Slashdot Mirror


User: mlts

mlts's activity in the archive.

Stories
0
Comments
5,534
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,534

  1. Re:PEBKAC on Web-Users Fall For Fake Anti-Virus Scams · · Score: 1

    Quis custodiet ipsos custodes?

    We all want to take root away from Joe Sixpack whose machine pollutes our corner of the Internet with botnets because he cannot be separated from his nudie pics, so he installs any and all "codecs" and "viewers" imaginable.

    However, someone has to have admin authority. Do we trust Apple and Microsoft 100% with it? Do we trust the cellular carriers or the phone makers 100% never to do anything like pushing out code behind our backs, or removing features to charge for them?

    This can't be answered in black or white. Probably the best system is shipping the machine locked down, with a way to unlock it for people with a clue. However, how high this speedbump needs to be to keep Joe Sixpack in the walled garden can be debated. Some would say that a warning dialog after entering a command at a command prompt is enough. Others think a physical switch that allows developers to write on ChromeOS hardware is good. Still others think that doing the OLTP method and having users register with the distributer for an override key is the best. Of course, there are those who believe no user ever should have root/admin in any way, shape or form; and just sit down, shut up, buy, and obey.

  2. Re:PEBKAC on Web-Users Fall For Fake Anti-Virus Scams · · Score: 1

    You don't want that. Having "licenses" to surf the Internet means it is easier to have people's access pulled if they are suspected of a copyright/trademark/patent violation. It makes it easier to yank access to people or even whole groups, then answer questions later.

    Instead, operating systems should primarily install software from repositories. Web browsers should never be the interface where users download programs. Instead, they should be pointed to the application on a known good repository (if on a UNIX), or a store (if on Mac/Windows), and download/install it from that. This way, if someone is asked to install some dubious antivirus, it won't be present on a store (either not approved, or the store admins would have pulled it), as opposed to getting binaries from anywhere there is a website.

    Of course, this doesn't mean locking things down where the only way to get things is from a store or repository. However, having this be the default will make getting stung by drive-by malware a lot harder.

  3. Re:he just says Jobs is powerful on Apple the No. 1 Danger To Net Freedom · · Score: 5, Interesting

    There are a lot of companies where accusations can be leveled at for limiting Net freedom. Apple is scary to some because it hits people at the endpoints; a place that is normally open. However, if you lock down the endpoints where people can access the Net, it is a lot easier to get revenue streams in and in the future, censor those who are not liked.

    However, it is like no one snowflake saying it caused the avalanche -- name a cellular device maker who has made devices less restrictive than 1-2 years ago? Motorola has the eFuses, The HTC G2 reinstalls, Apple's and Microsoft's offerings are closed. In fact, there is really only one open phone out there available in the US (Nokia N900).

    So, I wouldn't just blame Apple. I'd blame the cellular carriers forcing phone makers to add more and more user hostility into their devices.

  4. Re:And they expect to sell those phones? on Windows Phone Permanently Modifies MicroSD Cards, Warns Samsung · · Score: 1

    Don't forget backups if the device is nandroid capable. I fire off a nandroid backup to the SD card, copy the SD card to the PC. Then, in the future if I scrozzle my phone's ROM, a restore is quite quick and not just gets me back the ROM, but all my saved settings.

  5. Re:Maybe it is a problem with the Windows formatti on Windows Phone Permanently Modifies MicroSD Cards, Warns Samsung · · Score: 1

    WM 6-6.5 encrypt on a file by file basis, storing the keys in some file in Windows\System in the main memory. The advantage of this method is that the filesystem on Windows only sees .menc files that are readable by the keys stored with that device.

  6. Re:Permanently modified? on Windows Phone Permanently Modifies MicroSD Cards, Warns Samsung · · Score: 1

    I'd hazard a guess it is a mere volume span as opposed to anything exotic like RAID. This way, the SD card can be of any capacity.

  7. Do we want DRM on the platform? on Why There's Still No Netflix App For Android · · Score: 4, Insightful

    My question is, do we want DRM on the platform? Slippery slope here -- First it will be to protect movies. Then it will spread to apps, and then to critical parts of the Android OS, which makes it easier for cellular carriers to force device makers to lock their phones down.

    We have enough issues with lockdown, especially the fact that there are -zero- [1] Android phones shipping in the US that have the ability to support custom ROMs.

    I'll pass on the DRM. Netflix can stream and cache or roll their own solution in the apk so it doesn't affect the whole phone.

    [1]: Of course, you can get a N1 or something else via import, but no US cellular carrier sells an open phone, and the only phones Google sells are ones that are antediluvian in nature when it comes to Android versions.

  8. Re:I agree, the chevy volt is not a EV on GE To Buy 25,000 EVs, Starting With the Chevy Volt · · Score: 1

    It is far from perfect, but it is start in the right direction. I'd rather see *some* progress, even if it something like the Volt in the way of plug in hybrid, as opposed to just nothing but yammering; the same yammering and bickering we have had since 1972 about energy issues when OPEC gave the West the finger.

    Yes, the ideal would be a completely electric car, with awesome supercap batteries that hold as much energy per volume and per weight as gasoline, and no ICE engine to speak of. But the technology isn't there yet. So, there have to be compromises, and auto engineering is all about compromise, mainly because engineers have to take in account so many variables (unsprung weight, safety, idiot resistance [1], materials cost, cost to build.)

    If you like the Volt, by all means buy it. If not, there are plenty of other vehicles out there. Yes, the Volt is more expensive, and $10,000 is equal to 45,000-100,000 miles depending on MPG. However if someone wants a vehicle that is groundbreaking, it may be worth it. Don't forget the other benefits hybrids offer. Hybrids generally do not run out of fuel at stoplights or heavy traffic [1]. This right here would save a lot of gas [2].

    As for maintaining the batteries, time will tell. Batteries are batteries, and I know from experience that laptop batteries need to hit the recycler after a couple years. However, auto makers help compensate for this by having "extra" capacity, so when the battery packs start losing their capacity, it is not a factor for a number of years (10+). Of course, a hybrid with dead, expensive batteries after 5-10 years will kill its resale value, but this is what people are aware of before buying a hybrid, just like a diesel vehicle can't use premium unleaded.

    Your concerns are completely valid; if one did the math, it makes perfect sense. However, cars are not about math, elsewise everyone would be driving Yugos and Tata Nanos. If someone wants to buy a Volt or Prius, more power to them. This is valid research that must be done and if they are willing to help shoulder the cost to get the automotive industry off of dino juice, it benefits us all.

    [1]: During the last hurricane that made landfall near Houston, there were cars still on the roads when the thing hit because of people running out of gas. Of course, the people with the Insights and Priuses whose vehicles didn't burn much while idle were eventually able to drive down the breakdown lanes to freedom.

    [2]: It doesn't have to be a high tech hybrid either. It could be as simple as beefing up the starter motor to allow a vehicle to inch forward on that for short distances before kicking on the main ICE.

  9. Re:This is cool, but not revolutionary... on Auto Industry's Fastest Processor Is 128Mhz · · Score: 1

    My bad. Although I'm sure some people wouldn't mind inducing pure (non denatured) ethanol from something for reasons other than fueling their car.

  10. This is cool, but not revolutionary... on Auto Industry's Fastest Processor Is 128Mhz · · Score: 3, Interesting

    128MHZ for a rugged CPU for automotive use is a good thing, but clock speed is just one of many factors. TFA was a tad light on information and worded as an ad (which is to be expected from GM's press website), but other than just mentioning vague details and the fact that Freescale made it, this doesn't really mean much without factoring in other details.

    Will this mean the 2011 Regal will be leaps and bounds over the 2010? Yes. How much is debatable.

    Will this matter in the total scheme of automotive technology? Not really. ECMs have been improving each year, so the 2011 Regal may have a bump in the control CPU's clock speed, but perhaps some other car maker would have a different architecture in place (multiple modules controlling different functions such as PATS/antitheft, O2 sensor, fuel sensor [1], etc.)

    Will other car companies have improvements in their technology? Assuredly. Ford has some new engines going in the mainstream line of vehicles. Other vehicle makers may be bringing diesels to the US.

    The big question in all of this: Is there a car example I can go on here?

    [1]: I'm sure all cars in the US will eventually be going Flex-Fuel (talk about bumping gasoline from 10% to 15% is happening in some places here in the US), so having the circuitry in place to handle varying amounts of ethanol will be crucial.

  11. Re:Time to move to a repository system? on Android Holes Allow Secret Installation of Apps · · Score: 1

    There is also the fact that Google will yank the app off the market and in extreme cases, kill it from handsets, especially if it is malicious. For sophisticated users, Google's store works well.

    Appbrain, as well as other tools such as Droidwall are the staple of a /. user. However, what we consider not an issue is totally different compared to the average people buying these phones and who will be dictating future sales. You are a clued person, or at least post as one.

    However, the people buying the phones won't know AppBrain from a zombie's brain. They will think DroidWall is a rendition of a Pink Floyd album on a synthesizer. These are the people who will flip through the app store, install stuff blindly regardless of permissions asked, then when they get stung, will be screaming to the press how it is Google/$PHONE_MAKER/$CELLULAR_CARRIER's fault, and how those companies should have protected them. It is unfortunately common for people to blame anybody but themselves for their own actions.

    Google has a good thing going. If they went to a completely closed store model, it would ruin Android as a platform. However, it can't hurt to go to a tiered system so for someone to get nailed by malware, they actually have to do an action (even if it is just checking a box) to leave the walled garden behind. This way, if they do get nailed, Google can point to the disclaimer and show that the end user was the responsible party who decided to install un-approved software.

  12. Re:Time to move to a repository system? on Android Holes Allow Secret Installation of Apps · · Score: 1

    The problem with that is that there are ways around that. If I can have my app phone home, then I can install a proxy on the receiving end to allow connections anywhere on the Internet. If my app plays music, then I can do nasty things from random farts to other things. Microphone access? I now have a bug 24/7 which can either stream in real time, or save the compressed sound for transmitting every so often when the device isn't used.

    Your idea of a failsafe permission set is good; I'd like to see an app carry four sets of permissions: A minimum set to run at all, a minimum set to run with decent functionality, a set to run with full functionality, and maximum permissions (since a Web browser would never need some permissions such as root access.)

    The good thing is that Google can do the best of both worlds; they can have a closed environment with apps scrutinized for potential holes, but still offer apps (with the ability to pull the bad ones) with just a checkbox separating people from those.

  13. Re:Time to move to a repository system? on Android Holes Allow Secret Installation of Apps · · Score: 1

    Exactly. Google has a decent app store. However, I'd like to see the default be a store that is vetted, perhaps even the same store, except just showing apps that have been checked over and approved (perhaps with an additional fee for the time to approve.) Then offer an option right next to the one to install from ADB to use un-approved apps.

    This way, Joe Sixpack (whom we all know and love) will tend to stick in the walled areas where there is far less chance of him downloading malicious software.

  14. Re:Here's the solution on Tide of International Science Moving Against US, EU · · Score: 4, Interesting

    How about we add onto that -- everyone knows sports heroes and rock stars contribute far more to a society than advances in the hard sciences and engineering. We all know that 300 years from now, Justin Bieber's song lyrics will be immortalized and will become a must study for every student in future times, while the advances in graphene, memristors, and biofuels are absolutely meaningless and will be forgotten in ten years.

    It is far more important for high schools to have the football stadiums, and as big, if not larger Jumbotrons than the rival. Far more important than funding science labs, or hiring and retaining competent staff. Woe to the school district that doesn't have available skyboxes for parties during the Friday night games.

  15. Time to move to a repository system? on Android Holes Allow Secret Installation of Apps · · Score: 4, Interesting

    As mentioned before on /., Maybe Google should consider moving to a repository system. By default, Android devices should have a repository where apps are vetted, Apple App Store style. Of course, have the ability for a user to easily turn on the second repository (which would be the current Google App Store) for items not found on the "blessed"/default repo.

    This has worked for OSS projects for over a decade. It should work quite well for Android.

  16. Re:Year and a day? on Palin E-Mail Snoop Gets Year In Prison · · Score: 1

    This reminds me of one class in criminal justice 101 when someone asked exactly this. The answer pretty much was:

    It all depends on the prison and the jail. In some places, a jail can be just boring with the cellie being a DWI or someone who got caught peeing in some bushes, while a min security prison can have lots of things for prison labor, be it furniture, metalwork, license plates, etc. Other jails can be bullpens where people are tossed in into a room-full of gangbangers looking to "blood in", similar with prisons. In general, the worse the economy and the more populated the area is, the rougher the incarceration time will be.

  17. Re:Yeah right. on Why Unlocked Phones Don't Work In the US · · Score: 1

    Reading the spec, now that is something that falls under the "what a concept" category. USB 3, DisplayPort, 1.8-3.6 amps, everything one basically needs for present and future use.

    Now, if we can get more device makers to use this spec. It may not be classy, but having this and a MicroUSB adapter would be great. Back stuff up via nandroid via one adapter, then stuff it on a car cradle for music accessible via USB or BlueTooth for the commute.

  18. Re:Why should they? on Why Unlocked Phones Don't Work In the US · · Score: 1

    T-Mobile service is good, and they have excellent plans. However, I really wish they offered better phones. Verizon gets the flagship Android phones.

    What T-Mobile might be able to do is capitalize on developers and technical people. If Google makes another Nexus phone that is made to be rooted and have custom ROM images, put it under the T-Mobile label.

    I doubt it would be a big segment of the population, but I wonder how well it would work for T-Mobile to have the image of "freedom", as in selling N900 type devices (Maemo/Meego), ROM unlocked Android devices, etc. If they had a HSPA+ network that had decent throughput and didn't nail people with the random fees that the competition does, they would have a hit on their hands, especially if they offered deals for Android developers.

  19. Re:Yeah right. on Why Unlocked Phones Don't Work In the US · · Score: 1

    One of the reasons that devices moved from the mini connector to the micro connector is that the spring connectors on the micro USB connector are on the cord, as opposed to the device socket. This way, when they break due to enough insertion/removal cycles, the springs break on the cord and not on the device, as cords are almost always more easy to replace than sockets soldered to a motherboard.

  20. Re:Yeah right. on Why Unlocked Phones Don't Work In the US · · Score: 1

    Devil's advocate here: It would be nice to see a connector that provides not just a connection, but enough structural integrity to support a device's weight. This way, it would be possible to make a standard dock that a device can just drop into, be it in a car, by a computer, or wherever.

    This is one of Apple's selling points. I see 30 pin connectors for Apple devices on TVs, built into some PC cases, as a part of car audio systems, on boom boxes, etc.

    There is nothing wrong with USB, but it would be nice to have a connector that any device can plug into as a docking station.

  21. Re:Why? on Can Windows, OS X and Fedora All Work Together? · · Score: 1

    Citrix ICA client?

    One way you can keep your MS products, but have the OS of choice on the desktop is to have a set of terminal servers [1] and a terminal server application on your Linux boxes or Macs.

    [1]: Make sure not to skimp on RAM and CPU with terminal servers. A lot of terminal server places tend to do this, then everyone complains how shitty terminal service is in general, when in fact it is really due to poor capacity planning.

  22. Re:Time for IBM to work on the ZTIC successor? on Targeted Attacks Focus On Economic Cyberterrorism · · Score: 1

    The difference between Cronto and other apps that run on a phone versus a ZTIC is that the ZTIC is a very simple device and only does one function in life.

    Because of this, it is a lot harder to compromise, than a targeted attack that compromised cellphones, and PCs, which makes multiple factor authentication moot.

    We can look at smart cards. Yes, they have been hacked sometimes, but I have yet to hear about someone being able to pluck a key out of any recent cryptographic token without access to a chip fab. Earlier eTokens could be pried apart and logic probes used, but a remote attacker won't have that available. So, the chance of remote compromise on a dedicated cryptographic token that does nothing but that task is almost nil. Not that it could be done, but it would be very hard.

  23. Re:Time for IBM to work on the ZTIC successor? on Targeted Attacks Focus On Economic Cyberterrorism · · Score: 1

    It is because the consumer pays for it in the end anyway. For businesses, security has no ROI, so beyond the basic PCI-DSS 2.0 standard, businesses gain nothing by offering better security. Banks don't really care. The credit card makers have it factored into the fees charged merchants, so the fees go up.

    Lets say some organization (so people can't say "OMG, it's backdoored by 'x' government or organization") made a generic ZTIC like key. It would have a serial number on it, and a few buttons to help aid pairing. It would be flash updatable via a signed/encrypted ROM that had enough flash space to copy the update. This way, the flash of the BIOS would be atomic (done or rolled back.) It would have the fingerprints of all the organization public keys in its BIOS, so even if a certificate was forged via the SSL tree, it would know if it was fake or not. CRLs could be issued also on the fly just in case.

    If someone gave or sold a device for a nominal fee, it would change the landscape of security as we know it. Even stuff simple as an E-mail account, where someone would be prompted on the device if they wanted to send a message, make profile changes, or whatnot would win battles in the war against spam and ID theft. Similar if an eBay account prompted to confirm address changes on a device, or confirm/decline listings.

    The key with this device is to keep it as simple as possible. It should just show a lot of detailed text, with a detailed confirm/deny and the consequences for such actions.

  24. Time for IBM to work on the ZTIC successor? on Targeted Attacks Focus On Economic Cyberterrorism · · Score: 4, Informative

    Maybe its time to work on better out of band authentication and confirmation devices.

    Take the IBM ZTIC that plugs into a USB port, and communicates encrypted from the device itself to the bank, just using the computer as a passthrough. This is what needs to be worked on, and maybe banks should start handing these out to customers. This way, even if an end user's computer is infected, their bank account couldn't be logged into without the device, and even if someone was to gain access upon logging on, all bank transfers would have to be confirmed on the ZTIC, so a quick transfer of funds would be caught and denied.

    Applying this to MMOs, maybe the ZTIC device to confirm character transfers or deletion, as well as be needed to confirm logging on.

    The advantage of using the ZTIC device over a cellphone for this is that the ZTIC device is simple -- it isn't a full fledged computer like a cell phone, and only does one task. Of course, exploits might be found, but the attack surface for this device is a lot smaller than a general purpose machine.

  25. Re:This brings to my mind... how do you store stuf on Digital Archaeology Show Reveals 'Lost' Web Sites · · Score: 1

    If there is a bad batch, then the archivists would have four dead hard disks on their hands, and no data.

    Optical had the promise of near infinite life. However as time went on, oxidation and bit rot showed that often this would not be true. I am sure there is a way to do burned CDs that have a long archival life, but it would require far better manufacturing tolerances and processes than we have now to ensure that oxygen doesn't seep in along the edge of a layer, or even UV "weld" rings so if oxygen got in from the hub or edge, it wouldn't propagate to the other parts of the disk.

    LOCKSS as mentioned by one poster is one idea, but really, life of data begins and ends with the lowest layer. If the way stuff is physically stored is not stable and long-lived, there are only so many bandaids that can be applied, and so much error correction code that can be slapped on.

    I remember holographic storage being touted for this, but it seems that we hear an announcement, then nothing. There has yet to be a holographic storage product. Tamarak tried in the early 1990s. InPhase Technologies had products announced, but never shipped a single drive and got faceplanted last February.

    So, essentially we are where we were 20 years ago. We have hard disks, flash memory, optical storage, and magnetic tape. Yes, all four technologies have matured, but there hasn't been anything revolutionary.

    Long term archival needs more than just shuttling data between formats and making sure the data moved is intact. We need to be able to decode formats. For example, .MOD files. Who has a player for those these days? Does one find an A500 in an attic, and analog hole any files like that? Essentially, we need a PDF/a -like format for not just text, but audio and video.