* Posts by Charles 9

9745 posts • joined 10 Jun 2009

Google loses Android friends with Pixel exclusivity

Charles 9
Silver badge

Re: Go Google !

Or to get carrier-exclusive features like WiFi Calling (which in the US is pretty much only done by T-Mobile), which at this point can only be baked into the firmware. They won't provide it by an external app, and none of the other US carriers seem to offer it at all.

0
0
Charles 9
Silver badge

Re: Non-story?

Google couldn't do clean images at the time because all the carriers demanded they put their stuff in the same "untouchable" area, or they wouldn't play. At the time, Google was playing catch-up with Apple, and if they didn't concede, carriers would just stick with their existing products (eventually to include iPhones). Basically, Google's ONLY option to get Android on the cell phone map was to cut loose; otherwise it would never had the support it needed to overtake Apple.

2
0
Charles 9
Silver badge

Re: what does android updates have to do with ads

"Citation needed are you kidding me? Just look at the sales of android devices that have a track record of not getting updates. All i read is complaints on how it seems every major android vendor and carrier don't send patches."

That's simply because a game-changer exploit hasn't hit the wild yet. If you find your device can be pwned over the air with no intervention on your part, that's going to change your opinion of your phone, pretty quickly. Stuff like Stagefright seem to come frighteningly close and make you wonder if one actually can do it.

1
0
Charles 9
Silver badge

Re: Go Google !

You gotta buy the phone to get COS, which does diddly for those of us already owning a phone, which is part of the problem here.

0
0
Charles 9
Silver badge

Re: Go Google !

And the problem with that is that more apps are becoming root-aware, meaning there will soon be serious tradeoffs of functionality.

0
2

Go dark with the flow: Lavabit lives again

Charles 9
Silver badge

"Plus in theory I could GPG encrypt my mail myself before I send it through this system if I feel particularly paranoid, while for joe average it will be more secure than before, but with (in theory) similar levels of convenience."

Except PGP/GPG is pre-quantum. You may want to assume the data center in Utah is really a cover for a black-project (read: years if not decades ahead of its time AND deny it even exists) working quantum computer.

0
0
Charles 9
Silver badge

Re: GET OFF MY LAWN!

I don't know. All the sheep would do is graze it and leave fertilizer. Meanwhile, rugby players wear cleats. Things get ugly, they can probably tear any lawn to shreds.

0
0
Charles 9
Silver badge

"What we are trying to avoid is a situation where it is so easy and cheap for almost anyone to rifle through your personal life, that they can do it en masse and for almost nothing per person."

And what I'm saying is that I don't think they did enough to raise that cost. For example, there's a point of trust in this new system. All the plods would have to do is subvert or duplicate this starting point, then they have ways to trace you and then just do highly-targeted attacks as needed.

As for the $5 xkcd solution, I've always said it doesn't work against two types of people: wimps (who keep fainting at the mere sight) and masochists (who are turned on by the wrench and ask you to hit harder).

0
0
Charles 9
Silver badge

Still can't help feeling there's still a way for the spooks to get in. The old First Contact Problem. What if the spooks got a way to infiltrate the chain of trust at the very beginning, enabling them to track the chains as they're being built?

2
0

Chevy Bolt electric car came alive, reversed into my workbench, says stunned bloke

Charles 9
Silver badge

Re: Not surprised the parking brake is so mysterious to Americans

I'm guessing the roads around there don't have kerbs (as the normal procedure then is to turn your wheels such that in the event of a rolldown, the car immediately hits that kerb, likely stopping it).

1
0
Charles 9
Silver badge

Re: Properties of a Parking/Emergency Brake

"And that some place the hazard light button in the stupidest places (which idiot puts it on the column behind the wheel?!)"

Someone who doesn't want the driver's hands to drift too far away from the steering wheel in the event you DO need those hazard blinkers, especially if you have to do it by feel because it's night and your interior lights are gone for some reason.

2
0
Charles 9
Silver badge

Re: Properties of a Parking/Emergency Brake

They could be like air brakes: engaged on power-down instead of on power-up creating a failsafe. And I don't know if push-starting a Bolt is a good idea. They work most consistently with sticks because of the way the wheels connect to the engine (I HAVE started stick cars a couple times in the past by carefully engaging first gear while the car was coasting). Most autos I know you can't push start because the Torque Converter gets in the way. Anyway, you can't push-start a car with a flat battery (no way to bootstrap the alternator to kick off the charging cycle).

1
0
Charles 9
Silver badge

In a manual, you simply leave the car in a low gear (first or second). The resistance of the still engine combined with the gear ratio in a low gear provides the same thing the parking pawl does in an automatic. Yes, I used to drive a stick. Most people drive automatics because they're a lot more practical when you're including cruise control, and for a country as big as the United States with lots of open road, it kind of becomes very useful for those long drives.

3
3

Mozilla wants infosec activism to be the next green movement

Charles 9
Silver badge

Re: Whilst it's a nice idea...

Even if that's what the public wants? Don't forget we're in the distinct minority here.

1
0
Charles 9
Silver badge

Re: Whilst it's a nice idea...

So you want a license to use something people use in the privacy of their own homes? Not even driver's licenses go that far (a car driven on private property doesn't require a license).

What we need is some kind of HARDWARE lock such that anything potentially stupid requires getting up and pushing an actual button or even inserting and turning a key to engage. The trick would be to actually make it enforceable and nigh impossible to bypass.

2
0
Charles 9
Silver badge

Re: Back to the future

Because that's what Joe Stupid wants: turnkey simplicity, and Stupid outvotes you: both in numbers and in money. Which means we need another plan.

3
0

Linux is part of the IoT security problem, dev tells Linux conference

Charles 9
Silver badge

Re: Easy Solution.....

I wonder if it's at all possible to sue to have a company's source code openly published in the name of national security or whatever? Wonder if THAT would make for a good enough threat?

0
0
Charles 9
Silver badge

Re: Be careful what you wish for.

"Security is usually expensive. Long term support is ALWAYS expensive."

And users are CHEAP. Solve for secure users such that the Internet doesn't break.

1
0
Charles 9
Silver badge

So what do you do when (1) you have a device you use everyday but has a security hole big enough to drive a Mac truck through, (2) the only update available will defeat the very reason you use the thing, (3) your other hardware and the device's use case prevents you from segregating it, and (4) you don't have any money to replace the device?

0
0
Charles 9
Silver badge

"A bit of end-user education would go a long way here."

Except as a comedian said, "You can't fix Stupid." So how do you fix the problem when you have hopeless users?

1
0
Charles 9
Silver badge

Re: Rolling your own vs. getting Linux

Trouble is QNX ain't free, making it a non-starter.

1
0

Korean boffins vow 1,000km-an-hour supertrain

Charles 9
Silver badge

Re: Sigh

Offset by the fact terra firma ain't exactly flat. Working across rivers over mountains and valleys, etc. Make for infrastructure issues for both track and power, especially for trains that have limits to the amount of turning and tilting they can take at a time.

0
0

IT team sent dirt file to Police as they all bailed from abusive workplace

Charles 9
Silver badge

Re: Noooo!

And if your job is able to make the cops leave empty-handed?

0
0
Charles 9
Silver badge

Re: Doesn't ring true, sorry ...

Even if the high ups have the ability to make the plods look the other way?

0
3

Unbreakable Locky ransomware is on the march again

Charles 9
Silver badge

Re: viduses

"And with Windows Home edition you can use the Parental Controls."

Which is of course useless since 9 times out of 10 the kids are better able to use the computers than the parents and quickly learn the procedure needed to unlock the controls.

1
0

Father of Android II: A Hardware Comeback

Charles 9
Silver badge

Re: connector

"I didn't fully explain my line of reasoning though: with PCIe speeds, the camera and laptop (or phone) would only have to be in contact for a few seconds - almost a kiss-to-transfer operation."

Except it's usually the card that's the bottleneck in transfers, not the bus. That's why SD cards have speed ratings like Class 6 and UHS-I. Anyway, most portable devices don't carry a PCIe bus but do support USB out of necessity. SD can be driven by USB, and since USB 3.0 can do up to 5Gbps, that kind of makes the issue moot for most users (XQD appears to be a professional-grade bus for camcorders and ultra-high-definition/lossess still cameras).

0
0
Charles 9
Silver badge

Re: The USP...

"It would have to be a "click-through wizard to install" and "no monthly subscription" affair though or it would be guaranteed to fail..."

But without at least the latter, there's no revenue to cover the costs, the investors won't be pleased, and the end result is it's guaranteed to fail.

Damned if you do, damned if you don't. That's why ordinary people just can't have nice things.

0
0

Windows 10 networking bug derails Microsoft's own IPv6 rollout

Charles 9
Silver badge

Re: "decided not to make this next-gen networking protocol backward-compatible?"

"Just because "we always did it that way" doesn't mean it's the best or most practical way of doing it."

Whatever happened to, "If it ain't broke, don't fix it."?

1
1
Charles 9
Silver badge

Re: Not that awful

In fact, two topology scramblers are built into the IPv6 spec. One (basically a 1-to-1 NAT, which they've never had issues with) allows you to rearrange external-to-internal v6 IPs at the router level so that the internal and external numbers don't match up so you don't give away your LAN structure. The other assigns ephemeral v6 IPs to all outgoing connections, which prevents using backtracking as an intrusion tool (not only does the random IPs prevent structure snooping but being ephemeral they don't last so even if you snoop the number it won't connect back once you're done).

3
0
Charles 9
Silver badge

Re: Not that awful

"Don't know what you've been reading but no they can't unless you have a router with no firewall on it or you actually use the ISP provided router/firewall. I do networking for a living and rule one is you own and control your border (for a given value of own)."

Here's the problem. YOU'RE within the ISP's borders. And since the ISP knows which external IP they gave you, they can go from there to your router and, if the firewall wasn't there, route packets from there to your LAN. Another networking expert demonstrated it a few months ago.

Point is, it's not the NAT that guards your LAN from the outside but the firewall. And there's NOTHING stopping you from putting a firewall between your LAN and the IPv6 Internet. IOW, NAT is giving a false sense of security; attention needs to be focused on the firewall instead, which doesn't go away with IPv6.

6
9
Charles 9
Silver badge

Re: Not that awful

"BTW, who likes NAT? I can only think of one real advantage it has."

The trouble is that most users thing NAT means most of their devices are hidden from the Internet automatically: a secure-first situation. But from what I've read, this isn't totally true. The ISP (which provides your IP address/block) can actually directly connect into your LAN with a little knowledge and the proper routing tables. If the ISP can do that, anyone else (like the State) can persuade/coerce the ISP to do it on their behalf.

Until such an event makes the news and breaks the myth of NAT "invisibility", it's gonna be hard to convince people.

PS. To all those saying just extend IPv4, the problem is that IPv4 can't be extended. It's 32-bit address and 16-bit port limits are hard-coded. Because of this, devices that only grok IPv4 can ONLY address devices with IPv4 addresses: no ifs, ands, or buts. It's like trying to cram 24 eggs in a carton only built for 12; something will break along the way. So your only option is to start fresh, and if you're going to start fresh, why not try to keep the issues you're having now from cropping up in the future? Things like overly-complicated routing tables, the kind that are knocking routers to their knees...

5
15

ProtonMail launches Tor hidden service to dodge totalitarian censorship

Charles 9
Silver badge

Re: it will happen

In this particular case, it would be difficult to attack protonmail the onion service without pinpointing and attacking the actual physical server. That was what it took to take down Silk Road on TOR and KATorrents on the Clearnet.

0
0
Charles 9
Silver badge

Re: How long...

You bet your life? They'll control VPN and all the other obfuscation avenues simply by controlling encryption as a whole (say by declaring it a munition). If any an all forms of encryption are going to be controlled, even steganography is going to be a stretch, especially for anything of volume.

0
0
Charles 9
Silver badge

Re: CERN

The problem being if you have something to hide than someone else probably knows what it is you're trying to hide, meaning posting it in the clear anywhere runs the risk of traffic sniffers picking it up. "Hiding in plain sight" doesn't work well against a Panopticon.

1
0
Charles 9
Silver badge

Re: How long...

"The solution is to fix your government so that they aren't a bunch of control freaks. Merely using technological band-aids to make it hard for them will just make them angry control freaks."

Problem is, you pretty much HAVE to be a control freak to have any real interest in government; otherwise, you'll steer away from it. How do you solve this problem of the human condition?

3
0
Charles 9
Silver badge

Re: How long...

They'll just turn it into an either-or, helped along by the IoT controversy. Eventually, the Internet as it is will become an untraverseable cesspool of anarchy where any unprotected connection is quickly used to hijack and pwn you regardless of the device (everything I've said has existed at some point, some smartypants simply needs to put them all together). Pretty soon SOMEONE will propose the redo the Internet from the beginning: this time with full attestation at all points; no more anonymity.

It's the same thing with government. The human condition means any "desirable" form of government cannot survive in the really long term. In the end, it will usually degenerate because the system gets too imbalanced; people find ways to cheat and beat the system, creating resentment if not hopelessness which then drives the have-nevers to do anything to survive, resulting in either anarchy or ruthless put-downs and a police state to prevent repeats. Anything in between will just result in one of the two again: ANY freedom can be exploited to produce chaos.

1
1

What's the biggest danger to the power grid? Hackers? Terrorists? Er, squirrels

Charles 9
Silver badge

Re: Nut jobs

Yes, because squirrels are rodents like rats. And if you'll recall, rats are notorious for being able to chew through well-nigh anything, including cinder block and metal. And squirrels have an edge over rats in their great leaping ability and propensity to reach. That's why they're a handful around seed feeders. IOW, if they want in, they'll find a way in in spite of God, Man, or the Devil.

0
0
Charles 9
Silver badge

Re: Soldiers unaware of the Faraday cage

Sounds better. I would've thought the vehicle wouldn't readily conduct the power from a fallen wire. See, I've been told a vehicle is actually one of the better places to hide out in an electrical storm; the air-filled rubber tires put a layer of insulation between the vehicle and the ground, reducing the risk of a direct discharge.

0
0
Charles 9
Silver badge

Re: Nut jobs

"Our infrastructure is not as robust as we would like, but in each case the people directly affected overcame the problems. And not because some pin head, pencil pushing, government administrator came up with a study identifying probable threats. As the squirrel study shows, the real problems come from diverse random events, and are not predictable. It's usually some nut job (squirrels included) acting out that causes all the havoc."

Which is why the reports notes what could happen if someone got SERIOUS about sabotaging the US. If one nutjob can bork a chunk of the US for a day or two, imagine a group with 9/11 levels of resources? Or worse, a State using it as the prelude to a Decapitation attack?

0
0
Charles 9
Silver badge

Re: re: when you REALLY need it?

"Got failover storage? Pull some cables and see what happens? Do it regularly, and check that the fail back (ie return to previous operating config) works too."

But with Murphy's Law, the device will PASS the testing, then FAIL when the actual emergency hits because the only thing that can actually duplicate the full conditions of an actual emergency is an actual emergency.

8
0
Charles 9
Silver badge

And how would you know it's working when you REALLY need it? Murphy's Law would mean the thing works EXCEPT when the power cuts out, then it suffers a fault and shuts down resulting in an impossible-to-predict Failsafe Failure.

1
0

'Exploding e-cig cost me 7 teeth, burned my face – and broke my sink!'

Charles 9
Silver badge

Re: Stored Energy

"If you're affected by the tiny amount of nicotine in second hand vape, then never, ever touch a member of the nightshade family again - you'll get a damned sight more nicontine in your bloodstream from that"

Seriously? I get more nicotine from touching a tomato? I'd love to see where this is backed up.

1
1
Charles 9
Silver badge

Re: Going for a Darwin Award?

Even though lithium (being an alkali metal) reacts to water? You have to make sure your battery is Lithium-Ion or Lithium-Polymer first, as pouring water on a Lithium- primary fire is a BAD idea.

3
0

Chrome dev explains how modern browsers make secure UI just about impossible

Charles 9
Silver badge

But if it's not what the customers actually want, then you're in a bind. What do you do when the customers demand unicorns and will happily pay for the first horn glued to a horse to come along? And you can't say let them suffer because their actions usually come with collateral damage for the rest of us. When everyone is plunking down for fakes, nothing goes into the real stuff, and everyone loses.

0
0
Charles 9
Silver badge

"Leave users to decide whether they want full screen or not, and never force them to accept popups or full screen views."

Everyone here's forgetting that we're not the average user. The average users doesn't want to decide. This is why they demand turnkey solutions.

0
0
Charles 9
Silver badge

Re: HTML5 can do WHAT?!

You still need a browser to Chromecast, so the problem is being deflected.

Not everyone can root their devices, plus doesn't Netflix now balk in the presence of root since this provides a recording avenue?

Most smart TVs have outdated Netflix apps that'll never be updated again.

Plus what if ALL you have is a laptop (quite possible if on the go)?

0
0
Charles 9
Silver badge

Re: The problem isn't the UI ...

But as a comedian once said, "You can't fix Stupid," and Douglas Adams once wrote on the sheer ingenuity of complete fools when it comes to "foolproof" designs. Combine the two, and you end up with scenarios like what Terry Pratchett once wrote, about the paint for the sign for the End of the World Button not having time to dry.

This is the kind of world we live in. Now how do we solve for that without Stupid taking the rest of world with him?

3
1
Charles 9
Silver badge

Re: HTML5 can do WHAT?!

And if that content is ONLY available on the web, like say Netflix programs (you DO know Netflix does their own TV shows now)?

1
5
Charles 9
Silver badge

Re: HTML5 can do WHAT?!

Until they find ways to BEAT NoScript by using proxies, inline domains, and other things that make the cruft part-and-parcel with the content. ALL content. And no, nice guys won't get a chance here. Soon as they appear, the sharks will chomp them up. It's why you can't even go to an official driver website (one of the few EXCLUSIVE sources on the Internet; if you can't trust the manufacturer, you can't trust ANYONE) without leaving holier than a wheel of Emmentaler. Faced with that, your only options are to finally bend over or to leave the Internet and go back to the real world of untraceable cold calls, billboards, and junk mail.

3
1

Silence is golden: How Google hunts Android malware in the wild

Charles 9
Silver badge

Re: Security Through Irritation

"They should've thought about this shit years ago."

They did, and they concluded that market penetration was more important because otherwise they'd be conceding the market to Apple. So the carriers basically had them by the short-and-danglies, putting them in a dilemma: either overtake Apple with Anarchy or give up and let Apple's Police State rule.

1
0

Forums

Biting the hand that feeds IT © 1998–2017