* Posts by Charles 9

4212 posts • joined 10 Jun 2009

German minister photo fingerprint 'theft' seemed far too EASY, wail securobods

Charles 9
Silver badge

Re: Hey dude, hand me the finger cutter......

So in other words, "Goodbye. Game Over. Better Luck Next Life"? Because some people really ARE that bad. There's also the matter of information overload, since just about every site under the Sun demands a unique account with them, and SOP is to use a different password with each one. A password manager can be subverted or you just forget the password to the password manager.

0
0

Apple's 16GB iPhones are a big fat lie, claims iOS 8 storage hog lawsuit

Charles 9
Silver badge

I suspect it's more to do with Australia's advertising laws which place a little more emphasis on telling "the whole truth". Australia can smack down and fine a firm whose ads cross the line into "deceptive".

9
0
Charles 9
Silver badge

The counter would be, "You're doing it wrong."

Apps installed by the user SHOULD go into the user space, NOT the OS space (which should be reserved for system apps and their updates).

3
0

Buses? PAH. Begone with your filthy peasant-wagons

Charles 9
Silver badge

Re: In Asimov's I Robot books...

As I recall, the cities in those books has also megasized in to arcologies, too. In these kinds of self-contained environments, every trip was essentially short-distance.

0
0
Charles 9
Silver badge

Re: When you design the new hi-tech transportation system...

"Just don't drive on toll roads in a rental car though - the bill will be mailed to the rental company, usually long after you leave - and they will bill you for processing fees, rightly. Oops..."

That's when it pays to do the homework. If you know you're going somewhere, research it and see what you need to know. If you're going to a place where the roads have ETC, that may cue you to look for a car rental agency that rents ETC-enabled cars (Avis, for example, has ETC support). That said, there are very few roads that are ETC-only, and those that exist usually have alternative routes for those without ETC since it's not exactly universally supported.

0
0
Charles 9
Silver badge

Re: Gridlock is a fallacy

How does the system then account for externalities like job crunches and housing shortages that could prevent people from having alternatives when the comfort zone is breached. In a job crunch, one may not be willing to switch jobs since they don't want to lose their job in hand. In a housing shortage, the long commute may be the only one available or affordable, meaning the price to move is too high or it simply isn't an option. And since people value face time, telecommuting may not be in the cards, either. And if fuel prices rise again, the cost of the commute may eat into the household budget, reducing commuting tolerance.

So the worst-case scenario is one where commuters are in an unacceptable but unavoidable situation.

2
0
Charles 9
Silver badge
Devil

Re: Some problems are just hard

Oh, great, force cyclists used to whole lanes into a narrow space, making them a target for vengeful motorists...

On a rainy day when you need to ride 25 miles each way to the big-box with no way to carry the groceries home except perhaps a backback...

IOW, it's not just a political issue but a safety issue, too. Especially when cities aren't geared around short-range travel and have a natural tendency against it, wanting to cluster the same kinds of things together.

0
0
Charles 9
Silver badge

Re: If you are going to describe a future, make it aspirational.

So I wonder. Why was the project canceled? Too difficult to implement or too many ways for Murphy to mess it up (thinking a blowout at one of the lead car or a sudden road obstruction creating a chain reaction)?

0
0
Charles 9
Silver badge

Re: Has the author not heard of TFLs Live Bus Arrivals?

"Oddly enough, the system will append the characters "LF" to the time to tell you if the bus has a low floor for wheelchair users."

IINM, THAT flag can't be helped because of disability accommodation laws. In America, we have the Americans with Disabilities Act. I believe England has something of the like.

Have you tried telling the bus people to adapt existing parts of the SMS to multitask. The only way they can REALLY be out of letters is if all SMS-valid characters for the entire length of the text is spoken for. Under those conditions, I don't think they can REALLY say that, and I would think they can find SOME way to cram in more indicators in existing text locations.

0
0
Charles 9
Silver badge

Re: Has the author not heard of TFLs Live Bus Arrivals?

Does little good for you, though, if you have to make a connection that never coincides...

4
0
Charles 9
Silver badge

Re: the above problems point to one root cause

There's also the matter of zoning. It's easier to make one large commercial or industrial zone with all the associated infrastructure set up for it: like with like.

2
0
Charles 9
Silver badge

Re: The best urban transport

"You get cold & wet walking to your car or waiting for a bus."

That's why they invented parasols. At least you can use one en route to the car or while standing at the bus stop. Once you're inside, though, you're in an encapsulated vehicle that keeps you dry. Cycles are open-air and not well-suited for inclement weather.

Manual bicycles are also ill-advised for areas that are full of uneven terrain. Hilly San Francisco springs to mind, as does a place I know nearby that's in the Appalachian foothills.

Perhaps what's needed is an encapsulated bicycle with optional motor a la a Derny. This would be the most versatile kind of vehicle: no wider than a bicycle, protects from bad weather, and optional external power in case of uphill climbs or other tricky terrain.

Then again, there's still the matter of large shopping trips. How will we get our stuff (too much for the bike) home without having to do a boomerang trip with a vehicle rental?

8
5

Online armour: Duncan Campbell's tech chief on anonymity 101

Charles 9
Silver badge

Re: I disagree.

"Here's the real crux, security is not sexy to the general populace, it's a matter of need, but it's implementation is largely done by people with knowledge. Look at something as common as TLS and the now defunct SSL. To a general user, this just "works", but have you actually ever setup a CA and pushed that out to more than 1 or systems? It's an effort."

More than that. It's a matter of TRUST. SSL and TLS both depend on certificates, which in the general use case have to rely on Certificate Authorities. Which means essentially Alice and Bob have to trust Trent. Thing is, sometimes Trent is really Mallory (or more often Gene), so you're back into DTA mode.

Making SSL/TLS "just work" requires a level of trust that in today's world could be considered ill-placed. And people are getting sick and tired of all the hoop-jumping. Go back to the front door. A burglar can just kick the door down, but trying to guard against it is too much hassle for the ordinary person to deal with. Yet people complain about break-ins at the same time, which means customers are demanding the impossible: something that's too easy to break and yet too tough to go through everyday.

Or in a nutshell, "Not Enough is Too Much."

1
0

MasterCard adds fingerprint scanner to credit cards for spending sans the PIN

Charles 9
Silver badge

You'd be surprised. Not far from where I live, someone got bumped off in broad daylight in a C-store in full view of the camera over 89 cents. As I recall, the case is still open.

0
0

Armouring up online: Duncan Campbell's chief techie talks crypto with El Reg

Charles 9
Silver badge

"If you _know_ you've got no security, then you're naturally careful about what you store. If you believe you're secure, then you feel confident storing material that otherwise you might not."

Like I said, if you have NO CHOICE but to store it, then you're basically SOL either way. In which case, it's best to have the security blanket than drive yourself insane with paranoia. Remember, this is as much about psychology as it is security (that's why ease of use and security can be on opposite ends of the same scale).

0
0
Charles 9
Silver badge

"Once the audit has finished there's still the possibility of holes, but Truecrypt will be in a stronger position than now. In the meantime though, using crypto software that is unsupported and has publicly been declared insecure by the devs is a bad idea - you've got a potentially false sense of security and nothing more."

Except, like I said, there's nothing else on offer. As for the public declaration that it's insecure, best case, they're lying so as to look like a dead canary. Worst case, that simply puts it in the same boat as every other encryption software on the market for the simple reason that we don't know enough about the alternatives. The one thing that sets TrueCrypt apart is that audit. No other encryption software has been audited, and none has a formal proof. Which means, even after the declaration, it's STILL the best on offer in a world where no encryption is not an option. Put it this way, even a false sense of security is preferable to NO sense of security. The alternative is to go offline, which for many of us is not an option at all.

PS. Before suggesting PGP/lo, consider users who can't use a loopback device. Many people have no choice but to use Windows on systems that lack the capacity to dual-boot or use a VM (like a netbook--nice for air travelers as anything bigger draws increased security scrutiny but not very powerful).

0
0
Charles 9
Silver badge

"All you armchair security experts are aware there are protocols for blinding traffic analysis, right?"

And there are ways to beat the blinders, too. You don't need traffic analysis when you pwn one of the endpoints.

0
0
Charles 9
Silver badge

Re: a nice try....

"That assumption is still too strong, since many compilers operate on input beyond the source, and the toolchain required to build an executable often involves more than just a compiler. Compilers and other build tools may embed timestamps, for example. They may need to embed references to libraries and other data that's outside both the compiler's control and the application source corpus."

Timestamps can be matched up, and the experiment assumes no external libraries (self-contained source) and considers any assemblers, linkers, etc. to be part of the self-contained suite. gcc IIRC is self-contained in this regard.

0
0
Charles 9
Silver badge

Re: a nice try....

"The whole thing seems to be dependent on an unjustified (and demonstrably incorrect) assumption: that two functionally equivalent programs produced from the same source by two different compilers will (always?) have bit for bit identical executable code."

They get around this by making the two different compilers compile a third one. No matter the result, as long as the third compiler acts deterministically, then when you compile the third compiler using the results of your first two compiles (both of which should be functioning identically since both were built from the same source), then the end result should be two identical compilers. If not, either (a) the third compiler is nondeterministic, or (b) one or both of the first two were tainted.

1
0
Charles 9
Silver badge

Re: Horses for courses

Maybe not ROT13 but perhaps something just a touch more difficult like an unpatterned substitution cypher (ROT13 is patterned). I once had fun playing with a cypher based on a #, and X, and a dot. If Big Sis is a bit smarter, perhaps something a bit more elaborate to mask spaces and punctuation.

0
0
Charles 9
Silver badge

Re: Abandon SMTP

"Set the wayback machine to the 1980s and see how X.400 looks as a concept. An email setup designed from the ground up to support authentication, anti-tamper, encryption, and so on. Even been proven to work, on battlefields and the like."

Also as I recall proven to be a right mess. It's just plain too complex, as anyone who's had to untangle a misdelivered X.400 message can attest. You need a secure solution, yes, but it has to be a SIMPLE secure solution. Otherwise, you run into the wrong end of the secure-vs.-easy to use scale. In order for something to actually be practical, it has to be in the MIDDLE of the scale: BOTH secure AND easy to use--otherwise people either end-run around the encryption or it'll be full of holes.

2
0
Charles 9
Silver badge

Re: Truecrypt is a threat

"The prosecution have to prove on the balance of probabilities that you have not handed over the keys..."

The argument is that TrueCrypt has deniable encryption. And the plods are well aware of TrueCrypt's ability to house a hidden volume. Which means, unless the outer volume is full (which prevents the creation of a hidden volume), you could be hiding something and you're lying (which is what anyone with something to hide would do). There's your balance of probabilities right there.

"Also, the penalty isn't life imprisonment, but that's a side issue."

It's an "infinite loop" punishment. Each time you refuse, you get thrown in jail and the encrypted volume is still there, unopened, meaning the moment you get out they can just ask you again, ad infinitum.

0
0
Charles 9
Silver badge

Re: My only comment

I'm curious about VeraCrypt, but the fact it's hosted on CodePlex, a Microsoft site (and using a Microsoft-based license), raises a cautious eyebrow. Why here and not, say, SourceForge?

I'm currently trying DickCryptor on and off. It specializes in whole-volume encryption, but it's not as well-rounded. I may give VeraCrypt a test spin.

1
0
Charles 9
Silver badge

Re: Truecrypt is a threat

That may be true in Britan, but people in America are protected by the Fifth Amendment, where one has the right to remain silent and not self-incriminate. Even if compelled to speak by subpoena, one may simply answer, "I plea the Fifth." Not even Congress could get around that answer, not even during the famous Red Scare.

2
0

Why has the Russian economy plunged SO SUDDENLY into the toilet?

Charles 9
Silver badge

Re: All this reminds me of something from Jerry Pornuelle

You forget. Every aircraft carrier currently in service in the US Navy is powered by a reactor. That was the idea: use leftover reactor power during quiet moments to churn out jet fuel, saving the logistics of porting to get more.

Anyway, put this together with much-safer (and perhaps much-smaller) reactors and you can see a track to true energy independence.

1
0

Q*bert: The Escher-inspired platform puzzler from 1982

Charles 9
Silver badge

Re: There was a lot of originality back then

Another note about that 6502. It was doing nearly all the sound work. There wasn't a dedicated sound chip in Gottlieb/Mylstar's games. They simply hooked the 6502 to a DAC and let it have at it. The only thing that wasn't generated by the 6502 was the voices created by the Votrax SC-01 speech chip. BTW, I call it a bit of comical sound genius to direct the SC-01 to play random phonemes as needed to produce unintelligible speech. About the only time the SC-01 plays a predetermined sound is for death screams when Q*Bert or Coily fell off the pyramid.

1
0

GCHQ: We can't track crims any more thanks to Snowden

Charles 9
Silver badge

Re: How to eliminate drug lords

Fine, then, leave the existential threat there to destroy you...

0
5
Charles 9
Silver badge

Re: How to eliminate drug lords

Because the country may not be on friendly terms with you. Meaning you're between a rock and a hard place. Going after him's bad enough, but you can't leave him there, either.

0
10
Charles 9
Silver badge

Re: How to eliminate drug lords

"If you think you've found a criminal, get a warrant."

And if the criminal is operating in a country that won't respect your extradition request?

0
12

No NAND's land: Flash will NOT take over the data centre

Charles 9
Silver badge

Re: Last hurrah

"Not sure how well a cold disk will respond after a few years on the shelf."

Compared to flash, I hear it stores better. Meanwhile, tape is only economical these days for enterprises. For the consumer market, it's pretty much hard drives or bust for the time being. To that end, I double-provision with a one-year rotation and use parity archives within for the occasional bit rot.

0
0
Charles 9
Silver badge

Re: "what comes after is breathing heavily down the neck of flash"

I think the term you're looking for is "meme". The term has ascended beyond its clinical definition, much as "xerox" and (as mentioned above) "drive" have become memes. Who cares if they're not exactly right? They still evoke an appropriate image, just as the icon of a floppy disk still evokes the image of saving, so we're gonna use it regardless.

0
0

YEAR of the PENGUIN: A Linux mobile in 2015?

Charles 9
Silver badge

Re: Very pleased with Linux

I think that's a "just in case" maneuver, in case there is a need for an essential Windows-only software that's not WINE-friendly.

15
2

Movie industry's evil plan to destroy the internet is going precisely nowhere

Charles 9
Silver badge

Re: Cheaper content

Guess you've never heard of "captive markets" before.

1
0
Charles 9
Silver badge

Re: My tuppence worth....

They're complaining that they're not getting as much as they figure they can get. It's like expecting a box of donuts to have the baker's dozen of 13 but only getting 12. It doesn't matter that they're setting records because they want to break those records even higher. Piracy to them is a controllable cost so they're going to work on it regardless of the return.

2
0
Charles 9
Silver badge

Re: Control your media better.

"I remember he was pretty adamant in stating that content never traveled over a network."

As I understand it, it IS an option (for locations with high-speed data connections), but the preferred method is by external hard drives. I recall the keys can also be sent by a USB dongle. Still makes me wonder if they've been careful about potential exploit entry points via USB and so on.

1
0

Sony hackers dump more hunks of stolen data, promise another 'Christmas gift'

Charles 9
Silver badge

Re: Sticking it to the Man is one thing

Hubris? Is that related to Pride? I can't think it to be Greed, Lust, Envy, Gluttony, Wrath, and Sloth (as I know the other six).

0
0

Net Neut: Verizon flips the bird to FCC on peering deal crackdown

Charles 9
Silver badge

"It often appears that ISP has segued from Service Provider to Service Preventer in many locations."

But then again, if it wasn't Verizon (with its exclusivity contracts), it would likely have been no one, as no ISP is willing to wire out to The Middle of Nowhere™ without assurances.

1
1
Charles 9
Silver badge

What if ISPs responded to a Title II declaration by raising prices across the board and blame it on increased administrative costs? Sounds like a lose-lose to me since changing ISPs isn't an option for most Americans.

1
1

That sub-$100 Android slab you got on Black Friday? RIDDLED with holes, say infosec bods

Charles 9
Silver badge

Re: Yay scareware stories

Proprietary SoCs with patented hardware wrapped in NDAs happened.

0
0

Nork-ribbing flick The Interview AXED: Sony caves under hack terror 'menace'

Charles 9
Silver badge

Re: 'Flashmob' screening

Ever heard of EMP? South Dakota is the center of the US geographically.

0
1
Charles 9
Silver badge

Re: "All eyes are now on the hacker's next move."

"The only way to stand up to a bully is hit him as hard as you can in the mush. You might get some bruises, but keep it up and he'll go away eventually."

Except when it backfires, he and his gang beat you into the hospital and rear-door you while they're at it and then escape prosecution because the leader's dad is the mayor and they know secrets that can topple several members of city council.

3
2
Charles 9
Silver badge

Re: Grow some balls!

"Come ON! There is no likelihood of this threat being acted upon, the resources necessary to carry out the threat make it impossible, even for "a rogue state"."

Three guys with fertilizer, diesel, and a rent-a-truck demolished a major building in Oklahoma City 20 years ago, without any state backing. A bunch of guys turned airliners into fuel bombs in 2001. The Target and Home Depot hacks and now Sony Pictures (perhaps even the mother company). Who are we to prove what's possible and what's not in today's society?

3
4
Charles 9
Silver badge

Re: Grow some balls!

Not thinking so much the US (though if they did, think a high-altitude blast over South Dakota--just ONE EMP's bound to be murder). But what about Seoul? That alone could be enough to seriously destabilize the region, would be pretty easy for them to pull off (Seoul's within artillery range of the DMZ), and recall Kim Jong Un isn't exactly what one would call the rational sort.

0
0
Charles 9
Silver badge

Re: Grow some balls!

And if the criminals are backed by a rogue state and know where you and your family live and have threatened to blow up your house while you sleep? That's the level of the threat being posed right now: it's getting personal.

Also, don't forget that the Norks carry what's considered the ultimate trump card. Even if they don't turn nukes on America, there's always Seoul to worry about. A target that close they don't need to shoot a missile; it can just be smuggled in Sum of All Fears-style.

1
9
Charles 9
Silver badge

Re: Terrorists win BIG time--America is now a nation of cowards

Thing is, at least the Soviets were reasonably rational and wouldn't have fired the nukes unless actually threatened. That's why Mutual Assured Destruction worked with them.

With the Norks...you're not so sure. Kim Jong Un may well consider World War III preferable to the movie being released. What do you do against a madman with no regard for life and his finger pressed on a Dead Man's Switch?

1
0

ESA: Venus probe doomed to fiery death on weird planet's surface

Charles 9
Silver badge

1. it'd be a bit hard to read from so far away (JOKE!).

2. Most fuel gauges get vague at low fuel levels because the means of measurement can only go so low before it bottoms out (SERIOUS). Consider your car's fuel gauge.

1
0
Charles 9
Silver badge

Probably confusing the leap year with the leap second, which is applied to UTC (whose second is not based on rotation) to re-synchronize it with GMT (which is a solar time). Leap seconds are because the earth's rotation is slowing down oh so slowly and this is our way to keep our reckonings stable for the time being.

IOW, I don't think a leap second is going to help correct a Venusian reckoning that's off by that much.

9
0

Can't stop Home Depot-style card pwning, but suppliers will feel PCI regulation pain

Charles 9
Silver badge

Re: when will they have to comply?

"The standard is worthless and meaningless, as long as the companies are allowed to simply purchase insurance to cover their negligence and eventual breaches."

But don't the insurance companies get theirs back at the retailers by hiking their rates after a breach? I know that's how it's done in the auto insurance industry and other insurance industries: the higher your risk profile, the higher your rates.

1
0

FLASH! Aaa-aaah. 3D NAND will save every one of us

Charles 9
Silver badge

Re: More storage, faster storage where the hell is Reliable longterm storage?!?!!

It's your 25 years that's the problem. Technology is moving SO rapidly that the means to retrieve that 25-year-old data may disappear well before then. Consider this. 20 years ago the 1.4MM floppy was standard issue. Now you know any computers that pack one? Same with Travan tape drives.

IOW, trying to actually keep a storage medium viable for a quarter century is a crap shoot. So the general recommendation is to rotate the backups every few years as technology advances. As of right now, tape has the edge when it comes to cold storage, with spinning rust edging out current flash technology and optical discs for second (leaving it the most viable option for consumer backups at this time).

If you find an inexpensive means to store data by the terabyte and can survive, say, five years in storage, I'd love to hear about it.

1
0
Charles 9
Silver badge

Re: Half a century is a long time to be #1 in computing

THIS time, though, spinning rust is itself up against the magnetic limit. 3D flash actually has a genuine physical advantage this time: it stacks MUCH better than spinning rust.

3
0

Forums