Forgot your password?

Close
typodupeerror
Android

+ - How do you store sensitive data on your mobile devices?

Submitted by infodragon
infodragon writes "I'm just now seriously diving into the mobile world and have many questions surrounding all the devices, apps and options. However, one stands out; How do I protect sensitive data? On Linux this question is easy, I use RAID 1/5/6, depending on need, with LVM in the middle and topped with LUKS. This setup is very powerful and extremely flexible. Is it possible to match the strength of LUKS on Android? iOS? What are the solutions the /. crowd has used?"

Comment: Re:You're asking the wrong question. (Score 1) 878

by infodragon (#41921215) Attached to: Do Recreational Drugs Help Programmers?

I picked up a large base of C code of a guy who would only code when he was drunk. It was the biggest mess I ever saw, except a small part that was commented, "I did this sober because it had to be fixed yesterday..."

In his case mind altering substances helped, but he had no business coding to begin with.

I had the misfortune of meeting one of his team mates who was consulting for the firm to "bring us up to speed." 60's throwback begins to describe him, which explained the other mass of rambling code I had to deal with. You could tell, by the names of functions and variables, when he had the munchies/giggles and it got dark when he was paranoid. Humorous to go through, terrible to maintain. Oh yea, did I mention this software was operating networks of ATMs, as in peoples money?!?

Comment: Re:Umm (Score 1) 510

by infodragon (#41676993) Attached to: Ask Slashdot: How Do SSDs Die?

I couldn't agree more... But what's best often meets real world. It was a skunkworks project with no budget. It was amazing we got things working the way we did and the results got the attention it needed and then the resources were allocated.

The server was the old 737(?) pin first gen amd64 bit system. 64 bit Gentoo linux with software raid running the 5 SATA 80GB Seagate HDs. 2Gb of ram for a DB of 150GB of which 80% of the data was accessed on a daily basis... It was CRAZY project put together with the lowest of budget that achieved results good enough to actually get resources allocated rather than "it's good! keep it up!"

Gotta love the reactions on /.

Comment: Re:Umm (Score 1) 510

by infodragon (#41671933) Attached to: Ask Slashdot: How Do SSDs Die?

That and the fab process is so precise that a fault is replicated so precisely that after 90 days of 24/7 operation they all failed within 24 hours, 4 failing in 8 hours. So it was engineered bad luck!

Anyway I glad those days of system admin are behind me, I'm with my passion now which is HPC C++ development. Those experiences stuck with me and give me much more respect for the admin of the HW I now use. It's funny and sad to watch their expressions when I talk to them intelligently and with respect. It's like they've never had that happen before.

Comment: Re:Umm (Score 3, Interesting) 510

by infodragon (#41671685) Attached to: Ask Slashdot: How Do SSDs Die?

[Sarcasm]Nothing like 20/20 hindsight... If I had done anything like trying to rebuild the array it would have fallen apart... Oh wait... If I had followed what you suggested I would have been SCREWED.[/Sarcasm]

I made a decision based on what on the information on hand.. The rebuild would have take more than a few hours, 80GB disk was SLOW, i.e. first gen SATA. By executing the DB dump I was hitting less than 1/2 the disk capacity on read than 100% disk capacity on a write. It would be significantly faster to retrieve the data than to rebuild. That time window was critical, 2 hours of read vs 4+ hours of write. I also knew I had all the data on hand and all the scripts tested monthly for rebuilding the entire DB on a different server. The decision was easy! Grab the DB data now, redeploy on another system and address the issue on the spot. The system ended up being down 3 hours rather than 24+.

Secondly The failure was abrupt with no SMART messages, I couldn't trust the others to not have the same non-reporting issues. I made a choice on the spot on how to proceed knowing full well I may have signed my own 24h torture warrant. Fortunately I didn't have the worst case happen and I learned a critical lesson.

A bit more information...

+- 30 minutes on each one
First disk failed...
2 hours later second disk failed...
2 hours later third disk failed.
2 hours later 4th disk failed
16 hours later 5th disk failed.

Comment: Re:Umm (Score 2) 510

by infodragon (#41670903) Attached to: Ask Slashdot: How Do SSDs Die?

Never paranoid enough when dealing with data! I had a RAID 5 (5 disks) of Seagate 80GB SATA disks; 4 failed within an 8 hour window, the 5th failed within 24 hours of the first; this was 3 months after purchase. It was a HUGE PITA. First drive failed and I started an immediate DB dump to an NFS mount. 20GB and 2 hours later the second disk failed and RAID was dead. I ran the other three disks just to see what would happen...

I will NEVER, EVER run two storage medium (Spinning platter, SSD, ...) from the same lot in the same RAID ever again. I was saved by 20 minutes, in the above situation, from 24 hours of hell.

Comment: Re:Press coverage (Score 2) 757

by infodragon (#41411497) Attached to: Rapid Arctic Melt Called 'Planetary Emergency'

They aren't that stupid, they just choose to be! There was a /. article a few months back that showed that giving evidence that contradicted someone's beliefs had the effect of reinforcing their beliefs. That on top of that you have many that just don't care, don't understand, or just want to be distracted. They exist on both sides.

Based on what is readily available, linking the ice melt in the north to global warming is incorrect. This does not mean there is no global warming, I personally believe the earth is still warming from the mini-ice age that just ended http://en.wikipedia.org/wiki/Little_Ice_Age.

Below are reports on what is going on. Both state facts that can be shown to draw separate conclusions. The really interesting thing is we are past the 2nd standard deviation for antarctic ice growth, which is exceeding the amount of ice lost so we are in a net positive. Just try to explain this to the average Joe and watch them lose interest really fast! Use a car analogy and you still don't get anywhere. Once evidence is shown that seems to conflict most humans ignore it because understanding the complexity exceeds the effort to survive the next week.

Earth Loses Its 'Air Conditioner': Arctic Ice Cap Shrinks to Record Low Level
http://www.pbs.org/newshour/bb/science/july-dec12/icemelt_09-20.html
http://nsidc.org/news/press/2012_seaiceminimum.html

Polar sea ice could set ANOTHER record this year
Exceptionally large amounts of it down south right now
http://www.theregister.co.uk/2012/09/21/arctic_antarctic_sea_ice_record/

Comment: Re:Press coverage (Score -1) 757

by infodragon (#41410489) Attached to: Rapid Arctic Melt Called 'Planetary Emergency'

[sarcasm] Scientists first observed global warming in 1895. Then in 1920 they said it was global cooling. Then in 1935 they said there was global warming, but then in 1975 they said it was the verge of a new Ice Age but then it became global warming again. But that is all old news. Let's stop talking about discredited work... [/sarcasm]

From generation to generation people have heard so much about global warming and global cooling that they don't believe what is being said now. "Back in my day the world was cooling and the US was going to be covered in ice in 50 years!" Kids grew up hearing that and those kids now have heard from their (grand)parents the opposite of what is being said now. So science was wrong before it is wrong now so give me my iPhone 7SSS!

Also we have become numb to almost everything due to the massive bombardment by the media of anything and everything. From the most important, the Kardashians, to the least, Global Warming. Oh yea and something about our embassies being attacked, somewhere in a desert...

The fault lies with us, as a population, not wanting to deal with what isn't going to affect us in the next week or two (oddly the time between most paychecks.) The masses are incurably ignorant. In any group large enough, most are idiots! So we continue to consume a scarce resource in moving about back and forth to the mall and think that consuming 2x as much to produce the equivalent in "bio-fuel" which is then consumed to go to the mall is "green."

The blind following the blind following the def.

I'm just in a bad mood today so take that into account.

Cloud

+ - 'Space travel' technique allows secure VM to automatically introspect other VMs->

Submitted by Anonymous Coward
An anonymous reader writes "UT Dallas computer scientists have developed a technique to automatically allow one computer in a virtual network to monitor another for intrusions, viruses or anything else that could cause a computer to malfunction.

The technique has been dubbed "space travel" because it sends computer data to a world outside its home, and automatically bridges the semantic gap between in-VM state and out-of-VM interpretation.

The ability to leverage existing code goes a long way in solving the gap problem inherent to many types of virtual machine services," said Chen, the Arthur F. Thurnau Professor of Electrical Engineering and Computer Science, who first proposed the gap in 2001. "(Yangchun) Fu and Lin have developed an interesting way to take existing code from a trusted system and automatically use it to detect intrusions."

Read more at: http://phys.org/news/2012-09-cluod-cyber-space-technique-machine.html"
Link to Original Source
Open Source

+ - Leveraging Open Source Experience in Your Job Hunt->

Submitted by
Esther Schindler
Esther Schindler writes "Working in open source brings many kinds of rewards. Open source participation helps get the software created that you need, and it brings a sense of accomplishment to help others with the work you do. If you’ve been involved in an open source community, you probably also have discovered that it’s a way to gain new technical skills.

But, writes Andy Lester, the experience you gain in a FOSS project can also help you when you go looking for a job. In Leveraging Open Source Experience in Your Job Hunt, he points out, "Your experience in working in open source is just that — work experience. Even if you're not paid for your contributions, it is still valuable experience that belongs on your resume, and the contacts you make in the community can help you find jobs." Whereupon he enumerates the ways you can list your open source experience on your resume, approach project colleagues about work references, and guiding a hiring manager through your best work (hint: Don't just say, "Here's a link to my github page")."
Link to Original Source
Patents

+ - You can now file with the USTPO to shoot down and invalidate obvious patents->

Submitted by
Cutting_Crew
Cutting_Crew writes "Yes this is from Wired again, but as they state here today marks the first day that any 3rd party can file an injunction against patents that are frivolous, too obvious and even offer proof of prior art.

Stack Exchange has a patents forum now to help start the process as they have been working with google and also collaborating with the patent office since 2007 on testing patents.

So here is my question. Which frivolous, too obvious, downright ridiculous patent are you going to submit?"
Link to Original Source
Databases

+ - Critical Hole Opens Oracle 11g To Offline, Dictionary Attacks->

Submitted by
chicksdaddy
chicksdaddy writes "A presentation at the Ekoparty Conference in Argentina will detail a critical hole in some versions of Oracle’s Database Server that could allow remote attackers to crack user and administrator passwords. The presentation, by researcher Esteban Fayó of Application Security Inc., describes a vulnerability in versions 11.1 and 11.2 of Oracle’s native authentication protocol, which is used by Oracle 11g Database Servers. The flaw allows any user with knowledge of a valid Oracle Database login to determine if a given password corresponds to that user account.
In an interview with Security Ledger, Fayó said that he discovered the authentication flaw while researching another problem. To help conduct his research, Fayó created a small test program that authenticated repeatedly with the Oracle database server using the same user name, but different passwords.After running it, he noticed strange behavior when he analyzed the network packet captures from sessions between his test client and the Oracle Database server. Namely: the client seemed to know that it had the wrong password before the server rejected the login attempt. “Most of the times, when password (sp) is wrong, Oracle 11g client returns ORA-1017 (“invalid username/password message) without sending the password,” Fayó wondered how the client knew the password was wrong in advance.

The answer was that the client was able to verify the password simply using the information that the database server had already supplied during the login attempt, namely: the unique session key for the login session and a random value – or salt- used to secure passwords from cracking.
It's another black eye for Oracle, which was informed of the flaw in May...2010!!! Oracle fixed it by swapping out the logon protocol with Version 12 (patch 11.2.03) in August, 2011. But Fayó charges the database giant with downplaying the seriousness of the flaw: pushing it out as a software update instead of a security-focused Critical Patch Update (CPU) and mentioning the change only in an obscure passage "Protection Against Password-Guessing Attacks" from the readme file that accompanied the 11.2.03 patch."
Link to Original Source

APL is a natural extension of assembler language programming; ...and is best for educational purposes. -- A. Perlis

Close