Comments for User Oriented Machines

Comment on Symbian client for Locaccino by nilesh

nilesh — Thu, 26 Nov 2009 10:38:25 +0000

good

Comment on A Security Flaw in Google Android by erant

erant — Fri, 24 Jul 2009 17:40:06 +0000

Bull corn poster: I must say that I completely disagree. The fact that programs on your PC can track your location is problematic to say the least. On your mobile device its even worse. People take their mobile devices everywhere, to more private places, than they take their laptops to.

It is also a question of standards. Currently, there is no standard for sharing your location on PCs. However, the iPhone and the Android platforms have a built in security mechanisms for location sharing. This is excellent progress. However, while the iPhone has it right (requiring the user to decide about location sharing no matter how the location is retrieved), the Android has it wrong. The fact that location can be retrieved through WiFi positioning without the user’s consent is a major loophole, which application developers can exploit.

Finally, presenting the question of location-sharing as an all-or-nothing issue is just wrong. The fact that our location can be tracked does not mean that it should be tracked all of the time by everybody. Cars have GPS and credit card companies track our transactions, but I would be very angry if this information was sent to the wrong hands. I think you would be to.

Comment on A Security Flaw in Google Android by Mike H

Mike H — Tue, 14 Jul 2009 15:36:26 +0000

Let’s get this straight..

You claim that just because traffic reports have been online / on TV for years, showing the relative traffic speed, that people’s cellphones are being monitored for this?

Piffle.

Wireless networks have enough to keep up with just handing the call over from tower to tower, versus plotting average speed for individual users. If this were the case, shouldn’t I see -every- street on Google Maps ‘traffic’ layer show up with a speed indicator? Well, I only see major interstates, and even then, only in densely populated areas.

Ever look *really* closely along these highways? If not, well I’ll clue you in: there are RADAR DEVCES along the roadway. Want some photos of some on my commute every day? Just let me know!

This is how they’ve been able to show freeway speeds on TV for the last decade and some. Even back when Analog cell reception was sometimes the best available and used by the majority of callers.

Comment on A Security Flaw in Google Android by bull corn!

bull corn! — Wed, 01 Jul 2009 02:42:58 +0000

What a complete non-issue. What a bunch of nonsense. Any device which has a WIFI can locate APs and determine a location. There are huge databases of WIFI APs, their MAC addresses, and GPS coordinates, all freely available. Heck, your IP address can normally tell people the county, if not city you’re in.

If this absolute junk of a post have any credibility then every computer in the world has the exact same “Security Flaw”; wireless not needed. Please notice the use of scary music to build yet more hype. Of course the real answer is, “BULL CORN!” No sane, reasonable person considers this a security flaw.

Besides, Google uses everyone with the network provider enabled as a WIFI scanner for their network. If you’re concerned about your location being reported, turn off your cell phones [android not required] (tower id with data connection is known) and turn off your WIFI (all AP, long/lat, tower id, etc, is known). How do you think they are able to map traffic flows online? Guess what, its not helicopters and companies have been doing that long before Android existed.

In short, no security flaw exists so one has to be created. If you are concerned about your locality being detected, you’re only option is to not be on the Internet and never use a cell phone or credit card; and hopefully you don’t have a modern car with a GPS built in. Period.

Comment on UML Class Diagram Lecture by nandha

nandha — Tue, 10 Mar 2009 17:12:43 +0000

the ppt has a lot more information than the diag above . . . . . .

just download and explore . . . . . .

Comment on A Security Flaw in Google Android by erant

erant — Tue, 24 Feb 2009 03:29:53 +0000

That is an interesting point. The ultimate solution is to have the semantics of every application defined, completely and accurately. As always, some kind of a trade-off should be found.

Comment on A Security Flaw in Google Android by Paul

Paul — Mon, 23 Feb 2009 21:17:45 +0000

This is a really interesting and non-obvious conflict between what the program declares as its intent, or its reason for needing certain data, and what it actually does with that data. In some ways, this related to the notion of usage control … some guys I went to grad school with focused on this and they had really interesting frameworks for imposing what they called “obligations” on data: you must delete this within 30 days, you can’t send this stuff to Skyhook, etc. It’s non-trivial, but what you would want here is almost an intent semantics where the program declares not what data it needs, but what it needs to do. This could be translated in a user-understandable way to the user when he/she gets those prompts that you show.

Cool stuff.

Comment on Less privacy, more security by erant

erant — Sun, 22 Feb 2009 03:03:46 +0000

It is more of a philosophical question. Security gets better as there is more information. For example, when the source and destination of messages reaching a firewall is known. Privacy gets better when there is less information around. For example, when messages you send a Web application are anonymous.

On the practical level, there are possible compromises and trade-offs, of course.

Comment on Less privacy, more security by John H.

John H. — Sun, 22 Feb 2009 01:59:46 +0000

Is there a conflict? I’m not sure.

Comment on News: Got my Ph.D. by erant

erant — Tue, 04 Nov 2008 22:22:12 +0000

Thanks! It is never too late

CMU is actually great.