Any remote p0wn jailbreaks get squished very quickly by Apple. They really really don't like p0wn the phone attacks.
This is in strong contrast to Android, which has a great security model, but that security model is trivially bypassed when a user says "OK" to an incomprehensible permissions list provided by a random application that displays cartoon kitties or tells you what color of nail polish works best.
The basic design flaw is how key duplication/recovery is handled.
On my motorcycle (a Concours 14 with keyless ignition), to program a new key you need an existing key. The disadvantage is, naturally, if you lose all your keys, you need to replace the computer!
But its better than the alternative. On the BMW, all you need to do is plug into the OOBDII port and tell the computer "Here is the new key". This means if you lose all your keys, you don't have to buy a new computer... But it also means that anyone who can break into the car can create a key and drive off.
Except that key disclosure would cause a lot of harm.
Canonical's solution still allows you to run all your own code except the bootloader in this case. Since the bootloader itself is not locked down, you can boot anything from the bootloader.
But if they had to disclose the key, then this means Microsoft has to revoke Canonical's key, because that key would allow subverting Window's secure boot model, and now it can't be used to install without requiring user EFI reconfiguration on any PC that includes Canonical's key in its revocation list.
Well, how about that it would be revoked! Having the key would allow one to subvert Secure Boot on windows systems, so you can bet dollars-to-doughnuts that if Canonical had to release its key, Microsoft would revoke Canonical's key.
Part of the vision is that you should buy a Ubuntu system, right? In this case, Canonical is working with the OEMs to produce a certified system.
Thus if one of the OEMs screws up, Canonical does have a relationship with the product, as provider of the software, and may, under the GPLv3's "anti-TiVoization" clause, have to provide the signing key.
The expect that an OEM may screw up. In that case, their current solution will still allow users to run their own code except for the bootloader itself.
But if they used a GPLv3 bootloader, they have received advice that they might have to reveal the key when the OEM screws up, because that would be necessary for someone to provide their own bootloader.
Far better to not chance it and just avoid the GPLv3 for something that actually has a free license, rather than the significant impositions that GPLv3 attempts to impose in the name of the FSF's particular vision of "freedom".
You buy a $600 Mac Mini, drop in more RAM, then install the OS of your choice on it...
One of the things Apple does is make sure that their hardware isn't the bottom-of-the-line crap that PC OEMs use.
So yeah, with a Mac Mini, you're paying a $200 premium for the elegant packaging compared to the typical PE OEM drek of comparible specs, but you also get IO chips that don't blow dead goats.
Apple is vicious about getting the most out of their suppliers, but at the same time, they demand a level of quality out of their suppliers thats lacking in the misbegotten cess-pool that is the rest of the x86 OEM world.
Apple has always gained value from controlling the software and the hardware. How many Windows headaches are directly attributable to the @#)(*#@) hardware various OEMs use?
But the iOS success has really made it clear: Control the hardware supply chain and you can produce products (e.g. the iPad, the iPhone) that are actually cheaper than your competitor's products, as well as better.
(For those who say the iPhone is not cheaper, its that the carriers subsidize it less because the phone itself is more valuable to customers. Compare the no-contract price of a shiny new Samsung Galaxy or Windows phone vs an iPhone 4s)
Read the Oatmeal's lawyer's response. Its basically:
"You have no leg to stand on. Go away. But if you don't, know that a: The internet doesn't like this, you have been warned and b: Uhh, you never met the criteria needed for a DMCA safe-harbor defense. You don't want to start something here"
It appears (we don't have the complaint yet) that Carreon is representing JUST himself in this.
Which means it is not FunnyJunk suing, but seemingly crazy lawyer suing.
Which makes me wonder if now FunnyJunk needs to sue its own lawyer.
Its clear that this behavior reflects negatively on Carreon's client, but Carreon, if he is indeed purely Pro Se (he's his own and the only lawyer), is not actually acting on his client's behalf and is acting without his client's authorization, in ways which are damaging his client's reputation.
If the stock moves significantly up after the IPO, this means that the company did not sell enough stock.
Instead, if the price remains flat, or even goes down, this says that the IPO was priced perfectly: all the revenue from the IPO goes to the company and/or the insiders selling the shares, rather than the IPO bank backer's insiders who got the inside track on the "hot IPO"
At least the Berkeley agreement, from what I understand, is basically "Google won't datamine the EMAIL/Documents while students are still students and for 6 months afterwords, and during that time the web interface doesn't display adds".
This does NOTHING to prevent the rest of Google's horribly intrusive datamining and associating that information with student identities when the students use the Gmail web interface.
My UCSD outsourced-to-google email actually has the standard Google privacy policy on it!
Normally, Google is the service provider. Which means if they get a warrant, or a subpoena, it goes to Google, and Google can answer it however they want or are required to. For example, with some warrants, Google would be forbidden from notifying the university about the warrant, and even when Google can, they are an intermediary that gets in the way.
By making Google a school official, such warrants and subpoenas go DIRECTLY to the University's attorneys. Berkeley's outsourced-to-google mail system has the same basic language from what I understand.
Its unethical for the government to require that spammers not spam you once they get your email address. Welcome to the Paul Libertarian Randite Paradise...
Actually, it doesn't. Because I was assuming subsidized vs subsidized price, and a marginal cost of a smartphone being a $35/month after tax for the data plan (I'm assuming the person would still have a cellphone, just not a SMART phone).
In that case, the "free" phone is $840 over the contract period, but the "$200" iPhone 4S is $1040.
Companies understand this common flaw in people: People look at the monthly cost and the upfront cost, but often fail to sum the monthly cost over the lifespan.
Its why people lease cars instead of buying them: its much cheaper to buy then to lease in most cases, but the cost per month of a lease is less. (They are just left with NOTHING at the end of the lease, rather than a car!)
Its why there is "rent to own" furniture places.
Its why people buy "free" android phones or iPhone 3GSs: They don't understand that when you factor in the monthly cost over 2 years, an iPhone 4S only costs only %25 more, not infinity-more.
I'm actually surprised that game consoles only now are getting into into the "Pay a little each month, but it adds up to a lot more" scam yet.
There probably is something else here, and Sony may just using Comcast's capping as an excuse...
a) Comcast's cap is not a "cap and charge overages", but a "cap, warn, and terminate or get them to upgrade to uncapped business service": Actually enforcing the cap for Comcast is very costly, because they lose customers. This makes it far less anticompetitive than other caps, but really targeted against abuse of service.
b) Comcast's cap is reasonably large. Netflix's HD stream is ~1.8 GB/hour, and other streams are less. So a 250 GB cap is >4.5 hours of HD video a day through streaming, which is a LOT.
I have a serious problem with other ISP's much lower "Cap and Overage" model, where the goal is to use the cap to increase revenue. And such caps are far more likely to be anticompetitive.
I suspect its Sony having issues with TV networks and other interests, and they are using Comcast's cap as an excuse.
Overall, the "Customer Premises Equipment" or CPE in industry parlance, aka the user's NAT/home router and associated WiFi, is a nightmare of bad design and forever day bugs.
With Netalyzr we have been starting to probe for information about the CPE: we use UPnP to try to identify the NAT and we also do DNS queries that may indicate what software is running. The resulting picture, which we've only started to analyze, is dismal. We see NATs which are running versions of DNSmasq that were released in 2003/2004! So almost decade-old code that just never ever ever got upgraded.
I think one factor which has really changed publisher's views in the past few weeks on this issue is the success that J.K. Rowling has had selling Harry Potter online. She deliberately waited a long time before allowing eBook versions, as much to get things settled out, but the result is very clean: even Amazon just directs to the Potter site, which then links back to all the DRM'ed eReaders as well as providing direct downloads in ePub.
So she's getting most of the money (well, her and her publisher), not Amazon, she dictates the price, and is no longer affected by the Amazon Monopsony that Amazon has gained by being the most common (but not universal) ebook platform. While a buyer no longer has to worry about DRM lockin: the books they buy will read anywhere, painlessly.
Slashdot Mirror
Any remote p0wn jailbreaks get squished very quickly by Apple. They really really don't like p0wn the phone attacks.
This is in strong contrast to Android, which has a great security model, but that security model is trivially bypassed when a user says "OK" to an incomprehensible permissions list provided by a random application that displays cartoon kitties or tells you what color of nail polish works best.
Proper propaganda link, silly me, forgot the http
And in fact its non-disableable. The remote wipe is, in fact, "kill key store".
Apple's propaganda, err, whitepaper on the subject
But a flatbed is expensive, and often hard to steal (they aren't parked out on the streetcorner)
This is done with a couple hundred bucks of stuff.
Apparently not, because thats 6 people and 2 hernias to throw in a van... that thing is HEAVVVVYYYYY (having had to pick it up once)
The basic design flaw is how key duplication/recovery is handled.
On my motorcycle (a Concours 14 with keyless ignition), to program a new key you need an existing key. The disadvantage is, naturally, if you lose all your keys, you need to replace the computer!
But its better than the alternative. On the BMW, all you need to do is plug into the OOBDII port and tell the computer "Here is the new key". This means if you lose all your keys, you don't have to buy a new computer... But it also means that anyone who can break into the car can create a key and drive off.
Which is a greater attack on user freedom?
a) Not being able to change the bootloader?
b) Not being able to install on new systems without changing EFI settings because the signing key got revoked?
Canonical chose "A". Fedora chose A, too, btw, because they didn't sign grub, but built a "pre-bootloader-bootloader" to load Grub.
Except that key disclosure would cause a lot of harm.
Canonical's solution still allows you to run all your own code except the bootloader in this case. Since the bootloader itself is not locked down, you can boot anything from the bootloader.
But if they had to disclose the key, then this means Microsoft has to revoke Canonical's key, because that key would allow subverting Window's secure boot model, and now it can't be used to install without requiring user EFI reconfiguration on any PC that includes Canonical's key in its revocation list.
How is revealing the key bad?
Well, how about that it would be revoked! Having the key would allow one to subvert Secure Boot on windows systems, so you can bet dollars-to-doughnuts that if Canonical had to release its key, Microsoft would revoke Canonical's key.
Part of the vision is that you should buy a Ubuntu system, right? In this case, Canonical is working with the OEMs to produce a certified system.
Thus if one of the OEMs screws up, Canonical does have a relationship with the product, as provider of the software, and may, under the GPLv3's "anti-TiVoization" clause, have to provide the signing key.
This is "Better to avoid the problem altogether"
The expect that an OEM may screw up. In that case, their current solution will still allow users to run their own code except for the bootloader itself.
But if they used a GPLv3 bootloader, they have received advice that they might have to reveal the key when the OEM screws up, because that would be necessary for someone to provide their own bootloader.
Far better to not chance it and just avoid the GPLv3 for something that actually has a free license, rather than the significant impositions that GPLv3 attempts to impose in the name of the FSF's particular vision of "freedom".
You buy a $600 Mac Mini, drop in more RAM, then install the OS of your choice on it...
One of the things Apple does is make sure that their hardware isn't the bottom-of-the-line crap that PC OEMs use.
So yeah, with a Mac Mini, you're paying a $200 premium for the elegant packaging compared to the typical PE OEM drek of comparible specs, but you also get IO chips that don't blow dead goats.
Apple is vicious about getting the most out of their suppliers, but at the same time, they demand a level of quality out of their suppliers thats lacking in the misbegotten cess-pool that is the rest of the x86 OEM world.
Apple has always gained value from controlling the software and the hardware. How many Windows headaches are directly attributable to the @#)(*#@) hardware various OEMs use?
But the iOS success has really made it clear: Control the hardware supply chain and you can produce products (e.g. the iPad, the iPhone) that are actually cheaper than your competitor's products, as well as better.
(For those who say the iPhone is not cheaper, its that the carriers subsidize it less because the phone itself is more valuable to customers. Compare the no-contract price of a shiny new Samsung Galaxy or Windows phone vs an iPhone 4s)
Read the Oatmeal's lawyer's response. Its basically:
"You have no leg to stand on. Go away. But if you don't, know that a: The internet doesn't like this, you have been warned and b: Uhh, you never met the criteria needed for a DMCA safe-harbor defense. You don't want to start something here"
It appears (we don't have the complaint yet) that Carreon is representing JUST himself in this.
Which means it is not FunnyJunk suing, but seemingly crazy lawyer suing.
Which makes me wonder if now FunnyJunk needs to sue its own lawyer.
Its clear that this behavior reflects negatively on Carreon's client, but Carreon, if he is indeed purely Pro Se (he's his own and the only lawyer), is not actually acting on his client's behalf and is acting without his client's authorization, in ways which are damaging his client's reputation.
If the stock moves significantly up after the IPO, this means that the company did not sell enough stock.
Instead, if the price remains flat, or even goes down, this says that the IPO was priced perfectly: all the revenue from the IPO goes to the company and/or the insiders selling the shares, rather than the IPO bank backer's insiders who got the inside track on the "hot IPO"
We should have all IPOs be like this IPO.
1 however is really problematic.
At least the Berkeley agreement, from what I understand, is basically "Google won't datamine the EMAIL/Documents while students are still students and for 6 months afterwords, and during that time the web interface doesn't display adds".
This does NOTHING to prevent the rest of Google's horribly intrusive datamining and associating that information with student identities when the students use the Gmail web interface.
My UCSD outsourced-to-google email actually has the standard Google privacy policy on it!
Normally, Google is the service provider. Which means if they get a warrant, or a subpoena, it goes to Google, and Google can answer it however they want or are required to. For example, with some warrants, Google would be forbidden from notifying the university about the warrant, and even when Google can, they are an intermediary that gets in the way.
By making Google a school official, such warrants and subpoenas go DIRECTLY to the University's attorneys. Berkeley's outsourced-to-google mail system has the same basic language from what I understand.
Its unethical for the government to require that spammers not spam you once they get your email address. Welcome to the Paul Libertarian Randite Paradise...
Actually, it doesn't. Because I was assuming subsidized vs subsidized price, and a marginal cost of a smartphone being a $35/month after tax for the data plan (I'm assuming the person would still have a cellphone, just not a SMART phone).
In that case, the "free" phone is $840 over the contract period, but the "$200" iPhone 4S is $1040.
Companies understand this common flaw in people: People look at the monthly cost and the upfront cost, but often fail to sum the monthly cost over the lifespan.
Its why people lease cars instead of buying them: its much cheaper to buy then to lease in most cases, but the cost per month of a lease is less. (They are just left with NOTHING at the end of the lease, rather than a car!)
Its why there is "rent to own" furniture places.
Its why people buy "free" android phones or iPhone 3GSs: They don't understand that when you factor in the monthly cost over 2 years, an iPhone 4S only costs only %25 more, not infinity-more.
I'm actually surprised that game consoles only now are getting into into the "Pay a little each month, but it adds up to a lot more" scam yet.
There probably is something else here, and Sony may just using Comcast's capping as an excuse...
a) Comcast's cap is not a "cap and charge overages", but a "cap, warn, and terminate or get them to upgrade to uncapped business service": Actually enforcing the cap for Comcast is very costly, because they lose customers. This makes it far less anticompetitive than other caps, but really targeted against abuse of service.
b) Comcast's cap is reasonably large. Netflix's HD stream is ~1.8 GB/hour, and other streams are less. So a 250 GB cap is >4.5 hours of HD video a day through streaming, which is a LOT.
I have a serious problem with other ISP's much lower "Cap and Overage" model, where the goal is to use the cap to increase revenue. And such caps are far more likely to be anticompetitive.
I suspect its Sony having issues with TV networks and other interests, and they are using Comcast's cap as an excuse.
Overall, the "Customer Premises Equipment" or CPE in industry parlance, aka the user's NAT/home router and associated WiFi, is a nightmare of bad design and forever day bugs.
With Netalyzr we have been starting to probe for information about the CPE: we use UPnP to try to identify the NAT and we also do DNS queries that may indicate what software is running. The resulting picture, which we've only started to analyze, is dismal. We see NATs which are running versions of DNSmasq that were released in 2003/2004! So almost decade-old code that just never ever ever got upgraded.
"Someone change the combination on my luggage!" -President Skroob
I think one factor which has really changed publisher's views in the past few weeks on this issue is the success that J.K. Rowling has had selling Harry Potter online. She deliberately waited a long time before allowing eBook versions, as much to get things settled out, but the result is very clean: even Amazon just directs to the Potter site, which then links back to all the DRM'ed eReaders as well as providing direct downloads in ePub.
So she's getting most of the money (well, her and her publisher), not Amazon, she dictates the price, and is no longer affected by the Amazon Monopsony that Amazon has gained by being the most common (but not universal) ebook platform. While a buyer no longer has to worry about DRM lockin: the books they buy will read anywhere, painlessly.