This is how speech recognition is done. Instead of being done in-device (which would require a semi-hefty CPU), the sound of what you say is recorded, then transmitted to a server which does the heavy lifting. The text of the recognized speech is then transmitted back to the device.
I'm sorry I just don't buy what is being sold here. Mobile devices had passible voice recognition at least some decade and half ago allowing users to select songs and artists from music archives, run software and make calls with usable accuracy, no training, noticeable delay or spying.
Free text recognition is more challenging and pushing accuracy is an arbitrarily complex endeavor. Yet reality is simple navigation and title searches don't come anywhere near pushing state of the art.
Samsung is just being up-front about all this, instead of burying the disclosure in a dense EULA like some companies do.
Is Samsung making warnings clear to consumer PRIOR to sale?
can argue that a smart TV doesn't need speech recognition, but after having used Roku's voice search I can tell you that the time it saves over typing searches with a navigation pad guarantees it'll win out in the long run.
What is needed are mandatory privacy related (non)compliance labels or central clearinghouse where consumers can quickly check the creep factor of products they are about to purchase.
The problem is rarely people don't care about these issues. Nobody wants conversations conducted in their private homes uploaded to the Internet.
The problem is exclusively lack of visibility. Consumers simply have no idea or no options. If companies can no longer get away with hiding bullshit under the radar it shall either pressure them to change behavior or create a market for new entrants to fill demand.
This is really no different than energy efficiency labeling. Without it nobody knows and inefficient hardware costs the manufacturer nothing. With it and widespread consumer recognition efficiency becomes a selling point that costs the manufacturer market share.
250 developers working a project for a year at any other company would cause me to be curious about what that project is. In this case I have no interest in ever knowing.
Releasing three times a day with three hour _ceiling_ to "ship it" is only possible while harboring extreme levels of disregard and contempt for your users. Refreshing to see LinkedIn's corporate philosophy so well represented in everything they do.
Eeh. Let's not overblow this once again. It does not track everything that you do. The telemetry means only basic things like how many times you have started specific UWP apps and so on.
The following statement cannot be overblown: None of Microsoft's business what I do with my computer. If they refuse to respect their customers it won't be long before they have none.
Except that a massive amount of these "connections" were fucking NTP and DNS. Alarmist at best.
I have got to try this the next time I get pulled over for speeding. Hey officer most of the time I wasn't speeding... Your ticket is Alarmist at best.
You have full and total control over what goes out over your network, if you fail to pay attention, it's your fault.
I love these arguments requiring everyone to have expert domain knowledge in order to keep from being fucked over. I wonder how the purveyors of this concept feel about it being applied to all professions on which they rely and for which they are not domain experts? Hey you have total control over every cheerio you shove into your mouth even the deformed ones with dead bugs and toxic chemicals caked into them.
That said, I don't dig the tracking, but it's not nearly as bad as some of you seem to think it is.
How do you know that? How is anyone else supposed to know? Not only is there a clear lack of transparency and objective information but different people can have vastly different value judgments about the same activity.
Personally I don't want my systems chatting away with Microsoft for reasons I don't expressly authorize. It has proven to be a vast waste of my time to achieve something for which a simple knob should have been made available.
So lets recap, asshatA records all the connections coming from his PC and immediately exclaims "MICOCRAP IS TRAKKING UZZZZ" but fails to omit the NTP, DNS and gods knows whatever, normal, traffic from this report.
I agree in terms of information content and execution it was pretty crappy yet I still see value in the simplicity of the question and outcome because it is more aligned with basic user expectations after having gone thru several pages and disabling all privacy features and having taken no action to cause network traffic.
While everyone here knows you have to disable telemetry from group policy and this test clearly did not do that... end users have no idea and that is really what is important.
What I'm most interested in learning more about is very first item on the list all those thousands of teredo connections/packets... I would very much like to know what the heck THAT is all about.
1. Microsoft has proven itself to be untrustworthy. 2. Microsoft refuses to adequately respect the privacy of Microsoft's own customers. 3. Microsoft is a US corporation.
US government has authority to extract "Any tangible thing" from Microsoft for any reason it wants.
If I were a head of state I would be pushing for an alternative too. It would be malpractice not to.
I am continually amazed at just how bad the tech industry is at basic concepts of governance.
Hey we created this platform where everyone who wants to shout can be heard by everyone.. now what type of behaviors would one guess this would tend to reinforce? Try not to think too hard about it.
You can't police fundamentally deleterious structures away.. sure you can try.. you can always attempt to beat people into compliance but eventually the unsurprising outcome is a failed police state.
If you really want to solve the problem you have to fundamentally change the underlying incentive structure such that people conclude on their own that they WANT to do something constructive.
Of course doing so may well not be in Twitters best financial interests. I suspect strongly they know that and are just trying to have it both ways by pretending to give a shit.
How many market intelligence firms and cross site stalkers do you need to spy on us in order to run a website? Are stats you can just as easily collect more accurately yourself worth it?
My guess like most sites you probably don't even know what all is going on within your own site because most of the code comes from third parties. Before you tell your viewers to fuck off you might want to figure it out... or don't... just pay out lip service and don't actually change.
More than tens of software products are vulnerable to key loggers installed in keyboard cables. More than tens of software products are vulnerable to compromise when executed from compromised systems.
Come on people fix your vulnerable software or we will publically slut shame you for your indifference.
Right now, comments on this article are 100% Anonymous Cowards, who all agree this is dumb and won't go anwhere
Looking back at least one of them wasn't.
And that's pretty much par for the course here - people dumping on random consumer tech, websites, every company in software, VR, robotics, AI, self-driving cars.
For all I know those doing the dumping have a point or maybe they don't but it doesn't matter because the assumption made is dumping must be bad or there can be nothing systemically wrong with the current market resulting in reflection of disproportionately negative opinions.
I think VR is going to be big. We bought an Oculus DK2 a while back, and people are blown away by it, despite it being flakey, being a generation behind in hardware, and there being essentially no professional content.
Having tried at a friends it IS a lot of fun. The experience was enough to preorder CV1 where I likely would not have been willing to shell out close to $700 otherwise.
I see these very same 3D/fad/worthless comments from VR skeptics everywhere including on Oculus's website. PL has acknowledged the issue himself in various interviews. They plan on pushing to make opportunities for people to try it for themselves because they fully recognize it is really the only way to get people to understand what it's about. It can't effectively be shown on a display or explained otherwise.
Maybe I'm wrong and VR won't go anywhere, but it's sad that Slashdot has become so blase about technology and the future.
I'm guilty of that. Windows 10 - no thanks, IoT pointless spyware, proliferation of mobile first / javascript heavy websites that are slow, buggy and look like crap on usable displays.. no I'll pass... continued aggregation of content and eyeball networks.. Releasing products with the primary goal of making money by collecting data and serving ads rather than providing value... no thank you. If industry didn't spend so much time playing games and doing everything short of offering actual value in exchange for revenue perhaps I would have a more positive outlook.
I'm no feminazi, such people repulse me, however if you are going to give a
This is silly. Your just projecting your own subjective insecurities as if they were objective reality.
machine a sex you are implying things about that sex and one of those things is that the sex is an object rather than a person with a mind. The very existence of female AI digital assistants is degrading the value of females. They don't need a sex, make them the gender neutral entities that they really are and stop being bloody hypocrites, or just get over the fact that some humans are lecherous pigs and treat them as just another market segment.
Not much different from horny teens giggling after equating any word spoken with sex. If you want to be offended you will find a way no matter what.
This is my reward for browsing below the noise floor.
How about the full schematics for a nuclear weapon.
In the public domain for decades.
We can just mail that to ISIS right? They're just drawings right?
Strongly suspect providing material support to Daesh would land you in jail no matter value of information provided.
If I draw a picture of your momma impaled on a post that goes up her ass and out her mouth while the flies buzz around her rotting pussy, would that be OK? Would that be a just a drawing? Would there be nothing wrong with that? How about I draw that up and hang it in a big downtown gallery in New York?
That's complete nonsense about not being equivalent. Desktop OSes are old tech
That's complete nonsense. Mobile operating systems are crippled pieces of shit designed around a philosophy required to support ancient era of extreme hardware limitations which no longer exists. This is why the OS is not smart enough to detect and support available hardware like any sane desktop operating system. Instead separate images have to be built to support individual devices leading to predictable manageability and security nightmares.
Smartphone OSes were created during the Internet era and have a ton of spying built into them.
The most popular smartphone OS is essentially Linux with a crummy java shell. Android is open source and there is no spying built into it. Spyware is added separately via google play services and the cesspool of apps available from the Google play store.
What's happening is that modern desktop OSes are catching up to smartphone OSes and adding spying.
What's happening is modern desktop OSes are catching up with the business model of spyware and malware vendors.
So yes, Android spyware OS is equivalent to Win 10 spyware OS.
While the argument itself is nothing more than bandwagon fallacy given Android does not come with spyware the underlying assertion is also wrong to boot. Most smartphone vendors do bundle the google play spyware yet this is expressly separate from Android. It is no different than Lenovo bundling superfish with Windows. Windows itself does not come with superfish it was added by the hardware vendor.
They have never had that built-in. I don't think you realize what a bad idea it is to communicate with you company's servers over plain text.
As I said in the text you didn't bother quoting multiple vendors offer ssh servers for windows. Anyone who wants ssh access to windows already has it. What does it matter if it is built in or not?
For those of us that have no choice but to manage Windows and *nix boxes, it's a pain in the ass to have to context switch between RDP and ssh'ing.
Remote shells for Windows have been available for decades. Hell I remember telnet server was included with NT net tools a lifetime ago. A lifetime before that directing command interpreter thru modem ports.
Multiple vendors offer ssh servers for windows and all of the unix shells have been ported to windows. Anyone who really wanted one would already have one.
This will make our job much easier. Between all the open source software, github, and stuff like this, I love the new MS.
You mean the Microsoft that thinks it owns the users computer and can force spying and updates on people unwittingly and or against their will? Yea real swell...
If I read the actual article correctly, it was just a Vanilla install of Windows 10 enterprise. There was no active attempt to disable or block any of the actual telemetry features at all. He did go through the customized install and turned off the 'cloud/personalization/sync options there', but that's it.
The actual telemetry features would still have been on.
So what? Why is this acceptable? He said he turned off all options that appeared. e.g. he did what a human being without specialized knowledge of Windows group policy would have done.
WTH is with teredo even existing in windows 10 let alone enabled by default in enterprise edition? NOBODY uses Teredo for anything other than exfiltration of data from poorly managed corporate networks. The time for amateur hour unreliable automatic IPv6 tunneling has long since passed.
When you guys run these tests it is really helpful to capture DNS lookup data alongside so we can backtrack and make sense of the source. Once shit hits Akamai and similar MS operational abstractions it is harder to figure out what its for... reverse lookup after the fact is worthless.
As for MS I'm done... just can't put up with this shit anymore.
Wrong, completely 100% wrong and currently moderated to +5 Insightful. Moore's Law has always been about performance. Originally there was a direct correlation between the number of transistors and speed, but that's changed and along with it so has the definition of "Moore's Law".
Moore's Law has always been about cost per transistor. While feature size means you get to fit more components per wafer density alone is not the only factor. Economies of scale, wafer size increases and accumulation of dead labor help to keep Moores law on track.
The basic idea is a feedback loop between cost per transistor vs affordability of features enabled by having more transistors. They cost less so everyone can afford to have more. This trend continues forever or until toasters end up with Internet connections.. whichever comes first.
There is the possibility that Apple discovered some TLAs have been fucking with their TouchID and using it to steal fingerprints/bypass TouchID.
There is the possibility space aliens have been tampering with TouchID as part of a plot to destroy the world on July 4 2016. Perhaps somehow an Apple technician caught on to the alien signal and made the change to save the world from annihilation.
The iPhone in question was dropped and damaged. It was then repaired by someone who claimed to know what he or she was doing without any certification or anything like that, and it functioned temporarily. A system update provided a new security feature, which was triggered by the repair. Exactly what are you claiming? That Apple should never add security features? That an Apple representative deliberately smashed the phone? That Apple should just trust an unknown third-party component in a major security feature?
What if apple added a credit card swipe to the side of their iPhone x phones and a few years later pushed out a firmware update requiring $1 fee to be paid by card swipe each time phone is started up as a security precaution to validate current owner?
Are you claiming that Apple should never add security features? That an Apple representative deliberately prevented you from using the phone? That Apple should just trust an unknown operator without $1 fee?
Still presents a security vulnerability in that someone who thinks their device is secure may be under false assumptions due to a sensor that is doing nefarious
The basis of security is trust. Misplaced trust = game over no matter what.
things. Slip someone a phone with a sensor that will function as normal, but also has the ability to store a print (or the input data to simulate one) and bypass the regular encryption methods later on command.
No consumer device is designed to withstand physical access. Instead of replacing a touch sensor a separate sensor can be stacked on top of it or the digitizer can be replaced or stacked to collect both biometric and pin/pass data. There are an infinite number of options to own devices with physical access.
The more basic and glaring problem is that in fact fingerprints are not secrets and have no business being used to provide evidence of possession in the first place.
This error occurs if the repair involves the TouchID sensor. Sense this stores data required for the fingerprint authentication, the device will refuse to function for security reasons if it thinks it's been tampered with
What security reason would that be? Do you serious believe any consumer device can withstand physical access of an attacker and remain secure?
Fingerprint authentication itself is NOT even secure. This is a laughable concept at best. The "key" needed to unlock the device is probably smattered all over the device and packaging materials.
A better option would be to instead disable TouchID if tampering is suspected, but this isn't a case of Apple just arbitrarily making iPhones not work if you get a third-party repair like the story suggests.
This is exactly the case of Apple doing just that while using language of "security" doublespeak to explain how their actions are in the customers best interest.
It sounds like Apple fixed a security bug in an SU, closing a hole which allowed attackers to replace the touch ID sensor to gain access to user data. Had Apple not made this move, we'd instead be seeing an article about how Apple products are insecure and the NSA could get access to your secure date just by replacing some hardware components.
This is an unreasonable assumption for the following reasons:
All bets are off with physical access.
There are much easier ways to collect finger prints people leave all over the place all the time every day and play them back with ease. http://www.ccc.de/en/updates/2...
Error appears weeks or months AFTER the change providing ample time for an attacker exploiting this "vulnerability" to cash in prior to error 53 bricking sweep being invoked.
This also leaves one to wonder how it is that Apple have the ability to reset hardware signatures in the first place when keying material associated with secure enclave is supposedly inaccessible to Apple? Isn't that what they claim in their FAQ and in public statements? If they can fool the hardware what prevents others from exploiting similar techniques?
Slashdot Mirror
More technology, less politics.
This is how speech recognition is done. Instead of being done in-device (which would require a semi-hefty CPU), the sound of what you say is recorded, then transmitted to a server which does the heavy lifting. The text of the recognized speech is then transmitted back to the device.
I'm sorry I just don't buy what is being sold here. Mobile devices had passible voice recognition at least some decade and half ago allowing users to select songs and artists from music archives, run software and make calls with usable accuracy, no training, noticeable delay or spying.
Free text recognition is more challenging and pushing accuracy is an arbitrarily complex endeavor. Yet reality is simple navigation and title searches don't come anywhere near pushing state of the art.
Samsung is just being up-front about all this, instead of burying the disclosure in a dense EULA like some companies do.
Is Samsung making warnings clear to consumer PRIOR to sale?
can argue that a smart TV doesn't need speech recognition, but after having used Roku's voice search I can tell you that the time it saves over typing searches with a navigation pad guarantees it'll win out in the long run.
This is a false choice.
What is needed are mandatory privacy related (non)compliance labels or central clearinghouse where consumers can quickly check the creep factor of products they are about to purchase.
The problem is rarely people don't care about these issues. Nobody wants conversations conducted in their private homes uploaded to the Internet.
The problem is exclusively lack of visibility. Consumers simply have no idea or no options. If companies can no longer get away with hiding bullshit under the radar it shall either pressure them to change behavior or create a market for new entrants to fill demand.
This is really no different than energy efficiency labeling. Without it nobody knows and inefficient hardware costs the manufacturer nothing. With it and widespread consumer recognition efficiency becomes a selling point that costs the manufacturer market share.
I would rather eat rats than join LinkedIn.
250 developers working a project for a year at any other company would cause me to be curious about what that project is. In this case I have no interest in ever knowing.
Releasing three times a day with three hour _ceiling_ to "ship it" is only possible while harboring extreme levels of disregard and contempt for your users. Refreshing to see LinkedIn's corporate philosophy so well represented in everything they do.
Eeh. Let's not overblow this once again. It does not track everything that you do. The telemetry means only basic things like how many times you have started specific UWP apps and so on.
The following statement cannot be overblown: None of Microsoft's business what I do with my computer. If they refuse to respect their customers it won't be long before they have none.
Except that a massive amount of these "connections" were fucking NTP and DNS. Alarmist at best.
I have got to try this the next time I get pulled over for speeding. Hey officer most of the time I wasn't speeding... Your ticket is Alarmist at best.
You have full and total control over what goes out over your network, if you fail to pay attention, it's your fault.
I love these arguments requiring everyone to have expert domain knowledge in order to keep from being fucked over. I wonder how the purveyors of this concept feel about it being applied to all professions on which they rely and for which they are not domain experts? Hey you have total control over every cheerio you shove into your mouth even the deformed ones with dead bugs and toxic chemicals caked into them.
That said, I don't dig the tracking, but it's not nearly as bad as some of you seem to think it is.
How do you know that? How is anyone else supposed to know? Not only is there a clear lack of transparency and objective information but different people can have vastly different value judgments about the same activity.
Personally I don't want my systems chatting away with Microsoft for reasons I don't expressly authorize. It has proven to be a vast waste of my time to achieve something for which a simple knob should have been made available.
So lets recap, asshatA records all the connections coming from his PC and immediately exclaims "MICOCRAP IS TRAKKING UZZZZ" but fails to omit the NTP, DNS and gods knows whatever, normal, traffic from this report.
I agree in terms of information content and execution it was pretty crappy yet I still see value in the simplicity of the question and outcome because it is more aligned with basic user expectations after having gone thru several pages and disabling all privacy features and having taken no action to cause network traffic.
While everyone here knows you have to disable telemetry from group policy and this test clearly did not do that... end users have no idea and that is really what is important.
What I'm most interested in learning more about is very first item on the list all those thousands of teredo connections/packets... I would very much like to know what the heck THAT is all about.
Three facts seem inescapable at this point.
1. Microsoft has proven itself to be untrustworthy.
2. Microsoft refuses to adequately respect the privacy of Microsoft's own customers.
3. Microsoft is a US corporation.
US government has authority to extract "Any tangible thing" from Microsoft for any reason it wants.
If I were a head of state I would be pushing for an alternative too. It would be malpractice not to.
I am continually amazed at just how bad the tech industry is at basic concepts of governance.
Hey we created this platform where everyone who wants to shout can be heard by everyone .. now what type of behaviors would one guess this would tend to reinforce? Try not to think too hard about it.
You can't police fundamentally deleterious structures away.. sure you can try.. you can always attempt to beat people into compliance but eventually the unsurprising outcome is a failed police state.
If you really want to solve the problem you have to fundamentally change the underlying incentive structure such that people conclude on their own that they WANT to do something constructive.
Of course doing so may well not be in Twitters best financial interests. I suspect strongly they know that and are just trying to have it both ways by pretending to give a shit.
Hey Wired,
How many market intelligence firms and cross site stalkers do you need to spy on us in order to run a website? Are stats you can just as easily collect more accurately yourself worth it?
My guess like most sites you probably don't even know what all is going on within your own site because most of the code comes from third parties. Before you tell your viewers to fuck off you might want to figure it out... or don't... just pay out lip service and don't actually change.
More than tens of software products are vulnerable to key loggers installed in keyboard cables. More than tens of software products are vulnerable to compromise when executed from compromised systems.
Come on people fix your vulnerable software or we will publically slut shame you for your indifference.
Right now, comments on this article are 100% Anonymous Cowards, who all agree this is dumb and won't go anwhere
Looking back at least one of them wasn't.
And that's pretty much par for the course here - people dumping on random consumer tech, websites, every company in software, VR, robotics, AI, self-driving cars.
For all I know those doing the dumping have a point or maybe they don't but it doesn't matter because the assumption made is dumping must be bad or there can be nothing systemically wrong with the current market resulting in reflection of disproportionately negative opinions.
I think VR is going to be big. We bought an Oculus DK2 a while back, and people are blown away by it, despite it being flakey, being a generation behind in hardware, and there being essentially no professional content.
Having tried at a friends it IS a lot of fun. The experience was enough to preorder CV1 where I likely would not have been willing to shell out close to $700 otherwise.
I see these very same 3D/fad/worthless comments from VR skeptics everywhere including on Oculus's website. PL has acknowledged the issue himself in various interviews. They plan on pushing to make opportunities for people to try it for themselves because they fully recognize it is really the only way to get people to understand what it's about. It can't effectively be shown on a display or explained otherwise.
Maybe I'm wrong and VR won't go anywhere, but it's sad that Slashdot has become so blase about technology and the future.
I'm guilty of that. Windows 10 - no thanks, IoT pointless spyware, proliferation of mobile first / javascript heavy websites that are slow, buggy and look like crap on usable displays.. no I'll pass... continued aggregation of content and eyeball networks.. Releasing products with the primary goal of making money by collecting data and serving ads rather than providing value... no thank you. If industry didn't spend so much time playing games and doing everything short of offering actual value in exchange for revenue perhaps I would have a more positive outlook.
I'm no feminazi, such people repulse me, however if you are going to give a
This is silly. Your just projecting your own subjective insecurities as if they were objective reality.
machine a sex you are implying things about that sex and one of those things is that the sex is an object rather than a person with a mind. The very existence of female AI digital assistants is degrading the value of females. They don't need a sex, make them the gender neutral entities that they really are and stop being bloody hypocrites, or just get over the fact that some humans are lecherous pigs and treat them as just another market segment.
Not much different from horny teens giggling after equating any word spoken with sex. If you want to be offended you will find a way no matter what.
This is what slashdot has become.
This is my reward for browsing below the noise floor.
How about the full schematics for a nuclear weapon.
In the public domain for decades.
We can just mail that to ISIS right? They're just drawings right?
Strongly suspect providing material support to Daesh would land you in jail no matter value of information provided.
If I draw a picture of your momma impaled on a post that goes up her ass and out her mouth while the flies buzz around her rotting pussy, would that be OK? Would that be a just a drawing? Would there be nothing wrong with that? How about I draw that up and hang it in a big downtown gallery in New York?
I would say it depends on the gallery.
Relax, if your using Cortana you're already being fucked by Microsoft. Enjoy "her" robotic data suckers up in your business.
That's complete nonsense about not being equivalent. Desktop OSes are old tech
That's complete nonsense. Mobile operating systems are crippled pieces of shit designed around a philosophy required to support ancient era of extreme hardware limitations which no longer exists. This is why the OS is not smart enough to detect and support available hardware like any sane desktop operating system. Instead separate images have to be built to support individual devices leading to predictable manageability and security nightmares.
Smartphone OSes were created during the Internet era and have a ton of spying built into them.
The most popular smartphone OS is essentially Linux with a crummy java shell. Android is open source and there is no spying built into it. Spyware is added separately via google play services and the cesspool of apps available from the Google play store.
What's happening is that modern desktop OSes are catching up to smartphone OSes and adding spying.
What's happening is modern desktop OSes are catching up with the business model of spyware and malware vendors.
So yes, Android spyware OS is equivalent to Win 10 spyware OS.
While the argument itself is nothing more than bandwagon fallacy given Android does not come with spyware the underlying assertion is also wrong to boot. Most smartphone vendors do bundle the google play spyware yet this is expressly separate from Android. It is no different than Lenovo bundling superfish with Windows. Windows itself does not come with superfish it was added by the hardware vendor.
Remote shells? Yes! But SECURE, Remote shells?
Everyone used telnet at the time.
They have never had that built-in. I don't think you realize what a bad idea it is to communicate with you company's servers over plain text.
As I said in the text you didn't bother quoting multiple vendors offer ssh servers for windows. Anyone who wants ssh access to windows already has it. What does it matter if it is built in or not?
For those of us that have no choice but to manage Windows and *nix boxes, it's a pain in the ass to have to context switch between RDP and ssh'ing.
Remote shells for Windows have been available for decades. Hell I remember telnet server was included with NT net tools a lifetime ago. A lifetime before that directing command interpreter thru modem ports.
Multiple vendors offer ssh servers for windows and all of the unix shells have been ported to windows. Anyone who really wanted one would already have one.
This will make our job much easier. Between all the open source software, github, and stuff like this, I love the new MS.
You mean the Microsoft that thinks it owns the users computer and can force spying and updates on people unwittingly and or against their will? Yea real swell...
If I read the actual article correctly, it was just a Vanilla install of Windows 10 enterprise. There was no active attempt to disable or block any of the actual telemetry features at all. He did go through the customized install and turned off the 'cloud/personalization/sync options there', but that's it.
The actual telemetry features would still have been on.
So what? Why is this acceptable? He said he turned off all options that appeared. e.g. he did what a human being without specialized knowledge of Windows group policy would have done.
WTH is with teredo even existing in windows 10 let alone enabled by default in enterprise edition? NOBODY uses Teredo for anything other than exfiltration of data from poorly managed corporate networks. The time for amateur hour unreliable automatic IPv6 tunneling has long since passed.
When you guys run these tests it is really helpful to capture DNS lookup data alongside so we can backtrack and make sense of the source. Once shit hits Akamai and similar MS operational abstractions it is harder to figure out what its for... reverse lookup after the fact is worthless.
As for MS I'm done... just can't put up with this shit anymore.
Wrong, completely 100% wrong and currently moderated to +5 Insightful.
Moore's Law has always been about performance. Originally there was a direct correlation between the number of transistors and speed, but that's changed and along with it so has the definition of "Moore's Law".
Moore's Law has always been about cost per transistor. While feature size means you get to fit more components per wafer density alone is not the only factor. Economies of scale, wafer size increases and accumulation of dead labor help to keep Moores law on track.
The basic idea is a feedback loop between cost per transistor vs affordability of features enabled by having more transistors. They cost less so everyone can afford to have more. This trend continues forever or until toasters end up with Internet connections .. whichever comes first.
There is the possibility that Apple discovered some TLAs have been fucking with their TouchID and using it to steal fingerprints/bypass TouchID.
There is the possibility space aliens have been tampering with TouchID as part of a plot to destroy the world on July 4 2016. Perhaps somehow an Apple technician caught on to the alien signal and made the change to save the world from annihilation.
The iPhone in question was dropped and damaged. It was then repaired by someone who claimed to know what he or she was doing without any certification or anything like that, and it functioned temporarily. A system update provided a new security feature, which was triggered by the repair. Exactly what are you claiming? That Apple should never add security features? That an Apple representative deliberately smashed the phone? That Apple should just trust an unknown third-party component in a major security feature?
What if apple added a credit card swipe to the side of their iPhone x phones and a few years later pushed out a firmware update requiring $1 fee to be paid by card swipe each time phone is started up as a security precaution to validate current owner?
Are you claiming that Apple should never add security features? That an Apple representative deliberately prevented you from using the phone? That Apple should just trust an unknown operator without $1 fee?
Still presents a security vulnerability in that someone who thinks their device is secure may be under false assumptions due to a sensor that is doing nefarious
The basis of security is trust. Misplaced trust = game over no matter what.
things. Slip someone a phone with a sensor that will function as normal, but also has the ability to store a print (or the input data to simulate one) and bypass the regular encryption methods later on command.
No consumer device is designed to withstand physical access. Instead of replacing a touch sensor a separate sensor can be stacked on top of it or the digitizer can be replaced or stacked to collect both biometric and pin/pass data. There are an infinite number of options to own devices with physical access.
The more basic and glaring problem is that in fact fingerprints are not secrets and have no business being used to provide evidence of possession in the first place.
This error occurs if the repair involves the TouchID sensor. Sense this stores data required for the fingerprint authentication, the device will refuse to function for security reasons if it thinks it's been tampered with
What security reason would that be? Do you serious believe any consumer device can withstand physical access of an attacker and remain secure?
Fingerprint authentication itself is NOT even secure. This is a laughable concept at best. The "key" needed to unlock the device is probably smattered all over the device and packaging materials.
A better option would be to instead disable TouchID if tampering is suspected, but this isn't a case of Apple just arbitrarily making iPhones not work if you get a third-party repair like the story suggests.
This is exactly the case of Apple doing just that while using language of "security" doublespeak to explain how their actions are in the customers best interest.
It sounds like Apple fixed a security bug in an SU, closing a hole which allowed attackers to replace the touch ID sensor to gain access to user data. Had Apple not made this move, we'd instead be seeing an article about how Apple products are insecure and the NSA could get access to your secure date just by replacing some hardware components.
This is an unreasonable assumption for the following reasons:
All bets are off with physical access.
There are much easier ways to collect finger prints people leave all over the place all the time every day and play them back with ease.
http://www.ccc.de/en/updates/2...
Error appears weeks or months AFTER the change providing ample time for an attacker exploiting this "vulnerability" to cash in prior to error 53 bricking sweep being invoked.
This also leaves one to wonder how it is that Apple have the ability to reset hardware signatures in the first place when keying material associated with secure enclave is supposedly inaccessible to Apple? Isn't that what they claim in their FAQ and in public statements? If they can fool the hardware what prevents others from exploiting similar techniques?