Become a fan of Slashdot on Facebook


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Comment Re:EU Privacy (Score 1) 58

The real issue here is identity. You are not your name. Your name is just a convenient pointer others hang on the person that is you. You are the sum of many things; who you associate with, what you do, how you think, et cetera.

Obviously these customers are hashing with the same hash and seed Google are using; they have to be or the whole exercise would be pointless. These organisations may not have the nous to prevent Google from reassembling the original data, so there are no guarantees. Also, they're not anonymising when they're matching two separate data sources. That's not anonymisation in anyone's book. That's pure sophistry, bollocks and misleading bullshit to cover insidious mining and profiling of people's PII.

All of this becomes irrelevant, however, when you realise that, to Google, your identity is that pesky hash. Talking about anonymity at that point becomes pointless.

Comment Re:EU Privacy (Score 2) 58

The issue here is that a third party has access to the unhashed identities and are hashing it with the same hash and seed Google use - they have to be or there would be no point in giving the results to Google. That party may not have the nous to stop Google from reassembling their massive hoard of privately identifying information if they really wanted to. They can also gain insight into which hashes have relationships with their customers (the advertisers, we're product not customer) in order to poke even deeper into people's online activities.

If you're anonymising, it means just that: The data cannot be traced back to a real identity. If you're data mining on an ongoing basis, don't use the word "anonymised" and say what you really mean, otherwise it's just meaningless, misleading bollocks.

Also to remember is that your identity isn't just your name. In fact, the name is just a convenient pointer others hang on the person that is you. You are the sum of what you do, how you think and who you associate with. Given that, the name/e-mail address/UID is irrelevant, at which point the hash itself becomes your identity, even more so than your name or SSN.

Comment Re:EU Privacy (Score 4, Insightful) 58

Shops giving a HASH of the email address knowing Google can match it to a hash of the list of email addresses it collected by Android, is linkage. It's no anonymized, its simply passed as a hash.

This. Anonymised would be one-way, non reversible obfuscation of the source's identity. This is just pure sophistry foisted upon us simply because the vast majority of people this affects can't tell the bloody difference.

Comment Re: illegal autonomous cars? (Score 2) 398

Flow battery - the latest one with non-toxic electrolytes and long lasting membrane. Minor detail is you'd need four tanks (one for each electrolyte charged and spent) but the recharge process would be much faster - filling station removes spent electrolyte pair and replenishes with charged, recycling the spent electrolyte with its own bulk charger - and it would remove the elephant in the room that nobody mentions when talking about electrical vehicles: The cost of replacing the hideously expensive, highly reactive and toxic LiFePO cells every 500 or so recharge cycles. It also removes the fuel cell issue of storing hydrogen. Filling stations may be able to make a profit from "fuel" instead of relying on cans of coke and sausage rolls, too.

A bigger elephant is that it just moves emissions from the exhaust to the power station but I suppose it may be easier to sequester the output if it's in one place or, at least, manage the release. Filling stations could supplement their income with microgeneration on site feeding the bulk charger, which would help bring the ecobollox down to a dull roar.

Comment Re:WSUSOffline (Score 1) 288

Yes, yes there is. September's happened just when it should have. I don't particularly care what they say about WinX, 7 still gets updates on patch Tuesday, which is what we're discussing here to stop the GetWinX crapware getting in.

WSUSoffline is *NOT* WSUS. It's a custom set of scripts that automates download and installation of critical Windows patches that are deemed to be security essential by the WSUSoffline community. It even runs the collector on Linux - I have it set up as a cron job. You can blacklist patches by kb reference number if they make a mistake.

The whole point was updating fresh installs before letting them go online. It accidentally created the ideal update method for dealing with this crap as a side-effect.

Submission + - Is open source SNORT dead? (

alphadogg writes: Is Snort, the 12-year-old open-source intrusion detection and prevention system, dead?

The Open Information Security Foundation (OISF), a nonprofit group funded by the U.S. Dept. of Homeland Security (DHS) to come up with next-generation open source IDS/IPS, thinks so. But Snort's creator, Martin Roesch, begs to differ, and in fact, calls the OISF's first open source IDS/IPS code, Suricata 1.0 released this week, a cheap knock-off of Snort paid for with taxpayer dollars.

The OISF was founded about a year and a half ago with $1 million in funding from a DHS cybersecurity research program, according to Matt Jonkman, president of OISF. He says OISF was founded to form an open source alternative and replacement to Snort, which he says is now considered dead since the research on what is supposed to be the next-generation version of Snort, Snort 3.0, has stalled.

"Snort is not conducive to IPv6 nor to multi-threading," Jonkman says, adding, "And Snort 3.0 has been scrapped."

According to Jonkman, OISF's first open source release Suricata 1.0 is superior to Snort in a number of ways, including how it can inspect network packets using a multi-threading technology to inspect more than one packet at a time, which he claims improves the chances of detecting attack traffic

Comment Re:Ads have been shown to harbor malware too (Score 1) 1051

"Ads are invasive, intrusive, annoying, and I don't want to see them. ever." - by Epsillon (608775) on Sunday March 07, @09:34AM (#31389634) Homepage

No, it bloody well isn't a quote from me. Try by mcelrath (8027) on Sunday March 07, @01:25.

No offence, mcelrath. I see nothing wrong or embarrassing about your post, just incorrect attribution really gets up my nose.

Comment Re:It's the freeloaders time (Score 5, Interesting) 1051

That's all very well, but these ad farms aren't just serving ads, are they? Most of the time they're also installing tracking cookies and collecting private information. You want me to see ads? Don't try to track me, then. Until this shit stops, I won't just be using AdBlock, I'll be blacklisting ad farms on my proxy and barring them on the gateway. Not only is this the primary motivation for me eschewing ad farms but it is also my fundamental right to retain control of what I allow in and out of my private network. Don't like it? Tough. My network, my rules.

Comment Re:That's very nice, but (Score 2, Informative) 216

Every developer out there seems to think DRM will "get them more sales" at least at some point in time. Some then realize this fact: The people pirating aren't "lost sales"- they're people who either can't/won't buy your product for varying reasons.

You want to win the "can't" crowd back if possible- you're never going to convince the "won't" crowd ever. The former is a possible customer, the latter is not and will not be.

DRM might slow the infringers down (it's been proven that pretty much every DRM solution to date has been circumvented within weeks of the release of the title...and that initial crush in the case of many titles won't be where you make your money if you're download only/mostly...) but it will pretty much never stop them. Ask Microsoft how nifty their DRM has been on the 360. DRM won't turn the "can't" crowd to be your customer- it won't put money in their pockets to buy. DRM won't turn the "won't" crowd into your customers- if they want your game badly enough, they will take it whether you have DRM on the title or not. If it's such that they won't bother, you've failed at making a fun game.

DRM is a folly wherever it gets used. It's use is based off of a flawed premise out of the gate.

Comment My thoughts (Score 1) 244

There is no magic solution - you are talking about managing multiple environments with different requirements and technologies in some meaningful, automated way.

You're looking at home-brew here.

What you want to aim for is

0) Stop using multiple technologies if you can. If that's not an option, it just makes more work.

1) Clearly define policies regarding development, testing, and release. These have nothing to do with tools. You build and select your tools based on these policies.

2) Automated pushbutton deployment. You want your code releases of each new version of a site to be automated. You also want rolling back to the previous version to be automated. This applies for CI, QA, and whatever other stages you want, all the way to Production.
3) Automated deployment should involve at a minimum tagging a given revision and pushing it to the correct environment.

4) You can use commit hooks or some other method against TRUNK to run a CI server that continually does regression testing and other funky stuff... as well as just shows you a live version of what's in trunk "right now".

5) When working towards a target release,developers need to include any necessary scripts to update (and rollback, if necessary) their respective databases.

6) Config data... can be handled by having a separate /config folder for each environment, version controlled separately - and where access and change control are again strictly defined and limited, and well documented. this would automatically be inserted by your pushbutton deployment process.

Anything cut to length will be too short.