* Posts by Charles 9

6231 posts • joined 10 Jun 2009

FBI backs down against Apple: Feds may be able to crack killer's iPhone without iGiant's help

Charles 9
Silver badge

Re: precedent

"That can't be. They changed the iCloud password, then for the phone to sync the password has to be entered again from the phone. Can't change the iCloud password back and make the iPhone happy."

Are you sure? If the iCloud account's password is changed back to the original password, the one the phone itself is synced against, how will it be able to tell the difference?

0
1

iOS flaw exploited to decrypt iMessages, access iThing photos

Charles 9
Silver badge

Re: FBI presumably salivating

And would you look at that? The FBI's actually backing off! Seems the revelation of this new exploit crumbled the foundation of their case since it's now proven they don't need Apple's help to get into the phone, and by law you can't compel something when an alternative is available (necessity is required).

0
0
Charles 9
Silver badge

Re: The tinfoil hats are strong with these ones.

"Yes, they do want a legal back door. But they want it because access is (1) physically impossible, (2) prohibitively expensive or, if you're ultra paranoid, (3) they don't want to reveal the technique they are using."

Well, the article says that, according to these researchers, (1) doesn't apply (it's proven possible), (2) is unlikely (though it takes state-class resources, it's unlikely to be too costly for a state), and (3) is moot (the secret's already out).

0
0
Charles 9
Silver badge

Re: Nation-state?

Just because you discover it's possible doesn't mean you have the resources to actually pull it off. Think "Traveling Salesman Problem". Simple to describe, utter nightmare to implement.

2
0
Charles 9
Silver badge

No, it's just they don't WANT to break it physically. They're trying to mandate a legal backdoor by judicial precedent.

7
0
Charles 9
Silver badge

Many people have trouble remembering more than a few of those numbers at a time. That's why we keep directories. If we're forced to remember a long PIN, we're likely to forget something else.

2
0
Charles 9
Silver badge

Physical access can break ANYTHING open since they can just use side-channel attacks coming from things like EMR to deduce whatever secret is needed. Worst comes to worst, they can decap the chip physically (defeating any booby-traps along the way). That's why they say that physical access = Game Over.

1
0
Charles 9
Silver badge

Re: FBI presumably salivating

But it should let the cat out of the bag. Apple could point to that and very clearly say they don't need to be involved. Use that exploit since THEY'RE a state-level agency. The court obviously can't order to Apple to do something unless there's no alternative, which this exploit clearly presents.

2
1

'Contractual barriers' behind geo-blocking could breach EU rules

Charles 9
Silver badge

Geo-locking of video is usually on the basis of sub-licensing. Different companies can license the content for distribution in their individual regions, and the companies and regions can't (and for practical reasons usually don't) cross. Whoever can show or sell the video in Europe is usually different from the one that sells it in America and different from the one that sells it in Australia/Oceania, and so on.

0
0

Boffins find a way to put your facial expression on Donald Trump's mug

Charles 9
Silver badge

Re: I hope it's *main* result will be to teach people to believe *nothing* digital

"Because without very strong audit trail and encryption anything you see or hear could be faked."

What makes you think the audit trail and encryption can't be faked, too, if they REALLY want you?

4
0

Mystery Kindle update will block readers from books after Wednesday

Charles 9
Silver badge

Re: It's just a CA update

As someone noted, though, the Kindle reboots multiple times in so doing. Why would this be necessary for a key change unless something else is happening internal to the device?

0
0
Charles 9
Silver badge

Another likely reason for multiple rebooting may have to do with changing internal storage (perhaps encrypting or re-encrypting it), which would require at least one reboot to go into a maintenance mode so as to do it to the internal store in situ (in case there's not enough room to do it less-destructively) plus change the encrypted filesystem parameters to reflect this, then reboot into the new encrypted filesystem to continue the update.

0
0
Charles 9
Silver badge

Re: tin foil hats required

Which doesn't help too well if the text has strange formatting. Plus in order to do a plain text search, you need excerpts from the "forbidden publications" themselves, meaning the fuzz will be caught in an entrapment situation by holding excerpts of forbidden material themselves in order to search for more forbidden material.

0
0
Charles 9
Silver badge

Re: Non-cloudy thinking

"Yes, Amazon Kindle could just choose to block your access to books that you've already paid for.

If they wanted to wipe out all reputation, goodwill, trust and destroy their business overnight."

Didn't you read about the whole Nineteen Eighty-Four copies being wiped from Kindles without explanation? I know, ironic, but it actually happened (and as you can see, El Reg itself covered it).

Funny thing. Amazon's still kicking. Plus what if something permanent were to happen to Amazon? All reputation, goodwill, and trust would vanish if Amazon itself disappeared (and given the pace of technology, stranger things have happened, like the #2 bookseller in America suddenly up and closing).

5
0
Charles 9
Silver badge

Not if there's multiple keys and they need to check them one at a time, each one requiring a reboot.

1
0
Charles 9
Silver badge

Re: tin foil hats required

How does that help when people import their own e-books (not guaranteed to match any signatures)?

0
0
Charles 9
Silver badge

Re: OTA vs USB

Plus remember, some people with tablets and e-readers don't have computers.

6
0
Charles 9
Silver badge

Re: Non-cloudy thinking

"Yeah, I love having my precious collection all on a single point of failure."

Is it really that hard to keep your book collection in two separate locations so that one's ready in case the other fails? I do that for my multi-TB media collection using two hard drives, plus I use parity archiving to deal with bit rot.

Given 32GB MicroSDs can be hard pretty cheap these days, I don't see any problem with having two of them.

14
0
Charles 9
Silver badge

Could just be a matter they have to revoke their secure connection keys (perhaps they got hints on a potential key leak or crack) and pass along new ones, which of course brings about a case of passing along the new keys before the locks gets changed, so to speak.

8
0

How Microsoft copied malware techniques to make Get Windows 10 the world's PC pest

Charles 9
Silver badge

What about EXISTING employees? Especially those ABOVE you?

0
0
Charles 9
Silver badge

Re: No sale

There are people who dispute that article. After all, there's the matter of the "Microsoft Tax," the discount Microsoft will ONLY apply if the reseller sells Windows AND ONLY Windows on their machines (and yes, this takes the volume license into consideration, they reduce the baseline price per laptop). I think the only reason Dell dares is because of counteroffers from the likes of Ubuntu allowing them to save either way.

1
0
Charles 9
Silver badge

No, because they're designed to remove unwanted third-party programs. GWX is an unwanted first-party program (because it's made by the same company that makes the OS).

0
0
Charles 9
Silver badge

Re: Windows 10?

OK, what headline games DO you play on Linux that work either natively on on WINE with little or no configuration, with little to no loss in performance vs. the Windows version? I can tell you Fallout 4 won't run natively, as Bethesda has gone on record against porting to Linux, citing conflicting environments and targets. I can also speak from firsthand experience that Valve's own Linux ports rarely match the Windows versions in real-world performance. I've tried, I've honestly tried, but Linux hasn't really work for me yet.

1
2
Charles 9
Silver badge

Re: Windows 10?

GAMERS for one due to the fact that most games are Windows-only and WINE-unfriendly, not to mention the upcoming DX12 games that require 10 and won't be ported for Vulkan (ask Bethesda why Fallout 4 won't be making the jump).

1
3
Charles 9
Silver badge

Re: Finally had enough...

What about the games? Those require close-to-metal performance and I recall most VMs don't virtualize graphics hardware very well, especially cutting edge games that use DX11 and eventually 12? And there have been companies that have been recorded as saying they won't develop on Linux (like Bethesda Softworks who make the Fallout series now).

Much as I'd love to switch to Linux, the Linux Steam collection is a pale imitation of the Windows one and there are no signs of this improving anytime soon.

1
3

Apple engineers rebel, refuse to work on iOS amid FBI iPhone battle

Charles 9
Silver badge

Re: Developers

Tell that to that county clerk who refused to sign marriage licenses. You CAN be compelled to do things, that's the point sometimes of a court order.

0
1
Charles 9
Silver badge

Re: If ...

They can still do it. All they would need is a cover story to keep the NSA's involvement out of it. Maybe the official who changed the password remembered it and the old one, allowing them to change it back and get an iCloud backup done, for example.

0
0
Charles 9
Silver badge

The Casio watch and the Sure deodorant isn't going to make much sense. Toyota might have an issue, though, if they're seen as a vehicle of choice for anarchists since that'll paint them in a negative image (so do pseudo-realistic racing games showing them as crash-prone). It may be a strictly image thing, but image sells which means image affects the bottom line.

1
0

Apps that 'listen in' to your mobile get slapped by US watchdog

Charles 9
Silver badge

Re: I don't get it

Don't be too surprised if each commercial is uniquely encoded for each program so that just listening to enough of ONE commercial is enough for the app to identify the ad AND the program attached to it. Time isn't going to be as useful as the program could be recorded or time-shifted.

1
0
Charles 9
Silver badge

Re: I don't get it

They probably figure if an ad plays out, you at least tolerate it; otherwise, you'd change channels for the duration.

0
0

Big data boffins crunch GPS traces, find altruistic route planning is good for everyone

Charles 9
Silver badge

Usually, going slower is better on the gas usage, but perhaps you make up for it on the motorway with a shorter travel time (more gas at a time for a shorter time in this case beats less gas at a time for a longer time).

0
0
Charles 9
Silver badge

But as people find roads blocked, they look for people taking detours and follow them, too. I wouldn't be too surprised if people start noticing and following you.

0
0
Charles 9
Silver badge

Re: Government by the people

You do know police and fire vehicles are also government vehicles (medical depends; some are, some aren't).

0
0
Charles 9
Silver badge

Re: More Cars than Roads

You forget TOLL roads, which IINM DO turn a profit or the companies that run them wouldn't still be doing this line of work.

0
1

Biometrics not a magic infosec bullet for web banking, warns GCHQ bloke

Charles 9
Silver badge

Re: Biometrics should be the username, never the password.

That's assuming there's a second factor available to be used. What if this person doesn't bring a cell phone?

0
0
Charles 9
Silver badge

Re: More recently

"The problem here is that to be usable and secure it doesn't have to be beyond current medical science. It has to be beyond medical science forever"

No, it only has to be beyond medical science until technology marches on and we develop a new authentication method and start switching to it, making the old stuff stale.

"Basing security on something that cannot be changed at the drop of a hat is insanity with gilt knobs on."

EXCEPT it's the ONLY thing that's practically guaranteed to be present all the time regardless of circumstances. People may have bad memories and may not carry a second factor with them. That's important because these kinds of people still need to be screened.

PS. And believe me, I have lost count of the number of people who go about their business without their ID cards or keys (and then start begging because of that lack).

0
0
Charles 9
Silver badge

Re: More recently

Well, you have EIGHT of them (plus your thumbs). Plus how do you go about reproducing a vein pattern that relies on having particular qualities of mass and so on in place as well. I would think the technology to create an artificial finger right down to the veins and bones is something beyond current medical science.

The thing about biometrics is that thery're basically the ONLY authentication system that's ALWAYS on you, regardless of whether or not you have electronic accessories and/or a good memory (basic requirements for the two other branches of authentication).

0
0
Charles 9
Silver badge

Re: Tiresome..

But some people have terrible memories for passwords. They couldn't even remember "correcthorsebatterystaple" to save their lives (meaning they can't recall something they KNOW). Plus they may be partial Luddites and against having an electronic device on their person (so there's nothing they HAVE). So how do you do security when the ONLY thing you can work with is something you ARE?

0
0
Charles 9
Silver badge

Problem is, what if that's all you have (bad memories and no phone or other second factor present)?

1
0

Domino's trials trundling four-wheeled pizza delivery bot

Charles 9
Silver badge

Re: "Lidar....being used in driverless car trials across the world..."

"The Google Streetview cars should be gathering Lidar data for future use. If they're not, they should start. Somebody needs to do it."

What good is LIDAR data when the environment can change at any time. What if they break ground on a new building, replace the telephone poles, or there's simply too much snow on the ground. How does the LIDAR recognize each of these?

I think that's why Google goes with a more general system for navigation, plus if they want to test in snowy conditions, they DO have access to Donner Pass.

0
0
Charles 9
Silver badge

Re: Cunning plan...

I thought the cut that to $3 off these days. Any, don't be surprised if anyone tried to seriously interfere with it, it would phone home to report this, have cameras to record it, and maybe even emit a loud noise to drive the interlopers away and draw police attention.

0
0

How to make the trains run on time? Satellites. That's how

Charles 9
Silver badge

My question is how well would such a system work on a rail network with a lot of tunnels which would obscure the train's position when seen from above. And there's no guarantee a train will maintain speed within the tunnel. What if it breaks down inside and is too deep in to get a signal out?

1
0

Apple tells iPhone court 'the Founders would be appalled' by Feds

Charles 9
Silver badge

Re: @DonL

I don't think so. I think having one necessarily allows you to do the other. If you have the power to ignore the laws and get away with it, you can exploit that power to have the laws rewritten to make sure you don't run afoul of them again. And if you have the power to rewrite the laws already, then to turn a famous phrase, "I AM The Law!"

1
0
Charles 9
Silver badge

Re: Since when a recipe is speech?

No, free press if printed. All they would have to do is publish the source code in a magazine or newspaper and the First Amendment would apply. Unless, of course, they cite national security "clear and present danger" concerns to trump the First Amendment.

0
0
Charles 9
Silver badge

Re: misinformed arrogance

Not if it meant it ALSO opened the way to open every other safe made by that manufacturer...including ones potentially held by the government itself.

The thing with a safe is that even physical cracking takes time, which is why they're rated that way (in terms of how long it would take a professional safecracker, with no limits on his tools of the trade, to get it open). That's basically like brute forcing the phone's memory, which by modern standards has a safecracker rating of "practically infinite". Thing is, what if the safe company is forced to develop something that exploits a design flaw in their line of safes to cut the safecracker rate all the way down to "5 minutes"? That's more like what the feds are asking, and I don't think any safe company would want to play ball with that, given the negative reputation it would bring (much like how car manufacturers are a little leery about their brands being in racing games, particularly those noted for reasonably accurate physics; it might bring out a crash characteristic that might affect sales in the showroom).

1
0
Charles 9
Silver badge

Re: misinformed arrogance

"What I have a problem with, or at least the first, is what happens to the engineers if they step back and refuse to provide what the FBI is demanding?"

If supported by a court order, that can become contempt of court, similar to the one local officer who refused to issue marriage licenses of any kind (to avoid discrimination charges) on account of religious objections to signing marriage licenses for gay couples (and they couldn't force him out of office because the post was elected and the only body that can impeach an elected official, the state legislature, was out of session).

1
0
Charles 9
Silver badge

Re: @DonL

"No man, no matter how virtuous, blessed by god, blood of kings - whatever - NO man is above the law."

Impossible. Eventually, someone amasses the kind of power that allows him to go beyond the law, on pain of pain and destruction. Such is the game of humanity; it's basic "me vs. the other guy" instinct. After all, in the final analysis, law is just "ink on a page" and absolutely worthless without the power to make others submit to it, even when they disagree with it.

1
5

FAA's 'drone smash risk to aircraft' is plane crazy

Charles 9
Silver badge

And what's to stop some determined miscreant from finding a way to remove or otherwise disable the beacon? Or simply to build one from kit or scratch with the device missing?

0
0

Samsung sued over 'lackadaisical' Android security updates

Charles 9
Silver badge

Re: The answer is easy, the devil is in the details

Oh, that's how Apple works, and they're still competitive. Google's already heading in that direction due to legal pressure after the Stagefright exploit was revealed. If they can't show control of their OS, they could end up in court over the matter at a later date.

0
0
Charles 9
Silver badge

Re: disgrunted owner of an original Nexus 7

There's also the matter that rooting isn't as handy as it was, given that Android and apps are increasingly root-aware, especially in Marshmallow. I had to unroot my S4 because of root-aware apps.

0
0

Forums