Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Comment Re:30% (Score 1) 329

Most games are.

In fact, I don't recall ever watching a game on ESPN. It's all sports highlights. The previous day's games summarized into a 15 minute loop that plays all day long. I really don't see why they should charge $10 per customer per month. They seriously only produce 15 minutes worth of content, to use the term loosely, per day. How do you like my coverage of ESPN's coverage of anything. Did I mention they loop the same 15 minutes of highlights all day long?

Comment Re:CNNIC (Score 1) 35

I agree. Hopefully more user agents(MUA and browsers) will come with some system of certificate pinning on by default, just to be on the safe side. I'm confident that would offer motivation to keep CAs honest. And it's quite likely that we'd find a few that aren't so honest. Although, there is still what I call the "lavabit attack" (certificate theft by court action) which, if successfully kept silent, would be completely undetectable.

Comment Re:I agree (Score 1) 111

With cash I have to authorize every single transaction by reaching into my pocket. With credit/debit card transactions, I only need to have reached into my pocket at some time in the past to pay. Cash and bitcoin put the power over payment back into your hands, instead of the merchant. You, (or someone who stole your key) has to authorize every single transaction. It is true that it makes takesee backsees harder to pull off. But, they're already a pain anyway. Mastercard doesn't provide any recourse for unauthorized transactions, you have to take that issue up with the merchant. They just make it easier for their paying customer to withdraw your money.
Some form of crypto should be used for ALL digital transactions. The fact that when I make a purchase with my MasterCard provides the party that I'm paying enough information to continue making charges whenever they like absolutely infuriates me. It means I have to trust both the integrity as well as the security practices for every place where I use my card. If only we had a technology that could fit on a credit card that could digitally sign a transaction so that a register never sees the key. Maybe that kind of technology will be made available 10 years ago or so.

Comment Re:Only haters hate, for the most part... (Score 1) 171

Or another option would be to be able to disable IAP on your phone completely. Or on a per app basis. I use android and wish I could individually revoke permissions from any app. There are MANY apps I've chosen not to download because of required permissions. So many that it's become somewhat of an inconvenience. And in addition to that, after I made my last purchase in the app store (It's not very often) I deleted my CC info from my account. I try to make a point to do that. That way if I do slip up, the IAP will fail. I dislike the entire concept of having payment information stored online. I dislike the ability for an entity withdraw money from my account without my knowledge. I dislike the bank systems that do not require a mechanism for my approval for individual transactions. I feel that doing things the way normal people do them is giving these organizations more control of my assets than I have. My bank has the ability to stop transactions(like when my wife tried to use her card while traveling). When I tried to stop a transaction I didn't authorize, I was told to contact the merchant. When I'm given the options to give up control or don't play, I choose the latter.

Comment Re:Why does it broadcast *all* SSIDs? (Score 1) 112

Because it's easier to De-auth 1 visible connected client, and listen to the probe requests as it tries to reconnect. I believe that's called SSID decloaking, or something like that. There are enough of the right tools to be able to do this automagically while driving down the road with a laptop and a gps dongle. If there isn't a tool that does all the magic, I'm know that a mix of them could easily make all the necessary output that could be put together after a 2 hour drive through town. People still make wardriving tools. But we have so much wifi now that most would be wardrivers don't make it past the driveway. Long story short, it's even easier than that.

Comment Re:Well then (Score 1) 251

Oh, but you can. Well it's not exactly the same thing. Have you heard of a femtocell doodad? When I first heard of stingray, I thought back to an interview from a guy at blackhat or defcon, I can't remember which. Anyway, here's a few links. I remember hearing them say that the traffic from the devices communicated w/o encryption to the servers. Supposedly that was fixed, but may very well still have more vulnerabilities like this one.
so 1) they already do sell things with retarded capability to consumers
2) the argument "we don't want the criminal element to know we have this kind of capability because they'll know how we find them" is invalid.

Comment Re:Outside the range? (Score 1) 212

But it's not outside the range of national security as defined by
US Code Title 8 Chapter 12 Subchapter II Part II â Â 1189(d)(2)
the term âoenational securityâ means the national defense, foreign relations, or economic interests of the United States
or you can look it up yourself here

Comment Re:On-the-job training (Score 1) 292

Agree with this guy. As a contractor, there really shouldn't be any expectation of long term work. You don't need to teach this guy how to develope, just how to maintain your system. That's it. For example, companies buy MS Office all the time, then hire some guy to maintain the entire network. As opposed to pay microsoft to send a guy out from time to time. Microsoft and Cisco etc, have certification standards so that dumbshits can't just say, "oh, I got this" with absolutely no clue. This reduces the risk of dumbshits tarnishing their companies name when said product fails to work. Basically, they wan't you to give this guy a YOURNAMEHERE certification. I do think you should get some reimbursement for any extra time you spend training this guy. Or you could try to offload some of the tedius tasks onto him and finish ahead of schedule, assuming you're paid for the job rather than the hour. I'm pretty sure that they never intended to keep someone that charges as much as you in the long term. You're expected to find other work at your level until they need something new developed. And if your last job looked shoddy because some kid couldn't maintain it, you aren't getting the next one from this company. Why does microsoft keep in business even with windows 8? Companies don't need a hot shot developer to to maintain it, just some kid fresh out of college will do.

Comment Re:Attacks on bandwidth caps are shortsighted (Score 1) 213

Speaking of night and weekends. If we could get a billing arrangement where our night time use wasn't counted, or counted as half it would make billing schemes like this much more tolerable. I still have a habit of saving my larger downloads for when I go to bed anyway, It goes through faster, I'm sleeping while I wait, and it doesn't disrupt my other activities. It will also only disrupt that one other guy up late downloading porn .....also. I have no idea how many users they intend to put on the same node with 1 gb caps. I feel it's safe to say that users who use that little aren't up in the middle of the night on the web. And in that case, without people like us, the network would be completely unused during those times.

Real Users hate Real Programmers.