* Posts by Charles 9

3877 posts • joined 10 Jun 2009

Apple, Google take on Main Street in BONKING-FOR-CASH struggle

Charles 9
Silver badge

Re: QR codes...established technology...most people know how to handle.

QR Codes are still active in America, probably thanks to a greater Asian exposure (you want to see QRs everywhere, go to Asia). There's also the Data Matrix barcode. It was here and there for a while but is now settling into a more-technical role in industrial applications.

I'll give you the nod about Chip-and-PIN. Thanks to an upcoming mandate from credit card companies regarding liability, Chip-and-PIN will be pushed into America over the next year. And as long as MCX is against any system other than its own current beast, NFC for payment will remain small potatoes (if MCX wises up and makes their system slimmer and less intrusive, then something might come of it, but not as it is now).

0
0
Charles 9
Silver badge

Re: If Apple Pay fails..

"NFC in phones is dead. It's never really been alive but the squabbling over HCE and SWP kept it from ever having any traction and I predict that this Barcelona will be the year where we see new high end phones from manufacturers who in the the past have supported NFC, without the tech."

It's rare for a piece of tech to be put in a phone and then taken out again without a successor. As tech ages, it becomes cheaper to implement, especially now that a Secure Element is not a requirement anymore thanks to Host-based Card Emulation. Eventually, it becomes a matter of "Why not?" meaning unless its mere existence constitutes a serious liability, they'll throw it in just to avoid being left behind when someone finds a better use for the tech.

0
0
Charles 9
Silver badge

Re: This is really about liability

I think what you describe is more the reason they're rolling Chip-and-PIN in the US NOW, because without them the retailer can be left with the blame. Contactless payments are being fought according to the matters the article noted: mostly about control. Basically, if the retailers can't get more control over transaction metadata, then they're not interested in any kind of improvement. Contactless gives no concrete security improvements and the processors can't justify a forced switch to accept contactless (if they tried, the retailers could claim false advertising and take them to court). And given that Walmart and Kroger are the #1 and #2 retailers in the US, you're talking some serious muscle.

0
0
Charles 9
Silver badge

Re: The US is still in the stone age

And content to STAY that way, too. I hear many people don't like C&P because they'll lose the zero-liability protection with the signature cards (in the US, almost every credit card has zero liability if the theft is detected quickly). After all, if someone steals your card and knows the PIN, how can you say you didn't give the PIN to them? That makes you legally liable. And contactless has the stories of those skimmers, especially the story of the skimmer in Vegas who used a directional antenna to skim NFC details a block away. More people keep checks because it leaves a paper trail and out of order checks trip red flags.

Chip & PIN? Many would say, "You can KEEP it!"

2
6
Charles 9
Silver badge

At this point, the status quo favors the retailers, so they can stonewall. If NFC doesn't give them any advantage vs. now, they simply won't use it. I know plenty of retailers that tried NFC at first...then dropped it, which indicates they're willing to hold everything back because it doesn't affect them. In fact, I'm seeing new C&P terminals being installed that don't have NFC capability, leading me to believe they're willing to let NFC cards die on the vine. Walmart refuses, so does Target. Sears doesn't support which means neither does K-Mart. Lowe's is out. Best Buy's support is limited, and Kroger is one of those that dropped support. Probably the biggest retailer that still supports it is The Home Depot, and it's recently had a security breach. Looks to me like support's not there in the stores that matter. The size of the anti camp also makes boycotting difficult since at this point boycotting will likely mean paying more money when many people can't spare the change.

1
0

Even a broken watch is right twice a day: Not an un-charged Apple Watch

Charles 9
Silver badge

Re: Bad old days.

I also recall that all but the most expensive and elaborate timepieces tended to drift significantly as the day passed. If anyone's ever seen "The Secret Life of Machines" Tim Hunkin did an episode on the quartz watch and covered timepiece history in some detail. Knock the cheap quartz watch all you want, but it's hard to beat it for consistency.

1
0
Charles 9
Silver badge

Re: Odd

"I've no use for one, but I can't see the problem of having a 2nd device to charge every night. With wireless charging, just leave phone and watch on charging pad."

Perhaps, but last I heard, the iWatch doesn't support Qi or the like. That said, there also needs to be consideration for people, say, on the go who may not have ready access to a charger at night or who go the zombie route and don't sleep one night to make some hectic deadline. It would be nice to have a timepiece capable of holding its own for a longer period, say at least two days unassisted. I'm curious about the concept myself, but at this point none of these have hit the the price/perk sweet spot, and I'm willing to wait. I'm probably more inclined to pick an e-ink-based device that can throw up a passive display. Or maybe something like the Qualcomm Toq, only with a more-refined interface.

6
0

Shellshock over SMTP attacks mean you can now ignore your email

Charles 9
Silver badge

"Water flows downhill. You can rant at people not to do the wrong things until you're blue in the face, but you will only achieve reliable results when it is easier to it right than to do it wrong. At some level, this might be considered a bug in the design of the API."

But the problem is that the secure way is ALWAYS a HARD way. Like locking the door. Sure, you can make a door that auto-locks, but there are side effects (locking yourself out, for starters). Turnkey security is an elusive, if not outright impossible goal. Sometimes, you just can't fix stupid. And if stupid's your superior...

The problem becomes much harder when you ALSO have a deadline, meaning you can't just do it right but also have to do it right QUICKLY. Doing things rightfast is daunting.

1
0

The DRUGSTORES DON'T WORK, CVS makes IT WORSE ... for Apple Pay

Charles 9
Silver badge

Re: Note to El Reg

In which case, they'd rather have no NFC payments AT ALL. Walmart's steadfastly refused to add it, and many places have DROPPED support even before Apple Pay was added.

0
0

Wanna hop carriers with your iPad's Apple SIM? AVOID AT&T

Charles 9
Silver badge

Re: Softly, softly..............

They may be able to boil the operators but what about the EU? Boil a rock all you want, it's still a rock.

0
0
Charles 9
Silver badge

Re: Softly, softly..............

They'd have to get EU law changed first. That mandates a hardware sim switchable by the user so a phone can't be permanently carrier-locked.

0
0
Charles 9
Silver badge

Re: Witness the power of phone operators

How does it earn operators money when many plans are allotment or flat regarding messages?

0
0
Charles 9
Silver badge

Re: Call me crazy but...

Except where will all their customers come from once the proliteriat is sucked dry?

0
0

This Changes Everything? OH Naomi Klein, NO

Charles 9
Silver badge

Re: About that self-professed rational liberalism

Maybe, but the question's still there. If workers are paid peanuts, how will they (who are also customers) be able to afford your goods?

2
1
Charles 9
Silver badge

Re: About that self-professed rational liberalism

"There is no economic gain to be derived by increasing the number of widgets produced. More widgets might not all sell. Their price might tank, and that will eat into profits. Maintaining the same production levels while cutting production costs to a minimum is guaranteed to increase profits."

Actually, there's a fatal flaw in this statement. It forgets to account for one key element: the consumers. In order to buy things, consumers need money, and that more often then now comes from employment. But if you shortchange workers, you end up with items out of their affordability range. IOW, you torpedo your own market. That's one reason henry Ford always paid generously: to make sure he had customers for his products.

1
2

LG taps TSMC to bake its first-ever mobile chip

Charles 9
Silver badge

Must be the frequencies.

If the G3 Screen is limited to Korean markets, it's likely the LTE in it is geared for the rather odd Korean frequencies.

0
0

Ad-borne Cryptowall ransomware is set to claim FRESH VICTIMS

Charles 9
Silver badge

Re: VM for fun and profit?

"Redpill" comes from the Matrix universe. In the Matrix, most humans are lulled into believing the world they're in is real, but it's not. People who were scouted and took a "red pill" eventually were disconnected from the Matrix and exposed to the real world. Someone a few years ago proposed a malware which would transparently wrap the existing OS into a virtual machine which was then controlled by a hypervisor in the malware. Thus the reverse was also conceived: a malware that could detect the presence of a VM and, knowing this, found a way to break out into the hypervisor. Such a malware that could do that can be termed a "redpill," similar to the Matrix scenario.

1
0
Charles 9
Silver badge

Re: VM for fun and profit?

Until the malware starts packing a redpill exploit...

2
0
Charles 9
Silver badge

Re: AdBlocker / NoScript

Careful with the VM. Some malware's smart enough to detect this and use an exploit to redpill its way out to the metal. As for known, trusted sites, the problem is that the malware targets ad networks USED by known, trusted sites. That's the key to a drive-by attack; they target sideloads used by otherwise-popular sites. Ideally, they want to use an ad system that's part and parcel with some key part of the site, making it practically unavoidable.

0
0
Charles 9
Silver badge

Re: AdBlocker / NoScript

Only if the ad is not of a domain that's required for the site to run. If the ad's domain happens to coincide with a part of the site that's required for operation (not unheard of), then you're caught between Scylla and Charybdis. The only way to get proper site operation is to open yourself up to that drive-by.

0
0

Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know

Charles 9
Silver badge

Re: Much as I appreciate using drones for recognizance...

"Where it will get really interesting is when the solider is removed entirely, and a decent AI is left to control the drones and select or recognise the targets. That will trully reduce the cost of asymmetric warfare, and could be the beginning of the end for the cowardly brand of terrorism currently afflicting the world."

Then what happens when the terrorists get their hands on them?

0
0
Charles 9
Silver badge

Re: Some interesting possibilities here...

"5) I'm not sure about this one, but probably millions of people, if the location of the Amazon distribution center nearest to me in Netherlands is any indication."

IINM, the testbed for the concept is going to be New York City. 10 million people alone plus whoever is within reach in the suburbs on Long Island and New Jersey. Not to mention a ground traffic problem that makes aerial courier a more-financially-tempting option.

0
0
Charles 9
Silver badge

The term was coined before the advent of electricity. The more proper term these days is "over-unity," which accounts for non-mechanical "perpetual" concepts.

0
0

'George Orwell was an OPTIMIST. Show me a search history, I'll show you a perv or a crook'

Charles 9
Silver badge

"If someone's search history contains <insert comically-named skin flick here> then it would nice if that wasn't considered embarrassing so much as private and even more so if it wasn't considered perverted so much as normal."

Remember that the very concept of personal privacy is a relatively new thing: probably no older than about a century and a half for the ordinary joe. Basically, the smaller the community or the larger the reach of its people, the less one's privacy can be guaranteed. Privacy increased with the rise of cities that created a screen of other people and such, but with the increase of electronic communications, particularly those of an audio-visual nature, that privacy has dropped drastically. We're rapidly becoming the Global Village, and I don't mean that in a good way.

1
0
Charles 9
Silver badge

For the person whose history he or she submits. He's saying if he knows your search history, he can find skeletons in your closet.

1
0
Charles 9
Silver badge

Re: Why does Microsoft want people to stop talking about Windows?

Surprised a video ad from a seller of actual (physical) windows didn't get wiped and the company suing Microsoft for harming their business by wiping out their ad hits.

1
0

Trips to Mars may be OFF: The SUN has changed in a way we've NEVER SEEN

Charles 9
Silver badge

Even if they were past the prototype stages, VASMIR is not launch-capable, so you still need a way to get it up into orbit. Right now, the hope is to fit a VASMIR to the ISS, giving it an easier time with course corrections while putting the engine through some space trials.

0
0
Charles 9
Silver badge

Re: Ongoing project already underway to provide a lightweight shield

Nice thought, but cosmic radiation is a whole other kettle of fish. They're the top end of the EM scale for a reason. We already know they've been able to penetrate the Earth's magnetosphere (which is already bigger than anything we'd probably be able to generate), atmosphere, AND a mountain.

0
0
Charles 9
Silver badge

Re: Or you could use a small asteroid.

Not gonna do much good. Cosmic rays are SO energetic they've been detected under a gol-dang mountain, with all of Earth's atmosphere in between.

0
0

How the FLAC do I tell MP3s from lossless audio?

Charles 9
Silver badge

Re: I won't even mention Quiet Comfort...

I've never been partial to overpriced Bose equipment. I find less expensive alternatives. And while they won't completely cancel out background noise, they do make a nice difference in a noisy environment like inside a conveyance. I personally keep a pair for air travel.

0
0

Guns don't scare people, hackers do: Americans fear identity theft more than shooting sprees

Charles 9
Silver badge

Re: The media strikes again!

Perhaps another reason is that identity theft is perceived as a fate worse than death. Shot to death, you're dead, game over. Identity is stolen, all that belongs to you is at risk, yet you're still alive to suffer all the consequences. Many would see living in helplessness as being worse than death.

5
1

In dot we trust: If you keep to this 124-page security rulebook, you can own yourname.trust

Charles 9
Silver badge

Re: The rest of the story

The problem with the scenario is that, in spite of all the safeguards in place, a Trent is still needed. Thing is, as we've seen, Gene and Mallory have gotten smart and are now starting to target Trent in an attempt to subvert or impersonate Trent (think dodgy CAs). The bigger he is, the bigger the target is on his back.

0
0
Charles 9
Silver badge

Re: Trust?

But it's also essential to a safe Internet. Without Trent, how can Alice and Bob prove their identities if they've never met before?

2
0

The internet just BROKE under its own weight – we explain how

Charles 9
Silver badge

Re: ipv6-literal.net not reserved.

Ever thought that it's both? That Microsoft is the cyber-squatter in question and that they did this so they can't be accused of breaking Internet conventions by internally routing an otherwise-fair-game domain (it's quite all right if they own it)?

0
0
Charles 9
Silver badge

Re: It's happening, get over it

"My phone is on carrier grade NAT when it is on the telco network. Everything I have done over phone (tether) works fine whether it is the likes of SSL or IPSec VPNs, skype, and everything else. No issues."

Sounds like you're MAKING the connections in this case, plus Skype has a Trent to help it. But what about if you have to operate a deamon behind a carrier-grade NAT. Even worse, what if both you and the target party are behind a NAT (or worse, carrier-grade NAT, meaning neither you nor your destination have a uniquely-addressable point to refer to. There's physically no way to achieve that without a third party (a Trent) that both of you can reach, which has safety implications of its own (Is Trent really Trent?).

0
0

City council thinks what we're all thinking: 'Comcast is terrible – and NOT welcome here'

Charles 9
Silver badge

Re: From the banks of the Thames River in (New) London

I suspect there will always be debate on both sides of the Atlantic when it comes to pronunciation. The best way to note it is that British English is more traditional but rather inconsistent whereas American English is generally more structured but as result things change.

I came to realize this when I had to pause for a moment to realize what was being described in a "gaol" and why I didn't recognize the pronunciations of words like Cheswick and Worcestershire, among other things (I describe it best as a lot of contraction, so much that it can confuse Americans).

0
0
Charles 9
Silver badge

American, given Comcast has no UK presence. The merger is also of American firms.

3
0

Hey, iPhone 6 fanbois: Apple's bonk to 'Pay' app IS GO

Charles 9
Silver badge

Re: Anybody here use Google Wallet before?

Uptake's been a touch slow for two reasons:

1) Supported phones were pretty low at first. Due to card company recalcitrance, you not only needed the right phone but the right network, too, which kinda sucked. When the S4 came out, card companies allowed it because of the Secure Element, but Google managed to leverage more leeway bit by bit. When Android 4.4 came out and Host Card Emulation, the number of supported devices jumped since the implementation was now independent of network or the Secure Element. More or less, if a device had a compatible NFC unit and could run 4.4, it could now support Wallet (shame it can't be backported; there are more NFC-enabled Android devices you could support if you could).

2) Retailers have started getting a touch wary about contactless payments. Fears of data skimming and hacking have them wondering if they should be covering their butts. Combined with the slow uptake, some places that once accepted contactless are now dropping it.

0
0
Charles 9
Silver badge

Re: I'm baffled...

"A genuine question; does anyone know if 'drive by' skimming is possible with credit/debit card based NFC? As in scammer with handheld NFC reader walks down a crowded street fishing for close proximity with a card in a wallet or handbag. Or is conventional skimming merely limited to lifting the data on the mag stripe for later use in a country that still uses them - i.e. the scammer isn't actually processing payments, so the same would apply to 'NFC skimming'?"

NFC's a bit more complicated than that. There has to be an exchange between the originator and the device. The originator has to send a signal that indicates it's a point of sale in order for a transaction to take place (if it's a tag type instead, something else happens). From what I understand, the card number used for this system is strictly for contactless and can't be used for other purposes. Furthermore, there's supposed to be some kind of nonce that's sent to the clearinghose to prevent replay attacks.

As a further safety measure, the NFC unit of most phones is inactive when the phone's asleep or locked, meaning the user has to wake up and/or unlock the phone for a transaction to take place.

1
0
Charles 9
Silver badge

Re: I'm baffled...

"Don't forget that, as far as I'm aware, the US doesn't have chip and pin, so it's miles above what they have over there."

Not YET. Transition is in progress and will probably take about a year or two.

0
0
Charles 9
Silver badge

Re: POS upgrades?

"Apple Pay uses a Secure Element to store the card details, not Host Card Emulation (which is, essentially, a software only version of Secure Element)."

Do we have confirmation of this? From past experience using the Galaxy S4 and so on, Secure Elements can be finicky and more trouble than they're worth (if the transaction chain breaks due to a reset or whatever, the Secure Element can't be reset easily). That's one reason Android 4.4 added Host Card Emulation so that it (1) wouldn't be necessary and (2) would be easier to fix should something go wrong. Since HCE is now the norm on Android, why would Apple stick to the SE?

0
0
Charles 9
Silver badge

Re: POS upgrades?

If Apple Pay is using Host Card Emulation, then it shouldn't be an issue. Google Wallet for Android versions 4.4 and up uses Host Card Emulation and will work fine at any terminal set up to accept the contactless card systems of the big boys (Visa, MasterCard, Discover, and American Express all have their own names for it but they're essentially the same). A Secure Element is not required on the phone to use Host Card Emulation, reducing the hardware requirements, and this may have been what's tipped Apple over the edge regarding NFC support.

I will concur that the number of places that accept contactless payments shrank recently as some places saw it as either a fading fad or a liability. Walmart as I understand has been steadfastly against the idea because they want more control over payment data. Neither Walmart, K-Mart, nor Target support contactless. Best Buy does but only to a limited extent. 7-Eleven, Wawa, and Burger King have all withdrawn support. So basically, Your Mileage May Vary.

1
0

Boffins say they've got Lithium batteries the wrong way around

Charles 9
Silver badge

Re: RE: nitroglycerine.

"Metalic Lithium contains both an oxidiser and an oxidant? Allowing it to release energy without using an external oxidiser like 'air'?"

Actually, yes. It is capable of producing what's called a self-oxidizing fire. Certain other metals like magnesium have the same properties, as does thermite by design. Plainly put, asphyxiants don't work on them which is why they can burn even in oxygen-poor environments like underwater or even in vacuum.

0
0

Apple's new iPADS have begun the WAR that will OVERTURN the NETWORK WORLD

Charles 9
Silver badge

Re: Except that the article has got it entirely wrong

I would be more inclined to accept a SIM-less device if the switching mechanism was outside the control of the manufacturer. If what you say is true and the "soft SIM" is really a programmable SIM, then this might inspire third parties if they can ink MVNO deals with the primary carriers and so on.

0
0
Charles 9
Silver badge

Re: Inevitable Convergence

I'll be worried when these phones start penetrating Faraday cages. If people are paranoid about always-listening phones, they'll throw them into Faraday bags at night.

0
0

FBI boss: We don't want a backdoor, we want the front door to phones

Charles 9
Silver badge

Re: Pencils

"And clothes - people can use them to conceal weapons."

Forget clothes. At this stage, we'll have to ban the human body. Recall that a few years ago someone managed to hide and detonate a bomb concealed...let's just say where the sun don't shine.

Let's face it. We're almost to the point where one person can ruin the world. Which means no government will trust its citizens since just one could be the one that destroys them. The operative phrase is rapidly becoming, "Don't trust anyone."

0
0
Charles 9
Silver badge

Re: Founding fathers?

Four words: Ink On A Page...

0
0

MasterCard adds fingerprint scanner to credit cards for spending sans the PIN

Charles 9
Silver badge

Re: The law suits...

Because you can't trust the PIN pad not being switched out or otherwise tampered with?

1
0

Aboard the GOOD SHIP LOLLIPOP, there's a Mobe and a Slab and a TELLYBOX

Charles 9
Silver badge

"USB OTG and a memory stick?"

Not an option since using OTG blocks charging, and since using OTG puts additional load on the battery, this is one place where it's NICE to be plugged in, only you can't.

I also insist on removable batteries. Not only is it a safety feature in case the battery becomes faulty or a pull is needed to reset a device, but it allows for aftermarket upgrading if you don't care about bulk like I do.

0
0

Bad news, fandroids: He who controls the IPC tool, controls the DROID

Charles 9
Silver badge

Re: Where is Binder?

Binder is part of the base OS. It's the thing that handles what Android calls Intents. The Intents are IPC messages that say you want to do such and such. They're also what prompt you to pick a program to handle things like Market links, SMS messages, and so on unless you set a default. What the article is claiming is that something can hijack the intent chain so as to call up system-level functions and use them to hack the device.

Honest question: Can this hijack occur with just a URI or does it require some kind of app installation to perform?

PS. It may interest you to know that Binder is an inherited thing. It comes from OpenBinder which was in turn originally developed for BeOS (now that brings back memories).

0
0

Forums