Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Java? (Score 1) 427

Ugh, are you sure you didn't post this 15 years ago? Swing and SWT have always struck me as a means to create a lot of work for no real platform advantage. If you had some kind of bizarre love for C++, you could just use Qt and be done with it. Hell, when it comes to web development and GWT, those devs bailed and built Angular.js, probably because it tried too hard to abstract away all the fantastic stuff you get using web frontend frameworks. Yes, you can use Struts 2 or JSTL, but by that point, you've pretty much eliminated Java from the whole GUI layer and instead cordoned it off into being your server model and business logic. Data Processing with C++? Java actually does a fantastic job of interconnecting to data sources through jdbc and tools built on top of that. There are plenty of great free libraries for reading/writing loading information. Still, it's not going to shine like something you might see from R or SAS. Restart often with Java? The code is broken. Horrible performance and footprint problems? The code is broken. Find some smarter programmers to lead and gatekeep development. Too many cycles? Developers are rolling Virtual Machines on cloud metal that have lesser virtual machine docker instances which might contain java virtual machines, which actually do a better job at managing memory resources than their parent containers. Java 9 is actually sounding like it will be even be more superior in this kind of application space.

Java can be used well or poorly in pretty much anything. There are specific cases where it's less applicable to more native solutions. There are also a ton of libraries and frameworks within and built primarily for Java. The quality of the frameworks you choose at that level will have more bearing on how well Java does for your use case than simply looking at "Java" or "JEE". Spring is fantastic.

Comment Re:You have to know how to secure a Windows 10 PC (Score 1) 982

I was going to say something something full disk encryption. If you have a SSD there are more requirements in that front. You might have the right hardware and configuration to jump through all the hoops correctly in the Windows world. http://arstechnica.com/informa... http://arstechnica.com/informa... If you have a gaming machine, why not update if just for DirectX? It's a toy. Is Windows 7 getting you anything for gaming? If you're doing serious work on Windows, I feel bad for you. I guess the question is, how many more years of use do you want out of your current setup?

Comment Re:Where does the money come from? (Score 1) 1116

Do this... Take the amount you pay in federal taxes each year... And double it... Then, here's the neat part, get $26k tax free... I don't know why all the kids would be getting this $26k, and that's a rather high figure. Turns out a lot of other programs are unnecessary when you do this. Cut those programs. You could probably balance it at a significantly lower tax increase. You could also eliminate the minimum wage. A large amount of money is lost to theft and waste. Chances are large swaths of our society are working completely pointless jobs that add nothing of value to society whatsoever. If you're completely financially secure, you're probably less likely to try and rob a bank or shoplift. Crime would go down. It's almost like the people doing the work would have to either be paid well or just be happy to be doing the work. Maybe jobs come with fringe perks, like all you can eat burgers...

Comment Re:yes they should (Score 1) 254

I'm not sure it really makes the case go away, it just makes the FBI look really stupid if it works. Be it that he's actually involved in the congressional questioning, I'd say his point is mainly the FBI did not in fact try. I'll throw it out there that the Chinese hardware was probably fabricated at an Apple factory... There's not much legal about copying that hardware... Nor is he really claiming it's something he's the only one coming up with it. While there's literally no nuance in this source article, you'd still have to buy yourself an extra iPhone or two and then plan a trip to China, for the primary purpose of pissing off the FBI... and Apple... There's no heroics involved.

Comment Re:yes they should (Score 1) 254

Zdziarski, author of iPhone forensics, seems to suggest it's quite likely a viable technique: http://www.zdziarski.com/blog/...

Directory Comey made another misleading statement – twice – to Congress yesterday; namely that the FBI has attempted every possibility of unlocking the device on their own, and is even willing to accept input from any experts. Quite the contrary, at least three possibilities have come to light that the FBI has not yet explored:

  • Imaging the NAND flash of the device and trying ten passcodes at a time; when the device wipes, re-flash the NAND with the original image and try again. This technique is done in kiosks in Chinese malls to upgrade your 16 GB iPhone to 128GB for about $60 US. $60 for ten tries, they could pay retail and still get this done for $60,000.

Comment Re:You should already assume this (Score 1) 137

Yes, it bothers me if a company tracks these things. I think there's a certain degree of, if you leave what you're doing out in the open, you should be putting some effort forth to do some things privately. But to the extent of what should matter to a company should be that they can secure their company information and their hardware. I have both a company laptop and phone. Once upon a time I was actively using an iPod touch, a work smart phone, a personal smart phone, a work Mac Pro, a home laptop, a work windows desktop, a home windows desktop, a landline, a work landline, google voice, and a mac mini (and I'm not even counting my wife's devices or various server farms). You should try going through an airport with a load of these. Fuck that shit, they're not tracking me on most things (much less actively), and I'm not running a separate business on their hardware. I'm not going to steal their property. I'd be wondering what my coworkers were doing, tracking my personal movements, and I don't know what business I would have basically stalking my coworkers. In an emergency, it would actually be nice for my employer to track down my location. Phone companies log calls automatically (and give that information to your employer AND THE GOVERNMENT), and there's the "find my phone" when it gets lost. Never mind that conceptually, as a company, you don't really get to call things "ok for not business purposes too" without the potential for it to turn into some sort of Kafkaesque IRS nightmare. I have seen employers that basically want to GPS track their hourly employees though. That would be the time to form a union. I heard that a person lost their job for installing a pornhub app on their phone in the USA after Apple fucked up the data usage. I'd say the employer, Apple, and the phone company were being shitty. At the same time, there's also such a thing as https and privacy mode...

Comment Re:yes they should (Score 1) 254

The thing is, the hardware UID key is software filesystem key. If you can't see the UID, a brute force attack goes from something like ten thousand posibilities to a septillion possiblities. The software filesystem key is stored in effaceable memory. What makes that memory inaccessible beyond someone failing the normal routine and it getting erased? Here's what the iOS security guide says: https://www.apple.com/business...

The metadata of all files in the file system is encrypted with a random key, which is created when iOS is first installed or when the device is wiped by a user. The file system key is stored in Effaceable Storage. Since it’s stored on the device, this key is not used to maintain the confidentiality of data; instead, it’s designed to be quickly erased on demand (by the user, with the “Erase all content and settings” option, or by a user or administrator issuing a remote wipe command from a mobile device management (MDM) server, Exchange ActiveSync, or iCloud). Erasing the key in this manner renders all files cryptographically inaccessible.

So - if you copy that key - that one key that's, "not used to maintain the confidentiality of the data", then prevent the erasing system from working its magic.

Comment Re:yes they should (Score 1) 254

The key is derived from a) a chip on the motherboard, and b) your PIN. The chip is specifically designed so that it ain't gonna tell you it's bit unless the PIN is right. You could probably get the hardware bit of the key by destroying the relevant chip to read it, but if you fuck that up the key is gone forever, and you still don't have a PIN. And the whole shebang kills itself (including the hardware bit of the key that you actually need if you wever want to read the iPhone's data) if you enter the wrong PIN 10 times.

The "Chip" you're talking about is the security enclave which is not on the iPhone 5C. The filesystem key is not stored in the security enclave. If you make a copy of the encrypted memory that stores the filesystem key bit for bit, then you've defeated the erasing system. It's also possible the FBI is terribly incompetent given they have multi million dollar forensic labs that can't figure out how to copy this memory.

Comment Re:You should already assume this (Score 1) 137

Because paranoia, paranoia, paranoia? I mean shit, we are all capable of carrying 10 different devices for 50 different purposes, or you know - a single general purpose computer that maybe shouldn't be monitoring people off active work duty. Is the phone supposed to be part of some sort of ultra secure secret network? Why did it leave the ultra secure secret building? Does it actually make sense from a non corporate brown nosing perspective to actually monitor your employees whilst they take a shit? Secure the device, yes. Secure your own network, yes. But seriously, do employees need to bury their work devices under a rock while they have sex and have bowel movements? Does it really matter if, god forbid, on their own time, home, and network use a general purpose computer they don't own for the purpose of whatever?

Comment Re:yes they should (Score 1) 254

Just because something is encrypted, doesn't mean you can't copy it. What's your source on this unreadable uncopyable "NAND" memory? Even if the filesystem key is stored encrypted by the UID and pin, if you can make a single copy of that encrypted block (and then repeatedly copy from that) - the complexity becomes a matter of brute forcing the pin (not the stronger UID or filesystem key). So, what's the story on this?

Comment Re:yes they should (Score 1) 254

The attack makes sense. The filesystem key is not related to the UID, and the filesystem key is what is erased to prevent brute-forcing, not the encrypted file system on the SSD itself. If you get a copy of the eh, erasable memory (which may or may not be stored on the SSD), then you have the filesystem key. Be it that Apple is very mum about what actually talks to the devices, I don't know where that part of the memory is. Be it that the 5C doesn't even have a security enclave, I don't understand why you wouldn't be able to just find the key and plug in the algorithm. With the security enclave, the phones would be vulnerable to the same attack, but they'd be rate limited by the security enclave meaning a small alphanumeric code could make it impossibly long to get into - but the self destruct system is bypassable.

Comment Re:You'll be disappointed (Score 1) 262

It's almost like the schmucks who are on the the list probably don't give a damn, except the ones who don't belong on the list or who are misidentified as being the ones on the list. Behold, KKK members David Duke and James Smith. Sure, James Smith might be the most common name in the USA, but herp derp KKK herp herp USA USA USA USA.

Comment Re:Should work fine (Score 2) 120

L8NT's patent pending methodology strips the M.A.C. addresses from packet headers and compares them to the M.A.C. addresses of known stolen devices in its database.

OK, so they want to become a patent troll.

It's a cop doing the patenting. I have no doubt he's excited and proud of his "invention". Let's think about this... Not every mom and pop burglary shop has decent IT staff, and they can get caught with said software. In fact, not every mid-sized business has decent IT staff that can make software like this. Furthermore, chances are the cops also don't have IT staff to make stuff (or use existing stuff) and then easily share it with other publicly funded IT staffs. It's almost like there's something of value to be had from dedicated developers and IT services while a large part of the computer illiterate world has yet to catch on.

Slashdot Top Deals

Whenever people agree with me, I always think I must be wrong. - Oscar Wilde

Working...