Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:Ship is sinking (Score 2) 121

I hope CyanogenMod continues. Combined with Nova Launcher and some other apps, it makes a very stable, decent platform for day to day use, and a phone upgrade (assuming it has an unlockable bootloader) doesn't mean a UI change.

The alternatives are "meh". At best, I there are people in the XDA forums who are top tier ROM chefs, making something custom that helps a device work quite well, but this can vary on device and how popular (or not) it might be. Most likely it might be a factory ROM, rooted, and debloated, but I'd rather have something built right from the ground up.

Comment Re:DOS was terrible (Score 1) 211

I have seen some add-on security products for both MS-DOS and early Macs (pre OS X) that were pretty good, and were more than just separating users.

The most notable was a product by Casady & Greene called A. M. E., or Access Managed Environment. It allowed for hierarchal management of users where only the top admins could see peers of each other, and everyone else could only see who was lower in the hierarchy. Each permission had a setting of not just allowing or disallowing, but allowing the downstream user to allow their downstream users to set that. It also had very good encryption for its time (DES on the disk, folders, and individual files), as well as the ability to add code to copy-protect or otherwise restrict executing of applications (these were well before the days of signed applications, even applications that checked their own resources for integrity.) It even had features controlling lockout of a user, not just exponential timeouts, but for a very sensitive user, would go and erase files flagged as "sensitive", which ensured a brute force, even if successful, attack would not bring much. It even brought to the table 2FA by giving the option that a user must insert a floppy disk with a nonce file on it, as well as entering their password.

Of course, there was logging, and virtually every action could be set to be placed in an audit log.

Of course, today's user management has replaced the security programs that sat on top of single user, cooperative multi-tasking operating systems, but it is interesting to see how this was added on.

Comment It is a threat, not a weapon... (Score 1) 256

The thing about something like this, it appears to be less intended to replace existing delivery mechanisms, but be more of a means to convey a threat than anything else. If tensions get high, Russia can launch a number of these into orbit, similar to how in a situation where a handgun is pressed to someone else's face, the person holding the gun would pull the hammer back on their revolver to show they mean business, even though a single action pull on the trigger will do the same as cocking the hammer and firing.

Realistically, how dangerous is it? For this purpose, it is an excellent propaganda vehicle. However, I suspect these have multiple purposes, perhaps being able to launch/maintain satellites or other military purposes.

The ironic thing is that these "nuke shuttles" might not be all bad. It might be that they wind up being one of the few craft that can fix research satellites when in orbit, due to the decommissioning of the US shuttle fleet.

Comment Re:"virtual reality cannot completely take over... (Score 1) 100

The thing about theater is the low tech element and the interactivity. It also is a type of acting that is harder than movies. Theater has no retakes, no bloopers. Once a show starts, there are no directors shouting "cut!"... the show runs until it finishes.

Same reason why renaissance faires are popular. Not everyone wants to channel all their entertainment time by using a device.

Comment Re:Cost of Living Tradeoffs (Score 1) 163

It can be odd how places hire. Last year, I had a job interview with a firm where the skinny jeans, white earbuds, full beard and the shaved side haircut was pretty much the standard with everyone in the building. When the interviewer asked me when I was going to grow a full mane to fit in to their team, I knew that my chances of getting the job was nil... so, my response was "because gas masks don't seal over facial hair."

Some tech companies hire on things nothing related to actual competency.

Comment Re:We dont need a better private mode-- (Score 2) 126

I would disagree for the most part. The only real gain we have had would be plain English search engines like Google.

Twitter? That's what IRC is for.
Someone's wall? That is what a .plan file is for and finger.
A blog? Web page.
Local stuff? NNTP groups.
Stuff worldwide? More NNTP groups.
Pr0n? alt.sex.cthulhu

Social networks don't give much other than being one place with a consistant UI. Even worse, unlike USENET where even if someone is a total asshole, their voice is read until people stuff them in the killfile, private social networks have free reign to allow or stifle discussions as they see fit, to the point of trying to affect elections.

Oh, can't forget ads. Before Eternal September, websites had no problem existing without requiring full page, Flash ads which often served up malvertising. Now, so many site owners wring their hands when someone security-minded uses an ad blocker (other than Trojans, malvertising is the #1 source of infections, so it is a matter of security not freeloading.)

tl;dr, there really have not been that many advances since Eternal September that have been actual groundbreaking items. Search engines and analytics coupled with Big Data is the only thing. Everything else is just reinventing the wheel to treat subscribers as the product.

Comment Re:i use tor (Score 3, Interesting) 126

With browser fingerprinting (check it out on EFF's Panopticlick), it really doesn't matter if you use Tor or not.

What I do if I want a stateless session is vagrant up a virtual machine, have it provisioned with a web browser, usual ad blocker software, my bookmarks as a clicky HTML file locally, and use that. When done, destroy the VM. This way, any changes or stuff saved to the VM are toast, and there will always be a different fingerprint every session.

As for protecting my IP, I just use a VPN service. For me a simple proxy is good enough so that ad companies and behavior tracking sites are blocked/stymied.

Comment Re:Too bad the recipe... (Score 1) 474

Agreed. Automation is great, but if the product suffers, what is the point? I have wound up just going to local bakeries for their specials. Their pastries may not survive a direct nuclear hit like Twinkies or Peeps and emerge intact, but they are likely a lot better for you, and taste a lot better to boot.

Comment Re:Better yet (Score 1) 102

Problem is, if you ask a lot of companies why they don't bother with backups or security, you will get an answer along the lines of "security has no ROI", "nobody has made a cent from padlocks except the padlock maker", or something along those lines.

Then they get stung, and what happens is that some worker bee gets blamed for everything, shitcanned, some "security measure" is taken like forcing all AD users to change their password, and life goes on.

Comment Re:Better yet (Score 1) 102

Bingo. NAS offerings are relatively cheap. Both Synology and QNAP offer both snapshot functionality (useful because someone can cd into the snapshot directory to get their pre-fucked files), as well as backups to external drives, other NAS offerings, or the cloud (encrypted on the client, of course.)

Then, add a decent backup program like Veeam for Windows which has the ability to mount a share only when it is using it, to narrow down the window that ransomware can trash it, and this not just functions as a backup, but fits the 3-2-1 rule (three copies, two on separate media, one offsite.) I personally like using two backup programs, one for the whole box like Veeam or Time Machine, and one just for documents like Arq.

Comment Re:From my cold dead hands.... (Score 1) 110

Meh, I'm not so attached to an OS that I'd put my life on the line for it. Classic Shell helps make it more usable, and it does come with some security improvements.

As for Windows OS of choice, if I did have to upgrade, I'd go with Windows Server 2016 when it goes GA. Windows Server 2012 R2 works quite well as a gaming platform, and it ships with everything disabled. Want desktop stuff, you can turn it on after installation. As an added bonus, wbadmin isn't the crippled, worthless version that is found in client editions of Windows, and is useful for a day to day backup utility if one didn't want to run Veeam.

Comment Re:Why should I trust it? (Score 1) 99

The key is narrowing the avenues of attack. An offline laptop that is used with a SD card narrows down the avenues of attack to Stuxnet/black bag attacks, especially if the RF antenna is physically removed. Yes, someone can hit my computer with a keylogger, but that is a direct attack. Someone cornholing an app that does its own encryption and compromising it is a lot easier and done on a far wider scale than someone who is able to attack a program that only runs on endpoints as well as the transport system.

Comment Re:Why should I trust it? (Score 1) 99

This is why you use endpoint encryption like an OpenPGP utility (gpg, openpgp, apg, Symantec's SED, etc.) Then, the transport encryption doesn't matter as much. Ideally, the computer with the keys is offline and some means like a SD card is used to transfer data back and forth.

At the minimum, having endpoint encryption separate means that a bad guy has to compromise two completely different utilities that function in completely different ways.

This isn't a 100% secure method, as OpenPGP doesn't offer PFS, but it does ensure that data is protected with more than just "trust us, we encrypt stuff" promises.

Slashdot Top Deals

"If a computer can't directly address all the RAM you can use, it's just a toy." -- anonymous comp.sys.amiga posting, non-sequitir

Working...