Slashdot Mirror


User: mlts

mlts's activity in the archive.

Stories
0
Comments
5,534
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,534

  1. Re:Noscript wins again on Two Major Ad Networks Found Serving Malware · · Score: 1

    Careful on that. Banks at their discretion can honor the charge, then sting you for big fees, as well as the difference in the amount.

    What you really want is to get one of those disposable cards from your local 7-11 that allow one to load money on it. Then use that card for all your credit card needs. This way, when the value reaches 0, it reaches 0, and no bank can start stinging you with extra fees.

  2. Re:I've seen stuff coming from MSN for quite somet on Two Major Ad Networks Found Serving Malware · · Score: 5, Insightful

    One of my honeypot VMs I use for Web browsing got hit by that when I was visiting a top named site.

    In my experience, now that a lot of users are not just running executables willy-nilly, compromised ad networks serving up malicious pages to try to compromise browsers or add-ons is the #1 threat in my book.

    To drive the point home, I use AdBlock on the main machine I use for Web browsing. I have yet to see a single script related to PC Antivirus. In reality, AdBlock provides more protection than most AV utilities, because once the Web browser is compromised, most AV utilities are completely useless in detecting and stopping that.

  3. Re:The US is not having a "hard time." on 68% of US Broadband Connections Aren't Broadband · · Score: 2

    You hit the nail on the head. Other than 1-2 cities, there is zero increase in bandwidth in the US, but fees are going up. Essentially most people are paying more for their cable or DSL for the same amount of bits flying across per time period as they did when the services were introduced more than a decade ago.

    Take mobile bandwidth for instance. In '06, my mobile phone (although EDGE only) was more than happy to tether. Push a button, and the phone now became a modem. Now, if you want tethering, you pay $10 a gig to AT&T, or you hack your phone and hope Sprint or VZW doesn't catch on and put the boot to your connection. The only "free" cellular provider for this is T-Mobile, and who knows how long they will allow it to continue.

    The ironic thing? Take South Korea or Japan. You can watch any TV show ready to be streamed to you at any moment. The ISPs there have no bandwidth caps, and speeds to a mobile device faster than most cable/DSL speeds. Korean ISPs handle far more data than American ISPs, and they don't whine and wring their hands in front of the National Assembly or the Diet of how the poor customers are using their services forcing them to upgrade.

    While bandwidth for the average American has been stagnant for the past decade unless one is lucky enough to live in an area with fiber to the door, every other country's ISPs are not whining, but rolling up their sleeves, laying fiber and buying the Cisco equipment needed to do the task at hand.

    Will this change anytime soon in the US? Doubtful in today's political climate.

  4. Re:Imperial - Metric on When Computers Go Wrong · · Score: 1

    Of course, no measurement system is perfect, but regardless of measurements, be it kilos/slugs, newtons/pounds [1], or whatever unit, all that matters is everyone uses the unit. This way, no conversions are needed. No multiple sets of tools are needed. No bouncing around AI figures to try to convert stuff. This way, I can buy a case for something from one country made with their measurements and expect it to be the exact size needed to put stuff in from another nation.

    A good example of this (mandatory auto analogy) are trailer hitch tow balls. Here in the US, you have three sizes of balls (1.875 inches, 2 inches, and 2.3125 inches.) In Europe, you have 50mm tow balls across the continent. It doesn't matter if you have a class 1 hitch on a Tata Nano, or a class IV hitch on a full size SUV -- there is no worry about European ball size. Because of this tow hitches bought in France will work with trailers in England.

    If people still use fluid ounces for cans, great. As long as everyone else uses it, so it doesn't have to be converted often.

    All I really ask is that globally there is a standard on one set of measurements. Metric, Imperial, who cares. All that matters is that I ask for "x" amount of something with "x/y/z" dimensions, and the other people are able to get that.

    [1]: I'm being pedantic here -- weight != mass, so a kilo of mass wouldn't directly compare to a pound of weight.

  5. Re:Reasons on Apple Quietly Drops iOS Jailbreak Detection API · · Score: 1

    Rootkits do this every day. This is done by one of two ways:

    1: Know what wants to be sent up and send those exact numbers. Say something demands the MD5 sum of file foo... instead of doing the check of the file, the software just returns that sum.

    2: Keep the original files stashed somewhere and report on those numbers.

    The way to protect against this is having a chip with access to the whole filesystem, and that can run independently of the main OS. If it detects unauthorized modifications, then zero out the baseband or the OS so the device doesn't work until reinstalled, or short out something on one of the critical chips so the device is permanently rendered inoperable, then have it covered by some clause like "this device has the ability to disable itself if unauthorized modifications which can affect critical lines of communication are detected."

  6. Re:Wait, what? on Chrome OS Doesn't Trust Apps Or Users · · Score: 2

    ChromeOS is likely different because it isn't a device, but we are definitely going down a slope here. If a device did do the things I mentioned (including blocking the IMEI of the device from ever connecting to cell networks), ordinary news channels would dismiss it as "anti-hacker measures taken to ensure integrity of hardware devices".

    This type of shoe has already dropped in the console world. Ask the people whose XBox has been dropped from XBL, or the PS3s which get dropped from PSN. It isn't far-fetched for cellular carriers to start banning devices by IMEI who phone home and reported tampered with (either jailbroken or rooted). Since almost all devices are locked to the carrier, it effectively renders the device unusable unless one has Wi-Fi access everywhere. The justification for this banning likely would be spelled out as: "We remove devices that have had their functionality altered by unauthorized user modifications which could damage or prevent critical emergency network communication."

    Yes, this sounds tinfoil hattish, but it is going to be the next battleground in the lockdown/jailbreak war, especially since jailbreaking has been found to be legal. Yes, jailbreaking may be legal, but cellular providers can kick devices they detect as jailbroken/rooted [1], and refuse to provide service.

    [1]: It can be really easy to detect jailbroken/rooted devices. A download to a Cydia repository perhaps. Or a purchase made from an Android store of DroidWall or Titanium backup.

  7. Re:Wait, what? on Chrome OS Doesn't Trust Apps Or Users · · Score: 0

    An agreement with Google. It isn't farfetched for carriers or device manufacturers twisting Google's arm and demanding that they have the ability to flag or ban accounts of suspected jailbreakers.

  8. Re:A little problem... on Chrome OS Doesn't Trust Apps Or Users · · Score: 1

    If I had to trust Google more than I trust Joe Sixpack on the same WAN "segment" not to get his box compromised and turned into a botnet client (which makes for a staging platform for spam/DoS/attacks against my stuff)... I'll trust Google. Having people who download "coolpr0n.exe" locked down from ever installing anything is a benefit to the Internet as a whole.

    However, if I had to choose between my stuff and what runs on the hardware I spent money for, I trust my admin capabilities more than what Google assumes I know. At least if a competent admin drops the ball, he or she deals with it, rather than just blaming someone else as a knee-jerk reaction.

  9. Re:Wait, what? on Chrome OS Doesn't Trust Apps Or Users · · Score: 1

    Google may be doing Jobs's path though. First only allowing Web apps and getting that locked down, then eventually adding an App Store, and a mechanism for apps to run securely. I can see ChromeOS sporting the userID protection that Android has, but also sporting a DroidWall like mechanism for only allowing apps to communicate to machines specified in their manifest list. For example, a game company's offering would only have access to their servers and Admob.

    If this offering started sporting native apps, and a UI that is decent, it might be a good desktop replacement for the Aunt Tillie crowd.

  10. Re:Wait, what? on Chrome OS Doesn't Trust Apps Or Users · · Score: 1, Insightful

    I'm almost sure that will be the case. I can see third party ChromeOS device vendors not just kernel signing, efuses, or autoreinstalls, but doing one or more of the following:

    1: Keeping a manifest of all executables and having a process (kernel or user space) that kills with a -9 anything whose name, inode, and path isn't in on the guest list.

    2: Throwing a hardware switch to brick the device (true bricking, as in blowing out sections of the BIOS chips) if the OS thinks its tampered with.

    3: Autobanning people's Google accounts who have custom ROMs.

    4: Keeping a list of who is rooting the machines, then hitting them with DMCA/ACTA charges in large busts covered by the media done all on one day (think Operation Sun Devil). Of course, jailbreaking is legal for now, but ACTA is going to be the law of the land in the most of the world soon.

    What I fear that may end up happening is that the only ChromeOS device that will allow custom OS modifications will be the reference ones that Google does, similar to how Google phones are the only unlocked Android devices (ADP1, ADP2, Nexus 1, Nexus 1S) available commercially.

  11. Re:Wait, what? on Chrome OS Doesn't Trust Apps Or Users · · Score: 5, Insightful

    Reading the design docs, having an oem-unlock switch is a nice compromise between keeping Joe Sixpack from getting compromised by malware, then blaming it on Google/device maker's lack of security versus allowing a clued user to do what he or she wants.

    With this in mind, one thing that would be nice to have are offline apps. This way, a glitch in Internet connectivity would not mean a corrupted term paper.

    I just have one concern though -- the fact that everything you do is stored in the cloud. This means zero privacy. Even with the lack of privacy now, if an application started sifting through Word documents and uploading them to an ad agency, there would be Hell to pay. However, one can't have any assurance that someone isn't doing this when all the docs are stored remotely. There is a fundamental rule, "don't put anything on the Internet that you don't want everyone, including your worst enemy to know." So, trusting a cloud service with everything you do may have negative ramifications later on.

  12. Re:Business vs Open Source on Ex-Sun CEO Warns Oracle of Death By Open Source · · Score: 3, Insightful

    What Oracle should have done is start hitting the R&D, and start offering SPARC and x86 hardware with enterprise friendly features. Open-sourcing Solaris would get more people onto that environment, be it college students, or others who want to test stuff out.

    If Oracle hardware supported even a fraction of some of these, they would still be head to head with IBM for the enterprise market, and not being squeezed in a vise with IBM hardware (zSeries and pSeries) on the high end, and commodity x86 on the low end:

    1: ZFS. ZFS could have sold Oracle hardware once it started being able to handle the enterprise slings and arrows. Sun could have added hooks for hardware, so things like rebuilding a failed HDD could be done on a lower level and not bother the CPU with I/O.

    2: VM capabilities. Zones and LDoms should be an integral part of the hardware a long time ago, as it is on the IBM POWER7s. Add hooks for moving VMs between physical machines while the VM is still running (vMotion essentially), and high availability, and this will bring the enterprise dollars.

    3: Get college friendly, like the Sun of old. The students who imprint on the Oracle hardware with day to day work will be the ones speccing out the big machines later on in life.

    4: Start making backend systems with applications where there is a need. For example, a way to get some type of solution that is 100% compatible with Exchange. This way, E-mail and messaging can run on SPARC hardware, and that would get it into enterprises where only x86 machines go now. Another example is document management, like Adobe's LiveCycle. Hardware will not sell unless it has applications on it. Databases are just one facet of enterprise computing.

    5: Differentiate from x86 hardware. IBM does this by having reliability as one of their selling points. It isn't uncommon to see 99.999% uptime on POWER hardware, and mainframes pretty much guarantee this.

    6: Start working on more R&D with Internet protocols. Sun pioneered the landscape with NIS, NIS+, NFS, and many other protocols. Most are antiquated now, but they were better than nothing.

    7: Start doing security innovations. For example, consider having NIC cards that have independent packet filters in them. This way, an attacker would have to compromise the NIC card (with a hardened hardware attack surface) before they could get access to the machine. DoS attacks could be handled by the NICs leaving the machine unscathed. More points if an IDS/IPS is built in. Solaris has come a long way with regards to security, but it doesn't hurt to keep advancing.

    8: Work on new hardware projects. Take IBM's ZTIC. This is a simple device, but greatly ups the ante on bank fraud and ID theft. Oracle needs to work on projects like that.

  13. Re:Keep the Cores; Make Them Faster on Oracle To Halve Core Count In Next Sparc Processor · · Score: 1

    Oracle could have always gone the route IBM did with the POWER7 chips and have the best of both worlds. With Power7, you can turn half the cores off. The remaining cores will use the cache on the counterparts that are off, and the clock speed gets a decent bump.

    This is what Oracle should have done -- if someone is doing a task that is easily split up into parallel parts, or using a lot of domains/VMs, allow for this. If they need more oomph per core, have half the cores flip off, and the others use their cache.

  14. Re:Sony is already working on it on Gamers Abandoning DS, PSP In Favor of Smartphones · · Score: 1

    The most I'd pay for a game for a phone is about $15. Square-Enix has some great RPGs for about $10 that are worth every penny for the iPhone. If people charge $50 for a game, I'm not bothering, as there are plenty of games just as good or better, most being 99 cents.

  15. The $50 question... on Google Launches Nexus S Phone In UK and US · · Score: 2

    Will it be rootable with the oem-unlock command? That is one of my biggest criteria -- ease of rooting and making custom ROMS for the device.

  16. Re:The simpler OS on the more powerful hardware? on Keeping Google's Consumer OS Options Straight · · Score: 1

    If Google is going this route, they may be a bit presumptuous. Bandwidth is not going to increase with cellphones that much, and where you see it increase, large fees are tacked on (like VZW's LTE offering, or Sprint's WiMax.)

    If Google can get providers to get 20Mbps LTE Advanced without charging $10 a gig, this might be a workable solution. However, as of now where the going rate for bandwidth is $10 a gig, it just won't fly presently.

  17. Re:Android's privacy questionable on Gentlemen Prefer Androids, Ladies iOS · · Score: 1

    Apple is in the advertising business. iAd is a centerpiece of the 4.x iOS system, and Apple slurps up a lot of info to hand to advertisers.

    Android is not just all Google's creation. Google did change the architecture some by having each app run as a different user, but in a twisted way, Android can be considered another Linux distribution, and Linux has been handling the slings and arrows of security issues on the Internet since '91.

    Want to block advertisers on Android? Grab Droidwall off the Android Marketplace and go to town. If you have a hosts file to block ad domains, just add it to /system/etc/hosts and let the OS do the rest.

    When it comes to trust, I trust Android more than iOS for the simple reason that virtually all of Android is open source.

  18. Re:What really happens on Gentlemen Prefer Androids, Ladies iOS · · Score: 1

    Java is good for security. It takes a lot more for a Dalvik VM app to get out of the sandbox and start executing native ARM machine code, then find a way to get out of the per user access granted it. This is why almost all rooting exploits happen through ADB where native executables can be run.

    With a JIT compiler in Android 2.2, Java's performance loss is little to none, and to boot, security is gained because of the sandboxing. One can see the end result of this -- there are no pure Android apk files that can root the device, while iPhones were jailbreakable by just visiting a website.

    Is Android's way better than the iPhone? This can be argued endlessly. The reason why the 600MHz iPhone is smoother than Android devices is usually due to the fact that Android lets the apps background however they want to, while iOS kills them unless they are using a specific function or API (like playing music.)

    The good news is that while Apple's phones advance in lock step each year in the early summer, Android devices improve constantly. It wasn't that long ago when 300-500 MHz was the standard. Now 1-1.5 GHz devices are common with a solid amount of RAM and internal storage. Supposedly it will get better when devices start going multi-core (multi-coring will definitely improve responsiveness at the minimum), and sporting GPUs.

    So, in the way of architecture, Android does a good balance between performance and security.

  19. Re:It just works. on Gentlemen Prefer Androids, Ladies iOS · · Score: 4, Informative

    What is ironic is that Android is more standalone and can fend for itself. The only times I need to connect an Android device to a PC for stuff other than charging is when I am copying nandroid and Titanium Backup backup files from the SD card to the PC for safekeeping, or loading MP3/AAC files onto the device for music. Android phones take care of app updates, OS updates, essentially everything by themselves. To boot, the PC the Android device connects to can be *any* OS that can handle USB drives. I can hook the phone to a USB port on an IBM Power Systems 795, then use AIX to mount and copy the files from it.

    iOS devices not just have to have a desktop box to sync to, it has to be either OS X or Windows, and an OS that is in constant connection to the Internet, especially come OS updates for SHSH validation. iOS devices are also designed to be attached and synced often to iTunes.

    So, in this respect, Android is a lot better.

  20. Re:Mac suit women and gays on Gentlemen Prefer Androids, Ladies iOS · · Score: 1

    For some, the difference in price is worth it, especially if one isn't tech-savvy and wants customer service that can speak their native language and be able to interact with someone without being on hold for 3-4 hours. If someone depends on their computer for their income, the difference may be worth it.

    If someone is quite tech savvy and can build a PC with ease, then the added Apple cost for solid service may not be something they would use.

    This is assuming just the Mac hardware and generic PC hardware being covered.

  21. Wonder how locked down this device will be on Playstation Phone "Zeus" Revealed · · Score: 1

    I wonder how locked down this device will be. Will it deny sideloading like Android devices on AT&T, or will it completely deny access via the ADB mechanism?

    I'd consider buying it if it was easily rooted (Android's antipiracy mechanism is completely separate from the presence/absence of root, unlike iOS.) However, if it was so locked down that an adb shell command was an impossibility, I'd just mark the phone as unsuitable for human consumption and continue on.

  22. Re:What's wrong with the beep? on Rear-View Cameras On Cars Could Become Mandatory In the US · · Score: 1

    I remember hearing one of the backup systems with someone who had a window down and backing into a parking place:

    beep....beep....beep...beep...beep.beep..beepbeepbeepbeeeeee*THUNK*

    Still managed to nicely hit a cement wall behind the vehicle.

  23. Re:Oddly on Rear-View Cameras On Cars Could Become Mandatory In the US · · Score: 1

    I'd like to see a feature that I see on higher end pickup trucks/SUVs -- when the car is put in park or the key taken out of the ignition, the mirrors automatically fold up, and will fold out when the vehicle is started or put in reverse/drive. This way, one doesn't have to walk to the other side to manually unfold a mirror, or even more annoyingly, find out it is still folded when trying to get down a busy highway.

  24. Re:STOP on Rear-View Cameras On Cars Could Become Mandatory In the US · · Score: 1

    I'd love to see more driver's education, but it likely won't happen. Unlike Europe, a car is the only way to get to most places, because of the woefully inadequate mass transportation options in most of the US. So, the bar is set very low to get a driver's license.

  25. Re:STOP on Rear-View Cameras On Cars Could Become Mandatory In the US · · Score: 1

    The problem is that you know how to drive. You know how to pulse the brakes just right to get a vehicle to stop. I'm not being facetious, but I'm sure you are one of the people that are an asset to driving.

    However, take a look at the average American driver. I've seen people I've passed eating Moon Pies and reading a newspaper, using a leg to keep the wheel steady. This is not uncommon either, and these are the sober drivers. These are people who will panic brake, and fishtail their vehicle off the road. ABS saves their derriers because they just slam the brakes and the computer does the work for them.

    Because of idiots, car makers have to put in idiot resistance. Thus traction control that can't be disabled without yanking fuses, rev limiters, drive by wire systems that go "huh?" when you slam on the gas, and other crap to save the driver from himself.

    MPG is also ironic. One doesn't need a true hybrid system to save a ton of gas. Just beef up the starter motor and its battery enough to handle moving the vehicle for short distances, so at a light, the main engine can be turned off, saving good amounts of gas.