The bigger problem was the loss of knowledgeable staff. They should have expanded in to cameras not phones, they would have had more of a chance there. Now all the staff that knew what they were doing are gone though and instead of "You've got questions, we've got answers." It's "You've got questions and our stares are even more blank than the idiots at Best Buy."
Your best bet would be to black out the cab and have the only lights me lacking the red, green and blue wavelengths used by the majority of cameras and then using custom filters and image processing on the cameras inside, however that means that no external light can get in without also being filtered to exclude the red green and blue spectrum used by a normal camera. This will most likely end up resulting in a weird and possibly uncomfortable color cast to the light and still won't be 100% effective.
Rolling down any windows would defeat this though, as would opening a door.
I would have to say I'm firmly the opposite of this. My experience with TimeWarner for Internet access has been phenomenal. Decent speeds, no stupid caps and reasonable enough value. My friends with Comcast on the other hand are faced with bandwidth caps, stupidly overpriced prices and horrible support. As a very satisfied user of TimeWarner's Ultimate internet service, I'm quite honestly terrified of the implications of this take over. I would give TimeWarner cable a 7 or 8 when it comes to Internet access in my area, but I'd give Comcast a -3 based on what I've heard from numerous friends.
(Now when it comes to TV and Phone service, they don't hold up as well, but I don't use them for either of those.)
Ironically, Verizon buying Time-Warner would be a good thing because FiOS and Time Warner combined would actually have a small prayer of giving Comcast a badly needed run for their money, instead I get to watch Internet options in my neighborhood vanish.
In fairness, I didn't want to vote for Bush, but Kerry wasn't a serious candidate. I would have taken just about anyone over Bush, but Kerry wasn't it.
That's a fair point, but I think you underestimate how accessible it is to get the IMEI wiped. Average Joe Clepto may not be able to do anything with it himself, but he can sell it on the black market to someone who can. All you need is a criminal clearing house of sorts that can handle that kind of thing and it becomes an ineffective measure. It's a slight deterrent as the initial thief can't make as much, but not as effective as being able to actually disable the device entirely.
Yeah, that was part of what I was saying. The physical key should be able to be used to lock and unlock it. The consumer needs to have some critical part of the process so that only they can cause it to be disabled and re-enabled. I would suggest that the manufacturer should also have a key piece though too, that way simply losing the key doesn't mean you can get locked out of your own phone.
You don't need PKI around this though. You just need key pairs, not key storage, so PKI isn't a problem. You have a few private keys for the manufacturer to be able to verify they are signing off, this is easier than existing SSL concerns. Then you have the public key embedded in each device for which the consumer has the private key on the separate dongle. This isn't inherently all that different from the way electronic car keys work when they are actually using a secure exchange.
You don't need a trust delegation system since the devices are assigned the keys to trust at creation and you don't have a large number of keys to secure since the public key information doesn't have to be secure for each phone and only has to be accessible to customer service at the manufacturer.
You bring up a valid point about revocation concerns for the manufacturer's portion of the validation, but the worst case scenario of a compromise is that attackers could lock phones once and then the phones would be unlocked and the lock disabled to avoid future problems. If the manufacturer themselves is compromised, they the revocation list could be faked too anyway since it would effectively be a compromised CA.
I would suggest that to have the phone locked down, the customer would have to supply the private key associated with their device or answer some local challenge. The USB key that came with their device would provide the public key and device ID information needed.
Cost shouldn't be substantially more than the cost of the USB dongles and TPM hardware. It would still be an additional cost, but probably not much more than a few dollars per device. Note that I'm not even saying I agree with it being a legal requirement either, I'm just pointing out that it is not as complicated or risky as it might initially seem.
Yes, but until they can no longer get content to sell to their customer base at ridiculous margins, it will still be more profitable to keep whatever % of the market they have on their platform than to risk losing some to their own Android platform. By the time it breaks down significantly enough, the market share won't be big enough to matter particularly much as they will have lost relevance.
Not that they couldn't surprise me and do that now that Jobs isn't behind the wheel any more and so there isn't a trend to look at for them, but until a lot of factors change, it isn't in their best interest to make an Android device (which demonstrates yet again why Woz is not a business guy.) It still amazes me he managed to stay around Apple as long as he did given how juxtaposed Jobs desire to control was to Woz's desire to make technology work.
We also don't know that the NSA doesn't have sharks with lasers on their heads that can make your phone explode in your hand while you are using it. How is this relevant to the topic being discussed? The possible presence of some (probably minor) cryptographic weakness in asymmetric cryptographic systems doesn't have any impact on the ability of it to secure a device from theft when the useable lifespan of the device is only a few years anyway. And if a break for asymmetric crypto did make it in to the wild, it would be used to compromise banking transactions rather than to unlock stolen smartphones.
This is why I said it should be able to be turned off by the consumer (with a verified identity) and should require verification by the consumer to unlock as well. A good two factor system would be to have a code that needs to be supplied by the manufacturer to prove their signoff as well as a USB key that would come with the phone that must be plugged in to it for the unlock or disable of unlock to proceed.
This would allow you to prevent the feature from being used on you (as long as the company is willing, which if they weren't, they could simply put a kill switch in you couldn't disable and not mention it) and also puts you in direct control of the ability to re-activate your device after triggering it .
If you look at my example above, I would suggest that the private key of the device be on the USB stick and the company be required to sign it plus a challenge in order to get it loaded on to the device.
You are correct that cryptography is not a cure-all to all problems, however, your post goes irrevocably wrong immediately after that. HSM and TPM chips are quite secure and well established. The example problems you suggest are in no way relevant to the conversation at hand since they deal with an entirely different use case of security. As dmbasso was kind enough to point out, I am referring to the use of asymmetric cryptography to allow secure validation of a private key being held remotely. Such cryptography is used all the time (any time you use an HTTPS page) to prove the exact same thing.
The device merely has to hold the a public key for which the legitimate owner (or the vendor) has the private key. If the device is stolen and locked, it is trivial for an HSM to prevent unlock without the private key. It may be possible to circumvent the kill switch by yanking the HSM, but such an operation would likely exceed the black market cost of the majority of phones as it involves painstaking processes such as removing the silicon one layer at a time with a very carefully applied acid bath, and even then, the write once public key address space would be just as secure as any write once kill switch flag that could be implemented.
To prevent re-activation of the kill switch itself (rather than the recovery mechanism) the switch could be tied in hardware to a similar challenge response against a private key held in the device's HSM. To "kill" the device, this private key would be wiped, preventing the device from starting. To re-initialize it, the private device key would be restored by looking for a key signed by the owner's private key.
This is a simple to implement and highly secure system that would be cost prohibitive to work around and also could use available, near off the shelf components to implement.
The point is that participating with an open source project doesn't make it so things that aren't part of that contribution are covered by the license. You can't modify the code without giving out a patent license for your contributions, but just because someone else decides to contribute something that violates your patent and you happen to make unrelated contributions doesn't mean that you authorized someone else's abuse.
I have less of a problem if they make it a kill switch that can be cryptographically turned off by the manufacturer after verifying the purchaser or even with some kind of a special key that you get with the purchase and keep at home. It should also be something that can be turned off by the end user.
If you can ensure that it can be reverted securely when triggered and can be prevented from triggering by the legit user (possibly using the same mechanism as unlocking a locked device) then I don't see a problem with it, but without those two caveats, there are so, so many thing that could go wrong.
I'm sure that an Android phone made by Apple would be a radical success in the market, but it is unlikely to be successful enough to make up for the vertical integration control that Apple has over iOS. The point of the iPhone and iPad has nothing to do with selling iPhones or iPads. The point of selling them is to get an Apple controlled system in the hands of users which they can then leverage to get money for everything someone does with their device.
They get a major cut of music, books, videos, apps, etc that you get through your phone or tablet, even for ad revenue from free apps. This and access to the information the devices provide is what makes them as successful as they are. This is why Microsoft released Windows 8 on the world (to try and copy the vertical integration through Metro.) And this is why Apple can not afford to release an Android phone, because it would actually harm their bottom line more than the sales would help.
If this were true, then the source for TouchWiz would also have to be released. You are allowed to make proprietary hardware and software without making it part of Android. If they don't alter the OS to include their patents, then it wouldn't release their patents. The point and definition of that clause is so that you can't patent encumber an open source project by contributing code that uses something you have a patent to without promising you won't go after anyone for using your contribution.
I'll say my 2 cents is that the new layout has potential. I can understand the desire to move to a more modern looking layout. On the one hand I hate throwing out a good layout for no functional reason, but I also understand the fact that it is kind of a reality of the Internet that you have to look "current" if you want to attract many modern day Internet users. (Sad, but true.)
The main thing I noticed right away was the feature parity issues, particularly the lack of ability to expand and collapse summaries to/from titles. That had a major impact on my ability to use the layout and I switched back to classic shortly after. I liked the overall look well enough, but it seemed to take up a lot more space than the current one, so working on a way to increase information density, if even on a specialized page or something that can be set as an option, would be a great help. It also felt a bit like a move to a blog instead of the much more news site feel the current layout has. (I felt like I was looking at a basic Word Press template with a couple of unique features bolted on.)
The other thing I would encourage is consistent posts like this one when you get different features working. Let us know what you changed, why, how you envision it being useful to us and us a chance to check it out. I come here to view news quickly, so I'm not going to use the Beta while it isn't the fastest way to consume the news, but I don't mind stopping by when there is new stuff that needs looking at by many eyes to see how it is working. Keep the communication open about what you are changing, why you are changing it and how it should be of benefit to people and I think you will see approval of changes increase a lot, particularly if you are responsive to concerns.
I believe you misunderstood me. I'm not speaking in favor of the content creators. I'm stating that if you steal the content, it legitimately says you want their content badly. They are right to think that. Keep in mind that content was pirated before the start of obtrusive DRM. The way to stop DRM is to stop partaking of any content that is DRM protected in any way. This would show that it isn't that the DRM isn't working well enough, but rather than people actually object to the way they handle the content.
Civil rights protestors didn't go in to a restaurant and steal the food, they simply sat in and expected to be served. There is a difference between protesting that which you don't approve of and taking that which isn't yours because you simply don't like the conditions the owner of the content put on it.
In this case they are right though, people do want their content, just not their restrictions on the content. I do agree with you that piracy isn't the answer, but sadly, the majority of the world, including the self righteous pirate, actually do want the content more than the freedom.
Slashdot Mirror
Anyone else notice this sounds suspiciously like the start of the plot of Command Authority happening in real life?
The bigger problem was the loss of knowledgeable staff. They should have expanded in to cameras not phones, they would have had more of a chance there. Now all the staff that knew what they were doing are gone though and instead of "You've got questions, we've got answers." It's "You've got questions and our stares are even more blank than the idiots at Best Buy."
Your best bet would be to black out the cab and have the only lights me lacking the red, green and blue wavelengths used by the majority of cameras and then using custom filters and image processing on the cameras inside, however that means that no external light can get in without also being filtered to exclude the red green and blue spectrum used by a normal camera. This will most likely end up resulting in a weird and possibly uncomfortable color cast to the light and still won't be 100% effective.
Rolling down any windows would defeat this though, as would opening a door.
Or the 2012 presidential election?
Shh!!! Let me have my moment.
While my parents moved to NC to avoid the winters, they are getting hit hard and in upstate NY we are barely getting a dusting.
I would have to say I'm firmly the opposite of this. My experience with TimeWarner for Internet access has been phenomenal. Decent speeds, no stupid caps and reasonable enough value. My friends with Comcast on the other hand are faced with bandwidth caps, stupidly overpriced prices and horrible support. As a very satisfied user of TimeWarner's Ultimate internet service, I'm quite honestly terrified of the implications of this take over. I would give TimeWarner cable a 7 or 8 when it comes to Internet access in my area, but I'd give Comcast a -3 based on what I've heard from numerous friends.
(Now when it comes to TV and Phone service, they don't hold up as well, but I don't use them for either of those.)
Ironically, Verizon buying Time-Warner would be a good thing because FiOS and Time Warner combined would actually have a small prayer of giving Comcast a badly needed run for their money, instead I get to watch Internet options in my neighborhood vanish.
All I can say is SHIT!!! Need FiOS available to my area NOW!!!
Note that after Bush's second term I gave up completely and vote third party now.
In fairness, I didn't want to vote for Bush, but Kerry wasn't a serious candidate. I would have taken just about anyone over Bush, but Kerry wasn't it.
That's a fair point, but I think you underestimate how accessible it is to get the IMEI wiped. Average Joe Clepto may not be able to do anything with it himself, but he can sell it on the black market to someone who can. All you need is a criminal clearing house of sorts that can handle that kind of thing and it becomes an ineffective measure. It's a slight deterrent as the initial thief can't make as much, but not as effective as being able to actually disable the device entirely.
Yeah, that was part of what I was saying. The physical key should be able to be used to lock and unlock it. The consumer needs to have some critical part of the process so that only they can cause it to be disabled and re-enabled. I would suggest that the manufacturer should also have a key piece though too, that way simply losing the key doesn't mean you can get locked out of your own phone.
You don't need PKI around this though. You just need key pairs, not key storage, so PKI isn't a problem. You have a few private keys for the manufacturer to be able to verify they are signing off, this is easier than existing SSL concerns. Then you have the public key embedded in each device for which the consumer has the private key on the separate dongle. This isn't inherently all that different from the way electronic car keys work when they are actually using a secure exchange.
You don't need a trust delegation system since the devices are assigned the keys to trust at creation and you don't have a large number of keys to secure since the public key information doesn't have to be secure for each phone and only has to be accessible to customer service at the manufacturer.
You bring up a valid point about revocation concerns for the manufacturer's portion of the validation, but the worst case scenario of a compromise is that attackers could lock phones once and then the phones would be unlocked and the lock disabled to avoid future problems. If the manufacturer themselves is compromised, they the revocation list could be faked too anyway since it would effectively be a compromised CA.
I would suggest that to have the phone locked down, the customer would have to supply the private key associated with their device or answer some local challenge. The USB key that came with their device would provide the public key and device ID information needed.
Cost shouldn't be substantially more than the cost of the USB dongles and TPM hardware. It would still be an additional cost, but probably not much more than a few dollars per device. Note that I'm not even saying I agree with it being a legal requirement either, I'm just pointing out that it is not as complicated or risky as it might initially seem.
Yes, but until they can no longer get content to sell to their customer base at ridiculous margins, it will still be more profitable to keep whatever % of the market they have on their platform than to risk losing some to their own Android platform. By the time it breaks down significantly enough, the market share won't be big enough to matter particularly much as they will have lost relevance.
Not that they couldn't surprise me and do that now that Jobs isn't behind the wheel any more and so there isn't a trend to look at for them, but until a lot of factors change, it isn't in their best interest to make an Android device (which demonstrates yet again why Woz is not a business guy.) It still amazes me he managed to stay around Apple as long as he did given how juxtaposed Jobs desire to control was to Woz's desire to make technology work.
We also don't know that the NSA doesn't have sharks with lasers on their heads that can make your phone explode in your hand while you are using it. How is this relevant to the topic being discussed? The possible presence of some (probably minor) cryptographic weakness in asymmetric cryptographic systems doesn't have any impact on the ability of it to secure a device from theft when the useable lifespan of the device is only a few years anyway. And if a break for asymmetric crypto did make it in to the wild, it would be used to compromise banking transactions rather than to unlock stolen smartphones.
This is why I said it should be able to be turned off by the consumer (with a verified identity) and should require verification by the consumer to unlock as well. A good two factor system would be to have a code that needs to be supplied by the manufacturer to prove their signoff as well as a USB key that would come with the phone that must be plugged in to it for the unlock or disable of unlock to proceed.
This would allow you to prevent the feature from being used on you (as long as the company is willing, which if they weren't, they could simply put a kill switch in you couldn't disable and not mention it) and also puts you in direct control of the ability to re-activate your device after triggering it .
If you look at my example above, I would suggest that the private key of the device be on the USB stick and the company be required to sign it plus a challenge in order to get it loaded on to the device.
You are correct that cryptography is not a cure-all to all problems, however, your post goes irrevocably wrong immediately after that. HSM and TPM chips are quite secure and well established. The example problems you suggest are in no way relevant to the conversation at hand since they deal with an entirely different use case of security. As dmbasso was kind enough to point out, I am referring to the use of asymmetric cryptography to allow secure validation of a private key being held remotely. Such cryptography is used all the time (any time you use an HTTPS page) to prove the exact same thing.
The device merely has to hold the a public key for which the legitimate owner (or the vendor) has the private key. If the device is stolen and locked, it is trivial for an HSM to prevent unlock without the private key. It may be possible to circumvent the kill switch by yanking the HSM, but such an operation would likely exceed the black market cost of the majority of phones as it involves painstaking processes such as removing the silicon one layer at a time with a very carefully applied acid bath, and even then, the write once public key address space would be just as secure as any write once kill switch flag that could be implemented.
To prevent re-activation of the kill switch itself (rather than the recovery mechanism) the switch could be tied in hardware to a similar challenge response against a private key held in the device's HSM. To "kill" the device, this private key would be wiped, preventing the device from starting. To re-initialize it, the private device key would be restored by looking for a key signed by the owner's private key.
This is a simple to implement and highly secure system that would be cost prohibitive to work around and also could use available, near off the shelf components to implement.
The point is that participating with an open source project doesn't make it so things that aren't part of that contribution are covered by the license. You can't modify the code without giving out a patent license for your contributions, but just because someone else decides to contribute something that violates your patent and you happen to make unrelated contributions doesn't mean that you authorized someone else's abuse.
I have less of a problem if they make it a kill switch that can be cryptographically turned off by the manufacturer after verifying the purchaser or even with some kind of a special key that you get with the purchase and keep at home. It should also be something that can be turned off by the end user.
If you can ensure that it can be reverted securely when triggered and can be prevented from triggering by the legit user (possibly using the same mechanism as unlocking a locked device) then I don't see a problem with it, but without those two caveats, there are so, so many thing that could go wrong.
I'm sure that an Android phone made by Apple would be a radical success in the market, but it is unlikely to be successful enough to make up for the vertical integration control that Apple has over iOS. The point of the iPhone and iPad has nothing to do with selling iPhones or iPads. The point of selling them is to get an Apple controlled system in the hands of users which they can then leverage to get money for everything someone does with their device.
They get a major cut of music, books, videos, apps, etc that you get through your phone or tablet, even for ad revenue from free apps. This and access to the information the devices provide is what makes them as successful as they are. This is why Microsoft released Windows 8 on the world (to try and copy the vertical integration through Metro.) And this is why Apple can not afford to release an Android phone, because it would actually harm their bottom line more than the sales would help.
If this were true, then the source for TouchWiz would also have to be released. You are allowed to make proprietary hardware and software without making it part of Android. If they don't alter the OS to include their patents, then it wouldn't release their patents. The point and definition of that clause is so that you can't patent encumber an open source project by contributing code that uses something you have a patent to without promising you won't go after anyone for using your contribution.
I'll say my 2 cents is that the new layout has potential. I can understand the desire to move to a more modern looking layout. On the one hand I hate throwing out a good layout for no functional reason, but I also understand the fact that it is kind of a reality of the Internet that you have to look "current" if you want to attract many modern day Internet users. (Sad, but true.)
The main thing I noticed right away was the feature parity issues, particularly the lack of ability to expand and collapse summaries to/from titles. That had a major impact on my ability to use the layout and I switched back to classic shortly after. I liked the overall look well enough, but it seemed to take up a lot more space than the current one, so working on a way to increase information density, if even on a specialized page or something that can be set as an option, would be a great help. It also felt a bit like a move to a blog instead of the much more news site feel the current layout has. (I felt like I was looking at a basic Word Press template with a couple of unique features bolted on.)
The other thing I would encourage is consistent posts like this one when you get different features working. Let us know what you changed, why, how you envision it being useful to us and us a chance to check it out. I come here to view news quickly, so I'm not going to use the Beta while it isn't the fastest way to consume the news, but I don't mind stopping by when there is new stuff that needs looking at by many eyes to see how it is working. Keep the communication open about what you are changing, why you are changing it and how it should be of benefit to people and I think you will see approval of changes increase a lot, particularly if you are responsive to concerns.
I believe you misunderstood me. I'm not speaking in favor of the content creators. I'm stating that if you steal the content, it legitimately says you want their content badly. They are right to think that. Keep in mind that content was pirated before the start of obtrusive DRM. The way to stop DRM is to stop partaking of any content that is DRM protected in any way. This would show that it isn't that the DRM isn't working well enough, but rather than people actually object to the way they handle the content.
Civil rights protestors didn't go in to a restaurant and steal the food, they simply sat in and expected to be served. There is a difference between protesting that which you don't approve of and taking that which isn't yours because you simply don't like the conditions the owner of the content put on it.
In this case they are right though, people do want their content, just not their restrictions on the content. I do agree with you that piracy isn't the answer, but sadly, the majority of the world, including the self righteous pirate, actually do want the content more than the freedom.