Posts by Daniel B.

@AC shilltard

There is hardly any mention of it from Microsoft ever - it only seem to be Microsoft shills that are getting their knickers in a twist that Microsoft are doing so badly in this space...

FTFY.

Re: What Freaks Me Out...

Everyone has always been looking for those backdoors. Remember NSA_KEY? The hacker community has been very suspicious since the early 2000s. We probably only need better SSL/TLS protocols or just use them for everything, as it seems that is spooking more the spooks.

Re: It could have been so different

Um, what exactly did he do to benefit MS?

MS wanted to Borg a phone manufacturer to raise their WP installed base, as most of their usual OEMs were flocking to Android. Nokia had one of the largest shares in the smartphone market, and somehow MS thought all those Nokia users would keep buying Nokia even if the OS was switched to Windows Phone. Instead, it was "Palm: The Sequel" as everyone just flocked to Android or iOS.

He did what the mothership ordered him to do, now if that was good for MS is an entirely different matter.

Flames because of burning platforms, get it?

Re: Inevitable

I've no doubt it won't take them much effort at all to port OS X to ARM and I wouldn't be surprised if they've already done it.

Technically, they already did it. iOS is basically a cut-down OSX to the core, which is what gave Ballmer the grand idea of using the NT kernel for the next WinPhone iterations. Of course, he forgot that OSX uses a far more suitable microkernel (Mach) while NT is still a monolithic monstrosity. I'm guessing that the only things that actually require porting are the apps themselves, as most of the base system is already ported to ARM.

I remember those days

... when I could bring up my old handset and have it linked to a new contract. This would enable me to avoid the compulsory 12/18/24-month period and be able to terminate my contract with only a 30-day notice. It's been years, maybe a decade since that ability went away as "bring your own phone" is no longer an option. I know, I tried to do this back in 2007 with my PAYG phone.

However, one thing I do know is that you might sign up for a 12, 18 or 24 month mandatory term contract ... but this is a minimum length. You can hold on to your contract after the mandatory term ends, and you'll be able to do the 30-day termination notice if you hold to it. This is why my carrier starts nagging me around my "expiration date" offering free handsets just to get me on a new contract. I also get a plus as I rack up more "client points" which make my next upgrade choice cheaper, and I get out a longer lifetime out of my current smartphone. My previous one (BlackBerry Bold 9700) lasted me 3 years, and would've probably lived longer had I not made the mistake of upgrading it to BBOS 6 (it couldn't handle that OS). I'm probably going to go down the upgrade path early this time round, but mostly because my current phone was obsoleted earlier than expected. I hope my next choice doesn't go down the same route...

Re: Harvey's law

If the hotel is crap enough and expensive enough that will not help either. Example the Etoille convention centre (nowdays Grand Hayatt) in Paris. Last time I was there (IETF 2011) it was killing any persistent sessions _INCLUDING_ port 443 and disallowing IM (so you use the hotel phone you know).

There are ways to getting around this as well, let's just say that I've encountered most of these scenarios. Yes, I'm including the persistent session killing on port 443.

Hotels should wise up on the fact that they aren't going to stop a skillful hacker from getting his/her unrestricted internet access. We're willing to pay for internet access (even if it is far more expensive in some hotels than what it should be), but we expect unfiltered access to the 'net when doing so.

Re: "Are you sure that you want to use this USB Storage device"

A keyboard could be a threat vector, especially coupled with a USB storage device.

It already exists. Google "Rubber Ducky USB". A USB "drive" that is actually showing itself as a keyboard, and can be programmed to type stuff upon being plugged in.

@45RPM

Um... you do know that phones are supposed to be resilient because *gasp* they will be carried and used in extremely harsh environments most of the time? My BlackBerries have survived countless falls, at least 4 super-soaking storms; my current one survived Monday's storm that flooded my freaking shoes as I was caught mid-commute on my motorbike. Any phone that can't handle that kind of beating is not fit for purpose. Phones that break if you look at them cross-eyed aren't fit for purpose.

Oh, and if you're a software developer, you should know that this also applies to software. Programs should not crash if someone inputs 1025 chars in a 1024 char field, if a network connection is broken/lost mid-transfer, of you get weird input, among other things. All exceptions should be handled safely. Your reservation system shouldn't break because someone inputted 2014-09-32.

Re: Won't make much difference at all

Yeah, my thoughts exactly. Most people "secure" their smartphones with a 4-digit PIN which is laughable by modern standards. Brute-forcing even an 8-digit PIN is done in seconds, probably minutes depending on the algorithm used.

"According to Cox's statement, Facebook has never required people to use their legal name, merely the name they are known under."

Yeah, I call BS as well. A friend of mine got his FB profile taken down, and was explicitly asked to show some ID if he wanted to have his profile reactivated. He just discarded it and opened up a new one elsewhere.

So when I hear Cox saying "it isn't required", he's outright LYING. And yes, there are many reasons why someone would not use their real name and/or use alternative profiles, work stuff being the #1 reason. Every single company that has tried to force "Real Names Only" on users has seen those attempts backfire in a very bad way real quick. Anyone remember Blizzard's "Real ID" situation from a couple of years ago? Remember how that ended? Now try to do that on FB en masse, I'm pretty sure FB's "userbase" would deflate faster than the Hindenburg. It would be glorious!

Re: Notes

Indeed. I used Notes at HighSchool and even my first college years because my university started using something called LearningSpace, which was based on Lotus Notes. I found the whole database groupware thingy pretty interesting; mostly the "replication" feature that allowed you to download the entire course database in one fell swoop, allowing you to work offline and just upload/download any changes later. This was a killer feature in the era of 33.6k dialup internet; I could bring my laptop on campus during our first days, jack into the campus LAN and replicate the whole semester's worth of databases (~400Mb, usually) and then do all my assignments at home, post them offline and just crank up replication, uploading only a couple Kb's worth of data over dialup.

We never used the mail feature, which seems to be what everyone hated about Notes. Thus I can't really comment on that, but it seems that the lack of usage of that particular feature is what gave us a better opinion on Notes.

Re: Supercaliawesomeheadline

hehehe. I knew I couldn't be the only one reading that headline while singing!

Re: I am a little reassured

My cursory understanding is that it's the time increment added to every wrong attempt that makes for ensured security.

Unless the underlying hardware is something with FIPS 140-2 Level 3 or 4 certified tamper-proof hardware (the kind that destroys the key if you try to open it up to extract the storage media containing the key) any "time increment" countermeasures are moot. I'm guessing any federal agency worth its salt will be able to rip apart the phone and then fire up a brute force PIN/password guessing program that is unhindered by these measures.

It would also be really fast for most phones, because most sheeple still use 4-digit PIN passwords to "secure" their phones. 10k attempts should be easy to brute-force through; even WPS now uses 8-digit passcodes and those are still brute-forceable.

Re: The difference is not traffic priority....

Indeed. QoS is an issue, but that is seen at the customer's endpoint side so that his 10 year old kid doesn't hog all his DSL pipe with uTorrent uploading slowing down TCP ACK traffic.

Your ISP is selling bandwidth to you. If they can't serve it, they are lying in their service terms. They should upgrade their links, end of discussion. And this guy is obviously talking about "smart networks" because he sells the stuff that would do that, not because he actually believes all that crap.

In fact, the Bell phone system is the perfect analogy to the Internet. All in all, everything is simply packet routing from A to B, the main difference being that everything is packet switched instead of circuit switched which allows for far more traffic to go through a single wire. TCP/IP in particular basically builds up a virtual circuit between two endpoints, each side just sees a two-way stream of bytes that will always arrive in order. Connections are similar to phone calls, where instead of phone numbers you have IP+port numbers. Another good thing of using the phone analogy is that it shows the travesty that NAT is, especially "CGNAT" which is how some ISPs get to squeeze their users and save on money by using one single routeable IP to serve hundreds of subscribers. In a Bell phone analogy, you would have the phone company giving you a "outgoing calls only" phone but charging you the same as a "incoming and outgoing calls" phone!!!