* Posts by Charles 9

16605 publicly visible posts • joined 10 Jun 2009

It's time to delete that hunter2 password from your Microsoft account, says IT giant

Charles 9

Re: YubiKey, et al

But what if your memory is SO horrible that YOU can't recall that stuff? I have to regularly deal with people with such terrible memories that even "correcthorsebatterystaple" turns into "donkeyenginepaperclipwrong".

What solutions do you propose for those kinds of people, especially those with no one to look after them?

Charles 9

Re: What about every other site

Paul Rogers may have something to say about SQRL.

https://paulrrogers.com/2019/12/sqrls-fatal-flaws/

Also read this.

https://security.blogoverflow.com/2013/10/debunking-sqrl/

Charles 9

Re: password and oldies

"Security has to fit the users. The oldies I look after get physical address books to keep these kinds of details safe in. It means when they are then ill someone else can pick up and look after their accounts."

That also makes them vulnerable to Evil Maid attacks, which tend to happen a lot with the elderly for that very reason. Watch enough crime shows and you'll see that move turn up.

Charles 9

Re: Bonkers

And the problem with password management is people with poor memories.

Now was that "correcthorsebatterystaple" or "donkeyenginepaperclipwrong"?

Charles 9

Re: "in a safe place"

We better find one, then, before Stupid takes the rest of us with it...

UK.gov is launching an anti-Facebook encryption push. Don't think of the children: Think of the nuances and edge cases instead

Charles 9

Re: One time pads

But for one snag. OTP is consumed one-to-one with your data. It's a requirement for OTP;s strong data security (defined as the idea that a ciphertext encrypted using a OTP can literally be decoded to anything of that size or smaller). A 4K message requires at least a 4K OTP. This also makes it redundant to use one OTP to send another one: you use up the same amount of pad either way.

Charles 9

Which hints that governments act that way because that's what the voters want. Most people aren't geared for nuance and subtlety. This is the danger of applying a KISS principle to something like a government.

Charles 9

Re: One time pads

The catch with OTP is that it's very resource-intensive and logistically daunting. The pad is consumed on a one-to-one basis against your ciphertexts, so it requires a very large pad or an easy means to regularly produce a new one at both ends. This raises the risk of an adversary getting wise to the scheme and eventually coming upon it. Another problem is that it requires perfect synchronization or the message gets lost in transit. An adversary in control of public lines of communication and aware of the use of OTP might intentionally introduce slight losses of data that can throw off that synchronization.

Basically, there's a reason OTP isn't used except in the most extreme of communication circumstances. Put simply, it's a headache.

Charles 9

"Imagine the outcry if the government announced that every letter sent through Royal Mail will be opened, scanned, copied, kept, and scanned for key phrases. ? But why not? Think of the children!"

Um...didn't that actually happen during World War II?

Charles 9

Re: ban facebook

But in doing so, we allow our own undoing as those things we think are wrong or stupid turn out to actually BE wrong or stupid...and then take the rest of us with them.

So what do you do?

Patch now? Why enterprise exploits are still partying like it's 1999

Charles 9

Re: Big problem...

Yet things like high-baud USB modems (especially those with internal UARTs) still work in the same circumstances? Would love to see the specifics.

Charles 9

Re: Big problem...

Or perhaps something less esoteric, like a modern machine with a USB serial adapter and a Virtual DOS machine running on it? Now, granted this isn't possible if there is custom hardware involved (like that lathe with the custom ISA card), but it can't be all thorns, can it?

Report details how Airbus pilots saved the day when all three flight computers failed on landing

Charles 9

Re: "Seems the pilots did a good job,"

Less that than they didn't know they had to cut the point that fine. This was a specification error resulting in a common-mode fault. They all behaved the way they were supposed. The trouble was a faulty supposition.

ProtonMail deletes 'we don't log your IP' boast from website after French climate activist reportedly arrested

Charles 9

And if said lawyers reply, "They got you dead to rights..."?

And you find out similar laws are everywhere?

Charles 9

At this point, I don't think we can expect any provider anywhere to be able to keep to such a high standard. No provider is above the law, and no business is worth getting shut down over a signed, sealed, and delivered court order with the laws to back it up.

Arms not long enough to reach the plug socket? Room-wide wireless charging is on the way

Charles 9

Re: "...37 per cent efficiency..."

I don't think the concept was used more than ephemerally. Having read that whole series in the past, I know portable electronics wasn't discussed very much. A lot of the tech in Lensman was of the "bigger and better" variety.

Charles 9

Ever thought we may be hitting the limits of capacity? Seems the only way to make it last longer is to make it bigger, which is a nonstarter for today's "thin is in" clieintele. It's like trying to cram a baker's dozen in an egg carton.

NSA: We 'don't know when or even if' a quantum computer will ever be able to break today's public-key encryption

Charles 9

Re: "users will divulge their passwords in return for chocolate"

I've always protested that comic because I know people whose memory is SO bad that they could easily go, "Now was that 'correct horse battery staple' or 'donkey engine paperclip wrong'?"

What do you do for people whose memories are SO bad that there's basically nothing you can count on them to know?

Charles 9

Re: Is testing for randomness completely futile?

"Longer tests will likely restore the stream of results to something closer to 50/50 (regression to the mean), but that may take a very long time! ...and in the mean time, the stream will show characteristics which will fail some test for "randomness"."

These randomness tests know this and tend to run PDL to take advantage of regression to the mean. If statistical balance doesn't pan out after millions if not billions of runs, odds are pretty good there's something going on that's not pure randomness.

Charles 9

"Microwaving the CD's though as a destruction method is something i'm not sure about, i'd have thought that would just destroy the plastic and risk leaving the data layer alive, which could possibly be recovered by somebody sufficiently determined in a lab. I'd have thought a metal container, a can of lighter fluid and a match would have been safer. :)"

The reason microwaving a CD is considered safe as a destructive method is because CDs keep a metallic reflective layer, even on recordables (the recordable medium covers it up, the recording/rewriting laser removes/alters it to make it transparent). And you know what happens when you put metal in a microwave...

Charles 9

Re: "users will divulge their passwords in return for chocolate"

You don't really think they wouldn't verify your submissions before paying out?

* Payment conditional on verification.

Spring tears down math geek t-shirt listing because it dared to mention the trademarked word 'zeta'

Charles 9

Re: Oi - Merkins

It is when you think about in terms of civil as in "between citizens". A civil war simply means a war that takes place between citizens within a country as opposed to the more classic form of war that takes place between countries.

Charles 9

Re: "The Greek alphabet is currently protected legally"

Since Italian and Spanish (as well as French, Portuguese, and Romanian) are Romance languages (nothing lovey-dovey, simply means they're based on Latin which came from Rome), it makes sense they would say "Zeta" or the like. Isn't that also why Brits say "Zed" as well?

Charles 9

Re: "The Greek alphabet is currently protected legally"

Has to be specific enough. Too broad and you get rejected. Ask Thrifty Rental Car, who (for lack of a better description) tried to service mark (like a trademark but for service companies) the color blue:

https://scholar.google.com/scholar_case?case=15159379864415021322

Charles 9

Re: "The Greek alphabet is currently protected legally"

But then what inevitably happens when ALL of them behave the same way? Roll your own?

Charles 9

Re: "The Greek alphabet is currently protected legally"

Similarly, there are two separate and legal trademarks for the name "Cracker Barrel" in the US. One is owned by Kraft-Heinz as a brand name for a line of cheeses. The other (Cracker Barrel Old Country Store) is owned by a restaurant/store chain.

Children of China, your state-sanctioned hour of gaming begins … now!

Charles 9

Re: Freedom vs public health

Not dissing you, bit then what happens to the collateral damage? Divorcees, abandoned kids, maybe even widows and orphans left with no other support mechanism.

Charles 9

"Seriously? If that were true, why would seat-belts be needed, or speed limits, both great introductions of that period?"

Speed limits were mostly introduced during the OPEC crisis of the 70's because faster cars use more gas per mile.

Seat belts were added mostly to protect children who don't know better.

Some road design actually encourages removing control mechanisms at intersections to encourage vigilance, bearing out in places. Think of it as a lighter version of the steering wheel spike.

Charles 9

Key word "should".

But what happens when (1) the parents aren't there to handle that responsibility because they're being worked to death for "Da State", or (2) the parents abdicate that responsibility? Then what?

Florida man might just stick it to HP for injecting sneaky DRM update into his printers that rejected non-HP ink

Charles 9

Re: HP Printers are a Virus

Depends on which version of the LJ5 you're talking about. I had to ditch a couple of 5L's because they have issues with their intake rollers. I once had a 5P and managed to even augment it with an external PrintJet, but it gave up the ghost long ago (internal board failure, nothing to be done). There's nothing all that bad about their LaserJets. My current workhorse is a multifunction M1212nf, prints nice and quick and doesn't complain about third-party toner cartridges (which are quite affordable and last quite a bit). I also have a Color LaserJet that I still use on occasion; however, it seems aftermarket toner carts for them can be hit-or-miss in the quality department, plus I have to watch the power; I save it for special occasions.

Good news: Japanese boffins 3D print what looks like marbled Wagyu beef. Bad news: It's tiny and inedible

Charles 9

Re: Science Ahoy

It would be interesting to see a side-by-side comparison, given the notorious carbon costs and inefficiencies of raising a cow for its meat.

I'd be more interested in plant-based meat substitutes, and they're moving along, as I see, but they're not quite ready for the big show as of yet.

Online disinformation is an industry that needs regulation, says boffin

Charles 9

The point is, how do you stop the hopelessly stupid from taking the rest of us with them, particularly when stupid is UP TOP?

Charles 9

"You also might have to forbid the government from lying. That could be tricky."

You mean nigh-impossible. After all, how do you prevent a sovereign power from just changing the rules again? Worse, any potential overseer can itself be corrupted to follow along; it's the human condition.

Charles 9

Re: Who's going to regulate the disinformation then?

Are we sure about that? Without some kind of national balkanization, foreign sovereignty will always be able to overpower any one country's ability to control information. Sure, it's perhaps not the most enlightened of examples, but perhaps China is actually onto something.

Charles 9

Re: Who's going to regulate the disinformation then?

And what happens when most people experience the terrible consequences and just go, "This is fine..."?

Samsung: We will remotely brick smart TVs looted from our warehouse

Charles 9

Re: TV brickage? Part Deux

Ever considered attaching a remote-controllable HDMI switch to your TV?

Charles 9

And the smarter manufacturer will key the device to brick if it doesn't detect every module that's supposed to be there (chain of trust being one way). Better, declare that the device has been physically tampered, meaning any warranty on it is null and void...

Apple's bright idea for CSAM scanning could start 'persecution on a global basis' – 90+ civil rights groups

Charles 9

Re: Apple has learned a lot from China

Trademark infringement suits sounds like the most likely route. Remember, any product placement usually has to have the manufacturer's OK before it can appear.

Charles 9

Re: Naked babies

"Nothing at all. But forget about Parliament, instead think about 'the executives of your competition'..."

Parliament is the competition when you're an anarchist out to prove law is not worth it...

Charles 9

Re: Naked babies

"That's how things like this happen - the wedge goes in, and bit by bit it's driven in harder and harder, and people argue "think about the kids" until it's too late to get the wedge out when they realise what a crazy situation they've created."

What if they never realize the situation...or worse, see the burning room and simply go, "This is fine"?

Charles 9

Sometimes, the cure is worse than the disease. I can think of worse things in the world than this, after all...

Charles 9

Rejection rejected. ANYTHING you attempt to deal with the child abuse problem is going to be (a) impractical or (b) too prone to collateral damage. For cultural and perceptual reasons, if nothing else.

Charles 9

"I believe the protection of our youth should be the responsibility of the parent(s) and the community around them..."

Problem being what happens when parents and others abdicate that responsibility. There has to be some sort of fallback to avoid anarchy...

Charles 9

I found this article in the Washington Post about a parallel project and the finding that the technique is inherently dual-use, like a knife. Meaning it's nigh-impossible to prevent it being abused, especially by a sovereign power. As I've said before, I think the only reason Apple are announcing it now is because they are being pressured into including it: likely by China.

https://www.washingtonpost.com/opinions/2021/08/19/apple-csam-abuse-encryption-security-privacy-dangerous/

A man spent a year in jail on a murder charge involving disputed AI evidence. Now the case has been dropped

Charles 9

"Nobody with a backbone has addressed WHY people of colo(u)r who live in cities seem to enjoy killing each other ... "

Because the answers are likely to be (1) very ugly, (2) conditional on a population with little or no desire to correct them, and/or (3) conditions which may not be physically possible to change with a human's short attention span.

IOW, if there really is an answer, why hasn't it been implemented already?

Charles 9
Joke

Re: So basically, no matter what we're all guilty and all screwed!

Or perhaps a mouse...?

Yes, I know, old myth. But it still draws some laughs every time I watch that scene in Dumbo...

Epic lawsuit's latest claims: Google slipped tons of cash to game devs, Android makers to cement Play store dominance

Charles 9

I wish I could use an older version, but important sites I frequently visit balk when I try.

Charles 9

Even that has limits since the mobile version of Firefox curates add-ons...and it won't allow the use of one of my desktop favorites, ForgetMeNot.

Senators urge US trade watchdog to look into whether Tesla may just be over-egging its Autopilot, FSD pudding

Charles 9

Re: I am kind of surprised...

"Think of the fun that kids will have with a jar of Tippex and a black marker pen changing those 30 mph signs to 80's, or the 120 kph's to 20's!"

Why aren't they doing it already, given how easy it is to fool human drivers?

Charles 9

Re: Common sense and responsibility

Common sense isn't as common as you think.