* Posts by Remy Redert

377 posts • joined 2 Mar 2007

Page:

Malware hidden in vid app is so nasty, victims should wipe their Macs

Remy Redert

Re: Wow

AFAIK all Apple machines run on Intel hardware, so if the malware writers really wanted to there's a few gaping holes in the management engine to exploit. I'd bet that even if a patch is available, the vast majority of machines will not have installed it.

3
1
Remy Redert

Re: A complete wipe?

I agree that you can't trust the OS itself afterwards, but with Linux at least it would be possible to boot off a live DVD/USB and run a scan from a known good OS to clean out any infection of the system.

The only way to get around that would be to have a firmware persistent malware at which point you'd have to wipe and reinstall the firmware for everything as well, probably over USB.

18
2

FCC gives Google's broadband balloons 'experimental license' in Puerto Rico

Remy Redert

Absolutely. But without effective communication, how do you determine where those are needed? And without communication, those in Puerto Rico have a hard time reaching friends and family outside of their immediate area, leading to a lot of uncertainty and stress. This seems like an excellent emergency measure for reestablishing a communications infrastructure after a disaster, prior to a permanent infrastructure being rebuilt.

12
0

Schrems busts Privacy Shield wide open

Remy Redert

The judge agreed with the data protection commish (Irish I assume?) that there are legitimate concerns regarding there being an effective remedy (to private data being abused) under US law.

And then the judge sent the whole thing on to the EU court for them to decide whether or not the Privacy Shield Ombudsperson is enough of a remedy. When the EU court decides it's not, Privacy shield is scuppered.

3
0

Don’t fear the software shopkeeper: T&Cs banning bad reviews aren’t legal in America

Remy Redert

There is, it's called extortion and it's illegal for a good reason.

16
1

Sorry, but those huge walls of terms and conditions you never read are legally binding

Remy Redert

Don't know the rules in the UK, but here EULAs more or less go into the bin entirely if they are presented 'as is' or after payment, because the courts consider a EULA a contract and both negotiation and having the terms and conditions prior to purchase are required for a contract to be enforceable.

The former is a smaller issue than the latter, but can still easily result in a court throwing unreasonable parts of a EULA right out the window. And then there's the issue of not being to sign away rights so while the contract may call for arbitration, they can't prevent you from going to court anyways if you don't agree with the results thereof or if the process takes an unreasonable amount of time.

12
1

Brit firms warned over hidden costs of wiping data squeaky clean before privacy rules hit

Remy Redert

Re: Backups?

You could probably get away with IF you use incremental back ups and store the deletion, so that any restored database would not have the data you were ordered to delete, even if it might conceivably be recovered from the back ups directly.

If you're planning to just go "Oh if we restore the back up you'll have to ask for your data to be deleted again", expect to be fined.

3
0
Remy Redert

Re: It is just not going to happen

How does 4% of global annual turn over sound? Because that's the kind of money we're talking about for serious infractions.

Companies will comply with the GDPR or they will go out of business.

4
3

House fire, walk with me: Kodipocalypse now includes conflagration

Remy Redert

Re: "Making the pirate experience less fun is part of the strategy."

How about making the legal alternative available? Where I live, I can only get HBO (well, not HBO, because they're not allowed to use the HBO name even if it is mostly HBO content) through 1 cable provider. Which doesn't provide cable in my area.

I can't get HBO from HBO directly, I can't buy GoT anywhere else until months after release. So my choices are 'wait months/years until a DVD/Blu-Ray release happens' or 'Pirate now'

11
1

'Coke dealer' called us after his stash was stolen – cops

Remy Redert

Re: Florida Man

Hmm... This change from rise to drop wouldn't happen to roughly coincide with a world war and mass use of leaded fuels would it? Some might consider that given the documented effects of lead on the development of the brain, that these two events might be somehow linked and that with the more recent ban on most such sources of airborne lead in the western world, we might see the trend eventually reverse itself?

4
0

Boeing preps pilotless passenger flights – once it has solved the Sully problem, of course

Remy Redert

Re: Remote pilots?

Who would you trust to implement remote piloting in a way that is safe and yet can still be accessed in an emergency? Remember, lots of people will need the key because the remote pilot will have to be relatively close to the airplane in distress, otherwise latency means it's only giving instructions to the auto pilot instead of actually flying.

Any remote control facility is open to abuse. The risk is higher the greater the impact of abuse, the lower the quality of code and the more people need access to the remote control option.

8
1
Remy Redert

Re: Remote pilots?

Part of the diminishing returns wrt drives is that every time a drive fails, you have to stop running or run at a significantly reduced capacity while you replace the damaged drive and rebuild the array.

In airplanes, a high MTBF is a great advantage, but safety forces you to land in most cases if you lose a single engine, even if you had 8 or 10 to start with. The Falcon 9 on the other hand doesn't have any such option. It either completes the mission or it fails. Adding more engines increases the risk of an engine failing, but significantly reduces the risk of the mission failing

10
0

German court says 'Nein' on Facebook profile access request

Remy Redert

Re: Contract?

You must be an adult to form a legally binding contract. Contracts with minors are far more susceptible to a judge overturning them if they run against the minor's interest or otherwise cause issues where for an adult, that will pretty much only happen if the contract is outright illegal or abusive or was signed under pressure or false pretenses.

So a minor can enter in a legal contract, but due to the difficulties of enforcing a contract on a minor, a lot of companies won't enter into most kinds of contracts with minors. For example, try getting into a closed beta that requires an NDA as a minor. An adult who breaks that contract can potentially be sued (even if it's rare for that to happen), but a breach of contract suit against a minor is going to be a lot harder, since you will likely have to demonstrate that the minor fully understood the consequences of breaking the contract, as well the terms of the contract itself.

2
0

EU axes geo-blocking: Upsets studios, delights consumers

Remy Redert

Re: Axed Geoblocking

Just 4 months late? When is this going to happen?

Entirely too many movies and series release more than half a year later than in the US, if at all, in some parts of Europe. And people wonder why movie piracy and the like remains such a big issue.

29
0

French fling fun-sized fine at Facebook for freakin' following folk

Remy Redert

Re: Does not compute, Captain

Our respective representatives wondered that as well. Which is why the new regs due next year increase the maximum possible fine to 4% of global turnover. Because companies have repeatedly shown that fines which do not threaten to bankrupt them are not sufficient to make them pay attention.

19
0

'Tech troll' sues EFF to silence 'Stupid Patent of the Month' blog. Now the EFF sues back

Remy Redert

It does. Instead, you can go with "You can't sue us in Australia because we are an exclusively American outfit operating exclusively under US law and publishing our articles for consumption by US citizens."

The alleged crime happened in the US, by a US organisation and no doubt US citizens. The Australian court has no jurisdiction in the US and no way to enforce its ruling except by blocking all EFF IPs and disappearing the EFF from Australia's version of the internet.

26
1

Trump sets sights on net neutrality

Remy Redert

Re: I'd equate Trump to Hitler but...

Unfortunately, you are missing a vital step towards ensuring a new US government remains sane. The US needs to step out of the 2 party state system and First Past The Post voting and switch to a better democracy by using proportional representation. As a bonus, this also makes gerrymandering a moot point as votes will be totalled on the national level.

12
0

Microsoft delivers secure China-only cut of Windows 10

Remy Redert

Except as already established previously, the telemetry ignores the host file. You need a separate firewall to deal with it. And I'm not sure if a firewall on the same PC will work.

5
0

RAF pilot sacked for sending Airbus Voyager into sudden dive

Remy Redert

Re: Interesting

Looks like the pilot screwed up, co-pilot returned to the cockpit and applied pitch up. The fly by wire system noted the speed was getting dangerously high and idled the engines to prevent the aircraft exceeding the do not exceed speed.

So the pilot failed thoroughly, but the co-pilot acted quickly and correctly once he returned to the flight deck while the fly by wire helped.

2
3

Big Tech files anti-Trump brief: Immigration ban illegal and damaging to business

Remy Redert

He could say he opposes serial killers working in child care and the left would protest and big tech would file lawsuits.

And he would try to stop this by banning a group of people that had no serial killers in recent history, in a way that violates anti-discrimination laws. He would then defend the ban by claiming that there's lots of serial killers in that group.

And then he'd be surprised when people go to the streets in protest and file lawsuits against him and his order, just like you apparently are.

9
2

US govt can't stop Microsoft taking its Irish email seizure fight to the Supreme Court

Remy Redert

Re: Get them from the account holder

Well, there's this funny thing in the US called the constitution and one of the things it specifies is that people cannot be forced to incriminate themselves. This has already been tested and found to apply to passwords and PIN codes.

I don't know if it's also been tested wrt usernames, but it seems likely that those would fall under the fifth amendment as well. So the US government cannot force a suspect to give up login details in order to retrieve e-mails.

Now, IANAL, but obvious law is obvious. If the user and company both reside in the same jurisdiction, then that jurisdiction's laws (and thus court orders) should apply, regardless of where the data is stored. If the user and company reside in different companies, the laws in the user's jurisdiction apply to him, but court orders will need to be obtained in the country the company operates in.

Physical location of the data is as stated irrelevant in this manner, provided that this is internationally agreed and enforced. Of course it'll never happen because it means the US won't be allowed to spy on everybody any more.

7
0

Canada fines Amazon seven hours of profit for false advertising

Remy Redert

Re: List Price

Well, you could compare to the prices of your competitors or to the pre-sale price of the item. The former gives a much better comparison of your savings, but requires regular updating of your competitor price lists. The latter gives accurate savings vs buying it outside the sale, but don't compare to prices from other vendors.

1
0

Amateur radio fans drop the ham-mer on HRD's license key 'blacklist'

Remy Redert

Re: Missing clause

Sorry, contract law applies to licences the same as it does to purchases. Once established, the contract cannot be revoked without mutual consent or exceptional circumstances. The contract can spell those exceptional circumstances out, but if the court decides the limitations are unreasonable you're in for a fun ride as they can and will assign fines and damages on top of making you refund the product and pay for the legal costs of the aggrieved party.

8
0
Remy Redert

Re: Missing clause

Except that is not, in most countries, how contract law works. A contract is established between 2 informed parties and can only be dissolved with the consent of both parties. There are very few exceptions allowable to that requirement of mutual consent.

A company can decide not to sell you their product, but once they have sold you that product they cannot then retract that sale without a very good reason or with your consent.

11
0

Rift rift assists swift shift at crest of adrift Occulus

Remy Redert

Don't forget that if you're developing for Vive (Aka SteamVR), you can use room scale and you can be fairly certain that any VR headsets released in the future will automatically support your game.

Look at the Fove, which is SteamVR compatible and will have room scale support. Eye tracking is pretty interesting and makes way for higher resolutions and lower system requirements.

1
0

Radar missile decoys will draw enemy missiles away from RAF jets

Remy Redert

Re: Security by melting?

The answer is that flares are getting pretty ineffective. Lots of flares can still generate a big enough signature to just straight up blind an IR guided missile, increasing the chances of it missing by enough to not kill your airplane.

Chaff remains somewhat effective by the same principle. Your radar signature becomes so big and indistinct, it's hard for the missile to actually get close enough to kill your plane.

Any active decoy will very quickly run into the same problem flares ran into. Weapons will get smart enough to disregard a return that suddenly goes ballistic and chase the one that didn't go ballistic instead.

1
1

You call it 'hacking.' I call it 'investigation'

Remy Redert

Re: Counter productive

Is there any way for them to verify the Nth character of the password without having the password stored in the clear somewhere? If so, is there any point changing the password regularly when it's being stored in the clear on the bank's side and thus available for hackers anyways?

4
0

Facebook image-tagging to be tested in Californian court

Remy Redert

Re: vote with your feet

Don't worry, Facebook will still tag you in any photos someone else puts on Facebook, even if you don't have an account. Just like they'll use their tracking cookies on everyone.

28
0

The case for ethical ad-blocking

Remy Redert

Re: When is ad-blocking ethical?

Blocking ads from the same server is usually simple as well. Strip all flash. That just leaves you with (mostly) static ads which are usually unobtrusive. If the host makes those an annoyance as well, time to find another place for your content.

5
0

Oculus Rift review-gasm round-up: The QT on VR

Remy Redert

Re: Having tried the Rift

The problem quoted was of course the cable between the head and the computer. But if the cable was between your head and something else you're wearing, you wouldn't have any of the tangling issues.

Given that capability, we can stick all the heavy crap (batteries, wireless gear, etc.) into a nice pack we belt around your waist. Cable up from there up your back to your head. We don't have to worry about it getting tangled because your arms don't normally reach there and you can't spin your head 360 degrees anyways. Now we've got much less of a problem with battery mass.

1
0

BOFH: This laptop has ceased to be. And it's pub o'clock soon

Remy Redert

Re: Quibblage

As soon as you smash either laptop into rubble, it stops being a laptop. Since it is no longer a laptop, its state is irrelevant.

7
0

Lithium ion batteries banned from passenger aircraft holds

Remy Redert

Re: Lithium ion batteries banned from passenger aircraft holds

If those boxes will withstand the worst case failure of those batteries and the plane can fly on without them, then the risk of a battery fire goes from "May down aircraft" to "Occasionally have to replace burnt out battery".

You can of course take the same approach wrt to shipping lithium batteries. Put them in a container that will safely withstand a worst case failure and the worst thing that can happen is after removing the container from the aircraft, its contents burst into flame when the container is opened.

Of course the reason Boeing didn't do that in the first place is because such containers are heavy and the same applies to the reason this isn't being done when shipping batteries

2
0

Shopping for PCs? This is what you'll be offered in 2016

Remy Redert

Based on converting a few dozen machines of various ages from Windows to Linux over the last few months, I'd say 50/50 odds of any random machine working immediately, 90/10 of it downloading the necessary drivers when given a (wired) internet connection.

The few exceptions were generally easily fixed, but that does require some knowledge and/or Google.

1
0

Ground control to Major Tim! Brit's spacewalk halted after NASA 'naut takes unexpected leak

Remy Redert

Re: Tasting water?

Oooh, that one's simple. There's nothing liquid in the suit besides water and possibly small amounts of urine (if you forgot to relieve yourself before suiting up). Similarly, there's nothing in there that is toxic in small amounts. Hence, tasting any liquid released inside the suit is safe enough. In the worst case scenario, it's a mild base and tastes really bad.

1
0

Evil OpenSSH servers can steal your private login keys to other systems – patch now

Remy Redert

Re: Private key on the server??? @John Robson

Because nothing needs to be implemented on the server. It's just the client keeping your key in memory so that if the connection is dropped for any reason, the client can automatically reestablish the connection without bothering the user about it. If the drop is short enough, the user might not even know his connection was dropped.

2
0

Man goes to collect stolen-car court docs found in stolen car in stolen car

Remy Redert

Too dumb to live, would be very appropriate here wouldn't it?

0
0

Microsoft Edges bets on browser-only Skype

Remy Redert

It might just be me bring cynical, but it occurs to me that abolishing plugins also handily gets rid of such plugins as no script, adblock and all its other varieties that help put control over the browser in the hands of the user.

If I don't get to control what does and doesn't run in my browser, I'm not going to use your browser.

As an excellent example,vcertain advertisers have gotten wise to the fact that unmodified Chrome auto-runs embedded html5 video, while flash and its ilk are click to run. However I couldn't see any option to do the same to all videos. As a result I'm now finally running adblock again having earlier gotten rid of it and filtering by blocking flash content instead.

12
0

US to stage F-35-versus-Warthog bake-off in 2018

Remy Redert

Re: Ultimate CAS

Stealth is a disadvantage in Wild Weasel as the enemy has to see you to shoot at you and they have to think they have a shot at you in order for them activate their SAMs and give you a target to shoot at. Most of the modern electronics of the F-35 are designed for air to air work. A decent radar warning system is all a drone would need and those aren't that expensive, especially when you want to build hundreds if not thousands of them.

Shoot first missions are done more and more by cruise missiles and drones because we don't want to risk pilot's lives by flying them into heavy air defense. The F-35 is insufficiently stealthy to pull this off reliably anyways so you'd have to turn to B-2s.

The reason we worry about survival chances in SEAD missions is because they're flown by pilots and pilots are worth a lot more than their aircraft to us. Drones are unmanned, nobody cares if a few million dollars worth of drones gets shot down to kill tens of millions worth of SAM sites. Using drones in SEAD is a simple numbers game, can I afford to throw drones at your defenses, even when I'm losing multiple drones per site I kill? Do I have enough drones to saturate your defenses and force you to shut down or lose them all?

If it comes to that kind of numbers game, Western powers vs the kind of threat we've been fighting, insurgents and Middle eastern dictators, the bad guys don't stand a chance. And that tactic isn't limited just to them, it works just as well against the Russians and the Chinese, the only difference is that if you want to use this against the Russians and the Chinese, you'll need to either go all out and bring drones equipped for air to air missions and shoot everything that's not yours or you'll need to bring your own air superiority planes to keep the enemy from using their planes to hunt your drones.

And if you're using drones as decoys, then you'll want something that can carry lots of ordnance to back them up. F-18s or F-16s, perhaps after another modernization program, are perfectly capable of the job, can carry more ordnance further and longer than the F-35 and can outfight it up close where it matters.

5
0
Remy Redert

Re: Ultimate CAS

Except that if your enemy has long anti-air capability, the F-35 in its CAS role is just as vulnerable. What you need then is good ol' Wild weasel and general SEAD missions. The F-35's stealth if it works is a disadvantage in these missions and besides, drones can do it better.

Send up some drones to circle a battlefield at moderate altitude. Equip them with a mix of laser or optically guided and anti-radiation missiles. Shoot anything with a radar and anything that launches missiles in their direction.

Keep that up for a few days and now you can fly your A-10s again as the enemy either no longer has SAMs or is too scared to use them effectively.

5
0

'Fix these Windows 10 Horrors': Readers turn their guns on Redmond

Remy Redert

Re: No Control of Updating

Yes. You can disable driver updates. After Microsoft pushed a dud Nvidia driver that broke every computer with an Nvidia videocard for a few days until Microsoft fixed it, except for those people who happen to know that's there's a tool hidden away on Microsoft's website that allows you to roll back an update that broke your computer. Temporarily of course.

Sometimes I don't want to defer an update, I want to NEVER get it. The 95% of the Windows users who need forced updates probably don't know how to turn the automatic updates off in the first place.

4
0

Jeep drivers can be HACKED to DEATH: All you need is the car's IP address

Remy Redert

Re: I beg to differ

Step 1) Locate the antenna used for wireless connectivity

Step 2) Snip the wires leading to it.

Your vehicle's connectivity is now permanently disabled. Enjoy.

If you have GPS, it probably has another antenna for that, which being receive only you may not want to mess with unless you're extremely paranoid.

11
1

Microsoft to Windows 10 consumers: You'll get updates LIKE IT or NOT

Remy Redert

Re: Seems reasonable

If this applied only to security updates it might conceivably, with the right settings, be acceptable. Since it applies to all updates, with me currently having to block several of those on my machine because they break things, I would have to resort to blacklisting IP addresses to stop any updates from happening.

Unless they backpedal on this and allow me to both roll back and prevent reinstallation of patches that break things, I will not touching Windows10.

19
0

Malfunctioning Russian supply podule EXPLODES above Pacific

Remy Redert

It actually wouldn't. The bottom couple of kilometers would come down, the rest would burn up on reentry or go shooting out into deep space, depending on where it gets cut. Everything above the cut goes zipping off into deep space, everything below falls back into the atmosphere. Everything above ~50km is going to end up going fast enough to burn up on in the atmosphere.

You'd need to put the tether at the equator, so you'd probably attach it to a large floating platform. Attach some thrusters and you've got some rudimentary maneuverability to avoid collisions in the first place.

A severed orbital elevator would be very expensive, but it's not going to cause any serious damage back on Earth.

7
0

App makers, you're STILL doing security wrong

Remy Redert

Re: Security!=privacy

It's nice to think PayPal is collecting this information for security reasons, until you realise that your browser on both PC and phone don't leak this info and can be made to appear however you like. I expect that a lot of use of PayPal still goes through said browser.

1
1

Sony tells hacked gamer to pay for crooks' abuse of PlayStation account

Remy Redert

This is pretty much what I did when I had a dispute with Steam. Purchased a game, found it was utterly and completely broken and unplayable, contacted their support to get my money back. They of course refused, so I contacted my bank to get my money back.

Steam blocked the account, I threatened to sue for the value of everything on the account, plus costs and damages. A few days later the account was unblocked and the offending game and related charges were gone.

16
0

Microsoft RE-BORKS Windows 7 patch after reboot loop horror

Remy Redert

Re: Oops!

I have my system similarly configured, but for some reason some updates get auto-installed anyways. I've now added the relevant update servers to my hosts file and the router's blacklist. There will be no more updating or getting update information without my actions.

2
0

FCC says cities should be free to run decent ISPs. And Republicans can't stand it

Remy Redert

Infrastructure

Some might say that in the world we now live in, the internet is infrastructure. And who is responsible for a lot of that? Governments. It seems that allowing a local government to roll out infrastructure and then wholesale it to commercial ISPs sounds like a good plan. The local government runs the local infrastructure, various ISPs rent capacity to service their customers.

Big ISPs, little ISPs, they've all got the same chance to compete with that setup. Of course the big ISPs won't like that because the little ISPs can and will compete them out of the local markets with lower prices (through lower overheads) and quite probably better customer service.

21
1

Facebook sad-nav: How to put depressed chums on internet suicide watch

Remy Redert

Re: Erm...

It seems to be the exact opposite. Instead of a machine reading all your friend's posts and giving you a warning if they're feeling depressed/suicidal, which is very much abusable, this is a button YOU can press if YOU think your friend is feeling depressed/suicidal, which prompts Facebook to have a look at that person's recent history and offer help to the depressed/suicidal person.

This means that there's no machine reading of your posts because your friend signed up to something (Okay, Facebook, there's machine reading of your posts anyways) and your 'friends' aren't be alerted by Facebook. Abusing this feature would be a lot harder because presumably if a malicious party started reporting random/harmless things, they'd just get banned and if you make a fake account under someone's name to make them look suicidal, well, you could already do that just fine, this function doesn't change anything about that.

3
2

SSL-busting adware: US cyber-plod open fire on Comodo's PrivDog

Remy Redert

Let's be fair here. Implemented properly a local mitm does not need to constitute a security risk. But the software doing it needs check the validity of certificates and either block untrusted ones and inform the user or pass untrusted certificates straight to the browser for it to handle.

3
1

iBank: RBS, NatWest first UK banks to allow Apple Touch ID logins

Remy Redert

Re: Not smart.

Step 1) Talcum powder or similar over the screen, backside of the phone and any other items that are liable to have fingerprints.

Step 2) Sticky tape over now visible fingerprints.

Step 3) Sticky tape on scanner. You now have a digital copy of the fingerprint. Depending on the quality, some touch up may be required.

Step 4) Depending on technology, you can now print the fingerprint to paper (This still fools many fingerprint readers!) Or use 3d printing to make a mold.

Step 5) If you used 3d printing, fill the mold with a suitable gel. It will take a few hours to set. Skip this step if your targeted fingerprint reader can be fooled with printouts.

Step 6) Use fingerprint.

Total cost in equipment for printout fingerprints? A few bucks for the talcum and sticky tape. You probably already have the computer and scanner.

Total cost for the equipment for proper fingerprints is a few thousand bucks for the 3d printer, which is reusable and a few dollars per mold.

Depending on the quality of your mold and gel, you can get fingerprints thin enough to apply to your finger directly, making it difficult for others to notice that you're not using your own prints to log in. This is a moot point for the phone app as you do not need to use it near anybody, you can log in at home and transfer money at will.

2
1

Page:

Forums

Biting the hand that feeds IT © 1998–2017