* Posts by Charles 9

7189 posts • joined 10 Jun 2009

Facebook to forcefeed you web ads, whether you like it or not: Ad blocker? Get the Zuck out!

Charles 9
Silver badge

Re: I'm wondering

"As long as the ads follow a pattern, they can be blocked. FB can use anti-adblock javascript. Stubborn users can use m.facebook.com with JS disabled. FB can make the mobile site JS-mandatory. Users can rebel against JS... on and on it goes..."

Simple. Ads can be text-based in nature and served inline to the content. No way to block it without blocking the content, too. Image-based ads can be baked into legit pictures from the article, again making it all-or-nothing. Using randomly-generated tags ensures (a) the visit can be traced, and (b) the ads can't be easily blocked because the content has a similar tag. No JavaScript or external content necessary, and the content's loading can be detected server-side, meaning there's no way to avoid it without at least downloading the content, wasting your bandwidth, and triggering the demographics.

2
0
Charles 9
Silver badge

How do they block an element that's in the same domain as the page itself without blocking actual content?

1
0

US Politicians tell DEF CON it'll take Congress ages to sort out how to regulate crypto

Charles 9
Silver badge

Re: Trust!

"Ochlocracy, a word I discovered listening to this interesting discussion about Xenophon"

In other words, mob rule, which inevitably degenerates into anarchy as people within the mob vie for power at everyone else's expense.

0
0
Charles 9
Silver badge

Re: "If you don't trust government...

""People should not be afraid of their governments. Governments should be afraid of the people""

Thing is, the government has nukes, and someone desperate enough will USE them, too.

0
0
Charles 9
Silver badge

Re: @Charles 9

"All are possible and known spy/surveillance technologies and I don't worry too much about that because it is expensive and time-consuming to do, that alone means it has to be targeted at important stuff."

No, the costs are FALLING because it's a whole lot easier than investing vast computing power into cracking encryption algorithms. That's a job best left to sovereign powers for whom money is less an object.

0
0
Charles 9
Silver badge

Re: Hopeless

"You are missing the point - we don't generally need "unbreakable" encryption, just hard enough to make mass surveillance impossibly expensive, and difficult enough so that targeted use has to be prioritised to serious crime."

But the thing is encryption is in the end useless because we can't decrypt the stuff in our brains (if we did, we'd be in Ghost in the Shell territory). And since the stuff MUST be decrypted at some point to use, the plods will simply target points "outside the envelope".

0
1

If you use ‘smart’ Bluetooth locks, you're asking to be burgled

Charles 9
Silver badge

It's what the customers want, so what are you going to do?

0
0
Charles 9
Silver badge

Besides, 7 times out of 10 they can just do what the SWAT do when they insist of coming in: use brute force to break the hasp or the frame. Because most door frames are made of wood, they don't take as much force as you think (OTOH, many commercial door frames are made of steel), and there's little you can do to stop them, especially when the house is empty (meaning possible countermeasures like door stops can't be used).

4
0

Internet of Car...rikey what the hell just happened to my car?

Charles 9
Silver badge

Re: It's our own fault

In other words, Security hurts sales which is why the only industries that do it regularly are those where it's a prerequisite (such as military industrial). And since there's a sliding scale between security and ease of use, not even laws or insurance pressure can help (because who cares about laws or insurance premiums if your sales tank and you can't stay in business).

1
0
Charles 9
Silver badge

Re: KITT is screwed, then.

"...fired when parked in a mid-floor of a multi-story..."

If you'll recall, KITT's heavily reinforced. I think it's managed to pull off escapes using techniques similar to what you describe, although I'll have to consult my KR collection to be sure.

2
0
Charles 9
Silver badge

Re: Standard

No, because it's the custom stuff (that makers will insist on for the sake of identity, otherwise why bother with more than one make) that will be the problem. All you do is move the target.

1
0

Latest Androids have 'god mode' hack hole, thanks to Qualcomm

Charles 9
Silver badge

Re: Towelroot refresh?

"There are ways to hide the root status from individual apps - I've used one with flawless success. Get xposed and you won't regret it!"

How when SafetyNet checks itself with an encrypted connection back to Google AND can upgrade itself through that same connection? We don't know Google's private key. SafetyNet can even detect /system-less root now.

0
0
Charles 9
Silver badge

Re: Towelroot refresh?

No, because thanks to SafetyNet, more apps are becoming root-aware. Rooting now has more risks than before, as apps you used before could balk.

0
0
Charles 9
Silver badge

Last I heard, it won't make the August patch cycle because it was submitted too late. Meaning September at the earliest.

1
0

Broken BitBank Bitfinex shaves 36% from all accounts

Charles 9
Silver badge

Re: I wonder

In which case it's a lost cause as it's proof people CAN'T learn. Twice stung indicates stinging doesn't make them learn.

0
0
Charles 9
Silver badge

Re: I wonder

It could've been worse. There were plenty who lost all their assets when Mt. Gox crashed. And this one could've easily just shut all their doors, turned out the lights, and left you with nothing at all. As they say, better 2/3 of something than 100% of nothing...

2
0

How many zero-day vulns is Uncle Sam sitting on? Not as many as you think, apparently

Charles 9
Silver badge

Re: Snapping up cheap spy tools, nations 'monitoring everyone'

So now comes the question. Which would you prefer: anarchy or the police state? Because in today's world, keeping third options is becoming more and more difficult.

0
2
Charles 9
Silver badge

Re: They should be banned from buying exploits

"The only 0 days they should be permitted to keep in their arsenal and not inform the vendor about are those they discover themselves."

What makes you think they DON'T discover them themselves and what we're seeing most of the time is parallel efforts to a single goal?

0
1

California to put all your power-hungry PCs on a low carb(on) diet

Charles 9
Silver badge

Re: I'm cautiously optimistic ...

But where are the GAMES?

0
0

Graphene solar panels harvest energy from rain

Charles 9
Silver badge

Re: Is solarPV a waste?

Meaning turbines are more efficient than Stirling engines?

0
0
Charles 9
Silver badge

Re: Rain water into Hydrogen

"At best, it's an inefficient energy STORAGE mechanism. We have pretty good batteries already."

Pretty good? They're not really all that efficient, they don't scale well, they don't really last that long under prolonged use, and many have an issue with spontaneous combustion. We REALLY need something better.

0
0

Forget security training, it's never going to solve Layer 8 (aka people)

Charles 9
Silver badge

Re: Silly thing is ...

"Sure, there will always be crooks and naive/stupid people. But why being a crook on the Intenet is so easy? Because of technical reasons, or because too many make money from letting the crooks around? Yes, it's a layer 8 issue too - but not the one identified by the researches. Follow the breadcrumbs - and you'll find why it works."

Or maybe because of sovereignty? It's hard to nab a crook if they happen to live in a country hostile to you.

0
0
Charles 9
Silver badge

Re: @Walter Bishop

"Clickable links wouldn't be a problem if they moved to the Industry Standard Lubuntu desktop."

They'll find a way. Remember the term "rooting" doesn't come from the Windows world.

0
0
Charles 9
Silver badge

Re: "still won't save you from the rise of street cameras and spy satellites..."

Like I said, pervasive cameras (Google cars) and spy satellites (commercial photography satellites).

0
0
Charles 9
Silver badge

"And since I'm using a company laptop, try measuring my care level...."

Pretty high, I would say, since they may eventually trace the zero point back to you, you get sacked, maybe charged with criminal negligence resulting in gross damages...

0
0
Charles 9
Silver badge

Re: Making legit look phishy

"As Mike said, have the legit e-mailers send harmless mail. Then the phishers can duplicate this to their hearts' content - they'll be sending harmless mail."

No, the problem is that they can make a harmless-looking e-mail harmful no matter what you try to do. Remember, you can't fix stupid. Even without direct links, you can make a stupid user copy and paste, even hand-type if need be, and use a similar domain the malcontents bought first or hijacked (so no unicode involved and it can't be removed because it was bought from a crooked vendor who can bribe or is immune to the authorities).

0
0
Charles 9
Silver badge

Re: Errm

Trouble is, sometimes you can exploit a system by feeding it CORRECT inputs, too.

0
0
Charles 9
Silver badge

Re: Making legit look phishy

But what's to stop a phisher from duplicating EVERY SINGLE THING the legit e-mail can throw, only to use legit-looking (maybe even Unicode) domain names so that you can't tell the two apart even with a poring of the source? That's how good phishers are getting: the point where the besieger's advantage is becoming harder for the besieged to counter.

0
0

Samsung Note 7: Probably the best phone in the world. Yeah – you heard right

Charles 9
Silver badge

Probably also to do with spectrum. American phones need an emphasis on bands 4, 12, and 17 (as those are the LTE bands used by AT&T, T-Mobile, and MetroPCS the main GSM-based carriers, and this trend extends throughout the Americas). They're still pretty international-friendly, though, as they normally support band 3 and at least one other common band (usually 1, 5, or 7). Verizon and Sprint phones use less-common bands so require more customization.

0
0
Charles 9
Silver badge

Re: Samsung v Xiaomi

It's one reason I finally decided to retire my S4 for this (used in good condition), as S4 is off the Lollipop list, let alone Marshmallow (OTOH, my S5 is already there). It just took a while for the US carriers to catch up: T-Mobile most recently in June. I think AT&T is the only holdout.

0
0
Charles 9
Silver badge

"Watch that first step! It's a doozy!"

As in it's a pretty big one. One with a lot of substance to it. Term based on the old Duesenberg cars that hit their heyday in the 1930's and affectionately coined the phrase, "It's a doozy!" as a way to say, "Now here's a REAL car!"

Because of Stagefright and so on, Google's been forced to pay a lot of attention to security with Android N: particularly the ability to patch core functions of the OS that normally get obfuscated by carriers. In order to avoid getting investigated by governments for still letting hopelessly-vulnerable-and-unpatchable devices be approved, they need to slam that door hard. That's why you have things like seamless updates, which means updates don't take forever to install, and why IINM he core framework is being separated from the user interface (which is what the manufacturers and carriers want to control).

I still haven't heard any call for requiring the use of root-proof tech like ARM TrustZones and Secure Elements; this may have to do with catering to low-end device makers, though.

0
0
Charles 9
Silver badge

I wouldn't count on anything to run Android 7 well until after Android 7 itself comes out. This one looks to be a doozy in terms of changing the core functions, if you'll recall, since Google has been forced into a security focus with this update.

1
0
Charles 9
Silver badge

Re: Charles 9

"Your thinking like a customer, not a seller. If they make the battery replaceable, how will they sell you the Note 8?"

They can't. I look for a phone that ticks all the boxes, and then find the cheapest one. And for me, a non-replaceable battery (and a lack of microSD) is a deal-breaker based on firsthand past experience.

So until they cater to the customer (which as the adages go is #1 if the law is not involved), I'm not buying.

5
0
Charles 9
Silver badge

Re: Could be great

Thanks to SafetyNet and dm-verity, more apps are root- and custom-aware, so going stock is the only option for those situations. Plus don't Samsung devices have KNOX, which customizing also breaks?

0
0
Charles 9
Silver badge

Re: Got a Note 3 at launch...

"I think Samsung also understands that more and more people are extending their replacement cycles."

If that were true, they'd make the battery replaceable since that's one of the first things to go. I've replaced the battery on my S4 twice now to keep it going strong.

5
1

Simply not credible: The extraordinary verdict against the body that hopes to run the internet

Charles 9
Silver badge

Re: homonym or homily

"As to who should be herding the root servers, I rather suspect that the original principle should be applied vigorously and have them managed by independent agencies hosted in various countries. With all details of the management agencies being publicly available. I certainly would *not* want someone like Erdogan or Un or (some days) Putin or Zuma with their hands on the leashes of more than one of the servers."

How do you avoid puppets then who can in turn be protected by the power of sovereignty?

0
0
Charles 9
Silver badge

Re: Umm, some balance please

"It is literally criminal how they get away with blatantly saying "F U" to everyone's face and nobody lifts a finger in retaliation. I would send in the Marines and have them all shot for treason on site, no delay and no discussion."

OK, then. After you sweep ICANN clean, what would you replace it with? And how would you ensure it did its job properly while also preventing it being corrupted or subverted AGAIN?

You see, the big trouble with all these cries of "Throw the Bums Out!" is that no one ever bothers to consider what you're going to do AFTER they're gone. It's not like the Internet runs itself or can completely ignore political entities that can control the physical wires...

1
0
Charles 9
Silver badge

Re: And they have a famous chef, too

"You haven't been downwind of an open tin of Surströmming, have you?"

But at least that at worst only has a local influence. I'm talking international stinks.

1
0

By 2040, computers will need more electricity than the world can generate

Charles 9
Silver badge

Re: More Information

"Generate solar electricity in North Africa (where there's a lot more sun than there is in most of Europe), and use low-loss HVDC transmission to ship it across to places in Europe that could make use of the electricity. And as a side benefit, generate a bit of income for the Africans in the picture."

But then politics inevitably gets involved. Who owns what? That's why we can't have a solar satellite in space. That kind of energy means power, political power, and there WILL be fights over it.

0
0

Boffins bust biometrics with inkjet printer

Charles 9
Silver badge

Re: It very much depends on the reader

"However, whatever security measures you use, never forget that someone may choose to use a more direct route."

But what if their victim is a masochist (so get off on torture) or a wimp (so faints before you get started)?

0
0

Stop us if you've heard this one before: Telcos try to kill net neutrality

Charles 9
Silver badge

Re: Those poor innocent profits..

Ergo, we can't have nice things. If we can't afford them, it's equivalent to not having them.

0
0
Charles 9
Silver badge

Re: No problem!

I got news for you. That pretty much covers practically all the TV in the country.

INCLUDING the big broadcasters.

Disney (on the list) is the owner of ABC

Comcast (on the list) is the owner of NBCUniversal, also on that list itself.

Viacom (on the list) changed its name to National Amusements in 2006. It's is the majority owner of CBS.

And you've probably noticed the Fox Networks Group.

The only way you can effectively boycott is to get the Nielsen participants to unplug their TVs.

0
0

Tesla autopilot driver 'was speeding' moments before death – prelim report

Charles 9
Silver badge

Re: Fat effing chance

Thing was, it ALSO saved Corporate America time AND money in lawsuits claiming a design flaw that doesn't take submarining into account. Handling the back behind the rear wheels was easy enough, but the sides (which affects ride height) are another matter.

0
0
Charles 9
Silver badge

Re: Dangerous attempts to fix stupid?

This isn't a motorway. It's an arterial, which means traffic lights. If he was FIRST out of the light, pulled ahead, and there's not much between the light and the truck, he could easily have a large opening in front of him before encountering the truck.

0
0
Charles 9
Silver badge

"But if it occasionally confuses a plain white truck side for a threat-free path, that's unacceptable."

But here's the catch. How do we know it would be easy for a HUMAN to see it, too? Sometimes, we assume too much and don't take the assumption that the human could be as confused as well. Or the human could be tricked by illusions and other conditions a machine would be less prone. For example, a anisotropic painting of a kid in the middle of the road, or a whiteout condition.

The situation here is that human drivers and computer drivers approach perception from two completely different angles, and they don't overlap. The real question you have to ask is which of us can handle better in the overall scheme of things: human intuition that can't be taught because it's inborn even in toddlers (so we don't even know HOW we learn it) or tireless machine perception that's harder to fool objectively but likely easier to fool subjectively?

0
0
Charles 9
Silver badge

Re: No thanks

What if it becomes take it or leave it? As in take the self-driving car, pay crazy car insurance to keep the privilege, or just get off the road?

1
0
Charles 9
Silver badge

Unlikely, since the crash is likely to be so violent as to break the camera. Not even black boxes (and they're built to take a pounding) are immune. Plus, consider where the best place to put a camera would be (in the mirror or visor) and remember what part of the car got decapitated more than the driver.

0
1

Did Donald Trump really just ask Russia to hack the US govt? Yes, he did

Charles 9
Silver badge

Re: @JC2

Could also be the END of it. Heard of the phrase, "No Vacancy"?

0
0
Charles 9
Silver badge

Re: Clinton got caught rigging the primary...

"Dude, the charge is election rigging, with plenty to back it up, and you think those three words is enough to refute it?"

YES, unless you actually CAN back it up with evidence that would be admissible before a court.

0
0

Alleged skipper of pirate site KickAss Torrents keel-hauled in Poland

Charles 9
Silver badge

Re: What first amendment?

Ever heard the phrase "A picture is worth a thousand words"? When 9/11 happened, it wasn't the headlines that made the greatest impact but the photos. And believe me, no front page would elicit more shock than that of a new atomic mushroom cloud. Especially if the spot it happened was someplace like Rio.

0
0

Forums