Forgot your password?

Comment: Re:"I avoided Windows 8"... try learning Windows 8 (Score 1) 324

by mlts (#48043301) Attached to: Will Windows 10 Finally Address OS Decay?

The funny thing is that on machines (ab)used often, backing it up with wbadmin, then nuking it and restoring it from the saved image actually seems to speed things up to the "freshly installed" speed.

Not sure why it helps, be it NTFS issues, actual registry files or other core OS files fragmented, or some other factor, but it does. A backup/format/restore seems to do just as good as a reinstall. It could even be a rootkit that hid itself from the backup utility would not be present when the system was restored, although it doesn't hurt to mount a drive on another box and scan the disk image for nasties just in case.

Comment: Re: Application sandboxing (Score 1) 324

by mlts (#48043249) Attached to: Will Windows 10 Finally Address OS Decay?

Android doesn't jail() apps (where the application cannot see outside the space it sits in), but it does sandbox apps. Apps get their own UID, and by default, they cannot get into other apps spaces. /system is usually root owned and the whole volume is read-only, for example.

Recent versions of Android use SELinux, so if an app does get access it shouldn't have, it still is stuck in the role it was assigned. For example, some app getting root will still be constrained even with UID 0, so it couldn't remount /system read-write, for example.

Android 4.3 adds onto that by adding SELinux rules onto the external SD card, limiting its use. If you have root, you can use a utility like NextApp SD fix to change SELinux rules back to how they were previously, or SELinuxModeChanger to entirely disable SELinux on your device. Disclaimer: SELinux is a good thing overall, and killing it does weaken security.

iOS's security model is weakened by a jailbreak, while Android's is unaffected if the user has root (assuming the user didn't use the su app to give a rogue app root [1].)

Of course, Android's model has its issues... the all or nothing aspect [2] (where one can choose what stuff an app has access to in iOS), for example.

[1]: Newer apps have a special permission on install which shows the user that it might want root, and the su binary will warn or not allow access to any apps that don't declare that permission in their manifest.

[2]: Cyanogen's privacy features help, as well as XPrivacy. XPrivacy gives extremely fine grained control to what an app can use or cannot use. However, I'd not consider this part of Android proper, though it should be.

Comment: Re:unlikely (Score 3, Interesting) 324

by mlts (#48043171) Attached to: Will Windows 10 Finally Address OS Decay?

The ironic thing is that third party companies have been able to repackage Windows programs so only one file is needed to run it. Not an installer... just an executable that provides a virtual environment for the program, and redirects all file and Registry changes to a specific directory in the user's homedir. A couple examples: VMWare ThinApp or Evalaze.

Yes, it takes a bit to create a clean system (VMs are perfect for this with snapshots), pop a "before" run, install the software, then click that it is done. The result is a single file that takes every single change the installer did, and puts it in a sandbox/partition.

If third party companies can do this, why can't MS extend their virtual redirects (which are used with some legacy applications to redirect stuff that would be stored in Program Files to the user's homedir) to include everything the program does? Container functionality is a core part of some other operating systems (RedHat 7), so why not Windows? That way, uninstallation of a program is just tossing the file it is in.

Sandboxes are not new either. I use sandboxie to ensure that what is in my web browser stays in my web browser and doesn't get out. This isn't a 100% solution since an undocumented MS API call would allow a program to "leak" out, but it is usable.

Comment: Re:Let them argue all they want (Score 2) 437

by mlts (#48041337) Attached to: Obama Administration Argues For Backdoors In Personal Electronics

Devil's advocate:

How do you know that your next phone will have an unlockable/unlocked bootloader, even a way to get rooted/jailbroken? The Samsung S5 took $18,000 in a bounty to get root for, and its bootloader is still locked up tight unless you have the developer model.

Comment: Re:I call BS on this one.... (Score 1) 437

by mlts (#48040901) Attached to: Obama Administration Argues For Backdoors In Personal Electronics

This is true about any government body. One laws get passed almost anywhere [1], they stay on the books forever.

[1]: I wish that tale about Swedish towns where each year, the mayor recited all the laws he knew. If he forgot one, it was stricken off the books. The ideal would be relatively few laws, but well enforced, rather than having a ton of stuff on the books that may or may not get stuff done about it.

Comment: Re:Update to Godwin's law? (Score 3, Informative) 437

by mlts (#48040859) Attached to: Obama Administration Argues For Backdoors In Personal Electronics

Bingo. This exact same argument was made in the early 1990s about the Clipper Chip and banning encryption other than Clipper/Skipjack. Since Skipjack was broken, the bad guys would have access to the LEAF (law enforcement access field), and could zero out the ones on their chips. Great for them, an uncorrectable security nightmare for anyone who chose to abide by the law.

This also brings in the US's Third Amendment. Can spyware be considered an electronic soldier? Or perhaps the Fifth Amendment about being deprived of property (spyware uses RAM/disk/network bandwidth/CPU cycles) without due process.) Micing someone's place is one thing, making them pay for being spied on is another.

Comment: Re:Android version req - long time coming (Score 1) 416

by mlts (#48022053) Attached to: Google To Require As Many As 20 of Its Apps Preinstalled On Android Devices

I think because Google gets bashed often, they want to do like Apple and MS, and have the apps be part of the OS, so when a consumer sees a device has a certain version of Android, it will have the same level of app functionality across the board, regardless of what carrier, make, or model of phone.

Android, as it stands now, can mean a device bristling with apps (as a consumer-level one that comes from a carrier comes with) to an AOSP build that has almost nothing. Having Google force OEMs to "standardize" on at least a basic number of apps gives the average consumer a better way to compare devices.

Comment: Re:The alternative is not a crapware-free phone (Score 1) 416

by mlts (#48021937) Attached to: Google To Require As Many As 20 of Its Apps Preinstalled On Android Devices

I'd probably say either the N5 (or another GPE device), or if one wants to be completely GApp free, then go with CyanogenMod and another store or repo. Amazon has their own (heavily curated/moderated) app store, and there is always F-Droid.

I don't mind the Google stuff, so I've found GPE devices or CM + Gapps pretty workable, although I do replace the messaging app with TextSecure and the dialer with RedPhone (disabling the other SMS utilities) so I have additional security. I also have XPrivacy running as well, so if something doesn't _need_ GPS, let it think I'm in Antigua then.

Comment: Re:And this ... (Score 1) 89

by mlts (#48019757) Attached to: Facebook's Atlas: the Platform For Advertisers To Track Your Movements

I wonder how long this will last. There will come a point where FB can't sell any more info than it is getting. Then what do they do?

I've found that FB is pretty intrusive, asking for almost every permission but root on my Android device. On my computer, it gets its own sandboxed instance of a browser (using sandboxie), while everything else is separate. On Android, XPrivacy and the privacy tools in CyanogenMod mitigate things. iOS is much harder to keep info away (although with a jailbreak and Protect My Privacy, it helps a lot.)

Comment: Re:Cost (Score 1) 117

by mlts (#48016529) Attached to: World's Smallest 3G Module Will Connect Everything To the Internet


Why does a fridge need hooked up to the Net? They have worked for a century without requiring networking, and there is no fundamental reason why they need it, especially with the fact that there are major issues with basic security. It is like RV fridges that now require batteries as well as propane. Do they keep your beer cold any better? Nope. Do they have another point of failure because they rely on the 12 volt system for the control board? Yes.

If someone just has to have some inventory control system in their fridge, why not go to a system that uses short range RFID, Bluetooth to a hardened monitor, and only that monitor would have Internet access? Maybe even have a second module that is a dedicated firewall before the 3G chip. Having every device directly connected to the Net is a blackhat's dream, especially in this attitude of "security has no ROI" that is prevalent by a lot of companies.

A standard even can be made... a RFID check or BT PAN, those log info to a hardened, secure module that then sends it on the Internet.

Comment: Re:So offer a cost effective replacement (Score 1) 185

by mlts (#48004821) Attached to: Security Collapse In the HTTPS Market

Problem is that SSL, and to a lesser extent SSH suck, but almost everything out there is worse, barring physically dropping off a large drive array and using one time pads on each endpoint.

SSL for public web servers is tough to fix. Have more than 2 CAs sign a key? What keeps two CAs from being compromised? Have a revocation list, the bad guys can block that from propagating. Have a key get "known" may be an add-on, but some sites use hundreds of server keys and change them out often.

For other tasks, it is fairly simple. If a server and client are static, then they can trust each other, similar to how SSH works, and dispense with the CA stuff entirely. Other tasks might work with an out of band method for distributing and authenticating keys.

SSL/TLS is a hard protocol to fix. Make a change willy-nilly without heavy regression testing will just open new vulnerabilities.

Comment: Re:I dunno about LEDs, but CFLs don't last (Score 1) 595

by mlts (#48002999) Attached to: The Great Lightbulb Conspiracy

I might as well lay my anecdote on the line as well: I've had very good luck with LEDs, and the only time I've seen them die was overvoltage, extreme overheating, or they were just DOA.

For my RV, I replaced the overhead 12 volt bulbs with cheapie $1 LEDs from Taiwan (free shipping). Their color temperature isn't that great, but they take 1/7 the electricity that the previous ones did, which is important for dry camping. Several years later, the bulbs are still working.

For my abode, I replaced all bulbs with LEDs (mainly Feit Electric.) They are all dimmable, and use PWM for dimming, run fairly cool, (although the heat sink may be about 120-130 degrees after a few days.)

I chose to replace the CFLs not because they were that big of energy hogs, but because they create a mini Superfund site if they would break. So far, so good.

Comment: Re:vmware (Score 1) 94

by mlts (#47994861) Attached to: Amazon Forced To Reboot EC2 To Patch Bug In Xen

VMWare's fault tolerance is decent, but nothing that will recover in milliseconds. Even with vMotion and HA, it will take some time for the machine to reboot.

Of course, there is the FT mode of VMWare... but it has a lot of limitations, such as only allowing 1 vCPU, but it does run two VMs in lockstep so if the heartbeat drops, the downtime is in seconds, not minutes as with a machine restarting.

Comment: Re:OK (Score 1) 268

by mlts (#47994795) Attached to: IBM Solar Concentrator Can Produce12kW/day, Clean Water, and AC

I wonder about these things as well.. In Austin, there are the solar "flowers" that point south (they are fixed and don't track the sun) on I-35 near the former airport that could be easily replaced by one of these. Each of the "flowers" generates 1Kwh per day, which is 1/12 of the IBM setup, as per the parent's estimates.

Solar works best when one uses it on large surfaces, be it the roof of buildings, solar film on windows, or other places. It may get a fraction of the light that a two axis concentrator does... but it is far cheaper to install and maintain.

This isn't to say the solar concentrator technology is a bad thing, but it is limited to areas where real estate is precious.

Solar is getting pretty cheap. I've grabbed a cast-off 24 volt panel for free, a $8 no-name PWM charge controller [1] from eBay, a couple fuses (I always, a switch, a disused car battery, some wires, several $1 12 volt to USB adapters, a couple 340 lumens USB bulbs, and the result was a working setup for outbuilding lights on a friend's farm, well under a C-note, and it works well for the purpose needed -- give light to an outbuilding on the far end of the property, where running an extension cord for a half mile would not be possible.

[1]: In reality, the PWM controller just lopped off about half the energy coming from the panel, but for the task at hand, beggars can't be choosers.

The first Rotarian was the first man to call John the Baptist "Jack." -- H.L. Mencken