Forgot your password?

Comment: Re:Alright smart guy (Score 4, Informative) 347

by mlts (#47960035) Attached to: Ask Slashdot: Is iOS 8 a Pig?

Android is a toss-up. If your phone has an easily unlockable bootloader and is fairly mainstream, then you likely can get unofficial updates or a CyanogenMOD version which will be supported for quite a while. You also might be able to find other ROMs people have made for the device, some with a more recent version of Android, some not.

If you get a model that has a locked bootloader, the company won't unlock it, and it isn't a popular enough model to get the mainstream developers to look at it, then it will probably need to be tossed.

Comment: Re:There is a lot we need for long term archiving (Score 1) 110

by mlts (#47952853) Attached to: Data Archiving Standards Need To Be Future-Proofed

There was an IBM computer made in the 1970s which stored data on black and white negatives. It would "write" to them via exposing light, then pass the negatives through the usual developer, stop, and fixer baths, finally into a storage area. Reading was done by having them scanned in, similar to punchcards.

It definitely is a nonstandard way of doing things, but I'm sure film chemistry has advanced quite well since then, so storing information as colored dots might be a long term archiving solution, provided there is an easy way to handle the negatives without them tearing. The grain of the film, ISO, amount of ECC per negative and other processes can be tuned as well.

There is an irony that the negatives I have from my 35mm camera will be printable long after I'm gone (assuming no mishandling), while on a SD card, once the electrons bail from the gates, the data is gone, no way to recover it, whatsoever. It would be nice to have some form of long term archiving format so bit rot doesn't claim picture collections.

I'd probably guess the only real way is to create some type of CAS that periodically copies data and checks/rebuilds ECC info to new media every so often, with multiple layers of bit rot detection in place, as well as a cryptographic signing layer to ensure that data dropped there hasn't been altered even though it has been ECC-ed and de-ECC-ed many times.

Comment: Re:I've never shorted a stock (Score 1) 98

by mlts (#47952841) Attached to: Microsoft Kills Off Its Trustworthy Computing Group

Definitely not. It was listed under a "feature" (in quotes) as something that isn't wanted, similar to the DRM stack. In fact, it has gotten worse since XP since you have to have either a KMS server that has Internet connectivity to phone home to MS so machines can activate from it for 180 days, or blow a MAK and activate over the phone.

I don't understand why MS forced volume activation on businesses. One can find fake KMS servers, and even though it isn't a complex piece of infrastructure, it is another thing that can fail or get hacked. It also doesn't support redundancy at the KMS layer, so it has to go onto a VM cluster with multiple paths or the like. If it drops, it isn't critical, but it can be annoying. There is also the fear that in theory (and this is pure tinfoil hat speculation, mind you), it can be used to shuttle/proxy info/code between clients, the KMS server and the outside world.

I don't know any other OS that requires activation. Oracle has some of the nastiest licensing around, and their main products have no codes or license keys... the fear of the BSA coming down on a company is good enough. I wish MS followed the same route, and made activation more of a license management system than an infrastructure requirement.

Comment: There is a lot we need for long term archiving (Score 4, Informative) 110

by mlts (#47952261) Attached to: Data Archiving Standards Need To Be Future-Proofed

The problem is that we do have formats that do work for long term archiving, but are limited to a platform and are not open, so decoding them in the future may be problematic.

WinRAR is one example. It has the ability to do error detection and correction with recovery records. However, it is a commercial product.

PAR records are another way, but it is a relatively clunky mechanism for long term storage.

Even medium term storage on disk/tape can be problematic:

There is one standard for backup programs for tape, and that is tar. Very useful format, but zero error correction or detection, other than reading and looking for hard errors. There are tons of backup programs that work with tapes. Networker, TSM, NetBackup, and many others come to mind, all using a different format. Of course, once you get the program, there is still finding the registration key, and some programs require online activation (which means when the activation servers get shut off, you can never do a restore from scratch again.) We need one archive grade standard for tape, perhaps with a standard facility for encryption as well.

Same with disks. It wasn't until recently that there was any bit rot detection in filesystems at all. Now with ReFS, Storage Spaces, ZFS, and btrfs, we now can tell if a file is damaged... but none of the filesystems have the ability to store ECC on an entire (other than ZFS and ditto blocks.) It would be nice to have part of a filesystem be a large area for ECC on a block basis. It would take some optimization for performance, but adding ECC in the filesystem is more geared for long term storage than day to day file I/O.

Finally there is paper. Other than limited stuff on QR codes, there isn't any real way to print a document onto paper, then scan it to get it back. There was a utility called Paperbak that purported to do this, offering encryption, error correction, various DPI codes, and so on. It printed well, but could never scan and read any of the documents printed, so it is worthless. What is needed is something like the Paperbak utility, but with a lot more robust error detection (like checking of blocks are at an angle similar to how QR codes can be scanned from any direction.) This utility would have to be completely open for it to have any use at all. However, if it could be done to print small documents to paper, it would help greatly in some situations, such as recovering encryption keys, archived tax documents, and so on.

Ironically, in general, we have the formats for long term storage. We just don't have any that are open.

Hardware is an issue too. Hard drives are not archival media. Tapes are, but one with a reasonable capacity is expensive, well out of reach for all but the enterprise customers. It would be a viable niche for a company to make a relatively low cost tape drive that could work on USB 3, has a large buffer (combined with variable tape speeds to prevent shoe-shining), and has backup software with it that is usable and open, where the formats can be re-engineered years down the road for decoding.

Comment: Re:First (Score 1) 24

by mlts (#47952105) Attached to: Dropbox and Google Want To Make Open Source Security Tools Easy To Use

How about an open source cloud sync API, that allows machines to sync with the offsite provider, as well as each other. That way, each provider doesn't need to reinvent the wheel with this code.

Even better, add hooks for encryption, either a symmetric key, or some faculty that uses public/private key encryption to allow files to be stored without a key, but would need the private key for retrieval.

Best of all would be a way to have a low-cost, low-volume service like Amazon Glacier and an API for that. That way, files can be flagged to be sent to the low-cost storage service every so often.

Comment: Re:Good (Score 3, Insightful) 98

by mlts (#47951925) Attached to: Microsoft Kills Off Its Trustworthy Computing Group

I found that this technology has two edges to it. The first is its use for DRM, but the second is something I've found useful.

A TPM chip can come in handy with BitLocker. It means that brute forcing a drive's password becomes not an option, as an attacker is faced with the full 128 or 256 bit keyspace of AES. Unless an attacker can uncap the TPM chip, brute forcing a password will only cause the chip to lock due to excessive attempts and not allow access in any way.

It also provides peace of mind. With a TPM + PIN + USB flash drive, if my laptop gets stolen, if I have the USB flash drive on my keychain, I know the laptop's contents are protected. Even if the keychain is stolen, there is still the PIN which has to be guessed. If the MBR or BIOS are modified, it will be detected, and not allow the machine to boot. Not 100% security (XKCD rubber hoses and cold RAM attacks will beat it for example), but good enough.

Problem is that this type of technology to ensure malware hasn't tampered with the boot process tends to be far more often used to keep legitimate people out of their device rather than to allow legitimate device owners to keep control of their data.

Comment: Re:I've never shorted a stock (Score 1) 98

by mlts (#47951903) Attached to: Microsoft Kills Off Its Trustworthy Computing Group

There was one major feature, and two "features" added to XP:

1: The zone/firewalling support. This is actually useful just to keep dodgy apps from opening up a port or ensuring nothing can connect directly. Third parties like Zone Alarm had this functionality, but would keep prompting the user for every single connection, so eventually users would just click "allow all and don't bug me", and be done with it.

2: Secure Audio Path, where anything protected with WMA's DRM could only play on a stack of signed audio drivers.

3: Activation.

Of course, there were some other minor tweaks here and there, but the leap from W2K to XP wasn't groundbreaking. Windows 3.11 to Windows 95 was a major leap in virtually everything. The second greatest leap was with the server side -- Windows 2000 Server from NT Server was a nice leap for servers because the whole model of NT domains was changed to be a lot more scalable.

The reason why XP was considered decent is because it was out for a long time and people got used to it. On the server side of the house, Windows Server 2003 is still supported until July 14 of next year... but most places have moved to at least Windows Server 2008 if not newer just because of the better security in more recent versions.

Comment: How about buying PGP? (Score 4, Interesting) 24

by mlts (#47950207) Attached to: Dropbox and Google Want To Make Open Source Security Tools Easy To Use

If they are serious, they should buy Symantec Encryption Desktop (formerly PGP Desktop) from Symantec and open source the full version of that. It has a decent UI, works well with Outlook and Thunderbird, and does well on Windows, OS X, and Linux. That would give decent security on the hard disk level, file container, and individual file level. Even directories can be encrypted, CFS/EncFS like.

Comment: Re:The US already had this power for a long time (Score 1) 239

by mlts (#47950091) Attached to: Putin To Discuss Plans For Disconnecting Russia From the Internet

Possible but unlikely. The main reason why SOPA and PIPA were not passed wasn't the protests and website shutdowns, but the fact that Russia and China made it firm that cutting their websites from the Internet would be viewed as the same thing as a naval blockade... an act of war. With Congress afraid of their own shadow, it is no wonder why they backed down, saying it was the will of the people.

No way the entire Internet will be shut down by the US. First thing that will happen is that the UN would get handed ICANN's responsibilities, and the Internet would be up... but under new management.

Second thing is that no US Congressperson would allow it to happen. They get too much money directly from foreign donors, or indirectly companies made rich by foreign trade, which would be shut down in a trade war almost immediately.

I can see SIPRNet or NIPRNet having a master switch that shuts all core nodes of those down, but the Internet? Extremely unlikely. There is just too much big money that relies on the Internet, and if they can afford billions of dollars of computers for HFT, they can afford to get a President impeached who might even think of harming their business model.

Comment: Re:PLEASE! (Score 2) 239

by mlts (#47949455) Attached to: Putin To Discuss Plans For Disconnecting Russia From the Internet

I'm around the same. The attacks come from where there are unsecured IPs, not where the bad guys live. For a while, IP ranges which consisted of DSL or cable modem clients were on the top of the attack source list. On average, nations coming up to speed tend to have average people who are not up to speed on security. This is why in China, malware from pirated app stores is a major problem while it is relatively rare in the US and Western Europe.

Of course, it can't hurt to block by IP ranges in the first place (and do the blocks on multiple layers [1] on public facing boxes like Web servers), just to narrow the scope of what is hitting the machine.

[1]: The firewall, the application, and the OS. That way, if something glitched and the firewall got opened to the world, the servers will still be protected by their own innate IP stack filters.

Comment: Re:Free Willy! (Score 1) 460

by mlts (#47948977) Attached to: Scotland Votes No To Independence

The closest analog to that would be the SCOTUS here across the pond. The problem comes in when they are appointed because they have the extreme view of whomever is appointing. That is why most decisions made by the Supremes are almost always split 5-4.

If the US Senate was styled that way where the Senate positions were appointed (perhaps by the state governor), it might help with mitigating radical parties that get into power, but on the other hand, it might only result in extremists having that chunk of the governing machine to themselves.

Comment: Re:Repair (Score 1) 53

by mlts (#47947159) Attached to: Inside Shenzen's Grey-Market iPhone Mall

It depends on the technology. Cars, iPhones, and computers tend to change often.

Maybe a better item would be an example of something that really doesn't change much. For example, generators. Take a 3000 watt generator that is used for RV-ing. One can buy a no-name Chinese variant. However, if something breaks, parts are extremely hard to find since the generators have different generations as they change fairly often. A carb that fit well on this month's batch of models would be useless 6-12 months from now. The other option is to pay significantly more for a name brand like Honda or Yamaha, where 10-15 years from now, if one needs a belt, carb, or even an inverter board, there will be a dealer with one in stock, or at worst, it would have to be shipped.

Other than a move to inverter logic and better voltage regulation, generators have not changed much other than minor advances. Here is a case where paying a bit more will pay off in a longer service life. Yes, one can get "disposable" generators, but it is better for the economy and the environment to have something that can be serviced and rebuilt. Plus, parts are a definitely a profit center.

Comment: Re:The Titanic is UNSINKABLE. (Score 4, Insightful) 344

by mlts (#47946469) Attached to: U2 and Apple Collaborate On 'Non-Piratable, Interactive Format For Music'

Devil's advocate:

Things are different from the 2000s when everyone and his brother, sister, grandmother, and father in law was coming out with an "unhackable" DRM scheme. For one, the market has shifted from PCs/Macs to consoles for gaming. The PS4, Xbox One, and others have not been cracked yet, so piracy and hacking is at 0% on those platforms.

We also didn't depend on user accounts. A background process like VAC or Blizzard's Warden didn't exist that would completely cut off access to services. All it would take is Apple running a similar process that sits in the background and looks for cracking tools, then locks any AppleIDs suspected of doing so. The days of running "unfuck.exe" are long gone, since it would get detected, and all access lost.

Of course, there is video. Yes, there are SD copies and screeners, maybe even someone ballsy enough to cam and slip that on BitTorrent, but 1080i (true, not upsampled) movies are rare. Satellites have not have any real hacks in a decade. Even Apple's movie format has no working cracks with no deprotection utilities out, unless one wants to capture video and re-encode it with the generational quality loss.

Yes, we will see some "cracks", such as saying World of Warcraft is cracked because someone is running a server emulator, but I will be surprised to see available, unprotected works that were protected in this format.

Yes, DRM has been cracked in the past, but it gets harder and harder each cycle. Even Blu-Ray hasn't been fully cracked yet (it is still a race with each individual movie.)

Comment: Re:Repair (Score 1) 53

by mlts (#47945565) Attached to: Inside Shenzen's Grey-Market iPhone Mall

It is starting to appear in the US as well. I'm seeing "fix your iPhone" places pop up in the small corner stores that the old pager shops, title loans, and other dodgy places tend to inhabit.

Of course, one thing that gets discussed is how many stolen smartphones get taken apart and wind up at places like that. Of course, the motherboard of the phone isn't usable because of activation and IMEI blacklists, but screens, batteries, speakers, and other small parts are always in demand, especially for newer phones that may not have parts available yet.

So... did you ever wonder, do garbagemen take showers before they go to work?