The Market Ticker
Commentary on The Capital Markets

10.3.1 is now showing up as an "official" load across multiple carriers worldwide.

The importance of this is that unlike many other vendors all BB10 devices, all the way back to the original Z-10, are supported and can and do run the newer firmware quite nicely -- unlike Android phones which often NEVER get updated and IOS ones which do but might not run acceptably well on older devices.

I've had this as a "leak" on my Passport for a while (SR 1581) and it's very nice.  Among other changes are dramatic improvements in customizing of notifications (per-contact and per-profile if desired), better "advanced interactions" and material improvements in Android interoperability.

One of the more-important ones (from my point of view) is that the restriction on Android app name length that has been present since the original releases appears to have been removed.  This means that ThinkOrSwim now loads and runs without issue; previously you had to decompile it, shorten the internal name and then re-pack and re-sign it (with your own key) in order for the phone to accept it.

That, incidentally, points out one of the problems with Android apps -- you can do that sort of thing, which means if someone is malicious you're in serious trouble as they could patch the app and if they got you to load it, there goes your password!

Stability of this release has been outstanding and in addition significant reductions in battery consumption while on standby have been noted here.  The latter difference is not small, particularly in LTE service areas.

CrackBerry has the links up and someone will almost-certainly post a "Blitz" file shortly, which can be used if your carrier is being a pig and not releasing this promptly (US Carriers, all of them, are on this list -- can you hear me now John?) and, unlike Android devices in particular it is entirely safe to load such a file because BlackBerry's chain-of-trust prevents the phone from accepting a modified or unsigned file.  If you manage to force the phone to load a tampered file (that can be done through some rather ugly machinations) it will not boot -- all operating system related files must be signed with BlackBerry's cryptographic key for the phone to "take" them.

"Blitz" files can be loaded via either Sachesi or Darcy's tools; either will select the proper OS and radio for the device connected, reducing the risk of a "soft brick" that can occur if you accidentally load the wrong file.  Such an update is non-destructive; your data will not be erased, although it's always a good idea to take a backup using BlackBerry Link first just in case something goes wrong.


View this entry with comments (registration required to post)

Where are the balls in our Congress?

WASHINGTON –  President Obama defended his administration’s approach to the terror threat at a White House summit Wednesday, standing by claims that groups like the Islamic State do not represent Islam -- as well as assertions that job creation could help combat extremism.

Obama, addressing the Washington audience on the second day of the summit, said the international community needs to address “grievances” that terrorists exploit, including economic and political issues.

He stressed that poverty alone doesn’t cause terrorism, but “resentments fester” and extremism grows when millions of people are impoverished.

“We do have to address the grievances that terrorists exploit including economic grievances,” he said.

Oh really?

So let me see if I get this right -- someone not having a job compels them to cut off heads?  Why no, I don't think so, since I've yet to see any of these allegedly-hungry people eat the resulting corpse!

There's no single religion responsible for this violence and terrorism?  Really?  Please list the religions of the people who committed the last, oh, two dozen head-sawing-offs.  I think you'll find that all of them share one common claimed religion.

For that matter, so will you find that to be true of the 9/11 bombers, the USS Cole bombers, the "fine" folks who committed terrorism all over Europe of late and similar.

Further, if this is all (or even largely) "economic" at its root would you mind explaining how being an officer in the US Military is not a "good job"?  Or have you forgotten Mr. Hasan, otherwise known as Mr. "Allah Akhbar", that committed Islamic terrorism, killing 13 and wounding 32 while employed as an officer by the US Military on a US Military base?

As for the "notion" that Muslims don't actually support this please show me the widespread, loud denunciation of these acts and the willingness to find and capture or kill the Muslims doing these things among Muslims.

Good luck with that.

President Jihad needs to be impeached, here and now.  This sort of crap is dangerous and is going to get a very large number of Americans killed, on our soil, if it continues.  Refusing to call this what it is and deal with it has already resulted in American deaths on American soil at Ft. Hood and, before that, on 9/11.  There is no excuse of political correctness when you are under armed assault and we in America, along with the rest of the world that does not accede to living under crackpotted Sharia goat****er mandates, is in fact under armed assault.

View this entry with comments (registration required to post)

2015-02-19 06:15 by Karl Denninger
in Technology , 420 references

Read it and weep, folks.... then get that crap out of your house.

Or business.

And now we have the Internet of Things (IoT). If we continued in this trend we'd have a new space that ignores the security lessons from mobile, but it's actually much worse than that.

The Internet of Things is worse than just a new insecure space: it's a Frankenbeast of technology that links network, application, mobile, and cloud technologies together into a single ecosystem, and it unfortunately seems to be taking on the worst security characteristics of each.

Every device they tested was insecure.  Some of them were not only insecure they were able to load tampered firmware back to the server it came from at the company, and thus cause other people's devices to be compromised.


PS: I hate it when I'm right.

PPS: When will you insist that when you're sold something with this sort of blatant security problem that the company that sold it to you be held fully responsible for all harm done -- including the time and hassle to correct the problem or replace the device?

View this entry with comments (registration required to post)

This is not good folks.

Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values.

That is extremely nasty, if it proves out.

Note that this sort of exploit is both network-exploitable and potentially could bypass device management software as well.

It looks like it was also fixed, as there's a commit that looks to be effective given the description.  However, this would only be effective for devices with a very recent version of the Android software and that's a tiny piece of the whole.

Google, for its part, along with both handset vendors and carriers, typically do not update older versions of handsets.

This, by the way, is one reason you want a BB10 handset.  Even the oldest, the Z-10, can and does run current firmware, so any problems like this (and I've yet to see a confirmed exploit of this sort) can be rapidly fixed and distributed to all users of the handsets.

One needs to consider another factor here, which is that in the US the carriers tend to play gatekeeper, insisting on having control over firmware updates.  The exception is Apple, which does their own distribution for IOS.  Fortunately this can be trivially worked around for BlackBerry's BB10 handsets but it's not so simple for Android users who may not be able to obtain an update at all absent carrier involvement.

If you're running an Android handset with other than Android 5.0, or any other than a very recent codebuild of 5.0, you're are material risk here.  It must be expected, given the scope of this problem that it is being actively exploited.

View this entry with comments (registration required to post)

2015-02-18 09:49 by Karl Denninger
in Corruption , 247 references

Back in 2014 I wrote on this case; the article has rolled off into the archives, but my interest in it was more related to the raw academic fraud that pervades our so-called "intellectuals" than the specifics of the case.

But, in point of fact, specifics matter to individuals.  And in this case they may matter a lot to the "professor" that was involved in this, along with Northwestern....

(Reuters) - A wrongfully convicted man filed a $40 million lawsuit on Tuesday against Northwestern University, a former journalism professor, a private investigator and an attorney, accusing them of framing him for a double murder to get another man released.

Alstory Simon, 64, of Ohio, claims in the lawsuit that he was the victim of unethical tactics by a team focused on freeing another man in what became a celebrated Illinois wrongful conviction case.

In short this "professor" basically turned the formerly imprisoned guy for this crime into a cause to be freed, claiming he had been wrongfully convicted.  That man was freed and Alstory Simon was imprisoned in his place, and the record appears to show that the students and professor involved in that series of actions intentionally failed to interview actual witnesses to the crime!

As a result of what now looks like a political witch-hunt intended to claim "wrongful imprisonment" that in fact may have set a guilty man free on purpose and imprisoned another who did nothing wrong, which I highlighted in the first couple months of 2014 as emblematic of academic fraud across the spectrum, including but not limited to so-called "climate research", we now have the man wrongfully-imprisoned coming after both the university and the professor personally.

To which I say in response: Godspeed Mr. Simon, may the facts be laid upon the table, and if in fact you were railroaded in this regard may Northwestern be utterly destroyed, if not economically right up front then in terms of the value of every single credential they have ever issued.

View this entry with comments (registration required to post)

Main Navigation
Full-Text Search & Archives
Archive Access
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.


The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be reproduced or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media or for commercial use.

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.