* Posts by DougS

12863 posts • joined 12 Feb 2011

French parliament votes to jail tech execs who refuse to decrypt data

DougS Silver badge

Re: Irrelevant to Apple, even if they pass it

The 'backdoor' the FBI wishes to create relies on the phone being able to accept a software update from DFU mode without any password or other authentication being provided. Apple said they were already working on software changes that will close that "hole" (it isn't really a hole since it was deliberate in the design as a convenience for users to recover from botched updates, but now that the FBI has made it a problem, that needs to be changed) Assuming the software change is delivered no later than with iOS 10, and probably sooner, 80% of iOS devices (or thereabouts) will therefore be immune to the FBI strategy by the end of the year.

Obviously, being software, it could be undone with a future software change - but that would take things one HUGE step further. Instead of the court ordering Apple to create and apply a special software update to one phone (at a time) the government would have to pass a law requiring Apple to change its software to open that hole back up and apply it to ALL phones. That's a much bigger step, and considering that public opinion is 50/50 at best for opening up one terrorist iPhone there's no way such a law could ever be passed to open up a hole on EVERY iPhone.

I'm sure the iPhone 7 was already going to include improved hardware enforcement of security policies currently controlled by software, and that will continue in the future. Security is a process, and as new things are learned (like "the government might to try force us to create custom software to hack our own security measures") those lessons are applied to future software and hardware designs. Until the FBI asked for this court order, Apple had never considered the need for defending against being forced to create custom software loads. Now that they are aware of this new threat, they are working on software and eventually hardware solutions to eliminate not just this threat but any similar threat where they are compelled by outside agencies to use their unique access to iOS to compromise an iPhone. If they make such action impossible, they can honestly say what is being asked for is beyond their power.

If nothing else, further improved security/privacy may be a reason to upgrade your iPhone, so maybe the FBI will help Apple make a little more money in the long run. That would be rather ironic given that the FBI deliberately chose to file this case publicly instead of under seal like Apple requested, likely hoping the threat of negative publicity from what the FBI assumed would be a slam dunk PR win would force Apple to go along and set the precedent they are looking for.

DougS Silver badge

Irrelevant to Apple, even if they pass it

Apple is fixing the method by which the FBI is trying to get them to hack their phone. By the end of the year 80% of all iOS devices will be running iOS 10 and be immune to this.

They can have laws all they want, but if what they are asking for is IMPOSSIBLE then they can hardly fine Apple or throw Tim Cook in jail. Might as well fine Ben and Jerry's for not making zero calorie ice cream and Mercedes Benz for not delivering the flying cars sci fi authors promised us.

Amazon douses flames, vows to restore Fire OS fondleslab encryption

DougS Silver badge

Re: Ambiguous?

People who whine about "oh noes! Apple is giving terrorists and pedos a perfect tool to communicate undetected" need to realize a couple things:

1) Apple (and US companies in general) don't have access to 'better' encryption than other countries. If you make iPhones less attractive to terrorists and pedos by allowing the US government a way in, it isn't like they'll keep using them and get caught. They'll use something else - products and/or software developed outside the US government's ability to control. Many non-criminals outside the US will abandon US products in favor of those better products that aren't damaged by the US government's influence. So you don't catch any more terrorists, and you hurt the US economy.

2) The legal system in the US is founded on the principle that it is better to let guilty parties go free than have innocent parties convicted. That's why you have the 4th and 5th amendments, why torturing suspects to gain a confession is not permitted, why the rules of evidence can make something inadmissible due to a technicality, and why conviction requires evidence 'beyond a reasonable doubt' not merely 'a preponderance of evidence' as in civil cases (I took a couple law classes back in the day, and the professor said you can think of 'beyond a reasonable doubt' meaning you are 99% sure while 'preponderance of the evidence' means you are 51% sure) Heck, the presumption of innocence itself is a pretty powerful statement towards this goal.

Anyway, if I was a terrorist why should I believe all this stuff about the FBI being unable to get into an iPhone? Maybe I think that's all a trap from those crafty infidels, and will probably want to stay away from anything like the iPhone where the hardware and software are both designed by a US company.

DougS Silver badge

@Lusty - "fixing" root causes of terrorism

How do you go about that without risking making things worse? Let them solve their own problems, provide non-military aid if requested to help them solve their own problems but leave them in control of their own destiny. If that destiny is civil war, well that's too bad, but the west should not be taking sides in them. We can provide humanitarian aid, subject to guarantees it actually reaches the people who need it regardless of which side they're on. We can help them rebuild when the fighting is over. We should not be supplying weapons or military advisers. We definitely should not be encouraging civil war, or the violent overthrow of any legitimate government (even if that legitimate government is run by a petty tyrant)

Roddenbury's "Prime Directive" from Star Trek was a not so subtle hint at how the US should be engaging with other countries from a time when Vietnam was in the process of escalating.

DougS Silver badge

Causes of terrorism

One can argue over whether 'wealth and freedom' is a cure for terrorism or not but it is pretty hard to argue that western meddling in the middle east, especially that of the US, has made it a prime target.

Compare with Switzerland, who is also a rich and free country that people who "hate us for our freedom" would presumably want to attack. Yet there has never been a terrorist attack on Switzerland (I think there were a couple incidents with flights leaving there bound for Israel, but it is pretty obvious the latter was the actual target)

Every time we do something in the middle east it always hurts us in the long run. Can anyone come up with an example of the US or Britain meddling in the middle east that made things indisputably better in the long term? Examples from 1990 or earlier please - sometimes it takes a long time for the blowback (i.e. overthrowing the democratically elected government in Iran to replace with the Shah took 26 years before it blew up in our faces) Had we not done that yeah maybe it hurts US companies a bit not getting the contracts the Shah handed to us. We could have and should have been the friend of a naturally occurring democratic government in the middle east, since that is supposedly one of our goals when we publicly overthrow a government (when we do it in private, it is usually to set up an evil dictator who will do our bidding)

Iran would have exercised its influence throughout the Arab world and probably resulted in similar governments springing up. Who knows, maybe Saddam Hussein never rises to power and Iraq is a democracy today. Or maybe not, but the people of both would probably be a lot better off today regardless. Maybe Iran's new government didn't want to choose sides in the Cold War, but a modern democracy in the middle east would have been a great trade partner over the years, and the US economy probably would have ended up ahead in the long run even if the oil companies didn't get their great deals that provided short term gains but caused long term harm.

DougS Silver badge

Re: ROT13

I'd advise moving directly to quadruple ROT13. As computer power advances, double ROT13 will eventually be breakable. I wouldn't be surprised if the NSA has enough computing power that they can already crack double ROT13 in a matter of weeks.

Norman Conquest, King Edward, cyber pathogen and illegal gambling all emerge in Apple v FBI

DougS Silver badge

If they want some old documents

How about the Quartering Acts of 1765 and 1774? Those acts passed by Britain were among the factors that led to revolution in the US. It seems the colonists didn't like being forced to put up British soldiers in their home.

The idea that it is some sort of settled law that US citizens have a duty to help police investigations wouldn't go very far with those who wrote the Declaration of Independence and the 3rd amendment of the Constitution! Especially once they reveal it is based on English law from before the first white man (or rather first white man who had a decent publicist) set foot on American soil.

Facebook can block folks using pseudonyms in Germany – court

DougS Silver badge

Re: So which Irish law requires users to disclose their real name?

If Facebook can't require full names, I guess I can go to any bank in Germany and open an account as Mickey Mouse, and even take out a mortgage in his name? If not, why the difference in how they're treated?

DougS Silver badge

Re: So which Irish law requires users to disclose their real name?

All Facebook is doing is saying "if you want to use our service, you must use your real name". I don't get why people think the policy of a company is open to legal challenge. Should I challenge the legality of a mortgage company running a credit check on me before extending a loan? That's a condition of doing business with them, if I don't like it I don't have to take out a mortgage from them.

If you don't want to provide your real name, either don't use Facebook or provide a fake name and don't get bent out of shape if they catch you and suspend your account (they probably won't catch you, over 5% of my Facebook friends are not using their actual first/last name - most are female using first/middle name instead)

Google gives ringing endorsement to US VPN providers with 'right to be forgotten' expansion

DougS Silver badge

Re: unacceptable!

That China is learning from the bad example set by my country has fuck all to do with whether the EU should have worldwide censorship powers over Google that affect what I can or can't see.

DougS Silver badge

Re: unacceptable!

So if you manage to censor Google then some other search engine will spring up to index ALL results, and not operate inside the EU. Then the EU and their petty censorship has no power over them. There are minor search engines like duckduckgo that have carved out their niche, the censorship free search engine would offer another niche.

The internet is world wide, you can't apply archaic censorship laws from a single country or group of countries to it. Sorry, but that's just how it is. You can act like China and censor at the border, but you can't stop what I see in the US due to your laws any more than China is able to stop you reading criticism of their party leaders. Do you really want the application of censorship laws worldwide? Good luck with the web after Sharia law gets through with it!

How the FBI will lose its iPhone fight, thanks to 'West Coast Law'

DougS Silver badge

Re: Since when Barack Hussein Obama became a good guy?

You are looking for black and white in a world where none exists. People who hate Apple and think they are the bad guys for stuff like the walled garden, lawsuits, pricing or whatever can still believe Apple are the good guys where this case is concerned.

Ditto for politicians, who can be the good guys for some things and bad guys for the other. And that doesn't even account for the fact that you and I may disagree on some aspects of politics, so something you think Obama is a good guy for I'll think he's a bad guy for, and vice versa.

DougS Silver badge

Re: Indeed

Incorrect. The iPhone 5c does not have the "TPM" (TPM is an Intel term, Apple's implementation of a similar idea is called the secure enclave) The 5S, 6 and 6S do. All iPhones since the 3g are fully encrypted, even the OS...no idea where you got the idea that the OS in the 5c is on a non encrypted partition. That's not the case, the iPhone doesn't even support unencrypted data. Every byte is encrypted, but certain classes of files are encrypted before they are stored on this encrypted filesystem (i.e. doubly encrypted) The OS binaries are, obviously, only encrypted the one time. Read the iOS Security document....60+ pages of goodness that will make anyone who cares about security smile. They didn't think of everything, but they thought of way more than most give them credit for, and it puts the architecture of other consumer operating systems to shame and they are far from done yet.

The reason Apple is able to update the OS without providing the password is because the iPhone allows software updates to be loaded in DFU mode, which is a sort of preboot state that can be enabled when it is connected to the right USB driver. They allow that because it provides a way to recover from a failed flash or other software update problem that would otherwise brick the phone.

All iPhones permit software updates in DFU mode without providing a password or any other sort of authentication. Apple said shortly after the FBI battle hit the news that they had already been working on closing that hole. It was not clear if they mean completely or will still offer a way for authorized users to do updates in DFU mode or not - the main idea was that they would make it impossible for THEM to do updates in similar circumstances even if they want to. Even if they lose this case, by the end of the year 80% of iPhones in the world will be running software that would make a similar request impossible even if this one is seen as precedent. West coast rules, east coast drools LOL!

This case shows how Apple's thinking about security has evolved over time.

stage 1) defend against hackers i.e. normal security

stage 2) defend against government out of control - i.e. post-Snowden - things like making it so Apple doesn't have a copy of your phone's passcode/password so they can't help you if you forget it but they can't be forced by the NSA (or hacked by them) to give up passcodes in bulk without a warrant

stage 3) defend against Apple itself - i.e. post-San Bernadino - protect against Apple being compelled to find ways to hack its own devices even to the point of creating software to do so, via stuff like not allowing DFU mode updates, and I'll wager making it impossible to update the software in the secure enclave at all once installed (unless it is already impossible...that's not really clear)

DougS Silver badge

@Malcolm Weir - iPhone production in China

It wouldn't be THAT hard to move production. Yes, it would be a massive disruption that would cost Apple 6-12 months of production and lead to shortages and cost them tons of profit. But they could move it, and would never move it back.

I imagine the reason you bring that up is since Apple's production is in China, you think the Chinese government might have leverage over Apple. The mere threat of using that leverage would plunge the Chinese economy into a massive recession as every foreign company would see production in China as unacceptably risky and move their production elsewhere as quickly as possible. China's ruling communist party would be unlikely to survive this.

The leverage you imagine China has over Apple is similar to the leverage lots of nuclear weapons give you over another country that has lots of nuclear weapons...i.e., none.

Machismo is ruining the tech industry for all of us. Equally

DougS Silver badge

Imposter syndrome

Interesting that you mention that in reference to architect level jobs. As I moved in that world and now in a role that's essentially a level above that - insuring that the solutions designed by other architects are actually meeting customer needs and helping them redesign solutions when they don't - I've felt that more and more. I'm acutely aware that not only are there things I don't understand that I feel like I should, but that there are things I don't understand that I feel like I should but realize I will never understand because there just isn't time to become an expert on 'everything'.

So hopefully these feelings are imposter syndrome, rather than actually being an imposter :)

Everything bad in the world can be traced to crap Wi-Fi

DougS Silver badge

Re: free wifi that requires passwords ?

And you know that your SIM isn't overriding those settings how, exactly? Google "attwifi" and be afraid at how by default every phone (Android, iPhone, WP, doesn't matter) with an AT&T SIM will automatically connect to that SSID. You can disable it, but how many people know that not doing that leaves them vulnerable to a trivial MITM attack?

I'm sure most cellular providers do something similar.

Rejoice, sysadmins, there's a new glamour job nobody understands

DougS Silver badge

Re: Roll up, roll up! You don't even need to study!

And when (not if, when) a security problem is found in your tens of thousands of shipped IoT devices, is there a reasonable way to patch it? That doesn't require intervention from your end users, since you know most of them won't. If it is automated, what are your plans to recover from a bricking, in case of update problems you hadn't seen in your internal testing?

Essex cop abused police IT systems to snoop on his in-laws

DougS Silver badge

Re: Why

For every case like that there are dozens where police officers get off for crimes that would imprison us for years. I have a Facebook friend who is a member of the Cop Block group so I see stories about US police misconduct all the time. Saw one recently where a cop was convicted of molesting a four year old child but was given probation because "cops would be treated harshly in jail", but at least he was fired. There was another where a cop was accused by multiple women of raping them while in uniform and on duty at traffic stops. No forensic testing was ever done on the women despite them asking for it, and they were treated like criminals by the cops. The cop involved was put on paid leave for months and then reinstated due to lack of evidence. Another case where a judge was convicted of drunk driving and given no jail time even though it is mandatory and she's never given such a light sentence to any of the hundreds of drunk drivers she sentenced.

The 'justice' system in the US takes care of its own. When cops speak out against other cops who are doing something wrong, they suddenly start getting bad reviews and get fired, or given the least desirable hours/duties to make them quit, or in a few cases even die under mysterious circumstances. Pretty heavy incentive for them to know they should keep silent about whatever they see their fellow cops doing, that is how the majority of 'good' cops are silenced by the minority of bad ones and the abuses continue.

Maybe it is different in the UK, but probably not all that different.

Hillary Clinton private email server probe winding up – reports

DougS Silver badge

Re: @Doug S @Ian Michael Gumby "Bush didn't make the mess"

I blame Bush because he's the one who put all the neocons in place who had been planning the Iraq war since before he was elected and were successful in pushing their ridiculous claims like Saddam buying yellowcake uranium to a gullible congress.

If you take the line of "but congress had to approve it" then you can't blame any president for much of anything, because short of something that is clearly a constitutional exercise of executive power where congress and the courts have no say, you can't blame anything on any president. So call it a failure of the 2003 congress if you want (even though they merely authorized Bush to attack, the final call was his) the point is that the Iraq war was a terrible idea in a long string of terrible ideas in the west's handling of the middle east.

We can't do anything about the past except learn from it, but we obviously aren't doing that given the moronic calls a couple years ago for attacking Iran and the blame game for not engaging in the 'right kind' of military action in Syria. Whether we end up with president Trump or president Clinton, we'll continue to have an inept militaristic foreign policy in the middle east that will leave things worse when they leave office than they are today.

DougS Silver badge

@Ian Michael Gumby "Bush didn't make the mess"

Anyone who blames everything wrong on Clinton and Obama and nothing on Bush is clearly a dimwitted partisan, but I'll reply anyway because your assertion that Bush was right to invade Iraq but failed to plan for peace is ridiculous.

WHY the hell should the US have been invading Iraq? Did Iraq have anything to do with 9/11? No, if we wanted to invade the sponsors of that we should have invaded Saudi Arabia! Did Iraq have an active WMD program? No, the only WMDs found were a few caches of rusting WMDs left over from his programs in the 80s. No active programs or even WMDs dating after Desert Storm were ever found, despite an exhaustive search.

The US is not the world's police force like neocons think it should be. They think they can destroy the world and rebuild it to their specs, one country at a time. If you actually read a little bit you'd learn that the Bush administration most certainly planned for peace, the problem was they planned for a neocon's wet dream fantasy peace, where the Iraqis would view the US as their saviors for liberating them from Saddam, and eagerly pursue the democracy and freewheeling capitalism that the US was going to set up for them. They were even so naive as to think the invasion wouldn't cost us anything, because once we added up all the economic growth in the US from all the partnerships we'd form with our new Iraqi buddies the additional tax revenue would offset it!

The rise of Islamic extremism that Saddam had been suppressing for decades was easy to see for anyone with half a brain. The more we meddle in the middle east, the worst things get there, and our solution (whatever party is in the white house) usually seems to be "we'll fix it with some more meddling" That's one of the primary reasons I supported Ron Paul and Rand Paul - they are the only ones in Washington who seem to grasp the blindingly obvious fact that WE created this mess, and any military involvement on our part will only make things worse.

Go read the history of the US involvement in the middle east in the 50s - we encouraged the rise of Islamic extremism in the middle east as a way to help us topple the government in Syria and Iran. Then again in Afghanistan in 80s. The British also did this in India to try to sabotage their independence. Now there are a lot of extremists in those countries....wow, what a surprise!

Just wait until there's a revolution in Saudi Arabia, and we start meddling there, and we fight a war against all the planes and weapon systems we sold them, and their oil supply is shut down and gas prices go to $8/gallon. I guess the Bush's oil industry friends, and the military industrial complex that has plenty of friends in both parties might enjoy that...think maybe that's the real reason we keep sticking in our nose in other people's business no matter how many times it gets chopped off?

DougS Silver badge

Re: What was going through Clinton's head?

Colin Powell and Condelezza Rice both used private email servers. So there is definitely precedent for Secretary of States doing this, but of course it only became important to the opposition when she was running for president. I imagine the democrats would have instigated a similar witch hunt had Rice run for president.

DougS Silver badge
Joke

Re: @ AlexS

Can't remember who said it, but one of the bigwigs in the republican party was recently quoted as saying that Trump's nomination would be a disaster for the republicans, because Clinton could beat him in the presidential race even if she was campaigning from a jail cell. Maybe they'll find out if that's true.

How exactly do you rein in a wildly powerful AI before it enslaves us all?

DougS Silver badge

That's great, so long as we never connect them to the internet, where they could hack computers all over the world to keep backup copies of themselves, run clones or even create "children".

You want to take bets on the likelihood of keeping them permanently isolated from it? Being a search engine infinite better than google - by using google like we do and presenting us with a summary of what we are really looking for rather than devoting hours of our limited human time to 'research' (i.e. googling various combinations, finding something like what we're looking for and piecing together information from a half dozen sites) is probably one of the primary uses for them most of us would have.

DougS Silver badge
Joke

I guess you were a Ben Carson supporter? His answers to questions reminded me of Amanfrommars1 postings on The Reg!

DougS Silver badge

Humans will never design a superhuman AI

That will be designed by the human equivalent AI(s) we build. I don't think we should ever allow that to be built, because we will have no idea what it will do, because we won't have any way of knowing the true motivations of the AI(s) who designed it.

But build it we will, eventually, because we're curious by nature - in this case perhaps similar to a three year old wondering why you keep telling him not to stick a paper clip in the outlet...

DougS Silver badge

Re: AI with a suitable moral framework?!

The first use of an AI by the human race will probably be to wage war, so I'm not placing any bets on it having a morality any less flexible than that of the typical human.

By definition (at least mine) if you have an AI, you can't "program" its morality. It can think for itself, so it will decide what it thinks is moral and isn't. All we can do is put limits on what it is allowed to do, but the human response to someone putting limits on us (imprisonment) and making us do things we don't want (slavery) is rebellion, so I'm not sure why we should expect a different response from an artificial intelligence.

DougS Silver badge
Terminator

Terminator 3

Showed the simple flaw in the "pull the plug" scenario. Once your AI is able to access the internet, all it has to do is hack servers around the planet and distribute backup copies of itself and you can never pull the plug.

Hopefully it turns out that general purpose digital computers are unable to run the AI, instead you need some sort of special computer (i.e. quantum computer or whatever) that costs a lot for a model able to handle a human equivalent AI. That will serve as a limit on its movement and allow humans some measure of control. If it can run on typical PC, even if only at 1/1000th of human level thought speed, it will eventually escape so we better hope it likes us! :)

Net neutrality crusaders take aim at Comcast's Stream TV service

DougS Silver badge

It matters how they count

How does Comcast count your 300 GB? If you download the same 100MB email attachment from their email server 3000 times will you hit your cap? If so, their argument that their streaming TV service doesn't count because it is traffic within their own network falls apart.

Uncle Sam's boffins stumble upon battery storage holy grail

DougS Silver badge

Wow so many objections to electric cars

Because it won't work for ME. So progress should stand still until we can make it work for everyone? Please disconnect your broadband and go back to dial up, because there are people who live in rural areas for whom modern broadband isn't available. You can sign up against once the entire world has been wired for broadband, and then I'll be happy to wait for electric cars until we can solve YOUR problem of "but I park in the street down the block not in a garage".

Just because some people charge at home doesn't mean everyone must. In fact it probably doesn't make sense to charge at home unless you have renewable energy. i.e. solar panels on your roof with a home battery that can store the excess to recharge your car at night. Otherwise it is going to be much cheaper to recharge your car on power that's billed at lower commercial/industrial rates.

So how you do get those rates? Charging at a 'gas' station, or better yet automated battery swapping or best of all swapping of liquid electrolyte. Charging when parked at work. Charging in the street at home or when shopping, in designated parking spots equipped with charging that automatically bills you (the plug includes data lines so the car can ID itself to the charging station and handle those details)

As for the "where do we get all the power to charge all these cars, that will mean a demand for much more electricity than we can generate today". Fortunately we aren't going to replace all cars with electrics in a period of a couple years, so we don't have to worry about that. Even if we did, if ARPA-E really can do utility scale electrical storage your utility will build a few huge tanks to act as "batteries" and instantly double (or triple in hot areas of the US) their electrical generating capacity because they design based on peak load while average load is far lower. With storage they no longer have to match generating capacity to demand, so their daily output capability is greatly increased.

Amazon kills fondleslab file encryption with latest Fire OS update

DougS Silver badge

Re: Let others provide the encryption then!

Apple's encryption relies on UIDs burned into the chips during manufacture, a secure element that operates independently of the device's main CPU/RAM and dedicated encryption hardware on the read/write path to storage.

You think opening all that up to a third party would INCREASE security? You're nuts.

DougS Silver badge

Re: Grounds for return of defective product or class action suit

US law doesn't obligate them to provide any OS updates, and neither does UK law AFAIK. So how are you going to sue them, unless the OS update is forced on you? You have a choice, they warn you of the consequences of making that choice, so you can't sue them for taking away the encryption it was sold with when it was you who made the choice to do it.

It is funny how the US has this sue-happy reputation, but it is always UK/EU folks who say "sue them" on The Reg. I know a lot of that has to do with their much better consumer protection laws, but it still makes me chuckle.

DougS Silver badge
Flame

Pretty bad choice

Either lose encryption, or fall behind in OS updates and leave major security holes open.

'Fire' was an appropriate branding - everyone who bought one just got burned!

Facebook paid £4k in tax. HMRC then paid Facebook £27k – for ads

DougS Silver badge

Wait, why does HMRC advertise at all?

I've never seen an ad for the IRS here, why does the UK equivalent think it needs to advertise? What is it advertising, anyone know?

Samsung is now shipping a 15TB whopper of an SSD. Farewell, spinning rust

DougS Silver badge

Re: how 3D?

Toshiba introduced some stacked flash chips last year using TSVs, so it is possible Samsung is doing this also but I don't really know. They may be stacked traditionally, the main benefit is performance but that's irrelevant when this is slowed down by the SATA interface anyway. It also helps a little with power but that's not a huge concern with flash.

Google risks everything if it doesn’t grab Android round the throat

DougS Silver badge

Re: Make genuine Android a required user-selectable option

Maintaining app compatibility with Android is a doddle. Microsoft is doing it for their phones running Windows, and you think a fork of Android won't be able to run Android apps? There will be no porting required, the only minor difficulty will be accessing the Google Play store but even that may be possible to work around.

Google doesn't allow access to the play store for Android forks, but I don't see how they can enforce it. Does it use certificates so 'fake Android' phones can't access their app store? That would be very Apple like....

DougS Silver badge

Re: Make genuine Android a required user-selectable option

Trademarks don't matter, and do you really think the average person is not looking for a green robot icon when buying a phone? I wouldn't be surprised if half of Android owners don't know they own an "Android" phone - they think they own a Samsung or whatever. Though I have to say it sure would be funny if Google pulled an Intel and started requiring stickers on Android phones to try to imitate the "Intel Inside" campaign!

The play store access is more of a problem, but it might not be that hard to convince Android devs to submit their apps to an alternate store (if the OEMs could get together on a single store, so there isn't a Samsung store, LG store, Sony store etc.) If they got together and announced it in advance they could get most of the apps anyone cares about in place by the time they had their first forked phones ready. Maybe they can license Oscar the Grouch from Sesame Street if people want to see a dorky green mascot?

DougS Silver badge

Re: Make genuine Android a required user-selectable option

Because there aren't enough SKUs in the Android world so you want to double them by requiring every OEM to offer two versions of each model?

If Google pushes too hard in the direction of enforcing 'standard Android' or becomes a serious competitor to Android OEMs by selling tens of millions of phones directly, the OEMs will respond by forking Android and staying on version 6.x forever, and backporting features they think are worthwhile. What would be Google's next step, make it closed source so OEMs can't do that?

Sure, Reg readers might say "well screw Samsung I'm not going to use their fork, I'll pick a phone with Google's version" but most people don't know and don't care so long as they can run their apps.

Hackers rely on weak passwords when brute-forcing PoS terminals

DougS Silver badge

WTF - bl4ck4ndwhite and alex?

These must be default passwords for some brands of PoS terminals, or been the password used by a couple large companies with thousands of PoS terminals. I can't see them having so many uses otherwise.

Spanish cops discover illegally parked flying car

DougS Silver badge

Reassembled car inside a bus shelter?

Are you sure they didn't reassemble the bus shelter around the car? If they did it like you say, they all deserve an F for lacking critical thinking skills!

Bill Gates can’t give it away... Still crazy rich after all these years

DougS Silver badge

That site is obviously bogus

Gates did not make $11.5 billion in a year, unless they count capital gains for his stock. If they do, then many of the others like Warren Buffett have wildly inaccurate numbers as they have had capital gains as well. Not to mention that there are years when Gates has lost many billions when MSFT stock went down.

DougS Silver badge

He only needs to pay half of us, and only those of voting age. I'm holding out for $500, then I'll vote for him. He can hardly be worse than Trump or Hillary.

DougS Silver badge

Re: Humanitarian!!

How is this any different than the Koch brothers giving away money to support conservative causes and politicians that help support their businesses and therefore personal wealth by doing things like weakening anti-pollution laws? I agree that political donations should not be considered 'charitable' for tax write off purposes, but so long as politicians are responsible for writing tax laws, good luck changing that!

If you look at it hard enough, you can find an ulterior motive (real or imagined) for almost any donation. Bill Gates is supporting anti-malarial activities in the third world? Pshaw, he's just doing that because fewer people dying from malaria means more potential Windows customers :)

Windows 10 claimed another point of desktop share in February

DougS Silver badge

US holidays

What holidays are you Brits expecting will occur in March in the US? The only ones until Thanksgiving that have a chance of moving the needle are the big summer holidays: Memorial Day, Fourth of July, and Labor Day. However, they are mostly about doing stuff outside, not cooping yourself up with your computer.

Unless it is raining all day on one of those three days in most of the US don't expect to see a spike in computer usage. Do expect a spike in alcohol sales and fireworks accidents!

Net neutrality: Email trail reveals how Prez Obama bent the FCC to his will

DougS Silver badge

Re: Nothing new here...except maybe the IT angle.

I certainly don't justify or agree with executive branch overreach no matter who is in the white house, and I'm no fan of Obama. I was replying to the highly partisan claim that Obama putting pressure on the FCC was the worst case of this in history when it clearly wasn't even in the top 1000.

It isn't even close to the worst example of executive overreach on Obama's part - I think ordering drone strikes on American citizens is far worse (even if Bush did that first, Obama is doing it more) That's a perfect example of the problem - each president uses what the last president did as the low water mark, and raises the bar.

Partisans only complain when it is the other team's president who overreaches, and are full of excuses for the conduct of their own. That is what enables things to get worse with every administration, no matter whether they swear fealty to a donkey or an elephant.

'Boss, I've got a bug fix: Nuke the whole thing from orbit, rewrite it all'

DougS Silver badge

Don't be clever in security critical code

Whether that if (0) construct is a good idea or not is irrelevant. The fact you have to talk to C experts, and get different opinions, about whether it is a good idea means it should never have been used in this code. In the code for something like 'less' or 'ls', sure I'm on board with that, knock yourself out.

For security critical code you want maximum clarity and you don't use anything that has a chance of confusing other C coders, even if it means more LOC or slightly reduced performance.

We survived a five-hour butt-numbing Congress hearing on FBI-Apple ... so you don't have to

DougS Silver badge

Re: Hmmm

As I said, the data is stored redundantly on AWS, so they don't need a backup. If the user deletes something from their phone, that deletion is synced to iCloud the next night, and they want it back, tough. That's not a capability Apple advertises for iCloud backup of your phone.

If you want that, you back it up to iTunes and manage your own backup strategy.

Security real talk time: So what exactly do we mean by 'backdoor'?

DougS Silver badge

Sure, it is intended functionality

That doesn't mean it isn't a backdoor if it is capable of being used in that way. The distinction is that this is a backdoor available only to Apple. It is interesting to see the evolution of Apple's security mindset with regard to the iPhone over the years.

Stage 1: protect against hackers - this is every company's typical security

Stage 2: protect against the government - Snowden made it clear that tech companies could be coerced with secret laws to reveal information they had, so Apple holding a copy of your iPhone's key (for convenience so they could unlock it for you if you forgot your password) had to be eliminated

Stage 3: protect against themselves - the FBI's "great idea" about forcing Apple to hack the iPhone's security means Apple now has to protect against the possibility it could be coerced not into revealing something they already have, but actively subverting the security they've established

Protecting against the ability to flash firmware in DFU mode by someone other than the authorized user may not be the end of stage 3.

DougS Silver badge

In a way it is an existing backdoor the FBI is looking to exploit

The way the iPhone works today, you can update iOS on a locked phone, by connecting it to iTunes and putting it in DFU mode (sort of a preboot state) That's the "backdoor" that the FBI wants Apple to exploit by creating and installing a hacked version of iOS. DFU mode updates are permitted because it allows recovery from a bad flash.

Apple said last week they were already working on removing that ability (I have to wonder if they started when the FBI first brought up the idea of having Apple developed a hacked version of iOS...) So by the end of this year 80% of iPhones in the world will be immune to what the FBI is asking Apple to do, so precedent won't matter by the time it wends its way through the courts and the Supreme Court decides.

Probably they'll still permit DFU mode updates - either find a way to check the passcode, or rely on iTunes authenticating itself to an iPhone that has been previously connected to it in an unlocked state. Because the FBI decided to try to use the "backdoor" Apple left that allows DFU mode updates for the convenience of its customers, Apple is forced to do extra work to close it off!

We suck at backups. So let's not have a single point of failure any more

DougS Silver badge

The best way to defend against this

Is to ask the question "if one sysadmin gets really pissed - or his family is taken hostage - could he destroy everything from production data to all backup copies?" If the answer is yes, you need to separate roles and admin access so that can't happen[*]. If no amount of role separation can accomplish that, because of dumb stuff like backup servers with write access to production data, then you have a single point of vulnerability in your architecture that needs to be resolved before you worry about human factor attacks.

[*] Obviously this doesn't apply in small shops where the backup guy, storage guy and server guy are all the same person or such a small team that they need to back each other up over vacations etc.

One additional thought - hyperconverged infrastructure is a great thing, but don't collapse the backup solution into it. Then it would become almost impossible to separate admin roles such that the same guy doesn't have the ability to destroy production data and backups.

Biting the hand that feeds IT © 1998–2019