Posts by Charles 9

Re: I know how to fix Twitter and Facebook.

No, yo u see something like that running on Lively really boards. Posts get hung up "Pending" with no reason given and trolls just start rule dodging. Plus there are still bad but grammatically-correct things you can troll. No machine can outwit troll ingenuity.

Re: Predicted long ago

But when even the least worst option is unacceptable, you've got a big problem.

Re: I hope nobody is paying for this "research"!

Because votes tend to be black and white. It's not like you can vote partly for one person and partly for another. It's not like you can vote partly yes and partly no to a strict yes/no question. How can you project a continuum when the situation demands a concrete answer?

Re: And they expected what? from postcard sized posts

Transmetropolitan's opening issue shows a way to troll such a minimum: a book consisting of nothing but the F-word repeated 8,000 times.

Re: There's another issue

Well, imagine pirates trying to hijack such a vessel, only to learn there's no way to manually control it...

Re: I think it's time for a Douglas Adams' quote:

I have to wonder if a plan can exist that can account for a twin meteor strike (or one big one) that can (and according to Murphy, WILL) take out every redundancy at once with no chance of mitigation.

And some attacks are sleepers, laying low so they can get INTO backups.

Re: OMFG

You can't work that way because Murphy means you MUST assume EVERYONE is a Darwin Award candidate with Domino Effect potential. The one you ignore or are forced to overlook WILL be the one that destroys you.

As for ransomware, how do you stop it when you have a shoestring budget preventing a proper prevention strategy and the most likely zero point is over your head?

Put it this way. Try stopping the Black Death with nothing but a net.

Re: Oh FFS..

But you simply CAN'T plan for the worst since that would have to be a Game Over; no future to plan for. So a line MUST be drawn somewhere. I believe that's lesson three. No use planning for getting shot in the head, for example.

Re: Moms going to love this

No, why can't we come up with a nice Internet where we don't have to deal with things like this on an everyday basis?

Re: The whole mechanism sucks

What about foreign states? This would be an excellent tool of espionage and subversion, and criminals can be sponsored by states or working for them as a plausible deniability angle. Bet you many of the Chinese hackers running today have state backing. Plus what about larger criminal enterprises which are virtually states unto themselves in terms of the power they can pull?

Re: The whole mechanism sucks

P.S. It's always possible to beat a Web of Trust with enough shills, and States are particularly well-resourced regarding identities and shills.

Re: The whole mechanism sucks

Instead of compromising the trust authority, they'll just compromise the client instead. Social engineering and such to pull an identity theft.

"Yup. How many people would prefer to log in automatically to an admin account so that on those rare occasions where they install a program, they don't have to take the whole extra couple of seconds to type in an admin password? My longest password in current use is in the 15-20 char range covering most of the keyboard, and it takes me about 3 seconds to type.How much of my life have I wasted watching 10 minute software installs every few months because of those extra 3 seconds? I could've done so much in that time! Why, that's a whole extra 10 seconds of sitting idly on my arse every single year! So much effort to type that in...."

Ever thought many people have to do this MUCH more often? Why do you think UAC was panned so much? Does the term "click fatigue" spring to mind? What about having so many passwords you can't remember them all (and you can't use a mnemonic because you forget the mnemonic) and a manager is not an option because the computer's communal? Too many people these days are suffering from a chronic case of Information Overload and just wish the KISS principle could be applied to everything to stop the insanity. Flip a switch and be done with it, thank you! Some people even feel locks on the front door is too much work.

Re: "Caught between Scylla and Charybdis"

Eh? Sting? I'm taking this from the Odyssey.

Re: "Nice to Have"

"Too late, there's probably a patent on that."

But it's probably also expired.

How when the average user doesn't even know such a function even exists? Most people expect turnkey solutions.

Re: UPnP is a red herring in this thread @fidodogbreath

"EX1: Thingie vendor supplies a wizard to walk users through setting up a proper password, and does not make a UPnP port call until after that has been completed."

User doesn't HAVE a computer, so trying to talk them through a configuration process that may have to rely on an underpowered, non-spec portable device is just asking for hell desk trouble.

"EX2: Thingie comes pre-loaded with a randomly-generated ID and password that's printed on the device. If the user doesn't change them, well, at least they're not admin and password."

People lose the sticker. More hell desk trouble.

Re: NoScript and AdBlock+

"If an ordinary site is unusable with Noscript or AdBlock+ then I remove it from the sites that I visit."

And if it's the ONE AND ONLY source of something you need? Like your device company's website and the ONLY source for official drivers (it's hard to trust anyone else now since they can inject their copies)?

Re: RE: malware capable of --

"1. Require the attackers to do a lot of time-consuming development on hypervisor attacks, Linux vulnerabilities, and low-level hardware coding,

2. Result in access to a few tens of thousands of PCs worldwide."

1. Only need to do it ONCE. Then anyone else can copycat. Perhaps state-level hackware can be copied.

2. High-value targets. If they're behind this much lock and key, they're likely to have secrets.

Re: Non-issue.

"It does helps it's mainly moped I'll agree and generally they tend to drive pretty slowly for the most part so dodging traffic is not to bad in some places but I have been hit by a kid who was texting while riding his scooter luckily he was going slow and I saw him coming so was dodging, I think the roads in Vietnam seem safer than Thailand where it can be a bit more scary in general."

I don't think the Philippines is much different. The general rule seems to be that when it comes to pedestrians, they're on their own, although some places (like Metro Manila) are so packed with cars that often they're barely moving, making it pretty easy for pedestrians and street peddlers to go their merry ways. More open areas of the cities, you need to just be aware of the traffic, though if you can take a detour to roads less traveled, that would be preferable. As for the boonies...good luck.

Which means NO ONE looks. Isn't Boston where yellow is "Go Faster" and red is "Last One"?

Re: Security First

"You might reasonably reply that the rise of market places such as eBay makes it possible for the Del-boys to sell non-conforming items. Yes it will; it also makes it possible for other safety regulation to be by-passed. It's another thing for legislation to catch up with. It's not an entirely separate issue but it's one which will get tackled in due course."

No, because the gray market by definition goes AROUND regulation, any and all. You ADD regulations, they just go AROUND them, usually by a direct shipment which is easy to do with something this small, unlike larger things like cars. Do they really, REALLY inspect every single little parcel at EVERY port of entry? It's a lot like the drug wars. If people want them badly enough, they'll find ways to get it in spite of God, Man, or the Devil. You have to either fix the source or fix the destination. Sovereignty prevents you fixing the source and stupidity prevents you fixing the destination. It's times like this that you have to wonder if this is the right battle.

No, gray markets go AROUND regulations by cutting out the middlemen like customs. How can products be regulated when not even the government knows they're coming in? The only way to tackle the gray market is at the source, but the source isn't cooperating. It's like the drug wars.

Re: Solution?

You can't cache these days because the same query can return different IPs with each query. This happens to be one way to avoid hammering a server.

Re: About bloody time

"The only solution I can see is a standardised IoT h/w platform, pretty much along the lines of the PC model, where all of the software can be maintained independently of the OEM or vendor."

Which will never happen because device (and CHIP) manufacturers value their trade secrets in a highly-competitive market. Plus there are countries like China who don't care and can hide behind sovereignty.