Slashdot Mirror


User: mlts

mlts's activity in the archive.

Stories
0
Comments
5,534
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,534

  1. Re:US Cellular sells naked android 2.1 on Devs Grapple With 100+ Versions of Android · · Score: 1

    Even though the N1 didn't work in the market, I wish Google would put out another ADP that is completely unlocked, with an up to date CPU, RAM, and other stuff (perhaps with 32-64GB onboard, so the SD card can be used for backups.)

    This is no fault of Google or Android. Blame the phone makers and the carriers for actively throwing in roadblocks to prevent their devices being updated. Even the early Android phones can (slowly) run 2.2. The reason why phone makers sign kernels and such is that they believe that it will get people to toss their old phone and buy a new one instead of updating the OS. Problem is that people are stuck with the phone for 1-2 years, get irritated that their device cannot run modern apps[1], and either move to iOS (where even the original iPhone still has almost all apps written for it), or with Windows Phone out, perhaps that, assuming apps remain compatible with the phones, which historically they have, until this release.

    [1]: App developers are tending to just not bother writing for 1.6, and devices like the Samsung Behold 2 (which were released in December of last year) won't be upgraded past that, ever.

  2. Re:I know why.. lack of standardization on Huge Shocker — 3D TVs Not Selling · · Score: 1

    We will see a standardized format when we see a new version of HDCP and another DRM stack coming our way.

  3. Re:I predict more are going to jump ship from Micr on Microsoft Admits OpenOffice.org Is a Contender · · Score: 1

    I'm probably going out on a limb here, but when I had to do a 100+ page paper before I graduated college, the one tool that Word 2007 had which was indispensable was the citations/Manage Sources database. I could drop citations in that and it would keep track of everything automatically, formatting the works cited page in exactly the MLA [1] format. Because Word 2007 made keeping track of hundreds upon hundreds of citations reasonably bearable, it has become my word processor of choice.

    [1]: Since one of the profs was a MLA associate, MLA format was not good enough. It had to be the proper MLA formatting style of the current year, or else it was an automatic letter grade off before the paper actually was read.

  4. Re:I can't wait for PC gaming to "die" on Why Warhammer Online Failed — an Insider Story · · Score: 3, Informative

    I just wonder if that might be something the big names are wanting -- a big crash like '83, then they will be able to blame "piracy" [1] for all their ills and get ACTA ratified with more Draconian "anti-piracy" measures like self destruct chips, hardware DRM stacks, and the like. Remember the INDUCE act of '06?

    The big names will whine and bitch about how the poor pirates are eating their lunch. In reality, all that does is give them the mandate to make ever more exotic DRM stacks with a game attached to it, lobby Congress, and have excuses for crappier and crappier content with more and more essential stuff as DLC [2]. We used to be pissed about late beta quality games. Now we are ending up with early beta, or alpha stuff being shipped with *one* patch if lucky, then the game is forgotten about.

    I completely agree -- the computer game industry needs an enema. However, people would rather have their Sims sequel or play known IPs as opposed to actually trying something that is new. At least in its heyday, Origin Systems always had new IP even with sequels. 10 years from now, I know we will have a Sims 4 or 5, a Madden 2021, something Halo based, and sequels for all the mainstream FPS games, so we can hear some 13 year old kid spluttering obscenities 24/7 just as well in the future as now. Only difference will likely be DRM systems nastier than we ever dreamed of. Perhaps LensLok + activation + mandatory online connection + a hardware dongle that would fry the motherboard if any protection got compromised [3].

    [1]: Even on a platform that had a 0% piracy rate, sales were pretty low on the PS3 compared to other platforms, so that is a good judge of how really the game industry is doing without them able to drop a smokescreen on numbers.

    [2]: I'm just waiting for games to ship essentially with nothing but a DRM stack and everything past the title screen be DLC. Even though someone spent $80 on a game, they have to pay $20 more if they want to actually purchase the character they will be playing and name it. $20 more actually gets one past the first chapter. The cost will be justified as "Movies cost $20 per chapter to watch. It should be the same with games."

    [3]: I remember companies hawking dongles in the '90s that had capacitor arrays to discharge into the user's motherboard if the dongle thought it was being bypassed. I'm sure this technology will be back.

  5. Re:got spyware? on Careful What You Post, the FBI Has More of These · · Score: 4, Interesting

    I have seen two people in Austin misconstrue Castle Doctrine. The first was someone who shot someone who was entering a neighbor's house. The second was someone who tried to shoot at another driver due to road rage.

    Both people are facing heavy duty felony prison terms.

    To get a concealed weapons permit in Texas requires to take (and pass) classes and be able to at least hit a target which shows that you know which end the bullet comes out of. These classes include knowing that discharging a firearm can bring a lot of charges, even if it is plinking in the air for a new year's celebration. Shooting at a person will be an attempted murder charge, and an assault with a deadly weapon charge on the spot unless there are real special circumstances (self defense, defense of property).

    Don't assume Texas is a gun happy, lawless place. Yes, we have concealed carry laws and castle doctrine, but judges here will throw the book at anyone who does not follow the CHL laws to the letter. And yes, even the type of handgun is considered, as there is a CHL for a revolver, and a CHL for a semi-auto.

  6. Re:My solution on Cyber-criminals Targeting Online Gaming Websites · · Score: 1

    Knoppix should be in every person's toolbox. I use it for recovering systems, as well as zeroing out drives and partition tables before installing an OS.

    However, that is a good point: If you need to do something without leaving a footprint on the system, or have all persistent data be moved to an encrypted (LUKS or TC) storage medium, Knoppix excels at this.

  7. Re:Myth of stupid people... on Survey Shows How Stupid People Are With Passwords · · Score: 1

    Very true. However, there is a rule in safecracking; the safe is important, but the critical thing is the lock on the safe.

    Yes, AES-128 is uncrackable if all other links in the chain are strong. But usually they are not. Brute force password resistance must be put in, AES must be implemented right (not ECB.)

    1Password is a good utility. It supports a PIN, and a master password, and will erase contents if either is typoed more than 10 times. However, if stored on a machine without any physical control, there is a chance of it being brute forced. Ideally, you want one security barrier before an attacker can start guessing your passwords, either a device where it is physically hard to get info out, stored on a private computer, or the encryption key is XORed with a keyfile that is stored elsewhere before use.

    For example, if I store a TrueCrypt blob on box.net, I'm not going to just use a passphrase. I am going to use some type of keyfile or keyfiles so "mere" password cracking is not going to succeed.

    In summary: Passwords and passphrases are the protection of last resort. You always need another layer of security between your data (even encrypted) and the rest of the world. By storing database files on a remote server with no SLA, you have zero clue who can access the info, so it is prudent to have additional security.

  8. Re:Distinction without a difference? on GM Criticized Over Chevy Volt's Hybrid Similarities · · Score: 1

    You hit the nail on the head. This is the one reason right here that hybrid technology should be in all vehicles if possible.

    This isn't high technology either. I remember a friend with a PT cruiser that had the engine shut off, and at low speeds, the car would actually move forward if the gas was pressed slightly by the starter motor. More pressure on the accelerator, and the engine would fire to life.

    Just having cars that are stopped or at low speed not consume fuel would save a good chunk of pollution.

  9. Re:Another security article boils down to one thin on Cyber-criminals Targeting Online Gaming Websites · · Score: 2, Insightful

    AV programs tend to be easily bypassed. Instead, use what the parent suggested, but add AdBlock, IP blackholing, sandboxie, BetterPrivacy, and other items. These utilities will do a better job for keeping the Web browser from being a vector of infection than any AV software out there. If you need AV for Windows, grab MSE and call it done. If really paranoid, run your browsing in a VM that rolls back all changes.

  10. Re:Myth of stupid people... on Survey Shows How Stupid People Are With Passwords · · Score: 1

    The thing I worry about password programs is security on remote machines. If an encrypted password database sits on the iPhone or a private computer, that is one thing. However, when it sits on a remote server where one has no clue how secure it is, it would be nice for the app to provide additional security, because there isn't that layer of physical protection.

    Some possibilities include a passphrase that is stored on the phone and computer, but is required for decryption on the remote server, a random nonce stored on the appmaker's backend server tied to an app's install ID (there is the BackApps service which stores this) and the password file stored on Dropbox. This means a blackhat has to compromise two remote sites to obtain the info.

  11. Re:Forget the robot on Robots Guarding US Nuclear Stockpiles In Nevada · · Score: 1

    Depends on Hummer. A mini-H1, sure. That is a decent vehicle made for military use and downscaled from 24 volts to 12 for its electrical system. A true Hummer also uses diesel, not gasoline, IIRC.

    A H2 or H3... no thanks. Better off with a Suburban, Tahoe, or a Silverado hybrid. Instead, perhaps a Jeep Wrangler?

  12. Re:Moral of the story: never click through on Cybercriminals Shifting To Bugat · · Score: 1

    Very true. I'm sure there is anti a lot of things. However, even with code to detect Sandboxie or VirtualPC, just the fact that all writes are redirected to a safe location and that it runs in a user context with no ability to get to anything administrative locks out almost anything it could do, other than try to fill the filesystem, RAM, or process space.

  13. Re:Not westinghouse on Economy Puts US Nuclear Reactors Back In Doubt · · Score: 1

    Very true, but a reactor that ran for five years in the 1960s doesn't mean we could move that technology very easily to modern day production. Toshiba and other companies have been working with modern tools to get reactors made in the real world and out of labs for decades now. Here in the US, the only reactors that have been developed and put into use are the ones in Navy vessels, and research reactors for cold neutron experiments.

    It would be cool to see the MSRE knowledge used in the real world. However, we might be better off contracting with companies who have been hands on with thorium reactors on a day to day basis, other than relying on data from the 1960s as our starting point.

  14. Re:Moral of the story: never click through on Cybercriminals Shifting To Bugat · · Score: 1

    If you don't set up a VM, I highly recommend sandboxie and running your browsers inside of that. It isn't as secure as a VM, but it can be configured to disallow anything but the Web browser to make outgoing network connections, and can be told to only run stuff in a sandbox as a limited user without admin authority. Plus, sandboxie can disallow stuff that normally would download and run from executing at all. This, coupled with the fact that all writes are redirected ensures decent protection against malware while Web browsing.

    Of course, if you go the VM route, don't forget to turn on redo logs and/or snapshotting as well as make the stuff in the client run as a limited user. This is another hoop for malware to have to jump through before it gets a chance to attack the VM/hypervisor proper.

  15. Re:Not westinghouse on Economy Puts US Nuclear Reactors Back In Doubt · · Score: 1

    We will have to license expertise from foreign companies, such as Toshiba, to get thorium reactors off the ground.

    However, the good thing is that these are one time expenses. Once we get over the research hurdles, we can focus on building reactors to size, be it 2-10 GW reactors needed to keep a city powered up to smaller ones buried beneath buildings as failover power in case the grid drops, to megawatt reactors that are coupled with desalination plants and large pumps so desalinated water can go from the Pacific inland via large pipelines to areas of the country needing it for agriculture.

  16. Re:Distinction without a difference? on GM Criticized Over Chevy Volt's Hybrid Similarities · · Score: 2, Interesting

    Don't forget traffic. One drunk driver ramming a semi off the road can cause a 2-4 hour delay, perhaps more if the semi is carrying toxic materials. Not factoring some time for cases like this may cause having to be towed off the highway (and some cities like Austin charge a hefty fine for stalled vehicles on freeways regardless of cause.) Germany is even worse. Run out of gas for any reason, and it is a fine.

  17. Re:They have bad ideas on GM Criticized Over Chevy Volt's Hybrid Similarities · · Score: 1

    What is ironic is on the huge trucks at quarries, they use a large ICE engine which powers a generator. The generator powers the wheels which all have electric motors. The reason for this is that the driveshaft needed for the immense torque required if done mechanically would be huge, and would snap instantly.

  18. Re:Attempt to delaying uptake of competing product on GM Criticized Over Chevy Volt's Hybrid Similarities · · Score: 1

    70mph will get you run off the road here in Texas where road speed limits can go up to 80mph (129 kph).

  19. Re:Which OS? on New Tool Blocks Downloads From Malicious Sites · · Score: 1

    Suitable warnings are actually a science in how to do it right. Do it wrong, and you end up with what happened with UAC or "firewall" programs, where the user just has their eyes glaze over while they repeatedly twitch the "Allow" key, even if one of the messages was, "Allow malicious.sh to run dd if=/dev/zero of=/dev/hda?"

    What is ideal is to try to minimize the warnings, but when it comes time to, have it be something the user is going to stop, read, and maybe ponder for a sec if it might be something they wanted to do. For example, if one is doing a normal operation on the backend of TSM (Tivoli Storage Manager), and a dialog pops up asking to confirm deletion of a storage pool and everything in it, unless this was intended, the cancel button would be nailed almost immediately.

  20. Re:Is this another Windows-only problem? on New Tool Blocks Downloads From Malicious Sites · · Score: 1

    I'd give the credit to OS X for helping here. OS 9 and previous had more than their share of viruses for them.

    OS X is not significantly more secure [1] than other commercial UNIXes (like AIX, Solaris, and Linux), but that the UNIX architecture is a great improvement over the days of having your application calling WaitNextEvent() unless you wanted to hang the box.

    [1]: It does have some good security features built in. The SELinux-like mandatory access control functionality is a definite step in the right direction. This would be great if combined with Safari to ensure that a compromise of the browser != compromise of a user or the machine.

  21. Re:Interesting... on New Tool Blocks Downloads From Malicious Sites · · Score: 1

    Don't forget that Linux programmers and admins don't shit where they sleep unlike Windows ISVs. This isn't MS's fault, but it is because Windows is the "default" computing platform for the mainstream. There is some esprit de corps on Linux, OS, Solaris, and AIX, where admins will work proactively and stop a would be intrusion in its tracks. UNIX users also tend to be in better communication with each other, so the time a sysadmin reads about a security issue, finds an emergency fix or workaround and patches it, then patches it with the official fix, is short. Some OS vendors actually E-mail admins on a daily/as-needed basis about holes so they can start doing work immediately about it.

    This ecosystem doesn't happen in Windows. One reason is that other platforms have to have as good or better a rep for security than Windows, else they get dropped for Windows. This means that the OS vendor, ISVs, and end users will have more active cooperation so what gives them their paycheck isn't yanked out from under them. Especially now, where "one cannot get fired for buying Microsoft" is a core IT slogan in most companies these days.

  22. Re:What the fuck on New Tool Blocks Downloads From Malicious Sites · · Score: 1

    Even if a browser is free of holes, add-ons are always an issue.

    Ideally, there needs to be protection from the OS on up. This way, the OS puts the browser in a jail, VM, or sandbox, separating browser instances (windows, tabs) from each other. Since the instances are in different contexts, a browser window to a bank is not affected (or data changed in transit) by a browser window to a blackhat site that has executable code to execute in the browser's context. Techniques like copy on write from the browser memory image will help in this case, although there is always the issue of multiple browser instances deleting bookmarks (or changing them to redirect to blackhat sites) and doing crap with cookies. Of course, one can have all the jailed browser instances communicate with a "database server" that takes their read/write/delete requests for bookmarks, autosaved passwords and cookies, but that would take some engineering to sort out legit requests from a compromised instance zapping everything.

  23. Re:Prior art on New Tool Blocks Downloads From Malicious Sites · · Score: 1

    I'd rather have it part of the OS. Almost all the functionality of antivirus programs should be at a lower level, although having signature scanning and the host based IDS available from different vendors will make it harder for a blackhat to make a "one size compromises all" piece of malware.

    Ideally, it would be nice to have some features as part of the OS, including (but not limited to):

    IP blacklisting. Of course, stuff can be whitelisted, but having the ability for a machine to grab a database of IPs that would be blocked at the kernel level would prevent malware from phoning home if it didn't have admin/root access.

    An IDS. False positives would drive users batty, of course, but it would be something more knowledgeable users would be able to turn on.

    Sandboxie, or the ability to redirect writes to a dedicated folder. This way, some malware thinks it has admin rights and can take its toll on the machine, when in reality, all it is doing is crapping in its little playpen, and not infecting the machine. This is a feature that should be in all operating systems and enforced from the hardware level up. This wouldn't be true virtualization, but just enough to an application can read from the OS and its filesystems, but allow all writes to be redirected to an undo log.

    And of course as the ultimate step against malware, all operating systems need backup and restore functionality. This includes snapshots (so open files can be saved), encryption, synthetic fulls (so users don't have to care about full/differential/incremental), and so on. Ideally, OS media shouldn't even be needed for a bare metal -- after a confirmation that even Joe Sixpack will understand, the BIOS should be able to kick off the restore process.

  24. Re:Prior art on New Tool Blocks Downloads From Malicious Sites · · Score: 1

    We have those solutions (BlueCoat for one). However, most of the infections don't come from sites with good network security admins that have the budget for those appliances. Some malware gets past the firewalls (likely someone deciding they can tether their corporate PC to their cellphone and download pr0n that way) hits a company with competent network admins, the IDS blows, then the offending machines will be booted off the switch and shunted to a remediation server so fast, the bits will fly.

    The infections come from Joe Sixpack with his cable connection, no firewall except for the Windows default (which perhaps he or malware switched off), an expired antivirus subscription of whatever was on the PC when he bought it from the Big Box store, and Joe's absolute lack of caring about security whatsoever. These are the people that keep Best Buy in business when Geek Squad has to go over to someone's place every 3-6 months and put a new OS on the machine (charging for a new copy of Windows).

    Joe Sixpack doesn't care to spend money on security, which is why his machine isn't behind a home router. He just wants the minimum it takes to drool over the nudie pics, send E-mails to buds, and get himself banned off of chat channels. The money he should be spending for security he would rather spend on more Bud Light six packs.

    BLADE and such are good, but this technology needs to be pushed onto Joe and be made part of the os. This way, he sees a dialog that the boobie site he is looking at is trying to download something to his computer and kick off an executable. At least here, he will call someone up who might half a clue and several more teeth to ask about it before clicking "OK" and crushing another can of the Silver Bullet on his forehead.

  25. Re:Which OS? on New Tool Blocks Downloads From Malicious Sites · · Score: 1

    What is ironic is that Microsoft is doing exactly just this in Windows 8. Software will come from a store/repository. So, if a user wants a copy of SuperDuperPooperScooper, they will just look it up on the store, have it downloaded and installed. Couple this with signed executables and a big warning before running executables that were obtained from other than that store, and it will help reduce the dancing bunny problem. Not completely eliminate because the pr0n sites with their "pr0n viewer codecs" will have step by step directions to disable this, but at least it will be something in place.