Apple, Google Diss the DoD Over Mobile Security

Julie188 writes "The Defense Information Systems Agency (DISA) has long supported the use of BlackBerry smartphones for soldiers. It built a system called Go Mobile to provide secure communications, training, and collaboration applications to mobile soldiers. DISA recently decided to add Android and iPhone to the list of approved devices because of high demand from users. Unfortunately, this choice has become a giant pain in the flank. Why? Because both Apple and Google refuse to give DISA access to their security APIs."

Unpatriotic?

[fey000]

Queue the Palin. Might be time for Apple and Google to be hunted down like Al-Qaeda. Is there any room left in the Assange bunker?

Re:Unpatriotic?

[Myrimos]

Queue the Palin.

I saw this a few days ago. Is this a meme? Pedantically speaking, Palin is is a queue of one (at least!) wherever she is. Cue the responses. Might be time for Grammar Nazis and pendants to be hunted down like Apple and Google. Is there any room left in the Assange bunker?

Re:Unpatriotic?

It's not possible for big $$$ corporation to be unpatriotic.

Re:Unpatriotic?

[mr100percent]

Well according to Senator Joe Lieberman, Amazon was being a "good corporate citizen" when it kicked WikiLeaks out of its cloud

Re:Unpatriotic?

[netsharc]

It'll be convenient of Palin to forget that RIM is a Canadian company. Or are they the obedient little Labradors anyway (since the UK is the poodle).

Also, Sergey Brin is Russian! Aaaaaa, he's a red commie!!!! But then again, Palin is neighbors with him, with she being able to see his childhood home front her front porch and what not.

For my more serious contribution to this discussion, iPhone security is "trust that the app reviewer catches anything malicious that the developer is trying to do.". Android security is "You are going to install $APP. This app wants access to these features: [read/write SD card, see call status, read/write address book, read/send SMSes, use GPS location]. Do you want to allow all and install?", while BlackBerry security is, "This application wants these features. Choose which of them you want to allow, and which you want to deny."

Or to be more detailed about it, for corporate BlackBerrys the admin can even do the allowing/denying, globally as well as individually for all apps, including denying the permission to the end-users to install all sorts of random apps.

So which do you think offers more security?

Re:Unpatriotic?

Palin is is a queue of one (at least!) wherever she is.

Cue the responses. Might be time for Grammar Nazis and pendants to be hunted down like Apple and Google.

Is is there a meme for the Nazi-grammar-pedants that screw up their own temper tantrums? Yes ... I see what I did there.

Re:Unpatriotic?

It's not possible for big $$$ corporation to be unpatriotic.

Not true. A big $$$ corporation is unpatriotic if it refuses to invest enough money in purchasing lawmakers.

Re:Unpatriotic?

Palin must be doing something right.....she's pissing off all the Eurotrash wannabees.

Re:Unpatriotic?

So checkboxes == more security?

Or more ways for there to be back doors...

Re:Unpatriotic?

For my more serious contribution to this discussion...

So which do you think offers more security?

Oh dear.

As well as the app review process the iPhone does prompt when an app wants to first use location services, notification, push services, etc. and then allows you to manage and subsequently revoke those permissions. The apps are also sandboxed.
I am not in a position to comment on any of the Android flavours or BlackBerry security, so I won't.

Re:Unpatriotic?

who screw up his or her own temper tantrums

Re:Unpatriotic?

So which do you think offers more security?

None? What does that have to do with security. More informative? Perhaps, but secure? Both users and reviewers are humans and prone to mistakes, I don't see your point.

Re:Unpatriotic?

The who is right, but "pedants" is plural, so it should be "their", not "his or her". Even though this will probably get modded off-topic, I just can't let a bad grammar correction like that go because other people might start believing it.

A bigger problem, though, is that more than forty minutes after my last logged-in post, this *^&@!$ board still won't let me post anonymously without completely logging out first. They've cranked up the post timers to something like five minutes for logged in users and half an hour for anonymous posts. That's very uncool.

It has gotten so bad that on more than one occasion, I've actually given up and not posted USEFUL posts because I just don't have that long to wait. These ridiculous new delays are a net loss for slashdot, not a win. Trolls are still trolls, but it's starting to have a negative impact on real users who are regular posters. And the thirty minute timer has basically made it so that those of us who want to occasionally express unpopular (but valuable) views can no longer do so unless we go find a separate machine with a separate IP to post from anonymously. The net effect of that is actual censorship, a stifling of the free flow of ideas and opinions that Slashdot is known for.

Slashdot users' time is valuable. I'm rapidly approaching the point where I'm considering stopping posting on Slashdot simply because the penalty for participation has gotten too high, and I've been posting on Slashdot for over a decade. Taco and friends, TEAR DOWN THAT TIMER.

Re:Unpatriotic?

Palin is is a queue of one (at least!) wherever she is

Being a bit pedantic here, but doesn't she have to be all there to count as one?

Of course pregnancy would help. As would multiple personalities.

- -
Bringing out the vote in 2016! - Me, Myself, and I

Re:Unpatriotic?

Well the thing about the iPhone is that it's been shown to have bad/low security. Issues ranging from ease to add a malicious app to the market, to the iPhones security being easy to bypass, to even the fact that the iPhone's encryption is easy to crack.

It does sadden me that with these problems that were easy to find on google were ignored when the DoD thought about allowing the iPhone to be an approved device (demand should have been one of the lowest factors in allowing it). While certain Android's might not be a good idea to allow, the whole concept of a custom ROM I feel would be a safe answer that would have been great middle ground.

Re:Unpatriotic?

Yeah it was...

Apparently you are an idiot, but it's pretty much against their TOS and the law to host classified documents.

Go figure?

Re:Unpatriotic?

[netsharc]

How about reading the address book, calendar, or making internet connections?

Oh, none of those? Hey, some guy in some country just got your contact list!

Re:Unpatriotic?

[RockDoctor]

Queue the Palin.

I saw this a few days ago. Is this a meme? Pedantically speaking, Palin is is a queue of one (at least!) wherever she is. Cue the responses. Might be time for Grammar Nazis and pendants to be hunted down like Apple and Google. Is there any room left in the Assange bunker?

Errr, "woosh". I think.

Though why people are picking on the Cantab-educated globe-trotter as if he were a retarded backwoods fuckwit, I don't claim to understand.

Re:Unpatriotic?

It's ironic that listening to Senators is unpatriotic in the U.S.

Re:Unpatriotic?

[zhidian2011]

Good news: this website (======= http://www.ftoto.com/ =======) we has been updated and add products welcome to visit our website. a leading worldwide wholesale company (or ucan say organization). We supply more than 100 thousand high-quality merchandise and famous brand name products all at wholesale prices.Accept paypal or credit card and free shipping. You can try oh, will make you satisfied. -------------- http://www.ftoto.com/ -----------

Umm something is fishy

[JonySuede]

Android is open source, how hard could it be to download the code and look into it to find those elusives security apis ?
I have rolled custom firmware onto an android device using the instruction on some forums, and it worked great, if a dude with is budgies can do it, why can't they ?

Re:Umm something is fishy

[l0ungeb0y]

As much as I am afraid to ask...
WTF is a budgie? /please don't be a rule 34

Re:Umm something is fishy

[JonySuede]

first google link for budgies:
http://www.freewebs.com/budgierisa/appearance.htm

Re:Umm something is fishy

As much as I am afraid to ask...
WTF is a budgie? /please don't be a rule 34

Aint it some bird?

Re:Umm something is fishy

[davester666]

And you can get one free if you visit Tex and Edna Boil's Organ Emporium.

Re:Umm something is fishy

[perlchild]

If they phone home, where they phone home doesn't have to be open source, next question.

Re:Umm something is fishy

I don't understand what you meant, you reply does not even attempt to answer the rhetorical questions that the parent asked and yet you seems to believe that you are in fact doing so.

Re:Umm something is fishy

Thats a funny joke

Use the souce.

[VortexCortex]

Want to access the "security" APIs? Use the Source.

Why not just offer a custom DoD firmware for Android phones?

Seriously, there's no way for an application to be "secure" if the platform the application runs on is itself untrusted.

IMO, My device is not "secure" unless I can control the device's OS & inspect the device's hardware. My phone, my router, my PCs, my GPS, all have firmware I've compiled myself. If an average coder like myself can do this, the DoD shouldn't have any problems either.

Note: Android works on iPhones too, it's still buggy, but the DoD could help with that if they desired, or just use phones that support custom, open source firmware.

Re:Use the souce.

This article smells of shenanigans.

Re:Use the souce.

[Myrimos]

Note: Android works on iPhones too, it's still buggy, but the DoD could help with that if they desired.

A smooth Android install on an iPhone? It seems like you've found something Apple would like even less than the DoD having access to the iPhone security stack.

Re:Use the souce.

[mercury83]

I know this is Slashdot and all, but still:

IMO, My device is not "secure" unless I can control the device's OS & inspect the device's hardware. My phone, my router, my PCs, my GPS, all have firmware I've compiled myself.

This doesn't make it secure. It just means that if someone's made a mistake, or inserted a backdoor, you've missed it. Control != Security -- sometimes it just creates a poor illusion of security. If you don't have control, you have to trust someone to provide security. Depending on who it is and what their experience is, I often prefer to trust.

Regardless, one of the big issues that I've seen in this area is that although yes, you CAN jailbreak iPhone or install custom firmware on whatever device you want, you want the ability to deploy commercial-off-the-shelf stuff to users in the field with a 10 second install from the app store. They want to leverage the existing distribution network for the product and application distribution for software packages. They want to piggyback off the commercial world with minimal development effort and cost. What you're proposing a better model from a secure perspective, but is massively more expensive.

Re:Use the souce.

[aliquis]

Why? Apples margins of the iPhone4 is probably huge.

Re:Use the souce.

[Myrimos]

A different OS "duplicates functionality."

Re:Use the souce.

[VortexCortex]

I know this is Slashdot and all, but still:

IMO, My device is not "secure" unless I can control the device's OS & inspect the device's hardware. My phone, my router, my PCs, my GPS, all have firmware I've compiled myself.

This doesn't make it secure. It just means that if someone's made a mistake, or inserted a backdoor, you've missed it. Control != Security -- sometimes it just creates a poor illusion of security. If you don't have control, you have to trust someone to provide security.

I write code. I read code. Yes someone can make a mistake, I can miss the mistake, but I can also fix said mistakes as soon as the mistake is discovered. You can't do that unless you can compile your own OS / Firmware. Faster Fixes == Less Vulnerability Window == More Secure. I'm not arguing that open source makes something secure, but using the source can give you more security than otherwise.

If you argue that control != security, I will put it to you that the inability to Control = No Provable Security. Thus, Control = infinitely times more secure than uncontrollable. How secure is a device that can auto-update it's firmware without your consent?

Depending on who it is and what their experience is, I often prefer to trust.

Let us not forget that I am compiling the same sources that those you "often prefer to trust" are compiling; Except that I am also sure that no additional closed source code has been included in my build.

Binary_Blob == !Trust;

Re:Use the souce.

My phone, my router, my PCs, my GPS, all have firmware I've compiled myself.

But do you trust your compiler?

Re:Use the souce.

[Timmmm]

My phone, my router, my PCs, my GPS, all have firmware I've compiled myself.

Who modded this insightful?

Do you even have the source code for your GPS firmware, the baseband in your phone, your PC's BIOS and so on? No. Even if you did, are you seriously saying that you've perfectly audited hundreds of thousands of lines of code?

Where's the "-1 this is really stupid" option?

Re:Use the souce.

[tapehands]

Wait...are you advocating that the Government do something (semi)competent with their money?! Although, I guess it would just get contracted out to someone, and still run the chance of being insecure/buggy/overbudget/not on time...

Regardless, a third party company rolling their own DoD-approved secure ROMs for common Android phones sounds like a pretty good business plan (though I'm not sure how the licensing would play out)...

....brb, off to become a patent troll.

Re:Use the souce.

It is not possible to prove security in a modern computer system for any plausible level of control.

What if your compiler has a "backdoor" that introduces vulnerabilities when certain code is produced, and propogates it to new versions of the compiler? You going to write your own compiler in machine code?

What if your processor intentionally misinterprets certain sequences in order to introduce a vulnerability?

Re:Use the souce.

This doesn't make it secure. This doesn't make it secure.

That's not what he said. If the code is open, then it can still be insecure. But, if the code is proprietary, then it is ALWAYS insecure.

Re:Use the souce.

Sometimes control isn't security, but lack of control is always insecurity. Any solution that results in security will necessarily require control.

you want the ability to deploy commercial-off-the-shelf stuff to users in the field with a 10 second install from the app store.

If you need security, then this simply isn't going to be one of your goals. Instead, you're going to want 10 second install from your repository, which consists solely of software that you have audited. As a compromise, it might be software that someone else that you trust has audited, but that'll be someone like Theo deRaadt or maybe (stretching a little, but there are degrees of security) the Debian team. But it sure as hell won't be Apple or Google, because while those parties might be competent, their goals are at cross purposes with yours.

And it's those cross purposes that this story is really about. Apple doesn't have a "Security API"; they have a "Apple Security API" which is intended to protect Apple's interests, not the interests of the users or the owners.

Re:Use the souce.

From dealing with carriers at my day-to-day, it's been quite clear that if the DoD can do anything they can't deny, the phone makers would be in the doo-doo. TFA quoted the phone makers giving out the right approach, bring all those (nice, flag-carrying, American) carriers and threaten them, and fix the problem.

Re:Use the souce.

So you can read and write code but you can't fix anyone else's code? How does this work?

Re:Use the souce.

[VortexCortex]

My phone, my router, my PCs, my GPS, all have firmware I've compiled myself.

Who modded this insightful?

Do you even have the source code for your GPS firmware, the baseband in your phone, your PC's BIOS and so on?

::Sigh:: Yes, yes I do. You may not, but I do. Modding your GPS hardware, your phone, etc may not be your thing, but you can get started with modding your PC's BIOS, and/or Router pretty easily.

It also helps if you research the mod-ability of your device before purchasing them.

Even if you did, are you seriously saying that you've perfectly audited hundreds of thousands of lines of code?

No, I haven't audited it all, perfectly, but really, no one has with any large project -- perfect is a goal, and as I've previously stated, the goal is to provide more security via quickly patching my own hardware's firmware if any issues are discovered (smaller vulnerability window = more secure).

Where's the "-1 this is really stupid" option?

Are you seriously saying that educating myself about my own hardware/software that is essential to my security is stupid?

I'd offer even more info, but I'm not going to waste any more time since you were such a dick. Perhaps just try asking, "How can I compile my own firmware for my devices," next time instead of being so caustic. Good luck with Google.

Re:Use the souce.

[isilrion]

If you don't have control, you have to trust someone to provide security. Depending on who it is and what their experience is, I often prefer to trust.

Exactly. I also prefer to trust. But not blindly: I must be reasonably certain that I can control who I am trusting, and that person/entity has the capacity review the item under consideration.

That rules out non-free software, as only the author has the capacity to review, and the Apple model, as even with open source apps, I have no control. Quoting an Anon comment in this thread,

It is not possible to prove security in a modern computer system for any plausible level of control.

it is obvious that no one person or entity can guarantee the security, so the only sensible option is to not trust any single entity, and instead, distribute that trust among as many people you can, for as much of the toolchain as you can, and be ready to replace the offending part when a problem is detected.

Re:Use the souce.

[aristotle-dude]

This doesn't make it secure. This doesn't make it secure.

That's not what he said. If the code is open, then it can still be insecure. But, if the code is proprietary, then it is ALWAYS insecure.

What utter nonsense. How secure code is depends on the quality of the code and whether it has been analyzed by tools and/or other people to uncover flaws. You do not have to have outsiders looking at the code. Code review by peers can improve code quality by finding mistakes the original author may have missed.

Outsiders do not have some magical quality in finding bugs in code.

Re:Use the souce.

How secure code is depends on the quality of the code and whether it has been analyzed by tools and/or other people to uncover flaws.

This is deeply wrong. How secure the code is, depends on whether or not it does what the people doing the job described above want it to do, without side-effects that they don't want. Security is about enforcing a particular allegiance onto the computer.

The allegiance of proprietary software is to its authors. If those authors want different things than the user, then from the user's point of view, it isn't secure. For example, if an iPhone will take orders from Apple when it receives a packet with a certain Apple signing key, then it would be preposterously silly for DOD to consider it secure, even though Apple's people did an utterly flawless job of keeping bugs (from their point of view) out of the software.

Re:Use the souce.

A smooth Android install on an iPhone?

Here's a how-to that doesn't mention problems:

http://www.redmondpie.com/install-android-2.2.1-froyo-on-iphone-3g-2g-using-bootlace-in-cydia-no-computer-required/

Some other articles say it is a work in progress with issues, but perhaps those are out of date?

http://www.pcworld.com/article/196595/how_to_install_android_on_your_iphone.html

Perhaps you're braver than I would be. Have fun!

Re:Use the souce.

[mercury83]

I think we're mostly agreed... I prefer open-source for the reasons you outlined. I feel that closed-source, proprietary releases can be a little scary and I wish that more commonly used software was truly open. You say "Inability to Control = No Provable Security". I agree completely. Trust isn't about proof, you're simply BELIEVING that the controller of the source knows what they're doing, has your security in mind, and is on your side. If you a trust a source completely, you don't need provable security. If you've been burned before and are unlikely to trust, you'll want more control because you he no confidence in the "security" that they say it has. Sometimes you can't afford to control, and you're willing to trust someone, even if it's only a little bit of trust. By the way, I definitely used to trust Apple more than I do now -- I now trust them with few things.

Re:Use the souce.

[Reaperducer]

I envy the amount of free time you have to accomplish all of this. Sometimes I wish I didn't have friends, family, a job, or a life, too.

Re:Use the souce.

[sumdumass]

If this is a bunch of users saying "I want an Iphone issued by the government instead of a blackberry" then the obvious answer is "no, sit down and shut up, we waste enough tax payer monies on you already".

If this is as I suspect like in the corporate world, where someone sees a commercial of a phone doing all sorts of "cool things", then without any interaction with IT or even coworkers to see if they had problems doing work related tasks with them, buys one, then complains because their 5-10 year old messaging system or their 10 year old productivity/time management sweet cannot communicate with the brand new technology properly and the apps that worked on the old stuff no longer work with the new, and that the company isn't willing to invest $25k top fix this every time they change their personal phones in some attempt to continually remain compliant on the whim of an employee, or purchase some account on someone else' server in order to relay all the information to you through a third party first, the answer is a "personal phones expected to be used for work related activities must be approved by IT before they are purchased or they will not be allowed access to company data".

The later simply makes sure the end user knows that they have to ask if it will work first. If it doesn't, there is no expectation that it ever will. I think the DOD is attempting to branch out a little and not put all their eggs in one basket, but the obvious answer to this is not ban all Android and Iphone phones (or all unapproved phones that the gov can't install it's own security software on) from government campus by employees if this doesn't happen and you will probably be able to watch Google and Apple trip over each other to give the government what they want. This is because the DOD employees not only use government phones, but also use their own phones and leaving their Iphone or Android at home (if they take public transportation) or in the car in the parking lot would likely translate into the hundreds of thousands if not millions of employees simply buying something that is allowed on campus instead. I think the government has more leverage here then google or Apple realizes.

Re:Use the souce.

[Obsi]

Exactly. http://cm.bell-labs.com/who/ken/trust.html

Re:Use the souce.

[LordLimecat]

Wheres the -1 clueless? Installing tomato and coreboot isnt remotely close to "compiling firmware" for them, any more than sticking an ubuntu install disk in your PC is rolling your own operating system.

Re:Use the souce.

[LordLimecat]

Installing Tomato firmware takes all of 10 minutes.

Re:Use the souce.

[PCM2]

Wheres the -1 clueless? Installing tomato and coreboot isnt remotely close to "compiling firmware" for them, any more than sticking an ubuntu install disk in your PC is rolling your own operating system.

Unless, of course, you compile the firmware.

Re:Use the souce.

Could you please list to the devices you have and link to the corresponding source code (if the firmware is open source)? I want to move in this direction myself, but I'm unaware of open source firmware for phones, GPS devices and low-level stuff on PCs like CPU microcode, ethernet card firmware and the like.

Re:Use the souce.

[aliquis]

Less functionality is good because it's only supposed to be the functionality Apple wants/can profit from anyway? =P

Oh well, plenty of used N900 ads around :)

Re:Use the souce.

i suppose the "security" a company will use in their employees computers and cellphones is rather to install some kind of commercial rootkit which monitors and reports data transfers.

Re:Use the souce.

Apple's interest is to keep customers happy so they keep on buying their products. Which also includes trust. And customers want to be happy using a computer or whatever. So I think both groups essentially do have the same interests? Please specify what you mean with "Apple's interests".

Re:Use the souce.

Except that I am also sure that no additional closed source code has been included in my build.

no you aren't. did you compile your compiler? did you compile the compiler that compiled your compiler?

Re:Use the souce.

Wheres the -1 clueless? Installing tomato and coreboot isnt remotely close to "compiling firmware" for them, any more than sticking an ubuntu install disk in your PC is rolling your own operating system.

This.

I wish I wasn't AC and had mod points to give. You make me want to register. :)

Slashdot is going downhill if we don't call each other on bullshit. And vortexcortex is stretching the truth here.

Re:Use the souce.

How long did it take you to do these code reviews? Did you do them by hand or use a tool?

Re:Use the souce.

Installing someone else's software via a fully documented process isn't exactly what I'd call an accomplishment.

Re:Use the souce.

[vijayiyer]

it is obvious that no one person or entity can guarantee the security, so the only sensible option is to not trust any single entity, and instead, distribute that trust among as many people you can, for as much of the toolchain as you can, and be ready to replace the offending part when a problem is detected.

That toolchain is only as secure as its weakest link.
I don't disagree that open source software can be very secure, but your argument for open source software being more secure is uncompelling. Once a problem is detected, it's too late - a backdoor could be inserted that is effectively itself undetectable.

Re:Use the souce.

[isilrion]

it is obvious that no one person or entity can guarantee the security, so the only sensible option is to not trust any single entity, and instead, distribute that trust among as many people you can, for as much of the toolchain as you can, and be ready to replace the offending part when a problem is detected.

That toolchain is only as secure as its weakest link.
I don't disagree that open source software can be very secure, but your argument for open source software being more secure is uncompelling. Once a problem is detected, it's too late - a backdoor could be inserted that is effectively itself undetectable.

As opposed to what? Reducing the chances of even detecting the compromise? I didn't just state that it was more secure (did I say that at all?). The more people who can cry foul, the lower the chances of a single entity to silence them all. After the problem is detected, you have the chance of replacing everything on top of the compromised element of the toolchain and prevent future damage. You can't prevent past damage, obviously, with either approach. But with "closed", you may not be able to prevent the future damage either (closed source: hard to detect, can't recompile, must wait until someone else does it for me. Apple model: I can't install the update by myself, I must wait until Apple publishes one, even if the app is opensource)

(confession - I don't think I understood your post correctly. My lack of english skills may have played a part on that. I suppose you were thinking along the lines of, if I learn that my gcc is compromised, I'll replace only gcc and not everything compiled with it, which would be a pretty nonsensical position on my part)

DoD should not support the Foxconn iPhone

[Animats]

The iPhone is made by the Foxconn division of Hon Hai Precision Industry Company Ltd, in Shenzen, China. Apple is just the design and sales firm. That's not a reliable source for secure DoD communications.

There are still some non-China cell phone manufacturing facilities. DoD needs to look hard at sourcing.

Re:DoD should not support the Foxconn iPhone

Considering the freakout that the DoD has had with fake/malware-injected CPUs, I'm surprised anything non-domesticly built is considered. Even then, building it within the USA's borders doesn't mean a lot without tight cradle-to-grave security.

Re:DoD should not support the Foxconn iPhone

And to your children, you're just the sperm donor I suppose.

Re:DoD should not support the Foxconn iPhone

[arogier]

I don't see why the DoD can't contract Texas Instruments to make them a custom Android phone entirely in the US.

Re:DoD should not support the Foxconn iPhone

[Locutus]

yes but you're talking about the US DoD and aren't they not the same ones who have no way to secure data being removed from their secure computers via USB or CD/DVD? I thought I read recently that they are now going back to eliminating those interfaces on some of their systems but not all and still have no way to secure using those devices on their secure network. So I would not look for logic here.

LoB

Re:DoD should not support the Foxconn iPhone

Except that Foxconn is actually headquartered in the Republic of China on Taiwan, a US ally.

Re:DoD should not support the Foxconn iPhone

[Suki+I]

As soon as they give one of these things to Bradley Manning it won't matter any more anyway.

Re:DoD should not support the Foxconn iPhone

[hedwards]

Because it's not like our allies spy on us.

Re:DoD should not support the Foxconn iPhone

[aristotle-dude]

The iPhone is made by the Foxconn division of Hon Hai Precision Industry Company Ltd, in Shenzen, China. Apple is just the design and sales firm. That's not a reliable source for secure DoD communications.

There are still some non-China cell phone manufacturing facilities. DoD needs to look hard at sourcing.

Right, because American citizens never, ever are criminals or terrorists? Didn't the 9/11 terrorists live in the US for a long time?

Re:DoD should not support the Foxconn iPhone

I don't see why the DoD can't contract Texas Instruments to make them a custom Android phone entirely in the US.

Because even the DoD can't afford a seventy-thousand-dollar-each cellular phone with every component made in the USA.

Heck, considering that you'd have to open new fabs for some of the parts, it'd probably run more like $170,000 each.

Re:DoD should not support the Foxconn iPhone

[xnpu]

Ah yes.. and then complain that the DoD-special-phone is hopelessly delayed, incredibly be over budget and not as secure as it was supposed to be. Doing everything from scratch is a lot more work than you may think. You can't simply trust a non-China manufacturer because it's not in China. It's not like US companies don't employ immigrants or that local citizens can't be bribed. No matter what, the DoD will have to do it's due diligence.

Re:DoD should not support the Foxconn iPhone

[arogier]

But if you consider what they pay for missile parts... and the fact that missiles only get used once...

Re:DoD should not support the Foxconn iPhone

[frosty_tsm]

I don't see why the DoD can't contract Texas Instruments to make them a custom Android phone entirely in the US.

Because even the DoD can't afford a seventy-thousand-dollar-each cellular phone with every component made in the USA.

Heck, considering that you'd have to open new fabs for some of the parts, it'd probably run more like $170,000 each.

Even with the defense contractor mark-up, 170k is not how much it would cost to make an iPhone or Android in the US. Well, unless the plants were run like a unionized auto-plant...

Re:DoD should not support the Foxconn iPhone

[Requia]

If you factor in that they could easily use up a million phones before they became obsolete (depending on how serious they are about them being used by everybody) economy of scale would drive that price way way way down.

Re:DoD should not support the Foxconn iPhone

[gtall]

Yes, and how many of them missiles are actually fired off every year? I'm guessing not a lot.

Re:DoD should not support the Foxconn iPhone

[gtall]

It only takes one mole to compromise your security. At that point, it isn't strictly a technological issue, although technology can ameliorate it.

Re:DoD should not support the Foxconn iPhone

[sumdumass]

The strategic value of a missile is quite a bit more/different then that of a phone that can already be replaced by another phone already on the market.

comparing a missile's value to a phone is much like comparing the value a working car presents to you with the value of a toy matchbox car. You can justify spending a larger sum of money on one of those 1967 mustangs, but not the other.

Re:DoD should not support the Foxconn iPhone

[mTor]

At least a large portion of the iPhone's cost comes back to Apple as a revenue and supports American programmers.

Since Android is completely free and Google does not license it, NO PORTION of most of the Andorid's phones comes back to US. It goes almost completely back to Taiwan and China.

RIM's a Canadian company and all of their revenue goes to Canada.

PS: Be careful when you try to throw stones in a glass house.

Re:DoD should not support the Foxconn iPhone

And it's not like you spy on your allies.

Re:DoD should not support the Foxconn iPhone

[vijayiyer]

Qty 1M != economies of scale for a consumer electronics device. The iPhone sold more in 1 day.

Security APIs?

lol wut?
This article goes so far as to call the two companies unpatriotic for not supporting the DoD.
Rubbish.

I would do the same

It sounds as if the government is effectively asking for a backdoor. With lack of oversight already, why should Google or Apple expect them to do right by their customers?

Besides, there's a reasonable amount of IP in any security stack. Why should any for-profit organization just hand it over?

Re:I would do the same

On Mac OS X , the security stack is Open Source - Google CDSA - its on Sourceforge.

Access to what?

[beakerMeep]

TFA is very light on technical details. What security API are they looking to access? To do what? They have access to AOSP/Linux, and could even cook up custom ROMs if they needed. Is there some cryptographic hardware driver they need or something?

Also, From the 'article'

It seems to me that Apple and Google are making self-centered bad decisions here that won't play well with the American public. Clearly, Apple and Google should re-think these myopic and selfish policies

WTF? Maybe this journalist should re-think his self-centered trite opinion fluff pieces. Oh wait, it's NetworkWorld. Not much chance of that happening I guess.

Re:Access to what?

[UnknowingFool]

One person I spoke with from DOD said that Apple flat out refused to play ball, telling DOD to "talk to our integrators and carriers."

I don't have any more details than the author but he seems to be making assumptions based on conversations that he wasn't involved with. Maybe the simple fact of the matter is that Apple doesn't have any security APIs that would meet the DoD standards. Frankly Apple has designed their phone for the consumer space; Blackberries are more designed for security. Also it may be that Apple simply doesn't want to share any source code with the government. If they did, someone here on slashdot would espouse some conspiracy theory that Apple was helping the federal government track and mind-control you through your iPhone.

As for Android, it is open source so the DoD can make their own modifications like the NSA did with SELinux.

Re:Access to what?

[russotto]

Apple doesn't have any integrators either, so that conversation makes no sense.

Re:Access to what?

Umm, Unisys, CSC, Fujitsu, Lockheed Martin, among others ...

Dont Be Fooled

Look, it's all fine and dandy. iPhone is great, android is great. It's all setup by microsoft. While they sit back and watch apple and google run into the wildy arrogant ways of thier past, they're quitely selling tons of software to enterprises AND home users. When apple and google get the DOJ hammer, it'll even out the market share ofmobile, therefore, provide an enormous boost to microsoft and probably palm too. Look at this way, Balmer is Dooku and google is clone army.

Re:Dont Be Fooled

[ScrewMaster]

Look at this way, Balmer is Dooku and google is clone army.

Yes, but Count Dooku got his hands chopped off and died.

I don't think this is the full picture...

[EnglishTim]

Shenanigans! There's got to be more to it than this.

The entire source for Android is available; what could Google be holding back? It's not as if they manufacture the phones.

What are these 'Security APIs'? It doesn't make any sense.

I think it's more likely that the DoD asked for some of Google / Apple's signing keys and the companies rightly refused.

Re:I don't think this is the full picture...

[digitaltraveller]

Last time I looked (~2.0 era) there was still a ton of closed source stuff in android, usually labelled 'prebuilt' in the source directory.

Even if all the prebuilt stuff is gone now, there is still a ton of closed source firmware that's not distributed, but required for a working handset.

Cyanogen would be the man to ask get all the nitty gritty.

Re:I don't think this is the full picture...

[EnglishTim]

Isn't that the prebuilt toolchain stuff?

I'm sure there may be some closed-source stuff lower down than the OS in some of the phones, but that'd all be parts written by the handset manufacturers, and will vary between phones.

Patriotism?

[SuperSlacker64]

According to the article, practically the only reason given as for why Google and Apple should give access to these APIs is to be patriotic. But as a few other people have pointed out, Google and Apple, though based in the US, are no longer solely US companies. What would this article's opinion have been had Russia or China or some other countries equivalent Department of Defense had asked for access to these APIs I wonder?

Apple, Google Diss the DoD

[multipartmixed]

Dissing the DoD - or, as the article says, "thumbing their noses at" the DoD is not a wise move.

The Denizens of Doom are a group of hacker-biker crossbreeds. A true Ubermensch, if you will. Piss them off sufficiently, and they will kick your digital ass!

security, the ultimate pretext

[bzipitidoo]

The military's security evaluations are heavily biased. Any technology the military does not want to use can be declared insecure, whether or not it is, and vice versa. One can always find a reason something is not secure.

For example, they wanted to use Windows, and not any flavor of UNIX. The fact that Windows is produced by an American company was trotted out as a reason it was more secure. Code written by foreigners might have back doors, etc. Also, open source software development was shot down as fundamentally less secure than proprietary ways. Anyone might slip malware into open source. So, no Linux or FreeBSD. But then, why not a proprietary UNIX? They also prefer dealing with big companies, which informally disqualifies many UNIX vendors. They just have to come up with good sounding excuses, and security ones are great.

For the other side of the issue, they'll lean on their evaluators to rubber stamp tech that they like. Often it seems that what they really want out of their evaluators is creative reasoning that gives them the cover they need to use what they want, not impartial evaluations. Or they'll bypass them. They can get approval on an interim basis when there is nothing secure enough, and they have to have something. They're accustomed to Windows, and they like it, so they found ways to get it on board.

However, they can't do absolutely anything. Often there are ways that though extremely inconvenient, do increase apparent security, and which cannot be worked around. A big one is the "air gap". Need a separate computer for each network, to prevent information leakage across the boundaries.

Re:security, the ultimate pretext

[AF_Cheddar_Head]

WTF are you talking about. Unix and Linux are used extensively on mission systems with in the DoD. You think they use Windows to manage the Missile systems you need to think again.

You are correct in thinking that if a general wants something then he can probably get it secure on not but you are an idiot to think that Open Source is not used in the DoD. The politics can overrule the evaluators. Many times I have seen the evaluators say something is not a good idea and get overruled by the bosses.

Re:security, the ultimate pretext

The military's security evaluations are heavily biased. Any technology the military does not want to use can be declared insecure, whether or not it is, and vice versa. One can always find a reason something is not secure.

BS. There may be some grey areas, but there are all sorts of actual, real documented standards. The blackberry platform has been audited & certified from end-to-end:

http://us.blackberry.com/ataglance/security/certifications.jsp

Blackberry has been approved by the governments of Canada, United Kingdom, Austria, Australia, New Zealand, United States, Turkey, and NATO.

Blackberry has gone through the Cryptographic Module Validation Program (CMVP) that governs the conformance testing of cryptographic modules to Federal Information Processing Standard (FIPS) 140-2, "Security Requirements for Cryptographic Modules."

The Common Criteria is an international evaluation scheme of IT security products and systems. Common Criteria evaluation results are recognized by 26 countries. Many Blackberry products have been certified for Common Criteria EAL 2+ or EAL 4+ certification.

Apple and Android have been tested, audited & certified by... nobody.

Re:security, the ultimate pretext

[OzPeter]

WTF are you talking about. Unix and Linux are used extensively on mission systems with in the DoD. You think they use Windows to manage the Missile systems you need to think again.

of course a rebuttal of this is simply to point you at the USS Yorktown. True that the "missile"systems were not controlled by NT, but being dead in the water would not have helped firing any weapon at all.

Re:security, the ultimate pretext

[gandhi_2]

FBCB2 runs on Solaris and can be found in almost every Stryker since 2001.

It can be found almost every US platoon of wheeled vehicles in Iraq or Afghanistan. Probably in all the Brads and Abrams too.

Re:security, the ultimate pretext

[Registered+Coward+v2]

WTF are you talking about. Unix and Linux are used extensively on mission systems with in the DoD. You think they use Windows to manage the Missile systems you need to think again.

of course a rebuttal of this is simply to point you at the USS Yorktown. True that the "missile"systems were not controlled by NT, but being dead in the water would not have helped firing any weapon at all.

The failure appears not to be an OS issue but an application issue; something that can happen with any OS.

Re:security, the ultimate pretext

Yep Cheddar is correct. The parent is doesn't know what he is talking about.
One example , most classified systems are UNIX boxes , not windows. The lower level folks your talking about is for systems that are not classified systems. When you got higher up the classification level you don't see many windows boxes at all. And I was in the military and also now I work for defense contractor. No windows boxes are only the primary choice for none classified systems. As a contractor it is much easier to STIG(http://iase.disa.mil/stigs/index.html) a Linux or UNIX box, my god windows boxes are a complete pain in the ass. Anything windows just causes pain when you try to go classified.
Also final shot, I can see why google and apple refused, the people I have worked with at DISA about 20. Only one would I consider technically competent, and I am pretty sure he left DISA for another job.

Re:security, the ultimate pretext

[xnpu]

What a non argument. It's not like Microsoft doesn't employ foreigners.

Re:security, the ultimate pretext

[OzPeter]

The failure appears not to be an OS issue but an application issue; something that can happen with any OS.

The point was that the DOD is/was using Windows technology in critical applications.

Re:security, the ultimate pretext

[gtall]

yes, and you are full of shit, DoD is filthy with Unix, Linux, Mac OS, and other assorted systems. Go back under your rock.

Re:security, the ultimate pretext

[Registered+Coward+v2]

The failure appears not to be an OS issue but an application issue; something that can happen with any OS.

The point was that the DOD is/was using Windows technology in critical applications.

No one said they weren't - just that *Nix was also used; and that Windows was not the cause of the Yorktown's failure.

Re:security, the ultimate pretext

[ToasterMonkey]

For example, they wanted to use Windows, and not any flavor of UNIX.

Except they do use UNIX.
and Linux

what the hell are you rambling on about?

Re:security, the ultimate pretext

[bzipitidoo]

EAL 4 is not really that good, but it is used a lot because that's the highest level that is easy to obtain. EAL 5 through EAL 7 is where the real security begins.

A big problem is that there's almost nothing rated EAL 5+. Only stuff I have heard of are devices simple enough that formal proofs are possible, software that is so locked down as to be nearly useless, and stuff such as GEMSOS that is obsolete because the evaluation process took longer than the lifetime of the technology. Undoubtedly, Apple and Android aren't rated not because they are fundamentally less secure, but because evaluation and fixing of problems is a long and expensive process. I have heard times ranging from 6 months to 10 years. SELinux, which btw is only EAL 4, is such a pain to administer and use that no one wants to. Rather funny the time a Red Hat rep came to a users group meeting to brag about SELinux, and then admitted he wasn't using it himself. Didn't have it enabled on the laptop he was using to run his slide show, and didn't have any demo.

Most exasperating is the military's knee jerk handling of requests for information. They're big on false positives. They'd rather not tell anyone anything, for fear of leaking a secret. It's understandable, because the punishments are harsh, but it's not productive. Their own people are routinely denied innocuous information that they really do need. Existence of and means to contact labs that can test for EAL 5 to 7? Secret. Information on the requirements to qualify as EAL 5 to 7, so perhaps you can set up your own lab? Secret. Lists of devices and software that have met the standards? Tests and results, which could be embarrassing? Oh, definitely secret. Why is it secret? Secret. Except that it isn't-- often the persons making such claims aren't sure, or feel they have something to hide, and are just trying to stay out of trouble. Takes a lot of digging and prying to shake that sort of info loose, to say nothing of the effort to actually do formal verifications.

Yes there are standards, many of them. Too bad it's such a bear to use them.

You know what annoys me?

I'll tell you what annoys me. Are you ready? Summaries that ask a question, and then answer it. Why is that annoying? I believe this post answers that.

Bad summary

[zigfreed]

Google and Apple just told the DISA to talk to the integrators. They aren't getting special treatment which makes sense: as big as the DoD is, they are still smaller and more specialized than the general public which the devices were meant to serve.

This is a job for a small, tight-knit development company developing under NDA, i.e. integrator.

Cryptograms

[xsxixmx]

They ought just make an app with some serious cryptography. It should be easy enough to just text instead, idk the security level differences, whatever works better though. For test they can change the letter codes (binary/ascii) with random cycling syncable layouts (keys). And I saw something in the book: "Blink" regards just going back to 'word of mouth'... And regards the API, it should already be in there pocket if you ask me. "many hands make the work load light"

Poor Article

[dcollins]

FTA: "Providing API access to DOD is the patriotic and morale thing to do, especially since DOD is opening the door to lots of sales opportunities for both companies. "

Yeah, that's a well-written article. I'm convinced.

Google and Apple know all too well

[gilesjuk]

If you give access or information about APIs that this information can leak out and be used for the wrong purposes.

The military should buy something that does what they want, not buy a consumer product then try to get the manufacturer to change it for them.

I altered ANDROID recently (was easy)

Per my subject-line above: When my nephew & I were attempting to put a custom HOSTS file (24.5mb in size) onto ANDROID, it complained with a message along the lines of this:

"This operation is not allowed on the production model of ANDROID OS"

So, we whipped out the SDK tools for it, ADB, & mounted the system mount point as Read + Write... then, we did an ADB "PULL" command to get the file onto the ANDROID device, then we overwrote the "stock-oem" HOSTS file with ADB's "PUSH" command... & guess what?

It worked.

Now, because it did? Here are the results he enjoys from this "modification" on ANDROID phones:

I.E. #1 -> He NOW surfs the web on his ANDROID, minus ad banners (which HAVE been "bushwhacked" with malicious code before -> MICROSOFT APOLOGIZES FOR SERVING MALWARE: http://apcmag.com/microsoft_apologises_for_serving_malware.htm - happens to the "best of them"!)

I.E. #2 -> He now surfs the web, FAR more protected vs. known bad sites also (which I update, daily here & from reputable + reliable sources online for that very purpose)

I.E. #3 -> Additionally, my nephew (RIT CIS major w/ specialization in security) now also gets to his favorite websites faster (like engadget.com or wired.com), also (by not doing DNS roundtrip lookups for IPAddress - to - Hosts/Domain names resolution)...

I.E. #4 -> PLUS, IF his DNS "goes down", or is "redirected/dns-poisoned"? He still gets to his fav. sites anyhow, reliably (since HOSTS are the 1st thing a BSD IP Stack looks to for this, by default).

APK

P.S.=> No, it's not "STRICTLY" doing a 'hack/crack' to the OS, but it shows you CAN "alter" the stock setup, + the datafiles it uses for operation, fairly easily, & HOW to do so, easily... apk

Re:I altered ANDROID recently (was easy)

hey, it's Hosts File Guy! I wondered when you would show up.

seems fair enough

[cenobyte40k]

The DOD can take it multi-million dollar contract and go somewhere else. It's not up to the DOD to force companies to make smart business transactions, but if I was a stock holder at Google or Apple I might be a little pissed.

Re:seems fair enough

Google knows that dealing with governments costs a lot of time and is only worth the effort (and bad publicity) if they get payed very well for it.
Both Google and Apple should know exactly how profitable it was for RIM, so if they reply with "just get a BlackBerry" it just isn't worth it.

Re:seems fair enough

So a couple of things :

The mobile device fleet in the DoD , whilst large, is likely only a couple of days (or less) worth of sales for either Apple or the Open Handset Alliance ( both are in the 200,000-300,000 activations per day range ).

All those organisations are involved in a highly competitive, emergent market, and they do not have infinite resources. Apple has maybe 2000 Software Engineers, and Google would likely be similar (you can quibble by a few thousand either way) - most of their organisation headcount is operations, sales , marketing and in Apple's case support and retail. They need to make hard decisions about where to spend their time and resources. It is likely that most of what DoD would want (see later in comment), have zero to negligible impact in the consumer or business markets, and therefore, doing those things would take away effort from new features that may have large net sales impact across all markets.

So what is DoD likely to want, at least as a wishlist :

- Certified Hardware Cryptography ( Apple actually has this now to a point, and whilst not common on Android, there are a handful of specialised, very expensive Andriod devices do such as from General Dynamics )
- Backdoor master key and key escrow for all cryptography , including customising CA roots
- Integration with their Common Access Card for unlocking the device and authentication to Apps ( App authentication is possible by third party effort, but unlocking the device would be a more major undertaking )
- More device restrictions and controls ( eg fail-closed trusted network detection, VPN always on, prevention of creating personal email accounts, disable cut and paste, App whitelist )
- S/MIME Email (available as 3rd Party Apps for both platforms )
- Intranet App store , including site licencing
- Formal Security Certifications
    - Common Criteria Certification to EAL4 for SIPRNET ( this is a 6+ month, multi-million dollar undertaking, tying up many R&D staff in the process - note also there are no CCC Protection Profiles defined for Mobile Devices, so the vendor gets to make them up !
    - FIPS-140-2 Level 2 (Cryptography has been validated, and the device has anti-tamper provisions on the cryptographic module - Apple only has applied for FIPS-140-2 Level 1)

Add all that up, and its person-years and millions of dollars in effort, for maybe a days worth of current sales. Maybe half of it has broader applicability to a wider range of customers , and is probably in their respective pipelines somewhere.

In Apple's case they can at least partially do a bunch of that list right now, using custom Apps and external accessories, but that is something they'd live up to an integrator like Unisys or similar to put together. Android is probably a bit behind this on average, but specialist vendors can certainly put custom devices together with that feature set for a price, given enough time and effort ( although they'd likely leave the "with Google" features out of any such device ).

DoD can't have it both ways - COTS pricing, a feature set that 99.9% of the market doesn't care about, ease of use : pick any 2.

Interestingly Wikileaks recent time in the sun has shown that an awful lot of data is overclassified, and that human factor weaknesses far exceed the capacity of any technical protection measure to address.

Apple's iPad needs a CAC reader... (or a USB slot)

[(H)elix1]

This is going to get even worse for Apple's iPad and other USB free devices. Without a smart card reader, or at least a USB slot to add one, these devices are going to have very limited usability in the DoD as things move forward.

Re:Apple's iPad needs a CAC reader... (or a USB sl

[gandhi_2]

They gay ban hasn't been overturned yet.

EXPLAIN THE -1 DOWNMOD PLEASE... apk

On my initial post -> http://mobile.slashdot.org/comments.pl?sid=1906520&cid=34524136 here in this thread...

See my subject-line above, & that URL here I posted directly above this...

(Please - DO explain the technical grounds on which you "down modded" my posting here unjustly & with NO EXPLANATION why: "Somehow" (not, sarcasm), I don't think I'll get a valid reply in response here, just b.s. from trolls etc./et al, as-per-usual...).

APK

P.S.=> "All the King's Trolls, & all the king's 'p.r. men', couldn't put your trolling down mod selves together again..." because I don't see ANY VALID TECHNICAL JUSTIFICATION for the down moderation of my 1st post in the URL above!

Better still, in closing here? Well - I'll let Mr. Bruce Perens speak for me (in regards to unjustified down mods of posts here & elsewhere online + WHY they happen):

"I have been offered the online-perception-management services I'm talking about while managing at HP and Sourcelabs. If you are not aware of companys concern for their online perception and what they do about it, and won't take my word for it, there isn't much point in arguing about it with you." - by Bruce Perens (3872) on Friday July 30, @09:27PM (#33092398) Homepage Journal

FROM -> http://linux.slashdot.org/comments.pl?sid=1738364&cid=33092398

and

"It just takes one Ubuntu sympathizer or PR flack to minus-moderate any comment. Unfortunately, once PR agencies and so on started paying people to moderate online communities, and to have hundreds of accounts each, things changed." - by Bruce Perens (3872) on Friday July 30, @03:55PM (#33089192) Homepage Journal

FROM -> http://linux.slashdot.org/comments.pl?sid=1738364&cid=33089192

That says it all for me... apk

Re:Apple's iPad needs a CAC reader... (or a USB sl

Actually, iPad 2 may very well have a USB port.

Re:Umm something is hurting my eyes!

[alienzed]

Giant colored font batman!

Sorry I don't see government as the gate keeper

[Ruler4You]

I just can't see the justification for the government to have and hold proprietary information it has no rights to. If it should some day be determined that some corporate irresponsibility or collaboration in a criminal or treasonous context fell on the shoulders of corporate officers, I'd favor prosecution. But not release of the proprietary information itself. As it is government information and citizen information in the governments cognizance is considerably compromised by their "security". Only in the context of socialist nationalization (even then it's hard to justify) does this make the slightest bit of sense.

Why I'm getting a Blackberry

[Logic+Worshipper]

iPhone and Android make money by spying on you. DOD wants to reprogram their OS to make that impossible, and they said no. They won't even let the DOD have a secure version of their OS, because their OS are inherently insecure.

Re:Why I'm getting a Blackberry

[Reaperducer]

iPhone and Android make money by spying on you [citation needed]. DOD wants to reprogram their OS [citation needed] to make that impossible [citation needed], and they said no [citation needed]. They won't even let the DOD have a secure version of their OS [citation needed], because their OS are inherently insecure [citation needed].

FTFY.

Re:Apple's iPad needs a CAC reader... (or a USB sl

[WiseWeasel]

Seriously, how is a disgruntled private supposed to suck down the contents of the DoD document store without a USB port?

Exactly

[Evets]

This is exactly the reason that platforms like OSX and Windows are so secure, and linux is so riddled with viruses. Can you imagine the problems we would be facing if people actually had access to review and update those operating systems?

Effete moddowns w/ no justification, again?

Please... Who's TRULY the "Anonymous Coward" here? Myself??

No, it's quite obviously it's the loser(s) who is down moderating my posts here -> http://mobile.slashdot.org/comments.pl?sid=1906520&cid=34524136 and here -> http://mobile.slashdot.org/comments.pl?sid=1906520&cid=34524530 in this thread 2 times now!

I was down moderated 2 times, & no justification based on technical grounds was given either time... Pitiful!

The "down-modders"'re not saying why they did so, keeping their "full-time courageous hero image" (not, lol) going!

(Still, I was modded down, but... on WHAT technical grounds? Heh, these weasels doing the down-modding of my posts here?? They obviously don't HAVE any, & are just "upset with me" obviously, for "some reason" (I probably whipped their ass on those grounds at some point here, & they are "getting revenge" is my guess - some "revenge". I'll let you have it, coward (because you're just burning up your moderation points in doing so)).

APK

P.S.=> It's that, or I'd seriously hazard a guess that what I put up in my 2nd post was dead-on right: It's some cowardly shill that Mr. Bruce Perens was quoted about in my 2nd post URL above... apk

Re:Effete moddowns w/ no justification, again?

Maybe the mods love watching you rant? It is fairly entertaining.

Re:Effete moddowns w/ no justification, again?

[Kalriath]

You do realise, apk, that Slashdot's moderation system actually prevents providing justification, as any successive post nullifies all moderation to a conversion, right?

Personally, I'd suspect that you were downmodded for being completely off-topic - you're going on about hosts files in a discussion on the DISA not getting access to the Android and iPhone OS security APIs.

Re:Effete moddowns w/ no justification, again?

[metrix007]

The justification on technical grounds is you have no idea and what you try to pass of as technical insight is demented ignorant rambling.

Re:Apple's iPad needs a CAC reader... (or a USB sl

Nope. Just bluetooth. They make bluetooth CAC readers.

Something more...

Perhaps it is politically motivated. Something about two wars comes into mind.

The "Lord of HOSTS" will do nicely

"hey, it's Hosts File Guy! I wondered when you would show up." - by Anonymous Coward on Saturday December 11, @01:47PM (#34524460)

See subject-line... & someone is modding my post on how to use HOSTS files on ANDROID even (very easy to do with ADB).

APK

P.S.=> "Gee, I wonder WHY?" (not): With ISP/BSP's talking about "pay as you use" internet (how much bandwidth you consume in other words) -> http://yro.slashdot.org/story/10/12/08/2012243/FCC-Approving-Pay-As-You-Go-Internet-Plans so they can not only TRACK YOU via cookies & such in adbanners but also charge you more because you are downloading + processing adbanner content, which means YOU CONSUME MORE BANDWIDTH BY DOWNLOADING & RUNNING AD BANNER CONTENT!

(Adbanner content, which mind you, has been shown to bear malware malicious code before no less -> http://apcmag.com/microsoft_apologises_for_serving_malware.htm in the past (& that's not a first either))

Yes - I can pretty much guess it's NOT Google's people down modding me here, but rather ISP/BSP reps + advertisers (or even malware makers), because they are the ones that HATE HOSTS FILES more than anyone does... apk

Apple is ignoring Corporate and DoD's requests

Apple is flat out ignoring demands such as this and is 100% concentrating on the consumer. They are missing the boat on security requirements of larger corporations and apparently the DoD as well. I think they are missing a huge and somewhat captive market, if they would just do as required the would sell a huge # of phones and iPad's. I think they are too focused on selling apps to teenagers. Don't get me wrong I love my iPhone and iPad but I must admit I have had to jump thought hoops to get them to work for me as office tools.

metrix007 got played, He played himself.

metrix007 is pissed about this http://yro.slashdot.org/comments.pl?sid=1888084&cid=34462614 [slashdot.org] where he blundered on hosts files against the person he's trolling now. metrix007 got played, He played himself.

Google and Apple CAN'T DO IT!

[rdebath]

Linux and BSD the OS's under Android and iPhone both have solid security tools. Linux's version was written by the NSA FFS. But once the machine leaves the hands of G&A the 'integrators' have full control over what goes in and what stays out. For Linux the major security enhancements can be turned off with a single switch & kernel recompile.

The only way either company could force the issue is to use legal means and renegotiate their agreements with these 'integrators' AKA 'Phone companies'.

Good luck with that!

You do realize there are multi account users?

"You do realise, apk, that Slashdot's moderation system actually prevents providing justification, as any successive post nullifies all moderation to a conversion, right?" - by Kalriath (849904) on Sunday December 12, @08:26PM (#34531378)

You do realize there are multiple registered account using shills & such here, right? Do you think that prevents them from using one account to comment, & another to mod-down others (and themselves up with)?

If you don't, then take a read from Mr. Bruce Perens, because he knows what goes on this way, same as I do myself:

"I have been offered the online-perception-management services I'm talking about while managing at HP and Sourcelabs. If you are not aware of companys concern for their online perception and what they do about it, and won't take my word for it, there isn't much point in arguing about it with you." - by Bruce Perens (3872) on Friday July 30, @09:27PM (#33092398) Homepage Journal

FROM -> http://linux.slashdot.org/comments.pl?sid=1738364&cid=33092398

and

"It just takes one Ubuntu sympathizer or PR flack to minus-moderate any comment. Unfortunately, once PR agencies and so on started paying people to moderate online communities, and to have hundreds of accounts each, things changed." - by Bruce Perens (3872) on Friday July 30, @03:55PM (#33089192) Homepage Journal

FROM -> http://linux.slashdot.org/comments.pl?sid=1738364&cid=33089192

---

That says it all for me, and I didn't do the saying...

APK

P.S.=>

"Personally, I'd suspect that you were downmodded for being completely off-topic - you're going on about hosts files in a discussion on the DISA not getting access to the Android and iPhone OS security APIs?" - by Kalriath (849904) on Sunday December 12, @08:26PM (#34531378)

Really? I am speaking about ANDROID phones & something I did that circumvented ANDROID trying to stop me from doing (loading a custom HOSTS file onto one)...

What I stated can also save you monies, especially if you're being charged by bandwidth usage (per this -> FCC Approving Pay-As-You-Go Internet Plans: http://yro.slashdot.org/story/10/12/08/2012243/FCC-Approving-Pay-As-You-Go-Internet-Plans

ANDROID phones can also use the HOSTS FILE TO KEEP DOWN BILLABLE TIME ONLINE by not downloading adbanner content!

That's done via the ADB dev. tool, & mounting ANDROID OS' system mountpoint for system/etc as READ + WRITE/ADMIN-ROOT PERMISSIONS, then copying your new custom HOSTS over the old one using ADB PULL/ADB PUSH to do so

(Otherwise ANDROID complains of "this file cannot be overwritten on production models of this Operating System", or something very along those lines - this way gets you around that annoyance along with you possibly having to clear some space there yourself if you packed it with things!)... apk

Do not feed the troll

See my subject above? It's about you.

Kalriath, on HOSTS files, last time you RAN!

"Personally, I'd suspect that you were downmodded for being completely off-topic - you're going on about hosts files in a discussion on the DISA not getting access to the Android and iPhone OS security APIs." - by Kalriath (849904) on Sunday December 12, @08:26PM (#34531378)

Per my subject-line, Kalriath didn't like the beating he took @ my hands, where I got Kalriath to run away from disproving the numerous points I listed in favor of HOSTS files, and where I got Kalriath to ADMIT THE SAME AS MICROSOFT'S OWN MGT. HAD TO VS. MYSELF ON THE SAME POINTS (Microsoft's own senior mgt. of their "Windows Client Performance Division" in FOREDECKER to admit the same -> That using a smaller file (by using smaller blocking addresses in HOSTS files) will result in BETTER HOSTS FILE PERFORMANCE):

Here http://it.slashdot.org/comments.pl?sid=1687452&cid=32694426

and

Here http://it.slashdot.org/comments.pl?sid=1687452&cid=32632240

APK

P.S.=> On your "other so-called point" here, regarding shills that mod others down? Well, I let the words of Mr. Bruce Perens "do you in" on that account in this exchange, here:

http://mobile.slashdot.org/comments.pl?sid=1906520&cid=34533390

apk

Re:Kalriath, on HOSTS files, last time you RAN!

[Kalriath]

apk, really. Let it go, you're not doing yourself any favours. This is exactly the sort of behaviour that gets you downmodded, you know. It's a bit like that twitter fellow.

Stop. Just... stop.

fair is fair...

[hesaigo999ca]

If blackberry did just that, then they should too, although I do not understand what the big deal is, if the military is reviewing the code in order to see what is going on as to ensure no one is logging the communication flow, but anyways, this is not news, happens all the time when dealing with military, they need to follow protocal, and the rest of us civis don't....no big deal, so they stay with BB and just keep ensuring their platform survives even longer...

Kalriath & MS have to admit "APK IS RIGHT"?

Kalriath didn't like the beating he took @ my hands regarding HOSTS files before on /. here, as it's where I got Kalriath to run away from disproving the numerous points I listed in favor of HOSTS files, and where I got Kalriath to ADMIT THE SAME AS MICROSOFT'S OWN MGT. HAD TO VS. MYSELF ON THE SAME POINTS

(Microsoft's own senior mgt. of their "Windows Client Performance Division" in FOREDECKER to admit the same -> That using a smaller file (by using smaller blocking addresses in HOSTS files) will result in BETTER HOSTS FILE PERFORMANCE):

Here http://it.slashdot.org/comments.pl?sid=1687452&cid=32694426 [slashdot.org]

and

Here http://it.slashdot.org/comments.pl?sid=1687452&cid=32632240

(That's what this reaction in my P.S. of his is about, since he's now caught in the fact he likes to "troll" my posts on HOSTS files)

APK

P.S.=>

"apk, really. Let it go, you're not doing yourself any favours." - by Kalriath (849904) on Monday December 13, @03:21PM (#34538324)

You followed me into another HOSTS file post, and you have to "eat it" because you're shown not only trolling me here before on HOSTS files posts I do, but also that you royally "MESSED UP LARGE" on them, having to admit my points are right!

(You, & right along with Microsoft's own people too, also having to admit my points on HOSTS files are indeed, correct!)

---

"Stop. Just... stop." - by Kalriath (849904) on Monday December 13, @03:21PM (#34538324)

Why don't you take your own advice, you're the one that gives yourself this beating by following around my posts on HOSTS and you get disproven on every so called "point" you make and you run in the end (until you do it again that is, like today)...

See the 2 urls above, to anyone else reading, this isn't a "1st" for Kalriath on my posts on HOSTS files, & he did just as poorly here as per his usual! apk

Pop Caps For Your Music

[hennyjack]

website: http://www.voguecaps.com/ http://www.handbagsexport.com/ Kinds of name brand hats and caps on http://www.voguecaps.com/ 49% discount now! They are nice gifts for you, your friends and your families. If you order more than 100 pieces a time, we will give you big discount and do free shipping. If you want to make money, we are your first choice, you can resell our hats and t-shirts at your local place. We can assure that you will make a lot of money every month, as our quality is nice and price is good, too. We have a lot of customers from USA, Canada, UK and Holland. We also do customized hats, you are welcome to contact us. http://www.voguecaps.com/ monster energy army http://www.voguecaps.com/ monster energy caps http://www.voguecaps.com/ monster energy new era hats http://www.voguecaps.com/ monster energy hats http://www.voguecaps.com/ Valentino Rossi hats Kerakoll Monster http://www.voguecaps.com/ Valentino Rossi Caps Kerakoll Monster http://www.voguecaps.com/ Monster Kerakoll Hats http://www.voguecaps.com/ Kerakoll monster Hats http://www.voguecaps.com/ monster energy drink hats http://www.voguecaps.com/ monster energy rally team usa hats http://www.voguecaps.com/ monster energy subaru hats http://www.voguecaps.com/ red bull hats

Good for them

[bryan1945]

Give the gov their code and expect it spread on the internet the next day. (Yeah, I have a lot of faith in the gov'ment)