* Posts by Charles 9

16605 publicly visible posts • joined 10 Jun 2009

Spammy Google Home spouts audio ads without warning – now throw yours in the trash

Charles 9

Basically, you can't afford to buy back your privacy. Not even a cabin in the woods can save you from aerial and satellite surveillance.

Charles 9

Re: Careful!

"DuckDuckGo's ties to Yahoo are seriously unhealthy (do a search) and the results aren't as good either. Startpage is decent or even try Qwant or something else..."

Which will all just get taken over eventually. Because without the ad revenues, how do the search engines stay in the black? Essentially, they can't. Privacy costs but no one's willing to pay for it these days. Frankly, not too many people even care about their privacy (not even down there--consider flashers and streakers).

Charles 9

Re: Kill it with Fire

Oh? What if it SURVIVES?

Charles 9

Re: Illegal advertising to children in the room

How can they enforce it when children under 12 can pretty much watch any channel, which means practically any channel (which pretty much MUST carry advertisements due to the need to keep carrying fees down or cablecos will balk) can't carry ads at all (to say nothing of major broadcasters, who basically have nothing BUT ad revenues), meaning the entire television model breaks down?

And then about about radio, newspapers, and magazines, all of which can be seen by children under 12 AND are all plastered with ads?

Charles 9

Re: I sure hope the average person's response is similar

"If you don't want ads in your face, don't be stupid enough to use a product from a company that makes all its income from advertising. Especially don't be stupid enough to pay them for the privilege."

Pretty soon that won't be an option. Can you find an actual, non-Big-Brother TV in your local electronics department these days? I don't think so, which means if your TV breaks, you're not watching TV anymore if you want to avoid Big Brother.

And since you pretty much need a smartphone (because dump phones can have practical apps) to keep in touch (because it won't be via calls or SMS anymore), how are you going to avoid walking on the Sun?

Charles 9

Re: Google needs human customers

"With no real customers, they don't have a good option to start charging for services at an individual level. It's not how they gained their user base."

I think it's more a case where they couldn't charge a comparable rate compared to what they already get from the ad revenues. Kinda like how cable channels (which are PAID for; ask the cable companies) still post ads everywhere. It's the only way to keep the cable companies from balking at the actual costs to operate.

Charles 9

Re: Easily fixed

"This site cannot load" is becoming a LOT more common as well. Soon, it'll probably reach the point where it's open yourself up to spyware and malware or you can't surf the Internet. And many times it won't be the site owner who demands it but the host or proxy from which the site owner has to depend. Just you watch. Cloudflare is going to mainline ads straight into the HTML in the near future so you can't block them without blocking the actual content.

Autonomous cars are about to do to transport what the internet did to information

Charles 9

Re: Wrong Problem

"If you can get a wheelchair in the pod you can surely get one of those trolleys grans use to wheel their groceries around in the pod too:"

But how about the wheelchair AND the trolley. And that's assuming their shopping is that small, which I've described appears to be the exception rather than the norm.

Charles 9

Re: Wrong Problem

"So.. All those millions of people around the world who go shopping, move house etc etc etc who don't own cars actually don't exist?"

But then they have to rent TRUCKS. And that means someone has to OWN the trucks those people rent. And for their business to be practical, they have to be able to rent those trucks more often.

"Have you ever tried moving house as anythign more than a teenager/student with nothing more than just a car? How'd you move your fridge? Couch? Bed? Can't be done, guess you just have to stay put."

No couch, and the bed was provided. Fridge was the little cube job. You could do it if only one or two people went. I speak from firsthand experience. Plus it happens at specific times of the year which means they come in surges.

"Daily I see people using public transport, pedal power and even just plain old walking for their trips to the supermarket and so on. A bag of groceries doesn't need a bloody supertanker to move it."

I see the opposite: full parking lots at the big-box stores, and inside full shopping carts and bills in the $200+ range being the norm rather than the exception (thus why they don't use the self checkouts).

"Oh, and I'd wager that most private vehicle trips are the daily commute. Something semi-private that is no more expensive than your car and solves the parking problem would be welcomed by a lot of people.And no, everyone doesn't have to take a truckload of stuff around with them every day despite your claims."

But more than you think. What's one of the most common joke setups? "Oh, and honey, on your way home..."

"If the old lady up the street can figure out how to get her shopping through her various appointments and then home safely every week, I'm sure others can."

That's not a certainty. That's why many of them have caregivers.

Charles 9

Re: Wrong Problem

No, I'm assuming PRT won't offset ENOUGH traffic to make it worthwhile. You can't use PRT if you're doing a big shopping trip. Or moving. Or doing a myriad other things that require some, for lack of a better term, cargo space that PRT won't be able to provide. Plus what if you have to take a road trip or go somewhere far from the PRT?

One IP address, multiple SSL sites? Beating the great IPv4 squeeze

Charles 9

Re: End to end is a myth

But you don't NEED NAT to connect to a session that DOES exist on the LAN and can be routed through directly via your ISP through a preconstructed route that could be arranged by an insider or the law enforcement, and if the ISP can do that, they can connect that route to the outside via another route.

All without touching the NAT. If it's AT ALL possible, then you have to assume someone WILL use it at some point without your knowledge. Remember, we're one scandal from a DTA world.

Owen Bytheway, I've seen logs with RFC1918 source addresses trying to link up, so don't say they're non-routable. You can't trust all the links on the Internet to obey all the rules.

Charles 9

Re: End to end is a myth

"If you don't want an opportunist hacker scanning random ip ranges deciding to hack your home NAT will fully protect you against that."

NO, it's the firewall that protects you against that, and that doesn't go away with IPv6. Besides, opportunist hackers know about firewalls and the like and use techniques like drive-bys that rely on the USER initiating the connection, meaning the firewall LETS it through. It also happens to penetrate NAT, thus why it's a key tool of LAN intrusions. Well, that and the fact that, as the comedian said, "You can't fix Stupid."

San Francisco reveals latest #Resist effort – resisting sub-gigabit internet access

Charles 9

Re: San Francisco is old enough

Then you've never seen pictures of the aftermath of the 1906 earthquake. Plenty of damaged or fallen telephone poles then. There's a reason California instituted earthquake-resistant building codes after the 1971 Sylmar quake, and subsequent earthquakes (Loma Prieta, North Ridge) have resulted in adjustments to account for better research.

And you don't even have to look that far back to see how telephone poles can be a problem in an earthquake. Look at this picture courtesy of the Daily Mail. This took place in Kathmandu following the earthquake that hit there in 2015.

Heck, I've lived in plenty of places where, even with fiberglass and concrete reinforcement, poles can still have difficulties handling strong hurricanes/typhoons/cyclones.

Charles 9

Re: Aah, the myth of the more efficient and flexible private sector

"A myth perpetuated wholly by those who have been careful not to observe that the private sector exists to make a profit for its shareholders."

That condition can exist, but it tends to require a lack of competition: either through a monopoly or through cartel behavior. Thing is, utilities tend to have high up-front costs (you can't run your utility until you can reach your customers; that means laying down those lines), so there is a natural tendency towards monopolies and oligopolies. Otherwise, honest competition would force all sides to be honest to prevent one side poaching from the other.

Charles 9

Re: San Francisco is old enough

A couple things.

First, most of those poles are owned by the power company (because they primarily carry distribution lines, which due to physics are a lot trickier to bury). The fiber provider has to hash things out with them first, and there are no guarantees.

Second, San Francisco is in an earthquake zone, so ANY infrastructure laydown, above ground or below, has to be built to handle earthquakes (either by resisting the worst or by giving way easily so reconnections are quicker). That raises the complexities and the costs.

Charles 9

Re: Big Cable is why we DON'T have fiber to our homes

"Someone did the math and realized the cable co could afford to run at a loss pretty much indefinitely."

But wouldn't that open them to a charge of predatory pricing, which IS illegal under current anti-competition statutes?

Charles 9

Re: Big Cable is why we DON'T have fiber to our homes

And one major reason it panned out this way is that, unlike all the "good" countries, the US is very BIG. And to get real high-speed Internet, you need that infrastructure along the whole line or one weak link slows you to a crawl.

Petya ransomware returns, wrapped in extra VX nastiness

Charles 9

Re: Priorities

Except they have to be attached at some point to CREATE the backup. A sneaky malware can just corrupt the backup at the point of creation.

Charles 9

Re: Priorities

"The ransoms tend to be paid in bit coin and that can be traced back so it isn't like these people can't be found."

Explain this since one idea of Bitcoin is that you can shuffle it around between different wallets under your control (you can create a whole bunch of them at the drop of a hat, which BTW wouldn't touch the blockchain at that point) so that it's a lot easier to launder Bitcoins.

Charles 9

Re: Priorities

And if the money trail leads to a hostile state?

Charles 9

Re: Priorities

"Rather than trying to spend a large amount of time and money fighting piracy, there should be more efforts in fighting the scourge that is ransom encrypting malware."

How do they do that when the writers typically live in countries hostile to the West?

More Brits' IDs stolen than ever before

Charles 9

Re: Time to trash your own credit score!

"Who needs credit anyway - pay upfront with cash, that's my motto."

Except it produces dilemmas.

How can you make money to buy a car if the only job you can find requires you to buy a car?

How can you make enough money to buy a home if you have to give all your money to the rent every month?

Charles 9

"Therefore, if what you say is true, you are literally nobody."

And guess what? That can really happen. If they identity thief replaces all your history with his own AND convinces the rest of the world that his is real instead of yours, down to the birth certificates and all, then how are you going to prove it was yours to begin with without getting locked into a "he said, she said" problem. And before you say close friends or family, you could be estranged and not have any real friends, plus the thief can convince them YOU'RE the thief.

Charles 9

Re: It's NOT "identity theft"

"You can't really steal someone's identity anyway, since a person doesn't cease to have an identity when a criminal impersonates them. They are still the same person."

Not really. Name changes and all that. Your identity can indeedy-doody be usurped, against your will, by a well-heeled miscreant, leaving you with little recourse to get it back OR establish a new one. Try telling what you just said to a victim of such identity theft, especially one with no close ties or family.

Charles 9

Re: Should not be possible to open a bank account online

"That's not guaranteed, back in the day, the post office screwed up some of their mail forwarding when I changed address, allowing some ID theft folk to take a loan out in my name using letters delivered to old address. "

The late, great Douglas Adams once had an issue very similar to that happen to him: he moved but all his mail, including bank stuff, ended up at his former address. It was this very issue that was the inspiration (and the initial plot) for his text adventure game Bureaucracy.

Charles 9

Re: Should not be possible to open a bank account online

"Go back to the old way, actually have to go into the bank with some proper photo ID."

What if there isn't any within a reasonable distance from you? Go back to barter?

Dark matter drought hits older galaxies: Boffins are, rightly, baffled

Charles 9

Re: Dark Matter? WTF?

"Unless Dark Matter is just a modern term for God!"

Not so much as an acknowledgement that, "We're still rather in the dark about this." Calling it "dark" makes it more or less a placeholder, and I would think they would welcome plausible replacements for dark matter and dark energy. Just be sure to tick all the boxes in so doing.

Today's WWW is built on pillars of sand: Buggy, exploitable JavaScript libs are everywhere

Charles 9

Re: Meanwhile, back in the real world...

Which doesn't help when you're in the dark without benefit of a flashlight. As for photocopiers, that means additional paper, toner, and maintenence not to mention malfunctions.

Charles 9

Re: It's like this conversation is happening in outer space

To which I respond: they're overrated. What problems did they solve that weren't solved already?

Charles 9
Trollface

Re: Too many dependencies.

No, whatever happened to Keep It Simple, Stupid (though in this case, a cruder S-word may be in order)?

Whatever hapepned to the philosophy of "Do ONE thing and do it well"?

Whatever happened to delegating jobs to programs designed for the job?

So if I'm a troll, then THIS is my bridge; cross at your own peril. And don't bother waiting for daylight; I'm stocked up on sunblock.

Charles 9

Re: Opinion discarded

"So, you're suck in the 90's? At this point the web has moved past that point, to being an application-delivery method, for better or worse. "

Well, it's worse. A LOT worse. In fact, it's a threat to the entire Internet. It's time to nuke it from orbit and start over. If it survives, might as well abandon the Internet.

"And seriously, inline javascript? Nobody writes that any more. ES6 modules are just around the corner."

NO! I DEMAND inline script so I can see the code.

Charles 9

Re: choices

Two ways: native app or a remote desktop protocol like VNC.

And BTW, to the person who dissed VNC, perhaps you can work on it yourself, given the basics of VNC is open-source. I happen to prefer TightVNC myself, which is GPL. If you don't trust VNC, then you probably don't trust FOSS in general, either.

Charles 9

Re: @bazza

"As for not having dynamic web pages, and remote viewing any interactivity... can you give me the number of your dealer, because you are high."

No, I'm completely sober. In fact, I'm downright depressed because the state of the Web (no, the entire Internet) is such that unless something radical is done, we may well lose it altogether to the next Mirai or a major automated attack on most of the Web. We can't even say our computers are really ours to control anymore. If we don't take back control YESTERDAY, we'll have no chance to get it back because all the avenues will be blocked.

Charles 9

Re: "Google may be OK with this but ultimately it's a big risk for them"

"The only sure solution to the problem of dynamic web pages is to forget about client side execution in the browser altogether, and replace it with a Turing incomplete remote display protocol for code running server-side. A bit like HTML used to be. A bit like X server protocol, and (AFAIK) RDP, VNC, etc. We're not very good at implementing such protocols problem free either (buffer overruns, etc), but it's a much easier challenge."

And that's exactly what I'm proposing. Leave the interactivity to those protocols built from the outset for it, and since most users would get lost in CLI Land, SSH is not an option unless it's used as a tunnel for X, but VNC would probably be preferable because it's built for more-efficient an adaptable transport.

Charles 9

Look up Return-Oriented Programming, which actually uses bits and pieces of legitimate code to do mischief. So, yes, even perfectly-legitimate code can be used Not For the Purpose Intended. Remember, diesel and AN fertilizer are common tools of the farmer, but Oklahoma City proved they can also be mixed together into powerful ANFO (IN SPITE of denaturants in the fertilizer--they were able to REnature it).

Charles 9

Re: choices

Which in turn makes it the main reason we SHOULDN'T be using JavaScript anymore. It's too much of an information leak. Make those sites that depend on that data starve and go back to the days when you just filled out a traditional web form and all that stuff. I recall even eBay was able to run without AJAX when it first started out.

Charles 9

Never went past 3.0 and FRAMES. Can give up the JavaScript in a New York Minute since it was mostly inline cosmetic stuff. Going back is easy for me, how about you?

PS. Some basic 4.0 stuff I can tolerate like simple style sheets (just no scripts in them).

Charles 9

Re: choices

"There is no such thing as a "href" link on a commercial site any more. It's not even a matter of conscious effort any more - JS, or you don't shop, end of."

And NONE of them have any other form of contact, such as a telephone number, a snail mail address, or even a brick-and-mortar storefront from which you can interact? Is it ABSOLUTELY JavaScript or bust? If so, all I can say is, "Woah." I'd frankly have to wonder if I really NEED that thing at that point. Otherwise, if they have ANY other form of contact, I resort to it and inform them on the strictest terms that it'll be the ONLY way you'll interact with them because you environment is incompatible with JavaScript for security reasons and that it's now a condition of your (and all your technico friends) continued shopping with that site. Few things hone a store's senses like the threat of a defection.

Charles 9

Re: Stop obsessing over JavaScript

"If end-users need so much hand holding, they're possibly not the kind of people you want to do business with anyway."

Unless, of course, they're the BULK of your cleintele, meaning it's cater or them or starve, basically.

Charles 9

Re: Stop obsessing over JavaScript

"I firmly believe that there's nothing wrong with doing full page reloads and writing sites/applications that use no js at all. It's become relied on for everything from validation (which you can obviously disable, by disabling javascript) to ajax requests (not needed as you can just reload the page) and transitions/effects (which few people actually care about). I honestly don't know why so many people are obsessed with javascript."

The only think I can think of is timing-sensitivity, such as an eBay auction where an AJAX action can involve a shorter round-trip and can mean the difference between winning and losing a heated auction. But I can't think of little else that would require something that time-sensitive.

Charles 9

Re: It's like this conversation is happening in outer space

After all, how did we do things BEFORE JavaScript was made? Why can't we go back to those days? There's likely an alternative for anything you can think of.

NSA hacking chief's mission impossible: Advising White House on cybersecurity

Charles 9

"How hard s to ask "What is best for America?" "

EXTREMELY hard because the answer differs from person to person. It's like trying to find one question everyone will answer the same way (if you can do that, you'd be on your way towards finding an absolute in this universe).

Oxford Uni boffins say internet filters probably won't protect teens

Charles 9

Re: Shades of grey

"I remember with great pleasure the look on the face of the US grad students when they first encountered topless sunbathers at the Blatterwiese. I am sure you can find the same embarrassed look on the face of many Arab refugees when they encounter the first short skirts. I assume most get beyond the shock and move on to a productive life."

And if they DON'T? What if they go stark raving mad (or worse, religiously militant--or was that militantly religious)?

Charles 9

Re: Filters aren't needed

And if they're smart enough to hack the logs? Like how kids are smarter than the parents re: the V-chip?

And just why won't filters be effective? Because the kids can get around them or because the content can get around it?

Charles 9

So should people need a license to be a parent? Perhaps reversible sterilization?

Headphone batteries flame out mid-flight, ignite new Li-Ion fears

Charles 9

Re: Rude awakening at 30,000ft

SOP for a L-Ion battery fire actually IS to douse it with plenty of cold water. Since the fire is the result of a thermal runaway, you want to stop the runaway reaction. Since the lithium in an L-Ion battery is in compound form, it won't react to the water.

Brit infosec's greatest threat? Thug malware holding nation's devices to ransom – report

Charles 9

Re: Revolutions need to start somewhere

IF the company still exists.

Charles 9

Point is, they got away with it for a long time, and when they got caught, I don't think the penalty was really all that severe compared to their annual revenues. I'd consider that a pretty GOOD example of gaming the system costing less than doing it right the first time, which means things don't get done right. And that's a company that manufactures something that basically forces you into a jurisdiction. What about one where the good can be made any old where and the people in charge can just disappear overnight?

Sad fact of the day: Most people still don't know how to protect themselves online

Charles 9

Re: Knowledge is not a requirement

"You don't have to be a nuclear engineer to plug in your electric kettle."

But you DO need to know to be wary of exposed wires, especially in presence of water (especially once you add salt to it).

"You don't have to be a mechanical engineer to drive your car."

But you usually DO need a license. AND you're frequently expected to be able to keep an eye on basics like tire pressure, fuel and fluid levels, etc.

"And you don't need to be a financial wizz-kid to have a bank account."

But you ARE told to be wary of unusual activity in your bank statements.

IOW, at some point the USER has to take some responsibility for using the public networks. Now, requiring a license to use a computer may be a bridge too far, even in a place like the UK where they send agent to enforce TV licenses, but there are just some things that can't be done any other way.

Charles 9

Re: Not that surprising...

"Oh get a grip, at least with updates installed you've reduced the RISK"

No, because updates could introduce bugs (or worse, be tainted) which INCREASES RISK. So it's REALLY a coin flip.