* Posts by Charles 9

8652 posts • joined 10 Jun 2009

Google Chrome will beat Flash to death with a shovel: Why... won't... you... just... die!

Charles 9
Silver badge

Re: BBC support html5 fully - just not on desktop

Even BBC News? I read lots of complaints that the Agent hack doesn't work there and the site, even on iPad, demands Flash without exception.

1
0
Charles 9
Silver badge

Re: Google Chrome 55 will effectively make all Flash content click-to-play by default

Let me put it this way. If the average web goer had to choose between security and flying cat videos, the flying cat video wins 9 times out of 10.

They outnumber you by about 100 to 1.

Guess to whom the browser makers are going to cater.

4
0
Charles 9
Silver badge

You'd be right, actually. Since 2001, ALL Olympic content originates on the Olympics' own television network: Olympic Broadcasting Services. Those official graphics you see all come from that, not the second-source TV networks like NBC and the BBC.

0
0
Charles 9
Silver badge

Re: Education...

" in fact it's only the Google devs who continue to update (patch) the linux release of Flash player, Adobe canned it a couple of years ago."

And ONLY by way of an exclusivity contract Google signed with Adobe in order to get the rights to do the job.

0
0
Charles 9
Silver badge

Re: Last refugee of Flash?

Nope. The Enterprise world is stuck with it in the form of control modules for very expensive equipment built to require Flash with no possible replacement unless the company is in the mood to plunk down for NEW very expensive equipment.

3
0

Facebook to forcefeed you web ads, whether you like it or not: Ad blocker? Get the Zuck out!

Charles 9
Silver badge

Re: Diaspora

Not gonna work. It's like with yacy and freenet. You get hit in the bandwidth costs. AFAIK, efficient decentralized (and possibly anonymous) networking is a physical impossibility because efficiency necessarily creates identifiable traces.

1
0
Charles 9
Silver badge

"You guys can go back to writing your own content on A4 paper?"

Last I checked, we don't have matter transporters yet and not everyone has a facsimile machine, so instant global communication that isn't point to point raises issues.

"Or you could start a movement so that everyone pays for access to sites!"

Unless your content is both high-demand and exclusive, paywalls tend to be a downvote for you, history has proven.

"By blocking ads surely your just making this worse?"

Worse to the point they have to make a leap of faith: either go all in or check out.

"You chose to use an ad blocker rather than avoid a site so i doubt that."

Wanna BET? For many, they think the Internet is becoming a cesspit and are checking out of the Internet...COMPLETELY. At least back in reality they just have to deal with cold calls, billboards, and junk mail.

2
0
Charles 9
Silver badge

Re: How does it work?

And if the former, meaning blocking the ads blocks the content, meaning you can't get in touch with family overseas where Facebook practically IS the Internet (just go to third-world Asia and see; I have)?

0
0
Charles 9
Silver badge

Re: A disaster in the making...

"So yeah, the moment a website tries to force me to remove my adblocker then the effect is very simple: said website will be removed from my favorites list(s) instead. There are tons more websites which can provide me with the same experience, thank you very much."

So you say, but after Kickass went down, no viable alternative appears. If there's only ONE source for the same experience, is it "Walking on the Sun" time?

"But back to my initial comment: this is a disaster just waiting to happen. Because what's going to happen when FB's advertising source gets compromised and its proven that FB has (indirectly) started spreading malware and other junk?"

The option has been open for a long time now: just have Facebook itself and the world's your digital oyster.

0
0
Charles 9
Silver badge

Re: How are they going to do this exactly?

Except I believe Facebook paid ABP to get whitelisted.

0
0
Charles 9
Silver badge

Re: They seem to be under the impression

One problem: ABP is ALSO an ad-slinger, as they WHITELIST certain companies who pay them.

0
0
Charles 9
Silver badge

Re: Simple solution...

"They claimed that we were slurping data about our users, while I tried to point out that all they were picking up was our users' account names, which were linked to nothing about their actual real identities. He still didn't accept that N0458301942@our.company.co.uk didn't tell anyone anything about the person who the username belonged to, since it wasn't linked to their real name, address, age, sex, political affliation...in short nothing worthwhile."

That's what YOU think. But the beauty about DE-anonymization is that they can build relationships between two seemingly unimportant pieces of data...which in turn get linked to other bits of data UNTIL one of them is linked to an important piece of data. All of a sudden, the entire chain of bits gets connected.

7
0
Charles 9
Silver badge

Re: Just one

Facebook is the biggest fad of the Internet at this point. And when it comes to ignoring fads, to quote the Smash Mouth hit, "You might as well be Walking on the Sun."

2
0
Charles 9
Silver badge

Re: I'm wondering

"As long as the ads follow a pattern, they can be blocked. FB can use anti-adblock javascript. Stubborn users can use m.facebook.com with JS disabled. FB can make the mobile site JS-mandatory. Users can rebel against JS... on and on it goes..."

Simple. Ads can be text-based in nature and served inline to the content. No way to block it without blocking the content, too. Image-based ads can be baked into legit pictures from the article, again making it all-or-nothing. Using randomly-generated tags ensures (a) the visit can be traced, and (b) the ads can't be easily blocked because the content has a similar tag. No JavaScript or external content necessary, and the content's loading can be detected server-side, meaning there's no way to avoid it without at least downloading the content, wasting your bandwidth, and triggering the demographics.

2
0
Charles 9
Silver badge

How do they block an element that's in the same domain as the page itself without blocking actual content?

1
0

US Politicians tell DEF CON it'll take Congress ages to sort out how to regulate crypto

Charles 9
Silver badge

Re: Trust!

"Ochlocracy, a word I discovered listening to this interesting discussion about Xenophon"

In other words, mob rule, which inevitably degenerates into anarchy as people within the mob vie for power at everyone else's expense.

0
0
Charles 9
Silver badge

Re: "If you don't trust government...

""People should not be afraid of their governments. Governments should be afraid of the people""

Thing is, the government has nukes, and someone desperate enough will USE them, too.

0
0
Charles 9
Silver badge

Re: @Charles 9

"All are possible and known spy/surveillance technologies and I don't worry too much about that because it is expensive and time-consuming to do, that alone means it has to be targeted at important stuff."

No, the costs are FALLING because it's a whole lot easier than investing vast computing power into cracking encryption algorithms. That's a job best left to sovereign powers for whom money is less an object.

0
0
Charles 9
Silver badge

Re: Hopeless

"You are missing the point - we don't generally need "unbreakable" encryption, just hard enough to make mass surveillance impossibly expensive, and difficult enough so that targeted use has to be prioritised to serious crime."

But the thing is encryption is in the end useless because we can't decrypt the stuff in our brains (if we did, we'd be in Ghost in the Shell territory). And since the stuff MUST be decrypted at some point to use, the plods will simply target points "outside the envelope".

0
1

If you use ‘smart’ Bluetooth locks, you're asking to be burgled

Charles 9
Silver badge

It's what the customers want, so what are you going to do?

0
0
Charles 9
Silver badge

Besides, 7 times out of 10 they can just do what the SWAT do when they insist of coming in: use brute force to break the hasp or the frame. Because most door frames are made of wood, they don't take as much force as you think (OTOH, many commercial door frames are made of steel), and there's little you can do to stop them, especially when the house is empty (meaning possible countermeasures like door stops can't be used).

4
0

Internet of Car...rikey what the hell just happened to my car?

Charles 9
Silver badge

Re: It's our own fault

In other words, Security hurts sales which is why the only industries that do it regularly are those where it's a prerequisite (such as military industrial). And since there's a sliding scale between security and ease of use, not even laws or insurance pressure can help (because who cares about laws or insurance premiums if your sales tank and you can't stay in business).

1
0
Charles 9
Silver badge

Re: KITT is screwed, then.

"...fired when parked in a mid-floor of a multi-story..."

If you'll recall, KITT's heavily reinforced. I think it's managed to pull off escapes using techniques similar to what you describe, although I'll have to consult my KR collection to be sure.

2
0
Charles 9
Silver badge

Re: Standard

No, because it's the custom stuff (that makers will insist on for the sake of identity, otherwise why bother with more than one make) that will be the problem. All you do is move the target.

1
0

Latest Androids have 'god mode' hack hole, thanks to Qualcomm

Charles 9
Silver badge

Re: Towelroot refresh?

"There are ways to hide the root status from individual apps - I've used one with flawless success. Get xposed and you won't regret it!"

How when SafetyNet checks itself with an encrypted connection back to Google AND can upgrade itself through that same connection? We don't know Google's private key. SafetyNet can even detect /system-less root now.

0
0
Charles 9
Silver badge

Re: Towelroot refresh?

No, because thanks to SafetyNet, more apps are becoming root-aware. Rooting now has more risks than before, as apps you used before could balk.

0
0
Charles 9
Silver badge

Last I heard, it won't make the August patch cycle because it was submitted too late. Meaning September at the earliest.

1
0

Broken BitBank Bitfinex shaves 36% from all accounts

Charles 9
Silver badge

Re: I wonder

In which case it's a lost cause as it's proof people CAN'T learn. Twice stung indicates stinging doesn't make them learn.

0
0
Charles 9
Silver badge

Re: I wonder

It could've been worse. There were plenty who lost all their assets when Mt. Gox crashed. And this one could've easily just shut all their doors, turned out the lights, and left you with nothing at all. As they say, better 2/3 of something than 100% of nothing...

2
0

How many zero-day vulns is Uncle Sam sitting on? Not as many as you think, apparently

Charles 9
Silver badge

Re: Snapping up cheap spy tools, nations 'monitoring everyone'

So now comes the question. Which would you prefer: anarchy or the police state? Because in today's world, keeping third options is becoming more and more difficult.

0
2
Charles 9
Silver badge

Re: They should be banned from buying exploits

"The only 0 days they should be permitted to keep in their arsenal and not inform the vendor about are those they discover themselves."

What makes you think they DON'T discover them themselves and what we're seeing most of the time is parallel efforts to a single goal?

0
1

California to put all your power-hungry PCs on a low carb(on) diet

Charles 9
Silver badge

Re: I'm cautiously optimistic ...

But where are the GAMES?

0
0

Graphene solar panels harvest energy from rain

Charles 9
Silver badge

Re: Is solarPV a waste?

Meaning turbines are more efficient than Stirling engines?

0
0
Charles 9
Silver badge

Re: Rain water into Hydrogen

"At best, it's an inefficient energy STORAGE mechanism. We have pretty good batteries already."

Pretty good? They're not really all that efficient, they don't scale well, they don't really last that long under prolonged use, and many have an issue with spontaneous combustion. We REALLY need something better.

1
0

Forget security training, it's never going to solve Layer 8 (aka people)

Charles 9
Silver badge

Re: Silly thing is ...

"Sure, there will always be crooks and naive/stupid people. But why being a crook on the Intenet is so easy? Because of technical reasons, or because too many make money from letting the crooks around? Yes, it's a layer 8 issue too - but not the one identified by the researches. Follow the breadcrumbs - and you'll find why it works."

Or maybe because of sovereignty? It's hard to nab a crook if they happen to live in a country hostile to you.

0
0
Charles 9
Silver badge

Re: @Walter Bishop

"Clickable links wouldn't be a problem if they moved to the Industry Standard Lubuntu desktop."

They'll find a way. Remember the term "rooting" doesn't come from the Windows world.

0
0
Charles 9
Silver badge

Re: "still won't save you from the rise of street cameras and spy satellites..."

Like I said, pervasive cameras (Google cars) and spy satellites (commercial photography satellites).

0
0
Charles 9
Silver badge

"And since I'm using a company laptop, try measuring my care level...."

Pretty high, I would say, since they may eventually trace the zero point back to you, you get sacked, maybe charged with criminal negligence resulting in gross damages...

0
0
Charles 9
Silver badge

Re: Making legit look phishy

"As Mike said, have the legit e-mailers send harmless mail. Then the phishers can duplicate this to their hearts' content - they'll be sending harmless mail."

No, the problem is that they can make a harmless-looking e-mail harmful no matter what you try to do. Remember, you can't fix stupid. Even without direct links, you can make a stupid user copy and paste, even hand-type if need be, and use a similar domain the malcontents bought first or hijacked (so no unicode involved and it can't be removed because it was bought from a crooked vendor who can bribe or is immune to the authorities).

0
0
Charles 9
Silver badge

Re: Errm

Trouble is, sometimes you can exploit a system by feeding it CORRECT inputs, too.

0
0
Charles 9
Silver badge

Re: Making legit look phishy

But what's to stop a phisher from duplicating EVERY SINGLE THING the legit e-mail can throw, only to use legit-looking (maybe even Unicode) domain names so that you can't tell the two apart even with a poring of the source? That's how good phishers are getting: the point where the besieger's advantage is becoming harder for the besieged to counter.

0
0

Samsung Note 7: Probably the best phone in the world. Yeah – you heard right

Charles 9
Silver badge

Probably also to do with spectrum. American phones need an emphasis on bands 4, 12, and 17 (as those are the LTE bands used by AT&T, T-Mobile, and MetroPCS the main GSM-based carriers, and this trend extends throughout the Americas). They're still pretty international-friendly, though, as they normally support band 3 and at least one other common band (usually 1, 5, or 7). Verizon and Sprint phones use less-common bands so require more customization.

0
0
Charles 9
Silver badge

Re: Samsung v Xiaomi

It's one reason I finally decided to retire my S4 for this (used in good condition), as S4 is off the Lollipop list, let alone Marshmallow (OTOH, my S5 is already there). It just took a while for the US carriers to catch up: T-Mobile most recently in June. I think AT&T is the only holdout.

0
0
Charles 9
Silver badge

"Watch that first step! It's a doozy!"

As in it's a pretty big one. One with a lot of substance to it. Term based on the old Duesenberg cars that hit their heyday in the 1930's and affectionately coined the phrase, "It's a doozy!" as a way to say, "Now here's a REAL car!"

Because of Stagefright and so on, Google's been forced to pay a lot of attention to security with Android N: particularly the ability to patch core functions of the OS that normally get obfuscated by carriers. In order to avoid getting investigated by governments for still letting hopelessly-vulnerable-and-unpatchable devices be approved, they need to slam that door hard. That's why you have things like seamless updates, which means updates don't take forever to install, and why IINM he core framework is being separated from the user interface (which is what the manufacturers and carriers want to control).

I still haven't heard any call for requiring the use of root-proof tech like ARM TrustZones and Secure Elements; this may have to do with catering to low-end device makers, though.

0
0
Charles 9
Silver badge

I wouldn't count on anything to run Android 7 well until after Android 7 itself comes out. This one looks to be a doozy in terms of changing the core functions, if you'll recall, since Google has been forced into a security focus with this update.

1
0
Charles 9
Silver badge

Re: Charles 9

"Your thinking like a customer, not a seller. If they make the battery replaceable, how will they sell you the Note 8?"

They can't. I look for a phone that ticks all the boxes, and then find the cheapest one. And for me, a non-replaceable battery (and a lack of microSD) is a deal-breaker based on firsthand past experience.

So until they cater to the customer (which as the adages go is #1 if the law is not involved), I'm not buying.

6
0

Simply not credible: The extraordinary verdict against the body that hopes to run the internet

Charles 9
Silver badge

Re: homonym or homily

"As to who should be herding the root servers, I rather suspect that the original principle should be applied vigorously and have them managed by independent agencies hosted in various countries. With all details of the management agencies being publicly available. I certainly would *not* want someone like Erdogan or Un or (some days) Putin or Zuma with their hands on the leashes of more than one of the servers."

How do you avoid puppets then who can in turn be protected by the power of sovereignty?

0
0
Charles 9
Silver badge

Re: Umm, some balance please

"It is literally criminal how they get away with blatantly saying "F U" to everyone's face and nobody lifts a finger in retaliation. I would send in the Marines and have them all shot for treason on site, no delay and no discussion."

OK, then. After you sweep ICANN clean, what would you replace it with? And how would you ensure it did its job properly while also preventing it being corrupted or subverted AGAIN?

You see, the big trouble with all these cries of "Throw the Bums Out!" is that no one ever bothers to consider what you're going to do AFTER they're gone. It's not like the Internet runs itself or can completely ignore political entities that can control the physical wires...

1
0
Charles 9
Silver badge

Re: And they have a famous chef, too

"You haven't been downwind of an open tin of Surströmming, have you?"

But at least that at worst only has a local influence. I'm talking international stinks.

1
0

By 2040, computers will need more electricity than the world can generate

Charles 9
Silver badge

Re: More Information

"Generate solar electricity in North Africa (where there's a lot more sun than there is in most of Europe), and use low-loss HVDC transmission to ship it across to places in Europe that could make use of the electricity. And as a side benefit, generate a bit of income for the Africans in the picture."

But then politics inevitably gets involved. Who owns what? That's why we can't have a solar satellite in space. That kind of energy means power, political power, and there WILL be fights over it.

0
0

Forums