How about that Solyndra contract? It would probably be more relevant, should you really want to fight corruption, because the dickheads who pocketed the money for that one are still in office. Not saying the previous administration wasn't corrupt, but how about fighting in the present instead of the past?
Woah woah woah...
Who pocketed money in office for Solyndra? The best I can find is that former Solyndra execs donated to Obama's campaign (which although it might be in poor taste, is legal. Personal funds would be exempt for a Solyndra bankruptcy.) That's a far cry from someone personally pocketing money.
You can, however, use sudo, to run one command at a time.
Errr, I use sudo -s all the time to run as many commands as I want as root. I usually use it only because I don't want to actually have to enable a root user on my machine.
You missed the point--he's saying that root access might one day no longer be necessary, not that it'll become impossible to root an Android device.
Well, it sounds like he's saying a bit of both...
"Prompted by the addition of new security features in Android 4.3 that limit the effectiveness of elevated privileges..."
Obviously it doesn't sound like root is dead right now, but it does seem Google is taking measures that could lead one to think they might lock it down more completely in the future.
*We* like stuff that lets us do things we want. If you don't understand the difference, that just reinforces my point.
I'm just trying to imagine buying one of these for my parents.
"Ok mom. Now you need to set a music streaming server. Do you know how to do that? No? Well you've really disappointed a bunch of people on Slashdot."
Of course none of this matters if you accept Google's lock in and put all your music into their cloud, but that's a whole nother can of worms... (Which is something my AppleTV does NOT require me to do.)
Roku units are god-awful for playback of local content. They're only half a solution to the Smart TV problem.
As far as I can tell, so is the Chromecast.
Sure, I could drag a movie into a Chrome window to get it to work, but if I wanted to do something a bit more average like play a local album, and start a tv series stored on my computer WITHOUT having to get up and go to my computer, well... good luck with that.
My 5 year old controls the Roku with her Android tablet. I think you are seriously underestimating people here.
Which is fair, but not the entirety of my point. The device may be $35, but it also requires that Roku tablet. Other devices, like an AppleTV, do not require any other device at all. It's kind of ironic, considering all the fuss Google made about Chromecast not requiring Android.
So yes, your 5 year old may be able to control a Roku with a tablet, but your 5 year old needed the tablet. I also don't buy that if your 5 year old could control a tablet, everybody can (let's give a little credit to your 5 year old here.)
That means that if you want a 1080p Netflix box for your TV, this thing costs you $11... that's one heck of a lot cheaper than an AppleTV or Roku.
Except it's not standalone. It doesn't even have a remote. That may not be an issue for everyone, but it is ONLY controllable by computer or smartphone. That could be a significant barrier for a more lay user.
Yeah, the problem is that if you sell them at $75, you've now set the price expectation for all Surfaces going forward. What could Microsoft possibly do to justify selling a Surface 2 at $199? And that is taking a huge loss on any kind of decent tablet. The estimates for Apple's bill of materials on a $499 iPad is about $300 (remember, that doesn't include R&D and other costs) and they have the best supply chain in the world. Microsoft can't go below their current $349 if they ever plan on being successful in this market and even that is setting them up for failure.
Which is exactly the problem. The only way this would work is if you produced MORE Surfaces and priced them also at $75. That's way out of fire sale territory.
If it ever got to that point, the far better option would just be to fold the tablet division and look to other places for profit.
I don't think you get it. If they have the stock on hand and write it off, that means they're earning $ 0 on each unit. If they sell one for $75, they're making $ 75 on it.
Right now they don't have the option of selling them for $ 499, so they have a warehouse full of objects that cost them money. They need to figure out what price point will sell, and what kind of strategy is best for future growth of Windows RT.
Sure, but that doesn't make it a viable long term strategy. Even if they sold every one they already have in stock (estimated at 4 million units), it wouldn't make a dent in the tablet market.
I know what a fire sale is, but a fire sale isn't going to capture the market like OP is suggesting.
SecureBoot is no big deal, at least I haven't had too many problems with it. I'm running Linux right now on a 13" Pro Retina, and UEFI wasn't too much of an issue.
Apple laptops don't use secure boot. EFI does not imply secure boot.
"Imagine Microsoft pricing the Surface at a mere pittance, say $50 or $75 — even in this era of cheaper tablets, the devices would fly off the shelves so fast, the sales rate would make the iPad look like the Zune."
What?
Microsoft would be put in a very strange position of NOT wanting to sell Surfaces. The more they sell, the more money they lose.
Maybe the OP thinks that this will help them build up market share. I think that by the time Microsoft built up enough marketshare they'd be bankrupt, but on top of that, are consumers going to stick around when the prices are raised again? They're not stupid. Once the prices reset to something more realistic they'll go look at other platforms again.
That means that the unencrypted password is in memory on the server, just as the GP stated.
But relating that back to a user id is another can of worms. And that's assuming that the hacker even had access to memory, or the passwords are even still in RAM. A server isn't going to want to keep that in memory for performance reasons alone.
We might be making judgements on IT skills in this thread, but the amount of CS skills are lacking.
While not storing cleartext, they do store your WiFi passwords in a reversible encryption. If using WPA I think they should just store the ssid:phrase hash instead of keeping the phrase. WEP can't be helped... Anyhow, Apple stores all passwords in their keychain and this is easily snooped. Jailbroken iOS devices can get "WiFiPass" to reveal all the AP & passwords its ever connected to. It's handy when I pass my device to an AP owner to "privately" enter their password but I want to associate more devices, I just load that program and see what it was and do it myself.
The keychain file on iOS is usually encrypted based on device's hardware encryption. So in this example, yes, if you have a physical device, and you've jailbroken thus disabling the permissions for keychains (normally keychains can only be accessed by the app that created them), you've got an issue.
But for the original example of backups... The keychain file is backed up on the server, but the server can't decrypt because the key is stored in the actual chipset of your device. This is why if you restore a backup onto a different device all your passwords are gone.
Alerting an entire city and "fear mongering" is apparently only a recent event.
Not that I don't disagree this text was probably overkill, but "fear mongering" might be the wrong phrase to describe a text trying to locate an actually missing girl.
This may actually show how HEALTHY the Linux kernel developers community is. Where else can a junior person tell the CEO he's being an asshole in front of the whole company? You'd be fired.
Yeah, but let's put that in an analogy... "So, Mr. CEO, it seems like this company has a huge sexual harassment problem..." "Yeah, but look how we're talking about it openly! In most companies you'd be fired for bringing a complaint to the CEO! Look how healthy this company is!"
android emerged after iOS and is gc'd.. though of course GTA III for it isn't garbage collected.
but, having wrote garbage collected mobile code with jar size limit of 64kbytes and heap of ~300kbytes(java isn't inherently memory hungry!)... stop bitching - or better yet start bitching about the ui libs and how they just trash memory because they suck. pretty much all the trashed memory is just getting trashed due to graphics.
And, to be perfectly honest, performance of non-native code and the memory handling both suck under Android.
I think Google's choice of Java for Android was one of their poorest choices. Maybe it's because I worked on iOS first, but Obj-C is an open source language and would have been perfect. But I would have settled for C++, and that says a lot. Yeah, Android offers native code, but none of the UI frameworks work with it, forcing this awkwardness.
Re:iTunes protocol as DRM
on
How DRM Won
·
· Score: 1
At that point, when people refuse to take your money, you don't need to split hairs and argue about whether or not its strictly DRM. They've already gone to a lot of trouble to refuse the revenue, so leave it at that, and just go download the pirate copy which is encoded with the codec that you're allowed to decode. Then everyone wins.
So why can't it be that way about DRM? How is it that a codec not being available for Linux means a shrug and moving on to Bittorrent, while DRM suddenly equates to some societal evil?
Earlier in this thread I mentioned VHS and a response was that VHS wasn't DRM'd. After thinking about it, I don't think that's true. A VHS tape is a device where having physical access to the tape is the decryption key. While there are a few possible holes in practice, a video store can in theory ensure that only one person has access to the content because that person has the tape, and that when the person has no more access to the tape they have no more access to the content. (If we want to get real picky, yes, they could copy the tape, but I could also copy screen output off my display.)
Again, I have to ask what all this fuss is about rented, expiring content when we've been doing this as a society since the 80s. If you didn't have a VHS compatible player, you couldn't play a VHS tape. And if you rented the tape, eventually your content would go away.
It's impossible for any media to play on any platform. Even if something were supplied with no decryption key necessary, I can still point to some box it doesn't play on. And rented media requires some key to ensure it can't be played when it's not supposed to be.
Which goes back to my original point. With rented media I'd expect DRM, it's the only way that system can work. With non-rented media, I rarely run into DRM'd content, and I very rarely run into content I can't download. With rented media, I don't understand the expectation that it should be downloaded locally and not copy protected.
Re:Seems like an over generalization...
on
How DRM Won
·
· Score: 1
Because those carts and tapes could not be made compatible.
Linux has many software players that could handle it. The software could be made in minutes quite likely. This is not a hardware limitation.
That's not a great distinction. In theory, I could put an emulator on my Genesis to play SNES games. So there isn't a hardware limitation there either.
I think the weakest part about this line of reasoning as that at that point it makes codecs DRM. If H.266 shipped tomorrow with Mac and Windows players, would you define H.266 movies as DRM encumbered?
Re:Seems like an over generalization...
on
How DRM Won
·
· Score: 1
Those were not limitations of DRM.
Comparing them makes no sense.
How so? Linux (in theory) lacks the right player software, much like how my console didn't have the right components for playback.
Re:Seems like an over generalization...
on
How DRM Won
·
· Score: 1
Many are upset because generally those services only work on OSX and Windows. I don't remember rental stores have DRM that failed to work on other operating systems, what sort of thing were you renting?
I remember rental stores renting Super Nintendo games that didn't work on my Genesis, or DVDs that didn't work on my VHS. I never felt the need to start an online crusade about it.
Seems like an over generalization...
on
How DRM Won
·
· Score: 4, Insightful
I use iTunes Match which means all my files are stored in the cloud. But, before the cries of "evil lock in!", iTunes lets me download all my cloud files at any time DRM free, so I can listen to them offline or even archive them.
Am I upset I can't download rented media DRM free? No. Why would I be upset about that? It's the same deal I had with movie rental stores. If I buy it to own, I definitely want a download. But I haven't run into many services at all where I purchase something and I can't download it.
Ahh the joys of self-financing government departments. "We believe those assets were used in connection with a crime". Suddenly, they don't have to prove anything, they just have to seize it and it's theirs. Nice and convenient. Can they even prove where the bitcoins came from?
As someone who's dealt with seized assets before (not for myself, for another employee in a previous job), "seizing" does not mean it's "theirs", unless you've been watching too many crime dramas on TV.
The seized assets have to be proven to be used in a crime as part of a conviction, otherwise they are returned. In our case, the seized assets were returned to us after the trial. The only catch was we archived everything that was seized in case additional evidence was needed later.
Only in Hollywood does the government seize assets forever in some Indiana Jones-esk warehouse and never return them.
First, the postal service is a distinct entity, just like any other corporation. There is no reason why any information they have should be available to other parts of "the government" without a court order.
In 1967 the Supreme Court ruled that mail covers are not private information. I'd be very surprised if Fedex or UPS required a court order either. USPS is following the law here.
If you don't like that ruling, that's a different topic. But legally, for literally decades, mail covers have not been private info.
Second, to do their job, they need to "know" all these things only for a short amount of time; there is no need to retain the data beyond a few weeks past delivery, if that. The data should be deleted by then.
And those principles should apply equally to public and private delivery services.
No need to retain data a few weeks beyond delivery?
What if a month later I decide to go back and sue the USPS for a damaged or lost package? If they don't know what packages are being sent form or going where, how do they decide which post offices to close and which to open? If they don't know at what times different packages are being sent, how do they know when to staff up or what to staff down?
Every business you interact with is keeping this sort of information to just maintain their basic competence. Again, making the USPS operate with both arms tied behind it's back will just make it more incompetent and more bloated. Imagine if I asked you to run a business, but you couldn't know who you were selling to, where you were making sales, or when those sales were.
Slashdot Mirror
How about that Solyndra contract? It would probably be more relevant, should you really want to fight corruption, because the dickheads who pocketed the money for that one are still in office. Not saying the previous administration wasn't corrupt, but how about fighting in the present instead of the past?
Woah woah woah...
Who pocketed money in office for Solyndra? The best I can find is that former Solyndra execs donated to Obama's campaign (which although it might be in poor taste, is legal. Personal funds would be exempt for a Solyndra bankruptcy.) That's a far cry from someone personally pocketing money.
Needs citation.
You can, however, use sudo, to run one command at a time.
Errr, I use sudo -s all the time to run as many commands as I want as root. I usually use it only because I don't want to actually have to enable a root user on my machine.
You missed the point--he's saying that root access might one day no longer be necessary, not that it'll become impossible to root an Android device.
Well, it sounds like he's saying a bit of both...
"Prompted by the addition of new security features in Android 4.3 that limit the effectiveness of elevated privileges..."
Obviously it doesn't sound like root is dead right now, but it does seem Google is taking measures that could lead one to think they might lock it down more completely in the future.
*We* like stuff that lets us do things we want. If you don't understand the difference, that just reinforces my point.
I'm just trying to imagine buying one of these for my parents.
"Ok mom. Now you need to set a music streaming server. Do you know how to do that? No? Well you've really disappointed a bunch of people on Slashdot."
Of course none of this matters if you accept Google's lock in and put all your music into their cloud, but that's a whole nother can of worms... (Which is something my AppleTV does NOT require me to do.)
Do you not know how to set up a webserver to stream your library from your local share?
Is there a reason I should have to do this?
Roku units are god-awful for playback of local content. They're only half a solution to the Smart TV problem.
As far as I can tell, so is the Chromecast.
Sure, I could drag a movie into a Chrome window to get it to work, but if I wanted to do something a bit more average like play a local album, and start a tv series stored on my computer WITHOUT having to get up and go to my computer, well... good luck with that.
We are quickly coming to a time where people who cant figure this stuff out are going to be left behind. The time for coddling is over.
Whelp, I was going to write a reply, but I think this about says enough.
My 5 year old controls the Roku with her Android tablet. I think you are seriously underestimating people here.
Which is fair, but not the entirety of my point. The device may be $35, but it also requires that Roku tablet. Other devices, like an AppleTV, do not require any other device at all. It's kind of ironic, considering all the fuss Google made about Chromecast not requiring Android.
So yes, your 5 year old may be able to control a Roku with a tablet, but your 5 year old needed the tablet. I also don't buy that if your 5 year old could control a tablet, everybody can (let's give a little credit to your 5 year old here.)
That means that if you want a 1080p Netflix box for your TV, this thing costs you $11... that's one heck of a lot cheaper than an AppleTV or Roku.
Except it's not standalone. It doesn't even have a remote. That may not be an issue for everyone, but it is ONLY controllable by computer or smartphone. That could be a significant barrier for a more lay user.
Yeah, the problem is that if you sell them at $75, you've now set the price expectation for all Surfaces going forward. What could Microsoft possibly do to justify selling a Surface 2 at $199? And that is taking a huge loss on any kind of decent tablet. The estimates for Apple's bill of materials on a $499 iPad is about $300 (remember, that doesn't include R&D and other costs) and they have the best supply chain in the world. Microsoft can't go below their current $349 if they ever plan on being successful in this market and even that is setting them up for failure.
Which is exactly the problem. The only way this would work is if you produced MORE Surfaces and priced them also at $75. That's way out of fire sale territory.
If it ever got to that point, the far better option would just be to fold the tablet division and look to other places for profit.
I don't think you get it. If they have the stock on hand and write it off, that means they're earning $ 0 on each unit. If they sell one for $75, they're making $ 75 on it.
Right now they don't have the option of selling them for $ 499, so they have a warehouse full of objects that cost them money. They need to figure out what price point will sell, and what kind of strategy is best for future growth of Windows RT.
Sure, but that doesn't make it a viable long term strategy. Even if they sold every one they already have in stock (estimated at 4 million units), it wouldn't make a dent in the tablet market.
I know what a fire sale is, but a fire sale isn't going to capture the market like OP is suggesting.
SecureBoot is no big deal, at least I haven't had too many problems with it. I'm running Linux right now on a 13" Pro Retina, and UEFI wasn't too much of an issue.
Apple laptops don't use secure boot. EFI does not imply secure boot.
"Imagine Microsoft pricing the Surface at a mere pittance, say $50 or $75 — even in this era of cheaper tablets, the devices would fly off the shelves so fast, the sales rate would make the iPad look like the Zune."
What?
Microsoft would be put in a very strange position of NOT wanting to sell Surfaces. The more they sell, the more money they lose.
Maybe the OP thinks that this will help them build up market share. I think that by the time Microsoft built up enough marketshare they'd be bankrupt, but on top of that, are consumers going to stick around when the prices are raised again? They're not stupid. Once the prices reset to something more realistic they'll go look at other platforms again.
Is this a joke?
That means that the unencrypted password is in memory on the server, just as the GP stated.
But relating that back to a user id is another can of worms. And that's assuming that the hacker even had access to memory, or the passwords are even still in RAM. A server isn't going to want to keep that in memory for performance reasons alone.
We might be making judgements on IT skills in this thread, but the amount of CS skills are lacking.
While not storing cleartext, they do store your WiFi passwords in a reversible encryption. If using WPA I think they should just store the ssid:phrase hash instead of keeping the phrase. WEP can't be helped...
Anyhow, Apple stores all passwords in their keychain and this is easily snooped. Jailbroken iOS devices can get "WiFiPass" to reveal all the AP & passwords its ever connected to. It's handy when I pass my device to an AP owner to "privately" enter their password but I want to associate more devices, I just load that program and see what it was and do it myself.
The keychain file on iOS is usually encrypted based on device's hardware encryption. So in this example, yes, if you have a physical device, and you've jailbroken thus disabling the permissions for keychains (normally keychains can only be accessed by the app that created them), you've got an issue.
But for the original example of backups... The keychain file is backed up on the server, but the server can't decrypt because the key is stored in the actual chipset of your device. This is why if you restore a backup onto a different device all your passwords are gone.
Alerting an entire city and "fear mongering" is apparently only a recent event.
Not that I don't disagree this text was probably overkill, but "fear mongering" might be the wrong phrase to describe a text trying to locate an actually missing girl.
This may actually show how HEALTHY the Linux kernel developers community is. Where else can a junior person tell the CEO he's being an asshole in front of the whole company? You'd be fired.
Yeah, but let's put that in an analogy...
"So, Mr. CEO, it seems like this company has a huge sexual harassment problem..."
"Yeah, but look how we're talking about it openly! In most companies you'd be fired for bringing a complaint to the CEO! Look how healthy this company is!"
android emerged after iOS and is gc'd.. though of course GTA III for it isn't garbage collected.
but, having wrote garbage collected mobile code with jar size limit of 64kbytes and heap of ~300kbytes(java isn't inherently memory hungry!)... stop bitching - or better yet start bitching about the ui libs and how they just trash memory because they suck. pretty much all the trashed memory is just getting trashed due to graphics.
And, to be perfectly honest, performance of non-native code and the memory handling both suck under Android.
I think Google's choice of Java for Android was one of their poorest choices. Maybe it's because I worked on iOS first, but Obj-C is an open source language and would have been perfect. But I would have settled for C++, and that says a lot. Yeah, Android offers native code, but none of the UI frameworks work with it, forcing this awkwardness.
At that point, when people refuse to take your money, you don't need to split hairs and argue about whether or not its strictly DRM. They've already gone to a lot of trouble to refuse the revenue, so leave it at that, and just go download the pirate copy which is encoded with the codec that you're allowed to decode. Then everyone wins.
So why can't it be that way about DRM? How is it that a codec not being available for Linux means a shrug and moving on to Bittorrent, while DRM suddenly equates to some societal evil?
Earlier in this thread I mentioned VHS and a response was that VHS wasn't DRM'd. After thinking about it, I don't think that's true. A VHS tape is a device where having physical access to the tape is the decryption key. While there are a few possible holes in practice, a video store can in theory ensure that only one person has access to the content because that person has the tape, and that when the person has no more access to the tape they have no more access to the content. (If we want to get real picky, yes, they could copy the tape, but I could also copy screen output off my display.)
Again, I have to ask what all this fuss is about rented, expiring content when we've been doing this as a society since the 80s. If you didn't have a VHS compatible player, you couldn't play a VHS tape. And if you rented the tape, eventually your content would go away.
It's impossible for any media to play on any platform. Even if something were supplied with no decryption key necessary, I can still point to some box it doesn't play on. And rented media requires some key to ensure it can't be played when it's not supposed to be.
Which goes back to my original point. With rented media I'd expect DRM, it's the only way that system can work. With non-rented media, I rarely run into DRM'd content, and I very rarely run into content I can't download. With rented media, I don't understand the expectation that it should be downloaded locally and not copy protected.
Because those carts and tapes could not be made compatible.
Linux has many software players that could handle it. The software could be made in minutes quite likely. This is not a hardware limitation.
That's not a great distinction. In theory, I could put an emulator on my Genesis to play SNES games. So there isn't a hardware limitation there either.
I think the weakest part about this line of reasoning as that at that point it makes codecs DRM. If H.266 shipped tomorrow with Mac and Windows players, would you define H.266 movies as DRM encumbered?
Those were not limitations of DRM.
Comparing them makes no sense.
How so? Linux (in theory) lacks the right player software, much like how my console didn't have the right components for playback.
Many are upset because generally those services only work on OSX and Windows. I don't remember rental stores have DRM that failed to work on other operating systems, what sort of thing were you renting?
I remember rental stores renting Super Nintendo games that didn't work on my Genesis, or DVDs that didn't work on my VHS. I never felt the need to start an online crusade about it.
I use iTunes Match which means all my files are stored in the cloud. But, before the cries of "evil lock in!", iTunes lets me download all my cloud files at any time DRM free, so I can listen to them offline or even archive them.
Am I upset I can't download rented media DRM free? No. Why would I be upset about that? It's the same deal I had with movie rental stores. If I buy it to own, I definitely want a download. But I haven't run into many services at all where I purchase something and I can't download it.
Ahh the joys of self-financing government departments. "We believe those assets were used in connection with a crime". Suddenly, they don't have to prove anything, they just have to seize it and it's theirs. Nice and convenient. Can they even prove where the bitcoins came from?
As someone who's dealt with seized assets before (not for myself, for another employee in a previous job), "seizing" does not mean it's "theirs", unless you've been watching too many crime dramas on TV.
The seized assets have to be proven to be used in a crime as part of a conviction, otherwise they are returned. In our case, the seized assets were returned to us after the trial. The only catch was we archived everything that was seized in case additional evidence was needed later.
Only in Hollywood does the government seize assets forever in some Indiana Jones-esk warehouse and never return them.
First, the postal service is a distinct entity, just like any other corporation. There is no reason why any information they have should be available to other parts of "the government" without a court order.
In 1967 the Supreme Court ruled that mail covers are not private information. I'd be very surprised if Fedex or UPS required a court order either. USPS is following the law here.
If you don't like that ruling, that's a different topic. But legally, for literally decades, mail covers have not been private info.
Second, to do their job, they need to "know" all these things only for a short amount of time; there is no need to retain the data beyond a few weeks past delivery, if that. The data should be deleted by then.
And those principles should apply equally to public and private delivery services.
No need to retain data a few weeks beyond delivery?
What if a month later I decide to go back and sue the USPS for a damaged or lost package? If they don't know what packages are being sent form or going where, how do they decide which post offices to close and which to open? If they don't know at what times different packages are being sent, how do they know when to staff up or what to staff down?
Every business you interact with is keeping this sort of information to just maintain their basic competence. Again, making the USPS operate with both arms tied behind it's back will just make it more incompetent and more bloated. Imagine if I asked you to run a business, but you couldn't know who you were selling to, where you were making sales, or when those sales were.