Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Home Depot Says Breach Affected 56 Million Cards

praxis Re:Credit cards? (77 comments)

RFID cards have proven to be easy to compromise.

I've not seen an RFID card. Do you have a link? Or did you mean EMV?

yesterday
top

U2 and Apple Collaborate On 'Non-Piratable, Interactive Format For Music'

praxis Re:confused (311 comments)

And local bars don't have live music anymore because local bands aren't allowed on the radio.

I don't know where you live, but in Seattle there are three *pages* of live shows for *today* [1] and five *pages* of live shows for *this weekend* [2]. Granted that is both for bars and larger venues, but the vast majority are small local bars.

As to local bands not allowed on the radio?! There are plenty of radio stations that cater to music lovers and absolutely do play local bands. One of several Seattle (again, I live here; I don't think Seattle is unique) is KEXP. They even have an article on how to get airplay on KEXP [3]. While it's a local station, I know many of their listeners are from beyond the city limits so getting airplay on such a local station can have wider-ranging effects for an up-and-coming band.

I guess what "local" bars offer depends on locale but generally higher-population areas sustain more arts. That's always been the case, though. Artists and patrons congregate.

[1] http://www.thestranger.com/gyr...
[2] http://www.thestranger.com/gyr...
[3] http://blog.kexp.org/2011/08/0...

yesterday
top

U2 and Apple Collaborate On 'Non-Piratable, Interactive Format For Music'

praxis Re:Expert. (311 comments)

Just because you sample something 192,000 times a second does not mean that you are reproducing a sound with a frequency of 1/192,000th of a second.

yesterday
top

Next Android To Enable Local Encryption By Default Too, Says Google

praxis Re:Good (125 comments)

Already the industry is realizing what it needs to do.

Yep. In the wake of Snowden, people need to feel better. Performing encryption on a computer that you can't trust, is the best of both worlds and gives everyone what they need.

Users will be put at ease, manufacturers can check the "encryption" bullet point, and thanks to the computer working for someone other than the user, various other parties who "need" the data will be able to quietly get the keys without an unpleasant confrontation with the user. Everybody wins.

Trust is not a binary. If it were, I would say I don't trust anything that I don't fully control (like the compiler trust issue), become extremely paranoid and have no sane life. I choose to have some trust in some things and live a normal life.

yesterday
top

Next Android To Enable Local Encryption By Default Too, Says Google

praxis Re:Good (125 comments)

If you read page nine of the iOS Security Guide, you'll learn that device storage is always encrypted with a unique key, regardless of the device lock settings.

yesterday
top

Next Android To Enable Local Encryption By Default Too, Says Google

praxis Re:Don't use a google account with Android. (125 comments)

So, riddle me this batman... If you store the key on the device and read it automatically on boot, how's that protect you?

There are ways to store a key on the device and not need to read it automatically on boot. Page nine of the iOS Security Guide from September 2014 describes how Apple solves the problem.

yesterday
top

Next Android To Enable Local Encryption By Default Too, Says Google

praxis Re:Don't use a google account with Android. (125 comments)

And if you think I'd ever willingly put non encrypted data in any sot of could you're dreaming.

I thought this was about ON THE HANDSET encryption?

Which leads you to the key hiding problem.... Keys need to be plain text to be used, so they are in memory when you have a device that is encrypted. Which leads you to the problem of how to get a sufficiently complex key into the device on boot? Providing keys is where most crypto systems start to break down, and people do stupid stuff like reduce everything to a 4 digit pin or some such nonsense...

Why not generate the key on the device and store it in a secure piece of hardware? That's been a pretty standard solution for a while now. I kind of imagined Android would also do the same.

yesterday
top

Next Android To Enable Local Encryption By Default Too, Says Google

praxis Re:Good (125 comments)

and when user's complain their battery lasts much shorter as the CPU is busy encrypting and decrypting constantly, then they'll switch the default back... and when user's complain that they flip flop too much, they'll make it a giant setup screen option where new user's can complain about which option is on top.

iOS has encrypted most of its data most of the time already and iOS has not had significantly worse battery life than Android in the past. What's the crux here is not the addition of encryption, it's the location of the encryption key.

yesterday
top

Next Android To Enable Local Encryption By Default Too, Says Google

praxis Good (125 comments)

Already the industry is realizing what it needs to do.

2 days ago
top

Apple Will No Longer Unlock Most iPhones, iPads For Police

praxis Re:What's your suggestion for intelligence work? (494 comments)

First, no one said anything about being angry. Second, no one said anything about "Hollywood" always getting history wrong in favor of the Americans. Third, gnasher719 and I are two different people.

What gnasher719 said about American movies rewriting history is true. My point was propagandists have used fiction to sway the masses and it appears to have worked: gnasher719 was responding to a common misconception that Americans broke German codes in WWII. A misconception perpetuated by Hollywood.

I have no gripe with Hollywood, but I do support people like gnasher719 who go out of their way to correct misconceptions others have because a Hollywood movie twisted history. You pointing out that it was not a documentary doesn't make the misconception any worse nor gnasher719's attempt to correct that misconception useless.

No one is saying fiction can't bend the truth, if that's what you thought.

2 days ago
top

Apple Will No Longer Unlock Most iPhones, iPads For Police

praxis Re:What's your suggestion for intelligence work? (494 comments)

Documentary or not, his point that American movies have re-written history was true. Would you feel the same way about a Russian fictional movie that portrayed the moon landing as being a Soviet accomplishment?

2 days ago
top

Apple Will No Longer Unlock Most iPhones, iPads For Police

praxis Re:Too little, (494 comments)

too late.

You're right! We should do nothing now! Why would we want to change something we don't like. Oh, that's right, it's too late.

What a defeatist attitude.

2 days ago
top

Comcast Allegedly Asking Customers to Stop Using Tor

praxis Re:So-to-speak legal (417 comments)

The ultimate monopoly is the Federal Government...

Only if it is the only government in the world. Plenty of people move to live under a different government due to being unhappy with their current one.

2 days ago
top

Tim Cook Says Apple Can't Read Users' Emails, That iCloud Wasn't Hacked

praxis Re:Possible to store encrypted email? (191 comments)

Yes, but it's between your MUA and your server. S/MIME, as far as I know, does not do server-to-sender public key exchange. If I send a signed message to you, then you have my public key and can encrypt messages to me, yes, but you can't get my public key from the server.

Frankly, S/MIME is really the best solution available today. It works with gmail (not web-mail but using a MUA). Most MUAs support it. It's easy to get a free personal S/MIME keypair from a CA. Google, Apple or whoever you use for mail never sees your private key and can't read your messages.

3 days ago
top

Apple Edits iPhone 6's Protruding Camera Out of Official Photos

praxis Re:Just wait (424 comments)

The subject of the photograph does not have zero thickness. The camera focal point could be along the plane of the front of the subject, which would make it *not* along the plane of the rear of the phone.

Imagine I am standing long the plane of the front of a building, am I also standing along the plan of the rear of a building? Am I looking at the building at a flat 90 (whatever that means)?

3 days ago
top

Tim Cook Says Apple Can't Read Users' Emails, That iCloud Wasn't Hacked

praxis Re:Possible to store encrypted email? (191 comments)

Even better would be a system such as:

You generate a key pair, give Apple the public key. You manage your own private key.

Then, for each email:

Apple receives the email as plain text from another server (likely via SSL), encrypts it with your public key and stores it on their servers. When you connect to retrieve your mail they send you the encrypted blob that you decrypt via your private key.

Problems are this: first, Apple has a plain text copy of each email you receive and could be asked (nicely or forcefully) to record this somewhere before proceeding with encryption and storage. Second, replies are not encrypted.

Much better for users to manage their own keys and use S/MIME. That's what I do with my friends and Google (my email provider) never sees unencrypted messages from me to any of my friends and vice versa.

3 days ago
top

Tim Cook Says Apple Can't Read Users' Emails, That iCloud Wasn't Hacked

praxis Re:Inaccurate (191 comments)

Tim Cook says they "don't" read your email and "can't" read your iMessages. So presumably, they CAN read emails but choose not to do so.

Which makes sense as most email clients out in the wild don't encrypt messages, so even if Apple were to encrypt messages stored on the server, they'd be doing it with *their* key, not the users (unless the user used S/MIME or PGP or GPG or what have you). If they want to interoperate with other email providers, they need access to the emails as that's how email works.

3 days ago
top

Tim Cook Says Apple Can't Read Users' Emails, That iCloud Wasn't Hacked

praxis Re:False Headline (191 comments)

iMessage and FaceTime are technologies Apple designed and implemented, and they chose to do it in a different way than e-mail. E-mail uses a plain text protocol and is stored in plain text. While the transport can be encrypted, if one were to encrypt the data on the server it was stored on, one would use a symmetric key, and one would have access to that key. iMessage and FaceTime can be implemented using asymmetric keys and one would not need access to those keys. It makes sense if you as a company want to minimize how much data you hand over to a government: you let devices generate keys that your servers never see.

3 days ago
top

AT&T Proposes Net Neutrality Compromise

praxis Re:Respoinse from ATT (236 comments)

fine fine, we will sell you a dumb pipe. 640Kb is enough for every one right? WHAT you want more.... ok fine but 4Mb is where we draw the line

It would all depend on the unit of time. If I got 4Mb per pico second I'd be one happy fish.

3 days ago
top

Microsoft To Buy Minecraft Maker Mojang For $2.5 Billion

praxis Re:Microsoft can now kill Java (327 comments)

> Java runs on far more platforms than just Windows and OS X. If Microsoft ports Minecraft away from Java, what are they chances that they support those platforms?

Depends on what you mean by "run". Does it mean "runs well"? "Runs fast"? "Runs, but only on one very specific version of Java?" It's not the 1990s any more. Java's cross-platform capabilities are not the advantage they used to be.

I mean runs sufficiently to play Minecraft. It does so on many distributions of Linux out-of-the-box. That's more than just Windows and OS X. Java runs to other degrees on other platforms as well, but for the topic at hand (Minecraft's future), Linux distributions are what I'm referring to here.

3 days ago

Submissions

praxis hasn't submitted any stories.

Journals

praxis has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>