That video shows exactly nothing - any 2 screen system can do Windows-R + "calc" offscreen and lob it into the picture, whilst it's looking at a web page. You can also not see if it really is a sub-process, that part is obscured. As far as I can judge by the indentation it is NOT a sub process - thus no hack. But I'm no expert - unlike them I won't pretend to be one either. In summary, this *seriously* lacks credibility.
It's IMHO a rather stupid attempt at getting their name out the and lick up to French Government. As Government I would not use them now because they have gone public with something that could have been useful (if it exists), and as a company I would avoid them like the plague because I would not know who they would sell my vulnerabilities to (instead of me).
Oh, and as for Google? You know, wouldn't it be funny if their website never showed up in any Google search... After all, can't let them do any evil now, can we?
No, he isn't, he just has another approach which is equally valid but does not work for *me*. I often need to use software which I do not have the time to completely assess (and it's not weird fringe stuff, Adobe and Microsoft products are on that list too). The other issue is that ipfw is more network and less application focused, but ipfw is not hard to set up - there are GUIs such as WaterRoof and Flying Buttress available if you spend 10 seconds on Google. There is a good intro to OSX ipfw available as well (at least, *I* like it, YMMV:).
His approach would be an upfront analysis and then tune ipfw accordingly. The problem for me with that is that software often does a lot of things you don't really know about - updates are a classic, which only happen every so often. In the ipfw case you'd end up with a failure to update and you'd have to go and dig to find out what happened and why retrospectively.
My approach is to install the code after I have checked its origin and scanned it for malware(*), and then monitor where it's going when it talks to the Net. I caught a couple of interesting things that way (in which case I tend to fire up Wireshark and have a good look at what it's trying to do), but it does mean that I occasionally have to adjust things on the fly. This way, my filter learns and will not bother me other than when an application decides to do something new. I do, however, pay the price that I risk getting interrupted (something I hate) but this approach works best for me at present.
The disadvantage is that this approach requires a very clean approach to installation, and presents a slightly greater risk. His approach is very low risk, but is more labour intensive. Different shades of grey..
Let me see if I get this right. You can save it as a template.
1 - problems occur with Data Loss 2 - every vendor jumps on it with a "solution" product 3 - execs buy such product to make it appear they have done something 4 - nobody bothers to look at the actual problem, processes and possible alternative approaches 5 - the software doesn't deliver, a discovery made after spending a fortune on consulting to fit an essentially square peg in a hole that was actually round to start with (but nobody bothered to check that upfront). 6 - because the "solution" isn't, return to 1
No pointy-clicky though, so most Mac users won't use it.
I was building BSD firewalls based on Gauntlet more than 2 decades ago:-). You have two extra problems with ipfw - you need to know upfront what you're going to shut down or allow and it requires a lot of expertise that is not available to your average user.
In my case, you can add that I can no longer be bothered with hacking around in a box, I want the damn thing to work so I can get stuff done. Both LS and HO pop up when they have a question, but leave me otherwise to work. FIne by me..
Used it. Little Snitch has IMHO one major problem: they decided that it should use the Macs voice system if you go into FrontRow, and it's not optional - there is no way to disable it at. Voice rendering on computers is a pet hate of mine (and Apple's system is pretty bad), so the fact that LS decided all on its own to use this was enough to start seeking an alternative.
I switched to Hands Off, which has the added advantage that I can have it monitor what applications do with my hard disk as well. And they offer a cheap license for those switching from LS, which helps:-).
The only question with both apps is: do THEY phone home? Haven't looked with Wireshark yet, but I will..
Nah. I'd install a proxy and start messing with their traffic. Maybe we ought to introduce a competition: just how many images can you replace with goatse before they give up? Could be quite fun..
Interesting that people only see the risk from the provider side (eating bandwidth, collaboration with illegal activities) without considering that "free" generally isn't..
Not entirely true. The telco must enable that feature on demand, it's not on by default (at least not in the countries where I've seen it). A warrant or legal order is served with exact details, and only the data for that tap will be provided.
The non-disclosure component is only towards the subject, which makes sense from an investigative point of view.
"Hello? Ah yes, here is your telco. We had to put a tap on your line. No, no, it's all legal. Just carry on as before, and have a nice day":-)
Thanks, that makes sort of sense (apologies about the double post, I got a site failure when I posted). There is, of course, the issue that there is always quite a bit of waste during meat production, but AFAIK we have food mountains too to keep prices up (depressing when there are so many people out of work on one side of the planet and people simply starving on the other side, but I digress).
For years I have been reading that meat production is one of the major causes of the greenhouse effect (not talked about much, because it's politically easier to tax car drivers and industry than subsidised farmers).
AFAIK biofuel is usually made of plants, so what does processing it through a chicken first add? Egg yoke? Would it not be easier to simply reduce the chicken production instead?
Actually, here is an idea: if we could turn red tape into fuel we could probably stop drilling altogether..
For years I have been reading that meat production is one of the major causes of the greenhouse effect (not talked about much, because it's politically easier to tax car drivers and industry than subsidised farmers).
What exactly is the point of using that production for fuel? Would it not be easier to simply reduce the chicken production instead? Or find a way to make turn other waste into fuel. Actually, if we could turn red tape into fuel we could probably stop drilling..
So, you're saying that any smartphone platform the DOD uses should be developed solely by them with no outside help from companies or any FLOSS development community.
No, that's NOT what I said. I said they should remain in full control, which is actually more likely with FLOSS sourced code. What they need to do is take code, freeze it so it can be audited end to end, and then roll in updates after audit. I would actually disagree with the DoD brewing their own because it takes time to build up the required expertise and the whole exercise would be very inefficient..
Sorry, I don't buy your arguments. The value of the PS/3 is irrelevant.
What is relevant is that the product was sold with a specific, DOCUMENTED feature set, a bit like a car is sold with certain accessories. This drives a purchase decision.
If the product post-sale is adjusted to no longer support the original feature set you have been misleading the consumer, which in many countries is termed misleading marketing or misleading product description. It's equivalent to selling someone a car with alloy wheels, and swap them for cheap steel rims the next time the car comes in for a service. It is NOT acceptable in any way, shape or form.
The arguments Sony has brought for this just do not stack up, and they know it. They are just hoping to get away with it, like they have been trying to get away with other creative approaches like rootkitting the PCs of consumers that bought their products.
Sony makes good enough products not to need this crap, yet they persist in doing it. In the process they have lost the trust of many technically capable buyers - exactly the kind of buyers who would shell out a premium to get better kit. It's corporate suicide, but that has either not registered, or someone is sitting somewhere with their fingers in their ears, hoping not to lose face over this idiocy.
I really regret not being able to buy Sony anymore, but trust matters to me. Plenty others to take up the slack.
I have to agree with you, but there is one curious thing here: I too have a higher colour vision ability (mine hovers around the 2..3 McAdam and I have been a professional plastics colour recipe developer - the irony is that I have a father who is as red-green colourblind as they come, he really cannot see the difference). I wonder if this somehow contributes to my lack of problems with 3D vision.
I don't have a problem either with 3D movies, and I really mean NO problem - other than that you can recognise when some movie exec has ordered it to be 3D where the movie wasn't suitable for it (Alice in Wonderland is like that, it reminded me of the books I had when I was little with lots of cardboard popup when you opened them).
However, I do think that it's very early days in film techniques. I don't see the display as the only aspect still under development, the fact is that 3D also requires learning new skills for everyone involved: actors, directors, editors - Cameron had 10 years to dream all of this up, but the rest of the industry will take time to learn.
It's free as in "I'll let you use my car for free, but you then agree to let me look at everything and everyone in your house, including your young daughter"
But hey, they said they would do no evil, so that's alright then. I bet Microsoft executives are kicking themselves for not having discovered that joke themselves years ago.
Google has done some fantastic things with search technology. Unfortunately, the MBAs in that company have taken over, and I am not sure the company will survive what they are doing to it right now, it is morphing into another Microsoft..
The first problem is the Free and Open claim. The second problem is that Google, like Facebook, grew up on the wave of privacy violations committed under the guise of anti-terror measures - you could say it's in the corporate DNA. The third problem is that Google hasn't exactly done much to engender trust by breaking privacy laws in various ways in many countries as if the law doesn't apply to them (the WiFi data grabbing, Streetview issue) - it exposed the "do no evil" for the BS it was. It is a shame, because the company has been responsible for a revolution in search, I just wished they stopped with their backhanded attempts to subvert users into their way of thinking/working. Case in point: just how much data does Chrome send back to base? If a company takes out expensive full page adds on London Underground to market something that is FREE there must be something else they gain from it - follow the money or ask at least that question.
Whatever the DoD decides, it ought to use something that is fully under their own control, not some 3rd party, yet is maintained. That is a hard balance to manage. If Google is smart it makes the full Android platform indeed unconditionally open, at which point you could start investing some funding into ensuring security and create devices based on it. As long as Google is pretending it wants "quality" control but clearly is after something else I don't think they're worth the trust they so crave.
Let's look at the bright side: at least there appears to be nobody left who in all seriousness would recommend Windows - there isn't enough in-theater bandwidth to keep up with the patching. Ditto for Adobe products - you could say they are now very much Microsoft compatible..
I guess this is another club that has fallen for the Google "open" claims for Android. On the other hand, Google is a US company, so an internal intelligence leak might not be a big problem.
Quality move to base yourself on a platform whose vendor makes money with taking data from you - try to run Android features without a (totally unnecessary) login to a Google account.. That'll be mighty funny when they go into theater and log in "Google has just added Wave 2 - activate Y/N?". Or launch bomb: 22000 ammo hits found - choose "I feel lucky?"
Leaves one question: the next time a bomb causes collateral damage, will Google sue the DoD for causing more gloss to fall off their "do no evil" statement? Just curious..
"Proprietary", "enslaves", "guise of" - yeah right. How about taking a your medicine first?
First of all, FOSS is not a guarantee of absolute security. It can be better provided there are enough eyeballs on the problem, and people capable of coding their way around it, but it is NOT a guarantee.
Secondly, you're welcome to Ekiga. I also need to call landlines which it doesn't support, but I have Skype on Windows (which I may use once a month), on OSX (which I use all the time), on Linux, in handsets, on an iPhone and on Android until I got fed up with the data leakage that Android represents. And guess what? It Just Works.
You're welcome to your own Universe, just don't try to sell it as perfect because it isn't (and I have been using Linux since it came as Slackware on floppies).
I worked at a computer manufacturer once, and their process for supplying components to manufacturers was:
1 - print out stock list from the VAX 2 - type all of it into a spreadsheet (2 people working for a week) 3 - prepare stock despatch orders
As stock levels changed in the week they were entered (not to mention that traditional "1 in 300 keystrokes is an error" problem) it was a never ending battle - every month. That's when I wandered in after having fixed a problem with Paradox elsewhere. Management wasn't receptive to new ideas (mostly because they were stuck up "not invented here" types) so I skunkworked it.
The guy who ran the VAX installed a kermit server and changed the report so it had a standard filename. I hacked a few things together in Turbo Pascal (cleaning out headers) and Paradox PAL (easiest to integrate with other stuff) and the whole 2 manweeks exercise became a 15 minute batch file - and accurate.
Thank you Kermit:-).
What? A raise? Hahaha, no, it wasn't that type of company - its management was saturated with "not invented here" types which is what eventually wrecked the company. I resigned a month later for a much better job.
How sure are we that current Nokia leadership doesn't have shares in other phone manufacturers? As fas as I can see there isn't much else left to screw up now..
I tend to prepare an elevator pitch of what I want to say, then decide how I bring it best in context with the audience, and after that I will create / find any images if I think they will help (if it's not technical you should think about images as setting the audience's mood).
In my experience, people really pay attention if you mention you have set yourself the task of making your point in 15 minutes or less - it's fun to start a session with a self-imposed challenge, and it keeps questions at bay until you hit Q&A. What's more, 15 mins worth of material you can keep in your head, so you can focus on your audience instead of reading slides..
BTW, nobody ever complained about a presentation being too short. Instead, they will actively seek you out afterwards to ask questions - you don't have to seek them out. Everyone wins..
Slashdot Mirror
That video shows exactly nothing - any 2 screen system can do Windows-R + "calc" offscreen and lob it into the picture, whilst it's looking at a web page. You can also not see if it really is a sub-process, that part is obscured. As far as I can judge by the indentation it is NOT a sub process - thus no hack. But I'm no expert - unlike them I won't pretend to be one either. In summary, this *seriously* lacks credibility.
It's IMHO a rather stupid attempt at getting their name out the and lick up to French Government. As Government I would not use them now because they have gone public with something that could have been useful (if it exists), and as a company I would avoid them like the plague because I would not know who they would sell my vulnerabilities to (instead of me).
Oh, and as for Google? You know, wouldn't it be funny if their website never showed up in any Google search... After all, can't let them do any evil now, can we?
No, he isn't, he just has another approach which is equally valid but does not work for *me*. I often need to use software which I do not have the time to completely assess (and it's not weird fringe stuff, Adobe and Microsoft products are on that list too). The other issue is that ipfw is more network and less application focused, but ipfw is not hard to set up - there are GUIs such as WaterRoof and Flying Buttress available if you spend 10 seconds on Google. There is a good intro to OSX ipfw available as well (at least, *I* like it, YMMV :).
His approach would be an upfront analysis and then tune ipfw accordingly. The problem for me with that is that software often does a lot of things you don't really know about - updates are a classic, which only happen every so often. In the ipfw case you'd end up with a failure to update and you'd have to go and dig to find out what happened and why retrospectively.
My approach is to install the code after I have checked its origin and scanned it for malware(*), and then monitor where it's going when it talks to the Net. I caught a couple of interesting things that way (in which case I tend to fire up Wireshark and have a good look at what it's trying to do), but it does mean that I occasionally have to adjust things on the fly. This way, my filter learns and will not bother me other than when an application decides to do something new. I do, however, pay the price that I risk getting interrupted (something I hate) but this approach works best for me at present.
The disadvantage is that this approach requires a very clean approach to installation, and presents a slightly greater risk. His approach is very low risk, but is more labour intensive. Different shades of grey..
Let me see if I get this right. You can save it as a template.
1 - problems occur with Data Loss
2 - every vendor jumps on it with a "solution" product
3 - execs buy such product to make it appear they have done something
4 - nobody bothers to look at the actual problem, processes and possible alternative approaches
5 - the software doesn't deliver, a discovery made after spending a fortune on consulting to fit an essentially square peg in a hole that was actually round to start with (but nobody bothered to check that upfront).
6 - because the "solution" isn't, return to 1
Did I miss anything?
.. a bottom up approach?
Funny that it immediately is mentioned that it's not intended for spy use. Exactly how many seconds do they expect that situation to last? :-)
No pointy-clicky though, so most Mac users won't use it.
I was building BSD firewalls based on Gauntlet more than 2 decades ago :-). You have two extra problems with ipfw - you need to know upfront what you're going to shut down or allow and it requires a lot of expertise that is not available to your average user.
In my case, you can add that I can no longer be bothered with hacking around in a box, I want the damn thing to work so I can get stuff done. Both LS and HO pop up when they have a question, but leave me otherwise to work. FIne by me..
True enough. You're in a twisty maze, with passages all alike - and your geo-location enabled phone will sell your every move..
Used it. Little Snitch has IMHO one major problem: they decided that it should use the Macs voice system if you go into FrontRow, and it's not optional - there is no way to disable it at. Voice rendering on computers is a pet hate of mine (and Apple's system is pretty bad), so the fact that LS decided all on its own to use this was enough to start seeking an alternative.
I switched to Hands Off, which has the added advantage that I can have it monitor what applications do with my hard disk as well. And they offer a cheap license for those switching from LS, which helps :-).
The only question with both apps is: do THEY phone home? Haven't looked with Wireshark yet, but I will..
.. Assange is actually right here.
Nah. I'd install a proxy and start messing with their traffic. Maybe we ought to introduce a competition: just how many images can you replace with goatse before they give up? Could be quite fun..
Interesting that people only see the risk from the provider side (eating bandwidth, collaboration with illegal activities) without considering that "free" generally isn't..
.. filled with lead.
Branson announcing plans and finding ways to execute them are two separate things. I'm sure he'll look at this too, but might be too expensive.
Not entirely true. The telco must enable that feature on demand, it's not on by default (at least not in the countries where I've seen it). A warrant or legal order is served with exact details, and only the data for that tap will be provided.
The non-disclosure component is only towards the subject, which makes sense from an investigative point of view.
"Hello? Ah yes, here is your telco. We had to put a tap on your line. No, no, it's all legal. Just carry on as before, and have a nice day" :-)
Thanks, that makes sort of sense (apologies about the double post, I got a site failure when I posted). There is, of course, the issue that there is always quite a bit of waste during meat production, but AFAIK we have food mountains too to keep prices up (depressing when there are so many people out of work on one side of the planet and people simply starving on the other side, but I digress).
Cheers.
For years I have been reading that meat production is one of the major causes of the greenhouse effect (not talked about much, because it's politically easier to tax car drivers and industry than subsidised farmers).
AFAIK biofuel is usually made of plants, so what does processing it through a chicken first add? Egg yoke? Would it not be easier to simply reduce the chicken production instead?
Actually, here is an idea: if we could turn red tape into fuel we could probably stop drilling altogether..
For years I have been reading that meat production is one of the major causes of the greenhouse effect (not talked about much, because it's politically easier to tax car drivers and industry than subsidised farmers).
What exactly is the point of using that production for fuel? Would it not be easier to simply reduce the chicken production instead? Or find a way to make turn other waste into fuel. Actually, if we could turn red tape into fuel we could probably stop drilling..
So, you're saying that any smartphone platform the DOD uses should be developed solely by them with no outside help from companies or any FLOSS development community.
No, that's NOT what I said. I said they should remain in full control, which is actually more likely with FLOSS sourced code. What they need to do is take code, freeze it so it can be audited end to end, and then roll in updates after audit. I would actually disagree with the DoD brewing their own because it takes time to build up the required expertise and the whole exercise would be very inefficient..
Sorry, I don't buy your arguments. The value of the PS/3 is irrelevant.
What is relevant is that the product was sold with a specific, DOCUMENTED feature set, a bit like a car is sold with certain accessories. This drives a purchase decision.
If the product post-sale is adjusted to no longer support the original feature set you have been misleading the consumer, which in many countries is termed misleading marketing or misleading product description. It's equivalent to selling someone a car with alloy wheels, and swap them for cheap steel rims the next time the car comes in for a service. It is NOT acceptable in any way, shape or form.
The arguments Sony has brought for this just do not stack up, and they know it. They are just hoping to get away with it, like they have been trying to get away with other creative approaches like rootkitting the PCs of consumers that bought their products.
Sony makes good enough products not to need this crap, yet they persist in doing it. In the process they have lost the trust of many technically capable buyers - exactly the kind of buyers who would shell out a premium to get better kit. It's corporate suicide, but that has either not registered, or someone is sitting somewhere with their fingers in their ears, hoping not to lose face over this idiocy.
I really regret not being able to buy Sony anymore, but trust matters to me. Plenty others to take up the slack.
I have to agree with you, but there is one curious thing here: I too have a higher colour vision ability (mine hovers around the 2..3 McAdam and I have been a professional plastics colour recipe developer - the irony is that I have a father who is as red-green colourblind as they come, he really cannot see the difference). I wonder if this somehow contributes to my lack of problems with 3D vision.
I don't have a problem either with 3D movies, and I really mean NO problem - other than that you can recognise when some movie exec has ordered it to be 3D where the movie wasn't suitable for it (Alice in Wonderland is like that, it reminded me of the books I had when I was little with lots of cardboard popup when you opened them).
However, I do think that it's very early days in film techniques. I don't see the display as the only aspect still under development, the fact is that 3D also requires learning new skills for everyone involved: actors, directors, editors - Cameron had 10 years to dream all of this up, but the rest of the industry will take time to learn.
Umm - you do know that Android is actually the new WiFi snooping tool for Google (you'll want to read point 47, and I am willing to bet that nobody has bothered yet with point 48).
It's free as in "I'll let you use my car for free, but you then agree to let me look at everything and everyone in your house, including your young daughter"
But hey, they said they would do no evil, so that's alright then. I bet Microsoft executives are kicking themselves for not having discovered that joke themselves years ago.
Google has done some fantastic things with search technology. Unfortunately, the MBAs in that company have taken over, and I am not sure the company will survive what they are doing to it right now, it is morphing into another Microsoft..
The first problem is the Free and Open claim. The second problem is that Google, like Facebook, grew up on the wave of privacy violations committed under the guise of anti-terror measures - you could say it's in the corporate DNA. The third problem is that Google hasn't exactly done much to engender trust by breaking privacy laws in various ways in many countries as if the law doesn't apply to them (the WiFi data grabbing, Streetview issue) - it exposed the "do no evil" for the BS it was. It is a shame, because the company has been responsible for a revolution in search, I just wished they stopped with their backhanded attempts to subvert users into their way of thinking/working. Case in point: just how much data does Chrome send back to base? If a company takes out expensive full page adds on London Underground to market something that is FREE there must be something else they gain from it - follow the money or ask at least that question.
Whatever the DoD decides, it ought to use something that is fully under their own control, not some 3rd party, yet is maintained. That is a hard balance to manage. If Google is smart it makes the full Android platform indeed unconditionally open, at which point you could start investing some funding into ensuring security and create devices based on it. As long as Google is pretending it wants "quality" control but clearly is after something else I don't think they're worth the trust they so crave.
Let's look at the bright side: at least there appears to be nobody left who in all seriousness would recommend Windows - there isn't enough in-theater bandwidth to keep up with the patching. Ditto for Adobe products - you could say they are now very much Microsoft compatible..
I guess this is another club that has fallen for the Google "open" claims for Android. On the other hand, Google is a US company, so an internal intelligence leak might not be a big problem.
Quality move to base yourself on a platform whose vendor makes money with taking data from you - try to run Android features without a (totally unnecessary) login to a Google account.. That'll be mighty funny when they go into theater and log in "Google has just added Wave 2 - activate Y/N?". Or launch bomb: 22000 ammo hits found - choose "I feel lucky?"
Leaves one question: the next time a bomb causes collateral damage, will Google sue the DoD for causing more gloss to fall off their "do no evil" statement? Just curious..
"Proprietary", "enslaves", "guise of" - yeah right. How about taking a your medicine first?
First of all, FOSS is not a guarantee of absolute security. It can be better provided there are enough eyeballs on the problem, and people capable of coding their way around it, but it is NOT a guarantee.
Secondly, you're welcome to Ekiga. I also need to call landlines which it doesn't support, but I have Skype on Windows (which I may use once a month), on OSX (which I use all the time), on Linux, in handsets, on an iPhone and on Android until I got fed up with the data leakage that Android represents. And guess what? It Just Works.
You're welcome to your own Universe, just don't try to sell it as perfect because it isn't (and I have been using Linux since it came as Slackware on floppies).
.. they need to steal someone else's botnet to do their spying now?
Just curious..
I worked at a computer manufacturer once, and their process for supplying components to manufacturers was:
1 - print out stock list from the VAX
2 - type all of it into a spreadsheet (2 people working for a week)
3 - prepare stock despatch orders
As stock levels changed in the week they were entered (not to mention that traditional "1 in 300 keystrokes is an error" problem) it was a never ending battle - every month. That's when I wandered in after having fixed a problem with Paradox elsewhere. Management wasn't receptive to new ideas (mostly because they were stuck up "not invented here" types) so I skunkworked it.
The guy who ran the VAX installed a kermit server and changed the report so it had a standard filename. I hacked a few things together in Turbo Pascal (cleaning out headers) and Paradox PAL (easiest to integrate with other stuff) and the whole 2 manweeks exercise became a 15 minute batch file - and accurate.
Thank you Kermit :-).
What? A raise? Hahaha, no, it wasn't that type of company - its management was saturated with "not invented here" types which is what eventually wrecked the company. I resigned a month later for a much better job.
How sure are we that current Nokia leadership doesn't have shares in other phone manufacturers? As fas as I can see there isn't much else left to screw up now..
I tend to prepare an elevator pitch of what I want to say, then decide how I bring it best in context with the audience, and after that I will create / find any images if I think they will help (if it's not technical you should think about images as setting the audience's mood).
In my experience, people really pay attention if you mention you have set yourself the task of making your point in 15 minutes or less - it's fun to start a session with a self-imposed challenge, and it keeps questions at bay until you hit Q&A. What's more, 15 mins worth of material you can keep in your head, so you can focus on your audience instead of reading slides..
BTW, nobody ever complained about a presentation being too short. Instead, they will actively seek you out afterwards to ask questions - you don't have to seek them out. Everyone wins..