Posts by Charles 9 16605 publicly visible posts • joined 10 Jun 2009
"And while I'm here, someone in an earlier post said that a ton was 2000 lbs. When the hell did they change that?"
AFAIK, Americans have ONLY known the ton as 2,000 pounds since they never got accustomed to the stone and hundredweight, which was the basis for the long ton's 2240 (= 20 hundredweight @ 8 stone each @ 14 pounds each).
"Utter nonsense. Are you seriously suggesting that we still use miles instead of kilometres to measure distance because a factor of 5/8 somehow makes the numbers incomprehensible on a human scale?"
Most of the measurements came from PRACTICAL consideration. Like the foot: the length of a person's foot, give or take, meaning a rough estimate of length could come from simply WALKING (also the pace, the length one makes in two steps, starting and ending on the same foot). As for the mile, blame the Romans for the name (the name comes from them defining it as a thousand paces) and farming for its current length, as it was last set based on the furlong, and that measurement didn't come from horse racing but rather how far an ox plow team could work in a day. Not to mention the mile relates well to a human's normal walking pace (about 2mph) and horizon distance (about 3 miles).
"Why not do it like they did the ton?"
I'm surprised they haven't made a metric Pint 500mL already. A metric Fifth is already 750mL, and they call the 1500m race the "Metric Mile". Meanwhile, yards and meters (and quarts and liters) are close enough as makes little difference unless you need specifics. Making metric analogues to Imperial measurements is one way to ease metrication, and many of them already exist. Now, some of them will take some stretching (say make a metric Stone 6kg, a bit smaller than it should be but easier to calculate).
If it were the standard unit, it would not be prefixed but have a unit of its own, as the meter, the liter, and so on. The true standard should be the base, unprefixed form (in this case, the gram). If this is inappropriate, then a new base unit should be declared that equals 1,000 grams (not unheard of; 1 Sv = 100 rem). So instead of calling it the kilogram, call it say the Higgs (Hg), after Peter Higgs after which many supported connections between mass and energy are named.
"And we prefer saying "miles" to "Kilometres" because it's a bloody sight easier to say."
"Click" is even easier, and the military use that as shorthand for kilometers. We already use "kilo" for kilogram. As for fluids, where is the pint and gallon actually specifically important in real world usage?
Plus there ARE some real-world occurrences of "crap happens": situations where the driver WILL lose no matter what: the I-35 bridge collapse, a small deaf child (too small to be seen behind a car, unable to hear the engine) running 3 feet in front of a car (no car can stop on a dime, even at neighborhood speeds). Another term that springs to mind is "Cold Equation," where the sheer math and physics say SOMEONE's gonna die no matter what.
"You can presumably sniff things like EMI, or otherwise detect hand movements. Lots of possibilities here, with interesting precedent in what's been done against PIN pads."
You'd still need context, though. Harder to get without access to the innards.
"Plus your phone has other secrets to protect than just its' contents. Like everything being said in the same room as the phone, even if it's off if it's bugged."
Still need a way to EXfiltrate those conversations, and if the radio chips are also protected, then you'll need a total package. Might as well use a specialized bug in that instance.
"Regarding PIN pads, the VISA EPP standard is not meant to withstand a day or so of unsupervised access, which is what handing your phone in for repair certainly does in a lot of cases."
ATMs have to sit by their lonesome for days at a time. Who within a location actually pays attention to the PIN pads during normal operation? As for techs, that usually points to inside jobs, meaning they have access to key chips. Rogue techs could use side channels like hidden cameras, but again that's close to insider status to get them clandestinely in the machines and outside this context.
"The scenario for DVD/BluRay/etc is to protect the actual digital data, to prevent an exact (high-definition high-quality) copy, not keep the contents per se seciret."
The reason being they have a perennial problem: the enemy only has to be lucky ONCE. Then sharing instantly nulls their economic advantage, and the human condition means people WILL cheat. That's why they've been working on this VERY hard for the last 20-30 years, coming up now with this chain of trust system for the 4K systems (as well as the consoles, which double as 4K players) based on what the phone makers have been doing (and some phone STILL haven't been rooted or custom-ROM'd at this point; ask xda). Similarly for pwning a device. ONE slip and it's Game Over. They have to hold that off for as long as they can.
"If you hand something in for service and don't trust the service techs, consider it pwnd. This is almost a basic law of computing."
But not COMPLETELY. Otherwise, we'd see a formal proof by now a la Turing's Halting Problem disproof, as there ARE real scenarios where DTA must be assumed, so there IS a practical angle.
"You simply need to add a small circuit board with a microphone (or other listening device - radio/EM fields/position/etc) on it. This is not stopped in any way whatsoever by any chain of trust."
Yes it is, as it still doesn't get you into the contents, which probably did not come in by speech. We're not talking bugging, we're talking pwning. And pwning is also a piracy path, which is why BluRay players and console makers are interested (as pwning the Wii allowed backups to be made using its own drive, which by design MUST be able to read them). And before you say "bug the touchscreen," the touchscreen itself would have an encrypted data path, just like ATM PIN pads.
"Regarding switching out the entire phone - sure, but it might be a tad suspicious if you hand in your old worn thing (probably dinged up from whatever broke the screen as well) and get back a brand new phone. Just sayin'."
So yo swap out the used phone for one in similar condition. Shouldn't be that hard as long as most of the hardware is intact. If the phone's damaged enough to be unique-looking, then OK you'll need another tactic; thus the repair shop front.
"You don't need to replace any hardware in a phone to pwn it. You might simply add a bug - this has been done since the early days of telephony."
But in a trusted hardware chain, that breaks the chain, resulting in a brick. And in the protected hardware path approach, even the wires are sending all-encrypted data. And the devices are designed to close up on a brick due to the encrypted links, meaning you can't take advantage of the brick to extract data. And I don't think the threat models are THAT different given that BOTH this and the movie/gaming companies are trying to prevent exfiltration of data that can in turn be used to exfiltrate other data.
"Or you could replace the entire contents of the phone with something that just shows you a fake login screen and then errors out after entering the password/PIN code, sending it to the guy in possession of the real phone, if that's what you're after."
If you're gonna go THAT far, it would be more trivial to switch out the entire phone with a replica.
"If you want to prevent that, you don't do it by putting some DRMish stuff in the screen to authenticate it (a la Apple and the fingerprint sensor). This is completely meaningless even if we assume there's no way to stick an evil screen in place considering that they have unrestricted access to literally everything."
What about 4K BluRay Players and modern gaming consoles that use protected hardware paths (to prevent pirating)? Doesn't that work by using black-boxed keys inside each component so that every link in the chain is encrypted and authenticated to prevent tampering (replace even one component and you break the chain since you change that part's key which, being black-boxed, can't be extracted or copied)? Don't some Android devices use the same technique to prevent rooting and the use of custom builds? And don't these chains INCLUDE the CPU in having encryption keys (cryptoprocessors spring to mind)?
"Some hardware needs to be trusted. To my knowledge, no-one has found a way of building a trusted plaform on top of an untrusted CPU. "
But that raises a scary prospect. Given (1) that ARM CPU designs can be tinkered at the licensor's discretion (which is how these SoCs come into being), and (2) that some State agencies are loony enough to want control at the hardware level, including hidden stuff in the CPU, doesn't this raise some serious DTA prospects?
But that doesn't work in that kind of bureaucracy. The departments in question are still part of the hierarchy, and they don't give or receive funds directly. They STILL have to come from the accounting arm which covers the whole works. Even if "X-ray" sign off on the risks, if something DOES happen and the X-ray machine goes down, how does the hospital get its X-rays, then?
Like Modems? WiFI adapters? The list of incompatible devices for both classes is long and notorious (mostly because a lot of the built-in devices are included--don't count on anything from Broadcom to work natively).
And as for WINE, it can be hit or miss, especially for high-performance stuff like games (which also make them less than ideal for virtualization since 3D is one of the weaker things to be virtualized).
I think Fear Factor did a variant of this. Imagine some perenially-annoying song ("Tiny Bubbles" springs to mind) played over and over, only each time it's played a little different, such as at a different pitch (or worse, sliding back and forth). Since the brain is geared to pick up on differences, this helps to prevent a drown-out effect, plus playing it off-key means even the rare FAN of the song will be put out.
After all, there are people who actually LIKE "Rockstar" or "Photograph" (or even Kenny G's "Songbird"). But it would take a music masochist beyond measure to WANT to listen to it off-key.
"What I believe brings a lot of big projects down is demanding more than needs to be done;"
The problem becomes that the things that are "added on" can really ONLY be done DURING such a transition, since for things like security you really have to bake it in while it's being made.
Cold's actually not a big issue for those kinds of batteries. They have degraded performance and are less conducive to charging, but in terms of safety, it's actually good for the battery as it dampens the odds of a thermal runaway. The trouble with them has always been running too hot.
That said, I said dampen, not eliminate, and since most checked stuff is inaccessible to the crew during the flight, should one of them actually do set light, you have a serious problem (an airliner fire always rates at least a Pan-Pan, but one the crew can't reach is a Mayday).
I speak from experience. I use an Android tablet as a mapper and music player in my car. In the winter, I find it stops charging and occasionally runs down, and I managed to once see the message that said it's too cold to charge the device (despite it being kept in a pouch that should insulate it).
"My guess is there simply is no threat and they just want an excuse to subject passengers to "expanded screening." What are you going to do, fly without a laptop? (In my case yes. Next time I leave the country, I'll be on a plane but my laptop is flying DHL.)"
But can you trust your laptop being out of your sight that long? DHL has American ties, you know (as it was founded in San Francisco)? And they could have ways to tracelessly rummage through your stuff the way MiniLuv did.
Trolley Problem, IOW. They can't use AI to solve the problem because the problem is intractable (as in someone dies no matter what--no real winner). Actor is irrelevant in this moral conundrum concerning death. I've previously known it from the Book of Questions as the "Guerillas in the Village" question.
"If instead you want to do your subversion of state power with a hand-built printing press, that's vastly more complicated to build than if you're just campaigning by using the printer at work or by posting videos on Google - which will get you caught pretty quick."
But not THAT much more complicated. Short runs could be done using a carved woodblock (What are you gonna do? Ban trees?), homemade ink (plenty to go around), and ubiquitous sheets of paper. The woodblock can be chopped up and burned if need be, the ink dumped, and the paper is innocuous enough.
"The trouble here is that while machines are excellent at pattern recognition, they'll only ever find the precise thing you tell them to look for. Heuristic scanning is notoriously hit and miss, and even then, you still need to give the system a series of baseline behaviours to check against."
Fine enough. As long as it's the first line, it can winnow out the noise to leave less for the humans to skim.
"Too much signal tends to make your average Joe tune out."
That's the beauty of machines. They DON'T tire. In fact, given the right learning system, the more data the merrier for it.
"Steganography has already been done."
But it gets trickier the more information you have to pass along at a time, especailly in a "low-shared-knowledge" situation where you and the target have little if any in common. Plus for many methods of steganography, there are ways to sanitize them. For example, hiding in whitespace can be defeated by sanitizing whitespace to minimum spacing standards, and so on. Nonsense messages like book codes will tend to stand out (as will outlandish sports predictions), images can be stretched, flattened, etc. There are limits.
PS. As for the idea the Panopticon will be Too Much Information, ever considered they could winnow the stuff through machines first? They do that already with large camera arrays like in casinos.
And then the plods will just resort to psychology to apply a subtler form of mind control that doesn't trip the "coercion" detectors, etc.
The problem with sieges is that the attacker usually has the advantage: usually in the form of a broader scope. Unlike the defenders, the attackers aren't bottled up.
"Fully autonomous machines need to hold the manufacturer responsible for clear mechanical failures and to provide a WORM audit log when the Luser does something daft."
But since that's going to be a while away, what about SEMI-autonomous stuff where the line between machine-controlled and human-controlled blurs. What if an accident occurs in that gray area? Is it the user's fault for giving an unintentionally "stupid" instruction, is it the machine's fault for not recognizing it as a "stupid" instruction, or did something unrelated intervene to turn an otherwise "sane" instruction "stupid"? We're heading into Book of Questions territory here, if you ask me, where a clear answer is going to be elusive.
"What should have happened was to start off, back when Lloyd George set up old age pensions, with a fraction of the money paid in being invested."
Question is, what fraction without either ticking off taxpayers with higher taxes or ticking off the elderly with lower benefits? It was almost untenable from the get-go except that penniless Gran dying while eating dog food was even less tenable. IOW, the least-worst option was almost unacceptable in itself.
Perennial problem with public transportation is that for every stop you pick there are 10 that are too far away. And then there's that dreaded destination: "Out of Town" or even "Off the Beaten Path." For these or tasks too large for two hands, it's personal transport or bust.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
