3808 posts • joined 10 Jun 2009
Re: Android app permissions
Thing is, if they lie, you can file a legal complaint of false advertising. And I want it compulsory, which is why I don't just want it in the description but attached to EACH AND EVERY PERMISSION. If a permission cannot be justified, it cannot be permitted, full stop.
And yes, it's a Hobson's Choice: put up with it or go without. The only other option is to go to Apple...which has conditions of its own. So if you want true privacy on a phone, you better be ready to do your own coding, because you can't trust anyone but yourself in that matter. And you better be prepared to be coding AGAIN when things change under the hood, which is why you can't have too granular a permission tree.
Re: That's exactly the problem
Remember, it's the DEVELOPERS who insisted on this model to begin with. If there was no difference between Android and the Apple model, the developers would've just stayed in Apple's walled garden. It's kind of a lose-lose situation. You either put up with them or you put up with Apple. No one else can compete with them, and anyone who can is going to play dirty.
Basically, yeah, you're down to a Hobson's choice. You either have to put up with it or just go without and lose the edge.
Many of the permissions have a reason.
Storage is to read media files and maybe outpug pmaylists.
Phone state is to pause on a call. SMS is probably similar.
Re: Android app permissions
Iwas thinking the same thing: a justification field for each permission.
Re: Major overhaul needed
Correction, as for point 3... Intents are usually only used when an app like Gallery is standard on Android. Things like barcode scanners can't be safely assumed to be there.
As for point 1, make the permissions too fine and you face a moving target as under the hood stuff changes from verdion to version, breaking lots of stuff.
IMO what needs to be added is a justification field for each requesyed permission: not just what you neef but WHY as well.
Re: Major overhaul needed
Point 2 was DELIBERATE, at the request of the devs. Otherwise, they would never have been tempted to leave Apple's walled garden.
As for point 1, there's a fear no third party app to, say, scan a barcode is installed and one csn't be added because the phone is locked down and the user isn't the owner.
Re: "Its specific responses to permissions sought"...
Odds are it is either e-filing documents like prescriptions or for barcode scanning. Both have legitimate uses and both need ths camera.
Re: Start of the new chemistry?
It goes to the atomic arrangements. Noble gases are supposed to be the most stable because their proton and electron arrangements form complete patterns, but it kinda breaks down with Radon (it's supposed to be a noble gas, but it's radioactive).
Looking at the current periodic table, one hot goal right now seems to be confirming element 118. This is because it's supposed to be a noble gas, but because it occurs after Radon which is radioactive, it's hard to say just how it will behave. Any data on the matter will help to explain further whether or not atomic stability can still be maintained at such a high weight. Could also help to explain the Strong Force better.
That's supposed to be 115. That element is currently undergoing confirmation and is expected to be officially added (and named) pretty soon.
Re: 3rd party cookies
I think Badger can also handle the FIRST-party cookies as well from sites that won't behave.
Thing is, how long before sites use cookie detectors and won't let you in until you accept them...ALL of them.
Re: Armor up
Especially since many sites, including some of the BIG ones or ones with exclusive content, are now employing ad-blocker-blockers of a very broad sort. Basically they won't let you see anything unless you open yourself up to the cookies.
Re: If they really want to 'badger them'...
Except that might be grounds for a suit. Perhaps a quick beep to the EFF and for every, say, 100 times they get a red flag, the EFF can send an e-mail to the admins of that website listing the violations. Of course, they'd also need to find a way to make sure it's not summarily filtered, but enough of them should start getting their attention. And the sites can't accuse the EFF of spam since each message is different and all the e-mails will be valid claims of misconduct.
The problem is that plenty of animals have found ways to enjoy their escargot in spite of the shell. Birds, for example, have their powerful beaks while racoons have learned to rap snails against rocks and the like to crack the shells.
What about for unmanned stuff such as a missile? Could this combined with spin and a highly-reflective coating provide adequate defense against interception by a laser system? This can have practical implications for things like shipborne defense systems.
Re: You can't simultaneously have good privacy and easy recovery of data.
Over and above the customer's wishes (as in "The Customer is Always Right")?
Re: solid state wiping
In this case, it's not zeroes. The flash is encrypted at the partition level, so it all looks like noise. The wipe wipes out the key needed to make it make sense, and it probably does this by putting a new key in its place.
"Then again, how often have you seen a non-technical user enter an IP address for an external site? I know some who don't even enter URLs."
Online gamers. Most small-time servers ONLY have IPs.
Re: As another no-nothing on the subject of IPv6
Is hex really that much harder? HELL YEAH!
At least with IPv4, there are at worst 12 digits (and note, they're all numbers). We deal with sequences of similar lengths when we negotiate the telephone system: which we have for decades. What real-world analogue is there to the IPv6 scheme?
IOW, IPv4 is within our comfort zone. IPv6 is WAY out of our league.
Re: Brandon 2 someone tell the NSA...
You missed the point of the post. He's saying the NSA would welcome IPv6 because it would make snooping EASIER because of the removal of the NAT layer. This means they can remove the step of bridging the inner and outer networks from their work of breaking through the firewall.
Part of the problem with IPv4 isn't just the lack of public addresses, it's the lack of private addresses.
Private address space 10/8 allows 2^24 addresses within it. If there's a company that uses more than 16 million addresses within its internal network, I'd like to see it.
I think the logic is that if anyone can break the IPv6 firewall between your home and the outer net, they can also break the IPv4 NAT router and create the necessary bridges between the networks.
So IOW, what you want is a dumb fridge, not a dumb network. Because in your scenario, it wouldn't matter if your fridge was using IPv4/NAT or IPv6; malcontents will find a way in either way.
As for the whole address space thing, I think people are MUCH more comfortable with IPv4 vs. IPv6 because IPv4 is--at worst--12 digits. That's not too much of a stretch from a telephone number: something we've been memorizing for decades. You can't say the same thing about IPv6 addresses unless they've been SERIOUSLY shortened, and then there's the matter of the letters; at least when telephone numbers use letters, they're used intentionally as a mnemonic.
Re: Bridging IPv4 to IPv6
The problem has never been IPv6 talking to IPv4. There's a reserved IPv6 prefix for IPv4 addresses. The problem has always been going the other way: an IPv4 site wanting to talk to an IPv6 site.
It's not so much that anything's being removed but that Google's setting a VERY high bar for premium phones for the foreseeable future. Especially now in a more-security-conscious environment, getting first dibs on updates (and perhaps a guarantee on updates for as long as the phone can handle it as well) is going to be a selling point. It's going to make the likes of Samsung wonder if it's worth it to keep differentiating themselves anymore since not just their custom UIs but also their differentiating hardware means they can't just accept new versions of Android as easily as Google. EVERYTHING that's unique to them has to be tested and probably recoded with each new version. That's why there's a delay with manufacturers even for their carrier-free models. Since Google makes the final call on what makes a Silver phone, and as the article says, the specs are going to be very strict, which means there'll be no room for differentiation. And for the non-Google brands, differentiation is necessary for them to stand out. Otherwise, Google's brand will be what stands out, not theirs (Quick Quiz: Who actually makes the various Nexus devices for Google? See what I mean?)
No. Because the customizations depend on under-the-hood Android features that CHANGE from version to version. Take the notification bar. KitKat (v4.4) changed the code up there (for efficiency reasons), in the process breaking every notification customization to date.
So you see, they can't just make it a bolt-on because the bolt holes don't match each time.
Re: Well, it was only a matter of time......
TouchWiz is more than just a home screen. Especially at the high end, it has a lot of other things under the hood that influence the UI. It's also where carriers tend to insert their custom programs so that rooting and using an AOSP-based ROM means you lose their functionality (thus why I'm back on TouchWiz on my S4--only way to get T-Mobile's Visual Voicemail and WiFi Calling).
But on the other hand, some things are irreversible once committed (murder, for example, or destruction of a unique object), so the only satisfactory solution in that case is prevention; anything else is too late for the victim(s). So in that sense, we won't settle for less than prevention because the only way the victim is happy is if they don't get victimized.
So how do you reconcile the justice system with such a desire?
Re: I find this amusing...
OK. How about ANY encrypted traffic will be inspected and anything the plod can't decrypt (= trusted and vetted site) will bring the Men in Black. Then make every site I allow require image mangling and other anti-stego techniques such that anything that would get through would be extremely low on bandwidth: impractical for large applications.
Re: A better solution: better defences
Impossible. The ability to access it is ALSO the ability to break it. Because of this, there's no way to create a system that is BOTH intrinsically secure AND easy to use: they work at cross-purposes. The only real way to improve security is to make it harder for EVERYONE to get in, but once you do that, you make it more onerous for the user, and it is usually the intractable PEBKAC problem that is going to do you in in.
Re: A better solution: better defences
"Rather than going through a public wringing of hands and gnashing of teeth as they bewail the fact that these criminals are doing the online equivalent of wearing a mask with two eye-holes, aren't there other ways to use their time and budget to better effect? Such as stopping crimes from occurring rather than running around - Keystone Cops style - trying to catch them afterwards: once they have their swag, or have tweeted vaguely insulting things about someones mother."
Because you run into the "eternal vigilance" problem. YOU have to be lucky all the time. THEY only have to be lucky ONCE. Meaning, by the Law of Averages, they're gonna get through at some point. Look at Stuxnet, that crossed a blankin' AIR GAP! So given that inevitability, the next step is to try to limit the damage, which is also easier said than done.
Re: Insurance is a scam only scammers can appreciate
Unless you actually have something go wrong. Me? I paid $10 a month once for the insurance. Nine months in, all the touch-buttons broke down simultaneously. Just flat broke. Got a replacement phone through the mail with little fuss. Phone kept working for the duration of my contract, so I call this Your Mileage May Vary.
Re: 24 hours?
People already know how to PREVENT the phones being bricked. Faraday bag.
We already have that. The HARD part is sharing and ENFORCING it between countries. Good luck with that part.
Re: Don't trust iSEC or NCC Group audit
Probably because any company NOT in bed with the NSA or GCHQ is in bed with someone else. IOW, it's pick your poison.
Indeed, given the environment, why contract an American security firm?
Re: Can web-based 'secure email' ever actually be secure?
"paper is a pretty virus- and hack-proof tech"
Au contraire. The virus can encode itself INTO the printout, meaning it can still be transported via paper: encoded WITH the message.
Re: Why I'd never use this...
Point is that if ANY part of the system can be arm-twisted by the US, they can perform MITM attacks to obtain your private key. This combined with hoovering the raw encrypted data would allow them to decrypt your emails. And since they can squelch, there's no way for you to know they've done it.
Re: Well ...
Last I checked, the Big Bang was considered more than a hypothesis but a theory: the difference being there is consensus in the experimental data being used to support the idea: red shift, accelerated separation, etc. While some healthy skepticism is okay, any competing theory would have to be able to tick more of the boxes than the Big Bang can.
As for "divine presence," a few questions always spring to mind. Foremost, if there really is a divine presence, why only one inhabited world so far as humanity knows?
Re: give me a break
The fossil counts as proof that life form once existed on Earth, and perhaps a living relative still exists on the planet, but that fossil itself is not evidence at all of evolution.
OR a Creationist would argue that the Devil planted those fossils in there to trick you into thinking the Earth is older than it really is. Similarly, it's impossible to argue facts when you're arguing lies at the same time. Even facts backed by consensus can be countered by the old, "one lies and the other swears by it." Fact is NEVER UNDENIABLE because you can ALWAYS call it a lie, boiling it all down to belief again.
Re: The takeaway . . .
There's another problem within the problem which is in turn wrapped around the conundrum. It's the belief that the situation at hand is PRESSING. Sort of like someone telling you the boat your on has sprung a leak. IOW, part of the debate is whether or not this is an emergency, as in if we don't do things immediately, there could be drastic consequences for which we can't escape (ex. having to swim the remaining 100 miles to shore because you took too much time arguing the context while the boat sank under you).
Re: Not surprising
The matter of "No Child Left Behind" raises a very important moral question. If we don't follow this principle, children WILL be left behind, resulting in societal rejects.
The moral question is, "What does our society do with the rejects (for the hopeless ones for which there's just no place in our society)?"
Re: WTF is PDT?
So IOW the standard is to base the times on the location of whatever or whoever is controlling the thing?
Re: Security risks
"And the way things are going AI-wise, you will just buy a container of Aperture Science Turrets and put them at strategic points. Problem solved."
Just make sure you get a load of good turrets. Don't know how much good a load of half-naked, empty, and snarky "crap" turrets will do in such a situation.
Re: Barcode anyone?
Someone at the thread about luggage beacons posited everyone getting an RFID tag like they make for pets. Embed in the back of the hand and all.
Then again, like with the barcodes, someone's always gonna try to clone them. I think the concern is that anything man-made can be cloned, so they're trying to use something biological and thus innate.
Re: What is really needed
If they're THAT nasty, it doesn't matter WHERE you put it. Some idiot takes the whole bloody case, there's little hope for you. Remember, we're not talking about preventing theft of the case and/or its contents. We're simply talking about a better way of keeping track of it as it moves out of your sight. The handle is just the most convenient location because EVERY suitcase has a handle.
Re: What is really needed
Tag chips aren't that big these days. The one for pets is about as big as a grain of rice. Perhaps a manufacturer can use this as a selling point: an RFID embedded in the handle with a 64-bit UID (20 for the manufacturer, 44 for a serial number). Especially now with more phones containing RFID readers.
Re: Wrong end!
The same thing will happen here that happens with those paper loops: they'll affix the wrong one to your suitcase and everyone will claim it went to Madrid because it was TAGGED for Madrid.
Re: But 3G does work
The article specifically mentions Japan has no GSM coverage. By that, I think they mean GPRS/EDGE. It would make sense for the device to go low-tech to save battery (higher gen=higher drain) while it would make sense for Japan to drop old tech frequencies to make room for newer ones.
Ergo, the thing uses tech too old for Japan.
Not much new
Basically a small version of a hemisphere lens. At least they're upfront concerning distortion. More a curiosity IMO but I'd try one for grins.
Re: Charged again?
The initial jeopardy has been negated by the ruling that the trial was invalid. But if he's convicted a second time, time already served must be accounted in a new sentence.
That's the thing about the computer industry vs. other industries: they move at different paces. In most other industries, it's pretty common to obtain a very expensive piece of equipment and expect this equipment to last a few decades at least (otherwise, amortizing the cost over the life of the equipment isn't worth it). Many of these industries are small, highly-competitive, and wary of the competition. This means there are no standards in them since no one trusts the other to agree on anything. End result: the machines become black boxes, and the computers that control them (part of this black box and the point of contention here) are full of proprietary trade secrets. It's a Hobson's Choice since all the players do the same thing; you have to put up with it or you can't play in the industry.
- Comment Renewable energy 'simply WON'T WORK': Top Google engineers
- Useless 'computer engineer' Barbie FIRED in three-way fsck row
- Game Theory Dragon Age Inquisition: Our chief weapons are...
- 'How a censorious and moralistic blogger ruined my evening'
- Amazon warming up 'cheapo web video' cannon to SINK Netflix