Forgot your password?
typodupeerror

Comment: Wait a second, this is very interesting. (Score 0) 109

by Quick Reply (#48415325) Attached to: Nokia's N1 Android Tablet Is Actually a Foxconn Tablet

If you have a look at the pictures, you can see that it has more than a similarity to the iPad mini than just "rounded corners". It basically looks identical except for the Apple Logo and home button.

Now with this piece of news, it does seem like Foxconn have ripped off the iPad mini design (given their detailed knowledge of the manufacturing process) and are using the "Nokia" (Microsoft) brand to sell it, given that Microsoft have a cross-licensing deal with Apple that lets Microsoft and Apple rip each other off as much as they like.

It seems that Apple can't do a thing about it. They can't even get rid of Samsung components in their devices, how would they ever get away from Foxconn.

Comment: I thought this was satire (Score 1) 644

by Quick Reply (#48029013) Attached to: Microsoft Announces Windows 10

And then I realised we are nowhere near April 1. Maybe '10' is going back to year designations... Hang on that was 4 years ago. I can't help but to think that when they pull things like this (eg: 'ME') it is inevitably going to end in disaster, except this time they some actual competition from Google and Apple in the mobile space (which is on the verge of taking over the desktop)

Comment: Re:Welcome to your new walled garden (Score 1) 225

by Quick Reply (#47105035) Attached to: Google Starts Blocking Extensions Not In the Chrome Web Store

On both Firefox and Chrome, the efforts to require permission to install an extension can be bypassed if the installer has local access to manually tell the config files that it has been 'approved' even when it has not, and this is quite prevalent.

Of course it's not going to affect technical folk who avoid installation of spyware to begin with, but this is a sensible security step for the masses.

Comment: Re:SPF.. (Score 1) 83

by Quick Reply (#46710263) Attached to: Yahoo DMARC Implementation Breaks Most Mailing Lists

Currently, all mailing lists implementations break DMARC specs. At first glance it would appear that the Mailing List specs and the DMARC specs are incompatible with each other...

HOWEVER, There IS a way to be compliant with both specs.

The mailing list is just a transport agent of list messages right? Well it can also be the transport agent of how users' actual email addresses are handled, between their real email address and usernames that obfusicates their actual email address.

For example:
* User "Bob Smith" emails TESTLIST@DOMAIN.ORG

* Mailing List implementation on DOMAIN looks up "BOB.SMITH@YAHOO.COM" and determines his username to be "USER-ADF2S89T"

(more friendly usernames like "BOBSMITH-YAHOO" might also be possible if verified/allowed by the list owner, even "BOB.SMITH_AT_YAHOO.COM" could be his username if he has no intention of hiding his email address and is not scared of spam bots)

* Mailing List implementation on DOMAIN rewrites the message FROM and/or SENDER fields to "USER-ADF2S89T@MAILING-LIST-USERS.DOMAIN.ORG" instead of his actual email address

* A mail transport agent is set up on MAILING-LIST-USERS.DOMAIN.ORG to forward any messages that are sent to USER-ADF2S89T to BOB.SMITH@YAHOO.COM so the author/sender are still contactable.

This is compliant with the Mailing List specs because "USER-ADF2S89T@MAILING-LIST-USERS.DOMAIN.ORG" 'belongs' to John Smith (Just in the same way that JOHN.SMITH@YAHOO.COM 'belongs' to him too even though he doesn't own YAHOO.)

This will also have the following benefits:

- Actual email addresses are completely hidden from Spam Bots. This is huge. Mailing Lists are are huge source of email addresses that spam bots like to harvest.

(It may be possible to have a web interface or mailing list -request command to reveal the users' actual email address - using a CAPCHA if the requesting user is not trusted - so users can't hide behind their special address)

- List Managers might like the option for users to be able to update to their new their email address while keeping the same username(s).

(If users are representing their company, companies might like an option - maybe with the use of a TXT record on their domain - not to allow their users to do this so they can't keep 'representing' their company after they lose access to their company email address)

- This way DMARC can be freely implemented by everyone, including the mailing list server itself, so users can't spoof each other when posting to the mailing list, nor can they use their "USER-ADF2S89T@MAILING-LIST-USERS.DOMAIN.ORG" address to send mail 'FROM' this address.

Comment: Sounds like a Niche, not a future (Score 4, Interesting) 105

by Quick Reply (#46323547) Attached to: Nokia Announces Nokia X Android Smartphone

An AOSP phone without Google Play, let alone Amazon App Store or any other established Android App Store, sounds like a Niche phone for programmers/hackers.

I suspect that it is designed to succeed the legendary Maemo operating system & N900/N9 phones, than a serious attempt to build a future Operating System.

I expect that it will be highly prized among the hacker community, totally hacked to death with an onslaught of Linux-based operating systems including Ubuntu phone, Firefox OS, CyanagenMod, and Maemo itself. Maybe a few surprises with some left-field operating systems finding their way on there as well.

Comment: No (Score 2) 257

by Quick Reply (#45268547) Attached to: Chrome Will End XP Support in 2015; Firefox Has No Plans To Stop

Web Developers have learnt from the past, there will never be a supported code that will be dependant on a specific version again.

Cross-compatibility and Browser Independence is a main focus that hasn't been in the past. Most websites are not locked into a particular browser, so there are more options if things go pear-shaped in a particular browser. If for example Firefox drops XP support and there is a bug with the old version, the customer can change to Chrome until another solution is put in place.

IE6 was the exception, because it was too difficult in many codebases to update it for compatibility beyond IE6 in the short term, for time(=money) reasons. As soon as the codebases were updated (or the solution replaced) to work beyond IE6, IE6 was kicked right out the door. IE6 didn't stay king because so many people loved that browser so much that they didn't want to change, it was because they HAD to keep using it for some reason. It is not uncommon for companies still relying on IE6 to have Firefox installed for general web browsing and IE6 only for the specific app they need. You can bet your ass they have retirement plans on how to eventually get off IE6 (& now also XP) altogether.

Unsupported code (eg: unmaintained websites) that won't work with new versions - Yes that is inevitable.

Supported code - No.
If it is a supported codebase - The web developer's solution would be to update it to work with the new version, not make it work with the old. If that means that it will break compatibility with the old version, then so be it, it is industry practice not to support unsupported software.

It's worth pointing out that Mozilla & Google are not supporting XP - They are supporting their browsers. If there is a problem in XP, they are not going to help you with it.

Comment: Re:BGP instead of DNS filtering makes more sense? (Score 1) 83

MitM is a Politically bad idea, not technical. If the proxy servers in the middle have enough bandwidth and resources, the performance could theoretically even be an improvement. I most certainly agree (from a Political perspective) it is a dangerously slippery slope.

From a technical perspective, it doesn't make the internet (banking, shopping, etc or other https activity) any different because a government/ISP MitM filter is no different to a Malicious Hacker MitM attack, which is already feasible. Also, I maybe wrong about HTTPS, but I believe that the Private SSL key would need to be installed on the MitM server, otherwise the MitM server would need to use a different certificate - a red flag - than the real server.

I wouldn't be surprised if government spying agencies are doing their own MitM attacks already on a BGP level, and in the case of HTTPS websites, compromise any private SSL keys they need to do it without detection.

Comment: I think they are using the mobile apps (Score 4, Interesting) 210

by Quick Reply (#44913293) Attached to: LinkedIn Accused of Hacking Customers' E-Mails To Slurp Up Contacts

I am in a similar situation where I have a couple of Google Apps accounts that I ONLY use for work-related purposes. NOTHING ELSE. Never authorise anything to use them keep it all on my personal. Sure enough LinkedIn has slurped some contacts from sent items. I use different passwords for everything. I hardly have even used LinkedIn, much less with a work related email account open (I hardly open them). The ONLY way they could have stole it (That is the only thing running at the same time) would be a mobile app either from my Android or iOS device. I have these work accounts set up permanently on these devices and foolishly it seems loaded the LinkedIn app.

Funny enough ALL these email accounts have been getting spam lately from "Dr OZ" to their actual address, which is strange when I use disposable email addresses for EVERYTHING, including client contact. The only thing I use the actual address for is to log in and set up the mail client. These email addresses must have been slurped from a mobile app, not sure if it was LinkedIn or another app.

"Never ascribe to malice that which is caused by greed and ignorance." -- Cal Keegan

Working...