They filed over 4 years ago. If they haven't got a working search engine by now based on this, they never will. 4 years is forever in internet time.
Never mind that any search engine using this is very unlikely to make a dent in google.
I think their strategy is to "shame" google et al into doing more -- "look, see we got a patent on a means of eliminating piracy, proving that it *IS* possible, therefore you have to do more to prevent piracy." Ignoring the fact that the existence of a patent proves nothing about whether the invention actually *works*. (I say this as someone who holds a number of patents -- all of mine work -- I filed them after I had them coded and working. But it would have been just as easy to make all of it up and code nothing.)
I've got a 3 year old iPhone 4S. Never broken the glass on it, but it does have some minor scratching on the display.
I'm not surprised Apple went with gorilla glass -- sapphire is very hard, but also brittle -- cornings product is a bit softer, but much more resilient.
I'll probably be upgrading to a 6 sometime in the next month or so.
When I read of mergers like this, I imagine two large garbage trucks colliding at speed -- the result is inevitably twisted smoking debris strewn wide, and oh God, the smell.
I find, as a metaphor for large mergers, I have yet to find a more accurate one.
I think any designer of a "secure" phone needs to assume that the baseband is running hostile software.
If the baseband has write access to application cpu ram, you're screwed.
There needs to be uncompromised hardware enforced protection to ensure the baseband cannot write to application ram or to the flash memory of the application processor. I'd be very suspicious of DMA capabilities under control of the baseband unit.
I'm not saying it's impossible to make a secure phone, but you as a creator of such should assume that every byte of code not under your control is out to get you. (including closed source graphics drivers).
I'd also be nervous of the toolchain/compiler. That classic Thompson compiler attack (http://cm.bell-labs.com/who/ken/trust.html) is a worry.
With something like RedPhone is that there are multiple CPUs on the phone -- in particular, the base-band is a full ARM chip with complete access to all ram on the device. And the software running there is almost never under the users control. So it doesn't matter how good red-phone is -- if it ever leaks *any* plaintext or key bits out to ram, or across any wires outside the cpu it's running on, the baseband chip and the software running on it can wiretap you. And even if those things never leak off the main cpu die, the baseband can probably inject processes/instructions into that main chip's address space that would steal those critical key bits.
Unless you have control over *all* the firmware running on *all* the processors in a phone, I wouldn't trust it any farther than I can comfortably spit out a rat.
(and this is not accounting for hardware tricks -- I think you cannot trust your communications are secure unless you trust everyone involved in its design, manufacture and programming (including the compiler and related toolchain, and its compiler and toolchain -- and so on ad-infinitum) -- and that is probably a *very* sizable list indeed -- the odds that some lettered agency (looking at *you* cse/csis, nsa, gchq, fsb, etc) have not corrupted *someone* on that large list are so small that only god/fsm could tell the difference between it and 0.)
Take a shot from each camera, sample each microphone for a few milliseconds, Sample the gyros and accelerometers for a few milliseconds. Sample the current battery voltage/charge state, Salt in the current time/date and last known location, along with the various readable serial numbers, SHA each of these sources and fold them into each other and SHA the result, and you should be good to go.
Once the device is booted, it can do a lengthy and more sophisticated RNG to make a seed that will be folded into the above entropy sources on the next boot.
But it does sound like apple should put in a good hardware entropy source on their A8 (and future) chips. (One with no NSA/CSEC/GCHQ/KGB/FSB backdoors please!)
That can also be folded into the above sources (I think you would never want to rely on only one source of entropy, no matter how good or trusted.)
This code is so simple it doesn't need any tests
Always write tests -- yes, missing tests should be considered an important part of your technical debt.
I'll buy one when I can get a consistently reliable 500 mile range (at -20 degrees C exterior temperature, +20 interior, with headlights on too) out of it.
Recharge at 40 to 60A (230V) at home is acceptable.
That likely means a 200 kwh battery pack. So about 2.5x increase in energy density over what we have now. This will probably be available in the next 10 years. The advantages of electric given this sort of range will all but kill other powertrains for most cars.
Those advantages will easily pay for a battery swapout every 5 years or so.
I remember watching it live on TV with some friends -- I semi-jokingly asked one "So when do you think the Russians are going to blow up the shuttle?" about 5 seconds before it happened. Everyone in the room was a bit freaked out by that coincidence.
Why are all the insightful posts in this thread being modded "funny"?
C++ is *way* too big a language already. It's got the PL/1 problem (yeah, get off my lawn) -- when everyone only understands 0.8 of your language (or some amount under 1.0) it winds up being a different 0.8 for everyone. And this means that virtually any programmer will write code that is unreadable to another. (and if there is one thing that over 25 years of programming has taught me is that code readability trumps almost everything else).
Interestingly enough, IBM created PL.8 (an 80% subset of PL/1) for internal use. The original XL compiler back-end for RS6000/PPC was written in PL.8
I'm very happy to hear that they aren't just encrypting cross DC links.
I always suspected Google had world-class talent in this area -- I'm glad to have it confirmed.
It's good that google's security people are aware and upset about the taping.
They aren't getting *nearly* paranoid enough. They should be encrypting the data on disk, on network connections between machines in the *same* data center, not just between centers. In fact the data should remain encrypted at all times unless absolutely necessary to have in clear-text to process it -- and that should never leave the CPU. It should remain clear-text only for the absolutely minimum time required.
They should assume that hostile agencies (foreign *and* domestic) have tapped every last network link they own. As well as most routers and processing machines. They should also assume that some small percentage of their workforce are working on behalf of one of these adversaries. Given these assumptions they should design a system that can remain as secure as possible given these circumstances.
Merely encrypting the network links between their data centers is not nearly enough to thwart the likes of the NSA, CSEC, GCHQ or other nameless agencies.
Apple's AirPort line of routers is one of the few consumer grade families of network gear that are not abandonware -- updates are provided fairly regularly. I believe that under the covers they're running VxWorks with a custom IP stack from Apple. As far as I know, there are no back-doors or security problems with them. (I would not be at all surprised to find out that the NSA has infiltrated one -- they are designed and the firware is written in the USA.)
I've been using them for years -- they're very reliable -- never need to be rebooted, and they perform well.
Yes, they cost a little more, but then it looks like you get what you pay for.
-- Ian.
The problem with this is that it sounds like raving paranoia. And if it is paranoia and untrue, technically it's just a software update away from being true. And as a theory, it's not really falsifiable.
Slashdot Mirror
They filed over 4 years ago. If they haven't got a working search engine by now based on this, they never will. 4 years is forever in internet time.
Never mind that any search engine using this is very unlikely to make a dent in google.
I think their strategy is to "shame" google et al into doing more -- "look, see we got a patent on a means of eliminating piracy, proving that it *IS* possible, therefore you have to do more to prevent piracy."
Ignoring the fact that the existence of a patent proves nothing about whether the invention actually *works*. (I say this as someone who holds a number of patents -- all of mine work -- I filed them after I had them coded and working. But it would have been just as easy to make all of it up and code nothing.)
I've got a 3 year old iPhone 4S. Never broken the glass on it, but it does have some minor scratching on the display.
I'm not surprised Apple went with gorilla glass -- sapphire is very hard, but also brittle -- cornings product is a bit softer, but much more resilient.
I'll probably be upgrading to a 6 sometime in the next month or so.
And you, sir, are technically correct -- the best kind of correct. :-)
I award you 9.5 out of 10 troll points for that post -- brilliantly subtle, and almost guaranteed to draw people into your semantic argument.
Bravo.
People are going to have to be smart (I know, it'll never happen) and use charge-only cables with the data lines physically disconnected.
Then you'll have to trust whoever makes those.
UFOs sending out distress calls.
(I'll just adjust my tinfoil hat now)
When I read of mergers like this, I imagine two large garbage trucks colliding at speed -- the result is inevitably twisted smoking debris strewn wide, and oh God, the smell.
I find, as a metaphor for large mergers, I have yet to find a more accurate one.
I think any designer of a "secure" phone needs to assume that the baseband is running hostile software.
If the baseband has write access to application cpu ram, you're screwed.
There needs to be uncompromised hardware enforced protection to ensure the baseband cannot write to application ram or to the flash memory of the application processor. I'd be very suspicious of DMA capabilities under control of the baseband unit.
I'm not saying it's impossible to make a secure phone, but you as a creator of such should assume that every byte of code not under your control is out to get you. (including closed source graphics drivers).
I'd also be nervous of the toolchain/compiler. That classic Thompson compiler attack (http://cm.bell-labs.com/who/ken/trust.html) is a worry.
With something like RedPhone is that there are multiple CPUs on the phone -- in particular, the base-band is a full ARM chip with complete access to all ram on the device. And the software running there is almost never under the users control. So it doesn't matter how good red-phone is -- if it ever leaks *any* plaintext or key bits out to ram, or across any wires outside the cpu it's running on, the baseband chip and the software running on it can wiretap you. And even if those things never leak off the main cpu die, the baseband can probably inject processes/instructions into that main chip's address space that would steal those critical key bits.
Unless you have control over *all* the firmware running on *all* the processors in a phone, I wouldn't trust it any farther than I can comfortably spit out a rat.
(and this is not accounting for hardware tricks -- I think you cannot trust your communications are secure unless you trust everyone involved in its design, manufacture and programming (including the compiler and related toolchain, and its compiler and toolchain -- and so on ad-infinitum) -- and that is probably a *very* sizable list indeed -- the odds that some lettered agency (looking at *you* cse/csis, nsa, gchq, fsb, etc) have not corrupted *someone* on that large list are so small that only god/fsm could tell the difference between it and 0.)
Take a shot from each camera, sample each microphone for a few milliseconds, Sample the gyros and accelerometers for a few milliseconds. Sample the current battery voltage/charge state, Salt in the current time/date and last known location, along with the various readable serial numbers, SHA each of these sources and fold them into each other and SHA the result, and you should be good to go.
Once the device is booted, it can do a lengthy and more sophisticated RNG to make a seed that will be folded into the above entropy sources on the next boot.
But it does sound like apple should put in a good hardware entropy source on their A8 (and future) chips. (One with no NSA/CSEC/GCHQ/KGB/FSB backdoors please!)
That can also be folded into the above sources (I think you would never want to rely on only one source of entropy, no matter how good or trusted.)
This code is so simple it doesn't need any tests Always write tests -- yes, missing tests should be considered an important part of your technical debt.
I'll buy one when I can get a consistently reliable 500 mile range (at -20 degrees C exterior temperature, +20 interior, with headlights on too) out of it. Recharge at 40 to 60A (230V) at home is acceptable. That likely means a 200 kwh battery pack. So about 2.5x increase in energy density over what we have now. This will probably be available in the next 10 years. The advantages of electric given this sort of range will all but kill other powertrains for most cars. Those advantages will easily pay for a battery swapout every 5 years or so.
If they drop classic, I'm gone. I'll never come back. Beta is *horrible* in every way.
I remember watching it live on TV with some friends -- I semi-jokingly asked one "So when do you think the Russians are going to blow up the shuttle?" about 5 seconds before it happened. Everyone in the room was a bit freaked out by that coincidence.
So your contention is that the NSA is ceiling cat?
> "The Washington Post cites this incident as a reminder that Java has become an Internet security menace."
That should read "The Washington Post cites this incident as a reminder that advertising has become an Internet security menace."
Adblock+ -- part of a sensible security policy.
Why are all the insightful posts in this thread being modded "funny"?
C++ is *way* too big a language already. It's got the PL/1 problem (yeah, get off my lawn) -- when everyone only understands 0.8 of your language (or some amount under 1.0) it winds up being a different 0.8 for everyone. And this means that virtually any programmer will write code that is unreadable to another. (and if there is one thing that over 25 years of programming has taught me is that code readability trumps almost everything else).
Interestingly enough, IBM created PL.8 (an 80% subset of PL/1) for internal use. The original XL compiler back-end for RS6000/PPC was written in PL.8
/ Really -- my lawn -- get off of it!
Canadian designed CANDU reactors support the thorium fuel cycle, and have a long and excellent safety record.
I'm very happy to hear that they aren't just encrypting cross DC links. I always suspected Google had world-class talent in this area -- I'm glad to have it confirmed. It's good that google's security people are aware and upset about the taping.
An excellent question -- and not one I have an answer to.
I think that perhaps they should get Bruce Schneier to help design their systems for them.
| They should also assume that some of their own employees are moles.
I mention that they should assume that.
They aren't getting *nearly* paranoid enough. They should be encrypting the data on disk, on network connections between machines in the *same* data center, not just between centers. In fact the data should remain encrypted at all times unless absolutely necessary to have in clear-text to process it -- and that should never leave the CPU. It should remain clear-text only for the absolutely minimum time required.
They should assume that hostile agencies (foreign *and* domestic) have tapped every last network link they own. As well as most routers and processing machines. They should also assume that some small percentage of their workforce are working on behalf of one of these adversaries. Given these assumptions they should design a system that can remain as secure as possible given these circumstances.
Merely encrypting the network links between their data centers is not nearly enough to thwart the likes of the NSA, CSEC, GCHQ or other nameless agencies.
Apple's AirPort line of routers is one of the few consumer grade families of network gear that are not abandonware -- updates are provided fairly regularly. I believe that under the covers they're running VxWorks with a custom IP stack from Apple. As far as I know, there are no back-doors or security problems with them. (I would not be at all surprised to find out that the NSA has infiltrated one -- they are designed and the firware is written in the USA.) I've been using them for years -- they're very reliable -- never need to be rebooted, and they perform well. Yes, they cost a little more, but then it looks like you get what you pay for. -- Ian.
I have to agree with the parent poster in every respect (another 17" macbook pro user here)
The problem with this is that it sounds like raving paranoia. And if it is paranoia and untrue, technically it's just a software update away from being true. And as a theory, it's not really falsifiable.
I certainly won't be buying one of these things.