* Posts by DougS

12863 posts • joined 12 Feb 2011

Lotto 'jackpot fix' code

DougS Silver badge

Re: is hard to rig

Are they having living people actually coming to the polls and claiming to the be the dead person, or are they just using absentee ballots in the dead person's name? I would assume the latter, as that is much easier to manage with a large pool of "voters", and with much less risk of detection. The voter ID laws don't do anything to improve the security of absentee ballots.

Just have a party sympathizer at an apartment building or retirement home who can collect absentee ballots mailed to designated non existent apartment numbers or room numbers.

DougS Silver badge

Re: is hard to rig

The problem in the US is that control over the elections is done by officials that are either elected positions or political appointees. So a place like Chicago where the democrats are in power they are able to do some things like bringing out the dead to vote. Likewise in some states where republicans are in power, they have enacted voter ID laws - claiming to combat the imaginary problem of voter fraud but it is really about suppressing turnout of minorities and students who are less likely to meet the ID requirements (and allows for challenging the veracity of their ID even when they do have it, which requires them to produce further proof later for that ballot to count...knowing most won't bother)

Then you have the problem of gerrymandering, in which district boundaries are redrawn every 10 years after the census. With computers that's now down to a science, and is one of the primary reasons why US politics have become so polarized. The strategy is that the party in power gets to redraw boundaries in most states, so they will attempt to maximize the number of people from the other party in some districts, and create reliable majorities for their party in others, with the goal of maximizing the number of safe seats for their party. The US would really benefit from a law that required that be done by computer according to formula that drew boundaries in a sensible way that followed existing county or city borders as much as possible, but of course congress has zero incentive to pass such a law or even discuss it because many of them would lose their jobs.

Obviously a state like Utah or California is going to have more voters of one party than the other no matter how boundaries are drawn, so they might still have a number of such 'safe seats' but in those states that are evenly split like Florida or Ohio would have much more competitive congressional elections they do now, and when the parties nominated a guy on the extreme he'd lose to a more moderate foe. Currently it doesn't matter how extreme a nominee is, if he's running in a safe seat where his party has a clear majority he's going to win even if he's batshit crazy.

DougS Silver badge

You think this is bad, imagine the voting machines

They get far less auditing and attention than lottery machines, and something this basic still slipped through! So does anyone really think it would be hard for insiders to write similar software for a touchscreen machine that did some checks of date, contents of ballot, etc. so that it recorded votes 100% accurately during testing, but on the day of the election silently switches 5% of votes in certain preselected precincts? There's no paper trail to audit, no way to know it switched your vote, no way anyone could even find out since 5% is within the expected margin for exit polling.

Oh, you say "surely they'll notice if the exit poll margin is always tilted in one party's direction, right?" That's easy to fix, you tilt it the OTHER direction in unimportant local races, and in states that are so red or so blue 5% won't matter to the outcome. You reserve the switcheroo in your party's (or the highest bidder's) favor for the toss up states, where it really matters!

FBI, Apple continue cat-and-mouse game over iPhones in New York

DougS Silver badge

Pretty weak position for the FBI here

The only thing they have going for them is "we know Apple can help us out here on this iOS 7 device, because they have previously", since Apple made big changes in how they manage their encryption with iOS 8 that made their past cooperation with court orders no longer possible.

So this low level meth dealer has pled guilty, and the FBI wants to go on a fishing expedition hoping to find information about other dealers or customers on his phone, and is using that fishing expedition to try to set a precedent for the All Writs Act hoping to leverage that into eventually forcing Apple to hack their own devices like they wanted in the previous case.

This just fuels the fire even more for Apple to 1) make it so they can't hack their own phones even with a court order by shutting down DFU updates and 2) make it so every bit of iCloud data is encrypted with a user controlled key so they cannot turn anything over there even with a court order. I say good on them, the FBI can go fuck themselves.

The outcome of this case doesn't matter, Apple and the FBI will fight it to the Supreme Court, but the time a decision is reached Apple will have made it so they cannot access any data whether they want to or not. The FBI will go whining to congress, and congress will have to see what public opinion is about making a law that forces Apple to create a hole in the protection they have set up, so that the FBI can catch minor street dealers. While they're at it, they should make it illegal for old school dealers and numbers runners who carry a black book with customer information to use codes, because those codes are like encryption in that they force the poor slobs sitting on their fat asses at the FBI to actually do real police work for a change!

Given the public opinion was roughly divided in a case about terrorism I can't see the public supporting such a law, and every tech company will be against it, and business leaders and Wall Street will fret about what it would do to our tech economy. A few people in the pockets of the FBI/CIA/NSA like Feinstein and Burr might support it, but the rank and file never will.

Tesla 3 orders hit $14bn

DougS Silver badge

Re: Kickstarter?

Now that I think about it, I wonder if it is legal for them to spend that money, since they say it is refundable. If I am buying a house and put down a deposit when I make an offer, that money has to be held in escrow (typically by a lawyer) so that it can be returned to me if something goes wrong and the seller can't deliver (i.e. title isn't clean, inspection indicates problems, etc.)

I suppose even if they have to hold it all in escrow, it indicates enough interest that they could take out a loan for a tidy sum for whatever startup costs were required to get the manufacturing capacity they need. Of course, if there were delays and people started wanting their deposits back, the bank could call the loan on short notice. Though when the company's owner/founder is a billionaire, that might not be a big concern as he's probably able to get loans in his own name pretty easily.

DougS Silver badge

Misleading

While there is certainly a lot of interest and excitement for the Tesla 3, those preorders don't necessarily translate into sales. You can put down a deposit, but have it refunded at any time later. I would bet given the publicity, some people have been putting down deposits hoping the initial demand for the car will be so high they'll be able to make money reselling it.

I wonder if the registrations themselves are transferable? Maybe you'll see eBay auctions for "Tesla 3 reservation #104, get yours sooner than any of your neighbors"

It isn't like you are giving up a lot of interest taking that money out of your bank, so if you think you might be buying a car in a couple years and want the Tesla 3 as an option, why not? You can always get that money back if you change your mind or some better electric car comes along in the meantime.

Meanwhile, Tesla gets to use all that money for working capital to actually make the cars, so this was a good plan on their part.

How Remix's Android will eat the world

DougS Silver badge

Re: Because you're wrong - that's not the future

I presumed the guy I was replying to was talking about a legal OS, not some shady product found on a .onion site or something a hobbyist like you cooks up at home.

DougS Silver badge

Re: Dead Chickens

That would also lock them into using Google Search and allowing Google to do their data collection. Since they are former Googlers maybe they'll play ball, but I agree they might get a better deal shopping it around and it would definitely be better for the future of the internet to avoid concentrating even more power in Google's hands.

DougS Silver badge

Re: But does it slurp my data?

nothing gets sent to Google without your knowledge

That may be true, but if you look at the privacy policy you will see that's quite a lot that can get sent to Google. I also doubt that Microsoft is sending anything from Windows 10 without your "knowledge", they probably have a similarly broad policy that lets them collect almost any data on you.

DougS Silver badge

Because you're wrong - that's not the future

How is your fantasy OS going to accept apps written for iOS, OS X or Windows? Those are not open source operating systems, someone will have to write massive libraries to emulate the APIs from scratch. That's what Wine is for Windows, and it still isn't complete or anything like bug free despite having 20 years or so to get the job done!

Why would someone write an emulator for all the iOS APIs an app might use? They won't, they'll just choose an app that runs on an open source OS like Linux or a mostly open source OS like Android. Then you just port the code that implements the APIs to your new OS (if it isn't already Linux based, but it will be) and you're done in a fraction of the time and effort.

If you must run an app that is only available on iOS or only available on Windows? Too bad, you will have to use an iPhone or a Windows PC.

Large Hadron Collider gets 4,500 more data-crunching GPUs

DougS Silver badge

@AC

What do you suggest for a 'control', a second universe having different properties we can also test against to eliminate false positives?

Just because they are searching through "shrapnel" doesn't mean they'll find a piece that fits if they look long enough. Regardless of whether our current understanding of particles is correct, or they are made up of still smaller particles, they can only be combined in certain ways which are governed by physical laws. Using theories about those physical laws we make predictions that a certain type of particle at a specific mass (or range of masses) should be found and decay in defined ways. If those theories are wrong the predicted particle won't be found, because this isn't like sticking pieces of gum together where anything will stick to anything in any way you want!

And no, we aren't limited to just two properties of larger particles being +/- electrical charge. You are forgetting radioactivity and gravity. The only properties of elementary (or what we currently believe are elementary) particles that don't translate in any way to larger particles made up from them are spin and color. Furthermore there are other emergent properties of larger groups of particles like ability to resist, conduct, semiconduct or superconduct, magnetism, ability to conduct or resist flow of heat and so forth - all those properties we use when making computer chips, solar cells, piezoelectric speakers and on and on.

Is it possible the particles we are familiar with are made up of smaller particles? Yes, but that does not change the validity of these experiments, these experiments would be how we would be able to eventually learn that. Just as we used to not know that atoms contained protons and neutrons, and then didn't know that protons and neutrons were made up from quarks.

Google to admins: We'll tell you when your network is pwned

DougS Silver badge

Re: Ad injectors

Google doesn't like hackers using ads to inject malware, it gives people a very good excuse for why they are running ad blockers - which is what Google views as the real threat since if everyone did that they'd have no source of income.

London to Dover 'smart' road could help make driverless cars mainstream – expert

DougS Silver badge

Re: All the better to track you then?

Why should they waste money on electronic signs when you will be sitting in a car that includes a screen of its own? You won't be driving so you'll have plenty of time to view their ads. Heck, I could see "toll" roads where the toll is paid by answering survey questions.

Please remember this post so when anyone Google tries to patent it you can point to this as prior art and they'll be SOL.

Vendor: Do we need Quality of Service with shared storage arrays?

DougS Silver badge

Re: Noisy Neighbour Avoidance

That link reads like an ad. "Here's a problem many of us have seen; using methods we won't explain we arrived at a solution we are selling."

Here's a more simple summary: if your issue is bursty sequential loads hurting response time of latency sensitive small block I/O, what we really want isn't full QoS, but a setting that allows small I/Os to be given preference over large block I/Os to varying degrees.

That doesn't solve every problem, but it solves the most common one of "my database performance suffers when <x> that does a lot of sequential I/O is running".

Dropping 1,000 cats from 32km: How practical is that?

DougS Silver badge

No, the cats would not land on their feet

They'd land randomly, because they'd suffocate at 33.5 km and be either unconscious or dead when they reached the ground. The temperature at that altitude would also be a problem for them.

Unless you gave them feline sized spacesuits with oxygen tanks; then they'd be OK, but that might throw off their ability to land spread eagled which is what allows cats that fall from great heights to survive with only a few broken bones at most.

Academics claim Google Android two-factor authentication is breakable

DougS Silver badge

No, they don't need to do all that

All they have to do is p0wn your Android browser, which merely requires a remote exploit against that browser which can be triggered when you visit a site carrying that exploit. Typically such exploits would be delivered via an ad network, so you wouldn't need to be tricked into visiting a shady site, just have bad timing to visit a normal site at the wrong time before the bad ad network payload is discovered.

Such exploits are found from time to time, so that would be the time for the bad guys to strike - having hacked one or more ad networks and waiting silently for the right exploit to come along. Even if you personally aren't affected since you aren't using SMS for 2FA, a lot of people will be potential victims.

DougS Silver badge

Re: iOS too

The iOS attack is limited to cases where you have an iPhone and a Mac, and are using continuity to replicate your SMS messages from your phone to your Mac. The Android attack does not require anything more than use of an Android phone.

But I'm surprised el Reg wrote this article as an Android only problem since usually the reverse is the case and things that impact both are written about as primarily as iOS issue. Maybe they've reached their weekly quota of Apple clickbait articles already, being that this is a Friday, but were still short one on Android.

White House flushes away court-ordered decryption like it was a stinky dead goldfish

DougS Silver badge

Re: Whose court?

The difference is, with CALEA you have captive companies. The phone lines, towers, switches, etc. have to be located in the US because that's where the customers are, so it wouldn't do any good for AT&T to re-domicile in another country.

Apple could (in theory, I don't think they would) re-domicile outside the US to avoid such a requirement, and the only thing the US could do is ban iPhones. All that would do is punt the problem, because if Apple is forced to log all iMessages via a CALEA style law, what about all the apps like WhatsApp that could similarly provide encrypted communication? Since they're owned by Facebook, the feds could go after them, but maybe they decide instead to sell WhatsApp to a firm that operates outside the US. Do the feds ban it? New apps come around all the time, are the feds going to play whack a mole with all of them?

What about alternate app stores on Android, they might be able to force Apple and Google to keep "bad" apps that won't play ball out of their own app stores, but with Android (or a jailbroken iPhone) you can download from places that Apple and Google have no control over.

The government will be forced to acknowledge this a problem they cannot control via laws or even back door pressure. The encryption genie is out of the bottle and can't be put back in. They will have to (gasp!) do actual work to track down terrorists, and not sit back on their fat asses and let computers tell them who to arrest because a Brit tweeted about "blowing up America" and "digging up Marilyn Monroe" and computers don't understand humor.

DougS Silver badge

Re: Whose court?

Doesn't matter. Apple has already decided the way forward is to make it so EVERYTHING is encrypted and they have no possible way in even if they wanted in. They're closing up the ability to install software in DFU mode, and recent statements make it sound like they are finally going to do what I've been wanting for a long time - full encryption of all iCloud with data with a key Apple doesn't possess (currently that's only true for certain more sensitive data in your iPhone backup like passwords and Wifi keys, but not for stuff like iMessages) I'm sure they are looking at everything trying to find and fix any weak points where Apple itself could get in, now that they know being forced to hack their own products is a potential concern.

Passing a law that says "companies must help the government recover data from phones upon lawful demand" is going to be a lot easier for politicians than passing a law that says "companies must design their products so they possess the technical means to recover data upon lawful government demand". Such a law would be without precedent, and would have a chilling effect on companies choosing to domicile in the US, causing irreparable damage to future high tech R&D in this country.

Sure, maybe some other country passes such a draconian law (France looks far more likely to do so than the US) but the only card they hold is to ban sales of iPhones in France. That would make for an interesting test case of EU law, whether a country can ban sale of a product legal in the rest of the EU. Anyway, unless they criminalize possession of an iPhone, French citizens who want one could pick one up pretty easily next time they visit another EU country so I doubt Apple would lose all that many sales and would certainly be willing to stand up to them given that they stood up to the US government.

As for China, Apple spends billions there with Foxconn, China can't afford to push them too hard lest Apple start talking to Foxconn (who remember are headquartered in Taiwan, not China!) about moving the whole operation to Brazil. They have already moved a small amount of production there, and Brazil's economy has become depressed due to the fall in oil prices, so there would be plenty of willing educated workers if Foxconn wanted to expand that operation. I can't see China pushing for access beyond what the US government has, but would likely insist on access on par with what the US has.

FBI Director defends iPhone 5C unlock tool that's obviously going to leak into wrong hands

DougS Silver badge

Re: Who cares if it leaks?

That won't work, because each iPhone has a unique ID that's part of the SoC. Trying to extract that would require removing the A5 SoC used in the 5c, decapping it and using an electron microscope to determine the unique ID (assuming you know where to look the die, which may require Apple's help)

The passwords can only be tried on the original phone, they can't copy the data elsewhere to an emulator unless they can get at that unique ID.

Maybe that's what the Israeli firm did, but if so that raises the cost an order of magnitude due to the extremely expensive equipment required, though at least it would be quick. But still, only useful for phones using a PIN, if you use a password you'd be fine so long as it isn't susceptible to a dictionary attack (so don't use "password"!)

DougS Silver badge

Re: Who cares if it leaks?

If it is the NAND mirroring thing then you have to disassemble the phone and connect it to some rather expensive hardware. It won't be something a typical police department can afford, nor will they be sending phones to the FBI (or your local equivalent) for this lengthy process for a simple fishing expedition.

Use a password rather than a PIN and you are completely protected from the NAND mirroring attack. It isn't certain they are using that, but it seems more and more likely, given the information that has been publicly released.

DougS Silver badge

Who cares if it leaks?

It is unlikely to the extreme that it is using a remote exploit, so it isn't like I have to worry about someone getting into my phone unless they steal mine. I think it is very likely they are copying the NAND contents, resetting the retry counter, and copying the NAND back onto the phone to try another half dozen PINs.

Those who claim they can copy it onto multiple phones are wrong, the NAND is encrypted with a key generated from the unique device key of the iPhone, other iPhones have different device keys and wouldn't decrypt even with the correct unlock code. If it is using NAND mirroring then:

1) it would only work on pre-5S models, since the lock counter is stored in the secure enclave on newer models

2) it would require rather expensive equipment - and physical possession and disassembly of the phone

3) it would be rather slow, since you could only try about a half dozen PINs between NAND copies

4) it would only work on phones where a 4 digit PIN is being used, not on phones where an alphanumeric password is being used

Panama Papers hack: Unpatched WordPress, Drupal bugs to blame?

DougS Silver badge

It is as I suggested

Early reports claimed it was a whistle blower, but I said that the narrative would be changed to claiming it as a hacker - to aid those who want to shut down the dissemination of these documents or the information therein by claiming they are the product of illegal actions. And also because the law firm wants to cover their ass, because it is far far easier to explain to angry clients "we were hacked" than "we have a rogue insider who we haven't found yet".

Nest's bricking of Revolv serves as wake-up call to industry

DougS Silver badge

Re: Here's how the competing IoT market will shake out

Who has "his heating on a timer" that just turns on at a specific time regardless of the temperature? Is that somehow cheaper than a programmable thermostat, which is $20 or less based on a 2 second google.

DougS Silver badge

Here's how the competing IoT market will shake out

1. an open source solution will be developed, which will eventually fork into several competing versions, but it will be years until it is packaged into products accessible to the masses. Basically it will be the IoT equivalent of DD-WRT and OpenWRT.

2. Apple will have their own, sort of like iDevices where third parties can make devices to interface with them, but only if you follow Apple rules, and they'll cost more, but it will work pretty smoothly for what it does, even if it doesn't have nearly all the bells and whistles possible in the open source solutions

3. Samsung will have their own, with an 'S' in the name, that few people will use and be considered irrelevant by almost everyone who lives outside of South Korea

4. some major US company like GE will introduce something with major fanfare, that will only work in a home that's all GE products so the only time you'll encounter it is in 'spec homes' where the builder is designing it as a "smart home" hoping for a bigger markup

5. Google/Nest, having lost their trust in the early adopter market by killing Revolv, will fade away but everyone who owns a Nest thermostat will continue to make ridiculous claims that their energy bill is 30% lower

Microsoft rethinks the Windows application platform one more time

DougS Silver badge

Re: Microsoft made it clear that security has taken a back seat

It also eliminates the whole point of making this change. Why do you need a new API for Windows apps when there are no benefits, other than "easy installation from an app store". Seems like they are just following Apple and Google there, when the process of installing Windows apps wasn't a problem before, anyway.

So now developers have a new API they can target, but what is the benefit to them that would make them choose this over writing it as an "old school" Win32 app? Because cutting out the majority of your market (Windows 7 users) doesn't make me think any of them will be interested in this. There is no Windows Phone market to be concerned about, and Surface is basically a laptop so doesn't need touch support in its apps. Benefit for new API == zero.

Congressman called out for $1,300 video game binge

DougS Silver badge

Nothing scandals?

You mean like Watergate, Iran Contra, starting the illegal spying on American citizens that Snowden later revealed, invading Iraq on a lie, those sort of "nothing scandals"?

Bezos defends Amazon culture in letter to shareholders

DougS Silver badge

I finally figured out who Bezos is

Look at that picture - he's S. R. Hadden from Contact. He owns a space launch company, and looks like a slightly younger version of him, so I could see him living in space in his later years.

Hubble spies supermassive black hole in surprising spot

DougS Silver badge

Not just grain elevators

Until the Burj Khalifa was completed a few years ago, the tallest man made structure in the world was a TV antenna in North Dakota.

Call the doctor... no, call security. Docs' mobiles are hopelessly insecure – study

DougS Silver badge

I'm surprised HIPAA would even allow use of Android devices

Don't they have security requirements for devices containing medical data, similar to the requirements for PCI compliance? Though I guess you can say you're "fully patched" if you have the latest OS available for your device, nevermind that it is two years out of date with dozens upon dozens of critical exploits left unfixed.

Given all the ridiculous markups in the health care field, surely there's enough money sloshing around for them to create a custom version of Android that takes away the ability to root it, takes away the ability to install any apps except those installed by the reseller, etc. If people are using bog standard Samsung slabs and able to download and run whatever they want from Google Play, I sure wouldn't want my medical records to ever touch such a device!!

If nothing else, using standard Android would no doubt insure my medical data found its way to Google, who I'm sure would be happy to add it to their database that keep on me. If I visited the doctor for high blood pressure, next time I was surfing the web I'd start seeing a lot of ads for Lipitor...

Google's dream city isn't a new idea

DougS Silver badge
Devil

A city founded by Google?

Will they name it Sodom, or Gomorah?

Nest kills Revolv

DougS Silver badge

Bad publicity for early adopters

It isn't like smart home products are a big market now, it is geeks and early adopters only. The exact sort of people you don't want to have staying away from Google products because of their habit of randomly killing product lines without warning.

Security bods disclose lock bypass bug in iOS

DougS Silver badge

@AC who won't install an update without knowing what is in it

So I guess you never install Microsoft security patches, at least those that say nothing about what is being fixed, just that it is security related?

If the update says what is in it, other than the security content which you know will be released on date X, you still wouldn't install it until date X? What do you gain by knowing (for instance, taken from iOS 9.3) "A USB device may be able to cause a denial of service" CVE-2016-1734? Do you decide not to install updates if you don't think the security fixes are important enough? Not sure I understand your reasoning, because even if details are provided it isn't like the details are enough for you to know "oh, I better not install that, it might break that USB device I have that relies on undocumented behavior to do X with my iPhone"

DougS Silver badge

Re: Apparently it is fixed

Every interaction using Siri is sent and processed somewhere else. As opposed to Google capturing everything you do with your device, to better sling ads at you.

DougS Silver badge

Re: Every patch contains a list of bugs that are exploitable on a unpatched device.

That's the problem with disclosing the security content in an update. If you say "fixed a security bug" then you don't have any way of knowing if OS version x.y fixes the security hole you heard reprted last week. If you say "fixed security hole that allowed access to contacts from the lock screen if you have Twitter configured" that may provide enough information to let someone figure out how to exploit it.

You're screwed either way to some extent, so you have to choose your path. I think Apple prefers to err on the side of disclosure of fixed bugs, and rely on people installing updates in a timely manner. The problem is, blunders like the issues that affected some iOS 9.3 updates make people gun shy of installing patches quickly. I just don't understand how things like that aren't caught in beta, obviously the developers who do the bulk of the beta testing aren't using devices in the same way as end users.

If I was Apple I'd institute two changes. One, I'd release the security content details for a new OS a week after its release, rather than the day of its release. Two, I'd have a new OS roll out in stages. Users could change a setting to request 'early access' to new OS versions. If you configured that setting you'd have to install the new OS in a timely manner or you'd be dropped from the 'early access' group. That would be rolled out in stages, say 0.01% of all users on day one, 0.1% on day two, the remainder of the early access group on day four and everyone else on day six. If problems were found that were somehow missed by the beta stage, they'd be caught by the early access volunteers, hopefully quickly before very many were affected. The seven day waiting period for security content would allow everyone not in the early access group 48 hours to install it on day 6 or 7 before the security content was made public, possibly providing clues on exploiting bugs in older versions.

DougS Silver badge

Read the iOS security doc

It is 60 pages long but it is pretty easy to search for what you are looking for to find the details on this.

There are multiple encryption keys at use inside the iPhone, not just a single one. Everything in the device is encrypted by the device key, but as you say an operational phone needs access to a lot of data while running so the key for that is available to it even when locked. More sensitive information is encrypted a second time at the file level, if it has a protection class higher than "protection none". Those keys are inaccessible to the phone while locked.

Things like contacts and photos are protected by that iOS "protection none" data class, meaning there is not a second level of encryption. The reason for that is rather obvious - i.e. you receive text messages while the phone is locked, it needs to be able to correlate the phone number of an SMS message to a name if you have it configured the show the recipient's name. Likewise that means messages are in protection 'none' since it can be configured to show the message itself, and allow you to reply. Photos similarly need to be unprotected to support the option of allowing quick access to the camera from the lock screen.

There are probably more secure ways of doing this. If they kept all those things in an encrypted file class they could increase security and make such lock screen blunders a thing of the past. To wit, use a separate DB with just the number -> name mapping to support the option of showing who a text is from to allow keeping contacts in a protected file class. Use a separate DB of "messages received since phone was locked" that they could integrate into the proper message store when the phone is unlocked, then they could keep that main message store in a protected file class. Keep a separate DB of "photos taken since phone was locked", and they could similarly keep the main photos store in a protected file class.

I imagine they'll be taking a closer look at moving more things into a protected class to tighten the protections not only around lock screen issues like this, but also because the FBI case seems to have them riled up to redouble their efforts to make the iPhone as secure as possible.

Iceland prime minister falls on sword over Panama Papers email leak

DougS Silver badge

NSA grabbed data

I wasn't aware the NSA had an agenda to topple Iceland's PM. And why should the NSA filter it of US connections, when they could use it to embarrass those who are against their agenda? Like, say, Tim Cook. Heck, if he doesn't have offshore accounts just make up some to include in the dump - who is going to believe the one guy who claims he was framed in the midst of a ton of data that proves to be true?

DougS Silver badge

Russian conspiracy theory

It isn't as though there haven't been stories about Putin's favored people dropping nine digit sums to buy tony properties in London, and other stories showing how unaccountably wealthy many of them have become, so the idea that this whole thing is a scheme against Putin is laughable. If you wanted to hit him you'd need a smoking gun that isn't the same gun that has been smoking since the turn of the century. It is ho hum news in Russia because probably every citizen says "tell me something I don't know" when Putin's connection to corruption is reported.

DougS Silver badge

Didn't realize there were more data dumps to come

I was surprised that there were no US politicians in the list, but I guess if we've only seen 1/6th of it so far that makes sense. Maybe whoever is deciding the order of release has wants to hold up the US release until after the primaries are done so to maximize the fallout.

Interestingly I think the two front runners, Trump and Clinton, are unlikely to be involved. Trump, because most of his holdings are real estate and with his ego he wants everyone to think he is richer than he really is, rather than trying to hide his wealth. Clinton, because her and her ex-President husband derive almost all of their income from writing books and making speeches, and that income is already well reported since they've been covered under disclosure arrangements for most of the past 25 years. Cruz's wife works for Goldman Sachs - if there was anyone who was going to be connected to this sort of scheme you'd think it would be someone working for that firm.

But it would likely hit many current and former Cabinet officials, along with plenty of Senate and House members. I'm sure any of those who have dealings with that Panamanian firm are readying their talking points, hoping to do a better job of defending themselves than the tongue tied Icelandic PM!

WhatsApp straps on full end-to-end crypto for 1bn peeps

DougS Silver badge
Trollface

Re: Your move, FBI

So openssl then? Good thing that has no security holes!

DougS Silver badge

Re: Your move, FBI

Perhaps WhatsApp is not that forthcoming with details, not wanting to be picked apart in case people find there's a weakness. "WhatsApp adds encryption" makes a good story for the public and the sort of publicity WhatsApp wants. "WhatsApp adds flawed encryption", in case they published the equivalent of the iOS security guide and someone figured out it was vulnerable to a MITM attack for example, would not provide the kind of publicity they're looking for!

Contactless payments come to in-flight entertainment units

DougS Silver badge
Coat

Re: "airlines also find ways to charge passengers for more services, more often."

It could solve the #2 problem also, if it has a wide opening like a Gatorade bottle and you are careful.

DougS Silver badge

Re: "airlines also find ways to charge passengers for more services, more often."

Can't wait for the flight attendants to tell people they need a newer phone that supports Apple Pay or Android Pay in order to take a piss.

"Sorry, we don't support Windows Phone, you'll have to hold it until we land in five hours".

"Enabling the reclining feature of your seat costs $2/hour, and disabling the reclining feature of the seat in front of you costs $5/hour".

Ted Cruz slams DNS overseer ICANN a second time

DougS Silver badge

Re: Rather scary

That's for sure, but if you looked really hard you could find one organization that would do an even worse job of oversight than ICANN and that's the US Congress!

PayPal freezes 400-job expansion in North Carolina over bonkers religious freedom law

DougS Silver badge

How does this law infringe on your rights as a white hetero male, aside from your right to discriminate against others you feel you are better than?

Anyway, I don't have a problem with this law. It was legally passed by the government of North Carolina, and the citizens of the state have the option to vote in new politicians if they don't agree with it. Companies have the option to stop doing business in North Carolina if they don't like the law, and if enough do the economic pressure on the state will either force them to change or at least act to the benefit of states that do not have such laws.

Those who don't agree with it should put pressure on major employers in the state to withdraw, or at least cancel any expansion plans they might have, like PayPal did. That's how the battle over apartheid was won in South Africa, not by violence or protests from within the country. Likewise, those who oppose this law can hold all the gay pride parades they want in North Carolina, but it won't change the minds of those who support this law - if anything it will strengthen their support.

When the supporters get laid off because the restaurant they work at closes because businesses are moving out, or when their kid's school starts declining in educational quality because their local tax base is being eroded, then they might change their tune.

Adobe preps emergency Flash patch for bug hackers are exploiting

DougS Silver badge

Because it isn't a player

It is a damn full featured programming language, that today is used only as a player. If they had an option to download a hamstrung version that could only play videos it wouldn't have been banned from iOS by St. Jobs[*] and would probably still be used by many people since it wouldn't be such a security nightmare.

[*]Even those who hated him should nominate him for sainthood for his role in helping hasten the fall of Flash, as the success of iOS forced web sites who wanted to be accessible to iOS devices to rework their site to function without Flash years before they otherwise might have.

AI, VR, bots and YOU? A survivor's guide to The Future™

DougS Silver badge

Last week's underwhelming iPhone launch was meaningless

Trying to claim that it means "Apple is done" as the article wants to imply is stupid. It is a 4" phone which is a niche market these days, but one Apple felt was important to serve with some slightly newer technology than the 5S that was currently slotted in that role. Nobody expected to be a big deal, so I don't get why the press wants to call it a failure. Pretty sure Apple wasn't expecting huge lines and 10 million sales in a weekend like they got last fall for the 6S and will get this fall for the 7.

At any rate, that doesn't have anything to do with whether what strategy Apple is working on for VR and AI pans out. That will succeed or fail based on the merits of the product, but knowing Apple they have their own vision for what they're doing and are taking their time. They want to see the early entrants in the market and learn what works and what doesn't, so they can refine their idea and skip the alpha/beta phase that we're in for products like Oculus, HoloLens, Gear VR and Cardboard.

It will be interesting as the first test of a completely Job-less product launch (I don't count the watch because they almost certainly started the design a year or two before his death)

Truly crap exhibition dumped on Isle of Wight

DougS Silver badge

Litter training cats

If you litter train a cat it will still "piss and shit" all over the neighborhood if allowed outside. Pretty sure there's no way around that fact, at least I've never heard of a cat that will avoid doing its business outside and want to come inside to use the litter box. Cats do tend to be more discreet about where they poo, and attempt to bury it. Unfortunately a great place to bury it is in a child's sandbox, so if you have one for your child it is best to get one that has a cover!

Not sure why you are worried about where cats piss though. Dogs piss all over the place and no one is cleaning that up.

3D printers set for lift off? Yes, yes, yes... at some point in the future

DougS Silver badge

Have cell phones do 3D scanning, they do everything else

This seems like something that could be added as yet another feature on cell phones. Have a small low power laser that projects a grid and maps the surface of an object as you move around it. You build up a 3D model on the display that shows the areas it has mapped and those it hasn't so you can keep moving around it (or turn it over in your hand if it is small enough) until it is fully mapped, or as close as you are able to get.

There's probably nothing preventing this now except:

1. hardly anyone needs it, until they do why bother?

2. cost, until lots of people need it the cost to add it is too high

3. regulations for lasers, it would have to be so low power and long wave that it is eye safe since you know people would use something like this on their phone on people's faces - either someone else's or their own. But I wonder, is it possible to have a laser that is eye safe?

Not Bitcoin, but close: Red Hat and Microsoft bite into blockchain tech

DougS Silver badge

Cutting out the middleman

Banks and brokerages wouldn't be so interested in the tech if it would allow cutting out the middleman, since in many cases (credit cards, stock purchases) they are raking in countless billions by BEING the middleman.

What they want is to 1) reduce their costs so being the middleman becomes even more profitable than it is now and 2) to use technological means to further secure and entrench their position as middleman.

Biting the hand that feeds IT © 1998–2019