JustSomeGuy1
About
- Banned
- Username
- JustSomeGuy1
- Joined
- Visits
- 60
- Last Active
- Roles
- member
- Points
- 1,172
- Badges
- 1
- Posts
- 330
Reactions
-
New Spectre-style Intel chip flaw can leak user data, but only in Windows
Mike Wuerthele said:
Given that the exploit developers said only Windows, we're pretty comfortable with what we're saying.leetncamp said:I believe Linux suffers from this vulnerability, although it’s more difficult to pull off than on Windows. If that’s true, you your title might be improved by saying “...,but not in MacOS” rather than “...,Only in Windows.” If you have a good article on why this doesn’t affect MacOS, please let me know.The article you cited says that the vulnerability exists in Linux too (though they don't have a proof-of-concept exploit yet and it is "less serious"). I haven't read their paper, but I would NOT be comfortable with saying that MacOS is immune. I wouldn't want to bet one way or another, actually. Who knows if the BitDefender guys are sufficiently expert in MacOS? Or if they had the time to look at that?It's still way too early to be making blanket pronouncements.
-
Newly discovered Bluetooth exploit tracks iOS, macOS devices
gatorguy said:
No idea why but that's a possibility among others. The facts now are Android is immune. You should find out why if that bothers you enough.pscooter63 said:OK, @Gatorguy, why do you think Android lacks this exploit to begin with? Perhaps because they're generally lagging behind in advanced BLE implementation anyway?
EDIT:
Well that took all of about a minute to research @pscooter63 ;
"Android is immune as the OS does not continually send out advertising messages, the researchers said." Apple and Microsoft devices do. As such the fix should be easy enough IMO: Do as Android, stop continuous broadcast.No, that won't work. It would put the kibosh on the new tile-like tracking feature. The solution is however pretty simple (at least conceptually): Make sure token and MAC changes are synchronized.For most people, this is a non-issue. Trackers would need to maintain close proximity, which is impossible over time unless you're an extremely high-value target. There are situational exceptions to this, though - you could be tracked throughout a large mall or a baseball stadium, maybe, if their BT deployment density was high enough. And it may be, if they're doing it to support various legit services anyway (think beacons). This is still not a big deal, I think, though it's worth fixing.
-
'Sign in with Apple' may only limit tracking, not eliminate it
mjtomlin said:jogu said:
Regardless of your views on the motives of the members, Apple apparently consider the OpenID Connect protocol (which was created by the OpenID Foundation) a good enough protocol that they copied 99% of it.luxuriant said:The OpenID Foundation has pointed out that Apple's technology bears a lot of similarities with OpenID Connect, but has serious gaps affecting security and development.
Given its membership (https://openid.net/foundation/sponsoring-members/) I regret that I have to take any pronouncement from this source with a large grain of salt.
Luckily the foundation published the full technical details of how they differ from the standard implementation here:
https://bitbucket.org/openid/connect/src/default/How-Sign-in-with-Apple-differs-from-OpenID-Connect.md
You're very welcome to review that and form a considered opinion as to whether or not Apple has issues in their implementation of OpenID Connect that could cause security and interoperability issues or not.
Since no one outside of Apple knows exactly how "Sign in with Apple" works anything said or compared is purely conjecture. I seriously doubt Apple "copied" OpenID... They are very capable of coming up with their own implementation even if some of things happen to "appear" similar. Anyone who's every designed anything knows there's a huge difference between implementation and appearance.
OpenID obviously has an issue with Apple (probably not joining their group), otherwise, what would they care? This reaction reminds me a lot of CurrentC.
As long as we have an option that is NOT Google or Facebook, (or any group supported by either) count me in!Why do you have an opinion (never mind, publishing it) when you are so ignorant?I too like the sign in with Apple feature, and I plan on using it for some (many, probably) things. But if you'd taken three minutes to read the link provided by @jogu you'd see that the OIDF do know exactly how a large part of the sign in with Apple code works. And no wonder, since the API is published by Apple. And why shouldn't Apple have copied that? It makes things easier for everyone.In fact, while I haven't spent a lot of time looking at this, I know enough about security to know that some of their issues are significant enough to be addressed, and I expect Apple will in fact do that before the release of this service and the OSes with supporting code. This isn't at all like the CurrentC situation, which was entirely a money issue.
-
Apple cuts updated MacBook Air price to $999 for students
davgreg said:Still a sealed shut battery compartment and vampire video (Intel graphics), right?
Still no USB 3 ports, right?
No thanks.Have you been trapped in a time capsule for the last 7 years? Macs have had USB3 for that long. I'm typing on a 2012 MBP right now with USB3.I think the last USB2 model was sold some time in 2014. Might have been 2013.
-
New DisplayPort 2.0 spec uses Thunderbolt 3 for 16K displays
melgross said:While this is nice, and Anandtech has a very detailed report about it, there is something that worries me. Intel has released the thunderbolt spec to a royalty free group. While this seems good, as we can see by this use of it here, my question is what it means for the future of the TB spec.
going back to the beginning, Intel stated that in ten years TB would be at 100Gb/s. It’s still at 40. We know all about the cable “problem”, which DisplayPort now shares. But that problem can be overcome with amplified cabling. At a cost, of course. But are we now at the end of the TB advance> with Intel giving the license out for free—no more charging OEMs for ports, does that mean they’re letting go of TB altogether? Nobody knows that outside of Intel right now.For "amplified" substitute "optical". It's unlikely that you'll ever see copper thunderbolt at 100gbps- I'd guess that optical will be both cheaper and better, to the extent that if you need a powered cable it'll be a hybrid glass/copper. (Or POF/copper- POF may finally reach this performance level outside the labs.)Ultimately, if Intel stops developing TB, it won't matter that much. The demand for faster cabling is there - DP is a perfect example, and AR/VR will continue to drive bandwidth needs for a while at least. USB will keep pushing forward if TB doesn't.
It's already done, and it's called "USB4".22july2013 said:[...]I don't have a negative impression of TB yet, but I do have a negative impression of USB-C with all of its complexity and different connector types. Maybe Intel can take the best of both and merge them into a single cable called USTB.
What are you talking about? The original TB connector was mDP, and it stuck around for years (it was used in TB2 also).melgross said:Intel and other companies are restrained by the working groups that control these standards. For example, the first TB used a different connector. Do you remember which one? No, because it was disallowed almost immediately. We had similar problems with hdmi. Apple had an adapter, but had to withdraw it.
You are confused. There is no TB4 yet, and nobody knows what it will be (aside from guessing at a doubling of data rates to 80gbps, which seems moderately likely). You might be thinking about PCIe4.sflocal said:It’s my understanding that TB4 is final and will be at 80gb/s. It’s a fantastic technology and a superior tech with lower overhead than USB. I really hope Intel does not do something stupid and kill the tech. They have been screwing up as of late.
