I wondered what had become of Black Bag the Faithful Border Bin Liner. Now I know!
Posts by Mike Bell
754 publicly visible posts • joined 3 Aug 2007
Apple's anti-malware Gatekeeper still useless: Security bloke reveals lingering holes
UK Home Sec stumbles while trying to justify blanket cyber-snooping
Encryption
Check out her response to encryption at 17:09. It was pointed out that when companies use end to end encryption they would be 'unable to help' the government when served with a warrant to provide legible data. When asked what practical steps a company would be expected to take in order to fulfil the warrant she did not address the question, and simply reiterated that companies would be expected to comply with the warrant. Ridiculous.
Boozing is unsafe at ‘any level’, thunders chief UK.gov quack
Oh UK.gov. Say you're not for weakened encryption – Google and Facebook
Doughnuts
"we believe the best way for countries to promote the security and privacy interests of their citizens, while also respecting the sovereignty of other nations, is to ensure that surveillance is targeted, lawful, proportionate, necessary, jurisdictionally bounded, and transparent."
Why do I have a vision of Homer Simpson in my mind's eye? He - and most Tory ministers - will be thinking about doughnuts half way through that sentence.
GCHQ mass spying will 'cost lives in Britain,' warns ex-NSA tech chief
Curiosity Rover eyes Mars' creeping dunes
Forget anonymity, we can remember you wholesale with machine intel, hackers warned
Cache-astrophic: Why Valve's Steam store spewed players' private profiles to strangers
Re: There have been many mistakes caused by caching...
I sympathise, but sometimes it's beyond your control. For example I've had to deal with web app errors generated by traffic that happened to be routed through certain corporate caching proxies before hitting our servers. Query string parameters would end up coming through double-url-encoded, which messed up URL parsing. In the end I had to put in a defence against such proxies. Mentioning no names, but they're a big outfit with a name beginning B. Why they see fit to tamper with HTML content and mess it up is beyond me.
What did we learn today? Microsoft has patented the slider bar
Old Holborn may well have a design patent on the appearance of their product, as they are entitled to do so. Such a patent would include a visual depiction of the particular form factor, typography etc. Although it makes for amusing (and regular) reading, Apple do not have a patent on rounded corners. They have design patents for devices that incorporate specific form factors which, in conjunction with many other elements, contribute to the overall design. The Coca Cola corporation doesn't have a monopoly on bottles that have rounded elements, but they do have a design patent that covers the specific implementation of their Coke bottle.
UK ISP Sky to make smut an opt-in service from 2016
Facebook hammers another nail into Flash's coffin
Re: Is HTML5 pure and saintly
HTML 5 doesn't do anything magical in respect of video playback. It just offers your browser the choice of playing MP4, WebM or Ogg files, depending on what's available on the server.
It's likely the case that player implementations for these file formats do have uncovered vulnerabilities. It's not so long ago that tainted JPEG files could poison a PC, for example. Such is life.
Review: Star Wars: The Force Awakens offers a new hope for the franchise
New gear needed to capture net connection records, say ISPs
All eyes on the jailbroken as iOS, Mac OS X threat level ratchets up
Re: Yet more excuses for Apple to wall off OS/X even more
Rootless mode was introduced with El Capitan so that many system files and folders are off limits to all third party applications. And a good thing, too. Those files should not be tampered with, even if you are able to type in God's password when some malware has popped up a dialog box.
But... if you are a really determined owner, it's possible to disable rootless mode. Google it. It's a bit of a palaver, but possible.
iOS Jailbreaking is a good thing...
...because each and every instance of an iOS jailbreak installation relies on some kind of existing vulnerability. With each new iOS update, Apple close the vulnerability, which makes it more secure for all, and the jailbreak authors have to try a little harder. There have been times when jailbreaks have been unavailable for months.
As the article says, jailbreakers need to be aware of the risks, because it's them - almost always them - that are targeted by iOS malware.
I don't jailbreak, myself, since I personally get by with what's provided by the walled garden. But I'm glad there are people willing to take a hit, for the reasons above.
Microsoft pitches lobotomized Cortana for iOS, Android handsets
Dropbox tells Mailbox and Carousel users to get their affairs in order
Microsoft drops dogma, open-sources Chakra JavaScript engine
Rounded corners on Android phones cost Samsung $548m: It will pay up to Apple after all
Re: I
I've never seen a fizzy drinks bottle without rounded edges either, but that doesn't stop Coca Cola from patenting the shape of their iconic bottle design.
Patent D286 does not actually seek to protect the use of rounded corners. It illustrates a particular device aspect ratio with rounded corners in a particular proportion. Realistically, the patent can only be used against cases of blatant copying, which... er... Samsung most certainly did.
Smut-seeding Prenda Law ringleader must sell home to pay $2.5m debt
Re: I wonder how our Mr. Crossley is getting on...
Ho Ho, it's been a while since I've watched one of those Downfall re-imaginings. I think the first one I saw, which really cracked me up, was the impending demise of HD DVD. Anyone remember that format?
https://www.youtube.com/watch?v=frZTf3mX97c
Apple pays two seconds of quarterly profit for wiping pensioner's pics
Sketch dev pulls out of Mac App Store, cites slow reviews, tech limitations
On the plus side...
The user doesn't have to fanny about with licensing issues each time he gets or upgrades a new device.
The sandboxing is there for a reason. It might not be the be all and end all of security, but it's a good first line of defence against shady programmers. And the user knows that at least some vetting of the app has taken place.
Updates (and update notifications) of all kind are managed by the OS itself. You don't need app-specific services or a manual check running to check for updates.
Upgrade pricing is always available in the App Store if you choose to implement (essentially) a new product.
Negative reviews are a good thing as far as the end user is concerned. Some developer is getting hit really hard at the minute because of a lack of clarity regarding their In-App purchases.
Suck it, Elon – Jeff Bezos' New Shepard space rocket blasts off, lands in one piece
Yahoo! Mail! is! still! a! thing!, tries! blocking! Adblock! users!
Re: imap
They know that a significant proportion of users don't bother with dedicated email clients, and prefer to check their mail via a browser. For those users: YOU WILL BE ADVERTISED TO. I don't know to what extent Yahoo trawl the content of emails regardless of access method, but if it's anything like Google's gmail: WE'RE GOING TO DO OUR DAMNDEST TO TRACK YOU AND ADVERTISE TO YOU. RESISTENCE IS USELESS.
Me, I prefer to pay a few poundlets per day to an email hosting provider that doesn't treat me as the product.
Apple's Watch charging pad proves Cupertino still screwing buyers
Re: Powering up reality distortion field now...
Probably the same reason that they won't let any old cable charge an iPhone. And there are reasons other than protectionism: Apple don't want to provide support for devices that have been affected by knock-off chargers. And they certainly want to minimise the number of reports where their equipment burns someone to death.
It's not really about the money. If you recall, there was a spate of iPhone 'accidents' a while back caused by cheap third party charging equipment. Apple offered replacement authorised (and safety-compliant) chargers for a handful of dollars to affected users. They certainly weren't making any money on that.
Tech firms fight anti-encryption demands after Paris murders
Apple's design 'drives up support costs, makes gadgets harder to use'
I agree
The bright young things with their pin-sharp eyesight might be having a wonderful time, but when they get a bit older they will be gnashing their teeth.
The new music player in iOS is ridiculous. It shows a tiny sliver somewhere on the large screen that indicates the current playback position, like a thin red VU meter needle. Here's a hint: you don't use needles as UI elements that you can drag.
JURECA! Germany flips big red switch on 2.2 petaflop supercomputer
Nice
They'll just be using it to play Killer Gorilla, though.
It's Gartner Magic Graph of Wonder time! And Google won't be happy
Instascam! Apple yanks phoney app, Google follows
You're quite right.
If you install an app that asks you to type in a trusted user name and password in order to do its work, you are putting a lot of trust in that app. There are a million ways an app can use personal information that you've entered. Posting it off to a server somewhere is just one.
I imagine Apple keep a keen eye out for apps that pop up a dialog asking you to enter your iCloud credentials, however.
Tim Cook: UK crypto backdoors would lead to 'dire consequences'
Apple's iBackDoor: Dodgy ad network code menaces iOS apps
Wouldn't be an issue...
If iOS scrapped free apps (funded by ads) completely.
I mean, let's face it, iOS apps are bloody cheap. If an app is worth having, it's worth paying a couple of quid for. As opposed to the current situation where there are gazillions of copycat useless bell-ringing and torch apps. Actually, they might have banned torch apps now since one comes pre-installed, but you get the idea.
I'm strongly of the opinion that there are far too many shit apps on the App Store, and offering them for free (with the attendant ads) only makes that situation worse.
UK cyber-spy law takes Snowden's revelations of mass surveillance – and sets them in stone
I'm with Tim Cook on this one
"I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.
Our commitment to protecting your privacy comes from a deep respect for our customers. We know that your trust doesn’t come easy. That’s why we have and always will work as hard as we can to earn and keep it."
Imagine how annoyed Theresa May is going to be when he tells her to take a flying fuck at a doughnut.
UK's super-cyber-snoop shopping list: Internet data, bulk spying, covert equipment tapping
Re: Security Theatre and/or Snooping
There's very little mention of encryption in that draft bill.
62. b says
IPA requires [Communication Service Providers] to provide communications data when served with a notice, to assist in giving effect to interception warrants, and to maintain permanent interception capabilities, including maintaining the ability to remove any encryption applied by the [Communication Service Provider] to whom the notice relates.
This falls short of insisting that CSPs provide backdoors to encryption; only that if they apply the encryption they must have a means of decrypting it. Which is clearly irrelevant in the case of end-to-end encryption, where it is the user who does the encryption, not the CSP.
Job alert: Is this the toughest sysadmin role on Earth? And are you badass enough to do it?
Apple ordered to write a $234m check to uni in A7 chip patent spat
Microsoft now awfully pushy with Windows 10 on Win 7, 8 PCs – Reg readers hit back
There may be trouble ahead
Like a lot of people, I trust Windows Update to do a reasonable job of patching insecure code and generally making life a bit safer. That includes optional updates, where you can make the natural assumption that if they're there, having them can't do much harm. It's a lot easier to hit Install than wade through and research a bunch of tick boxes.
That may now have all changed. No sign of a Windows 10 on my PC yet, but any sniff of it without my in-your-face consent might result in a restore from disk image.
Can we speak in private? Chat app intros end-to-end crypto tech
Apple news-churn app mysteriously stops churning news in China
Contradictory conclusions
On the one hand, Larry Salibra says
"the mechanism Apple uses to disable the News app and Apple Maps uses the location of the user to change the behaviour of their device"
having already said
"it was pretty obvious that Apple isn’t using location tracking and geofencing to shut down the News App, but is doing so based on the mobile network the phone connected"
Who is this nitwit?
FBI boss: No encryption backdoor law (but give us backdoors anyway)
Apple borks Apple News ad-blocking app due to 'privacy concerns'
Re: What security?
That's not the issue at all. You are perfectly at liberty to obtain root certificates from a variety of sources and install them on an iPhone. The potential problem here was an app-in-the-middle scenario, where use of a content blocker app could make use of a VPN without the user's explicit knowledge.
Ad-slinging rootkit nasty permanently drills into Android mobes, tabs
Re: Any dolt
There's vulnerable. And there's reckless.
Deploying software that gets security updates rarely (or never) is asking for trouble. Android has a pretty good foothold now. That being the case, it's about time Google updated their terms and conditions to insist on security updates being made available in a reasonable time, for a number of years.
Google and pals launch Accelerated Mobile Pages project
Factory settings FAIL: Data easily recovered from eBayed smartphones, disks
iOS malware YiSpecter: iPhones menaced by software nasty
Since Apple don't talk directly to El Reg,
one has to look elsewhere to find an official response...
"This issue only impacts users on older versions of iOS who have also downloaded malware from untrusted sources. We addressed this specific issue in iOS 8.4 and we have also blocked the identified apps that distribute this malware. We encourage customers to stay current with the latest version of iOS for the latest security updates. We also encourage them to only download from trusted sources like the App Store and pay attention to any warnings as they download apps."