Helvick - Slashdot User

Submission + - iPhone 3Gs Encryption Cracked in 2 Minutes

Submitted by Anonymous Coward on Friday July 24, 2009 @05:11PM

An anonymous reader writes: In a Wired News article, iPhone Forensics expert Jonathan Zdziarski explains how the much touted hardware encryption of the iPhone 3Gs is but a farce, and demonstrates how both the passcode and backup encryption can be bypassed in about 2 minutes. Zdziarski also goes on to say that all data on the iPhone — including deleted data — is automatically decrypted by the iPhone when it's copied, allowing hackers and law enforcement agencies alike access the device's raw disk as if no encryption were present. A second demonstration features the recovery of the iPhone's entire disk while the device is still passcode-locked. According to a similar article in ARS Technica, Zdziarski describes the iPhone's hardware encryption as, "like putting privacy glass on half your shower door," he told Ars. "What, pray tell, is the advantage in that?" with the iPhone being sold into 20% of Fortune-100s and into the military, just how worried should we be with such shoddy security?

Submission + - Next Data Center Bottleneck: RAID Controllers (enterprisestorageforum.com)

Submitted by

storagedude

on Friday July 24, 2009 @03:35PM

storagedude writes: "Interesting article — suggests that most RAID controllers are completely unprepared for solid state drives and parallel file systems, all but guaranteeing another I/O bottleneck in data centers and another round of fixes and upgrades. What's more, some unnamed RAID vendors don't seem to even want to hear about the problem."

Comment Re:STV (Score 5, Informative) 154

by Helvick on Sunday April 26, 2009 @04:05PM (#27723197) Attached to: Irish Reject E-Voting, Go Back To Paper

The Irish STV implementation also has to redistribute so called "surplus" votes.

Since it features multiple candidate constituencies the amount of votes required to get elected is not a simple majority but a quota defined by the Droop formula (Total number of valid ballots/(Total number of candidates +1))+1. Ballots for candidates who exceed the quota have a surplus and that surplus gets redistributed according to the next preference on the ballot. The exact mechanism for choosing the actual votes that comprise the surplus amount is random and those randomly selected votes are then transferred as full votes to the next preference candidate. So when a candidate has 10000 votes with a quota of 8500, 1500 ballots are chosen at random and the preferences in those ballots are used to transfer them to the remaining candidates in play. For situations where a candidate gets a surplus on a second count (ie including transferred preferences from an eliminated candidate or from surplus votes from an earlier elected candidate) only the ballots transferred at the last stage are used when selecting the surplus votes to be transferred.

These shortcuts were introduced to speed up manual paper counts but they meant that the task of comparing an electronic count to a paper Voter Verified Audit Trail (VVAT) presents an interesting problem. In order to be able to fully and accurately validate the electronic count the VVAT records would have to be able to be tied exactly to the sequence of the electronic votes (so that each electronic record could be tied to each paper record and the random selections for surplus redistributions could be matched up). One solution to this would be to remove the shortcuts for electronic voting but that would have meant moving to e-Voting entirely as they could not use two different counting methods in different constituencies. So they had to implement an e-Voting STV counting mechanism that followed the same rules as a paper count would. Not hard to do but this then led to a further issue for those of us arguing for a voter verified audit trail for any e-voting system.

One of the Irish Government's least silly arguments against any VVAT for e-Voting was that such a capability might be compromised and could result in someone figuring out exactly how (some) individual voters had voted. Since the Irish constitution explicitly specifies that parliamentary voting must be secret this was something they were very much afraid of - it's notable that since the constitution does not explicitly require counting votes to be accurate (it only implies this) they were less concerned about that. Anyway that's how it seemed to me when I met them about the issue - they didn't say it as bluntly as that but they were terrified about the potential secrecy problems but only worried about the potential for "small" errors.

The real problems with the Irish e-Voting debacle had very little to do with the complexities of an STV count - they were the same as they were\are in most other counties though. The machines in question were provided by private companies, closed and not adequately tested by properly independent security professionals, the vote tabulation software was also closed, similarly unavailable for inspection by independent specialists and most worryingly it was never available any significant period of time ahead of any given election as it had to be rewritten for each count. The lack of a voter verified paper audit capability (which could have been implemented safely despite the concerns described above) meant that the systems could be attacked\compromised\fail in ways that could materially affect an election without being detected. In the end though few of those problems led to the current Government's decision to abandon the problem, they finally got fed up with the political and financial costs associated with fighting to keep the project alive and they gave up. I'm pretty sure that many of the Government Ministers and civil servants involved still think that the Nedap\Powervote e-Voting system was perfectly fine.

Journal Journal: Centralized Systems = Large Problems

Journal by doom on Saturday March 10, 2007 @05:03AM

Annalee Newitz questions whether it's a good idea to store your life on someone else's servers: Data crash of 2027: "... this situation is worse than potentially being data-raped by some feds trolling for terrorists. When we store all our personal, financial, and social information on other people's computers, we risk losing everything for reasons even s

iTunes Staffers Becomes Music's New Gatekeepers 79

Posted by ScuttleMonkey on Saturday March 10, 2007 @04:29AM from the are-you-the-keymaster dept.

WSJdpatton writes to mention The Wall Street Journal has a look at how Apple is shaking up the world of music retailing. "Apple -- now one of the largest sellers of music in the U.S. -- offers home-page placement in exchange for things such as exclusive access to new songs, special discount pricing or additional material such as interviews with stars. Most other big retailers, digital and physical, also seek exclusive offerings, but Apple is especially aggressive and has outsize clout when it comes to the slightly out-of-mainstream music it often emphasizes."

Submission + - BBC reports Skynet going live

Submitted by rowleyrw on Saturday March 10, 2007 @03:14AM

rowleyrw writes: The BBC are reporting "The British military is set to take one of its most significant steps into the digital age with the launch of the first Skynet 5 satellite. The spacecraft will deliver secure, high-bandwidth communications for UK and "friendly" forces across the globe." It's not yet the Skynet of Terminator, but how long before it becomes self aware :-)

Why Is "Design by Contract" Not More Popular? 178

Posted by Cliff on Saturday March 10, 2007 @02:45AM from the puzzling-outcomes dept.

Coryoth writes "Design by Contract, writing pre- and post-conditions on functions, seemed like straightforward common sense to me. Such conditions, in the form of executable code, not only provide more exacting API documentation, but also provide a test harness. Having easy to write unit tests, that are automatically integrated into the inheritance hierarchy in OO languages, 'just made sense'. However, despite being available (to varying degrees of completeness) for many languages other than Eiffel, including Java, C++, Perl, Python, Ruby, Ada, and even Haskell and Ocaml, the concept has never gained significant traction, particularly in comparison to unit testing frameworks (which DbC complements nicely), and hype like 'Extreme Programming'. So why did Design by Contract fail to take off?"

Samba Success in the Enterprise? 149

Posted by Cliff on Friday March 09, 2007 @02:30PM from the asking-for-your-experiences dept.

gunnk asks: "We've deployed a Samba server here to replace some aging Novell Netware boxes. It works great: fast, secure, stable. However, we have one VIP that feels that Samba is 'amateur' software and that we should be buying Windows servers. I've been searching with little success for large Samba deployments in Enterprise environments. Anyone out there care to share stories of places that are happily running large Samba installations for their file servers? Or not so happy, for that matter — better to be informed!"

Building an ODF Intranet Portal? 19

Posted by Cliff on Friday March 09, 2007 @09:45AM from the how-would-you-do-it dept.

jeevesbond writes "I have been doing some feasibility work on creating a FLOSS Intranet Portal for ODF documents; the first task is to find existing projects that already provide some of the required functionality. The requirements are: version control — including diff and merge capabilities for ODF; integration with OpenOffice for check-in/out as a starting point; a Web-based CMS for group sharing of files (preferably one that can be extended to perform other tasks); and network authentication for the CMS (so users don't have to login twice). The eventual aim is to be able to bundle all this up in some way: 'apt-get odf-portal', for instance. Which FLOSS tools would you use for this job? How would you handle diffs and merges for ODF documents?"

In France, Only Journalists Can Film Violence 531

Posted by kdawson on Tuesday March 06, 2007 @06:54PM from the possibly-intended-consequences dept.

BostonBTS sends word that the French Constitutional Council has just made it illegal to film violence unless you are a professional journalist (or to distribute a video containing violence). The law was approved exactly 16 years after amateur videographer George Holliday filmed Los Angeles police officers beating Rodney King. The Council was tidying up a body of law about offenses against the public order, and wanted to ban "happy slapping." A charitable reading would be that the lawmakers stumbled into unintended consequences. Not according to Pascal Cohet, a spokesman for French online civil liberties group Odebi: "The broad drafting of the law so as to criminalize the activities of citizen journalists unrelated to the perpetrators of violent acts is no accident, but rather a deliberate decision by the authorities, said [Cohet]. He is concerned that the law, and others still being debated, will lead to the creation of a parallel judicial system controlling the publication of information on the Internet."

Milky Way's Black Hole a Gamma Source? 100

Posted by kdawson on Tuesday March 06, 2007 @04:56PM from the high-energy-pinball dept.

eldavojohn writes "A paper recently accepted for publication (preprint here) proposes a sound explanation for the source of the gamma rays that permeate our galaxy. The Milky Way's central object Sagittarius A*, widely believed to be a supermassive black hole, is now suspected to be the source. To test this theory, two scientists created a computer model to track the protons, flung outward with energies up to 100 TeV by the intense magnetic fields near the event horizon, as they make a random walk through the plasma environment. It can take thousands of years for them to travel 10 light-years from the black hole, where they collide with lower-energy protons to form pions. These decay into gamma radiation emanating from a torus-shaped region around the central object."

Major Broadcasters Hit With $12M Payola Fine 222

Posted by kdawson on Tuesday March 06, 2007 @04:19PM from the pay-for-play-no-no dept.

Gr8Apes writes with a just-breaking AP story reporting that the FCC is wrapping up a settlement in which four major broadcast companies would pay the government $12.5 million and provide 8,400 half-hour segments of free airtime for independent record labels and local artists. The finish line is near after a 3-year investigation. An indie promoter is quoted: "It's absolutely the most historic agreement that the independent community has had with radio. Without a doubt, nothing else comes close."

U.S. Senators Pressure Canada on Canadian DMCA 466

Posted by Hemos on Tuesday March 06, 2007 @01:20PM from the the-creeping-fingers-problem dept.

An anonymous reader writes "The U.S. copyright lobby brought out some heavy artillery last week as it continued to pressure Canada to introduce a Canadian DMCA. U.S. Ambassador to Canada David Wilkins gave a public talk in which he described Canadian copyright law as the weakest in the G7, while Senators Dianne Feinstein and John Cornyn wrote to Canadian Prime Minister Stephen Harper to urge him to bring in movie piracy legislation."

NASA Can't Pay for Killer Asteroid Hunt 398

Posted by Hemos on Tuesday March 06, 2007 @12:11PM from the anyone-raid-the-coffee-fund-money dept.

CGISecurity.com writes "NASA officials say the space agency is capable of finding nearly all the asteroids that might pose a devastating hit to Earth, but there isn't enough money to pay for the task so it won't get done. 'We know what to do, we just don't have the money,' said Simon 'Pete' Worden, director of NASA's Ames Research Center." But hey, it's just the potential end of the world, so nothing much to worry about there.

Microsoft Attacks Google on Copyright 188

Posted by Hemos on Tuesday March 06, 2007 @11:34AM from the how-is-blistering-is-blistering dept.

The Microsoft Corporation has prepared a blistering attack on rival Google, arguing that the Web search leader takes a cavalier approach to copyright protection. The attack, such as it were, came from Microsoft's Associate General Counsel who was giving a speech to the Association of American Publishers...who have a copyright lawsuit against Google for the last sixteen months. So, an audience ready to hear about how Bad Google is.

Slashdot Top Deals