Posts by Charles 9

Re: Some of the web players are getting bad

"illegally inspecting my PC"

It's not illegal. It's entirely possible to detect ad-blockers completely server-side simply by seeing if the ad videos get called up or not. If they won't let you see the video without requiring the ad be served first, that's basically your problem as they've made the ad the price of admission. It's done with their equipment so their rules apply, and it's all legal. You either bend over, hope and pray for something like a torrent (and the networks know about it and can send out fake torrents), or just go without that episode.

Re: The more the money men smell blood in the water

"It's actually illegal to probe my system for plugins. Against the law. Yet you think it is acceptable."

One, under what law?

And two, what's to stop a server from detecting a blocker by, you know, noticing you're not calling up ads? That's entirely server-side and impossible to ban without stepping on Constitutional toes.

"I'm stopping making music, I'm giving up computers and I'm disconnecting off the net."

Then why are you still here?

"On the TV Ads that show up before a video, I mute the sound and minimize the window for however long the ad runs and then I restart the video."

You just watch. Next thing you'll know they'll detect the ad is not visible and PAUSE it as long as it's covered, only restarting it when you switch back.

After that, it'll be ads for things for which there is no alternative (the market is captive), meaning the only option is to go without, which may involve Walking on the Sun...

Re: What the eye doesn't see, the heart doesn't grieve over.

"If I see an advert for product X, then when I want to but something in that product category, Product X is removed from the list of possible suppliers."

So what do you do when it's the ONLY supplier? Or when ALL the possible suppliers display ads? Do you go without?

Re: PORN-A-CHU, I CHOOSE YOU!!!

"Disturbingly, Pika-porn (poke-porn) has existed for a lot longer the current go-poke-fad."

Longer than even pony-porn IIRC. Just remember Rule 34, and Pokemon has been around for nearly 20 years.

Re: An apt comparison

But if you "Deny by default" then YOU dictate the pace of the Internet in your area, meaning it can never be faster than the pace YOU can inspect it.

Re: I wait with interest...

"then all we do is use a different encryption wrapper so that the plain text part of the handshake looks different."

They then use DPI to detect if it's genuine or not and whitewash anything that can potentially not be kosher such as text, images, sound, and videos.

Re: "if then followed by other nations with perhaps less security than ours"

Not even with a whitelist and whitewashing of unencrypted data?

Re: Reform of the Upper House

No, as long as they're in power, they can be influenced, usually under the table. It's simply part of the human condition. No matter what kind of power structure you put up, SOMEONE's going to find a way to corrupt it. Removing people from the direct influence of the people means it's easier to influence them on the sly, but making them MORE direct means the charismatic can dictate policy by appealing to the stupid.

"If they ban end to end encryption (or enforce backdooring which is the same thing as it isn't end to end encryption if it doesn't work) then they are banning the commercial use of the internet."

And you think the people in charge consider this a BAD thing? The less power the plods possess, the easier it is to control them.

Re: An apt comparison

And they can do that. That's what the whitelist does: block off the Internet except for the stuff THEY deem worthy. If they try to create extranets, there will likely be tells.

Re: An apt comparison

I doubt these pluggable transports can make tor information look perfectly like other packets. Next step is that the Chinese perform DPI of all random-looking traffic to see if they're real packets or covers. If they learn how to transcode transport packets, they can then mangle the streams to block inline stego, and so on.

Whoever controls the networks carries the advantage of the Big Brother perspective. They can whitelist and restrict the whitelist even more as they learn more.

Re: Knitting your own crypto...

Unless they just ban encryption altogether. It's actually pretty difficult to make encryption non-obvious, especially if you monitor potential side channels and whitewash them.

But then all they'll have to do is detect its probable use and demand whitewashing of plaintext and mangling of images, video, and sound to stunt stego.

Re: An ogoing problem for over 30 years

That may affect rust, but I think solid-state will have a big edge in that regard given I doubt we've hit top end on solid-state bus speeds, which in turn will cut the rebuild times and thus the margins of error.

Re: An ogoing problem for over 30 years

"...but we are going to collide with limits sooner rather than later."

What kind of hard limits do you think we'll hit given that rust capacity has managed to continue climbing in spite of scares while solid-state capacity is still growing and still has several big shifts left in the tank?

Re: Oh, JFC...

"Can't we just put the stupid package to permanent death already."

Not as long as there are very expensive pieces of kit that require Flash to operate. Since the costs are sunk and being actively amortized, they cannot be replaced. Since they already exist, they cannot be forced to be replaced by legal means (because they're currently legal, they can't be made illegal retroactively).

So IOW, SUAUI (Shut Up And Use It).

Re: unique

"1) take card from wallet

2) tap card"

You mean:

1) Take card from wallet.

2) Tap card, but pad refuses to read. Try again, doesn't work.

3) Say sod this and swipe, only to remember it's a Chip card.

4) Try to insert the Chip, but it's broken.

5) Call the whole thing off.

OR:

1) Take card from wallet.

2) Tap card, but find out the NFC reader's turned off.

Plus, consider many people don't like to carry their wallets around (for fear of identity theft) or have no way to (because their clothes have no pockets) but they still have ways to carry their phone (like on a clip).

Re: Directions

Well, the app may still be useful for people who have trouble following signs or can't read the native language or English.

Re: Clarification needed

"A QR code is a QR code is a QR code, there's nothing physically preventing you displaying somebody else's QR code..."

Except each QR Code is probably only good ONCE since it's probably salted with a One-Time Password.

"What's not clear in all this is how the system guards against fake codes. I take it there must be some dynamic element in generating the code."

Probably by way of a one-time code. The phone sends the code to the bank, the store reads the barcode and sends that information along, the bank lines it up, and gives the OK to the store.

Re: unique

"Moreover card payments are usually made over interoperable networks using common standards."

But in China, the standards don't exist, cards are easily FAKED, and they don't use Chips. Meanwhile, ANYONE who is is anyone has a phone there. So pulling out the phone is no big shakes for them as they usually have it on hand ANYWAY.

Re: Barcode Scanner on Play or FDroid

Funny, I happen to have a Symbol (Motorola) barcode scanner normally seen at POS units and so on. It seems to handle barcodes more readily than the Android Barcode Scanner. Pull the trigger, and it usually gets it in under a second as long as it has a reasonable line of sight to the target, doesn't even have to wait to focus. Plus unlike the Android scanner, it seems to comprehend light-on-dark barcodes as easily as the standard dark-on-light.

Re: It boils down to the Chinese writing...

"If their ability to pay for things depends on it, they'll know..."

Don't be so sure. Some people can't remember a PIN to save their lives, which is why they eventually fall back on cash...which means they get left out of cashless environments.

Re: Advantage of QR over NFC

"Crims can steal from NFC bank cards 40cm away without you noticing until the bill arrives."

HOW when Android Pay and Apple Pay both require you to UNLOCK your phone first? And if my phone goes off but not the store's PIN Pad, that raises a red flag right there.

Re: Forward or backward?

Never thought of it that way. We westerners have it easy when it comes to e-communication because we only have to wrestle with about 40-60 symbols at a time depending on the nature of the conversation. Phone input systems can do 40-60 symbols easily enough. Several thousand? That's going to require a different approach.

I think most of that is taken up in the US by Google Wallet, PayPal, and similar systems, all of which have been in place for a while already.

Heck, even Walmart's recently taken up the mobile payment craze using QR Codes (through their app, so it isn't a URL IINM).

Re: I liked the BBC campaign...

These QR Codes work because they can be built with error codes that allows part of the barcode to be mangled and still be readable. If you see a barcode with a logo in the middle, it's relying on the error code to recover the spot the logo covers up.

You don't have to stop them altogether. Just alter them enough so they change into one the system doesn't recognize since fingerprints are epigenetic. Alter them too much and it's like busting an error code: something else comes out instead. People who receive finger lacerations seem to experience this. Perhaps medical science can find a way that isn't so painful.

Re: Ah,

Because of errata that would've been corrected in the 64-bit chips but can cause serious trouble on the originals (think the "f0 0f" bug).

Re: For what it's worth

"Speaking as someone who has been called upon to fix friend's PCs, I sometime think it would be nice if every consumer PC sold came with external HDDs and an image back up system by default. :)"

Two problems with that approach.

One, sleeper infections exist that stay quiet for a while so as to get themselves INTO backups, meaning restoring the backup just gets you infected again (since you probably won't know which files contain the payload and a smart one will hide in multiple locations, including WITHIN legitimate programs).

Two, you overestimate the intelligence of the average computer user. Given an external hard drive, they'll probably find some way to break or usurp it. Didn't the late Terry Pratchett write once that if there was an End of the World button, the paint wouldn't even have time to dry?

Re: Impressive analysis, but infection vector not apparent

"Anyone who wants their control network to survive a determined attack. "

Then they get overridden by the board, who have to answer to the investors.

"High profile attacks like Talktalk and others have highlighted the need to do a thorough job of securing things to a wider audience given the beancounters saved them a small sum skimping on security only to find significant amounts of value wiped off shortly after the attacks."

And then the public forgets them next week, guaranteed. Meanwhile, the other investors will simply go, "Glad it wasn't me." Unless we see a board overthrow BEFORE a breach hits, I don't think the investors really care.