Catalina: Apple turns macOS into a closed platform; many audio-devs warned from the upgrade
- KVRist
- 152 posts since 31 May, 2004 from Ireland
Recent article on CNN that shows how trivially easy it is to exploit data we make publicly available - like Instagram posts, tweets, etc.:
https://edition.cnn.com/2019/10/18/tech ... index.html
https://edition.cnn.com/2019/10/18/tech ... index.html
- u-he
- 28065 posts since 8 Aug, 2002 from Berlin
Your pornstar name is the name of your first pet + your mother's maiden name + the street you first lived in. What's yours?
(but I won't tell you that I'll use that information to access your social media accounts)
(but I won't tell you that I'll use that information to access your social media accounts)
-
- KVRAF
- 3080 posts since 17 Apr, 2005 from S.E. TN
Tis hard to judge FUD (fear uncertainty and doubt). EVERY political party and most other commercial and social action concerns thrive on FUD. FUD makes people do silly stuff. But it is hard to judge FUD because Even Paranoids Have Enemies.
Tis awful hard to legislate away stupidity (as Urs's phishing example above).
On the other hand even the most careful and skilled craftsman will probably leave the blade safety guard on his circular saw. Even the most alert skilled person can screw up once in awhile, and if you screw up with the safety guard off the saw then get used to the nickname "Old Stumpy."
It is easy to mock fools who get conned, but some kinds of internet safety blade guards probably make sense even to the most cautious individuals. Just don't get stampeded by the FUD. FUD makes bad guys money and gives bad guys power. Fight the evil-doers by giving up some more of yer freedom. Yeah that works just fabulous.
Tis awful hard to legislate away stupidity (as Urs's phishing example above).
On the other hand even the most careful and skilled craftsman will probably leave the blade safety guard on his circular saw. Even the most alert skilled person can screw up once in awhile, and if you screw up with the safety guard off the saw then get used to the nickname "Old Stumpy."
It is easy to mock fools who get conned, but some kinds of internet safety blade guards probably make sense even to the most cautious individuals. Just don't get stampeded by the FUD. FUD makes bad guys money and gives bad guys power. Fight the evil-doers by giving up some more of yer freedom. Yeah that works just fabulous.
- KVRist
- 152 posts since 31 May, 2004 from Ireland
I agree with what you're saying.
But I think it's also important to remember that it's very, very easy to behave foolishly - even for rational people. Have you ever used a (not very strong) password in more than one location? I certainly have. Foolish. And also human and understandable.
That's where technology comes into play - making it easier to use a password that is automatically suggested by the OS and stored in the Keychain (which is synced across all devices) than coming up with your own, which is almost certainly weaker.
Always working on the assumption that the vast majority of the world population are 'non-technical' people is always a good starting point, IMHO.
-
- KVRAF
- 3080 posts since 17 Apr, 2005 from S.E. TN
Oh yeah am not mocking fools. Why I brought up the example of the circular saw blade guard. Even the least-foolish, most skilled craftsman probably leaves on the blade guard. Taking off the blade guard is probably evidence of foolishness except in remarkable circumstances.stratology wrote: ↑Tue Oct 22, 2019 5:14 pmI agree with what you're saying.
But I think it's also important to remember that it's very, very easy to behave foolishly - even for rational people. Have you ever used a (not very strong) password in more than one location? I certainly have. Foolish. And also human and understandable.
That's where technology comes into play - making it easier to use a password that is automatically suggested by the OS and stored in the Keychain (which is synced across all devices) than coming up with your own, which is almost certainly weaker.
Everybody qualifies as a fool. I qualify quite routinely. It is just very difficult to legislate away foolishness or to prevent or protect a determined-enough fool. Was thinking back on some I.E. Safety Engineering courses I took shortly after the invention of fire.
I don't keep passwords on computer-accessible locations. A secure keychain seems too risky to me. "Hackers Can't Crack That." "Hold my beer and watch this." My computer might get hijacked but they can't harvest non-existent passwords or financial data.
- KVRist
- 152 posts since 31 May, 2004 from Ireland
I don't know if you watched the CNN video I linked to above. "Hacking" does not necessarily refer to breaking into a computer. It's about exploiting the weakest link. Which is, usually, not technology like strong encryption, but humans.
The 'hacker' in the video describes how she (with obvious joy and mischief) exploited the CNN journalist's public postings, and used those as identifiers for calling others, like airline representatives, pretending to be the CNN guy. She got those people to disclose further information, and used that for further exploits.
-
- KVRAF
- 3080 posts since 17 Apr, 2005 from S.E. TN
I didn't watch it, maybe will sometime. Long ago read at least one article either Scientific American or Dr Dobbs, describing how various "human engineering" was the preferred method of breaking into computer systems and organizations, that the people were lots less secure than the computers, even back then.stratology wrote: ↑Tue Oct 22, 2019 6:30 pm
I don't know if you watched the CNN video I linked to above. "Hacking" does not necessarily refer to breaking into a computer. It's about exploiting the weakest link. Which is, usually, not technology like strong encryption, but humans.
The 'hacker' in the video describes how she (with obvious joy and mischief) exploited the CNN journalists public postings, and used those as identifiers for calling others, like airline representatives, pretending to be the CNN guy. She got those people to disclose further information, and used that for further exploits.
But the "human engineering" is just old-fashioned conman stuff. Mark Twain, Charles Dickens, Leo Tolstoy and even Hermann Melville wrote amusing conman stories. So far as that goes, we can probably find conman stories in such as Aristophanes plays. How can Apple protect you from old-fashioned conmen, regardless whether they have phones and computers?
Back about 1971 I worked counseling for a couple of years at a drug rehab unit in a psychiatric hospital. Some of the heaviest druggies were fabulous conmen. Natural talent. I recall one junkie who gave the impression of being "borderline retarded" who managed to con substantial sums of money not only out of his lawyer, but also out of his freakin judge!
-
- KVRAF
- 4735 posts since 18 Jul, 2002 from London, UK
No, there are ways to inject bogus keys locally. In some cases as simple as finding the key in the binary which it uses to verify its signature and replacing it with the cracker's own (they got us that way once). Or if required they can go further up the chain of trust. Now.. installing dodgy certificates to your system and compromising the chain of trust at system level is a pretty bad idea, but I guess if your crackintosh is air-gapped and not the machine you use for email, instagram, banking and everything else, it's probably a manageable risk.If I remember correctly, Apple was able to blacklist developer certificates which were stolen through phishing attacks. That was why they made two factor identification mandatory. So those cracks will work for a while and then boom.
This account is dormant, I am no longer employed by FXpansion / ROLI.
Find me on LinkedIn or elsewhere if you need to get in touch.
Find me on LinkedIn or elsewhere if you need to get in touch.
- KVRist
- 152 posts since 31 May, 2004 from Ireland
Presonus Studio One now joins Ableton, Logic and Digital Performer as DAWs that officially support Catalina. Presonus also released hardware driver updates for Catalina.
- KVRian
- 827 posts since 14 Sep, 2017
There is a thread already created by Forgotten (and I know he loves apple as much as you) about Catalina ready software, this is not the topic we are discussing here.stratology wrote: ↑Wed Oct 23, 2019 12:19 am Presonus Studio One now joins Ableton, Logic and Digital Performer as DAWs that officially support Catalina. Presonus also released hardware driver updates for Catalina.
What you're doing is like "guys the future is bright for Apple, software companies are joining, Apple is very cool"...
I mean Wake up already.
- KVRist
- 152 posts since 31 May, 2004 from Ireland
Oops, I thought Studio One, Ableton Live and Digital Performer were cross platform. My bad.
-
- KVRAF
- 3027 posts since 6 Nov, 2006
from everything i've read it's debatable if DP actually functions on windows
-
machinesworking machinesworking https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=8505
- KVRAF
- 6214 posts since 15 Aug, 2003 from seattle
I use DP regularly enough to visit DP centric forums, and it's already got good traction as far as people posting using it on Windows. Haven't heard too many complaints, but the first .0 version for Windows had lots of issues for sure.
-
- KVRAF
- 3027 posts since 6 Nov, 2006
that's good to know. i've read a lot of "not ready for prime time" type comments from people who've used it on windows.machinesworking wrote: ↑Sat Oct 26, 2019 3:24 amI use DP regularly enough to visit DP centric forums, and it's already got good traction as far as people posting using it on Windows. Haven't heard too many complaints, but the first .0 version for Windows had lots of issues for sure.
-
machinesworking machinesworking https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=8505
- KVRAF
- 6214 posts since 15 Aug, 2003 from seattle
IMO, it's a weird DAW, beyond a glitch or two when you first instal a new DAW, it presents a completely different way of working with arrangement windows, and the whole enigma of Chunks really throws people. The alien workflow makes any glitches with setting it up seem worse etc.dayjob wrote: ↑Sat Oct 26, 2019 3:37 amthat's good to know. i've read a lot of "not ready for prime time" type comments from people who've used it on windows.machinesworking wrote: ↑Sat Oct 26, 2019 3:24 amI use DP regularly enough to visit DP centric forums, and it's already got good traction as far as people posting using it on Windows. Haven't heard too many complaints, but the first .0 version for Windows had lots of issues for sure.
I'm sort of glad they made a windows version, but also saddened since theoretically developing for a single OS should be easier, and development has to slow down because of it.