Forgot your password?

Comment: There is a lot we need for long term archiving (Score 4, Informative) 41

by mlts (#47952261) Attached to: Data Archiving Standards Need To Be Future-Proofed

The problem is that we do have formats that do work for long term archiving, but are limited to a platform and are not open, so decoding them in the future may be problematic.

WinRAR is one example. It has the ability to do error detection and correction with recovery records. However, it is a commercial product.

PAR records are another way, but it is a relatively clunky mechanism for long term storage.

Even medium term storage on disk/tape can be problematic:

There is one standard for backup programs for tape, and that is tar. Very useful format, but zero error correction or detection, other than reading and looking for hard errors. There are tons of backup programs that work with tapes. Networker, TSM, NetBackup, and many others come to mind, all using a different format. Of course, once you get the program, there is still finding the registration key, and some programs require online activation (which means when the activation servers get shut off, you can never do a restore from scratch again.) We need one archive grade standard for tape, perhaps with a standard facility for encryption as well.

Same with disks. It wasn't until recently that there was any bit rot detection in filesystems at all. Now with ReFS, Storage Spaces, ZFS, and btrfs, we now can tell if a file is damaged... but none of the filesystems have the ability to store ECC on an entire (other than ZFS and ditto blocks.) It would be nice to have part of a filesystem be a large area for ECC on a block basis. It would take some optimization for performance, but adding ECC in the filesystem is more geared for long term storage than day to day file I/O.

Finally there is paper. Other than limited stuff on QR codes, there isn't any real way to print a document onto paper, then scan it to get it back. There was a utility called Paperbak that purported to do this, offering encryption, error correction, various DPI codes, and so on. It printed well, but could never scan and read any of the documents printed, so it is worthless. What is needed is something like the Paperbak utility, but with a lot more robust error detection (like checking of blocks are at an angle similar to how QR codes can be scanned from any direction.) This utility would have to be completely open for it to have any use at all. However, if it could be done to print small documents to paper, it would help greatly in some situations, such as recovering encryption keys, archived tax documents, and so on.

Ironically, in general, we have the formats for long term storage. We just don't have any that are open.

Hardware is an issue too. Hard drives are not archival media. Tapes are, but one with a reasonable capacity is expensive, well out of reach for all but the enterprise customers. It would be a viable niche for a company to make a relatively low cost tape drive that could work on USB 3, has a large buffer (combined with variable tape speeds to prevent shoe-shining), and has backup software with it that is usable and open, where the formats can be re-engineered years down the road for decoding.

Comment: Re:First (Score 1) 19

by mlts (#47952105) Attached to: Dropbox and Google Want To Make Open Source Security Tools Easy To Use

How about an open source cloud sync API, that allows machines to sync with the offsite provider, as well as each other. That way, each provider doesn't need to reinvent the wheel with this code.

Even better, add hooks for encryption, either a symmetric key, or some faculty that uses public/private key encryption to allow files to be stored without a key, but would need the private key for retrieval.

Best of all would be a way to have a low-cost, low-volume service like Amazon Glacier and an API for that. That way, files can be flagged to be sent to the low-cost storage service every so often.

Comment: Re:Good (Score 2) 68

by mlts (#47951925) Attached to: Microsoft Kills Off Its Trustworthy Computing Group

I found that this technology has two edges to it. The first is its use for DRM, but the second is something I've found useful.

A TPM chip can come in handy with BitLocker. It means that brute forcing a drive's password becomes not an option, as an attacker is faced with the full 128 or 256 bit keyspace of AES. Unless an attacker can uncap the TPM chip, brute forcing a password will only cause the chip to lock due to excessive attempts and not allow access in any way.

It also provides peace of mind. With a TPM + PIN + USB flash drive, if my laptop gets stolen, if I have the USB flash drive on my keychain, I know the laptop's contents are protected. Even if the keychain is stolen, there is still the PIN which has to be guessed. If the MBR or BIOS are modified, it will be detected, and not allow the machine to boot. Not 100% security (XKCD rubber hoses and cold RAM attacks will beat it for example), but good enough.

Problem is that this type of technology to ensure malware hasn't tampered with the boot process tends to be far more often used to keep legitimate people out of their device rather than to allow legitimate device owners to keep control of their data.

Comment: Re:I've never shorted a stock (Score 1) 68

by mlts (#47951903) Attached to: Microsoft Kills Off Its Trustworthy Computing Group

There was one major feature, and two "features" added to XP:

1: The zone/firewalling support. This is actually useful just to keep dodgy apps from opening up a port or ensuring nothing can connect directly. Third parties like Zone Alarm had this functionality, but would keep prompting the user for every single connection, so eventually users would just click "allow all and don't bug me", and be done with it.

2: Secure Audio Path, where anything protected with WMA's DRM could only play on a stack of signed audio drivers.

3: Activation.

Of course, there were some other minor tweaks here and there, but the leap from W2K to XP wasn't groundbreaking. Windows 3.11 to Windows 95 was a major leap in virtually everything. The second greatest leap was with the server side -- Windows 2000 Server from NT Server was a nice leap for servers because the whole model of NT domains was changed to be a lot more scalable.

The reason why XP was considered decent is because it was out for a long time and people got used to it. On the server side of the house, Windows Server 2003 is still supported until July 14 of next year... but most places have moved to at least Windows Server 2008 if not newer just because of the better security in more recent versions.

Comment: How about buying PGP? (Score 4, Interesting) 19

by mlts (#47950207) Attached to: Dropbox and Google Want To Make Open Source Security Tools Easy To Use

If they are serious, they should buy Symantec Encryption Desktop (formerly PGP Desktop) from Symantec and open source the full version of that. It has a decent UI, works well with Outlook and Thunderbird, and does well on Windows, OS X, and Linux. That would give decent security on the hard disk level, file container, and individual file level. Even directories can be encrypted, CFS/EncFS like.

Comment: Re:The US already had this power for a long time (Score 1) 214

by mlts (#47950091) Attached to: Putin To Discuss Plans For Disconnecting Russia From the Internet

Possible but unlikely. The main reason why SOPA and PIPA were not passed wasn't the protests and website shutdowns, but the fact that Russia and China made it firm that cutting their websites from the Internet would be viewed as the same thing as a naval blockade... an act of war. With Congress afraid of their own shadow, it is no wonder why they backed down, saying it was the will of the people.

No way the entire Internet will be shut down by the US. First thing that will happen is that the UN would get handed ICANN's responsibilities, and the Internet would be up... but under new management.

Second thing is that no US Congressperson would allow it to happen. They get too much money directly from foreign donors, or indirectly companies made rich by foreign trade, which would be shut down in a trade war almost immediately.

I can see SIPRNet or NIPRNet having a master switch that shuts all core nodes of those down, but the Internet? Extremely unlikely. There is just too much big money that relies on the Internet, and if they can afford billions of dollars of computers for HFT, they can afford to get a President impeached who might even think of harming their business model.

Comment: Re:PLEASE! (Score 1) 214

by mlts (#47949455) Attached to: Putin To Discuss Plans For Disconnecting Russia From the Internet

I'm around the same. The attacks come from where there are unsecured IPs, not where the bad guys live. For a while, IP ranges which consisted of DSL or cable modem clients were on the top of the attack source list. On average, nations coming up to speed tend to have average people who are not up to speed on security. This is why in China, malware from pirated app stores is a major problem while it is relatively rare in the US and Western Europe.

Of course, it can't hurt to block by IP ranges in the first place (and do the blocks on multiple layers [1] on public facing boxes like Web servers), just to narrow the scope of what is hitting the machine.

[1]: The firewall, the application, and the OS. That way, if something glitched and the firewall got opened to the world, the servers will still be protected by their own innate IP stack filters.

Comment: Re:Free Willy! (Score 1) 407

by mlts (#47948977) Attached to: Scotland Votes No To Independence

The closest analog to that would be the SCOTUS here across the pond. The problem comes in when they are appointed because they have the extreme view of whomever is appointing. That is why most decisions made by the Supremes are almost always split 5-4.

If the US Senate was styled that way where the Senate positions were appointed (perhaps by the state governor), it might help with mitigating radical parties that get into power, but on the other hand, it might only result in extremists having that chunk of the governing machine to themselves.

Comment: Re:Repair (Score 1) 52

by mlts (#47947159) Attached to: Inside Shenzen's Grey-Market iPhone Mall

It depends on the technology. Cars, iPhones, and computers tend to change often.

Maybe a better item would be an example of something that really doesn't change much. For example, generators. Take a 3000 watt generator that is used for RV-ing. One can buy a no-name Chinese variant. However, if something breaks, parts are extremely hard to find since the generators have different generations as they change fairly often. A carb that fit well on this month's batch of models would be useless 6-12 months from now. The other option is to pay significantly more for a name brand like Honda or Yamaha, where 10-15 years from now, if one needs a belt, carb, or even an inverter board, there will be a dealer with one in stock, or at worst, it would have to be shipped.

Other than a move to inverter logic and better voltage regulation, generators have not changed much other than minor advances. Here is a case where paying a bit more will pay off in a longer service life. Yes, one can get "disposable" generators, but it is better for the economy and the environment to have something that can be serviced and rebuilt. Plus, parts are a definitely a profit center.

Comment: Re:The Titanic is UNSINKABLE. (Score 4, Insightful) 306

by mlts (#47946469) Attached to: U2 and Apple Collaborate On 'Non-Piratable, Interactive Format For Music'

Devil's advocate:

Things are different from the 2000s when everyone and his brother, sister, grandmother, and father in law was coming out with an "unhackable" DRM scheme. For one, the market has shifted from PCs/Macs to consoles for gaming. The PS4, Xbox One, and others have not been cracked yet, so piracy and hacking is at 0% on those platforms.

We also didn't depend on user accounts. A background process like VAC or Blizzard's Warden didn't exist that would completely cut off access to services. All it would take is Apple running a similar process that sits in the background and looks for cracking tools, then locks any AppleIDs suspected of doing so. The days of running "unfuck.exe" are long gone, since it would get detected, and all access lost.

Of course, there is video. Yes, there are SD copies and screeners, maybe even someone ballsy enough to cam and slip that on BitTorrent, but 1080i (true, not upsampled) movies are rare. Satellites have not have any real hacks in a decade. Even Apple's movie format has no working cracks with no deprotection utilities out, unless one wants to capture video and re-encode it with the generational quality loss.

Yes, we will see some "cracks", such as saying World of Warcraft is cracked because someone is running a server emulator, but I will be surprised to see available, unprotected works that were protected in this format.

Yes, DRM has been cracked in the past, but it gets harder and harder each cycle. Even Blu-Ray hasn't been fully cracked yet (it is still a race with each individual movie.)

Comment: Re:Repair (Score 1) 52

by mlts (#47945565) Attached to: Inside Shenzen's Grey-Market iPhone Mall

It is starting to appear in the US as well. I'm seeing "fix your iPhone" places pop up in the small corner stores that the old pager shops, title loans, and other dodgy places tend to inhabit.

Of course, one thing that gets discussed is how many stolen smartphones get taken apart and wind up at places like that. Of course, the motherboard of the phone isn't usable because of activation and IMEI blacklists, but screens, batteries, speakers, and other small parts are always in demand, especially for newer phones that may not have parts available yet.

Comment: Re:Thank god for Apple... (Score 1) 52

by mlts (#47945475) Attached to: Inside Shenzen's Grey-Market iPhone Mall

They are still using, AFIAK, with the latest gen iPhones, as they mentioned "ion strengthened" glass, which is what Corning's product is.

I think the iWatch will be the first product with the sapphire glass research, since it is better with smaller screens. Plus, there is a difference between scratch resistance and shatter resistance. A watch can use a lot more scratch resistance than shatter resistance, so a harder, more brittle glass like sapphire glass would be more useful as opposed to something a bit less hard, but more resilient (less shatter prone) that would be needed on phones and tablets.

Comment: Re:Part of the defamed "e-waste" culture (Score 1) 52

by mlts (#47945387) Attached to: Inside Shenzen's Grey-Market iPhone Mall

AFIAK, it is more like "tribute", like an Elvis tribute band.

The ironic thing is that tinkerers are the people that started the computer industry. If it were not for MIT's model railroad club and hobbyists from the two Jobs to Linus and Jolitz making basic operating systems, the world would look completely different. (Most likely we would be using Compuserve like forums with TV set top boxes for "internet" access, paying by the kilobyte, more if we actually stepped up to a 2400 bps modem.)

Because of this disposable mentality, the aspect of tinkering has all but vanished from the American psyche. The "cool" teenager who manages to modify the carb to shave a few milliseconds from his 0-60 score has been replaced by someone using Instagram to take a photo of their food before uploading to FB. Maybe the tinkering mentality might come back.

All and all, the tinkering mentality is what made the US what it was. If/when China gets the free-thinking, inventive mentality that has been a hallmark of the West, there is no stopping them, whatsoever. It also is a shame that it is lost, because the questioning, tinkering mentality separates people from drones.

Comment: Re:Repair (Score 2) 52

by mlts (#47945261) Attached to: Inside Shenzen's Grey-Market iPhone Mall

I don't like having to re-buy goods due to planned obsolesce. Take TVs, for example. I have a Sears TV in storage from the '80s. The manual has circuit schematics, where to get replacements for the channel buttons, how to replace switches, what pots are used where. It was made so someone with basic soldering skills could at least maintain it. A new LED TV just gets chucked and you buy a new one, even though the problem could be a membrane contact that costs a penny.

The economy is getting shittier in general. In the past, we could afford to replace things when something small broke. I had a collegue who bought a new car every 2-3 years, once when the relay controlling the heated seat failed. These days, it is commonplace to see people nursing their old Saturns and Honda Civics to keep them on the roads. That is why headlight polishing kits are so common. In the past, vehicles got replaced before the glass or Lexan dulled (or used sealed beam headlights.)

One reason why companies have chosen to go with products that cannot be repaired is simple -- it gets rid of the used market. In the past, if someone had a broken lawn mower, someone else could give it a carb rebuild and get it perfectly functional. A lot of goods, once broken, can't be recycled, much less salvaged for anything whatsoever, which means no real secondhand market.

This is going to backfire. Will a company make more money in the long run if they sell parts to fix their gizmos, or more gizmos in a good economy, and almost none when the economy goes bad and stays bad? For long term thinking, having repairable items brings in a long tail due to the parts sales.

Comment: Re:Expert. (Score 1) 306

by mlts (#47945031) Attached to: U2 and Apple Collaborate On 'Non-Piratable, Interactive Format For Music'

We already have this tech already. Pixelmags does exactly this with magazines in their DRM-ed format. Adobe Flash can do this as well, and has been doing so since the VideoWorks days.

So, I'm guessing Apple is going to be making something similar to a password-protected HyperCard stack I made in 1989 that had the menubar hidden, with a special extension to tell what tracks/sectors the file takes up and automatically exit if the file resides somewhere different?

It's time to boot, do your boot ROMs know where your disk controllers are?