Thursday, 23 June 2011

Stirring

In a televised interview, Clinton once referred to Richard Clarke as "the best guy in the country".  This was in the context of his work as an anti-terror strategist.  In his career he repelled vigorous attacks upon his credibility and is generally now generally considered to be a generally clued in guy, in general.

Since leaving the Bush administration in 2003 he has continued to prognosticate and expound, Cyber War the latest bee in his bonnet.  With an involuntary twitch or hunching of shoulders intended to serve as a diacritic of unease I direct your attention to an Op Ed in the WSJ of the 15th of this month, in which he asserts that agents of the Chinese government have made swiss cheese of United States utilities and business computing infrastructure in a broad and heinous manner, and that the current US Administration "is failing in its responsibility to protect the rest of America from Chinese cyberattack".

I express unease not only because of the impressive catalogue of breaches specified, but also because the language at times veers into the purple-rayed chest-pounding patriotic hyperbole for which the American media has for some time been renowned.  Worth mentioning also is that Clarke now chairs "a strategic planning and corporate risk management firm", for whom no doubt fear is good business.

Impenetrably murky.  Likely probably maybe certainly someone is making a nest in critical American infrastructure computing in a way that does not make sense if they are not government-backed, but that means nothing.  You should probably read the Op Ed anyways.

Wednesday, 18 May 2011

The Good Stuff

A functional self contained directly controlled bionic hand.  Is it wrong to want one?  For now the basic model of human hand is superior, but that seems liable to change.  When it does I will be tempted.

Friday, 22 April 2011

It Is Like Finding Out That Santa and The Easter Bunny Were Both Actually Actually Pablo Escobar In Disguise, And That He Has Personally and Repeatedly Peed In Your Chicken Soup, And That He Told All Your Friends About It, And Also Said That He Would Do It Again

Or, in other words, Apple and Google are both Satan.  If this were a tennis match, the dude on the highchair would now shout "NEW BALLS PLEASE!", but we don't have the luxury.

There are people out there saying this sort of thing:
Eww! Suave high-tech megacorporations are stealing all my personal data; freedom slips one drop at a time through our fingers as we tumble softly into a dystopian nightmare, waa, waa!
And to them I say "Cool it, junior! Why don't you leave all the hard thinking to grownups?"  Either way, we get it.  Google and Apple are both evil.  Boooooring.  Can we have some new news now please?

Friday, 15 April 2011

Seest Thou Yon Dreary Plain

Despite not wanting this to become a wholly Android-related blog, there have been yet more stirrings in this arena worthy of wild unjustified extrapolation.  The base set of data with which one may cavort seems less than sensational - a piece in the Wall Street Journal reports of a Grand Jury investigation of smart phone apps under suspicion of having "illegally obtained or transmitted information about their users without proper disclosures".  Which is bad, but hardly shocking, since theft of personal data by shady web services, while being much reviled, is a well known business model.  What makes it peculiar in this instance is the presence of popular 'net radio provider Pandora amongst the companies under scrutiny; weirdness compounded yet more by the level of skulduggery on Pandora's part described in the WSJ article:
In Pandora’s case, both the Android and iPhone versions of its app transmitted information about a user’s age, gender, and location, as well as unique identifiers for the phone, to various advertising networks. Pandora gathers the age and gender information when a user registers for the service.
This accusation was supported by preliminary investigation carried out by Veracode.  Notice that this applies to both Android and iPhone (although I believe it was not possible for Veracode to confirm the latter given Apple's closed code).  More specifically, and in addition to age and gender, Pandora also sends "android_id, connection status, network information, device brand, model, release revision, and current IP address" to advertisers.  Initial reporting that GPS data ("GPS location, bearing, altitude") was included has proven to be false (because although the app tries to send this data, it does not have access to it), but what is sent would seem to more than cover the famous 33 bits needed to identify a single human amongst 7 billion.

It is not certain that Pandora was actively complicit in this theft, since the code in question comes from "advertisement libraries compiled into the application: AdMarvel, AdMob, comScore (SecureStudies), Google.Ads, and Medialets".  Of those listed, Medialets seems to be the greediest, but all apart from Google are taking more than they should be.  So either Pandora knew and was complicit, or did not know and was negligent. 

Now for the extrapolation.  Simply, if the app of a well trusted brand like Pandora has done this, then a great many other apps are likely to be doing the same.  This conclusion makes various baseless assumptions about how the sample was chosen by the DoJ, but any situation where the best-case scenario involves a trusted service provider ripping off millions of people, it perhaps pays to be pessimistic.

Friday, 25 March 2011

Android devices blast open gateway to Hell, disgorge demon hordes.

Android apps are not safe.  And not just for those of the ilk who think ".exe" is an appropriate extension for funny cat pics - Android apps are potentially unsafe for normal people too...  The problem is that capable ne'er-do-wells are taking legitimate apps, re-engineering them with private-detail-siphoning malware, and then re-releasing them into the Android Marketplace; a process that leaves their trojan apps almost indistinguishable from the originals.  Unless you happen to know that "Screaming Sexy Japanese Girls" or "Hilton Sex Sound" were not originally published by "Myournet", there is no way to tell at face value that these are not perfectly reputable.  Less seedy apps such "Photo Editor" and "Scientific Calculator" were also compromised.

The ars technica piece focuses on the differences this highlights between the Marketplace and the Apple App Store (the photo header lady began her digital life fondling a stack of apples, how droll), and I am sure these are the terms under which people are going to think about this issue.  Will people care more that there iPhone can't use Flash, or that there are seemingly legitimate Android apps out there that can "yank IMEI and IMSI [...] product ID, model, partner (provider?), language, country, and userID [and can also] download more code"?

That is an unfairly loaded question - the larger issue is to do with the user freedom that Android offers versus the increased level of user security that Apple guarantees.  In the same way that security requires restriction, freedom requires responsibility, right?  In that case, to whom does the responsibility belong?  Google stripped all hacked apps out of the Marketplace within five minutes of the issue being reported, so fair play to them, but prior to this over 50000 users had downloaded unsafe code.  There is a limit to how proactive they can be in policing such an open system, and reactive measures are always going to come too late for thousands of users.

It seems like the inevitable conclusion will be for this issue to further polarize Apple/Android device usership along lines of "tech savviness", but even for those unlikely to accidentally gouge out both eyes trying to turn on a pocket calculator, it may be worth reflecting upon the words of legendary pimp John Philpot Curran.

Thursday, 24 March 2011

If any man have an ear, let him hear.

We all know that the Internet emanates in thick syrupy waves from Al Gore's semi-apocalyptic pleasure palace on the outskirts of Nashville, Tennessee.  Is it because of this that the world tends to follow the USA's lead in matters of electronic communication legislation?  Some credit may also go to their tendency to kidnap, drug and brainwash foreign heads of state in the sweet way that they do.  In either case, the now-usual European response to seemingly perverse judiciary decisions regarding the future of Old Man Internet may be inappropriate.  Perhaps we should put down the buttery popcorn and soda pop and pay closer attention, since this may also be our future they are fitfully deciding.

From amongst increasingly bizarre news snippets (have fun trying to distinguish fact from fiction) there occasionally spring a few bright rays of hope.  After the epic de-pantsing of HBGary by hippy-anarcho-terrorist cyber-demagogues Anonymous, it is clear that someone out there in Washington has been listening.  Unfortunately the domain of the proposed federal investigation is such as it is because someone out there in Washington had been hiring HBGary in the first place, dirty deeds doubtless not done dirt cheap.  But it has all worked out good in the end, right?

American telco giant AT&T were also under scrutiny this month, immunity from Freedom of Information Act requests denied by the supreme court.  Once again the shine is taken off somewhat, this time by this week's revelation that AT&T were also complicit in the NSA's attempts to spy on everyone everywhere whilst simultaneously hosing users' private Facebook data all over central and eastern Asia, but... well, I mean, at least it's not as if they are cutting throats left right and centre on the way to becoming the single most powerful mobile carrier in the whole of North America.  Are they?  Of course they are.

Sometimes the Atlantic seems not very wide at all.