So, according to you, National Intelligence organizations (specifically MI5/6) should give magical invisibility cloaks to spies & terrorists as soon as they get a 2 year journalism degree or pass the Bar?!? That's clearly just as much demagoguery as Shakespeare's "The first thing we do, let's kill all the lawyers." and just as workable.
No. French ISP users generally have control over whether the hotspot is publicly shareable or not. My experience is with Free but the other French ISPs should be comparable. People that want to use the hotspots of other users have to explicitly activate sharing on their box as this is how they obtain the username & password needed to pass through the captive portal on the public SID. Users that do not share their bandwidth turn off the public hotspot, but lose the ability to use the hotspots others on their ISP have made available.
The bandwidth available to the public SID is throttled so that public users cannot swamp the home users. While there have been problems in the past with french ISP's deliberately letting the links with youtube fill up as a negotiating technique to get Google to cough up money this hasn't been a problem in a long time. My 31.98€ per month fiber optic Freebox is faster & cheaper than just about any other ISP.
No, i have first hand knowlege of cloud clients and am not afraid to take the karma hit by posting the truth using my account, unlike you, basement dweller.
Apparently you think that the NSA can be blamed for increased competition in cloud services & nationalism pushing companies to use local solutions once alternatives were available.
there is no web server in a normal recent OSX installation.
I think you might be wrong. I'm looking at a Mavericks install in front of me. Only thing installed other than the base OS is ARD./usr/sbin/httpd is there, and when run it attaches to port 80.
Delivering the binary on a default OSX installation doesn't make shellshock exploitable on OSX systems, it needs to be running, which it isn't on the vast majority of OSX systems. I've bolded the part of your own post where you admit that this isn't the case. Yeah, I had a brain fart and forgot to type "running" in "there is no web server", it doesn't change my point: No running web server on the vast majority of OSX devices means that shellshock isn't as severe for Macs as some have been saying.
No. In recent versions of IOS, Macs do not run local web servers. People have to add in a web server by themselves & very few do so. In your little corner of the world (assuming you do web development or some such), people may add a web server (through macPorts or the Server Application) but there is no web server in a normal recent OSX installation. Yeah, there is the niche of MacMinis that people use as servers where this is not true, but they are the tiny minority. Most Macs sold today are either Airs or MacBooks & very few people want to have a local web server or "other advanced unix services"* on them.
As for your comment on their being "rarely updated", that's rich given the antiquated, nay archaic RHEL servers often I see in datacenters on things like Cisco VOIP gear.
The people geeky enough to be aware of the attack so far are also probably aware of how to update bash all by themselves. Everyone else will be able to get the update shortly when Apple publishes a fix.
For web servers that allow cgi scripting, yeah I see that it could be bad. I also noted the dhclient-script problem on Linux clients. However, I don't see this as being a major exploit for Macs (which run Web servers very rarely) & do not use the same dhcp-client mechanism as Linux & don't seem to be vulnerable.
If it's not remotely exploitable on OSX, even if the bug is present in the system bash, it's not as critical as some are trying to make it look.
Please correct me if I'm wrong with a remote exploit that works on Macs.
As far as I can see, the vulnerability is a remote exec for the following cases: - Use of web server on the platform using CGI scripts - For Linux devices that are configured to use DHCP, dhclient-script, a rogue DHCP server can pass in exploit code.
This is supposed to be worse than heartbleed which leaked the contents of system memory? OK for web servers I see the danger, but this doesn't seem to be a major exploit for people not running web servers & using fixed IPs.
Macs in particular rarely have web servers running on them & their DHCP client mechanism is different.
I'll "climb off my high horse" (stop pointing out that you are a blathering idiot making false statements) when you stop saying stupid shit.
I have no problem with criticism of Apple, Microsoft, Google, etc, when it is factual. Learn how Bluetooth works or STFU. Snort, uppity... Happens to you a lot doesn't it. You publicly jump to a false conclusion on a subject you know very little about and those around you start beating you with a clue stick. All those "uppity" people who actually take the time to learn about the subjects they talk about, pointing out again and again where & why you are wrong...
If your only incompatible BT devices are iDevices than you've visibly been exposed to very little BT kit. Who was it that ignorantly & falsely stated "they are the guys who think Bluetooth is just for syncing with your computer.". You did. Did this statement come from a wealth of experience? No, quite the opposite. Did any research whatsoever go into it? No, you never even took the time to look up BT on Wikipedia. Do you have any idea how BT works? No, that's much too much work. You expect things to just blindly work. If you were a doctor, you'd transfer blood to & from patients without typing & then blame those that died for some imaginary reason.
You think bluetooth profiles and chip design and different storage and ram types and battery technology and the plethora of other things that go into everyday devices are all the same, which only true in that they all have one thing in common: You understand none of it.
You are a fool. every post confirms it more & more.
Ahhhh, all becomes clear. You clearly have no idea what Bluetooth profiles are, are unaware that different telephone manufacturers use different profiles & ignorantly blame Apple for not implementing the BT profiles on some other non/PC/Mac device that you use.
The problem isn't with Apple but with the BT forum for allowing the plethora of incompatible BT profiles. As mobile devices are ressource constrained, each manufacturer chooses the BT profiles they support. PCs & Macs not having this problem, support pretty much all of them. Thus it is possible to transfer from BT devices to/from a PC/Mac as I have been doing for years, while being impossible to transfer between two different BT devices. Use of two devices from the same manufacturer will work (because they use the same BT profiles) but use of devices from different manufacturers often will not (different profiles).
The BT profile morass is what, in large part has made the use of BT devices a PITA as it is difficult to determine what profiles are are used in 2 devices spending hours debugging them & often discovering that they are incompatible. Each & every one of the devices is BT compliant, yet they cannot work together. It is no more Apple's fault for choosing profile X Y & Z than it is Motorola's for choosing A B & C & Lenovo's for choosing D E & F. Next time learn a little more about the subject before ignorantly criticizing Apple (or Motorola, or...).
Contrary to to the ignorant tripe you were spewing, general BT file transfers has been available on iOS since at least the 3GS but don't let that stop you from exposing your ignorance. I suppose we should judge your sanitary habits from back when you regularly dumped into your nappies, because like the iPhone it's not as if anything has changed in the meantime, right?
Given how many bluetooth accessories you can buy directly from Apple, claiming that Apple "are the guys who think Bluetooth is just for syncing with your computer", is wilfully ignorant.
Australia & Europe NFC seems to be SoftCard based from what I understand. Apple Pay will be compatible with Softcard (with additions like needing the fingerprint reader to authorise sales instead of just accepting all requested payments blindly).
Good job in exposing your ignorance. Apple Pay uses the contactless specification of the EMV standard to provide "industry-standard EMV-level security” -- essentially the existing SoftCard EMV standard. There will be no wait, Apple Pay can be used wherever Softcard is deployed.
Apple Pay's adds onto the SoftCard a level of security in using the secure fingerprint reader & in not being able to see user transactions (whereas Google Wallet leaves itself in the loop so that they CAN see each transaction).
Thanks for the link to concordance, I might start using the harmony again.
My problem with a system that I might use to program household devices like lights, temperature etc, is that if the programmation is not private, it could be used to determine whether or not anyone is home. I do NOT trust Logitech with that level of information...
Re:No good for older iPhones
on
iOS 8 Review
·
· Score: 3, Informative
Awww, poor guy, he got 3-4 years of use & upgrades out of his old iDevices. It's soo much better on Android where most devices are sold with outdated firmware & never updated. Not just abandoned but orphaned at birth.
Adding to your insightful commentary, I do NOT want anyone to access the programming I have setup on my devices because I do not want anyone with possibly malevolent intentions being able to guess when I am home/on vacation.
Then they need to add a button that lets me download the needed device definitions when needed but let me configure the remote OFFLINE! I have a Harmony that I abandoned precisely because their web interface is slow, kludgy and reveals information that I do not want people outside my home to know.
If Logitech thinks that I am going to export even more information on the devices I use & what I am doing with them so that they can sell it to others, they have another thing coming.
Defending whom exactly? Anyone who pays attention already knows how to prevent automatic downloads of music to their iDevices (turn automatic downloads of music off) & knows how trivially it is to remove tracks from their iDevice (swipe left).
So who is it that "we" are supposed to be defending? The clueless who change their automatic downloads of music to on & then lie that "Duh Music just appeared by majik"? The apple haters who don't even own an iDevice but are attempting to label a wart a mountain? The U2 haters who rag on & on that the group hasn't come out with an original song in a decade? My $DIETY the Embarrassment!!! The people that are opposed to getting a free album of music that they may not appreciate but that can delete it trivially?
Who exactly is it that you are shrilly claiming needs saving? I can tell you this, it's not a normal iDevice user who pays attention when setting up his/her iDevice, appreciates free music if it's to his/her taste and deletes the album otherwise.
That "design milestone" by Boeing comment is completely unsupported & is in all probability false.
Boeing has yet to exit the design phase & has no hardware at present, while Dragon 1 has made multiple flights to ISS & Dragon II flight hardware is being assembled NOW.
Slashdot Mirror
So, according to you, National Intelligence organizations (specifically MI5/6) should give magical invisibility cloaks to spies & terrorists as soon as they get a 2 year journalism degree or pass the Bar?!? That's clearly just as much demagoguery as Shakespeare's "The first thing we do, let's kill all the lawyers." and just as workable.
No. French ISP users generally have control over whether the hotspot is publicly shareable or not. My experience is with Free but the other French ISPs should be comparable. People that want to use the hotspots of other users have to explicitly activate sharing on their box as this is how they obtain the username & password needed to pass through the captive portal on the public SID. Users that do not share their bandwidth turn off the public hotspot, but lose the ability to use the hotspots others on their ISP have made available.
The bandwidth available to the public SID is throttled so that public users cannot swamp the home users. While there have been problems in the past with french ISP's deliberately letting the links with youtube fill up as a negotiating technique to get Google to cough up money this hasn't been a problem in a long time. My 31.98€ per month fiber optic Freebox is faster & cheaper than just about any other ISP.
No, i have first hand knowlege of cloud clients and am not afraid to take the karma hit by posting the truth using my account, unlike you, basement dweller.
The problem is that Timothy is a link baiting /. editor intent on turning it into reddit.
Apparently you think that the NSA can be blamed for increased competition in cloud services & nationalism pushing companies to use local solutions once alternatives were available.
there is no web server in a normal recent OSX installation.
I think you might be wrong. I'm looking at a Mavericks install in front of me. Only thing installed other than the base OS is ARD. /usr/sbin/httpd is there, and when run it attaches to port 80.
Delivering the binary on a default OSX installation doesn't make shellshock exploitable on OSX systems, it needs to be running, which it isn't on the vast majority of OSX systems. I've bolded the part of your own post where you admit that this isn't the case. Yeah, I had a brain fart and forgot to type "running" in "there is no web server", it doesn't change my point: No running web server on the vast majority of OSX devices means that shellshock isn't as severe for Macs as some have been saying.
No. In recent versions of IOS, Macs do not run local web servers. People have to add in a web server by themselves & very few do so. In your little corner of the world (assuming you do web development or some such), people may add a web server (through macPorts or the Server Application) but there is no web server in a normal recent OSX installation. Yeah, there is the niche of MacMinis that people use as servers where this is not true, but they are the tiny minority. Most Macs sold today are either Airs or MacBooks & very few people want to have a local web server or "other advanced unix services"* on them.
As for your comment on their being "rarely updated", that's rich given the antiquated, nay archaic RHEL servers often I see in datacenters on things like Cisco VOIP gear.
The people geeky enough to be aware of the attack so far are also probably aware of how to update bash all by themselves. Everyone else will be able to get the update shortly when Apple publishes a fix.
* As labeled by an Apple spokesperson.
No, all you said was "These are the guys who think Bluetooth is just for syncing with your computer.".
Still wrong, still ignorant.
Yeah, but that's not a remote exploit.
However, Ars was a little more informative: CUPS is apparently vulnerable and gives a remote exploit on OSX too...
For web servers that allow cgi scripting, yeah I see that it could be bad. I also noted the dhclient-script problem on Linux clients. However, I don't see this as being a major exploit for Macs (which run Web servers very rarely) & do not use the same dhcp-client mechanism as Linux & don't seem to be vulnerable.
If it's not remotely exploitable on OSX, even if the bug is present in the system bash, it's not as critical as some are trying to make it look.
Please correct me if I'm wrong with a remote exploit that works on Macs.
As far as I can see, the vulnerability is a remote exec for the following cases:
- Use of web server on the platform using CGI scripts
- For Linux devices that are configured to use DHCP, dhclient-script, a rogue DHCP server can pass in exploit code.
This is supposed to be worse than heartbleed which leaked the contents of system memory? OK for web servers I see the danger, but this doesn't seem to be a major exploit for people not running web servers & using fixed IPs.
Macs in particular rarely have web servers running on them & their DHCP client mechanism is different.
I'll "climb off my high horse" (stop pointing out that you are a blathering idiot making false statements) when you stop saying stupid shit.
I have no problem with criticism of Apple, Microsoft, Google, etc, when it is factual. Learn how Bluetooth works or STFU. Snort, uppity... Happens to you a lot doesn't it. You publicly jump to a false conclusion on a subject you know very little about and those around you start beating you with a clue stick. All those "uppity" people who actually take the time to learn about the subjects they talk about, pointing out again and again where & why you are wrong...
If your only incompatible BT devices are iDevices than you've visibly been exposed to very little BT kit.
Who was it that ignorantly & falsely stated "they are the guys who think Bluetooth is just for syncing with your computer.". You did.
Did this statement come from a wealth of experience? No, quite the opposite.
Did any research whatsoever go into it? No, you never even took the time to look up BT on Wikipedia.
Do you have any idea how BT works? No, that's much too much work. You expect things to just blindly work. If you were a doctor, you'd transfer blood to & from patients without typing & then blame those that died for some imaginary reason.
You think bluetooth profiles and chip design and different storage and ram types and battery technology and the plethora of other things that go into everyday devices are all the same, which only true in that they all have one thing in common: You understand none of it.
You are a fool. every post confirms it more & more.
Ahhhh, all becomes clear. You clearly have no idea what Bluetooth profiles are, are unaware that different telephone manufacturers use different profiles & ignorantly blame Apple for not implementing the BT profiles on some other non/PC/Mac device that you use.
The problem isn't with Apple but with the BT forum for allowing the plethora of incompatible BT profiles. As mobile devices are ressource constrained, each manufacturer chooses the BT profiles they support. PCs & Macs not having this problem, support pretty much all of them. Thus it is possible to transfer from BT devices to/from a PC/Mac as I have been doing for years, while being impossible to transfer between two different BT devices. Use of two devices from the same manufacturer will work (because they use the same BT profiles) but use of devices from different manufacturers often will not (different profiles).
The BT profile morass is what, in large part has made the use of BT devices a PITA as it is difficult to determine what profiles are are used in 2 devices spending hours debugging them & often discovering that they are incompatible. Each & every one of the devices is BT compliant, yet they cannot work together. It is no more Apple's fault for choosing profile X Y & Z than it is Motorola's for choosing A B & C & Lenovo's for choosing D E & F. Next time learn a little more about the subject before ignorantly criticizing Apple (or Motorola, or ...).
Contrary to to the ignorant tripe you were spewing, general BT file transfers has been available on iOS since at least the 3GS but don't let that stop you from exposing your ignorance. I suppose we should judge your sanitary habits from back when you regularly dumped into your nappies, because like the iPhone it's not as if anything has changed in the meantime, right?
Oh, puhlease. Abraham Lincoln's must have been presciently thinking of you when he said: "Better to remain silent and be thought a fool than to speak out and remove all doubt."
http://support.apple.com/kb/PH...
http://support.apple.com/kb/HT...
I share my iPhone's 4G to my rMBP daily over bluetooth. Yet another use of bluetooth on iOS which directly contradicts your ignorant statements...
Given how many bluetooth accessories you can buy directly from Apple, claiming that Apple "are the guys who think Bluetooth is just for syncing with your computer", is wilfully ignorant.
Australia & Europe NFC seems to be SoftCard based from what I understand. Apple Pay will be compatible with Softcard (with additions like needing the fingerprint reader to authorise sales instead of just accepting all requested payments blindly).
Look here for more info.
Good job in exposing your ignorance. Apple Pay uses the contactless specification of the EMV standard to provide "industry-standard EMV-level security” -- essentially the existing SoftCard EMV standard. There will be no wait, Apple Pay can be used wherever Softcard is deployed.
Here. Read this and the associated documents.
Apple Pay's adds onto the SoftCard a level of security in using the secure fingerprint reader & in not being able to see user transactions (whereas Google Wallet leaves itself in the loop so that they CAN see each transaction).
Thanks for the link to concordance, I might start using the harmony again.
My problem with a system that I might use to program household devices like lights, temperature etc, is that if the programmation is not private, it could be used to determine whether or not anyone is home. I do NOT trust Logitech with that level of information...
Awww, poor guy, he got 3-4 years of use & upgrades out of his old iDevices. It's soo much better on Android where most devices are sold with outdated firmware & never updated. Not just abandoned but orphaned at birth.
Adding to your insightful commentary, I do NOT want anyone to access the programming I have setup on my devices because I do not want anyone with possibly malevolent intentions being able to guess when I am home/on vacation.
Then they need to add a button that lets me download the needed device definitions when needed but let me configure the remote OFFLINE! I have a Harmony that I abandoned precisely because their web interface is slow, kludgy and reveals information that I do not want people outside my home to know.
If Logitech thinks that I am going to export even more information on the devices I use & what I am doing with them so that they can sell it to others, they have another thing coming.
Defending whom exactly? Anyone who pays attention already knows how to prevent automatic downloads of music to their iDevices (turn automatic downloads of music off) & knows how trivially it is to remove tracks from their iDevice (swipe left).
So who is it that "we" are supposed to be defending?
The clueless who change their automatic downloads of music to on & then lie that "Duh Music just appeared by majik"?
The apple haters who don't even own an iDevice but are attempting to label a wart a mountain?
The U2 haters who rag on & on that the group hasn't come out with an original song in a decade? My $DIETY the Embarrassment!!!
The people that are opposed to getting a free album of music that they may not appreciate but that can delete it trivially?
Who exactly is it that you are shrilly claiming needs saving? I can tell you this, it's not a normal iDevice user who pays attention when setting up his/her iDevice, appreciates free music if it's to his/her taste and deletes the album otherwise.
That "design milestone" by Boeing comment is completely unsupported & is in all probability false.
Boeing has yet to exit the design phase & has no hardware at present, while Dragon 1 has made multiple flights to ISS & Dragon II flight hardware is being assembled NOW.