What is so special about RIM security (speaking as a non-RIM user here...)?
If I have a Blackberry (or any smartphone, say Android or iPhone) don't I just point at a mail server with IMAP and pick up stuff with SSL/TLS? Are the "spies" so stupid that they wouldn't just point a a non RIM mail server?
And as mentioned above then you can start using PGP for the content as well.
On the other hand.... local news (Vancouver BC) is discussing the search for someone who embarked on a 5 day 60+km hike through the local mountains apparently without maps or GPS. Its unclear as to level of preparation or equipment etc etc. The "hike" is an ill-defined route that sees very little use and is through some of the roughest terrain we have locally. He is now more than 5 days overdue and search and rescue is of course out looking for him.
Proper preparation, proper use of the equipment. Not having it is just as stupid as having it and not knowing how or when to use it.
Well you might not want it built-in but your provider does, helps keep you locked into his service if he controls both router and access. You can't just swap adsl for cable, you now have to buy a new router too.
Why would you ever POP your mail to a single system today. That model died shortly after the year 2000!
Gmail and IMAP all the way. I read email where ever and with what ever is it hand. Windows / Chrome on the desktop. Linux / Chrome on my development system. Any browser anywhere. iPhone when I'm out. iTouch when I'm upstairs reading. iPad when I get around to buying one to replace the iTouch.
I just checked, apparently the Kindle can be used to do email ("by going to your email providers mobile website. E.g. m.gmail.com").
Not that gmail is perfect. I actually did get a spam email just last week.
I don't know why you assume that it will require communicating with HP's email server....
It would be trivial to just enter an email address and server name into the printer, then select imap/pop... It could be on gmail, hotmail, your local intranet, whatever...
The tricky bit is making sure you know what file format, what printer options, and have some minimal authentication. But none of that rises much above simple scripting or at worst a simple app. E.g. a PDF or similar attachment. Plus an XML file for the rest.
These type of gateways have been around for decades. The only new part is building it into the printer.
Look at what the intense lobbying and marketing going into anti-drunk driving. The best example being MADD (Mothers Against Drunk Drivers.) To (rightly) save +10,000 people a year from being killed.
Once we have robotic controlled cars that can reduce traffic accidents by a suitable amount there will be a similar incentive to get rid of the bad driving of humans. Think MAHD (Mothers Against Human Drivers.) And I think saving another 10,000 plus people a year and further reducing insurance rates etc will make it worth it. People will be able to work or entertain themselves during their commute instead of trying to multi-task and get into accidents.
All I need is your device ID and I can sell 90 days of use of my app. And at any point in time I can only have 100 active users (I think I can delete old users... hmm have to check that, might be a flaw in my business plan if have to buy a new developers license after 100 sales.)
Well it depends, there are some scenarios where the Large Hadron Collider could prove some physicists wrong but we wouldn't be around to note their embarrassment.:-)
Fortunately this appears have a close to zero probability with a lot of reproducible experimental proof behind it.
And, ahem, absolutely, not even one, respectable scientist, anywhere, has come out and challenged some of the assumptions or ethics of the IPCC and Climategate mob.
Quoting Judith Curry: "When I first read the [Oxburgh] report, I thought I was reading the executive summary and proceeded to look for the details; well, there weren't any."
The IPCC and various scientists involved started an intensely political process and now they are surprised, simply surprised, that politicians will use political processes to fight for their constituencies. I'm not defending either side, but possibly they deserve each other.
Apple does not want 3rd party API's as they are a vector for malware. If a security problem is found in their (Apple's) software it will be fixed and pushed out quickly. There is no guarantee that would happen with a 3rd party product.
Also, a single app with a problem can be withdrawn from the App store (and possibly disabled pro-actively in customers iPhones)
Think of the fallout if a flaw in a widely used 3rd party API was found and Apple had to withdraw ALL of the app's that used it. A popular API (e.g. Flash) could involve thousands of app's. Leaving them available and running on customer units leaves the flaw available and Apple possibly liable for damages. Pulling the apps probably gets Apple widely abused (especially in Slashdot.)
Microsoft is taking years to get back control of Windows, introducing code signing and gradually making it required, adding in security after the fact, etc.
Apple is keeping the iPhone environment secure from the start. Easier to open it up a bit at a time than to get it closed again if they make a mistake.
Well I like my iPhone, but it appears to sync time from the nearest cell tower... And in my neighborhood I see variations from what I would expect (using NTP to compare) for anywhere up to 1.5 seconds. More annoyingly the time will jump between various offsets. E.g. go from +500msec fast to -900msec slow and then back. I think switching between cells.
It would be better if they just synced with NTP, or gave you the option of using NTP or cell.
MAC addresses are by definition unique. Each manufacturer buys an OUI (or as many as they require) and then can manufacture 2**24 devices that use that OUI.
We won't run out of MAC address space for some time.
Not a great analogy... some European countries are effectively saying that in some cases you can't record the color... well not quite, but yes they are saying that in some cases Googles Street View may contravene privacy laws. Which effectively means the same thing.
This may or may not be a great policy but it stems from various famous events in the middle of the last century.
The protocols are IEEE and/or IETF. Open for use by anyone.
You might look at what your federal regs say about the use of PUBLIC spectrum and how much privacy you can expect when you use the portion of the radio spectrum that has been designated for SHARED PUBLIC use.
Given that YOUR use of that shared spectrum interferes with EVERYONE else use you are generally constrained to use it appropriately with the accepted protocols and that involves disclosing the SSID and MAC address of your router and the MAC address of any address that communicates with your router.
You could of course license some private spectrum and develop some protocols that are encrypted in toto (i.e. the entire frame not just the payload.) Good luck with that.
They might only pay attention to SSID Beacons. That would make sense as that allows them to quickly identify the MAC address of your router. Which is what they want.
But, they can also just look for traffic. There is enough information there to do the same. Its just slightly more work and requires that they "see" some wifi network traffic while they drive by (say a 10-30 second time frame).
Probably your best bet is to unplug your wifi router and buy some cables.
Slashdot Mirror
What is so special about RIM security (speaking as a non-RIM user here...)?
If I have a Blackberry (or any smartphone, say Android or iPhone) don't I just point at a mail server with IMAP and pick up stuff with SSL/TLS? Are the "spies" so stupid that they wouldn't just point a a non RIM mail server?
And as mentioned above then you can start using PGP for the content as well.
On the other hand.... local news (Vancouver BC) is discussing the search for someone who embarked on a 5 day 60+km hike through the local mountains apparently without maps or GPS. Its unclear as to level of preparation or equipment etc etc. The "hike" is an ill-defined route that sees very little use and is through some of the roughest terrain we have locally. He is now more than 5 days overdue and search and rescue is of course out looking for him.
Proper preparation, proper use of the equipment. Not having it is just as stupid as having it and not knowing how or when to use it.
If you read Apple's statement you'll see that they are changing the display as per AT&T's suggested standard:
"To fix this, we are adopting AT&T’s recently recommended formula for calculating how many bars to display for a given signal strength."
That makes the previous behavior unlikely to be due to some secret cabalistic plan of AT&T's.
Actually I don't. I use the ear buds and the phone stays in my pocket.... hands-free all the way
Well you might not want it built-in but your provider does, helps keep you locked into his service if he controls both router and access. You can't just swap adsl for cable, you now have to buy a new router too.
Why would you ever POP your mail to a single system today. That model died shortly after the year 2000!
Gmail and IMAP all the way. I read email where ever and with what ever is it hand. Windows / Chrome on the desktop. Linux / Chrome on my development system. Any browser anywhere. iPhone when I'm out. iTouch when I'm upstairs reading. iPad when I get around to buying one to replace the iTouch.
I just checked, apparently the Kindle can be used to do email ("by going to your email providers mobile website. E.g. m.gmail.com").
Not that gmail is perfect. I actually did get a spam email just last week.
I don't know why you assume that it will require communicating with HP's email server....
It would be trivial to just enter an email address and server name into the printer, then select imap/pop... It could be on gmail, hotmail, your local intranet, whatever...
The tricky bit is making sure you know what file format, what printer options, and have some minimal authentication. But none of that rises much above simple scripting or at worst a simple app. E.g. a PDF or similar attachment. Plus an XML file for the rest.
These type of gateways have been around for decades. The only new part is building it into the printer.
Current estimates for calendar 2010 sales range from 6-10 million iPads...
They have already sold 2 million. And it is likely to be high on many Christmas gift lists.
You could quibble that the iPad is not a *single* design of course. Two versions in three different memory sizes...
It works when your products are at the leading edge of design. E.g. iPhone and Android.
It does not work when your products are at the trailing edge of design. E.g. Win whatever.
When your products are new and interesting people will put up with some problems and limitations.
When your products look like last years bargain brand people expect them to work well and will compare them to the new and more exciting products.
Testing backup plans for a well leak at 5000 feet pretty much would involve a leaking oil well at 5000 feet somewhere..
It would be interesting to try and get permission to setup and run such a test never mind the cost involved.
iPhone's do multi-threading. They also to multi-tasking. Tons of system stuff running in the background.
The limitations are specifically that only one application can run in the foreground (i.e. using the screen) at a time.
And that application (if it is not an Apple application) can only have a single process. Fork(2) / Exec(3) is not allowed. Pthreads(7) are.
Applications are also normally running in a chroot'd environment.
Most of the news reports say it as a 21" pipe. Which would give you about a 5' circumference. Lets assume he just got it wrong.
Look at what the intense lobbying and marketing going into anti-drunk driving. The best example being MADD (Mothers Against Drunk Drivers.) To (rightly) save +10,000 people a year from being killed.
Once we have robotic controlled cars that can reduce traffic accidents by a suitable amount there will be a similar incentive to get rid of the bad driving of humans. Think MAHD (Mothers Against Human Drivers.) And I think saving another 10,000 plus people a year and further reducing insurance rates etc will make it worth it. People will be able to work or entertain themselves during their commute instead of trying to multi-task and get into accidents.
All I need is your device ID and I can sell 90 days of use of my app. And at any point in time I can only have 100 active users (I think I can delete old users... hmm have to check that, might be a flaw in my business plan if have to buy a new developers license after 100 sales.)
Well it depends, there are some scenarios where the Large Hadron Collider could prove some physicists wrong but we wouldn't be around to note their embarrassment. :-)
Fortunately this appears have a close to zero probability with a lot of reproducible experimental proof behind it.
And, ahem, absolutely, not even one, respectable scientist, anywhere, has come out and challenged some of the assumptions or ethics of the IPCC and Climategate mob.
Quoting Judith Curry: "When I first read the [Oxburgh] report, I thought I was reading the executive summary and proceeded to look for the details; well, there weren't any."
See here: http://www.collide-a-scape.com/2010/04/23/an-inconvenient-provocateur/
Its simply not science if it can't be replicated elsewhere.
The IPCC and various scientists involved started an intensely political process and now they are surprised, simply surprised, that politicians will use political processes to fight for their constituencies. I'm not defending either side, but possibly they deserve each other.
Apple does not want 3rd party API's as they are a vector for malware. If a security problem is found in their (Apple's) software it will be fixed and pushed out quickly. There is no guarantee that would happen with a 3rd party product.
Also, a single app with a problem can be withdrawn from the App store (and possibly disabled pro-actively in customers iPhones)
Think of the fallout if a flaw in a widely used 3rd party API was found and Apple had to withdraw ALL of the app's that used it. A popular API (e.g. Flash) could involve thousands of app's. Leaving them available and running on customer units leaves the flaw available and Apple possibly liable for damages. Pulling the apps probably gets Apple widely abused (especially in Slashdot.)
Microsoft is taking years to get back control of Windows, introducing code signing and gradually making it required, adding in security after the fact, etc.
Apple is keeping the iPhone environment secure from the start. Easier to open it up a bit at a time than to get it closed again if they make a mistake.
Well I like my iPhone, but it appears to sync time from the nearest cell tower... And in my neighborhood I see variations from what I would expect (using NTP to compare) for anywhere up to 1.5 seconds. More annoyingly the time will jump between various offsets. E.g. go from +500msec fast to -900msec slow and then back. I think switching between cells.
It would be better if they just synced with NTP, or gave you the option of using NTP or cell.
See Fox, re: Grapes.
MAC addresses are by definition unique. Each manufacturer buys an OUI (or as many as they require) and then can manufacture 2**24 devices that use that OUI.
We won't run out of MAC address space for some time.
Not Google, but here is some info from Skyhooke: http://www.skyhookwireless.com/howitworks/coverage.php
Just the SSID/MAC's ma'am.
Not a great analogy... some European countries are effectively saying that in some cases you can't record the color... well not quite, but yes they are saying that in some cases Googles Street View may contravene privacy laws. Which effectively means the same thing.
This may or may not be a great policy but it stems from various famous events in the middle of the last century.
The protocols are IEEE and/or IETF. Open for use by anyone.
You might look at what your federal regs say about the use of PUBLIC spectrum and how much privacy you can expect when you use the portion of the radio spectrum that has been designated for SHARED PUBLIC use.
Given that YOUR use of that shared spectrum interferes with EVERYONE else use you are generally constrained to use it appropriately with the accepted protocols and that involves disclosing the SSID and MAC address of your router and the MAC address of any address that communicates with your router.
You could of course license some private spectrum and develop some protocols that are encrypted in toto (i.e. the entire frame not just the payload.) Good luck with that.
They might only pay attention to SSID Beacons. That would make sense as that allows them to quickly identify the MAC address of your router. Which is what they want.
But, they can also just look for traffic. There is enough information there to do the same. Its just slightly more work and requires that they "see" some wifi network traffic while they drive by (say a 10-30 second time frame).
Probably your best bet is to unplug your wifi router and buy some cables.