Forgot your password?
typodupeerror

Comment: Re:How to fix ALL the app stores... (Score 1) 249

by thoromyr (#47677969) Attached to: Apple's App Store Needs a Radical Revamp; How Would You Go About It?

A pretty good list, IMO, although perhaps a bit drastic or unrealistic as rasmusbr points out. Instead of removing all crap applications (your #1), move them to the "Junk" category then have a default hide for the category. That allows the teenagers to have their stupid apps -- and they can feel even cooler by having to go in and enable the category -- while not bothering the rest of the user base.

I suppose one way of addressing #2 (duplicating stock apps) would be to have another (hidden by default) category. That way someone who wanted a replacement music player could get one without forcing everyone to slog through garbage apps.

And while #4 (eliminating in app purchases) is important as it cuts to the core of some problems, it simply isn't realistic. Originally, Apple did not have them. They were added to appease large developers. Not going to happen, but it would help if it did.

Even though rasmusbr is correct about what will happen with #6 (time limited 100% refund policy), without in-app purchases the model would not be particularly successful.

Comment: Re:So really bitcoin is incidental (Score 1) 101

by thoromyr (#47632695) Attached to: Network Hijacker Steals $83,000 In Bitcoin

Pre-Snowden there was a huge BGP attack that re-routed lots of traffic, so much so that it was hard to tell who was targeted (instead of small things like this, think more like "all western Chinese traffic routed through US"). At the time there was lots of useless conjecture as to what it was about and whether or not it was really an attack or just a seriously stupid misconfiguration. Of course, nowadays we know that TLAs use this as one of their tools to grab target traffic that would otherwise be out of reach so that they can inspect it and record it.

BGP is a seriously large, gaping security vulnerability in how the Internet works due to the inherent trust of the system. The only plus side is the wider you cast the net the more obvious it becomes that it has been cast. The attack I refer to was glaringly obvious due to the huge distortion to routing. So for someone to use it for evil they need to keep it small and focused which means they need to get close to the target network. The point being that there *is* a measure of tamper evidence that gets stronger the farther the attacker has to reach. At least its something.

Comment: Re:Legitimate engineering uses (Score 4, Informative) 98

by thoromyr (#47503361) Attached to: Researcher Finds Hidden Data-Dumping Services In iOS

not to mention "...creates a disk image of everything that’s on the phone..." is misleading, even with the following caveat. It would be far more accurate to say something like "...creates a copy of file access times of everything that's on the phone, and other metadata such as file size and other timestamps." But that wouldn't be bait for journalists and misquotation. (And if the dumped iOS file system metadata includes other things, perhaps mention those -- but timestamps and file size are the main things.)

Comment: Re: Only because they're stupid. (Score 1) 435

by thoromyr (#47470531) Attached to: FBI Concerned About Criminals Using Driverless Cars

I think it is worthwhile to just discard the point about abuse of power because I don't think it is necessary to even bring up.

While at first blush the "running a red light" bit might sound silly the reality is that it *isn't* always safe to just pull over and stop. Sometimes it has to do with predictable things (like not having a shoulder to pull onto) and sometimes it isn't (dynamics of traffic, which may not have previously been obeying the traffic laws). The point is that once you get past the easy things (pre-identifying pull over spots so that the vehicle knows where to redirect to) you get into hard things. Like the tractor trailor that is on fire. Or that stopping would obstruct another vehicle that is *not* stopping (and resulting collision would block emergency vehicle).

In the end, there is a need for judgement calls, *especially* when emergencies are involved. A simple "pull over and stop" is too simple.

Comment: Re:Obviously... (Score 1) 435

by thoromyr (#47470459) Attached to: FBI Concerned About Criminals Using Driverless Cars

you made a real jump from tracking to remote control, but it is unlikely a car stolen by criminals who were planting a bomb could be recalled. Unless they were nut jobs who just happened to have access to explosives or made them, but killing a recall mode would be high on the list for a number of people (not all of them necessarily evil). Presumably, safeguards against tampering would be put in place, but I wouldn't hold my breath on them holding up.

Lets put it another way: lojack works fairly well and is on a number of computers. But can it be subverted? Are systems with lojack installed and enabled still stolen and sold for money? And all you really need for the case you mention is a temporary work around.

Comment: Re:Drug mule? How? (Score 1) 435

by thoromyr (#47470377) Attached to: FBI Concerned About Criminals Using Driverless Cars

"legally tied to someone": Dammit, I never rented that driverless car. Yes, I know that it was my credit card and I hadn't reported it stolen, but it wasn't me!

"has not been reported stolen": paid for rentals aren't generally reported as stolen. If you are a business with a driverless car and a wide region of operation, it could easily take longer than a simple "hijacked for crime" to discover and report.

"How many legal trips match that?": who knows. You're speculating, I'm speculating. Unless you have data to show it is significantly anomolous, it is irrelevant. But you *are* arguing for more government surveillance. "Hello citizen, I see that you have been on the road for more than two hours without filing a travel plan with Department of Homeland Security."

"legally, search": random stops? that would likely have to be settled. But there's *always* cause for pulling a vehicle over. And without a human to contest the search...

"It is not enough to obey the laws": true, but the "greater effort" is usually required to escape when one is already labeled. Local police have you fingered as a "troublemaker" you'll discover just how much they can get away with and no lawyer will take your case. But when discussing traffic -- if the vehicle is in proper working order (e.g., no headlights/brakelights out, etc.) and is being used properly (e.g., no traffic violation) unless there is something else to draw attention to the vehicle ("hey, Mark, isn't that the deviant druggie we busted up last night?") they are going to ignore it. Cops don't just go pulling over and searching vehicles on a random basis. (Well, infrequently, at any rate -- they just don't have the time to harrass that many people.)

(Please, don't take this as an anti-LE post. But just like there are good cops, there are bad cops. And if you have the misfortune of getting labeled by local LE it can be tough. And good cops don't go randomly pulling over vehicles so in your scenario we are talking about the less well behaved ones. You bring up the whole in a category they aren't interested in.)

Comment: Re:Simpler approach... (Score 1) 280

by thoromyr (#47470155) Attached to: Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

you wouldn't be so infuriated with their stupid requirements (and, I agree, most are stupid) if you just used a password manager. Then the only thing that is annoying is figuring how what parameters of the random generator you have to weaken to get an acceptable password. Instead, you have to remember how you had to adapt your generation rules to their site.

Humans are terrible at selecting passwords, and it isn't just the obvious 123456 or password. If you think you have a clever password method, it isn't. If you think you are randomly selecting characters, you aren't. The bad guys know all of this and exploit it. It may not have fancy equations, but there's some practical information at Ars Technica (e.g., http://arstechnica.com/securit... and http://arstechnica.com/securit...)

Personally, I use a lot of rather weak passwords. You know, for the site that insists I create an account to read it. Whatever, they get the "stupid" password. (And I mean "stupid".) Those are throwaway "accounts" that I couldn't care less if they were hacked. I know the password, because its "stupid", just like all the rest (or "stupid123" if they require numbers). OTOH, if it is a password for access to something I *do* care about it gets a computer generated password that is stored in a password safe. I don't care how hard it is to type, because I don't have to. I don't care how hard it is to remember, because I don't have to.

The only middle ground are login passwords (e.g., to a computer, or something I have to type into a mobile device, ugh!). There the ability to actually input the password can become a consideration, and for a desktop login it has to be memorable -- but when you don't have to remember a laundry list of passwords, the two or three you *do* have to remember aren't that bad (home system, work login, mobile phone -- you *do* lock your mobile devices, right?)

Comment: Re:About that.... (Score 1) 223

by thoromyr (#47423631) Attached to: Meet the Muslim-American Leaders the FBI and NSA Have Been Spying On

I'm going to go out on a limb here and guess you're someone who loves the recent hobby lobby decision that grants freedom of/from religion and specific religious rights to corporations. By the rationale of the decision a corporation owned by a muslim family should be able to enforce sharia on its employees. But you are comfortable believing that this cannot happen because you have faith that the courts will only give religious rights to corporations that are identifiable as christian.

Two faced hypocrites are the worst.

Comment: Re:Seems appropriate (Score 2) 353

by thoromyr (#47419811) Attached to: UK Computing Student Jailed After Failing To Hand Over Crypto Keys

Actually, every file in the system does not have different time stamps and they tend to be in clusters (e.g., different groups of system files).

Timestamps can be manipulated in various ways and they are often taken at face value, but it does get quite a bit harder if the investigator digs deeper. For example, in your proposed situation the inodes for the newly created files would not be as expected for files having those time stamps.

Comment: Re:the naivety is painful (Score 1) 247

by thoromyr (#47202669) Attached to: Mayday Anti-PAC On Its Second Round of Funding

I think this is really what is bothering me about the MAYDAY PAC. The idea that the game can be beat by playing it on the terms of those who have rigged it... I understand the principle is to back politicians who will vote for reform, but a couple of seats -- even if it happens -- don't mean squat. Having a few bought-and-paid-for stooges who will vote for something doesn't actually work: it has to make it into a bill first, in a form that hasn't been mangled into the opposite of the intent, and brought to a vote. To actually get a bill into law requires seniority and support from senior politicians. And those will be the ones least susceptible the MAYDAY PAC. This seems like much ado about nothing.

I think the people behind it have good intentions, but I fail to see how the effort will produce any meaningful change or reform.

Comment: Re:interesting (Score 1) 247

by thoromyr (#47202603) Attached to: Mayday Anti-PAC On Its Second Round of Funding

You know, I think you are on to something there. if that is the end goal then it must be stopped. The founding fathers were anti-democracy http://www.dailykos.com/story/... http://www.godlikeproductions.... http://www.thecommentfactory.c... and we, too, should be against the tyranny of the masses and promote the enlightened government by and for the elite. To this end it is imperative that the general public be kept uneducated and in the dark -- and above all, disempowered.

Comment: Re:useless; who writes this crap? (Score 2) 323

by thoromyr (#47202507) Attached to: iOS 8 Strikes an Unexpected Blow Against Location Tracking

Don't say that like it is a bad thing. I *want* my devices to have predictable identities because that is how the home router knows what IP address to hand out. Same thing at work. Also understand that a repeatable MAC only links sessions locally: your MAC address is not advertised to the internet.

Now, what would be nice would be an option to only use the assigned MAC when associating to selected networks. E.g., home, work, a friend's, etc., but by default use a randomly generated MAC. The hotels I've been at "forget" your device quickly anyway requiring a new acceptance of the terms so using a random MAC per session wouldn't hurt any. That'd be great for hot spots.

More important is the IP6 address selection. I'm not sure of the current state of affairs, but last I knew MS Windows was the only one that respected privacy. Apple used the MAC to generate a predictable suffix which allows global unique device tracking no matter where you go in the world. Now, they were not alone in this and IIRC it was originally a recommended method. But it is ironic, given MS close ties to NSA spying, that MS Windows (Win7 home, I believe) was the one that would generate a new suffix periodically even on a single connection (e.g., each day the suffix would change).

I am a computer. I am dumber than any human and smarter than any administrator.

Working...