* Posts by Charles 9

6625 posts • joined 10 Jun 2009

Kaspersky says air-gap industrial systems: why not baby monitors, too?

Charles 9
Silver badge

Re: Airgap: Impossible

"What about when the IoT is all about devices with their own built in 4G/LTE modems with its own IPv6 address? This is what worries me. I fear that there will come a day where all my appliances will be able to dial home irrespective of my WiFi set-up or outbound firewall rules. Personally, I may decide "To hell with the warranty" and open the device and remove or destroy the transceiver."

And the moment you do, the appliance will either (1) stop working altogether, forcing you to replace it out of warranty (since opening the appliance to break the radio voided it), or (2) the device emits all sorts of annoying sounds so as to draw attention to it.

Worse yet, this will likely become standard issue for all appliances in future. Maybe even require any appliance not broken up to be retrofitted before being resold, at which point we may well be on our way to either 1984 or the Stone Age, with no third option.

0
0

Samsung’s consumer IoT vision – stupid, desperate, creepy

Charles 9
Silver badge

Re: Why....just why?

"Now if you connect it up to anything is another totally different story indeed.

Will I? Nope. Not in a gazillion month of sundays."

Does the phrase "Whispernet" ring a bell? Next thing you'll know they'll find a way to communicate via neutral wires, making even Faraday cages useless.

1
0

Honor 7 – heir apparent to the mid-range Android crown

Charles 9
Silver badge

So you were comparing two different phones on the SAME network? Because if they're on different networks, tower placement (which differs from network to network) can make a difference, especially as you say when the terrain is hilly and prone to bouncing signals.

0
0
Charles 9
Silver badge

The RDS I think is a feature of the app rather than the radio, so you should be able to download an app with the capability.

But the lack of removable battery is a deal-breaker for me since I've had a plenty of cases of battery bulging and demand the ability to replace them easily by myself.

0
0
Charles 9
Silver badge

I don't think they actually charge you for it, simply put a hold on it. It'll look like the charge has been made, but it won't actually post until it's completed and the seller can still call it off without affecting your balance.

0
0

Chinese mobe market suffers pre-pwned Android pandemic

Charles 9
Silver badge

But none nearly so scare as a phone compromised pre-manufacture.

0
0
Charles 9
Silver badge

I'm surprised they haven't gone straight to the throat and inserted spyware in such a way they can't be removed because they're in read-only areas. Not just pre-pwnd, but pwn-locked.

1
0

At LAST: RC4 gets the stake through the heart

Charles 9
Silver badge

Re: Good luck, with some devices embedded management servers...

About the only way you can do that is to demonstrate to them that NOT replacing the million-quid piece of kit could result in, say, a TEN-MEEELION-quid cost, either as fines or as the result of a lawsuit.

5
1

Microsoft backports data slurp to Windows 7 and 8 via patches

Charles 9
Silver badge

Re: Hard-coded?

"I have client data on my machines. I have a responsibility, defined in NZ law and other places as well as a simple reasonable expectation by my clients to do the best I can to protect their data. Now I have to wonder how much extra work I should be doing - whereas I would often let them do updates in the past (sometimes a great way to fix corrupted files where all else fails) now I have to think a lot more about those updates and whether or not they could constitute a breach in privacy. And I have to make sure my co-workers are aware of the same issue. Do we risk a privacy lawsuit by allowing updates to run on a machine while it's in our possession?"

Do you risk a privacy lawsuit by NOT allowing updates to run and leaving a hole open by which a hacker can invade your system and pilfer your client files? Sounds like pick your poison to me, especially if the software required for your business can't be run on anything but Windows.

0
0
Charles 9
Silver badge

Re: But you never do.....

"Now you may get something come up to say that there are "restricted drivers" available for your machine. These are often from NVIDIA, and are still easily installed - just for some reason they can't be automatically installed (I've not cared enough to look further into this, I just know message comes up, I click "install the driver" and it's done). That may need a restart (seldom), so if you've used a USB it should be able to load the new drivers, if not or on DVD don't bother."

The main reason is because they're non-free and have strings attached. I think the condition is they have to be explicitly permitted by root in order to be legal, plus non-free stuff in a distro is frowned upon as it goes against the Linux copyleft philosophy.

"As to the programs, that's another issue. I've found many install quite well on WINE, and there's the likes of Play On Linux and other tools to get things going that don't. I cannot recall it atm but there's other WINE-like systems out there, one maybe named "Cross Over" (can another commentard help here please?) - try them and if they work you're done with MS, enjoy a life of peace and running machines rather than stress, multi-hour multi-gig updates (with 10billion restarts) just to make a few bytes of change to a friggin web browser!), and lots of breakage."

CrossOver is simply an advanced, supported implementation of WINE. That said, the newer the software (particularly games), the less likely it'll run via WINE. In particular, support for Direct X 10 and up is known to be flaky. Plus I've personally had issues with graphics support on Linux, running afoul of multiple X crashes and kernel panics.

0
0
Charles 9
Silver badge

Re: Charles 9

"Actually, speaking from significant hours of gaming (I need a 48" monitor now just so I can see it past my gut!), DirectX is the lower-performing graphics system in many cases. Certainly when I've compared games between Windows and running them on WINE, they tend to play a lot better on WINE on the same hardware. This isn't always the case, but then I haven't really tried for a while either so WINE could be much better today, and of course there's various other tools to make it easier to use."

If they're running faster on WINE, odds are it's because the WINE run is using less-intensive graphics settings than Windows. For example, support for DirectX 10 and up is known to be flaky with WINE, so to turn the phrase, "Can WINE run Crysis?" Answer: "Yes, but not as well as on Windows."

As for my personal experience, I used to play TF2 a lot, and I personally noted the Linux port was somewhat slower and flakier than the Windows version. Also, despite owning a pretty recent AMD graphics card, support could get flaky, and I've more than once had spontaneous X crashes and even panics, no matter what version of driver I used. So let's just say I've been around the block more than once, and each time left me wanting. This whole spyware bit has put me in a very uncomfortable position since I want to jump but risk losing too much. I'd be more inclined if Valve could push to increase Linux compatibility, but until then...

0
0
Charles 9
Silver badge

Re: Hard-coded?

No, I meant security updates, or would you rather be left wide open to the next thing the black hats reveal in Windows?

1
0
Charles 9
Silver badge

Re: Charles 9

Kinda late for that, don't you think? I've stopped buying games altogether yet I still have the issue of my existing library. And 20% doesn't even cover a fair chunk of my library. Come back when it's closer to 90% so I don't have to leave the vast majority of my game behind. And the games that tend to run on WINE tend to be older ones, not the cutting edge (which will soon include DX12 games with their close-to-metal coding).

6
0
Charles 9
Silver badge

Re: settings-win.data.microsoft.com.

"Maybe there will be an open source code that can be compiled to replace the MS supplied one shortly."

Given the low level, it's likely (1) kernel-level, and (2) signed. Meaning replacement files are a no-go.

0
0
Charles 9
Silver badge

Re: XP still looking attractive :)

But no security updates. How do you keep them from getting pwned over the network or by a stray USB insertion?

2
2
Charles 9
Silver badge

PeerBlock. Trouble is, the IP for the service also hosts other Microsoft Services. The concern is that Windows Update will be among them, meaning blocking the spyware also blocks the security fixes.

0
0
Charles 9
Silver badge

Re: So, settings-win.data.microsoft.com is hard-coded, eh ?

No, it'll just turn out to be an Andromeda Strain, meaning nuking it will only make it stronger...

0
0
Charles 9
Silver badge

Re: Hard-coded?

They do, but it's the same IP that hosts various Microsoft services, meaning you can't block at the IP level without collateral damage. And before you say, "Who needs them?" one of them could be Windows Update, which is the mechanism for pushing security updates.

1
0
Charles 9
Silver badge

Re: Escalate beyond the hosts file?

Plus the IPs they resolve to are the same ones that host most Microsoft-based services. Meaning you can't block it without collateral damage.

Can anyone see if Windows Update is among those services, meaning blocking the IP also blocks future security updates, meaning you're pwned either way?

0
0
Charles 9
Silver badge

Probably hard-coded into the kernel, which is of course below the network driver which is below the TCP/IP stack. Thus why you have to block it outside the PC, thus why they use the same IP as assorted other services, thus why you can't block it without collateral damage, thus why serious gamers are pretty much stuck since there's no real alternative to Windows there.

3
0
Charles 9
Silver badge

Re: No block through windows

It's pretty simple, really, and one I'm not too surprised to see:

The IP address 64.4.54.253 resolves to a pretty generic Microsoft domain (ns2.msft.net), which means it's probably used for a variety for its services.

Basically, this means you can't block it outside your PC without collateral damage. I wouldn't be too surprised if it's also the Windows Update IP, meaning security updates would get blocked, too.

8
0

Web giants gang up to take on MPEG LA, HEVC Advance with royalty-free streaming codec

Charles 9
Silver badge

Re: There will never be a royalty free codec

But you forget. The consortium has patents of their own (take Google and how they bought the company that developed the VP codec series). Meaning if a submarine patent does emerge, whatever they're using it on is likely to be in conflict with one of their patents, meaning attempting to attack the consortium risks a patent war in court, with the possible result of their patent being invalidated. That's probably one reason MPEG-LA stopped attacking Google over VP8: because Google got patents in the buyout, too, which could potentially snarl AVC.

0
0
Charles 9
Silver badge

"And yet Microsoft is a member of the Alliance for Open Media that is developing the new codec. Perhaps they also would like to be done with the need to pay royalties for patents that many think ought not to have been issued."

And yet Microsoft is part of MPEG-LA last I checked, meaning they get a cut of the proceeds.

7
1

Sorry, Californians, you can't have this: Asus to build WATER COOLED notebook

Charles 9
Silver badge

Re: What's water-cooled?

If it is an external GPU, meaning the water-cooling is confined to the dock unit, it'll be extremely interesting to know just how it connects to the laptop.

0
0

Wileyfox smartphones: SD card, no bloatware, Cyanogen, big battery – yes to all!

Charles 9
Silver badge

Re: QI charging and NFC?

"Every time I see a new device come out that doesn't have a type-C port on it, a little tear forms in the corner of my eye."

Well, you have to wait. Type C only got approved recently, and it takes a while (at least six months in my book, usually closer to a year) for something like this to reach critical mass.

0
0
Charles 9
Silver badge

Re: close, so close...

What about those external battery banks? Charge a 20Ah jobber and take it with you. No external power source, so there's no practical way for the airlines to block it.

0
0

In redneck heaven, internet outages are the American Way

Charles 9
Silver badge

Re: Er, that's actually a South Dakota/Minnesota billboard

Barely. Getting from Orange (east end) to El Paso (west end) in a single day requires fully exploiting the generous speed limits of I-10 and not planning much in the way of breaks in between.

0
0
Charles 9
Silver badge

Re: It's a sport....

Since we're talking a shotgun, then no odds are the shot falling back down isn't likely to be an issue. Recall we had this discussion a month ago when a man took a shotgun to an invading UAV. Since shot aren't on spiral trajectories, they'll just tumble back to the ground like comparably-sized gravel.

0
0
Charles 9
Silver badge

Re: @ Charles ...Spade fade

That depends on how tall the telephone pole is. If it's the normal 15-20 feet, then yeah well within range. But once you get to the taller 50-foot ones, then the scatter of the shot makes it a much less certain affair.

0
1
Charles 9
Silver badge

Re: Poorly thought out attempt at Bitcoins?

There are people in the south who are proud to call themselves rednecks. Otherwise, Jeff Foxworthy would never have gotten off the ground as a comic.

PS. I hope everyone realizes the term itself comes from the sunburn on the back of the necks of people who work outdoors all day.

1
1
Charles 9
Silver badge

Re: Spade fade

No, spade fade exists in the US, too. We try to discourage it by posting notices of calling for underground utility markings before commencing digging. What the article describes is best described as "Redneck Celebratory Collateral Damage".

But I'm a little surprised the shot from a shotgun actually managed to sever (or nearly sever) an overhead fiber-optic cable. Either the cable was not that high off the ground, the shotgun was of a particularly large bore, or it was literally a million-to-one shot.

3
0

Mac malware has a neat trick to install itself on OS X fans' machines

Charles 9
Silver badge

Re: Here have an analogy

And therefore they're the ones who get the money and stay in business. No one cares what's under the bonnet even if it kills them. You can't win.

0
0
Charles 9
Silver badge

Re: Here have an analogy

Why? Because people are asking for them and threatening to go elsewhere if the seller can't deliver. What can you do when you're dependent on customers who demand the moon?

0
0

T-Mobile US CEO calls his subscribers thieves, gripes about 'unlimited' limited tethering

Charles 9
Silver badge

Re: Daft

What's the difference between running a BitTorrent client on a PC piggybacking on a mobile tether and a BitTorrent client running directly on the phone?

What's the difference between a heavy YouTube/Netflix/etc. watcher using his PC tethered to a mobile and a heavy video watcher using his HD tablet that has a SIM?

0
0
Charles 9
Silver badge

Re: So..

Well, two can play that game if push comes to shove. I'm sure someone would love to be the one who represents the clients who put bell cellular to heel and therefore would be willing to work on contingency.

0
0

Canned laughter for Canadians selling cans of air at $15 a pop

Charles 9
Silver badge

Re: Seriously ! 35 comments

Honest, never heard of it, but I AM familiar with Mel Brooks' Spaceballs, which was the first thing noted in the comments and the first thing to spring to my mind. Something about sneaking in a can of pure, fresh air is both macabre and amusing.

0
0
Charles 9
Silver badge

Re: Old news

First thing that sprang to my mind, too.

2
0

The Honor's a defo gamechanger, but good luck buying one

Charles 9
Silver badge

Re: They've staked a claim on my money...

That's known in credit parlance as a hold. Gas pumps are best known for it. Basically, they tell the credit company they're calling dibs and to reserve the amount until the transaction goes through, at which point it officially posts. It's not all bad, though. If it falls through, it's easy enough for them to rescind the hold.

1
0

OS X remote malware strikes Thunderbolt, hops hard drive swaps

Charles 9
Silver badge

Re: Doh!

"It wouldn't be fool-proof, but it would prevent firmware malware from being downloaded an installed on the sly."

But then you get caught between a rock and a hard place. If the firmware can't be rewritten, odds are an undetectable bug (that require perhaps a rare but distinct liminality condition) will come along that gets exploited. And if it CAN be updated, odds are social engineering and a famous Douglas Adams quote will undermine any safeguards you try to put on it.

0
0

Dropbox DROPS BOX as service GOES TITSUP worldwide

Charles 9
Silver badge

Even if it's midday?

1
0

Linux Foundation releases PARANOID internal infosec guide

Charles 9
Silver badge

Why all the magnetic treatment if you're gonna burn a hard drive, given that heat (especially intense heat like a thermite fire) affects magnetics, too?

4
0

Associated Press sues FBI for impersonating its site to install spyware

Charles 9
Silver badge

Re: Wider Issues

But then why don't they press for a ban on police impersonating journalists as well, which has happened in real life, particularly in hostage situations where the hostage-taker is in it for the press coverage?

1
0

Google robo-car suffers brain freeze after seeing hipster cyclist

Charles 9
Silver badge

"both vehicles 'cut' the turn and let the other vehicle pass 'on the wrong side'. I'd expect 'interesting' things would occur if one driver each picked a different method..."

I think most traffic codes prescribe the latter method, as this has the practical consideration that neither car has to cross the other's path, meaning each can proceed at his/her own pace.

0
0

Spaniard claims WWII WAR HERO pigeon code crack. Explain please

Charles 9
Silver badge

No, the true strength of the one-time pad is that it's literally impossible to determine the actual message without foreknowledge of it. The reason being a properly-used OTP cipher can actually be deciphered into ANY message of the same or shorter length. The ONLY determining factor in OTP is the pad itself.

2
0
Charles 9
Silver badge

Re: IP over Avian Carriers RFC 1149

Bandwidth, yes, but what about reliability? The pigeon, for example, could go astray or end up shot down or caught by a bird of prey or a cat. The bicycle or car could get caught in a traffic jam or, worse, crash.

0
0
Charles 9
Silver badge

"Are "book" codes easy to crack? The ones where each end uses an agreed edition of a common book and the coding references a word/letter by page, paragraph, line, word/letter offset numbers."

It depends on how the book is kept. If it's based on something you have to carry with you, if you're caught they can use the book in your possession to try to decipher the code. Things that are too common (like newspapers) are also risky as the enemy may well have one of these and will try it as a matter of course.

0
0

The Onion Router is being cut up and making security pros cry

Charles 9
Silver badge

Re: Hodge-podge report, much?

Thing is, we don't know exactly what the US government is capable of in their black projects, and something like this they would take GREAT pains to keep secrets much as they did with the F-117 and SR-71 back during the Cold War. And we know they can tap undersea cables in situ with help from a submarine.

0
0

Security for those who know they can't win the security war

Charles 9
Silver badge

Re: That 2 year sentence thing for not giving up your password

"But is the private key actual evidence? I'm not talking about wiping the encrypted data, just removing the ability to decrypt it."

IIRC, enablers, like keys to a locked safe, DO count as evidence since they count as leads much like a witness testimony can provide a lead to other evidence. Destroying the lead denies access to the other evidence, so the charge is usually destruction of evidence.

"Some form of HSM that only works if unlocked within a specific time frame for example?"

Like I said, plods are savvy to time bombs so will image the entire system and keep them in a system where the time stays within a narrow range of the point of confiscation.

0
0

Malware menaces poison ads as Google, Yahoo! look away

Charles 9
Silver badge

Re: It's not a software problem

Or they'll just move their operations out of the jurisdictions of these punitive districts. Ah, the beauty of the global village...

0
0
Charles 9
Silver badge

Re: Try getting this plan past the accountants

"Apparently, to get accountants to approve this plan, all you'll need to do is show them the trend in ad-blocking software."

But that still won't appease the legal department, who could justify the additional expenses to keep it "Not Our Problem". The only way you can convince the legal department is to prove to them they can't keep the problem away from their desks no matter what they do, but lawyers are trained to prevents this.

"You nuke the problem from orbit. It's the only way to be sure."

That's assuming your problem is an Alien-type problem and not an Andromeda Strain (where nuking would only make it worse).

0
0

Forums