There is however a theoretical attack (2^{52}) discovered in 2009 (better than prior breaks).
The authors of that attack withdrew their paper due to a miscalculation. Until they release details, 2^57 is the best published attack. And besides, it is irrelevant to the original poster: the flaw these attacks exploit allows creation of a pair of documents that hash to the same value, but *not* general creation of a document with a specific hash value, which is the only way you could attack an SSL server based on a flaw in its certificate hashing algorithm.
It's still useful as a checksum algorithm. I use it on my photos to determine if software has messed with the metadata. Clearly we're not talking about a security application here.
You may as well use CRC32, though, which is just as useful for that application and much, much cheaper to compute.
Match heads contain the correct amount of oxidizer for the fuel they contain. The design that appears to be what they're talking about just has a small amount of match head because it is easy to ignite by getting it hot (using the filament from the light bulb). The sugar will need oxidizing too, however. For bulk oxidation there are other readily available ingredients that are a lot easier to work with than match heads...
Will WarnerBros pursue MI-6, who will disavow all knowledge?
They wouldn't even respond. MI6 (or rather SIS... MI6 was a name used by the media to refer to the organization when its existence was a badly kept secret but nobody knew what it was actually called) enjoys crown immunity from prosecution (except for tort or contract violations -- copyright violations are neither).
The fact that submitting an application to the fragmented Android Market requires no inspection or vetting by gatekeepers means that very poorly written software will get in
Yes. However the fact that you can get poorly written software to perform some tasks is better than the state on the iPhone, where those same tasks simply cannot be performed unless you have a development kit.
Programming on Android is hard as it is due to the extreme OS versioning and hardware fragmentation
I don't find it hard. Stick to the documented APIs and test your application with multiple display resolutions in the emulator, and it seems to me you'll be fine. Unless you're trying to modify the behaviour of system apps (something which, if you tried to do it, would get your app banned from the iOS app store).
and the multiple states that an Android application must cycle through (often leaving dangerously dangling application threads)
Really? What's so hard about saving state and killing background threads in onPause() and restoring it in onResume()? Yes, there are apps that don't do this correctly. That doesn't mean it's hard.
This theory bothers me as well, but more for the simpler perspective of how the hell did the chuck of rock knocked off earth become so round in space? Shouldn't it be more like a big jaggiedy piece?
No. Gravity of any sufficiently large object causes it to become spherical over time.
in ancient Rome it was actually against the law for the plebs to know the laws
[citation needed]
As I understand it, ancient Rome was actually the first civilization to act on the belief that it was important that all citizens should have access to an accurate written description of the laws that applied to them.
[...] formats that have become obsolete and that require the original media or hardware [...] shall be considered obsolete if the machine or system necessary to render perceptible a work stored in that format is no longer manufactured or is no longer reasonably available in the commercial marketplace
Interesting, but this doesn't apply to the current discussion. The emulators in question were for Nintendo Gamecube (with which the Wii is backwards compatible), Nintendo Gameboy (with which the Gameboy Advance is backwards compatible), NES and SNES (for which Nintendo offer emulation on the Wii), so there is no requirement for original hardware in this case.
Only if you were aware of the details of the superinjunction, I would assume.
You would assume wrong. Which is one of the many problems with these ridiculous "Oh shit, I put my cock in the wrong hole!" injunctions.
[citation needed]
I haven't seen the text of this particular injunction (it hasn't been published to the general public, AFAIK), but previous ones that have been published generally contain text like: "This Order binds all persons (whether acting by themselves or in any other way) and all companies (whether acting by their directors, employees or agents or in any other way) who know that this Order has been made." (example, but be warned by clicking it you become a member of the class of people who know that it has been made)
Unless the comments describe how Android's implementation ends up in a result contrary to what's been explicitly documented behavior since before 1.0 (and, beyond that, elementary behavior every Android application developer has to know), I don't really see the value. This is one of those places where croudsourced touchy-feely impressions are just as likely to be misleading as useful... perhaps moreso, given the self-selected nature.
So -- here's the thing. Unless you go out of your way to have a background thread that stays alive, events are triggered by intents. Killing background applications won't stop them from being loaded when an intent happens, it just means they have to get reloaded when one happens, making your phone (guess what!) slower. You aren't saving your privacy against a malicious or misguided application, you're just getting an illusion of control and calling it security.
The article you linked to seems to be written purely from the perspective of optimizing memory usage. Yes, it is unlikely you'll be able to gain anything over base Android based solely on optimizing memory usage. However, there are many apps that do definitely use resources between the time you stop using them and when they are killed by the system at some later point in time. I hve tested my phone's battery usage and it is quite clear that if you use the camera and do not kill the camera application manualkly afterwards, more battery is used -- I believe the running background process keeps the camera device open, causing it to receive power when otherwise it would be put to sleep.
GP's other point -- that he doesn't trust apps not to continue requesting location updates in hte background -- is also quite plausible. There is nothing stopping such apps from starting a background thread andcontinuously polling for information. Yes, the UI thread is stopped while the activity is not being shown, but that doesn't mean the app is necessarily idle. In this case, manual control of the app lifespan seems sensible to me.
I must make the source code available to whomever I have distributed to -- this is Google not anyone else. M/quote>
Not quite: you must provide a transferrable written offer to provide the source to anyone who has a copy of the binary. You're not allowed to just wait for google to ask for the code, you must be proactive in making sure they know it is available. Your offer to provide the source could realistically go in one of two places: a pop up message available from your application's UI somewhere, or in the market description. In either case, google is fulfilling their obligation to transfer that offer to the end user.
So, there is no requirement to offer source to anyone, only those who legitimately possess the object code.
OTOH, anyone can legitimately possess the object code, because the original recipient who paid you for it is free to provide as many copies of it as they want to anyone they like, as long as they accompany it with a copy of your written offer. Theoretically, you could demand to see that copy of the written offer (or some other evidence that they have a copy of the object code), but it hardly seems worth it.
How am I, Joe Public, meant to know which football player the story is about? I could list all 800 English Premier League players and be breaking the law.
You're only breaking the law if you know at the time you publish it that the information is illegal to publish. Assuming you really don't know the identity of the footballers in question, you cannot break the law by speculating, because you also obviously would not know what the injunction prevents. You can't break a court order if you don't know of the order's existence...
How does a court injunction against a reporter have any bearing on anyone else?
The injunction is against anyone who is aware of both the existence of the injunction and the precise information it is intended to protect. Which would now appear to be just about everyone. Which means Ryan Giggs could probably sue me if he cared that much...
What in the fuck are these cycles being used for? Is there some problem being solved?
Yes: put simply, the problem being solved is generating authentication codes for transactions that require enough CPU time to generate that it's infeasible for an attacker to generate them themselves. On a technical level, you're searching for random numbers that can be added to a transaction list and the hash of the last transaction list block which makes the SHA256 hash match a certain pattern.
You might be able to go after British subjects who break the injunction, if you can figure out who they are
And if they've actually broken the injunction.
Contrary to popular belief, an injunction cannot prevent anyone in the world from revealing information. In order to be prosecuted, you must also be shown to be aware that the injunction existed and applied to the information you were revealing (source). As none of the media discussions so far specify exactly who it is that is subject of this order, I do not know who it is I must avoid identifying. If I were to accidentally do so, I could not be held liable for the breach.
Seriously? Does he really know what he implies he knows about this industry?
I don’t mind that Bill Gates is a megazillionaire; he’s done a lot of really interesting and innovative stuff. I do mind that a lot of unworthy people rode his coattails to minizillionaire status, eg the inventor of Hungarian notation, probably the dumbest widely-promulgated idea in the history of the field.
Seriously? Charles Simonyi, one of the greatest innovators of Xerox PARC, effectively the inventor of WYSIWYG editors, is unworthy and lacks innovation in comparison to Bill "I wrote a BASIC interpreter once" Gates?
Sure, I get that you don't like Hungarian (probably because you've never used it the way it was originally supposed to be used, but that's an entirely different matter), but do you really think that's all the guy ever did in his entire career?
And in the 1990s, they did not. Neither Windows nor classic Mac OS came with a compiler
Can't speak to Mac OS classic, but Windows came with both QBASIC, a reasonably good BASIC interpreter that was source-code compatible with MS's BASIC compiler of the era, and debug, which functions as an adequate assembler. Later versions of Windows also shipped with WSH, which is an acceptable scripting environment for many tasks.
This is actually *better* developer support than most 1980s era machines (which typically came with a crap and fundamentally limited BASIC interpreter, and if you wanted to program in machine code you had to assemble it yourself and enter the data directly into memory).
one had to buy a copy of CodeWarrior or Turbo C++ or whatever they called it back then, often at inflated prices comparable to those of modern-day Microsoft Visual Studio Professional unless your school happened to be in a compiler publisher's academic discount program.
IIRC, Microsoft's Quick**** series of compilers retailed at around $100 per title. But that doesn't matter, because there were plenty of reasonably-priced shareware and freeware developer tools available. I used to use a DOS port of Small C (freeware), and the A86 assembler ($20 registration required if you published anything written with it, IIRC).
The WiFi built into phones is normally integrated with the GSM or CSMA chipset. The cost of these chips in bulk is usually about $10, which is probably outside of the price range for this project.
OTOH, chips that support standard wired ethernet are pretty-much ten a penny, so it's just a case of having a breakout board to attach an RJ45 socket to...
Slashdot Mirror
There is however a theoretical attack (2^{52}) discovered in 2009 (better than prior breaks).
The authors of that attack withdrew their paper due to a miscalculation. Until they release details, 2^57 is the best published attack. And besides, it is irrelevant to the original poster: the flaw these attacks exploit allows creation of a pair of documents that hash to the same value, but *not* general creation of a document with a specific hash value, which is the only way you could attack an SSL server based on a flaw in its certificate hashing algorithm.
It's still useful as a checksum algorithm. I use it on my photos to determine if software has messed with the metadata. Clearly we're not talking about a security application here.
You may as well use CRC32, though, which is just as useful for that application and much, much cheaper to compute.
It might be more lethal if it contained an oxidizer.
You mean something like pottasium chlorate, the main ingredient in match heads?
Yes, only in enough quantity to oxidize the sugar, not just the fuel in the match heads.
Match heads contain the correct amount of oxidizer for the fuel they contain. The design that appears to be what they're talking about just has a small amount of match head because it is easy to ignite by getting it hot (using the filament from the light bulb). The sugar will need oxidizing too, however. For bulk oxidation there are other readily available ingredients that are a lot easier to work with than match heads...
Will WarnerBros pursue MI-6, who will disavow all knowledge?
They wouldn't even respond. MI6 (or rather SIS... MI6 was a name used by the media to refer to the organization when its existence was a badly kept secret but nobody knew what it was actually called) enjoys crown immunity from prosecution (except for tort or contract violations -- copyright violations are neither).
how to make a lethal pipe bomb using sugar, match heads and a miniature lightbulb,
It might be more lethal if it contained an oxidizer.
Just sayin'
The fact that submitting an application to the fragmented Android Market requires no inspection or vetting by gatekeepers means that very poorly written software will get in
Yes. However the fact that you can get poorly written software to perform some tasks is better than the state on the iPhone, where those same tasks simply cannot be performed unless you have a development kit.
Programming on Android is hard as it is due to the extreme OS versioning and hardware fragmentation
I don't find it hard. Stick to the documented APIs and test your application with multiple display resolutions in the emulator, and it seems to me you'll be fine. Unless you're trying to modify the behaviour of system apps (something which, if you tried to do it, would get your app banned from the iOS app store).
and the multiple states that an Android application must cycle through (often leaving dangerously dangling application threads)
Really? What's so hard about saving state and killing background threads in onPause() and restoring it in onResume()? Yes, there are apps that don't do this correctly. That doesn't mean it's hard.
This theory bothers me as well, but more for the simpler perspective of how the hell did the chuck of rock knocked off earth become so round in space? Shouldn't it be more like a big jaggiedy piece?
No. Gravity of any sufficiently large object causes it to become spherical over time.
in ancient Rome it was actually against the law for the plebs to know the laws
[citation needed]
As I understand it, ancient Rome was actually the first civilization to act on the belief that it was important that all citizens should have access to an accurate written description of the laws that applied to them.
Interesting, but this doesn't apply to the current discussion. The emulators in question were for Nintendo Gamecube (with which the Wii is backwards compatible), Nintendo Gameboy (with which the Gameboy Advance is backwards compatible), NES and SNES (for which Nintendo offer emulation on the Wii), so there is no requirement for original hardware in this case.
True, but I was thinking more along the lines of incompetently-written apps, rather than actively malicious ones.
You would assume wrong. Which is one of the many problems with these ridiculous "Oh shit, I put my cock in the wrong hole!" injunctions.
[citation needed]
I haven't seen the text of this particular injunction (it hasn't been published to the general public, AFAIK), but previous ones that have been published generally contain text like: "This Order binds all persons (whether acting by themselves or in any other way) and all companies (whether acting by their directors, employees or agents or in any other way) who know that this Order has been made." (example, but be warned by clicking it you become a member of the class of people who know that it has been made)
The article you linked to seems to be written purely from the perspective of optimizing memory usage. Yes, it is unlikely you'll be able to gain anything over base Android based solely on optimizing memory usage. However, there are many apps that do definitely use resources between the time you stop using them and when they are killed by the system at some later point in time. I hve tested my phone's battery usage and it is quite clear that if you use the camera and do not kill the camera application manualkly afterwards, more battery is used -- I believe the running background process keeps the camera device open, causing it to receive power when otherwise it would be put to sleep.
GP's other point -- that he doesn't trust apps not to continue requesting location updates in hte background -- is also quite plausible. There is nothing stopping such apps from starting a background thread andcontinuously polling for information. Yes, the UI thread is stopped while the activity is not being shown, but that doesn't mean the app is necessarily idle. In this case, manual control of the app lifespan seems sensible to me.
I must make the source code available to whomever I have distributed to -- this is Google not anyone else. M/quote>
Not quite: you must provide a transferrable written offer to provide the source to anyone who has a copy of the binary. You're not allowed to just wait for google to ask for the code, you must be proactive in making sure they know it is available. Your offer to provide the source could realistically go in one of two places: a pop up message available from your application's UI somewhere, or in the market description. In either case, google is fulfilling their obligation to transfer that offer to the end user.
So, there is no requirement to offer source to anyone, only those who legitimately possess the object code.
OTOH, anyone can legitimately possess the object code, because the original recipient who paid you for it is free to provide as many copies of it as they want to anyone they like, as long as they accompany it with a copy of your written offer. Theoretically, you could demand to see that copy of the written offer (or some other evidence that they have a copy of the object code), but it hardly seems worth it.
How am I, Joe Public, meant to know which football player the story is about? I could list all 800 English Premier League players and be breaking the law.
You're only breaking the law if you know at the time you publish it that the information is illegal to publish. Assuming you really don't know the identity of the footballers in question, you cannot break the law by speculating, because you also obviously would not know what the injunction prevents. You can't break a court order if you don't know of the order's existence...
How does a court injunction against a reporter have any bearing on anyone else?
The injunction is against anyone who is aware of both the existence of the injunction and the precise information it is intended to protect. Which would now appear to be just about everyone. Which means Ryan Giggs could probably sue me if he cared that much...
What in the fuck are these cycles being used for? Is there some problem being solved?
Yes: put simply, the problem being solved is generating authentication codes for transactions that require enough CPU time to generate that it's infeasible for an attacker to generate them themselves. On a technical level, you're searching for random numbers that can be added to a transaction list and the hash of the last transaction list block which makes the SHA256 hash match a certain pattern.
Does that help?
You might be able to go after British subjects who break the injunction, if you can figure out who they are
And if they've actually broken the injunction.
Contrary to popular belief, an injunction cannot prevent anyone in the world from revealing information. In order to be prosecuted, you must also be shown to be aware that the injunction existed and applied to the information you were revealing (source). As none of the media discussions so far specify exactly who it is that is subject of this order, I do not know who it is I must avoid identifying. If I were to accidentally do so, I could not be held liable for the breach.
You mean like: but feeling the "buttons" is what got the screen sticky in the first place?
Seriously? Does he really know what he implies he knows about this industry?
Seriously? Charles Simonyi, one of the greatest innovators of Xerox PARC, effectively the inventor of WYSIWYG editors, is unworthy and lacks innovation in comparison to Bill "I wrote a BASIC interpreter once" Gates?
Sure, I get that you don't like Hungarian (probably because you've never used it the way it was originally supposed to be used, but that's an entirely different matter), but do you really think that's all the guy ever did in his entire career?
And in the 1990s, they did not. Neither Windows nor classic Mac OS came with a compiler
Can't speak to Mac OS classic, but Windows came with both QBASIC, a reasonably good BASIC interpreter that was source-code compatible with MS's BASIC compiler of the era, and debug, which functions as an adequate assembler. Later versions of Windows also shipped with WSH, which is an acceptable scripting environment for many tasks.
This is actually *better* developer support than most 1980s era machines (which typically came with a crap and fundamentally limited BASIC interpreter, and if you wanted to program in machine code you had to assemble it yourself and enter the data directly into memory).
one had to buy a copy of CodeWarrior or Turbo C++ or whatever they called it back then, often at inflated prices comparable to those of modern-day Microsoft Visual Studio Professional unless your school happened to be in a compiler publisher's academic discount program.
IIRC, Microsoft's Quick**** series of compilers retailed at around $100 per title. But that doesn't matter, because there were plenty of reasonably-priced shareware and freeware developer tools available. I used to use a DOS port of Small C (freeware), and the A86 assembler ($20 registration required if you published anything written with it, IIRC).
The WiFi built into phones is normally integrated with the GSM or CSMA chipset. The cost of these chips in bulk is usually about $10, which is probably outside of the price range for this project.
OTOH, chips that support standard wired ethernet are pretty-much ten a penny, so it's just a case of having a breakout board to attach an RJ45 socket to...
It's also not so cheap if you need an HDMI display. Composite PAL/NTSC would be much cheaper.
RTFA:
(emphasis mine)
From the article, specs appear comparable to the Wii
Except, of course, that it has HD output.