Because of Apple's tendency to solder the SSD to the mainboard in the Mac Pro and all current MacBook laptops other than the non-Retina MBP, an upgrade requires replacing the whole computer at a substantial cost. Only external storage is "inordinately cheap" on a Mac, and not all laptop use cases make external spinning rust practical.
I don't know what Mac Pro you're looking at that has the SSD soldered to the mainboard, but in the one on my desk, the SSD is a PCIe interface that's plugged into a socket on the back of one of the graphics cards. There are even third party replacements for them: https://eshop.macsales.com/sho...
Sure, you could find lots of value in compression.... and you can get it with file compression utilities.
That's fine, so long as these utilities can let the user mount an archive read-only as a folder and thereby let other applications see the archive's contents as files in as a folder. Does macOS Sierra introduce anything that interferes with OSXFUSE?
You mean like creating a compressed.dmg disk image (a capability that's existed all the way back to 10.0.0) that (by default) is mounted in/Volumes/[disk name] but from the Terminal can be mounted anywhere you like?
Exactly. On one side of the camp we have Mac OS X (and later just OS X) 10.0, 10.1, 10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10 & 10.11 with minor updates coming out at 10.x.x On the other side of the camp we have Windows 95, Me, 2000, XP, Vista, 7, 8, 8.1, 10 with some of them receiving service packs, some receiving rollups and some getting service releases.
Aside from the fact that I don't think this is a very good idea (video tends to be large, email attachments shouldn't be large) Mail on OS X (and iOS for that matter) does this. If someone sends me an email and they've attached an MP4 file, it shows in my mail client and I click play and it plays in-place.
Some of it was likely legal, some of it was likely to be illegal torrents... From the actual article:
And then the downloads began: 14 seasons of MythBusters; 24 seasons of The Simpsons; the entire Wikipedia database; Microsoft software for his job; updates for his Xbox games; and "a lot of random other stuff". He also synced all his Spotify playlists offline.
Now, I'm sure it's possible to get some of that content legally, but at around $30/season for TV content through iTunes (just as an example, not saying this is where it came from), you're looking at over $1000 worth of content there.
As an amusing fact, the free data Sunday ran on the same day that Daylight Saving time ended, meaning he actually had 25 hours in which to suck down unlimited 4GX mobile data...
The impression I got was that Pinboard doesn't use IFTTT's API; IFTTT uses Pinboard's API but wants Pinboard to start using IFTTT's API for reasons that are only good to IFTTT.
What seems to be happening is that IFTTT is using Pinboard's API, or performing scraping of their HTML. IFTTT want to make all their "partners" provide an API for IFTTT to use, so it is easier for IFTTT to scrape their content. Some of their "partners" don't want to spend the time and money to write an API for their site to IFTTT's specifications, and don't want to sign a very one-sided legal contract with IFTTT.
IFTTT are then going out and telling their users that their "partners" no longer want to work with IFTTT and any channels (aka connectors) that link to their "partners" will stop working. They are neglecting to tell their users that the sole reason that these channels will stop working is because IFTTT are actually shutting them down and instead are implying that it's due to actions on the part of their "partners" that are stopping their channels from working. IFTTT already have the code in place, and working, to scrape content from their "partners" but they are shutting this down and will only work with partners that provide the API for IFTTT to use in the future.
XProtect isn't the same as rootless. You're right, to disable rootless (which protects a bunch of system files from being modified/deleted, even as root) you can do this.
XProtect is a signature-based anti-malware system - Apple pushes out silent updates to the signature definitions on a regular basis, but XProtect doesn't save you from shooting yourself in the foot when running as root.
I have an ever better reason the Government should be banned from buying Apple (or Microsoft): It ain't Open. You are "buying" a walled garden full of security holes and endless paid upgrades. The Government should only be purchasing truly Open systems.
Walled garden? From the point of view of someone buying a large number of devices, this is a positive, not a negative. Security holes? It's the lack of security holes that has lead us to this situation. Paid upgrades? Every new version of iOS is free of charge. Now, tell me - how many Android phones have been released that have never seen an upgrade released for them?
Exactly. As the phone is owned by the San Bernadino Health Department, why are they rolling out phones to employees without any proper MDM solution in place that would allow them to, among other things, unlock the phone even if they don't know the user's PIN/passcode? If the customer (San Bernadino Health Department) had have set it all up properly to begin with, this would all be moot.
Unless they jailbreak the phone (which is pretty risky given what is at stake) they can not update the firmware on the device without it being signed by Apple's keys. Writing the code to extract the data from the phone would not be that difficult for someone familiar with the inner workings of the phone. Getting it to run on the phone without being signed by Apple's keys is another thing altogether.
As the phone is owned by the San Bernadino Health Department, why are they rolling out phones to employees without any proper MDM solution in place that would allow them to, among other things, unlock the phone even if they don't know the user's PIN/passcode?
Yes - my reading of it is that if we have an external time source (the click track) we can keep time with that to very high precision, but if we're left to keep time on our own, we tend to drift all over the place.
According to the linked article from Malwarebytes:
It is different than most of the ransomware present nowadays. Instead of spreading to users and automatically infecting their machines, LeChiffre needs to be run manually on the compromised system. Common scenario of infection is that attackers are automatically scanning network in search of poorly secured Remote Desktops, cracking them, and after logging remotely they manually run an instance of LeChiffre.
Just how good is their security if something that has to be manually run on each system has completely pwned them?
There is something they could do that's more effective than blocking by IP address - not that I want them to start doing this however...
Apple don't do any checking on your IP address, rather they check the billing address of your credit card. It's a lot more difficult for someone living overseas to get a credit card with a US billing address than it is to get a VPN. Further, they must do some kind of monitoring of the usage of accounts that have a US billing address but the bulk of the content on the account is delivered to overseas IPs. Whilst they don't block it immediately, sooner or later they simply stop accepting that credit card as a valid payment method. It's not like the credit card is cancelled or blocked, as it still works perfectly for other online purchases, it's just that Apple stop accepting it (and don't really say why, other than it's not a valid payment method)
Netflix could quite easily implement checking the billing address on a credit card - this would possibly be even easier than trying to keep up with ever-changing lists of known VPN endpoint IP addresses. It will also stop more technical users who use something like Azure or AWS to roll their own VPN solution that has an endpoint that will not be on any list of known VPN addresses.
There's still no problem with cash transactions if you're rounding them to the nearest $0.05 Would you really care, or even notice, if your meal at Maccas came to $8.75 instead of $8.73, and they charged you an extra 2 cents to round it up? How about if it came to $9.30 instead of $9.32, and it's in your favour?
I did notice that, there were dropped pennies everywhere. My 6 year old daughter had a great time collecting them. I think she might have ended up with an extra 20-30c all up. Seems like no-one else even gave them a second thought.
What do you even use a penny for? I'm asking this as a serious question. Last time I was in the USA, I ended up with a pocketful of pennies that were pretty much useless. Who uses a few pennies to make up the price when paying for something, as opposed to pulling out a couple of bills instead and getting some change. Even the nickel is debatable if it's worth keeping or not.
More and more transactions are done electronically these days - so you can keep your $x.99 pricing if you want, and if it's an electronic payment, you get charged the exact amount. If you were to get rid of pennies, then when paying in cash the price would be rounded to the nearest 5c, not on each individual item, but on the total sale. 1c & 2c will always get rounded down. 3c usually gets rounded down (so, is to the benefit of the buyer). 4c and 5c gets rounded up. If you're getting put out at the total price for something being rounded up and costing 2c more than shown on the bill, you've got bigger problems than this.
How would you suggest breaking down the different types of certificates to assign them a security level? By the price of the certificate? By the rigour of the verification?
Technically there's no difference between a $0 Lets Encrypt cert, a $5 SSLs.com cert or a $250 Symantec cert - they are all basic SSL certificates and all use similar methods for domain verification (either put a named file in the root of your website, add a particular DNS entry to your domain or reply to email sent to webmaster@ postmaster@ or hostmaster@)
Then there are the green EV certs - they do undergo more rigorous verification of domain ownership, but then they already get the green address bar. When some of the biggest names on the internet, even those that run their own CAs, don't use EV certs, you have to ask yourself what the value is in them? Does anyone really care if the address bar is green or not? Would anyone notice if one day they went to, say, Symantec.com and the address bar wasn't green?
My wife has a VW diesel - there is absolutely no puff of black smoke coming out of the exhaust under hard acceleration. A lot of modern diesels have a DPF (diesel particulate filter) that removes soot from the exhaust and is pretty effective.
I believe encryption is built into Outlook, but I don't use it so can't comment on how easy it is to set it up and enable it. On OS X however, it is definitely built in to the Apple Mail app. If you have a private and public keypair for your email address in your keychain (a standard operating-system provided repository for secure items like passwords, keys and certificates) then Mail, without any additional configuration or prompting automatically enables signing and encryption for new emails.
If you're emailing someone for whom you don't have their public key, all you can do is sign the email (there's a button with a check mark in a star to indicate if it's signed or not) If they email you back with a signed email, their public key is automatically imported into your keychain and then from that point on, you can encrypt emails to them (next to the signing button, there's another one with a padlock to indicate the encryption status)
The difficult part is the whole web-of-trust thing involved in getting a digital signature, and the lack of most people's understanding of the importance of this. Oh, and last time I checked, Outlook on Windows was pretty painful when displaying encrypted emails - it doesn't decrypt the email for viewing in the regular message viewer, you have to double-click on the email to open it in a new window to view it. No, this isn't difficult, but when you're emailing people and they get annoyed that they have to double-click on your emails to view them, and not on anyone else's emails and they ask you to please stop doing whatever it is that you're doing that makes it behave that way.
These copper cables have a built-in anti-theft system, also known as the DAAT (Darwin Award Anti-Theft). 500kV is a pretty effective deterrent against pretty much anyone trying to get near them.
This is very common in the enterprise market. Fibre Channel switches are shipped with, say, 24 hardware ports and only 12 active. You pay more cash and they unlock the extra ports for you, so you don't need to replace the hardware. IBM have shipped SAN disk storage systems with X+more capacity and only X unlocked. When the customer needs more space, they give IBM more of their hard-earned and IBM unlock the extra capacity that is already on premises.
People on Mars will have one thing that's worth billions back here to the people who sent them. Cold, hard data. Information on Mars. Observations, results from experiments, detailed data that only a human on the ground can obtain.
Slashdot Mirror
You have inordinately cheap disk
Because of Apple's tendency to solder the SSD to the mainboard in the Mac Pro and all current MacBook laptops other than the non-Retina MBP, an upgrade requires replacing the whole computer at a substantial cost. Only external storage is "inordinately cheap" on a Mac, and not all laptop use cases make external spinning rust practical.
I don't know what Mac Pro you're looking at that has the SSD soldered to the mainboard, but in the one on my desk, the SSD is a PCIe interface that's plugged into a socket on the back of one of the graphics cards. There are even third party replacements for them: https://eshop.macsales.com/sho...
Sure, you could find lots of value in compression.... and you can get it with file compression utilities.
That's fine, so long as these utilities can let the user mount an archive read-only as a folder and thereby let other applications see the archive's contents as files in as a folder. Does macOS Sierra introduce anything that interferes with OSXFUSE?
You mean like creating a compressed .dmg disk image (a capability that's existed all the way back to 10.0.0) that (by default) is mounted in /Volumes/[disk name] but from the Terminal can be mounted anywhere you like?
Exactly.
On one side of the camp we have Mac OS X (and later just OS X) 10.0, 10.1, 10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10 & 10.11 with minor updates coming out at 10.x.x
On the other side of the camp we have Windows 95, Me, 2000, XP, Vista, 7, 8, 8.1, 10 with some of them receiving service packs, some receiving rollups and some getting service releases.
I don't want your account with a weak password to get pwned and send me spam or phishing emails.
Aside from the fact that I don't think this is a very good idea (video tends to be large, email attachments shouldn't be large) Mail on OS X (and iOS for that matter) does this. If someone sends me an email and they've attached an MP4 file, it shows in my mail client and I click play and it plays in-place.
Some of it was likely legal, some of it was likely to be illegal torrents...
From the actual article:
Now, I'm sure it's possible to get some of that content legally, but at around $30/season for TV content through iTunes (just as an example, not saying this is where it came from), you're looking at over $1000 worth of content there.
As an amusing fact, the free data Sunday ran on the same day that Daylight Saving time ended, meaning he actually had 25 hours in which to suck down unlimited 4GX mobile data...
The impression I got was that Pinboard doesn't use IFTTT's API; IFTTT uses Pinboard's API but wants Pinboard to start using IFTTT's API for reasons that are only good to IFTTT.
What seems to be happening is that IFTTT is using Pinboard's API, or performing scraping of their HTML. IFTTT want to make all their "partners" provide an API for IFTTT to use, so it is easier for IFTTT to scrape their content. Some of their "partners" don't want to spend the time and money to write an API for their site to IFTTT's specifications, and don't want to sign a very one-sided legal contract with IFTTT.
IFTTT are then going out and telling their users that their "partners" no longer want to work with IFTTT and any channels (aka connectors) that link to their "partners" will stop working. They are neglecting to tell their users that the sole reason that these channels will stop working is because IFTTT are actually shutting them down and instead are implying that it's due to actions on the part of their "partners" that are stopping their channels from working. IFTTT already have the code in place, and working, to scrape content from their "partners" but they are shutting this down and will only work with partners that provide the API for IFTTT to use in the future.
XProtect isn't the same as rootless.
You're right, to disable rootless (which protects a bunch of system files from being modified/deleted, even as root) you can do this.
XProtect is a signature-based anti-malware system - Apple pushes out silent updates to the signature definitions on a regular basis, but XProtect doesn't save you from shooting yourself in the foot when running as root.
I have an ever better reason the Government should be banned from buying Apple (or Microsoft): It ain't Open. You are "buying" a walled garden full of security holes and endless paid upgrades. The Government should only be purchasing truly Open systems.
Walled garden? From the point of view of someone buying a large number of devices, this is a positive, not a negative.
Security holes? It's the lack of security holes that has lead us to this situation.
Paid upgrades? Every new version of iOS is free of charge. Now, tell me - how many Android phones have been released that have never seen an upgrade released for them?
Exactly. As the phone is owned by the San Bernadino Health Department, why are they rolling out phones to employees without any proper MDM solution in place that would allow them to, among other things, unlock the phone even if they don't know the user's PIN/passcode?
If the customer (San Bernadino Health Department) had have set it all up properly to begin with, this would all be moot.
Unless they jailbreak the phone (which is pretty risky given what is at stake) they can not update the firmware on the device without it being signed by Apple's keys. Writing the code to extract the data from the phone would not be that difficult for someone familiar with the inner workings of the phone. Getting it to run on the phone without being signed by Apple's keys is another thing altogether.
As the phone is owned by the San Bernadino Health Department, why are they rolling out phones to employees without any proper MDM solution in place that would allow them to, among other things, unlock the phone even if they don't know the user's PIN/passcode?
Yes - my reading of it is that if we have an external time source (the click track) we can keep time with that to very high precision, but if we're left to keep time on our own, we tend to drift all over the place.
Here's some information on the accuracy of drummers, with and without a click track: http://musicmachinery.com/2009...
According to the linked article from Malwarebytes:
It is different than most of the ransomware present nowadays. Instead of spreading to users and automatically infecting their machines, LeChiffre needs to be run manually on the compromised system. Common scenario of infection is that attackers are automatically scanning network in search of poorly secured Remote Desktops, cracking them, and after logging remotely they manually run an instance of LeChiffre.
Just how good is their security if something that has to be manually run on each system has completely pwned them?
There is something they could do that's more effective than blocking by IP address - not that I want them to start doing this however...
Apple don't do any checking on your IP address, rather they check the billing address of your credit card. It's a lot more difficult for someone living overseas to get a credit card with a US billing address than it is to get a VPN.
Further, they must do some kind of monitoring of the usage of accounts that have a US billing address but the bulk of the content on the account is delivered to overseas IPs. Whilst they don't block it immediately, sooner or later they simply stop accepting that credit card as a valid payment method. It's not like the credit card is cancelled or blocked, as it still works perfectly for other online purchases, it's just that Apple stop accepting it (and don't really say why, other than it's not a valid payment method)
Netflix could quite easily implement checking the billing address on a credit card - this would possibly be even easier than trying to keep up with ever-changing lists of known VPN endpoint IP addresses. It will also stop more technical users who use something like Azure or AWS to roll their own VPN solution that has an endpoint that will not be on any list of known VPN addresses.
There's still no problem with cash transactions if you're rounding them to the nearest $0.05
Would you really care, or even notice, if your meal at Maccas came to $8.75 instead of $8.73, and they charged you an extra 2 cents to round it up? How about if it came to $9.30 instead of $9.32, and it's in your favour?
I did notice that, there were dropped pennies everywhere. My 6 year old daughter had a great time collecting them. I think she might have ended up with an extra 20-30c all up. Seems like no-one else even gave them a second thought.
What do you even use a penny for? I'm asking this as a serious question.
Last time I was in the USA, I ended up with a pocketful of pennies that were pretty much useless. Who uses a few pennies to make up the price when paying for something, as opposed to pulling out a couple of bills instead and getting some change.
Even the nickel is debatable if it's worth keeping or not.
More and more transactions are done electronically these days - so you can keep your $x.99 pricing if you want, and if it's an electronic payment, you get charged the exact amount.
If you were to get rid of pennies, then when paying in cash the price would be rounded to the nearest 5c, not on each individual item, but on the total sale. 1c & 2c will always get rounded down. 3c usually gets rounded down (so, is to the benefit of the buyer). 4c and 5c gets rounded up. If you're getting put out at the total price for something being rounded up and costing 2c more than shown on the bill, you've got bigger problems than this.
How would you suggest breaking down the different types of certificates to assign them a security level? By the price of the certificate? By the rigour of the verification?
Technically there's no difference between a $0 Lets Encrypt cert, a $5 SSLs.com cert or a $250 Symantec cert - they are all basic SSL certificates and all use similar methods for domain verification (either put a named file in the root of your website, add a particular DNS entry to your domain or reply to email sent to webmaster@ postmaster@ or hostmaster@)
Then there are the green EV certs - they do undergo more rigorous verification of domain ownership, but then they already get the green address bar. When some of the biggest names on the internet, even those that run their own CAs, don't use EV certs, you have to ask yourself what the value is in them?
Does anyone really care if the address bar is green or not? Would anyone notice if one day they went to, say, Symantec.com and the address bar wasn't green?
My wife has a VW diesel - there is absolutely no puff of black smoke coming out of the exhaust under hard acceleration.
A lot of modern diesels have a DPF (diesel particulate filter) that removes soot from the exhaust and is pretty effective.
I believe encryption is built into Outlook, but I don't use it so can't comment on how easy it is to set it up and enable it.
On OS X however, it is definitely built in to the Apple Mail app.
If you have a private and public keypair for your email address in your keychain (a standard operating-system provided repository for secure items like passwords, keys and certificates) then Mail, without any additional configuration or prompting automatically enables signing and encryption for new emails.
If you're emailing someone for whom you don't have their public key, all you can do is sign the email (there's a button with a check mark in a star to indicate if it's signed or not) If they email you back with a signed email, their public key is automatically imported into your keychain and then from that point on, you can encrypt emails to them (next to the signing button, there's another one with a padlock to indicate the encryption status)
The difficult part is the whole web-of-trust thing involved in getting a digital signature, and the lack of most people's understanding of the importance of this. Oh, and last time I checked, Outlook on Windows was pretty painful when displaying encrypted emails - it doesn't decrypt the email for viewing in the regular message viewer, you have to double-click on the email to open it in a new window to view it. No, this isn't difficult, but when you're emailing people and they get annoyed that they have to double-click on your emails to view them, and not on anyone else's emails and they ask you to please stop doing whatever it is that you're doing that makes it behave that way.
These copper cables have a built-in anti-theft system, also known as the DAAT (Darwin Award Anti-Theft). 500kV is a pretty effective deterrent against pretty much anyone trying to get near them.
This is very common in the enterprise market. Fibre Channel switches are shipped with, say, 24 hardware ports and only 12 active. You pay more cash and they unlock the extra ports for you, so you don't need to replace the hardware. IBM have shipped SAN disk storage systems with X+more capacity and only X unlocked. When the customer needs more space, they give IBM more of their hard-earned and IBM unlock the extra capacity that is already on premises.
People on Mars will have one thing that's worth billions back here to the people who sent them. Cold, hard data. Information on Mars. Observations, results from experiments, detailed data that only a human on the ground can obtain.
Either that or barter with something infinitely more valuable - information.