25 posts • joined Thursday 16th June 2011 19:35 GMT
Even easier to stop...
... plug in headphones!
It's an intriguing attack scenario though.
Instinctive reaction to the "infection over ultra-sonic" is "Impossible, system needs infecting by some other method before communication can begin".
But, in light of some of the recent public revelations from the Snowden documents, I don't think we need to be wearing tin-foil hats to imagine it possible that one or more of the (few) modular BIOS/Firmware makers could have been internally compromised in order to insert a small additional acoustic coupling module into their standard images.
Alternatively, the BIOS/Firmware USB modules may have one or more buffer overflow flaws that allows an inserted-at-boot-time USB flash device that has malicious reprogrammed firmware to insert a payload into the BIOS/Firmware module chain.
It would be easier to believe Dragos Ruiu's claims of infection if he published the make/model of the PCs he claims have been infected, and released copies (or SHA checksums) of the BIOS/EFI images so that others can compare against other identical hardware. All I can find are now-extinct fie-locker style links, and reports that the images he did release were edited by some mysterious entity whilst on the public servers to remove the root-kit evidence, which doesn't give much confidence in the claims being verifiable.
Re: Wrong data on your part.........
>I think you better do some research before posting! Judge Koh hasn't been too nice towards Apple in the past! And the patent is legit...
I suggest you do too, before committing yourself.
December 20th, Samsung Emergency Motion tells the judge that the U.S. P.T.O. has issued an Advisory Action (the last step in a re-examination) finding all claims of patent No. 7,844,915 (the pinch-to-zoom patent) invalid. The Advisory Action is the Examiner’s final word on the invalidity of the ’915 patent.
The P.T.O. issued the Final Office Action and a shortened 2-month deadline on July 26th, which was subsequently extended to the maximum 6 months allowed. The clock started ticking on July 26th.
This Advisory confirms the P.T.O. view that all 21 claims of the '915 patent are invalid. Although the clock doesn't stop until January 26th for further responses from Apple to try to persuade the P.T.O to change their view, or else file an appeal with the commissioners, any responses from Apple will not stop that clock.
The re-examination control number is: "90/012,332".
Anyone can view the status and document files via the Public PAIR web-site at: http://portal.uspto.gov/pair/PublicPair
Look at the Image File Wrapper tab to view the document trail.
The Advisory says, in page 8 of the PDF, paragraph 5: "The patent owner's other arguments are not persuasive for the same reasons as set forth above and in the final Office action mailed on July 26, 2013. See the patent owner's remarks at pages 9-15, repeating and/or incorporating by reference the arguments presented in the response filed on March 19, 2013."
Embrace, Extend, Extinguish
"Embrace, extend, and extinguish", also known as "Embrace, extend, and exterminate", is a phrase that the U.S. Department of Justice found was used internally by Microsoft to describe its strategy for entering product categories involving widely used standards, extending those standards with proprietary capabilities, and then using those differences to disadvantage its competitors.
... may well help avoid reflections from strong light sources because if the curvature is 'just right' it'll focus on the face of the viewer (as well as what's to either side) in most cases.
Re: ...expect to be running Linux on my phone...
Whether the device runs an ASOP or GNU/Linux based operating system (both of which require the Linux kernel) you have the same problem that Replicant aims to solve - that these devices rely upon numerous proprietary binary blob drivers that aren't updated or supported by their creators and cannot be legally distributed without the accompanying device.
Replicant needs devs but objectives and practices don't attract
I joined the Replicant project this summer as a result of the publicity. Prior to publicity I wasn't aware it existed, despite having been reverse-engineering and hacking code of Android devices since 2010.
It quickly became apparent - to me at least - that Replicant is not going to achieve anything until it changes its focus onto up-to-date devices and engages developer attention as Cyanogenmod does. With the rate of change in the mobile arena an 18-month old (and getting rapidly older) device isn't going to attract developer attention and certainly not users - who wants a 2 year old device which lacks key functionality including, sometimes, the ability to make and receive calls? May as well carry a brick around.
The problem for Replicant is that most if not all AOSP-based devices depend on binary blob proprietary drivers for key hardware interface functionality - video output is the obvious one, but also things like sound, radio interface, and GNNS/GPS. Cyanogenmod does this and suffers much pain figuring out how to get older binary blobs to work with newer, revised, AOSP ABI/APIs.
I decided to focus on GPS blobs by beginning to reverse-engineer the Nokia MEIF binary GNSS/GPS protocol used in Broadcom chip-sets that more devices are using so that support can be added to gpsd and other location-awareness daemons and stacks. This work is useful to the general F/OSS community rather than the handful - literally - of Replicant users.
My belief is that we'd do better overall to have developer teams focus on the particular functionality in binary blobs that prevents users from being the masters of their own devices, rather than try to maintain a fork of an entire OS.
Further eCall info from FAQ...
What is the cost?
The basic pan-European eCall service, based on 112, is a public service which must be offered for free. Taking into account economies of scale, installation of the eCall in-vehicle system is estimated to cost much less than €100 per new car.
It is also expected that the eCall technology platform capabilities (i.e., positioning, processing and communication modules) could be exploited for additional services (e.g., advanced insurances schemes, stolen vehicles tracking etc).
Can the vehicle be tracked or hi-jacked?
The 112 eCall is a "dormant" system, i.e. the eCall in-vehicle system is only active when an accident occurs or if it is manually triggered. It is not traceable and when there is no emergency (its normal operational status) it is not subject to any constant tracking. As it is not permanently connected to mobile networks, hackers cannot take control of it.
What about privacy and data protection?
As the eCall in-vehicle system is only active when an accident occurs or if it is manually triggered, there is no privacy issue related to any tracking of the car. For liability reasons, the emergency call centres (PSAPs) will store the data related to the eCall for a determined period of time, in accordance with national regulations and with Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
The road to eCall
The EU-wide, harmonised implementation of an interoperable eCall service has been on the agenda of the Commission since 2005 and is a priority action for the deployment of Intelligent Transport Systems. As an important road safety measure, the rollout of eCall is also a priority for the EU automotive sector, within the CARS 2020 action plan, presented by the Commission in November 2012.
In 2009 the Commission reported on the progress in introducing eCall and concluded that as the initial voluntary approach was insufficient, regulatory measures had to be considered. In July 2012 the European Parliament adopted a resolution which urged the Commission to submit a proposal to ensure the mandatory deployment of a public, 112-based eCall system by 2015 in all new type-approved cars and in all Member States.
EU eCall 'intelligent car' initiative
Press Releases: 13/06/2013
The European Commission adopted two proposals to ensure that, by October 2015, cars will automatically call emergency services in case of a serious crash. The "eCall" system automatically dials 112 - Europe's single emergency number - in the event of a serious accident.
Care? Do something!
Like many others I have watched from the sidelines as authoritarian legislation creeps up on us bit-by-bit. I've spoken to my circle of friends about it passionately but without seeing any lever to make a difference.
Some of the terms of the Terrorism Act 2000 are likely illegal under UK obligations to the European Court of Human Rights - specifically detention without arrest, detention without legal representation, obligation to hand over possessions, obligation to provide information.
I wonder if this incident could be a catalyst for at least reigning in the excesses that the state is guilty of?
Individually we cannot hope to make a difference but if each of us takes 15 minutes to write to the Prime Minister, the Home Secretary (as Minister responsible) and our Member of Parliament then combined it might poke their consciences and remind them that we elect them to represent us, not to represent authoritarian state agencies that break the spirit and letter of the law.
Write on paper rather than email - they and their officials have to spend time replying individually rather than firing off a single canned-response email.
I recently began planning and implementing encryption of all my Internet traffic and servers by default including using only HTTPS for the web sites I manage, deploying Apache 2.4 and Perfect Forward Secrecy, VPNs for all traffic moving over my ISP's connections, digitally signed and encrypted email using either or both of S/MIME and PGP. Many of those are using layers within layers of encryption on the same basis as The Onion Router.
I do it not to protect my own traffic, but to make it harder for the illegal and immoral snooping of routine Internet traffic topick out those that have a legitimate need for such encryption. It is much harder for NSA/GCHQ to analyse patterns of meta-data or content if everyone routinely uses high-grade encryption.
... you may not use the APIs for any activities ...
"Except as specifically licensed by Google, you may not use the APIs for any activities ..."
Errr, didn't Google recently win a minor court case (*subject to appeals) in the USA where the plaintiff (Oracle) was claiming that APIs are copyrightable.
If APIs are not copyrightable, as the court found, then on what basis can Google license use of an API?
Monitoring for 24 hours...
"We will continue monitoring the health of the Storage service and SSL traffic for the next 24 hours," the company wrote.
That statement makes it sound like they don't monitor the systems routinely unless something fails; explains alot!
This seems to offer potential for use to enable much easier channel bonding, for example, for ISP <> CPE situations where aggregating several slower DSL links is required - especially where VDSL is not available or can't achieve high speeds (anyone 1km from the cabinet, for example!). Currently, getting an ISP to channel bond is a challenge in futility and cost.
ISP equipment supporting 1905.1 would make the process easy and transparent and not require any IP-level configuration with round-robin or other techniques in the CPE.
Bring up multiple PPPoE connections on the same account, and provided the ISP account enables it, you've got multi-DSL channel bonding sorted.
Re: All true
"But the numbers are small"
Only when you compare apples and oranges.
Intel is a chip-baker, chip-set and motherboard maker (not to mention flash and other non-microprocessor activities).
Take ARM's numbers, then add the revenues and profits that its licensees make from ARM-based designs (Samsung, Apple, etc.). According to ARM:
Cortex Processors Licenses
Classic ARM Processors Licenses
ARM11 Family 79
ARM9 Family 273
ARM7 Family 171
Lord of the Rings, Ent Moot
I think, of anyone, J.R.R. Tolkien has the distinction of being associated with the word "moot" in the general public consciousness, and would be the the primary beneficiary of any recognition, having been working on the Lord of the Rings stories since around 1938.
The statement seems to imply the drivers were previously hobbled
Trying to understand what Nvidia mean here. Performance gains are usually incremental when gained through driver optimisation. Do they mean they found some hitherto unknown bottlenecks in the Linux drivers or have they simply removed an artificial cap in the drivers that prevented the Windows drivers looking bad on the same hardware?
"According to the chip maker, the drivers “double the performance and dramatically reduce game loading times” of Linux games - at least if a test comparing the new code with version 304.51 while running Valve’s Left 4 Dead 2 beta is anything to go by."
Enabled date slipping by 3 months every 3 months?
If you currently have FTTC, what speed are you getting and what speed did you get on ADSL? It'd be useful for many of us to know if 50% of ADSL theoretical maximum can be translated to approximately 50% of VDSL theoretical maximum.
Like many others I see today that the line-enabled date that was 30th September is now 31st December. That's the 5th time its changed:
31/12/2011 (changed 20/12/2011)
31/03/2012 (changed 26/03/2012)
30/06/2012 (changed 26/06/2012)
30/09/2012 (changed 25/09/2012)
The ADSL Max speed is 5.5 ~ 6 Mbps with an SNR of 8~12 db. On that basis I figured we could expect at least 40Mbps on VDSL (shorter length of copper, 50% of theoretical maximum).
I emailed firstname.lastname@example.org to ask about the line last week and today got this reply:
"Thank you for your interest in our Fibre Broadband deployment. We are deploying one of the fastest and largest commercial deployments in the world. Our commercial deployment will have extended to 66% of the UK by the end of December 2014. We aim extend this to 90% of the UK, in partnership with other sources of funding, e.g. local and National government.
Unfortunately, we are technically unable to provide fibre broadband to your premise because of the excessive length of line between your premise and the fibre broadband cabinet"
So when the local exchange is enabled but the line-enabled date keeps slipping it could be because O.R. have decided the line won't handle VDSL at a sufficient speed.
The implications of the lock-in to IE5/6/7 applications are that Microsoft's claims over that last decade or so that Window's total cost of ownership is less than its competitors need revising - upwards.
In the interests of balance and accuracy, of course!
That's the BBC Android iPlayer fixed then!
I wonder if Adobe have given advance notice to the likes of the BBC because this announcement doesn't have much lead-time before the Flash libraries are withdrawn from the Play store for new devices.
For the BBC iPlayer it could be a great thing - it was hobbled by not being able to play in the background or usable for radio streaming since when the screen goes off so does anything Flash-based.
Good day for Google... so far
The jury were not "deliberating over the weekend" - they were sent home Friday and told not to discuss. They continued deliberating Monday and reached a partial verdict.
The judge had earlier reserved to himself the decision on whether the "'structure sequence and organization" (SSO - in other words, the APIs of the disputed 37 packages) are copyrightable. For the purposes of question #1 he instructed the jury to assume SSO is copyrightable therefore the jury could hardly do anything else but find for Oracle.
Q1. As to the compilable code for the 37 Java API packages in question taken as a group:
Q1 (a) Has Oracle proven that Google infringed the overall structure, sequence and organization of copyrighted works. YES.
Q1(b). The jury could not decide if Google's use of the SSOs constituted fair-use or not.
Oracle made a point of shifting their accusations late-on to the Java API documentation - as most of us know this is generated by javadoc.
Q2. As to the documentation for the 37 Java API packages in question taken as a group:
Q2(a). The jury found Google did not infringe.
Q2(b) moot (no need to decide).
Q3 Google had already conceded it copied the following, the only issue to decide was if the use was de minimis (and therefore non-infringing).
Q3(a). Google DID infringed for the rangeCheck() method in TimSort.java and ComparableTimSort.java.
Q3(b). Google DID NOTinfringe for source code in 7 "Impl.java" files and onr "ACL" file.
Q3(c). Google DID NOT infringe for the English language comments in CodeSourceTest.java and CollectionCertStoreParametersTest.java.
Q4. An advisory for the judge. If Q1(a) is found for Oracle then...
Q4(a). Has Google proven that Sun and/or Oracle engaged in conduct Sun and/or Oracle knew or should have known would reasonably lead Google to believe that it would not need a license to use the structure, sequence and organization of the copyrighted compilable code. YES.
Q4(b) If so, has Google proven that it in fact reasonably relied on such conduct by Sun and/or Oracle in deciding to use the structure, sequence and organization of the copyrighted compilable code without obtaining a license. NO
Q4(b) is irrelevant if the judge finds that SSOs (APIs) are not copyrightable. If he finds they are copyrightable, well Google's loss is the least of your worries since it means that if upheld on appeal that the American software industry will implode as originators of APIs begin suing others using those APIs.
Google is putting forward a motion for mistrial based on Q1(b) not being answered. The basis of the appeal will likely be that it is established case law that all parts of a question should be answered.
If you thought the USA's software patent situation absurd, copyrightable APIs will have you retiring to a quiet cave with plenty of provisions whilst USA goes into meltdown.
Good news for BBC iPlayer users on smartphones?
Maybe this will push the BBC into finally abandoning Flash in the iPlayer on Android - meaning iPlayer may at last be able to do background playback of radio/audio streams and not turn off when the screen is blanked.
Does this apply to live TV helicopter coverage too?
The same argument being advanced by the police could be just as easily applied to the news channel live TV helicopter coverage often seen when incidents occur.
If the 'perp' is watching TV then the same result occurs - he gets fed information about what's going on outside beyond his own vision.
Sounds to me more like the police are just pissed off with his 'friends' and want to extract some 'revenge'.
Pixel Qi Transflective LCD like the Notion Ink Adam then?
So, almost as good a specification as the Notion Ink Adam that's been shipping for the last 6 months and cost ~ £370 then?
The daylight readable display is a revelation especially as it draws little or no power so the device will last all day. It's like reading a printed magazine rather than an electronic display.
The 10.1" Pixel Qi (pronounced Chee) Transflective LCD is the technology originally developed by Mary Lou Jepsen for the OLPC project. It is daylight readable and uses less than 1 watt:
Resolution R 3072x600 (reflective)
Resolution T 1024x600xRGB (transmissive)
My Adam has Android 2.3.3 on and is about to get 3.0 and later 3.1. It can also run a full Linux distro that supports the ARM processor (Debian/Ubuntu, Linaro, etc.). It also has:
3G modem, 802.11bg/n, Bluetooth 2.1, FM Receiver/Transmitter, A-GPS, Compass, Accelerometer, Nvidia Tegra 2 dual-core. 1GB RAM, 8GB NAND Flash, microSD slot, SIM slot, HDMI 1080p output, 3 USB ports, stereo speakers, rotating front/rear video camera.
To toughen it up I bought a carbon-fibre 'Skinomi' kit for £25 that has already fended off some serious knocks and abrasions - highly recommended to protect mobile devices.
StartSSL offline for several days!
Not a great inspirer of confidence in a 'free' provider:
"We apologize for the temporary inconvenience. The service will be offline until Monday, the 20th June 2011. Thank you for your understanding."
Already accepted by Mozilla, Chrome, Opera, Microsoft, Apple
Apple (iOS 4.1+, OSX 10.6.4+): http://support.apple.com/kb/HT4415
Already accepted by Mozilla, Chrome, Opera, Microsoft, Apple
(spullin mistax figxed)
Apple (iOS 4.1+, OSX 10.6.4+): http://support.apple.com/kb/HT4415
- Facebook offshores HUGE WAD OF CASH to Caymans - via Ireland
- Microsoft teams up with Feds, Europol in ZeroAccess botnet zombie hunt
- Justin Bieber BEGGED for a $200k RIM JOB – and got REJECTED
- Review Bigger on the inside: WD’s Tardis-like Black² Dual Drive laptop disk
- Inside Steve Ballmer’s fondleslab rear-guard action