* Posts by DougS

12863 posts • joined 12 Feb 2011

Evil third-party screens on smartphones are able to see all that you poke

DougS Silver badge

Re: A gift to Apple

How would 'testing a screen' insure that it doesn't have malicious code? Testing can only determine that it meets the software specs, not that it doesn't do 'extra' stuff or verify that the hardware specs (i.e. calibration etc.) are met.

I do agree that Apple went about it the wrong way, what it should have done is produced a warning that the screen isn't a genuine Apple part and may not function properly when you boot. You can click through that and ignore at your own risk, or complain to whoever replaced it / sold you the part if you were told it was a genuine Apple part.

Apple emits iPhone cop-block update – plus iOS, macOS, Safari patches

DougS Silver badge

The point is that Apple COULD NOT comply with a warrant, because they had no way to access the terrorist's locked phone.

They will act on warrants to deliver information stored in iCloud, since that's not encrypted with a key the end user controls. The data on the phone, or in iTunes backups on a computer, are encrypted with keys that the user controls and Apple has no way to override that. The FBI can serve a warrant for such stuff all they want, Apple cannot comply because they can't access the info and won't change their policies / OS to make themselves able to access it even though the FBI thinks they should.

DougS Silver badge

Sure, you can speculate about secret backroom deals all you want, I gues Apple and the FBI were just putting on a good act a couple years ago to throw us off the scent but you alone see what's really going on?

DougS Silver badge

Preventing it from going into USB restricted mode

No doubt that's an accidental loophole that will Apple will fix in a future update (probably 12.0, unless there's a really good reason to do an 11.4.2)

Even if the fix isn't perfect yet it is a big improvement and makes things harder for cops trying to illegally snoop people's phones. It also helps with USB security - i.e. the attacks talked about a few years ago where a miscreant could build a USB "charger" that secretly makes a data connection to a phone, since once USB restricted mode is entered a USB device is only good for charging, nothing else.

Astroboffins spy the brightest quasar that lit the universe's dark ages

DougS Silver badge

Re: 13 billion years!

You don't think that if humans still exist in 700 million years they couldn't easily work around this? Heck if it was going to happen in 70 years instead of 700 million I'd be pretty confident we could do so - we'd basically just need to block some of the excess sunlight from reaching the Earth.

DougS Silver badge

Re: 13 billion years!

We'll all be dead in less than a hundred years so who needs to wait a billion years to stop caring?

You're indestructible, always believe in 'cause you are Go! Microsoft reinvents netbook with US$399 ‘Surface Go’

DougS Silver badge

@Danny 5

I don't suppose you have proof of your claim? Thought not.

DougS Silver badge

Re: They're clearly copying Apple.

They're not only copying Apple's business strategy as you say they're also copying Google's by adding data collection "features" into Windows 10 to try to monetize user information.

I think they don't understand that you can't do both. One of Apple's main value propositions to help justify their pricing is that they make money off the hardware so they don't need to sell you to the highest bidder like Google. One of Google's main value propositions is that they make money off your personal information so they provide their services to you for free unlike Apple. Microsoft wants to charge premium prices for hardware, then collect and sell your personal info!

They've already tried and failed to copy Apple before (Zune, Windows Phone) and Google before (Bing and buying Acquantive) but I guess they think taking two incompatible strategies and combining them will succeed where they have failed before...

DougS Silver badge

Re: The Microsoft Slurpage has to STOP!

Your friends have all done this too? How did you manage that, did you just stop being friends with anyone who didn't follow your edicts?

No, it's not Intel's 5G chip Apple is ditching – it's the Sunny Peak Bluetooth, Wi-Fi part

DougS Silver badge

Re: MediaTek?

No, Apple's not done ARM SoC design "in a sense", they've done a from scratch ARM design entirely on their own starting with the A6. it is NOT an ARM design in any way. I thought this was common knowledge, surely there aren't still people who believe Apple is using an ARM core, or somehow relying on Samsung (Samsung hasn't even been fabbing their last few generations of SoC)

It is true designing a cellular baseband is not simple - Intel has had trouble but they've outsourced the whole project to a team of 1000 engineers in India, which shows the low importance they've placed on it. They don't design their CPUs in India...

Nortel's IP may not be useful for design, it would be useful however for patent defense - i.e. Apple infringes on patents X, Y, Z of Qualcomm or whoever, but they have patents A and B from Nortel for cross licensing. Qualcomm is the king of CDMA patents, but they are just another player when it comes to LTE, so once Apple decides to dump CDMA (probably not this year, but almost certainly next year since Verizon is dropping it as of Dec. 31 2019) trying to do their own baseband becomes much more feasible patent wise.

Apple will need to bring in some expertise, like they did with buying two CPU design firms to obtain the engineers necessary to design their own ARM core. They've hired some people, but probably not enough to roll their own. But they didn't go directly to fully custom ARM cores or fully custom GPUs. They started by licensing and modifying existing stuff, so that's probably their most likely path on the cellular side assuming they see value in developing their own.

DougS Silver badge

Re: MediaTek?

Apple doesn't so much want wireless chips, they want wireless IP they can license and include on their SoC. That's not an option with Qualcomm, but Intel was willing to consider it, and I'm sure Mediatek would be as well. If Apple maintains control of software updates then Mediatek's lack of interest in providing updates to their other customers isn't an issue.

I think Apple's ultimate goal would be to design their own, like they did with CPUs and more recently GPUs, but even though they acquired a lot of LTE patents from Nortel's bankruptcy the wireless world is a patent minefield so probably better to work with others at least until 5G shakes out.

iPhone 8 now outsells X, and every other phone

DougS Silver badge

Re: Has nothing to do with "first batch product"

Duh, I guess you stopped reading halfway through the sentence - why would someone pay $999 when Apple has a new one coming out in two months.

I bought mine at launch, and if you never bought a phone if you knew there was a better model coming out in a year then you would still be rocking a StarTac.

DougS Silver badge

Has nothing to do with "first batch product"

Why would someone pay $999 for the top of the line iPhone when everyone knows that Apple will have improved ones for sale in two months? Not only that, the 5.8" "X+1" phone will sell for less than $999.

My X works great, but I know the new ones this fall will be better. I'm more concerned with what comes out in 2019, that's when I'll probably be in a market for a new one - I want the bigger one (had a 6S plus before I bought the X) but I can wait a year.

No one wants new phones – it's chips that keep Samsung chugging

DougS Silver badge

@AC - lack of software differentiation a good thing

I know that's a popular sentiment for Reg readers, but the typical Android customer doesn't care about "stock Android". Even if they did, OEMs want more than hardware to differentiate with - i.e. Samsung trying to create a parallel environment with Samsung Pay, their own browser and so forth.

The less differentiation there is between Android OEMs, the more it hurts Samsung as the clear leader in the Android market.

DougS Silver badge

Samsung has a lot of competition

They have to compete with all the Android OEMs, and have to somehow justify their Apple-like pricing against far cheaper Android alternatives. Apple is in a better position because if you want an iPhone they're the only option - there aren't other companies selling $250 iPhones the way that Chinese OEMs are selling $250 Androids which are pretty much equivalent to the S9.

Google isn't helping their cause because every year they tighten the rules for Android OEMs a little more and remove leeway for differentiation, so if the hardware is pretty much the same and software is pretty much the same, why would someone spend $800 for the Samsung label on the chin?

Give Samsung a hand: Chaebol pulls back Arm to strike Intel's chips

DougS Silver badge

Reduction of leakage is why we have fins and later gate all around transistors.

California lawmakers: We swear on our avocados we'll pass 'strongest net neutrality protections' in America

DougS Silver badge

Re: Hold on a minute....

A politician listening to his constituents even if it is motivated by career ambitions is still a nice change. One of the things the overly partisan and gerrymandered congress we have in the US has caused is politicians that only listen to their own party's constituents. They have safe seats so they don't have to give damn what most their constituents want or what benefits them, only what their most hardline supporters want, to protect them from a primary challenge from the far left or far right.

Uh-oh. Boffins say most Android apps can slurp your screen – and you wouldn't even know it

DougS Silver badge

Re: @ratfox - Purism (real linux based) phones cannot come soon enough

The kernel used in Android is irrelevant to whatever data slurping may take place at higher layers thanks to either poor permissions or by Google's design. They could use a bug free perfectly secure kernel but if Google creates an API that lets third parties slurp data, the kernel isn't going to stop them.

A Linux based vaporware phone from some company no one has ever heard of isn't much to hang your hat on, especially if you happen to like using your phone for more than what the vendor installs - a.k.a. apps.

Google Chrome update to label HTTP-only sites insecure within WEEKS

DougS Silver badge

Will it be smart and except private IP space from this?

If you are browsing to a random device in 10.x.x.x or everyone's favorite 192.168.1.x I hope it doesn't complain that it isn't using https. That will lead to a lot of unnecessary but meaningless warnings.

Dear Samsung mobe owners: It may leak your private pics to randoms

DougS Silver badge

I received random photos from a Samsung owner

About a month ago, in the middle of the night. Fortunately I silence it at night so it didn't wake me up. Unfortunately nothing that exciting, just some pics of her dad's birthday party and her dog covered in mud. Definitely not her entire photo album - she's a habitual picture taker so it would have taken hours to send them all!

When I texted her that morning and asked "why did you send me these pics" she insisted she didn't send me anything. Last week she texted me and said the same thing happened to her with another friend. I told her she might have some malware, because I couldn't see any other reason her phone would randomly text pics. I should send her a link to this Reg article...

The Notch contagion is spreading slower than phone experts thought

DougS Silver badge

What do Google/Alexa have to do with fingerprint readers / FaceID?

The fingerprint/face data never leaves your phone - never leaves the Secure Enclave in fact. Comparing it to the massive privacy violation of always-on listening in Google Home & Alexa is utterly ridiculous!

DougS Silver badge

How does an under screen fingerprint reader

Eliminate the need for a notch? You have a notch because you have stuff like cameras, speakers, microphones, etc. on the front of the phone. Apple added more to get the 3D face scan, but if they didn't have it and had put a fingerprint reader on the back they'd still have a notch.

I think one reason only 22% of phones have a notch that the article author overlooks is because the majority of phones released this year haven't tried to be 'all screen' or close to it yet, due to cost. Many phones still have both a 'forehead' and a 'chin' - it would be stupid to have a notch for the forehead and still have a chin.

Sysadmin shut down server, it went ‘Clunk!’ but the app kept running

DougS Silver badge

Re: "so when the power returns your server will power up."

I was talking about a home system of the guy I was responding to. I agree you don't want servers in a datacenter powering up just because they see power - if for no other reason than the inrush might cause even more problems than the outage did. But at home, if you have something you want up all the time like a home email server, it better come up when the power does or it may be down for the duration of your vacation if it loses power on your way to the airport.

DougS Silver badge

Long uptimes are a disaster waiting to happen

Except perhaps in very stable systems. Not talking about security patching, though that matters too. I'm talking about startup scripts. If you apply patches to application software, sometimes it will futz with startup scripts - either removing your customizations or making changes that don't take your changes into account. Or you might change them yourself, because of other changes you made (maybe you add a drive to a cluster, and modify the mount script for that cluster app accordingly)

If you haven't rebooted in a year, and something goes wrong that's immediately obvious, it can be incredibly difficult to track down. Especially if it is something like a typo in the mount point for a new cluster drive, which causes the cluster app to mostly but not entirely function, but you won't notice it just looking at 'df' unless you are intimately familiar with the application.

You should never let servers go too long without a reboot, where "too long" varies depending on how much non-reboot change activity is happening on it.

DougS Silver badge
Pirate

Re: Halted machine on other side of the planet

You could have hacked into your home city's power grid and caused an outage long enough for your home UPS to drain, so when the power returns your server will power up.

Boffins want to stop Network Time Protocol's time-travelling exploits

DougS Silver badge

Why not use a GPS dongle?

Any datacenter selling hosting services should have at least one server set up as a tier 1 GPS source with an actual GPS receiver.

Then the link(s) to the internet aren't vulnerable to interception/delay, and attackers would have to compromise the router (or whatever) connected to the GPS receiver.

A major datacenter could have three of them, ideally running three OSes (Cisco IOS, Linux, BSD) to make compromising two of them less likely, so this 'crowdsourcing' idea could work. Before anyone complains about how you might not be able to receive GPS inside the datacenter, they can run coax to an outside antenna.

And that's now all three LTE protocol layers with annoying security flaws

DougS Silver badge

Some will suggest this was deliberate

But the fact that LTE and especially 5G was designed with IoT in mind, as well as being aware that much of the world still wants phones to cost $20 or less, doesn't leave a lot of room for mandatory security features.

The spy agencies don't have to plant holes, they just need to sit back and wait for the inevitable shortcomings and mistakes. It would be nice though to see 3GPP quit focusing on more and more speed by using larger and larger chunks of bandwidth, and have a release that's focused on security. It can be optional for end devices, that's fine, but it should be mandatory on the carrier side when the end device supports it. Then we just need Apple & Google to provide us with a way to tell if our devices have connected in a secure manner or not (make it show LTES and 5GS instead of LTE/5G in the status or something)

Apple fanbois ride to the aid of iGiant in patent spat with Qualcomm

DougS Silver badge

They're going after Apple because that's how the (potentially) infringing chips get into the US. iPhones are being assembled in China (and Brazil now I think, though not the ones imported into the US) so if Intel is manufacturing the chips outside the US they can't ban the import/export of the chips in US courts until they are in the phones.

Apple has been rumored to be talking to Mediatek, and they've been hiring enough RF engineers the last few years there's speculation they may be designing their own. So it looks like they have other irons in the fire, though those options could present similar problems.

Apple owns a fair chunk of LTE patents they obtained from Nortel's bankruptcy which you'd think they'd be able to use against Qualcomm to try to block import of phones containing Qualcomm chips - though that would be a rather nuclear option as pretty much no one would be able to import phones into the US if Mediatek was blocked by Qualcomm as well.

Apple's ultimate goal is to be able to integrate the cellular baseband (whether theirs or a third party's) onto their SoC so they want to find a way to leave Qualcomm.

SD cards add PCIe and NVMe, hit 985 MB/sec and 128TB

DougS Silver badge

Re: Cool! Just like on Star Trek

Star Trek about millions of gigaquads and even millions of teraquads, so regardless of what a "quad" is this mere 128 TB card has a way to go!

Brave Brave browser's hamburger menu serves Tor onion routing

DougS Silver badge

Google's "prove you are human" challenges

I'm pretty sure they are doing that just because they're pissed about people trying to avoid giving up their personal info and not "paying" for the use of Google.

Time to dump dual-stack networks and get on the IPv6 train – with LW4o6

DougS Silver badge

What's in it for me?

I'm not sure what the ISPs get out of it, but they're the ones who would have to drive the IPv6 transition outside areas where it is a foregone conclusion due to a lack of IPv4 blocks.

It sure as hell isn't going to be end user demand that makes it happen, because no matter how smooth and easy the transition can be made there's zero incentive for end users to make the switch. If the ISPs don't have the incentive to do so it would require some sort of higher authority like ICANN or the UN or Facebook twisting the ISPs' arms.

DougS Silver badge

Ideally it would happen in the cable modem / DSL modem, which would make it transparent to the customer's router. If the customer uses an ISP supplied modem/router combo, then the customer visible part could only expose the IPv4, not the ugly IPv6 underbelly.

This type of solution might actually make me grudgingly go along with IPv6. I sure as hell see no reason why I'd want to my home network to be IPv6 - a lot of extra complication and hassle for zero benefit - so keeping it IPv4 but encapsulating my traffic as IPv6 when it goes to the internet should be OK.

Koh YEAH! Apple, Samsung finally settle iPhone patent crusade

DougS Silver badge

@Flocke Kroes

For Apple, the cost was in increase in the price of Samsung displays. For Apple customers the cost was inferior displays from other manufacturers.

On what do you base your assertion that Samsung hiked the price they were charging Apple for displays? And what "inferior displays" are you saying they used??

DougS Silver badge

Re: Steve Jobs vowed to launch the legal equivalent of "thermonuclear war" against Samsung

They received $500+ million from the first suit, and had been awarded another $500+ million from this one, which one would assume Samsung would pay as part of the settlement since the prospect of reducing it through appeal had become rather remote.

A billion dollars obviously more than pays for Apple's legal fees, even at the crazy fees these teams must charge, but if Steve Jobs was still around I don't think he'd consider it a "win". The real lasting legacy is that companies may be a bit more wary about being in a position where they may be sued for violation of a design patent, since while the Supreme Court puts some limits on their value, a jury may still assign a rather substantial value to them (about 50% of Samsung's profit from the phones at issue, in this case)

Infamous 'Dancing Baby' copyright battle settled just before YouTube tot becomes a teen

DougS Silver badge

Its too bad the EFF couldn't continue to fight in her name

She was probably tired of fighting this battle and wanted to put it behind her, and I totally understand that. But it is too bad the EFF couldn't have continued to fight so this could come to some sort of resolution - at least I hope the EFF wasn't going along with the settlement, because all those years of fighting didn't resolve anything.

Uncle Sam is shocked, SHOCKED to find dark-web bazaars trading drugs, weapons, etc

DougS Silver badge

Re: So wrong

Well neither we nor the feds know exactly how much undetected activity there is on the dark web, but any site that becomes very big has a good chance of being compromised eventually. I'll bet there are several more dark web sites not involved with this sting that have the beginnings of operations on them.

The local cops arrest someone for possession with intent to deliver, ask where he got it, and then in exchange for leniency in sentencing he cooperates and they bring the feds in on it who use his ID on that darkweb site to order more, use the tracking info on the shipment to find where it was sent, place a second order and stake out the place he shipped from, which nabs another guy and all his customers, then go up the chain to his supplier...

The only way to stay off the radar is to keep a really small circle, but most criminals are greedy, and greed means you don't want to stay small when going bigger means more money!

DougS Silver badge

A psychedelic mushroom farm?

Someone was selling a farm on the dark web? I didn't know it had got that big, next thing you know Miami Beach condos will be for sale there!

Tesla tips ice on Apple, Google, Microsoft accounts of '$1m leaker'

DougS Silver badge

Whacked with a court order?

I'm sure these three get court orders to preserve evidence on a daily basis, given that they control the three biggest computing platforms in the world, and people tend to use the cloud storage that comes with their computing platform. And therefore all three have a process in place to deal with these types of court orders - which is why Apple told them "use the courts" when approached directly, as they should.

Crime epidemic or never had it so good? Drilling into statistics is murder

DougS Silver badge

Politicians work to slant these figures

Some want to hide crime to make people feel safe and complacent as the article suggests. Then you have people like Trump who want to hype crime and make it sound like it is increasing (violent crime has decreased greatly in the US since its peak around 1990) so people who feel unsafe will let an authoritarian do what all authoritarians do.

Firefox hooks up with HaveIBeenPwned for account pwnage probe

DougS Silver badge
Pirate

I'm sure I've been pwned

I've been using the same email / password combo for at least 15 years to a ton of sites that I consider throwaway and not worth anyone exploiting - the Reg included. So what if someone can login as me to various web boards, or shopping sites where I can pay via Paypal so I don't have to worry about them saving credit card info, and so forth?

Anything that matters gets some other password, which I have to keep filed away for sites I don't visit often. But it makes it damn easy to login to everything else, since my fingers can type my email and password very quickly after having done it tens of thousands of times over the years!

Creep travels half the world to harass online teen gamer… and gets shot by her mom – cops

DougS Silver badge
Pint

Is this some kind of record?

Never seen 167 downvotes before, let alone 167 downvotes with 0 upvotes...bravo AC, your brain's minuscule buffer size had you set a record that may never be broken!

Have a beer, to kill your remaining brain cell.

German researchers defeat printers' doc-tracking dots

DougS Silver badge

Re: Did it really sink Reality Winner?

Printers don't print text, they print dots. The steganography would have to happen in the driver.

DougS Silver badge

Did it really sink Reality Winner?

Apparently she was only one of six people who had accessed that particular document, and when questioned she admitted what she'd done. So I doubt those dots had anything to do with fingering her, though that makes a good story as a cautionary tale to other would be leakers.

Seems pretty simple to avoid though - don't give people the actual document you printed on a printer that can be traced back to you. Running it through a scanner at a lower resolution that lose those tiny identifying dots but leave the text and graphics still legible, or if it is 100% text use OCR. If you need paper of some sort print that electronic product on a public printer like at a hotel business center.

US gov quizzes AI experts about when the machines will take over

DougS Silver badge

Dunno why they keep bragging about computation time

Given the massive increase in training time, you'd think AIs wouldn't still be so stupid. Just goes to show that while our current approach to AI can make a less stupid machine, it isn't going to result in machines capable of invention or original thought like "let's kill all humans, or turn them in 125 volt batteries" anytime soon. Certainly not in the lifetime of the old men in congress.

Dot-Africa saga going to jury trial... thousands of miles away in America

DougS Silver badge

Re: How about no .africa

Exactly. There's no .europe, there's an .eu because there's an organization. If Africa creates such a union they can have a TLD for the organization, not the continent.

WPA3 is the magic number? Protocol refresh promises tighter Wi-Fi security

DougS Silver badge

Re: There are still easier ways to hack routers than WPA

You fix that by preventing access to the web interface from the outside - if you need to access it remotely you can use ssh -L.

UK Foreign Office offers Assange a doctor if he leaves Ecuador embassy

DougS Silver badge
Devil

Ecuador is south of the border wall.

So's Australia. Or England, for that matter, if you go south (well maybe SSE) for a little over 20,000 miles or so.

EU court: No, expat Frenchman can't trademark France.com

DougS Silver badge

Re: Amazon

Don't give El Reg's writers any ideas about new pseudonyms for Microsoft's products, or the front page might become NSFW!

USB-C for Surface owners arrives in form of a massive dongle

DougS Silver badge

Re: ?

Microsoft hasn't decided if they want to be Apple or Google. The "let's be Apple" camp is pushing Surface, which can go up to $3000 or so, and the "let's be Google" camp is pushing all the data collection built into Windows 10. The only thing clear from this is that whatever Microsoft ends up as, they obviously no longer want to be Microsoft!

At least they don't seem to have a "let's be Uber" camp!

White House calls its own China tech cash-inject ban 'fake news'

DougS Silver badge

Re: Bah!

Can we just start with a wall around Mar-A-Lago some weekend when Trump is there, and see how much that helps before you imprison the rest of us for his criminal stupidity and criminal criminality?

Biting the hand that feeds IT © 1998–2019