Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×

Comment Re:Already or in the process of being repaired (Score 2) 183

by rtfa-troll (#44576735) Attached to: Google Admits Bitcoin Thieves Exploited Android Crypto PRNG Flaw

It's okay though, with Android you can just write your own PRNG and change all the other software to use it, then you'll be good to go.

It's even better than that though. You can write it; but Google carefully thought to protect you from actually deploying it by putting Android under the Apache license which means that your phone manufacturer can lock down your bootloader to protect you from actually changing anything. Just think of all the people who might end up putting insecure random number generators into their phone and screwing their security if Google had used, for example, the GPLv3.

All hail the all knowing and all wise Google.

(I will admit that at least Google's own Nexus devices don't really do this; but why spoil a good rant with facts.. )

Submission + - Microsoft abusing DMCA to take down competing office solutions? (paritynews.com)

Submitted by hypnosec
hypnosec writes: Microsoft, in a bid to take down pirate version of its Office products, has been sending out DMCA notices to Google containing links to competing legitimate office solutions like Apache’s OpenOffice. If we look at the URLs included in the takedown notice, most of them do point to infringing content – links to pirated Office 2010. But, after digging deeper into the list we found that there were instances wherein there were references to links which were hosting OpenOffice. The instances mentioned herein is not an isolated instance and there have been cases (here, here, here and here) where Microsoft has requested takedown of links (torrent links to be specific) that were hosting OpenOffice.

Submission + - Microsoft cloud services crash leaving customers without data access. (techcrunch.com)

Submitted by rtfa-troll
rtfa-troll writes: Edited re-send of earlier submission

TechCrunch reports Microsoft's Outlook and SkyDrive services failed with other services also apparently implicated. Restoration has taken many hours and was still apparently not complete more than a day later. Microsoft's cloud solutions are part of its long term survival strategy of following Apple's iCloud and attacking more experienced providers such as Amazon's S3, Google's Apps and App Engine, and RackSpace's public cloud, whilst attempting to block development of more open cloud software such as Eucalyptus, OpenStack and RedHat's OpenShift. TechCrunch also warns of the dangers of of Microsoft's new cloudified operating systems telling that they have been "boosting [SkyDrive's] integration points in Windows 8.1" something which will put customer's data at risk of access without their consent beyond any questions of reliability.

We just discussed how shareholder lawsuits over Microsoft's previous attempt to spread the Windows OS beyond the desktop and this is not even our first discussion of major Microsoft cloud outages this year whilst older discussions have covered Microsoft's failure to keep adequate cloud system backups which makes slow to recover crashes very worrying."

Submission + - When is it ok to not give notice? 1

Submitted by Anonymous Coward
An anonymous reader writes: Here in the U.S., "being professional" means giving at least two week's notice when leaving a job. Is this an outmoded notion? We've all heard stories about (or perhaps experienced) a quick escort to the parking lot upon giving the normal notice, and I've never heard of a company giving a two week notice to an employee that's being laid off or fired.
A generation ago, providing a lengthy notice was required to get a glowing reference, but these days does a reference hold water any more?
Once you're reached the point where you know it's time to leave, under what circumstances would you just up and walk out or give only a short notice?

Submission + - Another Microsoft cloud outage (techcrunch.com)

Submitted by rtfa-troll
rtfa-troll writes: Microsoft's Outlook and SkyDrive services failed with other services also apparently implicated. Restoration has taken many hours and is still apparently not complete. Microsoft's cloud solutions are it's long term survival strategy following Apple's iCloud and attacking more experienced providers such as Amazon, Google, RackSpace and VmWare, whilst fighting a reargard action against more open cloud software such as Eucalyptus, OpenStack and RedHat's OpenShift. With Microsoft's previous failed attempt to move Windows away from the traditional desktop already triggering lawsuits this could hardly come at a worse time for Microsoft's management. TechCrunch also warns of the dangers of of Microsoft's new cloudified operating systems telling that they have been "boosting [SkyDrive's] integration points in Windows 8.1" something which will mean every customer's data is at risk of unauthorized access.

This is not even the first discussion of major Microsoft cloud outages this year whilst we have also discussed Microsoft's failure to keep adequate customer backups.

Comment Re: Who cares what it is (Score 2) 301

by rtfa-troll (#44561951) Attached to: EFF Slams Google Fiber For Banning Servers On Its Network

I seriously doubt there is an ISP in the world that would dare charge Google to send data to their customers. The negotiations would be swift: "OK, we won't."

Google is more than google.com. The ISPs want to force them to pay for Youtube traffic whilst getting free access to the search engine.

There is a whole world of hurt coming for someone.

Comment Re:Public Domain should be the default (Score 2) 96

by rtfa-troll (#44558113) Attached to: Open Source Licensing Debate Has Positive Effect On GitHub
Git Hub is based in the USA where public domain dedications are well established (see the link in the post you are replying to) so it is very likely that source distributed by Git Hub can be in the public domian. If you are really paranoid you can use the CC0 to dedicate to the public domain or achieve as near as possible an effect.

Comment Re:We can't win without eliminating FISA. (Score 5, Insightful) 413

by rtfa-troll (#44546337) Attached to: Schneier: The NSA Is Commandeering the Internet

But freedom is useless if crime and terror hit a certain level.

This is the wrong way round. Freedom is what helps stop "crime and terror" hitting that level. If the people are not free then the police concentrate on rounding up "politicals" and feel free to profit from taking things from the population. If you are in a free country then the police are afraid of ignoring the public and concentrate on stopping "crime" including "terror".

It's not a coincidence that the safest countries are the ones which have been long term democracies with high levels of freedom whilst the most dangerous are failed states and effective dictatorships.

Comment Re:I'll hold out (Score 4, Informative) 122

by rtfa-troll (#44546245) Attached to: Unlocked Firefox OS ZTE Open Is Now Available On eBay For For $80

Even if it's fully open, with 0 binary blobs. How many qualified specialists, with serious math background, do you think are out there looking through complex encryption functions checking through flaws in math? Ever heard of Obfuscated C Code Contests? Openness of the code does not guarantee absence of backdoors even if the code does get a lot of eyeballs looking at it.

Firstly; if the Obfuscated C Code scares you then I guess you should look up the underhanded C contest. Notice especially the bits where malware is disguised as small programming bugs. When you say "Openness of the code does not guarantee.." you are 100% right. However, don't forget, "the perfect is the enemy of the good". We don't always need a guarantee; sometimes improvement is enough:

1) Given that there have been plenty of discoveries of problems (e.g. just today a flaw in Android's RNG was reported) there must be quite a few people who are checking.

2) All it takes is one person. You don't need to do anything to benefit if I check it for you.

3) There is a vast increase in the risk for the attacker if it's open source;

  • their change is likely visible in the version control and can be traced back to them
  • it's easy for someone to change their backdoor into a trap
  • if they do use the attack to break in it's much easier to track it back to the original programming mistake

4) Security problems tend to happen in generally insecure code. If code is open source you can avoid this:

  • by looking to see how the code is written and choosing the software using the best techniques and languages
  • by choosing code written by people you feel you can trust and avoiding others

Several of the things I mentioned are things that most people won't do most of the time. Having them as options means that they will be available when you actually really need them.

defenders can spot the hole and

Comment Re:I'll hold out (Score 1) 122

by rtfa-troll (#44543645) Attached to: Unlocked Firefox OS ZTE Open Is Now Available On eBay For For $80

Is harder to hide a backdoor when the code of the OS is open source and the apps are in html5.

This helps a bit, but not as much as you would think. When they say "unlocked" what they mean is that this phone comes unlocked for use on multiple operators but probably (unless this changes close to market time) not not unlocked for using your own OS. That makes the whole phone OS close to a binary blob that you can't replace and which they will be able to change without you having true control. If you use cyanogenmod you might argue that the reduced number of binary blobs would allow some kind of auditing. However without true openness like replicant it's almost impossible to be sure.

Maybe worth calling up our ZTE friends and persuading them to provide an easy way to unlock the bootloader on the EBay phones.

Comment Re: Cell phones must stop broadcasting MAC address (Score 1) 189

by rtfa-troll (#44539757) Attached to: Londoners Tracked By Advertising Firm's Trash Cans

how would the phone differentiate from the "dlink" AP at the owner's regular coffee shop and the eavesdropping "dlink" AP?

The AP broadcasts its MAC as the BSSID. You could ask before signalling to an AP which has an unknown BSSID. Also, since the phones know where they are, you could ask whenever you see the same name in a different location.

Slashdot Top Deals

When it is incorrect, it is, at least *authoritatively* incorrect. -- Hitchiker's Guide To The Galaxy

Close