* Posts by Charles 9

16605 publicly visible posts • joined 10 Jun 2009

Schneier warns of 'perfect storm': Tech is becoming autonomous, and security is garbage

Charles 9

Re: ahum, dumb fucks ?

"No, calling your user base dumb fucks is diagnostic of an industry that has completely lost the plot."

No, calling the user base dumb fucks is diagnostic of a target audience essentially Too Dumb To Live. As Douglas Adams once noted, complete fools can ruin in ways that no one should have to imagine. Why do we have keyboards that have the word "Any" on them? Why do we need to have warning labels like "Caution: HOT" on coffee cups? As a comedian once said, You Can't Fix Stupid, yet stupid is everywhere, outnumbering us.

US Supreme Court blocks internet's escape from state sales taxes

Charles 9

Re: Get it right!!!

But without the obligation of the business to collect it, who's going to be forthcoming enough to pay willingly? Why do you think the US chose an income tax versus a consumption tax?

Charles 9

Re: Death and Taxes

"What about the rates for a new item, not yet in anyone's database?"

Most locations in retail tend to get a lead time for new items so as to be able to know it's coming. That can provide the taxing firms a lead time as well to assess its taxability.

Charles 9

Re: Yo! Yank ... Er ....

Plus what if you're buying for someone else (as noted above, a gift)? The key element here is that, AFAIK, all shopping sites require the use of a Billing Address, and this is the determining point for taxation purposes. Amazon and the like already have to winnow this out because, even before this, they had to apply local taxes for any jurisdiction where they housed a distribution center. Now, smaller businesses may not wish to winnow through everything themselves, but as others have noted, solutions could be obtained elsewhere.

Oddly enough, when a Tesla accelerates at a barrier, someone dies: Autopilot report lands

Charles 9

Re: Non tesla driver here

That's PRECISELY the problem. We DON'T think about it. Not consciously, at least. It happens all SUBconsciously in our autonomous mind, and one of the things we've learned through machine learning is that it's bloody hard to teach intuition, because most of the time we don't know how OUR OWN intuitions work. You can't teach something you don't understand. And before you disregard the idea, consider how much conscious thought we put into walking, which we typically learn as babies when our capacity for reasoned, conscious thought was limited to begin with, yet nigh everyone from schoolchildren to adults handle the process with hardly a second thought. If you want to see just how much goes into a basic walking gait, try playing QWOP (look it up with your favorite search engine).

Charles 9

Re: When will people learn

"If it believes the driver is still not responding, it will engage hazard flashers, pull the car over and stop."

Is it just me, or am I picturing one of these going into the ditch when it tries to do this on a road with no shoulders?

Charles 9

Catch-22

What you propose, however, is a Catch-22.

Because the ONLY way to make it considered trustworthy on public roads is to TEST them. But the ONLY way to test them reliably is to use public roads. There is NO substitute.

Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug

Charles 9

I don't think you CAN rewrite it to cover all situations. Strict processes can be bombed with bad input, while loose ones can be exploited a la Confused Deputy. Neither one is desirable depending on the circumstances (which may not be the same even within the same process--and you may not even know which applies).

Charles 9

Re: Always check your inputs

Don't trust anything. Always assume the previous process is lying to you and the next process can't understand you.

Meet the Frenchman masterminding a Google-free Android

Charles 9

Re: Hmm

OK, wanna play Overwatch with the big boys? Last I checked, Battle.net still bans WINE users, Overwatch separates by platform, and the big leagues are PC-ONLY, so what options does that leave you, especially if you're a professional gamer.

Charles 9

Re: a real nerds answer

"2. If you think "turn off Magisk, reboot, do your stuff, turn Magisk on, reboot" constitutes too many steps for the average person to contend with then perhaps the problem doesn't lie with the 'million' steps but with your innumeracy and the fact that a mobile phone is too complex a device for you to master - El Reg probably isn't the right site for you (it's bit too technical)."

Don't think in terms of the Power User. Think in terms of Joe Stupid who wants a turnkey JFDI solution and have enough influence they can dictate the phone market on their own, leaving the rest of us in the dust (and in their wake to catch the flak when problems do float up). Let's face it. If you want a phone system that will last beyond a couple years, you need one Joe Stupid will adopt. We Power Users lack the market pull to make them care.

Charles 9

Re: Hmm

I mean, if a big, seriously-Windows-paranoid company like Valve can't get people (users and developers) to seriously jump away from Windows, what chance does a small ragtag team have of talking Joe Stupid into stepping away from Android and all it provides?

Charles 9

Re: No value in privacy

Even then, the theft will probably turn out to be either an inside job or revenge plot: both of which were possible before the Internet.

Charles 9

Re: They obviously don't give your details to anyone else

And as a fictional journalist once saud, "Paranoids are just people with all the facts."

Charles 9

Re: App Store

Not to mention there's no way to establish a trusted repo outside of Google's without rooting, meaning all the outside stores have to jump extra hoops.

Charles 9

Re: Banks

Not only that, having the root ability in and of itself is a security risk, kinda like drilling a hole in a bucket. No matter how much you plug it, someone can come along and rip the plug off (like a malware noticing the root and exploiting it to to below the OS layer to install stuff the OS can't detect or remove like a rogue driver). Plus there's a legal and financial incentive. Banks simply can't trust an environment that's not considered pristine: they risk liability if they do. At least if Google vouches for the OS and something happens, the lawyers can pass the buck saying it's Google's fault instead.

Charles 9

Re: Google might drop Android anyway.

Phone drivers are never going to be an openly-accessible matter, Linux or no, because those interfaces are Trade Secret Sauce to the chip manufacturers, the market is that cutthroat. That's why they've always been served as blobs.

Charles 9

Re: At its foundation, it will be forked from LineageOS

dm-verity requires submitting to Google to get an official key. That's why LineageOS is never signed, now will this without something significant.

Charles 9

When it comes to OpenStreetMap, YMMV. It's essentially a Wikimap. Depending on user input, results can be hit or miss.

Pwned with '4 lines of code': Researchers warn SCADA systems are still hopelessly insecure

Charles 9

Re: Do not put these systems online then?

No Internet connection is even needed to taint the USB stick if you have an insider, which for something like a state-sponsored infiltration can never be ruled out. Neither can SneakerNet.

PS. If they fire you, THEN they can overrule you. Safety and security take second place to just bloody getting the job done. If you can't get the job done, you no longer have a reason for existing, end of. And NO ONE's going to tell a JFDI client, "You can't get there from here"; it'd be business suicide.

Charles 9

Re: Do not put these systems online then?

But tell that to the top brass who can overrule you AND are seeking to reduce head counts (and associated labor costs, pleasing the investors) with remote management.

Stern Vint Cerf blasts techies for lackluster worldwide IPv6 adoption

Charles 9

Re: There Might Be An Alternative

Hmm, it pretty much reads like I thought it read originally. The essential idea is to use the IPv4 equivalent of a PBX router at IP endpoints. These endpoints will then be used to interpret specially-formatted IPv4 packets (they have RFC1918 addresses and a specially-encoded Option Word that IS part of the IPv4 spec) to act as extensions. Still have to wonder how these extension packets would get routed correctly, especially since most outside routers are supposed to drop packets with RFC1918 addresses. It's similar to a concept I'd thought about to introduce an extended routing packet to an IP endpoint to tell it to continue routing something internally, but I realized that implementation would not be as easy as it sounds, particularly if a single IP endpoint is simultaneously handling multiple connections.

Charles 9

Re: There Might Be An Alternative

For the record, he seems to be referring to this spec submitted to the IETF. From what I can make out, it essentially leverages the RFC1918-defined private spaces to extend the publicly-accessible space, though the document is a little hard for me to grok completely. Perhaps one can provide a slightly-less-technical version of what it's trying to do.

Charles 9

Re: But ...

"So long as you like spending money on life support, relying on third-party relay servers for everything and enjoy NAT, CGNAT and RFC1918 clashes and networks that are hard to reason about and require workarounds everywhere to deal with address space shortage, then sure, no incentive."

If YOU'RE the one in control of the relay servers (like Microsoft and Skype), then you WANT the status quo. It gives you an in to valuable demographics (one reason for the AT&T/Time Warner merger). And as long as the NATs and so don't negatively and directly affect you (which they don't if you control the relay server; the user connects to you through the NAT), then it's SEP.

Charles 9

Re: But ...

"It is slowly breaking, however."

Unless it's BROKEN, as in completely, totally, unable to access ANYTHING, there's no incentive to jump and EVERY incentive to keep going as it's right now like a game of Flinch. Blink, you lose and get gobbled up.

Keep your hands on the f*cking wheel! New Tesla update like being taught to drive by your dad

Charles 9

Re: Auto-crash-pilot

Drivers are too aggressive these days to adhere to the Three Second Rule. Even less than ONE second provides a gap of at least a car length, and the instant you leave a gap big enough to fit (by Murphy's Law), someone's WILL slip into it, removing your gap. And trying to put the Three Second Rule on the new car just invites another interloper, ad nauseum.

Charles 9

Re: Does tesla collect system records or incident information?

But that's a Catch-22. The ONLY way to test it on a real road is to put it on a real road, just like with humans. There is no substitute. Ain't nothin' like the real thing, baby.

How to stealthily poison neural network chips in the supply chain

Charles 9

Re: "...it survives typical software scans..."

I thought the ultimate sanction was nuking from orbit and starting from scratch. Replace the hardware and you'll probably replace it with a similarly-knackered chip.

UN's freedom of expression top dog slams European copyright plans

Charles 9

"However, copyright is an abomination. It doesn't work for the creator it just serves lawyers and corporations who squeeze every penny they can out of other peoples work."

If copyright is an abomination, what would you call what we had before it (aka everything was privately commissioned and usually kept out of the public eye)?

Charles 9

Re: Who benefits from the law?

Except the big guys are also more likely to fight back...fight back AND WIN, which leaves you asking which to take: a sure 10% of something or the risk of 100% of nothing?

Charles 9

So you need something with the speed of a computer and the subjectivity of a human otherwise the load gets overwhelming and people lose. Either true works get copycat teddy to death or get wrongly tagged a copies, with no way to distinguish between them.

Shatner's solar-powered Bitcoin gambit wouldn't power a deflector shield

Charles 9

Re: World leading Geothermal nation ... Iceland ?

Doesn't sound like much, really. I mean, when it got really hot in New York a few years back, they ended up needing over 13GW...by itself. And then you have places like Hawaii that are completely isolated from the rest of the world, have high energy needs (they're in the tropics, a double-whammy of heat and humidity) and little room to put a generator. Oh, and a constant risk of typhoons which makes building anything that can last there tricky.

Charles 9

The catch is that there are few locations where you can harness enough geothermal energy to generate electricity. Iceland is lucky they pretty much sit on top of a volcano.

Charles 9

"Something is wrong with this. A small grid scale power plant is about 100 MW."

Using traditional means like hydrocarbons. To produce comparable power, continuously, from renewables requires significant land allocation. For example, the Desert Sunlight solar-thermal plant in California (550MWAC) spans 3,800 acres (>15km^2).

Charles 9

Re: Too late...

"'wiped out gains' - what the HELL does _THAT_ mean???"

It means the growth in demand for power is STILL outpacing the increase in the supply of power. To use graphing terms, Q is moving faster than P. And as you should know, if the growth in demand outstrips the ability to grow the supply of it, we're going to have shortages. IOW, despite growth in the grid, there is STILL a growing risk of a shortage, and since electricity is a staple to most people AND most people's wallets aren't getting much fatter, this can raise quality of life issues...unless you're of the soulless sort who feel there are too many people and the human race should stand a cull.

Boffins offer to make speculative execution great again with Spectre-Meltdown CPU fix

Charles 9

Re: Speculative versus parallel execution

Catch is, there are some workloads for which parallelization will never be a solution. For example, there's a reason high-quality video encoding still takes place on the CPU (if not ASICs): the workload can't be run parallel very well, primarily due to its highly chained and interdependent nature. In essence, the whole process runs in a specific sequence where it's hard to jump ahead because a comparison can easily send the process down a completely different track, with no reliable way to predict which way it'll go. Similarly, many types of emulation can be both very timing-sensitive and very interdependent, meaning things have to run in lockstep to avoid side effects.

Charles 9

Re: I have a simple plan...

"2. Treble the clock speeds."

Intel called. They want their P4 NetBurst CPUs back. If you'll look back, you soon realize you can't just run everything faster. It just doesn't scale. Why do you think CPUs weren't and even today aren't specced much higher than 4GHz in clock speeds? One word: HEAT! The problems Intel had with NetBurst were the reason they had to take a step back to the P3, work smarter instead, and the end result is their current CPU line, the Core series.

"3. Make much faster memory."

There isn't much you can do about faster memory anymore without side effects. The biggest obstacles at this point are the speed of electricity combined with cycle lengths. In one nanosecond, electricity can travel, at most, about a foot. And yet you need at least some spacing due to all the heat both the CPU and the RAM inevitably kick up.

Charles 9

Re: I'd like to add that...

Where are you gonna go, then? Most of the other architectures suffer from variants of this, too, including ARM. The few that don't are basically too simple for practical applications these days.

Internet luminaries urge EU to kill off automated copyright filter proposal

Charles 9

Re: You just need a fingerprint algorithm

Cinavia is actually audible (barely). They do this intentionally so it's harder (but still not impossible) to mangle without adversely affecting the actual audio track.

Charles 9

Re: The internet luminaries could simply submit an RFC for a signature/validation protocol

What's to stop a mangler from just altering the content enough to throw off the signature? Steganographic mangling is nothing new. Not even stuff like Cinavia (which encodes in the audible range to avoid being mangled) is immune.

Charles 9

Until the miscreants start taking to stealing accounts and posting their dodgy stuff using those. That way, the plods start knocking on innocent doors while they get away scot-free, probably further protected by hostile sovereignty.

Scammers use Google Maps to skirt link-shortener crackdown

Charles 9

Re: Short URLs? Who needs em?

And I take it you had to hand-chisel every single address every time you had to change sites. To say nothing of virtual keyboards that kept misreading your touches and tiny little micro-keyboards too small for fat fingers...

Charles 9

Re: I use a different system

That's a thought at least. It could even be automated somewhat so that each public-facing page has some kind of random key to it which can then be internally spidered and symlinked in some "key" directory off the root to allow for shortened SMS-friendly URLs that still give you a good idea where you're going.

Apple will throw forensics cops off the iPhone Lightning port every hour

Charles 9

Re: 5-dollar wrench

Or if the suspect is a masochist (likes getting hit) or a wimp (faints at the sight of it, too easy to intimidate). Couple this with being a loner (no family or friends to threaten) and you have basically no way in.

Charles 9

Re: If cops had their way...

Thing is, there's no electronic equivalent of a battering ram.

Charles 9

Re: Why didn't they operate a 1 hour lock-out after five (or whatever) failed attempts?

Now repeat it over and over and you start asking, "Now was it correcthorsebatterystaple or donkeyenginepaperclipwrong?" Even with mnemonics you can get mixed up, especially if you start mixing up mnemonics.

Citation needed: Europe claims Kaspersky wares 'confirmed as malicious'

Charles 9

Re: Microsoft windows spied on your computer directly

You got proof of that? And how did the data get out, given not a lot of computers were online then?

'Moore's Revenge' is upon us and will make the world weird

Charles 9

Re: A chip in everything...

No, they always strive to make things last until just after the warranty period as well as find ways to make breakages look like tampering which gives them an excuse to refuse warranty jobs.

Charles 9

Re: Article misses a critical point

"a) Nothing is perfect, but the KISS principle has generally proved a useful way of mitigating that inconvenient fact."

But it ignores two other unfortunate facts of life: the existence of necessary complexity and the nature desire of humans for black-and-white answers in a world with infinite shades of gray. IOW, sometimes the problem at hand has no practical solution (and it's also not as easy to prove it as Turing's Halting Problem proof), yet few are willing to propose to the customer, "Sir, you can't get there from here."

"b) Suggest a better alternative default than 'do one thing and do it well'."

OK, how about "Don't Trust Anything"? The main problem with modern computing is that you can't really trust anything: not the user, not the process before you, and not even the process after you. Things CAN and DO break, and not always for obvious reasons. We're even reaching the point where a "Hello World" can break something serious. Assume that the process before you lied to you about your available resources while the one after you will probably misunderstand you. This Brave New World of computing is probably going to require a total rethink on how we approach solutions: may even force a retreat back to the days where one cannot assume much and may need to do as much as possible with as little as possible (especially with regards to external resources).

In defence of online ads: The 'net ain't free and you ain't paying

Charles 9

"...and as someone mentioned before, once a person sees how nice the web is with an adblocker, there's no going back."

Until they makes things miserable for people WITH ad blockers. Like the Mafia. Make an offer you can't refuse (You wanna play? Let us in or no dice, and our content is exclusive) and watch them come crawling back like the drug-addled losers they really are.

They can't go back without ticking off the higher-ups, so the only alternative is to Wall the Internet and see if people start going, "Stop the Internet! I want to get off!" In which case, it's just back to the billboards, product placements on TV, junk mail, and cold calls from outside jurisdictions...