9
Silver badge

Re: What is an assault weapon?

"A hunting rifle has a wood stock."

So you're saying the Remington Model 710 is not a hunting rifle, then? It has a synthetic stock. And McMillan produces synthetic aftermarket stocks for hunting rifles. Mostly in camo.

"An assault rifle stock is made of metal or plastic or composite."

An AK-47, the most infamous assault rifle, has a wood stuck (easier to acquire).

"According to FBI statistics, white males are shot 3 times more often than black males in total numbers."

According to THE SAME statistics, most males (regardless of race) get shot by one of the SAME race. AND a significant chunk of deaths due to firearms are from suicides.

0
1
Charles 9
Silver badge

Re: AC @YetAnotherLocksmith ... It makes sense, but...

"What doesn't help is that a significant number of police recruits in the USA are sociopaths and another significant number are psychologically unsuited to operation under pressure. These are not being weeded out during training and they're not removed when they show themselves as unsuitable for the job."

One question. How do you go about winnowing out the unfit if you don't have money to afford all the psych exams to do it since the public are bitching about taxes as it is (and the heavy weapons and vehicles are being subsidized by the Feds, so they're not paying the full bill for them)? That's always the $64M question as to why things aren't getting done: Where's the money, sonny?

0
1
Charles 9
Silver badge

Re: Texas Reg Reader Gives Context

"Nothing, nothing, no, not one single thing that anyone does, no matter how heinous, revokes their constitutional rights."

NO right known to man is absolute. Don't believe me? Read US v. Schenck and the concept of falsely shouting FIRE in a crowded theater. In this case, your rights end where another's begin. And taking several officers' inaliable right to life pretty much means you've crossed the Point of No Return.

1
1
Charles 9
Silver badge

Re: AC @YetAnotherLocksmith ... It makes sense, but...

"And a serious bomber will have a dead-man switch."

Unless he was still holding out on hope of getting away. In which case, he wouldn't cross the Point of No Return unless he was certain he was doomed. I'd have to look, but either they took him out before he could sense he was doomed, or they realized somehow he was bluffing.

0
1
Charles 9
Silver badge

Re: African Americans?

"That's because they are taught the wrong idea. Don't behave like you've been stopped by people sworn to protect you - behave like you've be held up at gunpoint by an irate bunch of ISIS thugs. Avoid being threatening in the slightest, avoid angering them in any way and you might just live another day."

Counterproductive. They've heard too many stories of their bros submitting and getting shot and killed ANYWAY. To them, submission means death, which puts them in "cornered mouse" territory with no choice but to resist; better the chance of death than the certainty.

1
1
Charles 9
Silver badge

Re: Hows the Robot?

A real trooper, actually. It survived and will probably be back in service soon.

0
0
Charles 9
Silver badge

Re: slight correction

You've never had to defend yourself during a riot, have you? I recall several shopkeepers packed these and machine pistols during the LA Riots of the 90's. Those stores tended to be the least looted in the aftermath.

1
2
Charles 9
Silver badge

Re: Additional options

"Very few assault rifles (full/burst/select fire) are in civilian hands, and effectively never used in crimes. A) the check-up for ownership is rather extensive, B) the availability is quite limited and prices very high."

But pre-1985 AK-47's are grandfathered and therefore legal to possess. Furthermore, due to them being so numerous (it and the simpler AK-M were a favorite export during the Cold War), a decent number of them end up on the black market. Weren't they the weapons of choice during the Hollywood Bank Robbery.

0
2
Charles 9
Silver badge

Re: Gunman murdered by the police?

"Kill him because a car park is more valuable than an innocent person's life? Because, you know, 'innocent until proven guilty'."

I got one for you: "Dead To Rights." The guy shot at cops and threatened to blow crap up. I'd need to consult Texas and federal statutes to be more precise, but by my reckoning that's two felonies (at lease one violent AND aggravated) AND an imminent threat of life. In most cops' books, that equals "all bets are off".

2
1
Charles 9
Silver badge

Re: AC @YetAnotherLocksmith ... It makes sense, but...

"So, we are afraid he will detonate a bomb, so we will send in a robot with a bomb and detonate it (to kill him), thereby risking the detonation of the bomb we are afraid of. This makes no sense whatsoever."

Actually, it makes perfect sense. No one arms a one-way bomb if they have the slightest hope of getting out alive. I suspect the attack was made before the perp crossed the Point of No Return. As long as the explosive isn't armed, the odds favored blowing up the perp before he DID arm it.

0
1
Charles 9
Silver badge

Re: All Lies By Law Enforcement

How can snipers get a sight on their target if he's holed up behind a wall? There was a time they had to wait out a crazed rifle-toting bastard for three days. Snipers couldn't get to him because he hid in the basement. Finally, he decides to charge at them, and THAT's when he got shot, wounded, and caught.

Thing was, in this case, the perp had made bomb threats, meaning attempting to charge in could've had explosive results, including potentially toppling the building.

1
2

Much more Moore's Law: Wonder-stuff graphene transistor trickery

Charles 9
Silver badge

Re: Except...

"All the time, just look at the generational changes in (for example) CPUs or GPUs. Or HDD technology, or NAND. But you're choosing not to notice?"

Yes, until I can actually SEE the technology face to face. GPUs and the like I can at least actually BUY. Why get all worked up on something that may not show up for years...if at all.. STREET release; THAT'S when I'll pay attention.

0
1
Charles 9
Silver badge

Except...

Except they haven't tried to do this in volume. How are you going to precisely cut the channels in the graphene? Make sure the nucleation doesn't leave holes or impurities, and so on?

This is nothing more than yet another "work in progress" article that whets our appetites but in the end leaves us hungry. When's one of these things actually going to hit mass production?

4
0

Kotkin on who made Trump and Brexit: Look in the mirror, it's you

Charles 9
Silver badge

Re: "lazy economics ... allow migration to give us economic growth"

"Democracy is a process of trial and error. It is (hopefully) self correcting because the majority can always change the rules if they get fed up."

Unfortunately, that's hopelessly naive. The idea overlooks the concept that the error may not be recoverable. For example, a charismatic closet dictator could charm the electorate to vote their rights away, allowing for either a forceful coup d'etat or (if they're smart) a slow boil such that the people don't realize they've lost the ability to "change the rules" as you put it.

2
0
Charles 9
Silver badge

Re: It ain't me

An interesting thought, yes, but it still raises the problem that elections bring up. Your typical person is not just stupid but too stupid to know he's stupid. What was that saying again? "A little knowledge can be dangerous." And now you want these "know-it-alls" to help deliberate long-term policy? This can't end well. Either they agree on something imbecilic, or the rare smart one in the group finds the charisma to steer them in the direction he or she wants. Before you go about this scheme, you should do something about the median level of education and skills first.

5
1

Wannabe Prime Minister Andrea Leadsom thinks all websites should be rated – just like movies

Charles 9
Silver badge

And this says nothing of the modern procedural web where content can be generated for any user on the fly, unique to each user. This makes rating pretty much impossible because no two viewers get the same thing.

PS. Looks like she ended up biting off more than she could chew. She's officially out which means a winner by default.

1
0
Charles 9
Silver badge

Re: Regression to the really mean

"The only safe internet is one with a single website. http://www.tellytubbies.co.uk/"

Even THAT one would be dangerous. Wasn't there a controversy as to why Tinky-Winky (a male) carried a purse?

4
0

Dad of student slain in Paris terror massacre sues Google, Twitter, Facebook for their 'material support' of ISIS

Charles 9
Silver badge

Re: obviously ...

"Not that such a lawsuit would wn either, but attacking Google et al. is like suing the road builders - without roads these terrorists could never have reached their destination."

Until they start using OFF-ROAD vehicles...

And before we go even further, let's not forget what made the Ho Chi Minh Trail so infamous; there was basically no way to wipe it out, as most of it was simple clearing trails full of people hauling more than arse on foot and bicycles (in neutral territory, even).

0
0
Charles 9
Silver badge

Re: Sue the US Government

EXCEPT there's this thing called "sovereign immunity," that is countries CAN'T be sued for their actions unless they LET themselves get sued. Otherwise, as the ultimate authority in their respective countries, what they do goes.

0
0

What's holding up Canada's internet?

Charles 9
Silver badge

Re: I really should stay out of this

That's easy for them to say. They only have to cover a space about the size of Illinois, and Japan is only about the size of California. Meanwhile, Canada is near the top of the list in terms of geography. It's bigger than the United States which has its own broadband difficulties (again, partially due to geography; running a high-speed line from New York to LA is tough).

0
0

Forums