I wondered what had become of Black Bag the Faithful Border Bin Liner. Now I know!
758 posts • joined 3 Aug 2007
Check out her response to encryption at 17:09. It was pointed out that when companies use end to end encryption they would be 'unable to help' the government when served with a warrant to provide legible data. When asked what practical steps a company would be expected to take in order to fulfil the warrant she did not address the question, and simply reiterated that companies would be expected to comply with the warrant. Ridiculous.
You're going to die
Get used to the idea. And have some fun before you check out.
"we believe the best way for countries to promote the security and privacy interests of their citizens, while also respecting the sovereignty of other nations, is to ensure that surveillance is targeted, lawful, proportionate, necessary, jurisdictionally bounded, and transparent."
Why do I have a vision of Homer Simpson in my mind's eye? He - and most Tory ministers - will be thinking about doughnuts half way through that sentence.
Re: Goof performance
Typo: Good performance
I just watched Binney's testimony on Parliament TV, and a bloody good job he made of it. He didn't paint a pretty picture of the NSA and hammered home the point that's where the UK is headed.
But his concerns are going to fall on largely deaf ears.
Plucky rover is well stuck in
Plucky is an obligatory description. Don't forget it.
Quite right, too. Mostly appears in printed material, where a modest amount of paper can be saved.
Thank God I don't have to support your code! Indentations show in a very clear way how blocks of code relate to each other.
Re: There have been many mistakes caused by caching...
I sympathise, but sometimes it's beyond your control. For example I've had to deal with web app errors generated by traffic that happened to be routed through certain corporate caching proxies before hitting our servers. Query string parameters would end up coming through double-url-encoded, which messed up URL parsing. In the end I had to put in a defence against such proxies. Mentioning no names, but they're a big outfit with a name beginning B. Why they see fit to tamper with HTML content and mess it up is beyond me.
Old Holborn may well have a design patent on the appearance of their product, as they are entitled to do so. Such a patent would include a visual depiction of the particular form factor, typography etc. Although it makes for amusing (and regular) reading, Apple do not have a patent on rounded corners. They have design patents for devices that incorporate specific form factors which, in conjunction with many other elements, contribute to the overall design. The Coca Cola corporation doesn't have a monopoly on bottles that have rounded elements, but they do have a design patent that covers the specific implementation of their Coke bottle.
Re: Whats the problem
Re: Is HTML5 pure and saintly
HTML 5 doesn't do anything magical in respect of video playback. It just offers your browser the choice of playing MP4, WebM or Ogg files, depending on what's available on the server.
It's likely the case that player implementations for these file formats do have uncovered vulnerabilities. It's not so long ago that tainted JPEG files could poison a PC, for example. Such is life.
Darth Vader? I think you've got your films mixed up.
Aren't they going to have fun?
Logging all those requests made to foreign-based virtual private networks.
What a glorious waste of money.
Re: Yet more excuses for Apple to wall off OS/X even more
Rootless mode was introduced with El Capitan so that many system files and folders are off limits to all third party applications. And a good thing, too. Those files should not be tampered with, even if you are able to type in God's password when some malware has popped up a dialog box.
But... if you are a really determined owner, it's possible to disable rootless mode. Google it. It's a bit of a palaver, but possible.
iOS Jailbreaking is a good thing...
...because each and every instance of an iOS jailbreak installation relies on some kind of existing vulnerability. With each new iOS update, Apple close the vulnerability, which makes it more secure for all, and the jailbreak authors have to try a little harder. There have been times when jailbreaks have been unavailable for months.
As the article says, jailbreakers need to be aware of the risks, because it's them - almost always them - that are targeted by iOS malware.
I don't jailbreak, myself, since I personally get by with what's provided by the walled garden. But I'm glad there are people willing to take a hit, for the reasons above.
Re: Yet another reason to never trust Cloud Services
Sorry to burst your bubble, but the use of cloud services is increasing exponentially and will likely continue to do so. You're fighting a losing battle, I'm afraid. The demise of marginal players won't affect the outcome one jot.
That diagram is bonkers
A grey browser talks to a purple thing that has some 'execution machinery'.
Where are the Performance Biscuits?
I've never seen a fizzy drinks bottle without rounded edges either, but that doesn't stop Coca Cola from patenting the shape of their iconic bottle design.
Patent D286 does not actually seek to protect the use of rounded corners. It illustrates a particular device aspect ratio with rounded corners in a particular proportion. Realistically, the patent can only be used against cases of blatant copying, which... er... Samsung most certainly did.
Re: I wonder how our Mr. Crossley is getting on...
Ho Ho, it's been a while since I've watched one of those Downfall re-imaginings. I think the first one I saw, which really cracked me up, was the impending demise of HD DVD. Anyone remember that format?
I imagine he's quite annoyed now he went to PC World to get his computer fixed rather than an Apple Store.
On the plus side...
The user doesn't have to fanny about with licensing issues each time he gets or upgrades a new device.
The sandboxing is there for a reason. It might not be the be all and end all of security, but it's a good first line of defence against shady programmers. And the user knows that at least some vetting of the app has taken place.
Updates (and update notifications) of all kind are managed by the OS itself. You don't need app-specific services or a manual check running to check for updates.
Upgrade pricing is always available in the App Store if you choose to implement (essentially) a new product.
Negative reviews are a good thing as far as the end user is concerned. Some developer is getting hit really hard at the minute because of a lack of clarity regarding their In-App purchases.
I really don't want to be a doom monger
...but that descent looked well shaky. I feared that it might tip over at any moment. I can't help thinking that the control has to be much better than that before putting it to real use.
They know that a significant proportion of users don't bother with dedicated email clients, and prefer to check their mail via a browser. For those users: YOU WILL BE ADVERTISED TO. I don't know to what extent Yahoo trawl the content of emails regardless of access method, but if it's anything like Google's gmail: WE'RE GOING TO DO OUR DAMNDEST TO TRACK YOU AND ADVERTISE TO YOU. RESISTENCE IS USELESS.
Me, I prefer to pay a few poundlets per day to an email hosting provider that doesn't treat me as the product.
Re: Powering up reality distortion field now...
Probably the same reason that they won't let any old cable charge an iPhone. And there are reasons other than protectionism: Apple don't want to provide support for devices that have been affected by knock-off chargers. And they certainly want to minimise the number of reports where their equipment burns someone to death.
It's not really about the money. If you recall, there was a spate of iPhone 'accidents' a while back caused by cheap third party charging equipment. Apple offered replacement authorised (and safety-compliant) chargers for a handful of dollars to affected users. They certainly weren't making any money on that.
Re: Join up your thinking
Dear Dianne Feinstein,
God created such a product. It's called whispering.
The bright young things with their pin-sharp eyesight might be having a wonderful time, but when they get a bit older they will be gnashing their teeth.
The new music player in iOS is ridiculous. It shows a tiny sliver somewhere on the large screen that indicates the current playback position, like a thin red VU meter needle. Here's a hint: you don't use needles as UI elements that you can drag.
Here ya go, Mr. Downvote.
They also advised Apple to get out of the hardware business.
You're quite right.
If you install an app that asks you to type in a trusted user name and password in order to do its work, you are putting a lot of trust in that app. There are a million ways an app can use personal information that you've entered. Posting it off to a server somewhere is just one.
I imagine Apple keep a keen eye out for apps that pop up a dialog asking you to enter your iCloud credentials, however.
Re: Weak crypto
Don't apply for a job with the OED. Now, if there are any positions for pedantic misinformed twats around...
Re: Weak crypto
Yes there is. There are many cryptographic libraries in existence, and some are much weaker than others due to inherent flaws that have been cracked. Do a search for POODLE and SSL 3, for example.
Wouldn't be an issue...
If iOS scrapped free apps (funded by ads) completely.
I mean, let's face it, iOS apps are bloody cheap. If an app is worth having, it's worth paying a couple of quid for. As opposed to the current situation where there are gazillions of copycat useless bell-ringing and torch apps. Actually, they might have banned torch apps now since one comes pre-installed, but you get the idea.
I'm strongly of the opinion that there are far too many shit apps on the App Store, and offering them for free (with the attendant ads) only makes that situation worse.
I'm with Tim Cook on this one
"I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.
Our commitment to protecting your privacy comes from a deep respect for our customers. We know that your trust doesn’t come easy. That’s why we have and always will work as hard as we can to earn and keep it."
Imagine how annoyed Theresa May is going to be when he tells her to take a flying fuck at a doughnut.
Re: Security Theatre and/or Snooping
There's very little mention of encryption in that draft bill.
62. b says
IPA requires [Communication Service Providers] to provide communications data when served with a notice, to assist in giving effect to interception warrants, and to maintain permanent interception capabilities, including maintaining the ability to remove any encryption applied by the [Communication Service Provider] to whom the notice relates.
This falls short of insisting that CSPs provide backdoors to encryption; only that if they apply the encryption they must have a means of decrypting it. Which is clearly irrelevant in the case of end-to-end encryption, where it is the user who does the encryption, not the CSP.
Do you get to fly around in helicopters...
...trying to shoot alien creatures impersonating huskies?
Might counteract the boredom.
Re: How much?
Maybe because it's such a fecking obvious 'invention' it never occurred to them to even check for its existence. When there are holes like this in the road to trip you up it's a wonder any new products come to market.
There may be trouble ahead
Like a lot of people, I trust Windows Update to do a reasonable job of patching insecure code and generally making life a bit safer. That includes optional updates, where you can make the natural assumption that if they're there, having them can't do much harm. It's a lot easier to hit Install than wade through and research a bunch of tick boxes.
That may now have all changed. No sign of a Windows 10 on my PC yet, but any sniff of it without my in-your-face consent might result in a restore from disk image.
You'd better don your tinfoil hat the next time you connect to a banking website, then, if that's the case.
On the one hand, Larry Salibra says
"the mechanism Apple uses to disable the News app and Apple Maps uses the location of the user to change the behaviour of their device"
having already said
"it was pretty obvious that Apple isn’t using location tracking and geofencing to shut down the News App, but is doing so based on the mobile network the phone connected"
Who is this nitwit?
Someone should tell David Cameron
Flogging this dead horse is about as clever as fucking a dead pig.
Re: Idiots or traitors
That's Boolean algebra for you.
Re: What security?
That's not the issue at all. You are perfectly at liberty to obtain root certificates from a variety of sources and install them on an iPhone. The potential problem here was an app-in-the-middle scenario, where use of a content blocker app could make use of a VPN without the user's explicit knowledge.
Re: Any dolt
There's vulnerable. And there's reckless.
Deploying software that gets security updates rarely (or never) is asking for trouble. Android has a pretty good foothold now. That being the case, it's about time Google updated their terms and conditions to insist on security updates being made available in a reasonable time, for a number of years.
The biggest mobile performance improvement I've seen in recent times is ad and tracker blocking on my iOS devices. Easy peasy.
Indeed. The only viable secure option with Flash is to encrypt on-the-fly in hardware like the iPhone does (and always has done). That ain't gonna happen with cheap handsets.
Since Apple don't talk directly to El Reg,
one has to look elsewhere to find an official response...
"This issue only impacts users on older versions of iOS who have also downloaded malware from untrusted sources. We addressed this specific issue in iOS 8.4 and we have also blocked the identified apps that distribute this malware. We encourage customers to stay current with the latest version of iOS for the latest security updates. We also encourage them to only download from trusted sources like the App Store and pay attention to any warnings as they download apps."