* Posts by Charles 9

11141 posts • joined 10 Jun 2009

Heaps of Windows 10 internal builds, private source code leak online

Charles 9
Silver badge

Re: Long File Path support

"You spam me - I refuse to do any business with your organisation. Permanently.

Vic."

And then what if it turns out they're the ONLY supplier of something you REALLY need? And you lack the resources to roll your own? That's the problem with captive markets...

0
0

America's net neutrality rage hits academia

Charles 9
Silver badge

Re: Welcome to the new Trumpistan!

The way you talk, you figure we're past the Point of No Return: beyond the Idiocracy point where the stupid can always outvote the smart. Am I right that this means it would take another intellectual revolution (and luck to avoid the nukes) to correct this properly?

0
0
Charles 9
Silver badge

Re: Oh shit, where did my means of production go?

No, they're smart enough to know there will always be another. As they say, money talks, all else walks.

2
2

Bye bye MP3: You sucked the life out of music. But vinyl is just as warped

Charles 9
Silver badge

Re: Oh no you don't

"Yes, you definitely do notice the difference. Except if you have to do it in blind testing. Hydrogen audio performed quite a long time ago testing on different MP3/AAC bitrates, on properly functioning codec (=no blatant bugs, incorrect settings) very few people can tell 128kbit apart from FLAC. Throw in variable bitrate and/or higher constant bitrate and you're completely SOL. (*)"

Did they also do a FLAC-to-vinyl comparison to see if true audiophiles could tell them apart better than random guessing?

0
0
Charles 9
Silver badge

Re: Well said

"Even as an engineer, trying to explain Nyquist etc. to them there's really no point, it feels like trying to preach Christianity to a Bhudist."

Then make them put their money where their mouth is and subject them to a blind sound test between good vinyl and high-bandwidth MP3s and see if they can consistently tell them apart higher than random guessing.

0
0

New work: Algorithms to give self-driving cars 'impulsive' human 'ethics'

Charles 9
Silver badge

Re: A half century of driving

I guess you've never had one just suddenly jump out at you from a blind spot and too close to stop even at cautious speeds. There are also "crap happens" moments when you're simply screwed: such as driving on a bridge the day it suddenly collapses under you.

0
0
Charles 9
Silver badge

Plus there ARE some real-world occurrences of "crap happens": situations where the driver WILL lose no matter what: the I-35 bridge collapse, a small deaf child (too small to be seen behind a car, unable to hear the engine) running 3 feet in front of a car (no car can stop on a dime, even at neighborhood speeds). Another term that springs to mind is "Cold Equation," where the sheer math and physics say SOMEONE's gonna die no matter what.

3
0

Microsoft boasted it had rebuilt Skype 'from the ground up'. Instead, it should have buried it

Charles 9
Silver badge

Re: Modern Day Professional

NO JOKE! Frankly, we're gonna have to face the fact that there's something extremely wrong with the entirety of Western Civilization, if you ask me.

3
0
Charles 9
Silver badge

Re: "This new app is absolutely terrible"

"Since I'm on the subject, what exactly is the Register "make this comment better within ten minutes" offer?"

Are you on the mobile website? Edit's not available yet on the mobile website. Switch to the Desktop website and it should appear. If you're using ad-blockers, you'll probably also need to enable both theregister.co.uk and regmedia.co.uk.

I've also heard the Edit feature is not available to all users. Anyone know if you need a medal to be able to edit?

0
0

Constant work makes the kilo walk the Planck

Charles 9
Silver badge

Re: Confused

"And while I'm here, someone in an earlier post said that a ton was 2000 lbs. When the hell did they change that?"

AFAIK, Americans have ONLY known the ton as 2,000 pounds since they never got accustomed to the stone and hundredweight, which was the basis for the long ton's 2240 (= 20 hundredweight @ 8 stone each @ 14 pounds each).

0
0
Charles 9
Silver badge

Re: Confused

"Utter nonsense. Are you seriously suggesting that we still use miles instead of kilometres to measure distance because a factor of 5/8 somehow makes the numbers incomprehensible on a human scale?"

Most of the measurements came from PRACTICAL consideration. Like the foot: the length of a person's foot, give or take, meaning a rough estimate of length could come from simply WALKING (also the pace, the length one makes in two steps, starting and ending on the same foot). As for the mile, blame the Romans for the name (the name comes from them defining it as a thousand paces) and farming for its current length, as it was last set based on the furlong, and that measurement didn't come from horse racing but rather how far an ox plow team could work in a day. Not to mention the mile relates well to a human's normal walking pace (about 2mph) and horizon distance (about 3 miles).

0
2
Charles 9
Silver badge

Re: Confused

"Why not do it like they did the ton?"

I'm surprised they haven't made a metric Pint 500mL already. A metric Fifth is already 750mL, and they call the 1500m race the "Metric Mile". Meanwhile, yards and meters (and quarts and liters) are close enough as makes little difference unless you need specifics. Making metric analogues to Imperial measurements is one way to ease metrication, and many of them already exist. Now, some of them will take some stretching (say make a metric Stone 6kg, a bit smaller than it should be but easier to calculate).

0
0
Charles 9
Silver badge

Re: Confused

If it were the standard unit, it would not be prefixed but have a unit of its own, as the meter, the liter, and so on. The true standard should be the base, unprefixed form (in this case, the gram). If this is inappropriate, then a new base unit should be declared that equals 1,000 grams (not unheard of; 1 Sv = 100 rem). So instead of calling it the kilogram, call it say the Higgs (Hg), after Peter Higgs after which many supported connections between mass and energy are named.

1
1
Charles 9
Silver badge

Re: Confused

"And we prefer saying "miles" to "Kilometres" because it's a bloody sight easier to say."

"Click" is even easier, and the military use that as shorthand for kilometers. We already use "kilo" for kilogram. As for fluids, where is the pint and gallon actually specifically important in real world usage?

4
2

How to pwn phones with shady replacement parts

Charles 9
Silver badge

Re: Come again?

"You can presumably sniff things like EMI, or otherwise detect hand movements. Lots of possibilities here, with interesting precedent in what's been done against PIN pads."

You'd still need context, though. Harder to get without access to the innards.

"Plus your phone has other secrets to protect than just its' contents. Like everything being said in the same room as the phone, even if it's off if it's bugged."

Still need a way to EXfiltrate those conversations, and if the radio chips are also protected, then you'll need a total package. Might as well use a specialized bug in that instance.

"Regarding PIN pads, the VISA EPP standard is not meant to withstand a day or so of unsupervised access, which is what handing your phone in for repair certainly does in a lot of cases."

ATMs have to sit by their lonesome for days at a time. Who within a location actually pays attention to the PIN pads during normal operation? As for techs, that usually points to inside jobs, meaning they have access to key chips. Rogue techs could use side channels like hidden cameras, but again that's close to insider status to get them clandestinely in the machines and outside this context.

"The scenario for DVD/BluRay/etc is to protect the actual digital data, to prevent an exact (high-definition high-quality) copy, not keep the contents per se seciret."

The reason being they have a perennial problem: the enemy only has to be lucky ONCE. Then sharing instantly nulls their economic advantage, and the human condition means people WILL cheat. That's why they've been working on this VERY hard for the last 20-30 years, coming up now with this chain of trust system for the 4K systems (as well as the consoles, which double as 4K players) based on what the phone makers have been doing (and some phone STILL haven't been rooted or custom-ROM'd at this point; ask xda). Similarly for pwning a device. ONE slip and it's Game Over. They have to hold that off for as long as they can.

"If you hand something in for service and don't trust the service techs, consider it pwnd. This is almost a basic law of computing."

But not COMPLETELY. Otherwise, we'd see a formal proof by now a la Turing's Halting Problem disproof, as there ARE real scenarios where DTA must be assumed, so there IS a practical angle.

1
0
Charles 9
Silver badge

Re: Come again?

"You simply need to add a small circuit board with a microphone (or other listening device - radio/EM fields/position/etc) on it. This is not stopped in any way whatsoever by any chain of trust."

Yes it is, as it still doesn't get you into the contents, which probably did not come in by speech. We're not talking bugging, we're talking pwning. And pwning is also a piracy path, which is why BluRay players and console makers are interested (as pwning the Wii allowed backups to be made using its own drive, which by design MUST be able to read them). And before you say "bug the touchscreen," the touchscreen itself would have an encrypted data path, just like ATM PIN pads.

"Regarding switching out the entire phone - sure, but it might be a tad suspicious if you hand in your old worn thing (probably dinged up from whatever broke the screen as well) and get back a brand new phone. Just sayin'."

So yo swap out the used phone for one in similar condition. Shouldn't be that hard as long as most of the hardware is intact. If the phone's damaged enough to be unique-looking, then OK you'll need another tactic; thus the repair shop front.

1
0
Charles 9
Silver badge

Re: Come again?

"You don't need to replace any hardware in a phone to pwn it. You might simply add a bug - this has been done since the early days of telephony."

But in a trusted hardware chain, that breaks the chain, resulting in a brick. And in the protected hardware path approach, even the wires are sending all-encrypted data. And the devices are designed to close up on a brick due to the encrypted links, meaning you can't take advantage of the brick to extract data. And I don't think the threat models are THAT different given that BOTH this and the movie/gaming companies are trying to prevent exfiltration of data that can in turn be used to exfiltrate other data.

"Or you could replace the entire contents of the phone with something that just shows you a fake login screen and then errors out after entering the password/PIN code, sending it to the guy in possession of the real phone, if that's what you're after."

If you're gonna go THAT far, it would be more trivial to switch out the entire phone with a replica.

0
2
Charles 9
Silver badge

Re: Come again?

"If you want to prevent that, you don't do it by putting some DRMish stuff in the screen to authenticate it (a la Apple and the fingerprint sensor). This is completely meaningless even if we assume there's no way to stick an evil screen in place considering that they have unrestricted access to literally everything."

What about 4K BluRay Players and modern gaming consoles that use protected hardware paths (to prevent pirating)? Doesn't that work by using black-boxed keys inside each component so that every link in the chain is encrypted and authenticated to prevent tampering (replace even one component and you break the chain since you change that part's key which, being black-boxed, can't be extracted or copied)? Don't some Android devices use the same technique to prevent rooting and the use of custom builds? And don't these chains INCLUDE the CPU in having encryption keys (cryptoprocessors spring to mind)?

2
0
Charles 9
Silver badge

Intel's an American company. Most of the SoC makers are based in China. BOTH are known to be interested in such a thing, and doing it at the manufacturer level would be a win-win for them: ubiquitous so hard to avoid, relatively inexpensive, plus plenty of room for plausible deniability.

1
0
Charles 9
Silver badge

"Some hardware needs to be trusted. To my knowledge, no-one has found a way of building a trusted plaform on top of an untrusted CPU. "

But that raises a scary prospect. Given (1) that ARM CPU designs can be tinkered at the licensor's discretion (which is how these SoCs come into being), and (2) that some State agencies are loony enough to want control at the hardware level, including hidden stuff in the CPU, doesn't this raise some serious DTA prospects?

1
0
Charles 9
Silver badge

WHY do you HAVE to consider the hardware trusted? What prevents you from considering it UNtrusted? What about things like Protected Hardware Paths that require hardware authentication?

0
0
Charles 9
Silver badge

BadUSB? SMM pwnage?

0
0
Charles 9
Silver badge

If that were true, why isn't it happening already at the point of manufacture? Perfect and unavoidable point for hardware pwnage.

1
1

WannaCrypt: Roots, reasons and why scramble patching won't save you now

Charles 9
Silver badge

Re: Windows Embedded

You do realize it's now 2017, meaning support for XP Embedded expired last year?

0
0
Charles 9
Silver badge

Re: Perhps it is not the risk comittee at fault?

But that doesn't work in that kind of bureaucracy. The departments in question are still part of the hierarchy, and they don't give or receive funds directly. They STILL have to come from the accounting arm which covers the whole works. Even if "X-ray" sign off on the risks, if something DOES happen and the X-ray machine goes down, how does the hospital get its X-rays, then?

0
0
Charles 9
Silver badge

Re: Lack of any finger pointing at the right people. VM, WINE, ...

Like Modems? WiFI adapters? The list of incompatible devices for both classes is long and notorious (mostly because a lot of the built-in devices are included--don't count on anything from Broadcom to work natively).

And as for WINE, it can be hit or miss, especially for high-performance stuff like games (which also make them less than ideal for virtualization since 3D is one of the weaker things to be virtualized).

0
0

Has Canadian justice gone too far? Cops punish drunk drivers with NICKELBACK

Charles 9
Silver badge

Re: So you like Nickelback?

I think Fear Factor did a variant of this. Imagine some perenially-annoying song ("Tiny Bubbles" springs to mind) played over and over, only each time it's played a little different, such as at a different pitch (or worse, sliding back and forth). Since the brain is geared to pick up on differences, this helps to prevent a drown-out effect, plus playing it off-key means even the rare FAN of the song will be put out.

After all, there are people who actually LIKE "Rockstar" or "Photograph" (or even Kenny G's "Songbird"). But it would take a music masochist beyond measure to WANT to listen to it off-key.

0
0

Ubuntu 'weaponised' to cure NHS of its addiction to Microsoft Windows

Charles 9
Silver badge

Re: History repeats itself

I'll see your Wannacry and match you with Heartbleed and Shellshock. Just because you don't hear of Linux malware doesn't mean it doesn't exist or is being exploited (even by State agencies) without your knowledge.

0
0
Charles 9
Silver badge

HELL YES!

Not to mention they have to be able to use more technical software (and sometimes even hardware--does your hairdresser have to interface with something like a patient monitor?).

0
0
Charles 9
Silver badge

Re: Smart? Cards

"What I believe brings a lot of big projects down is demanding more than needs to be done;"

The problem becomes that the things that are "added on" can really ONLY be done DURING such a transition, since for things like security you really have to bake it in while it's being made.

0
0
Charles 9
Silver badge

Re: OMG... really!

That model breaks down in niche markets like medical equipment. There it's a lot easier to form cartels where everyone gets a piece of the pie.

1
2

America throws down gauntlet: Accept extra security checks or don't carry laptops on flights

Charles 9
Silver badge

Re: Does anyone know what pressurization and temperatur cycling does to Li battery packs?

Cold's actually not a big issue for those kinds of batteries. They have degraded performance and are less conducive to charging, but in terms of safety, it's actually good for the battery as it dampens the odds of a thermal runaway. The trouble with them has always been running too hot.

That said, I said dampen, not eliminate, and since most checked stuff is inaccessible to the crew during the flight, should one of them actually do set light, you have a serious problem (an airliner fire always rates at least a Pan-Pan, but one the crew can't reach is a Mayday).

I speak from experience. I use an Android tablet as a mapper and music player in my car. In the winter, I find it stops charging and occasionally runs down, and I managed to once see the message that said it's too cold to charge the device (despite it being kept in a pouch that should insulate it).

0
0
Charles 9
Silver badge

Because if they're not shown doing SOMETHING, they get voted out (or worse, recalled BEFORE their term).

0
0
Charles 9
Silver badge

Re: Laptop rental

Ok, Paranoia Mode, what about the CHIPS, which may also be in the laptop you own, can hook to whispernets or powering networking while you recharge, AND can trump any OS that can be applied?

0
0
Charles 9
Silver badge
Big Brother

"My guess is there simply is no threat and they just want an excuse to subject passengers to "expanded screening." What are you going to do, fly without a laptop? (In my case yes. Next time I leave the country, I'll be on a plane but my laptop is flying DHL.)"

But can you trust your laptop being out of your sight that long? DHL has American ties, you know (as it was founded in San Francisco)? And they could have ways to tracelessly rummage through your stuff the way MiniLuv did.

1
0
Charles 9
Silver badge

Re: Shelley Berman knew how to do it

Besides, profiling in America carries the R-card with it, making it unusable due to the Civil Rights Act.

1
0

Photobucket says photo-f**k-it, starts off-site image shakedown

Charles 9
Silver badge

Re: Why it's an issue

So as another poster said, what if Photobucket were to just disappear? Same effect, and now ABSOLUTELY no recourse.

0
0

Blunder down under: self-driving Aussie cars still being thwarted by kangaroos

Charles 9
Silver badge

Re: Hobson's Choice

Trolley Problem, IOW. They can't use AI to solve the problem because the problem is intractable (as in someone dies no matter what--no real winner). Actor is irrelevant in this moral conundrum concerning death. I've previously known it from the Book of Questions as the "Guerillas in the Village" question.

0
0

Ex-MI5 boss: People ask, why didn't you follow all these people ... on your radar?

Charles 9
Silver badge

Re: Not the Internet?

"If instead you want to do your subversion of state power with a hand-built printing press, that's vastly more complicated to build than if you're just campaigning by using the printer at work or by posting videos on Google - which will get you caught pretty quick."

But not THAT much more complicated. Short runs could be done using a carved woodblock (What are you gonna do? Ban trees?), homemade ink (plenty to go around), and ubiquitous sheets of paper. The woodblock can be chopped up and burned if need be, the ink dumped, and the paper is innocuous enough.

0
0

Five-eyes nations want comms providers to bust crypto for them

Charles 9
Silver badge

"Horse shit. They are faced with a general populous that they are unable to spy on, and they don't like it."

Oh? And this was any different from, say, 40 years ago—when computers didn't exist, the population was thinner but still diverse, and manpower was still lacking?

0
0
Charles 9
Silver badge

Re: Breaking News: Water is wet

"The trouble here is that while machines are excellent at pattern recognition, they'll only ever find the precise thing you tell them to look for. Heuristic scanning is notoriously hit and miss, and even then, you still need to give the system a series of baseline behaviours to check against."

Fine enough. As long as it's the first line, it can winnow out the noise to leave less for the humans to skim.

"Too much signal tends to make your average Joe tune out."

That's the beauty of machines. They DON'T tire. In fact, given the right learning system, the more data the merrier for it.

0
1
Charles 9
Silver badge

Re: Breaking News: Water is wet

"Steganography has already been done."

But it gets trickier the more information you have to pass along at a time, especailly in a "low-shared-knowledge" situation where you and the target have little if any in common. Plus for many methods of steganography, there are ways to sanitize them. For example, hiding in whitespace can be defeated by sanitizing whitespace to minimum spacing standards, and so on. Nonsense messages like book codes will tend to stand out (as will outlandish sports predictions), images can be stretched, flattened, etc. There are limits.

PS. As for the idea the Panopticon will be Too Much Information, ever considered they could winnow the stuff through machines first? They do that already with large camera arrays like in casinos.

0
0
Charles 9
Silver badge

Re: More like

No, they're doing it on their own in pursuit of the almighty credit (replace with preferred currency). They figure cheating, covering up, and paying for the occasional bust is cheaper than playing honest.

0
0

Big question: Who gets the blame if a cyborg drops a kid on its head?

Charles 9
Silver badge

Re: Can you trust this tech?

And then the plods will just resort to psychology to apply a subtler form of mind control that doesn't trip the "coercion" detectors, etc.

The problem with sieges is that the attacker usually has the advantage: usually in the form of a broader scope. Unlike the defenders, the attackers aren't bottled up.

1
0
Charles 9
Silver badge

Re: If you put a helpless human in a machine

"Fully autonomous machines need to hold the manufacturer responsible for clear mechanical failures and to provide a WORM audit log when the Luser does something daft."

But since that's going to be a while away, what about SEMI-autonomous stuff where the line between machine-controlled and human-controlled blurs. What if an accident occurs in that gray area? Is it the user's fault for giving an unintentionally "stupid" instruction, is it the machine's fault for not recognizing it as a "stupid" instruction, or did something unrelated intervene to turn an otherwise "sane" instruction "stupid"? We're heading into Book of Questions territory here, if you ask me, where a clear answer is going to be elusive.

1
0

London cops hunt for drone pilots who tried dropping drugs into jail

Charles 9
Silver badge

Re: Time for Trebuchets!

"ahem. as a model aircrafft designer I can assure you that low noise is exactly high efficiency."

Oh? What about the fact that high-thrust rotors generate more wind (thrust is merely directed wind, after all), which (above a certain level) becomes audible?

0
0

Robots will enable a sustainable grey economy

Charles 9
Silver badge

Re: Dumb yanks

"Too many people going to the same places at the same times. The congestion problems would be solved by spreading out times and locations."

Trouble is you lose efficiency once there: less economies of scale.

0
0
Charles 9
Silver badge

Re: Hurrah we can work forever

"What should have happened was to start off, back when Lloyd George set up old age pensions, with a fraction of the money paid in being invested."

Question is, what fraction without either ticking off taxpayers with higher taxes or ticking off the elderly with lower benefits? It was almost untenable from the get-go except that penniless Gran dying while eating dog food was even less tenable. IOW, the least-worst option was almost unacceptable in itself.

3
0

Don't panic, but Linux's Systemd can be pwned via an evil DNS query

Charles 9
Silver badge

Re: what's fascinating is how the SystemD fanboys react

How about to do the things WE want, the WAY WE want them done. Otherwise are the machines slaves to us or us to the machine?

7
0
Charles 9
Silver badge

Re: If THIS isn't a reason to hate systemd...

"list all the software that has never had a bug."

What about seL4, which has a formal proof?

0
2

Forums

Biting the hand that feeds IT © 1998–2017