Follow Slashdot stories on Twitter


Forgot your password?

Comment It comes down to VPN settings and tuning effort (Score 5, Informative) 261

If you don't want to root your device and don't want to tunnel all your traffic to a VPN server (adds latency) , you can use one of the Android "NoRoot" firewalls that routes app traffic through a local VPN for inspection and filtering. This uses more CPU and battery, but all protection is done within your mobile device. It takes a lot of manual effort to build a policy that blocks undesirable traffic and still lets apps work.

You can tunnel your traffic to a commercial VPN provider, but now you are trusting them to maintain performance and not invade your privacy, and they won't have any visibility to the contents of traffic that is inside SSL/TLS encryption, for better or for worse (e.g. cannot inspect Android apps downloaded as APKs from SSL websites).

Better yet, you can root the device and add your own Certificate Authority and firewall settings. Now you can use your own VPN to ensure all traffic from all applications goes to a remote VPN headend for inspection/modification, even traffic the device thinks is encrypted with SSL. If you have many users going through the same VPN, you can do things with packets and headers to make it difficult for CDNs and ad networks to identify individual users who are all behind the same gateway.

If you have more time than money, you can build up a VPN headend with open source tools (e.g. Squid+SSLbump)., and write policy to block traffic that doesn't meet your security policy, and to log what your device tries to send. You can use header modification to strip out identifying information and cookies.

If you are a business or otherwise have more money than time, the expensive approach is to use a commercial firewall appliance that has a client VPN and URL filtering service (e.g. Checkpoint, Palo Alto, Juniper, F5, etc). You set up the VPN to send all your mobile device traffic through the firewall, and use firewall policy to decrypt SSL, inspect APKs, and block ads. This solution is very effective at blocking ads and undesirable network traffic, and can often detect or block malicious APKs and other attacks.

Comment The billion dollar mistake that nearly killed UAL (Score 1) 377

Three people, working independently, made errors in programming and website updates which nearly bankrupted United Airlines when the errors came together on September 8, 2008. "Shares fell to about $3 from more than $12 in less than an hour, wiping more than $1 billion in value before trading was halted.".

When the market first opened that Monday, United Airlines was trading at over $12 a share. The public summary of the events state that Chicago Tribune re-indexed their archives, resulting in a six-year-old story about United Airlines bankruptcy to be re-posted on the Web site of The South Florida Sun-Sentinel without a date. Google picked up the "new" article, saw the missing date, and inserted the current date of 9/8/2008. That article was picked up by a research firm, Income Securities Advisers, which then posted a link to it on a page on Bloomberg News, which sent a news alert based on the old article. The news alert triggered automated trading systems to issue sell orders. Nasdaq finally ordered a halt in trading the stock at 11:08 a.m, but the damage had been done, United Airlines Stock had lost 75% of it's value.

Comment Took an online trading company offline for a day (Score 4, Interesting) 377

I was hired as a firewall admin at an online trading company, then quickly discovered the director of IT was insane, but kept management happy because he made his numbers by keeping his team constantly understaffed; I was told to work on not just servers, but installing Sun servers in racks, running cable, and fixing just about anything plugged into the network.

I made the mistake of showing competence in networking, so was asked to "expand my role" (new title, same salary), and start working on the switches themselves, including executing an "upgrade" to stacked HP ProCurve switches with VLANs (replacing a hodge-podge of random manufacturer switches). The actual upgrade went fine, basic testing (ping) showed everything stable, but as soon as trading opened the next day, everything went to hell, performance dropped through the floor and customers started calling in about trades timing out. Long story short, turned out that Solaris HME cards were unable to negotiate properly with ProCurve switches, half the machines were dropping packets due to duplex mismatches. There's a reason people call the Sun interface cards "Happy Meal Ethernet"

Cost the company approximately $180,000 in direct and customer exodus losses, and was likely a factor in their eventual collapse. I wasn't fired, but management never trusted me again so I saw the writing on the wall, and quit to do consulting work at a (also doomed) dot-com online supermarket.

On the upside, I was able to make thousands in consulting income from installing those same "lock speed to 100 and duplex to full" Solaris scripts on servers for various customers who also had performance issues plugging in Sun servers to cheap switches.

Comment Re:Sheesh! Some numbers. (Score 1) 217

Yes, but aren't the steam generators closed loop? If you keep blowing out steam, you need to replenish water. That water must be stored on board or extracted from the sea water. I doubt that it is a good idea to use sea water in the generator; higher corrosion and all that jazz. The advantage of an electric system, is no consumables wasted, save fuel for the initial generation, which you would have used anyway.

Nuclear aircraft carriers have large scale desalination (distillation, aka "flash evaporator") plants, some capable of producing 400K gallons of distilled water each day, in excess of shipboard daily water needs.

Comment Cutting their losses (Score 5, Interesting) 99

How will Amazon handle the theft problem? Why just steal a package of unknown value when you can stuff the drone into a steel box and get a pile of expensive parts along with whatever bonus you find in the package being delivered.

Will Amazon be forced to redline neighborhoods that have a high attrition rate?

Comment Re:The author forgot one other option. (Score 3, Informative) 105

I just read the entire article and the author forgot one other solution: the British solution Instead of putting the burden on app developers to include backdoors, or on Google to block apps that don't, put the burden on end users to turn over their keys to police when asked. I'm not saying I like this solution, but it is a solution the author of the article didn't consider. If you make the sentence for non-cooperation long enough, it doesn't really matter if the police find what they're looking for: they can just lock you up for not handing over the keys.

In the USA, this would likely require a constitutional amendment, it is widely held that the Fifth Amendment "Right Against Self-Incrimination" protects the right not to divulge an encryption key.

Comment Re:Laugh (Score 1) 407

Americans work longer hours and take fewer vacations than most others in the developed world.

We shoot each other more often as well.

With the possible exception of Postal workers (sorry, stereotyping) people who work 60-hour weeks and take no vacations are unlikely to be the ones doing the shooting -- they are doing the work of two people, and that other guy, the guy whose job the over-achiever has eliminated, is more likely to one with time to spare to go out murdering.

As productivity increases, companies can get more done with fewer workers. Good for profit margins, not so good for unemployment rates.

Comment Re:Lawful access is uneffected. (Score 1) 431

There is only one way you can EVER be compelled to testify and actually ANSWER their questions (you aren't allowed to lie, but you can refuse to answer, the "right to remain silent" applies to your TRIAL as well which is why defendants can't be compelled to testify) and that is you have to be given IMMUNITY. If the prosecution gives your testimony immunity you cannot be prosecuted for what you say (unless you commit perjury and lie).

One undecided facet is whether compelling somebody to "testify" by providing their encryption key or by requiring them to unlock an encrypted device, also gives them immunity for the evidence revealed in the contents.

One legal theory is that a person may be compelled to decrypt (e.g. by sitting them in front of a laptop with a copy of their PGP disk volume and saying "unlock this or go to jail"), and the only immunity required is immunity for prosecution due to the fact that they knew the key (e.g. a conspiracy charge), without granting immunity for evidence found in the cleartext of data in encrypted storage. I disagree, but can see that approach passing constitutional muster

Comment Re:Totally messed up. (Score 1) 577

I know you're trying to be funny, but for the last couple of years both organizations have gotten together to oppose the NSA, and domestic spying in general. They have other mutual enemies, including New York Mayor Michael Bloomberg. And on gun rights, the NRA and state-level ACLU organizations are often both on the same side of an issue, it's primarily the national ACLU that has taken a strong stance against individual firearms rights.

Slashdot Top Deals

Computers are unreliable, but humans are even more unreliable. Any system which depends on human reliability is unreliable. -- Gilb