Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:Do Not Track never meant anything (Score 1) 126

by Tom (#48685711) Attached to: Google and Apple Weaseling Out of "Do Not Track"

and it's not protecting anyone

Of course not. Did you even read the message you are replying to?

I don't know about you, but I would like a real solution.

Me to. Now the way that politics and law generally work is that less intrusive solutions are tried first. That is what DNT was. Now the road is clear for some real regulations.

You don't understand politics I see. I was like you 10 years ago. I learnt the hard way that nifty tech solutions are cute, but to get them actually working in the real world, some politics can be extraordinarily useful.

A lot of ideas died in the halls of parliament not because they were stupid, on the contrary, a lot of them were brilliant. They died because those who proposed and supported them didn't understand how to convince people. If your target audience doesn't understand the technical details, the brilliance of your solution will be lost to them. Your persuasion skills - or lack thereof - however, will not.

Comment: Re:Do Not Track never meant anything (Score 1) 126

by Tom (#48683423) Attached to: Google and Apple Weaseling Out of "Do Not Track"

"Do Not Track" never meant anything at all. It's the equivalent of a "Please be nice to me" button.

DNT was a brilliant display of the advertisement industries unwillingness to regulate itself and respect such wishes. Now they cannot make those claims anymore, and there is evidence on record that actual regulation is required.

Without DNT, they would always have claimed they're good guys. Now the mask is off.

Comment: Re:No problem. (Score 4, Insightful) 126

by Tom (#48683413) Attached to: Google and Apple Weaseling Out of "Do Not Track"

If you are being tracked, it's because you *allow* it.


It is because you don't prevent it. At least legally, that is a very big difference. If I allow you to hit me in the face, e.g. by participating in a boxing match, then I can't later sue you for bodily harm. If you do it without my permission and I just fail to prevent it, then all the guilt falls on you anyway and I can sue you, plus you have committed a crime. That's quite a big difference there between those two words.

Comment: Re:DNT is useless by design (Score 1) 126

by Tom (#48683407) Attached to: Google and Apple Weaseling Out of "Do Not Track"

Did anyone actually believe that the do-not-track flag was effective?

Yes, but not in the way you think.

DNT is useless technologically. But it is a gem when it comes to providing evidence that actual regulations and penalties are required, because the industry is unwilling to regulate itself and respect customer requests.

There's a tradition in law and law-making that you need to at least try the less intrusive choices first. Now we satisfy that, and we can move on to really stop the parasites.

Comment: Re:yep. I provide security to some ofthe listed si (Score 2) 139

by Tom (#48681071) Attached to: 13,000 Passwords, Usernames Leaked For Major Commerce, Porn Sites

It's pretty clear the hack is in the client side.

The list of sites alone is clear enough on that, even if you know nothing about them. Someone just had a little lolz with the botnet he owns anyways. TFA advise is totally bogus: They don't post the list of sites to advise people to check their accounts, they do it because it's their excuse for posting a list of x-rated stuff on a non-x-rated site. Pure sensationalism.

We may have a look to see of the logs go back far enough to tell us which browser version, OS, and toolbars or addons those members were using.

Or which desktop dancing nude woman they installed, or old version of flash player they use, or any other of a thousand possible problems.

Most people don't realize just how many (usually windows) PCs out there are owned by hackers. When some botnet runs an attack, we don't realize because the numbers are so big its just a statistic.

Comment: Re: For that, you'd have to do a different attack (Score 1) 326

by Tom (#48678501) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

I don't think you understand how amplification attacks work.

I wrote advisories on that more than 10 years ago, so please go ahead and lecture me.

Your home network should not allow a request with an IP that doesn't belong to it out. If I'm the router that connects to the Internet, I shouldn't put a packet that claims it originates from on the wire.

The only places where a package that isn't part of my network should be routed through is when my network is a transit network.

Comment: Re:Rubbish (Score 1) 326

by Tom (#48678483) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

I know from my own experience how right you are, but that, exactly, is the problem. This "it didn't crash in 10 minutes, ship it" approach is utterly horrible. It's become industry standard instead of being taken out back to be shot, and that is a really serious problem.

People shouldn't be used to computers crashing - they should demand that they don't do so.

Comment: Re:For that, you'd have to do a different attack (Score 1) 326

by Tom (#48675107) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

spoof the IP address of your target (...) it proves that the DNS protocol itself is beyond repair

No, it proves that the network you are connected to is braindead because it still allows IP spoofing.

And that EVERY company on the net is susceptible to something like that because unlimited bandwidth does not exist.

It used to be really easy to knock someone off the Internet. It's not so easy anymore. For some of the really big targets, being able to muster the bandwidth alone would be an impressive demonstration of power. Keeping them offline for more than a few seconds while their Anti-DDoS countermeasures deploy would be something that few players smaller than a nation state level can pull off.

MS and Sony have a security that matches the opaqueness of an erotic dancer's dress

Not really. I hate them as much as most people with three working brain cells, but they've both done quite a lot about security. It's just not enough and - like every company - they make decisions to not invest in some security measures because the ROI simply isn't there.

Comment: Re:Rubbish (Score 3, Insightful) 326

by Tom (#48675071) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

Nonsense. On their gaming systems you are unlikely to find any data that the companies would consider valuable. And 10+ years of experience show that "oops, we leaked customer data" isn't really a game-changer.

But cries from customers can be. Denying them the joy of their freshly gifted gaming console can be very powerful. It's not the nice way, definitely not, but it makes headlines.

I doubt it's going to change anything, because customers are too used to computers not working. That is the real damage that 30 years of Microsoft dominance have done to the world.

Comment: Re:miscreation (Score 1) 348

by Tom (#48674659) Attached to: Ars: Final Hobbit Movie Is 'Soulless End' To 'Flawed' Trilogy

If I didn't know that, I'd give back my nerd credentials.

But there's a difference between making a prequel movie and a story that is set before. The Hobbit tried too hard to get as much from the LOTR movies into it as possible. For example, WTF is Legolas doing in the movie? He's not even mentioned in the book.

Comment: Re:*sips pabst* (Score 1) 348

by Tom (#48666041) Attached to: Ars: Final Hobbit Movie Is 'Soulless End' To 'Flawed' Trilogy

he was dragged kicking and screaming into directing it

And at no point did he have the option to say "no" and walk away, I'm sure. Because he's not living in a free country and he is so poor that he would starve if he did that.

When you burn out in life, you'll understand.

No, when you burn out in life you walk away from everything that causes you trouble and find a place where you are safe and can recover.

Comment: miscreation (Score 3, Insightful) 348

by Tom (#48665989) Attached to: Ars: Final Hobbit Movie Is 'Soulless End' To 'Flawed' Trilogy

I've seen the first two so far and they didn't convince me for the 3rd. I'll probably go because my GF wants to.

The problem is that The Hobbit is an entirely different book compared to LOTR. It's a childrens book, a soft introduction to Middle Earth, not an epic fantasy tale. It should've been dealt with in a different way, not as a "we made a shitload of money, so let's make more LOTR movies" prequel. It basically fell into the same trap as the Star Wars prequels - the attempt to replicate a success by doing more of the same, completely missing the idea that maybe the first was a success exactly because it was not more of the same, but stood out from what else was on offer at the time.

And omg were they filled with crap that had nothing to do with story or book and was only added to complete some Hollywood recipe.

They should've made it one move, for a younger audience, made by a different director, without trying to make it a prequel and "foreshadowing" everything we've already seen.

Comment: Re:Metadata (Score 4, Interesting) 36

by Tom (#48658967) Attached to: How a Wildfire Helped Spread the Hashtag

Because they are a hack. Twitter wasn't designed to include any metadata except author, date, etc. - certainly not topics, tags or keywords.

The problem is feature creep. Of course users want tags and keywords and topics and threading and circles and access levels/restrictions and grouping and two hundred other features. But if you give them what they want, they will complain that it's all too complicated and move elsewhere.

Comment: Re:the rules changed, that's why the manual contro (Score 1) 90

by Tom (#48658631) Attached to: Google Unveils New Self-Driving Car Prototype

Who said emergency? An emergency is probably exactly when you want a computer to be in control, simply because it can process more information more quickly, and the decisions to be made are trivial and minimal (aka "bring vehicle to a safe stop, right now").

But I would want manual controls on my car of the future because on some weekends I drive into the countryside and I drive on small dirt roads that may or may not be on the map. Or to festivals or other big events where at the end you park on a field. Or you drive through a really crowded street where the computer will most likely just stop and stand because there's always someone in front of the car.

There are plenty of non-emergency situations that I'm not sure the automatic driver can handle.

Comment: Re:News Flash : All Corporate IT security is a jok (Score 1) 239

by Tom (#48656125) Attached to: Anonymous Claims They Will Release "The Interview" Themselves

Security is a cost vs benefit equation for a business.

In the textbooks, it is. In the real world, humans make decisions, and they are not purely rational. The whole marketing industry is based on the fact that the free market doctrine of the rational buyer is nonsense.

The board have to do what it feels is best financially for the shareholders

There, highlighted the keyword for you. Thank you for supporting my argument so strongly, that exactly is the point.

What this country needs is a good five dollar plasma weapon.