3472 posts • joined 10 Jun 2009
But I like to use ART, and Xposed and ART don't mix. Anyway, I have a build that includes a working Privacy Guard built-in. I've set it to default to blocking new apps that I install. That way it's hard to be caught off guard.
Re: I'll side with the Against but Sympathetic crowd
But you do. Controlling the acts that give your privacy away is HARD...because SO MANY things give hints as to your identity. It's like the skill needed to do some actual work on your car like changing the oil or swapping wheels: many people don't care about it and let the experts do it, but if you want to do it yourself, it's considered wise to read the manual first lest you break something.
Re: Broken model?
"The current model where the app declares what it needs, in a take it or leave it manner, and apparently is free to lie (my impression at the moment is that the only recourse to actually enforce a restriction is to cancel the install - or uninstall if you manage to catch the app red-handed) looks completely backwards to me."
The problem was that the model was demanded by the developers. Basically, it was either Google conceding to them or they would never have strayed from Apple's system, crippling Android in a vulnerable moment. And even now, they can't change it too radically for fear of devs walking away. And it's the devs that help make the real money for Google by making people use Android phones.
Re: Obeying aircraft mode
Last I checked, Airplane mode is a separate setting that overrules all the data settings (WiFi, Mobile Data, Bluetooth, etc.), like an outer lid covering the multiple inner lids. An app cannot turn WiFi on while in Airplane Mode. Now I know some apps are capable of switching Airplane Mode on and off, but I have to recall whether or not they can only do it under root permissions, because I don't recall Airplane Mode being a listed app permission.
Re: I'll side with the Against but Sympathetic crowd
So hide it behind an Expert toggle. There's a develop options menu that's normally hidden, but if you know the access key (tap the Build in About Phone a bunch of times), you can get access to them. Similarly, keep expert options covered unless a specific setting is turned on (with appropriate warnings given like for External Apps permission).
Re: Outrageous permissions
What about if lets you take pictures to integrate with the program?
It's been something I've been thinking about. Perhaps in future, Google should demand that app makers provide not just an access list but also an EXPLANATION for each and every permission. For example, if an app needs to take a picture, there must be an explanation (written by the developer) such as "We use the camera so you can take pictures for your avatar." (for some communication program) or "We take pictures to process in the cloud for product recognition." (for something like Goggles).
Re: Some creepy apps out there
The trouble was that Android had to appease the developers, who pretty much insisted on permission control or they wouldn't develop alongside Apple (which at the time was their comfort zone).
Re: Ask The Physicist
"When polished metals reflect more than 95% of visible and longer wavelength light the only colour which can avoid almost trivial countermeasures is ultra violet."
I think the need to get it to at least 99%. Otherwise, the 5% that DOES get absorbed would deform and defeat the polish, allowing the other 95% back in again to finish it off.
Re: Easy fix
"[*] There's a chance that if it's satellite-based, there's already a significant latency, about 230ms out to a geostationary satellite and back plus whatever other processing time is required."
People can be patient enough to wait on the lag of a voice conversation. Sat phones are sometimes used in the news for video transmissions in remote locations where better equipment isn't available, so people are getting used to the idea of a laggy conversation.
Re: "...a tiny TV antenna each in a nearby data centre..."
IINM, though, the transition to DTV reduces the need for aerials. It's not like you need a very strong signal to get a very good picture. All the data is now focused on a pretty tight frequency range and is digital, meaning a different kind of antenna can do the job (which is why you don't see rabbit ears in stores anymore--only those flat antenna plates).
So noted. You can see this attitude in the Manhattan Project. Fat Man (the Plutonium bomb) required a very precise arrangement of explosives to set off the implosion chain reaction properly (this was why the Trinity test--Trinity was a plutonium bomb similar to Fat Man), and even then Trinity was estimated to have only managed to achieve about 20% fission of its payload. OTOH, Little Boy seemed simple enough to pull off: fire off one U-235 slug at high speed into another (although IIRC the main reason for not testing the Uranium Gun design was lack of materials--still proved to be valid).
Re: FIVE HUNDRED TONS of highly-enriched uranium
That said, in the greater scheme of things, I'd call this not a bad deal at all. No force of arms, and we take a good number of potential civilisation-wrecking weapons out of service and put their good bits to use in less-belligerent ways. It would depend on the final price tag, but I consider it money well spent.
Re: Techie question....
No, because if they pwn YOUR end, they can STEAL your public key (what allows you to contact the server), replace it with THEIRS, and use your key to create a secure MITM.
As for the NSA being able to do it, considering that SSL proxy is a known technique in the workplace, I wouldn't put it beyond them, throwing a spanner into the whole trust issue. Since the NSA is a state authority, and since no outside state can really be trusted, it poses the problem of trying to establish a new trust system that's capable of resisting the resources of something as powerful as a state while still being useable for the average Joe. The closest approach to date has been a kind of peer-based reputation system, but even that can be gamed by the state. Any attempt to control this would almost have to require attribution which would defeat the idea of anonymity on the Internet.
Re: What a laugh and interesting read the comments in this article are.
A lot of the fear of nuclear incidents comes from the fear of long-term (meaning decades or more) of no-man's lands. Bhopal was tragic, yes. But after the disaster's passed, the mess can still be cleaned up. Even Times Beach (dioxin contamination) was wiped clean and is habitable again after a determined effort. Can't say the same about Pripyat, where a fair chunk is still too deadly to even approach.
Re: Goiana incident
"As far as nasty isotopes go, the most dangerous are alpha and beta emitters with long half lives such as 90Sr and suchlike as these irradiate over a long time and bioaccumulate."
I can understand alpha and beta emitters to be murder once they're in you, but what about gamma emitters that are so hard to contain? At least alpha and beta emitters can be contained easily enough while outside, but gamma rays pass through a whole lotta stuff, making them pretty dangerous even when some distance away from the body.
Re: education issue.
It's the "Forbidden Fruit" effect: plain and simple. And it's this that makes keeping people out of a place virtually impossible. That's the dilemma. Try to hide it and by the law of averages, someone will stumble upon it by chance. Put a sign of any kind on it, and you polarize people: some will stay away while others will have just the opposite effect and be ATTRACTED to it. And since the effect is based on curiosity (a basic human trait), it's not something you can easily mitigate.
Actually, plenty of hospitals ALREADY use pneumatic delivery for transporting small things from department to department.
Re: Linux wasn't using RDRAND directly
Question 1: How would the processor know it is dealing with RDRAND output if the data becomes one degree removed (ex: MOV'd into a general register before XORing)?
Question 2: How would the Linux RNG, which IINM relies more on various CSPRNG techniques that are well-removed from RDRAND, be compromised so as to correlate to RDRAND without it appearing in the source in some way?
Re: "You could make a random number generator"
I've personally grown fond of a webcam entropy generator and have actually been fiddling with it to make it more suitable as an RNG (mostly in finding better ways to scrub). Not that I've actually needed it as a source of entropy, as it seems HAVEGED can do the job pretty well, be it on your computer or your Android phone.
Re: My counter prediction
"Yes, PC hardware is more expensive (Due to subsidies on consoles), but over the life of the product will end up cheaper due to the lower cost of games, and not having to shell out a monthly fee to play online. With an expected generation life of 10 years, to play online for that period would cost you about £400 with XBOne for example. Factor that in and suddenly the TCO of a Steam box is way, way lower."
Most of the current-gen consoles AREN'T subsidized. They're actually selling at a small but actual profit because of some vertical integration, bulk deals, and the fact that PC hardware is a lot more commoditized than before. Those hard drives are a bit small compared to the multi-TB jobbers out now, the GPUs aren't exactly cutting-edge. About the only thing close to being subsidized is the AMD CPU, but I suspect some things missing or undercut may explain the lowball. Then there's the matter of brand loyalty and internal development projects. Sony and Microsoft won't be letting their signature enterprises go anytime soon.
As for paying for online, consider the "ten cents" scenario. Sometimes, people just won't see a value in something UNLESS they're paying for it. To them, free stuff is f-d up stuff and they wouldn't touch it with a 39 1/2' pole. As for cheaper prices, that only applies to games that have been out for some time. Steam games are rarely that way at initial release, plus there are those who don't want to waste their download allowances and would sooner give up gaming than give up DISCs. That's something both Microsoft and Sony learned quickly, which is why their consoles STILL have optical drives (IN SPITE of intentions to do otherwise).
Re: Lets try to look at the facts @Denarius
"I suggest that you take your Android tablet, attach a OTG USB cable to a small USB hub, and plug a proper keyboard and mouse in."
But that presents a problem of its own. Under almost all circumstances, using USB OTG prevents you from charging the device (as they both need the same port). Not to mention attaching an OTG device usually means more power draw (Yes, you propose a self-powered hub, but that's exception to the rule).
Also, the size of the tablet can have an effect on the practicality of the idea. A 10-incher, OK, but a 7-incher can be a bit small for the job, especially if it's a cheapo tab with only a 480x800 resolution.
Re: Lets try to look at the facts
Actually, Android adopted MTP because you didn't have to unmount the storage on the host to use it (USB requires this in UMS), and since many Android apps expect the storage to be there, it presented crash risks.
Re: Only to be expected....
"Sales are more likely to come in bursts, as far as corporate purchases go, during the next 5 - 10 years. Mainly machines being replaced as they go out of warranty more than because they are under spec."
And even that's iffy if the math supports extended service plans vs. replacements.
Re: How many are waiting for Windows 8 to be "retired"?
"Consumers had 3 years of the option to replace XP with Win7."
If you were early enough, the privilege was pretty cheap. I preordered a copy of 7 Home Premium and it only set me back $49. Although I use Xubuntu now, I still have the disc; I could go back if need be. And since 7 offered enhanced graphics and sound support for newer systems (vs. XP), not to mention the 64-bit support (spotty on XP, only really hit mainstream with Vista), there was at least some impetus to jump from XP, especially if the price was low enough (which as I said, it was).
Re: Hate to say it but
Easy enough if you plug each hole you come across. Hard to phone home when you can't phone, period. And if anyone complains, tell them their machine is full of holes and needs to be fixed and to read the T&Cs again.
Re: What goes around...
Unless CL was ALSO the product of organized crime, meaning your scenario would escalate into a mob war.
Re: End software patents, everywhere, immediately.
Just because something is intangible doesn't mean it doesn't have power (literally). Energy is intangible, for example. We can't feel radio waves (and many electromagnetic waves pass THROUGH us) yet we can harness them for assorted ends.
Plus, remember the adage "scientia est potentia" ("Knowledge is power.") This applies not just to specific topic but also to knowledge IN BROAD (like the concept of radioactivity, polished in the late 19th century). You're stuck on the concept that concepts are always specific. I'm recognizing that concepts can be broad as well, and copyrights ONLY cover specifics; they're not useful enough for generalities since you can end-run around that with a second implementation (that's why I brought up the Compaq BIOS--it specifically defeated a COPYRIGHT, but what if IBM held a PATENT on the concept of a Basic Input/Output System). All this attitude about patents being a whole "protection" racket a la the mafia is an overreach and smacks of "Gimme! Gimme!" entitlement. That kind of attitude can make conceptualizers think, "Blow this for a lark!" and keep their ideas to themselves, just as they can for inventors. Remember, information wants to be free, but people are greedy; you have to play with that hand or new ideas die in their heads and you can't tell when it'll come again (has anyone given thought to how much knowledge was lost in the Alexandria Library disaster?). You need the incentive to make them come out, BUT at the same time it should be recognized that they can only exploit their idea for so long, which is why I keep saying limit conceptual and software patents to terms like three years. Is that really too much to ask?
Re: End software patents, everywhere, immediately.
"You say that as if it were a bad thing. It's not."
Look at it from the perspective of the one writing the code or developing the technique. If you planned to sell you technique on the market, how would you feel if you learned your hard would could just be copycatted and sold for less if not just given away? People rarely work for work's sake, especially when bread needs to get on the table, and if I just happen to develop a new and radically-useful algorithm, perhaps I'd like to SELL my idea. And before you say it's intangible, suppose I put the code on a microchip or circuit board; how's THAT for intangible? Plus you can apply the same principles to medicine, which use programming of a different sort with chemistry.
Re: Double edged sword
"The aim behind this is to prevent Patents from being unusable because the holder refuses to hand out licenses - and in some cases that can go on for decades - effectively blocking any forward progress for mankind as a whole."
Isn't that the "ND" part of "FRAND": Non-Discriminatory? It could also apply to the "F" part: Fair.
Re: Might work...
I thought America had been first to file for over a century. Isn't that how Bell won the patent for the telephone: by beating a simultaneous inventor to file by about three hours?
Re: @Charles 9
"If you think this is worthy of patent protection rather than copyright you are siding with Oracle in their spat with Google regarding the Android Java affair. As a developer my choice is copyright (which doesn't preclude FOSS) and never patents for software."
I'm with NEITHER side. My side is that patents for software and the like should exist BUT that patent terms should be relative to the industry in which they apply. And for the software industry, lifecycles are short, so make the patents short as well (my current throught is three years--long enough to get some value out of it, not long enough to really abuse or troll it). If you don't allow for the truly novel to be worthwhile, especially in this day and age, then nothing truly novel will appear. Patent law is meant to act as both stick AND carrot.
Re: It was promising...
"It also doesn't help in situations where a patent troll company with deep pockets takes a small software company to court, for example Uniloc suing every just about Android developer and their grandmothers too."
Thing is, if I'm reading this right, the trolls can't go after these developers if the code in question was not theirs by design. IOW, they'd have to take it to the originator of the offending code, and if it's in the Android base, that's probably Google...a company with some of the deepest pockets in the IT world, a company that was able to hold the dreaded MPEG-LA to a stalemate.
Re: End software patents, everywhere, immediately.
Some form of software patent MUST exist somewhere because copyright is not enough to protect a TECHNIQUE which can be defeated with a clean-room copy (remember how Compaq cloned the IBM BIOS). BTW, people can get around a software patent by burning the code into a chip, turning it into HARDware instead. No, the main issue is the short lifecycle length of the computer industry. A more reasonable solution would be that software patents only be granted for very short lengths, say three years.
Re: A curse on the inventor of PS2
"As for being under desks, why not simply rotate the cpu case so you *could* see the sockets?"
Because sometimes, be they on or under desks, PCs are locked down, tied down, or otherwise in a position (think inside a specialized cubby-hole) where they can't be moved, meaning you have to take the cable to the device.
PS. I've seen PS2 connectors get mangled just by manual labor. Since socket orientation doesn't always correspond to the plug, it's STILL difficult to know which way is supposed to be up (consider sockets on PCI (Express) cards where all the connectors are UPSIDE-DOWN). People can twist and turn those plugs to the point that those literally-wire-thin pins get bent, if not snap altogether. A GOOD connector design needs to prevent that point from happening. The current USB A plug design and standard B plug do a good job at this but are too big for today's smaller devices, and the smaller B versions, while honest attempts, have their drawbacks.
Re: USB isn't "universal" after all
The point is not the communication standards but the PLUGS. For example, why was it deemed necessary for USB 3.0 to use an additional pair of data lines to transmit its ~5Gb/s mode? If the B-plug was too big for a phone, why not make ALL the peripheral makers (INCLUDING the printer makers) settle on Micro-B and stop the cable shuffling (which I admit to be having an issue with--which B end do I need--standard, mini, or micro, they're all over the map).
Re: still crap, try harder
Five. Two for the voltage (remember, the bus can need power irrespective of data), two for the data, and one for the shield.
And it's the shield that's the hard part. In order for the plug to be electrically safe, THAT has to be connected first AND stay connected while the rest of the pins are connected. Oh, and since we have POWERED pins, we might also want to make sure the wrong pins don't touch each other. Got anyway to achieve that besides a parallel insertion?
Because trying to plug it in the DARK (with no access to light) is a common enough scenario. So is trying to plug in a confined space where you can't see your hand (think back of a PC that can't be moved). Eyes can help you sod all here. Not to mention it discriminates against the BLIND. So you really need a standard that is capable of being plugged in by touch alone and forgiving enough that one need not know which way is up (because EITHER way can be up).
And before anyone chimes in with round, please direct me to such an orientation-neutral connector that (a) ensures the ground is connected first and stays connected before any data pins connect, (b) is small enough to fit in a device less than 1cm thick), and (c) provides enough pins to transmit data at USB3 speeds.
OK. Try it IN THE DARK. Or in confined spaces. Or with cables without enough label embossing for usable tactile feedback. Plus some devices have the SOCKET upside-down (like my GS4), probably because the socket got installed to the UNDERside of the circuit board.
Put it this way. USB is simple, just not simple ENOUGH. It's been determined to have practicality problems in blind or otherwise compromised installations. They need the installation procedure to be even simpler than what they have now.
But don't the two go hand in hand since one of the big concerns with blowing a whistle is being found out by who you're blowing the whistle on? And once they can say you dissed them, rubber hoses follow. Thus the only safe way to blow a whistle is to do it in such a way that no one can prove who said it.
No, because the malware writers are savvy enough to keep such a mechanism to an extreme minimum. Usually, the self-destruct is self-triggered upon the malware detecting a honeypot or VM (to prevent analysis) and can't be rigged remotely. The botherders want to make sure as many bots remain intact as long as possible.
Re: I'm reminded of a story about the tunnels of Viet Nam...
"That's why you have to establish a tight perimeter first, otherwise it does not work."
But what happens when you discover part of the perimeter is, for one reason or another, UNREACHABLE? Like how the Cong kept some routes into neighboring (and neutral) Laos? Like how many of the malware writers are located in countries with less-than-favorable relations to the West?
Re: I'm reminded of a story about the tunnels of Viet Nam...
That third group then must've been fortunate to not have their perimeter undermined because ONE tunnel snaking PAST their perimeter would've ruined their effort: not only providing an escape path for those underground but also creating a potential ambush point for anyone who dared to go down: possibly creating a line breach for a combined over/underground assault.
That's the same thing you have now with these malware writers. They know the underground better than anyone so know all the routes they can take: some of them the InfoSec people may not even be aware (or even capable of addressing--consider havens in anti-Western countries). How does the West combat a botnet that's secretly being funded by radical Muslims or the Chinese or someone else who may not be inclined to cooperate?
Re: Learn what an algorith is
Have you considered the idea that botnet designers KNOW about the possibility of decompilation and take steps AGAINST it using such things as self-modifying code, code obfuscation, and remote download of payloads that then only reside in memory (and more of them know how to root and thus block access to its own code; plus they're becoming VM-aware)?
Re: Random passwords for the masses!
Just because a dictionary attack doesn't do it NOW doesn't mean they won't add it in in the future. Much as dictionary attacks now handle chains of words to deal with "correcthorsebatterystaple", soon they'll be savvy enough to try literary initialisms such as "Iwtbot,iwtwot." Especially with help from an e-book library where the text can be extracted.
Plus it doesn't address the main issue: too many sites, not enough memory. Now you have to know which book you pulled the password from and what line from what page. Plus what if you lose the book or someone else (within your local circle) figures out your mnemonic?
Re: Just because 12345 is the combination for your luggage
12345? That's amazing! I put the same combination on my luggage!
But SERIOUSLY, remembering the password IS an issue just as big as having it stolen which is why it creates a second, competing barrier to passwords: you need one that's hard enough to guess but not SO hard you can't recall it. Think of it like having a ring full of keys. If time is pressing, could you retrieve the one key you need quickly enough? And if you use anything to help differentiate the keys, then someone who STEALS the keys can use those mnemonics, too. And key vaults only help if you're in known systems. What if you MUST login on a new or otherwise unknown device where the key vault can't be retrieved?
Sometimes I wonder if we should try to develop something better than passwords because, let's face it, people's memory can be flakey, but what alternatives are out there that can tick all the boxes?
Re: Heard better..
The moon may always face the earth, yes, but the Earth rotates under the moon approximately once per day (it's off by about 1/28th in one direction--forget just which way; does the moon orbit with or against the Earth's rotation?). So there's still the matter of aiming a beam back down to Earth (and with that, the inherent risk of mishap--or worse, sabotage).
Re: All of the above is true with the proviso...
It also probably helped there was a very concrete goal in mind when canals and later railroads were built. In both cases, the main goal was speedier commerce: moving more stuff at a time at a faster rate than one could before overland.
But then again, think back to the great age of sail. Who underwrote most of those transoceanic voyages? As has been said, once you have the basics down, private enterprise can build upon them, but when you're trekking into the great unknown, where the goal itself, let along its attainment, was anything but certain, you probably need backing from an entity for which money isn't the first priority.
Re: Store the energy @fpx
Saying eight hours makes me think all of these solar-powered aircraft were flying widdershins (east, against the sun), producing shorter day-night cycles. I wonder if anyone's built one with enough lasting power to fly sunwise (west, with the sun): longer days but longer nights, too.
Re: not rocket science
"I think you'll find that Desertec's plan used solar thermal, which is an efficient way to harvest all of the solar spectrum by heating a working fluid to high temperature and hence drive a pretty conventional steam turbine."
Can you point to a study that supports this? I would think the "thermal" in solar thermal implies that the energy absorption would be concentrated on the low end of the spectrum (particularly in the red to microwave ranges--this includes infrared, the wavelength we most commonly associate with heat). What happens to the higher frequencies like green, blue, violet, and ultraviolet?
Aw come on, government types. Why don't you come out and say what you REALLY want: a government-approved Internet whitelist so that you can go to these addresses and ONLY these addresses?
- NASA boffin: RIDDLE of odd BULGE FOUND on MOON is SOLVED
- Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
- SOULLESS machine-intelligence ROBOT cars to hit Blighty in 2015
- BuzzGasm! Thirteen Astonishing True Facts You Never Knew About SCREWS
- China in MONOPOLY PROBE into Microsoft: Do not pass GO, do not collect 200 yuan