* Posts by Charles 9

3885 posts • joined 10 Jun 2009

Researchers camouflage haxxor traps with fake application traffic

Charles 9
Silver badge

A Turing Test for Honeypots?

So basically, creating a server that looks so much like a legit server that a hacker can't tell the difference between it and a real server?

Why do I keep thinking the Turing Test for some reason?

PS. I know it's not an exact analogue, but the basic idea is the same: a simulation of a real server that can't be distinguished from the real thing, only in this case used intentionally as a bait. Sort of like creating a highly-convincing drug dealer persona for a police sting.

2
0

Boffins attempt to prove the UNIVERSE IS JUST A HOLOGRAM

Charles 9
Silver badge

Re: Trillion defined

Seems a touch inconsistent since I was expecting it to be 10^24 instead (if a million is 10^6 and a billion is 10^12). I would've thought 10^18 would've been described as a million billion instead of a trillion.

0
0

Banking apps: Handy, can grab all your money... and RIDDLED with coding flaws

Charles 9
Silver badge

Re: Not surprising

"The lack of adequate review framework is a key fail. You have no idea about the quality of a piece of code until it's been tested and those tests have been reviewed by > 1 trustworthy third parties..."

But tell that to the bean counters...

3
0
Charles 9
Silver badge

Re: Not surprising

"Yup. Life was much nicer in the era of software supplied on ROM. If it came on EPROM, you knew to expect some quirks. But if it came on a ROM, well, a faulty ROM set could sink a company so there was none of this "push out what we have and fix whatever develops in the field later" idea."

Even then, the fact that everyone only had ONE chance to get it right didn't exempt rush jobs. In the business world, the coders have to compete with the other departments just like everyone else. Ask Atari back in the early 80's. It's particularly hard to to code a game when you have such a short timetable (with NO room to maneuver--it MUST be ready in time for the Christmas sales rush or it's not worth doing). Perhaps the RISK of going under beats the CERTAINTY of losing your business to the competition if you don't deliver.

0
0

That 8TB Seagate MONSTER? It's HERE... (You'll have to squint, 'cos there are no specs)

Charles 9
Silver badge

Re: Nobody has yet asked the important question

I don't think so. Just in official circles, what you can find on the Internet probably ranks at least in the tens of TB...and growing. No single drive on Earth has the capacity, and I suspect the amount of porn will keep growing with the drive sizes, making it rather a chase.

0
0
Charles 9
Silver badge

Re: Now you can lose 8TB of data in one shot instead of just 4!

"Spinning disk will die quickly once flash gets large enough."

The economics simply aren't there and won't be for the foreseeable future. Flash either cheaps out but loses longevity or sticks with longer-term chips that are an order of magnitude more expensive per TB. For bulk storage that must still be randomly-accessible, there's no substitute for spinning rust. Otherwise, said alternative would be in the consumer sphere as a backup medium (tape's currently enterprise-oriented and too expensive while opticals are too small a capacity relative to today's drive capacities--it would take around 20 dual-layer BD-R's to store the capacity of a 1TB hard drive and those discs will inevitably have longevity issues). Frankly, I would LOVE to see something other than spinning rust as a medium-term consumer archival medium, but I'm not seeing it.

7
1

Super Cali signs a kill-switch, campaigners say it's atrocious

Charles 9
Silver badge

Re: Once again...

Roll-your-own networks will likely be unable to beat government-sanctioned jammers. And US cell phones have a restricted number of frequencies it can use, so the government could well have the capability to jam ALL of them.

0
0
Charles 9
Silver badge

I think this Act prevents the exploit in this case as the bricking is, IIRC, designed to be one-way. Meaning once it's bricked, nothing can be recovered from it. It would basically have to be reflashed from scratch, which wipes out the user data. Who knows? Even this might be disabled, preventing it being cleaned out and fenced.

0
0
Charles 9
Silver badge

Re: @Eugene Crosser

That STILL doesn't prevent the phone being taken to a country where the blacklist isn't honored or kept up to date. The lists tend to differ from country to country, and countries may not talk to each other. With a bricking, once it's bricked, it's bricked everywhere, meaning it's tougher to fence a stolen phone.

0
0
Charles 9
Silver badge

"Real thieves can always carry a Faraday bag they can pick up at Amazon to drop the nicked mobile in and sell it off at their leisure in Tibet. Of course that will just mean that California will pass a law banning the possession of Faraday bags by civilians which will soon lead to bans on metal foil and ultimately the closest someone will be legally able to get will be 00 steel wool pads that are no more than 1/4 inch thick but I digress."

Then why aren't they doing it already with the iPhones that have Activation Lock?

4
2
Charles 9
Silver badge

Why don't the conspiracy theorist consider that the government can simply order the cell towers shut down? It's a simpler approach, can be achieved with a warrant, and has precedent, both in and out of western civilisation.

And before you go the "recording atrocities" angle, this law has no effect on dedicated cameras (of the video or still variety).

3
3

China building SUPERSONIC SUBMARINE that travels in a BUBBLE

Charles 9
Silver badge

Re: Why use the military?

"Who do you think owns most of the US governments debt, and thereby picks up the US's bills?"

Its own citizens, if you care to check the actual books. Most bonds and treasury notes stay in the US. China does hold some US debt, but it's not a very sizable portion. It's one reason the US's sovereign debt isn't considered as dangerous as others: because most of it is held domestically.

2
1

Cracking copyright law: How a simian selfie stunt could make a monkey out of Wikipedia

Charles 9
Silver badge

It's not JUST the ownership that makes it the owner's copyright. It's the concept of AGENCY. A photographer acting in the employ of a company and using the company's equipment is essentially an agent of that company, so the copyright goes to the company.

2
0
Charles 9
Silver badge

The trick here is that it's a photo TRAP, meaning the photo was taken basically on a direction of the photographer (take the picture when an animal crosses this point). This makes it a human-directed picture and thus copyrightable.

In the monkey picture, as far as we know, the monkey took spontaneous photos without any human direction. Sort of like a dog knocking over a paint pot and the contents splatting on a canvas.

8
3

Who needs hackers? 'Password1' opens a third of all biz doors

Charles 9
Silver badge

Re: NO REALISTIC

So what happened in the Middle Ages when most people were illiterate and STILL had to remember tons of usually-dissimilar things in their day-to-day lives?

0
0
Charles 9
Silver badge

Re: Don't allow retries

One, they can send numerous zombies to simultaneously try the same account, creating a race condition. Two, many brute-force efforts come AFTER they purloin the shadow files (analogue: they take the still-closed safe with them) at which point they can crack at it at their leisure.

0
0

AMD unveils 'single purpose' graphics card for PC gamers and NO ONE else

Charles 9
Silver badge

My card's a mid HD6, so I guess I'm several gens out of the loop. Let's raise the bar, then. Same specs except at 4K resolution (4096 x 2160)?

4
0
Charles 9
Silver badge

So the Obligatory Question:

Can it play Crysis...at 1920x1080 at a minimum 60fps with all maximum details with, say, a Core i7 six-core CPU backing it up?

7
0

True fact: 1 in 4 Brits are now TERRORISTS

Charles 9
Silver badge

Re: No good any more

But what happens when said psychos run into even worse psychos, sucb a people willing to nuke a city or three just because they're in the way?

0
0

Memory troubling you, Android? Surprise! Another data slurp vuln uncovered

Charles 9
Silver badge

Re: I do not install anything asking for this permission

The problems with your idea are (1) if Android is gaining market share, they could employ captive-market tactics. Barring a mass exodus, Google can just wait it out. (2) Google ITSELF mines tons of data. Blocking consumer demographics access would be shooting themselves in the foot.

0
1
Charles 9
Silver badge

Re: I do not install anything asking for this permission

"The noble idea of app permissions is flawed by not being able to revoke them individually at install time or afterwards."

And remember, this was demanded of app devs before they would even start developing apps on Android. Otherwise, Apple would still be top dog. So now it's a tug of war. Since it's the devs who pay Google actual money to get their apps out there, they're the ones who have Google's ear. End customers can't really influence Google (one leaves, another takes his place) unless they trigger a mass-exodus, and even there, where would you go (Blackberry is foundering and Microsoft and Apple each have their own issues)? Plus, if faced with the prospect of user-customized permissions, devs could still balk and either make their app unusable without all the permissions or simply abandon Android and go back to Apple.

1
0
Charles 9
Silver badge

Re: Solution

There's already a specific Android permission for this "Draw Over Other Apps". Thing is, like the article says, some apps need this functionality to interrupt user action. What's to stop this function being used for evil while at the same time being disguised as something plausible like an alarm clock?

Sounds to me like the most robust way to handle this (separate the desktop compositor into a black box task and let the apps request their graphical resources from that) has drawbacks of its own such as memory and CPU/GPU costs.

2
0

Pedals and wheel in that Google robo-car or it's off the road – Cali DMV

Charles 9
Silver badge

Re: Driving test?

I don't believe in common sense. Or rather, I think it's rather not so common because it seems to differ from place to place. In any event, this is something for the programmers and testers to deal with. In essence, they have to BUILD a machine common sense. Train the computer to note that if it cannot locate the road some distance ahead it should come to a stop before then. If animals (including humans) are on the side of the road, perhaps it should set itself up to take an evasive maneuver if necessary: slow down, edge away from them, etc. We generally learn about these things; we don't just remember actually learning them: probably because it was through observation. Similarly, we need to learn what various things are. We just need to develop analogues for the driving computers: ways to identify the various things it detects and the various procedures to use in these situations.

4
0
Charles 9
Silver badge

Kind of begs an intriguing question. Given that each type of driver (human and computer) has some form of failure mode (inattentive human, glitching computer), which should be the default more-reliable case in the event of conflicting input?

7
0

SpaceX prototype rocket EXPLODES over Texas. 'Tricky' biz, says Elon Musk

Charles 9
Silver badge

I think the point is that this was essentially a stress test. The odds of the thing coming through in one piece were pretty slim, actually. In terms of SpaceX's continuing research, this is more of a "Hmm..." moment. They pushed it and wanted to see if it would break. Well, it broke all right. They'll definitely be looking through the test data since they'll be expecting it to tell them where they'll need to adjust next.

9
0

FCC not quite sold on Comcast TWC gobble

Charles 9
Silver badge

I say there should be one big condition to the merger: that Comcast spin off NBC Universal. If they want to be the biggest end-user communications company in America, they'll have to do it as a DUMB pipe. No more favoritism, which means no more vertical integration.

3
0

US Copyright Office rules that monkeys CAN'T claim copyright over their selfies

Charles 9
Silver badge

Re: So, from another viewpoint...

Didn't a Caribbean island threaten to negate copyright one time in retaliation for some US-based insult? I'm trying to recall how the matter was settled.

0
0

RealVNC distances itself from factories, power plants, PCs hooked up to password-less VNC

Charles 9
Silver badge

BTW, did this test tell the difference between view-only access and controllable access? Sure, view-only access has its own foibles, but it's a lot harder to pwn a machine when you can't remote control it.

0
0

It's time for PGP to die, says ... no, not the NSA – a US crypto prof

Charles 9
Silver badge

Re: It's hard for a reason

So what happens when you run smack into the fence separating security and usability? Because for security to be ubiquitous, it MUST be easy to use (and by that I mean easy enough for Stu Ped to get). Yet difficulty is a necessary evil for something to be practically secure (sort like having to fish for the keys to the front door).

So basically, the security problem is looking to be intractable because you're caught between needing a system a state-level adversary can't break in a heartbeat and needing a system easy enough to be used by people who have trouble remembering what they did yesterday.

0
0
Charles 9
Silver badge

Re: Business cards??

Because the keys are too big to put on even 2D barcodes (even I suspect the color barcodes once touted by Microsoft). Which means you have to store it somewhere, which means you have to trust both the place it's stored AND whatever means is used to transport it. And if your opponent's something of state level, I wouldn't even trust the fingerprint (since the state may secretly have the means to subvert things behind the scenes).

0
0
Charles 9
Silver badge

Re: Not saying PGP is perfect

I *tried* to put a certificate into a qr code. It doesn't work, at least not for 2048 bit certificates.

That's odd. 2048 bits should take up only 256 bytes, well within the QR Code limit of 2,953 bytes under ISO 8859-1 encoding. Even if you have to convert it to a text-compatible format, you should still be well within the limit, even counting necessary overhead.

0
0

Rupert Murdoch says Google is worse than the NSA

Charles 9
Silver badge

Re: Opt-in?

"Especially when considering there was no way to tie an online user to this data in a way to improve ad targetting,"

There's always a way to tie an online user. Cleartext metadata will suffice. Heck, didn't researchers show they can correlate identifiable information from an encrypted connection using timing attacks? Face it. Data mining is the specialty of companies like Google. These firms basically strive to ensure no privacy in this world.

0
0

Boffins propose security shim for Android

Charles 9
Silver badge

Re: This already exists

And MY point is that Google lacks the motivation to bake in security. In fact, they're actively DEmotivated. Unless lots of people actively defect to Apple or Blackberry specifically because of security, then the money keeps coming into Google, especially if saps KEEP their phones insecure sources of personal information.

2
0
Charles 9
Silver badge

Re: Or

Microsoft was in an Apple-like position: owning the dominant desktop OS in the market, which meant devs had to play by Microsoft's rules or not at all. Android has only just edged iOS for dominant mobile OS and not by much, meaning Android devs could still take their app and go back to Apple.

0
1
Charles 9
Silver badge

Re: This already exists

But Xposed requires rooting. What's needed is a root-free solution and that will probably mean baking it into Android itself, and Google lacks the motivation (remember, their customers are the devs--they're the ones paying to get in the app store and giving Google the cut--not the consumers). Apple can get away with it ONLY because they're still the irresistible lure. And Blackberry is enterprise-oriented which changes the focus points.

1
0
Charles 9
Silver badge

Re: Or

Huge, huge flaw in Android design.

Actually, that was BY design. Remember that once upon a time, Android was behind Apple in the app market so they needed a way to convince app devs to jump on board. A permission system geared more to them was one way to convince them. And once you have that, the genie's basically out of the bottle since trying to curtail them NOW will break too many things: many with no alternatives.

1
0

Top Gun display for your CAR: Heads-up fighter pilot tech

Charles 9
Silver badge

If it's a specialized HUD, showing just car-related information, then I don't think they could consider it any more of a distraction than the speedo itself, which is standard equipment. If the plods nail you for that, I'd probably argue they're basically saying required equipment is a distraction, meaning cars are inherently unsafe.

As for the police doing their work, they can pull the same thing pilots and lorry drivers can: they're trained in what they do.

0
0
Charles 9
Silver badge

Re: So many things to consider.

"Pilots have lots and lots of training. They don't have other aircraft jumping out in front of them or traffic lights turning red suddenly as they fly along."

They might. Wingmates might break away to track a bogie they spotted and so on. Plus there's always the danger of incoming fire. One of the things drilled into pilots through history is to maintain situational awareness. Target fixation is a killer.

As for the HUD itself, it needs to be as concise as possible: able to convey the most information with the littlest amount of clutter. Pilot HUDs cram quite a bit along the edges of the display, keeping the center cleared for all-important targeting. In the case of the car, a driver's HUD should be as unobtrusive as possible UNTIL it needs to draw your attention to something immediate, and these signals should be discernible from peripheral vision. This means the indicators have to be distinct enough to be detected from the corner of the eye. Color can be used in this case. For example, a speedometer's number can be ignored through familiarization, but perhaps if it changed to yellow to indicate you're now crossing over the speed limit, it can be caught in the peripheral vision and be a useful caution message. Similarly, if the turnoff is coming up, perhaps part of the map can blink briefly as a hint to start looking around.

0
0

US TV stations bowl sueball directly at FCC's spectrum mega-sale

Charles 9
Silver badge

What gets me is why is the spectrum being SOLD? Such a precious and limited resource, you'd think the FCC would instead LEASE the spectrum and keep all the lessees bound to usage rules and the like: always holding the final call. Because once sold, it's extremely hard to buy it back should it be necessary.

5
0

Think crypto hides you from spooks on Facebook? THINK AGAIN

Charles 9
Silver badge

In other words, they can fingerprint you by using the fundamental underpinnings of the Internet. It's like figuring out your activities by skimming your incoming and outgoing post (just the addresses, not the contents). The additional volume of e-traffic makes the profile more robust. And since the endpoints are already known, TOR is useless.

This is one heck of a side-channel attack because the only way to beat it is to mask the headers, and the only way to do that effectively is to introduce intentional inefficiencies into the Internet.

3
0

Time to ditch HTTP – govt malware injection kit thrust into spotlight

Charles 9
Silver badge

Re: This is why you *don't* want HTTPS

"/goes back to mumbling about the days when ftp was the primary interface used on the internet. My current ftp client is 150kB. That's a whole lot easier to audit than Chromium, Firefox and by a massive long-shot, IE. "Pretty" is causing massive security issues."

The issue the article describes, and one that FTP can fall into, as well as SMTP, POP3, NNTP, and just about ANY plaintext protocol, is that a malcontent can MITM the connection and alter the contents in transit. In FTP's case, the file transfers and directory listings can be poisoned. And it would be indistinguishable on your end, meaning you have no way to know you're not REALLY getting the stuff you asked for.

0
1

Premier League wants to PURGE ALL FOOTIE GIFs from social media

Charles 9
Silver badge

"Will the FA employ Drones to spot all those malcontented Glassholes?"

Forget them. They already make "live shades" that woud've made Spider Jerusalem jealous. 4 GB+, can do video (many at 720p30), MicroSD, Bluetooth-capable, AND they look completely like ordinary glasses. Add a pair of prescription lenses and you have a perfect disguise that no one can force you to take off (since the prescription renders the glasses medically necessary).

1
0

Time to move away from Windows 7 ... whoa, whoa, who said anything about Windows 8?

Charles 9
Silver badge

Re: Just built two W7 computers

"Just built two Ubuntu 12.04 (actually newer than win 7) computers and are already on about EOL it. How are you supposed to keep up?"

Just built as in a few months ago? Why didn't you go for 14.04 which is also an LTS release meaning you're good for three years at least?

2
0

Dolby Atmos is coming home and it sounds amazing

Charles 9
Silver badge

Despite them being two small holes, there's actually quite a bit of acoustics that goes into your ear. Consider the vibration of your skull as well as the reflections of sound waves down the ear canal. Ever considered how we're able to aurally perceive that something is behind us rather than in front of us, given the two sources can be an equal distance to the ears? Plus, as the article notes, we can also figure out if the sound is above us.

2
1

Password manager LastPass goes titsup: Users LOCKED OUT

Charles 9
Silver badge

I personally think we need to move beyond passwords. Except that for any possible solution I can think of (my personal favorite concept is two-way unique key exchange per-site per-user which can be performed offline if necessary), there's always a snag: the better fool, so to speak.

0
0

Japanese boffins invent 4.4 TREEELLION frames per second camera

Charles 9
Silver badge

Re: We're gonna need a bigger hard drive...

But that takes time you don't have. Last I checked, we don't have image processing ICs capable of running in the Terahertz range yet, and this may well requires something operating in petahertz to be able to process images in realtime in trillionths of a second. Anything less than realtime and you have to deal with storage and transfer bandwidth between the camera and storage AND the storage and the processor.

1
0

Americans to be guinea pigs in vast chip-and-PIN security experiment

Charles 9
Silver badge

Re: to counter mr mugger, you need a panic PIN

They ALREADY counter panic codes with frog marches. They won't let you go until you get the actual cash out of the machine. If you use a panic code, things are liable to get ugly. This also has the advantage that the mugger stays out of the ATM's ever-present eye. I frankly don't know how this can be countered without some unwanted side effect (I was thinking a booth that can only fit one, but what if it jams and locks you in, or you're too fat to fit?).

0
0

High five from AMD: New supercomputer GPU maxes out at 5.07 TFLOPS

Charles 9
Silver badge

Just curious. I notice some of the GPUs experience a 1:4 performance penalty when going from single- to double-precision, but many (bot notably not all) of the AMD GPUs manage to reduce the penalty to 1:2. Can anyone explain how they do this and why it isn't consistent across the board (unlike nVidia, whose GPUs seem to be consistently 1:4)?

4
0

Verizon to FCC: What ya looking at? Everyone throttles internet traffic

Charles 9
Silver badge

The issue applies to BOTH wired and wireless, though wireless gets hit with this problem harder than wired due to the physical limits of spectrum. The problem is that customers are expecting completely unlimited Internet access, no strings attached, but accounting and physics make fulfilling that exact demand infeasible. So what do you do when the customer expects nothing less while it's impossible for you or anyone else to deliver anything close?

0
0
Charles 9
Silver badge

Re: guaranteed minimum connection

I think part of the problem is that "guaranteed minimum" speeds would probably looked at with a sneer. IOW, they'd be trusted less than the "unlimited" claims. Let's face it; customers at this point are jaded. It's making the marketing department rather nervous, as they're running out of ways to entice the customers since the same-old stops working after a while. Meanwhile, accounting pushed back by reminding them that the uplinks costs are metered. I see it like this: how do you make a satisfactory sweet dish for a person who has no sweet spot in their tastebuds?

0
0

Forums