* Posts by Charles 9

4495 posts • joined 10 Jun 2009

SHOCK! US House swats trolls, passes patent 'extortion' bill

Charles 9
Silver badge

Re: Double edged sword

"The aim behind this is to prevent Patents from being unusable because the holder refuses to hand out licenses - and in some cases that can go on for decades - effectively blocking any forward progress for mankind as a whole."

Isn't that the "ND" part of "FRAND": Non-Discriminatory? It could also apply to the "F" part: Fair.

0
0
Charles 9
Silver badge

Re: Might work...

I thought America had been first to file for over a century. Isn't that how Bell won the patent for the telephone: by beating a simultaneous inventor to file by about three hours?

0
0
Charles 9
Silver badge

Re: @Charles 9

"If you think this is worthy of patent protection rather than copyright you are siding with Oracle in their spat with Google regarding the Android Java affair. As a developer my choice is copyright (which doesn't preclude FOSS) and never patents for software."

I'm with NEITHER side. My side is that patents for software and the like should exist BUT that patent terms should be relative to the industry in which they apply. And for the software industry, lifecycles are short, so make the patents short as well (my current throught is three years--long enough to get some value out of it, not long enough to really abuse or troll it). If you don't allow for the truly novel to be worthwhile, especially in this day and age, then nothing truly novel will appear. Patent law is meant to act as both stick AND carrot.

2
8
Charles 9
Silver badge

Re: It was promising...

"It also doesn't help in situations where a patent troll company with deep pockets takes a small software company to court, for example Uniloc suing every just about Android developer and their grandmothers too."

Thing is, if I'm reading this right, the trolls can't go after these developers if the code in question was not theirs by design. IOW, they'd have to take it to the originator of the offending code, and if it's in the Android base, that's probably Google...a company with some of the deepest pockets in the IT world, a company that was able to hold the dreaded MPEG-LA to a stalemate.

3
0
Charles 9
Silver badge

Re: End software patents, everywhere, immediately.

Some form of software patent MUST exist somewhere because copyright is not enough to protect a TECHNIQUE which can be defeated with a clean-room copy (remember how Compaq cloned the IBM BIOS). BTW, people can get around a software patent by burning the code into a chip, turning it into HARDware instead. No, the main issue is the short lifecycle length of the computer industry. A more reasonable solution would be that software patents only be granted for very short lengths, say three years.

3
9

Must try HARDER, infosec lads: We're RUBBISH at killing ZOMBIES

Charles 9
Silver badge

No, because the malware writers are savvy enough to keep such a mechanism to an extreme minimum. Usually, the self-destruct is self-triggered upon the malware detecting a honeypot or VM (to prevent analysis) and can't be rigged remotely. The botherders want to make sure as many bots remain intact as long as possible.

0
0
Charles 9
Silver badge

Re: I'm reminded of a story about the tunnels of Viet Nam...

"That's why you have to establish a tight perimeter first, otherwise it does not work."

But what happens when you discover part of the perimeter is, for one reason or another, UNREACHABLE? Like how the Cong kept some routes into neighboring (and neutral) Laos? Like how many of the malware writers are located in countries with less-than-favorable relations to the West?

0
0
Charles 9
Silver badge

Re: I'm reminded of a story about the tunnels of Viet Nam...

That third group then must've been fortunate to not have their perimeter undermined because ONE tunnel snaking PAST their perimeter would've ruined their effort: not only providing an escape path for those underground but also creating a potential ambush point for anyone who dared to go down: possibly creating a line breach for a combined over/underground assault.

That's the same thing you have now with these malware writers. They know the underground better than anyone so know all the routes they can take: some of them the InfoSec people may not even be aware (or even capable of addressing--consider havens in anti-Western countries). How does the West combat a botnet that's secretly being funded by radical Muslims or the Chinese or someone else who may not be inclined to cooperate?

0
0
Charles 9
Silver badge

Re: Learn what an algorith is

Have you considered the idea that botnet designers KNOW about the possibility of decompilation and take steps AGAINST it using such things as self-modifying code, code obfuscation, and remote download of payloads that then only reside in memory (and more of them know how to root and thus block access to its own code; plus they're becoming VM-aware)?

3
0

Lightning strikes USB bosses: Next-gen jacks will be REVERSIBLE

Charles 9
Silver badge

Re: still crap, try harder

Five. Two for the voltage (remember, the bus can need power irrespective of data), two for the data, and one for the shield.

And it's the shield that's the hard part. In order for the plug to be electrically safe, THAT has to be connected first AND stay connected while the rest of the pins are connected. Oh, and since we have POWERED pins, we might also want to make sure the wrong pins don't touch each other. Got anyway to achieve that besides a parallel insertion?

1
0
Charles 9
Silver badge

Because trying to plug it in the DARK (with no access to light) is a common enough scenario. So is trying to plug in a confined space where you can't see your hand (think back of a PC that can't be moved). Eyes can help you sod all here. Not to mention it discriminates against the BLIND. So you really need a standard that is capable of being plugged in by touch alone and forgiving enough that one need not know which way is up (because EITHER way can be up).

And before anyone chimes in with round, please direct me to such an orientation-neutral connector that (a) ensures the ground is connected first and stays connected before any data pins connect, (b) is small enough to fit in a device less than 1cm thick), and (c) provides enough pins to transmit data at USB3 speeds.

1
0
Charles 9
Silver badge

OK. Try it IN THE DARK. Or in confined spaces. Or with cables without enough label embossing for usable tactile feedback. Plus some devices have the SOCKET upside-down (like my GS4), probably because the socket got installed to the UNDERside of the circuit board.

Put it this way. USB is simple, just not simple ENOUGH. It's been determined to have practicality problems in blind or otherwise compromised installations. They need the installation procedure to be even simpler than what they have now.

2
0

Two million TERRIBLE PASSWORDS stolen by malware attackers

Charles 9
Silver badge

Re: Random passwords for the masses!

Just because a dictionary attack doesn't do it NOW doesn't mean they won't add it in in the future. Much as dictionary attacks now handle chains of words to deal with "correcthorsebatterystaple", soon they'll be savvy enough to try literary initialisms such as "Iwtbot,iwtwot." Especially with help from an e-book library where the text can be extracted.

Plus it doesn't address the main issue: too many sites, not enough memory. Now you have to know which book you pulled the password from and what line from what page. Plus what if you lose the book or someone else (within your local circle) figures out your mnemonic?

0
0
Charles 9
Silver badge

Re: Just because 12345 is the combination for your luggage

12345? That's amazing! I put the same combination on my luggage!

But SERIOUSLY, remembering the password IS an issue just as big as having it stolen which is why it creates a second, competing barrier to passwords: you need one that's hard enough to guess but not SO hard you can't recall it. Think of it like having a ring full of keys. If time is pressing, could you retrieve the one key you need quickly enough? And if you use anything to help differentiate the keys, then someone who STEALS the keys can use those mnemonics, too. And key vaults only help if you're in known systems. What if you MUST login on a new or otherwise unknown device where the key vault can't be retrieved?

Sometimes I wonder if we should try to develop something better than passwords because, let's face it, people's memory can be flakey, but what alternatives are out there that can tick all the boxes?

1
0

PC market staging a RECOVERY. (Only joking, it's through the floor)

Charles 9
Silver badge

Re: Lets try to look at the facts @Denarius

"I suggest that you take your Android tablet, attach a OTG USB cable to a small USB hub, and plug a proper keyboard and mouse in."

But that presents a problem of its own. Under almost all circumstances, using USB OTG prevents you from charging the device (as they both need the same port). Not to mention attaching an OTG device usually means more power draw (Yes, you propose a self-powered hub, but that's exception to the rule).

Also, the size of the tablet can have an effect on the practicality of the idea. A 10-incher, OK, but a 7-incher can be a bit small for the job, especially if it's a cheapo tab with only a 480x800 resolution.

0
0
Charles 9
Silver badge

Re: Lets try to look at the facts

Actually, Android adopted MTP because you didn't have to unmount the storage on the host to use it (USB requires this in UMS), and since many Android apps expect the storage to be there, it presented crash risks.

1
0
Charles 9
Silver badge

Re: Only to be expected....

"Sales are more likely to come in bursts, as far as corporate purchases go, during the next 5 - 10 years. Mainly machines being replaced as they go out of warranty more than because they are under spec."

And even that's iffy if the math supports extended service plans vs. replacements.

0
0
Charles 9
Silver badge

Re: How many are waiting for Windows 8 to be "retired"?

"Consumers had 3 years of the option to replace XP with Win7."

If you were early enough, the privilege was pretty cheap. I preordered a copy of 7 Home Premium and it only set me back $49. Although I use Xubuntu now, I still have the disc; I could go back if need be. And since 7 offered enhanced graphics and sound support for newer systems (vs. XP), not to mention the 64-bit support (spotty on XP, only really hit mainstream with Vista), there was at least some impetus to jump from XP, especially if the price was low enough (which as I said, it was).

0
0

Solar enthusiasts rays idea of 'leccy farms on MOON, drones

Charles 9
Silver badge

Re: Heard better..

The moon may always face the earth, yes, but the Earth rotates under the moon approximately once per day (it's off by about 1/28th in one direction--forget just which way; does the moon orbit with or against the Earth's rotation?). So there's still the matter of aiming a beam back down to Earth (and with that, the inherent risk of mishap--or worse, sabotage).

0
0
Charles 9
Silver badge

Re: All of the above is true with the proviso...

It also probably helped there was a very concrete goal in mind when canals and later railroads were built. In both cases, the main goal was speedier commerce: moving more stuff at a time at a faster rate than one could before overland.

But then again, think back to the great age of sail. Who underwrote most of those transoceanic voyages? As has been said, once you have the basics down, private enterprise can build upon them, but when you're trekking into the great unknown, where the goal itself, let along its attainment, was anything but certain, you probably need backing from an entity for which money isn't the first priority.

0
0
Charles 9
Silver badge

Re: Store the energy @fpx

Saying eight hours makes me think all of these solar-powered aircraft were flying widdershins (east, against the sun), producing shorter day-night cycles. I wonder if anyone's built one with enough lasting power to fly sunwise (west, with the sun): longer days but longer nights, too.

0
0
Charles 9
Silver badge

Re: not rocket science

"I think you'll find that Desertec's plan used solar thermal, which is an efficient way to harvest all of the solar spectrum by heating a working fluid to high temperature and hence drive a pretty conventional steam turbine."

Can you point to a study that supports this? I would think the "thermal" in solar thermal implies that the energy absorption would be concentrated on the low end of the spectrum (particularly in the red to microwave ranges--this includes infrared, the wavelength we most commonly associate with heat). What happens to the higher frequencies like green, blue, violet, and ultraviolet?

0
0
Charles 9
Silver badge

Re: where the cost of delivering heavy equipment and maintaining it is minimal

"Moondust is just as bad as desert sand, but it's still a lot easier to maintain in a desert."

At least the moon has no atmosphere and therefore no WIND. Sand by itself doesn't do much until air picks it up. It's not sand that raises the maintenance costs but sandSTORMS.

0
0
Charles 9
Silver badge

Re: not rocket science

Ivanph is in the desert, too, and is solar-thermal. Thing is, despite its size (5.5 sq. mi.), it's estimated to only provide enough power for just over 1% of California's homes, to say nothing of big energy sinks like heavy industry (and let's not start on industries like aluminum smelting which specifically requires lots of electricity due to the smelting techniques involved---at least steel smelting can use non-electric sources).

0
0
Charles 9
Silver badge

"Now, I'm the first to say governments everywhere are the single most inefficient organized bodies on the planet, but they are also the best suited to absorbing the costs of huge programs that benefit all of society. It's actually what governments are designed to do, gather resources and redistribute them where the greatest good can be had. I am not saying they currently redistribute those resources the best way, but programs like this is what they're structured to do."

Put it this way. There are some things you can't trust the private sector to do right because money isn't the right motivation (at best, it distracts; at worst, it actually interferes). That's why I don't trust the private sector when it comes to medicine. This is one industry where the money angle interferes with the greater goal of improving health (think treatment regimens vs. permanent cures/vaccines).

4
0
Charles 9
Silver badge

Re: not rocket science

"Current solar cells in a clear sunny location near the equator can generate at least a kWh per square metre per day. A square kilometres of panels can generate a terawatt hour per day."

I would like to know where you obtain these figures. Because I have a counterpoint.

Ivanpah is the largest solar plant in the world, at 5.5 square miles. It's about to come online. And note this plant is solar-thermal (using molten salts) so actually CAN still generate electricity at night unlike photovoltaics. It's rated generation is 392MW, enough to power about 150,000 California homes (thing is, California is the most populous state in America--over 12 MILLION homes alone). So may I ask where you numbers come from? And how is night accounted for?

2
0

French court: Google, Microsoft en ami must say 'au revoir' to pirates

Charles 9
Silver badge
FAIL

Aw come on, government types. Why don't you come out and say what you REALLY want: a government-approved Internet whitelist so that you can go to these addresses and ONLY these addresses?

10
0

Sceptic-bait E-Cat COLD FUSION generator goes on sale for $US1.5m

Charles 9
Silver badge

Re: Don't stand too close

PV is one of the few that doesn't require use of a turban to generate electricity. Then again, its efficiency also stinks compared to modern turbines.

In any event, aren't some plants finding ways to harness the waste heat more productively?

0
0
Charles 9
Silver badge

Re: Why the scepticism?!

Because by actually taking money for an actual device but not delivering, he would be legally on the hook for fraud. No, what he wants is to draw in more "R&D" bucks which he can then launder.

8
0

Meet the BlackBerry wizardry that created its 'better Android than Android'

Charles 9
Silver badge

Re: "It doesn't mean that QNX is necessarily more secure"

Only because formal verification is very complicated, and even then the formal verification only applies to specific compilations/implementations like that for SEL4.

0
0
Charles 9
Silver badge

Re: Well done guys, plenty of overtime coming up

I would think it will start happening sooner than that. Android 4.4 KitKat introduces the new Android Runtime (ART). The big feature of ART is precompiling Dalvik apps upon installation. Seems a bit rough around the edges, but it definitely shows where they're going.

3
0

Got a NAKED Jelly Bean Samsung S4 or HTC One? Maybe it's time for a KitKat

Charles 9
Silver badge

Re: No update on Galaxy Nexus

Most of the security issues fall to the apps, which DO get updated routinely outside the OS update cycle. When was the last time a security hole was found in the Android kernel or other base functions?

4
0
Charles 9
Silver badge

Re: Kit-Kat rules

4.4 has been making the rounds in various custom ROMs. It IS rather snappier thanks to the new Android Runtime; but there have been some teething issues as well. I've been thinking about flashing to it myself, but I think I'll have to wait until those kinks get worked out.

2
0

Vint Cerf: 'Privacy may be an ANOMALY, now over'. And it's no secret I think that

Charles 9
Silver badge

If not, there were always the bards and troubadours, who made it a living to pass on the "news" (read: gossip) they learned along the way.

0
0
Charles 9
Silver badge

Re: Do not buy stuff from adverts

They're not that dense. And the advertisers' job is to, to coin a phrase from an ad, "make the fish bite even when they're not hungry." They've made it their art form for over a century, and they're MASTERS of persistence. If they don't get you one way, they'll work another way until they get a hook (and they WILL get a hook eventually--it's what makes spam worthwhile after all). Sooner or later, they'll make a deal you just CAN'T resist because it hits something that makes you snap it up before it's gone (like a deal on something for the wife or kids just in time for Christmas). And that's all they need to get started.

0
0
Charles 9
Silver badge

Re: The Fix

We've ALREADY had a number of high-profile dumps. Celebrities either live with the risks or eschew the Internet, and frankly those ARE your two options.

0
0
Charles 9
Silver badge

Re: EMails are anomalies

Post and bulletin boards, shopping trips, and newspapers (with their classified advertisements) served a similar function for centuries. And all could be observed to enough of an extent that things could be gleaned from your habits.

0
1
Charles 9
Silver badge

Re: Hate to say this

Which means we're in the delicate part of the revolution: the part where we start learning of the unintended consequences. Think the big push for insecticides...until we learned the side effects of stuff like DDT...

0
0
Charles 9
Silver badge

Re: Turn the debil off ...

Until you get tagged by an IP match, a "cookie" matcher (or other thing that can track stuff you can't erase), some other clever bugger that figures out your fake IP or login is connected to your REAL one.

To maintain a fake identity on the Internet for any length of time pretty much requires using a completely different computer on a different IP address. And even then, an uber-clever matching program may start making inferences based on one's grammar style or other kinds of long-standing habits that are hard to think about, let alone break.

2
0
Charles 9
Silver badge

Re: ""Privacy may be an anomaly.""

"Once I have convinced you that resistance is futile and I will do whatever I want with you I have already won.

Don't believe the BS."

You assume it's BS. Thing is, for the most part, it's not. We've really become the Global VILLAGE (And I mean that in the sense of a small, tightly-knit community that can easily tell who's doing what. IOW, Villages have no expectation of privacy).

If convincing you that resistance is futile is a winning condition, then actually achieving the state that what you want is inevitable must be a condition of never losing. You're holding the royal flush, the ace of trumps. Until the game changes, no one's going to knock you off the top.

1
1

Berners-Lee: 'Growing tide of surveillance' is destroying the internet

Charles 9
Silver badge

Re: Proposed solution?

1. Overhead's a bitch. Try running a Freenet node for a few weeks and see how little useful traffic you get for the bandwidth allotment.

2. You forget about pwning the endpoints. IOW, the plods can always go AROUND the encryption.

0
0

TrueCrypt audit project founder: 'We've set our sights high'

Charles 9
Silver badge

Re: Still a problem for non-techies

"People are always going to be surprised by the unexpected. One way to minimize this is to expect more. Generating a random or strong pseudo random salt for every encryption you do is just good practice. Worst case it is a trivial bit of extra work for nothing. We are at a bit of an impass because you obviously can't see how compromised salts can be an issue and I am unable to see how they could not be."

Not necessarily. That's what contingency planning is all about. The thing is to plan for

But back to the thing about key sizes. In the real world, the key size hits realms of diminishing returns, plus there are issues of bandwidth and storage limitations AND they don't account for all possible avenues of attack like insiders or pwning. Ultimately, security is a risk assessment. Since perfect security is impossible, even WITH a one-time-pad, it becomes an exercise in just how far one is willing to go to be secure. At some point you hit the sweet spot where beyond that you reach diminishing returns: where it's more effort than it's worth in trying to thwart your attack (such as in making the key large enough or quantum-resistant, the adversary switches to the new path of least resistance).

That's why practical secrets like Formula X (the Coca-Cola recipe) or the WD-40 oil ratios aren't kept in electronic form at all. It's kept by a very small inner circle who performs the mixing in a black box--ingredients go in, the desired product goes out. Even then one could learn some things (at least a maximum) from the ingredients that go in, but they probably don't use everything and intentionally waste some things to throw off the trail. But that's the kind of risk assessment they made with this system.

As for the multiple sources issue, that goes back to the Trent problem. If ONE source can be compromised, how can one be certain they're not ALL compromised? Particularly by using the one compromised source to reach out to all the rest like a plague?

0
0

Lavabit founder: Feds ORDERED email providers to stay open

Charles 9
Silver badge

Re: O Rly...?

Except THEIR services ARE under government mandate AND described as "life-saving". Providing a secure e-mail service doesn't have a direct effect on whether people live or die. Stopping a shooter, putting out a fire, or rushing a heart attack victim to the hospital DOES. Meanwhile, history has shown that private companies in such a service can "go mafia" and start protection rackets (once upon a time, fire services were private until THAT bit), so they made most life-saving services answerable to the government and thus the people.

Oh, and before you thing it went over my head...(Reveals the cricket ball that tried to go over his head, only it's too torn up to be worth using). I'm not responding to sarcasm but to BAD sarcasm that can easily be taken seriously.

2
0
Charles 9
Silver badge

Re: For Starters: USENET

You could do the same thing with a chan-type webpage where anyone can post a message without any kind of header information. Then the page is just downloaded wholesale.

Thing is, what about those with bandwidth restrictions? Trying to obfuscate your message has a price, and unlike with a Times advertisement that price may not be affordable to the paranoid.

And going back to trust, there's also the potential paranoia of the state, one of the most powerful and resourceful agencies around, cooperating or subverting OTHER states and creating a kind of MiniLuv that can subvert enough of a trust system (even a key exchange) to still be able to figure you out.

0
0

Arm-wave bye BYE! Apple grabs Kinect flail-sensor maker for $345m

Charles 9
Silver badge

Re: Apple Telly

Jobs' widow may have the largest individual share, but I suspect the MAJORITY of the shares are held by types who would see things the media firms' way and thus vote to secure their content behind as many walls as they can. As Disney has itself proved, keeping a good chunk of their stuff locked up makes people clamor when they DO come out those rare times. BY stirring up excitement in rotations, they can actually draw repeat business out of a one-time thing. When it comes to 4K, I'm pretty sure Disney and the other movie companies want to get it right the first (and only) time. Who cares if the customers get ticked at the hoop-jumping; too many aren't bright enough to see the hoops for what they are: enough to keep business going. It's 1 smart vote against 10 stupid votes; stupid wins.

0
0

Eat our dust, spinning rust: In 5 years, it'll be all flash all the time

Charles 9
Silver badge

Re: Speed (bandwidth)? Or acceleration (latency)?

"If your Internet commerce business model really does involve never knowing what (large) pieces of data your clients will instantly need from anywhere in your single-tier all-flash storage setup, I hope that they're paying well for the service..."

As I recall, Google (one of those businesses who DOES have a "no stale data" issue) rolls their own.

0
0

POWER SOURCE that might END humanity's PROBLEMS: A step forward

Charles 9
Silver badge

Re: Fusion for energy

Such as?

NOTE: I've already noted the big problem with aneutronic fusion--higher energy requirements--so I'm honestly skeptical. Let's see some HONEST innovations, complete with their benefits and drawbacks vs. the tokamak or whatever.

0
0

No woman, no drive: Saddo hackers lob Android nasty at Saudi women's rights campaign

Charles 9
Silver badge

I'm rather surprised the malware didn't take their work to its logical conclusion: request network or GPS location and text the phone's location to the authorities as the location of a conspirator.

0
0

Bitcoin price SOARS after US SENATE hearing on 'legit' currency

Charles 9
Silver badge

The thing is, all the Bitcoin identities are hashes, meaning they're like Swiss bank account numbers. They need to attach names to those hashes.

Having said that, there are services like Coinbase that work within the confines of the law in that regard. They treat Bitcoin like a foreign currency which has a well-established set of rules, practices, and regulations, and they keep records for tax purposes. If Bitcoin exchanges behaved like Coinbase or equivalent, then I don't think the US Government will be too concerned.

1
0

Infosec bods scorn card-swiping Coin over security fears

Charles 9
Silver badge

Re: Dead stupid, but might still be adopted

Easy? I daresay the only way you'll get something like that through is by CRISIS. And given the type of crisis that'll take, I shudder as the collateral damage.

0
0

Forums