It’s code is available to third-parties, so we can check for intentional flaws in the enhancements that the NSA has integrated into the Android OS. Still not sure how comfortable I’d be using an OS designed by the folks that do a considerable amount of US SIGINT and COMINT.
Category: Links
Jon Evans, over at TechCrunch:
More than two-thirds of iOS users had upgraded to iOS 5 a mere three months after its release. Anyone out there think that Ice Cream Sandwich will crack the 20% mark on Google’s platform pie chart by March? How about 10%? Anyone? Anyone? Bueller?
OS fragmentation is the single greatest problem Android faces, and it’s only going to get worse. Android’s massive success over the last year mean that there are now tens if not hundreds of millions of users whose handset manufacturers and carriers may or may not allow them to upgrade their OS someday; and the larger that number grows, the more loath app developers will become to turn their back on them. That unwillingness to use new features means Android apps will fall further and further behind their iOS equivalents, unless Google manages – via carrot stick, or both – to coerce Android carriers and manufacturers to prioritize OS upgrades.
Android fragmentation is a pain for developers and, perhaps even more worryingly, a danger for users who may not receive timely security updates. To be sure, Apple rules-the-roost when it comes to having better updated device, insofar as users tend to get their updates when they become available. Whether those updates contain needed security upgrades is another matter, of course, but Apple at least has the opportunity to improve security across their ecosystem.
Unfortunately, where Apple sees their customers as the people using the devices, Google (and RIM) both have mixed understandings of who are their customers. Google is trapped between handset manufacturers and carriers whereas RIM is largely paired with the carriers alone. Neither of these companies has a timely, direct, relationship with their end-users (save for RIM and their PlayBook, which has routine updates that bypass their mobile devices’ carrier-restrictions) and this ultimately ends up hurting those who own either companies’ mobile devices.
Categories
Comcast’s Catch-22 Position on SOPA
As noted by the folks over at Techdirt:
Just as NBC Universal and other SOPA supporters continue to insist that DNS redirect is completely compatible with DNSSEC… Comcast (and official SOPA/PIPA supporter) has rolled out DNSSEC, urged others to roll out DNSSEC and turned off its own DNS redirect system, stating clearly that DNS redirect is incompatible with DNSSEC, if you want to keep people secure. In the end, this certainly appears to suggest thatComcast is admitting that it cannot comply with SOPA/PIPA, even as the very same company is advocating for those laws.
Without presenting a single shred of evidence that Canadian police need any more power than they already have (arguable too much as it is, if Toronto’s disastrous G20 summit is any indication), you are being asked to believe that handing law enforcement agencies a blank cheque to snoop through your life is actually for your own good.
This is, of course, nonsense. Passing legislation whose only benefit is police convenience comes nowhere close to justifying the dismantling of Canadians’ privacy rights.
Surveillance technologies are a double-edged sword, one that often lack a hilt guard.
According to the report, a top German security official installed a trojan on his own daughter’s computer to monitor her Internet usage. What could possibly go wrong?
Nothing—well, at least until one of the daughter’s friends found the installed spyware. The friend then went after the dad’s personal computer as a payback and managed to get in, where he found a cache of security-related e-mails from work. The e-mails, in turn, provided the information necessary for hackers to infiltrate Germany’s federal police.
That was bad, but it got worse. The hackers got into the servers for the “Patras” program, which logs location data on suspected criminals through cell phone and car GPS systems. Concerned about security breaches, the government eventually had to take the entire set of Patras servers offline.
A critical read about the contemporary aims of intelligence and policing communities to expand their technical surveillance capabilities whilst reducing legal oversight of their activities. A snippet:
This post casts new light on government agency claims that we are “going dark.” Due to changing technology, there are indeed specific ways that law enforcement and national security agencies lose specific previous capabilities. These specific losses, however, are more than offset by massive gains. Public debates should recognize that we are truly in a golden age of surveillance. By understanding that, we can reject calls for bad encryption policy. More generally, we should critically assess a wide range of proposals, and build a more secure computing and communications infrastructure.
Go read the whole piece. It’ll take a few minutes, but it’ll be some of the best minutes you’ve spent today.
They tried and failed with UBB. Now they are at it again with “speed boost” technologies. The two technologies at question are Verizon’s “Turbo” service and Roger’s “SpeedBoost”. There are very few technical details, but it appears in the former case that users will be able to purchase additional instantaneous bandwidth to the detriment of other users on the same shared service. Whether this will make a difference to actual throughput is another matter because the slow video may be due to server problems and not network congestion. And if you are in elevator with very poor connectivity, you will unlikely get any faster download speed, no matter how many times you press the turbo button. But will Verizon give you a credit if you don’t get the advertised speed boost? I doubt it. Similarly the Rogers’ service, while still free, seems to imply faster speeds if they detect you are streaming a video, particularly from their own on-line service. Will users who are not streaming video, but using other real time applications get the same benefit such as VoIP or Telepresence? I doubt it.
I agree with his thrust that this kind of practice creates undue preference for certain kinds of content distribution over others. I would just note that (based on some people I’ve spoken to about Rogers’ practices) it seems like Rogers’ system temporarily ‘upgrades’ a person’s throughput capacity to try and get ‘bursty’ traffic to the end-user quickly, and to create a buffer for streaming media. Thus, if you subscribe to a 10 mbps service then you would temporarily go to a 15 mbps connection, and after those few seconds pass by you revert back to your 10 mbps speeds.
Pretty well required reading at the moment if you’re interested in the consequences of Google integrating their own social products into their search results. I’d really recommend reading the whole thing but, if not, at least take a glance at Danny Sullivan’s takeaway:
It’s not Google’s job to be sticking it to anyone with its search results. Those results are supposed to be showing what are the most relevant things for searchers out there. That’s how Google wins. That’s how Google sticks it to competitors, by not trying to play favorites in those results, nor by trying to punish people through them.
The Google+ suggestions are indeed search results, to me. Right now, they’re search results on who to follow on Google+. I think they could be better search results if they were who to follow on any social network, anywhere.
At CES, Singapore-based ST Electronics was showing off a new security device that can be installed in nearly any notebook computer to protect its data from prying eyes—Digisafe DiskCrypt, a hard-disk enclosure that turns any 1.8-inch micro-SATA device into removable and fully encrypted storage. The enclosure, which is the size of a 2.5″ drive, can be used as a drop-in replacement for existing drives.
…
Before boot, DiskCrypt requires a USB dongle to be plugged in to pass the key, and it can also be optionally configured to require the user to enter a password for two-factor authentication. The hardware can handle up to150MBps of data throughput, so once it has been activated it’s completely transparent. ST Electronics’ deputy director Jimmy Neo claimed the encryption module has no impact on read/write performance.
All this is pretty standard for a self-encrypted drive. The main advantage of DiskCrypt is that it can be put into nearly any existing notebook. If there’s a drive failure, a need to move from hard disk to SSD—or just swap out the drive—the enclosure can be quickly opened and the storage device popped out. Separated from the encryption enclosure, the drive is practically the same as destroyed.
It will be important to test this against a hostile attacker, or situate it in a hostile general environment. There is a depressing history of encrypted storage solutions along these lines failing when confronted by a serious attacker. While the crypto itself might be secure, a side-channel attack (the most common means of subverting encryption schemes) could compromise the drive.
Categories
Design > Functionality
This Porsche-version of the BlackBerry costs around $2000. It’s a rebranded/designed version of a BlackBerry 9900 and I really can’t understand the functional attraction of this ‘high end’ version of the $700 device. While it’s a striking visual presentation of the Blackberry, I just can’t get past the fact that the keys are layered in a manner that (by all accounts) offers a subpar typing experience compared to a ‘regular’ 9900. While the design is striking, industrial design also must aim for maximal functionality. In this respect that the Porsche-RIM combination seems to have failed in a visually striking manner.
Excited Pixels 