JustSomeGuy1

About

Banned
Username
JustSomeGuy1
Joined
Visits
60
Last Active
Roles
member
Points
1,172
Badges
1
Posts
330

Reactions

472Like0Dislike121Informative

  • Apple, Google, Microsoft announce commitment to 'passwordless' future

    JustSomeGuy1JustSomeGuy1
    henryblackman said:

    It's not immediately clear how falling back to a device PIN would be more secure than a properly configured password, however.

    The reason it’s more secure is because there are multiple factors - the device (something you have), and the PIN (something you know) or biometric - face, or finger (something you are).  No one is suggesting we replace passwords with PINs, they’re saying a device AND a PIN - or some other factor. 
    Is that true? I don't know if you will need to enroll a new device before using it. But either way, this is a dramatic improvement over passwords because it will prevent them from ever being transmitted. Like Kerberos or public-key SSH, no secret will be transmitted between server and client.

    Among other benefits, that means that there will be no compromises due to shared/reused passwords exposed by compromised sites. We see customers fall victim to that every week.
    9secondkox2 said:
    A pin is basically a password. 

    Everything else is tying your activities directly to you. 

    Don’t like where this is going. 
    Yeah... no. I sympathize with your distaste for tracking, but you need to learn a lot more if you're going to have a meaningful opinion. As I said above, device PINs (while they have issues as well) are NOT the same as passwords.
    StrangeDays9secondkox2watto_cobra

  • Apple tops tablet and PC sales worldwide in Q1 2022

    JustSomeGuy1JustSomeGuy1
    22july2013 said:
    I have always believed tablets were foremostly computers. If this was true, what would be Apple's market share of the computer market?
    Seriously??? It's right there in the article!

    Or are you asking about the installed base? That's not market share.
    watto_cobra

  • Satechi X3 Slim Keyboard review: A fantastic alternative to Apple's Magic Keyboard

    JustSomeGuy1JustSomeGuy1
    I had the same thought jetpilot did - I'm using the Apple wired magic kbd and it has the function key in the same place. I actually find it convenient that it's there, now that I'm finally used to it, as I tend to use only the sound-related function keys (as opposed to the f-keys, use of which is evenly distributed), so I can hit the fn modifier and the sound key with one hand. Anyway, given the target market, I think you should remove that "con" from the review.

    In fact, this kbd is clearly made to be an exact duplicate of the Apple one; the eject key is also in the same place. I wonder how people using this with windows machines (or with windows virtuals on their macs, more commonly?) hit the "ins" key when they need to?

    I also agree that it's worth mentioning the lack of touchID. Of course it's unsurprising, but it's the one key point of difference with Apple's current kbd, and one that easily justifies the additional cost - at least for some people. I just set up my MBP so the touchID is easily reachable even when sitting at my wired kbd at my desk, so for me it's not needed, but if I were, say, using a Studio, I would definitely drop the extra money on the Apple kbd with touchID - it's astoundingly convenient compared to typing pws all the time.

    tokyojimuiOSDevSWEpulseimages

  • Researchers find flaw in Apple Silicon chips, but it's not 'that bad'

    JustSomeGuy1JustSomeGuy1
    sflocal said:
    Just like software, no CPU is "perfect".  That doesn't mean I'm giving Intel a free-pass for all the huge CPU errata problems, it's just something to know and to work with.

    If this is as bad as it gets for Apple Silicon, then that's pretty darn good.
    It's almost certain not to be the last. Apple's engineers are tops, but the complexity of these cores is extremely high. There are *dozens* of speculative execution bugs known on AMD and Intel architectures. Nor are the server-grade ARMs immune.

    Anyway, this is at least medium-grade bad, if it can break ASLR. As someone else said, you're still stuck in a sandbox (most cases, at least), but sandbox escapes are not that uncommon. Just look at Apple's security update notes over the last year or two. Serious threat actors, both state-level APTs and lesser criminal groups, will commonly combine multiple vulnerabilities to achieve complete compromises. So it would not be hugely surprising to see this used as part of a compromise chain in the future.

    It is true that there has been no widespread compromise based on Spectre/Meltdown/etc. However, if you think APTs aren't working on this all the time, you really don't have a clue how this works. They are, and there may already be targeted attacks out there. Even if not... they'll come, when feasible. So work like this is important, to help everyone (especially silicon designers) understand the evolving threat models, and get mitigations underway when appropriate.
    dewmewatto_cobra

  • Apple TV+ 'Lady in the Lake' prepares for filming in Baltimore

    JustSomeGuy1JustSomeGuy1
    I'm close with the guy who did the rewrites on all the scripts (though he's not the person named in this article). Everything he touches is good (except, possibly, one of his semiautobiographical works, which is... difficult), and a lot of it is really great. Alma is not just the co-writer, but the producer, and she's been responsible for some really great work too in the last few years. So I expect this to be very very good!
    watto_cobra