Become a fan of Slashdot on Facebook


Forgot your password?

Comment: Re:Do Not Track never meant anything (Score 1) 124

by Tom (#48685711) Attached to: Google and Apple Weaseling Out of "Do Not Track"

and it's not protecting anyone

Of course not. Did you even read the message you are replying to?

I don't know about you, but I would like a real solution.

Me to. Now the way that politics and law generally work is that less intrusive solutions are tried first. That is what DNT was. Now the road is clear for some real regulations.

You don't understand politics I see. I was like you 10 years ago. I learnt the hard way that nifty tech solutions are cute, but to get them actually working in the real world, some politics can be extraordinarily useful.

A lot of ideas died in the halls of parliament not because they were stupid, on the contrary, a lot of them were brilliant. They died because those who proposed and supported them didn't understand how to convince people. If your target audience doesn't understand the technical details, the brilliance of your solution will be lost to them. Your persuasion skills - or lack thereof - however, will not.

Comment: Duh ... (Score 1) 124

by gstoddart (#48684277) Attached to: Google and Apple Weaseling Out of "Do Not Track"

Of course Do Not Track is meaningless.

It has always been meaningless. It's a voluntary thing which says nothing at all, and isn't legally binding. It's complete drivel. It's something the industry put out to give the illusion of giving a shit about what we want.

Want to prevent tracking? Don't let the packets happen in the first place. Use things like NoScript, Request Policy and HTTP Switchboard to deny the access entirely.

Treat this stuff like the shit that it is ... intrusive advertising and tracking about everything you do.

The only way to win is block as much of this crap from your browser as you can. You don't owe these companies this data, and the less you provide to them the better.

And when they whine and bitch about their revenue stream and their terms of service ... well, too damned bad. You aren't required to pull in any packets you don't wish to.

Once you start using these blocking plugins, you'll be amazed at just how much crap is actually embedded in most every page. One some sites, literally dozens of 3rd parties ... none of whom give a shit about your Do Not Track setting. So just block them entirely.

Comment: Re:Hmmm ... (Score 5, Insightful) 140

by gstoddart (#48684251) Attached to: Sony Accused of Pirating Music In "The Interview"

If we do it, Sony is one of the companies who helped pay for the law which says you and I would have to pay massive amounts of statutory damages, with additional punitive damages for having done it on purpose.

I want Sony to receive the same magnitude of punishment as they would insist we receive.

Because I really despise multinationals when they argue both sides of the same legal argument as it benefits them.

Comment: Hmmm ... (Score 5, Insightful) 140

by gstoddart (#48684173) Attached to: Sony Accused of Pirating Music In "The Interview"

So, once again, if we do this we get crushed under the heel of a team of lawyers.

But a multinational like Sony does it and I bet they'll just dicker and claim some bullshit like fair use they routinely deny exists.

I sincerely hope Sony has to pay a massive fine for this ... something on par with what we'd get beat down with.

Comment: Re:Do Not Track never meant anything (Score 1) 124

by Tom (#48683423) Attached to: Google and Apple Weaseling Out of "Do Not Track"

"Do Not Track" never meant anything at all. It's the equivalent of a "Please be nice to me" button.

DNT was a brilliant display of the advertisement industries unwillingness to regulate itself and respect such wishes. Now they cannot make those claims anymore, and there is evidence on record that actual regulation is required.

Without DNT, they would always have claimed they're good guys. Now the mask is off.

Comment: Re:No problem. (Score 4, Insightful) 124

by Tom (#48683413) Attached to: Google and Apple Weaseling Out of "Do Not Track"

If you are being tracked, it's because you *allow* it.


It is because you don't prevent it. At least legally, that is a very big difference. If I allow you to hit me in the face, e.g. by participating in a boxing match, then I can't later sue you for bodily harm. If you do it without my permission and I just fail to prevent it, then all the guilt falls on you anyway and I can sue you, plus you have committed a crime. That's quite a big difference there between those two words.

Comment: Re:DNT is useless by design (Score 1) 124

by Tom (#48683407) Attached to: Google and Apple Weaseling Out of "Do Not Track"

Did anyone actually believe that the do-not-track flag was effective?

Yes, but not in the way you think.

DNT is useless technologically. But it is a gem when it comes to providing evidence that actual regulations and penalties are required, because the industry is unwilling to regulate itself and respect customer requests.

There's a tradition in law and law-making that you need to at least try the less intrusive choices first. Now we satisfy that, and we can move on to really stop the parasites.

Comment: Re:yep. I provide security to some ofthe listed si (Score 2) 139

by Tom (#48681071) Attached to: 13,000 Passwords, Usernames Leaked For Major Commerce, Porn Sites

It's pretty clear the hack is in the client side.

The list of sites alone is clear enough on that, even if you know nothing about them. Someone just had a little lolz with the botnet he owns anyways. TFA advise is totally bogus: They don't post the list of sites to advise people to check their accounts, they do it because it's their excuse for posting a list of x-rated stuff on a non-x-rated site. Pure sensationalism.

We may have a look to see of the logs go back far enough to tell us which browser version, OS, and toolbars or addons those members were using.

Or which desktop dancing nude woman they installed, or old version of flash player they use, or any other of a thousand possible problems.

Most people don't realize just how many (usually windows) PCs out there are owned by hackers. When some botnet runs an attack, we don't realize because the numbers are so big its just a statistic.

Comment: Re:Knuth is right. (Score 1) 138

In addition to Set Theory and Formal Logic, Computer Science relies heavily on Boolean Algebra, Graph Theory, and other areas of Discrete Mathematics. Computer Science is inherently cross-disciplinary, but at its core it is closer to Mathematics than it is to Engineering or Science.

You miss the parts that are very close to Linguistics and Information science: Ontologies, Information retrieval, Semiotics, and the all-important Human-Computer Interaction - how to build a computation environment that's efficient for humans to interact with. Maybe this is not a well-defined problem in a mathematical sense, but it's at the core of all programming activity beyond the level of micro-instructions.

This is not merely cross-disciplinary work; those are also essential parts of the science of computation, little related to mathematics yet highly relevant to all projects in the computing field, either in research or business - although many are unaware of their relevance.

Comment: Re: For that, you'd have to do a different attack (Score 1) 326

by Tom (#48678501) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

I don't think you understand how amplification attacks work.

I wrote advisories on that more than 10 years ago, so please go ahead and lecture me.

Your home network should not allow a request with an IP that doesn't belong to it out. If I'm the router that connects to the Internet, I shouldn't put a packet that claims it originates from on the wire.

The only places where a package that isn't part of my network should be routed through is when my network is a transit network.

Comment: Re:Rubbish (Score 1) 326

by Tom (#48678483) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

I know from my own experience how right you are, but that, exactly, is the problem. This "it didn't crash in 10 minutes, ship it" approach is utterly horrible. It's become industry standard instead of being taken out back to be shot, and that is a really serious problem.

People shouldn't be used to computers crashing - they should demand that they don't do so.

Comment: Re:For that, you'd have to do a different attack (Score 1) 326

by Tom (#48675107) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

spoof the IP address of your target (...) it proves that the DNS protocol itself is beyond repair

No, it proves that the network you are connected to is braindead because it still allows IP spoofing.

And that EVERY company on the net is susceptible to something like that because unlimited bandwidth does not exist.

It used to be really easy to knock someone off the Internet. It's not so easy anymore. For some of the really big targets, being able to muster the bandwidth alone would be an impressive demonstration of power. Keeping them offline for more than a few seconds while their Anti-DDoS countermeasures deploy would be something that few players smaller than a nation state level can pull off.

MS and Sony have a security that matches the opaqueness of an erotic dancer's dress

Not really. I hate them as much as most people with three working brain cells, but they've both done quite a lot about security. It's just not enough and - like every company - they make decisions to not invest in some security measures because the ROI simply isn't there.

Comment: Re:Rubbish (Score 3, Insightful) 326

by Tom (#48675071) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

Nonsense. On their gaming systems you are unlikely to find any data that the companies would consider valuable. And 10+ years of experience show that "oops, we leaked customer data" isn't really a game-changer.

But cries from customers can be. Denying them the joy of their freshly gifted gaming console can be very powerful. It's not the nice way, definitely not, but it makes headlines.

I doubt it's going to change anything, because customers are too used to computers not working. That is the real damage that 30 years of Microsoft dominance have done to the world.

Comment: Re:miscreation (Score 1) 348

by Tom (#48674659) Attached to: Ars: Final Hobbit Movie Is 'Soulless End' To 'Flawed' Trilogy

If I didn't know that, I'd give back my nerd credentials.

But there's a difference between making a prequel movie and a story that is set before. The Hobbit tried too hard to get as much from the LOTR movies into it as possible. For example, WTF is Legolas doing in the movie? He's not even mentioned in the book.

What this country needs is a good five dollar plasma weapon.