Posts by Charles 9 16605 publicly visible posts • joined 10 Jun 2009
""Iron fist" or not, given the sheer numbers of the population, people should be able to (literally) crush any attempt to harm them. Yet they very rarely do..."
Depends on the size of the fist. If you have a fist large enough to tear the whole country or worse apart attached to someone willing to go MAD, people start checking if their situation actually is worse than what's potentially on offer.
"In my limited experience one of the biggest issues with older phones is lack of memory."
Let's be clear. Do you mean lack of memory (as in RAM) or lack of storage (as in flash memory)?
For the former, as apps get upgraded, the baseline for their usability rises with them. It's why I eventually had to stop using my Note 4, as every app I tended to use got put to sleep, sometimes even while I was using them.
When it comes to storage, most apps only keep the most recent version and maybe one backup. The new version simply replaces the old one in storage, much like how you upgrade computer programs. Uninstalling and reinstalling may recover some space, but this is usually cache and other assorted cruft that comes with the use of the app. If the app itself is big (and getting bigger with each update), you're going to use it up no matter what.
"One in a hundred is not unusual. I would call that a bad model for security."
But the point is, evolution tends to take everything into consideration to get the odds right. 1-in-100 odds? Use Strength in Numbers, but you notice that doesn't happen for larger animals like cows. Ruminants tend to have stay on the hoof, thus their young are born live and tend to be able to get up and move quickly afterward, for that reason.
"Take the deer. With excellent hearing, speed, and eyesight, they represent a significant difficulty for predators. Humans work in teams to exhaust them."
Not just humans. There's a reason wolves, coyotes, and related predator species tend to work in packs. Even lions tend to gang up on their prey. Thing is, they don't tend to carry their food around with them, and one maybe two tends to keep them full, so it's not like they herd huge numbers off cliffs; doesn't fit their style.
"Random processes do a lousy job when faced with custom-designed countermeasures. Just don't."
But they have the advantage of time and numbers. As long as they stay ahead of the curve, things tend to work themselves out. Deer aren't that endangered yet, are they?
But at the same time, you can't simplify it, either, as a lot of that complexity has become necessary. The biology angle seems appropriate here, as it's a lot like our current virus issue. We can't stop it, and even containing it is proving problematic, and in the meantime people are dropping and livelihoods are getting shredded. Technological security may well have become a dilemma for which there is no satisfactory solution, yet people are too hooked on it to go back barring an utter catastrophe (the "typo kills ten million people" kind of catastrophe).
So what do you do when your job depends on containing Dave? Given how many Swords of Damocles are lying around, it may be reaching a point where tackling Dave may be the only way to keep things not reasonably secure, but simply secure enough to JGSD, especially in a world where spare time for many people is dipping into the negative.
Point is, it may not be possible to simplify things to the degree you desire because something turns out to be there for a damn good reason. Just like how reciprocating engines seem to have beaten out rotary engines in cars (mainly because they're easier to tune to the complexities of the real world: a necessary evil when you're required by law to eke out the last drop of oomph from your fuel tank).
"And I'd wager more hydrogen atoms per molecule in ammonia than kerosene, gasoline, or methane."
And you'd lose the wager. Hydrocarbons are pretty high in H count. Methane is the lightest of them all, and it's CH4 (versus NH3 for ammonia). It only gets heavier from there. Common gasoline is mostly octane (C8H18) and heptane (C7H16). Kerosene is even more complex but tends to have heavier hydrocarbons like undecane (C11H24) and tridecane (C13H28).
As for airliner bodies, don't forget about aerodynamics and drag, especially at speed. There's a reason airliners today use a bullet-like design.
"I suggest that a large amount of travel would not be done if cars were replaced with horses."
Except you're talking something macroeconomic. One thing about macroeconomics: It's HARD to go back to a simpler time as expectations have risen along with the tech. Now that people are used to being able to cross the country in a few days by car and in hours by plane, it'll be hard for them to go back. Barring a catastrophe (at which point we're probably already dead), people will keep demanding everything yesterday.
Not trying to "rain" on anyone's parade, but there are criticisms that state that water vapor's net effect on temperature is moderating as it causes negative feedback (otherwise, we'd have been in Hothouse Earth long ago because of massive oceanic evaporation from the sun). Perhaps someone can elaborate on specifics on how water vapor can be both a worse greenhouse gas and a temperature moderator at the same time.
PS. I DO agree that hydrogen as a fuel is a nonstarter, thus the US Navy is researching into creating synthetic fuel instead using power from the reactors aboard their carriers.
Actually, coal isn't pure carbon. In fact, the two purest forms of carbon are common graphite and diamond. And last I checked, neither graphite nor diamond burn easily. Coal is typically a solid hydrocarbon (meaning it also contains hydrogen and usually a pinch of other stuff), and the composition can differ depending on the type of coal, ranging from pretty crude lignite, to the hybrid bituminous coal (so named because it also contains bitumen, aka asphalt), to high-grade anthracite which, while having high amounts of carbon, still has hydrogen in it.
Can't. Too many times it results in blocking the ACTUAL content, too. More and more often you run into blankouts that wipe the page on detecting an ad blocker or (more frequently) pages that won't show a thing until the ad shows. If I start seeing this on government websites or some other place that can't legally have an alternative, that'll probably be the time to cry out, "Stop the Internet! I wanna get off!"
"How to secure their systems so that, even when users open that attachment, the attack will fail."
Too much hoop-jumping. Most people are not of that ilk (they're the kind that just settle for a dead bolt) and spend their days wanting to JGSD.
"What a best-practice back-up system looks like; one that can quickly and easily get the business working again and not itself be compromised."
Can you make it turnkey and on a shoestring budget?
"Thats why you have copies (known as Backups)."
The sneaky ones wait for a while so as to infiltrate your backups and corrupt them, too. OR they hijack the backup process itself to make it look like it's working when it's in fact corrupting or exfiltrating your secrets.
"But if the question is repeated again and again with no malice or implication of stupidity, over time it might have an effect."
Problem is, the effect may run COUNTER to desired. History shows us people can be backed into a corner, at which point all bets are off. Look what happened in Germany in the 1930's and in the US just recently, and in the latter case, they're no longer afraid to flaunt it AND they have stories to support their cases. The structure is very elaborate and, thanks to echo-chamber thinking, pretty much watertight. Any attempt to appeal to their reasoning triggers their survival instinct, which short-circuits reason (amygdala hijack and all that). The more you appeal, the tighter they huddle up, at which point you pretty much have to hope for a catastrophic break.
Perhaps it's safer to say that what we're seeing are more and more chokepoints developing as data loads increase. As graphics demands grew and grew more diverse, specialized graphical chipsets gave way to slightly-more-generalized GPUs. When GPUs became more useful, they put a strain on bus demand, necessitating the still-evolving PCI Express bus to keep it fed.
Now in the network stack, we're kind of seeing the reverse. As throughputs continue to increase, latency becomes an issue because electrons can only move so fast, thus cutting down on trip times becomes a factor. Hearing about DPUs sounds natural to me: a way to take more and more of the I/O local in an effort to cut latency.
I'll be interested in seeing where the next chokepoint emerges. RAM and storage tech are still evolving at a decent clip, so it's touch to predict which one chokes first.
"If the law says that, the law is a ass. People should not be allowed to post dangerous lies in the guise of "free speech"."
What you need to do, then, is use another law or criminal offense against that speech. The First Amendment, terse as it is, is not absolute due to inevitable rights clash. This was the basis for the US v. Schenck decision (aka the "Fire in a Crowded Theater" decision).
"Who's YOU? Even face to face you have to take somebody's word for who they say they are. If somebody tells you they're fred@example.com how are you to know that that's who they really are? A better way would be to have example.com's mail server tell you that fred@example.com's public key is. You still don't know whether fred@example.com is Fred Bloggs, Fred Flinstone, Frederick the Great or my late uncle Fred of course."
And what if example.com has been pwned? Or is under Big Brother's thumb? Frankly, this all boils down to the intractable thing I call the First Contact Problem:
How do Alice and Bob prove who each is to the other if they've never met before and have nothing in common?
Short answer: You can't to any significant degree of certainty. Ultimately, because of the lack of anything in common, ANY attempt to establish the link can be subverted by an adversary (Mallory or Gene) by the simple process of impersonating one of the parties; the other party has no way to tell the difference. Even a Trent can be doubled in this case.
Interesting. I had to study the story for a bit (Hakuin was a Zen Bhuddist monk, FTR), but perhaps a few corollaries are in order. One of them is that what one speaks and what the other hears may not be the same thing; perceptions can differ (just look in the US), and one man's dare may be another's mortal insult.
As noted, Taiwan's just a little speck of land, and size matter when you're talking infrastructure. And anyone who complains about the US having shoddy broadband never comments on the infrastructure it would take to wire up say New York to Los Angeles without any weak links. It's not like any countries of comparable size (Canada, China, etc.) fare much better in that department.
"My suggestions would require them to do this and remove any possibility that they'd conveniently fail to identify the source."
No, they'll just spoof like they're doing now. Some have the assistance of hostile exchanges, too, such as SIPs, so can spoof even the "hidden" billing ID. I know phone companies are increasingly writing off certain percentages of bills because they can't be pursued beyond the border.
Test results aren't left in a message for privacy reasons. They'll tell you to call back. And most hospitals just leave their "front desk" number as Caller ID. Furthermore, things like you describe tend to be handled discretely, say under the guise of a gynecologist.
"In in US the hospital gets into privacy problems if they undertake to call you about a relative you do not have Power of Attorney in healthcare matters for."
But they're also legally obligated to notify Next of Kin, especially in a morbid or mortality situation. Most hospitals I know leave a caller ID, but it's usually just the "front desk" number, not any specific ward or clinic, to at least inform the caller it's a hospital.
Might not be such a good idea. Those tend to be the more-cussed spam callers. I just block my whole home exchange on general principles since no one I know shares that number (even if they did, I'd just whitelist that number).
"They often aren't allowed to hang up unless you swear at them..."
I've found they'll hang up pretty quickly for one of two reasons: (1) Wrong Number, or (2) Prank Answerer.
Me? I don't bother. The moment I recognize a pre-recorded message, I either just hang up or leave an appropriate "You don't apply to me" response THEN hang up. Anyway, most calls don't go through my call blocker because it hangs up on any strange numbers (and spam callers tend to use random numbers to get around blocklists so fall right into my trap--anyone I know has called before so will get through, and anyone determined enough--like a hospital--will call twice anyway). Any patterns of bad callers get blacklisted on top of it, and it's able to block whole exchanges or even area codes if necessary.
"As an alternative, the parents could get one of those refillable debit cards and link that to their kids' phone and tell them "when it is out of money, you have to refill it yourself so be careful about what you spend""
Make it a high school project: preferably senior year, assign them an allotment for them to obtain various things but tell them they need X to buy their graduation gown, and if they don't get the gown, they don't get to graduate. It's one thing I'd love to see added to a mandatory cirriculum.
"The kernel is only one area where this problem exists and is probably not the best option for exploitation."
Thing is, the kernel is among the lowest level of software available out there. Below that and you're going firmware or even hardware (and it should be noted even they're being targeted and exploited too, which may render this whole exercise moot). Pwn a kernel, pwn a system, essentially, so it's a high-value target.
That's not necessarily true. First, you can't be sure someone's actually working on bugs in any FOSS project unless there's some kind of assignment system in use. Remember, critical faults had been laying in common FOSS software for years sometimes. Second, you can never be sure the black hats came upon the fault first, already exploited it, and are just keeping their mouths shut to maximize the impact.
Having said that, this appears to be something of an intractable problem in that a necessary condition for fixing a fault is to make the fault known, which has the potential of making the problem (at least temporarily) worse. It's sort of like surgery: yes, it's often necessary, but opening someone up is never without risks. Heck, I don't even think formal verification can save us here since you can still have outside-context faults (I call them gestfaults) that combine quirks of multiple programs, each outside the others' scope.
I had that one, actually. That was my second G&W after Donkey Kong, Jr. At a point I also had Octopus and the dual-screen Donkey Kong and Donkey Kong II as well as a similar device (Pop Game) made by (I think) Seiko, under the Moriaka Tokei label (called Lasso; it's been exported to other countries under names like Rodeo and Cowboy). FTR, I lived in Guam at the time so had ready access to Japanese imports including Nintendo Game & Watches. I would be interested to see those emulated in MAME in future.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
