Friday, March 29, 2013

The Perfect Trojan Horse


Giovanni Russello, a security expert, writes a post about Android security.
The launch of the new Galaxy S4 has been celebrated a couple of weeks ago. Indeed, it looks like a slick device with lots of nice features that is making Apple really nervous. At the software level, the S4 ships with Android 4.2 Jelly Bean. Together with the Samsung pre-installed apps, we will find in the S4 Knox. Knox is a security solution developed by Samsung for supporting the Bring Your Own Device (BYOD) policy in enterprises. Knox allows the creation of different environments in your phone. Essentially, a secure environment will be used for containing enterprise-related data and apps; while an open environment will be used for personal content. The work environment can be managed by the IT admin of the enterprise. Your personal environment is entirely yours to populate with whatever junk you might like. The content of one environment is not accessible to apps from the other environment, keeping everyone happy.
   Knox relies on the Mandatory Access Control (MAC) mechanism provided by SELinux. So how did SELinux ended up in a Samsung phone? The news that people were at work to port SELinux on to Android is not new actually. What is news is that SELinux is now (or is going be) fully integrated in the Android Open Software Project (AOSP), the official Android trunk that Google provides to vendors. And it is not a simple matter of swapping a Linux kernel for another. In a recent paper at NDSS 13, Smalley describes in details the changes required at the level of the Android middleware to be able to integrate the SELinux MAC mechanism seamless with the Android application framework.
    What are the implications of having SELinux as part of the AOSP? From now on, Android code will have SELinux modules as part of its base distribution. In terms of security, SELinux can really help in solving some of the Android security issues. However, we have to realise here that SELinux is a research project of the National Security Agency (NSA). The NSA is one of the most nosey agencies in the US. One of the NSA main activities is to look for vulnerabilities that allow them to eavesdrop and in some cases even attacking “enemy” systems (see the case of Stuxnet).
   Now Google has teamed up with NSA and any new Android phones will have NSA code running on it.  Even though SELinux can help in keeping the bad guys out, are we sure that will keep the good guys’ noses out from our phones?
    Timeo Danaos et dona ferentes

Tuesday, March 26, 2013

Orion launches bid to boost NZ ICT talent

Orion Health founder Ian McCrae
Orion Health, a local software company that specialises in medical informatics, has a close relationship with the University of Auckland CS department (they sponsor both the Orion Award for Excellence in Computer Science and the Computer Science Poster Competition). Orion recognises that its current and future success is heavily dependent on the quality and skills of the people it employs; put simply if it can't find enough talented people to employ it can't grow. It is therefore entirely in Orion's self-interest that it has launched an initiative, called Codeworx, aimed at changing the perception of computer science in schools and building the pool of talent the ICT industry needs. Codeworx says: "New Zealanders are a nation of innovators, people who like to tinker, build and create. Codeworx is about letting students develop their future potential through programming, hacking and learning to build cool tech! Students need not just be users of computers, we want to support students in being the creators of software and the digital tools of the future."

Saturday, March 23, 2013

Stephen Fry votes for #Turing's Universal Machine

The UK Royal Society (amongst others) has organised the Great Innovation Vote where Stephen Fry, comedian. actor, writer and technophile, has voted for Alan Turing's Universal Machine as his greatest innovation. You can listen to his reasons below and please vote for your greatest innovation.

Wednesday, March 20, 2013

Pakistan arrests over Daniel Pearl killing

Daniel Pearl
The Guardian reports that Pakistan has arrested a former militant leader over the Daniel Pearl killing in 2002. Daniel Pearl, a  Wall Street Journal reporter, was kidnapped in Karachi and subsequently beheaded. You might be wondering what place this grim story has in a blog that's (mostly) about computing - Daniel's father is the Turing Award winning computer scientist Judea Pearl. Research communities are often surprisingly close and when the terrible news broke the Artificial Intelligence community was shocked at the savage killing of a colleague's son.      Since his son's murder Judea Pearl and his family has established the Daniel Pearl Foundation "to continue Daniel's life-work of dialogue and understanding and to address the root causes of his tragedy. The Daniel Pearl Foundation sponsors journalism fellowships aimed at promoting honest reporting and East-West understanding, organizes worldwide concerts that promote inter-cultural respect, and sponsors public dialogues between Jews and Muslims to explore common ground and air grievances."

Monday, March 18, 2013

And the 2012 #Turing Award goes to...

Prof. Shafi Goldwasser
...Professor Shafi Goldwasser and Professor Silvio Micali "for transformative work that laid the complexity-theoretic foundations for the science of cryptography, and in the process pioneered new methods for efficient verification of mathematical proofs in complexity theory."
   The A.M. Turing Award, the ACM's most prestigious technical award, is given for major contributions of lasting importance to computing. Recipients are invited to give the annual A.M. Turing Award Lecture. The award is also accompanied by a cash prize of $250,000, which in recent years has been underwritten by the Intel Corporation and Google, Inc.

Wednesday, March 13, 2013

100 years of stainless steel

We have another centenary to celebrate - it's 100 years of stainless steel. It's worth thinking about what a remarkable material stainless steel is: strong, corrosion resistant and able to maintain a sharp cutting edge. It's everywhere around us; in our homes, buildings, farms, industry and commerce, yet it didn't exist until relatively recently. In October 17, 1912, Krupp engineers Benno Strauss and Eduard Maurer patented a type of stainless steel. The following year, in Sheffield England, Harry Brearley of the Brown-Firth research laboratory, developed an industrial process for manufacturing stainless steel and Sheffield became synonymous with stainless steel. There's a website celebrating 100 Years of Stainless Steel, and they've produced the video below, which outlines its history and many uses - the modern world really wouldn't be so shiny with out it!

Tuesday, March 12, 2013

How NOT to launch your new game

Well, it's not a new game, just a new version of SimCity. If you've already bought the new version (approx. $100) you'll already probably have encountered the main problem - the game doesn't work! Well it does work, but only if your game session can connect to the over-loaded SimCity servers. That's right, to play the game you must be connected to a SimCity server - no connection equals no game play. You'd have thought that Electronic Arts, probably the most well known game house, would have anticipated the demand and built in enough capacity, and then some some, just to be on the safe side. Amazon stopped selling the game for a while because it didn't work and Electronic Arts have offered an apology and a free game to purchasers. Over 60,000 users have signed a petition demanding that Electronic Arts remove the online DRM from SimCity, which is the root cause of the problem. In 2013 it's remarkable that experienced companies can still stuff up like this.

Friday, March 8, 2013

It's nice to be right

Back in February this year, and earlier in September 2011, I wrote a couple of blog articles titled "Are you selling technology or services?" These posts put forward my opinion that Apple's strategy of tightly integrating its hardware and software had a vital third component; namely the services that people used on their iDevices. I wrote that Amazon seemed to be adopting this approach with the launch of its Kindle Fire. The Software Engineering Services Blog posted last week a piece called "Suddenly everyone wants to follow Apple's integrated hardware-software model," which describes how Google,  Samsung and Microsoft are now also trying to follow Apple's lead  by offering a complete ecosystem of hardware, software and services. The blog post concludes by saying "Steve Jobs may be long gone, but his vision lives on and everyone suddenly wants a piece of it, but just because they each recognize the magic behind Apple's strategy doesn't mean each can successfully copy it or that the market will follow. And that is the real challenge these companies face." It's nice to make a prediction that comes true.

Wednesday, March 6, 2013

A database for all conversations

I'm not sure if I should be impressed or scared by this piece of news reported by Wired. US DARPA researchers are planning to create a database that will store every conversation they can record: phone conversation, Internet chat, conversations at meetings and presumably every where that the human voice can be (legally) recorded. Clearly such a repository would be of great value to researchers in natural language understanding and I suppose historians. But, there is obviously the potential for harm through covert surveillance and unethical uses is huge. The project goes by the long title of "Blending Crowdsourcing with Automation for Fast, Cheap, and Accurate Analysis of Spontaneous Speech."

Monday, March 4, 2013

Radio interview with Sandra Lerner

Radio New Zealand today had an interesting interview with Sandra Lerner, the co-founder of Cisco Systems. The interview covers Lerner's entire career from her early socialist politics, the founding of the pioneering networking company Cisco Systems, and her eventual ousting from it, to her development of a range of alternative cosmetics and her current passion for Jane Austen and sustainable farming.