* Posts by Charles 9

7147 posts • joined 10 Jun 2009

Confirmed: How to stop Windows 10 forcing itself onto PCs – your essential guide

Charles 9
Silver badge

And then you get hit with a drive-by. BAM! There goes your idea of "being careful". I mean, what if El Reg gets hit with a drive-by, especially on one of its internal (read: won't be filtered) ads?

0
0
Charles 9
Silver badge

Re: Ahh! Registry hacking! Of course.

I do keep the CLI in mind, even in Windows. In fact, I've become pretty adept at Batch Files and VBScript automation, because few things beat batch files for...well, batch operations, doing similar things to numerous files at a time.

1
0
Charles 9
Silver badge

Re: Paying for Windows 10 after July

"World + Dog: "Linux after August! (Whoopee!)""

Later...

"Where's my Fallout 4?!"

Gamers: "Back to Windows in September...and this time for a fee!"

0
1
Charles 9
Silver badge

Plus what about all the NEW games that come along like Fallout 4? I'd love to leave Windows, but let's face it. For serious PC gaming, there's no alternative. Even with Valve's serious push, most games released on Steam (especially the headliners) are Windows-ONLY.

And no, WINE will not save us:

https://www.vg247.com/2015/11/14/steamos-vs-windows-games-benchmark/

0
2

How hard can it be to kick terrorists off the web? Tech bosses, US govt bods thrash it out

Charles 9
Silver badge

If the people have lost trust in the intelligence agencies, how come they're STILL the agency called upon to keep crazies from blowing up the country? Sounds like hypocrisy to me.

2
21

American cable giants go bananas after FCC slams broadband rollout

Charles 9
Silver badge

Re: Free Internet

So what happens when there's a war or disaster and all the power gets cut. Tablets and networks don't work without electricity. And no too long ago, my neighborhood got blacked out for NINE DAYS by a mild hurricane. Say what you will about books, but physical media still needs to exist as a backup, capable of being used with nothing but manpower.

1
0
Charles 9
Silver badge

Re: A serious problem

Have you ever considered that perhaps this one business near I-95 IS in a blackout zone? I personally know that I-95 can pass by some radio-controlled areas (such as military installations). So where exactly IS this business that can't get help from a cable company three miles down, and what is the cableco's excuse for not rolling out an additional three miles?

1
0
Charles 9
Silver badge

Re: The report MUST be wrong!

Monoplies ARE free-market capitalism. They're just the endgame: what happens when one company beats out all the others and becomes the winner (thus why I also call capitalism "winner economics"). Once you're at the top, you can use your incumbency to stymie challengers.

Furthermore, utilities are a necessary eyesore. They have high upfront costs for infrastructure (meaning you needed a high customer count to spread the costs), AND that infrastructure tends to not sit too well with the customers (thus you rarely see more than one sewage or gas supplier--think two sets of pipes). Thus they only tolerate it as much as they need to due to NIMBY issues, thus utilities tend to be natural monopolies.

1
3
Charles 9
Silver badge

Re: Comcast and Co disagree

"It should be illegal to fill in a utility trench before throwing fiber or at least conduit into it, likewise to touch a power pole without hanging fiber on it."

Except the power company frequently has no relation to the cable/telephone company. Plus it's their property, meaning they can sue for unlawful imposition of costs into their operations. Plus recall that the US is a BIG country. Have you ever assessed the costs of running high-speed fiber from New York to Los Angeles--or longer, Miami to Seattle?

0
0

NSA spying on US and Israeli politicians stirs Congress from Christmas slumbers

Charles 9
Silver badge

Re: h4rm0ny Seriously, though

And don't think it's not because the Israelis don't say anything one way or the other when their extremists talk. It's like Muslims who don't denounce far and wide when extreme members of their religion commit atrocities. There is no neutrality in a conflict such as this. Silence WILL be construed as tacit acceptance.

0
0
Charles 9
Silver badge

Re: h4rm0ny Seriously, though

Point is that both sides claim God on their side, which means compromise is practically impossible. Especially for that one hill that's ONLY sacred to them when they AND THEY ALONE possess it. When two sides want sole possession of an irreplaceable thing, there's going to be a fight. Even if a third party takes it away or destroys it, that just sets both sides on the third party.

0
1
Charles 9
Silver badge

Re: h4rm0ny Seriously, though

"No. Mostly because it's a state built on stolen land and the genocide of the indigenous Palestinian population."

No. Because it's a state built on land stolen FROM them and the genocide of the 12 Tribes of Israel. They claim the land is theirs by God-given right, so their claim is absolute.

So unless the Palestinians can claim to be the descendants of the people of Jericho, from whom God took the land that was to become Israel, it's a land dispute where each side claims rightful ownership with proof. And since part of the land is considered sacred to both sides and can only be sacred if they and they alone possess it, well the only way it can turn is ugly, which is why Israel tends to take a defensive stance over their ancestral home.

1
3

T-Mobile US boss John Legere calls bulls*** on video throttling claims

Charles 9
Silver badge

Re: It's not throttling

Can this be proven? What if you tunneled your mobile connection through a VPN, for example? Now T-Mobile can't sense the YouTube connection properly.

0
0
Charles 9
Silver badge

When Unlimited != Unlimited

I got in on a deal when they were offering two lines of "Unlimited" LTE (buddied up) for a decent amount of money. So far I haven't really tested the waters, though I do occasionally stream video and do some downloading.

But what really needs to be done is for the FCC to come down on any and all "unlimited" advertising as infeasible in a world of physically-limited bandwidth, be it wired or wireless. Now, "unmetered" is a feasible target, but it must be held to that: absolutely no metering whatsoever, making this impractical for wireless.

As for the YouTube beef, it does sound like a legitimate beef to me. After all, wasn't sweetheart deals (and the favoritism they entail) one of the reasons for the Net Neutrality push in the first place?

8
0

GCHQ mass spying will 'cost lives in Britain,' warns ex-NSA tech chief

Charles 9
Silver badge

Re: Right answer, wrong reasons - Lone Wolves

Did Timothy McVeigh and company have any conspirators when they bombed Oklahoma City. What about Ted Kaczynski? The worst school massacre in American history was committed by a single disgruntled farmer who used his tools of the trade. A single rogue pilot can subdue his copilot and crash a jet (we have one confirmed instance and one probable).

You say lone wolves do little damage. I say their capabilities can only increase, meaning you have to pay attention to them or one day they WILL do something catastrophic, like singlehandedly bringing down a skyscraper.

0
0
Charles 9
Silver badge

Re: Right answer, wrong reasons

But by that time it's too late because odds are the way it makes itself known is by exploding. As for trying to figure out who put it in there, odds are there will be no trail because the needle was inserted, say, by people dressed all in black that have no distinguishing features, or from below where cameras don't reach and is impractical to prevent. Or it may have been shot in from a distance: too many opportunities to do this undetected. IOW, find the needle and it barely tells you anything, and you can't figure out who put the needle there. Meanwhile, there are still loose haystacks out there that may also have explosive needles out there, which is why the plods insist on increasing the hay to search: to find the rogue needles.

0
0
Charles 9
Silver badge

Re: Right answer, wrong reasons

But doesn't that present a Catch-22? How do you know who to pursue if you don't have trails to follow? Especially with lone wolves who have little to no connections of any sort?

1
0
Charles 9
Silver badge

Re: Right answer, wrong reasons

Then again, the plods were similarly handicapped. Plus, IIRC, the opposition had a lot of sympathizers because they had a political grudge. When they figured out a way to resolve the political conflict, the organization lost most of its mission, thus why you don't hear from them these days.

Al Queda had the advantage that they controlled a sovereign state that effectively gave them a safe haven. Attacking them would mean an act of war that only an atrocity like 9/11 could justify.

But what happens when you're up against a nihilist organization whose justification for total war is your mere existence?

0
2
Charles 9
Silver badge

Re: The man is absolutely right!

But at the same time, to stretch the metaphor, even further, there are highly explosive needles in with the bunch, and if one of them slips through and then blows up, there's going to be an ungodly amount of finger-pointing straight at you for not spotting it in time, even though there's really no practical way to separate them out before they go off, so The State is kinda tasked with a nigh-impossible task by the people, yet when (not if) things go boom, they get the blame regardless.

1
0
Charles 9
Silver badge

Re: Straws in the wind

If you're that paranoid, don't forget to check all your chips...

1
1
Charles 9
Silver badge

Re: The man is absolutely right!

Plus the needles are nonferrous with low melting points, so you can't use magnets or fire.

4
0

Bloke sues dad who shot down his drone – and why it may decide who owns the skies

Charles 9
Silver badge

Re: FAA enforedes airspace restrictions to ground level

They do. Their authority attaches to the aircraft, not the air. As long as it flies and is larger than, say, a foot in dimension, they FAA holds legal authority via various acts that define its authority. That's why FAA regulations apply to aircraft even when they're on the ground.

Where authority over the air comes in is that the FAA can regulate what can go into regulated airspace. So, for example, aircraft that can climb over 500 feet need to follow FAA rules regarding flight plans and so on, so as to reduce the risk of incursions and collisions. They don't have such controlling authority at lower altitudes, but they still have a say over the aircraft themselves.

2
0
Charles 9
Silver badge

Re: FAA

Not when it comes to safety in a vehicle that weighs many tons, operates at over 10,000 meters most of the time in air pressures too low to breathe, and have been known to get pretty finnicky. The primary reason for all the rigamarole is electromagnetic interference; there's a constant concern even one little adjustment will snowball, cause an airliner to crash, kill hundreds of people, and create lots of finger-pointing. Engineering may be the art of making do with as little as possible, but what price a life? How do you accomplish the goals of an engineer when lost lives are not acceptable?

2
0
Charles 9
Silver badge

"That means that the courts has already decided that the drone was trespassing, in a very worrying if not malicious fashion. It remains to be seen whether the lawsuit has any merit or not."

The problem is that the drone is large enough to fall under the FAA's mandate, and their mandate attaches to any and all aircraft, manned or unmanned, bigger than about a foot in wingspan or diameter, regardless of its location within US territorial airspace. The suit (which is being filed in federal court) is claiming this means the FAA's jurisdiction takes precedence, trumping the earlier state court ruling.

3
2
Charles 9
Silver badge

"Although I do find it a little strange that $1500 will cover both his $1800 toy plus his court costs."

Depreciation. Thanks to Chinese knockoffs, drones are getting less expensive by the month. What cost $1800 then is only $1500 now.

8
0

Plain cruelty: Boffins flay Linux ransomware for the third time

Charles 9
Silver badge

That's assuming your malware can get online to call back to the server to hide the private key (the public key doesn't matter). But what if you have to assume you're working offline (such as in an airgapped machine)? Now you have to generate your own key, be able to hide it somewhere the victim can't find it, AND still be able to recall it later to do your dirty work. It's a "hiding in plain sight" scenario.

0
0
Charles 9
Silver badge

Re: Hmmm

"How hard can it be to generate a random number?"

Moderately difficult. Now, being able to REMEMBER that number AND still hide it from the victim. That's another matter. If the malware's designed to be online, then a public key infrastructure can be used so that only the public encryption key stays with the victim (fat lot of good it'll do them). But if the malware has to be able to work offline, then you've got a problem: how to hide it so that the victim can't find it BUT be able to yourself find it later.

1
0

Catalan town hall seriously downsizes monarch

Charles 9
Silver badge

Re: Inventive?

I'm not too knowledgeable of the laws in Spain, but I suspect, like most monarchies, that presenting the reigning monarch in a less-then-respectable light can result in penalties, so that would be what this case will be assessing. What needs to be determined is just where the line is located, and if crossed, just how grossly was it crossed by this diminutive expression? Would it be better or worse, for example, than hanging the original picture upside-down?

1
2
Charles 9
Silver badge

Technically, a militia can be one. That's why the ruling against gun control ordinances in Chicago and DC and the declaration that bearing arms is an individual right (since an individual can be a militia).

That said, the men in Oregon probably figured (correctly) that any kind of effigy or symbolic protest would be ignored (unlike in Europe, men of power in America can usually overlook these kinds of things as just self-expression and not a direct attack on them personally). If you want to get an American politician's attention, you're going to have to be somewhat more forceful in your expression.

3
1

Trustworthy x86 laptops? There is a way, says system-level security ace

Charles 9
Silver badge

Re: Horses for courses

The problem here is that the barrier for "trying hard enough" is getting lower and lower. Plus, in the realm of international espionage, money is much less an object then usual, yet the technology from that eventually trickles down, making it much easier to hack for fun and profit rather than for politics. Also, they're trying to blanket the coverage, turning it into a Hobson's choice of live with it or go without, and the latter becomes a matter of whether or not it's practical (or even viable, given there's still the chance of moles) in a modern world.

2
0
Charles 9
Silver badge

But what if it's contained in a radio-opaque case, which is actually used in some devices in order to comply with FCC standards (not to transmit excessive interference)? Then even if the chip can operate in radio, it can't receive anything and nothing it transmits would likely be able to escape the case. Plus EMI might be detectable with the right sensors, tripping alarms. So perhaps hijacking an existing device like the keyboard: say you use a knock sequence and then read RF off a cable or carefully decide blinking lights (say the lock indicators standard on any PC keyboard).

1
0
Charles 9
Silver badge

Re: Stateless and trusted

Problem is, one of the adversaries is The State, and they have the resources to subvert the system at the factory, possibly even at the hardware level. How do you deal with such an adversary?

2
0
Charles 9
Silver badge

Re: Lots of whining, no real solutions

Except most of the complexity came out of necessity, out of demand. You'd have to paradigm shift the people along with the computer, and if history is any indication, all you can say is, "Good Luck!"

2
0
Charles 9
Silver badge

Re: Going back to dumb terminals ...

But at the same time, you reduce the attack surface, meaning hackers concentrate on the few places left, and as the saying goes, they only have to be lucky once. As for separation of code and data, that's impractical if one of the programs you have to run is a compiler or something else that must use the von Neumann blurring of code and data (data is code and code is data). Plus there's things like Return-Oriented Programming that can use existing code (and thus defeats both Data Execution Prevention and the Harvard separation of code and data) to do its work. Finally, the tighter you lock things, the slower you make the business until the economic factor kicks in. If you make things TOO tight that things can't get done, people start finding ways around your security. In the end, you have a business to run, and that business is run ultimately by people.

1
0
Charles 9
Silver badge

Re: ALL YOUR x86 ARE BELONG TO US

Last I checked, biro (ball-point) pens still used ink. I believe you're referring to a fountain pen or some other type that writes without a lot of pressure. I believe you can get similar results with a felt-tip marker-like pen (using one very light not only doesn't leave an impression but controls the possibility of bleed-through).

1
0
Charles 9
Silver badge

Re: It's Turtles all the way down!!!

"how do you know the 3d printer isn't infected? You build the first printer from scratch, and it has very limited functionality, just enough to build the next printer, and you iterate, so that at the end you have a trustable device. This isn't reasonable for a person to do, but for a state actor, maybe..."

But then, a state actor may have the resources to subtly subvert the very first printer you make (on in the other example, the system on which you build the initial assembler/compiler). And they may even defeat the technique to detect the latter (cross-compile against a known-good compiler) by making it so you can't be sure you have a good compiler.

1
0

LogMeIn adds emergency break-in feature to LastPass

Charles 9
Silver badge

Re: Of course any password manager

"And all my saved payment details require the CVV number from the card. Which is *not* stored anywhere - not even on the card (use a soldering iron, the digits are embossed)."

But what happens when you FORGET the CVV numbers or get them mixed up and can't recall which is which?

0
1
Charles 9
Silver badge

Re: KeePass

1) If you use KeePass from the go, this is a non-issue as you're not importing. Indeed, a lack of easy export out of LastPass has to be taken into consideration, as it may swing your decision to take up LastPass in the first place.

2) Perhaps this is for the best. One of the best ways to manage credit is to limit it. If you're down to one or two cards, you can just memorize them.

3) Want to cloud your password safe? Drop it in an OwnCloud or Dropbox. The safe is encrypted with encryption similar to what governments use, so if they can break it, they'll be in trouble themselves.

0
0

Bash, smash, trash Flash – earn $100k cash

Charles 9
Silver badge

Re: Someone call time

As long as there are systems out there—very expensive systems—that require Flash to operate, and no alternatives exist for it.

1
0
Charles 9
Silver badge

No, because out there are highly expensive enterprise control systems that MUST be accessed by Flash and nothing else. They're stuck with the hardware so they're stuck with Flash.

1
0

North Korean operating system is a surveillance state's tour de force

Charles 9
Silver badge

Re: One thing is mind-boggling

Not necessarily. What about subversive documents cut from scratch? Fingerprinting and source tracking would be useful there, too.

0
0
Charles 9
Silver badge

Re: pen and paper

Hidden cameras. They can copy pen-and-paper notes remotely.

0
0

Kaspersky says air-gap industrial systems: why not baby monitors, too?

Charles 9
Silver badge

Re: @Charles 9 (was:@anonymous boring coward

And I'M right. You don't see the REAL real issue, which goes beyond SCADA.

You're basically saying SCADA shouldn't exist since the REAL real security professionals would be in the government (the agents BEHIND Stuxnet), meaning they can be subverted. What man can make, man can UNmake.

DTA - Don't trust ANYONE.

0
0
Charles 9
Silver badge

Re: @Charles 9 (was:@anonymous boring coward

What's there to understand? Stuxnet relied on subverting a necessarily-complex program just enough so that it wasn't obvious at a glance yet was enough to cause expensive machinery to overload itself and break down. This program was passed around using the only viable transport medium available: USB sticks, as the programs are too complex for a human brain to remember reliably, and it would only take ONE of them, perhaps subverted at the hardware level a la BadUSB, to subvert the first machine, which in turn creates the changes that break the second machine.

Looks to me like an intractable problem. How would you do it properly if the required medium of transport could've been subverted at the factory level, before you ever got your hands on it?

And note, Stuxnet not only had State-level support, but also the assistance of the machine's manufacturer. It's like dealing with bribed guards.

0
0
Charles 9
Silver badge

Re: @Charles 9 (was:@anonymous boring coward

If you can demonstrate someone who can memorize a complex PLC program in their head just by reading it from a screen, then going over to an isolated machine and keying in the same program, without mistake or means to verify there is no mistake, then I'll withdraw my claim.

0
0

Here's your Linux-booting PS4, says fail0verflow

Charles 9
Silver badge

Re: so what

Just because you pay rent or leases doesn't mean you own whatever you rent or lease. And by the EULA's, what you get doesn't necessarily constitute a sale, even under exhaustion clauses. IOW, monkey with the software that's require for the hardware to run, and be prepared to end up with a brick.

0
0
Charles 9
Silver badge

Re: Typo?

"Which is a shame as Kodi modified to use the GamePad as a dual purpose remote/player would be a great media centre."

Hmm...then again, you have to wonder if the Wii U has the grunt work to handle Kodi properly, especially at high resolutions, hi-gamut, and/or H.265 encoding. It's like with WiiMC: strictly an SD affair and known to chug when it encounters more complex H.264 video.

0
0
Charles 9
Silver badge

Re: Typo?

The Wii was exploited via games until LetterBomb appeared, which exploited the Wii's internal messaging system. By that point, though, the Wii was getting long in the tooth, and while it's a nice thing for retro gaming (load up some emulators from the Homebrew Channel, hook it up to an old CRT TV, and cue the nostalgia), the novelty tends to wear off before long, especially once you try to more sophisticated stuff.

0
0

3D printer blueprints for TSA luggage-unlocking master keys leak online

Charles 9
Silver badge

Re: Tie Wrap

Not if they use the ol' "pen in the zip strip" trick, which is reversible.

0
0

China wants encryption cracked on demand because ... er, terrorism

Charles 9
Silver badge

Re: Whistling in the Wind?

China can do whatever it wants. It's a sovereign nation.

0
0

Forums