I saw this report the other day and it confused me. My understanding is that the entire contents of an iPhone with a passcode (or pass phrase) are encrypted. If Apple can somehow decrypt the contents, then there’s a backdoor, and the possibility exists that someone else will discover the backdoor. (Let alone the problem of Apple being able to do it.)

Charlie Miller, who knows way more about this stuff than I do (and probably as much as anyone outside Apple), is also confused.

Charlie Miller ‏@0xcharlie

I'm still wondering about this: http://m.cnet.com/news/apple-deluged-by-police-demands-to-decrypt-iphones/57583843 … seems to say that apple can forensically examine iPhone 5 which shouldn't be possible

Thanks followers. Apple probably uses a signed ramdisk and then brute forces from there.

Labels: apple, cryptonomicon, encryption, security

Right click on your project node in Visual Studio, select StyleCop Settings. On the Rules tab, select the Documentation Rules node. In the right-hand pane, select the Ignore privates checkbox, and\or unselect the Include fields box. Either of these will achieve the desired effect.

Labels: noteToSelf, visual studio

This one falls into the “Huh?” category. If you go to Tools >>> Options >>> Environment >>> General and uncheck the “Show status bar” option. It will remove the status bar from view.

Labels: noteToSelf, visual studio

The ATF's Maynard said in an affidavit for the Kentucky case that Apple "has the capabilities to bypass the security software" and "download the contents of the phone to an external memory device." Chang, the Apple legal specialist, told him that "once the Apple analyst bypasses the passcode, the data will be downloaded onto a USB external drive" and delivered to the ATF.

It's not clear whether that means Apple has created a backdoor for police -- which has been the topic of speculation in the past -- [or] whether the company has custom hardware that's faster at decryption, or whether it simply is more skilled at using the same procedures available to the government. Apple declined to discuss its law enforcement policies when contacted this week by CNET. [emph mfn]

Labels: apple, encryption, security

The website responds with some HTML containing some JavaScript along with a script tag. When the browser sees the script tag, it makes another GET request back to the vulnerable site to load the script, sending the auth cookie along.

Labels: javascript, json, security

Q: Can NoScript force some sites to always use HTTPS?
A: Yes, just open NoScript Options|Advanced|HTTPS|Behavior, entering the sites you want to force in the topmost box, and those you want to always leave alone in the bottom one.

Labels: noteToSelf, security

Labels: hats of money, spotify

I do, however, hate people yelling "OPEN" and "CLOWWWD" every ten minutes as if they have some kind of Technological Tourette's Syndrome.

You can set any of jslint's options under preference -> package settings -> jslint -> advanced built settings. See http://www.jslint.com/lint.html#options for a list of options in JSLint. There's no move_var option (that's just a label for an error condition), but you can use the vars: true option to permit many variable declarations per function.

 {
    "cmd": [
      "node", 
      "${packages}/JSLint/linter.js",
      // sloppy line breaking?

      // tolerate dangling _ in identifiers
      "--nomen",
      // tolerate ++ and --
      "--plusplus",
      // tolerate missing 'use strict' pragma
      "--sloppy",
      // sloppy whitespace
      "--white",

      // assume a browser,
      "--browser",

      // suggest an indent level of ...
      "--indent", "4",
      // assume node.js to predefine node globals
      "--node",

      // tolerate unfiltered for in
      //"--forin",

      // tolerate stupidity
      "--stupid",

      // tolerate todo
      "--todo",

      // anon whitespace okay 
      //"--anon",

      "--maxerr","6",

      "$file"
    ],
    "file_regex": "^\\/.*\\/([^\\/]*)$",
    "line_regex": ".*\/\/ Line ([0-9]*), Pos ([0-9]*)$",
    "selector": "source.js, source.css, source.json, source.sass, source.less, source.html"
}

Labels: JSLint, sublime text

In the 1990s, the PC market was mostly a corporate market (roughly 75% of volume). Corporate buyers wanted a commodity. They were buying 500 or 5000 boxes, they wanted them all the same and they wanted to be able to order 500 or 5000 more roughly the same next year. They wanted to compare 4 vendors on price with the same spec sheet. They didn't care what they looked like... and they didn't care how easy it was for non-technical people to set them up because the users would never touch the configuration. Nor did they care much about the user interface, because most of the users were only going to be running 1 or 2 apps anyway.

Meanwhile with no internet, home buyers were mainly interested in a PC that ran the same software they used at work (and all of the games were for PC). They may have known Macs were supposed to be easier, but ... Apple's computers were ultimately beige boxes and not really that much prettier than PCs anyway. And they were significantly more expensive.

Hence, in this market all of Microsoft's advantages were in play, and none of Apple's. Apple, in Steve Blank's phrase, did not have product/market fit. ... Apple's selling points were irrelevant, invisible or both.

Labels: apple, microsoft