Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Default Government Stance (Score 1) 28

by Sarten-X (#49166199) Attached to: Feds Admit Stingray Can Disrupt Bystanders' Communications

Also consider the fact that the Constitution ofthe United States specifically limits the function of Government to that which is SPECIFICALLY ALLOWED by Law; any activity which is NOT specifically legislated for is in fact ILLEGAL for Government to carry out. As always, the Constitution wins out absent an Amendment, ergo warrantless wiretapping or active unlawful interference in communications is unconstitutional hence ILLEGAL.

The FBI's activities are specifically authorized by a host of laws. That you didn't bother to learn about them doesn't invalidate their existence.

Comment: Re:Default Government Stance (Score 1) 28

by Sarten-X (#49166109) Attached to: Feds Admit Stingray Can Disrupt Bystanders' Communications

The default government stance is that these things are legal, until proven illegal (challenged in court).

And how exactly is that different from any other government in the world?

Perhaps the more interesting question is how you would rather the system worked. Should new tools and tactics be assumed to be illegal for law enforcement use until such new developments are added to a whitelist of legal tools? Under such a system, what is the defense against a criminal enterprise using that whitelist as a simple checklist for their opsec? Do you expect that the whitelist changes (with proper bureaucratic review) would outpace the criminals' workarounds?

We live in a police state.

No, we live in a state with a strong police force. It lacks the totalitarian and strict political influence usually necessary for the term "police state". Sure, there's occasional overreaches and corruption, but those are the exception, not the norm.

Comment: Re:liquid metal? (Score 1) 208

by mlts (#49164487) Attached to: Samsung Officially Unpacks Galaxy S6 and Galaxy S6 Edge At MWC

I wonder what Liquid Metal has over sintered aluminum or other alloys. LM has to have a specialized injecting molding machine that keeps a vacuum during the process. Sintering aluminum and other items have their issues, but it is a relatively simpler process to get precise items coming out.

Comment: Re:Nope (Score 2) 208

by mlts (#49164379) Attached to: Samsung Officially Unpacks Galaxy S6 and Galaxy S6 Edge At MWC

I would say my HTC M8 is a combination of the two. Replaceable batteries are useful, and my last Motorola phone, the Atrix 2, had one and wasn't considered a porker by any means.

The SD card is more important. Sandisk has 200GB MicroSD cards out. This doesn't give just storage, but the ability to do backups, either with nandroid or with Titanium Backup. Since Titanium Backup uses a very good encryption system for backups (you set a password which encrypts the private key stored with the backup files, and TB uses the public key for backups, only asking for the password to unlock the private key for restores.) To boot, I can copy music to and from the SD card before I load it into the phone. Of course, if something happens and I end up trashing the ROM on the device, I can reload a backup while on the road.

The biggest reason why I won't buy a Samsung Galaxy is because of the fact that it took a major bounty to even get root on the device, much less a custom ROM. The HTC comparable, the One M8 (and the M9 coming out this month) happily runs my custom ROM with XPrivacy and other items. The eFuse issue with the Galaxy is another turn-off. Even with iPhones, if I have a trashed jailbreak, I can use DFU mode and factory restore the device to as good as new. The fact that the Samsung offering permanently disabled functionality is a major minus in my book.

For a corporation, Knox is a useful tool. For an individual, it doesn't do much.

Comment: Re:Why is this a thing? (Score 1) 59

by mlts (#49153651) Attached to: BlackPhone, In Wake of Gemalto Fallout, Receives $50 Million In Funding

Since the SoC functions are still a black box, I rather just go with a ROM on a moddable handset like the HTC One M8 with XPrivacy installed, where even if a basic fleshlight app demanded every priv under the sun, it won't get it. When it comes to phones, having the ability to block apps from phoning home is a major security feature.

Even better, why can't a company work on virtualization on a handset? That way, one can have a VM for web browsing, one for work stuff, one for home/personal, and one for clients? This is more important and would be more useful (especially if the hardware supported two SIM cards) then yet another black box phone. With online deduplication and having the hypervisor do the encryption, decent security can be maintained on a device without much fuss from the user.

Comment: Re:How about Lenovo go one step better? (Score 1) 206

by mlts (#49150395) Attached to: Lenovo Saying Goodbye To Bloatware
I'm not attached to any of these ideas I posted, so if proven wrong, that is just fine with me... again, they were just thoughts of something that might be useful. TPM 2.0 is part of the Windows Certification spec, but oftentimes, there are many computers that will run Windows 8.1, but are not certified for it. Here is the link: https://msdn.microsoft.com/en-...

Comment: Re:I'm sure that (Score 2) 31

by mlts (#49149961) Attached to: Simple IT Security Tactics for Small Businesses (Video)

I've had phish attempts back in 1993 on Solaris and IRIX... Not good ones, but people fakemailing, pretending to be from "root", asking to run a shell script that would send the /etc/passwd file off to an anonymizer address... well before abuse forced Julf to shut down penet's remailer for good.

Easily detected, because I was the only person with root access, but I'm sure college students probably follow directions and kicked the university's passwd files there (although with NIS/NIS+, as well as the real password hashes stashed in /etc/shadow ) there wasn't much to attack, even back then.

Comment: Re:How about Lenovo go one step better? (Score 1) 206

by mlts (#49149917) Attached to: Lenovo Saying Goodbye To Bloatware

To address points 1-3, TPM 2.0 is an item that is required for a machine to pass Windows 8.1 hardware certification, so even though it isn't explicit, the technology will be there. For better, or worse, it will be with us, so might as well make it useful. If BitLocker can be made as easy to use as FileVault, it would be a big bump in the security reputation of both the hardware vendor, as well as MS.

For point 2, a good example of doing it "right" is Boxcryptor. It is a pretty UI over EncFS, but it does work and works decently well. Most customers don't care about encryption, but it can be used in a way to provide clientside protection that is pretty much transparent. The perfect is the enemy of the good, so there would need to be something done to make recovery usable... but this is a solvable problem, similar to how Apple deals with FileVault 2 recovery issues.

For point 3, it isn't a perfect solution, but it can be implemented "right". A MicroSD card slot is one way, where the slot the card is, is permanently set to be read-only (this is part of the SD spec.) To prevent altering data, the encrypted section of the card could be used to store the OS data. Even with this, it still isn't 100% (as an evil maid could pull the card, go to a place that has the SD spec for decoding the encrypted partition, and modify things), but it is secure from most things.

For point 4, 10GB boards and modules (well, over twisted pair copper that is... NICs that use SFPs are still not inexpensive) are falling in price, so it will not be surprising to see them appearing on consumer level motherboards in a few years, perhaps with some TCP offload functionality. Done right, it would be useful, and if worse comes to worst, the functionality can be shut off entirely.

Comment: How about Lenovo go one step better? (Score 2, Interesting) 206

by mlts (#49149675) Attached to: Lenovo Saying Goodbye To Bloatware

It would be nice to see Lenovo go a step ahead in the consumer market and not just stop with shovelware, but maybe bundle some security features with their products. This would go a long way to fixing their black eye in the press:

1: A TPM chip shipped off and disabled (as per the spec) on all machines would be useful. Windows Vista and newer can take advantage of this and offer solid encryption that is highly resistant to brute force attack.

2: Add clientside encryption to Reachit with a public format, perhaps getting other vendors on board. This way, users have cloud access... but files are transparently encrypted, similar to BoxCryptor.

3: Have a small SSD read-only volume with a custom WIM present for install media as well as drivers. This way, if a machine needs to be reinstalled from scratch due to a HDD or SSD replacement, this can be done anywhere, and no OS media would be needed. This also is useful for recovery as well, especially if there is a way to get to a PE environment which can be used to save off files, run an offline AV scanner, or fix a haywire application.

4: Add firewalling onto the NICs themselves. Around 10 years ago, some nVidia motherboard chipsets had this capability where the onboard NICs were intelligent enough to have the ability to have their own rulesets. This was quite useful, both to keep the OS protected with IP blacklists, as well as to limit the damage a compromised OS can do (for example, block all outgoing port 25 traffic.) As an added benefit, if someone is worried about vPro or other "ring -1" management tools, those can easily be blocked at the NIC.

Comment: Re:MAKE SOMETHING NEW! (Score 4, Insightful) 158

by mlts (#49149229) Attached to: Can the Guitar Games Market Be Resurrected?

Some markets just come and go. It might just be that these lines of games might be just as viable as databases for one's Cabbage Patch dolls.

Would it make money? Maybe to a niche market. If I were to do something, I'd focus on price/quality as opposed to volume. For example, the guitar would not be a cheap piece of plastic, but perhaps a real one that can be strung and played as normal once someone got tired of the game.

Also, te game should go further than the last game types. Make different instruments. Allow multiple players to play the instruments at the same time, either coop, or one after the other in a battle of the bands. Even go with odd things, such as a chainsaw and doing WASP or Jackyl songs.

Mainstream-wise, no... this genre isn't going to be in vogue again, but there is still money to be made.

Comment: Re:is it an engine or a display model? (Score 1) 57

by mlts (#49148315) Attached to: Researchers Create World's First 3D-Printed Jet Engines

For a more pedestrian use, there is one thing that an engine like this that has a specific power band range would be ideal at... and that would be a generator. Here in the US, it would need to be geared to 3600 RPM unless an inverter is used.

If they were this efficient that they could get that much power output, it might be something to have as a backup generator for a house, as it could run from natural gas, propane, gasoline, or diesel.

Comment: Re:State Your Name (Score 1) 98

by mlts (#49147589) Attached to: Fighting Scams Targeting the Elderly With Old-School Tech

Most of the scammers tend to be those casting a wide net. They bought an info dump with thousands of names, phone numbers, and such in it, feeding the numbers into a robodialer, and having people in a boiler room use names of relatives automatically on a scripted speech.

An anti-fraud device, or something asking for info to be called back at will be more than enough protection, because the scammer will just move to the next potential mark on the data dump and try them.

They try to be relatively quick about it. Eventually, bad number blocking sites like Mr. Number and others will have enough entries to have the fraudster's number blocked on devices subscribing to the service.

Comment: Re:I just must be drunk. (Score 2) 98

by mlts (#49147557) Attached to: Fighting Scams Targeting the Elderly With Old-School Tech

VoIP scams are easy to do. For example, callerID is fairly easy to forge and it doesn't cost much money to set up a boiler room and staff it with people who do this. This allows a company to be in India, but still call from a US number.

To boot, there are very stiff fines... but have you seen how a lot of the robocall firms are organized? Most have a lot of holding corporations that they work with, one owns the furniture, one pays the employees, one possesses the computer data, so when the main company, say XYZ corp, gets sued, they just file bankruptcy, then a new company, ABC corp gets created, and they are back in business the next day. To boot, all of these companies are registered offshore, so finding the true owners will be virtually impossible unless the company decides to hit a third rail in the US (drugs, guns, and IP violations.)

Comment: Re:is it an engine or a display model? (Score 1) 57

by mlts (#49147129) Attached to: Researchers Create World's First 3D-Printed Jet Engines

That is what I wonder about as well. Sintering requires heat, so that makes me wonder if the metal can handle the high temperatures that a turbine spins at.

However, TFA states a 3D printed rocket engine was made and actually used by UCSD researches in 2013, so there is a good chance that this can be made to function.

The rocket was 3D printed via DMLS, but then "hardened, polished, and assembled." I have zero clue on the hardening method, because non-ferrous metals can't be really heated and quenched.

I'm hoping this is something that can see actual use, because if done right, maybe we can get more people researching jet/turbine engines.

There is always the fact that a turbine engine can be used for a vehicle. With the 7+ speed transmissions available, as well as CVTs, the limitation of a turbine's narrow power band can be overcome at the gearbox.

Machines certainly can solve problems, store information, correlate, and play games -- but not with pleasure. -- Leo Rosten