Please create an account to participate in the Slashdot moderation system


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:What's wrong with Gmail? (Score 1) 121

by blake1 (#41605611) Attached to: Phil Zimmermann's New App Protects Smartphones From Prying Ears
Oh, and not to mention that there is no doubt your handy iCloud backups which are conveniently located on Apple's very own servers will contain a readily available copy of any keys stored within your app's document space, just waiting for the first person who rolls through their doors warrant-in-hand.

Comment: Re:What's wrong with Gmail? (Score 2) 121

by blake1 (#41605583) Attached to: Phil Zimmermann's New App Protects Smartphones From Prying Ears
I didn't read TFA, let alone finish reading TFS, but what you're suggesting is that securing the message in transit between the client and server is sufficient security. What about between the client and another client (SMTP)? Or when the bits are sitting idle on Google's spindles (read: being indexed and monetised)?

The problem I have with this type of solution is that we are placing absolute trust in the vendor's promises that it won't snoop on our data. If I personally generated my CSR and kept my keys secure and in a known location then I would have a little more faith, but unless they open source this and allow me to maintain my own back-end infrastructure I would be more concerned about sending my confidential information using this solution than not - as it's effectively a choke-point for all things sinister and you can bet your last $20/month that the authorities have all they need to intercept your data. After all, and I'm assuming the service is hosted in the US, the White House has access to any keys which are transmitted to and from Silent Circle's systems.

There was another app touted as having military-grade privacy recently, the free-to-install Wickr for iOS. I contacted them after downloading the application in June to pose the question of just what level of trust they expected me to place in their application and infrastructure, to which they promptly responded that their code was under review and they would update their FAQ over the subsequent days. I've just checked and can't even see a FAQ on their website.

Comment: Use file size to identify duplicates (Score 1) 440

by blake1 (#41205635) Attached to: Ask Slashdot: How Do I De-Dupe a System With 4.2 Million Files?
If it were me, I would use the file size to identify which were likely duplicates. Less reliable than hashing, but much faster. Using PowerShell:

Get-ChildItem D:\MyData -Recursive | Export-CSV mydata.csv

$objData = Import-CSV mydata.csv
$objData | sort Size | Export-CSV mydata_sorted.csv

$objSortedData = Import-CSV mydata_sorted.csv
$objUniqueSortedData = $objSortedData | sort Size -unique

Then loop through comparing both sets of data, comparing file extension for those files of the same size. Do a few test runs until you're confident and then run with Remove-Item -Confirm:$false.

Comment: The most secure I've found (Score 1) 198

by blake1 (#39976681) Attached to: Ask Slashdot: Open Source Multi-User Password Management?
Neither of these are open-source or linux-based, but... Cyber-Ark is the most secure solution I've come across - multi-factor authentication, as well as presenting passwords through a portal rather than granting access to the password file itself. Citrix had a similar solution, Citrix Password Manager, but I believe it is now EOL. For it to provide any real level of security the database needs to be abstracted from the users, otherwise it can easily copied offline and brute forced. "Use a secure password" you say? Of course, but where do you record this 128-bit randomised password?

Comment: Re:A long list of reasons (Score 2) 744

by blake1 (#38864969) Attached to: Some Critics Suggest Apple Boycott Over Chinese Working Conditions
I'm not sure that the parent was particularly insightful...

- Walled gardens, vendor lock in

They are a company who manufactures proprietary products. I can't think of a single proprietary company who does not have an aspect of vendor lock-in. And I'm not even sure what element of Apple's offering would be considered lock-in (unless you're talking about the App Store).

- Taking down applications from the App Store and including versions in iOS

I think you'll find more-often-than-not that Apple takes features from jailbreak apps rather than those sold in the App Store. Fair game.

- Spurious litigation and anti-competitive lawsuits in Germany and Australia

I'll admit this is some pretty poor form. I do, though, think it's fairly obvious if you look at the smartphone industry before the iPhone vs after the iPhone you'll see how many other brands have copied Apple's look and feel. Not that look and feel should be patentable, but the entire industry was sitting on their hands selling mediocre products and then as soon as Apple releases their product they all rush to sell the same thing. Where's the innovation? Things like this are pathetic.

- CarrierIQ, GPS tracking privacy gaffes

At least iOS asked you if you wanted to opt-in for tracking (CarrierIQ). Other OS'es did not. I think you'll also find that Android had a similar 'bug' where a user's GPS location was tracked along with wifi data.

- Planned failure just after warranty period (ever since the original pod)

I own 7 Apple devices with all bar one (iPhone 4S) out of warranty. None of mine have failed, but I suppose YYMV (especially 11 years ago).

Comment: Why so small? (Score 3, Interesting) 232

by blake1 (#38504380) Attached to: DigiTimes Lends Credence To Apple-Branded TVs For 2012
If they only sell 32" and 37" sets who is going to buy them? 32" is too small for even a bedroom, let alone watching the 'HD' media one would expect to be able to stream to one of these televisions. Also, if the rumours are true this television must have some significant features other than what can be achieved with an AppleTV + LCD. My guess is they will include an EPG and storage to record television shows to in addition to the AppleTV functionality. Then Apple will call it revolutionary and pretend like they came up with the idea to record to HDD. Not saying I don't like the idea of an Apple tv, just saying.

Comment: Re:Only the master password? (Score 1) 83

by blake1 (#36055052) Attached to: LastPass: Users Don't Have To Reset Master PWDs
So what I'm saying is... these guys have potentially got the password databases. What's changing your master password going to do? It'll ensure that they can't get into your password safe as it stands, online. But if they brute force your database then all of your passwords are compromised. No?

Comment: Only the master password? (Score 2) 83

by blake1 (#36054772) Attached to: LastPass: Users Don't Have To Reset Master PWDs
This might be a lack of understanding of the LastPass system on my part, but I'm not understanding why they are/were suggesting customers reset their master password. Surely, if this password decrypts a password safe then it is as, if not more, important to reset all passwords which were stored in the database.

Comment: Here, I reversed the hash (Score -1, Redundant) 380

by blake1 (#32839032) Attached to: Crack the Code In US Cyber Command's Logo
USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

"Be *excellent* to each other." -- Bill, or Ted, in Bill and Ted's Excellent Adventure