Posts by big_D

Re: Beware survival bias

On the other hand, how many smartphones and smartwatches from 5 or 10 years ago are still getting regular security updates? How many are still working? How many will still be working, let alone safe to use, in another 10 years?

It is true that many old watches will not still be working, but, treated well, they have a chance. Modern tech pretty much doesn't. It isn't designed to last and it probably won't last very long. Ceased disk drives, corroded circuits etc. You can't repair them as easily as you can a simple mechanical device.

We don't buy Internet of Trash stuff. We tend to buy the best quality "non-smart" stuff we can afford and, where some form of "smarts" is useful, we add a cheap "smart" to it. For example, the TV is just a TV, we plug in a FireTV for streaming "smarts", because it is cheap and can be replaced every 5 years or so, the TV on the other hand was expensive, so needs to last at least a decade. Will it last that long? Who knows, but if it was "smart", the software support would stop after 2 - 3 years anyway!

But even that is short term. Our first colour TV was bought in the early 70s. My father was still using it when he died 30 years later. My mothers Sunbeam hand mixer was a wedding present in the 50s, that worked for nearly 50 years, before the brushes in the motor burnt out - and she used it at least a couple of times a week.

How many smart mixers from today will still be working in 50 years?

CA verifies the key pair has been changed, too. And that the customer isn't just cycling between a couple of key pairs, and so on.

That is all in place now and well defined by RFCs. Just it is too much like hard work, so most browsers just ignore the process completely, pushing responsibility on the end user to manually double check the certificates haven't expired (ain't gonna happen).

Re: "they would have to store it in the UK"

GDPR states protection equivalent or better than the EU/UK. The US is a looooooong way off from providing that!

https://gdpr-info.eu/issues/third-countries/

one must check in a second step whether transfer to the third country is permitted. One must differentiate between secure and unsecure third countries. Secure third countries are those for which the European Commission has confirmed a suitable level of data protection on the basis of an adequacy decision. In those countries, national laws provide a level of protection for personal data which is comparable to those of EU law.

Andorra, Argentina, Canada (only commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, Japan and USA (if the recipient belongs to the Privacy Shield).

But the UK is no longer part of the EU and therefore Privacy Shield does not apply to UK data, so a new treaty between the USA and the UK will be needed, before UK data can legally be transferred to the USA. And the USA is still dragging its heels on Privacy Shield, they still aren't compliant with the treaty after nearly 4 years - for example they still haven't assigned a permanent ombudsman for privacy matters, as required under Privacy Shield.

Contrary to the spirit of GDPR? It is illegal under GDPR. You can't refuse access if the user doesn't opt-in.

You can't collect or use information without an opt-in and you can't refuse access if they don't.

Cookies are a sticky subject though. Essential first party cookies (which page you visited last, are you logged on etc.) don't necessarily need to be agreed to, but anything that collects PII as you move through the site does, as do all third party cookies.

Re: So what?

You can't make your own signed firmware with the public key. You need the private key to do that and that is exactly what he mentions, the "signing certificate".

I don't get the joke icon, shouldn't it have been Sherlock?

Icahn't is the poster child for everything that is wrong with stock juggling these days.

My favourite was Directory Opus on the Amiga. It is still around, but doesn't wake those memories somehow.

Re: So who is actually happy?

The Feds are trying to make somebody buy a controlling interest in Nokia or Ericsson, so that they can smile again... Hopefully Europe will tell them where to get off.

Re: Interpreted?

Which is exactly what I said.

If VB was interpreted, it would use the source code, like BASIC did. But VB compiles to pCode and that goes through a JIT. The VB code itself isn't interpreted.

Re: Good

I've worked at secure facilities and government institutions, where the conditions weren't as draconian or were better organised than Apple.

Re: The name was enough

The literary crowd is in good form this morning.

Re: Wow, DC is really out to get Huawei...

The US Government is like the child that cried WOLF!

They have made dozens of allegations over the last couple of years, without being able to back them up.

Now it just sounds like desperation, although there could be something behind this one. But people have become so weary of the US Government in Jumping Chimpanzee mode, that it will be hard for them to get people to believe the accusations, even if they are true.

Re: The Microsoft dung beetles have added yet another layer...

They've actually split it out into various dung balls, the core OS dung ball should therefore be lighter. Legacy Win32 runs in its own container and UWP applications in their containers.

Depending on what you actually use, in the way of software, it could be a lot slimmer and faster, at least in theory.

Re: Lifes not fair, life's just life...

"Oracle has declared to American Supreme Court justices that no company would make an "enormous investment" like it did in Java SE if rivals get a free pass to copy code simply because it is "popular" and "functional"."

Hmm, let me see, Linux Foundation, Red Hat, SUSE, Ubuntu, Greenbone Networks, Mozilla, I could name others, but there are lots of companies that invest heavily in open platforms.

Yes, most people I know balk at paying 500€ for a smartphone.

Re: Inevitable

I think you mean startups have to follow the laws, but the incumbents are so big, that they just complain it is impossible to do at scale and it is cheaper to just pay the fines...

Once the fines start reaching 4% of turnover, they might actually take notice.

Re: 108 Mpixels in a phone?

Take a look at the image in the article, it is flat, pixelated and, well, bloody awful...

Re: It's an obvious target, no?

I bought a 2007 iMac 24", it cost (with educational discount) about the same as an equivalent desktop + 24" display, which were damned expensive back then.

When I went to replace the iMac, the prices had increased, even though the prices of the hardware, especially the display, had plummeted on the PC side. In the end, I looked at a MacBook Pro, but they didn't have a quad core i7 at that time, just dual core, and a quad core i7 Windows laptop from Sony cost less than half what the Mac cost... As all the software I needed ran on both platforms, I saved myself about 1,500€.

Re: Good Guys??

Cisco has spent the last 2 years removing one backdoor after another from its code, after they had been "discovered" by security researchers and alleged internal audits.