Forgot your password?

Comment: So much for *LOTS* of things (Score 1) 322

by cbhacking (#47934607) Attached to: Apple Locks iPhone 6/6+ NFC To Apple Pay Only

Interesting! Not too surprising either; Japan is often on the leading edge of technologies like that.

Of course, NFC has got other uses, too. I've seen restaurants with NFC "Tap your phone here to leave feedback about your dining experience" stickers, businesses and hotels with "tap here to call a cab" stickers, smartphone car kits which automatically launch the navigation app when you insert your phone, and all manner of other such things... in the US and Europe. They aren't widespread yet, but they exist. Then there's stuff like the whole "tap-to-send" for inter-device file transfer that Samsung has been advertising for years.

NFC is a lot more than *just* payments... though it definitely does those, too.

Comment: Re:Jailbreak (Score 5, Insightful) 322

by cbhacking (#47934589) Attached to: Apple Locks iPhone 6/6+ NFC To Apple Pay Only

That NFC will be made available via jailbreak, I do not doubt.

That it will happen quite that *fast*, I do doubt. Apple has gotten really good at lockdown.

Note that Lockdown != Security. Security means preventing unauthorized access. If you can't even authorize *yourself* to get access, it's either not "security" or it's not your device (or both).

If you want NFC, go with Samsung, or HTC, or Nokia, or one of the many other phone OEMs who have been including NFC hardware and software that lets you use it for years now.

Comment: There are reasons for those things (Score 1) 536

by cbhacking (#47934469) Attached to: What To Expect With Windows 9

1) Use the command line, if this is important to you. Graphical shells for Linux sometimes do this too; it's not a Windows-exclusive thing. It's mostly just a way to implement symlink-like behavior (put your pictures on the external drive, but make them still reachable from your user profile) without actually exposing a symlink interface (which NTFS actually supports, BTW). It's not like you can't find the real paths easily, anyhow.

2) I mostly agree, though there's basically always a way to find out what the actual error was. For example, the built-in network troubleshooter will tell you what it finds (and whether it was able to fix it or not), although it takes a while to run. Worst case, check the event log. All kinds of stuff winds up there but you can often find what you're looking for with only a little filtering.

3) That message appears when a Media Transfer Protocol (MTP) device does not report that it supports a file type and you try to copy it anyhow. Since MTP allows reporting supported file types (among other things, this allows automatic conversion of media files by sync utilities), it really is the responsibility of whoever wrote the device's MTP implementation to report its supported file types correctly. In the case of a smartphone, that may just be everything but the PC doesn't know that. For the record, copying an MP3 to my phone does *NOT* give that warning, although copying an EXE does.

4) Never going to happen. File locks are an OS-enforced security feature. Yes, it would be nice if the OS wee to go check what process has the handle open and tell you (starting with Vista, Windows will do this under *some* circumstances but it could really be more common). Ideally, it would then (assuming you have sufficient privileges, which may be as-is, may be Administrator, or may be something like SYSTEM) offer to close the handle for you, unlocking the file. Of course, this risks crashing the process that had the handle open - an obvious example would trying to delete the executable of a running process - but it would also be an acceptable option to just kill the process (again, assuming you have privileges). Sure, Linux gets by with its file access system, which has no way to lock a file (you can change the permissions on it if you own it or are root, but that won't stop somebody else who already has an open file descriptor from reading or writing to the file) but file locks have been a part of the Microsoft file system access paradigm for practically as long as they've been writing operating systems, and developers in the Windows world use them and rely on them. Changing that behavior in some drastic way would have a major impact on the security (and sometimes the simple correctness) of software written for Windows.

5) So what, MS should just assume that everybody who might ever want to store files in something like Box or OneDrive should already know about them, have downloaded and installed them, and that MS should never offer to integrate one of their products with another of their products unless you explicitly tell them to? Do you also object to Android automatically adding your Gmail account if you sign into it when setting up the phone, or to KDE opening AmaroK by default when you double-click a FLAC file? Oh, and if WMP is "spewing" its icon about, you have a definite case of PEBKAC. The only WMP icons on my machine are for launching the program itself (in Start or ont he taskbar, probably on the program binary too); all of my media files have icons from my preferred media player and have had those icons ever since I set the file association to that media player. Are you telling WMP to re-associate itself with its playable file types? Because it does not do that automatically...

Comment: Big difference (Score 1) 536

by cbhacking (#47934395) Attached to: What To Expect With Windows 9

Sandboxing and automatic updates. Those are two of the most critical features of the "Windows Store" apps.

All store apps run with extremely low privileges, and are only given access to the resources that they specify at installation. They can't read, much less wrote, most of the file system. They can't open arbitrary device handles. They can't enumerate running processes, much less open handles to them. They can't log your keystrokes (while the app lacks focus) or record your network traffic (except for the traffic to or from the app). They can *never* have Administrator powers.

All of this has two important effects. First, you can be sure that the apps are pretty safe to install, because there just isn't much that a Trojan app could do. Second, you don't have to worry much about the app being compromised by a remote attacker, because even if the attacker gets arbitrary code execution within the app there's basically nothing serious they can do with it. Worst case, you can uninstall an app (and guarantee that you get all of it).

The other key difference is the ability to do automatic updates. It's long been noted that while Linux's software repositories and package managers make keeping all your software current an easy process, on Windows you have practically every single app installing its own update mechanism... or not having any update mechanism and hence people run all manner of outdated versions. It's an extra burden on the developers and an inconvenience for the users. The store offers a built-in way to publish updates, notify users of updates, and even install updates automatically in the background if the user so desires.

Comment: Re:Ugh (Score 1) 536

by cbhacking (#47934303) Attached to: What To Expect With Windows 9

Another one:
You can launch he Control Panel (on the desktop) from the new menu that pops up when you hit Crtl+X or right-click the Start button.

Once you have the Control Panel open (on the desktop), right-click its Taskbar icon and select "Pin to Taskbar".
Now you can launch the Control Panel with one click, or right-click it to launch directly to any of the commonly-used panels, all guaranteed to open on the desktop.

Comment: Re:Yes (Score 1) 152

by cbhacking (#47823635) Attached to: Google Serves Old Search Page To Old Browsers

Lol what, flamebait? Some mod was very confused...

Anyhow, it's a terrible idea *in general* to use HTTP for anything that is by default over HTTPS. Various reasons include:
1) As mentioned by other posters, we should be increasing the total encrypted traffic, right that decreasing it. Hide everything, even if you have nothing to hide. No good comes of letting everybody between you and Google (and their domestic or international spymasters) observe your traffic, but some harm may come of it.
2) Actual security risk: inadvertently exposing sensitive data. I would *hope* that Google is smart enough to use the Secure flag on all their sensitive cookies, but they wouldn't be the only Internet giant to fail to secure semi-sensitive cookies (ones that are not by themselves very sensitive, but can be used to launch more sophisticated attacks). Using SSL means that all cookies and other traffic is protected, sensitive or otherwise.
3) Actual security risk: SSL stripping. This is where an attacker tricks a victim into doing their browsing over HTTP (which the attacker is monitoring and editing) instead of HTTPS by re-writing any links to HTTPS as HTTP links instead (simple redirects from HTTP to HTTPS are silently completed by the attacker). This is a real-world attack for which freely-available and easily used tools exist. It relies on you going to an HTTP site first though; if you only use HTTPS the attacker can't get into your session to start the attack.
4) Privacy concern. A person's search history can reveal quite a bit about them. You can't keep Google from having it (well, except by using different search engines, especially the ones built for anonymity) but there's no need to make it *widely* available. You say you don't care now, but are you sure you never will? It costs very little to add some confidentiality to your online activities.
5) Convenience. As you note, you "have to" use a different and non-default search URL. That's silly. A minute of installing certificates could save you a lot of annoyance in the future

Comment: Re:Yes (Score 0) 152

by cbhacking (#47813623) Attached to: Google Serves Old Search Page To Old Browsers

to avoid https (so I can use my filtering proxy).

That's a terrible idea. You are aware that using a proxy with HTTPS is entirely possible, right? Set up the proxy to automatically generate trusted certificates using an internal CA key, import the proxy's CA key as a trusted CA, and go to town. I've used both Fiddler and Burp in this way, and I'm sure lots of other software supports it too (automatically, even). Make sure the proxy still performs cert validation and warns you if the validation fails (it should do this by default).

There. Now you can have your filtering and secure it too.

Comment: Re:RIP, you cold cypherpunk (Score 1) 40

by cbhacking (#47797665) Attached to: Hal Finney, PGP and Bitcoin Pioneer, Dies At 58

There's probably not much point in trying to fix the bodies anyhow; even without the freeze damage, the people are legally dead because their bodies were shutting down. In many cases, the freezing just finished a process of tissue damage that was already near-complete.

With that said, bodies (unlike brains) cannot currently be preserved without any freeze damage. Although some places will cycle cryopreservative though the bloodstream to mitigate the damage, others don't bother keeping the parts that can't be protected against freeze damage and only preserve the contents of the skull. Those people signed up for cryopreservation *knowing* their only hopes of revival were brain uploading or brand new bodies... and to them it was worth it. Why not? They were going to be dead anyhow.

Comment: Re:RIP, you cold cypherpunk (Score 1) 40

by cbhacking (#47797647) Attached to: Hal Finney, PGP and Bitcoin Pioneer, Dies At 58

Some of those early adopters... you mean, like the ones who put their own money into launching the industry, and are themselves cryogenically preserved? I doubt any of them thought they would be restored by now - they knew, as well as we know today, that technology would need to advance to the point of either completely rebuilding their bodies or making bodies themselves redundant - though I suspect some of them thought (and I'm sure they all hoped) there would be more research in the field. In any case, I'm not sure how something is supposed to be a scam when the people launching it put not only their own money but also their own bodies into it. It's not like these were young people out to make a quick buck...

As for the "died before freezing", that's literally a legal technicality, at least in many cases. They met the legal definition of dead - that is, their heart stopped beating - but even back then we could resuscitate people from that state in most cases. In many cases, not for long; their bodies would need to be kept operational through artificial intervention. So yeah, the bodies are dead. But the brains aren't. Your brain can endure a few minutes without oxygen before damage even begins to occur. That's why cryopreservation focuses on the brain. So yeah, the people "died" - but instead of being "brought back" for a brief time (as now happens routinely in hospitals every day) the brain was filled with a chemical that prevents freezing damage and preserved at the temperature of liquid nitrogen until it can be "brought back" into a new life entirely.

Comment: Re:RIP, you cold cypherpunk (Score 3, Insightful) 40

by cbhacking (#47790071) Attached to: Hal Finney, PGP and Bitcoin Pioneer, Dies At 58

Yes, he was cryopreserved.

On the plus side, knowing your own death is coming and being at a hospital already gives the best chances for cryopreserving the brain before it begins to degrade. You can get a "standby" watch as the time approaches.

On the minus side, ALS is a neurological disease. It affects the motor neurons, not the ones responsible for cognition, but that includes the "upper" motor neurons... including the ones in the brain.

Maybe we'll be able to repair ALS-damaged neurons before we figure out how to safely reverse cryopreservation. Maybe we won't, but life support systems will be good enough it'll be worth bringing him out anyhow. Maybe we'll achieve brain uploading and ALS will be irrelevant. Any which way you look at it, though, he's going to need some work.

That's actually one of the (many) problems with cryopreservation research. We can't bring people out of full suspension right now, so cryopreserving a living person is legally considered killing them. Thus, it can only be done to people already legally dead. Legally dead people tend to have died *of* something. There just isn't any point to bringing people out of cryonics until we can repair (or replace) their bodies.

Comment: Re:It's a complot (Score 1) 212

by cbhacking (#47745873) Attached to: Oregon Sues Oracle For "Abysmal" Healthcare Website

I don't deny this. The entire health insurance industry is a parasite on our economic ability to keep people healthy; it extracts value from the economy without producing anything of greater value. However, in the current environment, it's practically non-optional (actually, post-Obamacare, it's required even more so, but it was almost mandatory beforehand too). Healthcare in the US is phenomenally expensive compared to practically anywhere else in the world, and while I'll happily note that our doctors are excellent, they are *not* worth what they cost in most situations. Very few people set aside the kind of money required to cover the time when they *will* need it, and even those who otherwise would do so may find themselves unable to set aside that much if a medical emergency hits them young.

So yeah, universal health insurance (through mandatory patronage of for-profit insurance companies) is a sucky attempt at a solution. Sadly, it is *still* better than what we had before, for those who previously simply could not get such insurance due to pre-existing conditions or medical history.

Comment: Re:It's a complot (Score 4, Informative) 212

by cbhacking (#47740809) Attached to: Oregon Sues Oracle For "Abysmal" Healthcare Website

While I agree, in general, with the claims of how shitty Obamacare is...

I have friends who now have health insurance, and another who has finally been able to leave his old employer (to start his own company and become self-employed), because of Obamacare. Specifically, two of these friends are cancer survivors (throat and cervical), one has fibromyalgia, and one has a chronic autoimmune disorder whose name I forget. They wouldn't have been able to buy health insurance, otherwise; nobody was willing to offer it. So, for them personally, Obamacare *is* better than what they had before.

Of course, there are a lot of less-fucked-up ways of addressing that issue.

The only thing cheaper than hardware is talk.