* Posts by Charles 9

4050 posts • joined 10 Jun 2009

You know where Apple Pay is getting used a LOT? Yes - McDonalds

Charles 9
Silver badge

That's funny. From my end, pay by bonk has become considerably EASIER since KitKat becaue Host Card Emulation means a phone doesn't need a Secure Element to be usable: just the NFC part. Good thing since my own phone's Secure Element's hosed.

0
0
Charles 9
Silver badge

Might this have to do with the fact that McDonalds is one of the few national chains that still takes contactless payments? Burger King dropped their support and many other chains don't even have PIN Pads. And we've heard the stories of CVS and such dropping NFC support. With so few retailers accepting NFC, McDonald's is simply sticking out. And with the big boys like Walmart staunchly against it, I doubt NFC will get much more traction barring a big development (I will note that while Walmart's betting on NFC failing--their new C&P-ready pads completely lack the capacity IINM--other retailers are hedging their bets with pads that COULD do it but have the feature turned OFF).

6
1

Meet OneRNG: a fully-open entropy generator for a paranoid age

Charles 9
Silver badge

Re: Mooltipass

Isn't KeePass GPL2+?

0
0
Charles 9
Silver badge

Re: "Remember: UBIKRAND's entropy is smooth and easy. Avoid prolonged use."

Perhaps not that paranoid, but perhaps the signature checks can be set up so the memory can be read by another chip and a signature checked from that while the chip that does the checking can be a simple mask ROM whose internal can be verified in, say, an x-ray. The diodes can perhaps be replaceable by the user, among other things that would make subverting the device and keeping it subverted too difficult under all practical circumstances.

0
0
Charles 9
Silver badge

Re: N00b question...

The philosophy behind it is that /dev/random is meant to output high-quality random data that would be used for high-security applications like key generation (places where you really really need the output to be unpredictable). It was thought that only high-security applications would need high-quality random data. For most other purposes, Linux also provides /dev/urandom, which isn't as high-qualty because it uses an alternative algorithm to ensure it doesn't block (/dev/random blocks when it runs out of entropy). The reasoning is that an agent with vast resources, such as a state, might be able to predict a pseudorandom patten just long enough to pick up key bits of information that can be used to further subvert the encryption.

I think the problem right now is that we're seeing an increasing need for high-security random data (take a secure server, for example, that needs to generate tons of crypto keys on the spot) to the point that /dev/urandom is not considered good enough. And that's where these hardware RNGs come in. The thought behind an open design is that any copy of the device you have can be checked against the plans for possible subversion by a resourceful adversary such as a state.

3
0
Charles 9
Silver badge

I haven't seen the actual design yet, but I'd be curious to see if they've account for every paranoid scenario, including discretely switched out parts or a device reprogrammed (via the dedicated port) to subvert the system yet return all the right signals during checking stages.

0
0

Mozilla, EFF, Cisco back free-as-in-FREE-BEER SSL cert authority

Charles 9
Silver badge

Re: Sideload the certs already...

"Single point of trust (DNS root, and those guys have proved themselves worthy of trust in the past) allows anyone to provide their own certs, no problem."

And if this trust gets betrayed? What if we really go into "Trust No-One" mode?

0
0

EVERYTHING needs crypto says Internet Architecture Board

Charles 9
Silver badge

There's also the problem of guilt by association. The very nature of the Internet requires the routers and so on to know the endpoints, sort of like how the post needs addresses. These are basically essential for the protocols to work yet they alone can be incriminating. So you're stuck with potentially incriminating evidence that can't be encrypted. And obfuscating this with extra hops and such, by definition, reduces the protocol's efficiency by adding garbage data (and the associated costs) to your overhead., leaving you with a hard choice to make.

0
0

DEATH fails to end mobile contract: Widow forced to take HUBBY's ASHES into shop

Charles 9
Silver badge

You would think that, once legal channels were invoked, the records would reveal the intended recipient was dead...unless the claim was being made the death was faked?

0
0
Charles 9
Silver badge

Even if someone counters the death was faked?

0
0
Charles 9
Silver badge

Re: You are just a number, to be bled for corporate profit.

Ever thought perhaps the shop owner's been stung once before with someone weaseling their way out of a contract without penalty by faking his/her own death, thus making him "once bitten, twice shy"? It may sound ridiculous, but modern society tells us not everything is taboo to everyone.

0
18

Mastercard and Visa to ERADICATE password authentication

Charles 9
Silver badge

Re: There are no legal protections on bio data.

"We really need to get back to cash on the barrel for all purchases and payments."

I thought we were trying to go AWAY from cash on the barrel because it offered no guarantee in the case of mugging. At least a stolen card can be invalidated and the transactions usually traced and refunded. With cash, you're screwed. Plus the plods are developing ways to track cash by their serial numbers (that's how "Where's George?" works).

0
0
Charles 9
Silver badge

Re: Stop with the mobile requirement already

"AIUI, SMS are free to receive, even overseas, on most/all UK/EU networks, so cost is not a real objection."

Even in the US, it's pretty easy to pick a plan that has generous texting allowances if not unlimited texting, meaning even if they charge for receiving, it becomes just a drop in the ocean.

1
0
Charles 9
Silver badge

Re: Just...use...CASH

Hacker-proof, but extremely vulnerable to muggers with absolutely no theft protection. Plus the difficult to track bit is being addressed. Query "Where's George?"

0
0
Charles 9
Silver badge

Re: Stop with the mobile requirement already

Chicken and egg question. Why do you need an authenticator that doesn't require a Web connection for a service that basically requires you to connect to the Web?

4
0
Charles 9
Silver badge

Re: Key fob?

It defeated the purpose of the fob: it's meant to be kept separate from the card so the thief/mugger steals the card but doesn't realize it has a fob until it's too late to go back for a second mugging. Sure, if the perp knows about it, they'll go for the fob, too, but at that point you're already up Crap Creek.

0
0
Charles 9
Silver badge

Re: Old school ?

"Why does it seem to me the goal is 0% fraud ? When did that suddenly become the aim ?"

Because it's being demanded by the customers due to all the hype about card detail theft, and they won't settle for anything less.

"Back in the pre-internet days (yes, there really was such a time), it was more credit than debit card fraud (since we used to use cheques*) banks tolerated a certain amount of fraud, for a certain amount of money spent on security. I suspect it's still the same.

So rather than thrashing around for the "perfect" security (i.e.0% fraud), people should be thinking what can give me 1% fraud, for a reasonable (i.e. no damaging my profits too much) amount ?"

I suspect their margins are shrinking, lowering their tolerance levels. That and the investors are likely complaining about bleeding money.

"Does it really matter if the odd £10 dodgy transaction gets passed, as long as you catch the unusual £5000 a stolen/cloned card would be used for ?"

That was before fraudsters learned how to get around this by simply using quantity over quality. One £10 scam is tolerable but try a million of them. Savvy scammers have learned how to "smurf," or suck a card just enough to prevent it being flagged and then letting it sit. They're also tying geographic information to cards so thieves can perform transactions in the boob's hometown, making it harder to detect. In such an environment, the inch becomes the mile, drawing the fight into an all or nothing conflict.

1
1
Charles 9
Silver badge

Re: Stop with the mobile requirement already

Well, for many, their mobile is the only second factor available to them, so if you want 2FA, it's mobile or bust. If you declare 2FA bust, then you now have to figure out how to build a security system that's tamper-proof, turnkey simple, and doesn't require a second factor? Last time I checked, that means the general public is not accepting anything less than the impossible.

0
0
Charles 9
Silver badge

Re: W00h00

"Can't remember your password?

Re-set immediately just by using the details on the card and the date of birth.

Its not like my DOB is very secret."

So how do you tell the difference between a real customer with a bad memory and an intruder who did the research?

5
0
Charles 9
Silver badge

Re: So how secure are 'biometrics'?

"The "password problem" is also very solvable: by a password manager. I remember exactly 2 passwords, both are quite secure; all the others are randomly generated passwords. While this isn't perfect, and a second ("2 factor") authorization is indeed desirable for financial systems, but that's nothing new; every bank already does that, as do some services like Dropbox."

Then someone breaks your master password. Or your memory's so bad you can't even remember that password. And the moment someone says, "Tough!", that someone loses at least one customer. So what are you going to do? Customers are demanding turnkey solutions that don't rely on memory and won't take no for an answer.

1
1

Google Glass: Even the people who stand to MAKE MONEY from it hate the techno-specs

Charles 9
Silver badge

Need we mention how UGLY those specs were. There was serious doubt they could shrink everything at this point such that you couldn't tell them from ordinary glasses. At least smart watches look like watches at first glance.

2
1

US Marshals commit DIRTBOX INTRUSION on Americans, says report

Charles 9
Silver badge

Re: PKI

No, as the NSA has said, they've been let in through the front door, in this case by the equipment manufacturers. Sort of like gaining access to a gated area by hiring someone with the keys. Furthermore, I may be wrong, but authentication may not take place until the network connection has been established. Otherwise, you end up with what I call the Spike Milligan problem (he is quoted in a joke of, "Open the crate using the crowbar you will find inside.").

3
0

'Net Neut' activists: Are you just POSEURS, or do you want to Get Something Done?

Charles 9
Silver badge
FAIL

Re: Charles 9, Aedile and chums.

That would be funny...if I got the joke (meaning you failed at failing).

The point being if 10-30% of the general American population suddenly vanished, I doubt the ones in power would care for more than 24 hours. They would still have their riches and there would still be people to fight over. Barring some populist revolution (and given the average attention span, the bread, and the circuses, by the time they finally noticed...) we're probably already too late to change anything before it all crumbles. It's the latter days of Rome all over again. So pick your descent: slow in the handbasket or quick in the bullet train.

1
1
Charles 9
Silver badge

To the author:

Perhaps you don't realize it, but the general sentiment is that Congress (especially the upcoming one run by the Republicans) will be even less-inclined to listen to the American public than the one in place now. They're pro-business and minarchist; if they had any real say (say a Republican President), they'd dissolve the FCC. So there's a kind of "now or never" fervor.

Lastly, thanks to the way Congress is set up, there's basically no way to set up any real oversight in anything that matters. Simply put, anything you try gets smothered by counter-lobbying by the big firms who can easily spend six or even nine figures like it's nothing. And they consider it constitutionally sacrosanct and impossible to quash.

11
1

Kryder's law craps out: Race to UBER-CHEAP STORAGE is OVER

Charles 9
Silver badge

Re: Seagate eliminated its research group

Perhaps. It's like with CPUs. They were probably running into a hard limitation set simply by the size of the electron, which is fixed and sets a size floor. If storing data requires an absolute minimum of electrons to work, then you flat-out can't get any smaller, just as CPUs aren't likely to shrunk much further due to physics properties that kick in at those sizes. It's like trying to cram a baker's dozen into an egg carton: something's gonna break.

So it's the end of the line. Now everyone's going to be scratching their heads and wondering, "What now?"

1
0
Charles 9
Silver badge

Re: Service Life of HD

But what happens when all those 1000+ drives fill up because the Big Data just got TOO Big Data? That's what I'm pointing at. Big Data is growing faster than the drives would normally be able to keep pace. Even if you left room to slot in more drives (and the power costs this would entail), it would just keep growing until it reaches Brobdingnagian proportions and you reach the point where swapping out for bigger drives becomes more economical and continuing to grow your data center.

0
0
Charles 9
Silver badge

Re: Service Life of HD

Thing is, you still forgot to notice that other factors doesn't necessarily include such specifics as drive speed and bus but also other things such as the sheer amount of data that people and firms want to store. This created an externality that put a ceiling on the service life of a drive independent of mechanical reliability.

2
0
Charles 9
Silver badge

Re: Service Life of HD

But note your own words: "other factors being equal". The problem in the past has been the increasing amount of data to be stored has historically made existing drives too small by the time five years came up (there's your "other factor"). I still remember the time around 1990 when 200MB was considered pretty big. By around 2000, it was 20GB, then 200GB, and now we're routinely doing multiple terabytes. Thing is, that pace as noted has started to slow. Now capacity is harder to boost up (which I hate since longer-term bulk storage stinks on the consumer end), much as the GHz wall was hit. So now, much as CPUs have moved to multiple cores, drives need to move in another direction: in this case, longevity. Maybe the longevity won't necessarily some from spinning rust but in improvements in SSD tech; just saying that if the customers want longer-lasting drives, someone will deliver it somehow and the give-and-take of price will then ensue.

PS. Maybe the 100mpg carburetor doesn't exist, but people started demanding more efficient cars because of scary-high petrol prices, and manufacturers eventually started delivering. Now, gas/electric hybrids are becoming more and more commonplace.

3
0

ISPs are stripping encryption from netizens' email – EFF

Charles 9
Silver badge

Re: One does wonder... or at least should wonder.

"If the ISPs and email providers actually wanted to greatly reduce the spam, then they would go after the spammers' business models."

How do they do that when many spammers are now employing botnets to make their e-mails look like they're coming from someone else. IOW, how do you trace the botmaster? Especially if they're based in a hostile country?

2
0

The last PC replacement cycle is about to start turning

Charles 9
Silver badge

Re: Businesses don't work like that

As I've noted before, does it HAVE to be a desktop? Instead of say a graphical network terminal, where a tablet with a keyboard and mouse attached? Done that way, perhaps several desktops can be replaced with one server that serves multiple network computers. Which becomes cheaper long-term: several desktops or one big server and network computing links to them?

1
1
Charles 9
Silver badge

Re: re: some headerless server somewhere

I'm talking the office environment. If you need it for a private or personal business, well that's your prerogative. But you'd also be the exception. Enterprises, as content creators, will always need the horsepower. Thing is, thanks to improved portable computing and networking capability, man and machine really don't necessarily have to be in the same room anymore. Indeed, barring outlying circumstances like social interaction, why bother with an actual office? Meanwhile, computing has morphed into something that doesn't necessarily need a single muscleman processor to accomplish. By necessity, we've become much more adept at finding ways to slice the jobs into smaller bits that can be parallelized. Even some of the toughest ones like video encoding can be split effectively if you do a little analysis first (for example, detecting scenes and splitting by them would not incur losses because each segment would be split at key frames).

1
0
Charles 9
Silver badge

"The difference is productivity. On a desktop with a mouse and a full numeric keypad I can fill out a spreadsheet with data from three different sources, draw a chart, copy it into a document, format it nicely, and email it to twenty recipients. All within five minutes."

What about network computing which would let you do the same things by connecting to some headerless server somewhere and do the same things with a keyboard+mouse attached by On-The-Go? Why does it always have to be a genuine honking workstation actually sitting on your desk?

6
5

Has Switzerland cracked the net neutrality riddle?

Charles 9
Silver badge

Re: But American utilities such as water and electricity are privatised monopolies

Lucky you. You're the exception except for the water. But most infrastructure is privately owned and operated. This is particularly true for communications infrastructure like telephone and cable. For the small towns, de jure infrastructure monopolies are pretty much the rule since they're the only way utilities would agree to reach all the way out to them; otherwise, they'd just go "no deal" and leave them high and dry. And if anyone tried to make the infrastructure government-owned, the minarchists would be crying abuse, waste, and taxes. Either that or the threat of China and Russia taking over the Internet. It's basically boiling down to a no-win situation.

0
0
Charles 9
Silver badge

Re: This seems as good an approach as any

I don't know. I think their thought is sort of like, "Give an inch, they take a mile." The idea is that if you allow them to prioritize traffic one way, two things will happen. First, people will abuse the system and, for example, disguise torrent traffic as video or SIP streams (or simply encrypt everything so you can't tell what's what). This will then push the providers to say, in the interests of prioritizing "proper" traffic, they'll have to filter some other, necessarily improper, way. IOW, it becomes the thought that the only proper filtering is NO filtering because it creates a slippery slope.

1
0
Charles 9
Silver badge

Re: But American utilities such as water and electricity are privatised monopolies

No, it's two entirely different countries. In America, most utility infrastructure is privately owned by the utility providers (probably the only exceptions are plumbing-related--water and sewage--and that's due to them being underground, usually under publicly-owned roads). Everything else clearly has ownership tags attached. I see power poles marked property of the power company (private) and buried cable markers with the logo of the phone company. So if utilities are publicly-owned, why the private ownership tags?

0
0
Charles 9
Silver badge

Actually, a natural monopoly IS NOT a "de jure" monopoly. On the contrary, it's a "de facto" monopoly created due to its existence being something of a "necessary evil": IOW, we need it, but we don't like what it does to the place. Take utilities such as gas. These utilities are needed for modern society to function, but as a necessity, these utilities require significant amounts of infrastructure that raises lots NIMBY issues. We DON'T WANT more than one set of utility infrastructure crowding our communities, so we naturally choose a winner to avoid this.

3
0
Charles 9
Silver badge

Re: But American utilities such as water and electricity are privatised monopolies

They're privatised monopolies because no one WANTS a second set of pipes and so on. It's a NIMBY thing.

1
2

Obama HURLS FCC under train, GUTPUNCHES ISPs in net neut battle

Charles 9
Silver badge

Re: here's a simple solution, but it uses a sledgehammer to crack a nut...

Congress hates Obama already, and to them a do nothing Congress is a winning scenario. As for the Attorney General, fast chance on getting a confirmation from a GOP-led Senate.

0
0
Charles 9
Silver badge

"So, Mr President, the insinuation that this is all in the FCC's hands is just not correct. The simplest solution here is to clarify the wording of the Act. Once that is done, the FCC can - and must - apply it as written. I appreciate that this may not be an easy task to accomplish but it really is the only way forward."

Just one problem. Congress will soon be in full Republican control. And the republicans are likely to be pushed by minarchist Tea Partiers who would gladly clarify the Act by simply stirking it. Meaning they'll be going in precisely the opposite direction from what President Obama (and apparently the general public) want. So if amending the Act is not an option, what now?

0
0
Charles 9
Silver badge

Re: Net neutrality: the already solved problem

Thing is, most customers in the US are used to flat-rate prices with the word "unlimited" attached. Plus some users are getting cheeky and abusing the QOS tags.

1
0
Charles 9
Silver badge

Re: here's a simple solution, but it uses a sledgehammer to crack a nut...

No can do. The Telecommunications Act, passed in 1934, explicitly puts the authority on Congress's table. They do this because the TCA can be amended by later Congresses (and it's been amended at least twice by later Acts). The President's EOs can ONLY be used to enforce terms spelled out in the Act (thus why it's called the Executive branch), and since the Federal Communications Commission is enabled by the Act itself, not by the President, Obama has no direct influence over the FCC. If he tries to overstep, someone in Congress can challenge the constitutionality of the EO in the courts (and EOs HAVE been ruled unconstitutional in the past).

4
0
Charles 9
Silver badge

Re: Nice

"That would be the FiOS that Verizon has decided to stop expanding four years ago? The one that people can't even get in rural towns such as New York?"

New York? That's an old city. Across the water, the same can be said of London. They share the same problem. They're old cities, meaning they're all built up and full of old infrastructure that's more or less still in use. That means you can't tear anything up for fear of tearing something up you're not supposed to (hint: New York does not allow implosion demolition in case the collapse messes up stuff underneath). So you have to ask yourself: how does New York put in new infrastructure without messing up all the old infrastructure (on which lives can depend) in the process?

3
3
Charles 9
Silver badge

Re: Fear...

"I worry that the banner of 'Net Neutrality' is sufficiently vague and poorly informed that it will be used as the name of convenience for a regime that nobody wants -- universally crappy bandwidth."

But without the ability to prioritize, raw last mile bandwidth becomes a point of competition. If everyone is doling out universally-crappy bandwidth, the first to deliver universally-not-so-crappy bandwidth at decent rates is going to attract attention...and steal customers. You would think the incumbents would take notice at that point, much as how T-Mobile's audacity (pretty much forced being #3 in the mobile market) is making AT&T and Verizon take notice.

4
1

Boffin imagines Wi-Fi-defined no-shoot zones for wireless weapons

Charles 9
Silver badge

Re: These can't be DoSed, right?

"So what happens in a Civil War when both teams theoretically have home field advantage?"

It's just like with sports. Home field differs from skirmish to skirmish, depending on whose ground the battle is taking place. That's why one has to wonder how the Army would storm a town where the people know where and how to hide and ambush. And it's unlikely that the Army would be led by a hometown person since it's likely he or she has family there he/she would want to protect (meaning hometowners are among the most likely to defect).

0
0
Charles 9
Silver badge

Re: These can't be DoSed, right?

"The problem is elsewhere - the gun nut lobby fav argument is that the gun is the means of defending against the big bad argument. This is supposedly, somehow, logical despite the government having drones, cruise missiles, stealth aircraft and being able to take you out on short order anywhere around the globe."

It is QUITE logical given the most powerful army in the world couldn't land a decisive blow against the likes of jungle and desert guerillas (see Vietnam and Iraq). Using that as a history, it seems no technology in the world can stand up well against home-field advantage.

3
2
Charles 9
Silver badge
FAIL

Show me a way to do geographic denial through compact pure mechanical means, THEN we'll talk.

12
0

Poll: Yes, yes, texting while driving is bad but *ping* OH! Hey, GRAB THE WHEEL, will ya?

Charles 9
Silver badge

Re: Simplez

Not hindered since radio antennae are mounted externally and then fed to the radio by a wire.

That said, what's to stop someone from gutting out the interfering material or installing some kind of repeater?

0
0
Charles 9
Silver badge

Re: New UK lottery

"Using your phone while driving, to photograph someone using their phone while driving, sounds like a brilliant plan with but one tiny flaw... :D"

What? Like doing this from the passenger's seat?

0
0

'Tech giants who encrypt comms are unwittingly aiding terrorists', claims ex-Home Sec Blunkett

Charles 9
Silver badge

But when natural-born citizens target and bomb national infrastructure (Oklahoma City, 1995), it begs a bigger question, "WHO can you trust?" And if the answer is "No one," what's the point of civilization then?

0
1

Why solid-state disks are winning the argument

Charles 9
Silver badge

Re: Developers need what now?

"You should be exiting the building on a crappy ADSL service from a crappy ISP, and looping back in via the big bad internet."

It would be better still to set up a small intranet backed by a modem. Some people are LUCKY to have dialup access (it can happen: middle of nowhere with view of the south sky blocked somehow--no satellite), so they still need to be considered.

4
0

Forums