* Posts by DougS

12863 posts • joined 12 Feb 2011

Latest in Apple v FBI public squabble over iPhone crack demand

DougS Silver badge

Corporate fines for contempt of court as pretty small

From what I could gather in a quick google yesterday (I'm not a lawyer, obviously) there's a Supreme Court case stating that a corporation can be fined a maximum of $100K for contempt of court. Even as a daily fine, I'm sure Apple would consider that a cost of doing business as $36.5 million/yr is chicken feed for them - less than 1/10th of one percent of their yearly profit.

DougS Silver badge

NYC police wanting access to phones that are "part of a criminal proceeding"

I wonder how many of those 175 cases are minor crimes like bookmaking or dealing pot?

This is why the FBI is pressing this case - they felt like they had a winner with this case about terrorism, but they (and every other law enforcement agency in the US) wants to use it for every crime under the sun. Not that it will be limited to only US law enforcement, once Pandora's box is opened it will be essentially impossible for Apple to refuse similar aid to law enforcement in the UK, EU and China among others.

No doubt they'll charge some people with a crime they know won't hold up in court, just to get access to their phone for a fishing expedition or to harass and intimidate someone they don't like (like the ex wife of a cop, or a guy who films a cop doing something illegal) Eventually someone will die due to police misuse of the data they find, so it isn't only a 'good' where people are kept safer from terrorism like the FBI wants to portray.

Bill Gates denies iPhone crack demand would set precedent

DougS Silver badge

If the FBI wanted to be "extremely reasonable"

They would have acceded to Apple's request to file this case under seal. The important factors to consider are why did Apple make that request, and why did the FBI not honor it? Here are the possibilities:

1) Apple asked for it because they were going to do what the FBI asked but didn't want the bad publicity of helping hack into an iPhone. If so, the only reason for the FBI to not honor the request is because they wanted this case to set a precedent.

2) Apple asked for it because they were going to fight it and didn't want the bad publicity of "Apple refuses to help stop terrorism". If so, the only reason for the FBI to not honor it is because they wanted to drag Apple publicly through the mud, hoping public pressure would force them to comply, AND probably also to set a precedent.

Neither is the action of an FBI that wants to be "extremely reasonable".

This case has the perfect optics to put maximum pressure on Apple. Dead domestic terrorist who is known to be guilty and committed recent act on American soil fresh in people's memory, a phone owned by a government body, and its an iPhone 5c which is easier to bypass in this manner than the 5S/6/6S which may not be possible to bypass in this way due to the secure enclave. Exactly the sort of case you'd choose if you wanted to set a precedent, because it has the maximum chance of success in court.

Only a fool would believe this case wouldn't set a precedent - whether a court orders Apple to comply or they comply willingly, the next time the FBI wants the same task done for an iPhone Apple is put into the position of arguing "this time its different". The question becomes not "should they help" but "where's the dividing line between where help should or shouldn't be provided". What's the public reaction going to be if they help in this case, but refuse to help in the case of a terror suspect, or child molester suspect? Even in a case of "simple" murder the cops could get the tearful victim's sister on TV saying "why won't Apple help when it might provide my brother in law did it / is innocent, when they have provided this exact same help in other cases?"

NYC alone reported over 100 cases where they have an iPhone they can't access. Police are going to be lining up at Apple's door with thousands of requests. Can they really deliver a special version of iOS for each one? No, they will have to have a special "hack" version of iOS they install on these phones. Think that will never leak, or Apple's corporate servers are hacker proof?

DougS Silver badge

Re: keylogger

I'd be more worried about what is stored on the PC. Not to minimize the data being sent to Microsoft that they do who knows what with, but at least the chances of keystrokes linked to you personally getting in the hands of hackers through Microsoft are pretty small.

The stuff stored on your PC, on the other hand, would be just sitting there waiting for the first malware that sets up residence on your PC. If it happened to log your keystrokes when you are logging into your bank then the malware gets your bank password the moment it takes up residence in your PC. Even if tomorrow's AV update kills it off the damage is already done.

iOS app that smuggled pirated software into China is booted out of Apple's walled garden

DougS Silver badge

Devs submit binaries to Apple, not source code, so it isn't possible to fully review what it does. The review is more to check for bad behavior like using non published APIs. Hidden functionality that you have to enable via "secret" methods are harder to detect since the reviewers won't know how to access it. Once the information is made public for end users to utilize, it will find its way back to Apple and they can disable it.

Not sure if there is a way around this sort of a problem, short of requiring submission of source code which isn't really feasible.

NASA stormed by 18,000 wannabe 'nauts

DougS Silver badge

Re: американской исключительности

The Russians probably require speaking English also.

Imagination unfurls blueprints to 2017's TV, car dashboard chips: the PowerVR Series 8XE

DougS Silver badge

Re: If the TV market was so brutal?

I'm not sure you can sell something you refer to as a TV or television in the US without including a tuner. If you sell it as a "video monitor" the large majority of customers will be confused by it and won't be interested.

I agree with what you're saying, but it ignores market realities. That wouldn't save much money anyway, the tuner costs very little since almost all the patents have expired, and the smart TV functionality is to try to get people to see the TV as worth more and spend more money on it. The margins on a "video monitor" are bound to be even tinier due to the lower price they'd have to sell them for.

DougS Silver badge

Apple owns a chunk of Imagination and works with them to design somewhat customized (in terms of number of cores, shaders, etc.) versions for their SoCs. They only need Imagination to complete the various blocks and interconnection between them. They don't need finished products ready since they aren't using Imagination's finished products any more than they are using ARM designed A57 or A72 cores.

There have been rumors that Apple is working on their own GPU, but it isn't clear whether all the GPU guys they've hired are working on an Apple designed GPU from scratch, or simply working with Imagination to customize their offerings more towards Apple's needs.

FBI says it helped mess up that iPhone – the one it wants Apple to crack

DougS Silver badge

Re: Mobile Device Management?

Indeed, I read elsewhere that remote unlock capability via MDM was available on some of the county's phones, but hadn't been configured for this one.

DougS Silver badge

iCloud versus iMessage

iCloud backups are encrypted differently depending on the data they protect. Files protection by the protection class "no protection" (which a lot of stuff on the iPhone is, for reasons too long to go into) are encrypted on iCloud backups using a key Apple stores. Everything else (from the trivial like Facebook passwords, to the less trivial like all the information stored in your Health app) are encrypted by keys that Apple has no access to, and thus they cannot read by Apple.

If you don't want Apple to have access to anything on your phone, don't use iCloud. Backup to iTunes, using an encrypted backup. Only you have access to it, and it can only be decrypted with your password - i.e. if you forget the password the backup is worthless.

Messages are in the "no protection" class so if you sync your iPhone to iCloud then Apple has the ability to decrypt your past iMessage and SMS traffic that is stored in iCloud. However if you aren't backing up to iCloud then no one has access to your iMessages - they are encrypted end to end and Apple doesn't hold the key. If the recipient of your iMessage backs up to iCloud then those would be theoretically readable, but they'd have to know to look in that person's iCloud store and I'm not sure how they'd know you'd be in communication with that person unless they basically did a search of hundreds of millions of iCloud stores looking for those that included conversations with you! SMS messages are never secure because it is well established the telcos in the US cooperate with the government so you should probably assume the NSA logs all SMS traffic within the US.

DougS Silver badge

Re: Last chance for privacy?

If US corporations are forced to compromise the security of their products under direction of US courts, you don't think that affects you if you live outside the borders of the US? If anything, it is worse for you, at least if you use products subject to US laws (like say those with operating systems written by say Google or Microsoft if you aren't an Apple guy)

DougS Silver badge

A contempt of court fine will be cheap for Apple

I did a quick google (and I'm no lawyer yadda yadda) but it looks like the maximum a federal court can fine a corporation for contempt of court is $100,000 (United States v. Twentieth Century Fox Film Corp., 882 F.2d 656 (2d Cir. 1989))

Even if the court can fine Apple that every day, that's only $36.5 million a year. Apple makes at least that much per day in the US alone. The court can't hold corporate officers or directors legally responsible for the civil conduct of the corporation, at least not without overturning the whole basis upon which corporations are established.

With a fine that's cheap as chips for Apple, they will need a new law with far heavier financial penalties (either fines, or bans on purchase of Apple products by the US government and any organization that accepts federal funding) if they wanted to put Apple into a situation where they are forced to reconsider. Though even then Apple could simply threaten to move their HQ to another country where they would be immune from such orders. Depending on how far each side is willing to take this, it could have major repercussions.

DougS Silver badge

Re: This is despicable.

Why is a lack of trust in the government and law enforcement depressing? They have only themselves to blame - in particular the course of action that they decided to pursue after 9/11 where they said "screw the Constitution, we want access to everything without warrants or review".

Fortunately Snowden opened our eyes to what was going on, so we (and companies responding to what consumers want) can take steps to block them from doing this. The change Apple made in iOS 8 to hold the key to unlock an iPhone only on the phone was made in response to that. Previously Apple held a copy of the key, to help their customers who forgot their password or needed to unlock the phone of a decreased relative or whatever, but the way the government was acting thinking "all data are belong to us" meant this was no longer tenable.

Samsung Galaxy S7 and S7 Edge: Betting on VR with a dash of Vulkan

DougS Silver badge

Re: Bubble

Er....what? So if VR and IoT fail then capitalism collapses? A lot of technology is "repacking largely pre-existing technologies". That's basically what Apple did with the iPhone, they didn't invent anything new they just put together a combination of technologies that hadn't been put together before, and wrote some new software that integrated it all. Along with Android a huge new market was created from those existing technologies.

When self driving cars arrive they won't include any technology that doesn't already exist, those cars will be putting together existing technologies. As with smartphones, they'll simply require new software that ties all the existing technologies together to deliver that software that properly integrates it all (which will take longer this time because it is no big deal if a smartphone crashes, it is a big deal if a self driving car does)

We can do a lot by combining technologies that exist or only require modest refinement, in combination with software that integrates everything towards the desired goal. How many times in human history has "the wheel" been an integral part of a new invention?

If you look back at history, the only things that drive paradigm shifts for progress are ways to either use more energy or do more work for the same energy. Going from burning wood to burning fossil fuels allowed humanity to use more energy. Moore's Law allowed computers to do more and more work for the same amount of energy. We will need a fundamental breakthrough in fusion or super cheap solar for the next paradigm shift of progress. Until then we will mostly be reinventing what has already been invented, because what we can do is constrained to a large degree by the amount and cost of energy.

The lengthy gaps between steam power and coal power and oil/gas power and early computers to microprocessors didn't halt progress or growth of capitalism. A long enough gap might, but our great great grandchildren would be dead before we might reach that point - and fusion power will still be 20 years away! :)

DougS Silver badge

Battery replacement

I highly doubt anyone solders the battery in place. That would mean it could NEVER be replaced even by the OEM, so they'd have to give you a new phone!

Just to compare I looked up the instructions for the iPhone 6S and Galaxy S6. Neither are something the typical person who is afraid to replace a DIMM in their PC would attempt, but would be pretty simple for the typical Reg reader I would imagine.

The iPhone 6S takes only a few minutes and one special tool (a pentalobe screw driver, which you buy for a few bucks off eBay) The Galaxy S6 looks a little more tetchy since you have to disconnect several tiny ribbon cables and remove a few parts to access the battery, but requires no special tools though possibly a bit more time.

I think some earlier models of the iPhone glued down the battery which made it more of a pain to remove, but it was never soldered on.

https://www.ifixit.com/Guide/iPhone+6s+Battery+Replacement/49800

https://www.ifixit.com/Teardown/Galaxy+S6+Teardown/38636

ADpocalypse NOW: Three raises the stakes

DougS Silver badge

Are Three's customers being given any choice?

Are they providing the users a tool - i.e. letting you decide whether you want to enable this network level ad blocking? If they are, I say good on them, but there is nothing in the article to indicate that's the case. If they are just enabling it for everyone without giving you a choice, then I think it is a violation of net neutrality.

That fact that it is done with good intentions and something that almost every end user would support is irrelevant. It legitimates the carrier's "right" to choose what content a user requested that they don't get. Maybe next time they do something you don't like quite so much as free ad blocking.

I think Three is being very clever here. Carriers don't want net neutrality, and giving consumers something they want that violates net neutrality may help win them over to the dark side. Now if someone wants to make net neutrality a requirement, Three can go to their customers and say "hey you know this nice ad blocking thing we gave you, sure would be a shame to lose that. You want to write your MPs and tell them you are against a net neutrality requirement".

US DoJ files motion to compel Apple to obey FBI iPhone crack order

DougS Silver badge

Re: Work Phone

I think it is safe to assume his workplace isn't using MDM for the iPhones they're handing out, because that would have been the first thing they thought of.

DougS Silver badge

Re: Interesting that this gets overlooked

Well it is interesting, but maybe not for the reasons you're thinking. Apple has helped them in the past, but as far as we know never by creating a custom version of iOS to bypass the device's built in protection. Apple has already provided them with data from the iCloud account associated with the phone, so they aren't taking a position of "screw you law enforcement, we're not going to provide any help at all". They just don't want to be put in a position where they are required to use their insider knowledge and special ability to sign iOS releases to hack a phone for the FBI.

Whether they wanted this filed under seal because they wanted to create the custom iOS for the FBI but not publicly, or because they wanted to fight it but not publicly (in case public opinion had turned out to be against them, this is after all an investigation into terrorism on US soil so I admit to be rather surprised by the level of support Apple is seeing) is unknown - but you can guess based on thinking about why the FBI refused to file under seal.

That's what's really interesting here. Why should the FBI want to take this public?! If they knew Apple would cooperate if the request was under seal, they would have happily compiled with Apple's request to file under seal. The only reason for them to make it public that I can see are: 1) they knew or assumed Apple was going to fight it if filed under seal so they wanted to take it public and see if Apple was willing to risk the negative publicity. 2) they chose this case quite deliberately because it lined up perfectly for their stated goal of requiring tech companies to make it easier to access encrypted communications - this is a domestic terrorist, not a suspect but one we know is guilty, and is recent in everyone's memory - it even occurred in Apple's home state!

I think the FBI wanted to make this a test case, figuring if they were ever going to win this battle this would be the case to take. That's why they refused to file it under seal. They assumed public opinion would be against Apple (and I have to admit when I first heard about, I thought the majority of the general public would be against them as well) which would illustrate the "need" for tech companies to be required to make it easier to access encrypted communications.

The FBI's goal now looks pretty tenuous from where I'm sitting. No matter what this judge says, the loser will appeal these rulings and it will reach the Supreme Court, so it won't reach a final decision quickly. But based on public sentiment trending strongly Apple's way, I think they've already lost the war before this battle has even begun.

Interestingly, Scalia's death leaving the court with only 8 justices complicates this matter a bit. If it reaches the Supreme Court before his seat is filled and the court is tied 4-4, that would mean the lower court's ruling would stand but it would NOT set a nationwide precedent like a majority decision would. So there's one reason why it is a bad idea to leave a seat vacant on the Supreme Court for over a year, which looks likely given the political battle that has ensued. The Supreme Court might choose to delay hearing the case until they're at full strength, which would mean the earliest a final decision would be reached is summer 2017 and quite possibly summer 2018!

Microsoft patent filing confirms existence of 3D Jedi gesture phone

DougS Silver badge

Microsoft failing in the phone market isn't really a good thing

While most Reg readers wouldn't shed a tear if Microsoft is forced to abandon the phone market due to lack of success (or chooses to continue to lose money trying to preserve their 1% share) given that Blackberry has gone Android, Microsoft dropping out isn't exactly good for consumers. It reduces us to only two choices, Apple or Android.

The only way a third player could gain a foothold in this market is if Google tightens the screws too much on what OEMs can do with it. They've done that with the last few major Android releases and will probably continue to do so, but so far it hasn't been enough to cause any shifts. If they ever push too hard, we might see another OS spring up, probably from Samsung. It would almost certainly be based on Linux and app-compatible with Android - in order to have a chance of gaining any traction. So I'm not sure how different it would really be, other than allowing more OEM customization and less Google tracking.

A decade ago if anyone suggested that Apple and Google would own almost 100% of the phone market by 2016, you would have thought they'd lost their mind!

Q: How many guns to arm nine coachloads of terrorists?

DougS Silver badge

If you have 400+ terrorists traveling somewhere on 9 coaches

You are going to have one hell of a big problem whether they have guns or not. Or maybe they just got a group discount on a nice vacation before dying a glorious death in the name of Allah.

Feds look left and right for support – and see everyone backing Apple

DougS Silver badge

I doubt Apple sees any sales boost from this

They will definitely lose sales from those calling for a boycott of Apple over this. That's a minority of people, but some feel very strongly about this and it will undoubtedly cost Apple some sales. Yeah, maybe they get a boost from criminals but that's how big of a segment of the population? Probably the two cancel each other out at best.

No matter what Apple does, there's always some hater coming out of the woodwork to post some drivel to cast everything they do in the most negative light. Even those who will never become an Apple customer can enjoy the fact that this single case just destroyed the discussion about creating a "backdoor" in encryption for law enforcement. If the FBI can't get the public or even a lot of congress behind them on this which lines up pretty perfectly to make Apple look as bad as possible, it becomes immediately clear that this fight over encryption and back doors is over.

So thank Apple for taking this stand, even if you hate them and will never buy one of their products, they just did you a favor.

DougS Silver badge

Re: Trust

I'm not saying what Snowden did was bad in any way, I think people are misunderstanding my point. I think Snowden did us all a great service by providing us unimpeachable proof that there is absolutely no reason to trust the US government, or those of their five eyes partners who are hip deep in the same pit of sewage.

If Snowden hadn't opened our eyes, most people would still blindly trust that their government is acting in their best interest, at least most of the time. If everything in the world was the same as it is right now, other than Snowden never having leaked that data, Apple would be taking far more heat for not cooperating with the FBI. It is only because Snowden allowed the average person to see what is going on behind their back in their name that they are so distrustful of the government and FBI that they are backing Apple in a case that involves a known domestic terrorist!

DougS Silver badge

Re: It doesn't matter

No doubt China would be on top of the list of those insisting on being given the same ability to force Apple to help them with 'lawful' requests if they provided such aid to the FBI, given that Apple sells at least as many iPhones in China as in the US.

I'm sure the same presidential candidates who called out Apple for not cooperating with the FBI would be equally outraged if they provided such help to China for what China considers a 'terrorist' (which would probably include the guy who stood in front of the tanks in Tianamen Square some years ago)

The people who are calling out Apple for not cooperating with the FBI seem to have a very strong overlap with the people who have trouble realizing that the world is larger than just the US. I'm sure there's a lesson somewhere in that...

DougS Silver badge

Re: FBI mishandled evidence again

They'd have to be quick about applying the dead finger (assuming that post mortem the finger doesn't change enough that it won't work anymore) because there's a timeout as well. If the phone hasn't been unlocked for 48 hours, it will require using the password/PIN instead of Touch ID.

That 48 hour period is not configurable - personally I'd like to see an option to reduce that time. But you can always enforce the need for the password if you want by powering off the phone (and optionally powering it back on again)

DougS Silver badge

Re: Trust

As I said in another rather lengthy post, I think it was Edward Snowden who destroyed that trust. Yeah it was the government's actions that were ultimately responsible, but he revealed something of far greater scope than anyone who didn't wear a tinfoil hat 24x7 even remotely suspected. Had he not done so but the situation was otherwise the same, I think few would have been coming to Apple's defense and the title of this story would have 'everyone' replaced with 'no one'.

DougS Silver badge
Thumb Up

I'm pleasantly surprised by the support

When I first heard about this and then read Cook's letter, I thought this could go really bad. Divisive battle that quickly gets ugly and political, becoming a campaign issue that damages Apple's reputation. I'm pretty sure the FBI thought that was what was going to happen, and banked on Apple being afraid of that and caving.

The FBI picked the absolute best test case for this they ever could have, using the San Bernadino terrorist as the mark. That's fresh in everyone's memory, and was an ISIS inspired terrorist act carried out on US soil. What people had been worried about and assuming would happen eventually did. There was no doubt as to the guy's guilt, and since he was dead no way to waterboard him into giving up the PIN. It was an older model phone that allows the type of exploit that wouldn't be possible in a 5S or newer. It was a perfect storm of things that couldn't have gone better for the FBI trying to get people on their side. If people aren't on the FBI's side for this, I think we can pronounce the calls for building in a "back door" for law enforcement DOA without waiting for the body to float to the surface.

The fact that the majority supports Apple, that even politicians in congress in both aisles supported them really surprised me. They did this even though this case allows an easy way for a politician to score political points as being "tough on terror" by saying Apple must do this, or try to rally people's patriotism by calling it their duty as an American company or whatever. Yeah some of the presidential candidates jumped on this early - probably thinking incorrectly everyone else would jump on board and they'd look like leaders getting there first.

Then it didn't happen.

I guess I'm sometimes too cynical about my fellow man's ability to march blindly into a 1984 future, so I'm happy to be proven wrong. Hopefully it won't be the last time.

I think we have to give ALL the credit to Edward Snowden for this. If it weren't for the release of documents that showed the extent of government spying on private citizens, I think the instinct of a lot of citizens - and especially of politicians - would be to naively trust that the US government are the good guys. Snowden showed that trust is misplaced, and I doubt it will ever return. Stunts like this which is more political theater than anything are only making that worse (c'mon, the terrorists destroyed their hard drives and both personal phones, this phone was ignored because it was a work phone used for work only, and I suspect the FBI already knew it based on what they recovered from the iCloud account linked to this phone they just figured this was the ideal test case to push their agenda)

DougS Silver badge

It doesn't matter

Let's say Apple can load the hacked OS on premise, use it to learn the passcode, then load the previous OS on it before handing it to the FBI. That way the FBI can never get their hands on that code. Think that means there's nothing to worry about?

1. Apple has now created a signed compromised version of iOS. If they delete it, are they sure they deleted all versions, including those on backups? This isn't something they can cook up in a weekend hackathon, so it would leave footprints all over their systems that would be incredibly hard to completely eradicate. Forget one, and if a government or criminal element (but I repeat myself) bribes or threatens an Apple employee who has access to it you got problems!

2. Apple would have proven to the FBI they can do this, and there's no way they won't be asking again. And again. And again. Next time maybe it will be a newer model with a secure element. It is a lot more secure, but that doesn't mean there isn't a way if you have the ability to load a new OS on it. Even if they carefully delete the code and rewrite it from scratch each time, eventually it will leak out. Apple employees are well paid, but that doesn't mean Russian mobsters or Chinese government officials dangling $100 million at them, or threatening to kill their family, wouldn't result in a hacked version of iOS eventually making it out of Apple.

3. If Apple really can't break the security of iOS on newer phones with the secure element, asking them to leave a tiny crack in the door that would allow that security to be subverted but "only with an Apple signed hacked version of iOS, so you don't have to worry about criminals using that backdoor" is going to be the next 'request' of the feds. We all know this.

DougS Silver badge

That will only access certain data

Read Apple's iOS security document. It is 60 pages long and goes into extraordinary detail about how everything related to iOS security is handled. There are different types of file protection classes. Only files protected with the "no protection" class could be read in this manner. The keys to read files in other protection classes are dropped when the phone is locked, and such files would be inaccessible using the above method.

Text messages could be read with this method as they are in the 'no protection' class. They have to be since your phone receives them when locked, I guess to add them to whatever database format they're stored in. I would think they could add a bit more protection here by encrypting the text message store in a higher protection class and keeping newly received messages in a separate 'no protection' area - later adding them to the encrypted store when you unlock your phone. Then the above method could only access text messages received since the phone was locked but none of the older ones.

Given that the FBI has openly requested Apple hack iOS I wouldn't be surprised if there isn't a team at Apple now looking for things like my above suggestion to further lock it down (well they probably were already doing that...but looking a lot harder now) I wouldn't be surprised if iOS 11 really tightened the screws to close up even really complex hacks like the above. I also wouldn't be surprised if iOS 11 isn't supported on phones earlier than the 5S - it may well rely on the secure element so extensively that it can't run on older phones.

Android device manager app vuln leaves millions at risk of pwnage

DougS Silver badge

How can an app open up a vulnerability like that?

So the app is running and somehow is intercepting SMS messages but one of the ones it intercepts could exploit a bug in the app that p0wns the phone?

So essentially this app is allowed to run as root and grub through your SMS messages? What in the heck does it do that it needs that level of privilege and why would anyone be dumb enough to grant an app that level of privilege?

Google to snatch control of Android updates from mobe makers – analyst

DougS Silver badge

@SteveCarr

You mean a beta program?

Apple has run every iOS update through beta testing. That doesn't stop them occasionally having problems with the release version. And that's with a tiny amount of hardware variation compared to Android, and hardware designed by Apple.

No matter how much beta testing / early adopter stuff you do, you will find problems in release software. With the nearly infinite number of combinations of hardware in the Android world, those problems will be worse for Google than they are for Apple.

DougS Silver badge

Re: Don't get your hopes up

If you say both sides are uninformed speculation, then you should rely on the source. Until Google says they are going to do this, you shouldn't assume it is coming. If they say they are, then we can assume they have found a way around the objections raised, and speculate on the reaction of OEMs to giving up all ability for software customization.

DougS Silver badge

Don't get your hopes up

This is just the speculation of an analyst, worth almost nothing.

There are several problems with this. One, how is Google going to verify that the update won't brick phones? Apple gets it wrong occasionally and they have only a handful of different models - all of which they designed themselves. There are literally thousands (at least) hardware variations in the Android world. Google is going to release updates on consumers without testing on all the hardware variants? Good luck with that. Or expect OEMs to test it for them, when OEMs can't be bothered to do anything connected with updates now and Google won't compensate them for their trouble and would likely blame any incompatibilities on the OEM instead of their OS? Good luck with that, too.

Two, OEMs aren't going to stand still and let Google take away their remaining differentiation, or the ways in which they can install their own services to try to make a little something after the sale instead of letting Google grab every single penny of post-sale revenue. I could easily see Samsung, Xiaomi and others forking the last version of Android before that one and sticking with it. Or switching to another phone OS entirely that remains compatible with Android apps.

What is in it for the OEMs to go along with Google making every single OEM's UI look exactly identical to the rest? Yeah, it is great having regular updates but the lack of them doesn't seem to be hurting Android's market share at all. Customers (outside the Reg readers and others of similar technical level) aren't clamoring for that.

This is the place where Reg readers will downvote me and tell me that they'd kill for a good phone that came with a generic Android install with no OEM skins or bloatware. But you lot aren't the average consumers. The average person isn't asking for that, or else Nexus phones would have sold one heck of a lot better than they did.

Google may wish they could do this, but if they tried they'd have a revolt on their hands from consumers, and if Samsung forked Android 6.x or switched to some Linux variant that was compatible with 99% of Android apps customers wouldn't care. They'd still buy Galaxys and would wonder what the fuss is about when their Reg reading friends told them "that's not real Android, you are buying the wrong phone!"

Confused as to WTF is happening with Apple, the FBI and a killer's iPhone? Let's fix that

DougS Silver badge

Scalia would have sided with the people against the FBI?

I think you might want to read his opinions in similar cases if you believe that...

DougS Silver badge

Re: A tangled web we weave....

I am giving Apple the benefit of the doubt that they know how to keep a key that important secure. I would bet it is kept on an air gapped system or isolated network, and only a handful of people have access to it - probably never alone.

They make over 2/3 their profit off iOS, given that it would cost them billions in lost profits due to the scandal if the iOS signing key escaped and was used to sign a bogus OS update I think they can afford to secure it at least as well as the T101 hand and CPU were in Terminator 2 :)

DougS Silver badge

@dajames

I guess I should have noted I was talking about US law here. You sad sacks in the UK are saddled with that horrible RIPA law that fortunately has no counterpart in the US.

DougS Silver badge

Re: It's probably just a false flag case...

No one is claiming it is truly uncrackable. Apple hasn't claimed that what the FBI wants to them to do is impossible, but that there are multiple reasons they shouldn't be compelled to do it.

This phone is a 5c, the newer ones have a secure element that makes the strategy the FBI wants to pursue impossible. But given sufficient resources I'm sure even those could be cracked. You might need to decap the SoC in an unlit vacuum, use an electron microscope to read the fused UUID, who knows, so it could be cost prohibitive but I don't think anyone is naive enough to claim something like this is truly impossible. But truly impossible and impossible for all practical purposes are the same thing for most of us - in the 'good enough for me' category.

Under-fire Apple backs down, crafts new iOS to kill security safeguard

DougS Silver badge

It unbricks the phone, but won't support Touch ID or Apple Pay if it detects a non-Apple Touch ID sensor.

Those who want to start the global whining about how Apple are only doing this because of the wads of cash they make selling replacement Touch ID sensors are welcome to do so :)

DougS Silver badge

Re: Hmmm...

Just saw elsewhere that it does in fact disable Touch ID (and therefore Apple Pay as well) while letting the phone otherwise work properly.

DougS Silver badge

Re: Hmmm...

I'm willing to bet it just disables Touch ID, unless they found another way to defend against a rogue Touch ID sensor.

It wouldn't affect the current case with the FBI, since that concerns an iPhone 5c - which does not have Touch ID.

DougS Silver badge

Remains to be seen

The article doesn't say whether that's the case - it might still disable the functionality of Touch ID if you use a third party component, in order to protect its security.

If they do that I know some will claim "there's Apple still trying to make more money" but honestly does anyone think that selling Touch ID replacement parts is a big profit center for Apple when they are making about a billion dollars a week in profit? Even back when they had the "error 53" if they provided no help they wouldn't make money on a new iPhone - you can take your broken iPhone to Apple and they'll replace it for $200 or basically at cost. They don't make money making you buy a new iPhone, unless you don't check with them first and pay full whack (and that strategy would obviously cost them some because some customers might be fed up and buy an Android instead)

Given the whole business with the FBI yesterday, if it turned out a rogue Touch ID sensor was able to compromise the iPhone's security one could understand why they'd take this step. I'm not sure exactly how that might work, but clearly Apple was worried about the possibility - though maybe they can work around it by strengthening the way the secure enclave works to be more defensive against the possibility of a rogue Touch ID sensor.

FCC clicks off the safety, fires at America's great cable TV box rip-off

DougS Silver badge

Re: Don't we kind of have this now with TiVo?

Cable card has been a failure. Tivo is the only competitor in that market anyone has ever heard of, and their volume is so tiny that their pricing is outrageous due to the lack of competition. Less than 1% of people bring their own device and rent a cable card. Cable cards are one way only, and don't support the cable company's VOD (which is growing more and more important in today's streaming world) except for a couple of companies that actually support that on a Tivo despite not being required to.

They want to replace that failed standard with something modern - something software based instead of a physical card. Software easily allows that and networks trust it in a way they didn't back in the 90s when Napster made them worry that stealing their content and trading it online for free would be next. They have to trust it because it is using for streaming/VOD content today.

Don't you want to be able to buy a TV that you could just connect to your cable and have it able to work properly with all the channels, show a guide, play VOD content, etc.? That's what they are trying to accomplish here (maybe, hopefully a bit more so you could use a device like a Tivo and your TV would display its guide instead of the cable company's guide so you wouldn't have to depend on what features they give you, but that may be hoping for too much)

FBI iPhone unlock order reaction: Trump, Rubio say no to Apple. EFF and Twitter say yes

DougS Silver badge

Re: Apple has supported alphanumeric passwords for ages

If you're going full conspiracy theory, I wonder what the timing of Apple's change that causes the 'error 53' if you swap out the fingerprint reader and the discussion returning about government forcing 'backdoors'. Apple claimed the reason was that a rogue fingerprint reader could be used to compromise device security. Not sure how that works but interesting in light of how much discussion there has been lately and now this issue surfaces. I heard this was added in iOS 9, not sure if it was 9.0 or a later 9.x rev.

Anyway, the ability to update a "locked" phone stems from the ability to update it in DFU mode, which is sort of a low level pre-boot state. If they block updating from DFU mode that's fine but if they ever release an iOS update that causes problems that prevent the phone booting properly or accepting a PIN/password it will be a real headache for them as end users couldn't fix it themselves.

Maybe what they could do is require you to provide the Apple ID and password linked to the device to perform a DFU update. That would keep it secure from even Apple updating the firmware without the password - though that depends on how it is implemented, since they provide a way to reset your Apple ID password obviously Apple could do so itself. They offer two factor authentication for it so they could use it for these DFU updates but most people would probably use their phone for this which wouldn't help assuming they can get carrier cooperation.

It is definitely a difficult problem to build something that is secure against the company who made it, but Apple appears to be trying to do exactly that. And whether you agree with their stance, this case illustrates the reason why they are going to all this trouble.

IBM open sources its blockchain code – the non-crazy part of Bitcoin

DougS Silver badge

Re: Solution looking for a problem

There is nothing magic about a blockchain ID, it provides the same authentication that having that information signed with the hospital's signing key would. You don't need a blockchain to allow you to connect to your hospital via your health app and download records to your healthcare wallet.

In either scenario by far the most difficult hurdle will be all the regulatory issues they'll have to work around to even ALLOW your phone app to connect to the hospital and access/download health records. Blockchains don't remove those regulatory hurdles or make the process any more secure.

DougS Silver badge

Re: Solution looking for a problem

Yes I thought that example was a terrible one. Companies have multiple layers of review and approval to insure money is spent properly. Putting it all in a blockchain won't take away the fact that expenses over $50K need approval X, over $500K need approval X and Y, and $5M need X, Y and Z. Whether each layer adds their approval into a blockchain, sends an email, signs a piece of paper or sends up smoke signals won't change that.

Trade union threatens work-to-rule action over HPE Lancashire job cuts

DougS Silver badge

Shouldn't they be happy the jobs are staying in the UK?

I assumed from the headline I would be reading how the jobs were being outsourced to India. Does the union expect HPE to keep this office open forever?

This is the sort of thing that gives unions a bad name. Protest things that matter, not when companies are doing the right thing and keeping jobs in country.

How tech firms can drive growth without making inequality worse

DougS Silver badge

Nice idea to upskill the local residents

Unfortunately the tech companies would rather hire Indian or Chinese coders for a fraction of the price.

Pilot posts detailed MS Flight Sim video of how to land Boeing 737

DougS Silver badge

@Jos V

Thanks for the very informative response. When I read the article I thought the same thing. Now I'll know to be ready next time I'm sitting in first in case the stewardess asks in a very worried tone "Is there a doctor or pilot on board!?" I'm neither, but if I stayed in a Holiday Inn Express the night before I'll volunteer anyway, what's the worst that could happen?

LISA Pathfinder drops its gravity-wave-finding golden boxes

DougS Silver badge

Re: billionth-of-a-metre accuracy

Compared to the accuracy level of LIGO - 10^-18 meters or nine orders of magnitude better - I'm not sure if this will be more accurate if it is really "only" accurate to 10^-9 meters.

Yeah, million km arms beats LIGO's 4km (which is actually 600 km since it is reflected back and forth 75 times) but it doesn't seem like it is enough to overcome LIGO's massive sensitivity advantage. Unless the larger arms have a much bigger effect i.e. 10x longer arms = 1000x greater sensitivity since gravity waves are traveling through three dimensions. Anyone know how the math works out on this comparison?

SimpliSafe home alarms transmit PIN unlock codes in the clear – ideal for lurking burglars

DougS Silver badge

Re: Who doubts this has not *already* been done in the wild?

These are low end systems that would be installed in houses burgled by low end burglars. I doubt the guys robbing houses with these alarms are anywhere near smart enough to do this analysis. If they were, they'd do a similar analysis against higher end systems, and no doubt find weaknesses in them (though hopefully not this bad) and be able to rob a home owned by "lifestyles of the rich and famous" instead of that garish McMansion down the block.

Biting the hand that feeds IT © 1998–2019