Friday, March 29, 2013
Giovanni Russello, a security expert, writes a post about Android security.
The launch of the new Galaxy S4 has been celebrated a couple of weeks ago. Indeed, it looks like a slick device with lots of nice features that is making Apple really nervous. At the software level, the S4 ships with Android 4.2 Jelly Bean. Together with the Samsung pre-installed apps, we will find in the S4 Knox. Knox is a security solution developed by Samsung for supporting the Bring Your Own Device (BYOD) policy in enterprises. Knox allows the creation of different environments in your phone. Essentially, a secure environment will be used for containing enterprise-related data and apps; while an open environment will be used for personal content. The work environment can be managed by the IT admin of the enterprise. Your personal environment is entirely yours to populate with whatever junk you might like. The content of one environment is not accessible to apps from the other environment, keeping everyone happy.
Knox relies on the Mandatory Access Control (MAC) mechanism provided by SELinux. So how did SELinux ended up in a Samsung phone? The news that people were at work to port SELinux on to Android is not new actually. What is news is that SELinux is now (or is going be) fully integrated in the Android Open Software Project (AOSP), the official Android trunk that Google provides to vendors. And it is not a simple matter of swapping a Linux kernel for another. In a recent paper at NDSS 13, Smalley describes in details the changes required at the level of the Android middleware to be able to integrate the SELinux MAC mechanism seamless with the Android application framework.
What are the implications of having SELinux as part of the AOSP? From now on, Android code will have SELinux modules as part of its base distribution. In terms of security, SELinux can really help in solving some of the Android security issues. However, we have to realise here that SELinux is a research project of the National Security Agency (NSA). The NSA is one of the most nosey agencies in the US. One of the NSA main activities is to look for vulnerabilities that allow them to eavesdrop and in some cases even attacking “enemy” systems (see the case of Stuxnet).
Now Google has teamed up with NSA and any new Android phones will have NSA code running on it. Even though SELinux can help in keeping the bad guys out, are we sure that will keep the good guys’ noses out from our phones?
Timeo Danaos et dona ferentes
Tuesday, March 26, 2013
|Orion Health founder Ian McCrae|
Saturday, March 23, 2013
The UK Royal Society (amongst others) has organised the Great Innovation Vote where Stephen Fry, comedian. actor, writer and technophile, has voted for Alan Turing's Universal Machine as his greatest innovation. You can listen to his reasons below and please vote for your greatest innovation.
Wednesday, March 20, 2013
Monday, March 18, 2013
|Prof. Shafi Goldwasser|
The A.M. Turing Award, the ACM's most prestigious technical award, is given for major contributions of lasting importance to computing. Recipients are invited to give the annual A.M. Turing Award Lecture. The award is also accompanied by a cash prize of $250,000, which in recent years has been underwritten by the Intel Corporation and Google, Inc.
Wednesday, March 13, 2013
We have another centenary to celebrate - it's 100 years of stainless steel. It's worth thinking about what a remarkable material stainless steel is: strong, corrosion resistant and able to maintain a sharp cutting edge. It's everywhere around us; in our homes, buildings, farms, industry and commerce, yet it didn't exist until relatively recently. In October 17, 1912, Krupp engineers Benno Strauss and Eduard Maurer patented a type of stainless steel. The following year, in Sheffield England, Harry Brearley of the Brown-Firth research laboratory, developed an industrial process for manufacturing stainless steel and Sheffield became synonymous with stainless steel. There's a website celebrating 100 Years of Stainless Steel, and they've produced the video below, which outlines its history and many uses - the modern world really wouldn't be so shiny with out it!
Tuesday, March 12, 2013
Well, it's not a new game, just a new version of SimCity. If you've already bought the new version (approx. $100) you'll already probably have encountered the main problem - the game doesn't work! Well it does work, but only if your game session can connect to the over-loaded SimCity servers. That's right, to play the game you must be connected to a SimCity server - no connection equals no game play. You'd have thought that Electronic Arts, probably the most well known game house, would have anticipated the demand and built in enough capacity, and then some some, just to be on the safe side. Amazon stopped selling the game for a while because it didn't work and Electronic Arts have offered an apology and a free game to purchasers. Over 60,000 users have signed a petition demanding that Electronic Arts remove the online DRM from SimCity, which is the root cause of the problem. In 2013 it's remarkable that experienced companies can still stuff up like this.
Friday, March 8, 2013
Back in February this year, and earlier in September 2011, I wrote a couple of blog articles titled "Are you selling technology or services?" These posts put forward my opinion that Apple's strategy of tightly integrating its hardware and software had a vital third component; namely the services that people used on their iDevices. I wrote that Amazon seemed to be adopting this approach with the launch of its Kindle Fire. The Software Engineering Services Blog posted last week a piece called "Suddenly everyone wants to follow Apple's integrated hardware-software model," which describes how Google, Samsung and Microsoft are now also trying to follow Apple's lead by offering a complete ecosystem of hardware, software and services. The blog post concludes by saying "Steve Jobs may be long gone, but his vision lives on and everyone suddenly wants a piece of it, but just because they each recognize the magic behind Apple's strategy doesn't mean each can successfully copy it or that the market will follow. And that is the real challenge these companies face." It's nice to make a prediction that comes true.
Wednesday, March 6, 2013
I'm not sure if I should be impressed or scared by this piece of news reported by Wired. US DARPA researchers are planning to create a database that will store every conversation they can record: phone conversation, Internet chat, conversations at meetings and presumably every where that the human voice can be (legally) recorded. Clearly such a repository would be of great value to researchers in natural language understanding and I suppose historians. But, there is obviously the potential for harm through covert surveillance and unethical uses is huge. The project goes by the long title of "Blending Crowdsourcing with Automation for Fast, Cheap, and Accurate Analysis of Spontaneous Speech."
Monday, March 4, 2013
Radio New Zealand today had an interesting interview with Sandra Lerner, the co-founder of Cisco Systems. The interview covers Lerner's entire career from her early socialist politics, the founding of the pioneering networking company Cisco Systems, and her eventual ousting from it, to her development of a range of alternative cosmetics and her current passion for Jane Austen and sustainable farming.