Posts by Charles 9

Re: Doesn't ring true, sorry ...

Even if the high ups have the ability to make the plods look the other way?

Re: The USP...

"It would have to be a "click-through wizard to install" and "no monthly subscription" affair though or it would be guaranteed to fail..."

But without at least the latter, there's no revenue to cover the costs, the investors won't be pleased, and the end result is it's guaranteed to fail.

Damned if you do, damned if you don't. That's why ordinary people just can't have nice things.

Re: Not that awful

In fact, two topology scramblers are built into the IPv6 spec. One (basically a 1-to-1 NAT, which they've never had issues with) allows you to rearrange external-to-internal v6 IPs at the router level so that the internal and external numbers don't match up so you don't give away your LAN structure. The other assigns ephemeral v6 IPs to all outgoing connections, which prevents using backtracking as an intrusion tool (not only does the random IPs prevent structure snooping but being ephemeral they don't last so even if you snoop the number it won't connect back once you're done).

Re: Not that awful

"Don't know what you've been reading but no they can't unless you have a router with no firewall on it or you actually use the ISP provided router/firewall. I do networking for a living and rule one is you own and control your border (for a given value of own)."

Here's the problem. YOU'RE within the ISP's borders. And since the ISP knows which external IP they gave you, they can go from there to your router and, if the firewall wasn't there, route packets from there to your LAN. Another networking expert demonstrated it a few months ago.

Point is, it's not the NAT that guards your LAN from the outside but the firewall. And there's NOTHING stopping you from putting a firewall between your LAN and the IPv6 Internet. IOW, NAT is giving a false sense of security; attention needs to be focused on the firewall instead, which doesn't go away with IPv6.

Re: Not that awful

"BTW, who likes NAT? I can only think of one real advantage it has."

The trouble is that most users thing NAT means most of their devices are hidden from the Internet automatically: a secure-first situation. But from what I've read, this isn't totally true. The ISP (which provides your IP address/block) can actually directly connect into your LAN with a little knowledge and the proper routing tables. If the ISP can do that, anyone else (like the State) can persuade/coerce the ISP to do it on their behalf.

Until such an event makes the news and breaks the myth of NAT "invisibility", it's gonna be hard to convince people.

PS. To all those saying just extend IPv4, the problem is that IPv4 can't be extended. It's 32-bit address and 16-bit port limits are hard-coded. Because of this, devices that only grok IPv4 can ONLY address devices with IPv4 addresses: no ifs, ands, or buts. It's like trying to cram 24 eggs in a carton only built for 12; something will break along the way. So your only option is to start fresh, and if you're going to start fresh, why not try to keep the issues you're having now from cropping up in the future? Things like overly-complicated routing tables, the kind that are knocking routers to their knees...

Re: How long...

You bet your life? They'll control VPN and all the other obfuscation avenues simply by controlling encryption as a whole (say by declaring it a munition). If any an all forms of encryption are going to be controlled, even steganography is going to be a stretch, especially for anything of volume.

Re: CERN

The problem being if you have something to hide than someone else probably knows what it is you're trying to hide, meaning posting it in the clear anywhere runs the risk of traffic sniffers picking it up. "Hiding in plain sight" doesn't work well against a Panopticon.

Re: How long...

"The solution is to fix your government so that they aren't a bunch of control freaks. Merely using technological band-aids to make it hard for them will just make them angry control freaks."

Problem is, you pretty much HAVE to be a control freak to have any real interest in government; otherwise, you'll steer away from it. How do you solve this problem of the human condition?

Re: How long...

They'll just turn it into an either-or, helped along by the IoT controversy. Eventually, the Internet as it is will become an untraverseable cesspool of anarchy where any unprotected connection is quickly used to hijack and pwn you regardless of the device (everything I've said has existed at some point, some smartypants simply needs to put them all together). Pretty soon SOMEONE will propose the redo the Internet from the beginning: this time with full attestation at all points; no more anonymity.

It's the same thing with government. The human condition means any "desirable" form of government cannot survive in the really long term. In the end, it will usually degenerate because the system gets too imbalanced; people find ways to cheat and beat the system, creating resentment if not hopelessness which then drives the have-nevers to do anything to survive, resulting in either anarchy or ruthless put-downs and a police state to prevent repeats. Anything in between will just result in one of the two again: ANY freedom can be exploited to produce chaos.

Re: Soldiers unaware of the Faraday cage

Sounds better. I would've thought the vehicle wouldn't readily conduct the power from a fallen wire. See, I've been told a vehicle is actually one of the better places to hide out in an electrical storm; the air-filled rubber tires put a layer of insulation between the vehicle and the ground, reducing the risk of a direct discharge.

Re: Nut jobs

"Our infrastructure is not as robust as we would like, but in each case the people directly affected overcame the problems. And not because some pin head, pencil pushing, government administrator came up with a study identifying probable threats. As the squirrel study shows, the real problems come from diverse random events, and are not predictable. It's usually some nut job (squirrels included) acting out that causes all the havoc."

Which is why the reports notes what could happen if someone got SERIOUS about sabotaging the US. If one nutjob can bork a chunk of the US for a day or two, imagine a group with 9/11 levels of resources? Or worse, a State using it as the prelude to a Decapitation attack?

Re: re: when you REALLY need it?

"Got failover storage? Pull some cables and see what happens? Do it regularly, and check that the fail back (ie return to previous operating config) works too."

But with Murphy's Law, the device will PASS the testing, then FAIL when the actual emergency hits because the only thing that can actually duplicate the full conditions of an actual emergency is an actual emergency.

And how would you know it's working when you REALLY need it? Murphy's Law would mean the thing works EXCEPT when the power cuts out, then it suffers a fault and shuts down resulting in an impossible-to-predict Failsafe Failure.

Re: Going for a Darwin Award?

Even though lithium (being an alkali metal) reacts to water? You have to make sure your battery is Lithium-Ion or Lithium-Polymer first, as pouring water on a Lithium- primary fire is a BAD idea.

Re: Stored Energy

It's not batteries IN devices they completely ban (as long as they're hooked up, the device can regulate; also charging batteries BUILT to travel loose are OK, too). It's twofold:

First, they ban ALL lithium batteries of ANY type in cargo holds unless they're carried in special containers; due to confirmed stories of lithium batteries spontaneously combusting. This is because many cargo holds are unpressurized and unattended; ANY in-flight fire is an serious issue, a fire out of human reach is a Mayday.

Now, lithium batteries in the carry-on area, they can be more lax. Not only would many people not be able to fly without being able to take their stuff with them (don't laugh, they could be traveling to a not-spot or simply can't have confidential data out over the air, even encrypted), plus in the event of a fire, at least the offensive device can be pulled out and a fire extinguisher taken to it. They only ban loose batteries not meant to travel loose (usually with exposed contacts, a short-circuit risk).

Re: what does android updates have to do with ads

"Citation needed are you kidding me? Just look at the sales of android devices that have a track record of not getting updates. All i read is complaints on how it seems every major android vendor and carrier don't send patches."

That's simply because a game-changer exploit hasn't hit the wild yet. If you find your device can be pwned over the air with no intervention on your part, that's going to change your opinion of your phone, pretty quickly. Stuff like Stagefright seem to come frighteningly close and make you wonder if one actually can do it.

Re: Go Google !

You gotta buy the phone to get COS, which does diddly for those of us already owning a phone, which is part of the problem here.

Re: Go Google !

And the problem with that is that more apps are becoming root-aware, meaning there will soon be serious tradeoffs of functionality.

"Leave users to decide whether they want full screen or not, and never force them to accept popups or full screen views."

Everyone here's forgetting that we're not the average user. The average users doesn't want to decide. This is why they demand turnkey solutions.

Re: HTML5 can do WHAT?!

You still need a browser to Chromecast, so the problem is being deflected.

Not everyone can root their devices, plus doesn't Netflix now balk in the presence of root since this provides a recording avenue?

Most smart TVs have outdated Netflix apps that'll never be updated again.

Plus what if ALL you have is a laptop (quite possible if on the go)?

Re: The problem isn't the UI ...

But as a comedian once said, "You can't fix Stupid," and Douglas Adams once wrote on the sheer ingenuity of complete fools when it comes to "foolproof" designs. Combine the two, and you end up with scenarios like what Terry Pratchett once wrote, about the paint for the sign for the End of the World Button not having time to dry.

This is the kind of world we live in. Now how do we solve for that without Stupid taking the rest of world with him?

Re: HTML5 can do WHAT?!

And if that content is ONLY available on the web, like say Netflix programs (you DO know Netflix does their own TV shows now)?

Re: HTML5 can do WHAT?!

Until they find ways to BEAT NoScript by using proxies, inline domains, and other things that make the cruft part-and-parcel with the content. ALL content. And no, nice guys won't get a chance here. Soon as they appear, the sharks will chomp them up. It's why you can't even go to an official driver website (one of the few EXCLUSIVE sources on the Internet; if you can't trust the manufacturer, you can't trust ANYONE) without leaving holier than a wheel of Emmentaler. Faced with that, your only options are to finally bend over or to leave the Internet and go back to the real world of untraceable cold calls, billboards, and junk mail.

Re: HTML5 can do WHAT?!

Guess you don't like full-screen video-on-demand playback, then. Seems you don't like full-screen ANYTHING, which puts you in the majority that find the browser's UI elements annoying. And they OUTVOTE you.

So as they say, we just can't have nice things because the things we NEED for security reasons people DON'T WANT because it gets in the way.

Re: Code injection.

Explain why there's no way to prevent this, even with things like code segregation and code signing.

Re: Security Through Irritation

As soon as Google can find a way to reach AND patch devices for which manufacturers have effectively "cut the leash" (EOL their support, destroyed their firmware code), you've probably broken several laws (legal AND physical) along the way. Google's biggest problem is that many manufacturers simply can't be made to care: not even with threat of termination of support (they'll simply say, "Fine, have it your way" and leave everything behind). This is the motivation behind Android transitioning to a system where Google still maintains kernel control even after necessary operator cruft (necessary because they'll never agree to sell Android phones without it) is added (stated with Android M, continues with N).

Re: Second Amendment

"...against all enemies, foreign and domestic..."

Part of the US Oath of Allegiance.

Re: Doomed to failure

You also need to consider the US has a number of famous gun FACTORIES within its borders. Not to mention plans for very cheap-and-dirty homemade guns regularly make the rounds on the Internet.

Re: Second Amendment

WRONG, according to SCOTUS. A militia has no minimum so can be ONE, AND carrying a sidearm is considered being properly equipped or "regulated" according to 1790 definitions.

Re: Comming between an american and his gun

Except SCOTUS has already given them the outs they need. By 1790 definition, "regulated" can mean "equipped", so having a sidearm qualifies, and they made gun ownership an INDIVIDUAL right since a militia has no minimum (it can be a militia of ONE).

"We teach children sex safety, so why not gun safety?"

Actually, aren't sex safety classes BANNED in many schools because of an attitude of "Don't even THINK about sex"?

"That being said, more kids drown than are accidentally shot. Far more kids are killed in traffic accidents. More kids commit suicide. More kids are actually killed by someone else, sometimes by their own parents. Way more kids die from malaria."

And most would say the bulk of those deaths are tragic but pretty much hard to really prevent. Vehicle accidents are usually pure physics; not much you can do about a two-ton object hitting a kid that popped out of nowhere within ten feet. Suicides? South Korea and Japan have no guns but are much worse in suicides; they just turn to other means like self-defenestration and poison. Most malaria cases are in remote areas away from what we'd call civilization; there it's just part of a long list of causes of premature death. Malaria deaths in the first world are rare. The pool incidents are pretty much the only question marks, but how much can you safeguard against a precocious kid who figured out how you open a lock and remove a safety net?

Re: technology probably isn't the answer here

You forget the burglary situation. Murphy will inevitably strike then. Or just when you need it you mar or etch your sensor finger. Now it won't match anymore. Same for your backup fingers.

Re: been thought of

If you can do all that without batteries, purely on mechanics, the world will be impressed.

But then again, doing so will probably require breaking several scientific laws along the way.

Re: @DryBones... Doomed to failure

Yes, a properly-equipped militia of ONE, as SCOTUS has noted there is no minimum.