Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Monopoly Control (Score 1) 98

They are not true monopolies... but they are used on a name basis. For example, what FB gives, and only FB does is the fact that it has a lot of momentum behind it, and people tend to use it as a primary way of communicating.

In the past, I was shown the door during job interviews because I didn't have a FB or Twitter account, being called a "fossil" since I didn't spew my life's trivia online for all to read. These days, my Twitter account is a placeholder with some sterile, sanitized stuff on it, and FB was that way for a while until people decided to move all their private forums to FB groups.

So, yes, there are alternatives, but using them is like going to the sports bar that has 1-2 people in it, when everyone else is hanging out at the chic new night club downtown.

As for regulations, this concerns me. Smartly done, it would be a good thing, especially with data privacy and retention items. However, realistically, I fear that regulations would do far more harm than good, and what happens is that they get danced around (or just ignored), and the end subscribers wind up dealing with it. For example, if every country followed Russia's lead and demanded their data be stored on servers at their borders, this would allow domestic spying to easily find would-be dissidents and political rivals would get the Nemtsov treatment a lot quicker in some nations.

It would be nice to see items like the right to be forgotten and a default data sunset life (where if the user doesn't explicitly state the data is permanent, it gets erased after 1-2 years), but here in the US, I rarely see regulations benefiting the end users as a whole. For example, when the EPA tightened the noose with no real warning on the steel industry, the entire sector wound up bankrupt since they couldn't compete with Chinese firms that didn't have to deal with all the Draconian regulations, especially with no protective tariffs to level the playing field.

Comment: Re:FDE on Android doesn't work as of yet (Score 1) 114

by mlts (#49174051) Attached to: Google Backs Off Default Encryption on New Android Lollilop Devices

If the entire filesystem was locked, apps that save pictures off like Dropbox's app that get CPU time from iOS due to shifting GPS locations would not work.

There are protected stores which do get locked and are not readable until the device is unlocked, but that is generally part of Apple's KeyChain mechanism.

Comment: Re:FDE on Android doesn't work as of yet (Score 1) 114

by mlts (#49173769) Attached to: Google Backs Off Default Encryption on New Android Lollilop Devices

Attacking the device PIN is a lot harder. After a few times, the device will prompt for one's gmail account (if set up), or just start giving ever-longer timeouts. Some devices can be set to just format the /data partition and do a factory restore.

Some Android phones have some anti-brute force protection at boot, if someone doesn't find a way to dd off the /data partition. First, the device starts timing out, then after 30 tries, it zeroes out /data and does a factory restore.

The protection is decent enough. Most attackers won't guess a 4-6 digit PIN before the phone locks, and if they decide to turn it off and back on, they end up presented with having to deal with the entire /data unlocking passphrase, and get it right in 30 tries.

Comment: Re:FDE on Android doesn't work as of yet (Score 1) 114

by mlts (#49172615) Attached to: Google Backs Off Default Encryption on New Android Lollilop Devices

This is an issue, but at least the FDE code is out in the open, and is based on a known, good algorithm (dm-crypt) that has been in Linux for a long time.

Google is taking steps to fix it. In the latest iteration of devices, the encryption key won't be directly decrypted from the password the user gives, but the password goes to a hardware chip that compares the PIN, and if correct, passes the volume decryption key to the OS.

If one has root access, there is even a better way. You can have the password used to boot and decrypt the /data partition separate from your screen unlocking PIN. This will be a PITA when rebooting the phone... but you can use a much shorter screen unlock code, while still having the full protection of a long key that you set. The downside of this is that root access is required.

Comment: Re:Leave Mac OS out of this. (Score 1) 490

by mlts (#49172367) Attached to: Why We Should Stop Hiding File-Name Extensions

The nice thing about OS X is that you -can- run unsigned binaries... but you explicitly have to allow them via hitting control when double-clicking on them. .kext files are a different story altogether... but you can disable signing by putting kext-dev-mode=1 in the NVRAM, but it is an all or nothing endeavor.

As for extensions, I sort of miss the old way Macs handled file typing, although the four level type and creator field is archaic these days. The way it was done, a simple rename would not change a file's type. It took going into ResEdit or another utility to actually change a file to an APPL (application).

Comment: Re:Duh? (Score 2) 490

by mlts (#49172119) Attached to: Why We Should Stop Hiding File-Name Extensions

Not sure how Macs have training wheels, but my antediluvian MacBook running Yosemite shows all file extensions in the Finder, and when I'm using a shell window, ls -l and ls -la work just as well as in AIX, Linux, BSD, Solaris, or any other UNIX or UNIX variant.

I'm OS agnostic, and OS X has some annoying qualities [1], but being able to see file extensions isn't one.

[1]: My biggest complaint about not OS X specifically, but Mac hardware is that Apple killed off the XServe, You -can- rackmount a Mac Pro with a RackMac kit, but it would be nice if Apple still kept a toehold in the enterprise.

I don't mean to digress, but if Apple could make Macs that could connect to each other via Infiniband and read/write to each other's storage, it would be a platform that could run applications at SAN speed and reliability, but without the SAN, just local drive arrays. Doing this would ensure a niche in the enterprise. Apple even has a clustered filesystem, XSan, so in theory, if Apple did a bit of design, one could have a bunch of Macs with fault tolerance of failed drives and systems, similar to how the EMC Isilon arrays work.

Comment: Re:Thought it was already the norm abroad (Score 1) 129

by mlts (#49169511) Attached to: Will you be using a mobile payment system?

I am guessing the reason why this hasn't hit the US in this form is that there is good money to be made by banks if users overdraw, triggering fees and credit dings (which make the banks more money because it means they have a reason to hike interest rates.) There is also the fact that a bank makes interest if someone leaves cushion money in the account so this doesn't happen.

Comment: Re:Interesting idea, nasty downsides (Score 1) 88

by mlts (#49169123) Attached to: New Seagate Shingled Hard Drive Teardown

If this technology becomes commonplace, I can see this used as a third tier of storage, between normal HDDs and tape, either used as a live landing zone until it gets copied to tape, or perhaps used in concert with a higher tier landing zone, where the data is written onto the platters already deduplicated, aimed at staying there for long term storage.

Even operating systems are starting to become storage tier aware. Windows Server 2012R2 can autotier between SSD and HDD, and Windows Server 10 has improved on that.

What would be ideal would be some drive maker to come up with some way of creating cartridges of drives, in a RAID configuration. Something like iMation's RDX... except each cartridge having 2+ drives in them, so each unit has not just RAID, but can be scrubbed to find and correct bit rod when the garbage collector goes about its business. This would completely replace tape, but also offer the benefits of tape, as in being offline and out of the reach of a bad guy doing "rm -rf/" on every SAN and NAS he can find with his newfound domain admin rights.

Comment: Re:liquid metal? (Score 1) 230

by mlts (#49164487) Attached to: Samsung Officially Unpacks Galaxy S6 and Galaxy S6 Edge At MWC

I wonder what Liquid Metal has over sintered aluminum or other alloys. LM has to have a specialized injecting molding machine that keeps a vacuum during the process. Sintering aluminum and other items have their issues, but it is a relatively simpler process to get precise items coming out.

Comment: Re:Nope (Score 2) 230

by mlts (#49164379) Attached to: Samsung Officially Unpacks Galaxy S6 and Galaxy S6 Edge At MWC

I would say my HTC M8 is a combination of the two. Replaceable batteries are useful, and my last Motorola phone, the Atrix 2, had one and wasn't considered a porker by any means.

The SD card is more important. Sandisk has 200GB MicroSD cards out. This doesn't give just storage, but the ability to do backups, either with nandroid or with Titanium Backup. Since Titanium Backup uses a very good encryption system for backups (you set a password which encrypts the private key stored with the backup files, and TB uses the public key for backups, only asking for the password to unlock the private key for restores.) To boot, I can copy music to and from the SD card before I load it into the phone. Of course, if something happens and I end up trashing the ROM on the device, I can reload a backup while on the road.

The biggest reason why I won't buy a Samsung Galaxy is because of the fact that it took a major bounty to even get root on the device, much less a custom ROM. The HTC comparable, the One M8 (and the M9 coming out this month) happily runs my custom ROM with XPrivacy and other items. The eFuse issue with the Galaxy is another turn-off. Even with iPhones, if I have a trashed jailbreak, I can use DFU mode and factory restore the device to as good as new. The fact that the Samsung offering permanently disabled functionality is a major minus in my book.

For a corporation, Knox is a useful tool. For an individual, it doesn't do much.

Comment: Re:Why is this a thing? (Score 1) 59

by mlts (#49153651) Attached to: BlackPhone, In Wake of Gemalto Fallout, Receives $50 Million In Funding

Since the SoC functions are still a black box, I rather just go with a ROM on a moddable handset like the HTC One M8 with XPrivacy installed, where even if a basic fleshlight app demanded every priv under the sun, it won't get it. When it comes to phones, having the ability to block apps from phoning home is a major security feature.

Even better, why can't a company work on virtualization on a handset? That way, one can have a VM for web browsing, one for work stuff, one for home/personal, and one for clients? This is more important and would be more useful (especially if the hardware supported two SIM cards) then yet another black box phone. With online deduplication and having the hypervisor do the encryption, decent security can be maintained on a device without much fuss from the user.

Comment: Re:How about Lenovo go one step better? (Score 1) 208

by mlts (#49150395) Attached to: Lenovo Saying Goodbye To Bloatware
I'm not attached to any of these ideas I posted, so if proven wrong, that is just fine with me... again, they were just thoughts of something that might be useful. TPM 2.0 is part of the Windows Certification spec, but oftentimes, there are many computers that will run Windows 8.1, but are not certified for it. Here is the link:

Genius is ten percent inspiration and fifty percent capital gains.