* Posts by Mike Bell

754 publicly visible posts • joined 3 Aug 2007

Page:

Apple's anti-malware Gatekeeper still useless: Security bloke reveals lingering holes

Mike Bell

I wondered what had become of Black Bag the Faithful Border Bin Liner. Now I know!

UK Home Sec stumbles while trying to justify blanket cyber-snooping

Mike Bell

Encryption

Check out her response to encryption at 17:09. It was pointed out that when companies use end to end encryption they would be 'unable to help' the government when served with a warrant to provide legible data. When asked what practical steps a company would be expected to take in order to fulfil the warrant she did not address the question, and simply reiterated that companies would be expected to comply with the warrant. Ridiculous.

Boozing is unsafe at ‘any level’, thunders chief UK.gov quack

Mike Bell
Pint

You're going to die

Get used to the idea. And have some fun before you check out.

Oh UK.gov. Say you're not for weakened encryption – Google and Facebook

Mike Bell

Doughnuts

"we believe the best way for countries to promote the security and privacy interests of their citizens, while also respecting the sovereignty of other nations, is to ensure that surveillance is targeted, lawful, proportionate, necessary, jurisdictionally bounded, and transparent."

Why do I have a vision of Homer Simpson in my mind's eye? He - and most Tory ministers - will be thinking about doughnuts half way through that sentence.

GCHQ mass spying will 'cost lives in Britain,' warns ex-NSA tech chief

Mike Bell

Re: Goof performance

Typo: Good performance

Mike Bell

Goof performance

I just watched Binney's testimony on Parliament TV, and a bloody good job he made of it. He didn't paint a pretty picture of the NSA and hammered home the point that's where the UK is headed.

But his concerns are going to fall on largely deaf ears.

Curiosity Rover eyes Mars' creeping dunes

Mike Bell

Plucky rover is well stuck in

Plucky is an obligatory description. Don't forget it.

Forget anonymity, we can remember you wholesale with machine intel, hackers warned

Mike Bell

Quite right, too. Mostly appears in printed material, where a modest amount of paper can be saved.

Mike Bell

Thank God I don't have to support your code! Indentations show in a very clear way how blocks of code relate to each other.

Cache-astrophic: Why Valve's Steam store spewed players' private profiles to strangers

Mike Bell

Re: There have been many mistakes caused by caching...

I sympathise, but sometimes it's beyond your control. For example I've had to deal with web app errors generated by traffic that happened to be routed through certain corporate caching proxies before hitting our servers. Query string parameters would end up coming through double-url-encoded, which messed up URL parsing. In the end I had to put in a defence against such proxies. Mentioning no names, but they're a big outfit with a name beginning B. Why they see fit to tamper with HTML content and mess it up is beyond me.

What did we learn today? Microsoft has patented the slider bar

Mike Bell

Old Holborn may well have a design patent on the appearance of their product, as they are entitled to do so. Such a patent would include a visual depiction of the particular form factor, typography etc. Although it makes for amusing (and regular) reading, Apple do not have a patent on rounded corners. They have design patents for devices that incorporate specific form factors which, in conjunction with many other elements, contribute to the overall design. The Coca Cola corporation doesn't have a monopoly on bottles that have rounded elements, but they do have a design patent that covers the specific implementation of their Coke bottle.

UK ISP Sky to make smut an opt-in service from 2016

Mike Bell

Re: Whats the problem

Scunthorpe.

Facebook hammers another nail into Flash's coffin

Mike Bell

Re: Is HTML5 pure and saintly

HTML 5 doesn't do anything magical in respect of video playback. It just offers your browser the choice of playing MP4, WebM or Ogg files, depending on what's available on the server.

It's likely the case that player implementations for these file formats do have uncovered vulnerabilities. It's not so long ago that tainted JPEG files could poison a PC, for example. Such is life.

Review: Star Wars: The Force Awakens offers a new hope for the franchise

Mike Bell

Darth Vader? I think you've got your films mixed up.

New gear needed to capture net connection records, say ISPs

Mike Bell

Aren't they going to have fun?

Logging all those requests made to foreign-based virtual private networks.

What a glorious waste of money.

All eyes on the jailbroken as iOS, Mac OS X threat level ratchets up

Mike Bell

Re: Yet more excuses for Apple to wall off OS/X even more

Rootless mode was introduced with El Capitan so that many system files and folders are off limits to all third party applications. And a good thing, too. Those files should not be tampered with, even if you are able to type in God's password when some malware has popped up a dialog box.

But... if you are a really determined owner, it's possible to disable rootless mode. Google it. It's a bit of a palaver, but possible.

Mike Bell

iOS Jailbreaking is a good thing...

...because each and every instance of an iOS jailbreak installation relies on some kind of existing vulnerability. With each new iOS update, Apple close the vulnerability, which makes it more secure for all, and the jailbreak authors have to try a little harder. There have been times when jailbreaks have been unavailable for months.

As the article says, jailbreakers need to be aware of the risks, because it's them - almost always them - that are targeted by iOS malware.

I don't jailbreak, myself, since I personally get by with what's provided by the walled garden. But I'm glad there are people willing to take a hit, for the reasons above.

Microsoft pitches lobotomized Cortana for iOS, Android handsets

Mike Bell

I quite miss Power Pup

Woof!

Although, I do have to say that Miss Cortana does sport a rather attractive frontage.

Dropbox tells Mailbox and Carousel users to get their affairs in order

Mike Bell

Re: Yet another reason to never trust Cloud Services

Sorry to burst your bubble, but the use of cloud services is increasing exponentially and will likely continue to do so. You're fighting a losing battle, I'm afraid. The demise of marginal players won't affect the outcome one jot.

Microsoft drops dogma, open-sources Chakra JavaScript engine

Mike Bell

That diagram is bonkers

A grey browser talks to a purple thing that has some 'execution machinery'.

Where are the Performance Biscuits?

Rounded corners on Android phones cost Samsung $548m: It will pay up to Apple after all

Mike Bell

Re: I

I've never seen a fizzy drinks bottle without rounded edges either, but that doesn't stop Coca Cola from patenting the shape of their iconic bottle design.

Patent D286 does not actually seek to protect the use of rounded corners. It illustrates a particular device aspect ratio with rounded corners in a particular proportion. Realistically, the patent can only be used against cases of blatant copying, which... er... Samsung most certainly did.

Smut-seeding Prenda Law ringleader must sell home to pay $2.5m debt

Mike Bell

Re: I wonder how our Mr. Crossley is getting on...

Ho Ho, it's been a while since I've watched one of those Downfall re-imaginings. I think the first one I saw, which really cracked me up, was the impending demise of HD DVD. Anyone remember that format?

https://www.youtube.com/watch?v=frZTf3mX97c

Apple pays two seconds of quarterly profit for wiping pensioner's pics

Mike Bell

Gary Glitter...

I imagine he's quite annoyed now he went to PC World to get his computer fixed rather than an Apple Store.

Sketch dev pulls out of Mac App Store, cites slow reviews, tech limitations

Mike Bell

On the plus side...

The user doesn't have to fanny about with licensing issues each time he gets or upgrades a new device.

The sandboxing is there for a reason. It might not be the be all and end all of security, but it's a good first line of defence against shady programmers. And the user knows that at least some vetting of the app has taken place.

Updates (and update notifications) of all kind are managed by the OS itself. You don't need app-specific services or a manual check running to check for updates.

Upgrade pricing is always available in the App Store if you choose to implement (essentially) a new product.

Negative reviews are a good thing as far as the end user is concerned. Some developer is getting hit really hard at the minute because of a lack of clarity regarding their In-App purchases.

Suck it, Elon – Jeff Bezos' New Shepard space rocket blasts off, lands in one piece

Mike Bell

I really don't want to be a doom monger

...but that descent looked well shaky. I feared that it might tip over at any moment. I can't help thinking that the control has to be much better than that before putting it to real use.

Yahoo! Mail! is! still! a! thing!, tries! blocking! Adblock! users!

Mike Bell

Re: imap

They know that a significant proportion of users don't bother with dedicated email clients, and prefer to check their mail via a browser. For those users: YOU WILL BE ADVERTISED TO. I don't know to what extent Yahoo trawl the content of emails regardless of access method, but if it's anything like Google's gmail: WE'RE GOING TO DO OUR DAMNDEST TO TRACK YOU AND ADVERTISE TO YOU. RESISTENCE IS USELESS.

Me, I prefer to pay a few poundlets per day to an email hosting provider that doesn't treat me as the product.

Apple's Watch charging pad proves Cupertino still screwing buyers

Mike Bell

Re: Powering up reality distortion field now...

Probably the same reason that they won't let any old cable charge an iPhone. And there are reasons other than protectionism: Apple don't want to provide support for devices that have been affected by knock-off chargers. And they certainly want to minimise the number of reports where their equipment burns someone to death.

It's not really about the money. If you recall, there was a spate of iPhone 'accidents' a while back caused by cheap third party charging equipment. Apple offered replacement authorised (and safety-compliant) chargers for a handful of dollars to affected users. They certainly weren't making any money on that.

Tech firms fight anti-encryption demands after Paris murders

Mike Bell

Re: Join up your thinking

Dear Dianne Feinstein,

God created such a product. It's called whispering.

Apple's design 'drives up support costs, makes gadgets harder to use'

Mike Bell

I agree

The bright young things with their pin-sharp eyesight might be having a wonderful time, but when they get a bit older they will be gnashing their teeth.

The new music player in iOS is ridiculous. It shows a tiny sliver somewhere on the large screen that indicates the current playback position, like a thin red VU meter needle. Here's a hint: you don't use needles as UI elements that you can drag.

JURECA! Germany flips big red switch on 2.2 petaflop supercomputer

Mike Bell

Nice

They'll just be using it to play Killer Gorilla, though.

It's Gartner Magic Graph of Wonder time! And Google won't be happy

Mike Bell

Re: Gartner

Here ya go, Mr. Downvote.

http://www.zdnet.com/article/gartner-apple-should-quit-hardware-business/

Mike Bell

Re: Gartner

They also advised Apple to get out of the hardware business.

Instascam! Apple yanks phoney app, Google follows

Mike Bell

You're quite right.

If you install an app that asks you to type in a trusted user name and password in order to do its work, you are putting a lot of trust in that app. There are a million ways an app can use personal information that you've entered. Posting it off to a server somewhere is just one.

I imagine Apple keep a keen eye out for apps that pop up a dialog asking you to enter your iCloud credentials, however.

Tim Cook: UK crypto backdoors would lead to 'dire consequences'

Mike Bell

Re: Weak crypto

Don't apply for a job with the OED. Now, if there are any positions for pedantic misinformed twats around...

Mike Bell

Re: Weak crypto

Yes there is. There are many cryptographic libraries in existence, and some are much weaker than others due to inherent flaws that have been cracked. Do a search for POODLE and SSL 3, for example.

Apple's iBackDoor: Dodgy ad network code menaces iOS apps

Mike Bell

Wouldn't be an issue...

If iOS scrapped free apps (funded by ads) completely.

I mean, let's face it, iOS apps are bloody cheap. If an app is worth having, it's worth paying a couple of quid for. As opposed to the current situation where there are gazillions of copycat useless bell-ringing and torch apps. Actually, they might have banned torch apps now since one comes pre-installed, but you get the idea.

I'm strongly of the opinion that there are far too many shit apps on the App Store, and offering them for free (with the attendant ads) only makes that situation worse.

UK cyber-spy law takes Snowden's revelations of mass surveillance – and sets them in stone

Mike Bell

I'm with Tim Cook on this one

"I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.

Our commitment to protecting your privacy comes from a deep respect for our customers. We know that your trust doesn’t come easy. That’s why we have and always will work as hard as we can to earn and keep it."

Imagine how annoyed Theresa May is going to be when he tells her to take a flying fuck at a doughnut.

UK's super-cyber-snoop shopping list: Internet data, bulk spying, covert equipment tapping

Mike Bell

Re: Security Theatre and/or Snooping

There's very little mention of encryption in that draft bill.

62. b says

IPA requires [Communication Service Providers] to provide communications data when served with a notice, to assist in giving effect to interception warrants, and to maintain permanent interception capabilities, including maintaining the ability to remove any encryption applied by the [Communication Service Provider] to whom the notice relates.

This falls short of insisting that CSPs provide backdoors to encryption; only that if they apply the encryption they must have a means of decrypting it. Which is clearly irrelevant in the case of end-to-end encryption, where it is the user who does the encryption, not the CSP.

Job alert: Is this the toughest sysadmin role on Earth? And are you badass enough to do it?

Mike Bell

Do you get to fly around in helicopters...

...trying to shoot alien creatures impersonating huskies?

Might counteract the boredom.

Apple ordered to write a $234m check to uni in A7 chip patent spat

Mike Bell

Re: How much?

Maybe because it's such a fecking obvious 'invention' it never occurred to them to even check for its existence. When there are holes like this in the road to trip you up it's a wonder any new products come to market.

Microsoft now awfully pushy with Windows 10 on Win 7, 8 PCs – Reg readers hit back

Mike Bell

There may be trouble ahead

Like a lot of people, I trust Windows Update to do a reasonable job of patching insecure code and generally making life a bit safer. That includes optional updates, where you can make the natural assumption that if they're there, having them can't do much harm. It's a lot easier to hit Install than wade through and research a bunch of tick boxes.

That may now have all changed. No sign of a Windows 10 on my PC yet, but any sniff of it without my in-your-face consent might result in a restore from disk image.

Can we speak in private? Chat app intros end-to-end crypto tech

Mike Bell

Re: Liars

You'd better don your tinfoil hat the next time you connect to a banking website, then, if that's the case.

Apple news-churn app mysteriously stops churning news in China

Mike Bell

Contradictory conclusions

On the one hand, Larry Salibra says

"the mechanism Apple uses to disable the News app and Apple Maps uses the location of the user to change the behaviour of their device"

having already said

"it was pretty obvious that Apple isn’t using location tracking and geofencing to shut down the News App, but is doing so based on the mobile network the phone connected"

Who is this nitwit?

FBI boss: No encryption backdoor law (but give us backdoors anyway)

Mike Bell

Someone should tell David Cameron

Flogging this dead horse is about as clever as fucking a dead pig.

Mike Bell

Re: Idiots or traitors

That's Boolean algebra for you.

Apple borks Apple News ad-blocking app due to 'privacy concerns'

Mike Bell

Re: What security?

That's not the issue at all. You are perfectly at liberty to obtain root certificates from a variety of sources and install them on an iPhone. The potential problem here was an app-in-the-middle scenario, where use of a content blocker app could make use of a VPN without the user's explicit knowledge.

Ad-slinging rootkit nasty permanently drills into Android mobes, tabs

Mike Bell

Re: Any dolt

There's vulnerable. And there's reckless.

Deploying software that gets security updates rarely (or never) is asking for trouble. Android has a pretty good foothold now. That being the case, it's about time Google updated their terms and conditions to insist on security updates being made available in a reasonable time, for a number of years.

Google and pals launch Accelerated Mobile Pages project

Mike Bell

Well, Google...

The biggest mobile performance improvement I've seen in recent times is ad and tracker blocking on my iOS devices. Easy peasy.

Factory settings FAIL: Data easily recovered from eBayed smartphones, disks

Mike Bell

Re: Easy.

Indeed. The only viable secure option with Flash is to encrypt on-the-fly in hardware like the iPhone does (and always has done). That ain't gonna happen with cheap handsets.

iOS malware YiSpecter: iPhones menaced by software nasty

Mike Bell

Since Apple don't talk directly to El Reg,

one has to look elsewhere to find an official response...

"This issue only impacts users on older versions of iOS who have also downloaded malware from untrusted sources. We addressed this specific issue in iOS 8.4 and we have also blocked the identified apps that distribute this malware. We encourage customers to stay current with the latest version of iOS for the latest security updates. We also encourage them to only download from trusted sources like the App Store and pay attention to any warnings as they download apps."

Page: