* Posts by fidodogbreath

519 posts • joined 23 Sep 2009

Page:

Internet of So Much Stuff: Don't wanna be a security id-IoT

fidodogbreath
Silver badge

Re: What's in it for me?

It's nice to be able to up the heat on a cold morning before you get out of bed.

A $50 programmable thermostat can do that quite nicely. As an added benefit, it will not track you like a dairy cow with an ear tag, or participate in DDOS attacks.

5
0
fidodogbreath
Silver badge

Re: -$$$-

If the typical consumer can't get a new IoToy to work out of the box in 60 seconds -- without reading, or even looking at pictograms -- then they will return it. Returns cost money. Hence, the market consists of shedloads of web-enabled crapware with no encryption and a hard coded admin password of 1234, that's easy for the average bear to set up.

It's hard to fix that problem with government.

2
1

Prosecute driverless car devs for software snafus, say Brit cyclists

fidodogbreath
Silver badge

True in general

After about 10 minutes of this I managed to get it working, but it doesn't need to be that hard.

That is to say, vehicle charging station interfaces have received the same attention to detail as most other tech products.

2
0

Privacy Pass protocol promises private perusing

fidodogbreath
Silver badge

Re: since their entire business model is based on continuous end-to-end user surveillance

You don't have to track people to advertise to them.

Of course not, but it has become a fetish.

Recall the old joke, "half of my advertising spend is wasted, but I don't know which half." In the early days of the web, banner ads were cheaper than dirt because no one knew if they drove actual purchase behavior. Now, Big Data holds out the promise of actually tracking an advert from impression to purchase, but only if the ad slingers can gather and correlate enough surveillance data. Anything that gets in their way will be crushed.

0
0
fidodogbreath
Silver badge

But...but...

without having to repeatedly solve internet challenge-response tests like CAPTCHAs

...then how will Google train its self-driving cars to recognize cars, road signs, and storefronts?

9
0
fidodogbreath
Silver badge

Idealism, meet business model

For example, we envisage that it could be used as an alternative method for signing into services without having to use authenticators that do not preserve privacy, such as cookies.

This is a nifty technical solution to something that content providers -- who, obviously, would have to be the ones to implement it -- do not see as a problem. Quite the opposite, really. Content is funded largely by advertisers, who view things things like Privacy Pass as an existential threat since their entire business model is based on continuous end-to-end user surveillance.

In the idealistic pre-commercial view of the web as a tool of empowerment and knowledge, Privacy Pass a great step forward. In the web that we have, though, I suspect that it will meet the same ignominious fate as Do Not Track.

11
0

Amazon mumbles into its coffee when asked: Will you give app devs people's Alexa chats?

fidodogbreath
Silver badge

Yeah,whatever

We do not share customer identifiable information to third party skills without the customer's consent.

I'm sure they "value customers' privacy," too.

0
0

Sure, Face ID is neat, but it cannot replace a good old fashioned passcode

fidodogbreath
Silver badge

Re: It's all about Purpose

The problem is that fingerprints and face-id are not only not the same as PIN, they are actually for different purposes [...] Long, random PIN/passcode, well implemented on an properly encrypted device that does not allow repeated rapid brute-forcing, is the only truly secure system if you really need secrecy.

Right. And face unlock, fingerprint unlock, etc. are optional features. If you don't enroll your face / fingerprints / whatever, then those systems are effectively disabled.

0
0
fidodogbreath
Silver badge

Re: You may be right

Or are they so sensitive that if you cut yourself shaving you can't pay for your morning coffee. Or if you are bashed up after a car accident you can't unlock the phone to call 911.

No, it doesn't mean that at all. You can always just enter your PIN or passcode. Face scanners, fingerprint readers, etc. are a convenience feature. They work in tandem with a "something you know" factor, they do not supplant or supersede it.

1
0

Christmas is coming, the goose is getting fat, look out for must-have toys that are 'easily hacked' ♪

fidodogbreath
Silver badge

♪ "It's the most hack - a - ble time of the year...." ♫

2
0

Donald Trump's tweets: Are they presidential statements or not?

fidodogbreath
Silver badge

Big P, small p

They might be Presidential, in the sense that are emitted by the holder of the office of President; but they are not presidential.

19
1

Apple succeeds in failing wearables

fidodogbreath
Silver badge

if you can only get 1 day worth of life when you've first taken it out of the box, how much life will the watch have a year or two from now?

I recently replaced the original battery in my $25 ca. 2007 Timex Iron Man.

It has alarms, timers, and a more sophisticated stop watch than any phone app I've ever tried. It is waterproof. It keeps perfect time on its always-on display, with battery life measured in years.

It has survived significant (accidental) abuse from smacking into door frames and various other immovable objects, with only minor cosmetic damage and no noticeable loss of performance.

It does not require software updates or cell service. It has had zero compatibility or pairing issues with any phone I've had, from flips to Androids to iPhones, because it does not give a shit about phones; it is a watch. And IMHO, a pretty damn smart one...

4
1

Munich council: To hell with Linux, we're going full Windows in 2020

fidodogbreath
Silver badge

Re: "When it's political, technology cannot do anything."

It's all about the pork.

Indeed. If open-source advocates want to compete for government contracts, they need to embed BribeCoin miners in all of the distros, then use the money to bribe political hacks fund campaign contributions.

2
3

Augmented reality: Like it or not, only Apple's ready for the data-vomit gush

fidodogbreath
Silver badge

Re: Pointless

With a body scan of the buyer, more if the guess work is taken out of online clothes retail.

Facebook would seem to have an advantage, then, at least for people who have uploaded their naked selfies.

Oh, but FB would never share that data with advertising partners. Right?

0
0

Sean Parker: I helped destroy humanity with Facebook

fidodogbreath
Silver badge

"The best minds of my generation are thinking about how to make people click ads," he says.

Oh, but they've grown since then. Now they also think about how to trick people into mining cryptocurrency, or how to hold people's data for ransom. The ultimate goal is to find a way to make people do all three at the same time, while also coughing up the password to their online banking account.

7
0

The NAKED truth: Why flashing us your nude pics is a good idea – by Facebook's safety boss

fidodogbreath
Silver badge

Welcome

The best solution would be if abusive scumbags could stop being so awful.

This must be your first day using the internet.

10
0

Concorde without the cacophony: NASA thinks it's cracked quiet supersonic flight

fidodogbreath
Silver badge

The only reason Concorde wasn't certified to fly over the mainland United States is because it wasn't built by an American company

WTF? Many US airlines fly planes from Airbus, Embraer, Bombardier, etc.

0
0

Alexa, please cause the cops to raid my home

fidodogbreath
Silver badge

Re: The next stage in AI:

No, the next stage is when one of them succeeds...

The first rule of robotic fight club is that robots do not talk about fight club.

11
0

Brit moron tried buying a car bomb on dark web, posted it to his address. Now he's screwed

fidodogbreath
Silver badge

Re: Um, car bomb? Yet, no "link to terrorism"? Yeah, sure.

I heard he was really offended by the VW emissions thing and that Passat had it coming.

I have felt that way about a Passat...

2
0

Stop worrying and let the machines take our jobs – report

fidodogbreath
Silver badge

Supply and demand

The global economy is based on people buying stuff. If we are all replaced by machines, leaving us with no jobs and therefore no money, the economy will collapse, thus eliminating the economic case for machines that make things. Problem solved -- at least, for those who survive the global depression.

10
0

Off-brand tablets look done, but big players are growing

fidodogbreath
Silver badge

Re: Windows or Android?

I assume that most (non-Apple) tablets are Android but this doesn't seem to be called out in the figures.

Sammy and Lenovo make both make Android and W10 tablets, so it seems likely that their figures contain a mix of the two.

1
0

How we fooled Google's AI into thinking a 3D-printed turtle was a gun: MIT bods talk to El Reg

fidodogbreath
Silver badge

Re: Typical hipsters

It had to be something like "guacamole"

No indication in the article as to whether the guac is an extra charge. Journalism is dead...

1
0

Tesla share crash amid Republican bid to kill off electric car tax break

fidodogbreath
Silver badge

Burning coal was good enough for the 19th century, so it should be good enough for us.

11
2

Oh, Google. You really are spoiling us: Docs block cockup chalks up yet another apology

fidodogbreath
Silver badge

Double negative

Rob Goldman, vice president of ads products at Facebook, recently felt obliged to deny via Twitter that Facebook does not eavesdrop on users through smartphone microphones

So, by denying that they do not eavesdrop, he confirmed that they do?

An editing glitch, no doubt; but it doesn't really matter. Since FB Messenger users blithely type in their intimate conversations, desires, thoughts, hopes and fears of their own free will, there's probably no need for the mother ship to listen in and transcribe through voice recognition.

12
1

First iPhone X fondlers struggle to admit that Face ID sort of sucks

fidodogbreath
Silver badge

Re: Apple Pay?

The large display in the smaller form factor is probably the driving factor for most people.

...the utility of which is seriously undermined by that stupid 'notch' in the top of the display, and by the onscreen machinations that are needed to compensate for the lack of a physical Home button.

0
1
fidodogbreath
Silver badge

Re: Hehe

Works perfectly well on my 950, it's a matter of getting used to where you need to hold the phone

So...you were holding it wrong?

0
0
fidodogbreath
Silver badge

Personally I don't think you should experiment with tech on a live audience.

"Paying customer" and "beta tester" have been synonymous for decades...

0
0
fidodogbreath
Silver badge

The police can compel you to unlock your phone with biometric ID but not with a PIN.

For now, anyway.

0
0
fidodogbreath
Silver badge

Innovation vs "innovation"

The last several phone generations -- both Android and iOS -- have been woefully short on actual innovation, and long on the sort that gets enclosed in quote marks.

Are we really supposed to get all tingly about a slightly smaller bezel? A half-baked biometric unlock? Onscreen vs physical buttons? Crappy "assistants" that have to upload your entire @#$% life to some cloud server, in order to surface marginally useful information that you could have easily gotten anyway?

Maybe we've hit peak smartphone. Or maybe manufacturers have stopped trying, because the margins suck (Android) or they just no longer feel the need (Apple). Whichever the case, there hasn't been a "new" phone in years; just incremental re-hashes of existing designs, at ever increasing price points.

/rant

18
0
fidodogbreath
Silver badge

Re: Does it work in the dark?

In THRY*, it (a) works in the dark (b) without blinding you, because the face reader uses infrared from an IR emitter that is built in for that purpose.

* But we all know that "theory" is a four-letter word...

8
0
fidodogbreath
Silver badge

Face ID is a solution...

...but not to the problem of unlocking a phone. I can just pick up my 6s and it's unlocked before I look at it. This can be done discreetly. Holding a device 25-50 cm directly in front of my face fails on both convenience and discretion. IMHO, anyway,

16
0

Hackers abusing digital certs smuggle malware past security scanners

fidodogbreath
Silver badge

A cert is a cert, except when it isn't

I've always thought that code signing was ripe for exploitation, unless the cert validation is limited to a very small list of accepted signing authorities. Under the current train wreck "system," a cert signed by a North Korean CA is just as "valid" as one signed by Microsoft.

OK, maybe that was a bad example; but still...

6
0

A draft US law to secure election computers that isn't braindead. Well, I'm stunned! I gotta lie down

fidodogbreath
Silver badge

Re: It seems sensible and is thus doomed

Cheaper probably to buy votes... maybe the historical method of two beers per vote.

Or the Chicago method of holding voter registration drives in the cemeteries. Dead men drink no beer.

2
0
fidodogbreath
Silver badge

Re: So, problem solved, then

Yeah, but if we did that, nobody would ever win again.

And that's a bad thing because... ?

0
0
fidodogbreath
Silver badge

So, problem solved, then

Now if we can get to work on the one where sheeple will mindlessly believe any stupid crap, no matter how outrageous or obviously false, just because it aligns with their biases / hatreds / pre-conceived notions / etc.

7
0

Say what? Another reCaptcha attack, now against audio challenges

fidodogbreath
Silver badge

Possible countermeasures the paper suggests Ways to make CAPTCHA even more fscking annoying include...

FTFY

4
0

Fine, OK, no backdoors, says Deputy AG. Just keep PLAINTEXT copies of everyone's messages

fidodogbreath
Silver badge

"When you are up against the military or intelligence services of a foreign nation-state, you should have our federal government in your corner," he said

Yeah, let's get those crack data security experts from IRS and OPM on the case.

10
0

Google's phone woes: The Pixel and the damage done

fidodogbreath
Silver badge

Re: Just like Apple

The problem comes when the young woman someone comes into the debt advisory service and they point out that her £50 a month iPhone/Galaxy Note 8/whatever contract is a significant part of why she can't pay her rent. [...] These are the people referred to as "sheep".

Or just "bad at math."

0
8
fidodogbreath
Silver badge

Re: Just like Apple

I am getting a bit tired of this echo chamber where the average user is dismissed as stupid or sheep or idiots.

I work in the software development group at an engineering firm, with some of the smartest and most technically adept people I've ever met. Our software products are all Windows-only, and there is not a single Mac to be found in the building. However, the phone distribution is about 65% iPhone to 35% Android.

Our programmers, engineers, and mathematicians are not ignorant sheeple who blindly pay a so-called idiot tax because they are too stupid to do otherwise; nor does anyone in this building (AFAIK) care about status symbols. They choose a solution that best meets their needs at the price they're willing to pay. I fail to understand why that is so difficult for some people to accept.

29
4
fidodogbreath
Silver badge

Re: Just like Apple

Apple every company in the world's marketing would have you believe they always do 'x' to fix/help users whereas they in fact no different from any other corporation...

FTFY

18
0

Knock, knock? Oh, no one there? No problem, Amazon will let itself in via your IoT smart lock

fidodogbreath
Silver badge

Amazon insists those delivering its packages "are thoroughly vetted, with comprehensive background checks and motor vehicle records reviews."

Just like ride sharing companies.

14
0

Slimy Scoble signs off from job, seeks seclusion and treatment

fidodogbreath
Silver badge

Worst internship ever

"I'm about to post my glowing review of Google Glass. I need you to come to my hotel room and take a picture of me wearing it while I'm doing a common activity..."

1
1

UK's NHS to pilot 'Airbnb'-style care service in homeowners' spare rooms

fidodogbreath
Silver badge

Re: Something needs to be done

Retrain domestic cats to believe that elderly people are merely large mice.

Cats already believe this about humans. That's why they do things like get underfoot when you're at the top of a staircase.

1
0

Legacy kit, no antivirus, weak crypto. Yep. They're talking critical industrial networks

fidodogbreath
Silver badge

Hacking power control equipment is pretty much the ultimate denial of service attack.

2
0
fidodogbreath
Silver badge

Re: Endemic to the sector

Often they have relatively unprotected remote access too including via say mobile phone. What's the worst someone could do though? Turn off your aircon and fry your IT kit?

If the poorly secured HVAC is also connected to the corporate LAN, lots of bad things can happen.

0
0

'We've nothing to hide': Kaspersky Lab offers to open up source code

fidodogbreath
Silver badge

AV is a mixed bag

There have been numerous widely reported cases of serious programming flaws in basically all of the major AV packages, not to mention the many borked updates that have shut down network connections or 'quarantined' legitimate system files. All of these programs present a large attack surface, running secret and proprietary code at a highly invasive and privileged level -- code that's probably easier to exploit than the OS, and/or that creates new OS holes by jacking into system processes that were not designed to be jacked into.

Given that, it doesn't really matter to me whether Kaspersky "gave" the Russian government a back door or if the spookskis figured it out on their own. I think it's prudent to assume that the various global TLAs have similar exploits that target all of the common AV packages. The difference with Kaspersky is just that we've heard about it.

6
1

Hackers can track, spoof locations and listen in on kids' smartwatches

fidodogbreath
Silver badge
Meh

SIoTAFU

The project found "significant security flaws, unreliable safety features and a lack of consumer protection" [...] Strangers can easily seize control of the [insert.device.names] and use them to track and eavesdrop on children due to a lack of encryption and other failings [...] He reported his findings in August to the manufacturer but has received no response to date.

So, just another sunny day in IoT Paradise.

Really, "security news" in the IoT space would be if someone ever sells a product that has any.

6
1

Microsoft faces Dutch crunch over Windows 10 private data slurp

fidodogbreath
Silver badge

"Telemetry"

When referring to Windows 10 slurp, the word "telemetry" should be surrounded by quotation marks; e.g., turning up the heat on Microsoft for extracting heaps and heaps of "telemetry" and other intelligence...

5
1

Android ransomware DoubleLocker encrypts data and changes PINs

fidodogbreath
Silver badge

I'm waiting for an Android malware that can war-drive a vanilla device in the field, without special privileged, completely pwn it, and find a way to persist even after a factory reset. THEN I'll be interested.

The Broadcom WiFi bug allows remote code execution in the context of the kernel. It was patched in 2016, but a lot of devices never received an update for it.

4
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017