Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.


Forgot your password?

Comment: My experience, for reference (Score 1) 186

by sigmabody (#48846075) Attached to: Ask Slashdot: Can I Trust Android Rooting Tools?

I had an Android phone which I eventually was able to root/mod; here's some advice, for what it's worth:
- Get a device which has a supported root/mod path via XDA. Some devices are more rootable than others.
- Be careful about updates; most root tools only work for specific versions, and patches regularly break rooting methods/scripts.
- If you want to preserve root, you'll want to run a cusom ROM, so find a device which has a supported mainstream ROM for it.
- Unless you are an expert, it will take a while. Plan on spending at least a week of off/on time messing with it, and be prepared if you brick it.
- If you want full control of the device, plan to make this your full-time job. Nobody really offers this, and you'll need to do it yourself.
- If you just want something with reasonable privacy controls which just works, get an IOS device; that's what I did eventually.

Also, as a side note:
- The regular web does suck, and browsing without an ad blocker these days is pretty horrible. Mainly posting to say that.

Comment: CurrentC is dead-tech (Score 1) 631

by sigmabody (#48252335) Attached to: Why CurrentC Will Beat Out Apple Pay

I'm not sure Apple Pay will "win", but I'm absolutely certain CurretC will "lose". It's a great change for the merchants, and horrible for the consumers (in contrast to Apple Pay, which is neutral for merchants, and positive for consumers). Unless the merchants stop taking credit cards (and I think that's unlikely), CurrentC is already dead.

Comment: This begs for something like ubiquitous TOR... (Score 2) 126

by sigmabody (#48016377) Attached to: FCC To Rule On "Paid Prioritization" Deals By Internet Service Providers

Sure, everyone running TOR on their gateway for all internet traffic would be horribly inefficient. Sure, it would preclude some things, like IP multi-casting and content geo-caching.

But you know what? It would pretty much make net neutrality a de facto standard, irrespective of what the horribly corrupt FCC decides. And you know what else? It would effectively end the NSA's collection of everyone online activity. Oh, and you would get all the privacy benefits for free, forever.

On balance, given the openly hostile actors in the government, I think it would be worth it.

Comment: The reason the government wants this... (Score 3, Informative) 254

by sigmabody (#47832053) Attached to: UCLA, CIsco & More Launch Consortium To Replace TCP/IP

For those who don't see why this is bad, consider this:

In order to route/cache by data, the data must be visible to the routing nodes; in essence, you would no longer be able to use end-to-end encryption. You could still have point-to-point (eg: encryption for wireless connections), but everything would be visible to routing nodes, by necessity. This means no more hiding communications from the government (who taps all the backbone routers), no TOR routing, no protection from MTM attacks, by design. You get the promise of more efficiency, at the cost of your privacy/freedom... and guess what, you'll get neither in this case, too.

Comment: Data point (Score 1) 348

I don't run a local firewall on my work system, for reference. As a developer, it's common to need to have "random" ports open for various things for testing, and having to deal with a firewall is one more nuisance I don't want to account for. A local (on system) firewall won't prevent most attacks anyway, so I don't feel I'm giving up much real security.

I do run a local firewall at home, but only because it has not annoyed me enough to be disabled yet.

I don't know how useful that information is; consider it a data point.

Comment: Half measure... (Score 1) 178

It's a good PR attempt, to address what they must perceive as a significant problem, but...

Good luck convincing companies to trust your cloud infrastructure with their data, when they know for a fact that the US government (and probably other governments) could compel you to grant them secret access at any time, regardless of whatever client-access protections are in place. If MS could solve that massive security flaw, I'd be impressed; anything less is just polishing the proverbial turd.

Comment: Google needs to get ahead of this... (Score 1) 248

Google's only really viable option, as far as I can tell, is to create a tailored censored portal for each country (really, legal jurisdiction, but basically the same thing), and allow anyone in that jurisdiction to request that anything be censored in an automated manner. Then they can create an "uncensored" jurisdiction, which you would need to opt into, with a disclaimer and such.

Once you have that, you can much more effectively fight these sort of "censor for the entire world" orders, by asserting that you already support per-jurisdiction "removal", and to remove globally would violate the rights of other jurisdictions to self-censor as appropriate. It's not perfect (nothing in international law is), but at least it would give Google a way to somewhat comply with the flood of censorship demands which are coming, without trying to fight each new demand independently.


US Pushing Local Police To Keep Quiet On Cell-Phone Surveillance Technology 253

Posted by timothy
from the all-you-debaters-are-welcome dept.
schwit1 (797399) writes with this story from the Associated Press, as carried by Yahoo News: The Obama administration has been quietly advising local police not to disclose details about surveillance technology they are using to sweep up basic cellphone data from entire neighborhoods, The Associated Press has learned. Citing security reasons, the U.S. has intervened in routine state public records cases and criminal trials regarding use of the technology. This has resulted in police departments withholding materials or heavily censoring documents in rare instances when they disclose any about the purchase and use of such powerful surveillance equipment. Federal involvement in local open records proceedings is unusual. It comes at a time when President Barack Obama has said he welcomes a debate on government surveillance and called for more transparency about spying in the wake of disclosures about classified federal surveillance programs.

Comment: Could be a good thing (Score 1) 249

by sigmabody (#47219985) Attached to: New Permission System Could Make Android Much Less Secure

This could turn out to be a good thing, imho.

Consider that there are basically two types of users, where privacy is concerned: people who are oblivious and/or don't care about their privacy, and people who try to preserve some of their privacy. For the former group, this change will not affect their app usage, and will make it easier for them to get app updates automatically, which will make their experience better. For the latter group, the Android developers are actively hostile toward your privacy desires, have no desire to help you, and in fact probably _want_ to drive you away from the platform. In both cases, it's a win for Android, the "all your data belongs to us and everyone else, and there isn't anything you can do about it" platform.

I personally think there's a market for platforms which allow some privacy (Apple does a much better, but still imperfect, job of this), but I acknowledge that there's also a market (and probably a larger one) for platforms which cater to people who share all their personal data with everyone, and are totally oblivious to what any/all of their apps are doing behind their backs. Google is making it crystal clear which type of platform Android, and their other services (see also: Nearby), will be.

Comment: Re:Good news, actually (Score 1) 600

by sigmabody (#46819747) Attached to: The US Public's Erratic Acceptance of Science

Questionable, in the sense that the theory is a very speculative extrapolation of the data we have been able to observe, about the origins of the universe before the "time" we can actually observe. Just because something fits a mathematical model doesn't mean we have solid evidence for it; it simply means it's a model which matches what we've been able to [indirectly] observe. You could say the same thing about n-dimensional string theory as a unified model, for example.

Comment: Good news, actually (Score 1) 600

by sigmabody (#46819693) Attached to: The US Public's Erratic Acceptance of Science

It's gratifying to see that the public's general acceptance of scientific theories is roughly proportional to the actual evidence to support the theories themselves. For things which there is good evidence, there is broad understanding; for things which are highly questionable and politicized, there is much skepticism.

Good for the US population. :)

Comment: Interesting conceptual argument (Score 1) 235

by sigmabody (#46793305) Attached to: Bug Bounties Don't Help If Bugs Never Run Out

It is an interesting conceptual argument, although it ignores a couple a real-world points.

First, not all bugs are equal, in terms of exploitation opportunity, as he's glossing over; the vulnerability is only as valuable as what it can be exploited to allow access to, in monetary exploitation terms. A bug in something which cannot be exploited for any particular gain is next to worthless, in market terms.

Second, not all companies will pay for vulnerability information, because it's not just a value proposition, but also a risk and resources assessment. If nobody expects your software to be "secure", there's no point is spending too much money on software security; for example, nobody pays much attention to the software in cars (yet), so manufacturers have little financial incentive to make it secure. Moreover, if you don't have deep pockets, you're not going to pay for exploits, especially if you're struggling to simply produce features that potential customers want. In either of those scenarios, the value proposition for paying for exploits is inconsequential.

Most (by volume) software has an effectively unlimited amount of bugs, which nobody will pay for. That's the real world of software.

Garbage In -- Gospel Out.