Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:UAC is for idiots (Score 4, Insightful) 187

by DigitAl56K (#49455949) Attached to: LG Split Screen Software Compromises System Security

The fact some program that can change the UAC settings is pretty huge example of why Windows has issues separating userspace from root space. It just simply can't do it right. Who's brilliant idea at Microsoft was it to provide any sort of API that can let any program (besides the control panel widget that lets you adjust UAC settings) adjust UAC settings?

I hope you realize what you are saying here is the equivalent of a Linux user saying "The fact that some program can change permissions after I launched it as root is an example of a huge security hole. Whose brilliant idea was it to provide any sort of mechanism that can let any program I run as root do things a user who is root can do?".

This is an example of why UAC exists, in fact: A program that is not UAC elevated could not change your UAC settings (if you hadn't turned them off already).

Comment: Re: UAC - A Double Edged Sword (Score 4, Informative) 187

by DigitAl56K (#49455327) Attached to: LG Split Screen Software Compromises System Security

Yes, a component in an admin context may not be accessible to a component used by user in a non-admin context. This is called a "security" model, and prevents the non - admin process manipulating the admin-context process to do things it shouldn't be able to do. You make it sound like a quirk, but the entire design is that "non elevated components can't talk to elevated components". Try starting Notepad as admin and dropping a text file on it from the non - elevated explorer view, it won't work by design.

Comment: Re: Cutting edge journalism (Score 3, Informative) 179

by DigitAl56K (#49451521) Attached to: Google Lollipop Bricking Nexus 5 and Nexus 7 Devices

Wrong. Many people, including myself, bought their device directly from Google, and Google themselves create and release the updates for these devices. You can install factory images directly from Google or wait for the over-thr-air updates.

I believe there are also carriers modified versions. For example, I think T-Mo has Nexus devices with proprietary WiFi calling added. In those cases then yes, the carrier must manage the update. Nexus program guidelines suggest how quickly carriers must release such updates.

Nevertheless, many people are on the Google-direct update train.

Google are really hit and miss with updates. They don't offer pre-releases to enthusiasts like they ought to (a pre-5.0 build was an exception and that's only because they were changing the runtime out and literally had to do it for dev support). They announce releases then don't roll them out to their most popular devices for weeks/months, and they release fix versions that don't address some of the worst bugs.

I like Android but my biggest gripe is not being in control of my own updates. When Apple announces a new OS everyone can get it. When Google announces a new OS you better pray you can get it a month later, and that the bug fix version won't be three months behind. That's if your device manufacturer even supports the update.

Comment: Re:Basic OS Functionality (Score 1) 277

Whole device encryption is pretty well handled in Android.

Yes, but it's also useless if you install a compromised app or e.g. a browser-based exploit is leveraged against you or you want to protect a file in transit over the wire and not rely solely on things like SSL.

You need to use the right tool for the job, and while the tool mentioned is obviously the equivalent of a comedy foam hammer, there are legitimate reasons to want to use something other than FDE to protect a file in many situations.

Comment: Re:And where are the parents? (Score 3, Insightful) 187

by DigitAl56K (#49406251) Attached to: UK's Tories Promise To Enact Age Limits For Viewing Online Porn

Supervision isn't even really the "problem" here.

Parents don't like the idea of their still young and in need of heavy-handed protection children having naughty thoughts or being around other children who might have naughty thoughts. Puberty disagrees with these parents, but the politicians are offering a feeling of control over something that is biologically ingrained in us. Parents will buy into it in most cases because they tend to be irrational about this stuff.

Pro-tip: You can't control everything a teenager does, and if you try you will ultimately promote outrageous behavior. Teenagers will watch porn. Teenagers will have sex. To the parents out there: don't make it taboo, make it safe. Those are two different things.

Comment: Re:People CHOOSE to work for Amazon (Score 1) 331

by DigitAl56K (#49357215) Attached to: Amazon Requires Non-Compete Agreements.. For Warehouse Workers

Very few people are ever in a position to force you to do anything, and yet you may still be in no position but to accept their propositions. For example, perhaps you need to eat and keep a roof over your head and there aren't a lot of other opportunities in your area or fitting your qualifications. We have laws to protect people in these situations. Telling someone that they can't exercise their skillset and background for 18 months after they leave a position without otherwise providing due compensation is about as clear as an abuse of overwhelming power during a negotiation as you can get. Almost nobody would agree to that given a real choice, other than due to short-term need.

Comment: Perform tear-downs instead (Score 1) 296

by DigitAl56K (#49292803) Attached to: To Avoid NSA Interception, Cisco Will Ship To Decoy Addresses

Start visiting locations of concerned customers, tear-down their units, check for implants, pull chips, put them in readers, verify firmware, etc. etc.

Figure out what changes are being made to the equipment and then warn customers to check for them upon receipt. Tactics will then change, so check new shipments again 6mos. later.

Comment: Bye bye Uniden (Score 1) 135

Your product line stagnated and your latest effort was seemingly launched to no end of trouble. I said this would come and now it has.

I'm really looking forward to scanners that finally have nice UIs with modern features like GPS built-in, recording, RR db access, and communities developing for them for additional protocol support.

Comment: Re:No single point of failure is permissible (Score 1) 99

I'd prefer if the cards came with a cert from the carrier on it so your phone could verify it's talking to a real tower, disabling stingrays in the process, and then your phone generated and exchanged keys with the tower. It would periodically generate new ones and expire old ones when you weren't actively exchanging data or on a call, and weren't hopping between towers. The towers would counter-sign them and hand them back. You could then hop towers quickly because each new tower you tried to connect to only has to verify the networks own countersignature.

365 Days of drinking Lo-Cal beer. = 1 Lite-year

Working...