* Posts by Charles 9

16605 publicly visible posts • joined 10 Jun 2009

Google: Our self-driving cars would be tip-top if you meatheads didn’t crash into them

Charles 9

Re: @1980s coder: @ Idiot ac: Defensive driving

"Also I will lookup a nipkov disc tomorrow, it sounds jolly interesting."

While you're at it, look up "Magic Lantern", which actually did use candles at first.

Charles 9

Re: Google Cars will NEVER cause an accident

"Google Car hurtles into orphanage, many orphans die."

Show just how something like that would happen more often than with a human driver (and I've PERSONALLY witnessed a drunk driver jump a parking bump, ricochet off a support pole, and drive INTO the front door of a C-store) and without outside help (such as being forced off by a human driver).

"Next case is Google v Tour de France Peleton."

How would a Google Car be permitted on a Tour de France course? And what about the spectators that are between an outside car and the course itself? And like I said, what's to stop a human from doing the same, only more frequently due to inattention, inebriation, or both?

Charles 9

"A good driver does do all sorts of things that an autonomous car would have difficulty doing as well."

Can you cite some specific examples of things that humans could do easily that no reasonable amount of machine sensors and training could do as well? Because I strongly suspect there's actually very little true intuition (probably the one thing machines can't replicate) in driving and that it's mostly a matter of subtle cues we're trained to recognize: cues that a well-sensored machine could be trained to notice as well.

Charles 9

Re: Cyclists

Decently well, I would think. Radar doesn't rely on metal, and to stealth a vehicle requires a combination of radar-deflecting design and radar-absorbing paint, and they'd still be of limited use in multistatic (they'd spot the dead zone against the background) or mobile (the case here, it can hit differing angles) detectors.

Charles 9

That's a thought. A computer-driven car can be programmed to assume the worst: that a car might suddenly stop in front of them, swerve into them, cut into the narrow gap you normally leave for the first instance, assume the end of a blind curve can be roadblocked, and so on. And make all the car's driving actions work under those assumptions. That way you don't need cues to be prepared for trouble: you're prepared in any event.

Charles 9

But then you read the part at the bottom about the bicycle swerving in front of the G-car, a textbook example of unexpected behavior, yet the G-car reacted correctly and AVOIDED it.

Why are all the visual special effects studios going bust?

Charles 9

"Good luck getting studios to agree to this system without every single VFX house getting on board at once though..."

Which then introduces a dilemma. With the industry that cutthroat, all it would take is ONE renegade firm to make the whole works collapse because the studios will then clamor to the renegade. Sounds to me like you could equate the VFX business problem to the Prisoner's Dilemma of game theory. Everyone's out for themselves, so they don't trust each other. Thus the best-case scenario (and perhaps the only one that sees them surviving) can't be reached. Instead, they assume one of them will turn on them, so they will turn in kind. Inevitable result: everyone gets exploited by the studios since THEY have all the money.

Charles 9

Re: "Money flows to whoever it is that has the rare thing."

But just as insiders don't always see how their actions impact outside, so too do outside regulators not always see that their regulations can have a very bad effect on the market they're trying to regulate. Consider this. Why isn't there much of an investment in more modern nuclear reactors? Part of it is capital but the main reason is the recalcitrance of nuclear regulators. Scared as they are by thoughts of Three Mile Island, Chernobyl, and Fukushima, they don't seem to realize that these are exceptions rather than norms (TMI was actually contained--no one died--Chernobyl was a result of a bad experiment combined with poor management, and Fukushima was lack of foresight combined with an unprecedented natural disaster). Have they given thought to the idea that, maybe, we learned our lesson and are now building newer, better reactors that are designed to handle things better than the ones already in existence now? Why is there such reluctance to allow even one or modern reactors in the middle of nowhere, perhaps, when we have no practical alternative to growing energy demands for the forseeable future? Renewable is too fickle and too dependent on rare materials that have to be mined, creating a catch-22 of sorts (you need energy to mine the materials you need to produce energy, etc.), and we can't continue with the status quo.

The weapons pact threatening IT security research

Charles 9

I'm saying experience is BOTH boon and bane. You're right that people with experience in the code will know about the little nooks and crannies. But what about the parts of the code they're NOT familiar with? Their perspective will be COLORED by their experience, so they may not see the hole in the code since they're trained to spot other types of exploits. Furthermore, some of the more novel exploits have employed multiple little pieces coming together in a gestalt-like manner (think return-oriented programming which relies on exploiting multiple little bits of code); unless someone is intimately familiar with ALL the pieces involved, they're likely to overlook the exploit since some of it's beyond their scope.

Charles 9

"Security research does not depend on particular abilities of the young. Unless, that is, you want smart, skilled people willing to work long hours for low wages,which incidentally brings us around to the UK MoDs effort, the joint reserve unit, who hope to do just that :)"

Thing is, older people can be hidebound: stuck in ruts. Young people aren't burdened by experience so are more likely to think outside the box, and that's where most of our novel exploits are coming from: side channel attacks and the like.

China cracks down further on VPNs as censorship intensifies

Charles 9

"A subscriber base of 1 is hardly going to show up on their radar now is it?"

I would think it would be even more of a red flag. You can't have too many customers, yes, but you also can't have too few as that would be a tipoff of it being one meant to bypass the firewall.

New US bill aims to zap patent trolls with transparency demands

Charles 9

Microsoft's typical threat strategy is to simply say they're violating some of Microsoft's patents but never saying WHICH ones. Many of the Linux firms sues are hair-shirt and can't afford to take Microsoft to court over the matter which is right now the only way to force the patents out into daylight. There's a fair chance the patents are real and they'll lose, so it's too much of a gamble. If they're exposed BEFOREHAND, however, they can conduct their own research to see if the patent's worth fighting for BEFORE soliciting legal help.

Charles 9

The actual inventor can produce a few prototypes. Since he has the patent with the intent to produce, he'd be motivated to do this. This can be taken into consideration. A troll would have to be pretty determined to put down for the costs needed to actually produce something, and the scale of the production run vs. the scale of the holder can be considered as well.

Charles 9

No, because what if the patent is the most valuable asset of a company under bankruptcy? Selling it could be the only way to emerge as a going concern rather than be liquidated (and it is in the interest of government to keep going concerns when possible--it's more stable that way). I think my idea's better. That way the patent can be sold if need be, but it's simply not enforceable unless it's actually implemented either directly or through a designee: much like that other thing the office regulates: the trademark.

Charles 9

Re: Or...

"The problem is that the USPTO is funded by patent application fees. It's in their best interest to consider and award as many patents as possible."

Aren't the application fees nonrefundable, so they get the fees pass or fail? Meaning that's not really an incentive?

Charles 9

Has anyone noticed that it's another of those cheeky acronyms: the PATENT Act?

Anyway, in general I can see this as a few good steps, but perhaps more are needed.

One should be that patent terms vary by industry to account for fast-moving industries like electronics where product cycles rarely surpass a decade. Another should be that the plaintiff should only be allowed to sue if the patent they possess is in active use by them or by a contracted designee (like a licensee). IOW, you can't just sit on a patent. To sue on it, you have to be using it yourself.

We stand on the brink of global cyber war, warns encryption guru

Charles 9

Re: us military why?

So riddle me this, Batman. How do you fight an enemy for whom Mutual Assured Destruction is an acceptable if not WINNING scenario? There are people and organizations for whom, "If I can't win, I'm taking all of you with me" is literal.

Charles 9

Re: us military why?

The US military, in spite of the stereotypes, aren't idiots. They face enemies who have never heard of things like the Geneva convention. These enemies are committed to the idea of "Might makes right," "history is written by the winners," and "the end justifies the means." IOW, the US faces enemies who believe in total war with no taboos: no rules. How does one fight an enemy who's not afraid to use ANYTHING in their arsenal (including CHEATING) to get you?

Second-hand IT alliance forms to combat 'bully' vendors

Charles 9

Re: Short-sighted

"There will always be at least one outlier though"

That soon receives "an offer it can't refuse."

Forget black helicopters, FBI flying surveillance Cessnas over US cities. Warrant? What's that?

Charles 9

Re: hmm

Washington was right. Unfortunately, he was also outvoted. Even HE got labeled a Federalist, in contrast to the Democratic-Republicans led by Thomas Jefferson. The Founding Fathers ended up taking sides because people naturally congregate if it's to their mutual benefit. Washington underestimated this basic human trait.

Charles 9

Re: Telemarketers

"With all of the snooping technology available to the FBI, who are supposed to investigate cases of RICO as part of their actual remit, they can't find the owners/operators of scam telemarketers and shut them down (with a few notable exceptions of course)."

Aren't most of them based OUTSIDE the country?

Charles 9

Re: Better yet

Multiple lenses, easy to do and recommended anyway: one IR-capable (and probably ONLY IR-seeing for night vision and laser resistance), one IR-filtering. Plus drones don't have to see to steer. They can use GPS and accelerometers to fly as well. IOW, they can fly on instruments, meaning they can effectively fly blind.

As for detecting the false signals, you can't do that without at least three antennas. Most cell phones only know the strength of a tower signal; location tends to come from other sources and a fake tower can fake that info. Put it this way, anything private enterprise can do, the government can outdo because, unlike the former, they can legally go outside the limits. They can do things the private folks can't and do it in such a way as to make them indistinguishable from real stuff.

New Firefox, Chrome SRI script whip to foil man-in-the-middle diddle

Charles 9

Re: The fact that...

And if the masquerade occurs at a major chokepoint, like the ISP, then the malware (which may be the ISP or a government entity) has a lot of traffic to exploit.

Charles 9

Re: Where are the hashes

No I'm talking a malware SSL proxy relay that's masquerading as the target site. With a fake certificate, they can pass off as the target, your browser gets the green light because it's secure, but the proxy can decrypt and alter the traffic to and from the actual target and you basically have no way to tell the difference. The corporate SSL relay is basically a legit version of the malware SSL proxy.

In any event, this malware proxy can masquerade as either the site host, the script host, or both, allowing the altering of script and signature no matter where it comes from. It's back to the classic "Who do you trust?" issue.

Charles 9

Re: Bah!

Except it's MUCH more useful than you give it credit. You'll have to explicitly show what anyone using JavaScript can use in its place or no one will switch. Period.

Charles 9

Re: Where are the hashes

Not if the MITM is ALSO a secure proxy using a masquerading certificate, which HAS occurred and IS the norm in enterprise settings.

Science teacher jammed his school kids' phones, gets week suspension

Charles 9

Re: Why not fix the root cause of the problem?

"What is a good answer is to educate people to use their phones considerately."

And in today's society, education is a pipe dream. Most people DON'T WANT to learn.

Charles 9

Re: Missing the important bit of information here...

If the article's accurate, it was that the jammer was too powerful and situated too close to a cell tower. IOW, he ended up interfering with an entire cell, resulting in dropped calls, failed connections, and so on. When an entire cell is affected, customers may start going over Verizon to the FCC. Few things get a company's attention like a possible visit from the regulators.

Charles 9

Re: Oh, however did we survive?

It was the helicopter parents that broke existing bans (due to pagers and cell phones being tied to the drug trade) after incidents like Columbine. Parents now are too anxious to trust their kids to outsiders yet have no time to school them at home.

Charles 9

Re: What?

In an emergency those LAND LINES could be OVERLOADED...or worse, CUT.

Charles 9

Re: Just give them an 'F'

What do you do with the rejects, then? You want this place to be like Japan with its terrible suicide rates?

WikiLeaks offers $100k for copies of the Trans-Pacific Partnership – big biz's secret govt pact

Charles 9

Re: Betrayal

"Why are our politicians doing nothing?"

Ever thought they're just plain IN ON IT?

Charles 9

Re: Why would anyone take the money?

And once they find out the Donator is not real, has no assets to freeze, and is outside the country?

Bethesda all out for 'Fallout 4', fallout for global productivity foretold in countdown

Charles 9

Or how about "Why fix what isn't broken?"

Charles 9

Re: and 15 minutes after release

I think it takes a GECK to do those mods. I've made stuff of the like for 3 and NV. GECK may be a bit.

Charles 9

Re: And......

Well, that's what you first see when you load Fallout 3 IIRC. Anyway, given there's an ESRB logo on it (albeit Rating Pending), they must have something they're about to submit since, under the rules, once you slap an ESRB rating on your ads, ALL ads going forward MUST sport it, and you MUST have the final rating before you go live.

OK, saw the trailer. Vault 111 will be the initial setting. And it looks like my second guess was right. If the Paul Revere statue (and retrofitted USS Constitution) is any indication, we're talking Boston here. Which means we're definitely talking the Commonwealth. Also the Brotherhood of Steel, IINM by one of the powered armor shots.

That now leaves the question on the identity of the Player. For the record, here's the list of past IDs:

1 - Vault Dweller

2 - Chosen One

3 - Lone Wanderer (NV didn't have a vault dweller, so was instead just called "Courier")

I'm still banking on "Sole Survivor".

Charles 9

Most companies are savvy enough not to switch engines unless there's a big reason to (ex. GTA4 switched engines due to Renderware being bought by a rival). Since Gamebryo fully supports HD (as it's used in the PC version) and is cross-platform (if you can code for the PS3, the PS4's pretty easy, especially if you already have the PC and Xbox One as another target), there should be little reason to switch. Plus, even if you switch engines, most of the assets (basic textures, models, etc.) can usually be converted with a lot less effort then it would've taken to make them from scratch (which had to be done for 3).

Charles 9

Fallout: New Vegas didn't take nearly so long from first news to final release, last I recall. I suspect most of the time delay for 3 was because it was the first 3D Fallout and a lot of things had to be built from scratch or changed vs. the isometric world of 1 and 2. Plus there was the need to get used to the Gamebryo engine.

Plus note, the article notes a countdown. They wouldn't put one up without something to show at zero time, wouldn't they?

Charles 9

Re: "Australia refused to give it an age-rating certificate."

It's also worth noting (and this didn't get fixed) that one early Fallout 3 quest couldn't be completed negatively in Japan (the quest's name, "Power of the Atom," should give a clue why).

IT-savvy US congressmen to Feds: End your crypto-backdoor crusade

Charles 9

Re: There's a simple way to explain it to them...

"The only way to be secure is to give no one the keys and have no backdoors."

And even that isn't proof against strategically-placed explosives...

Secure web? That'll cost you, thanks to Mozilla's HTTPS plan

Charles 9

"I have (amongst other) a simple site, mostly static content, no logins or confidential stuff. Have it hosted on the cheap, yet those cheap hosts get very expensive when the word 'SSL' drops."

And without SSL, your content can be MITM'd. If for no other reason than because it's being transmitted in the clear so can be altered mid-flight.

Charles 9

Re: If selling certificates becomes like selling domains...

Well then, we're screwed, because Trent can ALWAYS be subverted by Mallory or Gene. And without Trent, we can't trust anyone, which means we can't talk to anyone in a paranoid world. We're either going to have to take a leap of faith or shut ourselves off, including physically since one can demonstrate that first contact is the most vulnerable phase of communication and the one that's impossible to fully secure due to lack of prior information (I suspect a paradox can be applied to this but I can't recall any specifics—trying to use a Trent brings up the "Quis custodiet ipsos custodes?" problem).

Charles 9

I'm talking about the the DHCP connection your router makes to the ISP. If it's hijacked, it can be poisoned with bad DNS settings and so on.

Charles 9

Re: StartSSL is only "free"…

You may wish to consider abandoning the Internet entirely. Chrome seems to be approaching this as well but from a different angle. Plus it's Google we're talking about. And IE means submitting to Microsoft, so you're screwed everywhere you turn.

Charles 9

And without an encrypted connection, how do you stop your connection (even the DHCP exchange) from being poisoned by a man in the middle? That's the kind of world we're living in today. That's why things like SSH are in place instead of telnet and rlogin.

Charles 9
Devil

Why not? Sometimes you gotta drag people kicking and screaming. Like with vaccines.

Charles 9

Re: Another issue with https

You can fix the caching with hashing. Request the hash first then compare with the hash of your cached copy. Easy to implement for static content (dynamic content you can't cache anyway). And as for ISP caching, screw them as they can alter those copies and produce false pages AND hashes. You want something, go to the source; it's the only way to be sure.

Charles 9

Re: But ...

That won't work in a corporate setting since they typically use an HTTPS proxy, meaning they can read even your HTTPS traffic.

Windows 10 upgrade ADWARE forces its way on to Windows 7 and 8.1

Charles 9

Re: WMC removal?

"It would have been great for my kids to have the Wii play DVDs, rather than attach ANOTHER device to their TV. :("

But as the PS2 showed, using a gaming console to play movies tends to wear the drive out faster, and once it breaks, you can't play games OR movies.

PS. News to me on the Japanese Wiis. I'm pretty sure this was the exception, though, as Nintendo made the lack of movie playback very clear otherwise.

Charles 9

Re: Still confused about other matters .

"Free or paid for, it's still the same version of Win 10. The only difference being you'd have a disk with the retail version, so would presumably be easier to do fresh installs."

And if what I've read is correct, even that can be dealt with if you have a burner and a blank disc (like with Win8.1, an ISO is supposed to be obtainable).