* Posts by Charles 9

5030 posts • joined 10 Jun 2009

Wait, what? TrueCrypt 'decrypted' by FBI to nail doc-stealing sysadmin

Charles 9
Silver badge

Re: @Credas

"Let's be generous and consider a dictionary of 10,000 words. With an average of 10 misspellings of each word. And an average of 10 character substitution combinations for each word. And in 100 languages. And you can pick up to 6 of these bastardised words: 10E8^6 or 10E14 possible combinations."

Pardon me, but it seems the math's off.

IINM, when a power is raised to a power, you multiply the exponents, meaning (10E8)^6 (or more properly, (1e9)^6) should end up with 1e54, which is darn close to the strict 36-random-character entropy you listed.

2
0
Charles 9
Silver badge

Re: Truecrypt will become obsoleted on Windows

VeraCrypt is a fork of TrueCrypt and under active development. They can keep up with Windows, and since there's still a need for filesystem utilities like defraggers, there will always be a way in.

2
0
Charles 9
Silver badge

"Encrypted copy of the encryption key? What key do you encrypt it with?"

The same one(s) you use to unlock the volume to mount it. IOW, having the rescue disk simply means you have another door if the one's been caved in. Thing is, it has identical locks to the first one.

1
0
Charles 9
Silver badge

Re: GnuPG

"Errm, you cannot prove a negative."

Reductio ad absurdum can prove a negative by asserting the affirmative and demonstrating it cannot logically exist (for example by showing its existence would present a paradox). That's how Turing's Halting Problem proof works.

1
0
Charles 9
Silver badge

Re: "except if you use something like Keepass"

You can also use keyfiles which can be picked up simply by using mouse clicks while, while they can be captured, can easily be sent out of context, rendering them useless for figuring out just which file(s) you picked.

0
0

OS X remote malware strikes Thunderbolt, hops hard drive swaps

Charles 9
Silver badge

Re: Doh!

But that will either require users to open the machine (a general no-no for anyone not electronically-inclined) or take it to a Genius Bar that may or may not cost and may or may not be available. And if you try to wire it to the outside, social engineering will exploit it.

1
0
Charles 9
Silver badge

Re: Doh!

"This is why boot ROMs should be tiny and actually ROM, not flash."

And what happens when an actual ROM has an exploit in it? Good luck trying to fix it...

0
0
Charles 9
Silver badge

Re: Doh!

And remember, marketing is beholden to the clients, who demand ease of use before security. After all, who wants to go through three different dead bolts just to get into their house? And ease of use quickly eats into security, putting you at odds when both get demanded at once.

2
1

New twist in telco giants' fight to destroy the FCC's net neutrality

Charles 9
Silver badge

Re: Would'nt it be cheaper

Thing is, anything that passes Congress has to go to the President's desk, and since the President and Congressional control are opposing parties, any rider runs the risk of being labeled poison and grounds for a veto, which the Republicans lack the muscle to override. And the Republicans know they LOST the last game of chicken they tried to play; that's why they're so reluctant to try now. Furthermore, Democrats in the Senate also possess the power to stall disagreeable legislation by employing the filibuster power. Since the Republicans only have a bare majority, it'll be hard for them to muster the 60 votes needed to invoke cloture and stop a filibuster if party lines galvanize.

0
0
Charles 9
Silver badge

Laws or not, telecom is a utility with big upfront costs. If the incumbents pull up stakes and take their infrastructure (which they legally own) with them, who's going to pony up to build it all back again without appealing to the reluctant taxpayer to foot the bill?

Title II or not, the government can't prevent a business from performing a voluntary liquidation, especially if it makes financial sense (which then goes to fiduciary duty; if the government presses, they can countersue and pit law vs. law in court).

And who cares if the bodies float downstream. They'll have been looted long before then.

0
0

IBM punts cryptotastic cloudy ID verification services

Charles 9
Silver badge

Re: IBM and "The Man" do not need to be involved

"Under the IM protocol the authority is not "gleaning" any additional knowledge about you. It receives a request to confirm an assertion that some detail about you satisfies some constraint (eg that your age falls within a given range). It already has the records that guarantee that assertion."

It will know whose credential is being asked (Due to the need to look it up) AND who is doing the asking (Does the asker really need to know this?). That alone can be interesting evidence, especially piled up with other bits of information accumulated over time, and there's no way to be certain this information isn't kept in some way, shape, or form. It may be a breadcrumb, but gather enough of them and you end up with enough to fill a can.

0
0

Online armour: Duncan Campbell's tech chief on anonymity 101

Charles 9
Silver badge

Re: Why the comment about using an old laptop?

Or maybe that's what the NSA WANT you to believe since they've probably been secretly compromising hardware chips since the 8008.

1
0

How much of ONE YEAR's Californian energy use would WIPE OUT the DROUGHT?

Charles 9
Silver badge

Re: Alternatively...

IIRC, the central valley part of California isn't exactly a desert. Plus rice needs water control no matter where you grow it.

0
0
Charles 9
Silver badge

(1) How do you get the desalinated water ashore in reasonable volumes to handle, say, a big metropolis like Los Angeles?

(2) What do you do with the concentrated brine left over from desalination? And note that sea water has more than salt in it, so you can't just sell it on the open market.

0
0
Charles 9
Silver badge

"The trick worked in Chernobyl too, apparently it killed thousands but Russia only reported some 60 or so."

You have some independent and unbiased evidence to that effect?

2
0
Charles 9
Silver badge

Re: Where has all the water gone?

The article mentioned where most of it went: to the agricultural nexus in the heart of the state.

0
0

Linus Torvalds warns he's in no mood to be polite as Linux 4.2 drags

Charles 9
Silver badge

Re: Shirley...

Someone hasn't seen "Airplane!"...

0
0
Charles 9
Silver badge

Different strokes for different folks. Some need the former, some the latter.

0
0
Charles 9
Silver badge

As I recall, Ada is both more memory-intensive and more processor-intensive, which are minuses for things like embedded systems (less memory and usually underpowered CPUs) and performance-critical applications where the overhead is something to be avoided.

4
1

SPUD – The IETF's anti-snooping protocol that will never be used

Charles 9
Silver badge

And the moment you do that, someone's going to cheat the system and simply encrypt everything and wrap them in packages describing security fixes or other high-priority sequential stuff. Back to Square One...

0
0

$100m fine? How about, er, $16k? AT&T teabags FCC with its giant balls

Charles 9
Silver badge
FAIL

Re: Fine seems reasonable

"Again, access to the data network is unlimited. The advertising is not false."

It is TOO false. If contention can get so bad that I get dropped off, then I've LOST access to the data network. That's a problem for the provider and a hint they need to plunk down for more infrastructure. And I'm not confused. Unlimited access is actually standard for all data plans, which is why they charge overage or downgrade your connection instead of cut you off. The unlimited then MUST apply to the data cap as there is no other differentiator. Furthermore, without a qualifier in the plain English advertising they post, the Unlimited should be unlimited in all aspects not limited by physics.

"I'll give you a second to reflect on your life, if YouTube is your example of compromised capabilities."

Substitute YouTube for On-Demand Video from your favorite app. Handy for the road warrior, you know? I've given it my second, and I stand by my statement. It's not like I live my life on the stuff, but it's still quite a handy place to look for video clips and the like. Since I'm still alive, I must conclude that I actually DO have a life.

"Well, in that case every carrier should be advertising data speeds of zero. Because there are huge parts of the country with no cell coverage. Do try to think before you write."

Actually, I FULLY EXPECT AND WELCOME this. If there were a law that demanded this of any an all advertisements (define them as pleading a case before the public, subjecting them to Sixth Amendment restrictions on truth), I'd be pushing for it night and day. Again, don't advertise something you can't deliver. If they're forced to advertise zero bandwidth, that tells me they shouldn't be advertising, full stop.

1
0
Charles 9
Silver badge

Re: Its a shame

Even "practically unlimited" has a clear deliniation. The ONLY limits that are allowed here should be physical: dictated by the limits of the towers and backhaul, not by any arbitrary system set up by the provider. And even then, serious and continuous contention should be a signal to add infrastructure in a timely manner.

1
0
Charles 9
Silver badge

Re: Fine seems reasonable

"So you want your cell network all clogged up with people BitTorrenting and streaming Netflix because it's "unlimited" while you're trying to download driving directions or, I dunno, having a phone conversation?"

As the saying goes, "Give an inch, take a mile." Don't offer something you're not fully prepared to provide. If you can't truly offer unlimited and allow BitTorrents and the like, don't offer unlimited. By my book, any service that has to artificially limit bandwidth (as opposed to natural limits like contention and aerial bandwidth) is not unlimited and therefore false advertising in violation of federal laws.

9
0
Charles 9
Silver badge

Thing is, there's another line somewhere on the scale: the metric of how much it will take for them to go "Sod this" and pull out altogether. The thing you don't want is for the "Sod this" limit to be lower than the "OK, we'll play clean" limit.

0
0

Microsoft's Windows 10 Torrent-U-Like updates GULP DOWN your precious bandwidth

Charles 9
Silver badge

Re: Look on the bright side

How do you traffic shape an encrypted connection that can come from anywhere?

1
0
Charles 9
Silver badge

Re: How come...?

"Your response is exactly the sort of 'can't do' attitude exhibited by the people running these organizations. It's a failure of imagination, and a failure to have a vision of an improved method. Perhaps there's a failure of attention to detail. Perhaps it's a lack of hands on experience in the circumstances where such improvements would be valuable."

Or perhaps it's an overabundance of caution in a real world where great ideas can have unintended consequences. Such as lawsuits and Big Brother concerns...

1
0
Charles 9
Silver badge

Re: @Charles 9 - Torrent is as Torrent Does...

"That's a relief for me because I always disable UPnP on my gateway/router and on any device that offers the bloody damn thing."

I just used it as an example, since it's a common setting on P2P programs to allow for ease of use. If Microsoft was hell-bent on this, they'll probably employ a middleman system like Skype and Live use to get around a double-NAT situation. And credits to milos it uses the same address(es) as legitimate web connections to known Microsoft and/or partner sites, meaning you can't block the middleman connections without blocking legitimate sites: again, collateral damage.

0
0
Charles 9
Silver badge

Re: Torrent is as Torrent Does...

I don't know if it realistically can be regulated. At least BitTorrent clients let you pick the ports, but some also let you randomize it and use UPnP to open the port on the router. If Microsoft uses this technique and also ties it to the download port, I don't see how you can block one without blocking the other. And given the peer-to-peer nature of torrents, trying to figure which address(es) the torrent is using would be like a game of Whac-A-Mole.

0
0
Charles 9
Silver badge

Re: How come...?

"How come when you pick up a gadget and wake it up, it's very common that it will choose that point in time to start checking for, downloading,and installing updates?"

Because 9 times out of 10, when the human puts the thing down is also the time it goes to sleep, meaning most of the stuff needed to do updates is powered down. And most humans don't want their devices waking up on their own when they're not around. Not only are there privacy implications, but also power-related ones, especially if the device isn't plugged in often.

2
1
Charles 9
Silver badge

Re: Wuh!!?

Not even if the update files are signed?

1
3
Charles 9
Silver badge

Re: Security vulnerability waiting to happen

Depends on how well the updates are signed and/or verified before applying. At least BitTorrent uses hash checking to verify segments as they're downloaded.

6
1
Charles 9
Silver badge
Unhappy

There's another implication. Since the update files can come from practically anywhere, there's no practical way to block them at the firewall. So not only are home users required to accept updates but there's no practical way to block that feature upstream without collateral damage.

14
2

Edge out rivals? No! Firefox boss BLASTS Microsoft's Windows 10 browser brouhaha

Charles 9
Silver badge

Re: Linux

"Depends on the 'Linux' (or BSD) distribution you choose and how you install it."

Most Live distros pack a default browser such as Firefox or a variant thereof. I think most user-oriented installation routines also set a default browser and leave it to you to pick an alternative later on from whatever manager is at hand.

0
0

Will the PC glory days ever return, WD asks as its finances slip

Charles 9
Silver badge

Re: They probably now have their Linux and will move to *BSD

An isolated Windows machine precludes both ZFS and NAS4Free. Besides, in such a setup, doing it my way doesn't involve too much fiddling (I use FastCopy to to the bulk copying work) and has the added benefit of immediate access when they're needed without having to use a network.

0
0
Charles 9
Silver badge

Re: Density play only

There's also the consideration of bulk storage. Flash and post-Flash tech has the speed advantage, and in terms of reliability it varies somewhat, but when speed is less important than sheer capacity, spinning rust still wins. Especially as the size of the average "thing" continues to grow.

As for the PC itself, I expect it to shrink and niche but not disappear altogether. Workstations will always be needed to produce content, plus there are plenty of enthusiasts and amateurs who will need its versatility and/or raw localized power (media authoring and gaming are two big examples).

1
0
Charles 9
Silver badge

Re: They probably now have their Linux and will move to *BSD

You can say the same thing about optical discs. Many aren't designed to last more than a few years. Trust me, I speak from experience. I copied all my opticals to external hard drives and still lost some of the data to optical bit rot. Yes, I know spinning rust can break, which is why I keep two copies of the data (the second on a different lot from the first) and rotate them periodically. The odds of a simultaneous double failure are extremely low. I also use parity archiving as a guard against gradual failure (raising the odds of reconstructing badly-read or -copied data).

1
0

Bloke cuffed for blowing low-flying camera drone to bits with shotgun

Charles 9
Silver badge

Re: How much airspace above your house is considered property?

In the US, the limit is about 4-500 feet. Above that is considered commercial airspace controlled by the government. That said, the FAA has authority over all aircraft regardless of height. And since UAVs are considered by them to be aircraft, this slips into a legal gray area: regulation of aircraft vs. protected expectations of privacy, both federally regulated.

0
0
Charles 9
Silver badge

Re: I've spotted a market

Not unless it's a guarded rotor, in which case it'll deflect off the guard and continue flying.

0
0
Charles 9
Silver badge

Re: Getting them

Tresspass, certainly. Voyeurism would depend on its actions during the intrusion.

As for shooting down, that's something of a gray area. If one could bag, net, or otherwise capture the drone while it's over your property, one could at least argue confiscation and get off. Shooting it down will take more arguing before the judge since the circumstances can result in collateral damage, which is why most localities don't allow discharging within their limits.

1
0
Charles 9
Silver badge

Re: So what's the best way to down a drone?

For a low-flying Peeping Tom drone like in this incident, how about a decent-sized throwing net, say 2m diameter? Toss it up, bag the drone, pull it back to earth, and report to the police with the evidence, so to say, in hand?

0
0
Charles 9
Silver badge

Re: Hard to hit with a shotgun?

From what I've read, it was only 3 meters, not 83, so almost point-blank (which I think is < 1m).

0
0
Charles 9
Silver badge

Re: Good for him

Birds are generally benign so don't constitute a threat (possible exceptions being a hawk that threatens your pet; if that happens, fending it off and then calling Animal Control would be considered reasonable).

As for airplanes, they're usually in the government-owned airspace above the space you own (private property extends upward to the edge of commercial airspace).

2
0
Charles 9
Silver badge

Re: Hard to hit with a shotgun?

"As far as endangerment of his neighbours goes, I've always got the impression that on a clay-pigeon shoot, no-one's too bothered about who's the other side of the hedge at the end of the field, as if you're firing almost straight up, standard shot will have lost pretty much all of its kinetic energy by the time it hits the ground."

Is it the norm to actually have homes on the opposite side of shooting ranges over there?

0
0
Charles 9
Silver badge

Actually, a homeowner normally DOES possess air rights to the space immediately above their homes, up to a certain height where it's government-regulated airspace instead (where airplanes fly). I know this because my neighborhood signed an eminent domain settlement giving the Navy an easement allowing the jets of a nearby airbase to fly over our neighborhood in exchange for compensation. They wouldn't do this unless the homeowners actually owned the space over their houses.

7
1
Charles 9
Silver badge

Re: Let the arms race begin...

Shot can't keep a ballistic trajectory (shotguns are smoothbore), which is the key reason bullets fired up are still deadly coming back down (because their spin from the rifling stabilizes their flight). They'll tumble instead and fall to the ground with about the force of a comparably-sized pebble dropped from the shot's apex (1-200 feet, I think). Meaning, at worst, it can be annoying but it shouldn't be lethal.

6
2

Just ONE THOUSAND times BETTER than FLASH! Intel, Micron's amazing claim

Charles 9
Silver badge

Re: RE. Read the Fine Print

Still that 200GB SD represents the limit I think in terms of flash on SD. The dimensions of the card are now constraining what chips can go into it three-dimensionally. Thus 200GB instead of 256GB as it should be.

0
0
Charles 9
Silver badge

Re: Manufacturing capacity

You can say the same thing of 3D Flash. It always takes time for production to ramp up. Thing is, this new tech appears to be lagging 3D Flash only be a few months. If it really is everything it claims to be, it has the potential to strangle 3D Flash in the cradle, before it can really break out into the mainstream.

0
0
Charles 9
Silver badge

Re: hmm

"I'd heard that memristor from HP/Hynix was a done deal, simply waiting for market conditions to be right. Never sell your best if you can sell your old product line for a while longer...."

That's a fair strategy for evolutionary tech where the competition can choose to leapfrog you and go two steps ahead instead. Not so for revolutionary tech that can result in a paradigm shift, meaning your existing tech can be obsoleted cutting off your revenues. In the latter case, who dares wins since they gain the critical advantage of the first mover. If the market develops to be such that it can't support a lot of suppliers, you definitely don't want to be left behind.

2
1

The US taxman thinks Microsoft owes billions. Prove it, says Microsoft

Charles 9
Silver badge

Re: Flat rate tax system...

Well then it's a lost cause since you'd have to apply this flat tax rate worldwide. But since many countries are in competition with others, tax havens emerge and since they're sovereign, there's little you can do directly to stop them being tax havens. So you gotta make it up somewhere.

As for the flat tax, one reason for a progressive tax code is to discourage the very rich hoarding their money away. Money that doesn't move doesn't get taxed since it's no longer income to someone. That's why some savvy wits borrow against assets instead of sell them: to dodge capital gains taxes.

0
0

Got an Android phone? SMASH IT with a hammer – and do it NOW

Charles 9
Silver badge

Re: Bloody tools

"This is the 21st century and we're talking about mobile devices right? Why don't you just use the hardware-implemented codecs on the hardware (via the SDKs)? I can play real time video on my phone's browser, or from within an app, without having to get my hands dirty writing c++ codecs."

Because time marches on. Codecs get improvements and eventually get replaced with entirely new ones. Hardware H.264 can have trouble when handling bleeding-edge video files that push the codec to its limits. And they're absolutely worthless for the new wave of H.265 video.

0
0

Forums