* Posts by Charles 9

11112 posts • joined 10 Jun 2009

AI quickly cooks malware that AV software can't spot

Charles 9
Silver badge

Re: AI now, metal-based life forms soon

Is there a way to prove your claim that AI will always have intractable blind spots?

0
0
Charles 9
Silver badge

"Start with something legitimate. Make small changes. Small changes can fool AV engines. But if the AV engine were white-listing the legitimate code than those small changes should fool the white-listing. And if you weren't counting on white-listing why bother to start with legitimate-looking code in the first place?"

Perhaps they're trying something akin to Return-Oriented Programming which can use whitelisted programs to wreak havoc.

0
0
Charles 9
Silver badge

Or they're "gestfaults" (gestalt faults--worse than the sum of their parts) that involve how different pieces of code interact with each other. Each piece works fine on its own, but the bug ONLY appears when they're together, so it's very difficult to spot.

0
0
Charles 9
Silver badge

While the really, REALLY smart ones get those on "The List" to vouch for them. Or manages to steal the credentials of someone on "The List" and pose as them. That's why even whitelists aren't perfect (think Return-Oriented Programming which relies on pieces of whitelisted code to work).

3
0

Dirty carbon nanotubes offer telcos chance at secure quantum comms

Charles 9
Silver badge

The article seems incomplete. After all, what's to stop Eve emitting a new proton to Bob to replace the one she read?

7
0

NAND that's that... Flash chip industry worth twice disk drive biz

Charles 9
Silver badge

No one's arguing SSD will eventually supplant rust. The question is when. Like you said, new flash foundries are going up, but they're not online yet. Plus although there's essentially only one set of rust suppliers, it's well-experienced, mature, and established, meaning the incumbency and economies of scale factors are in play. And as any politician knows, it's very difficult to unseat an incumbent, especially a popular one.

1
0
Charles 9
Silver badge

And it doesn't take consumer backup needs into consideration, as tape at this stage is only economical at relatively large scale, meaning it's only suitable for enterprises. Which is why most tape drives expect server-class interfaces like SAS or FC. At the consumer end, the key metric is price against capacity, and here rust is still the winner. It's also still manageable if maintained on a semi-regular basis, say with at least a mirror and periodic rotation and replacement, with perhaps error coding added in to deal with the occasional bit rot. I wish there was a better solution to archive packrat activities, but tape got priced out of the consumer market a decade or two ago. So for now it's USB rust drives for me.

2
0

Apple removes VPN apps in China as Russia's Putin puts in the boot with VPN banlaw

Charles 9
Silver badge

Re: Great

Probably. Just assume they're trying to wipe out all unsanctioned encryption wholesale. Once they do that, they'll be working on stego sanitizers next.

1
1
Charles 9
Silver badge

Re: The future is almost here

IOW, a Stateful Internet. I'm surprised they haven't taken that step yet.

1
0
Charles 9
Silver badge

Re: The danger of the "app stores"....

Uber's trying to wade into legal gray areas. However, in doing so so boldly, they're going to make the courts and legislatures start turning those gray areas black-and-white.

1
0
Charles 9
Silver badge

Re: And how would this be enforced in the west?

They will if they risk being charged with terrorism or worse. As for packet inspection, if all unsanctioned encryption is banned, then they just have to inspect anything they can't parse or decrypt. Most Web content can then be sanitized to reduce the odds and rate of stego.

8
0
Charles 9
Silver badge

Re: And businesses?

Then they must entrust the State with access to their data or they don't operate in the country, period. No unsanctioned encryption will soon be the rule with treason charges against those who try to get around it with things like steganography (which they'll sanitize to minimize).

6
0

It took DEF CON hackers minutes to pwn these US voting machines

Charles 9
Silver badge

"True, but it's a lot more detectable than 100% computerized voting system."

I don't think so, not against a sufficiently-corrupted political machine. Think Venezuela levels...

1
0
Charles 9
Silver badge

Re: There's a fix for this

Plus there's the matter of doing it in a country of 350-million-plus people, not to mention their impatience regarding results, meaning it's not politically favorable to take your time.

0
0
Charles 9
Silver badge

But at that point, how can they be sure it's really their votes that were counted? It's not like a really good adversary would have two of everything, including voter rolls. Plus, there is an intractable voter problem: the conflict between two equal yet opposite needs, a free vote and a true vote. A free vote is required to be able to truly vote one's conscience, yet it prevents really being able to detect a covert swap outside of a "small enough that everyone intimately knows everyone else" village scenario. That can be prevented with a true vote, but that always raises the specter of voter pressure, preventing it being truly free.

0
2
Charles 9
Silver badge

Paper ballots can be stuffed and swapped by a sufficiently-resourced organization, like a political party or two.

0
3
Charles 9
Silver badge

Re: There's a fix for this

Two words: hanging chads. Punch cards and punch tapes are similar technologies.

0
0
Charles 9
Silver badge

Re: Why Electronic Voting?

Because then you have to trust the counters, meaning (corruptible, even in opposition--as a cartel) people.

0
5

Dark web doesn't exist, says Tor's Dingledine. And folks use network for privacy, not crime

Charles 9
Silver badge

Re: He's right. The "dark net" doesn't exist!

Well, you know what they say about gestalts: more than the sum of their parts.

3
0
Charles 9
Silver badge

Which could in turn be just a cover for a working quantum computer. Remember, black projects don't exist as far as the outside world is concerned.

1
1

Pre-order your early-bird pre-sale product today! (Oh did we mention the shipping date has slipped AGAIN?)

Charles 9
Silver badge

Re: Relevant Thunderf00t videos

Even if they're forced to wear clothes with NO POCKETS in them and can't wear lanyards for safety reasons?

2
0
Charles 9
Silver badge

Re: Kickstarter's about 99.995% bad

My one Kickstarter was for the Carmageddon reboot. A touch late, but at least they delivered. Helped it was a very popular franchise in its heyday.

1
0

Inside the ongoing fight to stamp out govt-grade Android spyware

Charles 9
Silver badge

Re: Legit purposes?

Even the Constitution is just ink on a page. Someone determined enough and with enough power can just ignore the law, wipe out anyone who dares interfere, and replace them with sympathizers. Sure, President Trump's running into resistance right now, but how much longer before things REALLY come to a head, perhaps resulting in a Second Civil War?

0
0
Charles 9
Silver badge

Re: Whilst I don't have anything to hide...

Simple. They hack the baseband processors, below the OS and anything you could touch. And it can work on feature phones, too.

2
0
Charles 9
Silver badge

Re: Legit purposes?

It's not BS at all. If one can MAKE the laws, one can do as one pleases. Ink on a page and all...

1
0

Firefox doesn't need to be No 1 – and that's OK, 'cos it's falling off a cliff

Charles 9
Silver badge

Re: IMO It is an engineering fault for their failure...

Unless they INTENTIONALLY pack the feature AND security update together and force you to take it or leave it, part and parcel.

0
0
Charles 9
Silver badge

Re: No. Just no

I call bollocks ON the bollocks because I can surf to the exact same sites you describe, simultaneously with multiple tabs, and not get a hitch, and I only have 8GB versus your 12. And I just double-checked my Task Manager. Between all its processes (foreground and background), it's only using about 500MB with all the jazz open.

0
0
Charles 9
Silver badge

Re: Betamax myth again...

Quality was why Betamax won in the professional market. You could find Beta machines in plenty of TV studios for that reason. Price was less of an issue there while generational preservation was.

As for stereo, I recall VHS had an easier time getting Hi-Fidelity sound onto the tape (especially in NTSC recordings) which is why they got an edge in sound and another reason VHS won that generation's video war. By the time Beta had a suitable answer, the war had pretty much run its course.

1
0
Charles 9
Silver badge

Re: Bollocks

Funny. I keep FF up for weeks at a time without an issue (have to keep a window open to keep an obscure, slow-to-reload page active), and I only have 8GB and a Core i5. Oh, and it's only using 500MB, with two windows (one Private) and multiple tabs active. WITH numerous Add-ons active including NoScript and uBlock Origin. Does it matter that it's v54 (32-bit)? And as for the interface, I frankly don't see what all the fuss is about. I LIKE the Hamburger menu, I reload with the keyboard, and if I need the regular menus, a quick flick of Alt opens it right back up. Ever tried to print a webpage from Chrome? It doesn't use the OS-standard print dialogs.

And no, I'm not a shill or anything. I simply, honestly and truly, prefer Firefox to anything else. Nothing anyone else has said has convinced me otherwise.

0
0
Charles 9
Silver badge

Re: IMO It is an engineering fault for their failure...

And then they get flak for pwnings that occur BETWEEN the Patch Tuesdays, some of which are SO severe (and already in the wild) they're forced to scramble to issue an Out-of-Band patch. Putting you in a vice: break your machine or get pwned. And let's not forget all those people who wouldn't update even if it meant their lives (or livelihoods); they've demonstrated an inability to stay current, when self-preservation doesn't work, you're forced to use other means (and no, you can't use Darwin since that would bring with it collateral damage which could end up boomeranging back to YOU).

1
0
Charles 9
Silver badge

Re: yea we know

"It's a bit like helmets and seatbelts. I think they are a good idea and that everyone should wear one, but I also think you're all big kids and if you want to take a chance, it's your life."

NO, because no man is an island, and your life has an effect on everyone else, so disregard for oneself is by extension disregard for EVERYONE: bad for society.

4
7

Facebook's freebie for poor people under fire again

Charles 9
Silver badge

Re: yet another symbolic gesture

"Zuck: Do something that will help SOLVE the problem, and STOP rewarding people for their unlucky circumstance in life. There is NO virtue in poverty. So DO NOT REWARD IT! And if you want to SOLVE it, CREATE JOBS!"

Create jobs that aren't needed? That involves labor costs that raise the price of their products which in turn raise prices at the consumer end which can in turn lead to the product being undercut by someone less scrupulous, leading to the "bleeding heart" going out of business and taking all their jobs with them (Brick-and-mortar retail market isn't exactly in good shape if you'll recall). Seems you can't win.

0
0
Charles 9
Silver badge

"That said, I think there are plenty of places that offer you free wifi, but only to look at the company's website. Does that infringe on net neutrality?"

Probably not, because they're confining you to an INTRAnet where external access is not expected.

3
0

OnePlus cash equals 5: Rebel flagship joins upmarket Android crew

Charles 9
Silver badge

Re: meh

I've been sticking with Note 4's. Still have the one I got about a year ago and got one for a good friend recently to replace an absolute dinosaur. It's the biggest Samsung phone that ticks all the boxes for me. I've since removed Qi charging from my list since I learned it raises serious heat issues that causes battery problems.

0
0
Charles 9
Silver badge

"And don't get me started on how little love I had for them when they rolled out whichever version of Android it was that messed around with the SD access permissions for third-party apps."

Don't blame Google there. IIRC it was the same version that allowed for encrypting the storage devices to allow a Lock-and-Erase that was actually effective. With that in place, Google discouraged app devs from using external storage (less likely to be encrypted) as a security measure. I actually DO encrypt the internal storage on my phone to take advantage of this.

These days, internal storage is enough to store all the apps I would ever need. As noted, I keep the external card (unencrypted , in case of Murphy) for low-priority stuff where its security isn't really an issue (after all, who cares if my media collection is stolen; it's just a copy).

2
0
Charles 9
Silver badge

Unless the SD is just full of low-priority stuff like media files which are easier to pass from phone to phone as you progress. And that still doesn't excuse the lack of removeable battery, which based on firsthand experience is a serious longevity and safety issue. Having pulled out plenty of bulging batteries in my years, I've made it a prerequisite.

0
0

Reminder: Spies, cops don't need to crack WhatsApp. They'll just hack your smartphone

Charles 9
Silver badge

Re: Good Encryption Equipment is Physically and Electrically Isolated

But absolutely useless against "Outside the Envelope" attacks at points where the contents MUST be decrypted (such as during display since the Eyeball Mk 1 doesn't directly grok encrypted data). That's what the article is describing: "Outside the Envelope" attacks.

0
0
Charles 9
Silver badge

Re: This is worse than backdoors into encryption

You say this as if this was anything new. We're talking human beings here.

0
0
Charles 9
Silver badge

Re: While better than a back door

Thing is, were the tools still in active use at the time or were they a couple generations out of use?

2
1

Adobe will kill Flash by 2020: No more updates, support, tears, pain...

Charles 9
Silver badge

Re: Too little, too late

They can't because there ARE things for which high-ups will reply, "But it's the ONLY way we can administer our stuff!" because people like Cisco (Identity Services Engine) don't offer alternatives on their dime (and since this is high-end enterprise stuff, they're expensive, too). You'd be cornering these firms who got the stuff long ago in good faith; they can't use Flash in an environment where they MUST use Flash.

2
0

Microsoft hits new low: Threatens to axe classic Paint from Windows 10

Charles 9
Silver badge

Then what happens WHEN (not IF) a program you ABSOLUTELY need ONLY works on Windows (and let's say ONLY Windows 8 and up for "security reasons") and (due to its purpose) MUST be online? I mean, why can't game developers see the writing on the wall and code for a united flavor of Linux, for example (because for every working headliner example you can cite I can probably name at least two that won't and probably never will like Fallout 4).

0
1
Charles 9
Silver badge

Re: MS Paint

"Maybe Microsoft should try to write a report in Paint 3D and tell us how that felt."

And if they say they LOVED it and wouldn't use anything else?

0
0

Source code unleashed for junk-blasting Internet of Things botnet

Charles 9
Silver badge

Re: Companies entering this space need to think about longer term impact

They don't care about the long-term risks. If anything happens, they'll just play shell games, disappear and reappear as a new company.

0
0
Charles 9
Silver badge

Re: IoT devices uses default passwords

But what about people with bad memories who suddenly need to get into their routers and can't...because they forgot the password? The problem with your solution is that you have to account for stupid who will still complain if they can't get into the stuff they bought outright with their own hard-earned dollars tout suite.

0
0

Sweden leaked every car owners' details last year, then tried to hush it up

Charles 9
Silver badge

Re: Too Many Idiots in the Kitchen

That's just one application of the word, but in general an oxymoron is a description that is self-contradictory. Such as "a regular abnormality" (since something abnormal, by definition, can't be regular) or a "squared circle" (since a circle, by definition, has no corners).

4
0

Al Capone was done for taxes. Now Microsoft's killing domain-squatters with trademark law

Charles 9
Silver badge

Trademarks are meant to protect identity. Using a trademarked name in criticism is considered satire or complaint, both protected under the 1st Amendment.

10
3

Judge uses 1st Amendment on Pokemon Go park ban. It's super effective!

Charles 9
Silver badge

Re: Exercising my 1st amendment rights ...

There's no limitation on the right of free speech written in the 1st Amendment, either, yet the Schenck decision found one anyway, implied, in that you can't use speech to deny the rights of others (the "Fire in a Crowded Theater" test). Since ANY large assembly of people raises the inherent potential to wreak havoc (the more people there are, the less chance any one will own up), there are laws in place to control such assemblies: laws which have survived challenges due to the need to protect the freedoms and rights of non-assemblers.

3
0

What is this – some kind of flashy, 3-bit consumer SSD? Eh, Seagate?

Charles 9
Silver badge

Re: I like to apply the rule of...

More like fear of being unable to get it back. Given the ephemeral nature of all things Internet, some of us are of the nature we should hold on in case things start disappearing, much like those viral videos that then get cut off at the source. You know what what say; better by far to have something you don't need than to need something you don't have.

2
0
Charles 9
Silver badge

Getting closer.

Definitely worth considering if the original drive wasn't that big to begin with, but as mine is 1TB the price tag for a replacement my size is still probably going to be too high to tempt me. And that's just the main drive. Large program and/or program data collections are still going to have to hold out on rust for the time being.

2
0

'Millions of IoT gizmos' wide open to hijackers after devs drop gSOAP

Charles 9
Silver badge

Re: Requires an incentive

What law? If they're extraterritorial, they're not subject to your laws.

0
0

Forums

Biting the hand that feeds IT © 1998–2017