WinMo phones don't have people modifying the firmware that controls the baseband processor that controls the GSM radio. This is a very tightly controlled piece of code and has to be verified to be working as per the spec before the phone can receive it's FCC cert.
Caveat: My understanding of "jailbreaking" is that this allows people to run applications not available in the app store. IE, applications that haven't been blessed by Apple. This is different from unlocking the phone, which allows you to change carriers.
Some of the jailbreaking techniques, in order to find an exploit in the OS have instead located an exploit in the baseband processor, that controls the GSM radio. They then leverage this exploit and work up into the OS from there.
The other reason to break into the baseband processor is to remove SIM/network lock restrictions...
The Openmoko isn't as open as you seem to think it is. The baseband in the Openmoko is locked up as tight as in any other phone... OK, maybe it's locked up slightly tighter than in the iPhone...
Further proof that security is a human problem. Technology can help in some areas, and hinder in others, but at the end of the day it's the monkey at the keyboard banging out the works of Shakespeare that is the weak link in the chain.
Computers would be secure against viruses if people didn't open attachments or surf to dodgy sites. Phishing emails wouldn't work if people didn't reply to them, same goes for 419 scams.
Security is a human issue, it's not a technological issue and a purely technical solution will never work 100%.
This is very interesting. I'm sure the people behind BIND will scramble to get things sorted out ASAP, but I wonder how long it will take other vendors (Apple, I'm looking at you!) to release a patch.
I do have to wonder about exploits like this that seem initially incredibly serious, yet nothing much comes from them and they don't seem to get exploited to the extent that you might expect they would - this one reminds me of l0pht's famous claim that they can bring down the internet in 30 minutes. If this vulnerability is really as serious as they say, and as easy to exploit as it appears to be then in the wrong hands, this could really be an "internet killer"
But does Wine on Linux have the same vulnerabilities as Windows itself, and which version of Windows is it "emulating" these vulnerabilities from? I'm sure there's a lot of malware code out there that may work well on particular versions of Windows, or instances of Windows without a particular hotfix/service pack, but this sounds like each of the 1M Wine instances will be pretty much the same...
Yes, meetings without agendas, or meetings that ramble on for ages, are such a waste of productivity. Going with the PHB reasoning, if you sit eight people in a meeting for an hour and nothing much comes of it, that's not one hour wasted, that's an entire work day wasted.
How about the EMF from all his DJ equipment? The decks, mixer, amps, lighting equipment, PA system etc? How about the two whacking great magnets that he has on his heads in the form of his DJ headphones?
RFID was quite expensive when first introduced, and is now dirt-cheap. This is an interesting technology to keep an eye on. They seem to have a quite innovative technique to focus the bokode on a camera that's focussed at infinity - the bokode doesn't need to know the distance to the cameras lens/sensor and the camera doesn't need to be focussed exactly on the bokode in order for an image to be rendered on the camera's sensor.
In other words, the performance of it is not dependent on having the camera focussed properly, or being at exactly the right distance from the bokode - the camera simply needs to be focussed at infinity and pointed in the general direction of the bokode.
Microsoft are dammed if they do and dammed if they don't when it comes to adding new features, removing legacy features, increasing hardware requirements, decreasing hardware requirements, dropping legacy support, supporting too many legacy systems...
When something is used by such a vast cross-section of the community, there will always be conflicting beliefs about what it should or shouldn't do.
I remember during the Windows Vista launch period how Microsoft were touting it as a feature just how many new jobs would be created in the IT sector doing Windows Vista support.
If Vista had have taken off, he would have been spot on the money. Whether or not this is a good thing, I'll leave up to the reader to decide.
The level of complexity involved in something like a bog-standard CD player as compared to a Bluray player is a world of difference. A CD player needs to load a tray, see if there's a disc in it that it recognises and play back red book audio. If you're lucky, the engineers will have implemented a shuffle and a track programming mode. This is pretty basic stuff and can be done with a simple microcontroller.
A Bluray player on the other hand is a full-blown computer, it has it's own operating environment, has to be able to handle red book CDs, DVDs, Bluray discs etc. It will probably also handle stuff like discs burnt in various data formats, High Sierra, Joliet, UDF etc with MP3s, Divx, JPEG etc on them for convenience. They also have a complete Java based virtual machine implementation, graphical menus for configuration, and a whole lot more.
While you update the "firmware" on these machines, it's only firmware in the vaguest sense of the word - it's really software and it's a complete operating system for them with a LOT greater chance of errors slipping in, vulnerabilities needing to be patched, DRM needing to be updated etc.
I'm not a programmer, but could with a bit of work write some software that would be provably correct to handle a CD player. I wouldn't even know where to start with something like Bluray...
So, it seems that I'm not alone in finding it incredibly frustrating and back-to-front that Adobe don't offer the latest versions of any of their software for download, especially Acrobat and Reader.
You need to download the main installer, which will generally be X.0.0 of the software, and then there are a whole heap of updates.
Downloading these extra updates, when Adobe could simply update the version of the main installer, is a vast waste of bandwidth and a monumental waste of time.
I hope this prompts Adobe to ensure that the main installer for the software that you download from their site gets revised to be the current version of the software, rather than relying on having to be installed, and then patched, and then patched and then... This goes for all their software, not just Acrobat!
No, this is a program that is *distributed* on CD- (or DVD-) ROM. You can only install it using Windows, but as has been mentioned above, there's nothing in the GPL, and there never should be, anything about having software that only runs under Windows.
Slashdot Mirror
Wow, what an amazing surprise that this psychosomatic illness turned out to be... fake!
No, the baseband is an entirely separate subsystem - people hack it to remove network lock or sim lock restrictions.
You can jaibreak your phone without doing anything to the baseband.
WinMo phones don't have people modifying the firmware that controls the baseband processor that controls the GSM radio.
This is a very tightly controlled piece of code and has to be verified to be working as per the spec before the phone can receive it's FCC cert.
Caveat: My understanding of "jailbreaking" is that this allows people to run applications not available in the app store. IE, applications that haven't been blessed by Apple. This is different from unlocking the phone, which allows you to change carriers.
Some of the jailbreaking techniques, in order to find an exploit in the OS have instead located an exploit in the baseband processor, that controls the GSM radio. They then leverage this exploit and work up into the OS from there.
The other reason to break into the baseband processor is to remove SIM/network lock restrictions...
The Openmoko isn't as open as you seem to think it is. The baseband in the Openmoko is locked up as tight as in any other phone... OK, maybe it's locked up slightly tighter than in the iPhone...
Hurt cell towers, make Baby Jebus cry and don't even mention what it does to the kittens!
Further proof that security is a human problem. Technology can help in some areas, and hinder in others, but at the end of the day it's the monkey at the keyboard banging out the works of Shakespeare that is the weak link in the chain.
Computers would be secure against viruses if people didn't open attachments or surf to dodgy sites. Phishing emails wouldn't work if people didn't reply to them, same goes for 419 scams.
Security is a human issue, it's not a technological issue and a purely technical solution will never work 100%.
This is very interesting. I'm sure the people behind BIND will scramble to get things sorted out ASAP, but I wonder how long it will take other vendors (Apple, I'm looking at you!) to release a patch.
I do have to wonder about exploits like this that seem initially incredibly serious, yet nothing much comes from them and they don't seem to get exploited to the extent that you might expect they would - this one reminds me of l0pht's famous claim that they can bring down the internet in 30 minutes. If this vulnerability is really as serious as they say, and as easy to exploit as it appears to be then in the wrong hands, this could really be an "internet killer"
I, for one, welcome our new Robotic Firefighting Overlords...
From TFA "This turned the aluminium nearly invisible to extreme ultraviolet radiation."
Sure, what they're doing is really cool, probing new areas of solid state physics, but we're not talking Star Trek here just yet...
But does Wine on Linux have the same vulnerabilities as Windows itself, and which version of Windows is it "emulating" these vulnerabilities from?
I'm sure there's a lot of malware code out there that may work well on particular versions of Windows, or instances of Windows without a particular hotfix/service pack, but this sounds like each of the 1M Wine instances will be pretty much the same...
Yes, meetings without agendas, or meetings that ramble on for ages, are such a waste of productivity.
Going with the PHB reasoning, if you sit eight people in a meeting for an hour and nothing much comes of it, that's not one hour wasted, that's an entire work day wasted.
I'd put money on this guy owning, and using, a mobile phone. How about a cordless phone? How about leakage from a microwave oven?
How about the EMF from all his DJ equipment? The decks, mixer, amps, lighting equipment, PA system etc? How about the two whacking great magnets that he has on his heads in the form of his DJ headphones?
RFID was quite expensive when first introduced, and is now dirt-cheap. This is an interesting technology to keep an eye on.
They seem to have a quite innovative technique to focus the bokode on a camera that's focussed at infinity - the bokode doesn't need to know the distance to the cameras lens/sensor and the camera doesn't need to be focussed exactly on the bokode in order for an image to be rendered on the camera's sensor.
In other words, the performance of it is not dependent on having the camera focussed properly, or being at exactly the right distance from the bokode - the camera simply needs to be focussed at infinity and pointed in the general direction of the bokode.
You can't keep everyone happy, all of the time.
Microsoft are dammed if they do and dammed if they don't when it comes to adding new features, removing legacy features, increasing hardware requirements, decreasing hardware requirements, dropping legacy support, supporting too many legacy systems...
When something is used by such a vast cross-section of the community, there will always be conflicting beliefs about what it should or shouldn't do.
I remember during the Windows Vista launch period how Microsoft were touting it as a feature just how many new jobs would be created in the IT sector doing Windows Vista support.
If Vista had have taken off, he would have been spot on the money. Whether or not this is a good thing, I'll leave up to the reader to decide.
I hear you, and agree with a lot of this sentiment, but what on earth has this got to do with AVG breaking iTunes?
The level of complexity involved in something like a bog-standard CD player as compared to a Bluray player is a world of difference.
A CD player needs to load a tray, see if there's a disc in it that it recognises and play back red book audio. If you're lucky, the engineers will have implemented a shuffle and a track programming mode. This is pretty basic stuff and can be done with a simple microcontroller.
A Bluray player on the other hand is a full-blown computer, it has it's own operating environment, has to be able to handle red book CDs, DVDs, Bluray discs etc. It will probably also handle stuff like discs burnt in various data formats, High Sierra, Joliet, UDF etc with MP3s, Divx, JPEG etc on them for convenience. They also have a complete Java based virtual machine implementation, graphical menus for configuration, and a whole lot more.
While you update the "firmware" on these machines, it's only firmware in the vaguest sense of the word - it's really software and it's a complete operating system for them with a LOT greater chance of errors slipping in, vulnerabilities needing to be patched, DRM needing to be updated etc.
I'm not a programmer, but could with a bit of work write some software that would be provably correct to handle a CD player. I wouldn't even know where to start with something like Bluray...
(Not that I care -- it's the Windows users' problems, not mine.)
Well, if I were you, I'd care as these Windows users who don't update are running the botnets that end up putting spam in yours and my inboxes...
So, it seems that I'm not alone in finding it incredibly frustrating and back-to-front that Adobe don't offer the latest versions of any of their software for download, especially Acrobat and Reader.
You need to download the main installer, which will generally be X.0.0 of the software, and then there are a whole heap of updates.
Downloading these extra updates, when Adobe could simply update the version of the main installer, is a vast waste of bandwidth and a monumental waste of time.
I hope this prompts Adobe to ensure that the main installer for the software that you download from their site gets revised to be the current version of the software, rather than relying on having to be installed, and then patched, and then patched and then... This goes for all their software, not just Acrobat!
No, this is a program that is *distributed* on CD- (or DVD-) ROM.
You can only install it using Windows, but as has been mentioned above, there's nothing in the GPL, and there never should be, anything about having software that only runs under Windows.
Even better, in the linked kb article:
"Note that the number of required characters changes from 17,145 to 18,770 with the installation of SP1."
According to the wikipedia, XTree as released in April 1985.
http://en.wikipedia.org/wiki/XTree
Ban Hammer.