* Posts by Charles 9

4477 posts • joined 10 Jun 2009

Your city's not smart if it's vulnerable, says hacker

Charles 9
Silver badge

Re: It's only taxpayers money, who cares?

Actually, I didn't. But what's one smart vote when up against ten stupid votes? And when the choices (if any) are down between Tweedledum and Tweedledummer?

0
0
Charles 9
Silver badge

Re: It's only taxpayers money, who cares?

And if "do nothing" and "go manual" aren't options for legal or "political" reasons?

0
0

Got a big day planned in 15 BEELLLION years? You need this clock

Charles 9
Silver badge

Re: Ironically, 'real' time is a bodge

Blame the Earth for that. If it weren't for the fact the Earth's rotation is oh-so-gently slowing down, atom-based UTC wouldn't need to keep adjusting to keep near the Earth-based GMT. Otherwise, UTC noon wouldn't match up to Grenwich noon.

0
0
Charles 9
Silver badge

Re: Obligatory Terry Pratchet reference

Maybe it's a case of "Too Soon". I only found out about Sir Pratchett's passing a week back, as I was out of touch for a while. As for the clock, I suppose it will be extremely difficult to know if it really can keep accurate time if it's THAT sensitive to movement, given that everything in the universe moves.

And just for the record, that precision limit is still about 25 orders of magnitude away from Planck time, so maybe it isn't right to compare this to the Glass Clock.

0
0

Lawyer: Cops dropped robbery case rather than detail FBI's StingRay phone snoop gizmo

Charles 9
Silver badge

But was the defendant faced with a mucho-seriouso charge such as attempted murder? That's going to be the acid test. A high-profile case like a rampant murderer will mean lots of attention being placed on the defendant, meaning the police will be under tremendous pressure to nail a conviction: especially if the victims' families have been vocal to the media (especially if it's a hate- or race-motivated crime). It would mean Charybdis has now joined the Scylla of the FBI and the DA may not be able to abide with the direction for fear of a riot (not to mention a possible suit against the state for gross miscarriage of justice).

1
0
Charles 9
Silver badge

Re: keeping secrets

The defendant is guaranteed the right under the Constitution to confront one's accuser, so an "anonymous tip-off" can only be used as secondary evidence. The StingRay evidence in this case was the linchpin of the whole case which meant the defense would be entitled to question the police who used it.

0
0
Charles 9
Silver badge

Re: @LucreLout - @Gordon

"But this case *isn't* about a phone being stolen, it's about the Police very probably using illegal methods to snoop on phones in the same way that GCHQ and NSA want to snoop on what everyone does online in the hope that, in the massive haystack of data they collect, there may be a needle."

But when the needle's made of explodium so it doesn't react to magnets or x-rays, making it indistinguishable from the haystack, how do you find it before it explodes, takes hundreds of people with it, and YOU get the blame for not finding it in time?

0
2
Charles 9
Silver badge

How far are they willing to go? Suppose the next target is a murderer? Will they be willing to risk innocent lives to keep Stingray secret? What if a dropped case results in new victims who then sue on the grounds of miscarriage of justice?

4
0

Ubuntu 15.04 to bring 'Vivid' updates for cloud, devices this week

Charles 9
Silver badge

Re: VNC

I think Google making under-the-bonnet changes to the Android graphics engine. Most 3rd party VNC servers broke with Kit Kat, and I don't think Lollipop improved matters.

0
0
Charles 9
Silver badge

Re: "Vivid Vervet"

I think "wacky" is a likely candidate. If they need something more obscure, perhaps "whistling".

0
0

FCC hit with SEVENTH net neutrality lawsuit

Charles 9
Silver badge

Re: "which Democrats will never allow"

If he was such a negative, how come he was elected TWICE? Getting the second terms means SOMETHING went right.

0
0
Charles 9
Silver badge

Re: Sounds good to me!

You know Japan and South Korea are a) small and b) dense. Show me a large, sparse country with better Internet, then we'll talk (you won't--Canadians complain more than Americans and let's not start with Russia).

2
1
Charles 9
Silver badge

Re: Sounds good to me!

Then counters on the grounds that privately-owned data lines are both an unfair labor practice and a potential threat to national security.

2
0

America was founded on a dislike of taxes, so how did it get the IRS?

Charles 9
Silver badge

Re: Well, even cosmetic house improvements need to be checked

They're not just nominal reasons. Many of them came on the heels of lawsuits filed because someone got hurt or killed as a result of a home improvement getting blown off in the storm and hitting someone or someone struck by a car at a blind corner: blind because the buildings were too close to the street making it impossible to see what's coming to any acceptable degree.

0
0
Charles 9
Silver badge

But those same states typically charge you for obtaining an ID card. If it's a requirement to vote to possess such an ID, that amounts to a poll tax, and that runs afoul of the forbidden laws list of Article I, Section 9.

0
1
Charles 9
Silver badge

Re: Wouldn't work there, unless I planned on living there until the end

Well, even cosmetic house improvements need to be checked they don't pose other risks. For example, you have to keep a certain amount of open space between you and any adjacent streets so people and cars can properly see around corners. You can't put up anything fragile and likely to fall off or fly in the wind and hit someone. And so on.

0
0
Charles 9
Silver badge

Re: USD $24 for 10 gallons of gas

"Gas prices went up in California, because we use a special gasoline formulation to reduce smog, so gas normally sold outside of California can't be loaded on a tanker truck and sold in-state."

That's also why most cars in the US are built to the tighter California emission standard (anyone watching an American game show with a car in it may have once heard "California emissions" being listed as the features on the cars, meaning the additional stuff needed to make the car California-compliant).

0
0

Verizon FLICKS FINGER at Netflix with skinny à la carte-style TV package for fibre munchers

Charles 9
Silver badge

Re: fug ESPN

"For how much longer?"

For as long as people watch sports, I think. Even with local blackouts, there are literally millions of sports fans out there willing to pay. Especially since it's still cheaper than tickets. That translates to a whole lot of money, and none of the other channels come close, not even the Fox Sports networks.

0
0
Charles 9
Silver badge

Re: Business as usual then...

So you fire back you're a caeliac with a religious objection to the soup. See how they fire back.

(That's how some people can get food into a cinema or sports arena—medically-ordered diets mean they can't have anything else, so taking the food away becomes a crime.)

0
0
Charles 9
Silver badge

Re: fug ESPN

Only two problems.

One, ESPN is one of the earliest and most popular cable channels. Basically, any sports fan will demand it as a prerequisite. If ESPN can command a princely sum, it's because the demand is there.

Two, ESPN is owned by Disney, who also owns ABC, one of the big broadcast networks. ABC is basically a must carry so Disney can leverage this in negotiations. Not to mention Disney is ANOTHER of those highly-popular "prerequisite" channels.

2
0

Dev gives HBO free math tips to nail Game of Thrones pirate leakers

Charles 9
Silver badge

Re: Transcode resistant?

Probably a semantic flub. They mean audio watermarking that's resistant to transcoding like Cinavia. Most audio watermarking works on the extrema of the audio clip to avoid it being audible. However, this renders it vulnerable to mangling as I call it through simple audio transformations. Cinavia's willing to place its data in the audible part of the frequency range, resulting in a slight but barely-noticeable noise in the track. Thing is, since it's in the audible range, it's much trickier to remove without distorting the actual audio too much.

0
0
Charles 9
Silver badge

If the pirates obtained TWO copies, they could run a picture delta analysis to determine off frames and work from there: keeping edits from BOTH copies to throw off the forensic identification.

0
0

Nvidia's GTX 900 cards lock out open-source Linux devs yet again

Charles 9
Silver badge

Re: One of the reasons I abandoned them years ago

"Why this assumption? Because the game developers won't write for Linux or Mac?"

EXACTLY. Even TODAY, with Valve actively encouraging Linux development to push the Steam Box, most games coming out are Windows-ONLY.

0
0
Charles 9
Silver badge

Re: A solution for the wrong problem

nVidia already has a toehold in the portables with their Tegra SoC. And their APU lines points to a similar direction for AMD. Sounds to me like that base is covered. Meanwhile, in performance gaming, the PC will still have a place for years to come, and as long as there's a demand for performance gaming, the incumbent (Windows) will always have the edge. Portables will never take that away or everyone would be gaming on laptops now.

What nVidia did with Valve was simply a CYA move, but they could easily abandon it, especially if Windows X boosts the PC profile again.

0
0
Charles 9
Silver badge

Re: A solution for the wrong problem

When the Steam OS comes of age, nVidia and AMD will make Valve bend over. Valve needs them for good graphics performance. They can stick to Windows.

1
9

Ebook price-fix saga: Official Apple peeler says probe is fruitless

Charles 9
Silver badge

Re: Laws are only for poor people

But it's not really Apple's style. Plus conceding to Amazon could be a point of no return in a market war where integration matters.

0
0

Googley TENTACLES reach towards YOUR email

Charles 9
Silver badge

Re: Google

Not with all the services they provide with no viable substitutes...

1
1

Android lands on Microsoft's money-machine island fortress

Charles 9
Silver badge

Re: QNX surely?

Licensing costs IIRC. Also it's x86 arm isn't as robust as its ARM arm.

0
0
Charles 9
Silver badge

Re: No camera?

But that means having a second device to power the camera, which they'll just own first. And running extra data channels gets expensive, so it's one channel or bust.

0
1
Charles 9
Silver badge

Re: Excellent!

More DISCLOSED vulnerabilities which would in turn be patched up. I'd call that a better shot than fewer disclosed vulnerabilities and a whole bunch of undisclosed zero-day bugs hiding in the darknet.

22
2
Charles 9
Silver badge

Re: Excellent!

"LOL @ Android and secure in the same sentence."

As I recall, there was no hide or hair mentioned of the Android application framework, only the Linux core behind that framework, which last I checked is still pretty tight. The last vulnerability I could pick up came from the baseline Linux kernel, not from anything Google did to it, and that's since been fixed.

IOW, perhaps the article's rather misnamed as the new OS is closer to Chrome OS (a web-based thin client) than Android.

23
1

Health apps and wearables make you nervous, not fit, say boffins

Charles 9
Silver badge

" you may be hit by a bus tomorrow, and in this situation if you are killed immediately fitness won't help. If you're hospitalised for a prolonged period, then it will."

Fitness may also alter the odds of actually surviving the impact. Different body types offer different resistance to the impact of the bus, resulting in different possibilities. A fat person has more impact-absorbing lard but may lack strength in the bones a fitter person is likely to have, and so on. Just saying.

0
0
Charles 9
Silver badge

Re: “Humanity is wasting its time on monitoring life rather than getting on and living it.”

But what happens when the moment symptoms appear is already past the point of no return? Isn't that why there's a concern for checking out every little variance? In case it's something extremely serious where time is of the essence?

1
1

Chrome version 42 will pour your Java coffee down the drain: Plugin blocked by default

Charles 9
Silver badge

"How much you can sandbox it all really depends on the app itself and of course many need access to all manner of local and remote resources that seriously restrict what you are able to do to secure it."

Some antiquated software also drives antiquated hardware and therefore CAN'T be virtualized (and the hardware itself can't be replaced because there's no substitute or it's still being amortized). NOW what?

1
1
Charles 9
Silver badge

"f that's the case then why not leave it in there for a couple of years more to allow the sys admins time to beg the PHB for money to redevelop the applet that should never have been written in the first place."

Because Catch-22 applies here. As long as NPAPI works, the PHB will never see a reason to put down for a new version. PHB's are reactive, not proactive and will only put down when their own neck's on the line: IOW, when something breaks.

1
1
Charles 9
Silver badge

Re: Although plugin vendors are dancing to Google's tune

Unless Google is claiming NPAPI is too old TO sandbox properly. We don't know if Apple's approach is breaking stuff since the MacOS presence is relatively small. Meanwhile, like I said, Firefox's is off by default, which leads me to suspect it's likely to break things. If the only way to properly sandbox NPAPI breaks too much, then perhaps Google has a point.

1
1
Charles 9
Silver badge

Re: Not the end of the world

Trouble is, non-interactive web pages are more trouble then they're worth now, so you're caught between Scylla and Charybdis. The ONLY way you can attract enough e-business is to render yourself vulnerable. So do you sink or swim with the sharks?

1
1
Charles 9
Silver badge

Re: Goodbye Chrome

But what happens when the only alternatives lead to pwning, which leave users in a bind: the ONLY browsers they can use to work leave them with their butts in the breeze, so to speak, basically putting am minefield between them and their work and in the dilemma of neither being able to stand still nor move forward.

1
5
Charles 9
Silver badge

Re: Although plugin vendors are dancing to Google's tune

Java's supposed to be sandboxed, too. Guess what happened? Malware found ways to escape sandboxes, so perhaps Google doesn't consider a sandbox much of an assurance. Firefox added the capability, too, but it's not on by default. Probably because of the risk of the access restrictions breaking essential plugins: another concern of any form of new access restriction.

2
2
Charles 9
Silver badge

Re: Sigh...

Except because we're only human, every single implementation would be vulnerable to some human mistake. The chief (and irremovable) reason software is vulnerable is because it or something else along the line is made by humans.

1
1
Charles 9
Silver badge
Facepalm

The "better browsers" BREAK the antiquated-yet-irreplaceable plugins on which your business relies. What's your answer to an antiquated-yet-irreplaceable piece of custom software that's too expensive to replace yet so insecure and rickety it can break at any moment?

3
0

Finally, Mozilla looks at moving away from 'insecure' HTTP. Maybe

Charles 9
Silver badge

Re: I don't understand the "false security" argument ...

But the attack surface has grown to the point that ANY public web page can be an attack vector. That's how Drive-By Attacks work. It's like animal fighters picking any house with the door unlocked to hold their fights. It's just not safe to leave the door unlocked anymore because it can become a big problem at any time. IOW, it's reached the point that a certain level of security is ALWAYS necessary.

PS. To the guy who's worried about their family pictures being picked off the wire, how about your website being co-opted into a botnet or DDoS node instead?

0
3
Charles 9
Silver badge

Re: Not https as it is right now

"Self Signed plus DNSSEC plus a signature in DNS is enough to verify that the site is what it claims to be at least as far as DNS goes (which is good enough for 99% of cases.. it flags MITM and government/corporate snooping which is what we're interested in).. DANE solves the same problem."

What about government MITM using the actual key, which they can co-opt? They can flood a web of trust and spoof any lighthouse sites, too.

1
0
Charles 9
Silver badge

Self-generated certificates and offline key exchange?

1
1
Charles 9
Silver badge

But REAL real security usually involved hoop-jumping the general public isn't willing to jump. You have to come up with a system that's BOTH extremely secure AND ridiculously easy to use. Given the normal scale of secure-vs-ease of use, I don't think that's possible.

7
0

Don't collect bugs, invest in fly-spray says bug bounty operator

Charles 9
Silver badge

Re: Kool Running Hot Brains Needed for that APT ACT App, theodore.

"Until such times as that happens, theodore, in all of the places and spaces that really matter and effectively driver the future..."

And that time will never come since humans are fallible, and the bad guys only have to be lucky once...

As the article linked in the article notes, failure is unacceptable but also inevitable.

1
0

You. FTC. Get over here. Google is INVADING our children's MINDS – anti-ad campaigners

Charles 9
Silver badge

Re: Ummmm

They developed techniques during the '94 World Cup, which the US hosted, to allow for in line ads without having to resort to a lot of commercials. Many sporting events around the world use such techniques now. Also, American sports have the decency to limit most ads to the grounds and walls (auto racing is an exception-cars and uniforms there).

0
0

'Linus Torvalds is UNFIT for the WORKPLACE!' And you've given the world what, exactly?

Charles 9
Silver badge

"To go back to the TV tuner example, Linux provides a whole raft of TV tuner drivers. They all run in kernel space. BSD doesn't provide any TV tuner drivers, but provides a kernel mode character driver that can be used to communicate with USB devices. The Linux drivers are then run entirely in user space, communicating using this simple kernel driver. Performance + inability for a TV card to oops your system."

And while that may suffice for stuff like TV tuners, high-performance devices like 3D graphics and high-throughput (GBit+/sec) networking tend to need to be in kernel space due to the severe performance penalties involved in context switching. I've heard work on hybrid dual-space drivers but I haven't seen their application in graphics and certain other performance-intensive applications.

0
0

Grandmaster FLUSH: Chess champ booted for allegedly cheating with iPod app in the loo

Charles 9
Silver badge

Re: Endgames

But the tricky part is figuring out early moves. Even chess has a limited move set towards the end game as pieces are removed and routes are cut off (particularly if the king is under threat--check cuts the number of possibilities drastically).

0
0
Charles 9
Silver badge

Re: Fact and fiction mix

But now the casinos have to watch out for linked smart watches and camera glasses (the latter in particular because there could be actual prescription lenses in the frame, rendering them a medical necessity due to otherwise-poor vision).

0
0

Forums