Covert surveillance is also now mostly trivial, but it's not socially acceptable and very few people actually do it
Citation needed, but at least perceptually I don't feel like everyone is sneakily recording my private conversations at a restaurant.
This gets to the heart of the matter; it's all a question of perceptions/feelings. Perhaps it's because of something in Google's original ads and videos about Glass, or something else, but people perceive the main purpose of Glass to be video recording and assume that anyone wearing one is recording them, while they don't think the same thing of phones with cameras. Even though phones are actually better video recording devices, and almost as easy to record with covertly.
(Disclaimer: Because some AC thought I should mention it, I am a Google employee. I don't work on Glass, and don't speak for Google, though. This is only my own personal opinions. I've only used Glass a handful of times myself, though I've frequently been around other people wearing one.)
Subverting it requires subverting the bootloader sequence, which starts with code in on-SoC ROM, which is nearly impossible to modify, and I add the "nearly" only because nothing is impossible; I sincerely doubt that any agency is able to modify silicon without destroying the CPU and I'm quite certain that if anyone can it's a very closely-held, and therefore rarely-used, secret.
Oh, no. If they can do it, then how often they do it will be limited only by budget.
It will also be limited by not wanting to reveal that they have the capability. Per a former-NSA colleague of mine, that is often the more stringent restriction.
But I'm more concerned about back doors. How do you know there aren't any in there?
I'm fairly certain there aren't any in the Nexus 6 or Nexus 9 low-level boot or hardware security code. However, there certainly could be in firmware blobs. Those run in non-secure mode, but all your data is also accessible from non-secure mode.
That said, the Android security team pays pretty close attention to exploits in the wild, so if there were something like that being exploited on a large scale, I think we'd know. Exploits that are used only for so-called "targeted persistent attacks", whether by criminal organizations or government agencies are a different story, of course, but those simply aren't relevant to most people.
And I'm also somewhat concerned about security flaws. Sometimes just connecting things in nonstandard ways bypasses security measures.
Sure, that's why I said "the next option is to exploit some defect...".
The next option is to exploit some defect in the implementation of the bootloaders and/or fastboot (or in the case of intelligence agencies, even to implant a defect to be exploited). This is probably the best avenue of attack, but it's not easy because the code in question is relatively small, and should be closely scrutinized. Most of it is not open source, though, so scrutiny is limited.
Another fine place for a back door, though, and still not that unlikely that a flaw will exist there. The critical code paths should be sufficiently short that it's worth disassembling them.
You seem to be restating what I just said:-)
The final option is to ignore all of the above and simply attack the hardware. Remove the flash chips and install them in a custom device which reads out their contents. This threat is what device encryption exists to mitigate.
Well, I'm strongly in favor of encryption. But I still don't trust the hardware, so I don't trust my phone to keep secrets.
Keep what secrets from whom? If the NSA is really your adversary and they're specifically targeting you, you're simply screwed. Seriously, give up now. My goal is to ensure that your device is secure against (a) remote network exploits, (b) locally-installed software and (c) hardware attacks of moderate sophistication. (c) definitely includes "I lost my device and some clueful hardware engineer found it".
Assuming you're running up-to-date software (yeah, much easier said than done, I know), haven't done anything yourself to compromise the Android security model (e.g. running around with an unlocked bootloader) and have a reasonably-good password and an encrypted file system, I give you high odds of being perfectly safe against (a), (b) and (c).
Actually, since it's closely related to my day job (Android hardware-backed crypto), I have quite deep knowledge of exactly how true it is or is not.
Subverting it requires subverting the bootloader sequence, which starts with code in on-SoC ROM, which is nearly impossible to modify, and I add the "nearly" only because nothing is impossible; I sincerely doubt that any agency is able to modify silicon without destroying the CPU and I'm quite certain that if anyone can it's a very closely-held, and therefore rarely-used, secret. Supposing the initial bootloader can't be subverted, subverting later bootloaders (which are stored in flash) is also difficult, since they're signed and signatures are verified by the hard-to-subvert boot ROM. There are two obvious ways: break the cryptographic signing, or obtain the signing key. There's no doubt that intelligence services could do the latter. It's unlikely that they would share the signing key, or the subverted signed code, with law enforcement since doing so would make their ability known. It's unlikely in the extreme that criminals would obtain either the key or the subverted signed code. I'll dismiss the notion that someone can break the crypto directly.
The next option is to exploit some defect in the implementation of the bootloaders and/or fastboot (or in the case of intelligence agencies, even to implant a defect to be exploited). This is probably the best avenue of attack, but it's not easy because the code in question is relatively small, and should be closely scrutinized. Most of it is not open source, though, so scrutiny is limited. This is an avenue law enforcement and criminals could use, if there are exploitable defects. If there are any such defects in any Android devices, I don't know of them, and if they were in any sort of widespread use, I would. If such exploits exist, they're being held close by criminals (for TPT-style attacks) and not being used by LE or intelligence agencies in any context which might reveal them publicly... such as in court.
The final option is to ignore all of the above and simply attack the hardware. Remove the flash chips and install them in a custom device which reads out their contents. This threat is what device encryption exists to mitigate. Pre-Lollipop, the strength of FDE depended entirely on the strength of the user's password. In Lollipop it was strengthened with the use (where available) of a key bound to the device SoC.
"I'm not sure if these factors make a measurable difference in tire wear, but it's plausible."
EVs are HEAVY. So far all the indications I've seen is that the tires wear faster as a result.
Good point. I wanted to argue but I looked up some numbers, and EVs tend to be several hundred pounds heavier than comparable ICEVs. I though the weight of the batteries would be offset by the lighter motor, but apparently not.
Google maps uses WAZE to gather traffic info. WAZE is a great app if you use it, giving alternate routes around traffic as it discovers them.
Google Maps uses both WAZE and Google Maps to gather traffic info. Mostly Google Maps, I suspect, since the userbase is much larger... though WAZErs do tend to have WAZE running all the time while most Google Maps users only use it when they're actually getting driving directions, so I may be wrong.
Oh, and Google Maps also gives you alternate routes around traffic as it discovers them. It's a bit less aggressive about it, I think, requiring a larger potential time saving before prompting a re-route.
Yes, we're all doomed... to an average life expectancy of 85+ years, and rising. Spending your days on your butt may cost you a year or two, on average, but given that two hundred years ago your life expectancy would have been around 40 years, drastic action is hardly called for.
I don't think they can just wait out the shutdown of the low-margin producers, then bump the prices back up. Or at least, they can't bump them back up very far, because the technology used by the low-margin producers will not be lost. It will likely get a little bit better. So they'll have to keep the price low enough that the low-margin producers can't re-enter the market.
And with regenerative braking even the brakes are likely to last much longer on electric vehicles.
It's even possible that tires get a little more longevity due to regenerative braking, which tends to be smoother and gentler than friction braking. The limited battery capacities of current EVs probably help as well, since they encourage efficient driving, which means no hard braking or acceleration.
I'm not sure if these factors make a measurable difference in tire wear, but it's plausible.
Einstein didn't think up Relativity in a scrum with powerpoint presentations (ok they weren't around then but you get the point), nor did Turing come up his theories on conference calls.
Yes, they did. Both of them.
Okay, not scrum, powerpoints or con-calls, obviously, but both of them deeply relied on collaboration with others. Einstein relied heavily on chats with various friends, especially Besso, Solovine, Habicht and even to some extent his wife (during his early work, before they separated) to refine his ideas. There's no doubt that he was the ultimate source of the core elements of his theories, nor that he did nearly all of the work to elaborate them, but bouncing ideas off of others was critical to his method of work. Turing I know less about, but I know that he also worked as part of a team, and many of his brilliant ideas built upon the work of those around him.
I do think your examples are well-chosen, though, because I think they're examples of the sorts of people who least benefit from teamwork. For everyone else, it's even more important.
Easier to just leave a spare charger hanging around.
That I can't agree with. The beauty of a long-range wireless charger isn't eliminating the effort of having to walk to another room to plug in, and it isn't even to eliminate the effort of having to plug the cord into the device. The real value is in eliminating the effort of paying attention to charge state or making decisions about when to plug in. Given an effective long-range wireless charger of the sort that these researchers are attempting to build, your devices would just always be fully charged whenever you spend significant time at home or in the office.
I see a lot of value in a good solution to this problem.
Also, it's worth noting that more efficient devices and/or more energy density in batteries don't solve the problem, and in fact some ways they make it worse, at least for me. I had much more trouble with my phone battery dying when I needed it back when a charge lasted for a week than I do now that it only lasts a day, precisely because with a week-long battery I had to put more thought into when to charge it. With a day-long charge the thought required is limited to remembering to plug it in when I go to bed.
If the charger can see your phone, it's not in your pocket or purse. So if you're not carrying it around, just stick it on a window ledge (for a much shorter time) or under an incandescent light source (we still have them, eh?)
Phone-sized PV cells, when provided broad-frequency light of typical ambient intensities, even full sunlight, produce very little output. That wouldn't charge your phone very quickly. With, for example, LTE radios on, it's unlikely it would even maintain the charge.
If this system works, it's because they're aiming light of an intensity and frequency optimized for getting maximum power out of the PV cells. That's also the only way they could hope to get efficiencies anywhere near that of wired charging, even considering the rather low efficiency of your typical wall wart.
This is the only way to be sure of what you're getting. The various rootkits (almost?) all include some closed-source binary which gets uploaded and run as root. Rather than using some hack to exploit some defect in your device's security and upload some random binary which does unknown things to your device, buy a device with a legitimately-unlockable bootloader. All Nexus devices meet this requirement. There are some Motorola devices that do, too, and there may be a few others from other manufacturers. Then unlock your device, install your new ROM (ideally, build it from source, but that's optional) and re-lock your device.
That will give you the control you want without exposing yourself to unnecessary risks.
I'm not saying this approach doesn't expose your data to risks, it does. The various third-party ROMs intentionally subvert various aspects of the Android security model. To really understand the risks, you need to understand Android security (I recommend "Android Security Internals" by Nikolay Elenkov), understand how your chosen ROM alters it, and understand how that will impact your usage. But it does put you in control, rather than the author of some random rootkit.
Oh, and note that it is important to re-lock your device. If you don't, anyone who gets your device can install their own custom ROM and get access to all of your data. Locking the bootloader ensures that the data partition gets erased before a new system is installed.
(Disclaimer: I work for Google, but this is not an official statement of any sort. It's purely my own opinion.)
The technology required is the "warrant" - issued by a judge on probable cause. I believe the technology has been around for several hundred years.
And when the lawfully signed and delivered warrant results in the obtaining of encrypted data of which the authorities can make no use, what then? I disagree with the idea that we should compromise our security infrastructure in order to enable government access on demand, but this is what Obama et al are really concerned about: the development of a world in which warrants are useless because the data itself is protected in transit, end to end, and at rest, with keys available only to the parties communicating.
I'm surprised we aren't hearing more from the big corporations that control the government.
You're surprised because you misunderstand the situation, because you've dramatically oversimplified it. Big corporations have influence but they do not "control" the government. They do attempt to influence its actions, particularly whenever government interferes with their business operations and sometimes when they think they can get government to interfere with the operations of their competitors, and they meet with some degree of success.
However, politicians still understand that corporations can't vote, and that they can't even contribute anywhere near as much money as private citizens can, assuming said citizens choose to make the effort. This anti-terrorist agenda is not a corporate agenda, by and large. Oh, there are a few corporations in the military-industrial complex who like the military side of it because it enables them to sell lots of expensive gear. But the spying, insofar as it works (which it mostly doesn't), reduces their business opportunities.
No, the anti-terrorist agenda is driven by masses of fearful individual citizens. Few of them hang out on slashdot, or work in IT organizations, so they don't have a loud voice here, but there are a lot of them, as is clearly evidenced by the utter lack of major political figures campaigning loudly for putting the NSA out of business. Said political figures understand where their votes come from, and aren't going to rock that boat. Now, if major corporate lobbying dollars started pushing one side or another of this agenda, they might do something, but outside of a few tech companies which are being hurt by their users' fear of spying (especially overseas), the corporate world doesn't care.
They are the ones paying real money to prevent and remedy security breaches
True, but irrelevant. Spying or the lack thereof has no effect on their security problems, which are mostly about their failure to properly secure information needed to do business with their customers. Communications encryption wouldn't have any impact on them, because this is data that you voluntarily give them in order to do business with them anyway. It's entirely unrelated to the question of government spying. Again, the only ones who care are the tech companies, and they by themselves simply don't have enough pull to override the politicians' healthy regard for the fears of their voting constituencies.
You seem to be suggesting that you are brilliant because you chose to lease, yet you did not include any justification or math to support that implication.
Wow. You sure can read a lot into a simple statement. Dude, chill.
I wasn't claiming brilliance, just explaining (in brief and at a very high level) my rationale for leasing an EV rather than purchasing one, as a suggestion that others looking at getting into an EV may wish to consider it.
The history of moderations on my comment is rather fascinating. It received over a dozen moderations, up and down, 40% insightful, 40% overrated (which is slashdot mod-speak for "I don't like what you said but it's not actually deserving of a legitimate downvote") and 20% flamebait. Apparently I hit on a rather contentious point.
IMO, the reaction says more about slashdot than it does about me... this is a forum that largely doesn't like to admit that racism is still a real issue. Not as much in Maryland as in the deep south, but Maryland was a slave state, though one which opted to stay with the union.
I also find it interesting that the AC I replied to didn't come back to disagree with my interpretation. That may, of course, be because he simply didn't see it. It may also be because I was right.
It's worth pointing out that Silver Spring has a much higher percentage of African Americans than Montgomery County as a whole, and that is the area the AC pointed to as being "very bad" in the perception of the rest of the county. He further pointed to the downtown area, which in many cities tends to be more heavily minority. Obviously, there's a strong correlation between race and poverty, and another between poverty and violence, so it could well be that he was referring to economic diversity. But there's a significant probability that he wasn't, or that his (and others' in the mostly-white county) interpretation of the "badness" of an area was colored by racial stereotyping.
Sorting out the truth in situations where there is a confluence of stereotypical biases is hard, but I strongly doubt that my somewhat tongue-in-cheek comment entirely missed the mark.
Your final comment is rather intriguing to me. Do you often recommend suicide to people you disagree with? That's a rather violently negative reaction, don't you think? Anyway, have a nice day, schivvers, and stay well away from the guard rails so you don't fall off the bridge.
Actually, it's more than likely the fact that Lead is no longer an additive in gas or paint, and hasn't been for enough generations that the lead damaged people have died or been incarcerated.
I'm certain that lead levels have an effect, but I strongly doubt that they're the whole story, in large part because the latest declines are part of a long, steady decrease in violence that goes back for centuries. I highly recommend http://en.wikipedia.org/wiki/T...
It applies to all pay-per-click ads. For impression ads the situation is less direct, but bad ads make impression ads less valuable to advertisers.
In the long run, this sort of issue is bad for Google, period. In many corporations the long run is irrelevant, but Google doesn't have to think that way because of its stock voting structure, and Google doesn't think that way.
Either you must be the oldest person alive, or you mean "since I was old enough to notice them". Also, the word is "ads", short for "advertisements".
Related to the Banksy quote, I'd say that ads on the Internet are even easier to control. Just install AdBlock. No, it doesn't get all of them, but it comes close.
Agreed, but see:
Covert surveillance is also now mostly trivial, but it's not socially acceptable and very few people actually do it
Citation needed, but at least perceptually I don't feel like everyone is sneakily recording my private conversations at a restaurant.
This gets to the heart of the matter; it's all a question of perceptions/feelings. Perhaps it's because of something in Google's original ads and videos about Glass, or something else, but people perceive the main purpose of Glass to be video recording and assume that anyone wearing one is recording them, while they don't think the same thing of phones with cameras. Even though phones are actually better video recording devices, and almost as easy to record with covertly.
(Disclaimer: Because some AC thought I should mention it, I am a Google employee. I don't work on Glass, and don't speak for Google, though. This is only my own personal opinions. I've only used Glass a handful of times myself, though I've frequently been around other people wearing one.)
You should really have a disclaimer that you're a Google employee defending them. I'm sure they pay you well.
When I say something that may be construed as defending Google, I do post a disclaimer. I didn't think this qualified.
And, yes, I'm pretty happy with my compensation :-)
People with cellphone cameras is also ubiquitous, but using one to record something is usually fairly obvious.
That is the perception, but it's really not true. It's quite easy to record video while pretending to be texting, or something.
Subverting it requires subverting the bootloader sequence, which starts with code in on-SoC ROM, which is nearly impossible to modify, and I add the "nearly" only because nothing is impossible; I sincerely doubt that any agency is able to modify silicon without destroying the CPU and I'm quite certain that if anyone can it's a very closely-held, and therefore rarely-used, secret.
Oh, no. If they can do it, then how often they do it will be limited only by budget.
It will also be limited by not wanting to reveal that they have the capability. Per a former-NSA colleague of mine, that is often the more stringent restriction.
But I'm more concerned about back doors. How do you know there aren't any in there?
I'm fairly certain there aren't any in the Nexus 6 or Nexus 9 low-level boot or hardware security code. However, there certainly could be in firmware blobs. Those run in non-secure mode, but all your data is also accessible from non-secure mode.
That said, the Android security team pays pretty close attention to exploits in the wild, so if there were something like that being exploited on a large scale, I think we'd know. Exploits that are used only for so-called "targeted persistent attacks", whether by criminal organizations or government agencies are a different story, of course, but those simply aren't relevant to most people.
And I'm also somewhat concerned about security flaws. Sometimes just connecting things in nonstandard ways bypasses security measures.
Sure, that's why I said "the next option is to exploit some defect...".
The next option is to exploit some defect in the implementation of the bootloaders and/or fastboot (or in the case of intelligence agencies, even to implant a defect to be exploited). This is probably the best avenue of attack, but it's not easy because the code in question is relatively small, and should be closely scrutinized. Most of it is not open source, though, so scrutiny is limited.
Another fine place for a back door, though, and still not that unlikely that a flaw will exist there. The critical code paths should be sufficiently short that it's worth disassembling them.
You seem to be restating what I just said :-)
The final option is to ignore all of the above and simply attack the hardware. Remove the flash chips and install them in a custom device which reads out their contents. This threat is what device encryption exists to mitigate.
Well, I'm strongly in favor of encryption. But I still don't trust the hardware, so I don't trust my phone to keep secrets.
Keep what secrets from whom? If the NSA is really your adversary and they're specifically targeting you, you're simply screwed. Seriously, give up now. My goal is to ensure that your device is secure against (a) remote network exploits, (b) locally-installed software and (c) hardware attacks of moderate sophistication. (c) definitely includes "I lost my device and some clueful hardware engineer found it".
Assuming you're running up-to-date software (yeah, much easier said than done, I know), haven't done anything yourself to compromise the Android security model (e.g. running around with an unlocked bootloader) and have a reasonably-good password and an encrypted file system, I give you high odds of being perfectly safe against (a), (b) and (c).
You hope that's true.
Actually, since it's closely related to my day job (Android hardware-backed crypto), I have quite deep knowledge of exactly how true it is or is not.
Subverting it requires subverting the bootloader sequence, which starts with code in on-SoC ROM, which is nearly impossible to modify, and I add the "nearly" only because nothing is impossible; I sincerely doubt that any agency is able to modify silicon without destroying the CPU and I'm quite certain that if anyone can it's a very closely-held, and therefore rarely-used, secret. Supposing the initial bootloader can't be subverted, subverting later bootloaders (which are stored in flash) is also difficult, since they're signed and signatures are verified by the hard-to-subvert boot ROM. There are two obvious ways: break the cryptographic signing, or obtain the signing key. There's no doubt that intelligence services could do the latter. It's unlikely that they would share the signing key, or the subverted signed code, with law enforcement since doing so would make their ability known. It's unlikely in the extreme that criminals would obtain either the key or the subverted signed code. I'll dismiss the notion that someone can break the crypto directly.
The next option is to exploit some defect in the implementation of the bootloaders and/or fastboot (or in the case of intelligence agencies, even to implant a defect to be exploited). This is probably the best avenue of attack, but it's not easy because the code in question is relatively small, and should be closely scrutinized. Most of it is not open source, though, so scrutiny is limited. This is an avenue law enforcement and criminals could use, if there are exploitable defects. If there are any such defects in any Android devices, I don't know of them, and if they were in any sort of widespread use, I would. If such exploits exist, they're being held close by criminals (for TPT-style attacks) and not being used by LE or intelligence agencies in any context which might reveal them publicly... such as in court.
The final option is to ignore all of the above and simply attack the hardware. Remove the flash chips and install them in a custom device which reads out their contents. This threat is what device encryption exists to mitigate. Pre-Lollipop, the strength of FDE depended entirely on the strength of the user's password. In Lollipop it was strengthened with the use (where available) of a key bound to the device SoC.
"I'm not sure if these factors make a measurable difference in tire wear, but it's plausible."
EVs are HEAVY. So far all the indications I've seen is that the tires wear faster as a result.
Good point. I wanted to argue but I looked up some numbers, and EVs tend to be several hundred pounds heavier than comparable ICEVs. I though the weight of the batteries would be offset by the lighter motor, but apparently not.
Google maps uses WAZE to gather traffic info. WAZE is a great app if you use it, giving alternate routes around traffic as it discovers them.
Google Maps uses both WAZE and Google Maps to gather traffic info. Mostly Google Maps, I suspect, since the userbase is much larger... though WAZErs do tend to have WAZE running all the time while most Google Maps users only use it when they're actually getting driving directions, so I may be wrong.
Oh, and Google Maps also gives you alternate routes around traffic as it discovers them. It's a bit less aggressive about it, I think, requiring a larger potential time saving before prompting a re-route.
Yes, we're all doomed... to an average life expectancy of 85+ years, and rising. Spending your days on your butt may cost you a year or two, on average, but given that two hundred years ago your life expectancy would have been around 40 years, drastic action is hardly called for.
I don't think they can just wait out the shutdown of the low-margin producers, then bump the prices back up. Or at least, they can't bump them back up very far, because the technology used by the low-margin producers will not be lost. It will likely get a little bit better. So they'll have to keep the price low enough that the low-margin producers can't re-enter the market.
And with regenerative braking even the brakes are likely to last much longer on electric vehicles.
It's even possible that tires get a little more longevity due to regenerative braking, which tends to be smoother and gentler than friction braking. The limited battery capacities of current EVs probably help as well, since they encourage efficient driving, which means no hard braking or acceleration.
I'm not sure if these factors make a measurable difference in tire wear, but it's plausible.
Lack of adapters has never been my problem.
Einstein didn't think up Relativity in a scrum with powerpoint presentations (ok they weren't around then but you get the point), nor did Turing come up his theories on conference calls.
Yes, they did. Both of them.
Okay, not scrum, powerpoints or con-calls, obviously, but both of them deeply relied on collaboration with others. Einstein relied heavily on chats with various friends, especially Besso, Solovine, Habicht and even to some extent his wife (during his early work, before they separated) to refine his ideas. There's no doubt that he was the ultimate source of the core elements of his theories, nor that he did nearly all of the work to elaborate them, but bouncing ideas off of others was critical to his method of work. Turing I know less about, but I know that he also worked as part of a team, and many of his brilliant ideas built upon the work of those around him.
I do think your examples are well-chosen, though, because I think they're examples of the sorts of people who least benefit from teamwork. For everyone else, it's even more important.
Easier to just leave a spare charger hanging around.
That I can't agree with. The beauty of a long-range wireless charger isn't eliminating the effort of having to walk to another room to plug in, and it isn't even to eliminate the effort of having to plug the cord into the device. The real value is in eliminating the effort of paying attention to charge state or making decisions about when to plug in. Given an effective long-range wireless charger of the sort that these researchers are attempting to build, your devices would just always be fully charged whenever you spend significant time at home or in the office.
I see a lot of value in a good solution to this problem.
Also, it's worth noting that more efficient devices and/or more energy density in batteries don't solve the problem, and in fact some ways they make it worse, at least for me. I had much more trouble with my phone battery dying when I needed it back when a charge lasted for a week than I do now that it only lasts a day, precisely because with a week-long battery I had to put more thought into when to charge it. With a day-long charge the thought required is limited to remembering to plug it in when I go to bed.
If the charger can see your phone, it's not in your pocket or purse. So if you're not carrying it around, just stick it on a window ledge (for a much shorter time) or under an incandescent light source (we still have them, eh?)
Phone-sized PV cells, when provided broad-frequency light of typical ambient intensities, even full sunlight, produce very little output. That wouldn't charge your phone very quickly. With, for example, LTE radios on, it's unlikely it would even maintain the charge.
If this system works, it's because they're aiming light of an intensity and frequency optimized for getting maximum power out of the PV cells. That's also the only way they could hope to get efficiencies anywhere near that of wired charging, even considering the rather low efficiency of your typical wall wart.
Unlocking the bootloader will erase the data partition.
(Android security engineer here)
Mod parent up.
This is the only way to be sure of what you're getting. The various rootkits (almost?) all include some closed-source binary which gets uploaded and run as root. Rather than using some hack to exploit some defect in your device's security and upload some random binary which does unknown things to your device, buy a device with a legitimately-unlockable bootloader. All Nexus devices meet this requirement. There are some Motorola devices that do, too, and there may be a few others from other manufacturers. Then unlock your device, install your new ROM (ideally, build it from source, but that's optional) and re-lock your device.
That will give you the control you want without exposing yourself to unnecessary risks.
I'm not saying this approach doesn't expose your data to risks, it does. The various third-party ROMs intentionally subvert various aspects of the Android security model. To really understand the risks, you need to understand Android security (I recommend "Android Security Internals" by Nikolay Elenkov), understand how your chosen ROM alters it, and understand how that will impact your usage. But it does put you in control, rather than the author of some random rootkit.
Oh, and note that it is important to re-lock your device. If you don't, anyone who gets your device can install their own custom ROM and get access to all of your data. Locking the bootloader ensures that the data partition gets erased before a new system is installed.
(Disclaimer: I work for Google, but this is not an official statement of any sort. It's purely my own opinion.)
And when the lawfully signed and delivered warrant results in the obtaining of encrypted data of which the authorities can make no use, what then?
Too bad, that's what.
I agree, as I pointed out. But it doesn't change the fact that the poster to whom I replied missed the whole point.
The technology required is the "warrant" - issued by a judge on probable cause. I believe the technology has been around for several hundred years.
And when the lawfully signed and delivered warrant results in the obtaining of encrypted data of which the authorities can make no use, what then? I disagree with the idea that we should compromise our security infrastructure in order to enable government access on demand, but this is what Obama et al are really concerned about: the development of a world in which warrants are useless because the data itself is protected in transit, end to end, and at rest, with keys available only to the parties communicating.
I'm surprised we aren't hearing more from the big corporations that control the government.
You're surprised because you misunderstand the situation, because you've dramatically oversimplified it. Big corporations have influence but they do not "control" the government. They do attempt to influence its actions, particularly whenever government interferes with their business operations and sometimes when they think they can get government to interfere with the operations of their competitors, and they meet with some degree of success.
However, politicians still understand that corporations can't vote, and that they can't even contribute anywhere near as much money as private citizens can, assuming said citizens choose to make the effort. This anti-terrorist agenda is not a corporate agenda, by and large. Oh, there are a few corporations in the military-industrial complex who like the military side of it because it enables them to sell lots of expensive gear. But the spying, insofar as it works (which it mostly doesn't), reduces their business opportunities.
No, the anti-terrorist agenda is driven by masses of fearful individual citizens. Few of them hang out on slashdot, or work in IT organizations, so they don't have a loud voice here, but there are a lot of them, as is clearly evidenced by the utter lack of major political figures campaigning loudly for putting the NSA out of business. Said political figures understand where their votes come from, and aren't going to rock that boat. Now, if major corporate lobbying dollars started pushing one side or another of this agenda, they might do something, but outside of a few tech companies which are being hurt by their users' fear of spying (especially overseas), the corporate world doesn't care.
They are the ones paying real money to prevent and remedy security breaches
True, but irrelevant. Spying or the lack thereof has no effect on their security problems, which are mostly about their failure to properly secure information needed to do business with their customers. Communications encryption wouldn't have any impact on them, because this is data that you voluntarily give them in order to do business with them anyway. It's entirely unrelated to the question of government spying. Again, the only ones who care are the tech companies, and they by themselves simply don't have enough pull to override the politicians' healthy regard for the fears of their voting constituencies.
You seem to be suggesting that you are brilliant because you chose to lease, yet you did not include any justification or math to support that implication.
Wow. You sure can read a lot into a simple statement. Dude, chill.
I wasn't claiming brilliance, just explaining (in brief and at a very high level) my rationale for leasing an EV rather than purchasing one, as a suggestion that others looking at getting into an EV may wish to consider it.
LOL
The history of moderations on my comment is rather fascinating. It received over a dozen moderations, up and down, 40% insightful, 40% overrated (which is slashdot mod-speak for "I don't like what you said but it's not actually deserving of a legitimate downvote") and 20% flamebait. Apparently I hit on a rather contentious point.
IMO, the reaction says more about slashdot than it does about me... this is a forum that largely doesn't like to admit that racism is still a real issue. Not as much in Maryland as in the deep south, but Maryland was a slave state, though one which opted to stay with the union.
I also find it interesting that the AC I replied to didn't come back to disagree with my interpretation. That may, of course, be because he simply didn't see it. It may also be because I was right.
It's worth pointing out that Silver Spring has a much higher percentage of African Americans than Montgomery County as a whole, and that is the area the AC pointed to as being "very bad" in the perception of the rest of the county. He further pointed to the downtown area, which in many cities tends to be more heavily minority. Obviously, there's a strong correlation between race and poverty, and another between poverty and violence, so it could well be that he was referring to economic diversity. But there's a significant probability that he wasn't, or that his (and others' in the mostly-white county) interpretation of the "badness" of an area was colored by racial stereotyping.
Sorting out the truth in situations where there is a confluence of stereotypical biases is hard, but I strongly doubt that my somewhat tongue-in-cheek comment entirely missed the mark.
Your final comment is rather intriguing to me. Do you often recommend suicide to people you disagree with? That's a rather violently negative reaction, don't you think? Anyway, have a nice day, schivvers, and stay well away from the guard rails so you don't fall off the bridge.
Actually, it's more than likely the fact that Lead is no longer an additive in gas or paint, and hasn't been for enough generations that the lead damaged people have died or been incarcerated.
I'm certain that lead levels have an effect, but I strongly doubt that they're the whole story, in large part because the latest declines are part of a long, steady decrease in violence that goes back for centuries. I highly recommend http://en.wikipedia.org/wiki/T...
It applies to all pay-per-click ads. For impression ads the situation is less direct, but bad ads make impression ads less valuable to advertisers.
In the long run, this sort of issue is bad for Google, period. In many corporations the long run is irrelevant, but Google doesn't have to think that way because of its stock voting structure, and Google doesn't think that way.
one of two levels
Er, I meant "levers". If only there were some way to see my post before it's submitted...
I hate adds since the moment they were around.
Either you must be the oldest person alive, or you mean "since I was old enough to notice them". Also, the word is "ads", short for "advertisements".
Related to the Banksy quote, I'd say that ads on the Internet are even easier to control. Just install AdBlock. No, it doesn't get all of them, but it comes close.