The title of this post is taken from a post at the Register (here) reporting on the end of Apple’s attempts to evade responsibility for illegal price fixing of electronic books. Jobs was a talented man, but he was no angel. I don’t want to demonize his memory, but neither should it be a whitewash that leaves out all the nasty bits. For all the people that criticize Amazon for their business practices, there are too few that do the same to Apple. Dead Steve Jobs is still a crook is a worth partial redressing of the balance, and a reminder that the honest view is always behind the glossy press releases, slick marketing campaigns, and even the must have products.
Somebody at Amazon has a sense of humor. I have proof: here is section 57.10 of the service terms for its beta release of Lumberyard, a free game engine and development tool:
57.10 Acceptable Use; Safety-Critical Systems. Your use of the Lumberyard Materials must comply with the AWS Acceptable Use Policy. The Lumberyard Materials are not intended for use with life-critical or safety-critical systems, such as use in operation of medical equipment, automated transportation systems, autonomous vehicles, aircraft or air traffic control, nuclear facilities, manned spacecraft, or military use in connection with live combat. However, this restriction will not apply in the event of the occurrence (certified by the United States Centers for Disease Control or successor body) of a widespread viral infection transmitted via bites or contact with bodily fluids that causes human corpses to reanimate and seek to consume living human flesh, blood, brain or nerve tissue and is likely to result in the fall of organized civilization.
You can see the whole document, here.
First seen at the Register.
In Smart toys may be a dumb purchase, I highlighted a Register article about woeful security in Internet of Thing (IoT) items. Here are a couple of links to more stories along the same lines. However, in these cases, it looks as if the companies were aware of the risks – well aware of the risks, having in one instance received repeated, knowledgeable warnings – but ignored them. Shocking behavior.
- Trane thermostat is a hot spot for viruses on home networks
- Security? We haven’t heard of it, says hacker magnet VTech
Will the marketplace sort these companies out, or will there be legislation? The latter course is rarely successful with technology, but some may argue there has to be some kind of specific backstop to prevent companies behaving in such an apparently reckless fashion.
The Internet of Things, with connectivity and data transfer operating in non computer household items – like fridges, cars, and toys, for example – means that issues of security, confidentiality, and so on, need to be addressed by whole swathes of industry that are rather inexperienced in these areas. I have heard several stories of producers who include a security review as one of the last things on the production timeline, whereas most experts seem to highlight the need for security to be built in to products from the very beginning.
The Register has an interesting item about two toys that seem to have been produced with security flaws, leaving users – OK, the child users – and their families as targets for data theft, surveillance, and who knows what other misfortune.
One flaw found in a toy watch:
“…created a possible means for hackers to add their account to a family’s user group, enabling them to see the child’s location, history, profile details and even to message them.
It highlights how insidious and potentially dangerous the Internet of Things (IoT) is. Expect more stories like this, as the IoT is only going to become more extensive, and it’s unlikely security performance by producers will improve. At least in the cases referred to, the companies involved were praised:
“…for a prompt reaction and response to the reported problems. Other IoT toy vendors should take lessons from the incident and endeavor to bake in basic security controls into products…”
Manufacturers of the world, you have been warned!
Biking apps can be hazardous to the security of your bikes. Especially if you ignore the privacy settings.
As the Register puts it:
IT bloke: Crooks stole my bikes after cycling app blabbed my address
An IT manager in Manchester, England, says thieves stole his bikes after a smartphone cycling app pinpointed the location of his garage.
Another snippet from the report:
His fears were confirmed by an organizer of a local cycling club who told the paper that he had lots of reports in recent months where bicycles had been stolen and the owners suspected it was due to their use of cycling apps advertising their location.
All of which is a timely reminder to people over why they should be careful about what apps they use, what information they share, and why it’s worthwhile spending a bit of time digging into the privacy settings that many apps now offer.
Don’t say you haven’t been warned.
Bruce Schneier has an excellent blog piece entitled Policy Repercussions of the Paris Terrorist Attacks (which I have only just come across) that is the usual breath of fresh air about terrorism, security, and surveillance.
The politics of surveillance are the politics of fear. As long as the people are afraid of terrorism — regardless of how realistic their fears are — they will demand that the government keep them safe. And if the government can convince them that it needs this or that power in order to keep the people safe, the people will willingly grant them those powers.
In short, governments use fear as a justification to acquire more intrusive powers.
It doesn’t matter that mass surveillance isn’t an effective anti-terrorist tool: a scared populace wants to be reassured.
That point is worth emphasizing, too. For example, there already was surveillance operating before the Paris terror attacks. Increasing it wouldn’t have increased the chances of preventing the attacks. Mass surveillance does not work in this arena. It does work in terms of keeping tabs on your political opponents…
So far as the opportunities and politicians are concerned, Schenier writes:
And politicians want to reassure. It’s smart politics to exaggerate the threat. It’s smart politics to do something, even if that something isn’t effective at mitigating the threat. The surveillance apparatus has the ear of the politicians, and the primary tool in its box is more surveillance. There’s minimal political will to push back on those ideas, especially when people are scared…
…Terrorism is singularly designed to push our fear buttons in ways completely out of proportion to the actual threat. And as long as people are scared of terrorism, they’ll give their governments all sorts of new powers of surveillance, arrest, detention, and so on, regardless of whether those powers actually combat the threat. This means that those who want those powers need a steady stream of terrorist attacks to enact their agenda. It’s not that these people are actively rooting for the terrorists, but they know a good opportunity when they see it.
So, even though it does not work, the politicians are going to keep trying to secure more surveillance and other intrusive powers.
Do read the whole post (which includes some excellent links to other material on the same issues) here.
It’s a cool idea. However, I’m not sure how many people will pick up on the irony that military technology is being adapted for use by cyclists. Why? Well, if you cycle in Israel – especially if you dare to cycle on the roads – you are, indeed, at war. It is damn dangerous.
One to watch.
Oh, and yes, I want a pair!
Here’s an interesting idea:
The potential weak spot is the availability (or otherwise) of the sales network. If they do not establish that quickly enough, to the right size, and maintain it, it will be difficult to survive. However, if it becomes as common as (for example) boxes of matches available at kiosks, it might stand a chance. I do wonder, though, if the biggest obstacle might be that those with phones that are prone to running out of power, will either already carry a backup battery or reserve, or know every charging point within their reach.
Nevertheless, a clever idea, enhanced by its environmentally friendly setup. Good luck to Mobeego.
Wherever you stand on the matter of Hillary Clinton and her email server, if you have any technological instinct, you might have been wondering about the lack of encryption on the emails. Why weren’t they encrypted? Let’s see if I can answer that question.
Let me take you back in time to the wonderful world of 1990’s banking and legal services. My firm had several contracts to deliver services electronically (via email) for banks, building societies, insurance companies, debt recovery agencies, and similar big businesses. Not once was the commencement of the work delayed because of the need to set up encryption. Why? Because encryption wasn’t wanted. Nobody on the client side wanted to use it, and since it would have made things that much more difficult for us, we never suggested it. (Probably we should have.)
There were two occasions when somebody at one of the banks (the same bank in each case) asked the question about using encryption. When we replied that we had never been asked, the response was that the bank had to use encryption. (Wrong, but not worth arguing over.) And so, on these two occasions, we put in place systems to encrypt email. And, from memory, one episode of encryption lasted about a month. The second lasted about a week. In both cases the bank asked us to stop using encryption. Why? Because it was too hard to use; it was fiddly, time consuming, and didn’t seem worth the effort.
I don’t know what the modern situation is, but based on Hillary’s email server episode, and the following from the Register, not much has changed:
E-mail crypto is as usable as it ever was, say boffins
Ask friends to use PGP. They’ll love you for it
And the detail:
The main reason the world is able to read and enjoy the contents of Hillary Clinton’s emails is that crypto tools aren’t any better than back when Phil Zimmerman created PGP, the crypto system even he can’t use.
That’s the conclusion of this study into e-mail crypto usability, a follow-up to a study which reached the same conclusion 15 years back.
The study, which hit Arxiv at the end of last week, was conducted by a group of Bringham Young University researchers led by Scott Routi.
Checking over the Mailvelope PGP browser extension and which carries EFF endorsement. For the study, the researchers got ten pairs of participants to try to install and use Mailvelope.
They may as well have not bothered: even getting started with crypto defeated nearly everybody:
- In two pairs out of ten, the person supposed to initiate contact never managed to actually use the software to send a message;
- In another two pairs, the recipient couldn’t work out that they needed to install Mailvelope to read a message;
- One pair managed to get as far as trying to share their public keys, but didn’t really know what to do with them.
- Just one pair, of which one member already knew about public key crypto, actually managed to install Mailvelope, trade their PGP keys, and communicate.
There’s also the question of what to do if a sender wants to encrypt, but is sending to a receiver that isn’t ready or knowledgeable.
In such a case, the study suggests, some kind of integrated tutorial and automatic Mailvelope invites for new recipients might mean a message doesn’t just get dropped in the junk folder.
In short, encryption is still too hard to use. Sounds like an opportunity for somebody. I wonder why Google or Microsoft haven’t got something that can do the job, effortlessly.
Tim Cook of Apple is not happy about the films being made about Steve Jobs and Apple. But, given the opportunity to turn back time, he might have expressed himself differently – or even avoided comment. For Aaron Sorkin has well and truly roasted Mr Cook, as the Register reports:
Academy Award-winning screenwriter Aaron Sorkin has issued a verbal blast to Apple CEO Tim Cook over his criticism of the forthcoming film biopic of dead Steve Jobs.
Earlier this month, Cook was interviewed by Stephen Colbert on The Late Show, and discussed the succession of films (and even an opera) that have been made about Jobs in the wake of his death. Cook declared that he hadn’t taken the time to watch any of them, and that he disapproved of them being made.
“I think that a lot of people are trying to be opportunistic, and I hate this; it’s not a great part of our world,” he told Colbert.
Cook’s comments were raised on Friday at a press conference to promote the forthcoming film Steve Jobs, in which Michael Fassbender portrays the late Apple cofounder in the early years of the company’s history. The film was written by Sorkin and, when asked about Cook’s comments, the writer didn’t hold back.
“Nobody did this movie to get rich,” Sorkin said, The Hollywood Reporter recounts.
“Secondly, Tim Cook should really see the movie before he decides what it is.
Third, if you’ve got a factory full of children in China assembling phones for 17 cents an hour, you’ve got a lot of nerve calling someone else opportunistic.“
You can read it all – including links to the Register‘s coverage of the child labor angle – here.