Posts by Waseem Alkurdi

Re: Still plenty of good used laptops on eBay

Second- or third-gen Core i5? Runs hotter than an oven, battery lasts 30 minutes, if one is being generous.

Re: It's ugly

Of course it has <strikeTouchWiz</strike> OneUI - see the navigation bar.

I said x86 (the architecture), not Intel CPUs themselves. Your question was about how the choice of architecture could affect backdoor presence.

Backdoors could be built in any hardware including open-source hardware. You have to have perfect control of the supply chain, from the individual silicon wafers, even the machinery used to cut and process the wafers, to the couriers transporting your finished CPUs. An impossible amount of control, plain and simple, even for nation-states.

Same goes for software. You have to write your own assembly code if you want to be 100% guaranteed to be free of backdoors.

As you can't, there's still an element of inherent trust.

Re: Good but not great

A stateless laptop isn't a Chromebook. It has persistent storage, but that persistent storage is external to the laptop.

The whole concept of stateless means that the laptop itself doesn't have any chips capable of storing anything (including malware) - everything is moved to an external USB stick. Therefore, malware can't persist in firmware on the machine because the user can replace the stick on demand.

x86 is well-documented, despite not being open-source, and aside from MEI there's no persistent storage on the CPU (so a reboot should be enough to remove any malicious code provided that it isn't reintroduced on boot).

The previous release was faster than an i7-8700U, so faster than basically all laptops on the market at the time except gaming laptops and workstation laptops running H-Series chips.

These figures are very suspicious. They are based on benchmarks, which are prone to all sorts of fiddling. And that's for the same SoC on the same OS ... let alone when both are different.

But on the other side, perhaps this is why ARM Apple laptops are coming in 2021 or thereabouts?

Re: Can you root it?

It's a MediaTek chip - so a mixed bag, it may be very easy or nigh-on impossible. And Motonovo phones are traditionally anti-modding.

There are no-root solutions that use a dummy local VPN (that routes your traffic to an app on your device) ... but that's fishy unless the one you use is open source.

If you want a really moddable phone, go for a used flagship model (or low-end if it really has to be new) that has a Qualcomm chip and a leaked/available factory programmer. Xiaomi even officially supplies them (instead of them being leaked like LG's or OnePlus's ones).

Re: What makes you think it's Windows 7 ?

A whole lot of Windows versions between 95 and XP existed that did do gradients.

And it's definitely 7, based on the command prompt icon. That's the icon first introduced in Vista, and I sincerely hope this isn't Vista.

The command line background is blue, so it's possibly PowerShell in a Command Prompt window.

Re: Just one question

Why is it important for a website I visit to obtain knowledge on my Chrome installation ? I come with a browser, they serve the page, that's the deal. Why is it important that they be notified of any extensions I have ?

To fingerprint your browser (therefore you), so they could track you, so they could target ads depending on which websites you visit.

If I ever have the chance of meeting someone from Google, before shaking their hand I'm going to ask them the brand and size of their underwear, their shoe size, what deodorant they're wearing and how old their socks are. Let's see how they like that.

That's like the analogy I give to laypeople to explain this. Imagine that you're riding a cab when somebody slides into the seat next to you with a clipboard, asking you for where you live, where you work, what your interests are et cetera, jotting down your answers in minute detail. Any sane person would tell them to go mind their own business.

Re: Why is anybody expecting privacy?

The question is whether we should just silently watch them do it or kick up a stink.

But for this to happen, you need people to realize the big issue. However, on the other side you have:

(a) catchy arguments that ring, are easy to grasp and are mostly true (like the compelling nothing-to-hide argument) ... and:

If what they do is covered in new legislation then we need to apply pressure to ensure the legislation is enforced.

(b) lobbying against almost all hope of an actual implementation of such legislation by megacorps, because there's money to be lost because of such legislation.

Most people don't think of Google of a data mining operation, however misguided they may be.

Some people think that Google is a really nice philanthropic corporation (compared to traditionally ugly ones like the smoking and pharmaceutical ones), offering services for pittance in form of ads. Let them target me, I'm not that significant, such a person would say.

The people that understand and have concerns need to raise those concerns to have a chance of reining Google in.

Brings us back to (a). Scaremongering really works when the scaremonger uses catchy arguments and have lots upon lots of money to back them up.

Re: What logic is this?

You've made a mistake here which has proven my point: considering any of this equal to a home or social user.

Not so fast:

It's ok if people screw up doing something recreational because of a UI change when using Twitter/ Facebook/Instagram, or any other non-critical application.

A critical application isn't something that would get many changes and is something that is not supposed to get so many hands on it that retraining its users is a hassle.

Think of a hospital application, since life and death were mentioned.

A hospital application that allows the janitor to prescribe controlled substances is seriously flawed. And a hospital application that has its UI changed with every UX fad is also in deep need of a reality check.

TL;DR: critical applications should not suffer from the issue at hand, unless that critical application is incorrectly implemented.

Re: What logic is this?

3. Re-training users regarding updates

I find it odd how users could magically retrain themselves when it comes to Facebook/Instagram/Twitter/$ANTISOCIAL_APP/$PHONE_OS updates and major UI redesigns ... but not when a work system changes something ever so slight ... like Windows updates prior to Windows 8?

Like seriously, is the difference between XP and 7 even close to enough to reconsider retraining?

How's that even remotely useful to store data?

Re: Blame the apps

There are exploits that do not require administrative privileges, often resulting in privilege escalations.

Example: CVE-2014-4971