Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment: What? (Score 0) 114

by Bogtha (#48945839) Attached to: Wi-Fi Issues Continue For OS X Users Despite Updates

Although Apple has never officially acknowledged issues surrounding Yosemite and Wi-Fi connectivity, the company is clearly aware of the problem: Leading off the improvements offered in the update 10.10.2 update released Tuesday was 'resolves an issue that might cause Wi-Fi to disconnect,' according to the release notes.

So basically, you said that Apple haven't acknowledged the problem, then quoted them acknowledging the problem?

Comment: Re:If it's accessing your X server, it's elevated (Score 1) 374

by vux984 (#48943423) Attached to: Why Screen Lockers On X11 Cannot Be Secure

Adding a registry entry to remap keys is pretty trivial, too.

You need to be an administrator to do that. That makes it pretty non-trivial.

is running a different OS which doesn't treat Ctrl+Alt+Del in a special way

Now your suggesting what exactly? That the attacker is going to throw in a linux live CD, boot it, run his 'fake login screen' that looks like the usual windows screen?

Ok... yes I guess that is a theoretically possible attack; although you'd probably get caught as soon as the user isn't actually able to log-in and IT gets called in...

Usually the fake login screen attacks "fail" with a you got your password wrong message, and then quietly disappear and throw the -real- lock screen up so the unwitting user tries again... gets in to what he expects and assumes he must have fat fingered his password.

Comment: Re:If it's accessing your X server, it's elevated (Score 1) 374

by vux984 (#48941809) Attached to: Why Screen Lockers On X11 Cannot Be Secure

I think you're confusing the user vs administrator distinction with the userland-vs-kernel-mode distinction... but never mind...

Deliberately conflating, but not confused.

What I'm saying is that the "Ctrl+Alt+Del protects your password" claim is overblown; the suggestions you give only amplify that, as they are even more ways to circumvent it...

But none of them are trivial to do. Especially if I am not already an administrator on the system.

I can trivially run a program to throw up a screen that looks like the login screen on a PC at work. TRIVIALLY.

the "Ctrl+Alt+Del protects your password" claim is overblown

Its like door locks. Nobody anywhere claims they make your house secure, but it does stop people from being able to literally just wander into your house.

In the real world door locks prove to be highly effective at keeping people out of places. From hotel supply closets and building electrical rooms to the bosses office to your bathroom stall while your taking a crap.

Nobody here is arguing ctrl-alt-delete is some magical super thing, its just a door lock. But its enough of a hassle to get around, that its plenty to stop all kinds of casual intrusions and mischief.

Ctl-Alt-Delete is the same way.

Comment: Re:If it's accessing your X server, it's elevated (Score 1) 374

by vux984 (#48938429) Attached to: Why Screen Lockers On X11 Cannot Be Secure

This

Actually. No. Not this.

Or the fact that there are registry entries that allow remapping of any key to any other, including (as far as I remember) the Ctrl, Alt and Del keys. The "security" of Ctrl+Alt+Del has always been over-hyped :-)

Yes, you can install a keyboard driver, usb filter driver, or adjust the keyboard scan code map in the registry to disable the keys. (And that's not in HKEY current user.)

You aren't going to be tampering with or installing of ANY of that from user land. And if you have root... you can just install a keylogger be done with it. Why bother with dorky fake lock screens?

Comment: Re:Google could bring back Apps Sync (Score 1) 172

by vux984 (#48938373) Attached to: Microsoft Launches Outlook For Android and iOS

Awhile back Google started asking money for Google Apps Sync for Microsoft Outlook®.

Around the same time they started asking for money to host a small domain.

Although they dragged their heels for upwards of a year to getting it to officially work with Click-to-Run editions of office too (which is what most computers come preloaded with these days.)

I'm glad this is here though; I heard Google was discontinuing their mail app (which I've been happy with - one of the few google apps I currently use) and pushing everything into their gmail app... which i HATE with a passion. So I've been anticipating selecting a new mail client when my S5 gets the next update.

So I definitely will be looking at the microsoft mail client. Although there's several smaller players in the mobile email client space as well... and I don't know much about any of them either... yet.

Comment: Re:Liars figure and figures lie (Score 1) 135

by Bogtha (#48934339) Attached to: The American App Economy Is Now "Bigger Than Hollywood"

the functionality of the devices is about the same

It's very different. On Android, you have to decide whether to grant permission before you've ever run the application, and it's all or nothing. On iOS, you run the application before deciding whether or not to grant it permission. You have the ability to deny permission while still running the application. You can also allow permission for some things but not others.

This functionality is partially available to Android users who root their phones and install the right tools, but that's far from the common case.

Comment: Re:Liars figure and figures lie (Score 2) 135

by Bogtha (#48928287) Attached to: The American App Economy Is Now "Bigger Than Hollywood"

It's true that the majority of the profits in App Store sales is focused at the extreme top, but it's not true that 99.999% of the rest make "near 0". This analysis estimates that the top 3,175 applications earn at least the average annual income for a US household per year, and applications that rank about number 6000 still earn $25K/yr.

And that's only counting App Store revenue. I've earned a lot more than average since I started developing for iOS, and most of the applications I've worked on are free. You don't see things like banking applications earn revenue directly, but the developers responsible certainly profit from it. The Facebook application is free, but you don't think its developers are working on it for free do you? I've been paid to built plenty of enterprise applications that will never appear in the App Store.

There is a huge amount of profit in the "app economy" that will never be accounted for merely by looking at App Store profits. The "app economy" is much bigger than the App Store.

Comment: Re:If it's accessing your X server, it's elevated (Score 2) 374

by vux984 (#48925949) Attached to: Why Screen Lockers On X11 Cannot Be Secure

Are you familiar with the traditional attack

Computer somewhere running some OS.
Regular authorized but non-priviledged user logs in and runs regular non-priviledged user-space application "program that looks like lock screen" and then leaves computer.

Another coworker, or perhaps an administrator walks up to use the computer; types in his credentials... and the app saves them...

Windows solution to the attack implemented decade(s) ago:

real windows desktop lock screen can only be unlocked with ctrl-alt-delete which user-land non-priviledged apps can't intercept.
train users never to login to a computer unless they hit ctrl-alt-delete to unlock it first.

Comment: Re:grandmother reference (Score 1) 465

by vux984 (#48921331) Attached to: Ubisoft Revokes Digital Keys For Games Purchased Via Unauthorised Retailers

No. A refund is a return payment made from a merchant to a customer. Refunds are not made to third parties that were never part of the original business transaction.

Ok. Agreed. Ubi shouldn't owe them a 'refund'. But they are the party that owes restitution here.

The customer should seek restitution from the middleman that made the fraudulent charge.

"fraudulent charge" is a pretty strong charge to make. The keys were sold legally in Eastern Europe by buyers who then exported them legally elsewhere.

The only "contradiction" would be to what Ubi -wants-. That doesn't amount to fraud. It is not fraud to buy something in a price discriminated market, and legally export the product.

Europe is very economically diverse. Germany has nearly 4x the per-capita GDP as Poland, which happens to be right next door. What's affordable to someone in Germany is not necessarily affordable to someone in Poland.

My city is very economically diverse. Less than a mile away are people making a fraction of what is typical in my neighborhood. Yet we both pay the same price for milk, cars, and movie rentals.

I hear your argument, but I'm not sure what makes the line between germany and poland a magical line the free market dare not cross.

That bike rack that you mentioned above is purchased outright, whereas Ubisoft's games are licensed.

Semantics. I *purchased* a license. I don't pretend I have any special exceptional copyright ownership of the underlying intellectual property any more than when I purchase a copy of a book... but I did *purchase* a license. The store had a "buy" button, I pressed it. A one time transaction was completed. I know own a license. Its listed as one of my games. And I can click a link to my "purchase history".

  There's a principle in law... if it looks like a duck, and quacks like a duck, then its a duck. (You see this principle applied in other areas too like when corporations dress up their employees as "independent contractors" and the law sees right through it.)

Many leasing companies will not allow the lessee to take the vehicle out of the country without permission.

A lease agreement is a negotiated several page document that both parties sign multiple times over. Pretty sure that's not a better analogy for buying a video game.

Region locked game consoles are a good example of this. Outright revoking access to the service is crude, which is why many publishers are switching to language-locked editions. A high-priced English-French-German-Spanish-Italian edition on one side, and a cheap Polish edition on the other. This can negatively affected ex-pats that don't speak the native language, but that's a very small group.

Yup. I agree they can do stuff like this. But you can take a region locked game console to North America and play games purchased in that region for it. They don't get to show up your house with a hammer and smash your console.

or you agreed to the ToS and accept the consequences of breaking them.

Which terms of service did I any one agree to before buying the key that indicated UBI could revoke the game if they weren't from the country the key originated from?

I don't deny they exist... but I'd like to see them.

Comment: Re:grandmother reference (Score 2) 465

They didn't purchase the product from Ubisoft, so why should Ubisoft give them a refund?

Ubisoft revoked their product.

They should seek a refund from the unauthorized retailer.

No Ubisoft should refund me my money; and seek restitution from the unauthorized seller.

Suppose I buy a bike rack from amazon.com and use one of the services available to redirect the shipment to Canada. Because the same rack is nearly 50% more in Canada. ( Yakima Holdup MSRP $580 CAD); available for $520 CAD on Amazon.ca. $305 is the best price I can find on Amazon.com. That's $378 CAD.

So if I decide to save $120+ by bringing it in from the states; its grey market product. Canadian authorized resellers hate this, but am I really supposed to pay 50% more, when I can legally purchase it for less? Corporations shift their expenses and profits around like crazy... but it's unethical if I play the same game?

Should Yakima really be allowed to show up at my house and take it away? And tell me to try to collect a refund from the seller in the USA? Or perhaps I should QQ to the shipment redirect/import service?

Why is it ok for Ubi?

Low income markets usually constitute a rather small portion of a large manufacturer's revenue, so they can live with out it. On the other hand, the low income markets will lose access to the vendor's goods and services.

This is true. But the border between eastern europe and western europe is a line on a map. If your selling the same product on both sides of the line at radically different prices to maximize YOUR profits, how can you villainize the people on the two sides of the line from correcting what would anywhere else be an obvious market FAILURE.

I hear your point; and I don't object to Ubi ~trying~ to price discriminate; but if they can't then they have to deal with that, they can't just start revoking sales and taking things away from people who bought the product on the wrong side of their special line. *I* certainly didn't make any agreement with Ubisoft about where or from whom I would purchase X.

Their beef is with their eastern european and asian distribution channel not me.

Coming after me... just ensures they've lost a customer. Permanently. (And to be honest, I haven't bought an ubisoft game in years already, precisely because of their various dick moves. And I do buy lots of games.)

Comment: Re:Now using TOR after WH threats to invade homes (Score 4, Insightful) 282

by vux984 (#48914341) Attached to: EFF Unveils Plan For Ending Mass Surveillance

Where are these unicorns? Has there ever been a single verifiable case of this?

I don't know about elsewhere, but here in Kanuckistan the RCMP has been working, with the cooperation of the muslim community, to deradicalize people, with some success.

"With the cooperation of the muslim community. Meaning; the RCMP were alerted to potential bad eggs from within the muslim community by volunteers; thanks to the RCMP being accessible and opening channels of communication. Its an example of truly good police work.

That's exactly what we need, and more of it.

But the unicorns I'm talking about are the terrorist attacks stopped by the panopticon, by the mass surveillance of everybody.

Comment: Re:Now using TOR after WH threats to invade homes (Score 5, Insightful) 282

by vux984 (#48912339) Attached to: EFF Unveils Plan For Ending Mass Surveillance

It is a catch 22; You can't get a warrant without evidence and you can't get evidence without a warrant.

No. Its really not. Its called regular police work. And police have been identifying suspects, building cases against them, culminating in search and arrest warrants for a hundred years now without "mass surveillance".

Will the EFF be the ones who apologize to the families of those killed by attacks that could have been stopped?

Where are these unicorns? Has there ever been a single verifiable case of this?

And even if they do exist? So what? Why should the EFF apologize for pushing for policies that make us all more free; even if a tiny handful of people die as a result?

Should the police be allowed to just randomly stop and frisk you? Maybe give you an anal probe right on the street? Maybe come into your house at night, and search the place for evidence of terrorism? No? You don't think that's ok?

Will you personally apologize to the families of those killed by attacks that could have been stopped if these searches had been allowed?

God help those who do not help themselves. -- Wilson Mizner

Working...