* Posts by Charles 9

10427 posts • joined 10 Jun 2009

Germany, France lobby hard for terror-busting encryption backdoors – Europe seems to agree

Charles 9
Silver badge

Re: Whats wrong with giving the keys to Law enforcement?

"It's not like they will get into the public domain and a free for all can happen is it? I mean we've had backdoor TSA keys on luggage with out it ever happening."

It wasn't as if I didn't know the locks weren't any serious form of security. They're just there to keep the latches or zippers opening accidentally and dumping your contents. A serious thief wouldn't care about breaking the suitcase to rummage or simply taking the whole thing since by the time you find out they'll be long gone.

1
0
Charles 9
Silver badge

"You actually think your bog-standard bureaucrat is going to understand even that? My, my, you're a trusting soul...."

Well, you gotta trust SOMEONE. Otherwise, civilization can't function and we're basically in Anarchy Mode...

0
0
Charles 9
Silver badge

Re: 'the right of the people to keep and bear Arms, shall not be infringed'

But who else but a state has the resources to make a working and relatively safe H-bomb?

0
0
Charles 9
Silver badge

Wanna bet? Nothing's impossible in the mind of a politician except being able to speak against him or her.

1
0
Charles 9
Silver badge

Re: "accusing a democratically elected politician of being 'the death of democracy'."

No it won't. All an autocrat has to do is IGNORE it, since in the end laws are just ink on a page. If they throw out the Constitution, start fresh, AND have the force to back it up, there's no stopping them. That's what happens in a hostile takeover.

4
0

Net neutrality? Bye bye, says American Pai

Charles 9
Silver badge

Re: is this the right time and place to say ....

And I guess someone who wants to do on-the-spot research on a hot soon-to-be-gone impulse buy are gonna have to just go on gut instinct.

0
0

Autonomous cars are about to do to transport what the internet did to information

Charles 9
Silver badge

Re: Niave much?

"We don't all live in huge metro hubs. Most of us live outside of them..."

To which I would respond, "What difference would that really make? Wouldn't that just be solved with fewer cars?"

0
0
Charles 9
Silver badge

Re: Works for cities

"I think you'll find most people would just prefer to have their own car. If it all worked perfectly, it would be a boon to those replacing taxis. It doesn't work though. I think its mostly compute providers looking for a solution to a particular problem, that being, what can we flog?"

And what if market forces PREVENT people from buying their own cars because the risks inherent with being human raise insurance premiums out of affordability?

0
3
Charles 9
Silver badge

Re: It'll Never Happen

Actually, yes. It's trickier, yes, but not impossible; plus the cops may not be interested in getting too wet; though they may employ tag teams with the chasers wearing slickers. Small form factor radar is getting more and more useful. And if conditions are bad enough to really screw up radar, they're probably whiteout conditions, meaning zero visibility, meaning you should be stopping at this point.

1
0
Charles 9
Silver badge

Re: Works for cities

And if they sue for recklessness?

0
1
Charles 9
Silver badge

Re: So...

"I think this was always the case, even when we only had a few media choices. If you solely read The Times you would have a different view of events than if you read The Mirror. Now - as then - the only way of discerning truth is by comparing multiple sources and not believing anything unless confirmed by multiple original sources."

Even that's not safe, as all the sources may say the same thing...only it's the WRONG thing.

0
0
Charles 9
Silver badge

Which can be arranged as automated cars prove their worth. What do you think will happen to your insurance premiums, to say nothing of deductibles? Pretty soon, most drivers will be priced off the roads.

1
0
Charles 9
Silver badge

Re: It'll Never Happen

Wanna bet? Automated snow diggers combined with robocars using snow tracks instead of wheels.

0
1
Charles 9
Silver badge

Re: Works for cities

More privately-owned cars get off the streets due to skyrocketing insurance, spaces will open up.

3
0
Charles 9
Silver badge

Re: Instead of delivery, build on-site

There's also the matter of supplies for those 3D printers. Even Transmetropolitan 's makers needed base blocks of matter.

7
0
Charles 9
Silver badge

Re: Instead of delivery, build on-site

Shipping will still have a place for things too large or complex to fabricate on site or for stuff that started out alive.

3
0
Charles 9
Silver badge

Re: My Cold Dead Hand...

Bet your life? The insurance companies will have you for lunch.

3
5
Charles 9
Silver badge

Re: First autonomous cars...

AIR transport will remain expensive and complicated for a while. Physics gets in the way, and we're still some distance from synthetic hydrocarbon fuel.

0
0
Charles 9
Silver badge

Re: Just wait...

Which then get dismissed as the bulk turn out to be Acts of God. How many to date have been proven to be caused by glitches? One, off the top of my head.

0
1

Security slip-ups in 1Password and other password managers 'extremely worrying'

Charles 9
Silver badge

Re: Little blue book

How about someone else entering them FOR YOU?

2
4

ESET antivirus cracks opens Apple Macs to remote root execution via man-in-middle diddle

Charles 9
Silver badge

Re: Basic security practices bypassed....

And until people are willing or compelled to pay for proper security, there won't be a motivation to do it right. Not even laws will help much since companies can just move to dodge them.

0
1

Global IPv4 address drought: Seriously, we're done now. We're done

Charles 9
Silver badge

Re: "nat-has-nothing-to-do-with-security"

AGAIN, NAT isn't what blocks incoming connections, and I'll prove it.

You get your IP address from your ISP. Which means your network is subservient to it and you're technically INSIDE the ISP's INTRAnet. Which means they can route packets within their INTRAnet willy-nilly. That includes the RFC1918 ranges. If they know the IP address of a target machine you have, they can just route the packet directly onto it, no translation necessary because it's THEIR network which you're riding on. You could do the same thing if there was a NAT in your corporate intranet. A network expert confirmed this to be possible by disabling a home router's firewall several months ago.

So NO, NAT is NOT what you really want. It's in fact a false sense of security in the face of an ISP that gets served a warrant.

The device that provides the minimum degree of separation you want is the firewall, which doesn't change with IPv6, and if you don't even trust that, you want something stronger like a proxy server that allows you to better safeguard from both directions. And if you want to go one step further, then yes I'm saying use something at the L2 level (and yes, you CAN have an L2 proxy just as you can an L2 firewall; it uses TWO interfaces and the proxy bridges them according to its rules).

0
1
Charles 9
Silver badge

Re: "nat-has-nothing-to-do-with-security"

The thing is, your problem isn't the IPv6 protocol but rather the greater Internet itself. Your problem IOW isn't in L3 but in L2, and you need to address your issues there with things like physical proxy servers that provide a physical layer of separation. Internally, your choice of protocol is up to you and irrelevant here. Externally, you may want to find a way to talk to IPV6 destinations before you get shut out, but by your standard that a problem for your gateway to solve. You don't HAVE to keep end-to-end connectivity if you don't want to, but it's better far to have the option open and not use it instead of not having the option when you need it.

0
0
Charles 9
Silver badge

Re: Address allocated but not live

No, that's a million machines scanning a million IPv6's per second. How many machines out there can scan that fast? How many can the inbound gateway handle?

Put it this way. If you had THAT much computing power at your disposal, you'd probably have bigger fish to fry, like trying to solve for encryption or factoring algorithms.

0
0
Charles 9
Silver badge

Re: IPv6 usage soaring?

To address (C), if you don't want your information to be free, then don't connect your machines to the Internet, end of. If you MUST as a matter of business, use something robust like a proxy server to get a true degree of separation between inside and out.

0
0
Charles 9
Silver badge

Re: Dear network geeks, IPv6 is crap because...

So a drive-by hack isn't a form of back-hack?

0
0
Charles 9
Silver badge

Re: "nat-has-nothing-to-do-with-security"

If you paranoia's that high then what you want isn't a NAT gateway but a proxy server. If you don't want end-to-end connectivitu, then don't go halfway and create a true barricade that denies by default BOTH WAYS unless you whitelist.

0
0
Charles 9
Silver badge

Re: Dear network geeks, IPv6 is crap because...

The term "back-hacking" is from Ghost in the Shell. It simply means running a hack in the reverse direction from the original connection (backwards, IOW, thus you're "hacking back"). If the original connection's still in place or is being otherwise remembered, a firewall exception is still in place, meaning you can piggyback on it to get through.

2
0

LG, Huawei unwrap 'Samsung Galaxy-killers'

Charles 9
Silver badge

Re: please start every phone review with:

It's not convenience I'm concerned about but safety. Getting the battery out when it starts to bulge is a decent safety measure. Given the potential for spontaneous phone-bustion, I'm surprised some country hasn't required user-removeable batteries by law due to fire risk, much like how lithium batteries can't be placed in airplane cargo holds without special packaging but having them in carry-on baggage (where humans would be present) is less of an issue.

0
0
Charles 9
Silver badge

Wireless charging is not all it's cracked up to be at this point. It's not as efficient, emits too much heat, and is harder to control. Ergo, it murders the batteries (which in these models can't be replaced--consider that). I switched out batteries in S4's and Note 4's way too soon due to heat damage induced from Qi chargers, so I can speak from experience.

0
1
Charles 9
Silver badge

Re: please start every phone review with:

Also state the battery capacity. I'm looking for no less than 5 Ah and yes I WANT a beefier phone.

0
0

The Psion returns! Meet Gemini, the 21st century pocket computer

Charles 9
Silver badge

Re: That display...

You may not be able to discern the pixels at that resolution, but many of us can, and I'm one of those who still has good eyes and a distaste for aliasing.

3
2

'First ever' SHA-1 hash collision calculated. All it took were five clever brains... and 6,610 years of processor time

Charles 9
Silver badge

Re: "unable to implement an automatic update for Android"

"Of course another way to avoid this problem would be to abolish all the proprietary junk in both the hardware and OS, and have an open hardware, open specification, open source solution where everyone could apply daily, incremental updates to every part of the system, including apps and core OS components, but then companies like Samsung would whine about losing their "competitive advantage", as we'd all be able to construct our own smartphones from kits in Maplin."

Due to the competitive nature of the market, particularly in mobile, open hardware is not going to happen, as trade secrets and patents (and we're talking hardware here, so their use here is valid) are in play. This is also one reason one can't just make a completely open mobile OS because a lot of mobile hardware is black-boxed to prevent "Giving Information To The Enemy" and the interfaces only come in binary blobs complete with contracts and so on.

0
0
Charles 9
Silver badge

Re: This is why I use multiple hashes

The problem is that all hashing functions work on the same fundamental principles, plus there's the Pigeonhole Principle to consider (due to hashes being smaller than their documents, collisions MUST occur). The paper above demonstrates you can correlate multiple hashing functions so that finding a collision for all is as easy as finding a collision for one.

Now, an alternative proposal may be to chain hashes by hashing the whole document as well as particular segments of the document, producing multiple overlapping checks. The Merkle Tree is an example of this technique, though in this case a fixed-structure hash chain would probably be better-suited and more robust against preimage attacks. The technique is also algorithm-agnostic so can be moved up from SHA-1 to SHA-3 or whatever.

1
0
Charles 9
Silver badge

Re: Pigeonhole Principle

Maybe, but because computer technology continues to improve, brute force gets easier and easier. Imagine if you have a Mirai-class botnet at your disposal and you set them to the task of trying to perform a second-preimage attack.

0
0
Charles 9
Silver badge

Re: Newsworthy?

As another commenter noted (with citation), it's actually easier than you think. You're better off using one strong hash than multiple weaker ones (the paper notes that the end result will be at best as strong as your strongest but at worst as weak as your weakest).

1
0
Charles 9
Silver badge

Re: Any such proof of authenticity...

"No wonder, some older cultures didn't trust written "knowledge"."

But at the same time, it's hard for people like us to believe people once relied on other people's memory, which we now know has plenty of potential to get muddled and messed up, especially with age. And I haven't even touched on deliberate fabrications (eg. one lies, the other swears by it).

Seems you can't win either way.

0
0

Symbolic IO reveals tech bound to give server old guard the willies

Charles 9
Silver badge

Re: Haters Gonna Hate

"Unbelievable how people down play technology they cannot comprehend or different than what they are used to."

As an engineer once said, "You can't fight physics." Tell me how you can get massive compression out of a multimedia file (and note that one of the demonstrations was to stream 80 such files at a time, with only 21% CPU usage) that's already been compressed so much as to lose quality. And how many times have been warned about something that sounds too good to be true? How many times have we read articles about some extraordinary new technology (Remember 3D holographic crystal storage?) only for it to never hit the market (That was over 20 years ago IIRC. Where is it?)?

So we may be jaded, but not without reason. For that matter, where's the independent test proof complete with published results?

2
0
Charles 9
Silver badge

Re: WTF?

Thirded. I didn't know the term off the top of my head, but I recognized the technique immediately. I also recall one of the caveats of the system, especially when it comes to modern content like compressed multimedia files. That being they're usually already compressed (SO much in fact that most files are lossy). So how do they expect to get more efficiency out of files that have been squeezed so hard as to bleed quality?

And as for the anti-theft features, one thing I wonder about GPS-based tech is what if someone exploits it in a DoS-style attack by employing something like a fake GPS transmitter. The IRIS has a self-destruct mechanism? What if some jerk found a way to pull off a premature trigger?

3
0

I was authorized to trash my employer's network, sysadmin tells court

Charles 9
Silver badge

Re: @Ellier ... This will impact others as well

Retrospective laws are specifically prohibited in the United States Constitution under Article I, Section 9 (which lists the kinds of laws Congress CANNOT pass, among them, "ex post facto" laws). To quote the relevant sentence: "No Bill of Attainder or ex post facto Law shall be passed."

0
0
Charles 9
Silver badge

Re: My $0.02 worth

Could still be nailed as negligence if holding devices for evidence is to be expected.

0
0
Charles 9
Silver badge

Re: This should be covered by a different clause in the contract

Except that destruction of other people's property, in general, is covered by statute. The authorization must be to specifically destroy something, such as by being part of a wrecking crew under contract.

That's where the appellate panel can nail him. Where is his specific and immediate authorization to destroy most of the company's records at that time?

1
0
Charles 9
Silver badge

Re: Malice is not authorised.

But people in the US are presumed innocent. Meaning there must be a specific, referrable Act that doesn't allow it for a man to be tried. That act is always cited when your charge is read.

Which Act covers general nonphysical malice against one's employer by means of authorized access?

0
0
Charles 9
Silver badge

Time can never be recovered so loss of time is always permanent. That's why even temporary damage can be charged.

0
0

Tosh doubles 64-layer 3D flash chip capacity with a bit of TLC

Charles 9
Silver badge

Re: SSD benefits

Or they become more reliable long-term making them better for cold storage which is the case you're proposing. Then it's less a case of waiting for it to come up and more a case of making sure it comes up at all.

0
0
Charles 9
Silver badge

Re: Is the world ready for a 30TB Failure Domain?

Erasure coding has its place for large devices because larger transfers (inherent with larger disks) raise the risk of glitches: silent corruptions like double-bit-flips that manage to still pass on-the-fly checks like parity checking. With erasure codes in place, you can correct for those glitches.

Now, for whole device (ie. controller) failures, yes you need redundancy, but also recall that reconstruction is a function of time, and one thing SSDs have in spades over rust is transfer rate, especially when using 4x PCI Express. This greatly reduces the reconstruction time which in turn reduces the risk of a failure during the vulnerable reconstruction phase. Perhaps because of these faster times you can get away with just 2 backups when you would've needed 3 with rust. Besides, at some point you have to think enough is enough because if you get a major event that nails say FOUR of your devices at once (AND maybe even all your backups, including the offsite, think a major earthquake) you're into Act of God (aka Crap Happens) territory when all you can do is pray.

That's why I use BOTH strategies, though in a smaller capacity (because the data I'm backing up is less critical): two copies of each complete with PAR2 sets. The PAR2 files provide erasure codes to deal with glitches, while having the second copy (normally kept offline to reduce wear, and the two are rotated periodically) provides a failsafe in case one goes kaput.

0
0

Pai, Pai, Mr American spy: FCC supremo rips up privacy protections for broadband punters

Charles 9
Silver badge

Re: VPN please

Bet your bottom dollar that's what the CIA are working on right now.

1
0

Facebook scoffed at $500m damages. Now Oculus faces nerd goggles injunction

Charles 9
Silver badge

Re: Lest you think Zenimax is just an East Texas bottom feeder

And for the record, Carmack and ZeniMax come together because ZeniMax also owns iD.

1
0
Charles 9
Silver badge

In a true volumetric display, you need to render ALL surfaces (because you'll be able to see the BACK). Plus not all surfaces are opaque.

0
0
Charles 9
Silver badge

3D display won't be truly eye-catching until it's volumetric, as in projecting out into open space such that you can walk around it. No fancy headgear, no need to be positioned just right. It just works with the Eyeball Mk I. That's what the public is really waiting for, but the technology to display voxels in open air isn't there yet, plus whatever data demands are being pushed with today's 4K screens are raised a whole order of magnitude with volumetric displays. Just a 1Kx1Kx1K volumetric display, 32 bits per voxel (you now MUST include the alpha element), updated 15 times a second will require 60GB (yes, gigaBYTES) of bandwidth to keep up.

5
2

Forums

Biting the hand that feeds IT © 1998–2017