Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment Re: Well, that helps (Score 2) 126

I am a modest eater and I know I am ripped off when someone passes me with a big pile of food on their plate.

When I subscribe to internet service, it is offered at various 'speeds'. When I pick an item off a restaurant menu, I get a certain amount of food.

ISP want to then charge you extra for finishing the full plate they've served you. Yes, you ordered that off the menu, but you're only allowed to eat, say, 25% of it.

If you're a modest consumer of data, then get a lower speed, and get a lower rate. But letting ISPs charge double for bandwidth, first in the monthly fee for the data rate, and then on usage for actually *gasp* USING THE BANDWIDTH, is just bait & switch. If a Restaurant tried to charge us extra for finishing the plate of food we ordered, we'd all laugh in their faces.

Somehow, for ISPs, it's different....

Comment Re:Apple is Guilty... (Score 1) 125

Being ordered by a court to do something doen't make Apple a part of that something. What it does mean is Apple has to respond to court orders, and typically the US Courts find there is no user privacy right in data held by a third-party provider. When Apple is subpoenaed for the contents of an iCloud account, they legally have to turn over that data.

But Apple has made design decisions that have reduced the visibility of data in the cloud, as over time Apple has encrypted more of it when it's sent to their servers from user devices. But Apple has been moving to protect more user data, instead of leaving protections as-is. Apple led a change of the needle on messaging security, as other platforms have worked to catch up to the end-to-end encryption of iMessage.

It may be that the US Government sees getting iMessage to use the same color for iMessage & SMS as a way to help keep people on older, more spying-friendly systems...well, at least the dumb criminals.

Comment Re:Apple is Guilty... (Score 1) 125

The US Government at various levels has been rattling the saber at Apple for a long time, long before quantum-secure key exchange was a thing. But Apple has been a consistent thorn in the side of American law enforcement, as they have legally demonstrated they cannot recover data from a locked iPhone. The curious bit of the timing may be more about Apple getting an improvement out ahead of concerns that the government could compel them not to.

The US Government's investigative agencies want access to iMessage conversations. That's just within DOJ. It doesn't require any coordination with multiple agencies. It's the DOJ potentially aiming to get a consent decree that lets other services federate with iMessage, including their own servers that could try to intercept (and decrypt) data in flight.

The DOJ's competence is getting court orders to tell companies to help. Apple has been good at delivering systems they can show to a court and legitimately say, "sorry, nothing we can do, it's about the security." Apple's own commentary about how opening up would weaken security could simply have been chum for the DOJ's staff.

Comment Re:Secure by design? (Score 1) 125

Fully replace the OS, sure, it's hardware, let people run their own software. A lot of it has already been figured out to put Linux on Apple Silicon Macs...

Require Apple to open up the actual iOS interfaces to allow functionality that could compromise Apple's design goals, which are part of the story of why to pick iPhone? No, that's just the Government regulating "ease of intrusion" into systems. I mean, who wouldn't trust our Governments with backdoors that could break into our secure systems, right? Right?

But just letting you replace the OS doesn't help the Government; the likely uptake rate would be low, and it doesn't guarantee the replacement OS has a doormat out for the government. Requiring unsanctioned sideloading, though, will make it easy for Government agencies to get code into a device to find new security holes to get around protection. That means ALL GOVERNMENTS; United State, Canada, Mexico, Panama, Haiti, Jamica, Peru.... and China, Russia, and Israel, too.

It's much easier to sell it to people that "we're trying to save you money!", isn't it?

</tinfoil>

Comment Re: Secure by design? (Score 1) 125

The Sherman Anti-Trust Acts prohibit cartels as well, as the recent settlement over real estate commissions has proven again. But, yes, what people defend often comes down to their pre-existing preferences. Game companies good, anti-hacker companies bad unless they are also "game companies".

What cut do the hardware manufacturers take from game developers? Sure, you can buy it on disc in retail, but the hardware vendor is still getting their cut, even without operating any of the 'store' infrastructure to sell it to you. Or, if you're going digital, they're making sure they're the store vendor. There is no "Epic Games Store" on PlayStation, Xbox, or Switch. They didn't even announce it for Android until after they'd announced their iOS store. I do hope Epic reports revenue from them separately.

Comment Apple is Guilty... (Score 0) 125

...of not letting the US Government spy on Apple's users.

After years of investigation, Apple pushes out updates for iMessage to use quantum-secure key exchange, and then action finally comes. Curious timing...

When I hear media reports of lock-in on iPhone, I typically think of green vs blue bubbles in iMessage. And how Apple keeps people using iMessage and not other, more spyable platforms. But the Government would look really bad if it filed suit against an American company for protecting user privacy, wouldn't it?

And, it's campaign season. Hey look, the current Administration it being hard on big tech!

Comment Re:We need a total reevaluation of antitrust law (Score 1) 125

Since breaking up Apple isn't a viable strategy here, and fining them will just be a cost of doing business... giving them 6 months to implement side loading or pay a hefty fine per day

You can't fine them, so tell them to do it or we'll fine them! *headdesk*

Apple's App Store doesn't seem much different from game platform marketplaces. Epic has their Game Store on Windows, sure, but do they also have it on Xbox, PlayStation, and Switch? Is Epic lobbying to bring their own Game Store to those Game Platforms? Heck, Epic only announced that they're going to make a store for Android yesterday. On a platform that has had no restrictions on opening additional stores. Weird, innit?

There is no "monopoly of the iPhone market". Just because there is a device with hardware that you would like to make/sell an app to do something with doesn't give you the absolute right to do that. Really, Apple should have responded to the EU DMA by just letting people replace iOS on the iPhone hardware, and then releasing an Android image for it that lets you sideload apps. And let Microsoft make a new 'Windows Phone" ROM to compete.... But remember PlayStation 3, just because the hardware is in there doesn't mean you'll get to use it with an alternate OS.

Comment Re:Secure by design? (Score 2) 125

If someone legally purchases a device, why should the company that built it be allowed to block him from running whatever software he pleases on it?

Sure, let the US government say Apple has to let people replace iOS on their iPhones. Let someone make an Android ROM for it, or their own OS platform. And while you complain about who controls the software that runs on a platform, also get the DOJ to go after Microsoft, Sony, and Nintendo for limiting homebrew developers from making their own games to give out or sell on their own web sites, separate from each platform's built-in store.

C'mon, side with the consumers...

Comment Re:Opinions in article (Score 1) 167

Trump won the popular vote in 3,084 out of 3,141 counties.

"Fake News!" That total shows up quickly in a search as from a Brietbart article, whereas the AP reported on that misinformation, along with their calculation that it was 2,626 for Trump and 487 for Clinton.

If you want to talk about the "entire margin", if Clinton had carried Texas instead of Trump, then she would have won the Electoral College and would be President. It's easy to look at the data and identify "the entire margin" wherever it's politically expedient.

Comment Re:Tech tribalism is a security research nightmare (Score 1) 54

So a user who works for Google on Android Security is here to defend the name of "Project Zero". At this point, your connection to the topic I think deserves to be clearly documented, for those who don't click through and read the profile of every commenter.

I know most of the P0 team, and they view themselves as independent from Google

TFA states Project Zero was using data from "Google's Threat Analysis Group (TAG)", which reads as other groups in Google feeding them data, which Project Zero dutifully turned into a lovely, Android-friendly PR report.

Regardless of what Project Zero may want to do, we can only look at what they have done, or how they have been used. TAG fed them data; is this report simply the result they hoped for, based on looking at P0's past work?

I'm sure P0 is anxious ... to prove their independence

Maybe they should prove their independence by not taking on tasks from other Google groups?

Comment Re:Tech tribalism is a security research nightmare (Score 1, Interesting) 54

It's not the research that's the issue, it's the PR. If Project Zero found a similar vulnerability in Android, would they have made a similarly dire post about their users having been vulnerable for years? Google's statement just reeks of PR masquerading in security researcher's clothing to protect it from the clawback.

Comment A Walled Garden is a Jail (Score 2) 77

And the warden knows that not all contraband is the same. But, still, you can't have the image that the rules aren't being enforced at all.

The gambling & porn apps will get a new EAC and move their users over; it's the hassle that they should have been planning for. Two of the apps in the article's table have multiple web presences, suggesting that some have planned for it.

For Facebook & Google, it's a PR issue. Apple may have scored points with the public for putting out this "we're protecting you against the big guys" story. It would look unseemly for Facebook or Google to directly point out the other contraband in Apple's jail -- nobody like a snitch.

But then the articles and commentary will come from people with ties to Facebook or Google, such as someone who "was the Lead Writer of Inside Facebook, ... covering everything about the social network", that "has moderated over 120 on-stage interviews" but lists only three: Edward Snowden, U,S, Senator Cory Booker, and Mark Zuckerberg.

I'm just saying, a little birdie told me...

Comment Unclear request is unclear (Score 2) 127

jez9999, first of all do you know of a TV that has a USB-C port on it? I haven't seen any of those beasts yet, but it will happen someday.

Second, not all USB-C ports are the same. Some USB-C ports only support USB protocols, while others can support Thunderbolt and/or video. So you'd need video support on both sides of the connection; the computer side is likely to be common either as raw video or a USB video device, but again it's about finding the TV with the support for video over USB-C...

HDMI can't supply power, but MHL can. Mobile High-Definition Link (MHL) can (but is not required to) provide power back to the video source from the TV, and a lot of TVs already support MHL. MHL can use either a USB Micro B connector or an HDMI connector, so maybe you should be looking for a solution with an MHL-enabled TV adapter?

Comment Pointy-Haired Bosses Endanger Secure Development (Score 1) 148

The big issue I see in my daily work life is that management acts as if using a third-party solution, be it proprietary or open-source, means we will receive perfect code at the beginning and never have to update it. We lock versions early in the dev cycle, but if a new version comes out mid-development there is a general distrust of changing to the new one.

And then, when the inevitable critical issue is discovered after we have release, we have no efficient plan on how to update. At least GPL solves that; when users have a pure-GPL system, they can always recompile/relink everything themselves after the big patch. But if I statically link a proprietary license library into our proprietary product, we have to step in and rebuild to get the fix out there. And the lack of preparation for this process does endanger security.

The management teams I've worked with are typically better at estimating and preparing for critical field breaks in "our" code. But that's why they like third-party, and that assumption of "perfect" that makes the future look so much better. So the bigger issue is that managers endanger secure software development.

Slashdot Top Deals

"What man has done, man can aspire to do." -- Jerry Pournelle, about space flight

Working...