Posts by Charles 9 16605 publicly visible posts • joined 10 Jun 2009
"The root and branch password methodology is still the best option to memorising longer passwords, and failing that, write them down on a piece of paper that's not kept near your PC and doesn't reference the services the passwords link to."
And if neither's an option because your memory's that bad and the xkcd method doesn't work for you (because you start with "correcthorsebatterystaple" and end up with "donkeyenginepaperclipwrong")?
"In the 'update' settings, turn your active hours to run from 00:00 to 23:59. It will then not restart itself ever unless you directly order it to."
No, YOU'RE wrong. Nice try, but Active Hours are limited to an eight-hour window (trust me, I looked because I'm a night owl). You can't do what you just described.
No, the safeguard in the US is that the head of state nominates the judiciary BUT the legislature (specifically the Senate) must CONFIRM the nomination.
But, just like your scenario, there's one inescapable flaw: what if both entities involved are in cahoots?
"It's not like they will get into the public domain and a free for all can happen is it? I mean we've had backdoor TSA keys on luggage with out it ever happening."
It wasn't as if I didn't know the locks weren't any serious form of security. They're just there to keep the latches or zippers opening accidentally and dumping your contents. A serious thief wouldn't care about breaking the suitcase to rummage or simply taking the whole thing since by the time you find out they'll be long gone.
No it won't. All an autocrat has to do is IGNORE it, since in the end laws are just ink on a page. If they throw out the Constitution, start fresh, AND have the force to back it up, there's no stopping them. That's what happens in a hostile takeover.
"I think you'll find most people would just prefer to have their own car. If it all worked perfectly, it would be a boon to those replacing taxis. It doesn't work though. I think its mostly compute providers looking for a solution to a particular problem, that being, what can we flog?"
And what if market forces PREVENT people from buying their own cars because the risks inherent with being human raise insurance premiums out of affordability?
Actually, yes. It's trickier, yes, but not impossible; plus the cops may not be interested in getting too wet; though they may employ tag teams with the chasers wearing slickers. Small form factor radar is getting more and more useful. And if conditions are bad enough to really screw up radar, they're probably whiteout conditions, meaning zero visibility, meaning you should be stopping at this point.
"I think this was always the case, even when we only had a few media choices. If you solely read The Times you would have a different view of events than if you read The Mirror. Now - as then - the only way of discerning truth is by comparing multiple sources and not believing anything unless confirmed by multiple original sources."
Even that's not safe, as all the sources may say the same thing...only it's the WRONG thing.
AGAIN, NAT isn't what blocks incoming connections, and I'll prove it.
You get your IP address from your ISP. Which means your network is subservient to it and you're technically INSIDE the ISP's INTRAnet. Which means they can route packets within their INTRAnet willy-nilly. That includes the RFC1918 ranges. If they know the IP address of a target machine you have, they can just route the packet directly onto it, no translation necessary because it's THEIR network which you're riding on. You could do the same thing if there was a NAT in your corporate intranet. A network expert confirmed this to be possible by disabling a home router's firewall several months ago.
So NO, NAT is NOT what you really want. It's in fact a false sense of security in the face of an ISP that gets served a warrant.
The device that provides the minimum degree of separation you want is the firewall, which doesn't change with IPv6, and if you don't even trust that, you want something stronger like a proxy server that allows you to better safeguard from both directions. And if you want to go one step further, then yes I'm saying use something at the L2 level (and yes, you CAN have an L2 proxy just as you can an L2 firewall; it uses TWO interfaces and the proxy bridges them according to its rules).
The thing is, your problem isn't the IPv6 protocol but rather the greater Internet itself. Your problem IOW isn't in L3 but in L2, and you need to address your issues there with things like physical proxy servers that provide a physical layer of separation. Internally, your choice of protocol is up to you and irrelevant here. Externally, you may want to find a way to talk to IPV6 destinations before you get shut out, but by your standard that a problem for your gateway to solve. You don't HAVE to keep end-to-end connectivity if you don't want to, but it's better far to have the option open and not use it instead of not having the option when you need it.
No, that's a million machines scanning a million IPv6's per second. How many machines out there can scan that fast? How many can the inbound gateway handle?
Put it this way. If you had THAT much computing power at your disposal, you'd probably have bigger fish to fry, like trying to solve for encryption or factoring algorithms.
The term "back-hacking" is from Ghost in the Shell. It simply means running a hack in the reverse direction from the original connection (backwards, IOW, thus you're "hacking back"). If the original connection's still in place or is being otherwise remembered, a firewall exception is still in place, meaning you can piggyback on it to get through.
It's not convenience I'm concerned about but safety. Getting the battery out when it starts to bulge is a decent safety measure. Given the potential for spontaneous phone-bustion, I'm surprised some country hasn't required user-removeable batteries by law due to fire risk, much like how lithium batteries can't be placed in airplane cargo holds without special packaging but having them in carry-on baggage (where humans would be present) is less of an issue.
Wireless charging is not all it's cracked up to be at this point. It's not as efficient, emits too much heat, and is harder to control. Ergo, it murders the batteries (which in these models can't be replaced--consider that). I switched out batteries in S4's and Note 4's way too soon due to heat damage induced from Qi chargers, so I can speak from experience.
"Of course another way to avoid this problem would be to abolish all the proprietary junk in both the hardware and OS, and have an open hardware, open specification, open source solution where everyone could apply daily, incremental updates to every part of the system, including apps and core OS components, but then companies like Samsung would whine about losing their "competitive advantage", as we'd all be able to construct our own smartphones from kits in Maplin."
Due to the competitive nature of the market, particularly in mobile, open hardware is not going to happen, as trade secrets and patents (and we're talking hardware here, so their use here is valid) are in play. This is also one reason one can't just make a completely open mobile OS because a lot of mobile hardware is black-boxed to prevent "Giving Information To The Enemy" and the interfaces only come in binary blobs complete with contracts and so on.
The problem is that all hashing functions work on the same fundamental principles, plus there's the Pigeonhole Principle to consider (due to hashes being smaller than their documents, collisions MUST occur). The paper above demonstrates you can correlate multiple hashing functions so that finding a collision for all is as easy as finding a collision for one.
Now, an alternative proposal may be to chain hashes by hashing the whole document as well as particular segments of the document, producing multiple overlapping checks. The Merkle Tree is an example of this technique, though in this case a fixed-structure hash chain would probably be better-suited and more robust against preimage attacks. The technique is also algorithm-agnostic so can be moved up from SHA-1 to SHA-3 or whatever.
"Unbelievable how people down play technology they cannot comprehend or different than what they are used to."
As an engineer once said, "You can't fight physics." Tell me how you can get massive compression out of a multimedia file (and note that one of the demonstrations was to stream 80 such files at a time, with only 21% CPU usage) that's already been compressed so much as to lose quality. And how many times have been warned about something that sounds too good to be true? How many times have we read articles about some extraordinary new technology (Remember 3D holographic crystal storage?) only for it to never hit the market (That was over 20 years ago IIRC. Where is it?)?
So we may be jaded, but not without reason. For that matter, where's the independent test proof complete with published results?
Thirded. I didn't know the term off the top of my head, but I recognized the technique immediately. I also recall one of the caveats of the system, especially when it comes to modern content like compressed multimedia files. That being they're usually already compressed (SO much in fact that most files are lossy). So how do they expect to get more efficiency out of files that have been squeezed so hard as to bleed quality?
And as for the anti-theft features, one thing I wonder about GPS-based tech is what if someone exploits it in a DoS-style attack by employing something like a fake GPS transmitter. The IRIS has a self-destruct mechanism? What if some jerk found a way to pull off a premature trigger?
Retrospective laws are specifically prohibited in the United States Constitution under Article I, Section 9 (which lists the kinds of laws Congress CANNOT pass, among them, "ex post facto" laws). To quote the relevant sentence: "No Bill of Attainder or ex post facto Law shall be passed."
Except that destruction of other people's property, in general, is covered by statute. The authorization must be to specifically destroy something, such as by being part of a wrecking crew under contract.
That's where the appellate panel can nail him. Where is his specific and immediate authorization to destroy most of the company's records at that time?
But people in the US are presumed innocent. Meaning there must be a specific, referrable Act that doesn't allow it for a man to be tried. That act is always cited when your charge is read.
Which Act covers general nonphysical malice against one's employer by means of authorized access?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
