Posts by Doc Spock 142 publicly visible posts • joined 3 Jul 2009
The thing I dislike about RFID tags is their "always on" nature: anyone with an RFID scanner can access the chip (whether or not the chip sends out sensitive data is entirely separate). If any future ubiquitous device (e.g. mobile phones) was to include an RFID chip, there would have to be a way to turn the chip off in order to prevent random scanners detecting/targeting your device.
It's bad enough that my passport has one of the little buggers in it now.
Apple has a licence with InterDigital (up to June 2014) for the various GSM/etc. patents and even Nokia has to pay them royalties as they own at least one patent which is essential to inter-operation with a 3G network.
It would appear that Nokia themselves own essential patents for which Apple are not covered by their licence with InterDigital. The reason for the timing of the litigation may well be down to this result having only just become apparent.
In fact, that's exactly what it looks like:
http://www.electronista.com/articles/09/10/17/itc.finds.nokia.not.violating.3g.patents/
(that's "serious consideration" as in a proper discussion of its merits/flaws as well as those of the current system, taking into account the broader picture of classification in general)
First off, the article title is sensationalist and only serves to undermine any kind of reasoned discussion on the subject (case in point: the first four comments).
Back on topic, the ratings which Apple give an app are often overly restrictive, so I don't think the current situation is ideal. If I remember correctly, this is done to protect themselves form the accusation of selling objectionable content to minors, etc.
Maybe the age-classification step for apps should be delegated to the various classification boards. This seems like a reasonably sensible option, since different countries have different ideals on what is acceptable and what is not (e.g. the U.S. and its stupid hatred for anything closely resembling nudity, whilst at the same time happily showing death, violence, mutilation, etc. for all to see on prime-time TV). Furthermore, from my view of the BBFC at least, the ratings given out by the classification boards are generally more consistent - partly due to them having more experience, and partly due to them spending more resources (time/people/etc) on the process.
Of course, it would probably complicate any appeals process that a developer would have to go through to question the possibly multiple ratings that their app had been given. But the current appeals process is hardly straightforward.
An alternative solution could be for the classification boards to investigate any apps where a complaint has been raised about the suitability of the Apple-supplied rating. However, not only would this lead to a "high watermark" rating, the potential for a complex appeals process isn't really fixed by this approach either. And there's still the question of how any disparity between Apple's rating and the one deemed appropriate by a given classification board is resolved.
Apologies if this comment is slightly off topic.
Personally, I cannot wait until mobile operators become "dumb pipes". I want to buy a phone/MID that is not tied to a single supplier, even if it means having to pay more upfront (the flip-side is that monthly charges will no longer hide the subsidy).
Also, the network infrastructure should be shared amongst all telcos, in much the same way as the electricity grid / gas networks / etc are shared amongst the many utility suppliers. This would reduce the spending of the individual telcos and also result in identical coverage for all users, regardless of supplier. After all, in this day and age, "mobile communication" should be seen as a utility (as should Internet access).
Only then will we have competition based solely on price/service instead of being artificially limited by device availability and coverage. Of course, none of this should stop the telcos offering their own branded phones/MIDs, or indeed specific services to their subscribers.
In my view, this is the only way to prevent the on-going fragmentation of the mobile space. We have competition; we're just waiting on the playing field.
I'll admit to not having read the details of the '906 patent, but it would appear to be nothing more than an IDEA or VAGUE implementation. Patents should describe detailed implementations which clearly define a very specific (and non-obvious) way of doing something. Thus, if their very specific implementation of content embedding was used, then they would be able to sue. As it stands, they appear to be going after quite arbitrary implementations of content embedding.
I can only hope that this case is the one which finally stops the USPTO (or any patent office for that matter) granting patents on ideas and vague implementations.
Rolf Howarth and Steve Brooks seem to be in the minority of people who properly understand the situation.
The argument which Apple are presenting is that Woolworths may use the logo on electrical items and _at that point_ the logo similarities may cause confusion. This is why Apple Inc. did not have to settle with Apple Records _until the former started selling music_. Prior to that point, they were operating in completely different spaces so there was no scope for confusion.
Apple, like any company, must defend their trademarks in order to preserve brand identity. Now that Apple have brought this action, it falls to Woolworths to convince a judge that they will not be using the logo in association with any electrical items. And if they don't, but decide to do so at a later date, Apple can go after them for breaking this promise (in the same way that Apple Records went after Apple Inc. when they entered the music selling business - as they had already won a ruling which prevented Apple (Computers) Inc from doing so).
So, Woolworths will be free to use the logo provided that they do not apply it to electrical goods, and Apple needs to ensure that this ruling is passed as early as possible.
As it stands, the types of games which work well with a touch interface are generally not the same as those which work well with buttons. But there are enough games in the former category to still make the iPod Touch a "good gaming device" (e.g. FlightControl, Scrabble,Super Monkey Ball).
How long will it be before a plug-in controller (or bluetooth) surfaces for the iPod/iPhone and developers code games to work with it? The relevant APIs were made available in 3.0:
"Apps for iPhone and iPod touch can now communicate with accessories via the dock connector or wirelessly over Bluetooth. ...create entirely new integrated solutions that combine an iPhone app with dedicated hardware."
http://developer.apple.com/iphone/program/sdk/accessories.html
(of course, for this to really take off, developers need a common controller API to target - so the ball is probably still in Apple's court)
Even better, we could automate steps 1 and 2 so adverts we like are delivered to us.
*cough* Phorm *cough*
No, wait a minute...
(OK, the _idea_ is good, it's just that the _implementation_ sucked. For it to not be a privacy issue, you would have to get all types of advert delivered to some kind of "ad server" running on your machine, which would itself decide what to show you. Not sure the telcos could handle the extra data in their rusting pipes...)
Surely, the damages awarded in a libel case should be related to the number of people that are likely to have read the story? In print publishing, this would correspond roughly to the number of papers sold (*not* printed); on TV this would correspond roughly to the number of viewers that the program has; and on the Web, it would correspond roughly to the number of *unique* page views. And if other news sites pick up the story, then *they* are liable because they have not checked the facts properly** (search sites and aggregators should not fall into this category though).
Of course, the precise number in each example is harder to pin down than in the previous one, but that's where the lawyers/judge/etc. come in.
As for the issue of an archived story, the publishers should be required to add a "we're made this whole thing up" notice, or modify it accordingly. It's not like the technology doesn't exist to do this...
** and this will serve them right for engaging in sloppy journalism.
The only problem I have encountered is the complete inability to cut/copy/paste in MobileSafari text entry dialog boxes. Text can be selected, but the buttons for cut/copy/paste/etc do not appear.
Not sure if it's a bug, or if I just need to restore my iPhone (3G, for what it's worth) - power cycling had no effect. I've submitted a bug report, so will wait to see what response comes out of Cupertino.
On the flip-side, my iPhone seems to be snappier™ than it did with 3.0 and 3.0.1 (but they were noticeably laggy in comparison to 2.1).
Another potential use would be to secure loads on trucks (e.g. shipping containers). Where current methods use high-tension straps and ratchets, you could use Metaklett strips instead. For the container example, the flatbed of the truck could be covered in the stuff, but done so in a way where it was composed of small strips that would permit the "peeling apart."
This is good, but shouldn't the onus be on Adobe to include a mechanism to check for updates in its Flash Player?
For what its worth, I'm a believer that not applying security updates should be punishable by hard labour. Much like a car needs to pass an annual MOT to be allowed on the road, computers should have to be fully patched to be allowed on the Internet. And yes, a "computing test" is also part of my manifesto, should the people of Britain ever get desperate enough to vote me in as their leader (can't be too far away now...)
Everyone here seems to take the view that the woman in question was a complete moron who shouldn't be allowed near a notepad, let alone a computer.
However, as more than one commenter has pointed out, when the entire e-mail is taken in context, it is outrageous that she was summarily dismissed (i.e. no warnings).
The alternative viewpoint of which my post title speaks is that maybe, just maybe, it was her office colleagues who were the morons, and she had been beating her head off of a brick wall for the past few weeks trying to get them to follow some rather simple instructions.
After all, everyone gets a little frustrated when others can't follow some basic directions.
As an aside, I always prefer *do not* to DO NOT. It suggests emphasis in a less confrontational manner. Plus, some mail clients make merry with things like *word* and _word_ .
The article seems to suggest that Flash-based animations are a Good Thing™. In my view, making it harder for web site designers to create annoying animated content is a Good Thing™. For me, Flash-heavy sites are one of the biggest turn-offs on the Web (very rarely do such sites actually contain anything useful).
The article also seems to neglect the issue of mobile devices that struggle to run flash content - that is the real target for the relevant parts of the HTML5 spec. The intention is to remove one of the many layers between displaying Web content and the underlying hardware running the browser, thus taxing the CPU/GPU less.
At the instruction level, your "solution" sounds very like "pipelining" (Google or Bing it), and is already done in many modern processors. The problem with determining parallelism at this level is that a significant amount of high-level problem-specific information has been lost (i.e. the information that certain instructions can be run on different CPUs/cores which is implicit in threading).
At the software level, your "solution" to the parallel programming problem is just a description of a "task farm" (Google or Bing it) with a "Message Passing Interface" (Google or Bing it), except that the tasks are kept in a queue and must be carried out in order. That kind of parallelism is only good when you have many independent sub-problems, and is not suited to multiple worker threads operating on the same data (although it can be done).
However, for many problems, the overhead required for locking (including the idling of other threads which need to access the locked memory) is the killer, and in these cases it takes a lot of effort to code a solution that minimises the amount of locking required (i.e. a generic solution won't be as efficient).
Basically, concurrent memory updates are the problem, not concurrent execution of threads. The more concurrent memory updates your problem requires, the less of a benefit you will get from using a parallel algorithm.
Grand Central Dispatch (and other similar technologies) are only designed to make it easier to write code which can run in parallel, should you be able to identify suitable sub-problems.
QUOTE: "The headline ideas [include] the use of reflective building materials to send solar energy back out of the atmosphere before it can cause global warming."
Global warming is caused by reflected rays being re-reflected back towards Earth, not by the Earth absorbing them in the first place. The extra CO2 in the atmosphere reduces the amount of reflected heat which can escape back into space.
First up, I loved the bit about the icons - 512x512 icons because you're weird.
Now, I'm not an "icon porn" person (didn't expect to be saying that today!), but could the large icons be related to the screen zoom accessibility feature. In Leopard, screen zoom just scales a bitmap of the screen, it does not scale the screen components individually (i.e. text and icons). Is this still the case in Snow Leopard, or is the screen zoom a bit more intelligent?
Apple are more likely to offer a cable-box / PVR replacement than a full-blown TV. It's not a huge stretch of the imagination to say the Apple TV could head in that direction.
Of course, here in backwards-Blighty, you're not allowed to use a 3rd party box with your cable/satellite card** so such a device would be a no-go here.
** Are you listening, Competition Commission?
... I read as a kid in which reptile-like aliens invaded a near-future Earth. At that point in time humans were using energy weapons, with projectile weapons no more than a historical footnote. Anyway, the aliens had force fields that were impenetrable by the energy weapons.
Eventually, someone discovered that solid matter passed right through the forcefields and the humans fought back with bows and arrows (and other rudimentary medieval weaponry).
This 'invention' that "can block electromagnetic waves but that allows the passage of other entities" sounds the same. Now if only I could remember the name of the book....
Just realised that I'd referenced a Norwegian web page for the National Insurance figure.
The correct one is 11% of the first £595 a week you earn, then 1% of everything above that. So, someone earning £30k (~$50k) a year will typically pay £3300 a year in N.I. since their weekly gross income is roughly £575. Of course, this is still less than the £5000 in income tax that would be paid.
Correct reference this time: http://www.statistics.gov.uk/STATBASE/ssdataset.asp?vlnk=7434
(and http://www.hmrc.gov.uk/rates/it.htm for the income tax bit)
FAIL icon for my previous research abilities...
...but I was under the impression that the proposal Obama is suggesting is that there is a state-run alternative to Medicare. That is, the government will provide competition in the marketplace for medical insurance, thus aiming to cause Medicare to offer better deals. As I recall, people will still be free to use Medicare if they wish, but their premiums may go down if a lot of people choose the state run option (since Medicare will want to entice customers back).
I haven't heard how much the state-run outfit will be subsidised by taxpayers, but I really doubt it'll be as much as we pay for the NHS in the UK: in 2008 National Insurance payments in the UK were typically 6.8% of your income (http://www.nav.no/page?id=7264).
Getting the price right will definitely be the hard part, but it isn't going to be cheap - this is Apple we're talking about after all. Of course, it could still be good value for money.
As uhuznaa alluded to, many of the drawing primitives in the iPhone API are vector-based, and therefore will scale easily to larger screens. However, issues would still arise with custom UI elements that are bit-map based, as well as any layout code that may not take account of potentially larger screens.
But you seemed to have missed my main point (whereas uhuznaa gets it). I don't think the tablet will be intended to replace laptops or desktops, and therefore running Photoshop, etc won't be something that people will do on it. The closest analogy I can think of is a scaled up iPod Touch. Which is why I think it *needs* extra functionality, and I see the note-taking/handwriting recognition/document editing/sketching stuff as that extra functionality. This wouldn't requrie a huge leap OS-wise from what is currently running on the iPod Touch and iPhone.
Apologies if this has been brought up already, but I don't have the time nor incling to wade through roughly 100 comments.
It has been suggested that Apple's tablet will fail because businesses won't buy it, and consumers won't buy it. The reasoning seems to hinge on the - possibly accurate - view that a physical keyboard is needed to make the thing useable as an everyday computer.
Well, here's the thing. I don't believe the tablet is designed to replace people's existing computers, but rather to compliment them. Therefore, it only needs to do a sufficient subset of things well. All well and good you may say, but who's going to buy it? Consumers don't need a crippled laptop in their house (no Windows jokes please...), and businesses won't buy their staff two computers.
Ah, but there's another market that Apple already does quite well in: Education.
How many students out there do you think have Apple laptops? How many get frustrated at having to carry around their new computer and all their textbooks/notepads at college/university every day. An Apple tablet seems like the perfect solution. It is lighter and can function as a note-taking device (via a stylus, since we're all taught to use a pen when writing as opposed to our index finger).
This last point is *very* important in my view. The tablet must be able to act as a digital notepad. Think of the benefits to students: all their notes can be backed up (God help those who forget this!) and also can be searched. At revision time, imagine being able to locate that obscure note you scribbled down about Winston Churchill's mindset (for example) without having to scour every last crumpled piece of tatty paper that you can find in your filthy little flat.
Plus, what student wouldn't buy a device with the following features:
less than 1kg (2lbs in 'merkan); 10" touch screen; wireless; Web browser; mail client; music player; video player; photo viewer; iPhone-style games; handwriting recognition (including math stuff); editing/viewing/annotating support for PDFs, spreadsheets, presentations, etc; auto-syncing with regular Macs/PCs.
Only one thing though, and this is aimed at Apple itself: please don't make the syncronisation require iTunes....
What if Opera Unite _was_ running on a dedicated server? That is, you had an Internet-facing device (*not* a full-blown computer) that served up content from a connected hard-drive. And on that hard-drive you placed your photos etc that you wanted to share.
Then we'd have the following:
1. No personal files/folders/etc available to people accessing your shared files.
2. No need to have your computer on all the time, only this mini-server. And as Michael McIntyre once pointed out, we don't mind the fridge being on all the time!
OK, so it would require "setting up", but no more so than a digital set-top box (i.e. connect cables, plug in, turn on).
And the Opera bloke did suggest that he sees such devices becoming commonplace in the near future.... (hell, just call it "<insert social networking web site here>@home" and punters will buy it)
As I understand it, the problem with h.264 patents is that even the decoders need to be licenced. Surely, it would be easier to try and get the h.264 patent holders to permit royalty-free decoders?
Also, how does the x264 project get away with encoding h.264 video?
(as far as I am aware, the x264 project is open-source and free-to-use - as in beer)
Now, I agree that decoders for the video codec(s) used by the VIDEO tag should be freely implementable by everyone (following in the spirit of the Web itself), but I think h.264 has too much traction (e.g. existing broadcast media, Blu-Ray, YouTube, hardware chips, etc) to be passed over in favour of Ogg.
How much do the h.264 patent holders rake in from licencing decoders?
Article summary produced from the keyword "copyright":
"11-word snippets can violate copyright. AP cackles with glee. By"
"whittled the line of potential copyright infringement down to just 11"
"and cream under the EU Copyright Directive, which makes exceptions for"
"paper it was a potential copyright violation. From the decision:"
"a newspaper article worthy of copyright protection. But the ECJ said"
"creation" and thus protected by copyright. Meanwhile, the Associated Press has"
Now, I would agree that this captures the gist of the story (i.e. The Associated Press is happy after it has been found that 11-word snippets from newspaper articles can violate copyright, based on the EU Copyright Directive).
However, this is not the *full* story. In order to obtain the information that would lead to the above summary, all a reporter would have to have done is turn up at court on the last day for two minutes. The real reporting - that's the stuff that should be copyrighted - is in finding out the details of the case, the views of each party, the effects of the judgement, comment from affected companies/individuals, and so on. None of this is included in the snippets.
Surely then, if anything, this would drive traffic to the companies producing the content.
P.S. I'll see El Reg in court (when they sue me for copyright infringement of the article...)
@Bilgepipe
No, I was not aware that the same vulnerability exists in Windows Mobile. I am, however, aware that other software products - including those from Microsoft - can also have security flaws.
I gather from the tone of your comment, and specifically the mention of Microsoft, that you think I am some kind of MS fanboi. I assure you that this is not the case. My comments stem from the fact that I have an iPhone and two Macs and I really don't like the idea that there may be easily exploitable vulnerabilities in the software I use on a daily basis. After all, that was what drove me to OS X in the first place.
@Sleepy
You are correct in that I was thinking about the low market share of OS X. As a consequence of my mini-rant at Apple, I may have come across as sounding like an MS shill, but I stand by my view that, when it comes to security, Apple can be too complacent at times.
sleepy: "The argument that everything should be built from the outset like a fortress isn't valid in the real world. It's much more likely to result in a flaw going unnoticed until there is a real catastrophe."
It's ONLY valid in the real world. And yes, it means that any flaws which do exist are less likely to have catastrophic consequences and therefore be less critical. Why is that a bad thing? You sound like you are saying that lots of little security exploits are good because it prevents there being a couple of very big ones. I would argue that the opposite is true: the existence of lots of little exploits increase the liklihood of there being a couple of very big ones too.
sleepy: "Of course running as root is Apple's explicit choice for now to encourage more exploits to be published, so they can fix them."
I'll assume this was a joke.
sleepy: "Not running as root is a change that can be made any time."
Maybe so, but it's taking Apple longer than two weeks to do it. Maybe that suggests the fix isn't that simple.
Regardless of how easy or otherwise this bug is to exploit, it should not have existed in the first place. Apple have a long history of producing insecure software (e.g. QuickTime - especially on Windows - used to have more holes than a warehouse full of Swiss-cheese; Safari has had its fair share of flaws too; and OS X is only just getting things like address-layout randomisation).
Now, before I'm accused of trolling, let me explain this viewpoint. Apple - in my view - actually believe the "security through obscurity" argument that many of its users tout. They seem to be so enamoured by their own software that they assume it can't be hacked. This assumption then leads to making stupid decisions like running the iPhone's SMS client with root privileges outside of a sandbox.
Of course, I realise that network operators often send out SIM updates via SMS, so there are certainly instances when received messages may have to update parts of the overall system, but the bits the network operator can change should be separate from the underlying OS. But then it's not like the OS is based on a multi-user operating system that was designed to enforce such boundaries - oh, wait a minute....
For a start, the Apple batteries in question are non-USER-replaceable. Anyone can take their poorly iThing into an Apple store and have the battery replaced (eventually). Also, such batteries are usually more capacious for their size, and this ensures a longer life, as well as exerting a lesser stress on the environment over the entire manufacturing process and supply chain.
Finally, all batteries - be they user-replaceable or not - are classed as WEEE (Waste Electrical and Electronics Equipment). This means that you are legally obliged to dispose of them in an environmentally-conscious manner - usually the original manufacturer is required to recycle them. As such, the throwing out of any batteries is technically illegal.
Unfortunately, many electronics are viewed as commodity devices and are disposed of long before their useful life is up, just because of silly things like the battery failing or a newer model coming out.
I hope that's enough thinking done on the subject, or does someone wish to respond with a reasoned rebuttal....?
OK, I'll admit there were flaws in my analogy, and that I would be able to drive the hypothetical bus on a private road, modify said bus with "go faster stripes" (for example), and so on.
However, my intended point was that there exists a legally-enforceable licence which prevents me from doing certain things and thus I cannot do **whatever I want** with the bus. In the same vein, there is a licence that is designed to prevent owners of OS X from using it in certain ways. Saying that, I will concede that its enforceability in law is not as clear cut.
Still, I would be very surprised if Psystar got anything other than a big fat bill to pay when it goes to court.
First off, I'll admit that I haven't read all the comments, but here goes...
Common argument against EULAs: "If I buy something, I can do with it what I want"
Well, that's rubbish - and here's the - obligatory - analogy to prove it:
I buy a bus. It is mine. Yet I *cannot* drive it because __my driver's licence__ doesn't allow me to.
Owning something whose *use* requires a licence does not imply that you can use it in any way you want. That is what the licence is for (funny that, wonder where they got the name...)
If^H^HWhen this goes to court, Apple will win. Even if it is in Texas. All that may come out of it is a requirement to display a plain-english (non legally binding) summary of an EULA when it is presented to you.
Microsoft are responsible for a *huge* amount of code covering OSes, drivers, apps, servers, web tech, etc. And we're all mature enough to realise that software - from any vendor - will rarely be perfect, and vendors rarely have enough staff to do everything at once. It therefore stands to reason that some degree of prioritisation is required when it comes to dealing with flaws identified in the codebase. Normally there is sufficient time to issue a fix before an exploit appears in the wild, but not always.
The question should therefore be, not "when were Microsoft notified of the flaw?", but rather "for how long has the flaw been actively exploited?" Active exploits are the ones to worry about, not potential exploits (and yes, I realise that potential exploits will become active exploits if left un-patched).
Furthermore, I firmly believe that Microsoft will have a much easier time once businesses and stupid people transition away from pre-Vista, pre-IE8 software. Vista, Win7 and IE8 may not be loved by everyone, but a hell of a lot of re-plumbing was done in the name of security.
And I say all this as a Mac user. In fact, I've been recommending Win7 to many of my friends where before I'd plead with them to consider OS X.
I feel dirty using the Gates-halo icon....
Please tell me that - at the very least - the UK Government is mandating all future internal browser-accessed software systems comply with Web standards are are therefore browser-agnostic.
Such a policy should make sense from a business/accountancy perspective since it increases the freedom that a given department has in terms of installed browsers and will be cheaper in the long-term because the systems will be compatible with modern software for significantly longer.
Or do the terms "sense" and "long-term" not feature in the minds of government staff...?
Oh, and with respect to IE6-compatibiltiy, doesn't IE8 have an IE6 mode? Similarly, FireFox has IE6Tab (or whatever it's called). Ergo, no excuse to remain with IE6.
Here follows some thoughts of mine as to how Google's OS could pan out. Comments, discussion, ridicule and hole-poking (ahem) at the ready...
The general consensus seems to be that the only way in which Google have any chance of producing a "virus free" computing platform is to severely limit the user's capabilities and sandbox absolutely everything. Many people seem to think that this is too difficult, or that the users won't like the restrictions.
I'll address the second point first. Users won't care so long as they can still surf the Web, check their e-mails, and update their status on whatever social networking site is the current flavour of the month. Additionally, users will happily accept some restrictions if the overall experience is sufficiently good (cf. the iPhone).
Now to address the first point. Almost all operating systems limit what a user can do based on user-level privileges. And any software they runs has the same priviliges. However, these privileges only cover what files etc. the user/app may read/write/execute. My arguement is that this is not enough, and a more prohibitive model can be made to work.
For example, a user is limited in what apps they can run (e.g. via code signing from Google). Malicious apps, such as viruses, won't be signed and thus won't run.* The OS could also verify app signatures at boot/launch.
*if a signed app were found out to be malicious, its certificate could be revoked.
I also expect the user to have no admin rights. That is, they cannot modify system files, and can only install apps in userland. OS updates will be handled automatically in the background by Google (OK, so their update code had better be tighter than a gnat's chuff). In fact, the only process which can modify system files is this update code, and that too will be stored in OS-land.
Now, as regards running native code etc (e.g. via V8), every process would be sandboxed and child processes only permitted to communicate with their parent.
To cater for the possibiltiy that malicious apps were able to run, and then modify userland files, apps could be forced to use a common API for disk read/writes. Files created (and owned) by the app (e.g. preference files) could be read/written without interference, but user files would require opening/saving via a common dialog system. That is, the app tells the OS it wants to open a file and the OS then presents the user with the file open dialog. Same goes for saving. So, apps become like first-class citizens with respect to file permissions.
Does any of this sound reasonable? Am I mad? Could this work?
P.S. I don't want to sound like I believe this will prevent viruses/trojans/etc. but I do think it could put a big dent in their pervasiveness.
Paris for the "hole-poking" bit at the start, and for the potential cluelessness of this post....
Dear God! How long has the security community known that short encryption keys can be easily brute-forced? A 64-bit key (8 base16 characters) has been insecure for well over a decade now.
Why are people still using weak keys in secure settings?
It's not f**king rocket science.
In fact, there's a whole field entitled "Security Protocols" which specifically caters towards secure communication over insecure networks and is designed to prevent things like replay attacks.
Of course, the real problem is that your "typical user" has no way of knowing their favourite site uses such pathetic security (and almost certainly doesn't care to check).
And then there's the issue that most webmail sites don't encrypt the traffic once you've logged in, so anyone on your network can easily read the e-mails you view and send.
</rant>
Just out of interest, what would be the legal position if someone you invited into your house (e.g. for a party) started selling drugs? Are you, the house owner, responsible for their illegal activities, or are they?
If it is the former case, then that is the same as someone who owns an unsecured wireless access point being responsible for what users of that access point do.
personally, I believe that it should be the individual users of the access points who are responsible for their own actions (e.g. downloading illegal material), not the access point owner. Thus, there should be no need to secure your access point if you don't want to.
"As was already the case, I _WILL NOT_ click on links whose final destination I do not know"
As an aside, it seems that it would be a good thing (tm) if web browsers (or web services) were able to identify the final URL that such links would go to, without you having to click on them and go through the whole redirect process....
What level of sandboxing (if any) does Unite employ? Are all inbound connections read-only, as they should be? Are directory accesses outside the 'shared' folders (including via aliases) blocked? What level does the Unite web server process run at on non-admin accounts?
If they do use a very simple system - and simple is the key here - which implements a highly restricted read-only policy for remote connections, then that alone will mitigate many potential security problems. I would be very surprised if they were providing a full-featured web server inside Opera, since that is not only overkill, but asking for a mountain of trouble as well.
So the programmer only "intended to access only open source code"? i.e. code that would be freely available from servers unrelated to Goldman Sachs. So he went down the "industriual espionage" route why?
Sorry bud, but I don't buy it. You were sounded out by another company who were going to pay you more on the understanding that you brought some "experience" with you to the new job.
I wonder if the bug is similar in nature to the "Curse of Silence" DoS bug that affected certain Nokia S60 phones?
https://berlin.ccc.de/~tobias/cos/s60-curse-of-silence-advisory.txt
Basically, ill-formed messages are being parsed incorrectly, resulting in unexpected consequences (from the manufacturer's perspective).
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
