The legal, prudent, and best practice thing to do when such an error is noticed is to seize the server holding the classified material and place it into evidence until a thorough investigation can be performed.
The drivers are for the hardware you're building, no reason you can't contribute the drivers back to AOSP or even the core Linux kernel... Even if you're buying parts, you can demand open drivers for them and suppliers would comply if enough big customers demand it. Aside from drivers, most of the application software will continue to run fine if you update the core os so even if a basic usable core is open you're far better off and can always replace/remove buggy apps if necessary.
Not only complicated, but different for the sake of being different... Pretty much every other system has the same standard shell with the same standard commands, maybe adding a few of their own but the basics still all work the same. Why reinvent the wheel (poorly) rather than starting with a standard unix like shell and maybe adding some extras?
The problem is that general purpose computers with general purpose operating systems are geek toys, and are far too complicated for the average guy on the street... In their failing attempts to make windows more suitable for such users, they are making it less palatable to the more technically minded users too.
Most organisations don't provide anything else, or actively refuse to... Most users have never used anything else because it's all they've ever been provided with... In most cases it's a poor tool for the job, and something else would work much better.
That would work too, if the phones were running the google version of android in the first place... Most of them are running hacked up versions made by either the carriers or the handset vendors, if you replaced them with stock google code they simply wouldn't boot at all in most cases. The same is true with any other platform, it's just a far less common scenario.
Also make it a legal requirement that any phone sold on a long term contract receives security patches for the duration of the contract. Many phones are sold on 2 year contracts these days, but the updates stop long before the contract expires.
So instead of spending money creating a proprietary custom Android build, why don't they build a phone that's supported by AOSP out of the box that way their development effort is significantly less and the phone gets updates - thus saving money, not spending it.
So create an appliance that is bundled with the hardware and provides a web based ui to it... Not too difficult, and many such devices are built this way already.
Many of the routers with ipv6 support are linux based, the linux ipv6 stack is quite mature already... V6 also comes with some security improvements that v4 never had, like temporary privacy address and a huge address space - scanning an ipv4 range for targets is commonplace but scanning someone's/64 ipv6 space is impractical. Also although v6 typically has fully routable addresses, all the consumer oriented routers i've seen block inbound connections by default so it's no worse than the default ipv4 setup with nat and better in many ways.
And even if the ISA is ARM, Intel can still manufacture the CPU... The ARM ISA has won, most software is distributed as precompiled binaries so once a given ISA becomes entrenched in a given market there's no shifting it, only extending it while retaining compatibility. Intel learned that with IA64.
Well depending on who and where he is, he might have much less to fear from the chinese than the american government... If you're going to be spied on by someone, might as well have it be someone who has no interest in your activities nor any jurisdiction over you.
And that has always been the case... Only a very small percentage of people perform their own copying, and a much larger percentage simply download a pirated copy which already has any drm or other crap removed which actually makes it a superior product to the original.
Bespoke software development isn't the problem, software not developed to sensible cross platform standards is the problem. I regularly use a piece of bespoke software that was developed many years ago as a standards compliant webapp, it still works today in all the major browsers on any platform - including on mobile phones, which didn't even have browsers when this software was written.
If you plan appropriately when acquiring new software, these problems wouldn't occur.
As you point out however, there is often no way to pay for a piece of media after a few years anyway so even if you want to pay for it you can't... So the only legal way for you to acquire that 20 year old game is to wait another 70 years or more and then hope that a copy still exists anywhere, on media thats still readable, and any hardware still exists thats capable of playing it.
Wether code is open or closed has no relevance on the decision of the original authors to continue supporting it, the two things are not directly related at all.
Many closed source projects also cease being maintained, you just don't see the code languishing on github because its languishing on an internal code repository at the original vendor instead.
Some vendors decide to open source code that they no longer have any interest in, but the fact they're open sourcing it is not the reason they've lost interest in it - that's usually already happened or would have happened anyway. Open sourcing in this instance is just the equivalent of leaving goods on the curb with a "free to a good home" sign.
If closed source code is unmaintained the code is dead... If you use or depend on that code you're screwed. If open source code is unmaintained the opportunity exists for someone else to take over maintenance. If the code still has users, those users can take over maintenance themselves or band together to do so. If noone is using the code then it doesn't really matter and it remains online as an educational reference which may still help someone in the future.
Being open presents additional opportunities which being closed does not, and being closed does not prevent code from ending up abandoned and unmaintained.
It's also a myth that closed source is truly closed, the source code is out there somewhere and malicious parties certainly have the source for various closed source software. The difference is that when the only way to obtain the source is illegal, legitimate whitehat researchers won't be able to look at it which gives the upper hand to those who don't care about legality. With open source, everyone has equal access.
It's also not really true that closed source has more attackers... Most networks place devices running open source code in front of devices running closed source to protect them (eg most firewalls and other security appliances are linux or bsd based), and there are many systems out there running on open source which would be highly sought after by various blackhats (eg the fastest supercomputers in the world run linux). There are plenty of people attacking open source code, and plenty of motivation for them to do so.
If two people are assigned the same work and receive the same pay, one of them completes it in 2 hours and the other takes all day to complete it - whats wrong with the faster of the two spending the remaining 6 hours doing their own thing?
Their efficiency is for their benefit, if you want them to use it for your benefit then you need to reward them one way or another. If you pay then more you can reasonably expect them to do more work in the same length of time.
Indeed if that person would carry out extra work with their remaining time it would create a precedent, management would then expect that level of work and would assume the colleagues to be lazy/incompetent. They would then have severe trouble hiring any new staff because highly efficient people are relatively rare and will usually demand higher wages.
There are a lot of people employed in situations like this, they're capable of working far more efficiently than their colleagues but because they're being treated the same they have no reason to do so. If they worked harder they would just be expected to work more, not rewarded for their work, so they generally just spend the remainder of the time pretending to work while doing something else.
Well you need to choose an appropriate vehicle according to your needs, for someone who usually travels long distances at a steady highway speed diesel works out pretty well. At my previous job that's exactly what i did, so a diesel was ideal.
Well the fine will be passed on to the consumers one way or another anyway. They should make the shareholders and senior management liable for the fine, that might actually discourage such behaviour from happening in future.
Slashdot Mirror
The legal, prudent, and best practice thing to do when such an error is noticed is to seize the server holding the classified material and place it into evidence until a thorough investigation can be performed.
The drivers are for the hardware you're building, no reason you can't contribute the drivers back to AOSP or even the core Linux kernel... Even if you're buying parts, you can demand open drivers for them and suppliers would comply if enough big customers demand it.
Aside from drivers, most of the application software will continue to run fine if you update the core os so even if a basic usable core is open you're far better off and can always replace/remove buggy apps if necessary.
Not only complicated, but different for the sake of being different...
Pretty much every other system has the same standard shell with the same standard commands, maybe adding a few of their own but the basics still all work the same. Why reinvent the wheel (poorly) rather than starting with a standard unix like shell and maybe adding some extras?
First time i ever saw OSX crash, it was down to microsoft software (msoffice) being installed... I had similar problems with their RDP client too.
The problem is that general purpose computers with general purpose operating systems are geek toys, and are far too complicated for the average guy on the street... In their failing attempts to make windows more suitable for such users, they are making it less palatable to the more technically minded users too.
libreoffice supports vba and javascript too...
Most organisations don't provide anything else, or actively refuse to... Most users have never used anything else because it's all they've ever been provided with...
In most cases it's a poor tool for the job, and something else would work much better.
That would work too, if the phones were running the google version of android in the first place...
Most of them are running hacked up versions made by either the carriers or the handset vendors, if you replaced them with stock google code they simply wouldn't boot at all in most cases. The same is true with any other platform, it's just a far less common scenario.
Also make it a legal requirement that any phone sold on a long term contract receives security patches for the duration of the contract. Many phones are sold on 2 year contracts these days, but the updates stop long before the contract expires.
So instead of spending money creating a proprietary custom Android build, why don't they build a phone that's supported by AOSP out of the box that way their development effort is significantly less and the phone gets updates - thus saving money, not spending it.
So create an appliance that is bundled with the hardware and provides a web based ui to it... Not too difficult, and many such devices are built this way already.
you only have to compromise a single system within IT to be able to infiltrate the entire network
Which is already the status quo, thanks to centralised management systems like active directory...
Many of the routers with ipv6 support are linux based, the linux ipv6 stack is quite mature already... /64 ipv6 space is impractical.
V6 also comes with some security improvements that v4 never had, like temporary privacy address and a huge address space - scanning an ipv4 range for targets is commonplace but scanning someone's
Also although v6 typically has fully routable addresses, all the consumer oriented routers i've seen block inbound connections by default so it's no worse than the default ipv4 setup with nat and better in many ways.
So much for trying to blacklist just the telemetry updates then...
And even if the ISA is ARM, Intel can still manufacture the CPU... The ARM ISA has won, most software is distributed as precompiled binaries so once a given ISA becomes entrenched in a given market there's no shifting it, only extending it while retaining compatibility. Intel learned that with IA64.
Well depending on who and where he is, he might have much less to fear from the chinese than the american government...
If you're going to be spied on by someone, might as well have it be someone who has no interest in your activities nor any jurisdiction over you.
And that has always been the case... Only a very small percentage of people perform their own copying, and a much larger percentage simply download a pirated copy which already has any drm or other crap removed which actually makes it a superior product to the original.
You can come in uninvited, and if you don't someone else will. The easier you make it, the more people will be capable of doing it.
Bespoke software development isn't the problem, software not developed to sensible cross platform standards is the problem.
I regularly use a piece of bespoke software that was developed many years ago as a standards compliant webapp, it still works today in all the major browsers on any platform - including on mobile phones, which didn't even have browsers when this software was written.
If you plan appropriately when acquiring new software, these problems wouldn't occur.
As you point out however, there is often no way to pay for a piece of media after a few years anyway so even if you want to pay for it you can't...
So the only legal way for you to acquire that 20 year old game is to wait another 70 years or more and then hope that a copy still exists anywhere, on media thats still readable, and any hardware still exists thats capable of playing it.
Wether code is open or closed has no relevance on the decision of the original authors to continue supporting it, the two things are not directly related at all.
Many closed source projects also cease being maintained, you just don't see the code languishing on github because its languishing on an internal code repository at the original vendor instead.
Some vendors decide to open source code that they no longer have any interest in, but the fact they're open sourcing it is not the reason they've lost interest in it - that's usually already happened or would have happened anyway. Open sourcing in this instance is just the equivalent of leaving goods on the curb with a "free to a good home" sign.
If closed source code is unmaintained the code is dead... If you use or depend on that code you're screwed.
If open source code is unmaintained the opportunity exists for someone else to take over maintenance. If the code still has users, those users can take over maintenance themselves or band together to do so. If noone is using the code then it doesn't really matter and it remains online as an educational reference which may still help someone in the future.
Being open presents additional opportunities which being closed does not, and being closed does not prevent code from ending up abandoned and unmaintained.
It's also a myth that closed source is truly closed, the source code is out there somewhere and malicious parties certainly have the source for various closed source software.
The difference is that when the only way to obtain the source is illegal, legitimate whitehat researchers won't be able to look at it which gives the upper hand to those who don't care about legality. With open source, everyone has equal access.
It's also not really true that closed source has more attackers... Most networks place devices running open source code in front of devices running closed source to protect them (eg most firewalls and other security appliances are linux or bsd based), and there are many systems out there running on open source which would be highly sought after by various blackhats (eg the fastest supercomputers in the world run linux). There are plenty of people attacking open source code, and plenty of motivation for them to do so.
If two people are assigned the same work and receive the same pay, one of them completes it in 2 hours and the other takes all day to complete it - whats wrong with the faster of the two spending the remaining 6 hours doing their own thing?
Their efficiency is for their benefit, if you want them to use it for your benefit then you need to reward them one way or another. If you pay then more you can reasonably expect them to do more work in the same length of time.
Indeed if that person would carry out extra work with their remaining time it would create a precedent, management would then expect that level of work and would assume the colleagues to be lazy/incompetent. They would then have severe trouble hiring any new staff because highly efficient people are relatively rare and will usually demand higher wages.
There are a lot of people employed in situations like this, they're capable of working far more efficiently than their colleagues but because they're being treated the same they have no reason to do so. If they worked harder they would just be expected to work more, not rewarded for their work, so they generally just spend the remainder of the time pretending to work while doing something else.
Well you need to choose an appropriate vehicle according to your needs, for someone who usually travels long distances at a steady highway speed diesel works out pretty well.
At my previous job that's exactly what i did, so a diesel was ideal.
Well the fine will be passed on to the consumers one way or another anyway.
They should make the shareholders and senior management liable for the fine, that might actually discourage such behaviour from happening in future.