Posts by Charles 9

Re: Need a couple of laws?

And as for the rest, they'll just call internationally from countries not subject to FCC rules and protected by hostile sovereignty.

Re: The answer is simple

And if they're stationed in countries that have no laws on the books for such things?

Re: This is a classic example of needed regulation, because the market can't fix itself

Yeah. Right. NOTHING with any real power will remain independent for long.

Re: Need a couple of laws?

You can't implement (4) as people get legitimate calls from relatives overseas. I know I do, and their caller IDs appear on my phone. And I can't wholesale block numbers because new relatives may call me. That said, I use a script I built myself for ncid that blocks ONCE any call that hasn't called before. Since most robocallers and spammers use different numbers each time to get around blacklists, this has significantly reduced the number of calls that get past the first ring, and so far all of them have been legitimate (if it's someone who is trying to reach me personally, they'll just call again), especially as campaign season heats up.

Re: Two cores? How do you know which one is wrong?

"I've programmed systems where there are 4 copies, just to be extra sure, as it's highly unlikely that two copies will fail in exactly the same way, but if two were to fail in differing ways (with modern, ever smaller geometry memory devices or processors, a cosmic ray can run through many gates) then you still get a consensus."

So what do you do if two of them DO fail in exactly the same way...or THREE of them simultaneously fail in different ways? Either way, you end up with a tie (two-way in the former, four-way in the latter) and thus no consensus.

Re: Two cores? How do you know which one is wrong?

"You don't know which one's wrong, you just flush and reload both."

They probably figured a brief backtrack is simpler and easier to manage than say a fluke event simultaneously hitting two out of three cores in different ways resulting in a three-way lock: no possible consensus because NONE of the three agree.

Most CPUs don't use a TRNG but a PRNG. Two PRNGs starting from the same seed and running in lockstep should provide the same result at the same time. If a TRNG was needed, it would probably come from a mutual source so that both cores get the same input.

I don't know. I can't think of very much that both can't be done through a Web portal and is worth any serious time to the Average Joe. Perhaps you can elaborate.

Re: Secure Web Sharing without ads or tracking

One of these days, I want to set up an act where someone goes to the store and insists on Marlboro Lights to the exception of all else including Gold Pack, when given a Gold Pack insists they're Lights to the point of spelling the letters out on the box where they used to be ("See, LIGHTS! L-I-G-H-T-S!").

Re: Secure Web Sharing without ads or tracking

And people still call them Marlboro Lights, even those too young to legally smoke when the name was legally changed (to Gold Pack). Some ruts are just too deep.

Re: blockchain email ?

Nope, because what's happening is account hijacking. Who cares about e-mail costs when you're using someone else's account (and thus someone else's dime)? As the article notes, it's hard to guard against sufficiently-disguised impersonators.

Re: Broken

"But it is broken, has been for a long time and it needs fixing."

It ain't broken unless I can't connect to El Reg or any other ordinary website. To the average Joe, THAT'S the definition of "broken".

"ISPs with any sense ARE pushing users to IPv6 because they know that it reduces the amount of IPv4 traffic - and that means less load on the CG-NAT gateways they are going to have to use, and that means less expense installing and running them."

But if they already have the machinery, and the bandwidth is going to be used either way, why do they care given the costs are already sunk and it keeps them having access to all those IPv4-ONLY customers?

Online gaming and VoIP will just switch to using go-between servers and keep going. That's how P2P and BitTorrent gets around the CG-NAT problem as well.

Re: It’s not going to happen

"I therefore suggest the lesson here is that if you are using a VPN solution, the time has now come when you need to get vendors to demonstrate their currently shipping products capabilities to support dynamic usage of IPv4, dual stack and pure play IPv6"

Many VPN providers refuse to touch IPv6 with a ten-foot-pole at the clients' request because they feel it's too much of a security risk, particularly for those clients who are using VPNs to work around "problems" such that just ONE slip and the game's up.

Re: It’s not going to happen

"We're not there yet, but eventually there WILL be something you need IPv6 to access - and it'll be a lot easier and less hassle using real IPv6 than some bastardised workaround to fudge access from your IPv4 address."

OR businesses will just pony up for the IPv4 addresses to STAY in business. Put it this way. Everyone's in the existing marketplace, and there's no compelling reason to move to the new one as storefronts will just pony up whatever it takes to stay in the old market where all the customers are.

Plus Internet traffic has evolved to work around even CG-NAT. Push solutions mean port forwarding is less of an issue (besides, most ISPs discourage home server use), and most consumer services like Skype and online gaming have servers that can be reached even through CG-NATs because things like "servers" are too geeky for consumers to grok.

Re: @ITS Retired - Welcome to the real world, MS

It's like what you see in American politics these days. It's all "I Reject Your Reality And Substitute My Own."

Re: How about killing off HTML emails

How do you convey the Mona Lisa in only words, then?

As for shared drives, heard of them, don't trust them.

Re: Too much is getting grafted onto the existing protocol

"There's so many little pieces, with spotty support. We need a fresh start where everything is mandatory, with a new MXX record in secure/encrypted DNS (can't use it with standard DNS) that includes certificates etc. to fully handle the "prove your domain is who it claims"."

What's to stop the domains themselves from being hijacked to provide a platform? Plus what if your DNS is spotty?

"It would use a different protocol than SMTP - might be something very similar like XRECV or whatever so you don't need to rewrite from scratch, but it is important that it can't be used with old clients."

It MUST work with old clients because many have no choice in clients. It's old clients or bust.

"The mail server would have a new daemon that basically acted as a directory service to get the public key of a sender/receiver for validation/decryption. The keys would be good for a short period of time like a week/month, and automatically re-fetched when needed or regenerated when yours expired."

And if Murphy strikes on the server, as it's sure to happen? Say goodbye to the e-mail which you already received.

"Two factor authentication would be mandatory. Everyone has a smartphone now,"

Not necessarily. Many people are stuck with dumb phones, or no phone at all by design, saying if they want to be reached at work, they'll bloody be at work. Plus phones get lost or stolen.

"and hopefully people with the new clients could help evangelize the laggards into conforming."

And if they DON'T because the laggards also happen to be over their heads?

Re: How about killing off HTML emails

Ever thought there was a reason formatted e-mail was demanded? Because some things cannot be reliably sent in plain text (the whole "picture is worth a thousand words" problem)? And since attachments can't be trusted, either, that's not an option, either? So what do you propose for someone who ONLY has e-mail as a possible medium?

Re: Microsoft announces threat intelligence service?

How will this fare against an increased prevalence in hijacked accounts? Where there's an evil will, there's a way.

"Or maybe they just don't care about their students, or access to more customers and revenue."

Or may be they realize that students may not be the best customers in terms of access to money. I mean, isn't it one of the great cliches that your average college student is getting by on ramen packets? What the e-tailers want is access to the workforce: those who already have jobs. That's where all the accessible money is to be found.

The main problem is that the poles themselves are usually privately-owned, and due to anti-socialist sentiments the government usually can't intervene except in extreme circumstances, and there's usually cartel behavior going on behind the scenes to keep anyone but the chosen few from getting access to those poles.

Re: "is that if it works WITHOUT new regulations, why add them NOW"

Traffic analysis actually suggests UNregulated intersections tend to be safer because it FORCES drivers to be more vigilant. Kind of like a spike in your steering wheel.

Re: States' rights! States' rights!

I would much rather have mediocre service because everyone is using versus someone paying to hog all the bandwidth and squelch me. At least with the former there's potential for an upstart to offer better service and steal customers.

Re: @ Doctor Syntax -- Don't let the namby-pambys run the Kernel, Linus!

"One can to the right thing the wrong way. I'm not sure the ends justify the means, even in Linux kernel-land. I mean, why not simply state, "Your fix is not going into the kernel, period.", as opposed to a 15-paragraph rant with f-bombs and s-bombs and a paragraph on the back of each one to be used against them in a court of law?"

AFAIK, there's only ONE justification for going into a tirade: because they just won't take NO for an answer. And even then there's the risk of getting into a shouting match. At least with online there's no chance of it immediately escalating to fisticuffs which is what usually happens in a shouting match between two parties who each believe he/she is in the right.

Re: Security vs. convenience

Thing is, how many calls come in for bricked devices due to simple wear and tear or forgetfulness. Would also hate to think World War III could hinge on things like these...

Wasn't the problem, though, that they were SO feature-poor that programs routinely bypassed them and went straight to the metal?

Re: Proof (if it were needed)

How about a spork with a tine missing?

Re: Problem-solution dichotomy

"The quality of the buttons in the keyfobs also seems to be low. I have had two failed ones, turning them into plain old physical keys. Not bothered to replace. At this point, a new keyfob apparenly would cost about the same as the resale value of the old car..."

I haven't had my fob fail so much as get dirty. But because the CR2032 batteries in them have to be replaced periodically (you usually get advance warning of this as the fob gets increasingly finicky), they can be opened and self-serviced. Every so often, I open them up, brush off the debris, and treat the contact pads and surfaces with 91% isopropanol. The most I've done since then has been to obtain a replacement casing which was thankfully inexpensive.