Catalina: Apple turns macOS into a closed platform; many audio-devs warned from the upgrade

[stratology]

Recent article on CNN that shows how trivially easy it is to exploit data we make publicly available - like Instagram posts, tweets, etc.:
https://edition.cnn.com/2019/10/18/tech ... index.html

[Urs]

Your pornstar name is the name of your first pet + your mother's maiden name + the street you first lived in. What's yours?

(but I won't tell you that I'll use that information to access your social media accounts)

[JCJR]

Tis hard to judge FUD (fear uncertainty and doubt). EVERY political party and most other commercial and social action concerns thrive on FUD. FUD makes people do silly stuff. But it is hard to judge FUD because Even Paranoids Have Enemies.

Tis awful hard to legislate away stupidity (as Urs's phishing example above).

On the other hand even the most careful and skilled craftsman will probably leave the blade safety guard on his circular saw. Even the most alert skilled person can screw up once in awhile, and if you screw up with the safety guard off the saw then get used to the nickname "Old Stumpy."

It is easy to mock fools who get conned, but some kinds of internet safety blade guards probably make sense even to the most cautious individuals. Just don't get stampeded by the FUD. FUD makes bad guys money and gives bad guys power. Fight the evil-doers by giving up some more of yer freedom. Yeah that works just fabulous.

[stratology]

It is easy to mock fools who get conned

I agree with what you're saying.

But I think it's also important to remember that it's very, very easy to behave foolishly - even for rational people. Have you ever used a (not very strong) password in more than one location? I certainly have. Foolish. And also human and understandable.

That's where technology comes into play - making it easier to use a password that is automatically suggested by the OS and stored in the Keychain (which is synced across all devices) than coming up with your own, which is almost certainly weaker.


Always working on the assumption that the vast majority of the world population are 'non-technical' people is always a good starting point, IMHO.

[JCJR]

It is easy to mock fools who get conned

I agree with what you're saying.

But I think it's also important to remember that it's very, very easy to behave foolishly - even for rational people. Have you ever used a (not very strong) password in more than one location? I certainly have. Foolish. And also human and understandable.

That's where technology comes into play - making it easier to use a password that is automatically suggested by the OS and stored in the Keychain (which is synced across all devices) than coming up with your own, which is almost certainly weaker.

Oh yeah am not mocking fools. Why I brought up the example of the circular saw blade guard. Even the least-foolish, most skilled craftsman probably leaves on the blade guard. Taking off the blade guard is probably evidence of foolishness except in remarkable circumstances.

Everybody qualifies as a fool. I qualify quite routinely. It is just very difficult to legislate away foolishness or to prevent or protect a determined-enough fool. Was thinking back on some I.E. Safety Engineering courses I took shortly after the invention of fire.

I don't keep passwords on computer-accessible locations. A secure keychain seems too risky to me. "Hackers Can't Crack That." "Hold my beer and watch this." My computer might get hijacked but they can't harvest non-existent passwords or financial data.

[stratology]

I don't keep passwords on computer-accessible locations. A secure keychain seems too risky to me. "Hackers Can't Crack That." "Hold my beer and watch this." My computer might get hijacked but they can't harvest non-existent passwords or financial data.

I don't know if you watched the CNN video I linked to above. "Hacking" does not necessarily refer to breaking into a computer. It's about exploiting the weakest link. Which is, usually, not technology like strong encryption, but humans.

The 'hacker' in the video describes how she (with obvious joy and mischief) exploited the CNN journalist's public postings, and used those as identifiers for calling others, like airline representatives, pretending to be the CNN guy. She got those people to disclose further information, and used that for further exploits.

[JCJR]

I don't keep passwords on computer-accessible locations. A secure keychain seems too risky to me. "Hackers Can't Crack That." "Hold my beer and watch this." My computer might get hijacked but they can't harvest non-existent passwords or financial data.

I don't know if you watched the CNN video I linked to above. "Hacking" does not necessarily refer to breaking into a computer. It's about exploiting the weakest link. Which is, usually, not technology like strong encryption, but humans.

The 'hacker' in the video describes how she (with obvious joy and mischief) exploited the CNN journalists public postings, and used those as identifiers for calling others, like airline representatives, pretending to be the CNN guy. She got those people to disclose further information, and used that for further exploits.

I didn't watch it, maybe will sometime. Long ago read at least one article either Scientific American or Dr Dobbs, describing how various "human engineering" was the preferred method of breaking into computer systems and organizations, that the people were lots less secure than the computers, even back then.

But the "human engineering" is just old-fashioned conman stuff. Mark Twain, Charles Dickens, Leo Tolstoy and even Hermann Melville wrote amusing conman stories. So far as that goes, we can probably find conman stories in such as Aristophanes plays. How can Apple protect you from old-fashioned conmen, regardless whether they have phones and computers?

Back about 1971 I worked counseling for a couple of years at a drug rehab unit in a psychiatric hospital. Some of the heaviest druggies were fabulous conmen. Natural talent. I recall one junkie who gave the impression of being "borderline retarded" who managed to con substantial sums of money not only out of his lawyer, but also out of his freakin judge!

[Angus_FX]

If I remember correctly, Apple was able to blacklist developer certificates which were stolen through phishing attacks. That was why they made two factor identification mandatory. So those cracks will work for a while and then boom.

No, there are ways to inject bogus keys locally. In some cases as simple as finding the key in the binary which it uses to verify its signature and replacing it with the cracker's own (they got us that way once). Or if required they can go further up the chain of trust. Now.. installing dodgy certificates to your system and compromising the chain of trust at system level is a pretty bad idea, but I guess if your crackintosh is air-gapped and not the machine you use for email, instagram, banking and everything else, it's probably a manageable risk.

[stratology]

Presonus Studio One now joins Ableton, Logic and Digital Performer as DAWs that officially support Catalina. Presonus also released hardware driver updates for Catalina.

[JunSev]

Presonus Studio One now joins Ableton, Logic and Digital Performer as DAWs that officially support Catalina. Presonus also released hardware driver updates for Catalina.

There is a thread already created by Forgotten (and I know he loves apple as much as you) about Catalina ready software, this is not the topic we are discussing here.

What you're doing is like "guys the future is bright for Apple, software companies are joining, Apple is very cool"...

I mean Wake up already.

[stratology]

Oops, I thought Studio One, Ableton Live and Digital Performer were cross platform. My bad.

[dayjob]

Oops, I thought Digital Performer was cross platform.

from everything i've read it's debatable if DP actually functions on windows

[machinesworking]

Oops, I thought Digital Performer was cross platform.

from everything i've read it's debatable if DP actually functions on windows

I use DP regularly enough to visit DP centric forums, and it's already got good traction as far as people posting using it on Windows. Haven't heard too many complaints, but the first .0 version for Windows had lots of issues for sure.

[dayjob]

Oops, I thought Digital Performer was cross platform.

from everything i've read it's debatable if DP actually functions on windows

I use DP regularly enough to visit DP centric forums, and it's already got good traction as far as people posting using it on Windows. Haven't heard too many complaints, but the first .0 version for Windows had lots of issues for sure.

that's good to know. i've read a lot of "not ready for prime time" type comments from people who've used it on windows.

[machinesworking]

Oops, I thought Digital Performer was cross platform.

from everything i've read it's debatable if DP actually functions on windows

I use DP regularly enough to visit DP centric forums, and it's already got good traction as far as people posting using it on Windows. Haven't heard too many complaints, but the first .0 version for Windows had lots of issues for sure.

that's good to know. i've read a lot of "not ready for prime time" type comments from people who've used it on windows.

IMO, it's a weird DAW, beyond a glitch or two when you first instal a new DAW, it presents a completely different way of working with arrangement windows, and the whole enigma of Chunks really throws people. The alien workflow makes any glitches with setting it up seem worse etc.

I'm sort of glad they made a windows version, but also saddened since theoretically developing for a single OS should be easier, and development has to slow down because of it.