Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment: All using ancient devices (Score 5, Informative) 91

"fragile full-disk encryption up to Android v4.4 (KitKat)."

"Twenty-six second-hand Android phones running versions 2.3 to 4.3 of the operating system, sold by five handset makers, were tested."

This paper did not look at Android 4.4 or above, IE, the only versions of Android that actually properly supported and advertised full disk encryption in the first place. Full disk encryption on any device prior to 4.4 was basically something the manufacturer cooked up.

If this paper shows anything to me, it is not so much about Android, it is more about how we have to force carriers to stop requiring this goddamn nonsense useless "carrier certification" so that Google can push device manufacturers to allow more direct and timely software updates.

Comment: Re:Stupid ... (Score 2) 126

by brunes69 (#49744219) Attached to: US Proposes Tighter Export Rules For Computer Security Tools

It's a law against export, not possession.

The only result of laws like this is the off-shoring of jobs related to the creation of computer security tools.

This is why I had to laugh at the slant of the summary for the Kaspersky article yesterday, claming that it was negative that the product came from Russia. In actual fact, the fact that the product is not made in the US protects it from crap like this.

Comment: Re:It's not surprising (Score 1) 129

by brunes69 (#49526753) Attached to: YouTube Going Dark On Older Devices

It doesn't have to be this way and it has little to do with standards. Netflix streaming today still works fine on devices that are first generation from many years ago. This is despite all of the new functions and features they have come out with since then - heck they even changed their whole DRM scheme for many players.

The main difference is YouTube has little incentive to keep supporting these old devices since they don't generate much, of any, ad revenue (heck they might not even support ads), whereas Netflix needs to support their subscribers as long as possible.

Standards don't do anything to help with this problem it has more to do with an advertising driven business model.

Comment: Re:And that's a bad thing? (Score 1) 265

This is true. What is needed is more investment in solar capacity in the south, and investment in the power grid in the north (and nationally). There is no reason the North should not be buying a majority of it's power cheaper from the south, where it is plentiful.

Comment: WAC are not required anymore (Score 1) 349

by brunes69 (#49375679) Attached to: Sign Up At Before Crooks Do It For You

WAC are actually not required anymore, although it is still avalable.

CRA My Account is accessible now via a system called "Secure Key Concierge", where the CRA redirects your login to your bank. As long as you have an account with one of the "Big 6", you can log into your online banking, after which the CRA federates with the bank and checks that your SIN and DOB at the bank is the same as the SIN and DOB you entered at the site, and if so they let you in.

IMO it is a much more convenient way to authenticate in a way that covers likely 90%+ of the Canadian population.

Comment: Unencrypted Email (Score 5, Insightful) 140

Forget the auto-complete nonsense. The question that should be being asked is why an un-encrypted email containing " Passport numbers, dates of birth, and other personal information of the heads of state attending a G-20 summit in Brisbane, Australia" would be being sent to ANYONE. I can't even send an unencrypted email at work containing MY OWN social security number.

Comment: I'd rather have the audio streamed (Score 2) 447

by brunes69 (#49365747) Attached to: Why the Final Moments Inside a Cockpit Are Heard But Not Seen

In an era where I can purchase trans-atlantic wifi for $15, it seems archaic to me that we still rely on hardened "black boxes" for data retrieval. Why is audio from the flight deck not REQUIRED to be streamed real-time to satellites in orbit for commercial airliners? Yes yes, it won't be 100% reliable blah blah. So what? No one is advocating REMOVING the black box.. there is no reason you can't have both.

Comment: Re:Still waiting for a "hackability meter" (Score 1) 159

by brunes69 (#49347611) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

Then roll your own OpenID provider. This is what standards are for.

Don't bash federated login just because you don't trust Google.. you don't HAVE to trust them, that is the whole point.

The problem is not Google/Facebook/Yahoo/Twitter, the problem is The Guardian/Techcrunch/ and every other website out there that forces you to make YET ANOTHER account with YET ANOTHER password because they do not support any federated login standards at all.

Comment: Re:Still waiting for a "hackability meter" (Score 1) 159

by brunes69 (#49346657) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

If more sites allowed federated login instead of rolling their own half-assed authentication regiemes then this wouldn't be a problem in the first place.

The idea that I am more secure cooking up a "safe password" for instead of logging in securely using Google or Facebook is farcical.

Comment: Poster might be reading too much into this (Score 4, Interesting) 120

by brunes69 (#49334495) Attached to: Uber To Turn Into a Big Data Company By Selling Location Data

As someone who is an SPG member and generally keeps tabs on what new promotions Starwood runs, this is anything but news. Starwood has over the past year or two, as a general strategy, struck up this kind of relationsip with a ton of companies.

- Starwood partners with Caesars Entertainment, where your SPG profile and your Total Rewards profiles can be linked. This means that loyalty shown at Caesars casinos can help you at Starwood hotels, and vice-versa

- Starwood also partners with Delta, where your SPG profile and your Skymiles profile can be linked, in a simmilar capacity - you can earn both skymiles and SPG points for Detla flights and for hotel stays.

- Now, they are doing the same with Uber... same story as above.

Obviously these companies are going to share customer data. However, if you think Starwood has the infrastructure built, capacity or talent to data mine Uber for what restaurants you go to and target hotel promotions, I think you have a bit higher expectations of them than I do. The much more immediate use of these types of partnerships is to encourage cross-brand loyalty for both companies.

"You're a creature of the night, Michael. Wait'll Mom hears about this." -- from the movie "The Lost Boys"