Samsung vs. Apple: Part II

 Computing  No Responses »
Aug 292012
 

Quite an amusing Internet rumour came about today: That Samsung had paid their fine to Apple by sending around 30 trucks filled to the brim with nickles (which is apparently a 5¢ coin). Of course it eventually transpired that this was all an amusing hoax, which makes more sense – after all Samsung is hardly going to pay Apple until after they have tried appealing.

But the popularity of this story may be some small indication that Apple’s victory in the US courts over this patent dispute is not really seen as fair by most.

Apple, Samsung, Intellectual Property Rights, and That Trial

 Computing  No Responses »
Aug 252012
 

So apparently a US court with a US jury found against a Korean company and in favour of a US company. Well that is a surprise! Who would imagine?

There are several aspects of this trial that should require closer inspection before making any judgments :-

  1. The jury only spent 48 hours deliberating when the available evidence amounted to “hundreds of questions, 109 pages of jury instruction and the most complex muddle of law on the planet”. Given the mind boggling complexity of this case, I would not be at all surprised if the jury colluded in coming up with a snap judgment that at least gets them out of jury service rather than a properly considered verdict.
  2. The judge kept advising the two companies to come to a negotiated settlement but obviously Apple and Samsung ignored this.
  3. This is just one legal battle; Apple and Samsung are fighting tooth and nail in many cases: As of December 2011, Apple and Samsung are fighting more than 20 cases in 10 countries. It would seem that it would be better by far if someone were to band the respective CEOs heads together and force both companies to make a negotiated settlement.

It is easy for an observer who does not pay close attention to technical matters to consider Apple to be a radical innovator in the smartphone arena; certainly at the very least the iPhone was a game changer. But not because itself was a dramatic innovation in technological terms, but because it brought previous technical innovations together into a well designed and easy to use product. And frankly a comparatively limited one – much smartphone functionality present in the original iPhone’s competitors was missing from the original iPhone.

If you look at the list of patents that Samsung supposedly infringed, you will come across numerous examples that someone in the technical field will wonder if it should really be a patent. Or maybe at most should be a ‘half-patent’ (if there were such a thing). Some of the features that Samsung supposedly infringed :-

  1. The “rubber band” effect that occur when you scroll a list by touch and hit the end of the list. This to a limited extent falls foul of the “obviousness” test – if you had used a scroll by touch interface without the equivalent of this, you would think “Hey! Someone ought to come up with something that tells me when the end of the list is”.
  2. The gestures “pinch to zoom” and “twist to rotate”. I’m sorry but these really are too obvious to patent. Certainly “twist to rotate” is merely aping what we do in the real world to rotate – ever “twisted” a plate to rotate it so that the food you are going to dive into next is closer? And similarly “pinch to zoom” is effectively a touch-screen equivalent of dragging out a box onscreen using a mouse to zoom in on that particular area.
  3. Touch to drag a document? Ever used drag and drop with a mouse?
  4. The other elements in the list are in relation to physical design of the handset, but is a rectangle with rounded corners really so radical ? I’m pretty sure almost all of my phones have been rectangular with rounded corners since well before the original iPhone.

The trouble with this judgement is that whilst it may protect innovation to a tiny degree, it will also have the effect of limiting choice to the consumer in the US. Because Apple is going to look to ban imports of Samsung devices as soon as it can wheel a lawyer into court. Wouldn’t it be better by far for the court to decide that yes Samsung has infringed the pinch to zoom function, so they should pay for a license for that patent at a rate of 10¢ per device? Rather than insist on Apple being paid a ridiculous amount of damages and allowing Apple to set a ridiculous license cost for use of the patent.

The whole issue of intellectual property rights is a complete mess, and I’m not sure that even the judge in this case would disagree. Patents were originally developed to protect inventors from companies simply stealing their ideas and going ahead and making money whilst the inventor gets nothing. They were not designed to stop competitors from using the ideas of an inventor – they would simply have to pay a fair price for the idea. And patents were not supposed to be blindingly obvious either.

It is also worth pointing out that Apple have already lost pretty much the same legal battle in the UK, Germany, and South Korea. So we have the ridiculous situation where Samsung “stole” ideas as decided by a US jury, but also didn’t as decided by court victories elsewhere in the world. Who is right? Who knows?

Intellectual property rights are long overdue for a radical overhaul :-

  1. Make the UN the deciding body for patent infringements. This will eliminate all the conflicting decisions that go on around the world, and reduce to a minimum conscious or unconscious bias that a US jury (or a US judge) might weigh against a South Korean company.
  2. Review each patent rigorously to examine whether they are too obvious to patent.
  3. Use an independent party to decide licensing fees, and make licensing fees a percentage of the final purchase price of the product. Want to make a Rolex replica exact in every way ? Well, the panel might decide you can do so … as long as you pay Rolex 100% of the purchase price. Want to use “pinch to zoom” on your device ? Expect to pay Apple a tiny amount like 0.5% of the purchase price.

Of course none of this is likely to happen. Intellectual property rights are too much of a cash cow for IP trolls and IP lawyers for any big changes.

The Custom Wallpaper Script

 Linux  1 Response »
Jun 302012
 

Warning: This page details a shell script that I’ve produced for my own amusement; it isn’t a product. It hasn’t been tested in lots of environments, and it will take some hacking to get it to work for you. If you’re looking for something to use, move along; if you’re looking for ideas to improve a real wallpaper setting program, you might want to read on.

So elsewhere I’ve admitted to driving a stake through the heart of GNOME’s wallpaper plugin to allow my own wallpaper script to work. Well, I could hardly do that and not announce it could I? So here goes :-

  1. It doesn’t actually set the wallpaper; it lets hsetroot do that.
  2. It requires a parameter to determine which directory to choose – i.e. ~/lib/backgrounds/one~/lib/backgrounds/two, etc.
  3. It uses xrandr to pick out the “regions” of the default screen.
  4. It puts portrait images on my portrait monitor, and landscape images on my landscape monitor by overlaying them onto an overall image the size of both monitors added together.
  5. It waits a set duration, and then repeats.

If you’re still interested in getting a copy it’s available at http://zonky.org/src/set-random-background.

GNOME: Driving A Stake Through The Heart Of The Wallpaper Setting

 Linux  1 Response »
Jun 282012
 

If for some peculiar reason (I’ll come to those later) you want to prevent GNOME from setting the desktop wallpaper, you used to have a relatively easy option. If you search for how to disable the wallpaper setting in GNOME, you will find frequent mentions of the method. Unfortunately it no longer seems to work.

It seems that the GNOME developers in their infinite wisdom have seen fit to ignore any previous setting that allowed you to override GNOME and say “I’ll set the background myself”, and quite possibly no longer have that option available. Well, where there’s a will there’s a way :-

$ sudo zsh
# cd /usr/lib/gnome-settings-daemon-3.0
mv background.gnome-settings-plugin _background.gnome-settings-plugin
mv libbackground.so _libbackground.so
pkill gnome-settings-daemon
gnome-settings-daemon

At this point your terminal will be taken over by the gnome-settings-daemon and it will scroll tons of messages past your nose. If you scroll up, you will see close to the top a mention of being unable to load the background setting plugin. At which point you can use your favourite background setting tool (a word on that later) to set the background.

This is a rather brutal method of disabling this, and is prone to failure when the relevant software packages are upgraded – your favourite package manager is likely to replace the “missing” files for you. So if you’re listening, GNOME developers, please resurrect a sensible method for turning this plugin off!

BTW: You may want to check your favourite background setting tool actually works properly in your environment; I’ve found that in my environment both Imagemagick and xloadimage silently failed, but feh and hsetroot worked fine. This had me puzzled for a moment when I tried the first two!

As to why I want to disable the GNOME wallpaper plugin, there are several reasons :-

  1. I’m difficult and want to do it my own way.
  2. The GNOME background setting plugin has some limitations that are irritating to me.
  3. And I have some rather specialist requirements … stay tuned for more information.

LinkedIn Password Compromise: The Unanswered Questions…

 Computing, Security  No Responses »
Jun 062012
 

If you have not already heard about it, and you have a LinkedIn account, you should be aware that a large number of password hashes has been found in the wild. This means it is possible that hackers have the ability to crack your password and break into your account.

Change any LinkedIn account passwords now.

But there are still just a few unanswered questions :-

Why were the password hashes unsalted ?

Storing passwords in the clear is just about the most irresponsible thing a website operator can do, but storing passwords in hashed form without a so-called salt is also a clear indication that someone needs a slap and told to go the extra 10m. It has long been known (i.e. for decades) that using a simple password hash allows for someone to find out what the original password was.

This is why the Unix system from the 1970s used a salt to make revealing passwords harder.

Technically a salt is a few extra bits of randomness added to the hash (and included in the output) to make pre-computing the password hashes more expensive. It also obfuscates identical passwords.

So why weren’t LinkedIn salting their passwords? Couldn’t be bothered? Assumed that their systems were so secure that nobody could break in? Whatever the reason, it was not a good enough reason – allowing their site to be hacked is bad enough, but caring so little about the security of our data shows pure incompetence and arrogance.

Are We Sure These Password Hashes Belong To LinkedIn?

In a word: No. We assume it is, and there’s some evidence to support that assumption. Several bloggers (one), have posted indicating that they have checked and found that their own LinkedIn password hash can be found in the file.

So we can assume that these password hashes are from LinkedIn, and to change our password if we have an account. Perhaps this is wrong and this huge list of password hashes is just some prankster’s idea of a fun day, but this is one of those cases where you assume it is real to be safe.

But There Are No Usernames. Aren’t We Safe?

I’ve come across at least one comment indicating that because the usernames aren’t associated, there isn’t anything to worry about.

It is true that the information as released is not especially helpful – if you cracked all the password hashes you still wouldn’t know if my password was #32768, #65536, or any of the others. But you could still use that information with the help of a botnet army and enough time to let the tools like Hydra do their work.

And we do not know that the person or group who obtained this information in the first place does not have access to further information. Even if all they had access to was a database table containing just the password hashes, they will almost certainly know the frequencies of every password.

So no, we’re not safe.

Only 6.5million? I Thought LinkedIn Had 150million Accounts?

Indeed! It does seem strange that there are only 6.5million password hashes in the released file.

But those who have had a chance to poke around in the released file (including myself) have found that there are no duplicate hashes. Which would be normal in a salted password hash file, but given how woeful most people are at picking good passwords you would expect a very large number of duplicates in 150 million password hashes. Whether you would get as few as 6.5 million unique password hashes seems a touch unlikely, but possible.

Of course it may be that the person or group who grabbed this password dump in the first place only managed a partial dump for some reason.

But If The Original Leak Isn’t Fixed, Isn’t Changing Our Password A Waste Of Time?

It is certainly true that if LinkedIn hasn’t fixed their original problem, or has not implemented some form of remedial action, then it is possible that an attacker could break in with exactly the same method as they did before, and steal the passwords again. Which means we will probably have to change our passwords again – once LinkedIn finally gets around to announcing this has all been fixed.

But not changing your password now is foolish in the extreme – you should assume that the attacker(s) have your account details now.

 Older Entries  Newer Entries