Posts by Charles 9

The same reason C doesn't do it in software: there's a price to pay, and particularly in hardware, speed trumps security. What good is a secure job if it doesn't make the deadline?

Re: ASN.1 and PADS

What about the necessary drawback of speed, especially when you get to higher network speeds with less time to get things done?

Re: C is not an applications programming language

That only works for STATIC bounds-checking, but a lot of the overruns come from DYNAMIC buffers with bounds only known at runtime (if at all, if the buffer comes from elsewhere). Only a runtime bounds-checker can detect these, and these come with performance penalties: not desirable if you have a speed demand.

Re: C is not an applications programming language

I don't think it was that persay. One thing people were clamoring for, especially in the 80s when things were a lot slower, was raw performance. Speed sold, and since C ran "close to the metal", it produced FAST code. That's the big problem with bounds-checking: it necessarily draws a performance penalty in a world where speed mattered. Even now programs are expected to do more, so speed still matters. Who cares about security if you can't make the deadline?

As for all the other languages, your only solution is to ban them, but given so much relies on them (just like with Flash), getting them out of the ecosystem is going to be a slog, especially since it's in an official spec AND there's little in the way of a substitute, especially for pages that need to be updated for current events quickly.

Re: Be careful what you wish for!

"though people should be able to install whatever they wish from elsewhere, on their OWN devices"

But the problem is that it's NOT your software, which creates the rub. The ONLY way Apple can take responsibility for everything is because they have CONTROL of everything: including the software. It's a tradeoff. It's either the walled garden or the Wild West, with nothing in between (because ANY degree of freedom eventually results in Wild West).

Re: At the risk of entering a walled garden.....

Even that is getting risky know thanks to SafetyNet. Now you'll be seeing more root-aware programs that won't run on anything less than stock. And while Nexus devices provide timely updates, they are adamantly against external storage.

Re: People plus technology

Yes, because what you described require A LOT more logistics to pull off. 9/11 basically involved some 20 nutcases and—compared to the above—chump change. This is raising hell on the cheap.

The cost to raise hell is dropping considerably, and that's a destabilizing influence on civilization as we know it because sooner or later someone will have a justification to raise as much hell as possible. But if one man can do it without a lot of external input (shivers)...

Re: Won't happen

In America, you pay for the use of the cell network, not for the call itself. Most don't charge if you call in-network. Moot point these days, anyway, thanks to generous allowances and flat-rate calling plans. Haven't paid for an individual call in at least seven years.

Re: Some points to consider.

Tell me. how can people police terrorism when the bad guys can simply use innocuous code words, like talking about a birthday party? There's no way you're going to be able to distinguish talk of a terrorist act disguised as a birthday party from talk of a real birthday party.

Re: This is why...

Many times, one or the other side has no money. That's why contingency lawyers are rampant.

Re: So for someone who still has a non-smart-phone...

TrueCrypt/VeraCrypt doesn't have to rely on a single standard algorithm. What if a banking app was like that and could use algorithms like Blowfish that aren't standard but still useful, especially when used in addition to the standard-bearers?

Re: "when your customers only have ONE factor to them?"

"Disadvantage - it is something annoying to carry with you if you really want banking on the move."

Not to mention easy to lose AND easy to get swapped for a pwned model. That's why there are plenty of people who don't even take their phones with them: they keep leaving them at home, which creates a problem. How can you use a second factor when there is no second factor available?

Re: Security risk?

"This is but one small step away from the Tesco App not running unless you have a Tesco SIM in your handset."

This is a real thing, actually. Many apps are published by cell phone providers. Number 1 requirement? They only work with their SIMs.

Re: So for someone who still has a non-smart-phone...

The App is not restricted to security measures featured in a browser beyond their control and can go above and beyond if desired.

Re: Missing the point again

Unless they can't tell the difference. Once Tor is in use, the source IP can easily be masked without a way for the banking app to know it's turned on. If the only clue you have to TOR is whether or not such a gateway is present (not whether it's on or off, only present), then it's a case of having nothing but a hammer to work with and financial regulators on your back.

Re: Taser cartridges ...

"These things have a shelf-life?"

Possibly if they use chemicals. Not all of them are shelf-stable beyond a certain point.

Re: Although Tasers were introduced as non-lethal weapons.....

"What happened to those nets that yo can fire out of a hand cannon? They pretty much stop people from doing anything."

I don't think anyone's tried it in real life on people. They're developing a version for riot control, but I don't know. They're good enough for animals, but humans can usually get enough of their act together to seek out the edge of the net and escape. Plus since they're slower, they're easier to dodge.

Re: From The Independent newspaper:

Still, it does pose a dilemma for an ambulance crew when faced with nutcase who's both lashing out and bleeding out. It's sort of a no-win scenario. Waiting for the police will likely mean he bleeds out before then, yet going in now will mean extra casualties...

Re: Although Tasers were introduced as non-lethal weapons.....

"For pepper spray you've got to get close, and I believe people have died after inhaling that as well."

There's also the matter of the target being susceptible to pain (capsaicin feels "hot" because it stimulates pain nerves on contact), but as testimonials have noted, people in a "rush" (be it adrenaline or drugs) can "defer" the sensation of pain for some time (there have been accounts of angry drunks wiping off pepper spray like it was water). So when police believe they're up against someone hopped up, I think they're advised to try something other than pepper spray or physical coercion (because drunks and druggies may not feel pain or act with the due restraint one would instinctively harbor when sober). At least tasers have a better chance of subduing someone hopped up since they act on a more physical level.

Re: >> giving the update the "Priority 1" ranking

Trouble is, controlling critical enterprise equipment, the ONLY way possible is by Flash, tends to get a Priority -1, as in "Do This Or You'll Never Work in This Town Again."

Re: ¡Ay, caramba!

There IS one excuse, a very CRITICAL one: amortization. The highly expensive piece of kit has already been bought. The costs are sunk and can never be retrieved. They're a big strain on the business, trying to obtain another so soon will literally kill it. So basically, you MUST live with it. And leaving the company may not be an option as (a) no one else is hiring or (b) they're in the same boat, saddled with expensive kit they MUST use.

Put it this way. If you're out in the middle of the shark-filled ocean and the only possession to your name apart from your clothes is a leaky raft...well, all you can do is start bailing.

Re: ¡Ay, caramba!

Yes, and often not by choice. What do you do when the one and only way to control your expensive piece of kit REQUIRES Flash?

Re: Lack of control

"A link isn't the content. You can deal with copyright content by attacking the source "

And if the source turns out to be a hostile nation that invokes sovereignty?

Re: A long as we give them money

Actually, we are. Read the El Reg article about the 60-million-year-old dinosaur bones that FAILED to turn a Creationist. And as the comedian says, You Can't Fix Stupid.

But the thing is, as the article notes, there are only two options left: the full CoA and SCOTUS. But since the original panel were basically in agreement over the base issue of authority, both attempts to appeal are likely to be returned with "Refusal to Hear," which basically shuts the door. And as noted, Congress can't be expected to act on this because they're going into Campaign Mode, and any new Congress is likely to be as deadlocked as the last one, meaning No Such Luck.

Re: Set aside disbelief…

Underwater mudslide. It happens. Then the ground gets pushed out of the water by plate tectonics, similar to how lowland fossils end up in the mountains. Or more likely the fish died there and silt simply piled on top of it over the eons.

As for the land animals, don't assume the land there was high and dry during the time they lived. It could well have been semi-aquatic (marshy or swampy).

Re: TPP and TTIP are abominations of CORPORATOCRACY

"Then consider the fact that the US Senate voted to not even allow itself to debate these treaties. That fact in and of itself is unconstitutional, killing the obligation of the Senate to advise and consent:"

A lawyer would argue no such obligation exists. If the Senate willingly chooses to abdicate responsibility, that acts as tacit consent by default. There's nothing in Article II that says the Senate MUST directly vote on every single ratification and confirmation.

Re: An open apology to the rest of the world.

"If we don't have a winner after 2 votes then one US citizen is selected at random by fair dice roll and they must serve in the role for at least 1 year while new elections are started."

Not a good idea. You could get an absolute idiot in the White House who leads us into World War III. There ARE worse things to have in the White House than a corrupt politician.