* Posts by Charles 9

9744 posts • joined 10 Jun 2009

Microsoft's DRM can expose Windows-on-Tor users' IP address

Charles 9
Silver badge

Re: Is it just me

Yes, it'll give an error on a protected asf or wmv file.

2
0

Trump's new telecoms chief bins broadband subsidies for the poor

Charles 9
Silver badge

Re: Prevent an informed electorate

Is there any trend then for people being likely or unlikely to control bias? Or is it simply inherent to the human condition?

2
0
Charles 9
Silver badge

Re: What this is..

Problem is, that runs the risk of YOU not being among the ones still standing, so you're instinctively going to fight it.

0
0

Javapocalypse soon! Oracle warns devs to bin plugins, fast

Charles 9
Silver badge

Fun?

It's simply that a lot of enterprise stuff won't run without Flash and can't be replaced.

6
0

With net neutrality pretty much dead in the US, your privacy is next

Charles 9
Silver badge

Re: If I may...

"One problem with this model is that, as businesses will do whatever makes the most profit, they have no incentive to benefit society as a whole and any benefit that does arrive is really a side-effect. Another problem is that a truly free market - where the government does not interfere at all - can end up destroying one of the foundational assumptions of capitalism: competition. With no restriction or regulations or interference, monopolies can and will arise, reducing competition and thus crippling one of the main reasons capitalism works in the first place."

As far as the monopoly is concerned, though, it's working just fine. In fact, one of the goals of these monopolies is to transcend government and become sovereign unto themselves (think William Gibson's Sprawl) since the best way to beat regulation is to rise above the ability to be regulated. Thus transnational companies that can play sovereign states against each other (why ships don't flag in a first-world nation and why small countries like Ireland seem to get a lot of transnational business because their operating costs--and thus taxes--are low enough to undercut). Even the "nuclear option", denying them business in a country, can be met with a, "Your funeral."

0
0
Charles 9
Silver badge

Re: Https

Governments likely control or pwn most of the END nodes, meaning they can probably track you anyway. Remember, they took down Silk Road, an Onion site, so it shows what they can do when they REALLY hate you.

0
0
Charles 9
Silver badge

Re: So what's next?

"alternatives DO exist. 'duck duck go'"

Duck Duck Go can't produce an alternative manufacturer's website out of thin air. ANY unofficial site WILL be laced with Bad Stuff.

0
0
Charles 9
Silver badge

Re: If I may...

Then all 12 starve because the scenario is that each needs one WHOLE coconut to last long enough for a ship to come, and they're SO starved that they need to eat NOW to survive that long.

It's basically a variant on the Cold Equations situation. Either some perishes or ALL perish, with no third option available.

0
0

Thought your data was safe outside America after the Microsoft ruling? Think again

Charles 9
Silver badge

Re: Email is like a postcard

But what happens when you have to communicate OUTSIDE your domain? Then all bets are off regardless of the method.

1
0
Charles 9
Silver badge

Re: "Unless you go the full totalitarian, and run a private security state"

As I understand it, the Constitution is still just a document: Ink on a page, literally. Someone with enough cojones and enough backing could just push that document aside and rule autocratically. That's what a lot of coups are about.

5
0
Charles 9
Silver badge

Re: WOW

"Store your data on kit which is under your control."

Unless you build your own kit from scratch including the chips, there's now way to ensure your data is really under your control. Just ONE is enough to break everything wider than open.

Now who own their own personal chip foundry, eh?

3
7

BOFH: Password HELL. For you, mate, not for me

Charles 9
Silver badge

Has anyone tried a system where you pretend to be a robot with an old 80's voice?

"Robot caller detected. Robot responder online and operational."

3
0
Charles 9
Silver badge

Re: call about your accident

In America we tend to get cold calls by robot. Since they'll persist in spite of anything you do, all you can do is hang up and see if you can block the number in future (at least I haven't yet been cold called from a hidden number, probably because those that do tend to end up being police traced).

0
0

Fears Windows code-signing changes will screw up QA process

Charles 9
Silver badge

Re: Can anyone explain

Wouldn't that also play into malware's hands since they could get the jump on a realtor and post bogus-signed drivers, giving them kernel-level pwnage with a strong look of authenticity?

0
0
Charles 9
Silver badge

And sometimes the process gets too irksome. If you have to reach for and unlock three different doors just to get in and out of a place you frequently come and go every day, you'd start to consider that excessive, wouldn't you? Especially when you frequently do so with your hands full (where in the job description did it require such people to be jugglers). Security may be a process, but it has to compete with ease of use. Make things too difficult and people are going to go, "Screw this! My livelihood ain't worth this much hoop-jumping!"

0
0
Charles 9
Silver badge

Re: Can anyone explain

One nasty one was signed with Realtek's driver key. Guess what else uses that key? The bulk of computer sound drivers today. Revoke that key and users suddenly lose their sound. That's probably why it was used: too much collateral damage to revoke.

Now imagine if a total own age malware was signed with the same key used to sign the Windows kernel...

0
0

Human memory, or the lack of it, is the biggest security bug on the 'net

Charles 9
Silver badge

Re: Password Policy

The problem is identity theft can use the "low-risk" sites to glean enough information to use social engineering to get access to the higher-risk sites. Even if you use fake information, unavoidable traces like your IP address can be sufficient.

0
0
Charles 9
Silver badge

Re: Passwords; Diceware

They can pwn your smartphone. Plus what if you don't have one?

0
0
Charles 9
Silver badge

Re: Except the BLIND can't use images

And they're also easier for mules and machines to interpret, so you're making things simpler for the crackers; they just have to pretend they're blind.

0
0
Charles 9
Silver badge

Re: Different Memories

"More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts."

Except the BLIND can't use images, and the law requires sites accommodate the blind and other disabled.

0
0
Charles 9
Silver badge

Re: All websites are fundamentally insecure

They can still trace you by your IP, then trace you from that to your ISP. And there's no guarantee LEOs don't have ways to track you through relay chains. Remember that the Feds found a way to take down the owner of Silk Road, a TOR Onion site, so we know it's possible.

0
0
Charles 9
Silver badge

Re: Passwords; Diceware

But if you CAN'T use a password manager, say because you don't own the computers you use everyday?

1
0
Charles 9
Silver badge

Re: All websites are fundamentally insecure

Plus what if the miscreant decides to sully your image? They could post controversial materials, or worse, NSFW or even illegal stuff. Images are difficult to keep clean and very easy to tarnish.

1
0
Charles 9
Silver badge

Re: What about DISABLED people, though?

BLIND people CAN'T. That's why image-based CAPTCHAs get sites in trouble. The best systems kind of require full sensual acuity to work, but of course not all of us have that, so the law requires fallback methods...which miscreants can exploit by simply claiming to be blind and so on to get simpler puzzles.

0
0
Charles 9
Silver badge

Re: Try blaming the correct people next time.

"If someone cracks my El Reg password, about all they can do is make some silly and/or offensive comments in my username. I make those myself already, so I'm willing to accept that risk."

Or they could use it to post politically incorrect stuff and stain your reputation. Or worse, post CP links and get the attention of the law on you.

0
0
Charles 9
Silver badge

Re: Alternatively...

NO. It has to operate on untrusted airwaves and is MUCH easier to nick or hack.

1
0

Software can be more secure, says NIST, and we think we know how

Charles 9
Silver badge

Re: Start by actually writing your own code!

The best code is no code...ONLY if you want to do NOTHING.

If nothing is not an option, then to turn a phrase, you better start coding.

"Write you own if you have time, money, and the skills."

But that's the problem I'm describing. When it comes to cryptography, few people really DO have the skills. Problem is, those that DO could really be double agents. So you're caught between Scylla and Charybdis.

0
0

It's holistic, dude: How to dodge the EU's £17m data regulation sting

Charles 9
Silver badge

Re: Four words

But like I said, that's not an option anymore. Now it's ALL or NOTHING.

1
1
Charles 9
Silver badge

Re: Four words

And the GDPR now requires you do it RIGHT. So now you're assailed from ALL THREE corners. Investors want it cheap for RoI, competition forces you to do it fast to avoid being beat, and now the law forces you to do it right or get swamped by legal consequences.

IOW, "Pick any TWO" is not an option anymore. Now it's All or Nothing.

3
0

GitLab.com melts down after wrong directory deleted, backups fail

Charles 9
Silver badge

Re: Two Words - CHAOS MONKEY

But sometimes, you're not even allowed the ounce. What then?

0
0
Charles 9
Silver badge

That's if you can afford an instance or some other fallover. Many CAN'T. Yes, it's stupid, but if you're stuck in the middle of the ocean with nothing but a piece of flotsam, what options do you have besides exhausting yourself treading water?

As said, breaking even is priority one because you're obligated to your investors first. If they don't agree with you about long-term investments, than again you're stuck because they can pull out, killing you BEFORE the disaster hits.

0
0
Charles 9
Silver badge

Re: Super! Great

"A big part of job interviewing from the view of the interviewee is figuring out if the company is one of those companies. If you do take the job then it probably means you need to do a better job researching companies or you need to increase your skills and experience so you don't have to work for those type of companies for long if at all."

Or it simply means you're out of options. If they're the ONLY opening, then as they say, "Any port in a storm."

3
0
Charles 9
Silver badge

Re: Two Words - CHAOS MONKEY

Right, but what if that's your ONLY unit?

0
0
Charles 9
Silver badge

Re: Backup is hard. Doesn't mean it should be ignored.

"People don't appreciate that failures are a wonderful learning experience."

Because for many people's personal experiences, people who fail (at all) don't survive for very long.

4
0
Charles 9
Silver badge

Re: Super! Great

"Sounds to me like the failure is in the business model of the company. Those generally are the type of companies that are one recession or self created disaster away from administration."

That's why it's called living on the razor's edge. Where margins are close to zero all the time. You'd be surprised how many firms HAVE to live like this because they flip between profit and loss every month. You're floating in the ocean and you barely have the stamina to tread water. Sometimes, that's all you're dealt. All you can do is hope for shore or some flotsam.

9
0

Twin brothers. One went into space. The other didn't. NASA reveals how their bodies differ

Charles 9
Silver badge

But I think several of the divergent twins were female.

0
0

WTF is your problem, Netgear? Another hijack hole found in its routers

Charles 9
Silver badge

Trouble is, support is incomplete. Can't use it for my R7000, for example, because it OpenWRT can't drive the wireless chips. It's an issue common with FOSS because wireless chips are fiercely guarded trade secrets owing to wireless patents and competition (Linux has similar WiFi issues).

0
0

What's the difference between you and a sea slug? When it comes to IT security, nothing

Charles 9
Silver badge

"Well whoopty-doo, cry me a river - no fucking thing in real life is ever guaranteed!"

But that's what the customers WANT, like it or not. So if you cry a river, they'll be happy to send you down it. Which would you rather have? Hundreds of false positives...or one false negative?

"Second, there is zero point in nagging me about things I cannot do a single damned thing about. If a website's certificate expires, can I fix it? NO!"

But it WOULD be prudent to, you know, NOT GO THERE.

"so John Smith won't care about hosting a botnet as it will not impact him at all"

Not impact him at all? What about steal his information and use his identity to commit illegal activities putting the law on them?

"there's only one thing I can do about that when it happens: cancel the dialog and continue about my business."

Oh? What about "Perhaps what you are about to do is stupid. DON'T DO IT!" Like I said, I'll take hundreds of false positives over one false negative because they only have to get through ONCE to make it Game Over.

0
0
Charles 9
Silver badge

Re: has anyone ever

No, the advertisers. If the clients aren't getting results, they can pressure the ad people and get their fees cut, since the clients tend to be bigger than the ad people and therefore will have access to better lawyers.

0
0
Charles 9
Silver badge

Re: has anyone ever

"99 times out of 100 being overlooked is exactly how advertising should be. If one view in ten thousand results in a sale then the ad is doing extremely well."

Nope, I hear it's LOSING them money, so they NEED a higher hit rate. Otherwise, their rates get forced down and they'll eventually end up in the red.

0
0
Charles 9
Silver badge

"If you get a warning about Windows malware and you're running Linux you do tend to dismiss it with contempt."

Until they start making multiplatform malware, meaning that Windows warning can have implications for Linux users, too.

0
0
Charles 9
Silver badge

Re: I was going to do something about this study, but...

"In other words, the world is full of people who are just not sysadmins. So why on Earth would anyone put the responsibility of computer security squarely in their hands? Recipe for failure much?"

Because with something as "personal" as a computer, you can't trust someone else to do it, either. That trust WILL (not MAY) be betrayed, so it becomes like the front door. You need to keep intruders out (and there are more of them due to the cyberspace angle), so people have to learn to do some hoop jumping if they want to keep their computer safe. It's unavoidable, much like house burglary.

0
0
Charles 9
Silver badge

"Each window has an unforgeable coloured titlebar so you can see what level of security it is operating at. The colours can be customized but only from the hypervisor --- nothing in the VM can alter the colour of that titlebar."

You bet your life? It's pretty certain someone will develop a VM escape (a red pill) at some point in the near future. After all, they developed sandbox escapes quickly enough.

1
0

Axe net neutrality? Keep the set-top box lock-in? Easy as Pai: New FCC boss backs Big Cable

Charles 9
Silver badge

Re: Unfortunately for big cable, pretty soon they'll be swimming in competition

"Of course AT&T and Verizon aren't exactly loved, but I think Comcast and TWC are hated even more than cellular carriers."

Really? You should hear some of the gripes about service plans, transfer rates, and costs. Plus wireless has a sheer physical limit meaning they'll never be able to really compete with terrestrial services.

0
0
Charles 9
Silver badge

Re: Congress is supposed to make laws, not bureaucrats

Where it should belong is in the hands of people who at least KNOW what's going on. Being a bureau specifically dedicated to communications (the first C), I would think people in the FCC would be more aware of the nuances of today's communications infrastructure than a Congressperson.

0
0
Charles 9
Silver badge

Re: Is there an option to NOT have cable?

They make it economically impractical to just get one from them. Bundling is about the only way to save money on them, forcing you into the closest thing to a Hobson's Choice they can. And satellite's now a duopoly of DirectTV (now owned by AT&T, vertical integration's already starting) and Dish. You don't want to know their rates, plus using satellite for Internet's considered a last resort because of speed of light issues.

0
0
Charles 9
Silver badge

Re: "local franchising, zoning, permitting, and rights-of-way regulations."

What about points of entry? Each country only has a few, don't they?

0
0
Charles 9
Silver badge

Re: Adam Smith got there forst

"A true, laissez faire, 'everyone go out and make as much money as you can without restriction' is a good economic plan in the same way that 'everyone going out and driving as fast as they can without restriction' is a good traffic plan."

Well, for Darwinists, the idea is that the ones who survive the carnage learn the skills needed to barrel down twisted roads at 100mph without losing control and pass the techniques on to their kids and so on.

IOW, these are the kinds of people who would support culls.

0
0

Cyber-spying, leaking to meddle in foreign politics is the New Normal

Charles 9
Silver badge

Re: Will politicians learn from it?

Wasn't that precisely what the RSA attack was all about? And that was just an attack that got DETECTED.

0
0
Charles 9
Silver badge

Re: Attack of the Russian cyber bogeyman

"So the question is, when China decided to offload US Treasuries & UK Gilts, how long with these currencies exist until hyper inflation like we saw during the Weimer Republic or will the UK see a repeat of 1976 with the Sterling Crisis and IMF loan."

It won't do much and China knows it, since most sovereign debt (at least in the US) is Internal (the biggest debt holder is the Treasury, at least double what China holds which isn't even 10%).

0
0

Forums

Biting the hand that feeds IT © 1998–2017