* Posts by Charles 9

16605 publicly visible posts • joined 10 Jun 2009

China wants encryption cracked on demand because ... er, terrorism

Charles 9

Re: Clipper Chip - history repeats?

Thing is, the Chinese state, unlike the US, doesn't care. The government is itself immune from the legislation so they can use whatever robust encryption they want. It's the plebs they're trying to control, and they could care less if the citizenry's encryption gets broken. Hell, odds are they'll be the ones breaking it, thus the way the law's constructed. If someone else does it, too, it's not like it's going to end up biting them.

Charles 9

Re: ban mathematics...

From a security standpoint, even with compartmentalization you can still employ gestalt-type exploits like race conditions. These don't depend on any individual component but on how they interact as a whole (thus why I call them gestalt--something beyond the sum of the individual parts). This is something beyond the scope of the individual pieces and subtle enough that it would probably get past even a standard examination.

As for why anyone would allow this, only by mandate. Otherwise, you're talking trade secrets and Sharing Information With The Enemy. Sorry, but the OS world is too competitive to standardize at such a low level.

Charles 9

Re: Steganography is the key

Or you can mangle the stego by noting the inconsistencies (like capitalization in the middle of a word with no capital to begin—and BTW, Chinese uses a different grammar system) and automatically correcting them (same for extraneous whitespace), just as images can be distorted and its palette flattened to mangle any stego in there. Who cares if you can't detect it, as long as no one else can, either? A determined adversary like the Chinese state can probably slow any usable stego to a crawl.

Charles 9

Re: ban mathematics...

"That leaves Android and other FOSS apps that cannot be backdoored (without serious intellectual effort, not necessarily purchasable or available under torture)."

But quite possible with a very smart mole who hides the exploits in bits and pieces scattered throughout the code, each piece inextricably tied to a legitimate function so it's not only tough to spot but hard to remove without breaking something else. Even with a million pairs of eyes, it's still tough to spot a chameleon hidden in the leaves of a tree.

Charles 9

Re: Don't stand downwind

"Some people will want to build a nice thing, some other people can't, so they will tear down nice things, as that is their thing. It's a stupid thing, but there are lots of stupid people, so don't look surprised. Build a nice thing that is stupid people proof, and then we'll all be better off."

A pipe dream. Make something foolproof and the world responds with a better fool. And you can't fix stupid. IOW, we're all already in the handbasket; we're just halfway down at this point.

PS. The amount of resources needed to make a true working quantum computer pretty much precludes everyone but entities where money of at least 9 figures is no object. That pretty much leaves only states. And I'm pretty sure they're already aware of post-quantum systems and are already working on ways to beat them.

US Marines kill noisy BigDog robo-mule for blowing their cover

Charles 9

Aren't there fuel cell designs that use hydrocarbon fuel, which can be and frequently is transported?

No, drone owners – all our base are belong to US, thunders military

Charles 9

Re: Accidents happen...

You forget the possible blowout swerve, which can occur spontaneous and immediately in front of another so there's no time to react, in the middle of rush hour which causes a chain reaction. massive pileups have been triggered with less.

Charles 9

For the record, what was the company that make that meme-worthy botch of a translation? I recall it being an early Neo-Geo game (as time passed, the companies hired better translators) so the two prime candidates are SNK and Alpha Denshi (who made the bulk of early Neo-Geo games).

Charles 9

Re: The part I don't get...

That's like stealing someone else's tags that don't match your car. Sure, it can cover your tracks for a time, but if they do catch you, they take your attempt at concealment into consideration as an aggravating circumstances. Meaning, it makes it harder for you to get caught, but if they catch you anyway, expect a harder punishment.

Charles 9

Perhaps a bit of confusion here. While the FAA does not control the airspace below 500 feet of private property (that usually falls to the ground property owner unless they've sold an easement), they do have power over any aircraft, manned or unmanned, bigger than a foot or two in wingspan. That latter power attaches to the craft and not the airspace so they have regulatory authority no matter where the craft goes. That's why downing a drone larger than toy size can result in a federal felony charge.

Charles 9

Re: this one looks good - silent as well

1) Doesn't work if the drone is working on a program as it's not receiving input. Even if you jam its GPS it can maintain bearing if it has a tri-axial accelerometer.

2) It's a radio transmitter over a certain power range, meaning it falls under the purview of the FCC.

Feds widen probe into lottery IT boss who rooted game for profit

Charles 9

Re: More proof

"The odds of winning without having bought a ticket (perhaps finding the winning ticket on the ground or being left one in a will or something) are pretty similar to winning after having bought a ticket."

No, it's a world of difference. 0 in X, for any nonzero X, is always zero. 1 in X may be infinitesimally small, but it's still not zero. An infinitesimally small chance is always preferable to no chance at all.

Charles 9

Would be tough to prove. I have firsthand evidence that the pattern's tough to predict. Once saw a guy buy out the last 14 tickets of a book of 40. Not one winner. Over a third of the book. And the overall odds of these things typically hang around 1 in 4.

Charles 9

Re: What ever happened to "employees and family members may not participate"?

It's there. Only the suspect used false identities and shills to get around that rule.

Charles 9

And YOU don't get the point. Lotteries are a regulated industry because gambling can be subject to federal regulation concerning gambling. State lotteries (and by law, lotteries MUST be done by the states) therefore walk a fine line to make sure they don't get involved.

1. Lotteries don't need to game their systems to earn money. They work the same way casinos do: their games are structured so that the odds always favor them, allowing them to take a profit even with the odd winner. That's why a typical Pick 3 $1 Exact hit only pays $500 while the odds of hitting are 1 in 1,000. Plus games with big top prizes tend to have liability limits in case there's a run on the top prize.

2. If you haven't actually played the traditional lottery, you should know the numbers for these games are drawn from mechanical randomizers. Where does software fit into a mechanical (ie. hardware) randomizer? And note, for security reasons, these drawings are televised.

Charles 9

By your logic, nothing is random because lifeforms are pretty deterministic, too. Which then asks the question, "What about chaos theory?" And what about those hardware RNGs you're seeing more and more often based on physically-shown-to-be-random phenomena?

But it's kinda hard to game a mechanical randomizer that's inspected by a third party firm before each drawing and supervised during the drawing. Based on past instances of corruption, they've come up with a pretty effective system to minimize the odds using multiple machines and multiple sets of balls.

Charles 9

Re: Don't win the jackpot...

In most lotteries, the most one can claim without an ID is only a few hundred dollars (in Virginia, for example, it's $600, when a $1 Pick 3 Exact hit is $500). Beyond that, you have to go to the regional offices that mean all the paperwork and so on. Plus at $5,000 the feds get involved because gambling winnings are considered an income that requires withholding at those levels.

What I want to know is how he was able to game the game when most lotteries use mechanical randomizers which typically are inspected before each drawing.

You ain't nothing but a porn dog, prying all the time: Cyber-hound sniffs out hard drives for cops

Charles 9

Re: So...

You'd be wrong. A dog's nose is that damn sensitive. IOW, they'd be able to sniff the dope AND the candle. You can't mask odors with a dog as they can pick out the individual scents. About the only way to beat the drug dog (and it's TOUGH) is to completely seal the stuff in gas-tight material and make absolutely sure no trace of it is left to permeate out and catch the dog's nose.

Charles 9

Re: This is...

No good. A fire hot enough to burn down such a big haystack is also likely to burn or melt the needle, defeating the purpose.

Charles 9

Re: SSD?

Unless the smell is not chemically repugnant to a dog. Remember, senses of smell differ from person to person; from species to species the difference can be even greater. One man's reek may be another dog's rose.

Charles 9

Don't think it's possible. Dog noses are naturally wet, so anything that would react to a dog's nose would also react to ambient humidity.

Charles 9

Re: SSD?

You underestimate the sensitivity of a dog's nose. Unless one of those chemicals is exactly the same as the drive glue, a dog can usually sniff it out in spite of covers because it can distinguish between the different substances. As one site put it, dogs smell the way we see: we smell a forest, they smell each tree.

Charles 9

Re: So...

As busted drug mules have found out, it only takes a tiny amount of residue for a drug dog to catch onto your swag bag, even if you vacuum sealed it and everything, simply because the necessity to handle the goods before sealing it tends to cause traces to end up on the exterior where it can be sniffed. The kind of attention needed to prevent this is close to the attention to detail found in chip foundries (also a place where tiny contamination has a big impact).

Charles 9

Re: This is...

It's hard to know where to find a hard drive if it's for example hidden inside a wall cavity. There are tons of wall cavities and other nice little crevices in any house that would be indistinguishable from actual house even with people searching, so without a sniffer dog it would be like trying to find a nonferrous needle in a haystack. And they can't just tear the house apart in a search; even with a warrant, if they turn up empty, there's a risk of a suit on a Fourth Amendment claim the search was unreasonable. And last I checked, this hasn't been fully challenged yet, so there's a risk the police lose such a suit.

Charles 9

Re: SSD?

Except by now the plods are well aware of TrueCrypt/VeraCrypt hidden volumes and will just ask for the secret secret key. Plus what if someone recursed by hiding a volume file IN a volume file.

Comcast 'rolls out' 'world's first' DOCSIS 3.1 modem, pumping 1Gbps over existing cable

Charles 9

Best Buy is still around. And there's h. h. Gregg, too.

Anyway, DOCSIS cable modems are now at commodity level. You can buy them at Walmart.

Charles 9

If Cox Gigablast is any indication, then this trial will be set in one of two types of locales:

1. New developments, where the ground is torn up anyway so it's cheap to lay new fiber networks.

2. Affluent neighborhoods where the people can afford to plunk down.

Charles 9

Re: 4.0

You're in for a wait, then. DOCSIS 3.1 is only two years old and still has plenty of legroom. It's theoretical max is 10Gbps down/1Gbps up. If there is continuing progress, it will probably be at the expense of channels as physical limitations kick in. Besides, most major cablecos are at least partially fiber now and will probably be making their next major infrastructural investments in moving the last mile to fiber so as to keep up with firms like Verizon already at the FTTH stage (I have access to both Cox and Verizon FiOS; I stick with Cox right now to avoid extra box rentals).

Charles 9

World's first? Then what's the difference between this and Cox's GIgablast?

There's an epidemic of idiots who can't find power switches

Charles 9

Re: Image @ John Savard

Actually, there's no "right" way to orient a US socket, but some guides DO recommend installing it as you say, "upside down" so the ground pin is up. of course, in high-current (read: industrial) settings electrical codes usually require you use a different plug: sometimes even those plug that lock when you turn them.

Charles 9

Re: Am i stupid? or am I smart?

Excuse me, but computer plugs in the US are THREE-pin, not two, because they insist on dedicated grounding/earthing pins. As for the plug getting knocked out, that's usually a function of how old the socket is. A fresh socket usually has enough grip that you risk tearing the cord off before the plug comes out. If a socket is getting loose enough that plugs can get knocked off (which usually takes a number of years, especially if plugs aren't moved often), it's usually time to see about getting the socket replaced.

Charles 9

Re: since I am on a roll

Odds are the ceiling fan light came after the fan itself, which in turn came after the switched outlet, which BTW is in the Code so that a room can always be lit from the doorway (which can be important at night, which IIRC is also why the NEC requires any such illumination switch be within arm's reach of the doorway).

Security industry too busy improving security to do security right

Charles 9

Re: Will no one think of the terrorists^Whackers?

POS/PIN Pad Malware is being neutered with the move to Chips since the chips are supposed to produce one-time-use tokens which are useless even if stolen. Plus there are additional motivations to break SSL/TLS beyond PCI.

Charles 9

Re: Too Hard?

"Is it possible to determine, in a nondestructive fashion, which type of contactless card is which?"

A general rule of thumb is that 2nd-Generation contactless cards are also Chip cards since both use the EMV system.

Charles 9

Re: Too Hard?

Point is, they usually can't deny a chargeback in this case since you already reported the card stolen. And this also falls into the "small ticket" exception the card companies instituted because it's usually not worth it for them to pursue frauds for transactions that small. They'll either pin it on the retailers for not checking or just eat the costs to get on with business.

Charles 9

Re: square (and equivalents?)

Unless Square updates their readers to Chip readers, they'll become liabilities come next year. Furthermore, they're reliant on Apple or Android devices, the latter in particular has been shown to have lots of vulnerabilities. Plus we don't know the security reputation of guys like Square. What if they get hacked?

Charles 9

Re: Too Hard?

"Though with contactless you can have your cards cancelled and the crooks can still buy stuff because some POS terminals don't actually check in with the bank before authorising transactions. Cards don't keep your money safer, they just make it easier to track."

Only the first generation of contactless cards do that, plus if you've already cancelled the card, that trick supports your claim, meaning any dispute over the charge would fall in your favor (it would fall to somewhere else along the chain for failing to check). That's why they're being dropped (and why Google dropped its original contactless Wallet) for the second-generation contactless cards that use the EMV system (which Android Pay and Apple Pay now use as well).

Charles 9

Re: Great

Oh, PCI has teeth. Trouble is that a good chunk of their customer base are gazelles: prone to running, and teeth are no good without something to bite down on. For many of these small businesses, they have to weigh the costs of using the equipment vs. the additional customers who appreciate being able to use plastic. If the numbers don't add up, they don't fall under PCI's umbrella.

It's a lot like odious office password policy that makes passwords so hard to remember that everyone resorts to Post-It notes. You try and make things too tough and your clients defy you, leaving your overall picture weaker.

It's actually something of a hard problem in security vs. economics. What happens when the least acceptable standard is so odious to implement few are willing to put up with it?

Charles 9

Re: Too Hard?

Thing is, you have to trust iZettle, plus I'd like to know the terms and conditions in case there's an assumption of liability (for example, what if someone hacks or switches the pads). Plus, this doesn't appear to be available in America just yet.

Charles 9

Re: Too Hard?

Until customers walk away because they ONLY have plastic (yes, I've seen it happen lots of times). Many people are going increasingly cashless due to muggers and pickpockets. At least with plastic, you can call the bank and have your cards cancelled and flagged. So the mom-and-pop faces a dilemma: take plastic and you risk safety, refuse and you risk customers.

Charles 9

Re: Too Hard?

Then kiss your mom-and-pop businesses goodbye because most of the problem lies with them. They typically run on razor-thin margins which is why they're notorious for cheaping out and delaying things out of necessity, yet without them the only retailers left would be the juggernauts. So what'll it be? Slow-to-act but personal attention or the cold, emotionless juggernauts?

Big Brother is born. And we find out 15 years too late to stop him

Charles 9

Re: Keyboard-warrior outrage

"The number of Bad Guys is infinitesimally small."

But they're very much like high-yield bombs. One guy can do a lot of damage, people die, and if the government can't stop them before they slay innocents, the public will ask what good are they?

Charles 9

Re: Curious

"Indeed. Obvious solution: inject more needles."

And make sure they're nonferrous, so they can't be picked up with magnets.

Preferably, use biological materials like bone so that even technology will have a hard time distinguishing the needles from the hay.

Hollywood given two months to get real about the price of piracy

Charles 9

Re: Out on a limb here

Actually, you devalued what they DO possess by diluting the supply. That CAN be demonstrated as loss much like dumping a commodity on an open market spikes the supply and thus tanks the equilibrium price. DeBeers tried to corner the diamond market, but after diamonds outside their control entered the market, the cartel eventually crumbled.

Rarity can be a value in and of itself, and we DO see value in rarity which is why collectors exist. Put it this way. Would your $2M Bugati still be worth $2M if I developed a matter replicator and could just make copies of your car?

Charles 9

"Even in US it's not a criminal offense if you consume less than $1000 worth per month!"

Where in the United States Code does that specific exemption exist?

As for why no criminal cases in America, that's because copyright infringement is mainly a civil matter, meaning it's up to the plaintiffs to sue for damages. Infringers don't go to jail, but they run the risk of big damages, as this link notes:

http://abcnews.go.com/Business/story?id=8226751

I DO know Japan cracked down on downloaders some years back, to the extent they penetrated a P2P darknet called Perfect Dark to bust them (and the charges were specifically for downloading).

Charles 9

Re: I dunno

Well, from a business perspective, that's what works. The Old Reliable. New stuff is a crap shoot most of the time unless it's a known success story crossing over from another market (Marvel's Avengers come from comics while the likes of Harry Potter, Twilight, Fifty Shades, etc. all come from literature). Something out of the blue becoming a success is a shot in the dark, and that can irk the investors while a successful franchise can bring in several hit movies all turning nice profits (Harry Potter got up to eight, Twilight to five, and let's not start with Marvel's general success on the big screen). The viewers have spoken with their wallets. If the choice is between a complete unknown or a franchise that can draw repeat trips, the fiduciary choice is obvious.

Dry those eyes, ad blockers are unlikely to kill the internet

Charles 9

Re: Simply put...

"because that's a sure fire way to make more people decide to install an ad blocker."

And more ad-blockers are a sure-fire way for sellers to start raising ad-blocker-blockers, and they have the advantage from the technical point of view because they can detect when the ad is pulled and have ways to tell if it's being pulled by a human or a robot (by using the side channels that are requied to make the ad appear, which they'll force you to open as part of the ad-blocker-blocker). Because of the cutthroat nature of Internet sales, soon ALL of them will be doing that, so your only way to avoid them is to abandon the Internet.

Charles 9

Re: Simply put...

"However like the movie studios and distributors, most advertisers are still using antiquated thinking instead, of thinking outside the box a little and actually putting some effort into ads, that actually give good factual information about the product or service they are trying to sell and don't do stupid annoying things like pop up over the entire screen or redirect you automatically to another site, because that's a sure fire way to make more people decide to install an ad blocker."

They probably have experience on their side. Thinking outside the box doesn't fit well against the human psyche. We only have a limited scope of what gets our attention. And ad campaigns are very much like election campaigns. Historically, what works appeals to the gut, not the brain.

LifeLock didn't live up to their hype, and now they're $100m lighter

Charles 9

Re: Zoinks!

"That's just gobsmacking. How did this manage to fly?"

The FTC had the position of strength since LifeLock agreed to settle out of court. If they didn't agree, it would've gone to court, which given the evidence the FTC was presenting would only mean bad news for LifeLock: including the distinct risk of an even higher fine set by judge and/or jury.

13,000 Comcast customers complain to FCC over data caps

Charles 9

Re: Data caps are just a small problem by comparison

I think it's even worse than that. Remember that Comcast is not only the biggest cable company in the US, with exclusive (usually by way of owning the cables) access to many markets, they also own NBC, one of the "big four" broadcasters in the country, so they have tremendous business leverage with Congress. What better threat to rural Representatives that are raising a stink than to pack up and leave their constituents in the lurch, knowing that when it comes to utilities, the incumbent always has the advantage due to the high upfront costs needed just to get started, especially in very rural areas where the nearest upstream connection is some distance away.