Why would the big four music companies agree to let Apple and others distribute their music without using DRM systems to protect it? The simplest answer is because DRMs haven't worked, and may never work, to halt music piracy. Though the big four music companies require that all their music sold online be protected with DRMs, these same music companies continue to sell billions of CDs a year which contain completely unprotected music. That’s right! No DRM system was ever developed for the CD¹, so all the music distributed on CDs can be easily uploaded to the Internet, then (illegally) downloaded and played on any computer or player.
There have for some time been rumors that Apple would sooner or later bring out a smart mobile phone of their own. The arrival of said phone is now reportedly imminent.
This columnist has his own ideas of how Apple should make its phone stand out from the pack, principally by making your phone a portal to your Mac and giving your Mac the ability to stream music to your phone via iTunes.
Personally, I think he's out of his mind. Not only would Apple's iPhone then be competing against its own iPod, but the cellular carriers would be laughing all the way to the bank. Instead of selling service plans with a thousand minutes of airtime a month, they'd be looking at selling plans with a thousand minutes per day. The lowest-airtime plans that you could buy would probably jump from 700 minutes a month to several thousand. For those of us who rarely use a hundred minutes a month, that'd really suck.
Aircraft hijackings are really pretty rare these days, right? But as schneier reports, the European Commission, Airbus, Siemens and the Technical University of Munich are spending 36 million Euros to develop a system whereby in the event of an actual or suspected hijacking, controllers on the ground can remotely take control of the aircraft, fly it to the nearest airport and land it, with no intervention necessary or possible from the pilots.
I've actually been aware of this project for some time now, and schneier's reaction now is the same as mine was when I learned about it: This is a really bad idea. The situation in which it's intended to be used is so uncommon the benefit is probably minimal, but it opens up a whole new vulnerability -- because you KNOW that once a system like this goes into service, the protocols will sooner or later become public, the equipment specs will be leaked, the encryption protocols protecting it (pray there IS encryption) will be cracked, and once that happens, it will no longer be necessary for hijackers to get on -- or even near -- the airplane at all. They'll be able to hijack any airliner so equipped, from the ground, and presumably fly it wherever they want by passing control to successive previously-placed ground stations. Had this technology been in place and already cracked on 9/11, the hijackers could have gotten all four aircraft to their targets instead of just three, and none of them would even have had to die.
This is one of the most stupid and ill-thought-out flight-safety ideas I've ever heard of. As pointed out in the comment thread in schneier's post, there is one perfectly simple way to prevent 100% of hijackings: Physically isolate the cockpit on all airliners from the passenger cabin with an unbroken bulkhead, give the flight crew their own separate entry, their own lavatory, and their own refrigerator and microwave for their in-flight meals.
Of course, would-be hijackers could take the flight attendants and passengers hostage, and threaten to kill them if the pilots don't comply with their instructions. But that's fixable, too, by allowing passengers with legitimate CCW permits to fly armed. Hell, offer discounted fares for passengers willing to fly armed and intervene in the event of a hijack attempt.
There's one thing I think schneier missed, though. Even if the system isn't cracked, this would open up a whole new ability for terrorists to DOS the entire commercial air fleet and ground all commercial travel world-wide.
You see, they don't have to actually crack the system. All they have to do is convince the world that they probably have cracked it. Every nation would have to order its commercial air fleets grounded until they could be certain the system had been resecured. They would have no choice. Can you think of the consequences for any government if a terrorist group announced that it had acquired the ability to subvert this system and take over control of any airliner from the ground, and that government alone decided that the terrorists were bluffing and did not ground its commercial fleet -- and subsequent events proved them wrong?
Yup. You better believe it. Gizmag has the gen here, and drops hints about four other turbo-diesel motorcycles in development. See another viewpoint here. It's designed and built in Holland, uses a modified 1200cc VW 3-cylinder turbodiesel engine, weighs 445lb, and reportedly makes up to 120BHP and 200lb.ft of torque ... and gets 150mpg. That's about 700 miles between fuel stops on a 5-gallon tank, or two weeks of your daily commute between fill-ups.
The BBC reports that Freescale has begun volume production of MRAM (magnetoresistive random access memory). The first MRAM product offering is a four-megabit 3.3V chip with 35ns read/write times, packaged in an industry-standard TSOP SRAM form factor. The MRAM technology is non-volatile, like flash RAM, but unlike flash RAM, does not degrade with use and has a potentially unlimited lifetime (as well as being considerably faster). It consumes considerably less power than either DRAM or flash RAM.
(Thanks are due to juuro for the pointer.)
Microsoft has added a feature called Address Space Layout Randomization, or ASLR, to Windows Vista beta 2. They tout this as an important security feature.
Certain attacks attempt to call Windows system functions, such as the "socket()" function in "wsock32.dll," to open a network socket. The new security feature moves these system files around so they're in unpredictable locations. In Windows Vista Beta 2, a DLL or EXE file could be loaded into any of 256 locations, [Michael Howard, a senior security program manager at Microsoft] wrote.
"An attacker has a 1/256 chance of getting the address right," Howard wrote.
The article also mentions,
ASLR is not a Microsoft invention. Several open-source security systems use it already, including OpenBSD, and the PaX and Exec Shield patches for Linux.
Now, maybe I'm missing something here, but ....... OK, so you randomize where things are loaded in your address space. But, your code and applications still have to be able to make library calls to a lot of that code. So what do you do? Does the OS handle "de-virtualizing" the calls automatically? Do you have a public table where programs can look up the location of whatever they need to call?
The precise mechanism doesn't really matter. The point is this: If there is a mechanism to allow authorized code to still be able to call code in your load-address-randomized libraries, what's to stop malicious code from utilizing that exact mechanism?
Somebody using the alias "c0ntex" wrote in a reply to [David Litchfield, a researcher at Next Generation Security Software] that ASLR has been "trivially circumvented in Linux for years now."
Unless there's more to this than meets the eye, I don't see what's to stop it from being trivially circumvented on any OS. ASLR seems to be to be something akin to trying to stop telemarketers from calling my phone by moving the phone somewhere else in the house and not telling them where I moved it. Doing so may comfort me, but it doesn't matter to the telemarketers -- if they dial my number, my phone still rings.
Meanwhile, in other BusinessWeek discussion, Intel is feeling the pressure from AMD in the chip market, Dell is losing sales share because many Dell customers want AMD chips in their servers, and AMD says they'd like Dell as a customer but don't need Apple, thanks.
Google just announced a plan to cover 95% of San Francisco with 300kbps wireless Internet, at no cost either to users or to the city, in response to mayor Gavin Newsom's request for proposals last year.
You can find a good discussion of the Google proposal and issues surrounding it here. My favorite quote from the article:
SBC has already been good for its usual comic relief: Witness company mouthpiece John Britton claiming that "there is already widespread broadband available today" in San Francisco. Well, yes, John, there is -- provided you live in a cafe or a bookstore, or along parts of Castro or Chestnut streets where six-figure incomes are just enough to scrape by. Otherwise, you'd have to -- well, you'd have to work for a telecom to say something that stupid.
Go read it' It's not only amusing, it's insightful and worthwhile reading.