* Posts by Charles 9

16605 publicly visible posts • joined 10 Jun 2009

Popular crypto app uses single-byte XOR and nowt else, hacker says

Charles 9

Re: Everything after the first 128 bytes remains untouched.

Not really because most files have internal structure that goes beyond ten bytes. Meaning it would be detected as corrupt (and to a spook, suspicious).

Charles 9

Here's a serious question. How can you get encryption right if you can't roll you own NOR can you trust anyone else to be a Man In Black behind your back?

Microsoft drops Do Not Track default from Internet Explorer

Charles 9

"What's needed is a browser add-in that will accept the adds without displaying them & even generate click-throughs without displaying the results."

Credits to Milo's it'll soon be followed by a Turing Test to make sure the click-throughs are human.

Charles 9

Re: :-P Pththththth!

And when they inevitably fight back by using ad blocker blockers?

Charles 9

What about the likes of Google who do provide actual bona fide services that have little or no viable substitutes? You're talking about a lot of potential collateral damage.

Charles 9

Re: DNT is a mirage.

They'll never be outlawed because they'll just go international, even if it means bribing some hodunk country to change its laws.

Charles 9

Re: You can't trust sites to honor do not track requests or anything alike

And then they start using ad-blocker-blockers and pay walls...

Charles 9

Re: No

And if the caller is I'D as international and vanishes the next day?

Sony nabs cloud gamers OnLive, administers swift headshot

Charles 9

Not unless the game's key component is online, which means you eater pay up or pack up.

Tennessee sues FCC: Giving cities free rein to provide their own broadband is 'unlawful'

Charles 9

Re: Bogus argument

The FCC will just counter their authority is delegated to them BY Congress through the Telecommunications Acts. Unless Tennessee can cite where it's the purview of Congress ALONE, that argument won't stand.

Silicon Valley powers: Let mass spying die in May 2015 – it's bad for privacy (and business)

Charles 9

You assume these interests can't pressure the rest of the world to cooperate regardless. A little extortion perhaps...? There's also the chance these interests are worth more than Europe and therefore out monies the competition.

My self-driving cars may lead to human driver ban, says Tesla's Musk

Charles 9

Re: No human driver? No, that won't happen

The ship and car could fall back to accelerometers which would be much tougher to fool.

As for the cargo, lock it down tighter?

Charles 9

Re: @Terry Barnes -- Not a problem solved

Alan Turing PROVED the answer is "never" for "a program that can detect infinite loops".

Charles 9

Re: Not a problem solved

OK, I'll bite.

"The lights are out at the crossroads ahead. Does your car know how to negotiate the crossroads in a safe way which gives gives priority to other drivers according to the time they arrived and prevailing traffic? Can it establish basic signals to other drivers to indicate intent. Or does it just nudge out like an asshole and hope for the best? Or does it annoy the driver by giving up? How does it know to give up? Naturally it would have to do the right thing however many lanes, rights of way, trucks, buses, bicycles, motorbikes and cars (self drive and otherwise) there were."

How do WE do it? Usually by some established rules. First, keep the headlights on so other cars can see you. Second, don't assume you can go straight through. Third, FIFO. Fourth, if two cars arrive at once, use a left-hand first rule (use right-hand in right-side driving countries). Fifth, if all cars arrive at an intersection at once, wait a random number of seconds (between 1 and 10, including fractions) to see if one car moves. If not, creep forward yourself. Eventually, all cars acknowledge who moves first and use the left-hand rule to resolve the rest.

"A man is standing in the road by the traffic lights. A police man. How does your car know to obey his signals instead of the traffic lights?"

By recognizing the person in the middle of the street using forward sensors (technology already exists). Perhaps noting the badge or makeup of his/her uniform one can identify as a traffic officer or the officer can wear special indicative gloves (fluorescent, for example) that automated cars can easily see (would not be difficult to alter uniforms to accommodate self-driving cars). A little training and the car can recognize the hand gestures in 3D and know how to respond to them.

"A man is standing in the road by the traffic lights directing traffic. This man is a loony. How does your car know NOT to obey his signals instead of the lights?"

The same way we would, by noting the loony is not in uniform or using the special gloves and so on. And if he goes as far as to doll up as an officer, well that's impersonating an officer of the law, which is (a) a crime in and of itself and (b) capable of fooling a human, too, making the exercise moot.

"A big truck ahead is stopped and a guy hops out to halt traffic each way so the truck can reverse into some entrance. How far away does your car stop from this? How does it know not to try and overtake this obstacle?"

The car should note a pedestrian in the roadway and start assessing the situation. Consider how the situation is done today with humans. Usually, the pedestrian has to convey the situation to drivers, and the best way is to indicate a roadblock, either by standing in the middle of the road or (if the road is wide) by using road cones he brought with him. A self-driving car would already be trained to be aware of pedestrians and cones in the road and recognize them as obstacles. If the car can assess all paths are blocked, it should correctly come to a stop.

"Your car encounters a stationary bus in your lane. Is the bus broken down? Is the bus stopped at a bus stop or stopped at lights? If it's stopped at a bus stop how long is it likely to be there picking up passengers? When if ever is it safe to pull into the oncoming lane to overtake this obstacle?"

The car looks around. If the road is two-way two-lane, it has no choice but to wait. If there is an overtaking lane, are pedestrians approaching it? Is it near an intersection where it would need to be aware of the signal lights anyway? Those are things it can be trained to detect. If the way is clear, divert to the overtaking lane if open and pass the bus like humans do.

"The road has a big pot hole in it. Can your car see this? Can it see it when it's filled with water? Or does it just smash straight through it?"

Quite easily thanks to more advanced radar. And it should be able to distinguish water from a solid surface (it would register a different return pattern). Either way, the car should recognize to steer around it.

"A road is closed and there is a diversion in place. Does your car follow the signs or just keep driving until it falls into a hole the council just dug?"

Make the signs machine-readable by editing highway and traffic codes. Then the cars can read the signs and know what to do.

"You're going up a country lane. 50m ahead you see an oncoming car. Does your car know it has to pull into the verge NOW because there is no verge ahead?"

The car can (a) know about the no verge through its location and/or (b) look ahead and realize there is no verge, unless your vision is blocked, in which case how would WE know there's no verge ahead if we're not familiar with the area (which is (a) for the machine)?

"Your car goes into place with terrible radio coverage, or no GPS like a tunnel, underground carpark or simply a built up area. What does it do? Dead reckoning? Revert to the driver? What?"

How does a submarine know where it's going when it's underwater and radio-blind in the middle of a featureless sea? The tried-and-tested method is to use a three-dimensional accelerometer set to get a reasonable fix of location until a new fix can be made.

Charles 9

Re: No human driver? No, that won't happen

"There is also the matter of criminal acts. An unmanned container ship or oil tanker would not pose any significant threat that a manned vessel does not pose, but would be a far easier target to hijack or steal from. The possibility of a hacked car being used to kidnap a celebrity or child is also something to bear in mind."

Wouldn't an automated ship be harder to hijack since the controls can be put in a state where no human can take control and the humans locked themselves in a safe room strong enough that attempting to break it or the control system runs the risk of damaging or stopping the ship, making the whole exercise worthless?

As for the hacked car and celebrity, this still sounds less likely than just grabbing the person off the street or being the rogue driver in a cab/limo.

Charles 9
WTF?

Re: Real world testing

"I think the point the original commentator was making is that the weather is North America can be very hard to predict. Ice and Snow can be hard for the human and could be impossible for the electronic driver."

Why would it be impossible for an electronic driver? Unless you can describe in detail situations no sensor would be able to see and where the only way one can survive intact is by instinct or even blind luck? The article notes being able to see through rain, and if snow is blinding, perhaps the prudent course a computer would take is to slow to a crawl or even stop (something humans are averse to doing).

The nightmare scenario I keep thinking about is rush hour in an overcrowded Asian city such as downtown Manila, where pedestrians and vehicles of all sorts are everywhere (including many where automation is impossible, like bicycles), road markings aren't really honored, and time is of the essence (perhaps because fuel is low).

The storage is alive? Flash lives longer than expected – report

Charles 9

Re: Spinning rust.

"The controller of a flash drive must surely know how many pages have failed and been replaced from the pool of spares. So what's going on? Are SSD controllers not being honest with their SMART statistics (for example with SMART 182, " Erase Fail count")? Or did the testers simply write until failed, without monitoring the statistics to see whether impending failure was easy to spot? Or are there whole-chip failure modes with flash storage, that make abrupt failure far more likely than with other VLSI chips such as hard disk controllers? (Well, there are 8 or 16 more VLSI chips in an SSD, so maybe 8 to 16 times the risk)."

What's happening is that it's the controller that's failing first, rendering everything else moot.

Charles 9

Perhaps it should be noted that since the most common mode of failure is "sudden catastrophic" the main point of failure is not the flash chips but the controller handling them. I guess for the low price point it would be too much to ask to install a backup or replaceable controller unit for the drive.

So noted, in SSDs the controller tends to fail before the actual media. Kind of reminds me of a story of someone looking for a used piano bench and finding out they were hard to come by because pianos tend to outlast the benches, meaning many were scrapped and replaced altogether, reducing the supply.

Broadband routers: SOHOpeless and vendors don't care

Charles 9

Re: Good Password(s) inadequate?

That's good for making ONE long, easily memorable password.

Now try making A HUNDRED long, easily-memorable passwords AND be able to recall which is which without mixing them up. Because that's the situation the average user actually faces today: not just being able to remember A password but remembering WHICH password. And because of password-stealing we're expected to use a different password for each site to mitigate this, even for supposed-low-priority targets since they can glean information from these to facilitate identity theft.

Cisco posts kit to empty houses to dodge NSA chop shops

Charles 9

What's to say the old parts aren't pwned either? Remember they've been at this kind of thing for DECADES. Backdoors all the way down...?

Charles 9

Hide a sleeper piggyback inside another chip and overrule the SD. Try again.

Is the DNS' security protocol a waste of everyone's time and money?

Charles 9

Re: Solution looking for a problem

"DNSSEC doesn't solve anything that adding a 128-bit random cookie to the DNS request and response wouldn't have solved."

Solve the problem of a rogue or hijacked server being able to see and appropriately respond to the cookie?

Frankly, the whole problem boils down to a matter of trust, which is a HARD problem in computer security. Because, let's face it, given sufficient resources, Mallory can subvert ANY trust system. Yes, even the Web of Trust, by inserting shills.

Noobs can pwn world's most popular BIOSes in two minutes

Charles 9

Re: OS Warning

A BIOS is basically a Ring -1. It can intercept any verification and return good results.

'Rowhammer' attack flips bits in memory to root Linux

Charles 9

Re: It is just an elevation

Doesn't this exploit bypass segregation, allowing full access to all memory?

Carriers want 5G to do everything, for anything, anywhere

Charles 9

Re: Lan replacement

Well, for the situation stated at the end of the comment, the answer would have to be, "Raise the desk on a pedastal (giving you space to insert a box on its floor) and connect it to the wall by a wide bump runner out the back semi-permanently affixed to the floor (tearing up a solid marble floor is a no-no given the cost of obtaining such a floor in the first place) which protects the cable but can still allow even wheelchairs to run over it. No other option would fit the aesthetic or budget constraints.

Charles 9

Re: Lan replacement

US, and most office buildings I've seen feature drop ceilings. While electrical sockets in the outer walls and floors usually have to be built in (due to being set in concrete), network connections tend to be more ephemeral and can come and go as tenants move in and move out. Guess it depends on how the office is setup. If it's mainly sets of cubicles each centered around a column, then it's easy enough to just wire up the column, but if it's more open in nature, then people within won't be as fixed to a single spot, and here properly-secured WiFi would be of benefit.

Canadian bloke refuses to hand over phone password, gets cuffed

Charles 9

Re: Nobody posted *that* XKCD yet?

Did they ever make one where it doesn't work because the man's a masochist who cries out for more?

Charles 9

Re: @Charles 9: This is a trivial 'software requirements' problem

"I should point out that almost always, customs inspection points are in the country concerned¹ so you are already subject to their laws. I found out the hard way."

Although they ARE, strictly speaking, IN the countries in question, as far as inbound people are concerned, you are in a legally-designated Port of Entry. These are subject to special rules which means you are NOT allowed certain protections under the law YET (that's covered by International Law regarding travel).

Charles 9

Re: Hummmmmmmmm

"I'd be more interested in not leaving any potentially suspicious setup on my device. If I wanted privacy I'd keep my stuff elsewhere and accessible via VPN on the net. Access or download after I get across the boarder if needed."

And if where you're going has a tight data cap?

Charles 9

The trouble with plausible deniability is that the plods won't be satisfied until they're sure they got EVERY password out of you. Which means a system with more than one potential password will call for more than one session with the rubber hoses.

Charles 9

Re: @Charles 9: This is a trivial 'software requirements' problem

Actually, because you're not technically IN the country yet, IIRC, international law applies, and that has no presumption one way or the other. The Border Patrol can simply deny you entry, so the ultimate burden of proof is on YOU because they're not REQUIRED to let you in.

Charles 9

Re: What's on a phone anyway?

If you swapped in a local SIM, a common budget tactic, the US phone company will be clueless and the foreign one unreachable. Thus the only remaining possibility is the phone itself. Or if you just use WiFi-based tech while you're there, again the phone company's clueless.

As for the breadth of power, remember they're in fear of "The One That Got Away" that then goes on to commit 9/11 Part Two.

Charles 9

Re: This is a trivial 'software requirements' problem

One good reason. Unlimited panic PINs means unlimited chances for the border patrol to use the rubber hose.

"What's the REAL password?"

"Now what's the REAL real password?"

"Now what's the REAL real real password?"

Remember, you're not technically IN the country until you pass the border patrol. And they don't run on a time limit.

Charles 9

Re: This is a trivial 'software requirements' problem

"So, i.a.w. The Art of War, we have yet another false passcode that opens up a stock collection of Granny porn (elderly ladies without clothing)."

While legal, border agents may see it as a deliberate attempt to hide something illegal. And since they're not working with a time limit, they can just slam the lid, confiscate it for further review, and send you to the silent room while they call for the old veteran to take a crack at it (since the veteran is likely an old man himself so wouldn't be so repulsed by granny porn). Well, either him or an astigmatic or far-sighted man (meaning he's wearing glasses to read things up close and can take them off when needed to make everything look like a blur).

Charles 9

What if you're up against a tight data cap? And the data's too large to grab online?

Charles 9

Re: The Law on encryption passwords in the US is well established.

"In the US, the Courts have long held that you can't be compelled to recite the combination of a combination lock as that would violate your 4th Amendment rights, and the Courts have extended that to encryption passwords."

I thought the amendment in question was the 5th. The 4th allows them to seize the safe or drive or whatever, but being compelled to state the means to unlock or decrypt the data can result in an "I plea the 5th."

PS. I looked up In re Boucher and learned the point became moot because he'd already been caught with his hand in the cookie jar, so to speak. He couldn't plea the fifth because he'd already incriminated himself prior to being compelled further.

Netflix: Look folks, it's net neutrality... HA, fooled you

Charles 9

Re: Net neutrality

They do, but they see it as discrimination.

Charles 9

Re: Blackmail?

What about taking the ISPs to court for anti-competitive practices and threatening to have any shady business they may have potentially exposed to legal eagles?

Charles 9

Re: "VOD pay ISP to exclude traffic from bandwidth cap".

If it requires small print to tell the truth, then they're telling HALF-truths, which according to some is actually lying TWICE. This is precisely the type of bait-and-switch advertising that needs to go...YESTERDAY. So what if customers can't afford what they REALLY want. At least they'll be told that up front like they're supposed to.

Charles 9

Re: "VOD pay ISP to exclude traffic from bandwidth cap".

"You don't understand how an ISP works. They do not have the capacity to deliver anything like your package speed if everyone used it all the time."

Then YOU don't understand that when the term "Truth in Advertising" is mentioned, it should be THE truth, the WHOLE truth, and NOTHING BUT the truth, so help you $DEITY. IOW, ISPs shouldn't be advertising the rates they're touting unless they can actually deliver it even under the most adverse conditions they may encounter (such as everyone asking for the same thing at the same time).

Charles 9

The problem is that this amounts to favoritism. Netflix's traffic now has priority over other sources because the latter's data gets metered. The neutrality supporters demand an all-or-nothing stance to non-discrimination. You either throttle/meter ALL the traffic equally (so every bit counts no matter where it comes from) or you throttle/meter NONE of it (making it a flat-rate plan).

In assault on American values, Lockheed blasts pickup with raygun

Charles 9

Re: corner reflector

Shhhh.

Can't tell those "know-it-alls" that optical corner reflectors are only meant to reflect reference beams that, at worst case, rate in the watts at point of impact, meaning the attack laser would be around 1,000+ times its rated capacity. Then you end up just like with the reflective coating: it melts, distorts, and becomes useless.

Charles 9

Coatings aren't likely to stop a powerful laser for long. The moment it distorts, it creates a vicious cycle. They made that determination when thinking of using a laser to stop a ballistic missile.

As for being on the move, can't computers compensate for various degrees of motion and still be able to keep a bullet-firing gun on target? Against that, a laser shooting at relativistic velocities should be cake.

‪Obama criticises China's mandatory backdoor tech import rules

Charles 9

Re: Bring back the mouse.

"Do we remember that time when we needed to giggle the mouse in a random pattern to generate entropy to then be used on encryption?"

Quite vividly since TrueCrypt and VeraCrypt STILL use the technique to help stir up their entropy pools.

Bad news: Robo-cars will make you work billions more hours. Good news: In 2040

Charles 9

Re: Job Creation

"In fact a number of businesses operate in exactly that manner and for that exact reason."

How many of them are publicly traded and have managed to convince normally-short-sighted investors to hang in for the long haul?

Charles 9

Re: You're using your car 1 hour a day

"Driverless is much safer? How do you know? Show me the statistics... oh, wait, there aren't any."

Have you tried asking Google? They've been running real road tests of their driverless cars for years. I'm sure they could provide you with stats a plenty.

Charles 9

Re: Population Growth Rate

So how do you handle a big shopping run without ample trunk/boot space?

Charles 9

Re: Take themselves for service?

Until you realize they take this into consideration. One of the things they're working on is obstacle avoidance. Even if a car can't react quickly enough to a box of nails breaking right in front of it, it can at least inform the tow truck, "Beware of road debris!" Then the tow truck can either see it coming and work around it or just drive with puncture-proof tires.

Frankly, the only ways you can perform the cascade you describe is to have a practically invisible obstacle or to be actively sabotaging the stretch of road for an extended period.

Super SSD tech: Fancy a bonkers 8TB all-flash PC?

Charles 9

The transition will be gradual because the price premium's still too high at present. Meanwhile, 3D Flash foundries are starting to go live for full-scale production and these will be using older chip tech as a base, giving them room to shrink even as they gain room to stack. Road might be a bit rocky at first, I'll grant you, but if the premium lowers itself gradually as economies of scale pick up on 3D Flash, I think desktop systems will become more primarily- or all-Flash within the scale of a decade if not sooner.

Charles 9

No argument there. I think the price premium factor is still around 10, which tends to call for specific needs to pay the premium. If it can get down to 3, better 2, then consumers will be more inclined to take the hit for a significant loading boost.