I know everybody here would love the idea of Nokia switching to linux, but let's not get carried away. What would Nokia benefit from that:
1) Since Nokia owns 48% of it, Symbian is "as open and free as necessary" from Nokia's point of view. They get to decide how the OS evolves and get their share of the profits.
2) Symbian is stable and has functionality made specifically for mobile phones. A new Linux platform does not offer this. There are no short terms benefits of switching.
3) Licensing Series 60 is a business for Nokia and something they have huge investments in. They can't switch unless it doesn't affect this.
4) The reason Symbian exists, is that Nokia doesn't wan't to spend resources to development of an OS.
The only way I see Nokia switching would be that Symbian would do it. And why would they?
Only in/. can a "buffer overflow bug in the GIF handling code" be spun this positively! I seem to remember different types of conversations with different companies.....
Have the problems with multiple versions and the windows uninstaller been fixed? When I updated 0.9 to 1.0 (no uninstalling), it created both 0.9 and 1.0 in the 'add/remove programs' list. But when I later removed the 0.9, it also removed 1.0 (and left the 1.0-item broken). Even though the profiles were fine, I'd say it'd be safer to uninstall first.
IMHO, no you can't. It would work if every company would "be honorable" and only apply for "the good patents", but that's probably not going to happen.. In todays environment you really must apply a patent for all the key aspects of your product so that you're not hurt by some Eolas-wannabee five years from now. And if your protective application is accepted, you might as well try to utilize it.
To make things worse, it's only the big players that can afford to play this game. You're ok as long you're small (or huge with a portfolio to cross license), but once you become a threat you get slammed.
It might as well be that MS will try to hurt OpenOffice with this (in FUD if nothing else), but I'm confident that the most important reason was to protect their number one product.
But that's kind of the point: you really can't blame the companies applying for these kind of patents if it's actually possible to get them. Whether we like it or not, it's the patent offices that in the end set the policy of what's patentable and what's not. It's the fault of the patent system in general that they try to compensate the lacking resources by accepting everything and letting the courts decide. This is the problem that should be fixed.
How is it the vulnerability of the service provider? User receives a MMS, with an application as an attachment and chooses to run it. AFAIK no vulnerabilities are involved. It's no different from email attachments, and your ISP filtering them. If you request that service, sure, otherwise it's probably illegal in most countries..
I think you're right that there are good uses for this (e.g. library and school networks), but the examples you chose are just plain wrong.
The one big weakness of these free/municipal/non-profit wifi's is the question responsibility and the level of service, which is paramount with emergency services and also with business critical applications. If it's free, it's hard to demand 24/7 availability or support. You can't really base the operations of the ambulance service on something that's not going to get fixed before monday. In fact, they usually prefer dedicated and very expensive commercial networks.
I quess quess it's a matter of an opinion what is considered a "break", but the required 2^69 is still pretty damn much. According to http://citeseer.ist.psu.edu/287428.html it's (complexity theory wise) somewhere in the neighbourhood of breaking 880-bit RSA! To give some more perspective, breaking of RSA-512 (about 1/1000th of breaking RSA-880) in 1999 took thousands of computers and several months of distributed computations. So it's quite safe to say that it's still not easy to find collisions in SHA-1.
Re:So what's the big deal for the rest of us?
on
SHA-1 Broken
·
· Score: 1
I'm sorry to say but it does matter. The idea of the birthday attack ( http://en.wikipedia.org/wiki/Birthday_attack) is that you have a legit message (m) and and fraud message (f) and you change both of them without changing the meaning until you find (m') and (f') such that SHA(m')=SHA(f'). For axample with XML-messages it's trivial to create all the needed same meening (m') and (f') by adding white spaces to pull this off.
However, it doesn't mean that every system using SHA-1 is vulnerable, but depends on the situation! And also, 2^69 is still "quite big" and not exactly real time AT THE MOMENT. But safe bet is that we'll be seeing transitions from SHA-1. And before anybody asks SHA-256,-384 and -512 are totally different algorithms that were designed under public scrutiny and probably not affected..
USB-tokens like the one's from RSASecurity are great for obtaining pretty high level of authentication (what you have & know), but they're not so simple in every day use..
In short it's not enough to just get the token and use it, but you need some kind management process in the background. How are the tokens deployed and configured for the user? How to get access if token is lost or broken (waiting for a new one to get access is usually not an option)? How is the token lifecycly managed (with a normal few year lifetime you have several expiring tokens each month even in a medium size company)? How to get older systems to work with tokens?
I'm not saying these particularly difficult questions (I'm using a RSA-token as we speak), but they need addressed and it might be too much for many companies. And in any case, tokens are not a solution for all situations.
At this point it's probably hard to require Windows without IE, because you need it to get started (everybody with installation CD's of some usable browser raise their hand).
What I'd like to see is forcing MS to give Dell and others the freedom to customize their factory installations without effecting the licensing fees... IANAL, but that's definately abusing a monopoly, but probably really hard deal with legally (nothing wrong in rewarding exclusive partners)??
I don't think MS should underestimated about learning from their mistakes, they've done it before (both of them). It's also something FOSS circles should be concerned about, because a more humble MS could reduce the amount of interest in the alternatives.
I believe that the arrogant and hostile attitude of MS has been the number one reason corporations and governments have been looking for alternatives, not for example the arquable quality and price of their products. If we for example look at the EU sanctions concerning Media player, I find it hard to believe that anybody was interested in MS hurting the "media player industry" or that there's something wrong with OS including a media player. More likely the EU just wanted to show that they have the political will to confront MS if they don't get the co-operation they want.
Slashdot Mirror
I know everybody here would love the idea of Nokia switching to linux, but let's not get carried away. What would Nokia benefit from that:
1) Since Nokia owns 48% of it, Symbian is "as open and free as necessary" from Nokia's point of view. They get to decide how the OS evolves and get their share of the profits.
2) Symbian is stable and has functionality made specifically for mobile phones. A new Linux platform does not offer this. There are no short terms benefits of switching.
3) Licensing Series 60 is a business for Nokia and something they have huge investments in. They can't switch unless it doesn't affect this.
4) The reason Symbian exists, is that Nokia doesn't wan't to spend resources to development of an OS.
The only way I see Nokia switching would be that Symbian would do it. And why would they?
Only in /. can a "buffer overflow bug in the GIF handling code" be spun this positively! I seem to remember different types of conversations with different companies.....
Have the problems with multiple versions and the windows uninstaller been fixed? When I updated 0.9 to 1.0 (no uninstalling), it created both 0.9 and 1.0 in the 'add/remove programs' list. But when I later removed the 0.9, it also removed 1.0 (and left the 1.0-item broken). Even though the profiles were fine, I'd say it'd be safer to uninstall first.
IMHO, no you can't. It would work if every company would "be honorable" and only apply for "the good patents", but that's probably not going to happen.. In todays environment you really must apply a patent for all the key aspects of your product so that you're not hurt by some Eolas-wannabee five years from now. And if your protective application is accepted, you might as well try to utilize it.
To make things worse, it's only the big players that can afford to play this game. You're ok as long you're small (or huge with a portfolio to cross license), but once you become a threat you get slammed.
It might as well be that MS will try to hurt OpenOffice with this (in FUD if nothing else), but I'm confident that the most important reason was to protect their number one product.
But that's kind of the point: you really can't blame the companies applying for these kind of patents if it's actually possible to get them. Whether we like it or not, it's the patent offices that in the end set the policy of what's patentable and what's not. It's the fault of the patent system in general that they try to compensate the lacking resources by accepting everything and letting the courts decide. This is the problem that should be fixed.
How is it the vulnerability of the service provider? User receives a MMS, with an application as an attachment and chooses to run it. AFAIK no vulnerabilities are involved. It's no different from email attachments, and your ISP filtering them. If you request that service, sure, otherwise it's probably illegal in most countries..
I think you're right that there are good uses for this (e.g. library and school networks), but the examples you chose are just plain wrong.
The one big weakness of these free/municipal/non-profit wifi's is the question responsibility and the level of service, which is paramount with emergency services and also with business critical applications. If it's free, it's hard to demand 24/7 availability or support. You can't really base the operations of the ambulance service on something that's not going to get fixed before monday. In fact, they usually prefer dedicated and very expensive commercial networks.
I quess quess it's a matter of an opinion what is considered a "break", but the required 2^69 is still pretty damn much. According to http://citeseer.ist.psu.edu/287428.html it's (complexity theory wise) somewhere in the neighbourhood of breaking 880-bit RSA! To give some more perspective, breaking of RSA-512 (about 1/1000th of breaking RSA-880) in 1999 took thousands of computers and several months of distributed computations. So it's quite safe to say that it's still not easy to find collisions in SHA-1.
I'm sorry to say but it does matter. The idea of the birthday attack ( http://en.wikipedia.org/wiki/Birthday_attack) is that you have a legit message (m) and and fraud message (f) and you change both of them without changing the meaning until you find (m') and (f') such that SHA(m')=SHA(f'). For axample with XML-messages it's trivial to create all the needed same meening (m') and (f') by adding white spaces to pull this off.
However, it doesn't mean that every system using SHA-1 is vulnerable, but depends on the situation! And also, 2^69 is still "quite big" and not exactly real time AT THE MOMENT. But safe bet is that we'll be seeing transitions from SHA-1. And before anybody asks SHA-256,-384 and -512 are totally different algorithms that were designed under public scrutiny and probably not affected..
USB-tokens like the one's from RSASecurity are great for obtaining pretty high level of authentication (what you have & know), but they're not so simple in every day use..
In short it's not enough to just get the token and use it, but you need some kind management process in the background. How are the tokens deployed and configured for the user? How to get access if token is lost or broken (waiting for a new one to get access is usually not an option)? How is the token lifecycly managed (with a normal few year lifetime you have several expiring tokens each month even in a medium size company)? How to get older systems to work with tokens?
I'm not saying these particularly difficult questions (I'm using a RSA-token as we speak), but they need addressed and it might be too much for many companies. And in any case, tokens are not a solution for all situations.
At this point it's probably hard to require Windows without IE, because you need it to get started (everybody with installation CD's of some usable browser raise their hand).
What I'd like to see is forcing MS to give Dell and others the freedom to customize their factory installations without effecting the licensing fees... IANAL, but that's definately abusing a monopoly, but probably really hard deal with legally (nothing wrong in rewarding exclusive partners)??
I don't think MS should underestimated about learning from their mistakes, they've done it before (both of them). It's also something FOSS circles should be concerned about, because a more humble MS could reduce the amount of interest in the alternatives.
I believe that the arrogant and hostile attitude of MS has been the number one reason corporations and governments have been looking for alternatives, not for example the arquable quality and price of their products. If we for example look at the EU sanctions concerning Media player, I find it hard to believe that anybody was interested in MS hurting the "media player industry" or that there's something wrong with OS including a media player. More likely the EU just wanted to show that they have the political will to confront MS if they don't get the co-operation they want.