* Posts by Charles 9

9730 posts • joined 10 Jun 2009

User needed 40-minute lesson in turning it off and turning it on again

Charles 9
Silver badge

Re: take away

"Over my dead body."

Remember, many computers are in private homes, and there are people who don't take the kind of intrusion you propose lightly.

That's why you can't compare car usage to road usage: because cars at least run on government-regulated roads. If you demand a license to use a computer in the privacy of one's home, you're asking for Big Brother.

1
2
Charles 9
Silver badge

Re: IT support can make strong people cry.

"Wish I could've seen his face when I told him how, armed with his IP (he was on dial up so no router) I could get into his machine without knowing his username or password, and have full control over his data. I did talk him through how to block SSH at the firewall and how to open a terminal and change a few things so it was secure."

Would you change your mind if his face took on a look of complete puzzlement instead?

1
1
Charles 9
Silver badge

Re: Switches as opposed to buttins

But then Murphy can hit even there. Such as a switch put in upside-down so it's on when it's DOWN, or one that's miswired so it's on all the time, and so on. It's as the late Douglas Adams wrote once. There will always be a person for whom even the simplest design possible is beyond them (either that or they're the type where the solution to the square peg and the round hole is a big enough hammer). And yet at some point your life will depend on that person.

2
1
Charles 9
Silver badge

Re: Where's the "Any" key?

"Dunno.. They way some of them are I doubt they could find their A-hole with a map, flashlight, and helpful-but-effeminate guide, let alone the "A" key."

Oh? If their name has an a in it, then ask them how they type their name.

1
1
Charles 9
Silver badge

Re: F+1+2?

Sorta reminded me of a scenario I played out in my head a couple days ago. If we were to make first contact with an alien civilization and we at least somehow found a way to communicate, how would we begin relating stuff like measurements to each other? The challenges in finding ways to communicate things we take for granted but would be, for lack of a better term, utterly alien to them, like how long is a second?

2
0
Charles 9
Silver badge

Re: F+1+2?

"Hmm.. ISTR a BOFH episode where the ENTER or RETURN text was actually a series of conductive tracks, giving decent jolts to anyone using it.. Wonder if I can rig something similar to some of these user's mice. Click the wrong thing, get a virtual slap on the hand - with real pain and (if the jolts are fun enough) real loss of bodily control!"

But then you meet your match with a masochist. Pain gets him off.

2
1
Charles 9
Silver badge

Re: Can you hold down the power button

"All of this does rather make you wonder though how she turns the thing on every morning,"

Given that more often than not the computer isn't off but asleep, moving the mouse or pressing a key usually wakes it up again.

5
2
Charles 9
Silver badge

Re: Can you hold down the power button

"I'd maintain that 'power button' is absolutely NOT 'jargon'. If someone is employed to use a computer at work all day, I'd hope that their standard of education is such that they can understand basic concepts such as that. He'd already 'asked her to turn it off and turn it on again', and she later said 'Oh you mean the button I use to switch it off with?' Neither 'turn it off' or 'switch it off' are 'jargon'."

Unless it's a device that doesn't normally get turned off. Like the air conditioning, or managed lights, or in this case a modern computer, which normally gets put to sleep, not turned off.

10
21
Charles 9
Silver badge

"You know there are some idiots still in the shower. Because it doesn't say, 'Dry your hair. Try it again tomorrow," man."

- Bill Engvall, "Here's Your Sign".

16
1

The solution to security breaches? Kill the human middleware

Charles 9
Silver badge

Re: Incredible

"Don't just read a book about security, you need to be critical thinkers and work outside the box. Follow your instincts and experience. Take the time to do it right."

The problem is that, more often than not, you're not given the time or resources to do it right, and IT tends to be pretty low on the corporate totem pole. So how do you do it right with a tight deadline and a shoestring budget?

0
0
Charles 9
Silver badge

Re: Buzzword Bingo

"If you want "cyber" security, stop screwing around and demand that we treat our information systems like any other engineered system: Delete the broken patent and copyright systems, and allow that knowledge to be shared."

Simple answer: no one will play. Knowledge is power, literally, and there are many out there who DON'T want their knowledge shared. If not allowed to exploit their knowledge, they'll take their ball and go home, leaving society hungry. That's why we have patents and copyrights in the first place. Without some incentive, not enough people are willing to come forward; end result, society is starved for knowledge. You don't need to do away with the systems because people can and have released their stuff either out of copyright but patented but only for anti-exploitation reasons. The TERMS of those patents and copyrights can be adjusted to reflect changes in society, however. Copyright was once life of author without extension for a person or about 25 years for a business. I think reeling terms back to those roots (based on the face they're supposed to be LIMITED, under the Constitution, IIRC) would help speed things along with documents and so on. As for patents, change the terms to reflect the industry they apply. Machinery and so on tend to have long work cycles, so patents of 25 years are still appropriate. Medicine can also make a case due to all the legal hurdles a drug maker has to clear just to get things to market; they really only get a few years to sell their stuff IF they get the go-ahead. Non-physical stuff? Stuff moves fast here, so what if patents for these get limited to, say, three years tops?

0
0
Charles 9
Silver badge

How do you get around click fatigue, though?

0
0
Charles 9
Silver badge

"Surely prevention is still the first line of defence and monitoring the second."

But you can't prevent a zero-day because you have no foreknowledge of the exploit. Trouble is, the moment one is in, one has to assume the worst (they've already gotten access to everything) which is usually too late for a clean up.

0
0
Charles 9
Silver badge

Re: The solution to security breaches?

No good. They'll just target the endpoints, one of the few places where the data MUST be decrypted because the Eyeball v1.0 doesn't grok encrypted data. The only way around that would be cybernetic eyes connected directly to the brain a la Ghost in the Shell.

As for downloading scripts, what if the copy you download has a hole in it? At least the one kept at the writer's site would be kept up to date, meaning the hole gets patched ASAP. You can't win. Either you let a hole fester or you download one. And humans are fallible and formal proofs have a very narrow scope.

3
0
Charles 9
Silver badge

Re: Oh sod off

"Security as a domain of human activity needs to secure my and everyone else's normal behaviour, not make me contort my behaviour into some twisted version of itself. You don't build a building with doors and then act surprised when people try to use them. If a door should not be used it is either not in the building design in the first place or it is locked. Then idiots like me don't have to be given a list of doors that are there but that we must not use. This is not a perfect analogy, but then that's the nature of analogies."

But ANY door can be a way in for a bad guy. Trouble is, many doors MUST be open to the public because it's the way in or out for them. Meaning if you interact with the public, you're vulnerable, period. And if you're vulnerable, you can be hit for EVERYTHING since the heist may know where to find the good stuff. Which poses a problem. Because an assumption one WILL be hit ALSO means the assumption that WHEN one gets hit, he/she will be hit for EVERYTHING: an existential threat. So a surrender mentality is incompatible because it also implies a suicide mentality.

3
0

British banks chuck smartphone apps out of Windows

Charles 9
Silver badge

Re: Phone or computer?

Then you're missing out because having access to knowledge on the spot can be very, VERY handy, especially if you conduct research on something you just spotted before you buy it.

0
0
Charles 9
Silver badge

Re: Well even though my bank has an app

The problem is when the card(s) come(s) back DECLINED? NOW what do you do? If you leave, you have to get back in line and there's a good chance, thanks to Murphy, that the item you want will be out of stock. If you can do an on-the-spot check and transfer, you can save the transaction. I speak from experience.

0
0
Charles 9
Silver badge

Re: Well even though my bank has an app

An on the spot check or transfer in case your card doesn't go through? Website may not be mobile-optimized or you don't trust the browser. And I don't feel like going home to check the balance then go back, get in line again, and probably finch out the stuff I wanted earlier is now out of stock with no restock anytime soon.

0
1

Hackers electrocute selves in quest to turn secure doors inside out

Charles 9
Silver badge

Re: Push The Button To Exit

What if there's a fire? Under most fire codes, any obvious egress must be allowed to open easily from the inside, even without power, in the event a fire knocks out the power (this is due to the panic inherent in a fire; people swarm to the nearest exit regardless of its purpose). Probably why the locks are electromagnetic (active, meaning they only hold while power is applied).

I'd like to know how a high-security compound meshes with the fire code.

0
0
Charles 9
Silver badge

Re: They're still alive after electrocution?

It is for men for whom evisceration is just a flesh wound.

15
0
Charles 9
Silver badge

Re: They're still alive after electrocution?

I thought electrocution was what happened when you ran a computer program: use electricity to carry out a job.

0
1

Experts to Congress: You must act on IoT security. Congress: Encourage industry to develop best practices, you say?

Charles 9
Silver badge

Re: Standards in the US would also affect china, due to dev costs

So what happens when two regions give conflicting mandates, meaning you have no choice but to create two versions since one version WILL violate the other and vice versa?

Like, for example, radio equipment where frequency allocations differ from region to region and different bands are off-limits for security reasons?

0
0
Charles 9
Silver badge

Re: Be Careful What You Wish For...

So what do you do when the manufacturers are outside the country, being protected by that country's sovereignty, and that country refuses to cooperate?

0
0
Charles 9
Silver badge

Re: How do you deal with China?

But eBay and the like are multi-national. They're like gel. If one country applies pressure, it'll just ooze to another. That's why ships rarely flag in US or European countries. Plus some of the sellers like Alibaba are already based in China and the like and out of western regulatory reach.

0
0
Charles 9
Silver badge

Re: Well, if these fine legislators have their way --

You can con by mail. That doesn't require a face-to-face presence and is just a bit of a slower version of a 419.

0
0
Charles 9
Silver badge

Re: "One area might get hit badly, but not everywhere"

DDoS's are getting SO bad that they can hit even redundant infrastructure. It's not that effective having four servers at different locations if the enemy's so massive they can split into four and STILL effectively attack you.

0
0

Microsoft's cmd.exe deposed by PowerShell in Windows 10 preview

Charles 9
Silver badge

"It's just amazing that nobody here has actually bothered to install the update and verify any of this."

Ever thought it's because they haven't made the move YET, but PLAN to?

PS. To El Reg, I attempted to reply directly to the comment above featuring the quote, but it reports 410 Gone although the comment is still listed.

0
0

The encryption conundrum: Should tech compromise or double down?

Charles 9
Silver badge

Re: Let's be clear. These data fetisihsts want to dump due process. They want it all, all the time

Would you rather live in a world where not just death but mayhem can come from anywhere at anytime without warning?

Because the human condition basically means we'll end up at one of two extremes. Either the Police State or Anarchy. Any attempt to try for a third option will eventually gravitate towards one or the other end.

And before you quote Benjamin Franklin, allow me to counter with this idea. Perhaps, to spin on a Jack Nicholson line, humanity "can't handle freedom"...

0
0
Charles 9
Silver badge

Re: pfft laws

Don't give them any funny ideas. Didn't Minnesota pass such a law?

0
0
Charles 9
Silver badge

Re: " ONLY clue you've got is a hint of a hunch and no way to back it up enough "

"There are always reasons and always a trail. It's time people stopped listening to this sort of hysterical BS and remembered the words of Mary Shafer. "Insisting on perfect safety is for people who don't have the balls to live in the real world.""

But if no one knows the trail exists, how can they follow it? Take "Unabomber" Ted Kaczynski. No one even heard of him until a relative clued the feds in based on his egomaniacal crypto puzzle. What about Timothy McVeigh and Terry Nichols. Were they on any serious terrorist investigation map before Oklahoma City? And then there's the Bath School Massacre: still the worst school massacre in US history. Spontaneous action by a farmer (thus legal access to TNT as excavation charges), and no one could've anticipated his actions because he acted too suddenly: almost immediately after losing a local election.

0
0
Charles 9
Silver badge

Re: Is it me?

No encryption is absolutely mathematically secure except for one-time pads, and even then you have to hide the pads. That's why al Queda tended to use trusted couriers, although even this isn't perfect, as couriers and the like can be doubled or tracked (what nailed bin Laden was that the US was able to crack and then track one of his inner circle).

"The problem with the suggested backdoored encryption is one of mathematics."

So, basically, you're saying that if they're determined and smart enough, there's no way to prevent World War III. Sobering thought. Man can destroy the world and there's nothing one can do about it...

2
2
Charles 9
Silver badge

Re: Is it me?

And the difference between uranium used in a reactor and uranium used in a bomb is nil. Physics here, and it's true: it's the same element involved, only some processing is the difference. That's why Iran is such a touchy issue: they have their own mine; this combined with knowledgeable scientists means they have the entire processing chain in-house. Short of World War III, there's no physical way to stop Iran from making nuclear weapons. It's a no-win situation, but still unacceptable because it also presents an existential threat. It's like staring up the mountain as the avalanche begins.

1
5

Launch set for GOES-R satellite capable of 30-second weather updates

Charles 9
Silver badge

Re: "...most dramatic weather in near-real time"

But better data usually helps to clear the haze. At this point, this can only help.

1
0
Charles 9
Silver badge

Re: A VERY good idea..

The satellite footage is public domain because it's a product of the US Government. That's the default status of products of the US Government unless there's an exception attached.

1
0

Antivirus tools are a useless box-ticking exercise says Google security chap

Charles 9
Silver badge

To do what you want would require a stateful Internet, where no endpoint can work in anonymity. Hello, Big Brother.

As for virtual computing, it's just waiting for a hypervisor (Red Pill) attack to break that veil of security.

0
0
Charles 9
Silver badge

Re: No security without security management

So you're basically saying the average user is incapable of keeping his/her computer secure because the needed effort is too much for people in pursuit of turnkey solutions?

0
0
Charles 9
Silver badge

Re: Nonsense I tell you, nonsense...

Virii are getting too smart for AV to deal with them. We're talking Captain Trips levels, where each copy changes itself to avoid detection, so no two infections are alike, so there's no common point for the AV to analyze. You need defense, yes, but a different kind of defense than signature matching. Port locking, intrusion detection, etc. are usually NOT what's considered to be Anti-Virus but rather collected into the more-generic term "cybersecurity software".

0
0
Charles 9
Silver badge

Re: System Administrators

Unless the hardware vendor doesn't know what they're talking about, either (what the OP was implying), in which case you're BOTH right, and you're screwed either way.

0
0
Charles 9
Silver badge

Re: This has been said many times before...

They expect and demand 100% because nothing less will work. It's all or nothing because just ONE slip and it's Game Over.

1
1
Charles 9
Silver badge

Re: Everything can be a program, if the OS is a PoS

And then when Peter Packet stuffs his drives full of stuff such that there's no room for a shadow copy and a larger drive would jack the sale price past affordability?

1
0
Charles 9
Silver badge

Re: Probably the best "antivirus" you can have…

Thing is, virii have gotten sophisticated enough to reach Captain Trips levels where no two infections are alike enough for an AV to catch.

2
1
Charles 9
Silver badge

But that's out on government-controlled roads. Computers are used in the privacy of one's home: whole different kettle of regulations. Put it this way. The only way you can control the Internet enough to stop this would be to take a Big Brother approach. Anything less and the jungle creeps back in.

2
0
Charles 9
Silver badge

Re: Google chap hasn't used his grey matter before opening his mouth.

"It's easy to stand on the outside and say it's all rubbish, throw it away, but no one is offering any acceptable solutions to the problems."

Because none exists. You can connect this problem to the First Contact Problem: an intractable problem in security which basically goes, "Without a known point of trust, there's no way to verify a new contact is legitimate. But to reach a known point of trust, you need to verify someone." Catch-22 for any situation where you have nothing in common, like downloading a new app from someone you've never met before.

IOW, the only way to know is to open the door, by which point it's way too late if it's someone out to get you.

4
0

PoisonTap fools your PC into thinking the whole internet lives in an rPi

Charles 9
Silver badge

Re: Other Issues

Are you sure? What about highly-public places like airports where distractions are easy as is disappearing into the crowd?

1
0
Charles 9
Silver badge

Re: To lock a Linux system down

But you're inserting it in a BOOT script. If that command gets triggered before the USB root hub is awakened, you probably can't modprobe the hub driver, which means the keyboard and mouse don't awaken, either.

And that's why many people hate SysV. There's no real dependency system in it: just timings which can go wrong.

0
0
Charles 9
Silver badge

Re: This is exactly how things are designed to work

"Yeah, well maybe they should stop working that way, mon."

Except that if you don't do thing THAT way, things BREAK, and most users will simply respond, "The Internet is broke now! Put it back!"

0
0

Google's neural network learns to translate languages it hasn't been trained on

Charles 9
Silver badge

I meant to say Thai. Curse the mobile site's inability to edit.

0
0
Charles 9
Silver badge

And English is actually easier to go with German than with Spanish because English has Germanic roots unlike Spanish which has Latin roots. That's why I like to try it with Japanese, since Far Eastern languages have much less in common with each other. That's another good challenge ceca use of its odd semantics.

1
0
Charles 9
Silver badge

Part of the way neural networks work is by finding things in common. Going from one family to an unrelated one would be a bridge too far even for us without a starting point.

0
0

The sharks of AI will attack expensive and scarce workers faster than they eat drivers

Charles 9
Silver badge

Re: The 1% better have a backup plan

Problem with that is how you control a military that large to keep them from making YOU redundant. Plenty of juntas and military coups in history to back up that concern.

0
0

Forums

Biting the hand that feeds IT © 1998–2017