Forgot your password?
typodupeerror

Comment: No sensible person ever though it was impossible (Score 2, Informative) 150

by daveschroeder (#48027003) Attached to: Apple Fixes Shellshock In OS X

But even here, again, when you look at a typical OS X desktop system, now many people:

1. Have apache enabled AND exposed to the public internet (i.e., not behind a NAT router, firewall, etc)?

2. Even have apache or any other services enabled at all?

...both of which would be required for this exploit. The answer? Vanishingly small to be almost zero.

So, in the context of OS X, it's yet another theoretical exploit; "theoretical" in the sense that it effects essentially zero conventional OS X desktop users. Could there have been a worm or other attack vector which then exploited the bash vulnerability on OS X? Sure, I suppose. But there wasn't, and it's a moot point since a patch is now available within days of the disclosure.

And people running OS X as web servers exposed to the public internet, with the demise of the standalone Mac OS X Server products as of 10.6, is almost a thing of yesteryear itself.

Nothing has changed since that era: all OSes have always been vulnerable to attacks, both via local and remote by various means, and there have been any number of vulnerabilities that have only impacted UN*X systems, Linux and OS X included, and not Windows, over very many years. So yeah, nothing has changed, and OS X (and iOS) is still a very secure OS, by any definition or viewpoint of the definition of "secure", when viewed alongside Windows (and Android).

Comment: I love Obj-C. I've used it since 1989. (Score 1) 310

by jcr (#48008177) Attached to: Ask Slashdot: Swift Or Objective-C As New iOS Developer's 1st Language?

But as I've said many times since then, I'll switch when something better comes along. That time has come. Swift is a major improvement over Obj-C, and it was developed to meet Apple's internal needs, by engineers who know Obj-C inside out.

It's kind of a kick being a beginner again. Swift takes some getting used to, but I expect it to give me as much of a productivity improvement over Obj-C as Obj-C gave me over C++.

-jcr

Comment: Re:Someone explain please (Score 4, Insightful) 210

by jcr (#47991163) Attached to: Australian Senate Introduces Laws To Allow Total Internet Surveillance

What is it with governments and wanting to spy on every citizen, just because the technology might allow for it?

As Robert Heinlein pointed out, there are two kinds of people in the world: those who seek to control others, and those who have no such desire. Governments are comprised of the assholes in the first category, and mass surveillance is all about power.

-jcr

Comment: Re:What's your suggestion for intelligence work? (Score 1) 504

by daveschroeder (#47938235) Attached to: Apple Will No Longer Unlock Most iPhones, iPads For Police

An oversimplification. The US, UK, and allies variously broke many cipher systems throughout WWII. Still the US benefitted from this.

What if the Germans were using, say, Windows, Android phones, SSL, Gmail, Yahoo, and Skype, instead of Enigma machines?

Comment: What's your suggestion for intelligence work? (Score 1) 504

by daveschroeder (#47938053) Attached to: Apple Will No Longer Unlock Most iPhones, iPads For Police

I presume you wouldn't say it was "wrong" of the United States to crack the German and Japanese codes in WWII...

...so when US adversaries (and lets just caveat this by saying people YOU, personally, agree are legitimate US adversaries) don't use their own "codes", but instead share the same systems, networks, services, devices, cloud providers, operating systems, encryption schemes, and so on, that Americans and much of the rest of the world uses, would you suggest that they should be off limits?

This isn't so much a law enforcement question as a question of how to do SIGINT in the modern digital world, but given the above, and given that intelligence requires secrecy in order to be effective, how would you suggest the United States go after legitimate targets? Or should we not be able to, because that power "might" be able to be abused -- as can any/all government powers, by definition?

This simplistic view that the only purpose of the government in a free and democratic society must be to somehow subjugate, spy on, and violate the rights of its citizens is insane, while actual totalitarian and non-free states, to say nothing of myriad terrorist and other groups, press their advantage. And why wouldn't they? The US and its ever-imperfect system of law is not the great villain in the world.

Take a step back and get some perspective. And this is not a rhetorical question: if someone can tell me their solution for how we should be able to target technologies that are fundamentally shared with innocent Americans and foreigners everywhere while still keeping such sources, methods, capabilities, and techniques secret, I'm all ears. And if you believe the second a technology is shared it should become magically off-limits because power might be abused, you are insane -- or, more to the point, you believe you have some moral high ground which, ironically, would actually result in severe disadvantages for the system of free society you would claim to support.

Porsche: there simply is no substitute. -- Risky Business

Working...