Forgot your password?

Comment: Re:Not Hacked? (Score 1) 162

by mlts (#47919777) Attached to: Tim Cook Says Apple Can't Read Users' Emails, That iCloud Wasn't Hacked

In reality, the next step up on Internet services is moving to 2FA everywhere. Passwords are easily gotten, but 2FA, though doable, raises the barrier immensely. It means that someone would have to know the user's password and have control of one of their devices. This is far harder than just sifting through a pile of passwords found on a bittorrent dump and trying them on various accounts, or guessing a user's grandma's last name.

I'm sure that if the users that had the pictured compromised had their phones secure and had 2FA on, we wouldn't be inundated about these stories.

Of course, 2FA isn't a perfect solution. Lose access to one's phone number that is used for texting codes, and lose access to the recovery key... and one is hosed big time, be it if they are on Google, Dropbox, Apple, even Yahoo. The ideal would be a vendor neutral keyfob that can be used with everyone's 2FA systems, either as the main means of authentication, or as a tool for recovery, where the keyfob can be stashed somewhere physically secure if there is no other way into an account.

Comment: Re:$100 (Score 4, Informative) 50

by mlts (#47908931) Attached to: Google's Android One Initiative Launches In India With Three $100 Phones

There is a point where phones are "good enough". If it can run basic apps (usual popular ones, and a large game or two), for a lot of people, why buy something else?

For example, my HTC One X Plus and my HTC One M8 both have NFC, decent CPUs. The biggest difference is the M8 has a MicroSD card slot that can go up to 128 gigs, but if I had to go back to the HOX, it is doable.

The mobile industry is running into the same issue that the PC industry has about a decade ago -- what is out is good enough for most tasks, so why bother running the upgrade treadmill?

A $100 phone would still be a decent unit. Not with all the bells and whistles, but still fine for daily use by a lot of people.

Comment: Re:A solution in search of a problem... (Score 1) 324

by mlts (#47900719) Attached to: Technological Solution For Texting While Driving Struggles For Traction

There is one tool I've found that has come in handy: A dash cam. If we get more people using these, some texter denying their actions would be proven wrong (assuming the camera has a good shot and the footage is detailed enough) in both civil and criminal courts.

Put the fear of $DEITY into people that if they cause a wreck... someone has a dash cam of the situation and will be more than happy to put that video on YouTube for a DA, opposing lawyers, insurance company, and cow-orkers to see, it might just stop a behavior when no amount of laws or nanny tech inventions would.

One thing though: I wish there were a company that made GOOD dash cams. GoPros are great general cameras, but something that can be mounted under the rearview mirror, hold about 8 hours of high-res footage, and perhaps even offer some facility for detecting tampering.

Comment: Re:That almost smells like... (Score 1) 85

by mlts (#47883353) Attached to: Mining iPhones and iCloud For Data With Forensic Tools

That is the only reason why last year I went to the 5S. I was thinking Apple would let apps use it as an authentication tool.

That way, I could have an app that groks OpenPGP packets, and can allow the private key to be unlocked at the start of the session, while the fingerprint is used to validate that a request for signing/decrypting with the key is one that has some authorization with it. Since the passphrase is cached, the weakened security during that session isn't that great, and it would stop someone who grabbed the phone from being able to do subsequent signatures/decryptions with the stored keys.

It would also be useful for apps like PayPal which could require a fingerprint scan to confirm a payment or other financial transaction. An attacker who grabs the phone would be hard-pressed be able to dump PayPal's RAM structure out to grab keys, so it would be "good enough" to keep a phone that didn't lock its screen from being a juicy target.

I was wrong on those counts, although the fingerprint scanner is a nice shortcut, so I can access the phone without someone shoulder-surfing my PIN.

Comment: Re:hmmmm (Score 1) 275

by mlts (#47875803) Attached to: California Tells Businesses: Stop Trying To Ban Consumer Reviews

I would probably think a judge will rule about NDAs, and tend to rule in favor of businesses. Trade secrets have centuries of precedent behind them. Even if a jury is involved (as this is a civil issue), it would end up being appealed.

There is one concern of mine about this law: Shills for place "A" who post scads of bad reviews about spot "B" that are not in themselves defamatory, but a lot of one-star reviews add up. At the extreme, a place could try to pay people to visit review sites that are in other cities (and where they don't ever plan to visit) just to make one-star reviews.

Comment: Re:Freeman Dyson (Score 4, Insightful) 63

by mlts (#47874441) Attached to: The Grassroots Future of Biohacking

Problem is that it can be stomped out in the US and Europe with some quick fearmongering. "Home bio-terror labs" is a phrase some politician would throw around, that would get laws passed banning biohacking almost immediately.

Of course, this this type of thing can be very useful. For example, the article about bacteria being able to make propane. If someone was able to make bacteria that could, given sunlight, split water, it would spark a hydrogen economy revolution. Similar with critters that could filter heavy metals out of water, where said critters could be easily picked up and disposed of.

Of course, the fearmongering isn't all conjecture. Someone in theory could make a bug that could eat a vital building material or resins crucial to electronics could make a civilization failure similar to what was described in the Ringworld series with their room temperature superconductors.

Comment: Re:Easy solution (Score 3, Insightful) 347

by mlts (#47874243) Attached to: When Scientists Give Up

I wouldn't be surprised to see countries such as BRIC members, EU members, or other countries start trying to woo the best and brightest for economic gains.

It may not be profitable to do R&D in the next quarter, but governments will greatly profit in a longer interval. For example, Paraguay's stake in their hydroelectric dam might not have meant much in the next quarter when they went in with Brazil on building it... but it has guaranteed the country completely energy independence for now and the near future.

Government funding will still be around. It just won't be the US who hands over currency.

Comment: Re:The war that no one wanted (Score 1) 471

by mlts (#47873217) Attached to: Ask Slashdot: What Smartwatch Apps Could You See Yourself Using?

Once a good form factor is established, Apple can go one of a few directions:

1: Make it thinner.
2: Add more features to it. For example, using the MagSafe cable that attaches to it as a USB data transfer cable so the watch can be used as a USB flash drive.
3: Change the form factor.

The problem that Apple is going to face is that watches, for the most part, are something someone buys once and keeps forever. Antique Rolex watches for example.

People have been "trained" to toss their phone annually. Same with their tablet. However, watches are something that tend to be keepsakes and just not thrown away. This is where Apple may run into issues. For a few years, the market will expand, but once it hits saturation, it will be a lot harder to get people to replace their iWatch than the other iDevices.

Comment: Re:Very skeptical (Score 1) 471

by mlts (#47873091) Attached to: Ask Slashdot: What Smartwatch Apps Could You See Yourself Using?

People said similar about cell phones when the iPhone showed up and changed the form factor of preference from a flip phone to a smartphone. Before that, smartphones were for corporate execs or geeks. Further back, MP3 players were considered geek stuff, too esoteric to use by the mainstream person who was content with a CD Walkman. Apple changed that.

I will be genuinely surprised if I don't see a resurgence of watch wearing due to the iWatch. The Android watches are made out of cheap plastic, while Apple's offering is made out of decent materials and has a better fit/finish. It will attract the bling conscious, and once a rapper starts wearing one, everyone will.

The thing is that watches are pure luxury items now. If someone needs to keep time, even the cheapest burner phone has a clock on it. So, I wouldn't be surprised that they will wind up a status symbol.

Disclaimer: I own zero Apple stock. Just knowing that people are trendy, and Apple has already lead at least three major changes in devices so far, the most recent was the killing of the entire netbook market for iPads.

Of course, I may be entirely wrong about this, but IMHO, I think the iWatch will have a market.

Comment: Re:at least they have 4 and 8 core models as well (Score 2) 105

by mlts (#47856875) Attached to: Intel Launches Xeon E5 V3 Series Server CPUs With Up To 18 Cores

Sybase is exactly the same. You can license it for development by the number of users, or production by the number of cores.

It can get so expensive due to the licensing model they use, that buying a POWER or SPARC machine actually saves money compared to putting it in a VM environment, just because of whatever the DB -can- touch for CPU cores has to be licensed.

I'm not sure about MS SQL server, but from what I read, it is pretty similar.

Comment: Re:at least they have 4 and 8 core models as well (Score 2) 105

by mlts (#47856797) Attached to: Intel Launches Xeon E5 V3 Series Server CPUs With Up To 18 Cores

Of course, tossing in virtualization in the mix is fun as well. For example, if I'm sitting on two boxes with 36 cores, and run a relatively small Oracle instance for VMWare vCenter with one vCPU in fault-tolerant mode, I'm on the hook for 72 cores for the Oracle license. With the cost being around $60,000 per core for the enterprise tier, this can add up. Add to this something like vMotion HA where the license has to include every machine that -could- run the DB, and it can get painful even in the enterprise.

Comment: Re:at least they have 4 and 8 core models as well (Score 1) 105

by mlts (#47856361) Attached to: Intel Launches Xeon E5 V3 Series Server CPUs With Up To 18 Cores

Oracle and Sybase as well have this type of licensing, unless something has changed.

IBM addressed this with POWER7 and newer in a fairly innovative way. They have an option called TurboCore mode which turns off half the cores. The ones still running can use the disabled core's caches, and because of the space available for heat dissipation, clock speed could be bumped up. The result was half the cores, but almost the same performance due to the faster clock and cache available.

Comment: Re:One simple question I wish were answered... (Score 1) 75

by mlts (#47856169) Attached to: Book Review: Architecting the Cloud

I don't know a single cloud provider that would provide that contract. In other lines of work, there would be a third party escrow company. However, with a cloud provider, since decryption would be needed, the only way to provide any assurance is to have some backend appliances that do encryption and are rented, with a paid deposit that once the rental ceases, all keys are wiped. That way, a bankrupt provider would have all their servers sold, but the encryption appliances would be owned by another party. Of course, this may not mean much as it might be a fight wresting the leased items from the bankruptcy trustee, but in theory, it helps put at least a layer in place of protection.

However, I don't know any cloud provider who would spend the time and effort to do this, just because the current system of assuring people that "passwords", "encryption", and "firewalls" is good enough.

Comment: One simple question I wish were answered... (Score 3, Interesting) 75

by mlts (#47854731) Attached to: Book Review: Architecting the Cloud

How would a cloud provider assure customers that their data will remain secure if they go bankrupt or just quit the business?

As of now, if a provider tanks, the servers go to the auction house, and in theory, are blanked. However, in reality, there is no assurance of that, and the buyer will get all data stored free and clear. If they wanted to do a multi-terabyte torrent of a failed bank's account and transaction data, they can, and nothing legally could stop them.

Comment: Re:Keeping track.. (Score 1) 137

by mlts (#47843491) Attached to: Ask Slashdot: Remote Server Support and Monitoring Solution?

I personally have used Xymon with more than that many systems. It takes time to classify them, but it is doable.

The price is right on Xymon, however, if I were to recommend a monitoring solution for both real time, "oh shit" monitoring such as a drive array about to fail as well as a historical log (for security and finding a baseline), I'd go with Splunk if possible due to the tools available, and the fact that you can send management-friendly reports about the health of the enterprise up the chain.

Again, a monitoring server is one of the most sensitive boxes you can have (and usually one that isn't secure), so take the time to harden it and do it right.

1 + 1 = 3, for large values of 1.