* Posts by Charles 9

16605 publicly visible posts • joined 10 Jun 2009

European human rights court rules mass surveillance illegal

Charles 9

Re: Who will rid me of the ECHR?

Which, history shows, doesn't work very well because the average man has other concerns than keeping an eye on his representatives.

Charles 9

Re: Unfortunately

Unless, of course, the UK decides to LEAVE the EU...

For fsck's SAKKE: GCHQ-built phone voice encryption has massive backdoor – researcher

Charles 9

Re: They all have the same flaw...

What's to stop a man in the middle from identifying and/or mangling the stego?

Robots. Machine learnin', 3D-printin' AI robots: They'll take our jobs – Davos

Charles 9

Re: Interesting combination with existing wealth imbalance

And then they develop the robot that can maintain any other robot, including another of itself. Keep a tag team of these guys and the amount of human work needed to keep them going will become extremely small.

Charles 9

Re: Gender imbalance

Who needs history? Just look at China.

Charles 9

Re: Who owns the A.I. ?

The rich can just cater to each other, closing off the walled garden.

Hey, Intel and Micron: XPoint is phase-change memory, right? Or is it? Yes. No. Yes

Charles 9
Joke

It could be an intelligent midget goose able to use a duck call.

Spoilsport scientists unstick Spider-Man

Charles 9

Re: How would the pads work through his gloves and boots?

They may have retconned it as science marched on. I mean, we didn't understand how the gecko stuck to walls using van der Waals forces until recently.

Charles 9

Re: and yet

I think it's difficult to properly correlate size with lifespan. It basically depends on different biological factors. I mean, certain breeds of smaller birds like macaws can live for 50+ years. For an animal that can stand on your arm, that's a pretty long time. So who's to say what can live how long?

Put your private parts on display if you want to keep earning a living

Charles 9

Re: maybe? we could call it a "union" . . . or something.

Because Wednesday they'll be back under the desks...THIS time with the "one-way" screws you see in restroom stalls.

Charles 9

Re: Bah!

They won't. It costs too much, and they have to answer to the investors.

Test burn on recycled SpaceX rocket shows almost all systems are go

Charles 9

Re: A Barge is not stable enough...

But what do they say about the weather? Sure, under calm seas the barge should hold steady, but Murphy can strike, and if the barge is caught up in a sudden storm too late to scrub the mission, you got a problem, because even massive tankers get nervous around sudden storms.

Charles 9

But the clamp can have a larger margin of error AND could potentially be able to clamp the rocket beyond the unstable point, which you cannot guarantee with a passive barge rolling in unexpectedly unstable seas. Also, thrusting into the clamp can be employed as a motive force, like how lever action closes the clamps of a grab arm. Use a decent diameter cone, like how mid-air refueling boom has a margin, plus with such a rig there's a greater margin of vertical velocity error versus trying to land on a rolling deck.

Charles 9

I'm pretty sure SpaceX have done their homework on this, but perhaps someone can enlighten me on exactly why they need to recover their first stage by means of a controlled landing rather than something simpler like say some kind of flexible webbing to catch it as it falls a short distance or some kind of docking clamp system with room for error, thus reducing the odds of hard collisions.

Microsoft’s Get Windows 10 nagware shows signs of sentience

Charles 9

Re: Turn off updates - problem solved.

Except last I checked TeamViewer and Join.me are both potential avenues for malware themselves from their respective publishers. Plus what happens when the GWX stuff gets piggybacked into mandatory security patches, making it a Take It Or Leave It proposition?

Charles 9

Re: Works for me.

Don't be surprised if a mandatory security update sneaks that back in in another form.

Charles 9
Joke

Re: An idea

Guessing Microsoft, I think they'll install it anyway and send you the bill.

PS. Though I'm kidding right now, I dread to think it's not really a joke.

Charles 9

"PS. LibreOffice remains an unfinished, under-featured knockoff. Does itr have macros yet?"

It certainly does. I've used LibreOffice Basic and other languages for some time now.

Charles 9

Re: That's a nice OS you have there, Microsoft

Go ahead and try, they'll say. They'll be after your head when their WINDOWS-ONLY software won't work on it...

And BTW, the software that'll get you in trouble won't work on WINE, either...

Charles 9

Re: and the winners are...

And then they get slammed when they find out their tax software or the latest came won't run on Linux. Even most consumer software is Windows-only with no analogue on other systems. So before you jump ship, you BETTER make sure the lifeboat's fully stocked.

Charles 9

They won't try, under the risk that another update links GWX to tightly to the OS so that trying to remove GWX elements risks bricking, meaning the AV vendors can be staring down the barrel of a lawsuit.

Charles 9

Re: BULLOCKS

If Linux is all that, where are all the games? And I'm not just talking indie stuff, either. I'm talking the latest mainstream games like Fallout 4. Why aren't they on Linux or SteamOS in spite of all the pushing by Valve?

Charles 9

"Luckily Linux seems not to honour that crappery on files but removing Microsoft malware from the registry can be a problem."

There are some things even root can't remove. Like things under control of the kernel like a zombie process (something locked in something like an I/O wait state that'll never clear). That was the thing with that North Korean OS mentioned a while back. A lot of the Big Brother stuff is baked straight into the kernel, to the point that not even root can mess with it.

Confirmed: How to stop Windows 10 forcing itself onto PCs – your essential guide

Charles 9

Re: "Upgrade" will be pushed down to everyone's throats, as security patch if nothing else helps.

"So it will happen when semi-voluntary updates stop: Only way to stop it is to stop updates, as long as you still can do it."

Then you get caught between Scylla and Charybdis when a zero-day total-pwn exploit appears in drive-bys, meaning you face a dilemma: get the necessary security update and get pwned by Microsoft or go without and get pwned by the malware. And going Linux is not an option because most games require a to-the-metal Windows install (especially once DX12 hits mainstream--VMs don't work well with the cutting edge).

Charles 9

Re: Give MS feedback

Nah, they'll just start filtering the mail en masse and dumping anything resembling a rant into the incinerator. Only something that directly influences their finances or their investors will get their attention. That usually requires legal action, but Microsoft also has plenty of legal bases covered.

Council of Europe gets tough on net neutrality

Charles 9

Re: QoS...

But they ARE selling what they can actually deliver, as an "up to" only describes a maximum, not a minimum. Anyway, minimum speed is frequently beyond their control--weak links in any given communication can come from one of the myriad links along the way, meaning minimum speed is impossible to deliver. So how are you going to deal with this kind of market where the ONLY thing you can guarantee is a maximum?

Charles 9

And then there's the matter of obfuscation. How will an ISP do QoS when the bulk of traffic is encrypted and thus hard to inspect?

Debug code cracked case in hunt for mystery Silverlight zero day

Charles 9

Re: Silverlight

No chance. There are plenty of systems that REQUIRE Silverlight to run, just as there are expensive systems that REQUIRE Flash to run. Unless there's an exploit that can run their damage into 8 or 9 figures, the accountants will have no justification to switch out the expensive piece of kit.

Nvidia GPUs give smut viewed incognito a second coming

Charles 9

Re: A couple of lines of C will fix this

Unless the program is performance-sensitive and needs to hand off quickly. That's the thing with GPUs; they're built for high performance, and things like memory wipes are time-consuming. How do you reconcile the two?

Charles 9

"One can also check an executable before it becomes a process (pretty sure scanners do this) and by watching the _actions_ of a process: You want to open SMTP?"

But what if the malware waits until it becomes a process AND disguises its malware act as a legitimate act (Yes, I have to open SMTP--I'm an e-mail client!)? Then you need more sophisticated sniffing that can also work outside an encryption envelope, meaning it has to be able to see the process while running.

Charles 9

Re: I imagine NVIDIA are in the clear

"A GPU driver could use a similar scheme and (as already mentioned) certainly has the bandwidth to make it affordable."

But not the TIME. GPUs are normally built for high performance, so there are frequently zero-time context switches (a freed buffer has to immediately go to another application, with no chance to wait because, like I said, performance is demanded). Now you're in a security-vs-speed dilemma, and people why buy performance GPUs will demand the latter.

Charles 9

Re: Lotgs of hot air in this thread

"Going incognito doesn’t hide your browsing from your employer"

That copout is due to hypervisor capabilities in enterprise settings. Basically, Incognito can do squat against an agent that can snoop at all programs actively running. Basically, that scenario is like getting caught with a salacious book wide open. You can't do much against that kind of eye.

Nevertheless, Chrome should be obligated to perform due diligence when handling incognito windows. It should, as standard security procedure, retain the information for no more than is absolutely necessary to function, meaning any information it no longer needs should be immediately wiped clean to minimize administrative/hypervisor/root-class malware spying.

Charles 9

"If any program (let's restrict that to non-root UID) can see another's memory then privacy and security is gone."

Then we're essentially doomed. Anti-malware, anti-cheat, basically any defensive program worth its salt MUST be able to see into other processes to make sure they're not malicious, and if THEY have to do this to be able to function, any other program can pretend to be this, too. We've gone into a Quis custodiet ipsos custodes? situation, and there's no easy answers to that.

Charles 9

But Google created the content AND presented it on an OS with GPU compositing, meaning they KNEW their stuff would show up on the GPU's RAM. As as saying goes, "You made the mess. You clean it up." There's not much Google can do with active Incognito pages in GPU RAM since it must be in an accessible state for the GPU to put it on the screen. But once the page closes, Google should assume the memory won't be cleaned up on its own, so it should zero or otherwise blank the page before releasing it.

Charles 9

Re: I've been waiting for someone to notice this vulnerability

Then it should be an option on the free() call, unless it's a free called by the program's termination (in which case it can an automatic wipe; performance becomes less of an issue in the graceful termination phase). That way, the program can judge if the memory needs to be wiped (for example, because sensitive memory is involved--they'll want to clean it regardless and doing it this way minimizes the chances of a read by elevated code). As for abnormal termination (essentially "nuking" an app), then perhaps only then should the OS intervene and wipe the program's memory space as it's performing an intervention. Any other method should leave it the program's responsibility.

Charles 9

Re: I've been waiting for someone to notice this vulnerability

"This bug is common in graphics drivers... not familiar enough with the inner workings of OpenGL to know but I'd assume the driver could zero framebuffer and texture memory when deallocated/no longer used. Maybe this is hard or non-performant."

The problem is that memory wipes take time, and GPUs are typically built for high performance, meaning it's a trade-off. Speed frequently clashes with security, unfortunately. And in a paranoid system, one should assume their mess won't be cleaned up for them.

PS. Why should the memory be wiped on the alloc? Shouldn't it be wiped on the free instead?

Charles 9

"The O/S certainly should clear memory that has been owned by a different process. Otherwise, as has been said above, there are at least privacy issues. It absolutely has to clear memory previously owned by a process with a different UID."

But what if the program in question is a recovery tool that NEEDS to see that memory? One size can't fit all here, and the principle of DTA dictates that ultimate responsibility falls to the program that made the data (the origin point, if you will, the point of first responsibility). If you don't trust another program to see their data, it should be wiped before you release it. And before you say the OS should do this (maybe not wipe on the alloc but on the free instead), remember that bulk memory operations mean an unavoidable performance hit, and if the OS is designed for high performance, such a hit may not be desired.

Charles 9

"On a well designed OS, the apps should not even be aware that other apps are running and each app should be able to consider its own memory space private and secure. We're not quite there yet, but it's a good aspiration ;-)"

Can't. There are times when an app NEEDS to know another app or module is running. Example, what good is a web browser without an Internet connection, which means knowing the socket driver is available, which may or may not be in Userland (depends on the OS, but microkernels by design would put everything non-essential into Userland). And there are such things as "ethical" process snoopers like anti-malware and anti-cheat programs.

Charles 9

Re: been like this for years

This has been a known exploit since the earliest days of personal computing. It was quite common to quickly reboot a machine and discover troves of information left by the last program running (I used to do this quite a bit in the latter days of using my Commodore 128). I recall very few programs have the know-how to interrupt the warm boot sequence to erase their code to block this (I think Lenslok-protected games actually cared).

Charles 9

Re: Video driver clearing memory

Basic defensive SECURITY programming says Don't Trust ANYONE. That goes backwards AND forwards. In other words, don't make assumptions of inputs AND don't release anything you don't want seen since anything you release COULD be seen. So like I said, Chrome should wipe any Incognito pages before releasing their framebuffers on the assumption that they don't want the contents to be visible to anything else.

There's also the matter of the KISS principle. Assume the least work was done on your request, and do yourself the least amount to accomplish your goal since you may be subject to delays or repetition that result in small delays adding up. Why should Diablo blank their framebuffer if they're just going to immediately overwrite it anyway?

UN privacy head slams 'worse than scary' UK surveillance bill

Charles 9

Re: The more I think about all this

But plenty of poor are poor of their own doing, some sick are beyond help, some bums are too proud to accept shelter, and as a comedian said, "You can't fix stupid.". Also, as others say, "Haters gonna hate." Some people want to destroy you simply because you exist, and people today won't accept even minimal levels of personal risk. So what do you do when people are threatening to vote you out unless you stop such an enemy scenario?

13,000 Comcast customers complain to FCC over data caps

Charles 9

Re: Data caps are just a small problem by comparison

All fine and dandy. But how do you force the issue?

Boffins switch on pinchfist incandescent bulb

Charles 9

Re: TCO? @ Jonathan Richards 1

"On the other hand if "they" had ensured that there was enough clean nuclear power available ...."

There are those who would argue that emboldened term is an oxymoron.

Charles 9

Re: TCO?

" This has now been exposed, though known by anyone expert for years. You need about 20W + of CFL or LED to light the same area to same brightness as a 100W lamp."

Funny. From what you say, the packages I read on a regular basis would then be accurate, because the 100W incandescent analogue in CFL is rated 26W (over 20 as you said). The watt ratio is roughly 4:1. A 9W CFL is roughly supposed to put out as much light as a 40W incandescent, a 15W a 60W, and I think an 18W a 75W.

American cable giants go bananas after FCC slams broadband rollout

Charles 9

Re: Fsck all of them...

Have you tried threatening them with a lawyer? Given your Internet is wireless, this falls directly into the FCC's purview (since wireless bandwidth has to come from the feds first), so unless they can show where the data use comes from, you can claim they're defrauding you.

Charles 9

Re: Comcast and Co disagree

That's assuming the trenches aren't already covered up. If they are, then that's an added expense. Remember, a lot of the infrastructure in America has already been installed. This is one reason New York is so difficult to wire up (200+ years of densely-packed existing infrastructure to work around).

As for the local monopolies, that's basically a necessary evil. For these small, poor, isolated communities, it was basically take the sweetheart deal or stay in the dark, because NO company would be willing to plunk down to build out to the boonies without some assurance of RoI. If there were to be restricted by law, the numbers wouldn't add up and they wouldn't even try. Remember, wires in America are more often than not privately owned, and companies frequently reserve the ultimate option to call Leave It and declare No Deal.

Exploit kits throw Flash bash party, invite Crypt0l0cker, spam bots

Charles 9

Re: Frends don't let friends install Flash

But the few that remain become that much more difficult to deal with. What do you do when your very-expensive enterprise system requires Flash to control it? Switching it out is not an option due to the accountants, who tend to be able to trump the security team (after all, accountants can influence the IT budget).

Charles 9

Re: vulnerable

You can avoid Flash vulnerabilities by not using Flash, but many people don't have that option, requiring flash in their everyday activities. And yes, if they want to infect people badly enough and they can acquire one (this can be tough; usually it's states and other powerful agencies that hoard them), they MIGHT use a zero-day vulnerability.

As for Windows 10, that's still done by Adobe IIRC. The only company helping Adobe with Flash is Google, and only in regards to Linux and Chrome.

How hard can it be to kick terrorists off the web? Tech bosses, US govt bods thrash it out

Charles 9

Re: Free Speech is Liberty

What makes you think they didn't come from ISIS. I mean, three men with material essential to any serious farmer commited quite a bit of mayhem 20 years ago, and technology means more and more power can be obtained by an individual over time. What's to say a lone wolf couldn't wreak national-scale mayhem today and we just don't want to admit it for the sake of our sanity?

Charles 9

"Disaster ensues."

Then you're basically saying, "Damned if you do, damned if you don't". If it isn't the government screwing you, it's robber barons (think the GIlded Age). Somewhere along the line, SOMEONE will have the chutzpah AND the capability to usurp, one way or the other, and since this is basic human instinct when they see a zero-sum game (it's you or the other guy), we'll never see this go away.

Which may be why no "people-centric" government doesn't seem to last for too long in historical terms. Every one of them degenerates or collapses due to simple human nature.