Posts by Tessier-Ashpool

Re: Other handset manufacturers are available

That would be Android Crème Brûlée, a thin brittle veneer over a sloppy mess.

Re: We live in a lovely world where third party software is completely benign

You obviously missed the forthcoming legislation that will force Apple to permit use of third party App Stores. The days of Apple-reviewed apps are numbered.

Re: How is Apple supposed to prevent use of email addresses to identify people?

I changed my longstanding Register email address to use a Hide My Email address a few months ago. It’s not difficult.

Re: Aargh!

Why? Because there is implied trust. You can’t even start a Visual Studio web project these days without it importing a plethora of third party nuget packages first, like certain JavaScript helpers.

From a security perspective, this is far from ideal. But it’s what happens routinely. Huge numbers of packages get downloaded millions of times by developers.

Let’s say you want, by this time tomorrow, to have an app that will compute distances between postcodes in a spreadsheet. Do you write the bulk of that code yourself taking weeks or months, or do you use one or more of the numerous helper packages to do the job? The vast majority of developers do the latter, and do trust by numbers. Package A has been downloaded a million times; must be safe, right? Of course not, but it’s what is practical. You have no easy way of knowing for sure that a package is benign.

Re: Password Manager

I don’t remember the last time I actually typed a password into a website. Safari/Keychain normally handles that for me. I presume saved passwords in Chrome would do the same?

Re: Meddling regulators

One founder amongst many others. What's your point?

Re: "it's too small for your cat to sit on"

Slightly off-topic, but I used to have an expensive AV amplifier that was the favourite resting place of my cat. One day he wasn’t feeling too good, and puked up into the device, which promptly stopped working. Grrr!

Re: Rainbow tables anyone?

No, it doesn't mean that. It's more like peering through an unfrosted window to see a door's key code written on the wall.

For a long long time, huge numbers of websites accepted a user's login on a form that is used to compute a crappy SQL command. e.g.

"SELECT TOP 1 * FROM [Users] WHERE [User] = ' " + $User + " ' AND password=' " + $Password + " ' "

which, if jbloggs 1234 is entered, maps to a string

SELECT TOP 1 * FROM [Users] WHERE [User] = 'jbloggs' AND password = '1234'

But what happens if someone, instead of typing jbloggs, types ' OR 1=1 ;

A crap website will, from this, construct a SQL command:

SELECT TOP 1 * FROM [Users] WHERE [User] = '' OR 1=1; AND password = '1234'

which will successfully find the first user in its [USERS] table, regardless.

Oops.

Decent websites won't do things this way, and certainly those that engage in penetration testing. But I daresay there are still quite a few around that are exposed to SQL injection of this kind.

Re: Threadripper? Deadripper more like.

Indeed, you could fry an egg on the intel chip.

I wouldn't use the M1 Pro for video encoding. I'd use its bigger brother the M1 Max, which has a ton of GPU cores available for that kind of work.

Or, of course, the M1 Ultra, if you have a few quid to spare.

Re: Keep It Simple, Stupid.

Once upon a time, in my early days as a dogsbody (and largely unsupervised) programmer, I formulated a couple of SQL queries for a web app that returned HTML to make the data look a little nicer.

I would sack myself as a hopeless case if I could go back in time!

Re: Late Gate

Since you know so much, exactly when did the bad guys find and exploit this vulnerability, and how long did it take Apple to address it? Do not forget to mention "stable door" in your answer.

Re: Saving energy?

How big is a 4G/5G cell?

5G has been rolling out in my nearest town lately, and I amuse myself on my regular jaunts to civilisation by keeping tabs on the 4G/5G CarPlay icon during my drives. When 5G pops up, it’s typically so for about 1km or thereabouts.

All those other browsers rely on iOS webkit, which is the source of this particular vulnerability.

Depending on your point of view, that’s a good or a bad thing. Personally, given that numerous other iOS apps and services depend on webkit, I’d say that centralising core code this way is for the best, even if the occasional howler surfaces.

Re: VISA will be just the first

I did read the article.

What the article fails to mention is that the scope of the increased charges are far greater for Visa Credit.

"Visa has announced similar changes to Mastercard, but with a larger scope. More specifically, the Visa changes will have significant impact on consumer card-not-present transactions, consumer refund transactions, and commercial transactions between the UK and the EEA."

Re: Near Real Time

I got an iPhone 13 mini a couple of weeks ago. The facial recognition is really fast and reliable. Whether I’m holding it, or using in a holder in the car. No complaints from me.

Slight Fanboi alert: I also have an iPad Pro with facial recognition. Far less reliable because I typically need to go out of my way to look in the right direction. With its much smaller angular diameter, look in the general direction of an iPhone and you’re going to be looking at the faceID scanner.

Re: Apple tracking

Settings | Advertising | Personalise ads | Off

iPhones are typically fully supported far more and more often than Android devices, including the rather important bits like the network stack / operating system that lets your browser do its thing.

ZuckZuckGo, surely.

Re: Great but ...

Logic Pro X and Final Cut Pro X are killer apps for the Mac. Great capabilities at a *very* reasonable price, and no software rental involved. Always in the top 5 of paid apps on the App Store.

Re: If it is similar to the last one

You'd need a juicy target for that approach to be worthwhile.

My understanding is that Pegasus is highly targeted at specific users.

Re: Looks interesting

I can think of one reason Apple might be against it; brand recognition. Just look at the efforts they go to on iGadgets to run Apple-approved apps.

Frankly I’m surprised Apple ever provided BootCamp on earlier Macs. And just as surprised that they don’t have the ARM Macs locked down hard to prevent any OS installation other than one signed by Apple.

Re: To be fair

To be even fairer, I’ve only seen snippets of Seinfeld, and I was already at the point of chewing my leg off to go see something that was actually funny.

Maybe it’s a classic case of humour not travelling well. But I don’t blame myself.

Re: What could go wrong with browser lock-in?

You could argue that letting any old browser rendering engine onto the iPhone would almost certainly lead to many more vulnerabilities. At least Apple WebKit vulnerabilities are addressed snappily.

Re: Pear shaped

I can’t be arsed to read all their blurb again in detail. But I seem to recall that the review staff are said to be just there to confirm the accuracy of the reporting process itself. Reading between the lines, I read that as: if we suddenly get a massive uptick of autosnitching, someone with eyes will be there to hit the kill switch.

Re: No upside for Apple, so... draw your conclusions

I can't speak for America, but in the UK, if a phone manufacturer is compelled to introduce technical means to get at private information, said manufacturer would be committing an offence if they disclosed that order.

Thanks, Theresa May!

Re: Dream on......

'Tis not I who is dreaming. Various senior political figures in the US and UK want backdoors into secure protocols. They are, of course, engaging in magical thinking, as has often been pointed out on this site.