Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Monopoly Control (Score 1) 94

They are not true monopolies... but they are used on a name basis. For example, what FB gives, and only FB does is the fact that it has a lot of momentum behind it, and people tend to use it as a primary way of communicating.

In the past, I was shown the door during job interviews because I didn't have a FB or Twitter account, being called a "fossil" since I didn't spew my life's trivia online for all to read. These days, my Twitter account is a placeholder with some sterile, sanitized stuff on it, and FB was that way for a while until people decided to move all their private forums to FB groups.

So, yes, there are alternatives, but using them is like going to the sports bar that has 1-2 people in it, when everyone else is hanging out at the chic new night club downtown.

As for regulations, this concerns me. Smartly done, it would be a good thing, especially with data privacy and retention items. However, realistically, I fear that regulations would do far more harm than good, and what happens is that they get danced around (or just ignored), and the end subscribers wind up dealing with it. For example, if every country followed Russia's lead and demanded their data be stored on servers at their borders, this would allow domestic spying to easily find would-be dissidents and political rivals would get the Nemtsov treatment a lot quicker in some nations.

It would be nice to see items like the right to be forgotten and a default data sunset life (where if the user doesn't explicitly state the data is permanent, it gets erased after 1-2 years), but here in the US, I rarely see regulations benefiting the end users as a whole. For example, when the EPA tightened the noose with no real warning on the steel industry, the entire sector wound up bankrupt since they couldn't compete with Chinese firms that didn't have to deal with all the Draconian regulations, especially with no protective tariffs to level the playing field.

Comment: Re:FDE on Android doesn't work as of yet (Score 1) 110

by mlts (#49174051) Attached to: Google Backs Off Default Encryption on New Android Lollilop Devices

If the entire filesystem was locked, apps that save pictures off like Dropbox's app that get CPU time from iOS due to shifting GPS locations would not work.

There are protected stores which do get locked and are not readable until the device is unlocked, but that is generally part of Apple's KeyChain mechanism.

Comment: Re:FDE on Android doesn't work as of yet (Score 1) 110

by mlts (#49173769) Attached to: Google Backs Off Default Encryption on New Android Lollilop Devices

Attacking the device PIN is a lot harder. After a few times, the device will prompt for one's gmail account (if set up), or just start giving ever-longer timeouts. Some devices can be set to just format the /data partition and do a factory restore.

Some Android phones have some anti-brute force protection at boot, if someone doesn't find a way to dd off the /data partition. First, the device starts timing out, then after 30 tries, it zeroes out /data and does a factory restore.

The protection is decent enough. Most attackers won't guess a 4-6 digit PIN before the phone locks, and if they decide to turn it off and back on, they end up presented with having to deal with the entire /data unlocking passphrase, and get it right in 30 tries.

Comment: Re:FDE on Android doesn't work as of yet (Score 1) 110

by mlts (#49172615) Attached to: Google Backs Off Default Encryption on New Android Lollilop Devices

This is an issue, but at least the FDE code is out in the open, and is based on a known, good algorithm (dm-crypt) that has been in Linux for a long time.

Google is taking steps to fix it. In the latest iteration of devices, the encryption key won't be directly decrypted from the password the user gives, but the password goes to a hardware chip that compares the PIN, and if correct, passes the volume decryption key to the OS.

If one has root access, there is even a better way. You can have the password used to boot and decrypt the /data partition separate from your screen unlocking PIN. This will be a PITA when rebooting the phone... but you can use a much shorter screen unlock code, while still having the full protection of a long key that you set. The downside of this is that root access is required.

Comment: Re:Leave Mac OS out of this. (Score 1) 478

by mlts (#49172367) Attached to: Why We Should Stop Hiding File-Name Extensions

The nice thing about OS X is that you -can- run unsigned binaries... but you explicitly have to allow them via hitting control when double-clicking on them. .kext files are a different story altogether... but you can disable signing by putting kext-dev-mode=1 in the NVRAM, but it is an all or nothing endeavor.

As for extensions, I sort of miss the old way Macs handled file typing, although the four level type and creator field is archaic these days. The way it was done, a simple rename would not change a file's type. It took going into ResEdit or another utility to actually change a file to an APPL (application).

Comment: Re:Duh? (Score 2) 478

by mlts (#49172119) Attached to: Why We Should Stop Hiding File-Name Extensions

Not sure how Macs have training wheels, but my antediluvian MacBook running Yosemite shows all file extensions in the Finder, and when I'm using a shell window, ls -l and ls -la work just as well as in AIX, Linux, BSD, Solaris, or any other UNIX or UNIX variant.

I'm OS agnostic, and OS X has some annoying qualities [1], but being able to see file extensions isn't one.

[1]: My biggest complaint about not OS X specifically, but Mac hardware is that Apple killed off the XServe, You -can- rackmount a Mac Pro with a RackMac kit, but it would be nice if Apple still kept a toehold in the enterprise.

I don't mean to digress, but if Apple could make Macs that could connect to each other via Infiniband and read/write to each other's storage, it would be a platform that could run applications at SAN speed and reliability, but without the SAN, just local drive arrays. Doing this would ensure a niche in the enterprise. Apple even has a clustered filesystem, XSan, so in theory, if Apple did a bit of design, one could have a bunch of Macs with fault tolerance of failed drives and systems, similar to how the EMC Isilon arrays work.

Comment: Re:B0ll0cks... (Score 3, Informative) 464

Not defending her, but both your excuse that the other lizards did it

Did you respond to the wrong post? Nothing I wrote can be read as "The other lizards did it" - not without cropping the entire post to remove all context.

The point I made (I'm not even "excusing" her) is that the law she's accused of breaking is an executive decree that was made TWO YEARS AFTER SHE LEFT OFFICE.

Comment: Re:B0ll0cks... (Score 1) 464

Back up a bit: what if she's right? What if the rules that applied during her tenure are not the current rules? What if Obama created the current rules two years after Clinton left the State Department?

And what if she was doing the exact same thing as (to name a largely reputable figure on "the other side" that few people suspect of corruption) Colin Powell had done?

Comment: Re:Thought it was already the norm abroad (Score 1) 125

by mlts (#49169511) Attached to: Will you be using a mobile payment system?

I am guessing the reason why this hasn't hit the US in this form is that there is good money to be made by banks if users overdraw, triggering fees and credit dings (which make the banks more money because it means they have a reason to hike interest rates.) There is also the fact that a bank makes interest if someone leaves cushion money in the account so this doesn't happen.

The next person to mention spaghetti stacks to me is going to have his head knocked off. -- Bill Conrad