"But the 5s and newer still have the problem where the firmware can be reflashed without wiping the encryption keys. So, yes, when the most recent Apple phones are still vulnerable."
doesnt matter when the keys are in the chip and the chip enforces the 10 time limit. which is not on 5c. everyone knew that if you had bootloader hack or the bl keys, you could defeat it on 5c.
c: they found someone who had a bootloader hack that then makes it possible to alter the fw to have unlimited attempts because on 5c that is a sw check. the key comes from hw after giving the pin but the 10 attempts limit on 5c is in sw.
really that is the only thing that needed hacking to achieve this. it doesnt work for newer iphones.
both the fbi and apple have been full of bs talk in regards to this.
Everyone knew. it is 5 c. no secure enclave. the wipe is in sw. if you have bootloader hacked or bl certs it is easy. why seemingly nobody on slashdot understands this i cannot nderstand.
brings up an another issue... surely they had someone testify that the records were at least probably true too? I mean, it wouldn't take that much to fake some 57 year old records?
that they werent used 57 years ago is another matter..
well, consider a case of asteroids vs. blasteroids.
and this is the most generous comparison on games aging on something that has ATARI slapped on it, too.
blasteroids is a 1987 arcade game, an asteroids clone/sequel, with basically vga grade graphics, some sample music and fm sound and such. as a game it doesn't look too bad and could be something released for mobile this year labeled as "pixel graphics". amiga/atari st versions of it look passable in comparison with the arcade.
asteroids original is a line graphics game, same controls and all that, but something with that style of graphics would not have been released this year for anything. someone with no apprecation for the graphics style/technicalities of it would just complain of headache. the 2600 version of it is just awful.
what's particularly shitty about this compilation is that it's all late 70's/early 80's stuff - early arcades and 2600.also, I would imagine the target audience having had bought the very few good titles on the 100 list already SEVERAL TIMES on ALREADY RELEASED COLLECTIONS that have bee on the market for OVER TWENTY FUCKING YEARS - with the exception that those other collections usually included some of the better aged later titles. this compilation has a strict cutoff point of: "Would this game concept as it is have sold in 1986"?
it would have meant axing 75% of their os engineers anyways and to cut 95% of os dev subcontracting.
they had like 3000+ staff working on symbian while 100 would have sufficed. another 1000+ on the linux stuff(these are on paper abouts numbers. actual code contributing to customer shipping product people were of course something like 5% of that). you try doing developing like that.. making a customer facing app change might involve 5+ department heads and people working in 3 companies, due to some department that was keeping some api as hostage didn't want to add something or another because that would have meant that they would have needed another department to change another api. layers like that and 3rd parties got only scrubs even if they paid nokia thousands for "support" and 700 euro per app release(later only 350!) - and yes, due to the backroom deals that were arranged to provide business to signing houses, it would cost 700 euros to make an update signed to your silly one person developed app. and before that waiting a year to get certificate to develope it in the first place.
thats like 10x what it costs to be an android developer and update as often as you want - and the sdk isn't a piece of shit either.
you think that the patent actually describes anything about how to make their glove or how it _actually_ works? HAHAHAH HAHA HAH AHAH AH HAAHAH H AH AH AH AH AH.
look, if you want to look at powerglove patents, various methods of doing the sensors and such, you need to go back to the '80s. the mattel powerglove didn't spring out to existence out of nothing. lots of research and expired patents related to that, covering most of the ways you could do it.
if they have made a new nanomaterial or whatever flex sensors, they should patent those - not the glove.
sony is just patenting generic vr glove stuff to have as ammunition.
no, you add it to the procurement request that the provider of the hardware agrees to. then you shouldn't be even offered.
just test it with a live cd, usb stick boot or whatever the fuck you want then afterwards and if it turns out not to run it then use it to twist the arm of the hardware provider to give money back or whatever for not following the contract,
if you absolutely need to have a surface rt for testing or whatever then you're going to be procuring the hardware through other channels anyways.
the article is confusing. googling for water splitting half reaction results mostly just in this article or copies of it itself.
they can pluck the h2 from the O but the O doesn't want to O2? and it just reacts back to water? so they can make H2 from water with 100% efficiency except that they can't?
in their not-just-water(they mention "high ph") solution? I'm not sure this is big enough news to tout all over the world with a trombone as they seem to be doing.
someone ordered an airstrike there, military didn't check the coords from another source if it's a no shoot coordinate.
basically the problem is that us military works as order-an-explosion service for whoever social engineers how to get them to shoot. whoever provides them with the 'intel' gets to enjoy the benefits. like all the yemeni 'rebels' getting hellfired. who fingers them? their local rivals, duh. neither the fingerer or the one who gets exploded is particularly pro-US or anti-US in any way and because US makes 0 effort in apprehending the 'suspects' or even notifying them that they're 'suspects' then anyone who says they're an ally of US can just order strikes on their local rivals and nothing gets fact checked. just a waste of money and lives and results just in bad will against the US, so entirely pointless.
john doesn't have the firmware signing certs or the 0-day fw jailbreak(and ios sources.. maybe doable without the ios sources but would take a lot longer)..
it's not about making even vulnerable code. what the fbi wants in the iphone 5c case is to make a fw that boots the phone and has the 10 tries wipe command disabled. entirely doable on iphone 5C, with apples fw cert and ios sources it's just an afternoon to do what the FBI requests and it will not compromise anything else than the phone it is loaded on. if apple doesn't then leak that build+source then other iphone 5C's are still as secure as ever.
keep in mind that this attack on the iphone 5C needs apples cert and firmware sources to be easy, but if you have those then it is so easy to do that it is as good as done already - so replicating this attack by a 3rd party is not any more likely before or after apple provides the bruteforcing of the pin for this one iphone 5C. the vulnurability status of any other iphone 5C would remain the same and the legal precedent for apple to provide this service would diminish in importance quickly as iphone 5C's leave the market.
on 5S, 6 or anything later, they already have the further mechanism for wiping the key that doesn't depend on the OS.
what phone stealing gangs want is not to get the pin either, what they want is a jailbreak and the apple certs to write firmware to make builds that disable findmyiphone.
why is apple so reluctant then to provide this and spins it as being something different than it is in the media then? who the fuck knows, maybe some of the other cases is about decrypting an iphone 5C with info on how apple is circumventing taxes or some shit like that, maybe they scare that people don't understand why they could do it with this 5C and not 5S and would lose face - OR they were previously lying about secure enclave(5S) and it would affect them as well, if they were not lying about secure enclave capabilities then this should not affect them at all.
and geez, a brute forcer is not "vulnerable code". they just want a build on that phone that they can boot from usb that doesn't instruct the cpu to wipe the internally stored key after 10 attempts - and 15 mins more to do the brute forcing in phone. it's a very simple request that doesn't compromise anything else and would be doable anyways if you could get around the bootloader - AAANYWAYS.. apple has never denied that they COULD do this so from that viewpoint it is _already_ vulnerable to this kind of attack. the fbi request in the media is _not_ about adding a backdoor into the operating system - it's more like making a build with a new front door that doesn't burn the house down if you try to open it with the wrong keys.
you can't really _add_ backdoor to access a password from a guy that is already dead you know. the way to get the code is already in it and it is the flaw that the encryption key wipe is in operating system included/loaded code and thus can be turned off.
complain to the party that the isp running officials are profiteering from state owned hardware.
depending on the sum profiteered they get either prison or worse.
oh and most likely scenario is just that they're simply injecting ads and by 'they' I mean some entrepreneur downline in the organization most likely, who just happens to have access or authority to turn it on. that the ads contain malware is just a side effect.
just a few month ago the ads on slashdot contained malware("app store install" type of shit) and autopopups(with deceiving, os mimicking window design) when viewed from asia on android. asians will try all kinds of marketing bullshit and think it's legit.
besides than that, the copyrights and such aren't that different over in china.. they're just very sloppily enforced.
it's easy to say that they potentially lose something by giving the fixes to be available for a competitor who is doing a similar product.
depending on the product or service they provide, it might be a big or a small thing. suppose it's a bug that affects scaling some net service for example.
"If anything, is there a (non-Apple, non-WinMo) phone that is available in the US, wanted the world over, but only available in the US"
No. why the f would there be? theres no apple or wp device thats wanted and exclusive to north america either. it's a niche market in global scale dominated by petty operators and not consumer choice, so why bother creating something special just for the NA market? it's not good money and the sales are unlikely to depend on the device too much too and the one who pockets the sale margin from the device is the operator.
it just doesn't make any business sense. the only benefit you get form it is more mentions in Financial Times, The Economist or other bs magazines - Which do not equate to sales among normal people even if those magazines are the board members world.
you know what day Nokia fell off from the cliff? when the board decided to focus on North American market in r&d with "help" from NA carriers(they set up new sales offices and all so you could look the exact dates if you were a journalist interested). If you ever wondered what led them to hiring Elop and fucking up sales in the entire world then it all starts with that - trying to get sales up in North America by asking what direction the North American carriers want the dev to go.
Slashdot Mirror
when the guidelines globally are 2 hours then yeah...
"But the 5s and newer still have the problem where the firmware can be reflashed without wiping the encryption keys. So, yes, when the most recent Apple phones are still vulnerable."
doesnt matter when the keys are in the chip and the chip enforces the 10 time limit. which is not on 5c. everyone knew that if you had bootloader hack or the bl keys, you could defeat it on 5c.
bullshit. or maybe true in valley. elsewherebyou can forget about round 3 or acquisition if you dont at least have product and growing customer base.
thats 2 years though that can be spent in an impossible product while getting paid. vc beware.
c: they found someone who had a bootloader hack that then makes it possible to alter the fw to have unlimited attempts because on 5c that is a sw check. the key comes from hw after giving the pin but the 10 attempts limit on 5c is in sw.
really that is the only thing that needed hacking to achieve this. it doesnt work for newer iphones.
both the fbi and apple have been full of bs talk in regards to this.
Everyone knew. it is 5 c. no secure enclave. the wipe is in sw. if you have bootloader hacked or bl certs it is easy. why seemingly nobody on slashdot understands this i cannot nderstand.
brings up an another issue... surely they had someone testify that the records were at least probably true too? I mean, it wouldn't take that much to fake some 57 year old records?
that they werent used 57 years ago is another matter ..
well, consider a case of asteroids vs. blasteroids.
and this is the most generous comparison on games aging on something that has ATARI slapped on it, too.
blasteroids is a 1987 arcade game, an asteroids clone/sequel, with basically vga grade graphics, some sample music and fm sound and such. as a game it doesn't look too bad and could be something released for mobile this year labeled as "pixel graphics". amiga/atari st versions of it look passable in comparison with the arcade.
asteroids original is a line graphics game, same controls and all that, but something with that style of graphics would not have been released this year for anything. someone with no apprecation for the graphics style/technicalities of it would just complain of headache. the 2600 version of it is just awful.
what's particularly shitty about this compilation is that it's all late 70's/early 80's stuff - early arcades and 2600 .also, I would imagine the target audience having had bought the very few good titles on the 100 list already SEVERAL TIMES on ALREADY RELEASED COLLECTIONS that have bee on the market for OVER TWENTY FUCKING YEARS - with the exception that those other collections usually included some of the better aged later titles. this compilation has a strict cutoff point of: "Would this game concept as it is have sold in 1986"?
type c is not same as usb 3.0 that has been shipping for a while for hd's, phones etc.
they're stuck on 6.5 forever and htc quit selling/rebranding to them anyways long ago.
it was still saveable at that point.
it would have meant axing 75% of their os engineers anyways and to cut 95% of os dev subcontracting.
they had like 3000+ staff working on symbian while 100 would have sufficed. another 1000+ on the linux stuff(these are on paper abouts numbers. actual code contributing to customer shipping product people were of course something like 5% of that). you try doing developing like that.. making a customer facing app change might involve 5+ department heads and people working in 3 companies, due to some department that was keeping some api as hostage didn't want to add something or another because that would have meant that they would have needed another department to change another api. layers like that and 3rd parties got only scrubs even if they paid nokia thousands for "support" and 700 euro per app release(later only 350!) - and yes, due to the backroom deals that were arranged to provide business to signing houses, it would cost 700 euros to make an update signed to your silly one person developed app. and before that waiting a year to get certificate to develope it in the first place.
thats like 10x what it costs to be an android developer and update as often as you want - and the sdk isn't a piece of shit either.
how big % of bitcoins have already been used for ransoms?
I mean, thats the only "must have" buy scenario that jacks up price/creates demand and then they need to shuffle it back to be sold
the kindles running fire os are android tablets. it's just a name for their fork.
I think they quit paying whoever was providing them with that or it's not compatible with new kernel and they can't be bothered to fix it.
well, it was safe before they got there and then it got very non safe.
it would need a tag for who it's safe for.
but usually they do.
depends on the locale though as well. there's some countries where it's safer to use fb/whatsapp than say LINE for example.
LINE is a whatsapp like app thats popular in asia... and there's money changing hands in exchange of information for govs.
well.
you think that the patent actually describes anything about how to make their glove or how it _actually_ works? HAHAHAH HAHA HAH AHAH AH HAAHAH H AH AH AH AH AH.
look, if you want to look at powerglove patents, various methods of doing the sensors and such, you need to go back to the '80s. the mattel powerglove didn't spring out to existence out of nothing. lots of research and expired patents related to that, covering most of the ways you could do it.
if they have made a new nanomaterial or whatever flex sensors, they should patent those - not the glove.
sony is just patenting generic vr glove stuff to have as ammunition.
no, you add it to the procurement request that the provider of the hardware agrees to. then you shouldn't be even offered.
just test it with a live cd, usb stick boot or whatever the fuck you want then afterwards and if it turns out not to run it then use it to twist the arm of the hardware provider to give money back or whatever for not following the contract,
if you absolutely need to have a surface rt for testing or whatever then you're going to be procuring the hardware through other channels anyways.
the article is confusing. googling for water splitting half reaction results mostly just in this article or copies of it itself.
they can pluck the h2 from the O but the O doesn't want to O2? and it just reacts back to water? so they can make H2 from water with 100% efficiency except that they can't?
in their not-just-water(they mention "high ph") solution? I'm not sure this is big enough news to tout all over the world with a trombone as they seem to be doing.
someone ordered an airstrike there, military didn't check the coords from another source if it's a no shoot coordinate.
basically the problem is that us military works as order-an-explosion service for whoever social engineers how to get them to shoot. whoever provides them with the 'intel' gets to enjoy the benefits. like all the yemeni 'rebels' getting hellfired. who fingers them? their local rivals, duh. neither the fingerer or the one who gets exploded is particularly pro-US or anti-US in any way and because US makes 0 effort in apprehending the 'suspects' or even notifying them that they're 'suspects' then anyone who says they're an ally of US can just order strikes on their local rivals and nothing gets fact checked. just a waste of money and lives and results just in bad will against the US, so entirely pointless.
john doesn't have the firmware signing certs or the 0-day fw jailbreak(and ios sources.. maybe doable without the ios sources but would take a lot longer)..
it's not about making even vulnerable code. what the fbi wants in the iphone 5c case is to make a fw that boots the phone and has the 10 tries wipe command disabled. entirely doable on iphone 5C, with apples fw cert and ios sources it's just an afternoon to do what the FBI requests and it will not compromise anything else than the phone it is loaded on. if apple doesn't then leak that build+source then other iphone 5C's are still as secure as ever.
keep in mind that this attack on the iphone 5C needs apples cert and firmware sources to be easy, but if you have those then it is so easy to do that it is as good as done already - so replicating this attack by a 3rd party is not any more likely before or after apple provides the bruteforcing of the pin for this one iphone 5C. the vulnurability status of any other iphone 5C would remain the same and the legal precedent for apple to provide this service would diminish in importance quickly as iphone 5C's leave the market.
on 5S, 6 or anything later, they already have the further mechanism for wiping the key that doesn't depend on the OS.
what phone stealing gangs want is not to get the pin either, what they want is a jailbreak and the apple certs to write firmware to make builds that disable findmyiphone.
why is apple so reluctant then to provide this and spins it as being something different than it is in the media then? who the fuck knows, maybe some of the other cases is about decrypting an iphone 5C with info on how apple is circumventing taxes or some shit like that, maybe they scare that people don't understand why they could do it with this 5C and not 5S and would lose face - OR they were previously lying about secure enclave(5S) and it would affect them as well, if they were not lying about secure enclave capabilities then this should not affect them at all.
and geez, a brute forcer is not "vulnerable code". they just want a build on that phone that they can boot from usb that doesn't instruct the cpu to wipe the internally stored key after 10 attempts - and 15 mins more to do the brute forcing in phone. it's a very simple request that doesn't compromise anything else and would be doable anyways if you could get around the bootloader - AAANYWAYS.. apple has never denied that they COULD do this so from that viewpoint it is _already_ vulnerable to this kind of attack. the fbi request in the media is _not_ about adding a backdoor into the operating system - it's more like making a build with a new front door that doesn't burn the house down if you try to open it with the wrong keys.
you can't really _add_ backdoor to access a password from a guy that is already dead you know. the way to get the code is already in it and it is the flaw that the encryption key wipe is in operating system included/loaded code and thus can be turned off.
complain to the party that the isp running officials are profiteering from state owned hardware.
depending on the sum profiteered they get either prison or worse.
oh and most likely scenario is just that they're simply injecting ads and by 'they' I mean some entrepreneur downline in the organization most likely, who just happens to have access or authority to turn it on. that the ads contain malware is just a side effect.
just a few month ago the ads on slashdot contained malware("app store install" type of shit) and autopopups(with deceiving, os mimicking window design) when viewed from asia on android. asians will try all kinds of marketing bullshit and think it's legit.
besides than that, the copyrights and such aren't that different over in china.. they're just very sloppily enforced.
meh. no. really there needs to be a technical solution.
and that is no more crosssite simple to add spam ad networks. back to selling space on site by site basis.
it's easy to say that they potentially lose something by giving the fixes to be available for a competitor who is doing a similar product.
depending on the product or service they provide, it might be a big or a small thing. suppose it's a bug that affects scaling some net service for example.
i find this news bit strange since they already have secure enclave on 5s->
"If anything, is there a (non-Apple, non-WinMo) phone that is available in the US, wanted the world over, but only available in the US"
No. why the f would there be? theres no apple or wp device thats wanted and exclusive to north america either. it's a niche market in global scale dominated by petty operators and not consumer choice, so why bother creating something special just for the NA market? it's not good money and the sales are unlikely to depend on the device too much too and the one who pockets the sale margin from the device is the operator.
it just doesn't make any business sense. the only benefit you get form it is more mentions in Financial Times, The Economist or other bs magazines - Which do not equate to sales among normal people even if those magazines are the board members world.
you know what day Nokia fell off from the cliff? when the board decided to focus on North American market in r&d with "help" from NA carriers(they set up new sales offices and all so you could look the exact dates if you were a journalist interested). If you ever wondered what led them to hiring Elop and fucking up sales in the entire world then it all starts with that - trying to get sales up in North America by asking what direction the North American carriers want the dev to go.
far more suppliers for iphone parts than fairphone2 modules i reckon.
if they had different shells available.. small, big, laptop looking and a core unit or something.. that would be modular.