Please create an account to participate in the Slashdot moderation system


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:The future is now. (Score 4, Insightful) 152

by fuzzyfuzzyfungus (#49377967) Attached to: Ask Slashdot: Who's Going To Win the Malware Arms Race?
And, unfortunately, ChromeOS is the comparatively softcore version of dystopian cryptographic lockdown. A ChromeOS device certainly works most smoothly if you leave it set to factory defaults, and generally play like a good little consumer; but, at least for now, there's a deliberate, documented, we-don't-assure-that-you'll-like-the-results-but-here's-how-to-do-it, switch for turning off the verification, becoming root, booting alternate payloads, and generally mucking around. My memory of the details is a little fuzzy; but I think that you can have your merry way with everything except some 'fallback' BIOS/bootloader that is hardware write-locked at the factory and isn't even modified by Google-provided updates; but instead intended to be just enough bootloader to un-brick basically anything you can do to the system in software. On some models, you can futz with that as well if you poke the right area of the board.

It's definitely a 'crypto lockdown to make security easier, and possibly even possible' device; and Google hardly encourages you to go forth and GNU; but they at least allow you to. That puts ChromeOS devices well above all iDevices, a fair percentage of Android hardware, and potentially above some 'trusted boot' UEFI systems(depending on whether you can re-key the system or not). It's certainly a good example; but it's far less of an anomaly than one would like.

Comment: Re:More of the same (Score 5, Insightful) 152

by fuzzyfuzzyfungus (#49377813) Attached to: Ask Slashdot: Who's Going To Win the Malware Arms Race?
I'd be inclined to suggest that it will be worse than that:

Barring some sort of radical change in priorities that causes the market to accept zero new features for, oh, a (human) generation or more, while vendors put out bugfix releases, 'winning' certainly isn't going to happen by doing conventional stuff; but harder.

If 'winning' in fact occurs, odds are excellent that it will be on some wonderfully dystopian lockdown platform that shrinks the problem space considerably by forbidding basically everything that hasn't been cryptopgraphically blessed by the vendor, sandboxed to hell and back, or both. Naturally, the power afforded to the vendor in this scenario will never be abused.

Comment: Re:Encrypt client side (Score 1) 122

by fuzzyfuzzyfungus (#49355707) Attached to: Amazon Announces Unlimited Cloud Storage Plans
I'm sure that they've given considerable thought to subtly discouraging very heavy use, and looked at how different users actually tend to use online storage space, along with how much opportunity for additional profit there might be(eg. a 'photo storage' user might be a good candidate for being sold prints or something, while a 'generic files' user might not); and I imagine that lack of block level control helps. It would be interesting to know what the number-crunching looked like to arrive at those price points; though I'm sure that those data are not going to be public anytime soon.

However, I suspect that it's also there, at least in part, because this service is a relatively thin skin of consumer-friendly abstraction layer on top of S3, which is also object based. Amazon does have a block storage offering; but they only seem particularly interested in people using block storage 'devices' as disks on EC2 instances, rather than on farming them out over the web.

There is nothing stopping you from configuring the OS on an EC2 instance to function as a file server and getting remote access to block storage that way; but it doesn't seem to be the encouraged use case.

I don't know nearly enough about large-scale storage to say why they prefer object based storage over block based storage; but my understanding is that, even in the paid seats, object based storage is very much what they are offering, for anything externally accessed, with their block-based offering more or less there to allow you to configure the 'disks' in your EC2 'server' with a bit more granularity.

Comment: Trade offs, no? (Score 1) 379

by fuzzyfuzzyfungus (#49355477) Attached to: Modern Cockpits: Harder To Invade But Easier To Lock Up
While this air crash was undeniably tragic, the focus on the lockability of cockpit doors seems to be ignoring a fairly basic consideration: Who do you trust more: the people you hired to fly the plane or everybody who purchased a ticket to ride it?

That doesn't rule out the possibility of problematic pilots; but it seems very, very, likely indeed that you are better off with a system where you can robustly lock the door, rather than one where blocking access is difficult. There may be room for other improvements, in hiring, training, navigation system safety overrides, etc. but this one just doesn't seem very hard.

Comment: Re:In a departure from tradition... (Score 1) 97

Not that I know of, just my feeble attempt at a joke. It seems like absolutely every other outfit that doesn't own a fab and wants to build an ARM hires TMSC to do it; so when I read about an Asteroid Redirect Mission, I was immediately struck by the image of NASA licensing some IP blocks and having TSMC slap out some wafers.

Comment: Re:Encrypt client side (Score 2) 122

by fuzzyfuzzyfungus (#49352751) Attached to: Amazon Announces Unlimited Cloud Storage Plans
Based on their API reference 3rd-party apps that do whatever you want on the client side certainly look doable enough.

Obviously, the various stuff about "Access your files on all your devices!" and "Build into all your Amazon devices!" and whatnot is going to be less useful, so they are clearly expecting most customers to not do that(and implicitly encouraging them not to); but the service itself doesn't appear to have any objections to you dropping encrypted blobs into it.

(Now, what Amazon would do if you were to use something like PNGdrive, to get the advantages of the rather more expensive 'unlimited files' tier using only the 'unlimited photos' tier, I don't know; but I suspect that they would be less happy...)

Comment: Re:World War III (Score 1) 54

Depends on how broad the question is: given that not every potentially violent extremist will react in the same way, the answer to 'are potentially violent extremists better defused by coddling or by needling?' is likely to be something statistical, rather than "yes" or "no"; but that would be the right answer.

I don't mean to pretend that the right answer will necessarily fit neatly on a bumper sticker(indeed, it'd be quite a shock if it did); but a potentially complex answer is by no means the same as some sort of intersubjective mush of multiple valid viewpoints.

Comment: Re:Some things you can automate, some things won't (Score 1) 56

by fuzzyfuzzyfungus (#49340505) Attached to: Amazon Robot Contest May Accelerate Warehouse Automation

High paid? With millions of unemployed waiting in line for this or another job?

Even if you can get the pesky feds away, and pay them less than minimum wage, lazy, entitled, human workers still tend to waste 4-8 hours/day 'sleeping' and engaging in rudimentary grooming behaviors; and their lack of work ethic means that if you try to pay them starvation wages they may just decide to go starve somewhere else, and at least work fewer hours while doing so.

The effect is most obvious in places where automation is ridiculously efficient(it's pretty tricky for even your most downtrodden human to be cheap enough to stuff PCBs more efficiently than a pick-and-place, for instance); but it's true across the board that no matter how hard you beat them down, humans still have a price floor. Even slaves aren't necessarily cheaper than robots.

"Call immediately. Time is running out. We both need to do something monstrous before we die." -- Message from Ralph Steadman to Hunter Thompson