Hacker Newsnew | comments | show | ask | jobs | submit | rsingel's comments login

This is yet another good argument for TextSecure and RedPhone, which don't depend on the SIM card encryption.

https://whispersystems.org/

-----


While certainly a step in the right direction, the lack of an open baseband remains a huge problem, even with TextSecure. Any smartphone has a whole separate OS running, with access to the system bus and memory, that we generally have zero visibility into. There could be exploitable bugs, there could be actual backdoors, and we just have no idea. If you truly want to secure data, you need to use an airgapped system with hardware that is much more open.

-----


Indeed. Samsung baseband was found to have a backdoor to read files in the phone.

https://www.fsf.org/blogs/community/replicant-developers-fin...

-----


That should be a solvable problem, aren't there tons of operating systems professors and electrical engineers around in Europe that could in principle develop an open baseband chip and operating system? Germany and France should have an interest that their communication can't be trivially backdoored by the NSA.

-----


Main issue is there really no specifications available on many things. Also it's will be nearly impossible to pass certification so no real manufacturer would use it.

If you want more details you may check OsmocomBB site and IRC.

> Germany and France should have an interest that their communication can't be trivially backdoored by the NSA.

Nobody saying that governments don't have trusted hardware with only their own backdoors. In almost every country manufacturer have to provide source code and specs in order to pass certification so gov does have everything needed.

Though it's not help anybody else as it's will never be open.

-----


Manual baseband isolation via mobile hotspot and nexus 7, does the trick for now

-----


Until the AMSS in the hotspot is compromised and used to attack your Android device via wifi.

This applies to mobile hotspots built around Qualcomm baseband/application processors, in other cases you would have to exploit the main CPU first.

-----


Well, at least that requires two exploits/backdoors, instead of one.

-----


Modern basebands are sandboxed, from what I understand. Partly because phones kept getting unlocked through exploiting baseband bugs and that messes with carrier subsidies.

-----


It's unfortunate that the free Linphone for iOS crashes since the last update... it offers standard ZRTP calls for iOS.

-----


Yet they do depend on a good RNG, don't they? Is that a given on common smartphones these days?

-----


I'm not sure about hardware RNG, but many if not most phones have sources of 'random' enviornmental data they can use to generate a random number such as cameras and phone movement.

https://security.stackexchange.com/questions/42428/is-genera...

-----


The problem with these sorts of on-phone-afterthoughts are that they are just lipstick on a pig.

You are still being tracked (GSM, wifi) and vulnerable to local hacks. Due to the nature of the devices (millions of identical devices are produced for major models), their distribution patterns (model selection led by fashion and price point), their homogeneity (two dominant embedded OS platforms only), their complexity (leading to a very large potential attack surface), and their ubiquitousness (your phone number, IMEI, local physical cell, or email address is probably terribly easy to find) it would be extremely foolhardy to rely upon the security of a modern, commercially available handset.

-----


I just tried this out. I love the simplicity of the homescreen and the simple volume toggle is great.

2 things: 1. The coffee shop has the Joe Walsh song The Joker in the background. It's a ridiculously catchy song and I found it very distracting.

2. I couldn't figure out how to turn this off. It went haywire and I ended up with lots of white noise. I had to turn off my bluetooth speaker, and going to applications to force stop. Nothing I did in the app would stop the sound.

A big play or pause button might help in this situation.

Hope this is helpful.

-----


A huge issue I've had trying to find music/noise that I can use to drown out background noise is the human voice. I can't find a playlist that has sounds/music without human voice! I found a couple great trance songs that just let me put my head down and really tune everything out... and then there is either a sample of a lyric or even a "hey!" added in for no reason and it pulls me out. And if they don't have a human voice, often it will have some other repeating noise that pulls my brain away from the task. I put on headphones to keep my mind from procrastinating at a time when it really, really wants to. The hardest thing is finding music/noise that doesn't give it any excuse to wander.

-----


Thanks for the feedback.

The coffeeshop noise is my favorite and I've definitely noticed the song, as well. I plan on replacing it with a similar audio track this week.

-----


This is largely political saber rattling. AT&T's best arguments are going to be procedural.

If FCC gets past arguments it didn't dot the i's, then this will go to the Supreme Court where AT&T and Verizon will get walloped. I can explain why, but basically there are 9 votes lined up against the ISPs on reclassification.

-----


I'd love to hear why you think there are 9 votes for reclassification, btw.

-----


They are. If they just deliver packets then they are clearly Title II. Last time the FCC did this (2004/5), the ISPs claimed that their homepages and email service and DNS made them not "telecommunications".

Well, Gmail, OpenDNS, Google DNS and Facebook (new homepage), make those arguments less useful. So "caching" is the new DNS.

Not sure how they'll deal with the rise of VPNs and HTTPS though. VPNs and non-cacheable are the most clear argument that people pay broadband ISPs just to deliver their packets.

-----


That's not true. The only carrier banned from blocking tethering is Verizon -- and that applies only to phones using the C Block spectrum. That's because when the FCC sold that spectrum it came with strong net neutrality rules attached (e.g. open devices, use any app, etc.)

-----


Despite the supposed ban, Verizon DOES block tethering. Source: I am a Verizon customer.

-----


Oh, no! Pointing out that a corporate power structure is overwhelming white and male is so unfair to those that are white and male.

I used to be this author's editor and that lede is very Wired.

Sad to see this "tone policing" comment is the top-voted comment on this thread.

-----


I definitely think that it's useful to point out the over-representation of white and male voices in powerful positions (which seems particularly relevant in big media corporations, since it's such a cultural driver), but in this case it's kind of stuck in there without any follow-up or relevant thesis.

But, yeah, it's definitely silly that the top comment is just complaining about that sentence.

-----


Yes, because privileged white guys, right? Would you feel the same if it was a minority instead? Would it even be noteworthy? Could we even have this conversation if it was a cabal of religiously exclusive peoples? That's right, only white guys are privileged, not minorities who have actual legislative privileges. One is evil, the other is supposed to be socially rewarding, but guess what, many see it for what it is; inconsistent dogma for the over-socialized.

-----


This is the sort of trite, self congratulatory "socially conscious" type of comment that is appearing all over the place. What does it have to do with Sony getting hacked? Nothing really. It does reveal the personal sentiments of the author somewhat, and also your own. Did the comment help anybody? I doubt it. Other than stoking resentment what possible purpose could stating that the executives were "overwhelmingly white males" possibly have?

-----


I was under impression that identifying the inequality among upper management at Sony Pictures was at least part of the reason for the early release of that specific document. i.e. that point, was the point and should probably be in the opening of any reporting. Call it a low blow, call it whatever you like, I just don't think any female / non white guy would appreciate how belittling your comments are.

But them I am kind of biased since the whole ghotz debacle. Suck fony and all that. (yes I know this is sony pic, not sony)

-----


I think for "you" is just an easy ride on the wave of the recents news.

Sad to see how easy is for "media" to jump from a trend to another even out of context.

Sad to see once again "you" pointing to "me" while "you/crew" had fun reading gender, ssn numbers, stipends and felt free to report your vision.

-----


To be frank, it's a stupid lede anyway. It's not like people would be surprised that the CxOs for an entrenched, major company like Sony would be highly-paid and white males. It's basically the default assumption for that demographic.

-----


What's more surprising is that no execs from Japan have crossed over to SPE.

-----


Sure, but once you've licensed the images under a certain CC license, you can't really go back. Yahoo will probably obey the user choice (as I think they should) but legally aren't under any obligation to do so.

-----


Yep, Yahoo has said they will honor user choices and allow folks to opt-out by changing CC licenses. The November 20 announcement says:

"Flickr members who don't want their CC-BY or CC-BY-SA photos to be eligible for sale as part of Flickr Wall Art can change the license (e.g. CC-BY-NC, etc.) and the images will be removed from the selection." https://www.flickr.com/help/forum/en-us/72157649323144986/pa...

What's interesting is that CC licenses are irrevocable. So if a hypothetical GreatPhotoPrints.com bulk-downloaded CC-BY- and CC-BY-SA-licensed photos, they could continue to sell coffee mugs, t-shirts, posters, canvas prints, etc. -- even if the Flickr user changed the license later. (And of course if Yahoo ever became desperate for cash, they could reverse the current policy decision that currently permits opting out.)

-----


I'm not sure. The user owns the content. If they decide to change the license then Yahoo has to pull those photos from the pool.

-----


Nope. That's the "irrevocable" part of the CC licenses (as well as in most FOSS licenses).

-----


Ryan Singel here from Contextly (my co-founder wrote the blog post).

I think you are absolutely right on with the insight that stellar content is missed by readers for many reasons.

We are part of a solution for publishers that want to have a re-purposing program. Some of that can and should be very editorial, but it can also be complemented or informed by a service like ours that works on a publisher's own domain.

Our definition of "evergreen" for the purposes of the study of the HN archive differs from the one we use for our publishing clients.

That said, I do think it would be interesting to see what stories continually get re-submitted, as that may well show off the most unchanging evergreen.

(Defined in that case as a story that continually has a fairly high value for a substantial number of people over a steady amount of time. Compare that to say David Sedari's SantaLand Diaries, which is also an "evergreen," but I would strongly suspect a highly seasonal time of interest.)

-----


Wait, this is a link to a blog that reposted, in full, a story from National Journal that this guy didn't write.

Could someone please change the link to the original?

http://www.nationaljournal.com/tech/the-fbi-s-secret-house-m...

-----


Yes. Url changed from http://www.matthewaid.com/post/101483465701/fbi-begins-secre....

-----


I was looking through his site. Seems like he curates news articles relevant to a couple stories he's following and this one is just one of the ones that made it in.

Agreed it should be changed to reflect the original source.

-----


There's no such thing as news that doesn't involve social or political issues.

There is news that doesn't challenge implicit assumptions -- but that doesn't make it non-political.

-----


And further...

There is no software or algorithm that isn't sociological, political, or otherwise ideological.

-----


Could you expand on that thought more?

-----

More

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: