Is it the carrier doing an update, or the OS being upgraded?
Most upgrades are by carrier and "cosmetic". Watch the "jail breaks" and who does what in response. As for OS fixes, unless the carrier goes for a new version of OS on the device, its "cosmetic".
Android is Java based.
Think of all the "breakage" that you are constantly upgrading the JREs / JDKs on desktops to fix. And when they are upgraded, how many of your apps stop working? Do you remember what happened when Java went to 1.6, 1.7, 1.8 ? Do you know what happened to the apps written for the old standard?
Interpreter languages with no version support are a nightmare to debug / fix / support.
Samsung uses Enlightenment and Webkit. Apple uses Webkit for Safari. Google has abandoned Webkit and is developing something else. ( Can't remember the name. )
Webkit gets no security fixes pushed downstream. Why? most vendors are happy just getting one version of Webkit to compile and never go back to update.
Webkit-qt is dead. Webkit-gtk is getting more and more difficult to successfully compile.
Webkit-gtk, 8 CPU 5.0Ghz machine with 32Gigs of DDR3, takes two to three hours to compile. Think about it.
That idiot you are talking with is knowingly walking, eyes wide shut, into the ( FBI / Law Enforcement / Foreign Governments ) being able to use a "Frame-O-Matic" type system. The moron has no clue just how much the govt is bypassing ( law / courts / warrants ).
I don't know what his tech background is, but it isn't anything to do with software ( programming / development ).
When you hardcode any type of ID, password, or crypto key ( backdoor ) into a system .... you are dropping your pants, smearing lube on your ass, bending over, and begging for it ... don't be surprised when someone uses a power auger!
When one Govt gets a Master Key, all other Govts will demand one as well. Does he seriously expect ALL Govts to "play nice"?
Key Escrow ??? Get Real! The key will be in the wild in under 24hrs. from the time it is distributed to all the LEOs / Agencies / Foreign Governments. A world record for competitive thievery / hacking will be set. I have yet to hear a remotely workable suggestion for how to update EVERYTHING ... EVERY TIME THE KEY IS STOLEN! Requiring every company to have a backdoor into their products has the same problems.
Has he ever heard of something called "FOSS / Open Source" software? How will a mandatory backdoor work in those software projects? What about the software from outside the US?
Just how does he think all the "Internet of Things" devices will be made or kept secure??? They are NEVER updated, tested or validated. No patch, modify, or upgrade paths -- NONE.
He has never had to setup and secure a Wireless/WiFi LAN. Again, no updates, no patches, no fixes. ( i.e. routers ) The security of WiFi is a joke ... is he still mystified why the police are raiding his home, looking for child pornography, when its the pedophile, using his WiFi to download it remotely?
He doesn't have an Android phone, or he would know about update problems ( i.e. "when Hell freezes over!" )
He either loves Windows 10 or uses an Apple. Microsoft burned a bridge when they decided to FORCE people that PAID for Win 7,8,8.1 to use Win 10 on the forth coming Subscription Model. Does he even know what Windows Update is OR why lots of people don't trust it now?
Serious Question : How many times has he bought that bridge in Brooklyn, anyways?
Mike,
Some questions / concerns / thoughts I would like to express on the NSA / Police State mess. ( Yes, you can use this for a posting if you want :)
I am going to list them in no particular order.
I. Database Logging Disabled
It seems that the NSA has disabled ALL logging on its collective database. ( The current leaks are of old log reports. )
No logging of who is accessing.
No logging of what is accessed.
No logging of what is copied / modified / deleted.
Why?
No abuses logged / reported.
No policy violations logged / reported.
No evidence of illegal activity logged / reported.
Result =
Nothing for any "oversight" to act on.
Untraceable industrial / commercial espionage.
Blackmail activities, by the NSA and/or Contractors/Sub-contractors, undetectable. Espionage activities by other hostile nations intelligence services, accessing this NSA database, undetectable.
Easily constructed "Frames" for Criminal Activity harder to defend against, for the falsely accused.
Proof :
The NSA has no idea what is in Edward Snowden's document cache.
II. Low Security / Easy Access / No Access Controls
From the released documents, the phrase "Five Eyes" refers to five countries involved in this Database.
( US, UK, Canada, New Zealand, Australia ) All five countries have full access, apparently.
Do ??Allies?? really need the NSA to help them spy on US Citizens inside the United States? Why??
Upwards of 2.1 million people have "Top Secret" clearance. One news report stated that 60% of those cleared are "Contractors" ( i.e. 1,260,000 )
( Not addressing staffing realities in the other four countries, US ONLY. )
From the reports seen, background checks are not being done.
How many of the unchecked are "hostile foreign intelligence operatives", taking the easy route to FULL ACCESS??
Most of these are in "offsite facilities". How are they getting access remotely?
TelNet? NetBIOS? an XTerm? Using "Windoze remote assistance / remote desktop"?
( Yes, I did not mention OpenSSH. That might be considered competent. )
Or did they put this "distributed database" on the Web for access over the Internet?
Is there a remote database client, with easy access preconfigured, floating around? ( Hostile foreign intelligence services would just LOVE this! The proverbial "wet dream" come true. )
Question --
How do we know that hostile foreign intelligence operatives have not already established FULL REAL TIME access to this database?
Curious to see if anyone can give reasonable answers to these questions.
Anyone think about those wonderful DMCA takedown systems used by ( MPAA / RIAA ) to name a few?
Do they ever get anything wrong?
Never a false accusation, right?
Always target the right person, correct?
Never once have ID'd content wrong, have they?
So perfect that Error Correction was never implemented or needed.
The IRS CID group was directly notified of Prenda by a Federal Judge recommending investigation. And a ruling of fraud on the court. Not to mention the CID has a history of going after RICO violations / Mobsters.
If not one branch or group in any branch of Federal Law Enforcement will even make a token comment on "considering an investigation", Prenda bought immunity. They just didn't have the money to buy every judge in the state and federal systems. ( And, yes, there are some who refuse to sell out.)
Why do you think Prenda made the "President of the Bar Association" an unmentioned partner in Clair County, Illinois? Wouldn't have anything to do with an investigation by the "Illinois Bar Association" would it?
It would be interesting to see the reaction of those who have purchased "immunity to prosecution" from the politicians. Especially those who paid for immunity to the IRS. Will they now have to "pay up" twice?
And what about the "Congress Critters"? Having the IRS in a position to "take them to the cleaners" can't be comfortable for them.
There might be a backlash for the US Gov on this...
I made the mistake of registering two EA tittles before the Origin service started.
That registration was converted to an Origin Account without my permission. I have never logged on or into it.
Because of what EA has done with requirements for OnLine DRM, I no longer ( Play / Buy ) EA's newer tittles.
Will play the older ( OffLine / Single Player ) games on occasion.
Now I am getting e-mails from the Origin service demanding that I update the contact info! No thanks, they can keep their spam.
Kill the Servers?
If they want to kill the servers, they need to release a "standalone" version of the game, or a ( Public / LAN Party ) type server program to the community. Or make the "standalone" version able to function as a replacement for EA's servers.
And the frames for crimes not committed start at once.
It is the ultimate in censorship as well. Messages sent in your name that you did not write. Context of messages you write changed to suit the US Gov.. Messages to you ( edited / deleted ) by the US Gov.
Password to your OnLine Bank Account? Why do they need that? Making transfers in your name, in and out of your account?
Time for a run on the banks. Keep it all cash, not in an account.
( Personal Opinion ) There is a Megalomaniac in charge of "US National Security".
Are there any Internet Search Engines that are not Government run, or based ( in / on ) ( US Companies / Networks )?
I read a posting saying DuckDuckGo used Bing as its back end. It runs or is hosted on Verizon virt servers inside the US. The server crypt key is RSA and never changes. Easy access for the NSA. Easy for the NSA to decrypt all of your searches.
I once worked as a sysadmin. The joys of a Root type password in the wild. They are NOT thinking. There will be no way to change it once it becomes publicly known ... Complied in. No resets or changes at the endpoint possible. Update the software? Passwords and Protocols will be broken before they finish a nation wide update.
The people that came up with this idea ... think that rotary phones are a newfangled idea that will never catch on.
Techdirt has not posted any stories submitted by assemblerhead.
Re: Re: Re: Re: I couldn't even finish listening to this...
Have no idea what ?RIMM? / Blackberry support is. I was under the impression that they were not Android. ( Wrote their own OS )
Doesn't the Govt of India have a backdoor into the Blackberry? ( Seem to remember ?RIMM? having to hand over crypto keys. )
AOT? Going machine code ... hmmmm. Partial though, limited coverage. Similar to pre-linking it seems.
Be interesting to see if that gets around lack of versioning support. Bytecode always needs an interpreter environment.
Thanks for the Info.
Re: Re: I couldn't even finish listening to this...
Is it the carrier doing an update, or the OS being upgraded?
Most upgrades are by carrier and "cosmetic". Watch the "jail breaks" and who does what in response. As for OS fixes, unless the carrier goes for a new version of OS on the device, its "cosmetic".
Android is Java based.
Think of all the "breakage" that you are constantly upgrading the JREs / JDKs on desktops to fix. And when they are upgraded, how many of your apps stop working? Do you remember what happened when Java went to 1.6, 1.7, 1.8 ? Do you know what happened to the apps written for the old standard?
Interpreter languages with no version support are a nightmare to debug / fix / support.
Samsung uses Enlightenment and Webkit. Apple uses Webkit for Safari. Google has abandoned Webkit and is developing something else. ( Can't remember the name. )
Webkit gets no security fixes pushed downstream. Why? most vendors are happy just getting one version of Webkit to compile and never go back to update.
Webkit-qt is dead. Webkit-gtk is getting more and more difficult to successfully compile.
Webkit-gtk, 8 CPU 5.0Ghz machine with 32Gigs of DDR3, takes two to three hours to compile. Think about it.
I couldn't even finish listening to this...
Mike,
That idiot you are talking with is knowingly walking, eyes wide shut, into the ( FBI / Law Enforcement / Foreign Governments ) being able to use a "Frame-O-Matic" type system. The moron has no clue just how much the govt is bypassing ( law / courts / warrants ).
I don't know what his tech background is, but it isn't anything to do with software ( programming / development ).
When you hardcode any type of ID, password, or crypto key ( backdoor ) into a system .... you are dropping your pants, smearing lube on your ass, bending over, and begging for it ... don't be surprised when someone uses a power auger!
When one Govt gets a Master Key, all other Govts will demand one as well. Does he seriously expect ALL Govts to "play nice"?
Key Escrow ??? Get Real! The key will be in the wild in under 24hrs. from the time it is distributed to all the LEOs / Agencies / Foreign Governments. A world record for competitive thievery / hacking will be set. I have yet to hear a remotely workable suggestion for how to update EVERYTHING ... EVERY TIME THE KEY IS STOLEN!
Requiring every company to have a backdoor into their products has the same problems.
Has he ever heard of something called "FOSS / Open Source" software? How will a mandatory backdoor work in those software projects? What about the software from outside the US?
Just how does he think all the "Internet of Things" devices will be made or kept secure??? They are NEVER updated, tested or validated.
No patch, modify, or upgrade paths -- NONE.
He has never had to setup and secure a Wireless/WiFi LAN. Again, no updates, no patches, no fixes. ( i.e. routers ) The security of WiFi is a joke ... is he still mystified why the police are raiding his home, looking for child pornography, when its the pedophile, using his WiFi to download it remotely?
He doesn't have an Android phone, or he would know about update problems ( i.e. "when Hell freezes over!" )
He either loves Windows 10 or uses an Apple. Microsoft burned a bridge when they decided to FORCE people that PAID for Win 7,8,8.1 to use Win 10 on the forth coming Subscription Model. Does he even know what Windows Update is OR why lots of people don't trust it now?
Serious Question : How many times has he bought that bridge in Brooklyn, anyways?
Re: Mr. Lutz being MIA
He may need to be in "protective custody" at this point.
Duffy might need to be thinking about "life insurance" as well.
(untitled comment)
Using HTTPS in that context gives no security.
Have they thought about GNU TLS v1.2 / DTLS 1.2?
Both are LGPL v3+ Open Source projects. Heavily audited, and very portable.
Re:
This command would have caused a panic : ( As SuperUser)
rm -Rf /
All he would have had to do was shell script it ( Bash ) and propagate to all machines. The 'cron' service would serve as the trigger.
That would also solve their "too much data" problem ...
Police State
Some questions / concerns / thoughts I would like to express on the NSA / Police State mess. ( Yes, you can use this for a posting if you want :)
I am going to list them in no particular order.
I. Database Logging Disabled
It seems that the NSA has disabled ALL logging on its collective database. ( The current leaks are of old log reports. )
No logging of who is accessing.
No logging of what is accessed.
No logging of what is copied / modified / deleted.
Why?
No abuses logged / reported.
No policy violations logged / reported.
No evidence of illegal activity logged / reported.
Result =
Nothing for any "oversight" to act on.
Untraceable industrial / commercial espionage.
Blackmail activities, by the NSA and/or Contractors/Sub-contractors, undetectable.
Espionage activities by other hostile nations intelligence services, accessing this NSA database, undetectable.
Easily constructed "Frames" for Criminal Activity harder to defend against, for the falsely accused.
Proof :
The NSA has no idea what is in Edward Snowden's document cache.
II. Low Security / Easy Access / No Access Controls
From the released documents, the phrase "Five Eyes" refers to five countries involved in this Database.
( US, UK, Canada, New Zealand, Australia ) All five countries have full access, apparently.
Do ??Allies?? really need the NSA to help them spy on US Citizens inside the United States? Why??
Upwards of 2.1 million people have "Top Secret" clearance. One news report stated that 60% of those cleared are "Contractors" ( i.e. 1,260,000 )
( Not addressing staffing realities in the other four countries, US ONLY. )
From the reports seen, background checks are not being done.
How many of the unchecked are "hostile foreign intelligence operatives", taking the easy route to FULL ACCESS??
Most of these are in "offsite facilities". How are they getting access remotely?
TelNet? NetBIOS? an XTerm? Using "Windoze remote assistance / remote desktop"?
( Yes, I did not mention OpenSSH. That might be considered competent. )
Or did they put this "distributed database" on the Web for access over the Internet?
Is there a remote database client, with easy access preconfigured, floating around?
( Hostile foreign intelligence services would just LOVE this! The proverbial "wet dream" come true. )
Question --
How do we know that hostile foreign intelligence operatives have not already established FULL REAL TIME access to this database?
Curious to see if anyone can give reasonable answers to these questions.
Re: Re:
Another Open Source project along this line :
https://gnunet.org/
I suspect development may get more 'motivated'.
They can NOT stop lying.
There is no successful treatment for this kind of disorder.
This is sanctionable activity.
He should be sanctioned and removed from the "House Permanent Select Committee on Intelligence".
Fool me once, shame on you.
Fool me twice, shame on me.
Don't trust him.
No trust, at all.
Re: Re: Alternatively...
Keep the Faith, Brother.
What could go wrong?
Anyone think about those wonderful DMCA takedown systems used by ( MPAA / RIAA ) to name a few?
Do they ever get anything wrong?
Never a false accusation, right?
Always target the right person, correct?
Never once have ID'd content wrong, have they?
So perfect that Error Correction was never implemented or needed.
What could possibly go wrong?
Re: Re: Re: Re: Re:
The IRS CID group was directly notified of Prenda by a Federal Judge recommending investigation. And a ruling of fraud on the court. Not to mention the CID has a history of going after RICO violations / Mobsters.
If not one branch or group in any branch of Federal Law Enforcement will even make a token comment on "considering an investigation", Prenda bought immunity. They just didn't have the money to buy every judge in the state and federal systems. ( And, yes, there are some who refuse to sell out.)
Why do you think Prenda made the "President of the Bar Association" an unmentioned partner in Clair County, Illinois? Wouldn't have anything to do with an investigation by the "Illinois Bar Association" would it?
(untitled comment)
It would be interesting to see the reaction of those who have purchased "immunity to prosecution" from the politicians. Especially those who paid for immunity to the IRS. Will they now have to "pay up" twice?
And what about the "Congress Critters"? Having the IRS in a position to "take them to the cleaners" can't be comfortable for them.
There might be a backlash for the US Gov on this...
Never Used the Origin Service!
That registration was converted to an Origin Account without my permission. I have never logged on or into it.
Because of what EA has done with requirements for OnLine DRM, I no longer ( Play / Buy ) EA's newer tittles.
Will play the older ( OffLine / Single Player ) games on occasion.
Now I am getting e-mails from the Origin service demanding that I update the contact info! No thanks, they can keep their spam.
Kill the Servers?
If they want to kill the servers, they need to release a "standalone" version of the game, or a ( Public / LAN Party ) type server program to the community. Or make the "standalone" version able to function as a replacement for EA's servers.
Re:
Everyone in that organization ( NSA ) is suffering from some form of a pathological disorder. And they are hiding this with the excessive secrecy.
Dementia, Paranoia, Compulsive Lying, just for starts.
( How else could they see 'Traitors' everywhere? )
We really need to get them away from the Nukes!
Bad Idea!!!
It is the ultimate in censorship as well. Messages sent in your name that you did not write. Context of messages you write changed to suit the US Gov.. Messages to you ( edited / deleted ) by the US Gov.
Password to your OnLine Bank Account? Why do they need that? Making transfers in your name, in and out of your account?
Time for a run on the banks. Keep it all cash, not in an account.
( Personal Opinion )
There is a Megalomaniac in charge of "US National Security".
(untitled comment)
I read a posting saying DuckDuckGo used Bing as its back end. It runs or is hosted on Verizon virt servers inside the US. The server crypt key is RSA and never changes. Easy access for the NSA. Easy for the NSA to decrypt all of your searches.
Blackmail?
Look at the IRS / Tea Party mess. One political party going after the other. Using the Federal Gov as a front man.
The only thing Congress is fighting over is 'Targeting Control & Who is Pulling the Trigger.'
J. Edgar Hoover / McCarthy Commission type governmental / bureau controls of politicians and public recreated?
Congress is running straight into this with their eyes wide shut.
Any data in those hands is Dangerous.
Re:
The people that came up with this idea ... think that rotary phones are a newfangled idea that will never catch on.
Techdirt has not posted any stories submitted by assemblerhead.
Submit a story now.
Tools & Services
TwitterFacebook
RSS
Podcast
Research & Reports
Company
About UsAdvertising Policies
Privacy
Contact
Help & FeedbackMedia Kit
Sponsor/Advertise
Submit a Story
More
Copia InstituteInsider Shop
Support Techdirt