Mark Murphy’s Techdirt Profile

commonsguy

About Mark Murphy

Mark Murphy is the founder of CommonsWare and the author of the Busy Coder's Guide to Android Development. A three-time entrepreneur, his experience ranges from consulting on open source and collaborative development for the Fortune 500 to application development on just about anything smaller than a mainframe. He has been a software developer for over 25 years, from the TRS-80 to the latest crop of mobile devices. A polished speaker, Mr. Murphy has delivered conference presentations and training sessions on a wide array of topics internationally.

Outside of CommonsWare, Mr. Murphy has an avid interest in how the Internet will play a role in citizen involvement with politics and government. He is a contributor to the Rebooting America essay collection, and his personal blog features many posts discussing "cooperative democracy".



Mark Murphy’s Comments comment rss

  • Jan 21st, 2014 @ 12:55pm

    Re: Re:

    FWIW, and while I hate to cite Business Insider, AMC has confirmed the MPAA's and DHS's involvement in a statement to them:

    http://www.businessinsider.com/man-interrogated-by-fbi-for-wearing-prescription-google-glass-at -the-movies-2014-1?op=1

  • Sep 7th, 2013 @ 9:47am

    Re: These flailing and misguided email systems

    It seems like a week doesn't go by that someone doesn't launch yet another feeble over-hyped attempt to "fix email".

    And your proof of this is... what, exactly?

    Invariably these projects fail to take into account decades of real-world experience

    And your proof of this is... what, exactly?

    invariably, they prove to be insecure even before they're launched

    And your proof of this is... what, exactly?

    a choice which nicely maximizes the attack surface available to adversaries

    And your proof of this is... what, exactly? In particular, please feel free to explain how a well-designed single-page application, backed by a well-designed Web service protocol, is intrinsically less secure than a desktop email program and existing standard email protocols.

    Nearly all of them fail to ban HTML markup, an error which isn't merely enormous, but catastrophic.

    And your proof of the catastrophic nature is... what, exactly? Now, if they don't sanitize the HTML (e.g., strip out JavaScript, , etc.), I will agree with your assessment. But that's a reasonably well-understood problem, employed in all sorts of Web apps, beyond Web-based email clients.

    A substantial number fail to comply with BCP 38.

    This would be relevant only for those projects that are offering hosted services, rather than software. Ingress filtering is incumbent upon the host, not the email software itself.

    I think your second paragraph is reasonable (if a bit hyperbolic), and I think your general attitude (email is hard) is spot-on, but your first paragraph suffers from a surplus of hand-waving.

  • Aug 13th, 2013 @ 2:24pm

    Re: Re:

    Ridiculous. Clearly the one-star reviews were written by ill-tempered mutated sea bass.

    With frickin' laser beams attached to their heads.

    Pretending to be telco astroturfers.

    .
    .
    .

    Oh, sorry. My bad. I just assumed that Dr. Evil had one of those razor things everyone's talking about. Y'know, given his head, and all.

  • Jul 23rd, 2013 @ 4:58pm

    Digital vs. Physical

    One of the key arguments made with the NSA "hoovering" the metadata is that they are "third-party records" and there is no right to privacy.

    However, if law enforcement tried to claim that a rented apartment was a "third-party domicile" -- arguing that since you don't own it, you have no right to privacy, and they can toss any apartment at will -- that would get thrown out without a warrant.

    Similarly, if law enforcement tried to claim that a rented post office box was a "third-party communications service", and that they could rifle through those whenever they want, that too would get tossed without a warrant.

    Ditto for rented storage units.

    We need case law that establishes that "rented" email accounts, "rented" file manager accounts, "rented" social network accounts, "rented" phone numbers, and the like are no different than rented apartments, PO boxes, and storage units. While we are "renting" from third parties, the privacy expectation is not lost just because third parties are involved.

  • Jul 15th, 2013 @ 3:25pm

    Re: Oh, let's name "tech companies", starting with Google.

    As I wrote previously:

    The code in question is SE for Android, an Android-specific derivation of SELinux. SELinux has been part of mainstream Linux distros for a decade. While the NSA did contribute code to SELinux, SELinux is a standalone open source project with many contributors, and, more importantly, reviewers. Ditto for SE for Android.

  • Jul 12th, 2013 @ 8:53am

    Re:

    The code in question is SE for Android, an Android-specific derivation of SELinux. SELinux has been part of mainstream Linux distros for a decade. While the NSA did contribute code to SELinux, SELinux is a standalone open source project with many contributors, and, more importantly, reviewers. Ditto for SE for Android.

    So, which is more likely? That SELinux (with independent review) has a "sooper-sekrit" NSA back door, or that closed-source unreviewable OSes have them?

  • Jun 21st, 2013 @ 6:54am

    Re: Re: "Integrity" not necessarily compromised

    "which would mean the author would be forced into providing quite a few modifications that would not corrupt the original sense of the title"

    As noted in another reply, 128 to 256 distinct word flips would be more than sufficient.

    "What you are proposing here is some sort of human input from the author to avoid the errors that could arise from such system"

    Bingo.

    "As far as I can understand there is no such thing other than some modifications made by the system being shown to the authors so they can evaluate if it works well."

    Or the authors coming up with the 128 to 256 occurrences themselves. That's not especially hard, and I say that as self-published author.

  • Jun 21st, 2013 @ 6:51am

    Re: Re: "Integrity" not necessarily compromised

    "But to come up with thousands or hundreds of thousands of variations that can uniquely identify a leak"

    128 to 256 synonym pairs would be more than sufficient. Each represents an individual bit and can be flipped in combination.

    "That's a shitload of wasted time, money and effort"

    Speaking as an author, coming up with 128 to 256 synonym pairs would take me a couple of hours, tops. Remember that the algorithm involves not only the word flip, but the *specific* word flip. So, you come up with a pair of synonyms ("foo" and "bar"). Do a global search on the book to confirm which occurrences of "foo" can safely be switched to "bar" or vice-versa.

    "Surely that's better spent working out how to make customers more willing to buy?"

    Oh, I'm not saying that authors/publishers should be ignoring this. But you make it sound like this algorithm is rocket science, and it's not.

    "the risk of false positives"

    With 128 to 256 bits for the identity, a false positive (of the form where somebody tinkered with a copy to change the synonyms) is vanishingly unlikely. Tinkering with the book and toggling a synonym will make the book untraceable, but the odds of such a toggle happening to identify some other buyer is really tiny.

    "the ease with which it can often be removed or obfuscated"

    Somebody with two copies of the book could readily create a third copy that is untraceable. Few book readers would bother. Any DRM solution is toast in the face of a determined attack, and I'm not arguing otherwise.

  • Jun 21st, 2013 @ 5:29am

    "Integrity" not necessarily compromised

    "That's because the fingerprinting involves tampering with the integrity of the work"

    That depends on your definition of "integrity" and the type of the "work".

    For example, take this paragraph:

    "Any publishers adopting this technique will be betraying the very books they claim to defend, by turning them from cherished friends into potential traitors. A far better approach for everyone, including the publishing industry, would be to offer more and better books at sensible prices -- with the correct, uncorrupted text."

    This is nearly the same as the concluding paragraph of this post, with two word changes. The meaning of the paragraph, IMHO, is not substantially changed by those two word changes... but, then again, I am not the author of that paragraph, and so I am unqualified to make that claim.

    If the book publisher works in concert with the author -- such as, for example, a self-published author -- it is eminently possible to come up with a laundry list of such synonym pairs and locations, where swapping between those words would not materially harm the work, but would represent bits to be toggled. Only the author will know which circumstances are safe to toggle without wrecking the meaning. And, of course, this will not work with all types of "works". Non-fiction will be easier than fiction, which will be easier than poetry.

    So long as, in the eyes of the author, the integrity of the work is not compromised, using synonym toggle bits as a form of "soft DRM" is not significantly different than other forms of watermarking (e.g., steganographic insertion of identifiers into images), except that it is more reliable (e.g., not going to be wrecked if somebody tinkers with the images, such as by converting a book into another book format).

    The point of "soft DRM" is to allow authors/publishers to more gently handle copyright infringement. Soft DRM of this type does not stop buyers from moving the book between devices, or from printing the book, etc. Mostly, it's there so that if a copy is distributed sans license, the author/publisher has some idea of who did it, so they can take appropriate steps.

    And, once again, the "appropriate steps" will vary in severity, ranging from simply preventing that person from buying more books (akin to a shopkeeper refusing entry to those who have shoplifted) to full-on legal action. If you think that a lawsuit is an over-the-top response, that's an issue with the lawsuit, not with the "soft DRM" that enabled it.

    So, IMHO, a blanket statement that this "involves tampering with the integrity of the work" is unsupportable. It may involve tampering, if the changes are made without author approval and if the changes do materially change the meaning of the affected passages. IOW, changing some words does not necessarily result in "corrupted text", any more than proofreading and editing the author's original words results in "corrupted text". Corruption is possible, but not a fait accompli.

  • Jun 17th, 2013 @ 6:05am

    Re:

    It seems to me that request were made for more transparency, and they got more transparency. It isn't complete and total transparency, but it's more than before.

    To recap:

    • Twitter thinks it is less transparency

    • Facebook thinks it is less transparency

    • Google thinks it is less transparency

    • Microsoft thinks it is less transparency

    • An anonymous coward thinks it is more transparency

  • May 6th, 2013 @ 4:16am

    Species Issue

    According to a quick glance at the report cover, they polled orcs.

    (this comment is "BYO punchline")

  • Apr 30th, 2013 @ 6:24am

    Re: Factual errors in the article

    The bill is not yet "codified into law"


    Nobody said it was. The words "codified" and "codify" are modified by "ask" and "seek", indicating future behavior.

    Further, the bill also only refers to social media accounts used for business, and not personal Internet accounts.


    That is not entirely accurate IMHO. The bill's synopsis includes: "an employer may request or require an employee to disclose any user name, password, or other means for accessing an electronic communications device supplied or paid for in whole or in part by the employer or accounts or services provided by the employer or by virtue of the employee's employment relationship with the employer or that the employee uses for business purposes". The key portion is the last seven words. That will be used as justification to get any passwords and account information, on the grounds that they have no idea if an account was used "for business purposes" without first examining the account.

  • Apr 23rd, 2013 @ 11:34am

    Polls Show Growing Resolve to Live With Terror Threat

    http://fivethirtyeight.blogs.nytimes.com/2013/04/23/polls-show-growing-resolve-to-live-with-terror-t hreat/

    A timely Nate Silver piece, illustrating that "an increasing share of the public is skeptical about sacrificing personal freedoms for security."

  • Apr 9th, 2013 @ 10:07am

    Re:

    Google encourages manufacturers to put Android on their phones by giving them a share of ad revenu if they sell Android phones.

    Citation, please.

  • Feb 11th, 2013 @ 4:34am

    Re:

    Rentn.org, it has come to our attention that you are making illegal use of our trademark, "snarky". Our trademark application covers its use in "an arrangement of black and white pixels", and your comment is clearly such an arrangement. We demand that TechDirt immediately take down your unlicensed used of our intellectual property.

    And, to those who are thinking about replying, pointing out their patents on pixels (or the colors black and white, or on the English language), please be advised that we possess significant second-strike capability.

  • Jan 25th, 2013 @ 9:16am

    Re: Re: Re:

    "A COMPANY HAS NO "DUE PROCESS" OBLIGATION TO A CUSTOMER."

    Well, then, perhaps we should fix that.

    > And the ISP's aren't going to randomly generate strikes and send them out. Strikes are based on what is happening with your account.

    The allegations leading to the strikes will come from the purported holders of the copyrights. They can allege anything they choose, with no apparent recourse or penalty for false accusation.

  • Jan 25th, 2013 @ 7:54am

    Re: Every other crime is treated the same way

    "You get accused of something and then you have to defend yourself"

    Please provide any evidence that the six-strikes plan uses the justice system in the way that you describe.

  • Dec 12th, 2012 @ 9:46am

    Re:

    "What you're asking for is like being able to choose a different long distance carrier for your landline even if they don't own the copper of that land line to your home"

    You mean, like the US has had for the past quarter-century or so?

  • Nov 17th, 2012 @ 8:38am

    Re:

    The patent was filed for on February 14, 2012. It is a follow-on to a provisional patent that was filed for on April 6, 2011.

  • Nov 17th, 2012 @ 5:16am

    Ask Patents entry

    I have started an Ask Patents "question" to collect relevant prior art, including some cursory analysis of the prior art listed to date in this article and its comments. If anyone knows of possible prior art, please contribute an answer on the Ask Patents entry, so we can aggregate the results. Thanks!

More comments from Mark Murphy >>