If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Slate)   The iPhone's security flaw is so bad that Apple may have no choice but to start marketing it as a feature   (slate.com) divider line 67
    More: Fail, iPhone, security flaws, Apple, plans, Mac computers, SSL, marketing  
•       •       •

6924 clicks; posted to Geek » on 23 Feb 2014 at 12:36 AM (21 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



67 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | » | Last | Show all
 
2014-02-22 09:00:39 PM
Or they could just fix it, like they already did. Were you dropped on your head as a child, Subby?
 
2014-02-22 09:40:40 PM

bingethinker: Or they could just fix it, like they already did. Were you dropped on your head as a child, Subby?


As of yesterday, Prof. Green didn't think it was fixed yet.  Worse, this problem probably isn't limited to Apple.
 
2014-02-22 10:22:59 PM

Bucky Katt: bingethinker: Or they could just fix it, like they already did. Were you dropped on your head as a child, Subby?

As of yesterday, Prof. Green didn't think it was fixed yet.  Worse, this problem probably isn't limited to Apple.


No matter what he thinks, the IOS update released yesterday fixed this for IOS users.
 
2014-02-22 11:37:19 PM
So now it's a Windows phone?
 
2014-02-22 11:51:26 PM

bingethinker: Bucky Katt: bingethinker: Or they could just fix it, like they already did. Were you dropped on your head as a child, Subby?

As of yesterday, Prof. Green didn't think it was fixed yet.  Worse, this problem probably isn't limited to Apple.

No matter what he thinks, the IOS update released yesterday fixed this for IOS users.


They're still waiting for the OSX fix.  It appears to be a problem with the SSL verification routine, which includes an extra goto statement that renders verification meaningless:

https://www.imperialviolet.org/2014/02/22/applebug.html

Definitely a hell of a cock up.
 
2014-02-23 12:29:18 AM

bingethinker: Or they could just fix it, like they already did. Were you dropped on your head as a child, Subby?


Shouldn't this post have a graph showing how this has improved battery life?
 
2014-02-23 12:53:21 AM
"It's as bad as you could imagine, that's all I can say."
 
2014-02-23 01:15:19 AM

dready zim: "It's as bad as you could imagine, that's all I can say."


Basically the worst parts of the bible.
 
2014-02-23 01:20:43 AM

Lsherm: bingethinker: Bucky Katt: bingethinker: Or they could just fix it, like they already did. Were you dropped on your head as a child, Subby?

As of yesterday, Prof. Green didn't think it was fixed yet.  Worse, this problem probably isn't limited to Apple.

No matter what he thinks, the IOS update released yesterday fixed this for IOS users.

They're still waiting for the OSX fix.  It appears to be a problem with the SSL verification routine, which includes an extra goto statement that renders verification meaningless:

https://www.imperialviolet.org/2014/02/22/applebug.html

Definitely a hell of a cock up.


I once had a guy quit because of a code review. He wrote all his logic as do {} while (false) with a conditional break statement. When it was pointed out this is the same as a goto, he flipped out. He was so infuriated anyone would have the gall to question HIS work, he quit. These are the people who write software. They will always be the people who write software.


/do {} while (true) is lazy and sloppy, but not the same.
//goto can be used responsibly, but he wasn't doing that.
///we rewrote the code with gotos, to explain it. Still didn't get it.
 
2014-02-23 01:29:34 AM
My favorite part about all this is that the bug gives itself a great name: "goto fail".

foo monkey: //goto can be used responsibly, but he wasn't doing that.


What's wrong with do { ... } while (false); with conditional breaks for error handling?  It beats enabling RTTI and exception handling, as well as avoids some of the problems of "goto".  I'd consider quitting, too, not from being questioned, but from the silly policies.

If I knew how to use MobileSubstrate, had a Mac, and knew how to modify that mega-dylib in iOS, I could make patch for this bug on iOS 6.x for those who don't want to upgrade to 7.0.6.  I can do the reverse engineering and writing the ARM assembly code to patch the bug, but I don't know how to deploy it.
 
2014-02-23 01:38:19 AM
I dunno, I can imagine an awful lot worse in an OS. I don't understand why people keep trying to use SSL for authentication. It's for encryption. When's the last time you audited every trust chain in your browser's CA list?
 
2014-02-23 01:41:23 AM

Far Cough: I dunno, I can imagine an awful lot worse in an OS. I don't understand why people keep trying to use SSL for authentication. It's for encryption. When's the last time you audited every trust chain in your browser's CA list?


You have a point, but if you don't authenticate the chain, you have no way to know that you're not the victim of a man-in-the-middle attack.  You could be giving your bank login information to wellsfargo.com without being aware that the free Wi-Fi you're using has been compromised.  Someone is reading your traffic without you knowing it.
 
2014-02-23 01:46:19 AM

Myria: Far Cough: I dunno, I can imagine an awful lot worse in an OS. I don't understand why people keep trying to use SSL for authentication. It's for encryption. When's the last time you audited every trust chain in your browser's CA list?

You have a point, but if you don't authenticate the chain, you have no way to know that you're not the victim of a man-in-the-middle attack.  You could be giving your bank login information to wellsfargo.com without being aware that the free Wi-Fi you're using has been compromised.  Someone is reading your traffic without you knowing it.


Right, but this was ALWAYS fairly trivial to do, because people ignore the warnings anyway. Which is why they started with colored URLs and levels of trust. Which people ignore anyway.

Not saying this isn't an important screw-up.

/they mostly still ignore the lock icon too
 
2014-02-23 02:03:43 AM
Hmm, odd, I just had to log back in to Fark in Android. First time in forever.

/mobile, no SSL, I know
 
2014-02-23 02:04:54 AM

bingethinker: Bucky Katt: bingethinker: Or they could just fix it, like they already did. Were you dropped on your head as a child, Subby?

As of yesterday, Prof. Green didn't think it was fixed yet.  Worse, this problem probably isn't limited to Apple.

No matter what he thinks, the IOS update released yesterday fixed this for IOS users.


No matter what you think, he's right. This is fixed in IOS, but not OSX, which it also affects.

/goto fail
 
2014-02-23 02:19:54 AM
Well, if nothing else, I get to act smug toward Apple fanboys. That's always fun.
 
2014-02-23 02:21:39 AM

Far Cough: I dunno, I can imagine an awful lot worse in an OS. I don't understand why people keep trying to use SSL for authentication. It's for encryption. When's the last time you audited every trust chain in your browser's CA list?


The authentication in this case is FOR encryption via SSL.  The "authentication" is checking to make sure the certificate you get is coming from the entity that signed it, so you can then encrypt traffic.

With this flaw, it doesn't matter what your certificate says - iOS just accepts it as valid.  It's the perfect flaw for a man in the middle attack.  Intercept the traffic, send a bogus cert, and then you're good to go to read all the traffic you want.
 
2014-02-23 02:29:39 AM

Myria: My favorite part about all this is that the bug gives itself a great name: "goto fail".

foo monkey: //goto can be used responsibly, but he wasn't doing that.

What's wrong with do { ... } while (false); with conditional breaks for error handling?  It beats enabling RTTI and exception handling, as well as avoids some of the problems of "goto".  I'd consider quitting, too, not from being questioned, but from the silly policies.


That's what Try/Catch is for.  Also, I would encourage you to quit.
 
2014-02-23 02:31:44 AM
Remind me why all security conscious code isn't written in something like Ada by default?  Seems in subsystems like this you'd be willing to trade a little flexibility for better static analysis.
 
2014-02-23 02:33:23 AM
I haven't updated since iOS 7.0.4

Does this flaw affect my iphone 4?
 
2014-02-23 02:34:27 AM

SquishyLizard: Remind me why all security conscious code isn't written in something like Ada by default?  Seems in subsystems like this you'd be willing to trade a little flexibility for better static analysis.


Probably because Ada seriously sucks.
 
2014-02-23 02:38:16 AM

Lsherm: Far Cough: I dunno, I can imagine an awful lot worse in an OS. I don't understand why people keep trying to use SSL for authentication. It's for encryption. When's the last time you audited every trust chain in your browser's CA list?

The authentication in this case is FOR encryption via SSL.  The "authentication" is checking to make sure the certificate you get is coming from the entity that signed it, so you can then encrypt traffic.

With this flaw, it doesn't matter what your certificate says - iOS just accepts it as valid.  It's the perfect flaw for a man in the middle attack.  Intercept the traffic, send a bogus cert, and then you're good to go to read all the traffic you want.


Yes I know, and that's what's always been foolish. Please re-read the discussion above. SSL is good for preventing wire snooping. It was NEVER very good for endpoint authentication, because people don't pay attention. Cafe MITM attacks were terribly easy with or without this flaw. The fact is that we are much better served by APs that isolate traffic and using our own known good DNS servers.
 
2014-02-23 02:38:34 AM
Is this the part where I say HA, HA. Apple is just susceptible as any other OS because it was written by humans?
 
2014-02-23 02:49:53 AM

Far Cough: Lsherm: Far Cough: I dunno, I can imagine an awful lot worse in an OS. I don't understand why people keep trying to use SSL for authentication. It's for encryption. When's the last time you audited every trust chain in your browser's CA list?

The authentication in this case is FOR encryption via SSL.  The "authentication" is checking to make sure the certificate you get is coming from the entity that signed it, so you can then encrypt traffic.

With this flaw, it doesn't matter what your certificate says - iOS just accepts it as valid.  It's the perfect flaw for a man in the middle attack.  Intercept the traffic, send a bogus cert, and then you're good to go to read all the traffic you want.

Yes I know, and that's what's always been foolish. Please re-read the discussion above. SSL is good for preventing wire snooping. It was NEVER very good for endpoint authentication, because people don't pay attention. Cafe MITM attacks were terribly easy with or without this flaw. The fact is that we are much better served by APs that isolate traffic and using our own known good DNS servers.


What discussion?  MITM attacks are easy, agreed, if a user ignores a cert warning, but otherwise it's a fairly decent method of establishing trust among numerous sites a typical user visits.  At the very least, if I was hitting my banking site and it threw up a warning about the cert, it would give me pause, because that's never happened before.

The point with this flaw is that you wouldn't get the warning at all.
 
2014-02-23 03:03:50 AM

Lsherm: Far Cough: Lsherm: Far Cough: I dunno, I can imagine an awful lot worse in an OS. I don't understand why people keep trying to use SSL for authentication. It's for encryption. When's the last time you audited every trust chain in your browser's CA list?

The authentication in this case is FOR encryption via SSL.  The "authentication" is checking to make sure the certificate you get is coming from the entity that signed it, so you can then encrypt traffic.

With this flaw, it doesn't matter what your certificate says - iOS just accepts it as valid.  It's the perfect flaw for a man in the middle attack.  Intercept the traffic, send a bogus cert, and then you're good to go to read all the traffic you want.

Yes I know, and that's what's always been foolish. Please re-read the discussion above. SSL is good for preventing wire snooping. It was NEVER very good for endpoint authentication, because people don't pay attention. Cafe MITM attacks were terribly easy with or without this flaw. The fact is that we are much better served by APs that isolate traffic and using our own known good DNS servers.

What discussion?  MITM attacks are easy, agreed, if a user ignores a cert warning, but otherwise it's a fairly decent method of establishing trust among numerous sites a typical user visits.  At the very least, if I was hitting my banking site and it threw up a warning about the cert, it would give me pause, because that's never happened before.

The point with this flaw is that you wouldn't get the warning at all.


It would give you pause, but not most people. Various cert warnings come up a lot (subdomains, wildcards, relocations, outsourcing, acquisitions, time/date issues) to the point that people are practically trained to ignore them.

(I was referring to my discussion above that raised the problem with the normal trust chains and the ease of ordinary MITMs. Just a few posts up. I also acknowledged this fat little bug was still very important.). Anyway, thanks for posting the source link above!

Note to normal humans: if you are connecting on your home network this almost certainly does NOT directly affect you. It's only locations with shared traffic (and with modern switched networks, usually only wireless) that you'd need worry.

/yeah yeah ARP poisoning
 
2014-02-23 03:53:05 AM

OgreMagi: Myria: What's wrong with do { ... } while (false); with conditional breaks for error handling?  It beats enabling RTTI and exception handling, as well as avoids some of the problems of "goto".  I'd consider quitting, too, not from being questioned, but from the silly policies.

That's what Try/Catch is for.  Also, I would encourage you to quit.


I hope that you're not writing a 32-bit Windows program, because try/catch is really expensive.  And on all platforms, exception dispatching itself is very expensive.

I also hope that you're not trying to link libraries compiled by different compilers, because exceptions don't play nice across compiler boundaries.  Or even worse, across .dll/.so/.dylib boundaries.
 
2014-02-23 04:10:19 AM
Best part right here "The flaw is certainly embarrassing considering SSL is hardly groundbreaking stuff and has been around for years. Some are speculating that it is this very security hole that allowed the National Security Agency to allegedly access any iOS device, according to documents leaked by Edward Snowden, Points out zdnet. Apple has denied that is the case."


Did we really think this statement through Apple? HMMM?
HMMM?

/anyways continue this heavy breathing conversation
 
2014-02-23 05:01:17 AM

Omegamerc: Did we really think this statement through Apple? HMMM?
HMMM?


If they're denying that this exploit is what the leaked NSA documents are referring to, does that mean that Apple knows which exploit the NSA documents are referring to? =)
 
2014-02-23 05:14:15 AM

Myria: OgreMagi: Myria: What's wrong with do { ... } while (false); with conditional breaks for error handling?  It beats enabling RTTI and exception handling, as well as avoids some of the problems of "goto".  I'd consider quitting, too, not from being questioned, but from the silly policies.

That's what Try/Catch is for.  Also, I would encourage you to quit.

I hope that you're not writing a 32-bit Windows program, because try/catch is really expensive.  And on all platforms, exception dispatching itself is very expensive.

I also hope that you're not trying to link libraries compiled by different compilers, because exceptions don't play nice across compiler boundaries.  Or even worse, across .dll/.so/.dylib boundaries.


I work exclusively in Linux, though coding applications is not my job function.  I'm a system admin.
 
2014-02-23 05:39:42 AM

foo monkey: Lsherm: bingethinker: Bucky Katt: bingethinker: Or they could just fix it, like they already did. Were you dropped on your head as a child, Subby?

As of yesterday, Prof. Green didn't think it was fixed yet.  Worse, this problem probably isn't limited to Apple.

No matter what he thinks, the IOS update released yesterday fixed this for IOS users.

They're still waiting for the OSX fix.  It appears to be a problem with the SSL verification routine, which includes an extra goto statement that renders verification meaningless:

https://www.imperialviolet.org/2014/02/22/applebug.html

Definitely a hell of a cock up.

I once had a guy quit because of a code review. He wrote all his logic as do {} while (false) with a conditional break statement. When it was pointed out this is the same as a goto, he flipped out. He was so infuriated anyone would have the gall to question HIS work, he quit. These are the people who write software. They will always be the people who write software.


/do {} while (true) is lazy and sloppy, but not the same.
//goto can be used responsibly, but he wasn't doing that.
///we rewrote the code with gotos, to explain it. Still didn't get it.


I'm guessing he quit because of the way his mistake was presented to him. IT people enjoy sitting around clucking about how wrong and stupid everyone else is, and when they catch each other's mistakes they can be brutal to one another. Who would think people with superiority complexes and poor social skills would lack sensitivity?

Also without knowing the specifics of your example, but nearly any code can be replaced with a series of gotos, that doesn't prove anything.
 
2014-02-23 06:35:14 AM
Couldn't you just NOT connect to random open wifi? Sure it's a little slower, but you don't have such crap to worry about.

/still on ios 6ish
 
2014-02-23 06:45:11 AM

foo monkey: I once had a guy quit because of a code review. He wrote all his logic as do {} while (false) with a conditional break statement. When it was pointed out this is the same as a goto, he flipped out. He was so infuriated anyone would have the gall to question HIS work, he quit. These are the people who write software. They will always be the people who write software.


/do {} while (true) is lazy and sloppy, but not the same.
//goto can be used responsibly, but he wasn't doing that.
///we rewrote the code with gotos, to explain it. Still didn't get it.


If you won't accept code that could be rewritten with goto's, you're not going to accept much code.   What was the actual issue?
 
2014-02-23 07:26:55 AM
Wow, a bunch of nerds nerding it up in here. Just reading this thread gave me my virginity back.
 
2014-02-23 07:52:50 AM

kittyhas1000legs: Couldn't you just NOT connect to random open wifi? Sure it's a little slower, but you don't have such crap to worry about.

/still on ios 6ish


I do a lot of traveling and connect to WIFI where I'm usually working. One issue I constantly see is at colleges with free WIFI that you have to go to a page and accept terms of service before connecting to the internet. The page is usually HTTPS but doesn't have a valid certificate, so my computer throws a fit. I can't imagine a scenario where I'd add an exception if I wasn't sure of what I was connecting to. Is the Apple bug such that in my scenario an Apple device wouldn't warn you of an invalid certificate? Maybe the people writing the code for that were using Apple products to test it and didn't realize the certificate was invalid. They may have even thought it was a windows bug when others reported the invalid cert to them.
 
2014-02-23 08:01:39 AM

MarkEC: kittyhas1000legs: Couldn't you just NOT connect to random open wifi? Sure it's a little slower, but you don't have such crap to worry about.

/still on ios 6ish

I do a lot of traveling and connect to WIFI where I'm usually working. One issue I constantly see is at colleges with free WIFI that you have to go to a page and accept terms of service before connecting to the internet. The page is usually HTTPS but doesn't have a valid certificate, so my computer throws a fit. I can't imagine a scenario where I'd add an exception if I wasn't sure of what I was connecting to. Is the Apple bug such that in my scenario an Apple device wouldn't warn you of an invalid certificate? Maybe the people writing the code for that were using Apple products to test it and didn't realize the certificate was invalid. They may have even thought it was a windows bug when others reported the invalid cert to them.


sounds spot on.
 
2014-02-23 08:21:01 AM
If you turn off your Apple device and never turn it on again this flaw is harmless...nothing to worry about.
 
2014-02-23 08:48:02 AM
I'm seeing this as a signal, and I've been using macs since I bought my first computer nearly 20 years ago. Three days ago on the Apple help board I posted a problem my laptop is having since the Mavericks upgrade. Not one helpful reply, but I did get attacked in the smuggest way possible by some hardcore Apple fanboys/apologists. Way worse than anything I've ver seen here, and that's saying a lot.

I've often said that I love macs, but dislike Apple. Never has that been more true than now. I'm thinking maybe PC for my next purchase. Apple seems to care less and less about real computers anyway. Cuts into their iPad/phone/pod focus....
 
2014-02-23 09:21:48 AM
Here, I fixed it:

static OSStatus SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams, uint8_t *signature, UInt16 signatureLen)

{

   OSStatus err;
...
if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
    goto fail;
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
   goto fail;
   goto fail;
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
    goto fail;
...
fail: MessageBox.Show ("You're holding it wrong.");

}
 
2014-02-23 09:30:02 AM
If you're doing banking or other important shiat on a free public wifi, you deserve whatever happens to you.
 
2014-02-23 09:33:52 AM

foo monkey: I once had a guy quit because of a code review. He wrote all his logic as do {} while (false) with a conditional break statement. When it was pointed out this is the same as a goto, he flipped out. He was so infuriated anyone would have the gall to question HIS work, he quit. These are the people who write software. They will always be the people who write software.


/do {} while (true) is lazy and sloppy, but not the same.
//goto can be used responsibly, but he wasn't doing that.
///we rewrote the code with gotos, to explain it. Still didn't get it.


I work lightly with code and one thing that always clashes is half our devs write in a style where there is only one return and just loads of nested logic leading towards the end, no break out early with returns on sanity checks...just branch with an if and leave that whole else side blank until the bitter end of the affirmative statement's conclusion.  We're starting to adopt Python for some things and these same people are doing some absolutely hilarious gymnastics to keep their deeply layered if/else nests compatible with PEP8's 79 characters max/line.

I think there's room for both styles but fark me if I'm going to do a basic sanity check on some incoming arguments and carry that branch a few hundred lines down just to satisfy a style rather then just immediately break out of the function with a return "Fark you buddy!" instead and keep it shallow.
 
2014-02-23 09:45:47 AM
I have to wonder what kind of unit testing was done on the code, how it was code reviewed and why there wasn't a regression test case
for this kind of thing. As an SQA guy myself, I know there will always be some bad bugs that escape, but this one seems like a pretty basic security thing that should have been covered.
 
2014-02-23 10:00:09 AM
And remember when the update fails with error 3194 or 17 just keep hitting the restore button until the update goes through.  Apples servers are never up to the traffic caused by the updates they put out.
 
2014-02-23 10:05:20 AM

debug: If you're doing banking or other important shiat on a free public wifi, you deserve whatever happens to you.


How else will I pay my insurance bill in the middle of my vacation? Boots and pants, boots and pants, boots and pants.

/somebody shoot that pig
 
2014-02-23 10:57:43 AM

jonnya: Three days ago on the Apple help board I posted a problem my laptop is having since the Mavericks upgrade. Not one helpful reply, but I did get attacked in the smuggest way possible by some hardcore Apple fanboys/apologists. Way worse than anything I've ver seen here, and that's saying a lot.


I was on their forum seeing how many other people were getting sent to the App Store by ads and one dude was viciously defending it, saying that was how it was supposed to work. When someone suggested that there be some kind of confirmation dialog, he flipped out and called it stupid and ridiculous, among other things.

Myria: If I knew how to use MobileSubstrate, had a Mac, and knew how to modify that mega-dylib in iOS, I could make patch for this bug on iOS 6.x for those who don't want to upgrade to 7.0.6. I can do the reverse engineering and writing the ARM assembly code to patch the bug, but I don't know how to deploy it.


It isn't exactly what you said, but Apple did update iOS 6 to fix this, as well.

Corn_Fed: I haven't updated since iOS 7.0.4

Does this flaw affect my iphone 4?


If your phone is running anything but the versions of iOS that were just released, then yes.

I've read/seen that a trollish headline is all you need to get greenlit, yet mine didn't. I thought it was a pretty good one, too. It was guaranteed to start another iOS/Android flamewar.
 
2014-02-23 11:06:18 AM

Some Bass Playing Guy: I have to wonder what kind of unit testing was done on the code, how it was code reviewed and why there wasn't a regression test case
for this kind of thing. As an SQA guy myself, I know there will always be some bad bugs that escape, but this one seems like a pretty basic security thing that should have been covered.


If the problem really is that duplicate goto line, I would also be curious what source control they are using, and the history of the file, because it looks like a bad merge.
 
2014-02-23 11:32:48 AM
FTFA:  "It's as bad as you could imagine, that's all I can say."

Well, I can imagine a security flaw so bad, it kills millions, leaving a desolate wasteland in its path.

This is bad, folks. End of Times bad. Ragnorak is indeed upon us.

I love articles like this, delivering accurate, non-panicky information to the masses. There is no way I need a reasonable assessment of the security risk and how it might, for example, ACTUALLY affect my online banking app, or visiting a legit web site. I much prefer hinting at Hollywood levels of hackery... the suggestion that I will be left broke and my identity stolen simply by powering up my phone.
 
2014-02-23 11:43:39 AM

LesserEvil: FTFA:  "It's as bad as you could imagine, that's all I can say."

Well, I can imagine a security flaw so bad, it kills millions, leaving a desolate wasteland in its path.

This is bad, folks. End of Times bad. Ragnorak is indeed upon us.

I love articles like this, delivering accurate, non-panicky information to the masses. There is no way I need a reasonable assessment of the security risk and how it might, for example, ACTUALLY affect my online banking app, or visiting a legit web site. I much prefer hinting at Hollywood levels of hackery... the suggestion that I will be left broke and my identity stolen simply by powering up my phone.


Ah hell, thanks for reminding me that the world didn't end last night. Was hoping...
 
ZAZ [TotalFark]
2014-02-23 11:44:00 AM
The flaw is certainly embarrassing considering SSL is hardly groundbreaking stuff and has been around for years.

SSL security bugs have been around for years too.

Kerberos 4 was in use for 20 years before one critical protocol flaw became public.
 
2014-02-23 11:56:44 AM

Bucky Katt: bingethinker: Or they could just fix it, like they already did. Were you dropped on your head as a child, Subby?

As of yesterday, Prof. Green didn't think it was fixed yet.  Worse, this problem probably isn't limited to Apple.


So my old Nokia flip phone died yesterday and I wandered into the phone shop to see what a two-year contract and $0 would get me for my super-basic, no-roaming, grandfathered $20/month plan.

It was one of these:

cdn.wpcentral.com

A goddamn Windows phone. 5 MP camera and all the usual tricks and stuff.

Naturally, the first thing I did was to deactivate all roaming, finding, WiFi and so on. I just need a goddamn phone, really. I think the security protocols of the fictional BSG universe had it right: wired and minimal is best, and not just for a wallet.

If I need to score wireless, I have a netbook loaded with AV and spybot/block wares. It is actually the opposite of convenient to do all that crap on my phone, although judicious texting just got a lot easier from the old "do it on a phone pad" horror.

I am aware I'm in the minority here, and yes, I await the manual transmission diesel-electric hybrid pickup I would prefer with flagging anticipation.
 
2014-02-23 11:58:09 AM

Mad_Radhu: dready zim: "It's as bad as you could imagine, that's all I can say."

Basically the worst parts of the bible.


Please share the best parts of the Bible. Apart from the porny poetry of Song of Songs, and all that drunken incest in Genesis, it's rather dry like the Sinai in July.
 
Displayed 50 of 67 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report