Slashdot Mirror


User: mlts

mlts's activity in the archive.

Stories
0
Comments
5,534
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,534

  1. Re:Permanently brick sort of like permanently dead on Motorola Says eFuse Doesn't Permanently Brick Phones · · Score: 4, Informative

    This sounds exactly like it is on the CLIQ. In the past, if you were not careful with modding, you will end up with the phone bootlooping until you put the phone in USB recovery mode, and flash a signed SHX file. Now, you can most likely use nandroid and pull back to the last backup.

    This bit people big time when a new radio ROM was available for upgrading, and people upgraded to it with a rooted/custom ROM, one had to reflash (losing root). Of course new ROM fixed the RAMDLD exploit that was used to root the phone in the first place.

    Luckily, on the CLIQ, there was a ROM that had ro.secure set to 0 that was signed by a vendor. This allowed for a recovery image to be flashed, and new ROMS pushed to the phone. Had this not been the case, I'm sure it would have been an uphill battle to get the phone re-rooted, and likely people would have moved on to other platforms and not bothered.

    All and all, this isn't great news, but it is better than having devices be rendered unusable until sent to a Motorola repair depot.

  2. Re:Field of extraterrestrial defense? on Aussie Lasers To Stop Satellite Collisions, Death · · Score: 1

    Now, here is something I'd like to see... someone being able to make a way to deorbit space debris in a way so other objects are not at risk at that orbit level.

  3. Re:After enduring all that vitrolic on Droid X Self-Destructs If You Try To Mod · · Score: 1

    My concern is that (again, if this is true), one company starts with this, everyone else will follow suit. Like how airlines are going gung-ho over fees. I'm sure that even if HTC doesn't want to lock down their devices, they will be forced to by carriers in order for them to sell more phones.

    Right now, it is easy -- just avoid one or two companies when buying phones. However, it won't be good for the modding scene if HTC is forced to start doing dirty tricks as well.

  4. Re:Not a good idea, Moto and Verizon... on Droid X Self-Destructs If You Try To Mod · · Score: 2, Interesting

    That is an interesting article. It essentially means that Motorola is giving developers the middle finger and telling them to go elsewhere. Perhaps that is good advice. I'm sure HTC will be happy to sell phones.

    Since the Droid X does not have a hardware keyboard, there are really no reasons to bother with it over a N1, unless you want a Verizon phone, and there, HTC offers the Droid Incredible. Sprint has the EVO as well. If you like T-Mobile or AT&T, just get the N1 model that works on their 3G band.

    Since Motorola has expressly said it doesn't want the business of developers, that is just fine. It just means that Moto phones will end up being on the hind teat when it comes to being compatible with apps.

  5. Re:Yes, and... on Droid X Self-Destructs If You Try To Mod · · Score: 1

    This is assuming this is true on release phones, and not pre-release models (which might have some self destruct feature for trade secret reasons.) Moto has been slimy by signing bootloaders on the Milestone and others, but I want to suspend judgment until there are concrete and reliable reports about blown Droid X phones. There is a good possibility this may be a rumor, similar to the one about iPhones phoning home if jailbroken.

  6. Re:Ouch on Droid X Self-Destructs If You Try To Mod · · Score: 3, Insightful

    Don't forget that Motorola phones only have a few die-hards working on ROMS. Compare the forum for the CLIQ on modmymoto.com to the ones for HTC devices on xda-developers. The iPhone also has a big jailbreaking/modding scene, and I'm sure there will be a bunch of cool apps on Cydia once iOS 4.1 comes out and is jailbroken.

    If I were to buy an Android phone, I'd go with an N1, or the "official" Google stuff. Second choice will be almost any HTC device because they actually put out source and tools to help with modding.

  7. Re:Yes, and... on Droid X Self-Destructs If You Try To Mod · · Score: 2, Interesting

    Certain handset makers want their phones to have a short lifetime. I'm sure the handset maker views it if the phone is not rootable, nor flashable to a newer version of Android, it eventually gets thrown out, as opposed to being used a longer time. Plus, blown phone == more new phone sales.

    This appears to be a very short term profit attitude here, and if this is true, this will ensure I never buy a Motorola device again and will actively tell people to go HTC or another vendor who does not put self destruct mechanisms in their devices.

  8. Re:Validate domain ownership on Spammers Moving To Disposable Domains · · Score: 1

    Correct. However, if other avenues of spammers dropping their spew is blocked, they will start focusing on trying to compromise legit machines, as opposed to just spraying and praying from IP ranges. Spammers have a lot of money behind them, so I'm sure a larger spam organization may end up spending their time compromising ISP servers just to get their stuff out.

    At least if they do focus on compromising machines, a lot of zero days floating around will be found and squashed.

  9. Re:Changing domains or changing servers? on Spammers Moving To Disposable Domains · · Score: 1

    Then a spammer will DoS a legit site by using the ISP they use for an attack. It may be useful, but can easily be used by blackhats to sully the name and reputation of a legit site, especially if the attacker does a joe job and sends E-mail from that site's normal outgoing server's SMTP server that is shared.

    And spammers will do this. I have helped small businesses who got threatened with their domain contacts being the in the fake From: headers of a spammer, who threatened to send out spam in their name unless they paid a sum via e-gold. I would bet a spammer would love access to a machine that other legit domains send from, just to sully their name as part of a extortion racket.

  10. Re:I don't understand spam folders on Spammers Moving To Disposable Domains · · Score: 1

    Rejections just allow them to keep trying E-mail addresses and/or keep trying to figure out what will jump past. However, just having a SMTP server blindly slurp all incoming mail at one end and blow it out the other may cause false positives, and maybe causing big problems with mail troubleshooting.

    One needs to do both sanity checking during the E-mail transaction and post-receipt scanning. The SMTP server needs to outright rejects obvious crap, greylist suspect stuff, and tarpit mass entries that are obviously not mailing lists. So, if an attacker is trying to guess E-mail addresses, there will be a delay of 20-30 seconds after the first 3-4 attempts. If a domain is blackholed, the connection should be immediately dropped without ever getting a chance to communicate with the SMTP server. If a domain keeps trying to connect after it gets dropped, the machine should drop a DENY acl in for 10-20 minutes to minimize CPU cycles wasted.

    Of course, once the E-mail makes it into an incoming spool, it should go at least through an antivirus pass. UNIX systems, this isn't an issue [1] other than to perhaps catch some obvious UNIX Trojans, but for Windows machines which will happily gobble down malformed code, this is a critical security step.

    [1]: I've seen plenty of Trojan horses for UNIX, but true viruses are really rare.

  11. Re:Validate domain ownership on Spammers Moving To Disposable Domains · · Score: 1

    The threat of jail isn't going to happen. A lot of spammers are in countries whose government doesn't give a rat's ass about computer crime, cannot afford to, or hates everyone else so much that they consider the spammers an income source for their nation.

    Even in countries with computer crime laws, the good spammers will not be directly connected to machines, just like a good drug dealer is never near his stash when making transactions. They will be hiring script kiddies to do grunt work for them, or they will be using cracked wireless networks (very few home wireless networks log anything at all, perhaps at most a MAC) and will be able to do their activities without any way of being caught.

    I'm sure once domain registrations become harder to get in mass quantities, we will be seeing spams from raw IP addresses, or we will see more compromised clients. Spammers have a lot of resources, so it wouldn't be far-fetched to see them trying to attack registrars, and since there are a ton out there, one will end up getting compromised and allow a lot of fake domains to appear with ease.

  12. Re:EOL? on Spammers Moving To Disposable Domains · · Score: 1

    Be careful, spammers may move into other territory. There was a sense of victory when ISPs were successful at blacklisting spammers, then they went to bouncing IP addresses to duck blackholes.

    I'd expect the next thing will be to find ways to compromise E-mail accounts en masse (hacking a server at a free E-mail provider and using accounts, or compromising a backbone SMTP server.) With the money spammers make, paying a blackhat with a 0-day would be small potatoes compared to the money rolling in.

    Another thing might be resources spent for another generation of botnets, improving the subtlety aspect and perhaps only sending a limited amount of mail at a time, through hijacked accounts.

  13. Re:glow, baby, glow! on Nuclear Power Could See a Revival · · Score: 1

    With reprocessing, what waste? To boot, the high level waste does not take up that much space compared to by-products of other fossil fuel energy generation methods.

    One ideal solution for energy needs is to have the core grid be of nuclear power plants (2-20GW), and solar/wind/geothermal handling the edges. Save the coal and oil for plastic making... well, even that we can just get a ship with a nuclear reactor and some thermal depolymerization equipment and turn the plastics in the Gyres into usable monomers again.

  14. Re:The Internet as a business on The End of Free · · Score: 1

    This has been going all along. First, the Internet was researchers, old school hackers (using the old meaning of the term), and maybe a kook or two that at least was well behaved or their sysadmin would yank their access.

    The start of the change is when NSFNet was handed over to commercial interests, and then Canter/Seigel spammed USENET and essentially got away with it.

    These days, these types of people are on the wayside. The main people on the Internet are guys who are interested in p0rn and are more than willing to download a compromised executable or 20 in order to watch some XXX stuff. This is one reason why operating systems are being designed where the user doesn't control root, mainly because most users are too stupid for such access.

    10-15 years ago, people knew what root or Administrator was, and the ramifications of running as such. Today, the average Internet monkey just doesn't care. This is why on devices, there is a battle to yank root access away from the consumer. This way Joe Sixpack who infects his computer and blames Microsoft for it doesn't go and infect his phone, then blame the maker because some app starts spamming everyone on the contact list.

  15. Re:So you pay for your data plan to get iAds on What Developers Think About Apple's iAd · · Score: 1

    Absolutely nothing. I'm sure as time goes on, apps will end up just like Cable TV, where at the beginning there were no ads. Then ads were between shows. Now it is just as bad as OTA channels, except you get the "honor" of paying a monthly fee. It is only a matter of time before iAds show up in paid apps.

  16. Re:Good Luck on What Developers Think About Apple's iAd · · Score: 1

    Maybe someone can make something that combines the functionality of AdBlock, BetterPrivacy, and DroidWall. The resulting app (likely available from Cydia) would drop a list of DENY ACLs into ipfw, as well as zero out cookies, shared objects, and other personally identifying data. Ideally maybe even block use of the GPS to apps that don't need it either don't get access to it, or get dummy values to throw off trackers.

  17. Re:iAD on What Developers Think About Apple's iAd · · Score: 1

    There is one advantage of a walled garden: It solves the dancing bunny problem. Because Joe Sixpack can't download a "media player" to watch the dancing bunnies, or a "Web extension" to watch a free pr0no video, he doesn't get his device or computer infected. And if the rooting/jailbreaking process is complicated enough that Joe Sixpack won't do it, the device is is decently protected from one major avenue of attack.

    As of now, there are three major avenues of attack to compromise machines:

    The first is a remote exploit, and this is addressed by firewalling and minimizing services available to the outside world. For a home user, they should be behind a solid firewall, so a remote exploit should be extremely difficult to accomplish.

    The second are Web browsers and add-ons. This is one of the biggest sources for infection. For this to be addressed, OS makers, Web browser add-on providers, and Web browser makers need to get together and make a solution that isolates the browser instances, but still allowing a user to bookmark and save files.

    The third are Trojan horses. No OS will protect against this. Joe Sixpack will try to get his dancing bunnies even if he has to sudo to root, pop up an Administrator command prompt, or log on as SECOFR on the AS/400 box. It sucks for us clued people who end up getting more and more locked out of devices.

    I would love to see a balance. Some hurdle against rooting/jailbreaking to keep Joe Sixpack in his walled garden and make downloading dancing bunnies not worth his time, but for competent people can just get around to use their device to the fullest.

  18. Re:This does not surprise me on The Creativity Crisis · · Score: 1

    Before the gang killings, it was the Satanists who hid out and made people disappear. Always a boogeyman touted by the press, because it sells the news and keeps the eyeballs on the TV.

    Every generation it seems remembers how lax high school was when they started and how the screws got tighter and tighter as they went through the four years.

    My anecdote: 10 minutes passing time converted to 5 because the principal thought it gave kids too much time to be vandals. Policies for teachers to lock their classroom doors and slam them at the bell so students even a second late got detention and suspension from academic activities. The removal of open campus at lunch (of course the excuse of a cafeteria was not able to handle all the students in the lunch hour so a student had to race there, pack a lunch of risk the wrath of security by sneaking away.)

    Kids don't have the ability to be kids. And when they are expected to stay in line perfectly with any deviation punished (or medicated until the child has permanent drug-induced brain damage), how the hell does one expect creativity to grow? Mazlow's pyramid 101 -- if children are always having to deal with survival by having to comply with arbitrary rules that have no real point, it is no wonder they are not going up the hierarchy to do much else than just survive.

  19. Re:Rote Teaching, No Child Left Behind on The Creativity Crisis · · Score: 1

    [rant]

    The teachers are caught between a rock and a hard place. If they don't teach to the test and actually teach useful stuff, their class's test scores will be lower, which means funding cuts, parents yanking their kids out of the school, and eventually school closure.

    The problem is that the whole school is passed or failed on one single metric. So, stuff that does not help this metric (arts, high school activities) are chucked. Except for football (American football) where a high school can still command a million dollar stadium because it brings in fans and advertisers.

    Our school system here in the US needs an enema. It isn't the teachers, it is the fact that schools have to fall in line to an arbitrary set of metrics, and if they don't do well compared to other schools who will happily give up everything for compliance, they get defunded and eventually shut down. California was once known as the best for educating people in the 1990s. Now one of the reasons I see people move to smaller Texas towns from that state is because the education is better.

    And the final kick to the teeth for Americans trying to compete in the world? Every civilized country pays for their citizens' college tuition. France, China, Germany, and even places like Chile, Brazil, and other developing nations. So, while a US citizen has to go into deep debt (or forgo school altogether for a career of "would you like fries with that?" the average Chinese or other nationality has a B. S., perhaps a M. S., and is highly trained for professional work, as opposed to the US high school graduate who likely knows very little.

    And people wonder why the US is lagging behind. It is simple. Schools are a long term investment, and politicians like Reagan cut the schools to the bone by defunding. Since schools have no quarterly ROI to a modern day businessman, they are just a necessary evil cost center at best.

    [/rant]

  20. Re:btrfs successor on NetApp Threatens Sellers of Appliances Running ZFS · · Score: 1

    A cryptographic hash is ideal, but it takes a lot of computer cycles to compute, and if a machine is writing 1k blocks to a filesystem, and keeps having to do a SHA-512 hash on a multi-gig database container, performance will hit the toilet.

    Another idea on a filesystem, but it would have to be handled by a HSM or cryptographic co-processor is automatically cryptographically signing blocks or files. Combine this with a filesystem that is WORM, and this might be a way to get inexpensive USB hard disks, and use them for medium term archiving while ensuring no data got tampered with. The closest I've seen to this concept is Nero's SecureDisk functionality.

  21. Re:Good argument for tape? on Dell Says 90% of Recorded Business Data Is Never Read · · Score: 2, Informative

    5 year cycles are close enough. In business, with laws like Sarbanes Oxley, FERPA, HIPAA, PCI-DSS, and many others, if a business puts it on tape (where the maker says the archival life is in decades), drops it off at Iron Mountain, and has a documentable chain of custody system, should an audit happen and some tapes are not readable, they are off the hook. Management can look at the auditor and say that any missing data was stored in multiple places, and if anything is lost due to tape failures/bit rot over time, shit happens. The audit ends with the company passing, and life goes on. Fifty year audits are different (anything aerospace related needs a 50 year audit trail), but tape drives are more than enough to deal with the 7 years that most regulations require.

    Things are different if the data is worth keeping, versus sticking it on a tape to languish in a bucket offsite until the 7 years are up. For data worth keeping, it needs to be stored multiple places, and checked for issues every so often. Most businesses have multiple SANs, one at the main data center, one offsite and both are synced to deal with this. It is expensive, but it ensures that data doesn't "rot".

  22. Good argument for tape? on Dell Says 90% of Recorded Business Data Is Never Read · · Score: 3, Interesting

    This is one reason I like tape: The drives are expensive, but the tapes are $30-$50 (LTO-4 is $30 on mail-order). So having an autochanger moving all the rarely used data into storage is likely the most efficient way of moving data to long term archiving. Even better is making sure that 2-3 sets of tapes are used (one onsite, one offsite.)

    Of course, hard disks by themselves may seem cheaper, but they are not a true archival medium. There are so many moving parts in a HDD and each of them (bearings, heads, spindles, motors, controller card) are a point of failure.

    With HDD capacities starting to not grow as exponentially as they did last decade, it would be nice if tape companies would not just catch up with 2-3TB native tape offerings, but be able to offer drives at a lower price so home and SOHO users can use them for long term storage. I'm sure that if someone offered a consumer level tape drive for $500 with a decent capacity, that a lot of small businesses would buy it, especially if it came with decent backup software (Retrospect, Backup Exec, Amanda, bru, or another utility that is similar.) Since some tape drives are even bootable (some HP offerings have a section of the tape to emulate a boot CD or DVD), it would be ideal for bare metal recoveries even by nontechnical users. Pop in the tape, boot the machine, type in the encryption key, select where the data should be restored to, walk off for a bit and it is done.

    Even though the SAN companies have said tape is going to die, until another form of media (perhaps super-inexpensive flash media [1]) is as reliable as tapes and can be put in the Iron Mountain case and sent offsite for safekeeping for decades on end, tape will be with us. Only optical comes close to tape for long term archiving abilities.

    [1]: I can see someone make flash media that is semi-smart where it is put in a specific case, shipped to an offsite warehouse, and that warehouse plugs in the cases into 5-12VDC. Then over time, the circuitry on the flash drives periodically checks the stored flash media for damage or bit rot, corrects errors by rewriting blocks, and good blocks it would periodically move to ensure that there is a high signal to noise level on all media. Of course, this requires power, while tapes can happily sit in a climate controlled warehouse and be still recoverable.

  23. btrfs successor on NetApp Threatens Sellers of Appliances Running ZFS · · Score: 4, Interesting

    Even though btrfs isn't in production yet, we really need a successor to it not just to replace the filesystem, but to replace the LVM layer. ZFS isn't just a filesystem, but also goes one layer lower, coordinating RAID.

    I wish I had the cash to make an open source (GPL or BSD license preferably) bounty for the following in a filesystem/LVM replacement, since ZFS isn't going to be going past Sun hardware these days:

    1: Deduplication on the block level. This would be selectable because in some cases, there would be performance issues to it... but a good filesystem would stick heavily duplicated blocks on fast media (flash or inner cylinders).

    2: 64 bit CRCs. This way, a backup program just has to pull from the filesystem stored CRCs and it would know which files have been changed or not. This also helps with integrity checking.

    3: Compression. Selectable levels would be nice, from a fast zip based to bzip2 -v9.

    4: Encryption, perhaps like EncFS where encrypted directories can be cattached at will. Even better would be more elaborate (public key, smart card) key management.

    5: Block device encryption. It would be nice to install the OS, set a flag that all further writes will be encrypted to a key, then proceed to copy data to the machine. This way, the machine can get set up and (ab)used without waiting for disks to encrypt.

    6: TRIM support. Enough said.

    7: Ability to move data so one directory might be on a three-way mirror, while the rest of the filesystem sits on a RAID-Z equivalent. This way, critical documents are protected.

    8: Advanced snapshotting functionality. It would be great to be able to restore a machine by booting from a USB flash drive or CD, having the filesystem be configured to the hard disks at hand, then copy from a stored image, regardless of architecture or setup of the previous machine's drives were. This way, a machine could be snapshotted, it be moved to a completely different configuration, then restored. A good example of a nice way to restore would be IBM's Sysback utility for AIX, where one can completely redefine where data resides before kicking off a restore.

    9: Advanced attributes, where files can be flagged where if they are unlinked, the OS does a manual TRIM or multiple overwrite, and so on.

    10: Automatic repair of damage. Starting with Windows Server 2008, Windows does a background check to look for damage in mounted NTFS filesystems. This way, something like missing free space or other issues can be flagged before it bites someone in the next bootup. For example, when a machine is idle, it will compare written 64 bit CRCs to what is on disk to ensure that they match, and flag nonmatching files as possibly corrupt.

    11: Ability to add varying amounts of ECC to a filesystem. This way, the volume can take a lot of damage, but the files are highly likely to be still readable. A good example of this is Nero's SecureDisk, where it writes invisible ECC information to burned CDs/DVDs which can be used to piece together damaged files. This way, volumes that are stored for long term archiving can sustain damage, but there is a good chance of recovering the files, or at least knowing the files were damaged.

  24. Re:U6 and Legalities on Fan-Developed Ultima VI Remake Released · · Score: 1

    U7-U10 were essentially one Kill Foozle but in parts, leading up to "neutralizing" the Guardian in U9.

    Games are in a rut these days, but with the price to get the needed studios for graphics and sounds, there is a considerable barrier for entry for indies, so I doubt we will be seeing anything other than Kill Foozle variations for the time being.

  25. Re:U6 and Legalities on Fan-Developed Ultima VI Remake Released · · Score: 1

    It is sad in general to see all the Origin IP end up as abandonware except for what remains of UO which is barely on life support.

    Origin IP is so different from the modern games which are just about how to frag someone or grief them online. What is even more ironic is the plot about Origin games -- of course, we had the Kill Foozle plotlines in U1/U2/U3. U7-U10 were one big Kill Foozle serial with a "meh" ending. However, U4-6 were unique in the respect that they were not "OMG, evil boss... kill it!" type of games.

    There has not been a popular game made in the past 10 years, RPG or FPS, that has not been a game based around gearing up to bump off an evil boss, and this is what makes the Ultima series unique. The funny thing is how the U4-6 games had very good endings without needing a big baddie to confront the players. You never see that in games made today.