Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment Re:What could go wrong? (Score 1) 341

We also don't know that the NSA doesn't have sharks with lasers on their heads that can make your phone explode in your hand while you are using it. How is this relevant to the topic being discussed? The possible presence of some (probably minor) cryptographic weakness in asymmetric cryptographic systems doesn't have any impact on the ability of it to secure a device from theft when the useable lifespan of the device is only a few years anyway. And if a break for asymmetric crypto did make it in to the wild, it would be used to compromise banking transactions rather than to unlock stolen smartphones.

Comment Re:What could go wrong? (Score 1) 341

This is why I said it should be able to be turned off by the consumer (with a verified identity) and should require verification by the consumer to unlock as well. A good two factor system would be to have a code that needs to be supplied by the manufacturer to prove their signoff as well as a USB key that would come with the phone that must be plugged in to it for the unlock or disable of unlock to proceed.

This would allow you to prevent the feature from being used on you (as long as the company is willing, which if they weren't, they could simply put a kill switch in you couldn't disable and not mention it) and also puts you in direct control of the ability to re-activate your device after triggering it .

If you look at my example above, I would suggest that the private key of the device be on the USB stick and the company be required to sign it plus a challenge in order to get it loaded on to the device.

Comment Re:What could go wrong? (Score 5, Informative) 341

You are correct that cryptography is not a cure-all to all problems, however, your post goes irrevocably wrong immediately after that. HSM and TPM chips are quite secure and well established. The example problems you suggest are in no way relevant to the conversation at hand since they deal with an entirely different use case of security. As dmbasso was kind enough to point out, I am referring to the use of asymmetric cryptography to allow secure validation of a private key being held remotely. Such cryptography is used all the time (any time you use an HTTPS page) to prove the exact same thing.

The device merely has to hold the a public key for which the legitimate owner (or the vendor) has the private key. If the device is stolen and locked, it is trivial for an HSM to prevent unlock without the private key. It may be possible to circumvent the kill switch by yanking the HSM, but such an operation would likely exceed the black market cost of the majority of phones as it involves painstaking processes such as removing the silicon one layer at a time with a very carefully applied acid bath, and even then, the write once public key address space would be just as secure as any write once kill switch flag that could be implemented.

To prevent re-activation of the kill switch itself (rather than the recovery mechanism) the switch could be tied in hardware to a similar challenge response against a private key held in the device's HSM. To "kill" the device, this private key would be wiped, preventing the device from starting. To re-initialize it, the private device key would be restored by looking for a key signed by the owner's private key.

This is a simple to implement and highly secure system that would be cost prohibitive to work around and also could use available, near off the shelf components to implement.

Comment Re:Alleged Apple patents on Android (Score 1) 249

The point is that participating with an open source project doesn't make it so things that aren't part of that contribution are covered by the license. You can't modify the code without giving out a patent license for your contributions, but just because someone else decides to contribute something that violates your patent and you happen to make unrelated contributions doesn't mean that you authorized someone else's abuse.

Comment Re:What could go wrong? (Score 2) 341

I have less of a problem if they make it a kill switch that can be cryptographically turned off by the manufacturer after verifying the purchaser or even with some kind of a special key that you get with the purchase and keep at home. It should also be something that can be turned off by the end user.

If you can ensure that it can be reverted securely when triggered and can be prevented from triggering by the legit user (possibly using the same mechanism as unlocking a locked device) then I don't see a problem with it, but without those two caveats, there are so, so many thing that could go wrong.

Comment They can't give up control (Score 1) 249

I'm sure that an Android phone made by Apple would be a radical success in the market, but it is unlikely to be successful enough to make up for the vertical integration control that Apple has over iOS. The point of the iPhone and iPad has nothing to do with selling iPhones or iPads. The point of selling them is to get an Apple controlled system in the hands of users which they can then leverage to get money for everything someone does with their device.

They get a major cut of music, books, videos, apps, etc that you get through your phone or tablet, even for ad revenue from free apps. This and access to the information the devices provide is what makes them as successful as they are. This is why Microsoft released Windows 8 on the world (to try and copy the vertical integration through Metro.) And this is why Apple can not afford to release an Android phone, because it would actually harm their bottom line more than the sales would help.

Comment Re:Alleged Apple patents on Android (Score 1) 249

If this were true, then the source for TouchWiz would also have to be released. You are allowed to make proprietary hardware and software without making it part of Android. If they don't alter the OS to include their patents, then it wouldn't release their patents. The point and definition of that clause is so that you can't patent encumber an open source project by contributing code that uses something you have a patent to without promising you won't go after anyone for using your contribution.

Comment Has potential (Score 1) 2219

I'll say my 2 cents is that the new layout has potential. I can understand the desire to move to a more modern looking layout. On the one hand I hate throwing out a good layout for no functional reason, but I also understand the fact that it is kind of a reality of the Internet that you have to look "current" if you want to attract many modern day Internet users. (Sad, but true.)

The main thing I noticed right away was the feature parity issues, particularly the lack of ability to expand and collapse summaries to/from titles. That had a major impact on my ability to use the layout and I switched back to classic shortly after. I liked the overall look well enough, but it seemed to take up a lot more space than the current one, so working on a way to increase information density, if even on a specialized page or something that can be set as an option, would be a great help. It also felt a bit like a move to a blog instead of the much more news site feel the current layout has. (I felt like I was looking at a basic Word Press template with a couple of unique features bolted on.)

The other thing I would encourage is consistent posts like this one when you get different features working. Let us know what you changed, why, how you envision it being useful to us and us a chance to check it out. I come here to view news quickly, so I'm not going to use the Beta while it isn't the fastest way to consume the news, but I don't mind stopping by when there is new stuff that needs looking at by many eyes to see how it is working. Keep the communication open about what you are changing, why you are changing it and how it should be of benefit to people and I think you will see approval of changes increase a lot, particularly if you are responsive to concerns.

Comment Re:Non-Drm'd? (Score 2) 304

I believe you misunderstood me. I'm not speaking in favor of the content creators. I'm stating that if you steal the content, it legitimately says you want their content badly. They are right to think that. Keep in mind that content was pirated before the start of obtrusive DRM. The way to stop DRM is to stop partaking of any content that is DRM protected in any way. This would show that it isn't that the DRM isn't working well enough, but rather than people actually object to the way they handle the content.

Civil rights protestors didn't go in to a restaurant and steal the food, they simply sat in and expected to be served. There is a difference between protesting that which you don't approve of and taking that which isn't yours because you simply don't like the conditions the owner of the content put on it.

Comment Re:Coders (Score 1) 208

Or if you are a software engineer you don't do it the simple, inelegant way that will cause problems a few months down the line. Moving on in to the project manager category, it is expected that some amount of technical skill is sacrificed in the name of developing the business skills needed for the position.

There are two main tracks of progression within the software development field, technical and management. Technical moves up the level of skill and ability to solve complex problems (though sometimes frustrating coders with "unnecessary restrictions" which really translates to things the coders don't like but that have valid reasons when looking at the application as a whole, but which the coder may not realize. Then there is the management track, which very intentionally allows for less technical skill provided that there is also business skill to offset the loss.

You occasionally get rare individuals who understand both deep business and deep technical, but they are a rare breed and not an option for every management position. When you encounter such people, they also tend to do very well for themselves.

Comment Re: Texas Barely Registers (Score 1) 544

That isn't what I'm talking about. I agree that creationism is not science. I agree you can't simply inject unsubstantiated postulation in to a scientific theory. I understand how you got that impression from the overall context of this article, however I am referring more specifically to how one forms the basis for their interpretation of the facts and formulates a theory that they support. It is not inherently bad science to look at how the facts fit a viewpoint that you believe is accurate, so long as you are willing to abandon that viewpoint when the facts speak contrary to it. If we found out tomorrow that some aspect of quantum mechanics didn't work the way we thought, we wouldn't simply throw out quantum mechanics, we'd look for what needs to change to fit our new observations.

A good religious perspective on science can do the same thing, looking for where science supports our understanding of things laid out in scripture and seeking to refine our understanding when there is an apparent conflict. The science is not in improving this interpretation though, the science is always the facts and what the facts support. Until there is substance to support it, it isn't a scientific theory and the existence of God will never and can never be a scientific theory as near as I can tell. Evidence that suggests that things could have happened in a way consistent with the Bible however is a valid scientific theory, in so far as it is talking strictly about the factual observations that support that direction. The cause or reasoning or creator are not part of the theory, only the understanding of the mechanisms.

I'm also not saying that it isn't an exceedingly fine line between willing the facts to say what you want and going where the facts take you, but that's always a fine line in science. I'm also not saying that large portions of "Christian Science" don't often cross over that line, to its own detriment. I personally agree with the thought process that Intelligent Design isn't a scientific theory, however it does have a place in a philosophy class. I also think it is worth highlighting in the presentation of evolution (and scientific study in general) that science specifically doesn't make claims about what it can't measure and possibly just in passing using the fact there are some who view evolution as likely being a random process and there are others that view it as being guided, but explaining that since that isn't testable, science can't really speak to either direction. It is mostly valuable as a lesson on what science can and can't do and helps really clarify what science is.

Comment Re: Texas Barely Registers (Score 1) 544

I'm not talking about scientifically proving the existence of God. I'm talking about producing theories which explain the facts we can observe in a way that is consistent with and helps refine interpretation of the Bible. I will further agree that it is not science to simply say that you think something happened without facts to back it up. What I am saying is that using a religious background as your basis for how you look at the facts and what you think is the most logical explanation of those facts (as long as the facts speak to it and you aren't forcing them to fit) then it is not bad science.

Slashdot Top Deals

Do not underestimate the value of print statements for debugging.