|
henpod posted:I know this place isn't tech support and this seems like a stupid problem to have, but you guys are a smart, good looking bunch so thought I would see if anyone knew. bull3964 posted:This link deserves more attention.
|
#
?
Apr 4, 2017 16:15
|
|
|
|
| # ? Apr 28, 2024 01:58 |
|
|
Moto g5+ possible issue: When I'm in a building on wifi and go outside to my car, it doesn't transition smoothly to 4g, and has GPS issues in waze. If I turn off waze and wifi, then reload waze, it works fine. I've seen this twice so far at different locations. Anyone else seeing this? I suppose I knew with my old phone to turn off wifi before I turned on waze / satnav. It's an ongoing android issue really, to come to think of it.
|
|
#
?
Apr 4, 2017 16:16
|
|
|
henpod posted:I know this place isn't tech support and this seems like a stupid problem to have, but you guys are a smart, good looking bunch so thought I would see if anyone knew. We're sorry, to enable backup services you will need to factory reset your device. Yes, we are aware of the irony.
|
|
#
?
Apr 4, 2017 16:22
|
|
|
bull3964 posted:This link deserves more attention. On the other hand, Knox is the current best choice by far for enterprise mobile device security implementations. Probably a different business unit from the consumer OS stuff.
|
|
#
?
Apr 4, 2017 16:22
|
|
|
Security accreditation is generally more about money spent than code quality. Not that I know anything about the internal quality of Knox.
|
|
#
?
Apr 4, 2017 16:26
|
|
|
I'm not talking about accreditation, I'm talking about the actual product, we've used it for a few years now.
|
|
#
?
Apr 4, 2017 16:29
|
|
|
CLAM DOWN posted:I'm not talking about accreditation, I'm talking about the actual product, we've used it for a few years now. And how do you know it's a secure product?
|
|
#
?
Apr 4, 2017 16:29
|
|
|
henpod posted:I know this place isn't tech support and this seems like a stupid problem to have, but you guys are a smart, good looking bunch so thought I would see if anyone knew. Try some basic stuff, like resetting your password and/or emptying the local app cache. Something is fucky with your account or the local app, resetting various things is like banging on an old TV. It isn't a proper solution, but it probably works.
|
|
#
?
Apr 4, 2017 16:30
|
|
|
There have been rather an alarming number of 'oh poo poo' vulnerabilities in Knox over the years. It may have an appealing feature set, but it really hasn't proven itself to be more secure. Appealing feature sets are Samsung's jam, it's by far the largest driving force in their software implementations.
|
|
#
?
Apr 4, 2017 16:33
|
|
|
Man you guys cannot accept that a single Samsung thing might possibly be good, can you? I can post more about Knox and why it's good when I get to work and not on my phone, if you're actually genuinely interested.
|
|
#
?
Apr 4, 2017 16:39
|
|
|
CLAM DOWN posted:Man you guys cannot accept that a single Samsung thing might possibly be good, can you? Things I have learned from this thread: The only good phones in existence are the Pixel and the Moto G.
|
|
#
?
Apr 4, 2017 16:42
|
|
|
nimper posted:We're sorry, to enable backup services you will need to factory reset your device. Yes, we are aware of the irony. Haha, gently caress that I will find another way. Ola posted:Try some basic stuff, like resetting your password and/or emptying the local app cache. Something is fucky with your account or the local app, resetting various things is like banging on an old TV. It isn't a proper solution, but it probably works. Thanks, will give this a shot! No idea what you're on about mate.
|
|
#
?
Apr 4, 2017 16:48
|
|
|
CLAM DOWN posted:Man you guys cannot accept that a single Samsung thing might possibly be good, can you? Samsung make great displays! I own several. Petty good memory chips too I believe. Their software, in my limited experience, is pretty bad though. It's possible for Knox to be important and good as a product, but poorly implemented, by the way. Again, not saying it is, but just the fact that it exists is not evidence that it's well made.
|
|
#
?
Apr 4, 2017 16:52
|
|
|
I miss Samsung Pay.
|
|
#
?
Apr 4, 2017 16:54
|
|
|
..btt posted:but just the fact that it exists is not evidence that it's well made. I literally never said that  Again, you don't seem particularly open to hearing it, but in a bit when I get to work I can outline why Knox is good if you want.
|
|
#
?
Apr 4, 2017 17:06
|
|
|
CLAM DOWN posted:Man you guys cannot accept that a single Samsung thing might possibly be good, can you? I'm not posting about opinion here. There have been several published CVEs over the years that allowed anything from data leaking to abitrary code execution. Then, of course, there was the 2014 gem of them storing the PIN in clear text on the device that could be used as a stepping stone to easily figure out the device password. That last one especially is not something one would expect (or should tolerate) from a teams who's sole purpose is to develop security software.
|
|
#
?
Apr 4, 2017 17:32
|
|
|
CLAM DOWN posted:I literally never said that I'm not against Samsung, just from what I've seen my uninformed opinion is that their software is bad. Not sure why you think I have some hate-boner (other than this being the SA android thread). I never suggested Knox the product was bad, in fact I said my assumption that it was poorly implemented was completely independent of its value or use as a product. If you have insider knowledge about the quality of the implementation I'm sure everyone would be interested! If you're just going to talk about why it is good in concept, I think that's a given.
|
|
#
?
Apr 4, 2017 17:34
|
|
|
bull3964 posted:Then, of course, there was the 2014 gem of them storing the PIN in clear text on the device that could be used as a stepping stone to easily figure out the device password. Lmao
|
|
#
?
Apr 4, 2017 17:48
|
|
|
CLAM DOWN posted:I literally never said that As a fellow goon who's job also includes MDM and mobile security, I would unironically like to see this as well.
|
|
#
?
Apr 4, 2017 17:49
|
|
|
CLAM DOWN posted:Man you guys cannot accept that a single Samsung thing might possibly be good, can you? I'm saying that just because Knox is used and has lots of good features does not make it secure. A claim that something is secure cannot come from features, ease of implementation, business adoption, or accreditation. It comes from a long term track record of minimal CVE's. Knox in use by a business has little to do with whether a product is secure in some absolute sense, and since Knox was brought up in the context of Samsung writing secure software, that which is relevant is its CVE history, not whether businesses use it.
|
|
#
?
Apr 4, 2017 18:06
|
|
|
I only trust security software that has never put out a CVE, that's how you know they're the best.
|
|
#
?
Apr 4, 2017 18:11
|
|
|
^^^ exactlybull3964 posted:I'm not posting about opinion here. There have been several published CVEs over the years that allowed anything from data leaking to abitrary code execution. There's CVE's for literally every software product ever, the quantity of those can't be used as the sole differentiating factor. I mean, look at how many Windows CVEs, are you recommending people not use Windows? Knox's strength comes with its mitigating controls: -Assumption is that someone will figure out a way to root the device. So, rather than trying to prevent that, Knox implements the e-fuse that will be tripped if it gets rooted. So, you're free to go ahead and modify your bootloader or root your device or 1337 hax0r the thing, but Knox will cease to function and wipe. This requires a warranty repalacement to fix and good luck telling your boss you need a new device because you tried to root it. -Assumption is that you will download/install malware of some kind on your phone. So Knox implements kernel level separation, including memory, so malware simply cannot access Knox data. -Assumption is that somehow a rootkit will work its way onto your phone, Knox uses an iPhone-style cryptographically verified boot chain system, this uses ARM TrustZone too. If this is broken, Knox is wiped/disabled. The total work and personal separation is the use case for Knox, if you need that for your enterprise. It's overboard for the vast majority of companies, like it wouldn't surprise me if something like <1% use Knox. It's authorized for USA DoD networks, along with BlackBerry 10 (lol), so that's gotta be a significant portion of the userbase.
|
|
#
?
Apr 4, 2017 18:22
|
|
|
To continue with todays Tizen talk. https://twitter.com/Pocketnow/status/849312483462524928
|
|
#
?
Apr 4, 2017 18:31
|
|
|
Windows is bad and insecure and shouldn't be used tho E: is that a tizen pocketwatch
|
|
#
?
Apr 4, 2017 18:31
|
|
|
henpod posted:No idea what you're on about mate. Oh, what he's saying is that Samsung writes garbage software and you're trying to use Samsung software and are discovering for yourself that it doesn't work as intended. It's fairly obvious if you're smart but then smart people would never consider buying a Samsung product and even if they did so by accident they'd certainly not try to use Samsung software because even the most inexperienced person can take a look at it and see that it's trash without having to run experiments. So to sum up: Samsung makes poo poo and attempting to use their poo poo is an exercise in futility. If you need more help, just let us know. I understand you're probably not the quickest at picking up on things but we're here to help! 
|
|
#
?
Apr 4, 2017 18:33
|
|
|
Zero VGS posted:I only trust security software that has never put out a CVE, that's how you know they're the best. That doesn't exist. Implicit in your snark is that all CVEs are of the same severity or demonstrate the same sort of development procedures. I guarantee you that we're not about to get a breakdown of all the Knox CVEs and how they do or do not demonstrate Samsung software development practices. edit: Posted too fast, and I was right. A list of what Knox claims to do doesn't have anything to do with how secure it is. Like...Knox might be great or it might not, but to go from seeing Samsung security practices criticized by a professional to claiming that Knox is great because it claims to do these things and man it just has got to be better than Tizen because of reasons, is just crazy talk. Thermopyle fucked around with this message at 18:40 on Apr 4, 2017 |
|
#
?
Apr 4, 2017 18:37
|
|
|
Blue Train posted:Windows is bad and insecure and shouldn't be used tho Samsung has been using Tizen on their "smartwatches" for a while now. Also isn't pretty much every single piece of software insecure in some way or another as time goes on and new stuff is found/developed. Sure bad coding make it more insecure than it should be, but hell, even air gapped systems can be hacked today. The best way to be secure is to use paper/pencil + write in code, memorize it, burn it, and then forget it all. Hell didn't the Russian Government switch back to Typewriters to stop the leaks/spying from all the digital espionage that was happening for them a few years back, or was that just Satire and I missed that? lol
|
|
#
?
Apr 4, 2017 18:38
|
|
|
Thermopyle posted:That doesn't exist. You're reading in to it too much, I do not actually trust Knox and I laugh at especially awful CVEs like anyone else here.
|
|
#
?
Apr 4, 2017 18:41
|
|
|
Thermopyle posted:That doesn't exist. That's not just what it claims to do, that's what it actually does. Have you implemented and tested Knox thoroughly in your corporate environment? I've tested the things I put above, and it actually does them. Pretty hypocritical to call someone else snarky when that's what you're doing too. I'm not going to loving go through every Knox CVE and break them down, are you crazy? And I'm not talking about Samsung in general, I'm solely talking about Knox, which must be a different business unit or even a product they bought? I'm not sure of the history there. e: I actually went through about 7 or 8 S6s and Note 5s when testing that stuff, had to return them to Rogers because the e-fuse kept tripping.
|
|
#
?
Apr 4, 2017 18:42
|
|
|
A claim that all software has CVEs is meaningless. Does that mean all software is equally secure?
|
|
#
?
Apr 4, 2017 18:44
|
|
|
Only two kinds of security vulnerabilities exist: 1) The kind that I personally will get in trouble at work for not pretending to be dealing with. 2) The ones I don't give a poo poo about.
|
|
#
?
Apr 4, 2017 18:44
|
|
|
redreader posted:Moto g5+ possible issue: When I'm in a building on wifi and go outside to my car, it doesn't transition smoothly to 4g, and has GPS issues in waze. If I turn off waze and wifi, then reload waze, it works fine. I've seen this twice so far at different locations. Anyone else seeing this? I suppose I knew with my old phone to turn off wifi before I turned on waze / satnav. It's an ongoing android issue really, to come to think of it. I've seen this with lots of phones, I think when you're on juuust enough wifi to talk to the AP but not fast enough to get useful data you get into that weird gray zone where everything sucks. It happens to me outside my place in a parking spot too and has happened with all my phones.
|
|
#
?
Apr 4, 2017 18:45
|
|
|
Thermopyle posted:A claim that all software has CVEs is meaningless. I literally never said that. I said that the quantity of CVEs cannot be used as the sole differentiator when determining the security of a product.
|
|
#
?
Apr 4, 2017 18:47
|
|
|
You could try turning on that Developer Options ability of "Cellular data always active" as well as "Aggressive Wi-Fi to Cellular handover" which might hit batter life a bit, but should keep you out of the data dead zone.
|
|
#
?
Apr 4, 2017 18:47
|
|
|
EdEddnEddy posted:You could try turning on that Developer Options ability of "Cellular data always active" as well as "Aggressive Wi-Fi to Cellular handover" which might hit batter life a bit, but should keep you out of the data dead zone. Much appreciated! I did that (tap build # 7 times to become a developer, then alter this setting in 'developer settings') and hope it makes a difference
|
|
#
?
Apr 4, 2017 19:05
|
|
|
CLAM DOWN posted:That's not just what it claims to do, that's what it actually does. A distinction without a difference unless anyone has done a rigorous audit of the code or otherwise proven to a high degree that the the features the development team intend to deliver are what they actually delivered. I mean, there's all sorts of software that "actually" does A Thing but then it turns out it has a security flaw that circumvents it. The one that pops to my mind is how its possible for malware to escape a VM. Does the VM "actually" provide a sandboxed environment or does it just claim to? I mean, prior to late last year (I don't remember exactly when) there was a Knox vulnerability that gave attackers full control of a device and this vulnerability was unknown (at least in public). Prior to that time someone might say that Knox "actually" delivered a feature that prevented attackers from gaining full control. CLAM DOWN posted:Have you implemented and tested Knox thoroughly in your corporate environment? I've tested the things I put above, and it actually does them. Are you a professional security researcher? CLAM DOWN posted:Pretty hypocritical to call someone else snarky when that's what you're doing too. If I call someone else handsome does it mean I'm hypocritical by being handsome too? CLAM DOWN posted:I'm not going to loving go through every Knox CVE and break them down, are you crazy? Nor would I expect you to. (I doubt you have the technical capability to draw any conclusion on the matter anyway...very few people do. I certainly don't) The issue is that you can't claim Knox is different security-wise from Samsung's other development efforts because it "has" feature X and feature Y. CLAM DOWN posted:And I'm not talking about Samsung in general, I'm solely talking about Knox, which must be a different business unit or even a product they bought? I'm not sure of the history there. I'm sure there's people using Tizen who thinks it is needs-meeting too. They just don't know any better. CLAM DOWN posted:I literally never said that. I said that the quantity of CVEs cannot be used as the sole differentiator when determining the security of a product. I didn't say you did. ... So, this conversation went on longer than I intended. My point was that claims about features and security don't mean much without detailed third party auditing and a long track record of non-gobsmackingly-stupid CVEs.
|
|
#
?
Apr 4, 2017 19:11
|
|
|
Zero VGS posted:I only trust security software that has never put out a CVE, that's how you know they're the best. *tries to book flight to Vegas on Qantas* sonofa
|
|
#
?
Apr 4, 2017 19:37
|
|
|
At the end of the day, Samsung has a very ill corporate culture. Every time we get to peek behind the curtains, it's an utter poo poo show. It may be that the Knox group is their own island in this mess and at are a higher standard. That said, when Knox has had publicly disclosed vulnerabilities, they have either been catastrophic in scope or worrying in basic security governance. While that alone is not enough to condemn the whole product, that evidence should be critically examined in context of what we know about the whole organization. Knox isn't necessarily bad. It has had a positive effect in getting Android products adopted at the corporate level and even Google has taken pieces of the software to roll into AOSP. However, I cannot throw a lot of trust behind it because I lack trust in the company that is behind it. Perhaps it's a disservice to that team, but it is the rational conclusion.
|
|
#
?
Apr 4, 2017 19:48
|
|
|
Thermopyle posted:A distinction without a difference unless anyone has done a rigorous audit of the code or otherwise proven to a high degree that the the features the development team intend to deliver are what they actually delivered. I mean, there's all sorts of software that "actually" does A Thing but then it turns out it has a security flaw that circumvents it. The one that pops to my mind is how its possible for malware to escape a VM. Does the VM "actually" provide a sandboxed environment or does it just claim to? Very true, there have even be some super recent VMware and Hyper-V host escape vulnerabilities. Thermopyle posted:Are you a professional security researcher? I work in security on a technical level, so that's how I'm approaching this. This thread shits on Samsung very regularly, some posters more than others, from a very emotional and subjective standpoint. I do the same, I've regularly dumped on them and I cannot stand using my S7E compared to my Pixel. But this is a different part of mobile devices, secure enterprise deployments, and I would wager most people here don't know anything about that area. Thermopyle posted:Nor would I expect you to. (I doubt you have the technical capability to draw any conclusion on the matter anyway...very few people do. I certainly don't) The issue is that you can't claim Knox is different security-wise from Samsung's other development efforts because it "has" feature X and feature Y. I don't think you intended to be condescending on this so I'm not interpreting it as such, but I actually feel that I do have the technical capability to do so for a lot of the CVEs I run across, it would just be an extraordinary amount of work to do so. And I'm definitely claiming that because the vast majority of average Samsung phone consumers do not use Knox, it's a different implementation, function, and use case. As well, as is clearly evident from large software companies (ie. Microsoft, for one), different products are made by different units in different places with vastly different standards and quality. This could very well be the case for Samsung, they are an enormous company. This is a guess, I don't know this. bull3964 posted:At the end of the day, Samsung has a very ill corporate culture. Every time we get to peek behind the curtains, it's an utter poo poo show. It may be that the Knox group is their own island in this mess and at are a higher standard. I don't want to pretend to know what their corporate culture is like unless I work there, I communicate regularly and closely with some Samsung Knox Canada people (at the Burnaby BC R&D office) and they rave about their work environment, absolutely love it. So, it very well could be that different parts of the company in different parts of the world are very siloed from one another. You're absolutely correct about the vulnerabilities, that's why seeing how companies respond to CVEs is just as if not more important than the fact they exist in the first place.
|
|
#
?
Apr 4, 2017 20:23
|
|
|
|
| # ? Apr 28, 2024 01:58 |
|
|
I haven't really followed phone news for the last couple of years but I'm hitting the point where I'm just about at my wits end with my launch Galaxy S5. Is there anything worthwhile out on the market currently that A) has a user replaceable battery, B) Has a camera that isn't total dogshit, and C) is $400 or less? The closest thing I'm seeing is the LG V20 and that's still over my budget, or one of the Sony Xperias, and that doesn't have a user replaceable battery
|
|
#
?
Apr 4, 2017 21:03
|
|
