Slashdot Mirror


User: mlts

mlts's activity in the archive.

Stories
0
Comments
5,534
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,534

  1. Re:The bulletproof desktop on The Desktop Security Battle May Be Lost · · Score: 1

    What about instead of a small computer, something like a PDA. It could function either directly attached to a wireless network for banking transactions, or as a direct confirmation device, such as IBM's ZTIC (http://www.zurich.ibm.com/ztic/)

    This way, people have a PDA to check money almost anywhere, as well as not just an anti-phish tool, but one that combats browser hijacking and other things.

    Of course, there is a good old fashioned app for Android/iPhone/Windows Phone 7. The app can not just work as a offline authentication device, but if text messaging rates stop being so stratospheric, encrypted SMS messages can be a good way to confirm or deny banking transactions as well.

    I'd like to see a generic offline authenticator app myself. It would work regardless of platform. One cool implementation is the OTPdroid app for Android, which supports S/Key and OPIE one time passwords.

  2. Re:ill pit my i7-920 against any AMD 6 core on AMD Undercuts Intel With Six-Core Phenom IIs · · Score: 2, Insightful

    I have found that it doesn't matter for computer life if you have Genuine Intel, or Authentic AMD.

    Want to know the stuff that actually matters?

    1: First and foremost a decent PSU. This means the difference between a well made, stable machine versus one where components die of mysterious causes every few months. I have had great luck with Corsairs and Antecs. Just make sure to get one that has significant headroom between the estimated wattage and its rated wattage. Mainly because one of the most reliable ways to feed USB devices power is through hanging them from your machine, and a couple USB PCI cards. When in doubt, find a quiet 1000 watt power supply, and call it done.

    2: A decent enclosure. Yes, people talk that cases are cases, so go with the cheapest. However, I've had enclosures last multiple motherboards. So might as well get a case that has rolled metal edges to minimize getting cut, a solid rack for hard disks, etc. Cooling is important, so it can't hurt to get a case that can support multiple fans.

    3: Cooling. What can kill a machine is not enough air blowing through it. Getting a case and decent fan setup can make a machine last a long time.

    4: Motherboard. Yes, it might be easy to go cheap on this, but this is what is controlling your CPU, and going cheap on this may mean major headaches in the future, especially if something partially works. You want to get a decent name brand motherboard, because the better ones actually have true hardware RAID on board (not hardware-assisted), which allows you to use two drives for your OS.

    5: RAM. I've seen people buy pulls and then wonder later on why they keep having subtle problems, until I fire up a RAMtest utility and find areas with problems.

    6: This is one thing that is important as everything else, but something not often checked after. A UPS. Unexpected power cut outs are horrific for equipment. Not just software with unexpected downtime, but hardware. Putting your machines on a solid UPS will easily prolong their lives a number of years.

  3. Re:Cores vs performance - VMware on AMD Undercuts Intel With Six-Core Phenom IIs · · Score: 1

    Don't forget the other advantages of VMs. Snapshots come to mind, and with a backup program that is able to deduplicate, backing up a VM server box hosting a bunch of VMs isn't a daunting task.

    I even have seen IDS systems that had both a part that ran in a VM, and a part that watched VM traffic. If either one detected significant intrusion, the VM would be snapshotted for forensic purposes, then a last known good snapshot would be reloaded. Of course, this was mainly for systems which were caching items or Web render farms, rather than ones where persistant data was critical.

    Of course the biggest advantage to a VM is the fact that the client does not need any modifications at all when the VM server gets a hardware upgrade. AMD or Intel, OS X, Linux, or Windows? If a variant of VMWare can run it, it works.

  4. Re:saves time and money! on How Do You Handle Your Keys? · · Score: 1

    Abloy locks can be argued to be one of the most secure locks of any brand, if not the most secure. Of course, there are speedpickers who can pick open an Abloy PROTEC cylinder, but so far the record is 11 hours.

    What is so ironic is that almost all bike locks use a variant of the classic Abloy disc cylinder. However, I see no brands going beyond that and using the more advanced cylinders which allow a lot more key changes, not to mention pick resistance.

  5. Re:saves time and money! on How Do You Handle Your Keys? · · Score: 3, Informative

    If you are going to a locksmith, you might consider getting deadbolt and other locks for your house that uses SFIC [1] cylinders. This way, you can not just have a rekey job in the future be insanely easy (pick up the new cylinders from the locksmith, use the old control key to slide out the old cylinder on each lock, and use the new control key to slide in the new ones), but you can also change brands of cylinders. If you want to change from Best to Medeco, or from Medeco to Schlage Primus, it can be done very quickly.

    You also will have good security, since in general, locks that use SFIC cylinders tend to be a lot better made than most consumer stuff.

    [1]: Small Format Interchangable Core.

  6. Re:News for nerds. on How Do You Handle Your Keys? · · Score: 2, Informative

    One note about the Kwikset SmartKey. I have seen people screw up the lock by not following directions exactly when changing the key (mainly by not inserting the new key fully). Well, screw it up until you disassemble the lock and put the cylinder into a reset cradle, or try your luck with a five-tonged custom tool.

    It also have another advantage -- it is a lot more difficult to pick than the usual five cylinder pin tumbler lock that Joe Sixpack has on their front door. Because it uses a sidebar mechanism, it takes actual work to pick it, as opposed to just a bump key picked up from a flea market.

    I'm curious how these locks will stand up in the long haul. Pin tumbler locks are fairly simple, and can stand all kinds of abuse and last 30+ years (although they would be so worn, that picking becomes easy). I just wonder how well these sidebar locks will do after 10+ years of daily usage.

  7. Re:It goes both ways, you know on Hot Sales In China For Wi-Fi Key-Cracking Kits · · Score: 1

    That's why you always use a proxy server. I don't advocate using other connections because it might be someone who has a clue and a transparent web proxy, and might just be working on a new device (a la Phorm) to intercept and modify traffic en route, so all the slashdot postings posted by users using that AP turn into goatse troll posts.

    Best type of proxy server, if you can afford it? I'd probably say bite the bullet, pay the $20 a month and get a linode VM. Here, install and lock down your distro of choice, and install whatever proxy software floats your boat. I personally like having PPP over SSH, PPTP, and of course, stunnel based proxy for just the Web traffic. Any of these three ways provides good security. You can even use squad, privoxy, and other tools to de-ad your Web browsing experience without having to install software on your local machines.

    Of course, this is assuming one is not doing anything illegal, because it becomes quite easy for the Powers That Be to ask who is the VM owner of an IP address found in a Torrent swarm for a just in theaters movie.

  8. Re:Are these available in the states? on Hot Sales In China For Wi-Fi Key-Cracking Kits · · Score: 4, Interesting

    On a side subject, it would be nice for a wireless AP to have the ability to use multiple (like up to 255+) WPA2-PSK keys, one individual key per machine. Yes, this encroaches on WPA-Enterprise, but this would provide the ability to lock out a compromised machine off the network just by zapping its key, as opposed to having to rekey every single box on the wireless segment.

  9. Re:Oh, good Lord. on Oracle Restricts Access To Sun Firmware Downloads · · Score: 2, Interesting

    Even though my preference is IBM or HP for servers (mainly out of old time's sake), Dell's offerings are just as good, and they support RedHat as a server OS. Dell knows where their bread is buttered, and if their products do not do well in the data center, companies will change to HP, IBM, or Cisco brands in the next hardware upgrade cycle. With modern virtualization technology, it is not difficult to change out the hardware without much production impact [1][2].

    There is a BIG quality and service level difference between stuff that goes in a server rack, and a bargain basement PC bought from a big box store. As always, you get what you pay for.

    [1]: Install the OS/VM server on the new hardware and get it up to date with patches, power off the VMs in production, swap hardware, import the VMs, power them back on. Of course, it never goes this easy in reality, but this is a LOT easier than replacing a physical machine, rebuilding the OS, apps, paths to data, and other stuff.

    [2]: As an alternative, I've seen some companies that are Mac based use XServes and VMWare Fusion to replace aging PC servers. They do this for services that can't be moved to OS X like Active Directory and Exchange. This is a completely supported way to run production systems, especially if a company has a great deal for hardware with Apple.

  10. Re:Open office on Oracle Restricts Access To Sun Firmware Downloads · · Score: 2, Insightful

    I don't think it would happen, but who knows. IBM has standardized on a variant of OOo (Lotus Symphony), so if Oracle decided to abandon it, IBM would take up the mantle of keeping the project alive. Even if IBM forced everyone to move to MS Office 2010, the users on AIX and RHEL would be left out in the cold.

    I'm expecting a bigger split between StarOffice (Sun's commercial version of OOo) and Open Office.org though. OOo might get a few token updates while SO would likely receive major makeovers. Similar to the concern about OpenSolaris versus Solaris.

  11. Re:Not a checkbox, a shortcut... on The Shortcomings of Google's Open Handset Alliance · · Score: 1

    With Windows Mobile, even before app stores on the phones themselves, there were Web based stores such as Handango which offered .cab or .exe files for download via ActiveSync. Similar with Palm apps, and those have been around for over a decade.

    Times have changed though. App stores are a must on cell phones these days, just to allow for impulse purchases that likely wouldn't happen had someone have to find the app on their home computer, download it, then perhaps register it and put in a registration key while installing it on the device.

  12. Re:Not a checkbox, a shortcut... on The Shortcomings of Google's Open Handset Alliance · · Score: 2, Interesting

    Want a way to not be a commodity vendor? Make cellphones that are of good quality and can stand the test of time. A few examples:

    A decent keyboard on a slider. Blackberry is good at this. The Cliq is pretty decent too, although it would be nice to have five rows of buttons (including the function keys) as opposed to four, so numbers can be typed in without having to hit another key.

    A standard USB port. Micro USB is good because it is rated at a ton more insertion/removal cycles than Mini USB, and the springy pieces which keep it connected are on the cord (easily replaced) as opposed to the device.

    A 3.5 mm audio jack. Most phones are moving to this, but some use the 2.5" ones.

    A decent feel to it. Take a cue from the Palm V which was made out of all metal, and even 10 years later, still is classic and doesn't look/feel cheap.

    A decent screen that can be read in both direct sunlight, as well as usable at night. AMOLEDs work.

    Put some type of encryption on memory cards. Windows Mobile 6.0 and newer have a simple, yet secure way of doing things that is transparent to the user. Other ways are to use EncFS, or (best of all) just format the whole card and use LUKS with the key stored on the main memory with a mechanism of securely backing it up somewhere so a hard wipe doesn't mean loss of the memory card's contents.

    Now for software. Want to make a phone stand out? Don't stick yet another UI onto Android. I'm sure everyone is tired of spinning cubes and so on. Instead consider one or more of the following:

    Have a custom utility that allows for backing up and fast restore of apps. Apps that are copy protected on restore would be batch downloaded from the Market. It is pretty tedious to reload a phone app by app.

    Have the phone able to use the machine it is connected to for Internet access. ActiveSync allows this, and generally this is faster than just using 3G.

    Don't play games with root access. If people want to root their devices, let them. This is one reason that HTC is doing better than Motorola. HTC puts out the code they use, Motorola seems not to, so guess which vendor gets unofficial Android 2.1 and Android 2.2 releases first? Perhaps consider enabling fastboot on all Android devices, because people eventually will find a way to root the device, so might as well save them the effort and have phones have a vibrant modding community, which gets more people to buy those models. Best of all worlds would be to have a few models of phone which are meant for modders, similar to Google's ADP1 and ADP2. These would have fastboot ability for quick flashing of new stuff, and so on.

    Finally, for phones intended for business, honor some Exchange policy features. Like I stated above, have some form of memory card encryption (LUKS is ideal, as it protects the whole card), and not just support remote wipe, but other policies such as remotely wiping if not on the network after x amount of time, wiping if an unauthorized SIM card is inserted, wiping after too many attempts at the PIN, and so on.

  13. Re:rofl on Win7 Can Delete All System Restore Points On Reboot · · Score: 1

    Two semantics for a restore point:

    1: A snapshot of the OS.

    2: Snapshots of the OS filesystem.

    #1 I've found is iffish. Sometimes a restore of the OS to an earlier PIT works, other times it doesn't. I don't depend on it, and if "last known good" configuration doesn't work after a driver causes issues, I just restore the machine from an earlier time, then copy any newer document files.

    #2 is of good benefit. I've had a number of times where I've been able to recover corrupt or deleted files using the Previous Versions functionality.

    To be honest, do NOT consider restore points as something to use in place of backups. At the very minimum, get a copy of Retrospect (or a decent backup program), a decent external hard disk (or disks) that are bigger than the data stored on the machine, and configure daily backups. This way, if something does happen and a restore point fails, recovery of everything is still possible without having to format and reinstall.

  14. Re:To be fair: on Win7 Can Delete All System Restore Points On Reboot · · Score: 1

    Windows Backup on Windows Server 2008 and Windows Server 2008 R2 is decent. It allows for decent full and incremental backups, with restores being easy to do on a file, directory, or even whole system basis.

    The restore utility in Windows 7 and Windows Vista is a lot more rudimentary. On Vista Business, Windows 7 Professional, and higher, it allows one to make a restore image (in .WIM format), then will save files made after that incrementally. On the lower editions, it will only save files off, with no image capability.

    Because of this varying of how machines are backed up, I highly recommend people use a decent third party backup utility (Acronis TrueImage or EMC Retrospect come to mind) with Windows. This way, it doesn't matter what version of Windows someone is using, backups will get done and done right, and a complete bare metal restore is just a boot CD away.

  15. Position of the HVAC system? on Hot Aisle Or Cold Aisle For Containment? · · Score: 1

    One critical thing is where are the HVAC return ducts and where the air vents are. Does the datacenter use raised flooring, or does the place have discrete ducts for its ventilation. I've seen data centers have 12-24" of clearance used as plenum space. Others may have 2-4 inches because the space is used just for wiring and not HVAC use.

    This needs to be factored in to separate the aisles, elsewise spending time for meat locker curtains and endcaps like Google has done may bring few to no returns.

  16. Re:Not bad on Symantec To Acquire PGP and GuardianEdge · · Score: 3, Insightful

    If I want top notch security and not trusting some firm (possibly a CA that is offshore and is hostile to anything the country I reside in anyway), I will be using a PGP/gpg web of trust. I will either get a copy of the public key of someone face to face printed physically with a fingerprint (and will download and verify the public key and has from a keyserver), or I will agree on a passphrase that is used only once, and that is to send and receive a copy of the public key.

    I also don't like keeping my public key that would be needed for S/MIME on an online machine. My secure private key resides on a machine that isn't Internet connected, it will reside on a smart card, or it will be on a smart card and used on an offline machine, so an attack would have to be done on a physical/local level in order to compromise my private key material. I do use S/MIME and a client key, but that is mainly a stopgap, better than nothing measure, compared to actual end to end manual encryption of data with gpg or PGP.

    PGP WOTs were in use a lot in the early to mid 1990s by cypherpunks, but for the most part, convenience won over security and it is extremely rare for someone to use a public key of someone to send mail. A good WOT is far better than a CA. I have more trust in a public key claimed to be someone that is 3-4 links out from me on my PGP/gpg keyring than I do a key that is signed by a CA and told "hey, trust us." Of course, creating a WOT is a lot harder than just letting a CA do the work, but like Phil Zimmermann said, it is better to pack your own parachute when security is critical.

    Another use for PGP over S/MIME is signing of files. A signed E-mail is difficult to forward and keep the integrity intact. However, if I have a file and a PGP/gpg signature of it (or just a PGP signed file), I can forward it, archive the two files, back them up to whatever backup media, and all it takes is a validation in the future to ensure that the file and the signature were not tampered with, assuming I have the public key in my keyring, and that hasn't been tampered with. Of course, I can use facilities like the file signing capabilities built into Acrobat, Word, or other software, but again, I have to use a third party CA, or pay for a special signing key, as opposed to a secure WOT. Plus, some files (archives and such) can't be signed internally, so having a separate .sig file is needed.

    S/MIME is decent, built into most dedicated E-mail clients, and is better than nothing. However, if you want reliable E-mail security, you are best off using a PGP/gpg WOT.

  17. Re:Copyright laws. on Anyone Can Play Big Brother With BitTorrent · · Score: 1

    This is something I agree with. Back in the early 1990s when hard disks were about 40-100 megs on average, while CD-ROMs had a lot more space, not many people bothered pirating, just because the space wasn't there.

    However, with each generation of DRM system, it becomes more and more intrusive, and the true people who benefit are the pirates. The pirates don't have to worry about keeping a constant Internet connection, low level drivers, activation servers which may get turned off, or worry that when CD-ROM drives become obsolete like 3.5" floppies, that their games will stop running.

    Maybe one idea to have is a progressive DRM system which lessens over time. For example, on release day, a game would use activation and a CD key. Next fiscal quarter when results on sales numbers are irrelevant, the activation is patched out, and the activation servers are freed up. When the game is about to be dropped from support, the CD key is patched out with the last patch for the game. By the time the game is obsolete, cracks will abound anyway, so might as well have a game company at least have their work be de-marketed with some grace with the final patch to the game.

  18. Re:This can be good... or bad on Microsoft Signs Android Patent Deal With HTC · · Score: 3, Insightful

    That may be, and it is understandable to be wary. However, I wonder if Microsoft is doing a different strategy, more along the lines of "the enemy of my enemy is my friend".

    If one looks at things objectively, in a corporate environment as of now, Android is not a threat to Windows Mobile. It does not have true memory card encryption which is required in a lot of enterprises. Nor can it really be bound to Exchange where it supports profiles like disabling cameras, limiting what software is installed (on Windows Mobile, companies can have their own signing key to only let apps that are vetted in house run,) and other items which might be used for regulatory compliance.

    I'm also sure that Microsoft knows that if HTC is crushed by Apple, then more people will end up on the iPhone. It is the lesser of two evils. Android which is limping along slowly but surely and suffering from fragmentation, versus the iPhone which has the ability to cause a lot of lock-in. It is easier to move a customer from Android to Windows Phone 7 than it is from the iPhone platform. So, by siding with the lesser of two evils, MS is preventing Apple from getting an overwhelming death grip on the market.

  19. Re:Geez! I tell ya... on ISP Is Bypassing Firefox's Location Bar Search · · Score: 1

    This is only the first ISP out of the gate who wants to do this. With net neutrality on the ropes, I'm sure people at a rogue ISP have considered most of the following:

    Redirect traffic to sites to the highest bidder. If search engine A wants traffic redirected from google.com, they have to bid more than search engine B.

    Use throttling to discourage traffic. If Google's pages start taking 30 seconds to load up, eventually people will use another search provider. Since this can be done via ports, a traceroute or ping will not detect these shenanigans. Of course, the destination site gets blamed.

    Use passive interception to build not just a profile on people's Web surfing, but with smart utilities, intercept E-mails to make a non-anonymous profile to sell to the highest bidder. One doesn't need to have full access to an E-mail server to read stuff that swings through port 25, or gets read via the Web, POP, or IMAP.

    Inject ads via a Phorm like mechanism. If the ISP wants to be mean, they can "accidently" inject ads that are handed to them by shady clients who are known to do malformed code and exploits in browsers and add-ons. Then the target site would be blamed for these.

    Replace a website's ads with their own. In the early to middle part of the last decade, there was spyware that did exactly this. This would give a rogue ISP big pay per click bonuses on the expense of the website's advertisers.

    Intercept registration/login info (usernames and passwords) that are sent via plain text. This can then be sold to someone who can then use the username/passwords to log in to a website or E-mail account.

    Replace people's Web postings in flight. Someone posts a complaint about a business, the POST gets intercepted and it becomes praise for the product... or even worse, the content changed into libelous posts which cause the poster to be sued, and there is no way to detect this, much less prove innocence.

    Replace people's reviews on products. Someone hits a local BBB website to give a thumbs down on a company due to bad service. If the mentioned company has a deal with the ISP for the presto-chango service, the thumbs down becomes a thumbs up.

    Send bogus E-mails out with the correct headers. This can get sites to be blackholed, with no way to prove otherwise if some form of cryptographic signature capability isn't used. A bit on a wire is a bit on a wire.

    What can websites do about this? The ideal answer would be have everything go to the end user via SSL and the problem is solved. However, SSL takes CPU power in its setup and takedown. Second would be a way of sending signed Web pages from the servers that the browser can check for tampering. Since the signature is sent with the page (and validated by a CA against the domain names used), it wouldn't add to the CPU usage of machines (other than the first signing of Web pages when they are present), and it would only add a number of lines of text, like a PGP/gpg cleartext signature. Of course, webpages with dynamic content might end up with a performance hit signing the page, but this would be nowhere near as bad as a full SSL setup/takedown. This way, a Web browser can detect if a Web page has been altered in flight and warn the user. One can also sign various iframes, so it could display which part of the page is bogus as well.

    What can users do about this? Probably just as the parent poster said -- a coloced box with VPN software. One can use the coloc box for a full VPN, or use it with a program like stunnel so only the Web browser traffic gets redirected via a SSL link.

    Colocing a box whose purpose is to be a VPN gateway might soon be the only way to have an Internet free of foul play pretty soon.

  20. Re:Impending doom... right on schedule on Fake Antivirus Peddlers Outpacing Real AV Firms · · Score: 1

    As a company gets bigger, it becomes harder and harder to ensure that people are educated and don't run crapware. The only real alternative is to lock things down and pull admin rights for most users. This way, should something stupid happen, it would require another security vulnerability to escalate to root/administrator, rather than just handing the keys to the city to any malware that infects a user. Plus, it is easier for A/V software to clean up an infected user profile than a rootkitted machine.

    In some cases, it might be even effective to use software like DeepFreeze on machines which are used often (call center PCs used for shifts, PCs used in educational settings, hotel PCs for business travelers, etc.) This way, if a user does install something malicious, a reboot (which can be also scheduled or forced between shifts) will take care of the damage, unless the malware is sophisticated enough to nail the low level driver and disable it.

  21. Re:The problem with HTC in reality is on Review of HTC Desire As Alternative To iPhone · · Score: 1

    It isn't just HTC who is putting more and more roadblocks in getting root and flashing a phone. Other makers have pushed out OTA updates to radio ROMs which have bricked phones until they were reflashed with new firmware that root holes patched.

    There are ten reasons that it is becoming harder and harder to root Android devices:

    1: Android is getting established and becoming a mature cellphone platform. This means that devices don't need to be as root-friendly. Early on, carriers who hold the whip hand over handset makers wanted people to start using Android first of all. Now that Android has 50k apps in the app store, carriers are now not interested in attracting the geeks as they used to be.

    2: App writers want Android's DRM to be working and to be effective with regards to piracy. Google's DRM is simple, but very effective if someone can't root their phones. No root, no piracy is what some bean counters are thinking.

    3: Carriers want to only add the features they want without people bypassing it. Historically, there have been carriers who have had customized firmwares that disabled features of phones so they could make more money. I'm sure some want to continue this trend.

    4: Handset providers want people to buy new phones. If people are stuck at Android 1.5 and their cool apps are 2.1 only, it is assumed that they will bite the bullet and buy a new phone. Similar if a phone has something like an FM radio, but it isn't enabled in the current firmware. Custom ROM makers mean that people customize their existing phones, and not chuck them for the latest gadget.

    5: The "evil" tethering. Cellular carriers hate this because they can't make money from someone having another phone line just for their laptop's Internet access. Two gadgets + the monthly bill mean more cash for phone makers and carriers.

    6: Control. Some cellular carriers want eventually to have their own "blessed" Android app store where people might be forced to pay for apps that normally are free, or perhaps charge a download fee per app. Or charge the app maker a fee to have the app in the store. I'm sure there is a bean counter somewhere that is slavering over charging 99 cents per free app on a locked down store.

    7: Carriers don't want to upgrade their infrastructure. So locking people out of root and playing shell games on the phone means that this can be delayed a bit.

    8: I'm going into tinfoil hat territory on this one but, control of the phone itself. I'm sure in an extreme case, a custom OTA update aimed just at a person of interest can be done to push a custom ROM for eavesdropping. It could turn on the phone's mic or camera and stream the images to someone's intel department (and I'm not meaning law enforcement -- it could be anyone who has control of where the phone gets its OTA updates from, so it may even be corporate espionage). If someone uses a custom ROM which only gets OTA updates when manually installed, this method of spying can't be done.

    9: Branding. I'm sure some carriers or phone makers don't want people running stock Android. Instead, they want their own UI on the device, and want to take steps to prevent people from dumping it and using the default.

    10: Apps that can't be uninstalled. I'm sure eventually there will be deals made that some website will pay a carrier to have their app present on phones, and have it so it cannot be uninstalled. This makes great ad revenue for the website, great revenue for the carrier, and adds more ad crap for the end user.

    So, the moral of this: People who like fully rooting their phone may end up having to wait a bit either to see how root-friendly a model is, just wait for Google's offerings (ADP 1, ADP 2, N1) because they can be rooted and customized any way one sees fit without having to worry about tricks to keep partitions read-only, encrypted fastboot loaders, or other root-hostile tactics.

    I personally am going to have as one of the top 3 influences of what my next Android phone purchase being what devices are rootable and customizable.

  22. Re:It's great on Review of HTC Desire As Alternative To iPhone · · Score: 1

    That is the one thing about Android phones. I highly recommend a third party task killer (I use Advanced Task Manager, the paid version), because there are apps which do consume resources in the background.

    Easy way to tell this. Pop a shell, do a ps, or a top. Some third party app processes remain running and actually use a decent chunk of CPU and memory when they are not doing anything. So, a third party task killer that pops them after a period of nonuse does come into handy to save not just RAM, but battery life. You would be surprised of which apps do nothing, versus which ones do a surprising amount of CPU chewing when in the background.

    So, a set of background apps which may not add much to CPU for one person may end up munching the battery life for another.

  23. Re:"the end" "continues"? on The End of the 3.5-inch Floppy Continues · · Score: 1

    All motherboards I've used in the past decade support bootable CDs in the El Torito format, where the CD boots a floppy image, then goes from there. Newer motherboards can boot from a USB flash drive. These days, there just isn't the need for a 3.5" drive at all. Other technologies, primarily the USB flash drive have completely superseded it.

    It is funny, how long the 3.5" floppy format has lasted. Iomega's ZIP drive got wide use, but it didn't kill the floppy drive. SyQuest removable hard disks were common, but didn't. 300 megabyte MO drives that originally shipped instead of hard disks with the NeXT didn't replace it. The only technology that finally completely superseded the 3.5" drive on college campuses is the USB flash drive because it has no moving parts, better reliability in general, a small physical form factor, the fact that virtually every single PC has a USB port, and that virtually all PC operating systems are able to deal with them.

    The last time I used a 3.5" drive on one of my own machines was to get a Windows XP machine its RAID drivers during the OS install, and since Windows Vista, even that isn't needed because Vista will happily slurp the drivers from a USB flash drive.

    Ironically the last time I used a 3.5" drive was yesterday because a friend had a client who still sends documents out on them, even though a USB flash drive is likely cheaper and far more reliable.

  24. Re:virus scanners are the devil on McAfee Kills SVCHost.exe, Sets Off Reboot Loops For Win XP, Win 2000 · · Score: 1

    One suggestion I have is to consider using VMs for Web browsing if your machine is fast enough. VMWare Workstation allows for "seamless" program running, which makes it easy to just keep the Web browser running, and with an add on like BetterPrivacy which periodically wipes the Flash object cache, this should keep the damage a rogue process can do to a minimum. A rogue process would have to get past the Web browser, find a way to get admin rights, and then get out of the VM.

    Caveat: Sometimes a rogue process only needs to get user access in a VM if the VM's network is not configured securely. It could scan and get a network topology (IP addresses, router placement) and send that back up, which can be used for a more targeted attack. So, if using a VM for Web browsing, set it to NAT mode where the VM host controls the IP addresses, so the VM doesn't see anything but the host for the gateway.

  25. Re:For a program so hard to turn off on McAfee Kills SVCHost.exe, Sets Off Reboot Loops For Win XP, Win 2000 · · Score: 1

    In this instance, the test would work perfectly. Only when the scan fired off would people get stung by this issue. So unless one ran a scan on the test PC before a full deployment, it would get past.