* Posts by Charles 9

16605 publicly visible posts • joined 10 Jun 2009

Connected car in the second-hand lot? Don't buy it if you're not hack-savvy

Charles 9

Re: The criminals are already using this weakness

"It seems they hide a gizmo in the car to clone the signal for automatic garage doors which can then be operated remotely."

Hmm? But don't most garage door systems use rolling codes these days?

Charles 9

Re: Fingerprint readers

And what about gummy fingerprints and frog marches?

Charles 9

Re: to quote him, “identity management for devices is best served when it's centralised.”

Except what if you willingly or are coerced to give up your credentials, INCLUDING your certs?

Charles 9

Re: Now ask me why ...

"The entertaining part is that that also has an as yet unused positive byproduct: thorium, which can be used to make far safer nuclear power plants than the current uranium based ones."

Wanna bet? The thorium cycle produces Uranium-233. VERY weaponizable. Can't rule out a state being desperate enough to extract it. Not to mention U-233 is a real problem in cleanup time, as it's even MORE problematic than Pu-239.

Charles 9

Re: "Without naming the machine's maker"

"I would like to see it work with its fuse pulled."

Sure, only will you have a working car at that point. Never underestimate the deviousness of Big Brother so that one cannot disable the telemetry without disabling the device altogether: all or nothing.

Why I had to sue the FCC – VoIP granddaddy Dan Berninger

Charles 9

Re: We all lose

If that's so, why hasn't anyone gone the extra step of directly suing Comcast for deceptive trade practices? And for that matter, why hasn't anyone then attacked the FCC and FTC for failure to perform their duty? There ARE circumstances where US government bureaus can be sued for significant grievances.

Charles 9

Re: less gummint regulation is nearly always a good thing

I disagree. I say it SUPPORTS the supposition because ANY regulation, just like ANYTHING made by man, can be twisted and corrupted. Every form of government has fatal flaws. Even democracy can be corrupted by conning an unknowledgeable electorate.

Charles 9

Except that most telephone lines I've noticed are buried, a lot easier thing to pull off with something low-voltage like telephone lines. The term "telephone pole" these days are generally misnomers because the poles are actually owned by the power company.

And PS. I've had the cell towers break down before the landline phones, and without Internet access (which is more likely to be OVER than UNDER), the IP phone is dead, too.

Charles 9

So $7 a month, then. Given the average phone bill these days, that's a pretty small chunk.

Charles 9

Re: Delusional or False Flag?

"3) Telco's act in only their own self interest, net neutrality is to prevent Comcast from extorting money from content providers like Netflix in order to deliver their service at the same level as others, just like they did before it was implemented."

Here's a relevant concrete example. What's to stop Comcast from prioritizing NBC on demand stuff and giving say CBS on demand short shrift (since NBC is owned by Comcast and is free to pipe down their own private network versus CBS which is owned by rival Viacom).

Charles 9

Re: "Do you pay "rental" for the electrical supply cable coming into your home,"

"OTOH the concept of "line rental" on a mobile phone is complete BS,"

Oh? How do mobile phones reach landlines, then?

Charles 9

Re: less gummint regulation is nearly always a good thing

"The free market isn't perfect by any means, but it's a lot better than the regulatory state presided over by flawed human beings."

I disagree. An unfettered free market is like a poker tournament. It's why I call it "winner economics". Eventually someone gets all the clout and can bully everyone out of the way: even pushing or buying out upstarts before they become disruptors.

Charles 9

In which case you keep one phone in the house which doesn't rely on external power: one basic, no-frills, just-plug-it-in phone that keeps you up even when the power's out.

Charles 9

Re: "We should be turning off the POTS telephone network"

"Do you pay "rental" for the electrical supply cable coming into your home, or for the pipes connecting you to the water supply, or for the cable connecting you to the cable TV service?"

Yes, though it's called maintenance fees. SOMEONE's got to pay for the upkeep.

UK Snoopers' Charter gagging order drafted for London Internet Exchange directors

Charles 9

Re: High time to disconnect

Not necessarily. Think sensitive microphones, planes, and satellites. Bet you they can even Big Brother a total Luddite.

FAKE BREWS: America rocked by 'craft beer' scandal allegations

Charles 9

Re: Pomona ad astera re the heat

No, because ale tends to be stronger than a thin lager. That's what I said, just alcoholic enough that it doesn't aggravate the blood vessels yet at under 40 degrees quickly cools you down, which is what you need when you're already in a sweat (if what you say is true, it would do that with cold ANYTHING). Your body wouldn't counter this at this rate since it's already heading towards heat exhaustion territory. Thing is, thin lager may be f'n close to water, but it's NOT water. Plus remember one reason people tended to drink beer versus water: beer BOILS the water; sometimes you can't trust straight water.

OTOH, a full-bodied ale tends to better dilate your blood vessels (alcohol's a vasodilator), increasing blood flow and making you feel warmer. And since it's fermented and served at room temperature, you don't have the chilling effect that counters this. Thus why the English tend to stick to them given their colder climate.

Charles 9

Re: Pomona ad astera

Yeah, people are drinking them in hour climates and need BOTH the sedative effect of alcohol AND a way to beat the heat. That's why lagers are king in most of the US.

Global IPv4 address drought: Seriously, we're done now. We're done

Charles 9

Re: Dear network geeks, IPv6 is crap because...

We're trying to future-proof the damn thing so we don't have to deal with this again in a few decades as uptake could spike and we jump from 48 bits gone to 64 bits gone faster than we go from 32 to 48. And before you say why won't we hit 128 bits gone, physical limits kick in. There just isn't enough matter in the universe to do that. That's why ZFS uses 128-bit limits.

Charles 9

Re: Address allocated but not live

Security by EXTREME obscurity. If you're looking for a few bone needles in a planet-sized haystack, eventually the return on effort gets too small. If you had a week to search a million lead lockboxes, even if you could check them once a second, you'd only get about two thirds of the way before time ran out (it would take nearly 12 days).

Charles 9

Re: It's all Excel's fault

But how does an IPv4-ONLY machine talk to an IPv6-ONLY machine. Neither understands the other.

Charles 9

Re: IPv6 is fundamentally broken

Unless, of course, the ISP sends a PRECONSTRUCTED route, which wouldn't NEED translation. Then only the firewall stands between the ISP and your LAN.

Charles 9

Mine (Netgear) let's you input a domain into their script generator, to allow for stuff like Dyn to work even if your IP changes.

Charles 9

Re: "nat-has-nothing-to-do-with-security"

"NAT is not a "security by obscurity". It's the equivalent of a DENY ALL rule for incoming connections. If it doesn't have a rule to deliver a packet, it will drop it. Raw, simple, but effective. And - important - cannot be disabled but for a single host, usually."

But that's NOT the NAT at work. That's the firewall that's INCLUDED with the NAT. If the firewall wasn't there, the ISP (which provides your connection so you're subservient to it) WOULD have the ability to route directly onto your LAN if it knows your topology (and if the ISP can do it, the LAW can pressure the ISP to do it on their behalf). Someone demonstrated such a route about a month ago. It's ONLY the firewall that prevents this, NOT the NAT.

Charles 9

Because IPv4 has a HARD limit to its addresses: 32 bits, no more no less and no room for extension (it's in the spec).

Since the ONLY way to improve the protocol was to break backward compatibility, IOW break the mold, they went ahead and pulverized the mold.

Charles 9

Re: Address allocated but not live

"Ignoring the really obvious problem of being expected to unnecessarily translate between IPv6 and IPv4 on your network boundaries, why are IPv4 private address ranges preferable?"

Because you have devices on your network that cannot be replaced or upgraded and can ONLY grok IPv4. Now what do you do?

Charles 9

Re: NAT is a problem

Actually, IPv6 DOES have NAT. It's just that it's one-to-one NAT, not the one-to-many NAT we're seeing with IPv4 (and if you thing IPv4's NAT is bad, wait until you're behind a CGN or two).

Charles 9

Re: Address allocated but not live

"As to firewall separation, you can still configure your home router/firewall to allow the bits you want to access externally whilst protecting your garage door just like you do today. IPv6 firewalls work just like IPv4 firewalls do."

And in fact, one-to-one NATs in IPv6 can do some pretty neat tricks (and yes, they're in the spec). For example, ephemeral addresses for outgoing connections (meaning they're used just for that session and then disconnected). Lot harder to hack by reversing outgoing connections this way. Another example, you can have the router randomize the subnet addresses of exposed machines, making all of them look like a jumbled mess to an outside network mapper. Makes it harder to guess the topology and use that knowledge in an intrusion.

Charles 9

Re: Y U NO IPV6 BRO

How do you do pictures, though?

Charles 9

Most VPN scripts (especially OpenVPN) really prefer a fixed point to connect: either an IP or a domain. Otherwise, you're going to be doing jiggerypokery every time your IP gets changed. And this is pretty much a non-starter with a CGN.

Charles 9

Part of the problem is routing. With 128 bits to work with instead of 48 allows you to provide more than enough bits for physical routing to match up and seriously simplify your routing tables, which was one big concern as IPv4 started getting crowded and the routing got all messed up. Now two 90. addresses didn't necessarily go to the same geographic region, for example. This is important as routing tables started getting SO big that stuff started breaking.

Charles 9

Easiest starting point's gonna be the router. Even without direct IPv6 allocation, there are other ways to get set up. That's all it took on my Netgear R7000.

Charles 9

Re: It's all Excel's fault

Not so simple. Without IPv6 stacks, internal devices won't be able to send IPv6 addresses to the gateway. To use IPv6, you gotta grok IPv6 first.

Charles 9

Re: IPv6 is fundamentally broken

NAT isn't what blocks incoming connections. It's your firewall, and any firewall worth its salt has a DROP or REJECT rule for incoming connections by default. Without the firewall, an ISP (perhaps under pressue) can route directly into your LAN. The firewall doesn't go away with IPv6. Nor does NAT; it's just redone as one-to-one reconfigurable and ephemeral NATS which actually provide better protection by scrambling the visible topology.

BOFH: Password HELL. For you, mate, not for me

Charles 9

And if they CALL BACK with an unblockable number?

You know IoT security is bad when libertarians call for strict regulation

Charles 9

Whatever happened to just blocking that country wholesale?

Charles 9

Re: What kind of code

"It wont stop every crap device, but if it makes it very hard for Joe Public to buy a shitty insecure camera or video recorder, etc, because none of the shops or sellers like Amazon (who of course would be the importer in this case) then its done its job."

Unless, of course, Amazon isn't in your jurisdiction, either.

Charles 9

Oh? What if companies move out of your jurisdiction? What if they never were in your jurisdiction because they're using gray markets?

Charles 9

Re: What kind of code

What if all involved are outside your jurisdiction? Hard to nail the coder and so on if they're all in China, for example...

Charles 9

Re: Your role in a movie is coming soon

True libertarians would just say let Darwin sort them out and produce tougher humans. What better way to raise awareness than a spike on the steering wheel?

Charles 9

Re: Former libertarian

What happens when you DO get a YES AND they volunteer the information?

Pwnd Android conference phone exposes risk of spies in the boardroom

Charles 9

Re: ATMs

Around here, they just steal a truck and haul the machines WHOLE to the hideouts. In which case the thieves are after the cash, not the credentials, which involve a whole other set of thieves.

TV anchor says live on-air 'Alexa, order me a dollhouse' – guess what happens next

Charles 9

Re: "CONFIRM"

"Did you just call The Librarian a chimp? Gods, you're for it now!"

I don't think so. At least a chimp is another ape. He'd probably just correct you with a, "Ook. ook." It's the M-word he hates.

Charles 9

Re: Back in the day...

Probably didn't. He forgot the "Y" between the two "return"s.

ASLR-security-busting JavaScript hack demo'd by university boffins

Charles 9

Re: Timing attacks?

If you want faster rendering, especially with vector graphics like SVGs, which is being demanded, you need to get close to the metal. 3D is easier for modern GPUs to grok.

Charles 9

Re: Java*.*

I believe Lynx has been targeted, too. Plus that defeats things like gallery sites.

Charles 9

Re: Timing attacks?

"And don't forget, if you ever do have a true need, you can always ship an independent application to handle the entire interaction. This is a discussion about a general use tool."

Because you're catering to John Q. Public who doesn't want to get saddled with yet another piece of software. You're talking the Facebook generation here.

Forget quantum and AI security hype, just write bug-free code, dammit

Charles 9

Re: We already have the techniques!

"For management, yes, I am quite familiar with the "ship it now" idiots."

The problem is when you look all around and find nothing BUT...

What's the biggest danger to the power grid? Hackers? Terrorists? Er, squirrels

Charles 9

Re: Only 15?

"* I have no clue whether NYC is vulnerable to this sort of attack. I'm just puzzled why more of those long range transmission lines aren't buried..."

Burying cables has tradeoffs, especially for longer distances, harder ground, and maintenance concerns. (Buried cable is MUCH more expensive, both in installation and maintenance, gets worse if you have to deal with harder ground, and doesn't lend itself well to upgrading). And IINM it gets more complicated when you're talking high-voltage transmission lines because now you have to take other things into consideration.

Charles 9

Re: a "democracy-ending event."

"BTW Wasn't the US (military or CIA) reputed to be looking at this in Viet Nam for deniable low intensity destruction of infrastructure."

Sounds like they dropped the idea? Impractical because most places there didn't have infrastructure as we would know it?

Charles 9

Re: Bah!

"The cascade blackout was entirely unnecessary and could have been avoided had anyone in the Ohio control room understood the business they were in charge of and taken some simple, widely known, industry standard mitigation steps at some point in the hours of warning signs they had."

Thing is, it spread BEYOND Ohio, meaning it wasn't JUST Ohio that was in trouble since the mitigations THERE failed, too. Plus there's the earlier 1960's blackout, which we KNOW started with ONE substation and cascaded.