Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment: Re:If it's accessing your X server, it's elevated (Score 1) 374

by vux984 (#48943423) Attached to: Why Screen Lockers On X11 Cannot Be Secure

Adding a registry entry to remap keys is pretty trivial, too.

You need to be an administrator to do that. That makes it pretty non-trivial.

is running a different OS which doesn't treat Ctrl+Alt+Del in a special way

Now your suggesting what exactly? That the attacker is going to throw in a linux live CD, boot it, run his 'fake login screen' that looks like the usual windows screen?

Ok... yes I guess that is a theoretically possible attack; although you'd probably get caught as soon as the user isn't actually able to log-in and IT gets called in...

Usually the fake login screen attacks "fail" with a you got your password wrong message, and then quietly disappear and throw the -real- lock screen up so the unwitting user tries again... gets in to what he expects and assumes he must have fat fingered his password.

Comment: Re:If it's accessing your X server, it's elevated (Score 1) 374

by vux984 (#48941809) Attached to: Why Screen Lockers On X11 Cannot Be Secure

I think you're confusing the user vs administrator distinction with the userland-vs-kernel-mode distinction... but never mind...

Deliberately conflating, but not confused.

What I'm saying is that the "Ctrl+Alt+Del protects your password" claim is overblown; the suggestions you give only amplify that, as they are even more ways to circumvent it...

But none of them are trivial to do. Especially if I am not already an administrator on the system.

I can trivially run a program to throw up a screen that looks like the login screen on a PC at work. TRIVIALLY.

the "Ctrl+Alt+Del protects your password" claim is overblown

Its like door locks. Nobody anywhere claims they make your house secure, but it does stop people from being able to literally just wander into your house.

In the real world door locks prove to be highly effective at keeping people out of places. From hotel supply closets and building electrical rooms to the bosses office to your bathroom stall while your taking a crap.

Nobody here is arguing ctrl-alt-delete is some magical super thing, its just a door lock. But its enough of a hassle to get around, that its plenty to stop all kinds of casual intrusions and mischief.

Ctl-Alt-Delete is the same way.

Comment: Re:If it's accessing your X server, it's elevated (Score 1) 374

by vux984 (#48938429) Attached to: Why Screen Lockers On X11 Cannot Be Secure

This

Actually. No. Not this.

Or the fact that there are registry entries that allow remapping of any key to any other, including (as far as I remember) the Ctrl, Alt and Del keys. The "security" of Ctrl+Alt+Del has always been over-hyped :-)

Yes, you can install a keyboard driver, usb filter driver, or adjust the keyboard scan code map in the registry to disable the keys. (And that's not in HKEY current user.)

You aren't going to be tampering with or installing of ANY of that from user land. And if you have root... you can just install a keylogger be done with it. Why bother with dorky fake lock screens?

Comment: Re:Google could bring back Apps Sync (Score 1) 171

by vux984 (#48938373) Attached to: Microsoft Launches Outlook For Android and iOS

Awhile back Google started asking money for Google Apps Sync for Microsoft Outlook®.

Around the same time they started asking for money to host a small domain.

Although they dragged their heels for upwards of a year to getting it to officially work with Click-to-Run editions of office too (which is what most computers come preloaded with these days.)

I'm glad this is here though; I heard Google was discontinuing their mail app (which I've been happy with - one of the few google apps I currently use) and pushing everything into their gmail app... which i HATE with a passion. So I've been anticipating selecting a new mail client when my S5 gets the next update.

So I definitely will be looking at the microsoft mail client. Although there's several smaller players in the mobile email client space as well... and I don't know much about any of them either... yet.

Comment: Re:If it's accessing your X server, it's elevated (Score 2) 374

by vux984 (#48925949) Attached to: Why Screen Lockers On X11 Cannot Be Secure

Are you familiar with the traditional attack

Computer somewhere running some OS.
Regular authorized but non-priviledged user logs in and runs regular non-priviledged user-space application "program that looks like lock screen" and then leaves computer.

Another coworker, or perhaps an administrator walks up to use the computer; types in his credentials... and the app saves them...

Windows solution to the attack implemented decade(s) ago:

real windows desktop lock screen can only be unlocked with ctrl-alt-delete which user-land non-priviledged apps can't intercept.
train users never to login to a computer unless they hit ctrl-alt-delete to unlock it first.

Comment: Re:grandmother reference (Score 1) 465

by vux984 (#48921331) Attached to: Ubisoft Revokes Digital Keys For Games Purchased Via Unauthorised Retailers

No. A refund is a return payment made from a merchant to a customer. Refunds are not made to third parties that were never part of the original business transaction.

Ok. Agreed. Ubi shouldn't owe them a 'refund'. But they are the party that owes restitution here.

The customer should seek restitution from the middleman that made the fraudulent charge.

"fraudulent charge" is a pretty strong charge to make. The keys were sold legally in Eastern Europe by buyers who then exported them legally elsewhere.

The only "contradiction" would be to what Ubi -wants-. That doesn't amount to fraud. It is not fraud to buy something in a price discriminated market, and legally export the product.

Europe is very economically diverse. Germany has nearly 4x the per-capita GDP as Poland, which happens to be right next door. What's affordable to someone in Germany is not necessarily affordable to someone in Poland.

My city is very economically diverse. Less than a mile away are people making a fraction of what is typical in my neighborhood. Yet we both pay the same price for milk, cars, and movie rentals.

I hear your argument, but I'm not sure what makes the line between germany and poland a magical line the free market dare not cross.

That bike rack that you mentioned above is purchased outright, whereas Ubisoft's games are licensed.

Semantics. I *purchased* a license. I don't pretend I have any special exceptional copyright ownership of the underlying intellectual property any more than when I purchase a copy of a book... but I did *purchase* a license. The store had a "buy" button, I pressed it. A one time transaction was completed. I know own a license. Its listed as one of my games. And I can click a link to my "purchase history".

  There's a principle in law... if it looks like a duck, and quacks like a duck, then its a duck. (You see this principle applied in other areas too like when corporations dress up their employees as "independent contractors" and the law sees right through it.)

Many leasing companies will not allow the lessee to take the vehicle out of the country without permission.

A lease agreement is a negotiated several page document that both parties sign multiple times over. Pretty sure that's not a better analogy for buying a video game.

Region locked game consoles are a good example of this. Outright revoking access to the service is crude, which is why many publishers are switching to language-locked editions. A high-priced English-French-German-Spanish-Italian edition on one side, and a cheap Polish edition on the other. This can negatively affected ex-pats that don't speak the native language, but that's a very small group.

Yup. I agree they can do stuff like this. But you can take a region locked game console to North America and play games purchased in that region for it. They don't get to show up your house with a hammer and smash your console.

or you agreed to the ToS and accept the consequences of breaking them.

Which terms of service did I any one agree to before buying the key that indicated UBI could revoke the game if they weren't from the country the key originated from?

I don't deny they exist... but I'd like to see them.

Comment: Re:grandmother reference (Score 2) 465

They didn't purchase the product from Ubisoft, so why should Ubisoft give them a refund?

Ubisoft revoked their product.

They should seek a refund from the unauthorized retailer.

No Ubisoft should refund me my money; and seek restitution from the unauthorized seller.

Suppose I buy a bike rack from amazon.com and use one of the services available to redirect the shipment to Canada. Because the same rack is nearly 50% more in Canada. ( Yakima Holdup MSRP $580 CAD); available for $520 CAD on Amazon.ca. $305 is the best price I can find on Amazon.com. That's $378 CAD.

So if I decide to save $120+ by bringing it in from the states; its grey market product. Canadian authorized resellers hate this, but am I really supposed to pay 50% more, when I can legally purchase it for less? Corporations shift their expenses and profits around like crazy... but it's unethical if I play the same game?

Should Yakima really be allowed to show up at my house and take it away? And tell me to try to collect a refund from the seller in the USA? Or perhaps I should QQ to the shipment redirect/import service?

Why is it ok for Ubi?

Low income markets usually constitute a rather small portion of a large manufacturer's revenue, so they can live with out it. On the other hand, the low income markets will lose access to the vendor's goods and services.

This is true. But the border between eastern europe and western europe is a line on a map. If your selling the same product on both sides of the line at radically different prices to maximize YOUR profits, how can you villainize the people on the two sides of the line from correcting what would anywhere else be an obvious market FAILURE.

I hear your point; and I don't object to Ubi ~trying~ to price discriminate; but if they can't then they have to deal with that, they can't just start revoking sales and taking things away from people who bought the product on the wrong side of their special line. *I* certainly didn't make any agreement with Ubisoft about where or from whom I would purchase X.

Their beef is with their eastern european and asian distribution channel not me.

Coming after me... just ensures they've lost a customer. Permanently. (And to be honest, I haven't bought an ubisoft game in years already, precisely because of their various dick moves. And I do buy lots of games.)

Comment: Re:Now using TOR after WH threats to invade homes (Score 4, Insightful) 282

by vux984 (#48914341) Attached to: EFF Unveils Plan For Ending Mass Surveillance

Where are these unicorns? Has there ever been a single verifiable case of this?

I don't know about elsewhere, but here in Kanuckistan the RCMP has been working, with the cooperation of the muslim community, to deradicalize people, with some success.

"With the cooperation of the muslim community. Meaning; the RCMP were alerted to potential bad eggs from within the muslim community by volunteers; thanks to the RCMP being accessible and opening channels of communication. Its an example of truly good police work.

That's exactly what we need, and more of it.

But the unicorns I'm talking about are the terrorist attacks stopped by the panopticon, by the mass surveillance of everybody.

Comment: Re:Now using TOR after WH threats to invade homes (Score 5, Insightful) 282

by vux984 (#48912339) Attached to: EFF Unveils Plan For Ending Mass Surveillance

It is a catch 22; You can't get a warrant without evidence and you can't get evidence without a warrant.

No. Its really not. Its called regular police work. And police have been identifying suspects, building cases against them, culminating in search and arrest warrants for a hundred years now without "mass surveillance".

Will the EFF be the ones who apologize to the families of those killed by attacks that could have been stopped?

Where are these unicorns? Has there ever been a single verifiable case of this?

And even if they do exist? So what? Why should the EFF apologize for pushing for policies that make us all more free; even if a tiny handful of people die as a result?

Should the police be allowed to just randomly stop and frisk you? Maybe give you an anal probe right on the street? Maybe come into your house at night, and search the place for evidence of terrorism? No? You don't think that's ok?

Will you personally apologize to the families of those killed by attacks that could have been stopped if these searches had been allowed?

Comment: Re:Who eats doughnuts with the doughnut men? (Score 1) 461

by vux984 (#48912311) Attached to: Police Organization Wants Cop-Spotting Dropped From Waze App

I've been speeding safely for 30+ years.

Yeah, that's what everyone says until they have an accident.
Statistically most people do not have speed related accidents even if they speed. So statisically there's a lot of people like you who think they "speed safely" but many of them don't. The odds just haven't caught up with them.

That includes devoting significant brain time to scanning for cops.

Well, good. I'm glad to see your spending signficant time scanning bushes for cops. It would be a shame if that brain time was devoted to actually driving safely.

Maybe your above average. Maybe you really are great driver.

Then again, my grandfather was absolutely TERRIBLE. He went his whole life and died of old age without any tickets or wrecks too. But as kids my parents wouldn't let us in a car if he was driving, and as adults we understood why, why parents were releived when he gave up his license at 85 voluntarily, before killing someone. But how we went 65+ years behind the wheel without killing anyone, kiling himself, or even being pulled over, is nothing short of a miracle.

He thought he was a safe driver too and always trotted out his pristine driving record as "proof" too. So maybe that's you.

Or maybe not you, but its a lot of people who talk the same talk as you.

Comment: Re:Now using TOR after WH threats to invade homes (Score 4, Insightful) 282

by vux984 (#48912135) Attached to: EFF Unveils Plan For Ending Mass Surveillance

Starting using TOR browser bundle after White House threats in previous Slashdot article

WTFBBQ?!

Ok... White House threats?

The ones made by Sir David Omand
former head of GHCQ
in the UK (the "sir" and "GHCQ" should have been clues)

That guy is now a policy making executive in the White House?

Look I agree with your sentiment, but your total ignorance ruins your credibility here.

Some retired guy in the UK explaining that without surveillance spies will need to do more intrusive spying to get at intelligence does not amount to White House threats, even if he was the head of the British equivalent of the NSA. He's still just a retired guy rendering an opinion.

What's more what he is suggesting will happen is actually a good thing. We want the NSA to make intrusive spying efforts at targeted individuals, under warrant and court supervision. That's their job, and we all more or less agree with them doing exactly that. What we don't like is them sitting back and tapping everything from everyone, everwhere. But if they literally have to go somewhere and physically plant a bug in some suspected terrorists laptop to get at his info ... GREAT.

We should be raising Omand on our shoulders and parading him around as the voice of reason.

Comment: Re:grandmother reference (Score 0) 465

Grey market activities ultimately harm lower-income markets

Grey market activities do not harm lower income markets. Vendor reactions to grey market activities might but the grey market itself does not affect them.

If revenue from the manufacturer's primary markets is threatened, they'll simply end price discrimination or cut off the weaker markets all together.

Or they'll do what Ubi did. And just start revoking the product from anyone who bought it that they think shouldn't have. No refunds of course. I'm surprised if that's actually legal.

Comment: Re:Going to/from a Mac isn't hard (Score 1) 376

by vux984 (#48907803) Attached to: Windows 10: Charms Bar Removed, No Start Screen For Desktops

The Mac interface is a LOT closer to classic Windows (XP through 7) than Windows 8 is.

Nope. Not even close.

If anything Windows 8 and OSX are the closest. (Start Screen = Application Launcher); and the taskbar and dock continue to converge.

I've transitioned plenty of people between OSX and Windows XP/Vista/7 in both directions. They're not all that different and transitioning between them isn't hard for most folks

Agreed. Its not that hard to transition to OSX. Less so than people would imagine. But its far harder than your letting on.

But transitioning form 7 to 8 isn't hard either. It's far easier than transitioning to OSX because once they know how to find and launch a program in 8 it looks exactly the same on 8 as it did on 7. And the names of all the apps and utilities etc are all the same. Snipping Tool, Notepad, Internet Explorer, Stickies, etc.

Whereas everything equivalent on a Mac is a bit different, and has a new name. "command-shift-4 for screenshots", TextEdit for notepad, Safari for IE, Notes.app... etc. And even the familiar stuff like Microsoft Office has a completely new skin, and doesn't work quite the same in a zillion places.

Its simply completely dishonest to suggest OSX is easy to transition to while 8 is hard.

I can't really see why anyone would pay to upgrade to 8.1 from 7; but I can't imagine getting worked up about a new computer coming with 8.1.

And 10 is looking better still. I'm sure it'll have its flaws. Every OS does. (XP was widely "loathed" on /. for its fisher-price look and then-new two-column start menu when it arrived too...) And people were falling over themselves to boast how the first thing they did was restore it to "Classic" Win2K themes.

Maybe it's fine on a tablet

It is.

but I absolutely hate using it on a desktop.

I agree it needs about 5 - 10 minutes to cleanup its settings to make sense on a default, pin what you need, cleanup the live-tile overload on the start screen, tell it to boot to desktop, and use the desktop versions of the photo viewer, etc so you aren't being thrown into "Modern UI" at random all over the place. Turn off the extra hot-corners, etc.

But you don't need any third party utilities or anything to make Win8.1 a completely serviceable desktop OS. I'm at this point indifferent which one I'm using.

I like the start-menu search on 7 better than being tossed to full-screen for that in 8.1 enough to recommend "launchy" to power users who use the 'feature' but that's about it.

Comment: Re:Charms Bar vs Action Center (Score 1) 376

by vux984 (#48907507) Attached to: Windows 10: Charms Bar Removed, No Start Screen For Desktops

It's not at all clear to me what "Replacing the Charms bar is the Action center which has many of the same shortcuts as the Charms bar but also has a plethora of other information too." actually means.

First, the Action Center was a feature of Windows 7 (Vista?). It is not a new thing.

So I guess it means the charms bar is gone. And its functionality has been moved to the action center. Seems pretty reasonable.

I never liked the charms bar. Glad its going away. I hate hot corners.

Having a secondary OS Settings menu to complement the Start menu for programs isn't necessarily a poor design choice

Its really just expanding the role of an existing control panel.

Comment: Re:Midrange? (Score 1) 114

by vux984 (#48907407) Attached to: NVIDIA Launches New Midrange Maxwell-Based GeForce GTX 960 Graphics Card

the screen size comes into play. i would play 4k with maybe a 32+ inch screen but then it may be too close for a desktop experience. I output to a 4k projector if I truly need color corrected picture quality, plus my old eyes really appreciate the beauty of high res but at a much bigger screen.

I don't get this at all. The only reasons ever not to game at the screens native resolution is

a) due to framerate losses due to pushing more pixels

b) due to poor game designs where the fonts become unread-ably small because they are fixed pixel size instead of scaled.

If your down sizing because of framerate on a 970GTX; that tells me that video cards really aren't ready to push 4K yet.

If your down sizing because of readability and font issues; that tells me that the games themselves aren't really 4K ready yet.

Or perhaps a combination of both issues; depending on which game we are looking at.

Either way, it tells me that 4K isn't really quite "there" yet for gamers.

"May the forces of evil become confused on the way to your house." -- George Carlin

Working...