Here’s a clever two-step attack on a Macintosh. First, the victim downloads a file – it may be enough to email it to the victim as an attachment. Second, the victim opens a file or clicks a link. This executes the downloaded file. Yipes!
The trouble reported earlier with Apple Music seems to have attracted high level attention. James Pinkstone had reported that Apple Music deleted countless unique tracks he had stored in iTunes, and that an Apple service rep assured him this was correct behavior.
As he describes in a later blog post, Apple contacted him promptly. They assured him that file deletion is not an intended feature of Apple Music, and they sent engineers to try to figure it out.
This doesn’t change my own conclusion: the only way to ensure ownership of electronic media is to remove copy protection. This requires a bit of geeking around on a desktop. If your ebooks and music reside exclusively in proprietary apps, like Kindle or the Apple products, then the vendor can delete them at will. It happened on the Kindle.
CNET recently published a list of cables to keep and cables to discard. I like to keep things for historical interest as well as for practical reasons. Historical examples allow me to show students different ways of doing the same thing. The picture on the left illustrates “serial vs parallel” and I use a similar image in my textbook. I don’t collect ancient types of wire for investment purposes: values don’t justify it.
You need to decide why you want to keep cables, and keep the cables accordingly. Like most Web journalism, CNET largely ignored that question. Here are some reasons:
- I have equipment that uses a particular cable
- I’ll probably buy equipment that uses a particular cable.
Let’s look at those reasons and consider CNET’s recommendations.
[UPDATE: Apple now claims this was a bug; see the updated post]
This is perhaps the worst example of entertainment engineering I’ve ever heard. Blogger and musician jamespinkstone claims that Apple Music deleted countless unusual tracks in his music collection. It “matched” the tracks with entries in its library. Then it deleted the matched ones from his hard drive. When he tried to play a rare piano version of “Sister Jack” he instead heard a common demo version. Apple Music apparently decided the tracks were similar enough to treat as identical.
This is worse than Sony planting malware on PCs to as a sort of copy protection. I’m no musician, but I appreciate the differences in my 3 or 4 versions of early Bonnie Raitt songs.
This is why I don’t trust the big vendors like Apple or Google to host my private ebook library.
The current fight is about whether we will impose a technological infrastructure which will be exceptionally vulnerable to attackers in order to provide nothing more useful than some very, very short-term advantages to people investigating crimes.
- Perry Metzger, commentary on the Cryptography mailing list last Friday
Let me say it differently: We put everyone in danger if we weaken cybersecurity. We only help a few detectives in a few investigations.
I don’t want hackers playing with my home thermostats, my car’s computer, my water or electric utility systems, or financial computers. If we make it convenient for police to reach into our computers, we also make it easy for hackers. This threatens peoples lives directly.
Computing technology is insanely reliable when you look at statistical error rates. Hard drives read and write trillions of bits while rarely producing a reportable error. But when you want some data to live forever (like family photos or critical business records), even an occasional error is a problem.
I’ve been using OS X and Time Machine for at least a decade now. I rely on RAID 1 “mirrored” backups. In other words, my Time Machine storage contains 2 separate hard drives. Everything is written to both of them. If one fails, I replace it with a new one, and rebuild from the good drive.
I also like to encrypt my hard drives. OS X provides convenient and capable hard drive encryption, but it doesn’t play well with the OS X RAID service. I’ve found it best to use an external RAID enclosure which handles the mirroring. I let OS X handle the crypto.
I’m upgrading my iPhone and trading in the old one. I had to erase the old one completely and unhook “Find my iPhone” from it.
I’d seen headlines hinting that recycled iPhones aren’t often erased. Some headlines suggest that the erasing operation itself doesn’t really work.
It works. It’s just time consuming. I turned off TouchID and the lock code. I disabled “Find my iPhone” and all the iCloud connections. Then I went on line and made sure the old phone wasn’t listed on my Apple account. Finally, I hit the “Erase All Contents and Settings” option.
The phone restarted with the Hello setup screen. I went through guided setup without hooking up iCloud or anything personal. I looked through the phone to make sure nothing was there. It was clean. I looked on Find My iPhone, and the old phone didn’t appear.
If you have the technical interest to read this, you probably do a lot of your finances with your personal computer. Taxes, monthly budgets, check printing (on those rare occasions), and tracking numerous accounts – computers are far better than people at handling such details. A typical personal computer, or smart phone for that matter, contains company names, account numbers, login credentials, and everything else an identity thief might need. This is reasonably safe as long as you don’t lose your device and/or its hard drive.
But when you replace your computer or hard drive, or (God forbid) someone steals it, your intimate financial details are “out there” unless your drive is encrypted.
I started collecting digital content in the 1980s. Before that I was satisfied to print things out, bind them, and put them on a shelf. My graduate research produced about three linear feet of printed papers sorted by author. I wrote my first book mostly from printed references, though all the writing was online. When I started my second book, Authentication, I decided to collect, catalog, and save my references digitally. I stored everything in a tree of folders, one per author, stored alphabetically.
My library now contains several thousand items, from Gutenberg ebooks to marketing brochures to technical papers. It uses over 8 GB of storage, including catalogs and metadata. I used to read classic fiction on Palm Pilots and early smartphones. Now I read everything from fiction to technical reports on a tablet, either Android or iOS. This environment poses a whole set of challenges. I’ve found some tools to make my library work, more or less: Calibre, OPDS, and DRM-free books.
My main objective is Get it Once, Organize it Once, and Read it Anywhere.