Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment: Re:Hmmm ... (Score 1) 72

by mrchaotica (#48684769) Attached to: Sony Accused of Pirating Music In "The Interview"

Eh? If we do it, people say that no one loses anything if you make a copy, and that sharing has been part of human culture for ages. These people should have nothing to whine about if Sony then goes to do the same thing.

If Sony were an individual and wanted to play it at home in private, sure. But incorporating into a major commercial motion picture (i.e., for profit... at least in theory) is a little bit different!

Comment: Duh ... (Score 1) 111

by gstoddart (#48684277) Attached to: Google and Apple Weaseling Out of "Do Not Track"

Of course Do Not Track is meaningless.

It has always been meaningless. It's a voluntary thing which says nothing at all, and isn't legally binding. It's complete drivel. It's something the industry put out to give the illusion of giving a shit about what we want.

Want to prevent tracking? Don't let the packets happen in the first place. Use things like NoScript, Request Policy and HTTP Switchboard to deny the access entirely.

Treat this stuff like the shit that it is ... intrusive advertising and tracking about everything you do.

The only way to win is block as much of this crap from your browser as you can. You don't owe these companies this data, and the less you provide to them the better.

And when they whine and bitch about their revenue stream and their terms of service ... well, too damned bad. You aren't required to pull in any packets you don't wish to.

Once you start using these blocking plugins, you'll be amazed at just how much crap is actually embedded in most every page. One some sites, literally dozens of 3rd parties ... none of whom give a shit about your Do Not Track setting. So just block them entirely.

Comment: Re:Hmmm ... (Score 4, Interesting) 72

by gstoddart (#48684251) Attached to: Sony Accused of Pirating Music In "The Interview"

If we do it, Sony is one of the companies who helped pay for the law which says you and I would have to pay massive amounts of statutory damages, with additional punitive damages for having done it on purpose.

I want Sony to receive the same magnitude of punishment as they would insist we receive.

Because I really despise multinationals when they argue both sides of the same legal argument as it benefits them.

Comment: Hmmm ... (Score 4, Insightful) 72

by gstoddart (#48684173) Attached to: Sony Accused of Pirating Music In "The Interview"

So, once again, if we do this we get crushed under the heel of a team of lawyers.

But a multinational like Sony does it and I bet they'll just dicker and claim some bullshit like fair use they routinely deny exists.

I sincerely hope Sony has to pay a massive fine for this ... something on par with what we'd get beat down with.

Comment: Re:Do Not Track never meant anything (Score 1) 111

by Tom (#48683423) Attached to: Google and Apple Weaseling Out of "Do Not Track"

"Do Not Track" never meant anything at all. It's the equivalent of a "Please be nice to me" button.

DNT was a brilliant display of the advertisement industries unwillingness to regulate itself and respect such wishes. Now they cannot make those claims anymore, and there is evidence on record that actual regulation is required.

Without DNT, they would always have claimed they're good guys. Now the mask is off.

Comment: Re:No problem. (Score 2) 111

by Tom (#48683413) Attached to: Google and Apple Weaseling Out of "Do Not Track"

If you are being tracked, it's because you *allow* it.

Wrong.

It is because you don't prevent it. At least legally, that is a very big difference. If I allow you to hit me in the face, e.g. by participating in a boxing match, then I can't later sue you for bodily harm. If you do it without my permission and I just fail to prevent it, then all the guilt falls on you anyway and I can sue you, plus you have committed a crime. That's quite a big difference there between those two words.

Comment: Re:DNT is useless by design (Score 1) 111

by Tom (#48683407) Attached to: Google and Apple Weaseling Out of "Do Not Track"

Did anyone actually believe that the do-not-track flag was effective?

Yes, but not in the way you think.

DNT is useless technologically. But it is a gem when it comes to providing evidence that actual regulations and penalties are required, because the industry is unwilling to regulate itself and respect customer requests.

There's a tradition in law and law-making that you need to at least try the less intrusive choices first. Now we satisfy that, and we can move on to really stop the parasites.

Comment: Re:yep. I provide security to some ofthe listed si (Score 2) 133

by Tom (#48681071) Attached to: 13,000 Passwords, Usernames Leaked For Major Commerce, Porn Sites

It's pretty clear the hack is in the client side.

The list of sites alone is clear enough on that, even if you know nothing about them. Someone just had a little lolz with the botnet he owns anyways. TFA advise is totally bogus: They don't post the list of sites to advise people to check their accounts, they do it because it's their excuse for posting a list of x-rated stuff on a non-x-rated site. Pure sensationalism.

We may have a look to see of the logs go back far enough to tell us which browser version, OS, and toolbars or addons those members were using.

Or which desktop dancing nude woman they installed, or old version of flash player they use, or any other of a thousand possible problems.

Most people don't realize just how many (usually windows) PCs out there are owned by hackers. When some botnet runs an attack, we don't realize because the numbers are so big its just a statistic.

Comment: Re: For that, you'd have to do a different attack (Score 1) 325

by Tom (#48678501) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

I don't think you understand how amplification attacks work.

I wrote advisories on that more than 10 years ago, so please go ahead and lecture me.

Your home network should not allow a request with an IP that doesn't belong to it out. If I'm the router that connects 1.2.3.0/24 to the Internet, I shouldn't put a packet that claims it originates from 5.6.7.8 on the wire.

The only places where a package that isn't part of my network should be routed through is when my network is a transit network.

Comment: Re:Rubbish (Score 1) 325

by Tom (#48678483) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

I know from my own experience how right you are, but that, exactly, is the problem. This "it didn't crash in 10 minutes, ship it" approach is utterly horrible. It's become industry standard instead of being taken out back to be shot, and that is a really serious problem.

People shouldn't be used to computers crashing - they should demand that they don't do so.

Comment: Re:For that, you'd have to do a different attack (Score 1) 325

by Tom (#48675107) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

spoof the IP address of your target (...) it proves that the DNS protocol itself is beyond repair

No, it proves that the network you are connected to is braindead because it still allows IP spoofing.

And that EVERY company on the net is susceptible to something like that because unlimited bandwidth does not exist.

It used to be really easy to knock someone off the Internet. It's not so easy anymore. For some of the really big targets, being able to muster the bandwidth alone would be an impressive demonstration of power. Keeping them offline for more than a few seconds while their Anti-DDoS countermeasures deploy would be something that few players smaller than a nation state level can pull off.

MS and Sony have a security that matches the opaqueness of an erotic dancer's dress

Not really. I hate them as much as most people with three working brain cells, but they've both done quite a lot about security. It's just not enough and - like every company - they make decisions to not invest in some security measures because the ROI simply isn't there.

Comment: Re:Rubbish (Score 3, Insightful) 325

by Tom (#48675071) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

Nonsense. On their gaming systems you are unlikely to find any data that the companies would consider valuable. And 10+ years of experience show that "oops, we leaked customer data" isn't really a game-changer.

But cries from customers can be. Denying them the joy of their freshly gifted gaming console can be very powerful. It's not the nice way, definitely not, but it makes headlines.

I doubt it's going to change anything, because customers are too used to computers not working. That is the real damage that 30 years of Microsoft dominance have done to the world.

Comment: Re:miscreation (Score 1) 348

by Tom (#48674659) Attached to: Ars: Final Hobbit Movie Is 'Soulless End' To 'Flawed' Trilogy

If I didn't know that, I'd give back my nerd credentials.

But there's a difference between making a prequel movie and a story that is set before. The Hobbit tried too hard to get as much from the LOTR movies into it as possible. For example, WTF is Legolas doing in the movie? He's not even mentioned in the book.

To downgrade the human mind is bad theology. - C. K. Chesterton

Working...