* Posts by Charles 9

6855 posts • joined 10 Jun 2009

Judge rules FBI can hack any time, any, place, anywhere

Charles 9
Silver badge

Re: ugh

The world will end first. Remember, Washington has nukes.

0
0
Charles 9
Silver badge

Re: What's created equal have to do with it?

Times changes. Pretty soon it'll become possible for one person to ruin civilization, after which no holds are barred if the government is to be able to fulfill its obligation to protect its citizen's inabliable rights. Basically, life can break the rules of man, which in the end are just ink on a page.

0
0
Charles 9
Silver badge

Re: Think about the Children!

"So now the government has driven another nail into their own damned coffin "

No they won't. Why do you think they have that data center in Utah? It's a cover for their black-hat encryption-cracking outfit (that probably houses a working quantum computer to boot). The state always has more resources than you. Anything you can do to try to cover your tracks, they'll find a way to beat it. Even the One-Time Pad is not immune (simples: intercept and copy the pad).

0
0
Charles 9
Silver badge

"Congress shall make no law...abridging the freedom of speech, or of the press;..."

Sorry, but that's been abridged for nearly a century now. Look up US v. Schenck (1917) and the "Fire in a Crowded Theater" justification. No right is absolute as one person's rights inevitably butt up against another's.

0
0
Charles 9
Silver badge

"Don't they realise they have now opened up all the US government and its departments to the world? After all 'you do it to me, therefore I can do it to you' comes into play."

Yes, but they're under the assumption they're ALREADY under attack,meaning the roles are actually reversed.

0
0
Charles 9
Silver badge

Re: Logical Human reaction

"Open season doesn't even come close. People will only put up with the powerful having sway over them if it is *reasonable*. This goes to far beyond reasonable and they can expect an *unreasonable* (and probably exaggerated) response."

You overlook the appeal to emotion. The average joe reacts more to emotion than to reason, and "Think of the children!" is an emotion play. Showing someone is a child molester basically blackmarks you in the eyes of society: usually forever since even clearing your name is usually seen as a lie.

0
0
Charles 9
Silver badge

Re: Planting of Evidence?

A: Nothing. That the thing about sovereignty. "My domain, my rules" basically.

0
0
Charles 9
Silver badge

Re: Pascal Monet So the FBI has the right to hack the world

The key word in the Amendment being "unreasonable", but in matters of protection of the most innocent of its citizens (children) or against threats of a potentially existential nature (terrorists who could be willing to pull off a suicide nuke), you're basically crossing the Godzilla Threshold, in which case anything is considered reasonable. At least by their way of thinking.

0
0

Medicos could be world's best security bypassers, study finds

Charles 9
Silver badge

Re: For Pete's sake

You know the problem with keys? People keep LOSING them! Lanyards break, keys get caught in things, next thing you know it's vanished without trace or knowledge of how it happened. And trying to correct for these wastes time which is unacceptable in a medical area because time means LIVES.

4
5
Charles 9
Silver badge

"You must have a complex password, change it every 60 days, not reuse it - these are my favourites. Teach the user base how to generate pattern passwords that meet the rules and problem solved (from the users' perspectives)"

No, because some people have REALLY BAD recall:

"Now, was that CorrectHorseBatteryStaple or Engine+Paperclip+Donkey+Wrong?"

THAT kind of bad, which I see all the time. Medicos are caught between Scylla and Charybdis except they're not allows to sacrifice anyone. They need it RIGHT AND FAST, SECURE AND SIMPLE all at once, or people DIE and their survivors complain.

4
3
Charles 9
Silver badge

Re: So a dilemma.

But in this case the expense is too great: the expense is lives, which for medicos is too great a price since they're under incredible (and usually legal) pressure to save those lives. A third option is therefore needed.

Put it this way. Balance isn't possible because BOTH ends are so heavy the beam is bending to the point of snapping. It's like the right vs. fast problem. You can't just do it right because going too slow means people DIE, and you can't just do it fast because doing it wrong means people DIE. Medicos have to get it RIGHT AND FAST at the same time. Which means you need a SIMPLE AND SECURE at the same time solution. Otherwise, people DIE and there will be cries to get something done, toot sweet. Until someone can formally PROVE this to be impossible, the argument will never end.

4
1
Charles 9
Silver badge

So a dilemma.

The IT people are trying to avoid violating patient confidentiality laws. Furthermore, they're also trying to avoid getting critical medical equipment hacked, which means for them lives are at stake.

But at the same time, actual medical personnel need to be able to call up critical information on a moment's notice, especially in Emergency Room situations, which means for them lives are at stake.

So security is running smack into ease of use, and this time BOTH have a legitimate, "lives are at stake" justification, so a compromise is not acceptable. What's needed is a spectrum-breaker: something that is actually BOTH very secure AND dead easy to use at the same time.

7
0

England just not windy enough for wind farms, admits renewables boss

Charles 9
Silver badge

Re: Fundimental Lack of Understanding

"Yes, they would be trying to corner the market and they are. Solar alone is a $32 billion dollar PROFITABLE market in the U.S. and the global market is projected to reach $137 billion in the next 4 years. It is currently just shy of $100 billion now."

WITH or WITHOUT government subsidies? My point is that if renewables were profitable on their own, they'd be rushing to be the "first in who wins" without any intervention whatsoever.

0
0

Air-gapping SCADA systems won't help you, says man who knows

Charles 9
Silver badge

Re: Air gapping won't help you because.....a non airgapped system is insecure

How do you pay for it on a shoestring budget? You're kind of in a bind when accounting demands unicorns and cuts your paychecks...

0
0

This is how the EU's supreme court is stripping EU citizens of copyright protections

Charles 9
Silver badge

"No, the point is that a library catalogue enables access to the content. As does a hyperlink. To replicate the situation physically, let's do a thought experiment: it would be possible these days to build a library with a robot to fetch a book off its shelf and put it on a desk for you to read (there are modern warehouses that fetch stock and load trucks this way). Would that breach copyright?"

No, because we do not have a matter replicator yet. Following the hyperlink produces a COPY of the target in question. Since COPYing is involved, copyright is automatically invoked.

"Libraries do have exemptions, but only for educational or non-commercial use. You breach copyright when you photocopy the book to avoid buying it."

That's YOU, though, not the library. They're exempt from the redistribution restriction, for example, because (a) they're usually public, as in government-run, facilities, and (b) that's their purpose for existing: a middle ground between full lock-and-key and full public domain, a way to allow some additional exchange of information as mandated in the Constitution while still respecting copyright that helps to encourage new works being made. Rental houses an Redboxes have to buy special rental copies of movies at higher rates from publishers (so that publishers recoup lost sales), but libraries don't always have to, especially if some of their stocks are donated.

0
0
Charles 9
Silver badge

"If a hyperlink is (or is deemed to facilitate) a breach of copyright, where does that leave a public library catalogue?"

Bad example as libraries typically possess legal exemptions from copyright enforcement because of their specific function. Meanwhile, a card catalog does not possess inline information that can retrieve the actual content as you retrieve the card. An online catalog might do this, though, via inline data that's retrieved by the computer and then displayed for you.

0
0

Apple pollutes data about you to protect your privacy. But it might not be enough

Charles 9
Silver badge

Kind of hard to do that over the Internet, and most places either don't take C.O.D. or place a hefty surcharge on it.

0
0
Charles 9
Silver badge

Re: Sick and tired

Nope. 2D only. Doesn't work well in a car. Tried all the others (even Here); they don't compare to Google, especially if you're going to be driving in traffic.

0
0
Charles 9
Silver badge

Re: So what happens....

Thing is, theory tends to have problems when you try to apply them in the real world. Such as the one time pad. It's the strongest form of encryption theoretically, but there's still the matter of passing the PAD along without it being intercepted. Here, the only way to guarantee the metadata is no good is to mangle it so much it's no longer metadata. But then, it's nothing useful anymore. It's a part-and-parcel problem. The very thing that makes it worth selling is ALSO the very thing that can be used to identify you.

0
0

Linux on PS3 white flag

Charles 9
Silver badge

White flag?

If it really was a white flag, they'd be allowing Linux again, with full hardware support. This is nothing but an attempted bribe. Why hasn't Sony been criminally charged with fraud for the bait-and-switch?

3
0

Why Oracle will win its Java copyright case – and why you'll be glad when it does

Charles 9
Silver badge

Re: Hmmm

"Also, I can certainly create audio CDs without ever purchasing the Red Book. Copyright only protects the book itself, not the knowledge it contains. That knowledge can be gotten legally in any number of ways, including simply reading the source of a program which implements CD audio creation."

Except those programs are copyrighted, too, as was Compaq's clone BIOS. They made a CLONE of IBM's BIOS that happened to be feature-exact. That was the basis for the "clean room" defense. But note that Google apparently copied Sun/Oracle's Java header code down to the errata, which in a proper clean-room effort wouldn't have been encountered or copied in.

0
0

Microsoft releases open source bug-bomb in the rambling house of C

Charles 9
Silver badge

Re: >handling pointers directly makes for efficient, “close to the hardware” programming>

All well and good when your data is well-structured. But what happens when you have to deal with UNstructured data, like a live stream? This is an example of the kind of stuff where you can't know ahead of time how much data you're gonna get, because often the other side doesn't know, either (usually because it's being generated on the fly, a la stream compression/encryption).

0
0
Charles 9
Silver badge

Re: Bounds checking for C and C++

"Or what if the memory doesn't store the bits correctly, or the CPU executes the instruction badly !!!"

Guess what? Those are real-life concerns. It's one reason why you can't make the processor pathways much smaller (because of quantum tunneling, electrons could "jump the tracks"). As I recall, high-uptime systems have redundancies for that reason.

In any event, if Pascal and Fortran really could build more efficient code than C, then they would be the languages of choice for highly-constrained applications like embedded systems, and last I checked, they either used C or (like for aircraft systems) specialized languages for the specific field. Fortran and Pascal may have been better in the past (because they were more restricted), but the real world intrudes.

0
0
Charles 9
Silver badge

Re: >handling pointers directly makes for efficient, “close to the hardware” programming>

"It was an inefficient, slow, bloated, language compared to languages designed for efficiency like FORTRAN and Pascal."

HOW can a language be more efficient that one that's close to the metal like C. Close to the metal means more like Assembler which is more like machine code, and raw machine code is about as efficient as you can get as you're talking the CPU's language, NOT yours.

0
0
Charles 9
Silver badge

Re: Bounds checking for C and C++

I'm saying what if the malware finds a different way into the bounds data to alter it out of band? That's the thing: for the most part, data is data, and you can perhaps perform something like a Confused Deputy (aka "Barney Fife") attack to mangle the bounds data with another routine. Or mangle the descriptor in transit between programs and/or libraries.

PS. Not all languages are like C, but in the end, CPUs run on machine code, and most CPUs, for reasons of speed, don't tag their memory very clearly.

0
0

Ransomware scum build weapon from JavaScript

Charles 9
Silver badge

Re: One tiny step, MS... one tiny step and you blow it.

"If this had been done decades ago, users might be educated just a tad and not click on this crap."

You ever thought that maybe the average user is simply too stupid and is more likely to erase or change the extension, break the file, and cry for help? That's the kind of clientele Microsoft has to cater, remember: the kind incapable of learning. Yet they'll use their computers anyway, so yeah, the baby treatment is necessary; otherwise we're going to need to figure out a way to establish a licensing system for computers the way we do cars.

0
0
Charles 9
Silver badge

Re: Trusting files

And I think the real real problem is that Users Are Stupid, and because You Can't Fix Stupid, it's going to be hard to fix that problem (apart from requiring a license to use a computer, but that would kill anonymity).

0
0

Computerised stock management? Nah, let’s use walkie-talkies

Charles 9
Silver badge

Re: Do you have any tea?

"Certain American versions seem to contain exceptional quantities of the second."

And many Americans WANT it that way because they want to quench their thirst first WITHOUT drinking water, get buzzed second. It tells you something when the #1 beer in America is a LIGHT beer.

0
0
Charles 9
Silver badge

Re: Shoes are now drive thru commodities

"It used to be that outside of large discount stores, shoes were sold with service."

Yeah, and it used to be that shoes were also handmade, one at a time, by a skilled shoemaker IINM. That's where the service came from. Also the price IIRC. But the thing about inefficiency is that it's very difficult to scale, especially as the population rises. Overpopulation meant economies of scale won out.

0
0

Tor torpedoed! Tesco Bank app won't run with privacy tool installed

Charles 9
Silver badge

Re: Who are these narcissists who think they are the only ones entitled to freedom of choice?

"What I'd really like to see is merchants being stricter on insecure browsers and allowing us to impose geographic limits on the us of our own accounts. We need more security on the web, not less."

The only way to achieve that is with a Stateful Internet, meaning no anonymity. Otherwise, miscreants can use the anonymity inherent in today's Internet to masquerade and get around things like ID and geo-blocks.

0
0
Charles 9
Silver badge

Re: Web is still best

"Of course the web is full of cancer too, but at least the very strict sand-boxing and script-blocker plugins can keep it in check."

You haven't run into the ad-blocker-blockers have you? Or those sites that don't show anything unless the ad stuff gets loaded? Or the sites that are trying to find ways around your ad blocking such as through local caching?

0
0
Charles 9
Silver badge

Re: Missing the point again

"There IS an up to date exit node list."

They're probably clueless. They probably also don't trust the exit node list.

0
0
Charles 9
Silver badge

Re: So for someone who still has a non-smart-phone...

TrueCrypt/VeraCrypt doesn't have to rely on a single standard algorithm. What if a banking app was like that and could use algorithms like Blowfish that aren't standard but still useful, especially when used in addition to the standard-bearers?

0
0
Charles 9
Silver badge

Re: "when your customers only have ONE factor to them?"

"Disadvantage - it is something annoying to carry with you if you really want banking on the move."

Not to mention easy to lose AND easy to get swapped for a pwned model. That's why there are plenty of people who don't even take their phones with them: they keep leaving them at home, which creates a problem. How can you use a second factor when there is no second factor available?

0
0
Charles 9
Silver badge

Re: Security risk?

"This is but one small step away from the Tesco App not running unless you have a Tesco SIM in your handset."

This is a real thing, actually. Many apps are published by cell phone providers. Number 1 requirement? They only work with their SIMs.

0
0
Charles 9
Silver badge

Re: So for someone who still has a non-smart-phone...

The App is not restricted to security measures featured in a browser beyond their control and can go above and beyond if desired.

0
0
Charles 9
Silver badge

Re: Missing the point again

Unless they can't tell the difference. Once Tor is in use, the source IP can easily be masked without a way for the banking app to know it's turned on. If the only clue you have to TOR is whether or not such a gateway is present (not whether it's on or off, only present), then it's a case of having nothing but a hammer to work with and financial regulators on your back.

2
5

Top boffins detail how to save the open internet from breaking itself

Charles 9
Silver badge
Mushroom

Re: Late report or time travel?

The $64T question, however, is if it's possible to AVOID #3 and #2? Or does the human condition pretty much preclude this happening?

0
0

Google doesn’t care who makes Android phones. Or who it pisses off

Charles 9
Silver badge

Re: The big handset makers will fall divided

I don't think so. I think the two spheres will remain divided: x86 on the bigger stuff, ARM on the smaller stuff. Institutional momentum and a lot of legacy stuff will keep the desktop firmly on x86, plus there's little need for crossover: the desktop world and the mobile world are different enough that it's extremely difficult to picture an all-in-one, particularly if you run into the conflicting demands of performance and power savings.

0
1

Dad of student slain in Paris terror massacre sues Google, Twitter, Facebook for their 'material support' of ISIS

Charles 9
Silver badge

Re: Bah!

"According to a few reports it took the Orlando PD 3 hours to get the courage to storm the club."

No, it took the Orlando PD 3 hours to come to the conclusion he was just stalling for time and was pretty much in Kill Until Killed mode, meaning it was pointless to negotiate further. It's not uncommon for hostage situations to run on for hours if not days, the idea being the police want to wait out the perp and make him (a) chicken out, (b) come to his senses, or (c) if it comes to it, open himself to a sniper. But as here, the police are also careful to see if the perp has no intention to negotiate in good faith.

1
0
Charles 9
Silver badge

Re: People plus technology

Yes, because what you described require A LOT more logistics to pull off. 9/11 basically involved some 20 nutcases and—compared to the above—chump change. This is raising hell on the cheap.

The cost to raise hell is dropping considerably, and that's a destabilizing influence on civilization as we know it because sooner or later someone will have a justification to raise as much hell as possible. But if one man can do it without a lot of external input (shivers)...

0
1
Charles 9
Silver badge

Re: Won't happen

In America, you pay for the use of the cell network, not for the call itself. Most don't charge if you call in-network. Moot point these days, anyway, thanks to generous allowances and flat-rate calling plans. Haven't paid for an individual call in at least seven years.

0
0
Charles 9
Silver badge

Re: Some points to consider.

Tell me. how can people police terrorism when the bad guys can simply use innocuous code words, like talking about a birthday party? There's no way you're going to be able to distinguish talk of a terrorist act disguised as a birthday party from talk of a real birthday party.

9
0
Charles 9
Silver badge

Re: This is why...

Many times, one or the other side has no money. That's why contingency lawyers are rampant.

1
0

Man dies after UK police Taser shooting

Charles 9
Silver badge
Stop

Re: Pedantic Filth

If we can use laser in lowercase (which is an acronym, too, for Light Amplification by Stimulated Emission of Radiation), or maser (switch Light for Microwave), then we're within our rights to use taser in lowercase, too.

0
0
Charles 9
Silver badge

Re: Taser cartridges ...

"These things have a shelf-life?"

Possibly if they use chemicals. Not all of them are shelf-stable beyond a certain point.

0
0

Kill Flash now. Or patch these 36 vulnerabilities. Your choice

Charles 9
Silver badge

Re: i say we take off and nuke the site from orbit....

Even then it's not guaranteed. Something may survive a nuke, you don't know...

0
0
Charles 9
Silver badge

Re: >> giving the update the "Priority 1" ranking

Trouble is, controlling critical enterprise equipment, the ONLY way possible is by Flash, tends to get a Priority -1, as in "Do This Or You'll Never Work in This Town Again."

0
0
Charles 9
Silver badge

Re: ¡Ay, caramba!

There IS one excuse, a very CRITICAL one: amortization. The highly expensive piece of kit has already been bought. The costs are sunk and can never be retrieved. They're a big strain on the business, trying to obtain another so soon will literally kill it. So basically, you MUST live with it. And leaving the company may not be an option as (a) no one else is hiring or (b) they're in the same boat, saddled with expensive kit they MUST use.

Put it this way. If you're out in the middle of the shark-filled ocean and the only possession to your name apart from your clothes is a leaky raft...well, all you can do is start bailing.

0
0

Forget black helicopters, FBI flying surveillance Cessnas over US cities. Warrant? What's that?

Charles 9
Silver badge

Re: @I've forgotten what I wanted to say...

Perhaps, but "ink on a page" doesn't mean much when the rules get thrown out the window and you're staring down raw, overwhelming force.

0
0

Forums