Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:The criticism is fundamentally dishonest. (Score 1) 191

by Burz (#48636367) Attached to: Investigation: Apple Failing To Protect Chinese Factory Workers

What's ridiculous is thinking Android users don't have a choice when it comes to ethics... http://www.fairphone.com/

At least it is something. And while you're reading that page I'd like to remind you of Apple's position as the both the largest and /richest/ smartphone vendor.

Comment: Re:The handwriting's on the wall: Alice v. CLS Ban (Score 1) 216

by Burz (#48625615) Attached to: What Will Microsoft's "Embrace" of Open Source Actually Achieve?

Barnes and Noble were shaping up to test a few of em in court - then Microsoft sidled up and 'partnered' with them. That's another part of the MS modus operandi. Wait for a company who you've hurt to be on the ropes financially, and then offer to help if they'll kiss and make up. Happened with Apple and MS too.

They also did this with Corel and Novell.

Comment: Re:Patents (Score 1) 216

by Burz (#48625499) Attached to: What Will Microsoft's "Embrace" of Open Source Actually Achieve?

MS have claimed numerous patents which they will STILL not disclose. FAT32 is only a known factor because it is also an issue with cameras, audio players and such.

At the end of the day, if I decide to install Windows on a system bearing Linux, then that Linux system is in peril. If a user receives a Linux ext3-formatted SD card and puts it into a running Windows system, the user will be told the card is unusable until it is formatted.

Where office formats and disk formats are concerned, MS still only has two modes: Pretend its noise that should be erased, or freakout send a SWAT team of marketing psychologists and lobbyists to get you to switch back.

Its nice that MS makes FOSS-friendly noises in the server/cloud space. That is what bullies do when they get their asses kicked. If MS gets the upper hand and their vendor lock-in starts working here, then the friendliness WILL evaporate.

Comment: Demote 99% of the vulnerabilities (Score 1) 64

by Burz (#48464673) Attached to: The People Who Are Branding Vulnerabilities

Keep all the complex interfaces and code if you need them, but put them behind very small paravirtualization codebase ingrained into the OS which keeps them isolated -- from the core system, and from each other. Really, even your devices like USB controllers and NICs can be treated as untrusted in this way if you have an IOMMU. And you can have it in a normal desktop GUI.

Kernel-implemented security is a failure; Its ridiculous to go through continued years & decades of pain by relying on it and worrying about breakouts from its weak sandboxing tactics.

Comment: Re:Replace Cisco, and Akamai and then maybe.. (Score 1) 212

by Burz (#48415593) Attached to: Launching 2015: a New Certificate Authority To Encrypt the Entire Web

"Lawful intercept" has entered the business models of Verisign and CISCO. I would not trust CISCO... http://www.forbes.com/2010/02/...

Not even an inch... http://arstechnica.com/tech-po...

Proper security on a network is properly done at the endpoints. Its doesn't belong anywhere else.

What is Mozilla thinking?? They could help fund Convergence.io. They could implement clever ways to get it to ride on existing social networks. They could look at network privacy layers that use public keys as addresses. There are options for improving privacy that don't involve elevating the PKi clusterf*ck any further.

Comment: Re:Immune system for operating systems? (Score 1) 50

by Burz (#48400265) Attached to: Open Source Self-Healing Software For Virtual Machines

This is the one thing QubesOS could use to improve its security-by-isolation approach: Detection and repair in VMs. Even if you assume the hypervisor stays safe (and therefore, your trusted VMs stay safe), you're still relying on VMs to get everything done and the VMs doing the risky tasks are vulnerable to attack. It would be nice if those less-trusted VMs could get automatically restored after a successful attack.

Comment: Come on over to I2P (Score 3, Informative) 135

by Burz (#48357189) Attached to: Tor Project Mulls How Feds Took Down Hidden Websites

There are no privileged routers (or 'guard' nodes) on I2P, and from the perspective of "relays" I2P has many times the number Tor has.

Its way better than Tor when you're looking mainly to communicate with other anon sites/users. Comes with bittorrent and an option for decentralized (serverless) securemail.

It's not so hard to lift yourself by your bootstraps once you're off the ground. -- Daniel B. Luten