No!
If the pipes you have are made to serve 1000 people and you have 100000 customers, there's something wrong.
As you said peak hour is peak hour nothing ca be done about ti the usage is not really elastic, so if congestion is a possibility then congestion there will be.
off peak the guy watering his rice fields is not bothering anyone since the pipes are there and filled with water no matter the usage. Besides that guy has an upper limit on how much water he can draw per second, a limit he cannot go over no matter what (removing caps on modems is ground for service termination at the minimum).
caps is having the cake and eating it too. plain and simple.
Some ISP do impose caps (account for usage) during peak hours and have reasonable limits (around 300GB) off peak hours (during night usually) download/upload to your heart's content. Still asinine but reasonable to some extent !
thanks, for those explanations. it's nice to know that custom signing keys for system images might make to nexus devices someday.
The only, sad thing is that if a device is dropped, even if it s capable of all the new and shinny things, no one would be able to bring it up to speed.
I still have that bitter after taste after support for galaxy nexus was dropped, althought it was -and still-- very much a capable device. it even had the hardware https://android.googlesource.c.../rant
again thanks for the info:)
I always deplored the absence of the possibility to replace bootloader signing/verification keys with my own (that way I don;t have to unlock/relock every time I need to do something). I do have a nexus 5, and I don't like new nexus line, so I guess I'm out of luck, since hammerhead will be dropped soonish:'(.
thanks. hardware/libhardware/include/hardware/keymaster1.h didn't make it's way to 5.1, is there a planned release around the corner? otherwise if I decide to pick all those commits in hardware/libhardware/ and system/keymaster what else should I pick ???
I did notice partial a lot of wacklocks (Betterbattery stats) while keeping the phone in my pocket (Nexus 5, with Ambient display on and proximity check on).
there's an app I saw on F-droid, that checks the device's accelerometer and locks it if it detects a sudden violent movement (snatched, falling... etc) and locks it right away. It is availabale of course in google's play store. Pluck Lock (there are plenty others
with that said this smart lock thing is very very bad -IMHO which is why I deactivated it completely-, it makes locking the phone a joke.
same could be said about pedestrians (I say that as both, a driver and a pedestrian).
One as, I was trying to cross a street a a swarm of said pedestrians (for which the light was RED) prevented me and a bunch of other people (cars included) from doing just that, because they wen't paying any attention (and I'm fairly certain that it is not an exception at that particular intersection).
Another time, a drone forced me and a whoever was behind, to come to a COMPLETE STOP in an intersection when the light was GREEN because whatever he was doing on his phone was more important that his or others's people life.
sorry, I made a mistake :
if the file: "/data/misc/adb/adb_keys" can't be open for any reason at all (fopen returns NULL), "ade.secure" is not set and it will accept connections from any computer (with root privileges no less). if it can be open , it is copied to / (in recovery) and "adb.secure" is set.
the cm recovery (i.e the one that gets built with the OTA package : out/target/product/hammerhead/recovery.img ) enforeces adb.secure, pre cm-12 looked like CWM, the new doesn't (and doesn't have a backup option either -not yet anyways-), if I clear the authorizations, I see a device in adb devices but it says simply offline, If I attempt to connect (ex: adb shell) it spits something that goes along those lines : "unlock the device, authorize then try again".
a locked bootloader will prevent you from changing 1 the bootloader itself, the recovery and the modem. Unlock it and you wipe the whole phone clean (including internal storage AKA sdcard in the case of a nexus device). if you install the public (you do not build it yourself makeing sure that it DOESN'T accept test keys and ENFORCES signature verification) build of any recovery out there you're at risk because of the simple fact that signature verification of OTA packages is either disabled or accepts the know, wildly available TEST KEYS!
Now ADB, since few years ago adb is always run in SECURE mode, meaning it will ASK when you connect the device a computer the first time (for that you need to unclock the device and ACCEPT), that is enforced in recovery (I don;t know about TWRP though, stcok CM does) that means if you never connected the device to any computer before, there's NO way in hell you're having access to ADB.
The only downside is backup in recovery, but for that you have Titanium, or helium they do a fine job (with titanium, you can even encrypt and upload the backup to some "cloud thingy out there")!.
Lock it. Once rooted, the bootloader is lockable/unlockable at will without wiping. Plus, you don;t need to keep it unlocked once the recovery is replaced.
Abd by default is in secure mode, meaning it need authorization, which is something honored by the recovery (CM's at least, can'st speak of other recoveries).
Last but not least, do you own builds and sign them with your own keys! (again CM's recovery installs only and only zips that are signed with the right release key). And then you can add the extra layer of encryption.
My beef with encryption is that it kills any chance of recovering the phone (cerberus, android device manager... etc) if the phone is turned off.
Let's not forget the password thingy.
nexus 5 has the hardware to do it, just not used. the CAF variante of CyanogenMod (http://github.com/CyanogenMod/android_device_lge_hammerheadcaf) has that enabled. No nightelies for the moment but you can build it from source, give it a spin, if you'de like (bear in mind that there's no upgrade path from SW encryption to HW one, ie : a wipe is required to go from on to the other).
how a bout a simple MitM, forcing someone to download what they think is the legitimate firmware when they are not (not that publishing any hash on said would counter that ).
Slashdot Mirror
that is why it is imperative to verify identities.
It's more complicated thant that
No!
If the pipes you have are made to serve 1000 people and you have 100000 customers, there's something wrong.
As you said peak hour is peak hour nothing ca be done about ti the usage is not really elastic, so if congestion is a possibility then congestion there will be.
off peak the guy watering his rice fields is not bothering anyone since the pipes are there and filled with water no matter the usage. Besides that guy has an upper limit on how much water he can draw per second, a limit he cannot go over no matter what (removing caps on modems is ground for service termination at the minimum).
caps is having the cake and eating it too. plain and simple.
Some ISP do impose caps (account for usage) during peak hours and have reasonable limits (around 300GB) off peak hours (during night usually) download/upload to your heart's content. Still asinine but reasonable to some extent !
what was the lesson of FREAK ???
why not punish both?
thanks, for those explanations. it's nice to know that custom signing keys for system images might make to nexus devices someday. /rant :)
The only, sad thing is that if a device is dropped, even if it s capable of all the new and shinny things, no one would be able to bring it up to speed.
I still have that bitter after taste after support for galaxy nexus was dropped, althought it was -and still-- very much a capable device. it even had the hardware https://android.googlesource.c...
again thanks for the info
I always deplored the absence of the possibility to replace bootloader signing/verification keys with my own (that way I don;t have to unlock/relock every time I need to do something). I do have a nexus 5, and I don't like new nexus line, so I guess I'm out of luck, since hammerhead will be dropped soonish :'(.
thanks. hardware/libhardware/include/hardware/keymaster1.h didn't make it's way to 5.1, is there a planned release around the corner? otherwise if I decide to pick all those commits in hardware/libhardware/ and system/keymaster what else should I pick ???
which Trusted Execution Environment-based solution?? code? very much interested !!!
I did notice partial a lot of wacklocks (Betterbattery stats) while keeping the phone in my pocket (Nexus 5, with Ambient display on and proximity check on).
there's an app I saw on F-droid, that checks the device's accelerometer and locks it if it detects a sudden violent movement (snatched, falling ... etc) and locks it right away. It is availabale of course in google's play store. Pluck Lock (there are plenty others
with that said this smart lock thing is very very bad -IMHO which is why I deactivated it completely-, it makes locking the phone a joke.
except that polling it continuously will keep the device from going to sleep (have an impact on battery life).
how about educating them about speed ??? FFS, since when abstinence did work???
same could be said about pedestrians (I say that as both, a driver and a pedestrian).
One as, I was trying to cross a street a a swarm of said pedestrians (for which the light was RED) prevented me and a bunch of other people (cars included) from doing just that, because they wen't paying any attention (and I'm fairly certain that it is not an exception at that particular intersection).
Another time, a drone forced me and a whoever was behind, to come to a COMPLETE STOP in an intersection when the light was GREEN because whatever he was doing on his phone was more important that his or others's people life.
sorry, I made a mistake : if the file: "/data/misc/adb/adb_keys" can't be open for any reason at all (fopen returns NULL), "ade.secure" is not set and it will accept connections from any computer (with root privileges no less). if it can be open , it is copied to / (in recovery) and "adb.secure" is set.
the cm recovery (i.e the one that gets built with the OTA package : out/target/product/hammerhead/recovery.img ) enforeces adb.secure, pre cm-12 looked like CWM, the new doesn't (and doesn't have a backup option either -not yet anyways-), if I clear the authorizations, I see a device in adb devices but it says simply offline, If I attempt to connect (ex: adb shell) it spits something that goes along those lines : "unlock the device, authorize then try again".
a locked bootloader will prevent you from changing 1 the bootloader itself, the recovery and the modem. Unlock it and you wipe the whole phone clean (including internal storage AKA sdcard in the case of a nexus device). if you install the public (you do not build it yourself makeing sure that it DOESN'T accept test keys and ENFORCES signature verification) build of any recovery out there you're at risk because of the simple fact that signature verification of OTA packages is either disabled or accepts the know, wildly available TEST KEYS!
Now ADB, since few years ago adb is always run in SECURE mode, meaning it will ASK when you connect the device a computer the first time (for that you need to unclock the device and ACCEPT), that is enforced in recovery (I don;t know about TWRP though, stcok CM does) that means if you never connected the device to any computer before, there's NO way in hell you're having access to ADB.
The only downside is backup in recovery, but for that you have Titanium, or helium they do a fine job (with titanium, you can even encrypt and upload the backup to some "cloud thingy out there")!.
Lock it. Once rooted, the bootloader is lockable/unlockable at will without wiping. Plus, you don;t need to keep it unlocked once the recovery is replaced. ... etc) if the phone is turned off.
Abd by default is in secure mode, meaning it need authorization, which is something honored by the recovery (CM's at least, can'st speak of other recoveries).
Last but not least, do you own builds and sign them with your own keys! (again CM's recovery installs only and only zips that are signed with the right release key). And then you can add the extra layer of encryption.
My beef with encryption is that it kills any chance of recovering the phone (cerberus, android device manager
Let's not forget the password thingy.
nexus 5 has the hardware to do it, just not used. the CAF variante of CyanogenMod (http://github.com/CyanogenMod/android_device_lge_hammerheadcaf) has that enabled. No nightelies for the moment but you can build it from source, give it a spin, if you'de like (bear in mind that there's no upgrade path from SW encryption to HW one, ie : a wipe is required to go from on to the other).
how a bout a simple MitM, forcing someone to download what they think is the legitimate firmware when they are not (not that publishing any hash on said would counter that ).
20 minutes ago I was white and gold (pic in 1st link). Now,it's blue and black.
My GF was next to me, and saw the opposite of what I saw.
the nutjobs do not need that, but the provocation expands their recruitment pool.
by the cops, may be with court order!
virtualbox is free!
when it's dead!