Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



Google Partners With HTC For Latest Nexus Tablet

mlts Re:Ecch ... (66 comments)

Bingo. I wish there were a way to fish out the ADB and Fastboot stuff, and leave the Sync Manager app out of the equation, since I never use it I don't need syncing of anything to and from the desktop. My contacts/mail/calendar/reminders are synced to Exchange. My apps are backed up via Titanium Backup encrypted [1], and tossed onto Dropbox. My music winds up coming from Amazon's service. Photos get tossed onto a cloud service. If I want to use the phone as a physical copy mechanism, I can, with PGP/MTP when plugged in, or ssh/nfs/samba/ftp/http/https when on the same wireless segment.

So, other than fastboot and ADB, I never use my PC for anything phone related except initially tossing on music or when I am doing a complete firmware upgrade or re-ROMming the device.

[1]: TB has one of the absolute best ways of encrypting backups. It uses a public key for the backup, and a restore, you unlock your private key.

[2]: Even without drivers, the HTC One M8 will appear as a MTP/PTP device, so one can copy files to and from.

4 hours ago

Google Partners With HTC For Latest Nexus Tablet

mlts Re:is it going to be buggy as always? (66 comments)

I've had great luck with the 2013 N7 as well. No bloatware, rooted, has a utility that does a TRIM command every so often, and I can SSH into it if I need a file I'm working on. It is a nice medium size for reading.

The Android sites also show that Android L is working on the N7, so it should be supported in the next OS rev.

5 hours ago

Google Partners With HTC For Latest Nexus Tablet

mlts Re:Tegra based! (66 comments)

HTC isn't Chinese. It is Taiwanese.

I'm looking forward to seeing their tablet, as I have had generally good luck with their products overall.

9 hours ago

The Raid-Proof Hosting Technology Behind 'The Pirate Bay'

mlts Re:I'm so leet. (129 comments)

With some VM architectures, the VM may not even need to be restarted. With IBM's POWERVM and vSphere's FT, it actually runs multiple VMs at the same time executing the same instructions in lockstep. That way, if the primary fails, it is only seconds before the secondary takes over.

11 hours ago

Researchers Propose a Revocable Identity-Based Encryption Scheme

mlts Re:Revoke is pointless (70 comments)

Revocation in general has issues. If you block access to a revocation server, it would allow a key that is compromised to be in effect longer.

The ideal might be SLC (short-lived certificates), but of course, the downside of that is the computational overhead by the key signing machines.

I agree with you on the software. In the 1990s, console games were not shipped until they were finished. Not "finished", but of a release grade. This doesn't mean it will be 100% bug free, but solid enough. Even with this in mind, an upgrade needs to be a manual process, with the user finding the download site and fetching it from a mirror themselves. "auto-updates" in theory can be easily used to target users and push a Trojan, or hijacked by blackhats to destroy the product completely.

One addition: The program should have apps for iOS, Android, and other smartphone/tablet operating systems, and use the native security facilities of the devices. This isn't 100%, but if the security is there, might as well use it, such as Apple's KeyChain, or how Android mounts data on a temporary basis for encrypted content. It might be that the best place to do encryption is on a smartphone, although that isn't completely hackproof.

11 hours ago

Researchers Propose a Revocable Identity-Based Encryption Scheme

mlts Re:Hmmm (70 comments)

This isn't a new idea. I saw the opposite workings with the NeXT back in 1992 had a public/private key scheme, where a person could create a password or passphrase, of any characters as a private key, and then NeXTStep would make a public key from that phrase.

12 hours ago

Ask Slashdot: Is iOS 8 a Pig?

mlts Re:Alright smart guy (482 comments)

Android is a toss-up. If your phone has an easily unlockable bootloader and is fairly mainstream, then you likely can get unofficial updates or a CyanogenMOD version which will be supported for quite a while. You also might be able to find other ROMs people have made for the device, some with a more recent version of Android, some not.

If you get a model that has a locked bootloader, the company won't unlock it, and it isn't a popular enough model to get the mainstream developers to look at it, then it will probably need to be tossed.


Data Archiving Standards Need To Be Future-Proofed

mlts Re:There is a lot we need for long term archiving (111 comments)

I should have been clearer -- Paperbak is a way to not just print a document, but encode one onto paper, so a 100 page Word document fits on a single page (in theory), rather than needing 100 pages.

2 days ago

Data Archiving Standards Need To Be Future-Proofed

mlts Re:There is a lot we need for long term archiving (111 comments)

There was an IBM computer made in the 1970s which stored data on black and white negatives. It would "write" to them via exposing light, then pass the negatives through the usual developer, stop, and fixer baths, finally into a storage area. Reading was done by having them scanned in, similar to punchcards.

It definitely is a nonstandard way of doing things, but I'm sure film chemistry has advanced quite well since then, so storing information as colored dots might be a long term archiving solution, provided there is an easy way to handle the negatives without them tearing. The grain of the film, ISO, amount of ECC per negative and other processes can be tuned as well.

There is an irony that the negatives I have from my 35mm camera will be printable long after I'm gone (assuming no mishandling), while on a SD card, once the electrons bail from the gates, the data is gone, no way to recover it, whatsoever. It would be nice to have some form of long term archiving format so bit rot doesn't claim picture collections.

I'd probably guess the only real way is to create some type of CAS that periodically copies data and checks/rebuilds ECC info to new media every so often, with multiple layers of bit rot detection in place, as well as a cryptographic signing layer to ensure that data dropped there hasn't been altered even though it has been ECC-ed and de-ECC-ed many times.

2 days ago

Microsoft Kills Off Its Trustworthy Computing Group

mlts Re:I've never shorted a stock (98 comments)

Definitely not. It was listed under a "feature" (in quotes) as something that isn't wanted, similar to the DRM stack. In fact, it has gotten worse since XP since you have to have either a KMS server that has Internet connectivity to phone home to MS so machines can activate from it for 180 days, or blow a MAK and activate over the phone.

I don't understand why MS forced volume activation on businesses. One can find fake KMS servers, and even though it isn't a complex piece of infrastructure, it is another thing that can fail or get hacked. It also doesn't support redundancy at the KMS layer, so it has to go onto a VM cluster with multiple paths or the like. If it drops, it isn't critical, but it can be annoying. There is also the fear that in theory (and this is pure tinfoil hat speculation, mind you), it can be used to shuttle/proxy info/code between clients, the KMS server and the outside world.

I don't know any other OS that requires activation. Oracle has some of the nastiest licensing around, and their main products have no codes or license keys... the fear of the BSA coming down on a company is good enough. I wish MS followed the same route, and made activation more of a license management system than an infrastructure requirement.

2 days ago

Data Archiving Standards Need To Be Future-Proofed

mlts There is a lot we need for long term archiving (111 comments)

The problem is that we do have formats that do work for long term archiving, but are limited to a platform and are not open, so decoding them in the future may be problematic.

WinRAR is one example. It has the ability to do error detection and correction with recovery records. However, it is a commercial product.

PAR records are another way, but it is a relatively clunky mechanism for long term storage.

Even medium term storage on disk/tape can be problematic:

There is one standard for backup programs for tape, and that is tar. Very useful format, but zero error correction or detection, other than reading and looking for hard errors. There are tons of backup programs that work with tapes. Networker, TSM, NetBackup, and many others come to mind, all using a different format. Of course, once you get the program, there is still finding the registration key, and some programs require online activation (which means when the activation servers get shut off, you can never do a restore from scratch again.) We need one archive grade standard for tape, perhaps with a standard facility for encryption as well.

Same with disks. It wasn't until recently that there was any bit rot detection in filesystems at all. Now with ReFS, Storage Spaces, ZFS, and btrfs, we now can tell if a file is damaged... but none of the filesystems have the ability to store ECC on an entire (other than ZFS and ditto blocks.) It would be nice to have part of a filesystem be a large area for ECC on a block basis. It would take some optimization for performance, but adding ECC in the filesystem is more geared for long term storage than day to day file I/O.

Finally there is paper. Other than limited stuff on QR codes, there isn't any real way to print a document onto paper, then scan it to get it back. There was a utility called Paperbak that purported to do this, offering encryption, error correction, various DPI codes, and so on. It printed well, but could never scan and read any of the documents printed, so it is worthless. What is needed is something like the Paperbak utility, but with a lot more robust error detection (like checking of blocks are at an angle similar to how QR codes can be scanned from any direction.) This utility would have to be completely open for it to have any use at all. However, if it could be done to print small documents to paper, it would help greatly in some situations, such as recovering encryption keys, archived tax documents, and so on.

Ironically, in general, we have the formats for long term storage. We just don't have any that are open.

Hardware is an issue too. Hard drives are not archival media. Tapes are, but one with a reasonable capacity is expensive, well out of reach for all but the enterprise customers. It would be a viable niche for a company to make a relatively low cost tape drive that could work on USB 3, has a large buffer (combined with variable tape speeds to prevent shoe-shining), and has backup software with it that is usable and open, where the formats can be re-engineered years down the road for decoding.

2 days ago

Dropbox and Google Want To Make Open Source Security Tools Easy To Use

mlts Re:First (24 comments)

How about an open source cloud sync API, that allows machines to sync with the offsite provider, as well as each other. That way, each provider doesn't need to reinvent the wheel with this code.

Even better, add hooks for encryption, either a symmetric key, or some faculty that uses public/private key encryption to allow files to be stored without a key, but would need the private key for retrieval.

Best of all would be a way to have a low-cost, low-volume service like Amazon Glacier and an API for that. That way, files can be flagged to be sent to the low-cost storage service every so often.

2 days ago

Microsoft Kills Off Its Trustworthy Computing Group

mlts Re:Good (98 comments)

I found that this technology has two edges to it. The first is its use for DRM, but the second is something I've found useful.

A TPM chip can come in handy with BitLocker. It means that brute forcing a drive's password becomes not an option, as an attacker is faced with the full 128 or 256 bit keyspace of AES. Unless an attacker can uncap the TPM chip, brute forcing a password will only cause the chip to lock due to excessive attempts and not allow access in any way.

It also provides peace of mind. With a TPM + PIN + USB flash drive, if my laptop gets stolen, if I have the USB flash drive on my keychain, I know the laptop's contents are protected. Even if the keychain is stolen, there is still the PIN which has to be guessed. If the MBR or BIOS are modified, it will be detected, and not allow the machine to boot. Not 100% security (XKCD rubber hoses and cold RAM attacks will beat it for example), but good enough.

Problem is that this type of technology to ensure malware hasn't tampered with the boot process tends to be far more often used to keep legitimate people out of their device rather than to allow legitimate device owners to keep control of their data.

2 days ago

Microsoft Kills Off Its Trustworthy Computing Group

mlts Re:I've never shorted a stock (98 comments)

There was one major feature, and two "features" added to XP:

1: The zone/firewalling support. This is actually useful just to keep dodgy apps from opening up a port or ensuring nothing can connect directly. Third parties like Zone Alarm had this functionality, but would keep prompting the user for every single connection, so eventually users would just click "allow all and don't bug me", and be done with it.

2: Secure Audio Path, where anything protected with WMA's DRM could only play on a stack of signed audio drivers.

3: Activation.

Of course, there were some other minor tweaks here and there, but the leap from W2K to XP wasn't groundbreaking. Windows 3.11 to Windows 95 was a major leap in virtually everything. The second greatest leap was with the server side -- Windows 2000 Server from NT Server was a nice leap for servers because the whole model of NT domains was changed to be a lot more scalable.

The reason why XP was considered decent is because it was out for a long time and people got used to it. On the server side of the house, Windows Server 2003 is still supported until July 14 of next year... but most places have moved to at least Windows Server 2008 if not newer just because of the better security in more recent versions.

2 days ago

Dropbox and Google Want To Make Open Source Security Tools Easy To Use

mlts How about buying PGP? (24 comments)

If they are serious, they should buy Symantec Encryption Desktop (formerly PGP Desktop) from Symantec and open source the full version of that. It has a decent UI, works well with Outlook and Thunderbird, and does well on Windows, OS X, and Linux. That would give decent security on the hard disk level, file container, and individual file level. Even directories can be encrypted, CFS/EncFS like.

3 days ago

Putin To Discuss Plans For Disconnecting Russia From the Internet

mlts Re:The US already had this power for a long time (240 comments)

Possible but unlikely. The main reason why SOPA and PIPA were not passed wasn't the protests and website shutdowns, but the fact that Russia and China made it firm that cutting their websites from the Internet would be viewed as the same thing as a naval blockade... an act of war. With Congress afraid of their own shadow, it is no wonder why they backed down, saying it was the will of the people.

No way the entire Internet will be shut down by the US. First thing that will happen is that the UN would get handed ICANN's responsibilities, and the Internet would be up... but under new management.

Second thing is that no US Congressperson would allow it to happen. They get too much money directly from foreign donors, or indirectly companies made rich by foreign trade, which would be shut down in a trade war almost immediately.

I can see SIPRNet or NIPRNet having a master switch that shuts all core nodes of those down, but the Internet? Extremely unlikely. There is just too much big money that relies on the Internet, and if they can afford billions of dollars of computers for HFT, they can afford to get a President impeached who might even think of harming their business model.

3 days ago

Putin To Discuss Plans For Disconnecting Russia From the Internet

mlts Re:PLEASE! (240 comments)

I'm around the same. The attacks come from where there are unsecured IPs, not where the bad guys live. For a while, IP ranges which consisted of DSL or cable modem clients were on the top of the attack source list. On average, nations coming up to speed tend to have average people who are not up to speed on security. This is why in China, malware from pirated app stores is a major problem while it is relatively rare in the US and Western Europe.

Of course, it can't hurt to block by IP ranges in the first place (and do the blocks on multiple layers [1] on public facing boxes like Web servers), just to narrow the scope of what is hitting the machine.

[1]: The firewall, the application, and the OS. That way, if something glitched and the firewall got opened to the world, the servers will still be protected by their own innate IP stack filters.

3 days ago

Scotland Votes No To Independence

mlts Re:Free Willy! (471 comments)

The closest analog to that would be the SCOTUS here across the pond. The problem comes in when they are appointed because they have the extreme view of whomever is appointing. That is why most decisions made by the Supremes are almost always split 5-4.

If the US Senate was styled that way where the Senate positions were appointed (perhaps by the state governor), it might help with mitigating radical parties that get into power, but on the other hand, it might only result in extremists having that chunk of the governing machine to themselves.

3 days ago

Inside Shenzen's Grey-Market iPhone Mall

mlts Re:Repair (53 comments)

It depends on the technology. Cars, iPhones, and computers tend to change often.

Maybe a better item would be an example of something that really doesn't change much. For example, generators. Take a 3000 watt generator that is used for RV-ing. One can buy a no-name Chinese variant. However, if something breaks, parts are extremely hard to find since the generators have different generations as they change fairly often. A carb that fit well on this month's batch of models would be useless 6-12 months from now. The other option is to pay significantly more for a name brand like Honda or Yamaha, where 10-15 years from now, if one needs a belt, carb, or even an inverter board, there will be a dealer with one in stock, or at worst, it would have to be shipped.

Other than a move to inverter logic and better voltage regulation, generators have not changed much other than minor advances. Here is a case where paying a bit more will pay off in a longer service life. Yes, one can get "disposable" generators, but it is better for the economy and the environment to have something that can be serviced and rebuilt. Plus, parts are a definitely a profit center.

3 days ago

U2 and Apple Collaborate On 'Non-Piratable, Interactive Format For Music'

mlts Re:The Titanic is UNSINKABLE. (348 comments)

Devil's advocate:

Things are different from the 2000s when everyone and his brother, sister, grandmother, and father in law was coming out with an "unhackable" DRM scheme. For one, the market has shifted from PCs/Macs to consoles for gaming. The PS4, Xbox One, and others have not been cracked yet, so piracy and hacking is at 0% on those platforms.

We also didn't depend on user accounts. A background process like VAC or Blizzard's Warden didn't exist that would completely cut off access to services. All it would take is Apple running a similar process that sits in the background and looks for cracking tools, then locks any AppleIDs suspected of doing so. The days of running "unfuck.exe" are long gone, since it would get detected, and all access lost.

Of course, there is video. Yes, there are SD copies and screeners, maybe even someone ballsy enough to cam and slip that on BitTorrent, but 1080i (true, not upsampled) movies are rare. Satellites have not have any real hacks in a decade. Even Apple's movie format has no working cracks with no deprotection utilities out, unless one wants to capture video and re-encode it with the generational quality loss.

Yes, we will see some "cracks", such as saying World of Warcraft is cracked because someone is running a server emulator, but I will be surprised to see available, unprotected works that were protected in this format.

Yes, DRM has been cracked in the past, but it gets harder and harder each cycle. Even Blu-Ray hasn't been fully cracked yet (it is still a race with each individual movie.)

3 days ago



Truecrypt is now dead

mlts mlts writes  |  about 4 months ago

mlts (1038732) writes "Visting the TrueCrypt website, they have posted that all development has ceased, and instructions on how to move to BitLocker from their product.

If this isn't a joke, this is a very sad day for crypto usage everywhere."

Link to Original Source


mlts has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>