Slashdot Mirror

a) It's a poorer system. It's pre-approval, on mass, which means the user doesn't know why an app needs access to resources before approving them. iOS seeks approval at the time of requiring the resource, enabling the user to know what the resource is needed for.

This.
I don't have IOS myself, but heard that its non-stock apps (rather, the OS API) require user approval before sending out tweets such as an embarrassing #softwarepirateconfession resulting from your misunderstanding what the app really wanted to do. We all know how much dialogs do in the hands of Joe Bloggs, but to us here it is fair enough warning.

I would expect that OS protection from Android alone, and NOT Apple. The added burden [and power] placed on the user is uncharacteristic of Apple anyway. Yet, Android's "best effort" in this area is as follows:
1) Google or mobile carriers install Facebook and other sneaky tracking apps by default.
2) User opens app BUT isn't given any permission manifest warnings
3) PROFIT!! User has already given up their rights without being asked, because stick Android prefs are an all-or-nothing gamble.

Alternate timeline steps [which /.ers on Android bitterly face as rite of passage]
4) Suppose the user uninstalls the app.*
(i) Some weeks later said user tries to get it again from the Market.
(ii) They are forced to notice that said app required Fine-grained Network Location services, SMS, full internet access, user identity, address book, and five other categories.
(iii) The app could be Facebook, but more commonly it's some game (grrrr) or Samsung utility.
5) User has heart attack... at the implications of what the app did all along with months worth of information secretly gathered without express consent.

* Likely uninstalled to counter the cryptic internal RAM space problems that only we understand. Probably only after rooting to gain the ability to cut unwanted shovelware ;)

Will it have the Play store and all the Google Apps?

I am guessing no because Google once send a C&D to Cyanogen Mod.

http://lifehacker.com/5367693/google-sends-cease-and-desist-to-cyanogenmod-android-hacker

http://arstechnica.com/gadgets/2013/10/googles-iron-grip-on-android-controlling-open-source-by-any-means-necessary/

Go-live fiascos like this are quite common in the private sector.

Some are quite spectacular - go back a few years and see Apple's iPhone 3G launch where the vast majority of purchases could not use their phones because Apple's activation servers melted down from the immense load. (And it's not like Apple doesn't have the numbers of how many iPhone 3Gs they made...).

Or it seems any big video game launch because the DRM servers melted down...

This fail has many parents. Fail 1 is the total inability of a large part of the USA population to consider ANY of the ways the entire rest of the civilized world runs their healthcare without collapsing into an epileptic fit screaming "OMFG commie pinko socialism death panel grandma waits years for a bandaid end of the word HELP" and then off to find an Ayn Rand poster to whack off to.

There's even a DDoS tool created to take down HealthCare.gov by simply reloading the page over and over and over again...

Nope, the integration issues that prompted the US case were already dealt with: the browser ballot issue came down to MS' decision to preinstall IE.

http://arstechnica.com/information-technology/2010/02/microsofts-eu-browser-ballot-approved-arrives-march-1/

Why only pick on Windows? http://arstechnica.com/apple/2013/08/rendering-bug-crashes-os-x-and-ios-apps-with-string-of-arabic-characters/

Because we picked on apple for that one on August 29th and to those of us that are capable of thinking clearly it make very little sense to pick on apple when the topic clearly is a windows vulnerability.

I guess Linux has never and never will have any security exploits possible against it. So yeah, good luck with that. And to anyone else who thinks using Linux online is the end all and be all for security. No system is safe.

Can someone tell me what all the fuss about "LiFi" is?

It seems that everytime things hit a lull in the industry, there is a surge in old technology with new acronyms (re-post!). We've had optical communications in our remote controls (and the Linux kernel) for decades. Acoustic networking is older than I am yet the latest BIOS infector is being pushed as some kind of new magic-mystery-machine. It's unique for a virus to replicate acoustically, but the technology isn't new to anyone who has used a modem.

How did I get modded "troll" when if anybody would have bothered to RTFA they would have seen that OSNews got their info from Ars Technica who got it straight FROM FUCKING GOOGLE!!!

1 CLICK, 4 SECONDS. either the mods are the laziest slobs on earth or "don't be evil" is some sort of RDF that even shields Google from their own fucking press releases. Jobs would be proud, even he couldn't create an RDF that fucking strong.

Actually no, your iPhone 4 doesn't do 1080p. It scales its SD screen up to 1080p, except for video which can be higher resolution. Even then it isn't really 1080p because the image is heavily compressed. The HDMI adapter cable is basically an AirPlay receiver, and the image quality is awful.

Are you being deliberately obtuse? The iPhone 4/4S/5/5S/5S all do 1080p video both for recording and playback. Compression is not relevant to resolution. One could argue that it can reduce quality however. All of those phones can playback through HDMI and through airplay. The 4 and 4S do not use lightning to it is less compressed when using the HDMI connector than later models but even the lightning adapter is perfectly fine as is the Airplay streaming.

Personally, I see NFC as just another attack vector and would never use it.

But wifi, the mobile network, Bluetooth, BTLE, SMS and the Lightning connector are all fine.

You don't get it. We are talking about how NFC is often linked to a credit card or bank account making it a much more dangerous attack target.

Actually no, your iPhone 4 doesn't do 1080p. It scales its SD screen up to 1080p, except for video which can be higher resolution. Even then it isn't really 1080p because the image is heavily compressed. The HDMI adapter cable is basically an AirPlay receiver, and the image quality is awful.

Personally, I see NFC as just another attack vector and would never use it.

But wifi, the mobile network, Bluetooth, BTLE, SMS and the Lightning connector are all fine.

Better camera is subjective. Does it take better pictures or just bigger pictures?

Better. Aside from anything else it has optical image stabilization.

[] apple computers became just a niche market back then, iphones are becoming right now. []

Both are/will be very profitable niche markets though:

http://appleinsider.com/articles/13/10/30/apple-earned-more-than-samsung-lg-nokia-huawei-lenovo-motorolas-mobile-shipments-combined

And regarding Androids ubiquity, fragmentation or open-source-ness, this article suggests Google wants more control:

http://arstechnica.com/gadgets/2013/10/googles-iron-grip-on-android-controlling-open-source-by-any-means-necessary/

Dear Ars readers,

As a journalist for more than 17 years, I have never written a spoof story for April Fool's Day or any other holiday. I certainly had no intention of doing so with this article. It's completely coincidental that this story ran today, on Halloween.

The ninth paragraph of my article reads:

Quote:
"At times as I've reported this story, its outline has struck me as the stuff of urban legend, the advanced persistent threat equivalent of a Bigfoot sighting. Indeed, Ruiu has conceded that while several fellow security experts have assisted his investigation, none has peer reviewed his process or the tentative findings that he's beginning to draw."


Here and elsewhere in the post, I have tried to make clear that many of the details of this article sounded far-fetched to me. They still do. I have also tried to be transparent that no one has independently corroborated Ruiu's findings. That said, these same details have been publicly available for more than two weeks, and a large number of Ruiu's peers find them believable.

I decided to resolve this conflict between my own skepticism and the reaction of Ruiu's fellow security researchers by reporting accurately what all of them said and making clear that so far no one has peer reviewed Ruiu's research process or findings.

I have no doubt that researchers will pore over every laptop and USB drive Ruiu makes available and independently arrive at their own conclusions. I fully intend to report whatever they find. If they find no evidence to support Ruiu's account, Ars readers will be among the first to know.

Regards,

Dan Goodin

Seriously -- I mean even his photo is so obviously derivative.

They want to build it upon XMPP, according to the Ars article I read earlier this day.

It's been around for what, 40 years? Working, (relatively) anonymous, and totally insecure mail transfer with tons of inertia. Never thought I'd see the day where there might be a small sliver of opportunity for another protocol to actually happen. Ars has a nice article about it too.

It has been done many times.
There are countless articles and news on the subject, like this one : http://arstechnica.com/security/2012/05/google-recaptcha-brought-to-its-knees/

I bought one - 27 inch, with all available upgrades except for the max memory. Memory is user replaceable, and it's cheaper to buy it elsewhere. Here are my impressions

• Unpacking it and setting it up is, as always, a breeze. Take off the top lid, lift the surprisingly light computer to a desk, put in the power chord. Done. Initial setup of the computer is then done in a minute.
• Restoring my user profile from a time machine hard drive, to get applications, user data etc. was fast and smooth
• The high res screen is gorgeous. It's also very well calibrated out of the box - my calibration hardware hardly changed anything this time around. Compared to earlier iMacs -and most other screens today - there are no reflections, even though it is glossy.
• Fusion drive - Apple's automated tiering solution - works very well. For most practical purposes, it worked just as well as my last SSD-based iMac - but this time, I don't have to do manual file management of SSD vs. HD.
• The computer is noiseless
• Performance is good (photo and movie editing), but that's obviously to be expected. My Linux VMs are very happy too.
• The games I tried work well on high settings, but the Witcher 1 doesn't work at all - first, a bug causes it to believe that the system doesn't meet minimum requirements (the older, slower one did). Some editing of config files later, it starts - but videos don't display (sound only) and the 3D display have all objects except text rendered black.
• While the sound coming out of the chassis sound surprisingly good, you really want separate speakers or good headphones if you are listening to music while you work.

Read a bit about dash and what it does and doesn't do. Much as I admire Stallman the man is into some serious polemics (otherwise known as FUD) at times.

For instance read:
http://www.zdnet.com/ubuntu-extends-unity-dash-search-shrugs-off-criticism-7000021869/
http://arstechnica.com/information-technology/2012/12/richard-stallman-calls-ubuntu-spyware-because-it-tracks-searches/

Has Stallman head of Machine Learning and its use to improve search results? How does this occur without training data from actual searches over time? As long as it is anonymized at the recording end I don't have an issue.

It is worse in the US than in Korea. But Canada also has bad Internet. South Africa has some slow speeds and usage caps. Also Australia and other countries.

We're neither the slowest nor the most expensive.

If scientists want to restore integrity to their field(s) -- and I applaud their efforts to do so -- why aren't they using an experimental approach to do so? I think they should try several things and collect data to find out what actually works.

That's exactly what's happening. Different groups of scientists, journalists, university-groups and so forth are trying to implement a variety of systems.

Of course, like real science, each group tends to only focus on one approach with the hope that their results will emerge as the best amongst the competition. You're not referring to "scientists" as some kind of monolothic entity, are you?

"use anti-virus software"

And what if the anti-virus vendors have deals with NSA? This question was raised by EFF.

The main thing holding back HTTPS is advertisements. Browsers (especially IE) complain if your encrypted page includes unencrypted content (like iframes served from a a third party ad server) and rightly so. Google can get away with it because they serve their own ads, and Wikipedia doesn't have any ads. Arstechnica ran an article a few years back describing the reasons why they couldn't switch to HTTPS by default, but most of it boils down the fact that they can't get rid of the third party content in their pages.

They can't. Many of the power improvements that Apple has done break compatibility badly. You have to be willing to force applications to upgrade like Apple does to do what they've done in the same way. Microsoft is going to have to approach the problem via a much more complex and lengthy process.

Except Apple has done a lot of work to give a conservative default to old apps. Just running on Mavericks gets you App Nap by default. What Apple did was they used system libraries to notify the kernel about the application so as long as you're making the required library calls, you're participating in App Nap by default.

Of course, if you add support for Mavericks, you can get finer grained control of power savings (including the ability to defer tasks until you're on AC power) rather than conservative guesses.

Of course, there's also a name-and-shame thing going on, so devs are encouraged to update ASAP.

For compatibility, Apple has maintained the same position they always have - only use APIs that are documented by Apple. Functionality is only guaranteed in that case. If you go outside the boundaries (no one's stopping you from using private APIs after all), then Apple reserves the right to break those non-documented APIs at will, and they generally do.

Microsoft has the same problem - devs use private APIs and private resources way too liberally, creating hidden dependencies. It's why even today, you can find "Program Manager" as a window title (because too many developers look for that exact title), why a whole pile of applications assume "C:\Program Files" (the 64-bit change to "Program Files (x86)" did a number on this), and why Windows is full of legacy cruft. Microsoft has tried to change things around - see what happened when Vista broke a lot of things. Vista basically tried to break off a lot of legacy crap, and revealed all the brokenness (and general incompetence) of Windows developers.

It's also why Vista, Windows 7 and others have a Documents And Settings link to Users, why each user profile has a My Documents link etc. (And yes, Microsoft has an API - GetSystemPath or something like that - to get the path of the Windows directory, Program Files, user profile, etc).

The reason that iPads can have better resolution than Macbook Airs is that Battery life sucks on OSX compared to iOS (& Windows is beyond abysmal). The Airs selling points are portability and above all, long battery life. Apple could have put a retina screen in an Air but it would probably lop 40-50% of the battery life off a non retina version & would thus sell poorly.

Read John Siracusa's review of Mavericks.

Apple imposed strictures on OSX applications that allow them to seriously optimise battery life: Polling is practically verboten, OSX reschedules interruptions so that the CPU can get back to sleep & not spend it's time mostly awake & draining the battery. Mavericks is a big step in the right direction & we will probably see a retina Air within a year or two, but we're not quite there yet.

Everything the NSA is accused of doing to Americans, Germany is doing to you, and first, too.
From 2002 - when they were stupid enough to get caught doing it.

Also, for all of you that think switching to German email systems will help? Read this.

If you read some press stories about the sock puppet companies they are mostly targeting products or corporations, attempting to manage commercial reputation.

In truth, this is not always unwarranted. When someone writes about the rash of Brakes failures on Toyota vehicles, the company ought to be able to have a clearly labeled Official Response position, rather than having them feel forced to resort to sockpuppetry to get some actual facts, or corporate nattering as the case may be, across.

Having policies in place that forbid official statements just begs for sockpuppet tactics. There have been cases where authors of books had their remarks removed because they were not considered a credible source for information about their own books.

Furthermore, it would seem that as long as the sockpuppet was indicated, in a foot note, as a paid source of a product or company, that fact alone should make the posting more official and credible rather than less so. Who is more authoritative on the capabilities of a product than the manufacturer? Some random user perhaps?

Ars recently had an article about Google replacing open source Android core apps with proprietary ones.

No doubt it's going to be around, but removing Google from the equation would seriously cripple it. Read this for more details

How much freer could Android be? The entire platform is open source.
The only thing proprietary are the video drivers and that's because GPU vendors are douche bags.

"Platform" is a big word. While the Android OS is free, there are more and more components of the platform that are getting closed off by Google as they move from the AOSP stack to Google Play apps. See this Ars article for a rather scathing view of Android's "openess".

The market, google apps, bundled apps with your phones, and, well, most of what can be installed with the market are not open source, in fact the AOSP versions of google apps lacks some functionality. With cyanogenmod and f-droid as market you get something closer to being open source with the exception that you pointed out.

Umm... Android is openâ"except for all the good parts.

There is really no point in quoting Ars for anything remotely sensible when it comes to Android. They are a Apple site.

How much freer could Android be? The entire platform is open source.

Umm... Android is openâ"except for all the good parts.

Damn. I think I messed up on the link.

Here it is:
http://arstechnica.com/gadgets/2013/10/googles-iron-grip-on-android-controlling-open-source-by-any-means-necessary/4/

And yet it's the UK that is rolling out a country wide porn filtering system that you have to opt out of.

Reading the Ars Technica review it seems that LG desperately wanted it to be a copy of the Samsung Galaxy S4.

Personally I don't like Samsung (or probably this LG phone) because they change too much from the stock Android version. But I am happy with my Sony Xperia Z1. Very happy in fact, even though there's still some software problems (got update last night though, hopefully it's even better now).

Looks like a problem with thin profit margins and a desire to fight court orders instead of comply. That is going to be expensive which isn't a good fit for a small business with thin margins.

FTA:

Selling to enterprises is more lucrative than selling to consumers, of course, providing one possible reason CryptoSeal chose this route. Another factor is that businesses seeking a VPN service may be more concerned about security from hackers than about hiding Internet activity from governments and Internet service providers.

A comment on Hacker News apparently posted by CryptoSeal founder and CEO Ryan Lackey points to the cost of legal services being one of the main factors.

"The financial issue was the potentially huge liability due to a legal action or battle, not the (small) costs of operating the service," Hacker News user "RDL" wrote. The service "was covering operating costs and some profit," but the risk of defending against a government order would have wiped that out.

On the other hand, you've shown on several occasions that your goal with Ubuntu is to take the effort of thousands of volunteer developers and sell it and the Ubuntu install base for personal profit.

He's making a profit off Ubuntu? I'm not so sure about that.

According to Microsoft/Apple/etc. software developement costs large amounts of money and equipment, yet Linux and the open source community exist and flourish. How many scientists would risk their own money in their own experiments? If not, what does that say about the experiments?

Whoa there... Linux and most open source tools cost large amounts of money to develop. Look at the list of top contributors to Linux:

http://arstechnica.com/information-technology/2013/09/google-and-samsung-soar-into-list-of-top-10-linux-contributors/

Most of those are companies that are paying their employees to work on Linux. The sum of their salaries and the resources they require is a good part of what it costs to develop Linux.

Just for fun, let's estimate what the Linux kernel costs to develop each year. The actual report from the Linux Foundation lists the number of changes each organization made to the kernel. If you sum of the number of changes from commercial entities, you get 55,604 changes committed by paid developers. Assuming each developer contributes one change a day on average and assuming they work hard, that's about 200 changes/year/per developer. Dividing the number of changes by the changes per developer suggests around 278 full time developers are contributing to the Linux kernel. Assuming the average fully burdened cost for a kernel developer to be $250k, the cost for those developers is $69.5M/year.

tl;dr: The Linux kernel costs somewhere in the ballpark for $70M a year to develop. This is just the kernel, not the rest of the Linux ecosystem.

If those companies stop contributing to Linux, Linux goes away.

-Chris

Link to the first page.

Ars Technica had a great article on this matter.

No, that's a pretty blatant troll actually.

It's not like the idea of ride sharing is new. This is app based and from a year ago - http://arstechnica.com/business/2012/09/my-life-as-a-high-tech-part-time-not-quite-taxi-driver/.

But maybe you're right and someone in the US invented a time-machine, when to Finland of the future, stole their app idea, and then decided that that was a better way to make money than using a time-machine.

Too bad they didn't patent it, they'd have yet another reason to sue Google and all it surrogates.

http://arstechnica.com/business/2013/10/to-reduce-its-tax-burden-google-expands-use-of-the-double-irish/

Much to my dismay, my own country, Germany.

What? Are we just talking about the hair and the floating? Changing orbits the way they did would require tons of energy, far beyond the capabilities of the shuttle, let alone some suit thrusters. Major big time physics problem, I think it would be easy to do better without filming in space. here.

She really means that the unwashed masses have to "educated" to shut up and accept it, which will take large amount of scare stories and perhaps some *cough* carefully engineered incidents to bring home the point that the function of government is to spy and watch over all aspects of society. For "It Takes a Village" Clinton to use the term "Adult Conversation" should fool no one.

The story, is without a single suggestion from either the British authorities or Clinton, that the spying should be reined in. Rather, everyone seems to suggest simply placed under more "political oversight" is the answer. But Politicians are the LAST people we would trust with oversight. They are the ones that got us into this mess.

And, at least in the US, the Judiciary can't be trusted either. We have judges who took oaths to defend the Constitution, approving whole sale monitoring of phone metadata of every person in the US,yet again.

Why should judges, entrusted to protect us, be above the law? Why can't they be prosecuted or sued?

Is there anyone surprised by Clinton making obscure coded statements about a spying program that she would redouble? This is a very corrupt woman, who is politically ruthless. She left her minions twisting in the wind in Egypt, and if she gains a position from which she perceives the rest of us a "her children" she will assuredly not do a single thing to remove her parental control.

Unless you have some external name for your home connection (i.e. using dyndns or similar if your IP is dynamic), it is probably something you have in your network, like being part of a botnet node, having a misconfigured p2p client, or something that from inside announces itself to be accessed by others. Disable all the services that you know that access by itself outside (i.e. checking for software updates), and try to track all that you don't know that access outside by itself when the ip changes.

They could find you also because you have an easy to detect service that is exploitable. Knowing where they access and connect could be useful, even having a ip camera accessible from outside with a fixed admin password could be enough to cause that kind of behaviour. Considering that scanning the entire internet takes less than an hour, a lot could be doing so all the time so anything exposed you have could be easily detected.

Having antivirus is no guarantee of safety, some malware could be active for years before is even hinted that something could be there by AV companies (and probably US based security products will have hardcoded to not report anything that could look as NSA backdoor or malware). If well is not a guarantee of not catching malware, lower a lot the odds of it using Linux or even Mac OS X.

Spotted this over in the Ars sidebar:
http://arstechnica.com/gaming/2013/10/foxconn-admits-to-pushing-interns-into-overtime-to-build-ps4-parts/

Ars wrote on this a while ago.

Boston wants to apply a lot of taxes to FIOS and Verizon decided to pass on the deal.
http://arstechnica.com/tech-policy/2009/07/boston-a-copper-hole-in-the-fiber-donut-demands-fios/

http://arstechnica.com/tech-policy/2009/07/boston-a-copper-hole-in-the-fiber-donut-demands-fios/

The Clinton administration used Lotus Notes, and none of this was newsworthy. Lotus Notes is a solid database system with excellent replication.

Then the Bush administration came in and ditched Notes for Exchange and made headlines for lost emails and failure to archive; almost as if the crappy Microsoft functionality was desirable for not being up to the task of keeping operable, accurate archives of staff messages.

The current administration uses a Drupal/OpenAtrium intranet with email notification.

http://arstechnica.com/tech-policy/2008/04/bush-lost-e-mails/
http://arstechnica.com/tech-policy/2008/08/white-house-memo-no-white-house-email-recovery-this-year/
http://www.whitehouse.gov/blog/2011/02/11/whitehousegov-releases-second-set-open-source-code