* Posts by Charles 9

11826 posts • joined 10 Jun 2009

Facebook has open-sourced encrypted group chat

Charles 9
Silver badge

Re: No Thanks

"why do we need this? Plenty of alternatives."

Care to name some? At least one that allows re-establishing a secure group channel when you need to evict a client?

1
1
Charles 9
Silver badge

Re: No Thanks

Thing is, with things like Shellshock and Heartbleed fresh on everyone's minds, security boffins are more alert to "hiding in plain sight" tactics. To use your metaphor, they're coming at the haystack with more than just magnets now.

7
0
Charles 9
Silver badge

Re: No Thanks

Then why publish it open-source on Github? Any backdoor Facebook would want to include would have to be included in that code, wouldn't it, meaning they could be found out and pretty easily, too?

Not that I like Facebook, mind you, but in this case we're talking about an Enemy of My Enemy situation. Facebook hates The Man as much as you do.

37
1

Smartphones' security enhancements just make them more dangerous

Charles 9
Silver badge

Thing is, edge cases don't STAY edge cases for long.

"The point I'm trying to make is that companies that tout the security of their products should endeavour to good security practice."

Problem is, security clashes with ease of use, and the prole prefers the latter to the former and is not likely to take training. How do you do a secure solution for someone who doesn't care about security (and yes, you MUST care about their security since they become weak links to compromise others)?

0
1
Charles 9
Silver badge

Not buying a smartphone; buying a little peace of mind. What price peace of mind?

0
1
Charles 9
Silver badge

Re: And, at the end of the day, the security is lower than a PIN-alone login.

There's really no way to improve the specificity of a test without affecting the sensitivity and vice versa? What gets in the way?

0
1
Charles 9
Silver badge

Re: That Franklin quote

"If you are worried about security make sure you don't have anything worth stealing on a device that you have a high chance of losing, forgetting or breaking."

Which means you eventually reach a point where you MUST have such valuable information on things easily lost/stolen in order to function AT ALL in modern society. Then you end up asking, "NOW what do you do?"

0
0
Charles 9
Silver badge

Re: Something you are

ALL of which can be faked.

But the trouble is, what if, due to having terrible memory, a tendency to lose things, AND being too proud to ask for help, it's ALL YOU HAVE to work with?

0
0
Charles 9
Silver badge

Re: The day is coming...

As I recall, Identity Theft was a thing BEFORE the Internet came along.

0
0
Charles 9
Silver badge

I guess you've never seen the spliced "My. Voice. Is. My. Password. Verify. Me." bit from Sneakers.

0
0
Charles 9
Silver badge

"If the author is unconvinced with using his face to unlock his phone why doesn't he just use a PIN?"

Perhaps he has a bad head for PINs? Can't use an ATM and so on?

0
0
Charles 9
Silver badge

Re: Any Biometric is the least secure model I can think of.....

"While I don't believe in the nanny state, I also don't believe that dumb fucks should drive security implementation models, security models should NOT be dictated by the dumbest/laziest common denominator."

You MUST. They're the majority, and they outVOTE and outSPEND you. That's why you MUST take the Stupid User into consideration if you want to stay in business long-term.

PS. Some people really DO have serious memory problems where "123456" becomes "271052" and "correcthorsebatterystaple" becomes "donkeyenginepaperclipwrong". AND they're too proud to ask for help. Yet if you don't deal with these kinds of people, what they house can take other people with them...including potentially YOU thanks to unknown connections.

0
0
Charles 9
Silver badge

Re: Too late...

The last sentence covers that. Basically, can you trust the safe owners to not possess a skeleton key? Perhaps one mandated by the government and concealed under a D-Notice?

0
0

CPU bug patch saga: Antivirus tools caught with their hands in the Windows cookie jar

Charles 9
Silver badge

"This kind of thing is extremely bad practice, most people who work in security and AV vendors have been telling people to not do it for at least a decade, at least as far as active protection goes. Race conditions playing around in kernel memory space is bad juju."

Isn't placing your trust in ONE vendor who by nature can't catch everything ALSO bad juju? This sounds like a Catch-22. You either choose one and lose when something slips through or try to avoid monoculture and get bricked when they clash.

0
1
Charles 9
Silver badge

Re: More proof...

Um, given that Linux needs to be patched, too, why does Microsoft get the blame for problems of others' making?

30
6
Charles 9
Silver badge

Re: Logic

Simple. It's a CYA move. If they force the issue and business-critical computers get bricked as a result, companies lose money and Microsoft can face a lawsuit as a result. At least an un-updated system can still run, and if they're not in a position to update when they get pwned, then that's Intel's fault, not Microsoft's.

19
2

No wonder Marvin the robot was miserable: AI will make the rich richer – and the poor poorer

Charles 9
Silver badge

But you don't play it all the way. Discontent among the proles has limits before, as they say, the crap hits the fan. At some point, it either goes over the edge and gets ugly (resulting in things like populist revolutions and economic collapses like the Great Depression) or something else happens to force an equalization (like the World Wars and the Black Death).

23
2

Watt? You thought the wireless charging war was over? It ain't even begun

Charles 9
Silver badge

Re: Efficiency?

"Plugs and sockets wear out, so that's one advantage of plugless charging."

Qi charging inevitably generates heat: the bane of phone batteries. I gave up on Qi charging after long-term use forced me to replace several phone batteries as they started to bulge.

PS. I'm personally wondering how they get around the known physics issues of "power at a distance" and why it never really took off: then or now.

3
1

US Senators force vote on Ctrl-Z'ing America's net neutrality death

Charles 9
Silver badge

Re: The usual hysteria

Wanna bet? Cable companies STILL won't let you buy third-party converter boxes (like the OLD AT&T days when you couldn't buy a phone, only RENT them). And before you say "Switch ISPs," (1) most places only have ONE ISP due to infrastructure issues, and (2) those with more than one can easily choose to act in cartel.

4
0
Charles 9
Silver badge

Because SOMEONE has to intervene when two states butt heads. I mean, who gets the call when a New York business gets a call from a client in Delaware? That's why things like the Interstate Commerce Clause exist: to prevent states from trying to dominate one another in interstate matters.

1
1
Charles 9
Silver badge

Re: It will be solved by California and NY

New York and California are historically Democratic states. Congress is currently Republican-led with a Republican president. They can easily paint is as a case of the Big Dems trying to take freedom away from the rest of the country. Don't count it out.

1
2
Charles 9
Silver badge

Re: It will be solved by California and NY

So what if they just take the "from the outside in" approach and become interstate businesses by default? Then fed regulations can kick in and trump the state ones. When it comes to loopholing, business are if anything cleverdicks (or as we Americans term them, smartypants).

1
1
Charles 9
Silver badge

Re: Rule of thumb

Not for much longer. The clock runs out in only 7 years (Orwell died in January 1950, add 75 years).

1
1
Charles 9
Silver badge

Re: It will be solved by California and NY

"Pai has stated the FCC will try to block such state level laws but it is unclear how he could do that"

Simple. Internet traffic is normally interstate if not international in nature. He'll just invoke the Interstate Commerce Clause and cite that since most Internet traffic (like a lot of road traffic) is interstate in nature, the federal government is mandated to step in.

0
1
Charles 9
Silver badge

"These senators must realise that at some point this is going to bite them in the ass, don't mess with peoples internet as it will harm your votes. Therefore I predict it will be kicked into touch."

The Internet as we know it is already gone, and people are congregating into easy-to-manage echo chambers where any sort of challenge is quickly shot down. Consider why so many Congressional elections are uncontested.

1
1
Charles 9
Silver badge

Re: Unfortunately congress is dysfunctional

But because political speech is considered the most sacred form of speech protected by the First Amendment, something like that would take an Amendment. Good luck barring an existential crisis.

0
1

With WPA3, Wi-Fi will be secure this time, really, wireless bods promise

Charles 9
Silver badge

Re: The new "Commercial National Security Algorithm"

"The military would probably use it for unclassified networks, but I'll bet they don't support ANY wireless on classified networks."

So how do they communicate securely in the field where wires aren't likely to be available?

1
1
Charles 9
Silver badge

Communications Act of 1934 says otherwise.

Where in the Patriot Act or wherever is the jamming restriction specifically relaxed, because the restriction is in the Communications Act of 1934 (FCC link with the pertinent details). Note it doesn't list exceptions and they specifically instructed local LEOs to knock it off some time back.

2
0
Charles 9
Silver badge

Re: WPA

The results usually weren't pretty. I had to switch out a DIR-615 because trying to use WPA on it taxed it so much it kept rebooting.

2
0
Charles 9
Silver badge

"All you need to do stateside is notify the FCC. They've been pretty good at stomping on this behaviour."

Because it's considered jamming. Under federal law, only the military can use jammers, and only during military action.

3
0

Boffins use inkjets to print explosives

Charles 9
Silver badge

I believe insurance companies demand regular housecleaning in order for silo owners to keep their policies. The risk of a YOYO after the next silo explosion probably makes for a good motivator.

If you think dust explosions are intense, you should see what happens when you switch out dust for fuel mist (the end result is a nightmare called a Fuel-Air Explosive).

3
1
Charles 9
Silver badge

Re: Not usually one for pedantry

Then what do you class triacetone triperoxide and other unstable compounds that can react to more than just pressure yet do perform chemical supersonic detonations when they DO go off?

0
1

UK.gov admits porn age checks could harm small ISPs and encourage risky online behaviour

Charles 9
Silver badge

But it can still be a warning sign of parental neglect, which CAN result in delinquency. Instead of focusing on the porn, look at the bigger issue of parental abdication. If you want to reduce delinquency, you're going to need to make parents own up and take responsibility. Got any ideas against such things as broken and abusive families and parents who simply don't give a soaring screw?

0
1
Charles 9
Silver badge

And if the parents ABDICATE the job, where does that leave you? Handling a bunch of delinquents. If you want to enforce parental responsibility, you're going to need something like a Parenting License to prevent bad parents before their children become a societal concern.

0
1
Charles 9
Silver badge

Re: Hmm

You wouldn't like it. The US is already full of them, and there are many catches:

- High loading fees.

- Many aren't authorized for e-tail.

0
0
Charles 9
Silver badge

Re: Material produced solely or principally for the purposes of sexual arousal

I wouldn't rule it out. Especially since most of the female cast DID pose nude at points.

0
0
Charles 9
Silver badge

How do you keep up with all the new sites that pop up (including the ones that look like legitimate sites--potential collateral damage)? Do you whitelist?

0
0
Charles 9
Silver badge

No, because the families REFUSE to learn. Unless you start demanding courses and a license to use the Internet, you don't have much else in the way of options.

0
0

Whizzes' lithium-iron-oxide battery 'octuples' capacity on the cheap

Charles 9
Silver badge

Re: A bright future for batteries

"However I think most of us can distinguish between an article announcing a new product we can buy from an article on some preliminary research."

Yeah. So far, the former has never appeared.

0
1

US border cops told to stop copying people's files just for the hell of it

Charles 9
Silver badge

Re: What's the hit rate?

Except the border cops ARE part of Customs. AND they inspect arriving international packages as well as routine. And don't forget that MiniLuv in 1984 went as far as to replace tamper-proofings.

0
1
Charles 9
Silver badge

Re: Wonder what would happen...

Not a good idea. They'll assume it to be an encrypted drive image and REALLY start grilling you.

1
0
Charles 9
Silver badge

Re: What's the hit rate?

How do you trust the shipper and customs to make sure they don't steal or mess with it in transit?

1
0
Charles 9
Silver badge

Re: doesn't mean much

I thought they just arrested you, which allows for "Hot Pursuit" statutes to kick in allowing them to search the car you were driving/the residence you were in pursuant to the arrest. And if they find anything interesting, they secure it while someone else gets the search warrant just to be safe.

0
0

Meltdown, Spectre bug patch slowdown gets real – and what you can do about it

Charles 9
Silver badge

Re: speed penalties associated with context switching

Been reading up on it. The need to reduce context switching is helping to drive a push to move the network interface into userland, much as graphics have been making the transition as well. It makes me wonder if there are certain interfaces that still need to remain in the kernel yet are so frequently accessed as to suffer in terms of context switching.

1
1
Charles 9
Silver badge

Except AMD is still vulnerable to Spectre, and the fixes for that also induce a penalty (not to mention full solutions aren't ready yet, if ever).

2
3
Charles 9
Silver badge

Perhaps there needs to be a serious look into reducing the speed penalties associated with context switching: either by making the switches faster or by reducing the need for them by carefully moving more things into Userland.

1
1

Big shock: $700 Internet-of-Things door lock not a success

Charles 9
Silver badge

So what happens when (not if) the batteries run out in BOTH doors at the same time?

0
0

Woo-yay, Meltdown CPU fixes are here. Now, Spectre flaws will haunt tech industry for years

Charles 9
Silver badge

"The problem as I remember was that the instruction appeared to be part of a state engine."

I get it now. I'd never personally seen assembler code that intricate, but as you describe it, I can see it happening. Those two instructions were simply part and hints of a larger scheme.

1
0
Charles 9
Silver badge

Re: CPU comparison web sites

Out of Order Execution wasn't introduced to the Intel processor line until the Pentium Pro. No need to test anything earlier. If you're REALLY paranoid, you'd be testing all the early chips for OTHER exploits or magic knocks.

0
1
Charles 9
Silver badge

Except modern society forced them back together. It's not good enough to get it right OR get it fast. Now, you MUST get it RIGHT AND FAST at the same time. Just as you can't just pick any two of "Good, Fast, Cheap." No, now it's all or nothing.

0
1

Forums

Biting the hand that feeds IT © 1998–2018