* Posts by Charles 9

8642 posts • joined 10 Jun 2009

Today the web was broken by countless hacked devices – your 60-second summary

Charles 9
Silver badge

Re: Capt. Hindsight

"If it isn't, heard of a reset button?"

Uh...no.

What now?

1
0
Charles 9
Silver badge

Re: Too simple solution?

Yes, too simple. People will lock themselves out and your help desk gets hammered. You have to take Stupid into consideration.

2
0
Charles 9
Silver badge

Re: no internet

"Well I'M sorry, but if do not remove this false claim immediately, I'll assume you're denying me service under illegal pretense, in which case you'll NEXT be hearing from my attorney."

THAT'S why they don't do it now. They risk getting thrown in court if they're wrong.

1
0
Charles 9
Silver badge

Re: ISP - do they have the tools...

Not really. Each individual contribution is not that big, so it's a form of "smurfing." It's only when taken as a whole that they're formidable. Like army ants and killer bees.

1
0
Charles 9
Silver badge

Re: Maybe a sledgehammer approach is needed?

There's also the matter of the manufacturer disappearing in the night, making it impossible to seek compensation.

2
0
Charles 9
Silver badge

Re: Education

"Your router definitely should have these features. If you can't find the controls for them, get a new router. If you can't get a new router, get a new ISP. If you can't get a new ISP, move house."

And if you can't move house?

2
0
Charles 9
Silver badge

"All IoT devices MUST have open source software, must be update-able over the network, and perform the update from secure servers, look for updates on a weekly basis. All above and future problems solved. Don't adhere to this, don't get a license from FCC, EU etc"

The devices come from China and are imported direct. Who gives a damn? As for the update mechanism, they'll just hijack it and pwn it THAT way.

2
1
Charles 9
Silver badge

Re: The blacklist of things

Then what happens when innocent users SUE for the collateral damage of them not being able to go on the Internet for no fault of their own? And no, many of them can't switch ISPs, or those ISPs are blocked, too.

3
0
Charles 9
Silver badge

Re: Doomed to fail

"However, it's a problem that needs solving. There has to be a back-pressure mechanism that sends a "stop" to the ingress point since there is no practical means of ensuring that every piece of equipment in private hands is well behaved. That of itself is not a panacea - and is potentially a new route to DDoS by spoofing the back pressure - and, if you look at the IPv6 gestation period, unlikely to be with us any time soon. It's also not the only issue that needs attention - more privacy, anyone?"

Intractable problem. The ONLY reliable way to manage a network is to introduce ironclad attestation. But that instantly eliminates privacy. What's happening is that the wired world is reaching the "wishbone" point: a point in which the third option is disappearing from the strain exerted from both extremes (in this case, the Anarchy of the current Internet and the Police State of a Stateful Internet). The pressures mean ANY third option quickly slides into one or the other extreme, rapidly NOT becoming a third option. Eventually, the wishbone will break, meaning no third option is possible anymore because it'll IMMEDIATELY gravitate towards one or the other extreme (the "winner"). In which case, only three options will be left: Anarchy, Police State, or Walk Out?

2
0
Charles 9
Silver badge

Except there would be collateral damage. Those targets also have LEGITIMATE business via the web. You'd be doing the DDoS's job for them using that, and the way the IoT botnet works, they use the same legitimate requests we do, so they're camouflaged as well. As for the ISPs, they don't see a lot of traffic individually, and the amount they emit wouldn't probably surpass traffic from a home server running, say, a home camera feed.

3
0
Charles 9
Silver badge

Re: Standards Bodies need notice

""We can't stop them all so we might as well do nothing"."

In this case, it's accurate. It's not worth swatting one angry bee because there are a million more after you. You really DO need an "all or nothing" solution to it or the ones that slip by kill you.

Problem is, sovereignty gets in the way. How can you regulate devices when they can just be shipped direct from companies who don't care?

3
1

Location boffins demo satellite-free navigation

Charles 9
Silver badge

Re: Better to have accurate dead reckoning

"Building devices into the road would also fix the "Australia problem", since as the continent moves, so do the roads and everything built into them :)"

But what about the "New Zealand Problem" where their islands move inconsistently (as in not at the same rates at all points, meaning some masses extend while others contract)?

0
0

Dirty COW explained: Get a moooo-ve on and patch Linux root hole

Charles 9
Silver badge

Re: Routers etc. e tc.

Until you can pwn a million of them all at once and then sic the whole mess army-ant-style at your target, which is precisely what's happening now. An army ant may be tiny, but anyone or anyTHING who disregards a mass of them doesn't live for long.

0
1
Charles 9
Silver badge

Re: There will always be another bug..

"However, for the stuff that's actually in operations and exposed to the net the users are likely to be the only ones who can actually take action, especially if the only possible action is to disconnect it."

Which means it's NOT an option because the average user won't care. And if their ISP cuts them off, they'll say they're being denied service they paid for and the lawyers will get involved.

0
1
Charles 9
Silver badge

Re: There will always be another bug..

"The solution is obvious. Avoid unnecesary complexity, like UEFI."

And if the complexity is NECESSARY? Say for legal reasons (say, being REQUIRED to be able to upgrade the system in case the baseline has an exploit in it)?

2
0
Charles 9
Silver badge

Re: There will always be another bug..

"We need to make manufacturers responsible for any actions of their devices that were not explicitly advertised to the users. Then the manufacturers will start paying attention!"

But what happens when the manufacturers hide behind sovereignty? And lots of things are imported direct to the buyer these days? How will you stem that without seriously hurting the economy?

0
0
Charles 9
Silver badge

Re: There will always be another bug..

"This is why IMO the constant warnings about the "Internet of Things" are spot on. If you want to be secure, only an air gap will truly prevent us ingenious, morally-questionable humans from finding another way around the next patch."

Which is next to useless for something you HAVE to network. So how do you secure something that MUST be networked? And no, Joe Public WILL NOT accept, "You can't" for an answer. They want an answer, toot sweet.

1
5
Charles 9
Silver badge

Re: Root all the android things

And then all the root-aware apps stop functioning, or have you forgotten that's a rising concern in Android apps these days?

0
3
Charles 9
Silver badge

"How can you get the job done when someone has robbed all your tools ?"

With your hands. At least the shed means you can stay out of the rain, which means you can STILL get the job done. Besides, in the digital world, you can't rip silicon out of its housing without taking the entire CPU away, so bad analogy.

Interesting you bring up the 8080 because that clearly demonstrates the mindset back then, and the mindset today (because no one's been able to create something secure-first that can still do the job): the job comes first, security second. If you're in a situation where security is so critical that the world can depend on it (like the US military), then a whole other mindset is needed which is generally incompatible with deadlines.

0
3
Charles 9
Silver badge

"Truth is no software will be relatively secure until processors and hardware subsystems are re-designed from the ground up with security coming first in the mind of the architects. It's an afterthought to performance and convenience."

For good reason. What good is security if you don't get the bloody job done? A fortress is no good without a way in or out, for example.

11
2
Charles 9
Silver badge

Re: The very definition of technical debt

The problem with formal proofs is that they can ONLY apply in a very narrow set of circumstances. seL4, for example, is ONLY formally proven when no DMA is allowed. But the real world intrudes, and secure code is next to useless if it doesn't let you get the bloody job done, and in the real world, performance matters.

IOW, the worlds where Linux is used are too mercurial for a set of formal parameters to be constructed. Thus, formally proving Linux under all its real-world use cases is likely infeasible.

17
3

Flash reaches the enterprise tipping point

Charles 9
Silver badge

You're missing the point in 2014 when the graph turns downward. That's about the tipping point.

0
0

NSA, GCHQ and even Donald Trump are all after your data

Charles 9
Silver badge

How do you get stuff delivered to you if you lie about your credit card info OR your delivery address? And don't say you buy exclusively brick-and-mortar because more and more things can ONLY be shipped these days.

0
0
Charles 9
Silver badge

"Agreed - but you don't have to make it easy for them on day one. If they have to start initiating the surveillance when they get power then they don't have any prior accumulated data. People then also have a chance to try to avoid the new surveillance."

Problem is they're patient. Whether it's on day one or day one million, they can get to you eventually. Since they can play the long game (or cheat), you have to wonder if it's really worth it in the end.

0
0
Charles 9
Silver badge

"Then embiggen it: write a script which scrapes random texts off the internet, and sends them (via email/Facebook/Twitter/whatever) to random accounts which you have set up for this purpose. The spooks will be drowning in so much noise that they'll never be able to figure out which messages are real."

Or they learn how to sift out the chaff and figure out from other clues which messages are real and which are not (say, only pay attention to messages with common typos or ones that get germane replies). Don't underestimate the power of a State with a lot of resources and the motivation to de-anonymize you.

0
2
Charles 9
Silver badge

Problem is, human ingenuity ensures ANYTHING can be abused, meaning there's no escape.

0
1
Charles 9
Silver badge

Re: No hiding place

Anyplace remote enough to have no connections, wired or not, would still be within view of a satellite or spy plane.

0
1
Charles 9
Silver badge

Re: Minimise your exposure

But what if you're BUYING something? By law, that requires real details to verify your transaction and/or get your delivery.

2
0

Basic income after automation? That’s not how capitalism works

Charles 9
Silver badge

Re: Negative interest rates? That's not how capitalism works.

Either storage or spoilage, as now you have a surplus.

0
0
Charles 9
Silver badge

Re: Slight problem

"the logical conclusion of this is two very rich people owning half the factories each and only having each other to sell to."

You say that as if it's a bad thing, but perhaps these two (or say, four or five) may well be content with the walled garden if the proles are kept out. Or they could just fight winner takes all, after which no competition means the winner no longer has to share or divvy.

0
2
Charles 9
Silver badge

Re: automation has always been difficult

"When lots of jobs go and there is not enough to go around society will have decide how to progress, it is helpful to have looked at possible choices ahead of time and discussed how they could be implemented rather than sticking your head in the sand and saying that the current capitalist system is perfect and nothing will change is at best a waste of time at worst a distraction."

The reason everyone's sticking their heads in the sand is because all the analyses point to an unpleasant fact (unpleasant because it will involve people dying, which automatically means it could be THEM): the planet is overpopulated, and the problem will only get worse as more people get hopelessly idled. Soon you're going to have a Cold Equations situation where, no matter how you slice it, there won't be enough to go around; people will have to go, and that never sits well, especially when they're voters.

Or to put it another way: Ten people stranded in the middle of an arid, barren desert, and there's only one bottle of water. Solve.

1
1
Charles 9
Silver badge

Re: Errrm

"Shirley you're joking. "Electrolux is the fourth largest household appliance company worldwide based on its sales in 2013.""

No, because I'm speaking from an American perspective, and over here the dominant names in vacuum cleaning are Hoover, Eureka, and Oreck. Except for the last who tends to cater to the hospitality industry (who can in turn pay the money and apply the pressure), those names aren't really associated with machines that last for generations. Finding either Kirby or Electrolux anywhere in America tends to call for specialty shops that can be difficult to locate. Trust me; I looked.

0
0
Charles 9
Silver badge

"When the state retirement age is heading every upwards towards 70 it's very difficult to take the 'automation' argument seriously at all. When it gets down below 50 there may be a case."

But doesn't that in turn put a burden on the rest of society? When people live longer without working, they tend to end up taking away more than they put in while they were working, which is actually one counterargument to a robust healthcare system that doesn't raise the retirement age to compensate.

Japan's really feeling the pinch now as their population distribution skews heavily towards the elderly. Many other first-world countries are starting to feel this pinch as well (the US gave some concrete examples; e.g. Social Security was once feed by 20+ workers per recipient. Now it's just 2).

1
0
Charles 9
Silver badge

Re: Reality is never simple, but I'll take a stab at it...

As I recall, mortality isn't one of the Sins. They were Pride, Greed, Lust, Envy, Gluttony, Wrath, and Sloth.

1
0
Charles 9
Silver badge

Re: Errrm

"What happened to pride in the work and quality? My parents bought products, they were expensive, but they lasted decades. Today, the products are either cheap and fall apart after a couple of uses or they are expensive and last a few years."

How many people know the names Electrolux and Kirby? Not many these days, and they were as you described: companies that made expensive vacuum cleaners that lasted for years and years. But then that was their problem. Once customers got their vacuum cleaners, they never came back because they never needed another.

There's your answer. "One and done" isn't financially sound because ANY business in the world will have running costs. Thus, one key goal of any business is to have repeat business.

0
2
Charles 9
Silver badge

Re: Errrm

"The author isn't attempting to say that capitalism is forever and UBI won't work because capitalism is a natural law. She is saying that capitalism does not work, and we can't simply 'patch' it with UBI to make it keep working like it used to. It's a broken model, and the groups latching on to UBI as a kind of panacea for the many problems that emerge from it are barking up the wrong tree, because it'll maybe tide things over for a few decades before the fundamental contradictions cause it to collapse again."

But then that evokes a paraphrase. "Capitalism is the worst system out there...except for everything else." Meaning that if the best option we have for society is hopelessly broken, we're basically sunk. You say people are essentially needy. I say people are needy AND fighting with the neighbors. Many say economics isn't necessarily a zero-sum game. I saw it DOES at time, and it at THOSE times when things get ugly. When there's no external crisis or issue (like a war) to force us together, we start to turn inward and compete with the neighbors. It's instinct: humans I feel are most fundamentally social only in a tribal sense. We form immediate attachments to family and perhaps one level up, but when it comes to the neighbors we tend to be more mercurial.

Anyway, the discussion leads to what I feel is a fundamental human trait: humans will cheat if they can get away with it. And that affect any and all economic systems humans can devise. Some human somewhere WILL (not MAY) find a way to game the system...ANY system. And since it's practically instinctive in the human condition, I don't think it's possible to fix it (because there are those who have the will AND the means to actively prevent it because they benefit from it) without creating a better human, and as the saying goes, "Nice guys finish last."

1
2

Puppet shows its hand: All your software is belong to us

Charles 9
Silver badge

Re: In the future code is going to be managed and deployed by other code

And as I recall, true AI, as in software that can manage and improve itself unprompted, is one of those "it's always 20 years in the future" things.

2
0
Charles 9
Silver badge
Joke

Re: In the future code is going to be managed and deployed by other code

Pardon me, but if their goal is to develop code that manages code, then who develops the code that manages their code that manages the original code, and so on down? And if you develop code that can manage itself (which I don't think you can because of limitations of scope), then you can collapse the whole system back down to the original system and simply let it manage itself with none of the middlemen.

3
0

IoT botnet swells

Charles 9
Silver badge

Re: Govts needs to get a grip on it and now

"Amazon and eBay can be fined if they don't do something about it as they have offices in the UK,"

And how soon would those office CLOSE if the law gets too close?

That's the thing with international companies; they can play sovereignty against you.

0
0
Charles 9
Silver badge

Re: Great. Just great.

"Who owns Amazon, Facebook, Google, eBay, Maplin etc?"

People who could easily end up in someplace like Antigua with no extradition agreements.

"Where are the regulatory offices?"

Where could the corporate headquarters be moved so that these offices can't reach them?

0
0
Charles 9
Silver badge

Re: Ebay

How when virtual identities are so cheap (and real ones not much more expensive)?

0
0
Charles 9
Silver badge

Re: Govts needs to get a grip on it and now

They'll reply with lawyers and claims of fraud. Next.

0
0
Charles 9
Silver badge

Re: Great. Just great.

How are you gonna make China care when (1) they don't care what happens to the West and (2) they have nukes?

0
1

This speech recognition code is 'just as good' as a pro transcriber

Charles 9
Silver badge

Re: Dodgy numbers?

What about live transcribing of a live event, like the closed captioning you see during sports events?

0
0
Charles 9
Silver badge

Re: Forward planning: that will greatly help ..

Then I wish them luck trying to interpret when I call out LCEDIV4A8EPTBK.

0
0
Charles 9
Silver badge

Re: @ Black Rat

Oh? How about "Recognize speech that I want to wreck a nice beach."?

1
0

It's finally happened: Hackers are coming for home routers en masse

Charles 9
Silver badge

Re: I think security-by-obscurity is only a problem if it applies to many items which...

But considering where these things could be installed (as in out of the way), there are many instances where external access is a PREREQUISITE because physical access may not be possible. But then, why is it that the device can't differentiate between the internal and external ports and simply not allow ANY remote access (at some hardware level) from the external port?

0
0
Charles 9
Silver badge

Re: Time to research alternatives

Ever heard of "Tivoization"? Providing the source code is next to useless if the device demands a signature to go along with it, which ONLY the manufacturer can provide.

1
0

Whinge on: T-Mobile US docked $48m for limiting 'unlimited' data plans

Charles 9
Silver badge

Re: Wrong!

Heck, if I wanted to demand one thing from Congress, it would be a law that required that ANY interaction with the general public be required to be solely and completely truthful just like at a trial. That includes any statements before a TV camera, any ads, whatever.

3
1
Charles 9
Silver badge

Re: Really??

You will find that it's not much better anywhere else. Just earlier today I saw an ad for I think AT&T that said data rates can be limited after, say, 22GB. Couldn't stomach the monthly rate for that plan, however.

That said, this marks something I thought I'd never see out of the FCC: them forcing providers offering "unlimited" service to take the word literally.

2
0

Forums