* Posts by Charles 9

6646 posts • joined 10 Jun 2009

Samsung says micro-sats could blanket the world with Internet

Charles 9
Silver badge

Re: Radio is so 20th century

Actually, you'd think what they want is masers (substitute light for microwave). Thing is, tight-beam communications on mobile bases suffer a huge drawback: the need for steering.

0
0

Cisco network kit warning: Watch out for malware in the firmware

Charles 9
Silver badge

Re: Holy *crap*

Actually, there's NO better way. It's like with the front door. If someone steals or copies your keys, you're screwed. As long as there are criteria for SOMEONE to get in, someone else can mimic that someone enough to pass the criteria also.

3
1

Rise up against Oracle class stupidity and join the infosec strike

Charles 9
Silver badge

Re: It can't happen to us...

"The fact that they chose to ignore the warning is purely indicative of stupidity, payola, incompetence or whatever but, now that the FBI, Department of Defense and others actually have had their fingerprint database stolen, how confident do you think they will be in the next snake oil salesman?"

Probably just as confident as they were last time. The people making the decisions now probably weren't the ones who made the decision when the fingerprint scanners appeared, have been lulled into complacency, and will willingly make the same mistakes again, banking on persistence paying off before insanity hits.

1
0
Charles 9
Silver badge

Re: Easy to bitch about other people's work

But in each and every one of those scenarios, there's something between the IT and the life involved. Since IT is mostly nonphysical, it's hard to DIRECTLY pin the blame on the IT to the point the average joe has no recourse but to blame it and nothing in between.

0
0
Charles 9
Silver badge

Re: Be careful out there kids....

"You mean something like this?"

Even that's going to be shaky. See, with IT you're mostly dealing with virtual, non-physical things. There's always at least one degree of separation between IT and your life. In this case, faulty compilation, not a flaw in the code itself, was the primary problem. It could also be one of a hundred other things between the code and the life that proves the linchpin. Yet it has to be that DIRECT connection that will make people pay direct attention to the actual code enough to make it matter.

0
0
Charles 9
Silver badge

Re: Nice idea

"That worldview is fucking appalling."

It's also the only one THAT ACTUALLY WORKS. Welcome to Reality. Why else has no other beast on Earth tried what we're doing?

"Jesus H mother of goddamned donkeyfucking christ, what the hell happened to us that we've forgotten so much, so fast?"

We've come to the realization that, in the final analysis, it's every man for himself. Nice guys finish last, and if you don't pass on to the next generation, you might as well be whizzing in the wind...

1
0
Charles 9
Silver badge

"If my country follows, it too won't be fit to call civilized either."

So what happens when ALL the countries fall down the slippery slope? Are you willing to say then that civilization as a whole is a failed experiment against the baser instincts of humanity?

0
0
Charles 9
Silver badge

Re: RE: In civilized countries

"suitcases of campaign contributions" - BZZZT!

You broke what wasn't broken. That's just the carrot. You forgot the stick of, "Do what we demand or we'll take our business (and our taxes) someplace friendlier to us!" How else do you think oil companies can get such generous tax terms except because 10% of something is better than 100% of nothing?

0
0
Charles 9
Silver badge

And I disagree on the disagree. It's happening EVERYWHERE; you just don't see enough of it on your side yet, but it HAS happened, it IS happening, and it WILL happen, inevitably, to every civilization you see. Yours just may not be that far along, but it will be soon enough.

0
0
Charles 9
Silver badge

Re: Nice idea

If "Following Orders" is the only way to put food on the table, ethics kind of takes second priority.

2
0
Charles 9
Silver badge

Re: Be careful out there kids....

"We probably need a large scale disaster, like Seveso in Europe that lead to the EU Seveso Directive for chemical plants safety"

People won't pay attention until their lives are in danger. Think of all the regulations that are in place in other industries. Nearly all of them came about because someone DIED or was SERIOUSLY HURT as a result. It's about the only motivator that matters. But since IT deals primarily with virtual, non-physical matters, it's going to take something truly extraordinary to pin IT on a death.

2
0
Charles 9
Silver badge

A civilized shithole, and the inevitable result of civilization if history is any indication.

0
0
Charles 9
Silver badge

Re: Nice idea

"Or maybe you just want to wait until the price of individual selfishness and cowardice on behalf of developers is measured in bodies."

About the only way you'll make people care is when you can directly pin security faults and so on to people dying. That's what it took to mandate seatbelts and airbags, recall cars with explosive gas tanks and ground faulty airplanes. Nothing less will do.

2
0
Charles 9
Silver badge

"Engineering in civilized countries functions this way. It's time to apply this to development, and IT in general."

But in really civilized countries, the executives have the legislature's ear with carrots and sticks, blocking such efforts. What then?

0
0
Charles 9
Silver badge

Re: "I know where your personal details went "

"Or, perhaps: "which corporation has leaked or sold your personal information today?""

What happens when the answer comes back, "ALL of them", and you're faced with a desperate need to put food on the table? Principles are tough to defend when you're starving...

2
0

Patching a fragmented, Stagefrightened Android isn't easy

Charles 9
Silver badge

Re: A general problem

And if they sell direct to international customers over the Internet?

0
0
Charles 9
Silver badge

Re: Bright side

"Fit for Purpose" laws can trump contracts, even ones with "No Liability" clauses.

3
0
Charles 9
Silver badge

Re: "it needs to push carriers to push over-the-air updates promptly after fixes become available."

It's more than that because of the automatic negotiation and the fact they can tie it to your existing number: something IIRC SIP can't do.

0
0
Charles 9
Silver badge
Meh

And yet it was the only way to make inroads against the iPhone, since only a company like Apple (with its uniquely sirenesque appeal) could actually usurp the control from the carriers. Everyone else (Google included), the carriers could impose "take it or leave it" conditions. And if Google left it, they'd be conceding the phone market to Apple, which to them was unacceptable. So what do you do?

Besides, the core of Android (where the fault lies) is open-source, meaning anyone can make forks of it (like Amazon has done). Once someone rolls their own, it's basically out of your hands.

2
0
Charles 9
Silver badge

Re: A general problem

"You could make the phone suppliers responsible for any reasonable loses due to known but unpatched bugs for, say, 5 years after the product was last sold."

And how do you do that when the manufacturers are located in countries that simply don't care?

0
0
Charles 9
Silver badge

Hard to say. BB10 is supposed to have QNX under the hood which is normally hardened against exploits, but it's still manmade. About the only reason it and Sailfish don't make headlines are their abysmally-low takeup rates. Much like how MacOS and Linux usually didn't get as much attention by the hackers until recently.

1
0
Charles 9
Silver badge

Re: "it needs to push carriers to push over-the-air updates promptly after fixes become available."

There can be A LOT of under-the-bonnet changes to the baseline Android core to make a manufacturer's unique features run. Take Samsung's TouchWiz. They added quite a bit to the standard Android. In particular, the WiFi Calling that keeps me on T-Mobile is inseparable with TouchWiz on a Samsung phone. AIUI it's the same across the board; the only phones that do T-Mobile WiFi Calling all have custom UIs where the feature is baked in. It must be baked in pretty deep as in over two years since the likes of the S4 have been released, no one's been able to disentangle the feature and add it to an AOSP-based UI.

2
0
Charles 9
Silver badge

Re: A general problem

That'll never happen. With the car example, people were KILLED as a DIRECT result of the flaws. You'll never be able to pin the same thing on a phone and therefore can never make the risk great enough to require overriding oversight (which in turn gets pushed back by privacy concerns).

4
0

ICANN chairman loses mind over his domain-name privacy shakeup

Charles 9
Silver badge

Re: Another Option?

"Can the computer be programmed to follow some simple rules that mimic the ICANN processes? Can the software that the computer uses be perfectly open and verifiable at any time by any interested party?

Isn't it time we stop giving responsibility to humans that have naturally human foibles?"

Only one problem. Computers are programmed by humans (if not, you have a RotM scenario). They can sneak stuff behind the scenes and hide the secret code from prying eyes. Think the rogue compiler or rogue hardware scenario.

0
0
Charles 9
Silver badge

Re: You beat me to it

"...is there really much evidence that we could do worse than ICANN without actively working at it?"

Ever heard the phrase, "the worst thing there is with the exception of everything else"? There's a distinct chance, given the bureaucratically-charged power-grabbing atmosphere, that this is the least worst possibility on offer. Anything truly beneficial will never be backed, and anything that will be backed will be corrupt as Hell. So what's your choice?

5
0
Charles 9
Silver badge

Re: Another Option?

Unless the solution that appears is even worse. And to top it all off, if anything other than ICANN were to take over, the end result may be a fracturing of the Internet standards. After all, if the US loses control of the Internet standards, might there be a mad power grab in the vacuum left in its wake?

0
0

Apple and Google are KILLING KIDS with encryption, whine lawyers

Charles 9
Silver badge
Alert

Sense goes out the window when an existential threat looms. And as far as many people are concern, they ARE under existential threat...

0
0
Charles 9
Silver badge

Re: Munitions

Yes, but the restriction was lifted when foreign encryption standards outside of US control caught up, making the whole exercise meaningless.

2
0
Charles 9
Silver badge
Alert

You'd have thought they'd have banned them and box cutters already after 9/11. After all, there we have concrete proof of it being used to kill thousands of lives in a single day. Metal detectors, meet ceramic knives. Even with hardened cockpit doors, all that's needed is one slip during one of the pilot's snack or meal breaks and BOOM! the setup for 9/11 part two!

PS. And if that fails, there's always the dildo bomb (INSIDE a kinky woman; won't find it with anything short of a strip search) filled with homemade ANFO (like Oklahoma City). Good luck trying to stop a truly determined adversary from using things we need everyday to ruin civilization.

3
1
Charles 9
Silver badge
Childcatcher

Re: Whose Crime?

(Could only choose one icon; using this one in sarcasm; bear with me)

But the moment you invoke children and the future, then all bets are off, no holds are barred, no search is unreasonable. Which means the search is within the law. After all, without children, where will our country be in a few decades?

2
0

Random numbers aren't, says infosec boffin

Charles 9
Silver badge

Re: "Take my vehicle's radio"

"Actually, in practice FY needs space equivalent to the total size of the collection in quite a few cases unless you're happy with the increased cost of memoising the swaps and losing the O(1) property (that would be a total no-no in crypto apps where side channel attacks need considering)."

I was talking in terms of a simple music playlist, in which case the playlist is a separate array from the actual table of music files (stored separately), which makes sense if you want to customize the playback in other ways. With the Modern Fisher-Yates Shuffle, you alter the playlist in situ by going down the list in order (direction doesn't matter) and swapping each entry you come across with any of the ones after it. All you need is one placeholder to hold values during swapping, nothing else. And it's O(1) space, O(n) time, and uses no floating points, so it's something any processor capable of MP3 playback should be able to do.

1
0
Charles 9
Silver badge

Re: RNGs

"The basic rule is that PRNGs are all but useless for anything other than toy applications. Even the best ones are subject to predictability, if one had enough data and knows the algorithm being used (and, one has to believe that there are organizations out there that can reverse engineer the hardware/software being used)."

So you're basically saying Cryptographically-Secure PRNGs (CSPRNGs) is basically a misnomer? Even if it were to be re-seeded in relatively short periods with numbers from a hardware RNG?

2
0
Charles 9
Silver badge

Re: "Take my vehicle's radio"

"However, what you want most of the time is a shuffle, not a random!"

But a shuffle (list randomization) isn't that difficult either. A Modern Fisher–Yates shuffle is iterative and needs no more space than the playlist itself. The only limiting factor is the RNG.

0
0
Charles 9
Silver badge

Re: Anyone know whether Simtec is alive or dead?

Overwhelmed, last I heard. There's a comparable product called the TrueRNG on the market now that seems to have plenty on hand and is competitively priced.

0
0
Charles 9
Silver badge

I've always been curious as to why the Linux kernel entropy pool is (AFAIK) normally capped at 4096 bits even in a world where there is an increasing need for good random numbers (which /dev/urandom can't always provide).

1
0

Intel left a fascinating security flaw in its chips for 16 years – here's how to exploit it

Charles 9
Silver badge

Re: Just goes to show..

Wanna bet they can STILL access it by specially tuned microwaves and then get the password out of you with rubber hoses?

2
0

Meet OneRNG: a fully-open entropy generator for a paranoid age

Charles 9
Silver badge

Re: Infinite Loop?

The radio chip probably takes a cue or two from the avalanche diode, which is known to be random but IINM isn't as quick.

0
0

Telstra's Netflix downloads get EVEN SLOWER

Charles 9
Silver badge

But net streams are more compressed than disc streams. I think for SD streaming 2Mbit/sec is a safe bet while IINM Netflix says you need 15Mbit/sec for HD.

0
0

Death to DRM, we'll kill it in a decade, chants EFF

Charles 9
Silver badge

Re: When does Privacy become DRM

It's very much like guns, in that the very thing you need to defend yourself in a world of minutes away when seconds count is also the very thing that can start a massacre. It's part and parcel, inseparable. The only thing that determines its ultimate role is the holder, and it's AFAWK impossible to determine how the holder will use it before the deed is already done.

IOW, it's a "dual use" technology, with both sides being able to go to uncomfortable extremes. Knowledge of the atom is another extreme one (atomic power = GOOD, atomic bombs = BAD). And it's hard to perform a risk assessment because of those extremes; we can't see far enough into those extremes to be able to balance it out against human uncertainty.

3
0
Charles 9
Silver badge

Re: People slowly realise how much of a problem it is

Wouldn't that just cause transnationals to bail out of the EU and avoid the sovereign reach? Barring a treaty, one country isn't able to tell another country what to do, and in situations such as these, there will usually be one country willing to cheat.

0
3

Sane people, I BEG you: Stop the software defined moronocalypse

Charles 9
Silver badge

Re: Is there a standard to aspire to?

"It always amazes me how certain types of management always think that timing is everything - so they'll happily release utter crap, so long as it releases on time. I've yet to meet a customer who's been pleased to accept a steaming pile of turds on the appointed day..."

Then again, that may be considered preferred to not having anything at all on the deadline. As they say, 10% of something is better than 100% of nothing. Plus, one has to figure competition into the equation. If the competition plans to release a competing product around the same time, then the deadline becomes hard because, in many cases, first in wins as people grab the first product to meet their needs. Once that happens, the market disappears and a miss is as good as a mile.

0
0
Charles 9
Silver badge

But if the unit tests are thorough enough, it shouldn't matter what each unit gets so long as they all handle bad stuff cleanly (that's why unit testing should include stuff like munging and testing for sabotage), then the whole integrated unit should be sound unless you're saying the integration introduces some kind of gestalt element that no amount of individual testing can anticipate.

0
0
Charles 9
Silver badge

Re: Is there a standard to aspire to?

About the only standard we have for code is the formal proof of security, and that has an extremely narrow scope (the one example that pops to mind, SeL4, has the issue that the formal proof is only valid in the absence of any DMA devices, including video) and is so hard to perform that it's only practical for very small projects (SeL4 is a microkernel, which as said before isn't useful for everyone).

0
0
Charles 9
Silver badge

Re: Might take a while

But then who gets the axe? Such complicated projects tend to have so many developers, usually working across each other, that assigning blame is going to be an exercise in futility. And you can't do a blanket execution because that would catch innocents in the crossfire, making the work too risky to undertake. IOW, go too draconian and you'll soon find yourself without developers.

0
0
Charles 9
Silver badge

Re: As my father-in-law always said

While this may be true, the consequences of going astray are usually far less severe for a drunk pedestrian than for a drunk driver. Drunks on foot are rarely in a condition to adversely affect other people in contrast to one commanding a one-tonne rolling mass of metal.

5
0

All hail Ikabai-Sital! Destroyer of worlds and mender of toilets

Charles 9
Silver badge

Re: Remove the seal! To return to IT.

""Nice try, but that's the only thing we check ..."

FTFY."

Nope, that neglects to check the front for cracks, the removeable drives to make sure they work, and any other misses. The sticker may be there to detect internal tampering, but they're still obligated to field returns for external defects, so anything obvious gets sent back to the line to be repaired.

0
0
Charles 9
Silver badge

Re: To return to IT.

"Sod the warranty seal. If you've bought it, it's your property, and you can do what you damn well want with the thing."

Sod you back. What you describe carries the caveat that if you monkey with stuff you're not supposed to, you're on your own. IOW, if it's YOUR property, it's no longer THEIR businesses to help you. Warranties normally DO NOT cover mishandling.

2
1
Charles 9
Silver badge

Re: Remove the seal! To return to IT.

"They must have forgotten to put the seal on"

I'm surprised they didn't counter with, "Nice try, but that's the first thing we check before we box the things. Those stickers save us some serious money."

4
0

Perhaps middle-aged blokes SHOULDN'T try 34-hour-long road trips

Charles 9
Silver badge

Re: NZ and territories

"I once got pinged for using a motorway onramp to overtake, there being three vehicles driving persistently side by side in the three lanes for some km. My offence, apparently, was changing lane from a proper motorway lane onto the onramp -- not the overtaking itself."

That sounds a lot like a version of overtaking on the left since you're not supposed to pull into an onramp; only entering traffic should be on it. And I think they'd get you for the same if you tried the same stunt on an offramp, on the belief that pulling into one indicates an irreversible intent to leave the motorway.

1
0
Charles 9
Silver badge

Re: NZ and territories

Many American jurisdictions also make it a moderate offense to "pass on the right" (the American version of Britain's "overtaking on the left"). Now, just what the "right" means can differ. Some just don't want you to use the shoulder as a passing lane; others are stricter and want you ONLY to pass on the left, enforcing a fast-to-slow progression from median to shoulder. Usually, stricter passing areas use signs to indicate this.

0
0

Forums