Unfortunately, some (many?) manufacturers use GPL code (the whole Linux OS + other apps) without releasing the part they modified/added, or only providing a completely obsolete version of it (eg the first one built 3 years ago).
An Agency like the NSA could record all your data packets and brute-force them pretty quickly, if they so chose
There's no evidence that the NSA can break properly-implemented modern cryptography. In fact there's considerable evidence that they cannot, including both Snowden's statements, and the fact that the NSA recommends it for classified US government data, among other things.
Seems to me I once read that early last century someone said words to the effect of "what's the point of airplanes? Not like they'll ever be able to fly nonstop across the Pacific or anything".
Oddly, your comment reminded me of that....
Oddly, your comment reminded me of how much progress has halted, not to say reversed. We had SR-71. We had Concorde. We had the Space Shuttle. We had man on the moon.
Progress was neither halted nor reversed. We had to take a step back and focus on efficiency, rather than just relying on brute force. All of those systems worked fine, but they were just too resource-intensive to justify their operation. We'll get back to the moon soon enough, and it will cost a tiny fraction of what the Apollo missions did. The SR-71 is just unnecessary today given better satellite coverage and better optics. The Concorde... that may never be back.
And that has always been the case... Only a very small percentage of people perform their own copying, and a much larger percentage simply download a pirated copy which already has any drm or other crap removed which actually makes it a superior product to the original.
Except the percentage downloading a pirated copy is also very small relative to the population as a whole. As long as it's reasonably convenient and not too expensive, most people just buy.
Distance squared explains why we don't detect their radio signals.
No, it doesn't. The SETI people have done the math on signal strengths, distances and reception sensitivity, and their conclusion is that our big radio telescopes could hear our emissions from many light years distance.
1) Complex life is relatively rare and widely separated in space and time.
2) Complex life doesn't survive long-term (nuclear war, grey goo)
3) Complex life does survive, but for some reason doesn't communicate or colonize other worlds (a "Prime Directive", or perhaps they "sublime" in the Ian Banks/Culture sense)
I actually lean a bit towards 3 myself, but humanity will eventually find out, one way or the other.
Could also be a combination of the above. It could be somewhat rare for complex, intelligent life to arise, moderately rare for it to survive, and extremely rare that it decides to make its presence known. I mean, it's possible that lots of intelligent races decide that Hawking's theory that if there's intelligent life out there it could be dangerous is correct, and that they should therefore hide. Odds are that any other intelligent life will also have arisen in a competitive ecosystem and will have its own propensity toward violence to make it cautious.
3) Complex life does survive, but for some reason doesn't communicate or colonize other worlds (a "Prime Directive", or perhaps they "sublime" in the Ian Banks/Culture sense)
Or because no one has found a way around that pesky speed-of-light barrier, and the vast distances simply make inter-species communication, let alone travel, utterly impractical. This has always seemed, at least to me, the least romantic but most pragmatic answer to the question of why we don't meet aliens, or even hear from them.
That doesn't explain why we don't detect their radio transmissions, though.
OTOH, if our history is any guide, the technological period during which high-powered, brute-force radio emissions are generated is pretty short. High data rates and ubiquitous usage necessitates a cellular approach and low-power efficiently-encoded spread spectrum emissions, which would be hard to pick up at light years' distance. So maybe they're just rare enough that we haven't caught that slice of any of their histories.
Valid points, though in many cases not allowing code to load the libraries would require moving functionality into separate processes and accessing it via RPC, or loading extra copies. Either would have a pretty significant performance hit in some cases. Still, it's worth looking into.
the less said about HTC & others like Huawei the better
Oops, hit send too soon. It appears that Huawei is actually doing a pretty good job: http://www.digit.in/mobile-pho.... 77% doesn't sound great, but it actually is pretty good when you consider there's a fair fraction of Android users who refuse to accept updates, and when you consider that Huawei is almost certainly only patching recent models. So, if you have a fairly recent Huawei device and accept the updates when they come, you should be good.
still an even better point;-).
But Google+ is going nowhere.
I like it, personally. It's better for people who are looking to discuss their interests, rather than share details of their life. Not because of any inherent difference in the platform, I think, so much as just that's how the G+ culture has developed. Whatever the reason, if you're looking for a community of like-minded people to discuss a hobby, a technology, etc., G+ is a great place to do it. If you want to hear about your great-aunt Edna's recent hemorrhoid surgery, not so much, because Edna isn't on G+.
which no one knows how to fix, and which affect all ARM-based devices, including iOS devices.
How do you know that?
I know that because I read the research paper, and the vulnerability derives from the fundamental architecture of CPU caches used in modern devices. ARM was thought perhaps to be safe because of some characteristics of the caching architecture which makes it more difficult than on x86... but this paper shows that not to be true.
Apparently you don't know that, unlike your typical Android OEM, Apple holds one of only a few "Architecture" licenses from ARM, and thus can, and DOES, actually DESIGNS THEIR OWN ARM CORES FROM THE GROUND UP.
Doesn't matter, unless they've invented an entirely new approach to caching.
So, unless you actually have PROOF of this working on an iOS device, you shouldn't just lump them in with all the Android devices, just because they share (mist of) a common instruction set.
It's got nothing to do with instruction sets. You should read the paper.
Actually, I misspoke. This isn't true. The TrustZone code on those devices is closely related to code which has been published in AOSP, but it's not identical and there is at least one major component that hasn't been published at all.
Actually, according to TFS, actually TWO separate Vulnerabilities.
More precisely, one vulnerability (the quadrooter bug which can be patched, and is being patched on Nexus devices), and one whole class of vulnerabilities which no one knows how to fix, and which affect all ARM-based devices, including iOS devices. It should also be noted that x86-based devices are even more vulnerable than ARM-based devices; big parts of the paper are about how aspects of ARM that make cache timing attacks tougher can be mitigated, but they're easier on x86.
iOS devices do actually have a security advantage with respect to the cache timing attacks, though. It isn't that Apple knows how to defeat them, so patching is irrelevant, it's that in order to mount a cache timing attack you have to understand the system code in great detail, and that's easier with open source software than with closed source software. That's the reason these researchers targeted Android. Targeting iOS could be done, but it would be a lot more work to reverse engineer the binaries (or, for serious attackers, to steal the source code). Of course, there's a disadvantage there as well; Android's diversity means that an attacker has to do work for each specific model he wants to attack. iOS is a monoculture.
This has an implication for my work. I've been trying to find ways to get the source code of TrustZone components opened up (It is fully open on the Nexus 9 and the Pixel C, and will be on more devices which use Google's "Trusty" TrustZone OS). But... until we find better defenses against cache timing attacks there's actually some security benefit to keeping the code closed. Not much, of course. Security by obscurity isn't, and it's likely more than offset by the ability for bugs to persist longer in closed code. But there's at least an argument for keeping it closed, which is going to make my work harder.
google+ does not block adblocking. Point for them.
Google+ doesn't have ads, so there would be no reason to block adblockers. I suspect they wouldn't do it anyway -- Google doesn't block adblockers on other properties -- but it's a completely moot point on Google+.
Yes, my Google Music subscription replaced any other form of music purchase. Why would I need to buy albums or songs any more? I can listen to whatever I want, whenever I want, I can download it all (up to the capacity of my device) for offline listening. It's like owning all music. There's no reason to purchase music separately.
People bought the same music on vinyl, 8-track, cassette, CD and then MP3/AAC, and didn't do anything more than grumble about it.
Plus, increasingly, people are moving to subscription services like Spotify, Google Music All Access and Apple Music, so they never buy anything but just rent everything. I have to admit that I'm in that camp. I have a Google Music subscription and I can't imagine going back. I spend about the same amount on music as I ever did, but I get a lot more and it's insanely convenient.
I hear you, and in fact I also really, really hate DRM and wish it would die. I celebrated when the music industry gave up on it and expected the movie industry to follow suit... but they didn't, and in fact they've managed to get DRM more deeply embedded into everything and now it makes perfect sense that the music industry is going to leverage what the movie industry has done to go back to DRM. And people, by and large, aren't going to care unless the industry screws it up in some very large way, which they won't.
hey pay sales tax on a large portion of their income.
So do the wealthy, because they buy a lot of stuff. Pretty much everything other than real estate gets hit with sales taxes. Many states also have higher sales tax rates for luxury goods than they do for necessities.
They pay gas taxes. They must buy car tags and pay a variety of other fees.
Yes, many of those are regressive.
Either directly or indirectly (as part of their rent) they pay real estate taxes.
The wealthy also pay a lot of real estate taxes, because they tend to own a lot more real estate.
You're also ignoring state income taxes, which are also generally very progressive.
My guess is that the richer you are the lower your income tax rate.
Got any data? Google found me a chart Washington Post article which appears to show that it's actually fairly flat, starting with a 17% total tax rate at the low end, rising to a peak of over 30% for the top 5%, then a slight dip to about 29% for the top 1%, but it doesn't cite sources.
You might recall that Mitt Romney's reported income tax rate was 14% for 2011.
Federal income tax only, and that's for an individual who makes most of his income from capital gains -- which, granted, is true for most of the 0.1%, but there are reasons other than fairness that argue for keeping cap gains taxes low.
The tax breaks for the rich are not really available for the vast majority of us.
It will happen as the sun becomes brighter and expands, which will eventually cause the Earth to heat irreversibly
Dude. Biggest AC unit *ever*. We're going to need, like, *loads* of Freon.
Actually, assuming we're still around by then and haven't fallen back to neo-barbarianism I expect we'll be able to shield the Earth from incoming solar radiation, reflecting enough of it away to maintain a decent climate. At least up until the sun gets close to actually enveloping the Earth. To deal with that we may need to look at moving the Earth's orbit.
We have no automatic right to do anything as we please. Sure, nothing is standing in our way but that does not give us right to do whatever the hell we want, terraforming Mars or Venus or plonking down bases all over the place.
Where does such a "right", or the lack thereof, come from?
There are basically two logically-consistent theories about the origin of "rights". Either they are social constructs, created by humankind in order to facilitate our ability to live well with one another, or they are imposed on us by some higher being. If we assume they are social constructs, then your comment is clearly nonsense. If they're imposed upon us by some higher being, e.g. God, then fine... but since you're now making an argument by appeal to authority, you ought to at least identify the authority and cite the text of the declaration.
Well, there is a third option: "right" is defined by what you, RubberDogBone, feel. That's well and good, but I see no reason to accept your feelings as in any way restricting what the rest of us can do.
up to now in human history, everywhere mankind has gone, we have owned. The plants and animals and microbes have never objected.
Never objected? Really? That's the most ridiculous thing I've read this year. They've objected in every way they could.
They pay the majority of taxes in terms of total sum, true. However, on an individual level, the rich pay a much lower percent of their income to taxes than many other income levels.
Nonsense.
The average tax rate for the bottom 50% by income: 3.13%
The average tax rate for the top 50% by income: 13.8%
The average tax rate for the top 25% by income: 15.8%
The average tax rate for the top 10% by income: 18.9%
The average tax rate for the top 5% by income: 20.9%
The average tax rate for the top 1% by income: 23.5%
Notice a trend there? If you look at the top 0.1%, the trend is slightly broken; their average tax rate is 22.8%, slightly lower than the top 1%... but still far more than the lower tiers.
The rich *do* pay the bulk of the taxes, both in dollars and as a percentage of their income. That doesn't necessarily mean they shouldn't pay even more than they do... but they already do pay quite a lot.
Ultimately DRM boils down to even more labels not wanting their music to be heard. There's a simple answer to that, don't listen.
That's a nice theory, but only a very small percentage of people will do it. As long as the labels make the music available on the devices people want to use, for a reasonably-low cost, the vast majority will be happy with DRM'd music.
Unfortunately, some (many?) manufacturers use GPL code (the whole Linux OS + other apps) without releasing the part they modified/added, or only providing a completely obsolete version of it (eg the first one built 3 years ago).
Which ones? Hellwig can sue them, too.
An Agency like the NSA could record all your data packets and brute-force them pretty quickly, if they so chose
There's no evidence that the NSA can break properly-implemented modern cryptography. In fact there's considerable evidence that they cannot, including both Snowden's statements, and the fact that the NSA recommends it for classified US government data, among other things.
Seems to me I once read that early last century someone said words to the effect of "what's the point of airplanes? Not like they'll ever be able to fly nonstop across the Pacific or anything".
Oddly, your comment reminded me of that....
Oddly, your comment reminded me of how much progress has halted, not to say reversed. We had SR-71. We had Concorde. We had the Space Shuttle. We had man on the moon.
Progress was neither halted nor reversed. We had to take a step back and focus on efficiency, rather than just relying on brute force. All of those systems worked fine, but they were just too resource-intensive to justify their operation. We'll get back to the moon soon enough, and it will cost a tiny fraction of what the Apollo missions did. The SR-71 is just unnecessary today given better satellite coverage and better optics. The Concorde... that may never be back.
And that has always been the case... Only a very small percentage of people perform their own copying, and a much larger percentage simply download a pirated copy which already has any drm or other crap removed which actually makes it a superior product to the original.
Except the percentage downloading a pirated copy is also very small relative to the population as a whole. As long as it's reasonably convenient and not too expensive, most people just buy.
See my reply to the other AC who said the same thing.
Distance squared explains why we don't detect their radio signals.
No, it doesn't. The SETI people have done the math on signal strengths, distances and reception sensitivity, and their conclusion is that our big radio telescopes could hear our emissions from many light years distance.
Absolutely. http://bits-please.blogspot.co...
1) Complex life is relatively rare and widely separated in space and time.
2) Complex life doesn't survive long-term (nuclear war, grey goo)
3) Complex life does survive, but for some reason doesn't communicate or colonize other worlds (a "Prime Directive", or perhaps they "sublime" in the Ian Banks/Culture sense)
I actually lean a bit towards 3 myself, but humanity will eventually find out, one way or the other.
Could also be a combination of the above. It could be somewhat rare for complex, intelligent life to arise, moderately rare for it to survive, and extremely rare that it decides to make its presence known. I mean, it's possible that lots of intelligent races decide that Hawking's theory that if there's intelligent life out there it could be dangerous is correct, and that they should therefore hide. Odds are that any other intelligent life will also have arisen in a competitive ecosystem and will have its own propensity toward violence to make it cautious.
3) Complex life does survive, but for some reason doesn't communicate or colonize other worlds (a "Prime Directive", or perhaps they "sublime" in the Ian Banks/Culture sense)
Or because no one has found a way around that pesky speed-of-light barrier, and the vast distances simply make inter-species communication, let alone travel, utterly impractical. This has always seemed, at least to me, the least romantic but most pragmatic answer to the question of why we don't meet aliens, or even hear from them.
That doesn't explain why we don't detect their radio transmissions, though.
OTOH, if our history is any guide, the technological period during which high-powered, brute-force radio emissions are generated is pretty short. High data rates and ubiquitous usage necessitates a cellular approach and low-power efficiently-encoded spread spectrum emissions, which would be hard to pick up at light years' distance. So maybe they're just rare enough that we haven't caught that slice of any of their histories.
Valid points, though in many cases not allowing code to load the libraries would require moving functionality into separate processes and accessing it via RPC, or loading extra copies. Either would have a pretty significant performance hit in some cases. Still, it's worth looking into.
the less said about HTC & others like Huawei the better
Oops, hit send too soon. It appears that Huawei is actually doing a pretty good job: http://www.digit.in/mobile-pho.... 77% doesn't sound great, but it actually is pretty good when you consider there's a fair fraction of Android users who refuse to accept updates, and when you consider that Huawei is almost certainly only patching recent models. So, if you have a fairly recent Huawei device and accept the updates when they come, you should be good.
Does that even exist?
At a minimum, there's Nexus.
Even vendors such as Motorola & Samsung have promised support and then abandoned it for some phones
Samsung has committed to monthly security updates on some models: http://security.samsungmobile....
However, I note the waffling about carriers and regions, and the fact that it doesn't specify how long they'll keep delivering updates.
still an even better point ;-).
But Google+ is going nowhere.
I like it, personally. It's better for people who are looking to discuss their interests, rather than share details of their life. Not because of any inherent difference in the platform, I think, so much as just that's how the G+ culture has developed. Whatever the reason, if you're looking for a community of like-minded people to discuss a hobby, a technology, etc., G+ is a great place to do it. If you want to hear about your great-aunt Edna's recent hemorrhoid surgery, not so much, because Edna isn't on G+.
which no one knows how to fix, and which affect all ARM-based devices, including iOS devices. How do you know that?
I know that because I read the research paper, and the vulnerability derives from the fundamental architecture of CPU caches used in modern devices. ARM was thought perhaps to be safe because of some characteristics of the caching architecture which makes it more difficult than on x86... but this paper shows that not to be true.
Apparently you don't know that, unlike your typical Android OEM, Apple holds one of only a few "Architecture" licenses from ARM, and thus can, and DOES, actually DESIGNS THEIR OWN ARM CORES FROM THE GROUND UP.
Doesn't matter, unless they've invented an entirely new approach to caching.
So, unless you actually have PROOF of this working on an iOS device, you shouldn't just lump them in with all the Android devices, just because they share (mist of) a common instruction set.
It's got nothing to do with instruction sets. You should read the paper.
if I did get an Android device, that I'm forever going to be vulnerable with no vendor support
Just make sure you get one from a vendor who commits to support it.
It is fully open on the Nexus 9 and the Pixel C
Actually, I misspoke. This isn't true. The TrustZone code on those devices is closely related to code which has been published in AOSP, but it's not identical and there is at least one major component that hasn't been published at all.
Actually, according to TFS, actually TWO separate Vulnerabilities.
More precisely, one vulnerability (the quadrooter bug which can be patched, and is being patched on Nexus devices), and one whole class of vulnerabilities which no one knows how to fix, and which affect all ARM-based devices, including iOS devices. It should also be noted that x86-based devices are even more vulnerable than ARM-based devices; big parts of the paper are about how aspects of ARM that make cache timing attacks tougher can be mitigated, but they're easier on x86.
iOS devices do actually have a security advantage with respect to the cache timing attacks, though. It isn't that Apple knows how to defeat them, so patching is irrelevant, it's that in order to mount a cache timing attack you have to understand the system code in great detail, and that's easier with open source software than with closed source software. That's the reason these researchers targeted Android. Targeting iOS could be done, but it would be a lot more work to reverse engineer the binaries (or, for serious attackers, to steal the source code). Of course, there's a disadvantage there as well; Android's diversity means that an attacker has to do work for each specific model he wants to attack. iOS is a monoculture.
This has an implication for my work. I've been trying to find ways to get the source code of TrustZone components opened up (It is fully open on the Nexus 9 and the Pixel C, and will be on more devices which use Google's "Trusty" TrustZone OS). But... until we find better defenses against cache timing attacks there's actually some security benefit to keeping the code closed. Not much, of course. Security by obscurity isn't, and it's likely more than offset by the ability for bugs to persist longer in closed code. But there's at least an argument for keeping it closed, which is going to make my work harder.
google+ does not block adblocking. Point for them.
Google+ doesn't have ads, so there would be no reason to block adblockers. I suspect they wouldn't do it anyway -- Google doesn't block adblockers on other properties -- but it's a completely moot point on Google+.
Yes, my Google Music subscription replaced any other form of music purchase. Why would I need to buy albums or songs any more? I can listen to whatever I want, whenever I want, I can download it all (up to the capacity of my device) for offline listening. It's like owning all music. There's no reason to purchase music separately.
People bought the same music on vinyl, 8-track, cassette, CD and then MP3/AAC, and didn't do anything more than grumble about it.
Plus, increasingly, people are moving to subscription services like Spotify, Google Music All Access and Apple Music, so they never buy anything but just rent everything. I have to admit that I'm in that camp. I have a Google Music subscription and I can't imagine going back. I spend about the same amount on music as I ever did, but I get a lot more and it's insanely convenient.
I hear you, and in fact I also really, really hate DRM and wish it would die. I celebrated when the music industry gave up on it and expected the movie industry to follow suit... but they didn't, and in fact they've managed to get DRM more deeply embedded into everything and now it makes perfect sense that the music industry is going to leverage what the movie industry has done to go back to DRM. And people, by and large, aren't going to care unless the industry screws it up in some very large way, which they won't.
hey pay sales tax on a large portion of their income.
So do the wealthy, because they buy a lot of stuff. Pretty much everything other than real estate gets hit with sales taxes. Many states also have higher sales tax rates for luxury goods than they do for necessities.
They pay gas taxes. They must buy car tags and pay a variety of other fees.
Yes, many of those are regressive.
Either directly or indirectly (as part of their rent) they pay real estate taxes.
The wealthy also pay a lot of real estate taxes, because they tend to own a lot more real estate.
You're also ignoring state income taxes, which are also generally very progressive.
My guess is that the richer you are the lower your income tax rate.
Got any data? Google found me a chart Washington Post article which appears to show that it's actually fairly flat, starting with a 17% total tax rate at the low end, rising to a peak of over 30% for the top 5%, then a slight dip to about 29% for the top 1%, but it doesn't cite sources.
You might recall that Mitt Romney's reported income tax rate was 14% for 2011.
Federal income tax only, and that's for an individual who makes most of his income from capital gains -- which, granted, is true for most of the 0.1%, but there are reasons other than fairness that argue for keeping cap gains taxes low.
The tax breaks for the rich are not really available for the vast majority of us.
Which tax breaks are those?
It will happen as the sun becomes brighter and expands, which will eventually cause the Earth to heat irreversibly
Dude. Biggest AC unit *ever*. We're going to need, like, *loads* of Freon.
Actually, assuming we're still around by then and haven't fallen back to neo-barbarianism I expect we'll be able to shield the Earth from incoming solar radiation, reflecting enough of it away to maintain a decent climate. At least up until the sun gets close to actually enveloping the Earth. To deal with that we may need to look at moving the Earth's orbit.
We have no automatic right to do anything as we please. Sure, nothing is standing in our way but that does not give us right to do whatever the hell we want, terraforming Mars or Venus or plonking down bases all over the place.
Where does such a "right", or the lack thereof, come from?
There are basically two logically-consistent theories about the origin of "rights". Either they are social constructs, created by humankind in order to facilitate our ability to live well with one another, or they are imposed on us by some higher being. If we assume they are social constructs, then your comment is clearly nonsense. If they're imposed upon us by some higher being, e.g. God, then fine... but since you're now making an argument by appeal to authority, you ought to at least identify the authority and cite the text of the declaration.
Well, there is a third option: "right" is defined by what you, RubberDogBone, feel. That's well and good, but I see no reason to accept your feelings as in any way restricting what the rest of us can do.
up to now in human history, everywhere mankind has gone, we have owned. The plants and animals and microbes have never objected.
Never objected? Really? That's the most ridiculous thing I've read this year. They've objected in every way they could.
They pay the majority of taxes in terms of total sum, true. However, on an individual level, the rich pay a much lower percent of their income to taxes than many other income levels.
Nonsense.
The average tax rate for the bottom 50% by income: 3.13%
The average tax rate for the top 50% by income: 13.8%
The average tax rate for the top 25% by income: 15.8%
The average tax rate for the top 10% by income: 18.9%
The average tax rate for the top 5% by income: 20.9%
The average tax rate for the top 1% by income: 23.5%
Source: http://taxfoundation.org/artic...
Notice a trend there? If you look at the top 0.1%, the trend is slightly broken; their average tax rate is 22.8%, slightly lower than the top 1%... but still far more than the lower tiers.
The rich *do* pay the bulk of the taxes, both in dollars and as a percentage of their income. That doesn't necessarily mean they shouldn't pay even more than they do... but they already do pay quite a lot.
Ultimately DRM boils down to even more labels not wanting their music to be heard. There's a simple answer to that, don't listen.
That's a nice theory, but only a very small percentage of people will do it. As long as the labels make the music available on the devices people want to use, for a reasonably-low cost, the vast majority will be happy with DRM'd music.