* Posts by Charles 9

7498 posts • joined 10 Jun 2009

Come in HTTP, your time is up: Google Chrome to shame leaky non-HTTPS sites from January

Charles 9
Silver badge

Re: This is proper and important step and I hope other browsers will do the same

"But the reality is that most webmasters of small sites will not implement a cert and as others have mentioned, Chrome will become the boy who cried wolf."

So what happens when webmasters find their sites are being shunned because they don't use HTTPS? Doesn't this become a "sink or swim" situation?

1
1
Charles 9
Silver badge

Re: Fuck Google and the Adsense Whore they rode in on.

Two words: Chinese Cannon. Silent HTTP Switcheroonies WILL be weaponized in the future.

2
1

Printers now the least-secure things on the internet

Charles 9
Silver badge

Re: Great product idea?

"But this presupposes you have a reliable router, not one that has firmware that constantly re-enables features you thought you'd disabled. They are expensive..."

...which means your idea is dead in the water. You have to make something that's not only turnkey-simple enough for Joe Stupid to not mess up, but they have to be able to actually afford it.

0
0
Charles 9
Silver badge

Re: Insidious

"Presumably to confirm that you are using 3rd party toner and invalidating the warranty ; avoiding the usual trick of removing the original toner catridges and then putting them back if a fault appears."

And there are those that simply don't care because the printer is secondhand and without warranty anyway. Next thing you'll know they'll add some new requirement that'll let them prevent resale of all existing printers...

0
0
Charles 9
Silver badge

Re: Product upgrade time

"hand wash your clothes, Build you own, Laundromats, refurbish older machines.... and on and on and on (pun intended)."

Handwashing means giving up a precious day (of work or leisure) every week, laundromats will be Big Brother posts, and few have the skills to roll their own, especially since water and electricity are tricky things when in close proximity. As for old machines, they can make a law that mandates connected devices AND render old devices not legal for resale.

0
0
Charles 9
Silver badge

Re: I wouldn't connect it to the Internet

"This is where legislation is needed. It should be enshrined in law that any consumer device that does not require internet connectivity to perform its core function should be able to work without internet connectivity."

Then it's game over because the manufacturers have the legislators' ears. The law will go the other way and mandate internet connections for public safety issues (say an appliance catches fire while you're away, just to list an excuse), with all non-connected device not legal for resale.

2
0
Charles 9
Silver badge

"It will phone home to tell the manufacturer what products you use so they can profile you for targeted advertising on the inbuilt screen."

Honest question. How will the refrigerator know what I put in and take out of it? It's not like it has a laser scanning net inside the door, which probably won't work anyway if the barcode's stripped off or turned face-down or whatever...

0
0
Charles 9
Silver badge

Re: Internet of punter-milking

Nope. The manufacturers have gone over their heads and straight to the regulators. Watch what happens when this stuff becomes mandatory.

0
0
Charles 9
Silver badge

Re: Product upgrade time

Oh? How do you unplug a whispernet? And trying to break the radio could cause a suicide circuit and break the whole thing...

0
0
Charles 9
Silver badge

Re: I wouldn't connect it to the Internet

How are you going to not buy it when ALL refrigerators on the market have the feature standard and secondhand ones aren't available anymore because all trade-in/part exchange fridges get scrapped? It's a question of WHEN, not IF. It's already happening with TVs. Fridges, stoves, and other appliances are next.

3
0

EU court: Linking to pirated stuff doesn't breach copyright... except when it does

Charles 9
Silver badge

"Perhaps if companies stopped wasting time and resources on rubbish like this and actually concentrated on hammering the infringer, this question wouldn't arise. After all, if there's no pirate copy, there's nothing to link to. Duh."

HOW? When sovereignty gets in the way? Take FileFactory, which is based in Hong Kong, which is in turn part of China, who probably couldn't give a rodent's rear end about whether or not it's infringing on content from rival powers.

0
0
Charles 9
Silver badge

Re: And the worst part..

"The party who truly violated copyrights, those who put those pictures online in the first place, are fully ignored."

Sometimes, it's not so much that as they're protected by foreign powers. The international nature of the Internet means this tends to happen more often.

0
0

IBM lifts lid, unleashes Linux-based x86 killer on unsuspecting world

Charles 9
Silver badge

Re: Awesome

"It's for when you print a document which is designed to be put in a ring binder which has tabbed dividers to allow sections to be found quickly."

I thought so.

In layman's terms, they want sections to always start on a right-hand page. When printed out under normal duplexing, right-hand pages are always odd. "Intentionally blank" pages are always even (left-hand) and would be covered by the divider when someone picks up the tab and flips it.

1
0

When you've paid the ransom but you don't get your data back

Charles 9
Silver badge

"In my view everyone who uses a computer should be trained in general security, how to spot these emails and made to sign a waiver saying that if an infection is proven to come from them they pay the ransom if no other method of recovery is available. Also stop USB drive usage, documents can easily be transferred using cloud storage (free accounts for personal use) so there should be no need to ever have to plug one in."

But what if the one who made the mistake is an executive or some other "over your head" position? As for USB storage, the cloud's not trusted for confidential data and is inefficient for large transfers (because one end or the other could be metered or on allowance).

0
0
Charles 9
Silver badge

"They're worried about being fined for data lose or because the data is highly confidential? I'd argue that the ransomware encrypted data is now considerably safer than it obviously was in their hands to begin with!"

Not if copies get passed off to the bad guys as well. They'd know the key so would be able to decrypt them (or they can be passed in the clear before they were encrypted).

0
0
Charles 9
Silver badge

Re: Information Assets?

Not necessarily. Assets have different values. For example, your license documents probably have more importance than say your sales history, which is useful for forecasting and studying trends, but if they were to burn in a fire you can wing it. Whereas if those license documents go up, you legally cannot operate without them (since they usually say, "This document must be prominently displayed in public. This is a legal requirement.").

0
0
Charles 9
Silver badge

Re: Schrödinger's Backup

That's like saying you can't truly prepare for an emergency without an emergency...

0
0
Charles 9
Silver badge

Re: A couple of "solutions"...

"First: Maybe a re-vector of the ransomware to somebody in the Russian government might work. I understand that many of the malware check to see what the domain name is and judicially skip some domains presumably for fear of retaliation."

I figure it was more to prevent "friendly fire".

"Second: Make people to got plain text email. The fancy attachments and the like (javascript in an email? No!) shouldn't really happen."

Then how do they pass documents around? Any other vector can be hijacked or poisined, yet people still need to pass stuff around: usually stuff that doesn't fit into 7-bit ASCII.

"Third: Get rid of somebody who gets infected. Stupid users are probably the biggest reason these things happen. They probably get suckered by Nigerian princes with cash gushing out of their pockets."

Trouble is, how do you get rid of stupid executives, who are frighteningly frequent yet have the power to overrule even IT (because they're the board)?

0
0
Charles 9
Silver badge

"There are steps to stop this from happening, however most companies won't put these in place for fear of upsetting their technically incompetent employees."

Particularly technically-incompetent executives who can overrule you.

4
0
Charles 9
Silver badge

Re: Risk of personal webmail accounts?

"it would be a sacking offence (assuming you could get past the blacklist) to use personal webmail."

Unless, of course, the offender was someone over your head. Then YOU'RE the one that gets sacked...

1
0

Tesla driver dies after Model S hits tree

Charles 9
Silver badge

Re: Bah!

"Perhaps a new dialog needs to be opened with said firemen on how best to address the issue of not zapping firemen when they want to squirt water on a blaze when new technologies are deployed?"

Just require a cutoff switch before the non-standard input enters the house grid, like how a master breaker works. That way, in the event of a fire, they can just open the cutoff and limit the potential risks.

0
0

Spoof an Ethernet adapter on USB, and you can sniff credentials from locked laptops

Charles 9
Silver badge

OK, so what if the Insidious Insider is an IT guy?

0
0
Charles 9
Silver badge

Re: Look What I Found!

That's not even considering the Ol' Switcheroo.

0
0
Charles 9
Silver badge

Re: Oh look, there's a dongle in one of the USB ports of my laptop

"Having virtualised desktops might be one way, but still vulnerable to keylogger dongles."

Not just dongles. Evil keyboards. They can be done by contractors sent to replace bad keyboards. And this attack would be OS-agnostic.

3
0
Charles 9
Silver badge

"Or even don't use windows on your machines.'

Ethernet is below the software layer, so this attack can be made OS-agnostic since you can duplicate almost any behavior you want on an imitation Ethernet device. Heck, if the device is fed keys ahead of time, it could probably even successfully imitate a secured connection.

1
0
Charles 9
Silver badge

And THAT just gives the Insidious Insider a known target to replace with a subverted device with the same signatures. Now all you need is a way to force the keyboard you want to break.

0
0
Charles 9
Silver badge

Re: No, signed devices would be the fix

Signed USB hardware won't save you from evil hardware inserted behind the USB chip (such as can be expected from an evil USB keyboard or network dongle). And we already know state actors are attacking storage devices at the firmware level: both OS- and interface-agnostic.

USB isn't really the problem here. It's attacks on hardware at levels no end user has the ability to verify. IOW, this is damn close to DTA Mode.

9
1
Charles 9
Silver badge

Re: Yes, that's one of the bad design decisions of USB

"Obviously the sane way to go would be to have dedicated ports again. Connect printers and scanners via Ethernet, connect input devices via some sort of overclocked PS/2, and have a special port for mass storage devices. That way you could essentially eliminate all harmful device spoofing..."

Not really. What's to stop an evil keyboard from presenting itself as TWO keyboards or simply transmitting stuff AS that keyboard. Same with mass storage; just present as TWO mass storage devices, one of which can perform auto-launching tricks (even with AutoRun turned off). Plus the reason these things have appeared is because uses have arisen for them, such as non-Ethernet laptops needing to hook up to a wired network or one with a single port needing to connect to two of them. Or someone needing extra desktop real estate but only has one video port.

Besides, do you REALLY want to go back to the jungle days of finicky PS/2 ports that require interrupts and can seize the system if you unplug them and so on? Remember SCSI terminator packs? The fat Centronics printer connections? Oh, and multi-function devices don't have a universal network communication standard, meaning you're usually locked into the vendor's software there or you probably can't use say the scanner over a network.

15
2

RIP ROP: Intel's cunning plot to kill stack-hopping exploits at CPU level

Charles 9
Silver badge

Re: this is all very well but...

"It's not a feature, it's a profoundly stupid default setting"

One problem. You're also talking about stupid users. Unless a license becomes compulsory for something that operates in the privacy of one's home ("Papers, please!"), you've got a pretty nasty problem.

0
0
Charles 9
Silver badge

Re: Looks sweet ...without the pseudo-security... of lock-in.

"Sad. Just sad. Ignoring the point to defend lockin is just really sad. And, you know what they say about doing the same thing again, and again, for the same result?"

Yes. Doing the same thing over and over and actually getting a different result is PRAISED. It's called persistence.

0
0
Charles 9
Silver badge

Re: There's a XKCD for this, but I can't be bothered to find it.

"Look, you have a working horse. How much harder can it be to add one little horn?"

You forget the "by yesterday" requirement. Pardon me, but Time Lords are few and far between, and the one we know doesn't have what one would call a stable or always-agreeable personality.

0
0

It's time for humanity to embrace SEX ROBOTS. For, uh, science, of course

Charles 9
Silver badge

Re: Is that so?

"It always has been arbitrary."

Which is why most laws pick an age with some legal backing: the point of legal adulthood when both parties (typically) have legal control over themselves. It gets murky if one party is legally declared a mental invalid.

0
0
Charles 9
Silver badge

Re: Agenda?

"I live in Nevada. We have legal brothels here, which run quite peacefully - they even occasionally place ads in the Situations Vacant section of the local paper for new ladies. The only place there is trouble with pimps and exploitation is Las Vegas, since prostitution is illegal in Clark County and it's 100 miles to the county line."

Then you're probably too low a profile and not the target of the pimps, who would probably take over any Vegas brothel, legal or not. Remember, Vegas once was a hotbed of organized crime.

0
1
Charles 9
Silver badge

"If someone does something based on what they see, the problem is with the person not the source of the material.

Unless you're advocating banning things like first person shooting games, or anything pertaining to Slenderman. (Remember those two girls?)"

Except that that person's actions affect everyone else, and no one can predict his actions until it's too late and people are dead and survivors are complaining.

0
2
Charles 9
Silver badge

"They'll classify it as "sex with something that doesn't have a pulse," and try very fucking hard to sweep it under that law."

Then they'll simulate pulses. Then they'll have a harder time defining what a pulse really is since it has multiple scientifically-valid definitions.

"Probably because they're not real. Any sane person (our country, for that matter) can tell the difference between fiction and reality."

They're concerned about delusional people who really CAN'T tell the difference between fiction and reality. And BTW, Japan actually has laws in the books concerning kiddie porn. At this time, this is limited to living stuff, but they're still under pressure to extend it to their manga industry (particularly in regards to the lucrative underground or doujinshi market). It helps that they already have laws on the books barring the complete depiction of the genitalia (real or drawn) for the most part.

4
1

FCC goes over the top again to battle America's cable-box rip-off

Charles 9
Silver badge

Re: Unfortunately many of us are still screwed.

"So the FCC needs to grow a spine, DEMAND the competition that we deserve"

That's something NO ONE can do, because NO ONE can FORCE a company to do ANYTHING it doesn't WANT to do. If no one wants to build in your area, then as the saying goes you are just S.O.L. Your ONLY options are to move or to live with it.

It's like being stuck in a desert village where the guerillas control the only well. You can't move because you'd never survive the trip, yet you can't really stay because of the guerillas. Scylla or Charybdis: pick your poison.

0
0

Google plots cop detection for auto autos

Charles 9
Silver badge

Re: What about the bicyclists?

"when I was a youth, we used the crosswalks, but I digress"

That assumes the crosswalk you need exists. If it doesn't, you're supposed to obey the signals just like any other road user, which is why I tended to do hook or box turns instead.

0
0
Charles 9
Silver badge

Re: Fax noise!

Fax may be a bit tricky in noisy environments. You may wanna use the EAS protocol instead, though it is limited to 500bps IIRC. But at least it's DESIGNED to go out and be picked up over ratty communications systems. Most cars don't use fixed-purpose displays these days, so they can receive the EAS-type signal, cut the music and flash a "PULL OVER" message while perhaps playing the 853+960Hz dual-tone attention signal. I know my phone does that when an emergency alert is sent over the cell networks.

0
0
Charles 9
Silver badge

Re: red and blue lights

That's a bit odd. In most jurisdictions I know, BOTH red AND blue are restricted. If it's all blue, it's an ambulance or other medical vehicle. If it's all red, it's fire, rescue, or EMT (which is attached to the fire department). If they mix red and blue, it's police.

Usually a utility vehicle like a trash or tow truck that needs some kind of signal is restricted to using yellow.

1
0

QANTAS' air safety spiel warns not to try finding lost phones

Charles 9
Silver badge

BZZZZT! You forget that we're talking Lithium. Lithium is a Group I element, an alkali metal: the same class of metals as sodium and potassium. One thing these alkali metals have in common is that they react very badly to water. Pour water on a lithium fire and run the risk of making it worse. That's why they had to develop Class D fire extinguishers for metal fires since they tend to introduce complications that make even certain dry chemical (for Class C electrical fires) risky.

2
6

HDMI hooks up with USB-C in cables that reverse, one way

Charles 9
Silver badge

Re: Why not...

Because juggling power and data on the same wire is a tricky thing, which is why USB separates power leads from data leads (it's just better all around; ask anyone who's had to juggle with Power-over-Ethernet). Plus you have to consider the size of the target device. Slim is in, so expecting phones to get fat to accommodate a BNC receptable is a nonstarter. Furthermore, there's only so much you can shove through a thin copper wire.

BTW, there was a time I handled BNC cables in an ad-hoc 10Base-2 network. Ditched it the moment I could switch it out for 100Base-T. It was just a whole lot easier all around.

0
0
Charles 9
Silver badge

Re: When?

Red and yellow ports mean Sleep-and-Charge ports. They're powered up even with the laptop off or asleep, meaning they can be used for charging.

1
0
Charles 9
Silver badge

And most broadcast material isn't in 4K resolution. Anything 1080p and below, HDMI can handle easily up to 60Hz.

2
1

Smartphones aren't tiny PCs, but that's how we use them in the West

Charles 9
Silver badge

Re: It's because of the apps

"Oh, and no, we don't *exclusively* use smartphones as tiny PCs in the West. I'm pretty damn certain the Pokemon Go phenomenon has proven that exact point. Aren't these articles fact-checked at all before publication?"

IINM this article was published BEFORE the release of Pokemon Go. And frankly, this whole brouhaha reminds me a lot of Angry Birds. It'll flare for a while and then slowly tamp down to a controlled burn.

0
0

'Hey, Elon? You broke it, you bought it' says owner of SpaceX's satellite cinder

Charles 9
Silver badge

Re: Launch insurance

Lawyer could argue launch is contingent on a successful test, making the test part and parcel with the launch procedure.

5
0

'I'm sorry, your lift has had a problem and had to shut down'

Charles 9
Silver badge

Re: It's not quite a BSOD...

Bet you the computer has an outdated time-shift schedule and doesn't connect to a time server.

But here's something that puzzles me. Given the possibility of these things just plain glitching to cosmic events, why don't these things carry some kind of watchdog in them, or at the least, if they're not operating anything critical, an automatic daily reset, say, at 3AM local time, to minimize glitch behavior?

2
0

EU 'net neutrality' may stop ISPs from blocking child abuse material

Charles 9
Silver badge

Re: @Alexander Hanff 1

"What is being suggested however is that getting the network operator involved in the process is a bad idea, and one that will be unnecessarily invasive and inefficient given the alternatives available."

What alternatives are there for clueless users who can nonetheless be zombied without their knowledge? This has implications for everyone else, too.

0
0
Charles 9
Silver badge

Re: Scope

"If the "free" WiFi is conditional on your buying something (coffee, sandwich, whatever), it's part of the business transaction, so the rules will apply."

But since when has that kind of rule applied? In fact, how can they police it? I don't recall any shop of that kind hiding their access points behind a password that only shows on the receipt, seeing as two of its noted uses are keeping customers distracted while waiting in line and providing an avenue for Apple Pay/Android Pay should they accept it. Both require access PRE-purchase.

0
0
Charles 9
Silver badge

Re: Let me set DNS on my Router then

"Let me choose my own DNS for my own devices from the router which I have paid for too."

You're in the distinct minority, then. Most Internet users couldn't tell DNS from WWW but have heard the terms before, putting them into that oh-so-dangerous category: people "with a little knowledge". What makes them dangerous is that a little knowledge makes them prone to trying to do things they really don't know enough about: as a result breaking things. And since they're clueless about it, they just thing the Internet broke and start calling for help.

Since these kinds of people outnumber you AND can produce incidents like getting zombied that can get the ISP in trouble for things like failure of due diligence, guess what the ISP has to do to cover its butt?

0
0

Australia Post says use blockchain for voting. Expert: you're kidding

Charles 9
Silver badge

Re: Reminds of a famous quote

Oh? What happened to ballot-stuffing by well-resourced actors who can fool, distract, or corrupt the watchers?

0
0

Forums