SoylentNews

Encryption-by-Default in Android 5.0 "Lollipop" Actually Optional

takyon writes:

The Register and Ars Technica report that Google has backtracked on its promise that all Android Lollipop devices would feature full-disk encryption by default, due to differences in hardware:

For example, the Qualcomm Snapdragon 805 system-on-chip in the Motorola Nexus 6 will do AES encryption and decryption of data in hardware – which should be fast and power efficient. However, the driver for that feature is not available to the Android project, so Android 5 must do the file encryption and decryption in software, which is terribly slow – forcing people to switch it off. Some manufacturers may not bother turning encryption on in the first place if there's no acceleration available for whatever reason, and Google's allowing them to do just that. Meanwhile, the Google Nexus 9 fondleslab uses an Nvidia Tegra K1 processor with a 64-bit ARMv8-compatible processor. This architecture has standardized AES encryption/decryption instructions that can be used by Android 5 without a specialized driver. That means Lollipop happily encrypts-by-default on the Nexus 9. This whole mess will make Apple fans very smug. Apple has had a separate coprocessor for accelerating encryption for years, and as a result iOS encryption is a much easier process.

Google expects that "recommended" full-disk encryption will become a requirement in future versions of Android.

Previously, the FBI and Director James B. Comey have spoken out against encrypted devices.

XPosed Framework for Android Lollipop released

stormwyrm writes:

XPosed is a framework for modules that can be used to customise the behaviour of Android devices without needing to flash a custom ROM. There is a large selection of modules available for XPosed that do all kinds of nifty things like unlock using NFC tags, change the battery icon to something more informative, or even add advanced privacy and app controls.

This has been a godsend for those who like to retain a level of control over their devices. However, the change from the original Dalvik runtime system to ART starting with Android 5.0 (Lollipop) broke the XPosed framework, and it had taken some time for the developer to make the necessary changes to get XPosed to work with the new runtime system. That time has finally come. It's still considered alpha software however and there are some reports of incompatibilities and instability but it seems to be already usable.

An Anonymous Coward writes:

Teachers, social workers who work with children and councillors could face up to five years in prison if they turn a blind eye to child abuse under proposals to be set out on Tuesday by David Cameron.

Coming in the wake of horrific stories of neglect in places such as Rotherham and Oxfordshire, where the abuse of thousands of children has been uncovered covering a period of over 40 years, the plan is to be put forward by the prime minister at a Downing Street summit. Cameron will say: “Professionals who fail to protect children will be held properly accountable and council bosses who preside over such catastrophic failure will not see rewards for that failure.” A period of up to 5 years in jail could be imposed on those who refuse to investigate reports made by children of alleged sexual abuse.

Many of those who have been abused are now adults: often they claim that they told someone in authority about the abuse but that their claims were not taken seriously. In most cases, no action appears to have been taken and, as a result, many abusers have escaped justice. More recently, the abusers groom children who are especially vulnerable who are then subjected to life of child prostitution, or simply abused by the groomer and his close family and friends.

Child sexual abuse is to be upgraded to the status of “a national threat”, so that it is placed on a par with serious organised crime by police chiefs and elected police commissioners in their strategic planning. They will be required to cooperate with other police forces across county boundaries to safeguard children.

q.kontinuum writes:

Apparently, Lenovos newest laptops lock down the BIOS to vendor-signed versions. This is a problem since BIOS nowadays gets more and more powerful, sometimes with network-acccess etc., so basically it forces the user to boot a proprietary OS with full HW- and network access before potentially booting an open source system. However, the problem might be bigger than Lenovo making some bad decisions, since Lenovo only made a misguided choice between freedom and security, but they didn't implement any new features. Intel provides the combination of "boot guard" feature together with verified boot.

The idea behind it is not too bad: To have a trusted system, you need a chain of trust, starting with the boot loader. If every subsequent piece of software is verified before being started, the system could be considered to be in a safe state. The verification can be done by signed code. Now, there are three ways to handle this. Either the system doesn't use TPM at all. This might leave the system vulnerable if an attacker can flash his own BIOS. Or the system enables verified boot , which means a BIOS not signed with vendor key is simply not booted, the system doesn't start. Or the system offers measured boot . This means, the system would boot, but be marked as not trusted by the vendor; however, it could still be verified against some other key provided by the hardware-owner. (For details, please read the linked article.)

The article I linked states that it is Intel's mistake to even provide the "verified boot" feature. I'm not sure I fully agree, as Intel apparently would support the measured boot approach as well, and it was Lenovos decision to not use that option. However, as a consumer I could not imagine any advantage "verified boot" offers over "measured boot", so I'd be happy if Intel would scrap this anti-feature. A lock is only your friend as long as you own the key; a door is only your friend if you are allowed to change the lock (key).

BTW: Could we rename the topic "Security" to "Freedom and Security"? Usually these topics are always linked.

dx3bydt3 writes:

The Dawn space probe will enter orbit of the dwarf planet Ceres this Friday. Once in orbit it will be at a separation distance of 40,000km. Years ago, Hubble photos revealed a curious bright patch on Ceres. The Dawn probe has been capturing increasingly clearer images as it approaches Ceres and the spots remain mysterious. Rather than a large lighter patch, the resulting photos reveal multiple spots, smaller and brighter than expected.

From a recent BBC article:

"These spots were extremely surprising and they have been puzzling to everyone who has seen them," the Nasa Jet Propulsion Laboratory researcher told reporters.
"They show up in a 92km-wide crater that's about 19 degrees North latitude. The spot in the centre is about twice as bright as the spot on the side of the crater, and as yet it has not been resolved, meaning it is smaller than the 4km pixel size [of the images].

By December it will have reached a final orbit of just 380km, from that distance the images it captures will resolve much finer detail, and hopefully will reveal more about these odd reflective areas.

According to a Scientific American article, "No one knows what the bright spots are but guesses abound: Perhaps they are scars from recent impacts or minerals deposited by active geysers or water ice erupted by “cryovolcanoes”—or something even wilder."

tt3514324 writes:

A paper that largely consists of the words “Get me off your fucking mailing list” repeated 863 times has been accepted by a journal that claims to be peer reviewed. The move might appear to offer hope to scientists struggling to get marginal work published, but really just exposes the extent of scam publications pretending to be contributing to science.

As a non-scientist myself, this story has given me the idea of submitting some "papers" of my own to a few of these publishing-mills, just for the kicks of being 'published.' Chances are no one would ever follow-up and actually read the papers. Maybe I could even use it to jumpstart a career giving phony-baloney endorsements of shows like Scorpion and Black Hat.

An Anonymous Coward writes:

New data suggests that large carnivores (>15kg) may actively control their populations by selective breeding or infanticide.

Wallach and colleagues gathered research on the life cycles of more than a hundred species of mammalian carnivores—from polar bears and panthers to skunks and stoats—and documented examples of large predators that apparently regulate their own numbers. Among the 73 best understood species they also tested how traits like parental investment, birth rate, and the number of females with young vary with body size. They found a size threshold at about 15 kilograms. Most smaller predators breed rapidly and have many offspring, whereas most larger species invest more time in each cub or pup. About half of large carnivores further regulate their numbers by only letting certain group members breed. Among wolves and hyenas, for instance, dominant females kill the pups of social subordinates. In many of these species, the whole group then raises the dominant animal’s pups communally.

Research abstract is available here.

chromas writes:

From PCWorld:

It only took an embarrassing adware scandal that put millions of PCs at risk, but Lenovo has had a revelation: People just want clean Windows.

As such, Lenovo will significantly reduce the amount of pre-loaded software on its PCs. The cutbacks on bloatware will begin immediately, and by the time Windows 10 arrives this fall, new PCs will only include the operating system, security tools, Lenovo's own apps, and any software necessary to make the hardware run properly. (An exception will be made in countries where certain applications are “customarily expected by users.”)

Rich26189 writes:

Following links in a story on NPR, I came across this video showing all the world's shipping on one single day. It may include passenger ships and fishing vessels. I really had no clue as to just how may ships there are plying the world's oceans. No real story there just food for thought.

What’s the tech angle? There is GPS for navigation; satellites for communications and monitoring; computers to control and monitor the ship’s internal systems; steering.

Some burn a low grade of bunker oil.

Just how small a crew is actually needed, could these ships be autonomous, would you want them to be, and how much would that lower the cost of all those widgets being shipped?

How many of the products that you use everyday were transported by ship?

tt2024432 writes:

Since October 2009, [US] health care providers and organizations (including third parties that do business with them) have reported more than 1,140 large breaches to the Office for Civil Rights, affecting upward of 41 million people. They’ve also reported more than 120,000 smaller lapses, each affecting fewer than 500 people.

In a string of meetings and press releases, the federal government’s health watchdogs have delivered a stern message: They are cracking down on insurers, hospitals and doctors offices that don’t adequately protect the security and privacy of medical records.

But as breaches of patient records proliferate – just this month, insurer Anthem revealed a hack that exposed information for nearly 80 million people – federal overseers have seldom penalized the health care organizations responsible for safeguarding this data, a ProPublica review shows.

An Anonymous Coward writes:

This was an interesting, well dissected article by Ars about a physics paper that has as a result that black holes can't exists. The troubling problem is of course that although black holes by definition cannot be observed, there is some pretty compelling evidence of massive gravitational forces stripping stars of gas.

Reading the claims I was drawn to a few things:

1) This is a model and even the authors say their model breaks down.
2) The interpretation of Hawking radiation seems strange compared to the one I studied at school, so is this is simple a case of misinterpretation?
3) The lead author has published before, and therefore is not completely without background. Is this however an example of "publish or perish" and an immature article put forward as part of a quota?
4) A cynical observation made in one of the comments was the author was aware it would not pass peer review and was looking for publicity instead.

I offer this to the SN community as a pretty good example of how peer review is providing lots of entertainment, and suggests that publications are not a very good measure of productivity.

fliptop writes:

The bloom may have already fallen off the Net Neutrality rose. As reported yesterday in the Wall Street Journal (paywalled):

When Google's Eric Schmidt called White House officials a few weeks ago to oppose President Obama's demand that the Internet be regulated as a utility, they told him to buzz off. The chairman of the company that led lobbying for "net neutrality" learned the Obama plan made in its name instead micromanages the Internet.

Mr. Schmidt is not the only liberal mugged by the reality of Obamanet, approved on party lines last week by the Federal Communications Commission. The 300-plus pages of regulations remain secret, but as details leak out, liberals have joined the opposition to ending the Internet as we know it.

It seems as though, in their zeal to "stick it" to the ISPs, most proponents didn't consider that when you allow 3 unelected people to issue rulings on something as large and ubiquitous as the Internet, bad things can happen:

Until Congress or the courts block Obamanet, expect less innovation. During a TechFreedom conference last week, dissenting FCC commissioner Ajit Pai asked: "If you were an entrepreneur trying to make a splash in a marketplace that's already competitive, how are you going to differentiate yourself if you have to build into your equation whether or not regulatory permission is going to be forthcoming from the FCC? According to this, permissionless innovation is a thing of the past."

The other dissenting Republican commissioner, Michael O'Rielly, warned: "When you see this document, it's worse than you imagine." The FCC has no estimate on when it will make the rules public.

c0lo writes:

The Guardian reports that Ellen Ripley will return in a fifth movie of the "Alien" franchise, which was green-lit by the Fox studios.

In spite of Weaver signalling her reluctance to work for a new Alien with anyone but Scott or Cameron, the movie will be directed by Neill Blomkamp, the director of District 9 and Elysium.

“I want this film to feel like it is literally the genetic sibling of Aliens, so it’s Alien, Aliens, this movie,” said Blomkamp, who also signalled he would return the series to its horror roots. “It’s a Freudian kind of nightmare,” he said. “That element to me is what is so appealing, to try to put the audience on the edge of their seat the whole time in a traditional ‘monster stalking you/dark corridor’ way. And then when you mix in the life cycle and the design elements of the Alien, it’s just a powder-keg of creativity to me.”

He intends to solve the problems with Alien 3 and Alien:Resurrection by simply ignoring them, ruling out any return for the cloned version of Ripley. Reportedly, he later nuanced his position:

“I’m not trying to undo Alien 3 or Alien: Resurrection,” Blomkamp said, adding, “I just want it to be connected to Alien and Aliens.”

While it is still unknown if Sigourney Weaver committed to the movie, it seems she has positive reactions to prospect:

“I’m delighted that he is interested in doing this,” she said. “I think it’s a great series; it deserves a proper ending. I know the fans would love that, and so I hope it works out.”

Finally, as an invitation to reminiscence, read here about the reactions of some 11 year olds watching the "Aliens" for the first time, under the supervision of one parent who took the opportunity to recall his experiences (including the "Olympic qualifying round for the bladder evacuation team" after the "you've blown the trans-axle" moment).

So SN dwellers, please go ahead and share your memories of watching Alien(s) the first time.

RobotMonster writes:

The Australian Government is in the process of trying to make it compulsory for ISPs to retain traffic logs of their customers for at least two years, with the aim to fight crime and prevent terrorism.The ease with which people can avoid leaving meaningful traces in these logs through the use of VPNs, etc, makes collecting them somewhat useless. Unless you want to frame somebody, of course!

If you think that the government doesn't understand how the internet works at all, note that the politicians backing data retention are themselves using iMessage and Wickr (a SnapChat-Alike), both messaging platforms that would not leave anything useful in these invasively collected logs.

It seems more likely that the meta-data retention scheme is actually a cover to deploy the latest NSA full-take and remote-access gadgetry.

An Anonymous Coward writes with an article from the Economic Policy Institue:

The outsourcing companies involved in the Southern California Edison (SCE) scandal I wrote about last week—where U.S. workers were replaced with H-1B guestworkers—are Infosys and Tata Consultancy Services. These two India-based IT firms specialize in outsourcing and offshoring, are major publicly traded companies with a combined market value of about $115 billion, and are the top two H-1B employers in the United States. In Fiscal Year (FY) 2013, Infosys ranked first with 6,269 H-1B petitions approved by the government, and Tata ranked second with 6,193. As with the SCE scandal, these leading offshore outsourcing firms use the H-1B program to replace American workers and to facilitate the offshoring of American jobs. Because of this, it’s likely that Americans lost more than 12,000 jobs to H-1B workers in just one year. FY13 H-1B data I’ve analyzed, acquired through a Freedom of Information Act request, reveals new details about how firms like Infosys and Tata are using the H-1B non-immigrant visa program. Spoiler alert: they don’t use the H-1B visa as a way to alleviate a shortage of STEM-educated U.S. workers; they use it primarily to cut labor costs. But the other main arguments proffered to support an expansion of the H-1B program are easily debunked with even a cursory look at the H-1B data.

tonyPick writes:

Privacy International have launched a campaign to file a complaint against the British intelligence agency GCHQ for illegally spying, and are looking for people to sign up and find out if they were spied upon:

A FAQ covers the motivations and details requested, and it's worth noting that this does not apply to the UK exclusively:

Originally spotted at Hackernews.