Feeds

* Posts by Charles 9

3600 posts • joined 10 Jun 2009

Watch out, Yahoo! EFF looses BADGER on sites that ignore Do Not Track

Charles 9
Silver badge

Re: 3rd party cookies

I think Badger can also handle the FIRST-party cookies as well from sites that won't behave.

Thing is, how long before sites use cookie detectors and won't let you in until you accept them...ALL of them.

1
0
Charles 9
Silver badge

Re: Armor up

Especially since many sites, including some of the BIG ones or ones with exclusive content, are now employing ad-blocker-blockers of a very broad sort. Basically they won't let you see anything unless you open yourself up to the cookies.

3
0
Charles 9
Silver badge

Re: If they really want to 'badger them'...

Except that might be grounds for a suit. Perhaps a quick beep to the EFF and for every, say, 100 times they get a red flag, the EFF can send an e-mail to the admins of that website listing the violations. Of course, they'd also need to find a way to make sure it's not summarily filtered, but enough of them should start getting their attention. And the sites can't accuse the EFF of spam since each message is different and all the e-mails will be valid claims of misconduct.

1
0

Laser deflector shields possible with today's tech – but there's one small problem

Charles 9
Silver badge

Re: Snails

The problem is that plenty of animals have found ways to enjoy their escargot in spite of the shell. Birds, for example, have their powerful beaks while racoons have learned to rap snails against rocks and the like to crack the shells.

1
0
Charles 9
Silver badge

What about for unmanned stuff such as a missile? Could this combined with spin and a highly-reflective coating provide adequate defense against interception by a laser system? This can have practical implications for things like shipborne defense systems.

1
2

Super-heavy element 117 DOES exist – albeit briefly. Got any berkelium handy?

Charles 9
Silver badge

That's supposed to be 115. That element is currently undergoing confirmation and is expected to be officially added (and named) pretty soon.

0
0

Thanks for nothing, Apple, say forensic security chaps

Charles 9
Silver badge

Re: You can't simultaneously have good privacy and easy recovery of data.

Over and above the customer's wishes (as in "The Customer is Always Right")?

0
0
Charles 9
Silver badge

Re: solid state wiping

In this case, it's not zeroes. The flash is encrypted at the partition level, so it all looks like noise. The wipe wipes out the key needed to make it make sense, and it probably does this by putting a new key in its place.

3
0

DeSENSORtised: Why the 'Internet of Things' will FAIL without IPv6

Charles 9
Silver badge

"Then again, how often have you seen a non-technical user enter an IP address for an external site? I know some who don't even enter URLs."

Online gamers. Most small-time servers ONLY have IPs.

1
0
Charles 9
Silver badge

Re: As another no-nothing on the subject of IPv6

Is hex really that much harder? HELL YEAH!

At least with IPv4, there are at worst 12 digits (and note, they're all numbers). We deal with sequences of similar lengths when we negotiate the telephone system: which we have for decades. What real-world analogue is there to the IPv6 scheme?

IOW, IPv4 is within our comfort zone. IPv6 is WAY out of our league.

0
0
Charles 9
Silver badge

Re: Brandon 2 someone tell the NSA...

You missed the point of the post. He's saying the NSA would welcome IPv6 because it would make snooping EASIER because of the removal of the NAT layer. This means they can remove the step of bridging the inner and outer networks from their work of breaking through the firewall.

0
0
Charles 9
Silver badge

Re: Sir

Part of the problem with IPv4 isn't just the lack of public addresses, it's the lack of private addresses.

Private address space 10/8 allows 2^24 addresses within it. If there's a company that uses more than 16 million addresses within its internal network, I'd like to see it.

0
0
Charles 9
Silver badge

Re: Firewalls

I think the logic is that if anyone can break the IPv6 firewall between your home and the outer net, they can also break the IPv4 NAT router and create the necessary bridges between the networks.

So IOW, what you want is a dumb fridge, not a dumb network. Because in your scenario, it wouldn't matter if your fridge was using IPv4/NAT or IPv6; malcontents will find a way in either way.

As for the whole address space thing, I think people are MUCH more comfortable with IPv4 vs. IPv6 because IPv4 is--at worst--12 digits. That's not too much of a stretch from a telephone number: something we've been memorizing for decades. You can't say the same thing about IPv6 addresses unless they've been SERIOUSLY shortened, and then there's the matter of the letters; at least when telephone numbers use letters, they're used intentionally as a mnemonic.

0
0
Charles 9
Silver badge

Re: Bridging IPv4 to IPv6

The problem has never been IPv6 talking to IPv4. There's a reserved IPv6 prefix for IPv4 addresses. The problem has always been going the other way: an IPv4 site wanting to talk to an IPv6 site.

1
0

Google forges a Silver bullet for Android, aims it at Samsung's heart

Charles 9
Silver badge

It's not so much that anything's being removed but that Google's setting a VERY high bar for premium phones for the foreseeable future. Especially now in a more-security-conscious environment, getting first dibs on updates (and perhaps a guarantee on updates for as long as the phone can handle it as well) is going to be a selling point. It's going to make the likes of Samsung wonder if it's worth it to keep differentiating themselves anymore since not just their custom UIs but also their differentiating hardware means they can't just accept new versions of Android as easily as Google. EVERYTHING that's unique to them has to be tested and probably recoded with each new version. That's why there's a delay with manufacturers even for their carrier-free models. Since Google makes the final call on what makes a Silver phone, and as the article says, the specs are going to be very strict, which means there'll be no room for differentiation. And for the non-Google brands, differentiation is necessary for them to stand out. Otherwise, Google's brand will be what stands out, not theirs (Quick Quiz: Who actually makes the various Nexus devices for Google? See what I mean?)

0
1
Charles 9
Silver badge

No. Because the customizations depend on under-the-hood Android features that CHANGE from version to version. Take the notification bar. KitKat (v4.4) changed the code up there (for efficiency reasons), in the process breaking every notification customization to date.

So you see, they can't just make it a bolt-on because the bolt holes don't match each time.

0
1
Charles 9
Silver badge

Re: Well, it was only a matter of time......

TouchWiz is more than just a home screen. Especially at the high end, it has a lot of other things under the hood that influence the UI. It's also where carriers tend to insert their custom programs so that rooting and using an AOSP-based ROM means you lose their functionality (thus why I'm back on TouchWiz on my S4--only way to get T-Mobile's Visual Voicemail and WiFi Calling).

0
2

Cuffing darknet-dwelling cyberscum is tricky. We'll 'disrupt' crims instead, warns top cop

Charles 9
Silver badge

But on the other hand, some things are irreversible once committed (murder, for example, or destruction of a unique object), so the only satisfactory solution in that case is prevention; anything else is too late for the victim(s). So in that sense, we won't settle for less than prevention because the only way the victim is happy is if they don't get victimized.

So how do you reconcile the justice system with such a desire?

0
0
Charles 9
Silver badge

Re: I find this amusing...

OK. How about ANY encrypted traffic will be inspected and anything the plod can't decrypt (= trusted and vetted site) will bring the Men in Black. Then make every site I allow require image mangling and other anti-stego techniques such that anything that would get through would be extremely low on bandwidth: impractical for large applications.

0
0
Charles 9
Silver badge

Re: A better solution: better defences

Impossible. The ability to access it is ALSO the ability to break it. Because of this, there's no way to create a system that is BOTH intrinsically secure AND easy to use: they work at cross-purposes. The only real way to improve security is to make it harder for EVERYONE to get in, but once you do that, you make it more onerous for the user, and it is usually the intractable PEBKAC problem that is going to do you in in.

1
0
Charles 9
Silver badge

Re: A better solution: better defences

"Rather than going through a public wringing of hands and gnashing of teeth as they bewail the fact that these criminals are doing the online equivalent of wearing a mask with two eye-holes, aren't there other ways to use their time and budget to better effect? Such as stopping crimes from occurring rather than running around - Keystone Cops style - trying to catch them afterwards: once they have their swag, or have tweeted vaguely insulting things about someones mother."

Because you run into the "eternal vigilance" problem. YOU have to be lucky all the time. THEY only have to be lucky ONCE. Meaning, by the Law of Averages, they're gonna get through at some point. Look at Stuxnet, that crossed a blankin' AIR GAP! So given that inevitability, the next step is to try to limit the damage, which is also easier said than done.

2
1

US mobile firms cave on kill switch, agree to install anti-theft code

Charles 9
Silver badge

Re: Insurance is a scam only scammers can appreciate

Unless you actually have something go wrong. Me? I paid $10 a month once for the insurance. Nine months in, all the touch-buttons broke down simultaneously. Just flat broke. Got a replacement phone through the mail with little fuss. Phone kept working for the duration of my contract, so I call this Your Mileage May Vary.

0
0
Charles 9
Silver badge

Re: 24 hours?

People already know how to PREVENT the phones being bricked. Faraday bag.

6
0
Charles 9
Silver badge

We already have that. The HARD part is sharing and ENFORCING it between countries. Good luck with that part.

3
1

TrueCrypt audit: Probe's nearly all the way in ... no backdoor hit yet

Charles 9
Silver badge

Re: Don't trust iSEC or NCC Group audit

Probably because any company NOT in bed with the NSA or GCHQ is in bed with someone else. IOW, it's pick your poison.

0
0
Charles 9
Silver badge

Indeed, given the environment, why contract an American security firm?

2
1

Snowden-inspired crypto-email service Lavaboom launches

Charles 9
Silver badge

Re: Can web-based 'secure email' ever actually be secure?

"paper is a pretty virus- and hack-proof tech"

Au contraire. The virus can encode itself INTO the printout, meaning it can still be transported via paper: encoded WITH the message.

0
0
Charles 9
Silver badge

Re: Why I'd never use this...

Point is that if ANY part of the system can be arm-twisted by the US, they can perform MITM attacks to obtain your private key. This combined with hoovering the raw encrypted data would allow them to decrypt your emails. And since they can squelch, there's no way for you to know they've done it.

0
0

Most Americans doubt Big Bang, not too sure about evolution, climate change – survey

Charles 9
Silver badge

Re: Well ...

Last I checked, the Big Bang was considered more than a hypothesis but a theory: the difference being there is consensus in the experimental data being used to support the idea: red shift, accelerated separation, etc. While some healthy skepticism is okay, any competing theory would have to be able to tick more of the boxes than the Big Bang can.

As for "divine presence," a few questions always spring to mind. Foremost, if there really is a divine presence, why only one inhabited world so far as humanity knows?

0
0
Charles 9
Silver badge

Re: give me a break

The fossil counts as proof that life form once existed on Earth, and perhaps a living relative still exists on the planet, but that fossil itself is not evidence at all of evolution.

OR a Creationist would argue that the Devil planted those fossils in there to trick you into thinking the Earth is older than it really is. Similarly, it's impossible to argue facts when you're arguing lies at the same time. Even facts backed by consensus can be countered by the old, "one lies and the other swears by it." Fact is NEVER UNDENIABLE because you can ALWAYS call it a lie, boiling it all down to belief again.

0
0
Charles 9
Silver badge

Re: The takeaway . . .

There's another problem within the problem which is in turn wrapped around the conundrum. It's the belief that the situation at hand is PRESSING. Sort of like someone telling you the boat your on has sprung a leak. IOW, part of the debate is whether or not this is an emergency, as in if we don't do things immediately, there could be drastic consequences for which we can't escape (ex. having to swim the remaining 100 miles to shore because you took too much time arguing the context while the boat sank under you).

0
0
Charles 9
Silver badge

Re: Not surprising

The matter of "No Child Left Behind" raises a very important moral question. If we don't follow this principle, children WILL be left behind, resulting in societal rejects.

The moral question is, "What does our society do with the rejects (for the hopeless ones for which there's just no place in our society)?"

1
0

R.I.P. LADEE: Probe smashes into lunar surface at 3,600mph

Charles 9
Silver badge

Re: WTF is PDT?

So IOW the standard is to base the times on the location of whatever or whoever is controlling the thing?

0
0

MIT boffins moot tsunami-proof floating nuke power plants

Charles 9
Silver badge
Joke

Re: Security risks

"And the way things are going AI-wise, you will just buy a container of Aperture Science Turrets and put them at strategic points. Problem solved."

Just make sure you get a load of good turrets. Don't know how much good a load of half-naked, empty, and snarky "crap" turrets will do in such a situation.

0
0

Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS

Charles 9
Silver badge

Re: Barcode anyone?

Someone at the thread about luggage beacons posited everyone getting an RFID tag like they make for pets. Embed in the back of the hand and all.

Then again, like with the barcodes, someone's always gonna try to clone them. I think the concern is that anything man-made can be cloned, so they're trying to use something biological and thus innate.

0
0

A black box for your SUITCASE: Now your lost luggage can phone home – quite literally

Charles 9
Silver badge

Re: What is really needed

If they're THAT nasty, it doesn't matter WHERE you put it. Some idiot takes the whole bloody case, there's little hope for you. Remember, we're not talking about preventing theft of the case and/or its contents. We're simply talking about a better way of keeping track of it as it moves out of your sight. The handle is just the most convenient location because EVERY suitcase has a handle.

0
0
Charles 9
Silver badge

Re: What is really needed

Tag chips aren't that big these days. The one for pets is about as big as a grain of rice. Perhaps a manufacturer can use this as a selling point: an RFID embedded in the handle with a 64-bit UID (20 for the manufacturer, 44 for a serial number). Especially now with more phones containing RFID readers.

0
0
Charles 9
Silver badge

Re: Wrong end!

The same thing will happen here that happens with those paper loops: they'll affix the wrong one to your suitcase and everyone will claim it went to Madrid because it was TAGGED for Madrid.

0
0
Charles 9
Silver badge

Re: But 3G does work

The article specifically mentions Japan has no GSM coverage. By that, I think they mean GPRS/EDGE. It would make sense for the device to go low-tech to save battery (higher gen=higher drain) while it would make sense for Japan to drop old tech frequencies to make room for newer ones.

Ergo, the thing uses tech too old for Japan.

0
0

GoPro's new lens: Like a GOOGLE STREETMAPS car... for your life

Charles 9
Silver badge

Not much new

Basically a small version of a hemisphere lens. At least they're upfront concerning distortion. More a curiosity IMO but I'd try one for grins.

0
0

Reprieve for Weev: Court disowns AT&T hacker's conviction

Charles 9
Silver badge

Re: Charged again?

The initial jeopardy has been negated by the ruling that the trial was invalid. But if he's convicted a second time, time already served must be accounted in a new sentence.

0
0

Cheat Win XP DEATH: Little-known tool to save you from the XPocalypse

Charles 9
Silver badge

Re: Hardware?

That's the thing about the computer industry vs. other industries: they move at different paces. In most other industries, it's pretty common to obtain a very expensive piece of equipment and expect this equipment to last a few decades at least (otherwise, amortizing the cost over the life of the equipment isn't worth it). Many of these industries are small, highly-competitive, and wary of the competition. This means there are no standards in them since no one trusts the other to agree on anything. End result: the machines become black boxes, and the computers that control them (part of this black box and the point of contention here) are full of proprietary trade secrets. It's a Hobson's Choice since all the players do the same thing; you have to put up with it or you can't play in the industry.

0
0
Charles 9
Silver badge

Re: not to diss open source software

Did you remember to install the Guest Extensions? This creates hardware abstracting bridges between host and guest making it much snappier.

3
0
Charles 9
Silver badge

Hardware?

Plus this solution only works if the only snag is software. If your problem is due to EOL hardware, you can't virtualized and you're basically on your own.

5
0

So you invent a wireless network using LEDs, what do you do next? Add solar panels. Boom

Charles 9
Silver badge

Re: Fantastic.

1) Relay it from some corner of civilisation.

2) Hotspot uses too much power.

0
0

USB reversible cables could become standard sooner than you think

Charles 9
Silver badge

Re: Monitors

"I want it to be designed for things I don't have yet."

The trouble is that reality never throws a straight ball (or to use cricket lingo, it's a nasty spin bowler). You try to anticipate technology going one way, you suddenly find out it's gone somewhere entirely different, making your spec useless. For example, there's a distinct likelihood monitor cables in and of themselves will be obsoleted in the near future with short-range high-bandwidth wireless. That's probably why tech companies are leery to plan for the future: the plan tends to go awry.

1
0
Charles 9
Silver badge

It's extremely difficult to make a coaxial plug electrically safe. You can get away with a headphone jack due to the low power involved. One of the design aspects of USB is that earth is always the first to connect.

1
0

Windows XP is finally DEAD, right? Er, not quite. Here's what to do if you're stuck with it

Charles 9
Silver badge

Re: Here's what to do if you're stuck with it

The problem ISN'T fear of malware and such. THAT can be alleviated with a backup regimen.

The REAL problem is EOL'd hardware support. The example I gave noted that XP was the last Microsoft OS to support the ISA. The firm isn't worried about a bug; they're worried the ISA controller gives up the ghost since it can no longer be replaced. If that board goes, the entire CnC (which is a specialist machine full of proprietary trade secrets; therefore, nothing about it is public) would have to be replaced just because of that one controller. Because no machine beyond XP supports ISA, and since the controller is proprietary, it can't be virtualized, so just replacing the computer is not an option.

Thing is, IT lifecycles and industrial machine lifecycles differ by scale of about 10:1. Industrial machines typically run for decades, but the computers and software that control them aren't designed to work that long--their industry moves too fast to allow for building something with a 30-year working life. Another thing is that these industrial machines are expensive. It's their long working lives that make the investments worth it since the cost can be amortized over that long period. Short-lived controller computers are rapidly becoming weak links in industry.

2
0

Microsoft: We've got HUNDREDS of patents on Android tech

Charles 9
Silver badge

Re: I assume ...

First, isn't exFAT considered SEP because it's part of the SDXC spec, meaning all SDXC cards you buy come in that format?

Second, doesn't UDF have a big memory overhead?

0
0

The Great Hash Bakeoff: Infosec bods cook up next-gen crypto

Charles 9
Silver badge

Re: Having a cracking time

Given the repeated findings that people give up their own passwords under the flimsiest of pretexts, the ideal system would contain features unknown to the very people to whom the credentials do in fact belong.

Which kind of puts you in a dead end since a credential has to be presented in order to be used as a credential. How can someone present a credential they don't even know about?

Plus, as I've previously mentioned, who authenticates the authenticator?

0
0