Re: BB UI without QNX is?
"A cute, popular pig, but..."
Or a stout big-tusked boar like the Blackphone, unless you can prove otherwise...
16605 publicly visible posts • joined 10 Jun 2009
"A case can be made, but in the end that case isn't particularly compelling. If that were to be the endgame then why bother at all with hardware? It would be simpler to get out of the device business altogether and allow whomever licenses the suites to provide the hardware and the engineers to bolt it together. It boils down to what additional value the OS has that can be extracted in other ways."
Because it's going to take more than just slapping your UI on top of the Android kernel to make it properly hardened. One of BlackBerry's calling cards was that it was a system secure enough for proper enterprise use. As of now, baseline Android doesn't make the cut, but as noted by devices like the Blackphone, you CAN make it good enough if you get under the bonnet. So for BlackBerry to make a good Android device, it will have to do the same: be almost as picky as Apple when it comes to how the devices are built and the core software assembled so that it can properly pass the enterprise acid test.
"Mainstream sells. Non-mainstream does not."
That doesn't mean you can find your niche and survive on it. That's why professional software can still turn a profit, in spite of the small audience, if it's the right software for the job such that the pros are willing to shell out for it. For years, BlackBerry survived by finding its niche in secure enterprise devices. It suffered from a combination of government interference and intrusion from the mainstream. I strongly suspect the niche is still there, it's just changed its shape and BlackBerry still has the potential to retake the niche and find its market again.
"The same things that stop malware from subverting anti-malware software today. This is an API that vendors like Kapersky can plug into. It enhances the range of their capabilities if they choose to use it."
So what's to stop a malware from posing as an anti-malware, hooking into THE SAME APIs, and subverting them. "Who watches the watchers," IOW?
"If you're upset that the anti-malware software or OS, is "software", then perhaps you would be interested in the tool MS announced a couple of months ago that runs security from a separate Hyper-V instance that exists in parallel running directly from the hardware."
Hyper-V is a VM hypervisor. I'll grant you no one's been able to pull off a Red Pill to date, but since it's still software it can't be ruled out. Particularly if cyber-warfare really does go to the next level and hardware starts becoming compromised. It may seem paranoid, but given all the news we've had lately, we're almost in DTA territory as it is.
"There are already versions of malware that will probably get pass this! There are web based attacks where the downloaded script is 'innocent', only it includes calls to remote code that is only provided when invoked..."
But wouldn't the kit detect that remote code is needed (since it would have to be "included" at some point) and demand that code be loaded up (and thus scanned) BEFORE the script is allowed to run or continue?
OUR point can be summed up in three words: IN YOUR DREAMS.
Just because you're better doesn't mean you'll win. Beta max was better than VHS but LOST the VTR war. Microsoft has nothing to lose by doubling down. If Linux overtakes, they'll be as insignificant as Blackberry is now, and switching kernels would be seen as an act of surrender much like again Blackberry.
Plus ask yourself this. If Linux is so superior, why isn't professional workstation software coming out for Linux more often? Why can't Valve convince more developers to embrace Linux and Vulkan?
"But no, you as per usual have thought in your benighted wisdom that writing something which goes through a list of ones and noughts and checks them against a list of other ones and noughts is trivial and that therefore this is trivial. "
Because it IS trivial. What's to stop a malware from altering the list so that its blacklist includes useful programs? AVs produce false positives by accident all the time; what's to stop them being done intentionally? As for the scanning process itself, it's still software, and software can be subverted.
Trouble is the multi-layered approach suffers from a common ponit of failure: the user interface where EVERYTHING has to be removed in order for the stuff to be of any use. About the only solution to this problem (essentially an exploitable "analog hole") is to go cyberpunk (in the style of William Gibson or Shirow Masamune) and have enc/dec security capabilities built directly into our brains.
"In my shop (an NGO, ffs) all externally facing data was encrypted at rest and in transit. All systems using that data needed to use a key and two way handshake before the data was useful."
Thing was, the stuff has to be useful at SOME point, which is where you attack the database: at the points where they MUST be decrypted to be useful. That's always been the unavoidable flaw with encryption. In order for data to be useful, you have DEcrypt it SOMEWHERE.
You claim everyone would ditch Google in a heartbeat, but ask yourself, "For WHAT?" Who else is out there that is as feature-rich as Android and Google that would allow people to pick up where they left off? Apart from Apple, who's just as guilty, I doubt you'll find a serious answer. And since they've become too ubiquitous, I doubt they'll be convinced to abandon cell phones altogether for fear of that emergency call that can't wait and so on.
Under the law both in the UK and in the US, a normal sales transaction DOES NOT constitute a debt but a sale, so the "legal tender" provision DOES NOT apply. Barring certain acts of discrimination, the vendor reserves the right to refuse sales at his/her discretion. That's how vendors in my neck of the woods refuse service to rude and rowdy people.
Not just crap but hard to handle. It only worked at a certain minimum temperature, so it had to be literally warmed up to work, which is why Konami had to come up with their noted "Morning Music" as a warm-up signal for their Bubble System games. Not to mention the reading process was destructive, meaning you had to feed the data back in as soon as it was read, and if something went wrong in between, the whole works got corrupted.
"How does it work in the US - is there something similar, or are property rights stronger? Just asking, because I'm genuinely interested."
There's no uniform policy on the matter. It depends usually on state and local Health Codes. Generally, though, pest creatures like ants, roaches, and rodents need to be controlled, particularly in eateries, and places can be subject to inspection, especially if complaints are lodged against the place. As to the owner's complaints about non-lethal methods, she's up against the rest of the neighborhood; her rights can be trumped by everyone else's right to a clean, disease-controlled environment. He/she would have to take that up with the City Council/State Legislature if she wants his/her way. At the extreme, they DO have the power to condemn places they deem uninhabitable due to filth or pestilence.
"It seems hard to believe that someone has the time and ability to recreate the factory firmware for so many different devices without access to the original firmware's sourcecode."
Thing is, they can obtain the firmware through other means, such as a legitimate update download. They can then tinker with it offline at their leisure, allowing them to basically rebuild it to their needs (including taking out things to make room and so on), THEN find a way to inject the malware.
OK, we'll grant you that one, but given that the scheme was created for Windows 95 (so as to allow the system to compete on the LFN front with other systems like OS/2), the clock on that patent has got to be running out soon. And anything pertaining to LFN on NTFS is probably on a shorter clock if not already up because NTFS was developed with the original Windows NT, which is several years older than Windows 95.
"With http you might be able to stay anonymous."
How when you STILL have to tell the website who you are? As for proxies and such, one mandatory JavaScript (as in enable it or you can't get in) and you're IP is traced just as easily: even through stuff such as TOR. And then there's the whole user registration jazz that can ID you to the person (and for the really important stuff will probably link you to government-known IDs like SSN or mailing address), IP be damned.
HSTS is still vulnerable as ISPs and malware can hijack the handshake that occurs just before the transition to HTTPS. It's best to go HTTPS from the go. As for broken links, don't many browsers automatically try the HTTPS version if the HTTP version draws an error? Suppose all previous HTTP pages return a 301 which refers to its HTTPS counterpart? Is that a correct 301 response?
"HTTPS also guarantees that the data hasn't been tampered with."
It doesn't NECESSARILY guarantee that, especially for ephemeral sites where someone can start an HTTPS proxy with a fake certificate.
But here, we're talking the US Government who WILL have a genuine secure certificate whose public traces are pretty much all around the country (basically, anyone who does web business with the US will have a trace). The preponderance of evidence already out there would help make it easier to notice if someone's trying to impersonate the government with a secure proxy. Basically, with all government communication in future over HTTPS, odds will be passing fair no one's listening in on the encrypted connection. That can only help.
"You can't trust anything or anyone."
So why are you even communicating? That ALONE implies some level of trust. If you really CAN'T trust anything OR anyone, you'd be alone in an old lead mine in the middle of nowhere, subsisting using nothing but your wits and your experience.
"Sadly even I know that God don't kill people, people kill people so don't ban God or is that the Gun?"
Joke aside, how do you counter the idea of the miscarriage, the stillborn, or someone just plain struck by a bolt out of the blue? In other words, if God (or His universe) doesn't kill people, what about all those people killed by sheer chance, with no hand of man involved?
"Taken to the extreme, this omnipotent God has created everything, including my current thoughts, and memories of my past joy and pain, and so already knows the result of the trials inflicted on me.'
Perhaps it's best to say that God isn't truly omnipotent: just close to it. Many interpretations put Man as God's big wildcard: the concept so out there even He can't predict it (as in God can't predict Man's will). That was why Eve and then Adam were able to be turned astray: because they had the capability to do so, and thus introduced to God's universe the idea of the wildcard. Seen in that light, all the ordeals God puts before man can be seen as a kind of trial by ordeal: fire-forging. What doesn't kill or break you makes you stronger, and so on.
"One aspect that they might be missing out in California is driving in a snowstorm, especially at night. It really changes everything when most of your vision is filled with an almost opaque wall of snowflakes flowing toward you."
Well, in regards to inclement and especially extreme weather (like the blizzard you describe), there's a fair chance of the car outseeing the human because with the imaging technology available to day, to say nothing of down the road, the car can likely "see better than the average person". Now, I'll grant you GPS at its current state probably isn't accurate enough to distinguish between one side of the road and the other, but perhaps with infrared and radar imagery, it'll probably have a better shot of seeing through the snow and getting an idea of where the road's supposed to be.
What you did at the end also indicates what the ultimate failsafe should be for a car that is unable to navigate. If, in spite of all its abilities, it cannot find the way forward (such as not being able to discern the road due to heavy snow, a washout, or an unexpected road change, it should find someplace safe, alert the driver that it cannot continue, and perhaps suggest requesting assistance. As a last resort (if going forward is a must), it could turn the matter back over to the driver while advising proceeding with utmost caution. That way, at the least, if something happens, it's not nearly as likely to be a big something.
As for your breakdown issue, a smart car should be able to discern it as an obstruction. But I'll grant you maneuvering will be difficult if traffic is reduced to one lane for both directions as a result. The best solution would be for a policeman to direct traffic, and their dress codes can be updated to make their signals easier to distinguish.
The bump (or stop) is the thing about 3 feet wide and 6 inches high that's supposed to stop a parking car from going too far and going over the pedestrian-only sidewalk.
http://i.imgur.com/wiOdIGY.jpg
A support pole is one that may be holding up the front overhang of a store, keeping it from falling on you.
And the "C" is short for "convenience". As in SPAR or best-one on your side of the water. Imagine a crazed driver jumping the kerb and crashing into a SPAR, and you'll get an idea of what I saw at a 7-Eleven.
(Not the incident I saw, but still a good example)
http://chicago.barstoolsports.com/files/2013/03/711.jpg
So you call an online collaborative whiteboard bollox? An online graphical language recognizer for an elaborate language like Chinese or Japanese where specific stroke order is important? A place like eBay where timing is key (the delay of a page load can be the difference between winning and losing an auction--I can speak from experience).
So you ask WHO says web pages have to be dynamic? YOUR CLIENTS DO! Time is money in today's society, so static pages are passe.
"I have no idea how often the intoximeters at the local cop shop need calibrating, but I suspect it's fairly regularly."
This site would seem to agree with you.
http://dui.findlaw.com/dui-arrests/breathalyzer-calibration.html
Then again, in-car breathalyzers could be subject to the annual inspection just like everything else...