* Posts by James Henstridge

115 publicly visible posts • joined 3 Jul 2007


Does Google make hardware just so nobody buys it?

James Henstridge

Re: Why does ChromeOS still exist? It should have just been replaced with android.

"And the fact that Android (especially as Android-x86) is way closer to Linux that Chrome OS. You can run Linux in a chroot under Android-x86, and even start a X server, but with Chrome OS, you need to use crouton, which is not native enough."

To run Linux in a chroot on Android you need to root the device, subverting the device's security. Crouton is just a script to let you run Linux in a chroot on ChromeOS devices where the security has been subverted by entering dev mode. That sounds basically the same to me.

The article briefly mentioned how they're improving this for ChromeOS though, by letting you run a standard Linux distro in a container on unrooted devices. This is using the same APIs that make Docker, Kubernetes, LXC, etc possible, and lets them give you root access within the container without compromising ChromeOS's security. That sounds a lot better than what you can do on Android.

Hotel, motel, Holiday Inn? Doesn't matter – they may need to update their room key software

James Henstridge

It's not about cloning an existing skeleton key though: it's about converting a regular room key into a skeleton key.

If the locks use some form of public key cryptography where the key card stores the access granted along with a digital signature covering that access made with a private key. It isn't immediately obvious how you'd change the access permissions on a card without knowing the private key.

So you're probably looking at a non trivial vulnerability. Maybe they discovered a way to get the lock to accept an unsigned access grant. Maybe they discovered a way to produce hash collisions to reuse the signature from the normal key. Maybe they discovered a buffer overflow vulnerability in the lock's software that turns bad signatures into good ones.

Cloudflare touts privacy-friendly public DNS service. Hmm, let's take a closer look at that

James Henstridge

Re: conflict

And the RFC you referenced says "These blocks are not for local use, and the filters may be used in both local and public contexts". Unused address space has been repurposed in the past, so you may have just been kicking the problem down the road a bit.

Why not use an address in one of the ranges explicitly reserved for private use?

Australia's States in online shopping tax grab

James Henstridge

Re: Idiots!

It might not equalise the prices, but if all of my online orders from overseas retailers were held by customs until I paid the tax, that might be enough of an inconvenience to shop locally.

FLABBER-JASTED: It's 'jif', NOT '.gif', says man who should know

James Henstridge

Re: Sega

I pronounced it "See Ga" too, but that's because all the TV ads in Australia at the time pronounced it that way too.

Amazon cuts S3 storage prices AGAIN

James Henstridge

Re: Not so great

The per-request fees aren't the only charges you'll incur. Both services also charge you for data transferred out of the data centre, and those prices are likely to dwarf the request charges.

If each of your requests result in 1kB of data out (in most real workloads, it will likely be more), 100,000 requests is 100GB of data. At the $0.12/GB pricing of both services, you'd be looking at $12 in charges. So the total cost for those requests is a lot closer than it might first appear. As your requests get larger, the per-request fees become even less relevant.

Microsoft to Aussie gov: Privacy rules stifle e-Health

James Henstridge

If a company with a US operation would be obliged to hand over patient records to the US government while simultaneously being required to keep them private by the Australian government, then I would have thought the solution is simple: don't bid on the contract.

If you can't guarantee security of the records, then perhaps they shouldn't be in your custody in the first place.

Apple gets patent for ‘unlock gesture’

James Henstridge

The patent says that the original filing was from December 2005, so prior art would have to come from before that date.

Android could have independently reinvented this idea between the time of filing and issue of the patent and still be found to infringe.

Amazon's app store spotted outside US

James Henstridge

So you're complaining that they are acting like a retail shop? At most shops (both physical and web based), it is the owner of the shop who decides how to present the stock and what price to sell items at (presumably setting the prices to maximise their own cut).

If anything, the model used by Apple's App Store and Google's Android Market where developers have absolute control is an aberration.

It isn't clear that Amazon's model is much better, but it isn't obvious that it is just bad because it is different. Secretly offering $0 to the developers of the free app of the day seems like a bit of a dick move though.

How gizmo maker's hack outflanked copyright trolls

James Henstridge


Read the article again. Neither device performs an HDCP handshake with the NeTV box, since it passes the signal through. From the description, it sounds like it snoops on the handshake to determine the session key used to encrypt the video data.

From that point, all it does is encrypt the video overlay using the session key and overlay it on the encrypted video stream. Because it is a streaming cipher, the changes to the data do not corrupt the original video data.

Google shamed by Apple in race to HTML5

James Henstridge

Re: What's bad?

While those applications may have appeared to be working correctly to the untrained eye, they weren't in fact being hardware accelerated.

Samsung Galaxy Tab 10.1

James Henstridge


Well, there is one very good reason to use a protocol like MTP over mass storage mode: it means the tablet can continue to use the file system while making it available to the PC.

When enabling mass storage mode on my phone, the memory card (and any applications stored there) is unavailable to the phone itself. This makes sense when you think about it: the file system drivers expect exclusive access to the memory card when they mount the file system, so to give the PC block access to the card the phone needs to give up access.

With a protocol like MTP, operations are done at the file system level instead of block level so there is no reason why the tablet can't access the storage while connected.

FBI fights to protect ISPs that snoop on their customers

James Henstridge

Re: isn't the Feds duty to the US and its citizens not corporate America?

You forget that in the US corporations are people too. There are far fewer corporations than flesh and blood people, so they probably also count as a minority.

So do you really want the US government to be victimising minorities at the behest of the majority?

Don’t leak WikiLeaks: The NDA from hell

James Henstridge

Re: Copying is not theft

In most cases, these documents would have trade secret protection. It isn't out of the ordinary to talk about theft of trade secrets.

Dropbox snuffs open code that bypassed file-sharing controls

James Henstridge


If Dropbox could convince a judge that Dropship was a circumvention device, then the DMCA notices might have been appropriate despite the fact that Dropship itself is free software.

Dropbox provides a service that lets a user add files to their account if they know the hash as a way to speed up uploads of common files. The official Dropbox client software only allows access to this service if you have a copy of the file locally, so could be considered a technological protection measure. If they can convince a judge of this, then it would be pretty clear that Dropship is circumventing this protection.

The fact it is a bad idea to provide a service that lets you reverse a cryptographic hash function for popular inputs doesn't really matter.

One-third of Aussies 'are pirates'

James Henstridge

New movies, perhaps?

If the movie in question is currently in cinemas and not available to view in the home, then piracy is an alternative to buying a cinema ticket.

Since each viewer would need to purchase a cinema ticket, there is a potential loss attributable to this definition of secondary piracy.

Sony sues PlayStation 3 'hackers'

James Henstridge

This will probably play out like the DVD CSS algorithm

At the end of the day the PS3 security system will probably be an open secret. It will be easy for anyone to find the information if they look for it, but no one can make use of it in legitimate ways. So if anything, it will prevent game publishers from signing their own game releases and continue to pay Sony to do so.

PlayStation 3 code signing cracked

James Henstridge


While there is a new version of the GPL that requires that code signing keys be made available if needed to load a modified version of the software, Linux is not using that version of the GPL.

Blu-ray barely better than DVD

James Henstridge

Film Quality

A standard 35mm film print should hold much more detail than you'd get from a 576i digital transfer. The original doesn't have to be 70mm to see an improvement.

Google's Street View broke Canadian privacy laws

James Henstridge

The purpose was to build a geolocation database

The data they were extracting from the wifi data was the access points MAC address and the signal strength, which they then stored along side the location where the reading was taken. This data can then be used to estimate locations based on the signal strength of surrounding APs. If you've used the location service on Firefox, you would have been making use of this data set.

The problem is that they reused some software for the wifi packet capture that stored more data than was required for the geolocation database. This may have been a mistake (as Google has stated), or they might have been storing the data on the chance that some other data could be extracted.

One thing worth remembering is that it was Google themselves who reported the problem. Would you think better of them if it was revealed that they had identified the problem and silently deleted the data without reporting the privacy breach?

Google open sources JPEG assassin

James Henstridge


Looking at the sample images, the ones where the new format sees the biggest improvements are those with large areas of solid colour or simple gradients (or close enough).

I guess that isn't too surprising since JPEG essentially treats each 16x16 pixel block independently, so there are easy wins for any format that takes a more high level view.

Star Wars set for 3D rehash

James Henstridge

3D making piracy harder

If you're talking about people who take video cameras into the cinema, surely the only change they'd need to make is to stick a polarising filter over the camera lens. Given that they hand out these filters to everyone who goes to such movies, this can't be much of an expense.

Intel trials downloadable CPU upgrades

James Henstridge


Perhaps the unlock will be performed by microcode loaded onto the chip. You could very well own the CPU while only having a license for the microcode on said CPU.

Android will sink Symbian

James Henstridge

Operating Systems vs. Kernels

Most common definitions of the term "Operating System" refer to more than just the kernel. While Android and traditional Linux distributions share the same kernel, that's pretty much all they share. The application level interface is quite different, so it doesn't seem out of place to refer to them as different operating systems.

Professor warns Aus firewall is undemocratic

James Henstridge

Firewall only for international sites

The whole point of the firewall is that the government has no jurisdiction over foreign web sites but still wants to control access to them. I'd think that goes quite a bit further than the UK laws.

OpenOffice gets Ubuntu-media friendly

James Henstridge


Aren't you using GStreamer as the backend for Phonon though?

Steve Jobs – Apple's not business, it's personal

James Henstridge

Uses for device data

Each generation of the hardware has introduced new features. Lets say you want to do something in your software that will only work in the latest generation or two (or may be much less useful on older devices). It would be useful to know how many of your users will actually be able to take advantage of the feature.

Now snooping on the users location seems much less justifiable. What legitimate reason would you have to collect data at a resolution that would allow you to identify users as working in a particular building?

Oz customs search lappies and mobes for smut

James Henstridge


You could try that, but I suspect that they would be happy to oblige. It is likely that the staff at the airport won't be trained to do such a search, so you'd need to let them hold the laptop for testing.

A few weeks later, you'll be able to collect your laptop from the international airport after they're satisfied that there is nothing of interest on it (assuming they actually bother checking it at all).

Given that you probably value your laptop a lot more than they do, you will end up more inconvenienced than they do.

Aussie MP slapped with $10k phone bill

James Henstridge

Re: Doesn't sound likely

It sounds like they're talking about an application that can stream video of sports games. The app itself would probably be quite small: it's the downloads required to use the app that would have contributed to the bill.

Google Street View logs WiFi networks, Mac addresses

James Henstridge

Not just Street View vans

Not only that, but if you have an Android phone with GPS, you are helping them keep the database up to date if you use the location service.

School secretly snapped 1000s of students at home

James Henstridge


From the article, it would appear to be Lower Merion School District.

Lenovo intros ThinkPad X201 series

James Henstridge


The X201s has a lower battery life because it comes with the smaller battery by default. If you switch to the same battery as the X201, the battery life should be a bit longer while still being slightly lighter (the weight difference will be a lot smaller though).

Intel's Atomic 'Pine Trail' arrives early

James Henstridge


What sort of GPU is included in these chips? Is it a PowerVR core as found in the GMA500 chipset, or one based on Intel's own GPUs?

Palm Pre evicted from iTunes (yet again)

James Henstridge

write their own library?

Didn't Palm do exactly that? They wrote a library that allows their device to speak the protocol that MacOS X's default music management application uses to synchronise with devices.

I'd have more sympathy for Apple if iTunes could synchronise with generic MP3 players out of the box (via USB Mass Storage Class or MTP). But instead, they consider it a feature that it will only synchronise with own-brand devices. And if pretending to be an iPod at the protocol level is the only way to achieve interoperability then so be it.

Apple's actions are anti-competitive, and it is hard to see any benefit to the user.

Google sued for super-skinny Chrome polishing

James Henstridge

@Man Outraged

The patent appears to be about a delta compression algorithm targeted at machine code.

If you insert a byte into an existing program, it will offset the addresses of all the following instructions. Any jumps to that code will now need to use a different address so the initially simple change has a large knock on effect.

A compression algorithm that doesn't know about these properties would likely end up patching every affected jump instruction. A machine code aware algorithm might simply record that "all jumps to this address range must be offset".

While it is an interesting technique, I find it hard to believe that no one thought of it before 1998 (one year before the application date).

Aussie censor wants power to ban iPhone apps

James Henstridge


First off, surely the classification board already has the power to classify iPhone games: if Apple is selling unclassified games in its app store, then it would be breaking the law.

Of course, only video games are required to be classified, so there shouldn't be any problem with apps outside of that category being sold.

I agree that the price for classifying video games is a bit steep. While they've got a sliding scale in place for film so that shorter films have lower fees, there seems to be a fixed fee for games. Given that a trivial iPhone game is going to be easier to review than a PC game with 10 hours of game play, it is unreasonable to charge the same fee for both.

Texas Instruments aims lawyers at calculator hackers

James Henstridge
Black Helicopters

Do any of the calculators share the same hardware?

The only way I could imagine these keys being used to infringe TI's copyrights is if they differentiate some models purely by the firmware loaded on them.

If they wanted the devices to be firmware upgradeable but prevent owners of the cheaper models installing the firmware from the more expensive model, then using different signing keys for the different devices would be one way to achieve this.

If those signing keys were reverse engineered, then it would be possible to re-sign the advanced firmware for the cheaper device in order to use it contrary to TI's license.

Now of course this has no benefit to the customer, but is the type of thing the anti-circumvention provisions in the DMCA were designed to protect.

IE icon too familiar for Microsoft EU settlement?

James Henstridge

Re: Guess which is first on the list?

I think that is just a coincidence. After all, "Internet Explorer" sorts first ahead of "Mozilla Firefox", "Safari", "Opera" and "Webkit based Google Chrome".

Amazon Kindle doomed to repeat Big Brother moment

James Henstridge

Re: Stolen Goods

This isn't the same as stolen goods though: it is closer to a person buying a CD at a record store, only to get home and find that it is a CD-R rather than an authorised copy.

It is the person making the copies who is liable here, and they're guilty of copyright infringement even if they come into your home and destroy the CD-R after the fact.

So if the rights holder was intent on suing, then Amazon's actions wouldn't stop them.

HTML5's Flash and Silverlight 'killer' potential chopped

James Henstridge

Re: Silly opinion

Those image file formats basically form the de-facto baseline spec for image handling in web browsers. There is nothing stopping a browser from implementing more formats, but a browser that omitted support for those formats would not be very useful (even if the standards don't require that support).

As there is no existing body of content being served with the <video> tag, people wanted to have a baseline specified that didn't impose patent royalties on browser makers or content producers (read up on the GIF patent issues from a few years ago if you don't know why this matters).

With that language gone from the spec, it will depend on what browser makers and content producers do. One thing for certain is that Mozilla won't be able to have default support for H.264 while remaining free software though.

The Times kills off blogger anonymity

James Henstridge


So why exactly would anyone risk leaking public interest information to The Times if they act like this? If they didn't find the information interesting enough, they might publish a story about who leaked it ...

iPhone 3.0 to nix app redownloading?

James Henstridge

@Richard Drysdall

Presumably he is referring to the subscription with the carrier (it is a phone, after all). At least for the case of phones subsidised by contracts, a portion of the monthly fee is going to Apple.

Firefox passive-aggressives adjudicate Nerd Law

James Henstridge


If Maone thought that countermeasures were necessary to stop NoScript users from blocking ads, he could easily have updated his own extension to automatically disable itself when run together with AdBlock. After all, if those users are cutting off his revenue stream, why should he provide them with service?

But that isn't what he did. Instead his extension monkeypatched AdBlock to disable parts of its functionality. It also did this using obfuscated code, so Maone obviously knew he was doing something a bit fishy. This left his extension very close to malware in my mind.

It would have been far better to let the user continue to use AdBlock but show that it has negative effects as well as positive ones.

G20 police demand ID as train staff ordered to spy on passengers

James Henstridge


From someone who doesn't know how to change their spell checker language?

BT reprograms biz customers as hotspots

James Henstridge

remote updates

So why exactly do businesses give BT the ability to update their hubs remotely?

Kaminsky calls for DNSSEC deployment

James Henstridge

Re: Sign each TLD separately?

Each TLD is signed separately with DNSSEC. The way you can tell that the TLD signature is valid is by looking up the key associated with it one level higher up. The same method is used to let domain owners create domains without needing to get the TLD to resign its zone file.

The question here is who signs the root zone? By necessity, the key used to sign the root is implicitly trusted by DNSSEC resolvers. That effectively gives then the ability to choose which key is authoritative for each TLD, which some people consider a problem (above their existing ability to redelegate a TLD).

AMD Phenom II Socket AM2+ CPU

James Henstridge

Memory configurations

What sort of memory configurations were in the test machines? The scores for the Core i7 are a lot better than everything else, which would indicate a significantly different configuration or technology.

I'd definitely like to see some numbers for the Phenom II with DDR3 memory to give a better comparison, although I'd expect it to still lose out to the i7 if we're comparing triple channel to dual channel.

Sun MySQLers barred from Oz

James Henstridge

@R Callan

Prior to MySQL taking off one database people were using on Linux was mSQL, which was developed by an Australian company. MySQL won out though, as it had a less restrictive license (and this was before it switched to GPL)

The MySQL C API was based on mSQL's API, and MySQL still ships with an "msql2mysql" tool to convert programs from one API to the other.

So that could be considered pretty direct competition.

Evidence for 'iPhone Nano' gathers pace

James Henstridge


I don't know about anyone else, but the current generation of iPhones seem pretty large to me. I am also not about to shell out for an overpriced mobile data plan. So many smartphone features don't affect my purchasing decisions.

So I could definitely see a market for a device that just did phone, music and maybe video without the requirement for a mobile data plan: the other phone companies seem to be doing pretty well from that segment.

Is there any overlap with their existing market? sure, but it'd certainly be a large increase in their total market.

Free eco-friendly font saves ink and toner

James Henstridge

@Yes Me

If you have an old CRT monitor, you might be right about black using less power.

If you have an LCD, the backlight will be using power for both the black and white pixels (I am ignoring the backlight dimming features Intel has been developing on the assumption that you'll have both high and low intensity pixels close together with text). While there is an absence of light for black pixels, you'll see an increase in heat output.

Furthermore, energy must be expended to change an LCD from its steady state. So you might find that black pixels actually use more power ...