This is not Wikipedia. If you want a citation just ask for one. Before you do that you are expected to do a bit of searching. However, since you are probably just going to go on whining, here's your citation. I'm not a qualified climate scientist so I can't tell you if it's true or not. However the same is certainly true of all the people who are going to come running in to tell us how it is completely made up.
What if the URL triggers, for example, a slashdot posting then you use another external Javascript interpreter to gather all the results. Sort of map-reduce. Incredibly inefficient but you don't have to pay so who cares? Even better if some xss our similar attack on a Web site can be used to parcel out the work.
It seems to me though that there's no reason to limit this to googlebot any Javascript interpreter will do.I'm surprised if nobody from the blackhat community doesn't have this up and running for password cracking or similar.
As wbr1 said, in democratic societies, there was no legal mechanism to do such seizure outside of a specific accusation.
However, it's more than that. There has been no practical mechanism to monitor all communications. Even if you could gather and record all of the phone calls of all of the people, you couldn't use it. Someone would have to sit down and listen through every conversation you wanted to find out about. You had to target specific groups.
Modern technology means that you can gather every email anyone ever read into an indexed searchable archive. You can then, at your leisure, make connections and links between different people. You want to "persuade" someone to cooperate? Find a crime his grandparent committed and then threaten to lock the grandparent away for the rest of their life if your target doesn't do what you want. Want to blackmail someone? Go look through everything that everyone else ever said about them, even if it wasn't sent to your mark.
The internet is different simply because it is possible to monitor it. The whole thing. That has never happened before.
Replying to myself; I misread your (grandparents) comment. I don't totally agree that ARM+Intel=cross platform (what about MIPS and Power at least), but generally your comment was right.
Why tags? How about Chrome Native Client the equivallent to ActiveX?
Native Client is equivalent to ActiveX in the same way that Google's evil is equivalent to Microsoft's; only occasionally and mostly by accident.
ActiveX requires your code to be signed by Microsoft; Native client works for anyone.
ActiveX fully trusts the code delivered; Native client aims to 100% sandbox it.
ActiveX is single OS / Single architecture; Native client is trying to become cross platform.
ActiveX was a closed single vendor system; Native client is pretty open and competitors could easily use it if they wanted.
I think Native Client is a bit of a misguided experiment. I worry that a sandbox implemented directly on so many different physical processors will have great difficulty being secure. However, it's not that they aren't aware of these worries and aren't trying to take them into account.
Every time that someone tries to say that "Microsoft is not as evil as they used to be" remember that they keep trying to add features from the above ActiveX list into their new ARM based Windows. Neither Apple nor Google will ever be as sneakily anti-customer, anti-consumer and anti-humanity as Microsoft is. Not even if their management specifically sets out to be.
They stopped sending cakes to Mozilla when they switched to the fast release model for Firefox.....
We have a winner. Finally an explanation for the Firefox upgrade policy. Some girl (transgender model wannabe according to your preference) in the office who felt she(?) was getting fat with all the cakes got a message like this
George; you know this new fast updates policy; it may be a good longterm strategy but we shouldn't do it until we have safe transparent upgrades. Anyway, I like the cakes Microsoft sends and they'd have to stop if we did that LOL...
and changed it to:
George; you know this new fast updates policy; we should go straight on with it and not wait for the safe transparent upgrades. Also Microsoft will go bankrupt if they have to send so many cakes LOL...
Maybe? But I'd rather have a third company who didn't earn money selling me to advertisers, supplying my browser.
The crucial thing about this is that you can. Firefox is very compatible with Chrome. Safari is extremely compatible with Chrome. Chromium and it's various derivatives are ultra-compatible with Chrome. Each of those choices is still available and will work fine with sites designed for Chromium in a way in which sites designed for Internet-Explorer never will.
The crucial thing is that now, when some idiot running a stupid little web service you depend upon says "I only want to test for one web browser and Internet Explorer is 90% of the market anyway" you can give him hard solid facts like "well, actually Chrome is leading, and it's where the market is going" and then suggest "you don't want to be left behind, do you". If he starts testing for Chromium you will get most of the rest along with you. Certainly you will get Chromium and it's derivatives and certainly, once the idiot gets switched out to senior management, you will find it easier to get his successor to allow other browsers as well.
It's an extremely limited edition, "exclusive", babe magnet type of thing. They are so "hipster" that there is absolutely no way to tell them from the normal ones, even with microscopic analysis from the original processor manufacturer. In fact the only way that people can tell you have one is by your visible and totally cool lack of need to express your extra smugness.
If you want one just, I'll tell you my bitcoin account and sell you one (embedded in a Samsung smartphone) for the equivalent of 12500 CHF at time of posting (add an extra 10% just to be on the safe side). If you want to keep your personal details secret so that you don't have to cope with too many screaming groupies surrounding your house then please just say so and I'll put up a PGP public key you can send your message to. Just to be clear: if it worries you that this might be an unsafe way to purchase such an exclusive phone from a random Slashdot UserID, you clearly can't afford it.
N.B. First fifty purchasers only. The rest just lose their cash (absolutely no returns). But you are a winner and you surely won't be one of them. Declare your interest now or just be the one that was too late for the rest of your life.
ASLR has often been found wanting. It is not a primary security layer, just a backup defence when the other layers fail.
none of these facts are even relevant to the discussion.
so YES YOU CAN screw the boot sector by simply writing to the correct memory address (which since we are talking hundreds of thousands of identical handsets isn't hard)
The thing you want to look up is memory protection. This is before we even start discussing the.NET runtime which is what should be providing the protection against hostile code running in user owned memory space on a Microsoft environment, which is what we were discussing.
I will now just quote part of your post, putting beside each other two different things you said:
the engineers at Google they are idiots since they are doing the EXACT SAME THING as MSFT?
[.....]The ONLY difference between MSFT's version and Google's is that Google has a "dev mode" that will cripple the security
Ah yes, the engineers at Google are doing the "EXACT" same thing except it's different. Yes. Not "a very similar thing". Not even "the same thing" but "the exact same thing". But different. I think I have a tip for you from a real actor.
But hey, what can one expect with troll in their name except trolling.
Given the quality and hilarity of your post; I guess I should take it up full time and not just when people fail to read the article. I thought you guys were professionals.
Strangely, the largest 'externality' you bring up us the following: if facebook ceases to exist, it will no longer provide all the benefits we have grown accustomed to. This is akin to saying that an externality of a car is that you may not be able to repair it in the future.
You've misunderstood me slightly. The externality is that due to the existence and use of Facebook, people will not be prepared for the use of other communication systems like the phone system or email. When Facebook fails those other services will also fail. Not just Facebook failing to provide service, but other services failing because Facebook fails.
Specifically; some of those other services, like the telephone system have been carefully designed to be reasonably reliable and rapid to restore even in problem situations. If Facebook leads to them not being used they won't be ready if they are needed.
The only finite negative externality that I can think of (other than green house gas emitted by FB server farms) is that some people are denied employment based on their facebook profile, although the employers that do the denying may consider this a positive externality.
There are of course lots more than that. People who don't want to be located are located because of their facebook profiles (battered women etc.). People have unprotected sex who otherwise wouldn't have. People go to parties and drink too much. People end up murdered. Let's keep this in proportion. These are normal things that come because of communication; lots of good things and lots of bad things; as such they are not Facebook's responsibility and shouldn't be when it becomes a proper common carrier.
Anyways, Facebook will likely never be the one-stop-shop for online communication. Email, blogs, twitter, and thousands of other services are growing in popularity even as Facebook continues to grow, meaning that many of facebook users are also users of G+, tumblr, instagram, etc... What this seems to prove is that people tend toward decentralization autonomously.
I hope you are right and this is why I don't think there should be specifically Facebook directed legislation now. However it's certainly something which people should study and watch. For example, if people do start relying on facebook for communication, merely pointing the dangers out to some of the bigger companies might lead to them insisting on backups being provided. However, if this does get out of control some kind of regulation might be a good idea. It certainly shouldn't be ruled out now because that would give Facebook even less incentive to behave sensibly than they already have.
On the other hand, facebook would love government regulations that dictated every policy it has and how it must be implemented. There is nothing better than a rat maze beaurocracy to stifle Facebook's next startup competitor.
Very simple to handle; "any service with more than two hundred million active users must within one year of reaching that subscriber number... "
They lock it on ARM for the same reason Google does it with ChromeOS, because if you can just bypass the boot security on a mobile device ALL security is as easy to bypass as "Hey want a free copy of "Plants VS Zombie" well just run this!" which then installs itself into the boot and ur pwned.
What's interesting about the Microsoft associates on this site is how ignorant they are about computing, even their own operating systems.
There's this principle of having different execution contexts which is implemented (among other places) in the NT kernel at the heart of Windows operating systems. This is just as applicable in a mobile environment under ARM as anywhere else. You can mark one context as "administrator" which has access to the boot loader and another context as "user" which doesn't. This means that even if the user runs the "Plants VS Zombie" trojan it will not be able to take over the system, just the single user account. You can then provide a simple "restore to defaults" function which restores the user's account or even you can provide a proper anti-virus solution which runs in the administrator context but cleans up the user's context. This allows us to set up concept known as "defence in depth" where there is more than one layer of security protecting your system and you can even opt out of certain security features that aren't suitable for your application without compromising your overall security.
The great thing about using multiple execution contexts is this is that it can even be layered over a secure boot mechanism which is part of why Google ChromeOS is able to have a secure boot mechanism and still allow you to take total control of your system safely. Some systems like Red Hat Enterprise Linux and Fedora even provide multiple security contexts within one user context through advanced mechanisms like SELinux. For normal users this works out of the box, but if you want to achieve special effects there can be some considerable time investment. I'd advise you to install a new version of Fedora and spend the next ten years or so building custom secure execution environments so that you can keep yourself entertained for life.
Any company whose profit is distributed unfairly should be sized and turned over to the public sector where it will be administered to best fit the interests of the proletariat.
nice straw man...
really people, let the free market work. If Facebook does go down catastrophically, then it will show people that open standards are indeed necessary. Much like how Microsoft now uses an XML based format as its default document format after consumers threatened to run when they realized that their old corrupted documents were unrecoverable.
First; minor point; Microsoft moved to XML because XML was adopted by Open Office and then XML was written into government acquisition requirements by some misguided people who thought (pretended to think?) that this would be sufficient to guarantee open data access. Consumer demand and the (government independent) free market had little to do with this compared to the importance of open access legislation.
The free market is an abstract model not a real thing. Given network effects and the effect of plain luck, it's very plausible for a society to grow up which is completely dependent on Facebook for all sorts of communication and which collapses completely when Facebook is attacked, e.g. at the start of a war. In some sense this would be the free market functioning; competitive North Korean communism would be replacing uncompetitive unplanned North American captialism, but that's not what most of us mean by the free market.
The main thing you need to understand is externalities. Up until a year or so ago the externalities of Facebook were small on the scale of e.g. the US economy. Now, large amounts of commercial communication begin to depend on Facebook. Your farmer may stay in touch with purchasers through Facebook and, in some cases may already only have a Facebook contact. Continue this a little and people may actually starve to death if Facebook fails. This is a risk which doesn't cost Facebook anything. If Facebook fails they are failed anyway so won't (as a company) benefit from the world continuing. If he even thinks about this stuff, Mark Zuckerberg will be able to go to one of his friends private islands.
The government doesn't have to get big time in the way; they do have a responsibility, once something becomes "critical infrastructure" to ensure that it is safe, secure and reasonably protected. A very useful part of that is having "open standards" and ensuring that multiple companies can provide the same service. Doing that you even, artificially, create something like a free market in which ideas like yours might begin to work.
No; real world equivalent; there are a bunch of possible terrorists wandering around the airport carrying things that look like bombs but you don't know if they really are or how they are triggered. Your visiting security experts have identified a few of them but you know there are many more. You quickly work out that the terrorists can go in and out of the building at will completely bypassing the security gate and have been doing so for weeks on end, but you don't know how. You tell the guy in charge of the security thugs at the door not to alert the terrorists until you have time to get back up and hopefully wait for a quieter gap between flight arrivals.
This is a situation in which these sorts of tactics would be neither easy nor appropriate.
Your original statement was
A gun to the head of a trusted party blows a hole in just about any security measure.
Which I understood as saying the methods I mentioned don't exist. If there's a calculated decison to take a risk then I have no problem with that. If security measures have been investigated (that even means simply "discussed") analysed (that even means "thought about") and rejected as to expensive or inappropriate then I am actively happy. I just don't want this to pass with people thinking that there are no security measures which apply.
You are talking about political activists, not spies or terrorists. Further, there was nothing in the article to suggest that the compromise was not compartmentalized. Cells are still compromised if a trusted party within the cell is compromised, even if everything is organized as it should be. The assertion is that somehow the reliance of security on trust can be alleviated while still maintain a functioning network. That simply isn't true. Even with strict compartmentalization you still need to trust people, just fewer of them. Getting back to my point about the appropriateness, such an organizational structure creates significant inefficiencies. For example, if messages need to be propagated quickly to all nodes. Remember that this is a covert rather than clandestine operation.
There are plenty of ways to work around this; widely distributed keys which change regularly; broadcast of information through the foreigh press and radio. People who are taking on a government should seriously think about the risks involved and should choose security measures which fit their needs and activities. Sometimes there are none, and they just have to stand in the middle of a square and be shot as martyrs. I'm not saying that's wrong, just that I'd like them to not be doing it by mistake. In fact it's worth more if they have made a concious choice and still take great risks.
I'll ignore your "shoot the messenger" parts with nothing more than a comment that the vitriol against people gets stronger on Slashdot the more they point out home truths about Microsoft's favorites.
There were plenty of oth er sources showing the N9 outseling the Lumias.
Isn't it a pity that you can't cite any of them here to save a good truthy-sounding story?
This isn't Wikipedia and I am not your market research organisation. This has been widely reported in the press Europe wide and a little bit of basic Googling will find it easily. However, since I know you won't give it up, here is a good example and here is the quote you really want:
Internet Marketing Services opines that the sales figure for Nokia N9 have been much higher comparing to Lumia so far in spite of a higher price. The report also suggests that the success of N9 in the market can easily be attributed to its superior features. Though these two phones look almost similar, N9 has many more features in it.
Given that the Lumia 900 has been given away for free in the US to AT&T customers
Being obliged to pay into a two-year contract or pay an early termination fee does not really qualify as "free".
Actually it does; for two reasons. Firstly, if the customers were really counting the total price, it would make no sense to do phone subsidies. The fact they work and are done by operators is a pretty clear sign that customers care about the headline price. Secondly the customers normally want a contract anyway. They discount that from the deal and so the actual price of the phone is what they compare.
Still, it's pretty clear that, unless Nokia steps up to refute it, Nokia is hiding sales figures it should have been publishing and those sales figures would have shown the N9 ahead of the Lumia phones.
Really? I don't think Nokia has an obligation to publish sales figures for any particular device. They tend to especially dodge it if the sales have been unremarkable.
No matter what the values are; the numbers which determine which strategy Nokia should persue seem pretty worthy of remark to me. If they were positive for the Windows strategy they would be published immediately just as the Lumia 900 initial week sales were. Notice how the more recent sales have not been mentioned at all.
"Give me all your money; I will invest it in trading pigs with the carribean. They pay lots of money for pigs and we are sure to get everything back double."*
* This is a forward looking statement; the price of pigs may go up as well as down. If the boat with pigs goes down you may lose everything"
Then I take your money and instead gamble away most of it on horses and spend the rest on hookers and drugs.
Can you understand why my disclaimer wouldn't protect me? It isn't enough to just put up random disclaimers. I also have to tell the truth as I understand it and then attempt to follow reasonable actions using reasonable precution. Eliop definitely doesn't seem to be doing that to me. Putting the entire company's future on a new mobile platform from a company that has repeatedly failed to deliver a working one seems extremely unreasonable. Giving one of the best mobile phone engineering organisations in the business to Accenture seems downright irresponsible.
WP7 might fail and it might not, but to assume that MS and Nokia should just give up because they can't take over a market in one year is, well, pathetic.
a) Nokia's interest is not the same as Microsoft's. Nokia should give up because Windows Phone will not become profitable within the time scale that they need to save the company (approx one year). Microsoft needs Windows Phone to save Windows. Microsoft makes all it's money from Windows and Office and will die as a company if they can't be protected. A space like Android or iOS without those is large enough for a competitor to grow up so Microsoft needs Windows phone if nothing else for the leverage. Also Microsoft is targetting the Mobile operators for profit stripping so they need a system from which they can prove their service side like Skype works. Windows phone provides that and makes it impossible for Apple to claim that Microsoft applications don't work.
b) Nokia doesn't even have to give up. They just have to hedge their bets by making sure that they have an Android based system ready to go. At some time soon, the next month or so would be good; they just have to start producing that under a different brand from their "Lumia" handsets and gradually drop the "Nokia" part from the Lumia phones. They can sell off the Lumia production to Microsoft who simply could not afford to have it stop (see a) above) and so would be easy to "persuade" to part with a decent amount of money to avoid the embarassment of that happening. Probably this sale would have to be structured in a way which didn't make it obvious what was happening, but it would go through none the less.
And yet the N9 sold more than the Lumias, despite having limited market presence, few apps and no future whatsoever.
If you repeat this urban myth a hundred times, it will become even more truthy.
Firstly; the claim is for the period from Lumia launch until Christmas and then a second claim for Q1 2012. The thing is; if this isn't true then there are a bunch of people, working for Nokia, who know the exact numbers and could just publish them tomorrow. If this is an "urban myth" then it's something causing Nokia damage and they simply have a duty to publish. As long as they do it to the press and with Nokia internal approval there is nothing legal or moral to stop them. The fact that they choose not to do this speaks very clearly about how true this rumour is.
More importantly than that; one of the most important sources for this "rumor" is Tommi Ahonen who is a) a former Nokia executive b) a consultant who makes his money solely from his experties in this area and c) the only analyst to consistently and correctly predict Nokia's market share, sales and profits (he was over-optimistic with profits; but still the lowest estimate going) over each of the recent quarters.
There were plenty of other sources showing the N9 outseling the Lumias. Also, given that the N9 got much better reviews than the Lumia phones in markets where both were available, this was hardly surprising. What was wierdest was, whilst this was happening the Nokia spokesmen, who had access to the official numbers, were continually pointing to unheard of third party figures such as one specific Duch operator.
Given that the Lumia 900 has been given away for free in the US to AT&T customers who were given practically no other option, at the same time that N9 sales were practically banned it's figures must now be higher than the N9's. Still, it's pretty clear that, unless Nokia steps up to refute it, Nokia is hiding sales figures it should have been publishing and those sales figures would have shown the N9 ahead of the Lumia phones.
How is this any different than the government knowing his Skype password? A gun to the head of a trusted party blows a hole in just about any security measure. Basically you are counting on that person sacrificing their life to maintain the trust. That's a tough sell.
This is simply not true. There are a bunch of standard security mesaures designed for exactly this situation. Use a cell structure so that each person only knows and works with a very small number of people. When introducing a person to the organisation, the first persion they meet knows them personally, becomes their "handler" and assigns a pseudonym. Everybody else knows only the pseudonym. Never keep a membership list. Ensure that communication gateways are located outside the country; run by experienced and knowledgable security fanatics and only deal in pseudonyms.
These measures are the basis of many stories from the second world war and have been widely discussed since. Failing to use them where easy and appropriate is unacceptable.
When Obama starts looking the other way to the mobile raping vans to silence activist women and sends in the army to level neighborhoods of political undesireables, and we're all working at the new minimum wage of $4 an hour, I might be willing to entertain the idea that we're in the same boat as activists in Syria.
When that happens it will be far too late to react. In fact the western monitoring laws are probably a good thing since they now force us all to act more toward cryptography which will trickle down to our Syrian friends.
And besides, the President can argue that until he's blue in the face -- without congressional support, it's dead on arrival. Tell me, do you even know who your congressional representatives are? You're directing all this anger at a man who is nothing more than a figurehead while the people actually responsible for the decision go unnoticed.
Now; there is wisedom. Having said that; the monitoring already on the books is pretty much much enough; Obama has plenty of power to limit or abuse and doesn't seem to want to use the limiting part. What this does say is that congress has to explicitly take power away from the US presidency no matter who is in control there.
What you say is true but isn't directly practical. Assume they are normal computer illiterate activists. Assume their computers get hacked. Now the secret police know exactly who sent which message and can link pseudonyms to people. How do you advise the activists to work so that this doesn't happen? There are ways that may be reasonable for a normal person, but they probably need training. In real life, cryptography is probably a good idea, but can fail badly. Something as simple as training activits to use an Ubuntu liveCD during encryption/decryption might provide real aprotection. I'll bet almost nobody understands when and why to do that.
Again, it's quite easy for you to criticize from your comfortable life in a country thousands of miles away.
The problem here is that there seem to be a bunch of arm chair cryptographers who are advising these Syrian activists. It would be really really appreciated if those people that are doing this would try to understand the real consequences to real people and give some really careful advice about how to be more seriously secure.
I you trust no one you can never form any groups. You eventually have to trust someone.
The actual statement you were responding to was you never trust anyone completely.. That's a really really good thing. In fact; and this is where our "arm chair" advice is really breaking down; you should never trust even yourself completely.
If you do not have a list of the members of your organisation then you can not give it away; even under extreme torture
If your members seldom tell each other where they are, except on need, then the secret police will find it more difficult to pick them up.
if you poison your membership list with names of secret policemen, your enemies may pick up the wrong people (be very careful you don't end up telling them your plans:-) )
If you know who knows what it is easier to work out where your information is leaking from.
etc
Look at the IRA's cell structure which ensured that an arrested member should not know the names of more than those in his own cell. Basically we are talking about things like proper information security; assuming that your own computer is compromised by definition; using different levels of security, both in the computer and in code words and other things which mean that it's not just the computer you rely on.
What this is all talking about is limiting and reducing the need for trust. Ensuring that you limit damage. This seems to be a real problem with modern electronic activists.
Slashdot Mirror
This is not Wikipedia. If you want a citation just ask for one. Before you do that you are expected to do a bit of searching. However, since you are probably just going to go on whining, here's your citation. I'm not a qualified climate scientist so I can't tell you if it's true or not. However the same is certainly true of all the people who are going to come running in to tell us how it is completely made up.
It seems to me though that there's no reason to limit this to googlebot any Javascript interpreter will do.I'm surprised if nobody from the blackhat community doesn't have this up and running for password cracking or similar.
As wbr1 said, in democratic societies, there was no legal mechanism to do such seizure outside of a specific accusation.
However, it's more than that. There has been no practical mechanism to monitor all communications. Even if you could gather and record all of the phone calls of all of the people, you couldn't use it. Someone would have to sit down and listen through every conversation you wanted to find out about. You had to target specific groups.
Modern technology means that you can gather every email anyone ever read into an indexed searchable archive. You can then, at your leisure, make connections and links between different people. You want to "persuade" someone to cooperate? Find a crime his grandparent committed and then threaten to lock the grandparent away for the rest of their life if your target doesn't do what you want. Want to blackmail someone? Go look through everything that everyone else ever said about them, even if it wasn't sent to your mark.
The internet is different simply because it is possible to monitor it. The whole thing. That has never happened before.
Replying to myself; I misread your (grandparents) comment. I don't totally agree that ARM+Intel=cross platform (what about MIPS and Power at least), but generally your comment was right.
That's old information. The version under development allows a portable representation.
Why tags? How about Chrome Native Client the equivallent to ActiveX?
Native Client is equivalent to ActiveX in the same way that Google's evil is equivalent to Microsoft's; only occasionally and mostly by accident.
I think Native Client is a bit of a misguided experiment. I worry that a sandbox implemented directly on so many different physical processors will have great difficulty being secure. However, it's not that they aren't aware of these worries and aren't trying to take them into account.
Every time that someone tries to say that "Microsoft is not as evil as they used to be" remember that they keep trying to add features from the above ActiveX list into their new ARM based Windows. Neither Apple nor Google will ever be as sneakily anti-customer, anti-consumer and anti-humanity as Microsoft is. Not even if their management specifically sets out to be.
They stopped sending cakes to Mozilla when they switched to the fast release model for Firefox.....
We have a winner. Finally an explanation for the Firefox upgrade policy. Some girl (transgender model wannabe according to your preference) in the office who felt she(?) was getting fat with all the cakes got a message like this
and changed it to:
Maybe? But I'd rather have a third company who didn't earn money selling me to advertisers, supplying my browser.
The crucial thing about this is that you can. Firefox is very compatible with Chrome. Safari is extremely compatible with Chrome. Chromium and it's various derivatives are ultra-compatible with Chrome. Each of those choices is still available and will work fine with sites designed for Chromium in a way in which sites designed for Internet-Explorer never will.
The crucial thing is that now, when some idiot running a stupid little web service you depend upon says "I only want to test for one web browser and Internet Explorer is 90% of the market anyway" you can give him hard solid facts like "well, actually Chrome is leading, and it's where the market is going" and then suggest "you don't want to be left behind, do you". If he starts testing for Chromium you will get most of the rest along with you. Certainly you will get Chromium and it's derivatives and certainly, once the idiot gets switched out to senior management, you will find it easier to get his successor to allow other browsers as well.
It's an extremely limited edition, "exclusive", babe magnet type of thing. They are so "hipster" that there is absolutely no way to tell them from the normal ones, even with microscopic analysis from the original processor manufacturer. In fact the only way that people can tell you have one is by your visible and totally cool lack of need to express your extra smugness.
If you want one just, I'll tell you my bitcoin account and sell you one (embedded in a Samsung smartphone) for the equivalent of 12500 CHF at time of posting (add an extra 10% just to be on the safe side). If you want to keep your personal details secret so that you don't have to cope with too many screaming groupies surrounding your house then please just say so and I'll put up a PGP public key you can send your message to. Just to be clear: if it worries you that this might be an unsafe way to purchase such an exclusive phone from a random Slashdot UserID, you clearly can't afford it.
N.B. First fifty purchasers only. The rest just lose their cash (absolutely no returns). But you are a winner and you surely won't be one of them. Declare your interest now or just be the one that was too late for the rest of your life.
What is sad is how little you seem to know about ARM which has no ASLR except in ICS and it has been found wanting
ICS is an operating system version.
There is no ICS version of ARM.
so YES YOU CAN screw the boot sector by simply writing to the correct memory address (which since we are talking hundreds of thousands of identical handsets isn't hard)
The thing you want to look up is memory protection. This is before we even start discussing the .NET runtime which is what should be providing the protection against hostile code running in user owned memory space on a Microsoft environment, which is what we were discussing.
I will now just quote part of your post, putting beside each other two different things you said:
the engineers at Google they are idiots since they are doing the EXACT SAME THING as MSFT? [.....]The ONLY difference between MSFT's version and Google's is that Google has a "dev mode" that will cripple the security
Ah yes, the engineers at Google are doing the "EXACT" same thing except it's different. Yes. Not "a very similar thing". Not even "the same thing" but "the exact same thing". But different. I think I have a tip for you from a real actor.
But hey, what can one expect with troll in their name except trolling.
Given the quality and hilarity of your post; I guess I should take it up full time and not just when people fail to read the article. I thought you guys were professionals.
Strangely, the largest 'externality' you bring up us the following: if facebook ceases to exist, it will no longer provide all the benefits we have grown accustomed to. This is akin to saying that an externality of a car is that you may not be able to repair it in the future.
You've misunderstood me slightly. The externality is that due to the existence and use of Facebook, people will not be prepared for the use of other communication systems like the phone system or email. When Facebook fails those other services will also fail. Not just Facebook failing to provide service, but other services failing because Facebook fails.
Specifically; some of those other services, like the telephone system have been carefully designed to be reasonably reliable and rapid to restore even in problem situations. If Facebook leads to them not being used they won't be ready if they are needed.
The only finite negative externality that I can think of (other than green house gas emitted by FB server farms) is that some people are denied employment based on their facebook profile, although the employers that do the denying may consider this a positive externality.
There are of course lots more than that. People who don't want to be located are located because of their facebook profiles (battered women etc.). People have unprotected sex who otherwise wouldn't have. People go to parties and drink too much. People end up murdered. Let's keep this in proportion. These are normal things that come because of communication; lots of good things and lots of bad things; as such they are not Facebook's responsibility and shouldn't be when it becomes a proper common carrier.
Anyways, Facebook will likely never be the one-stop-shop for online communication. Email, blogs, twitter, and thousands of other services are growing in popularity even as Facebook continues to grow, meaning that many of facebook users are also users of G+, tumblr, instagram, etc... What this seems to prove is that people tend toward decentralization autonomously.
I hope you are right and this is why I don't think there should be specifically Facebook directed legislation now. However it's certainly something which people should study and watch. For example, if people do start relying on facebook for communication, merely pointing the dangers out to some of the bigger companies might lead to them insisting on backups being provided. However, if this does get out of control some kind of regulation might be a good idea. It certainly shouldn't be ruled out now because that would give Facebook even less incentive to behave sensibly than they already have.
On the other hand, facebook would love government regulations that dictated every policy it has and how it must be implemented. There is nothing better than a rat maze beaurocracy to stifle Facebook's next startup competitor.
Very simple to handle; "any service with more than two hundred million active users must within one year of reaching that subscriber number... "
I can see XKCD has also damaged your mind.
Are you kidding? There are no Ubuntus in basements! They go only from Slackware up.
What's above Slackware? OpenBSD? Do it Yourself Linux? Certainly not FreeBSD, Gentoo, etc.
They lock it on ARM for the same reason Google does it with ChromeOS, because if you can just bypass the boot security on a mobile device ALL security is as easy to bypass as "Hey want a free copy of "Plants VS Zombie" well just run this!" which then installs itself into the boot and ur pwned.
What's interesting about the Microsoft associates on this site is how ignorant they are about computing, even their own operating systems.
There's this principle of having different execution contexts which is implemented (among other places) in the NT kernel at the heart of Windows operating systems. This is just as applicable in a mobile environment under ARM as anywhere else. You can mark one context as "administrator" which has access to the boot loader and another context as "user" which doesn't. This means that even if the user runs the "Plants VS Zombie" trojan it will not be able to take over the system, just the single user account. You can then provide a simple "restore to defaults" function which restores the user's account or even you can provide a proper anti-virus solution which runs in the administrator context but cleans up the user's context. This allows us to set up concept known as "defence in depth" where there is more than one layer of security protecting your system and you can even opt out of certain security features that aren't suitable for your application without compromising your overall security.
The great thing about using multiple execution contexts is this is that it can even be layered over a secure boot mechanism which is part of why Google ChromeOS is able to have a secure boot mechanism and still allow you to take total control of your system safely. Some systems like Red Hat Enterprise Linux and Fedora even provide multiple security contexts within one user context through advanced mechanisms like SELinux. For normal users this works out of the box, but if you want to achieve special effects there can be some considerable time investment. I'd advise you to install a new version of Fedora and spend the next ten years or so building custom secure execution environments so that you can keep yourself entertained for life.
Any company whose profit is distributed unfairly should be sized and turned over to the public sector where it will be administered to best fit the interests of the proletariat.
nice straw man...
really people, let the free market work. If Facebook does go down catastrophically, then it will show people that open standards are indeed necessary. Much like how Microsoft now uses an XML based format as its default document format after consumers threatened to run when they realized that their old corrupted documents were unrecoverable.
First; minor point; Microsoft moved to XML because XML was adopted by Open Office and then XML was written into government acquisition requirements by some misguided people who thought (pretended to think?) that this would be sufficient to guarantee open data access. Consumer demand and the (government independent) free market had little to do with this compared to the importance of open access legislation.
The free market is an abstract model not a real thing. Given network effects and the effect of plain luck, it's very plausible for a society to grow up which is completely dependent on Facebook for all sorts of communication and which collapses completely when Facebook is attacked, e.g. at the start of a war. In some sense this would be the free market functioning; competitive North Korean communism would be replacing uncompetitive unplanned North American captialism, but that's not what most of us mean by the free market.
The main thing you need to understand is externalities. Up until a year or so ago the externalities of Facebook were small on the scale of e.g. the US economy. Now, large amounts of commercial communication begin to depend on Facebook. Your farmer may stay in touch with purchasers through Facebook and, in some cases may already only have a Facebook contact. Continue this a little and people may actually starve to death if Facebook fails. This is a risk which doesn't cost Facebook anything. If Facebook fails they are failed anyway so won't (as a company) benefit from the world continuing. If he even thinks about this stuff, Mark Zuckerberg will be able to go to one of his friends private islands.
The government doesn't have to get big time in the way; they do have a responsibility, once something becomes "critical infrastructure" to ensure that it is safe, secure and reasonably protected. A very useful part of that is having "open standards" and ensuring that multiple companies can provide the same service. Doing that you even, artificially, create something like a free market in which ideas like yours might begin to work.
No; real world equivalent; there are a bunch of possible terrorists wandering around the airport carrying things that look like bombs but you don't know if they really are or how they are triggered. Your visiting security experts have identified a few of them but you know there are many more. You quickly work out that the terrorists can go in and out of the building at will completely bypassing the security gate and have been doing so for weeks on end, but you don't know how. You tell the guy in charge of the security thugs at the door not to alert the terrorists until you have time to get back up and hopefully wait for a quieter gap between flight arrivals.
This is a situation in which these sorts of tactics would be neither easy nor appropriate.
Your original statement was
Which I understood as saying the methods I mentioned don't exist. If there's a calculated decison to take a risk then I have no problem with that. If security measures have been investigated (that even means simply "discussed") analysed (that even means "thought about") and rejected as to expensive or inappropriate then I am actively happy. I just don't want this to pass with people thinking that there are no security measures which apply.
You are talking about political activists, not spies or terrorists. Further, there was nothing in the article to suggest that the compromise was not compartmentalized. Cells are still compromised if a trusted party within the cell is compromised, even if everything is organized as it should be. The assertion is that somehow the reliance of security on trust can be alleviated while still maintain a functioning network. That simply isn't true. Even with strict compartmentalization you still need to trust people, just fewer of them. Getting back to my point about the appropriateness, such an organizational structure creates significant inefficiencies. For example, if messages need to be propagated quickly to all nodes. Remember that this is a covert rather than clandestine operation.
There are plenty of ways to work around this; widely distributed keys which change regularly; broadcast of information through the foreigh press and radio. People who are taking on a government should seriously think about the risks involved and should choose security measures which fit their needs and activities. Sometimes there are none, and they just have to stand in the middle of a square and be shot as martyrs. I'm not saying that's wrong, just that I'd like them to not be doing it by mistake. In fact it's worth more if they have made a concious choice and still take great risks.
There were plenty of oth er sources showing the N9 outseling the Lumias.
Isn't it a pity that you can't cite any of them here to save a good truthy-sounding story?
This isn't Wikipedia and I am not your market research organisation. This has been widely reported in the press Europe wide and a little bit of basic Googling will find it easily. However, since I know you won't give it up, here is a good example and here is the quote you really want:
Given that the Lumia 900 has been given away for free in the US to AT&T customers
Being obliged to pay into a two-year contract or pay an early termination fee does not really qualify as "free".
Actually it does; for two reasons. Firstly, if the customers were really counting the total price, it would make no sense to do phone subsidies. The fact they work and are done by operators is a pretty clear sign that customers care about the headline price. Secondly the customers normally want a contract anyway. They discount that from the deal and so the actual price of the phone is what they compare.
Still, it's pretty clear that, unless Nokia steps up to refute it, Nokia is hiding sales figures it should have been publishing and those sales figures would have shown the N9 ahead of the Lumia phones.
Really? I don't think Nokia has an obligation to publish sales figures for any particular device. They tend to especially dodge it if the sales have been unremarkable.
No matter what the values are; the numbers which determine which strategy Nokia should persue seem pretty worthy of remark to me. If they were positive for the Windows strategy they would be published immediately just as the Lumia 900 initial week sales were. Notice how the more recent sales have not been mentioned at all.
Imagine I say:
Then I take your money and instead gamble away most of it on horses and spend the rest on hookers and drugs.
Can you understand why my disclaimer wouldn't protect me? It isn't enough to just put up random disclaimers. I also have to tell the truth as I understand it and then attempt to follow reasonable actions using reasonable precution. Eliop definitely doesn't seem to be doing that to me. Putting the entire company's future on a new mobile platform from a company that has repeatedly failed to deliver a working one seems extremely unreasonable. Giving one of the best mobile phone engineering organisations in the business to Accenture seems downright irresponsible.
WP7 might fail and it might not, but to assume that MS and Nokia should just give up because they can't take over a market in one year is, well, pathetic.
a) Nokia's interest is not the same as Microsoft's. Nokia should give up because Windows Phone will not become profitable within the time scale that they need to save the company (approx one year). Microsoft needs Windows Phone to save Windows. Microsoft makes all it's money from Windows and Office and will die as a company if they can't be protected. A space like Android or iOS without those is large enough for a competitor to grow up so Microsoft needs Windows phone if nothing else for the leverage. Also Microsoft is targetting the Mobile operators for profit stripping so they need a system from which they can prove their service side like Skype works. Windows phone provides that and makes it impossible for Apple to claim that Microsoft applications don't work.
b) Nokia doesn't even have to give up. They just have to hedge their bets by making sure that they have an Android based system ready to go. At some time soon, the next month or so would be good; they just have to start producing that under a different brand from their "Lumia" handsets and gradually drop the "Nokia" part from the Lumia phones. They can sell off the Lumia production to Microsoft who simply could not afford to have it stop (see a) above) and so would be easy to "persuade" to part with a decent amount of money to avoid the embarassment of that happening. Probably this sale would have to be structured in a way which didn't make it obvious what was happening, but it would go through none the less.
And yet the N9 sold more than the Lumias, despite having limited market presence, few apps and no future whatsoever.
If you repeat this urban myth a hundred times, it will become even more truthy.
Firstly; the claim is for the period from Lumia launch until Christmas and then a second claim for Q1 2012. The thing is; if this isn't true then there are a bunch of people, working for Nokia, who know the exact numbers and could just publish them tomorrow. If this is an "urban myth" then it's something causing Nokia damage and they simply have a duty to publish. As long as they do it to the press and with Nokia internal approval there is nothing legal or moral to stop them. The fact that they choose not to do this speaks very clearly about how true this rumour is.
More importantly than that; one of the most important sources for this "rumor" is Tommi Ahonen who is a) a former Nokia executive b) a consultant who makes his money solely from his experties in this area and c) the only analyst to consistently and correctly predict Nokia's market share, sales and profits (he was over-optimistic with profits; but still the lowest estimate going) over each of the recent quarters.
There were plenty of other sources showing the N9 outseling the Lumias. Also, given that the N9 got much better reviews than the Lumia phones in markets where both were available, this was hardly surprising. What was wierdest was, whilst this was happening the Nokia spokesmen, who had access to the official numbers, were continually pointing to unheard of third party figures such as one specific Duch operator.
Given that the Lumia 900 has been given away for free in the US to AT&T customers who were given practically no other option, at the same time that N9 sales were practically banned it's figures must now be higher than the N9's. Still, it's pretty clear that, unless Nokia steps up to refute it, Nokia is hiding sales figures it should have been publishing and those sales figures would have shown the N9 ahead of the Lumia phones.
How is this any different than the government knowing his Skype password? A gun to the head of a trusted party blows a hole in just about any security measure. Basically you are counting on that person sacrificing their life to maintain the trust. That's a tough sell.
This is simply not true. There are a bunch of standard security mesaures designed for exactly this situation. Use a cell structure so that each person only knows and works with a very small number of people. When introducing a person to the organisation, the first persion they meet knows them personally, becomes their "handler" and assigns a pseudonym. Everybody else knows only the pseudonym. Never keep a membership list. Ensure that communication gateways are located outside the country; run by experienced and knowledgable security fanatics and only deal in pseudonyms.
These measures are the basis of many stories from the second world war and have been widely discussed since. Failing to use them where easy and appropriate is unacceptable.
When Obama starts looking the other way to the mobile raping vans to silence activist women and sends in the army to level neighborhoods of political undesireables, and we're all working at the new minimum wage of $4 an hour, I might be willing to entertain the idea that we're in the same boat as activists in Syria.
When that happens it will be far too late to react. In fact the western monitoring laws are probably a good thing since they now force us all to act more toward cryptography which will trickle down to our Syrian friends.
And besides, the President can argue that until he's blue in the face -- without congressional support, it's dead on arrival. Tell me, do you even know who your congressional representatives are? You're directing all this anger at a man who is nothing more than a figurehead while the people actually responsible for the decision go unnoticed.
Now; there is wisedom. Having said that; the monitoring already on the books is pretty much much enough; Obama has plenty of power to limit or abuse and doesn't seem to want to use the limiting part. What this does say is that congress has to explicitly take power away from the US presidency no matter who is in control there.
What you say is true but isn't directly practical. Assume they are normal computer illiterate activists. Assume their computers get hacked. Now the secret police know exactly who sent which message and can link pseudonyms to people. How do you advise the activists to work so that this doesn't happen? There are ways that may be reasonable for a normal person, but they probably need training. In real life, cryptography is probably a good idea, but can fail badly. Something as simple as training activits to use an Ubuntu liveCD during encryption/decryption might provide real aprotection. I'll bet almost nobody understands when and why to do that.
Again, it's quite easy for you to criticize from your comfortable life in a country thousands of miles away.
The problem here is that there seem to be a bunch of arm chair cryptographers who are advising these Syrian activists. It would be really really appreciated if those people that are doing this would try to understand the real consequences to real people and give some really careful advice about how to be more seriously secure.
I you trust no one you can never form any groups. You eventually have to trust someone.
The actual statement you were responding to was you never trust anyone completely.. That's a really really good thing. In fact; and this is where our "arm chair" advice is really breaking down; you should never trust even yourself completely.
Look at the IRA's cell structure which ensured that an arrested member should not know the names of more than those in his own cell. Basically we are talking about things like proper information security; assuming that your own computer is compromised by definition; using different levels of security, both in the computer and in code words and other things which mean that it's not just the computer you rely on.
What this is all talking about is limiting and reducing the need for trust. Ensuring that you limit damage. This seems to be a real problem with modern electronic activists.