Follow Slashdot stories on Twitter


Forgot your password?

Comment Re:Preferable != ideal and wrong conclusions (Score 1) 314

A great analysis. Some points to add:

  • - I don't think that it's technically required that the attacker have physical access, but it's kind of a moot point otherwise. If the attacker can log in remotely anyway, then they already have access to the unencrypted data because Bitlocker has unlocked the drive at boot time based on the TPM or other protector, right? What full disk encryption does do is protect against those with physical access but not remote access. In other words, the same set of 1-3, and probably 4.
  • - Agreed on (5). I seem to remember seeing a quote from someone in security circles that said something like, "I typically assume that at least two countries have access to my system at any given point in time." In other words, you are already vulnerable; deal with it. Granted, this provides an additional attack vector, but as you said, it's the same for most corporations running Bitlocker with AD. The threat is no greater with MS storing the key, and probably much lower than your typical IT department.

Comment Re:Duh, that's how encryption works (Score 1) 314

Hmm. I don't see that you'd have any problem either. If you already encrypt with Bitlocker on Win 7 (Pro, Ultimate, or Enterprise, obviously), then MS would have no way of getting your recovery keys post de facto, right? You'd have to unencrypt the disk, then install Win 10, then let MS re-encrypt it for you.

Speaking of, I've installed Pro and Enterprise on several TPM machines, and Bitlocker has never automatically been enabled (unless through IT policies, in which case the recovery is backed up to corporate IT servers. In the case of Pro, it's always asked me if I want to store the recovery key with my Windows account, along with the other options of saving it to a file or printing it.

I tend to think that this is, for the most part, only going to impact Home users who don't know how to otherwise use Bitlocker. It looks to me like a "poor man's Bitlocker" for Home users who didn't have the option before. In other words, Group B is going to be substantially better off, and Group A will be in the same position as they are now, because they'll be manually configuring Bitlocker on Pro or higher.

Comment Re:Craziness (Score 2) 314


If Microsoft was forcing full-disk encryption on Windows 10 Home users (and I'm not convinced that they are), then it's still better than the alternative of having no encryption, right? Someone might argue that it's a "false sense of security" since you really don't know where the recovery keys could have gone, but I seriously doubt that most of these users would even know that they had encryption on anyway, so it can't be a false sense of security if you never knew you had the security in the first place.

And I'm not convinced this is even that widespread. I've installed Win 10 Pro on several machines with the TPM chip enabled from a previous install, and none of them automatically encrypted. In each case, I had to manually turn on Bitlocker. I can't speak for Home installs, but having this "poor man's Bitlocker" seems an upgrade over the "no encryption at all" (or third-party) in 8.1 Home and before. And seriously, how many Home users have actually configured their TPM in the first place?

Speaking as the "family tech support" guy, I'm happy that Microsoft went this route (again, if they did). It ensures that recovery is possible in case of the need to switch the drive to a new machine, without making me have to explain to each of my family members what to do during each install. And really, my advice for these users would be to let Microsoft manage it anyway. I wouldn't trust that they would print out a recovery key and put it in their safe (don't forget labeling it properly to make sure they knew which computer/drive it went with), purchase some storage media (e.g. flash drive) to keep in the safe, or safely store it in some other way. For these HOME users, having the recovery key in their MS account is "good enough", especially when they probably wouldn't have encryption otherwise.

Side note: The fact that there are around 100 replies after the nonsensical question "Can a corporate security officer comment?" goes to show why Slashdot should put back in the "most recent posts first" sort order and have it as the default. This just isn't an issue for corporate use, since they are going to manage Bitlocker recovery keys themselves in AD. And yet then you get a dozen nonsensical replies that, "This is why no company would consider Windows 10."

Why center the discussion around the person who put all of 10 seconds of thought into their "First post" when the better thought out posts will be further down?

Comment Re:Agile. (Score 5, Insightful) 507

Well no wonder - 40 devs is way too large for a single scrum team. And both of those meetings should take place at the team level, not for everyone working on the product. Why not split into 4-5 smaller scrum teams and let the SMs and POs coordinate any inter-dependencies?

Comment Re:Private school (Score 1) 690

Boys appear to be failing behind girls in both public and private schools. It's good to hear that you are willing to sacrifice to ensure your child receives a quality education, but I caution against simply assuming that private schools don't have many of the same issues. While I'd agree, on the whole, that many private schools outclass their public equivalents, private schools often have their own set of issues.

I recommend a book that I just started reading myself, "Why Boys Fail: Saving Our Sons from an Educational System That's Leaving Them Behind", by Roger Whitmire. While I'm only two chapters in, it's already clear that he's done a lot of research in this area. Being armed with some real data behind this issue can help you choose a private school that understands how to educate both boys and girls.


Submission + - 10 years ago today - The original Firefly premier post on Slashdot (

brix writes: I still remember learning about the premier of Firefly from this Slashdot post, 10 years ago today. It's an interesting read, in retrospect.

It's hard to believe now that the Slashdot audience would have had anything but praise for the show, but the reality was much different. Within a few hours of the premier, it was clear that the initial Slashdot reaction was fairly negative. Some posters hated Firefly before it even aired (and especially after), simply because it replaced Dark Angel on the schedule.

Fox clearly misfired by holding back Whedon's original pilot, but I've always felt that the initial Slashdot reaction, fair or not, was the true indication that Firefly would be cancelled so tragically early.


Submission + - Apple's Secret Plan to Join iPhones with Airport Security

Hugh Pickens writes writes: "Currently — as most of us know — TSA agents briefly examine government ID and boarding passes as each passenger presents their documents at a checkpoint at the end of a security line but Thom Patterson writes at CNN that under a 2008 Apple patent application that was approved in July and filed under the working title "iTravel," a traveler's phone would automatically send electronic identification to a TSA agent as soon as the traveler got in line and as each traveler waits in line, TSA agents would examine the electronic ID at an electronic viewing station. Next, at the X-ray stations, a traveler's phone would confirm to security agents that the traveler's ID had already been checked. Apple's patent calls for the placement of special kiosks (PDF) around the airport which will automatically exchange data with your phone via a close range wireless technology called near field communication (NFC). Throughout the process, the phone photo could be displayed on a screen for comparison with the traveler. Facial recognition software could be included in the process. Several experts say a key question that must be answered is: How would you prove that the phone is yours? To get around this problem, future phones or electronic ID may require some form of biometric security function including photo, fingerprint and photo retinal scan comparisons. Of course, there is still a ways to go. If consumers, airlines, airports and the TSA don't embrace the NFC kiosks, experts say it's unlikely Apple's vision would become reality. "First you would have to sell industry on Apple's idea. Then you'd have to sell it to travel consumers," says Neil Hughes of Apple Insider. "It's a chicken-and-egg problem.""

Comment Re:Lame 3D tech is a once per generation fad. (Score 1) 261

Not trying to raise the whole "passive vs. active" debate here (although it's fine if it arises), but your comment really surprised me since passive 3D glasses do seem to be standardized, are typically lightweight and comfortable, and even come in clip-ons for those with existing glasses.

On the topic in general -- While I usually won't spend extra $$ to see 3D in the theatre, that's because I'd rather wait for the blu-ray reviews and grab the 3D version then.

Comment Re:YAY the cracked the passwords (Score 2) 198

Who is "they"? The public at large has access to the password file but not the account names. However, there's really no telling what the original hacker has. For security purposes, we assume the worst, and that is that someone has both the account names and a password file for which almost a third of the passwords have proven easily cracked.

Comment Re:In-App purchases (Score 1) 108

"The entire point of the patent system", as you put it, is to encourage the creation of inventions which are (a) New, (b) Useful, and (c) Non-obvious to someone with knowledge in the industry.

I haven't read the patent, but from reading the Apple letter, it doesn't exactly sound like it passes the "non-obvious test", at the least, and probably not even the "new" part. The problem is that, to fight this, you must either spend thousands of dollars in a lawsuit or pay the license fee.

I don't care how small the amount is, it IS unreasonable to ask for someone to pay for a patent which shouldn't be valid.

If the patent really was "new" and "non-obvious" at the time it was filed, then they are absolutely entitled to payment. I'm just typically skeptical when it comes to software patents.

Comment My strategy (Score 1) 371

  • Download anything that is available electronically and shred the dead-tree equivalent if it is mailed to me
  • Scan anything that isn't available for download
  • All files are named "yyyy-mm-dd name of document.pdf" (or jpg). This allows easy sorting and automatic folderization
  • File any account specific items to ../records/yyyy/accounts/accountname (e.g. ../records/2011/accounts/verizon)
  • Dump the rest into ../records and let Directory Opus autosort them into folders such as ../records/2011/2011-03
  • Keep any paper receipts which are still good for return until they expire and then trash them
  • Automatic backups locally and to the cloud. Cost per gigabyte for cloud storage is low enough now that it makes sense to keep essential records (and even some non-essentials) offsite.

Comment Re:Oh Look There's My House.... (Score 1) 59

Count yourself lucky or blessed, depending on your viewpoint. The tornado that hit Tuscaloosa and Birmingham continued at or near ground level for another 4 hours after Birmingham, crossing into Georgia on the ground in Cave Springs, heading into Tennessee another 90 minutes or so after that, and then (I believe - I was finally asleep at that point) into North Carolina from there. All told, the path of destruction from that one supercell raked at least 300 miles over the course of 7 hours or more. My eyes didn't leave the Weather Channel for most of that time, and while that supercell weakened a few times here and there, it regained strength and remained incredibly destructive for longer than I can ever recall seeing.

Slashdot Top Deals

It is contrary to reasoning to say that there is a vacuum or space in which there is absolutely nothing. -- Descartes