iPhone

It's kind of a juvenile idea, but some of the performances sell it: http://www.youtube.com/watch?feature=player_embedded&v=xBe0zjdURc4

ddt

Samsung needs Apple's iPhone 4 firmware source code to prove that the iPhone should be banned in Australia, and wants the court to give it to them.

Gone fishing.

If that will happen in the courts, then programmers should start putting in pithy comments to their code directed at the courts or competitors

"Start?"

Finally. I might be able to afford a smart phone SERVICE.
http://gigaom.com/2011/10/31/republic-wireless-to-launch-19-voice-sms-service/

The Walled Garden has a hole in the wall.

Interesting little video...

Pretty handy way to add iOS prefs to your home screen for easy setting.

This just in from my sister, who was visiting our parents:

"Last night mom started cursing at someone in her bathroom. Turned out it was Siri. Her exchange ended with 'Fuck off'. Wish I had heard siri's response.

This was following her technique of getting the TV remote to work - slamming it repeatedly on the couch arm."

My mom is a very, very smart person. But her patience for devices is low.

ddt

I've been enjoying my new iPhone 4S although trying to get it to recognize "play Red Elvises" has been a problem. It guesses Red poultices or Red pelvises.

Man, if only here were one island country over -- I so wanted to be able to title a post "Kiwi Siri": http://www.youtube.com/watch?v=SHoukZpMhDE

ddt

Quote

"create a meeting tomorrow at teen anal"

ROFL!

ROFLM-ANAL-O

I like to think that there are certain technology sites that I can trust. Unfortunately, that hasn't been the case with this CarrierIQ debacle over the last few days. I'm guilty as well for believing the hype and jumping to conclusions without evaluating the evidence myself. The cease-and-desist letter that CarrierIQ sent to begin this brouhaha tainted my opinion of them and made me willing to accept whatever claims were levied against them. It's the old "only guilty men try to cover their tracks" fallacy.

After looking into it deeper, I have a better understanding of what's really happening. What I've found is that the software isn't inherently malicious as EVERYONE seems to be claiming. It is, however, poorly designed and presents a security risk because of that.

The video "evidence" that has been bandied about as a smoking gun is nothing of the sort. In spite of the video's implication that all of that sensitive information is being transmitted to CarrierIQ's evil lair, all it really shows is that the CarrierIQ utility is developed with a very broad set of capabilities. Yes, the software is capable of reporting all of that stuff but I have yet to see any evidence so far that says it DOES report that information. The discussions I've seen on the subject always devolve into "well why would they build that capability into the product if they weren't using it?" The answer is that they could sell the software to someone who WOULD use it. I can think of several industries where data-retention laws would require monitoring employee device use with that kind of detail. It doesn't mean that AT&T or Sprint are doing so.

I'll compare it to another project I was involved in a while back... Company A makes a POS application that has a particular capability that Company B wants to use. The capability isn't directly related to a POS transaction, though, and Company B already has a fully functional POS system that they use. They don't want to replace their POS application but they want to be able to do something that Company A's product makes possible. So Company A provides Company B with a custom version of their POS software with all of the actual POS functions masked out. If someone were to dig into the underpinnings of this software believing that it is a simple cellphone activation utility without knowing its true roots, they might be confused by configuration options for things like "ALLOW COMBINED LOTTERY AND ALCOHOL SALES ON SINGLE TICKET".

In other words, rather than writing separate applications for each client's unique needs, they have a complete framework that can be adapted to fit a given environment.

That is how I believe CarrierIQs software is designed. Their framework is capable of hooking into a huge base of information and each implementation determines which components it actually utilizes. The demonstration in the video is not showing the actual software's interface, it's showing the output of Android's "logcat" functionality. This is similar to /var/log/system.log on an OSX system except it is even more verbose.

That, however, is why I say that the software is a security risk. The fact that it's underlying framework reports such detailed debugging info to logcat is the result of sloppy coding and/or ignorant developers. While yes, it is POSSIBLE that CarrierIQ is sending all of that information to Sprint, AT&T, Al Qaeda and your mom, I am inclined to believe that the actual information transmitted on these devices is limited to what they have publicly claimed. Unfortunately, all of the extra information IS being stored on the device, albeit temporarily. It would take quite a bit of effort for a malicious third party to retrieve that improperly logged information from a device but it is not entirely impossible.

So for now I feel ashamed for jumping to conclusions and I am troubled by the fact that otherwise respected news sites promoted the researcher's findings as fact without doing their own objective analysis of the information.

It's POSSIBLE that the guy really is correct in his assertions but that simply isn't supported by the evidence he's provided so far.

Good insight CS, thanks for this. It does however fit perfectly in our timeline. These days our MPs in our lower house will and do ask questions about articles in tabloid newspapers the day after these articles are published. Which are usually fact free or close to it.

We are no longer inclined to pay for the news, which means most 'news' sites are nothing more than glorified REUTERS outlets without so much of a newsroom themselves. Also; if you want to do your own research and fact checking, the hype is over and your eyeballs are gone.



Edited 1 time(s). Last edit at 12/01/2011 08:13PM by tliet.

Yeah, I've been holding off on bashing it until I see packet captures of the sensitive data being sent out to their servers.

It's a logging app, and one that is up to each carrier to integrate into their particular Android (or iOS or...) stack, and if they make a privacy mess of it, that carrier/vendor should be blamed.

This is actually a lot like a tool I've been using a little bit recently, called NewRelic. It gets installed on your various server platforms (as a PHP plugin and Ruby Gem) and sends a bunch of top-level data to NewRelic's server for aggregation into charts and metrics to let you know if you have servers which are overloaded. They also have an API so you can integrate it more closely into your apps, so the metrics can tell you if you are spending a lot of time in a specific function. It shows up as a bug in Ghostery all over the web, and that is one of the few bugs I allow, since it's ostensibly a developer tool, helping the site owners understand how performant their sites are.

It could have been any easy-to-use phone. But it's a nice story.

I tell/teach/remind/nag everyone to pressANDhold the number 9 button to dial for help.
Supposed to work on phones that are not uh how you say "activated"?
Not sure how it works with non-button phones like iPhone.
Not sure if all phones have this now, today, either. But one can test it out beforehand.

I just installed a First Alert emergency call pendant for my mom. It's been in the box since I bought it for my dad about a decade ago. Man, it's pretty neat and nice.
(would not work in an outdoor/woods like article is about, though)

Allegedly, people with pre-iOS 4 software are unable to download apps from the App Store directly to their iOS devices. They can still download them on their computers and synch them across. Seems to be a bug, rather than a planned force-march tactic.