Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Back for a limited time - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Comment Re:Total Waste of Time (Score 1) 128

Well quite a few people "flagged" the Fat Jew, despite their actions requiring much more manual effort than I'm proposing here.

And quite a few people post ratings on product sites and participate in peer ratings systems in other ways, without any direct compensation. Heck you didn't get anything for posting this comment but you did it anyway.

Comment Re:This would reward Joke Thieves (Score 1) 128

You could add a feature to flag a joke as a duplicate of content that's hosted somewhere else, and provide the link.

The problem is that because the content is hosted somewhere other than Twitter, someone could create the content on a third-party site, back-date it to look like it was published before the tweet, and then claim that the tweet was a ripoff of their joke.

Comment Re:As Usual (Score 1) 128

Right there in step 1 is the problem. By requiring a link to a sentence someone read months ago, the burden on the user is raised unacceptably. Users won't bother policing when it's difficult, unless the case is severe enough to stir up an outrage - which would already result in more damage than just flagging a user's tweets.

Well yes, that's correct, if nobody ever notices the duplication, then the plagiarizer won't get caught. But that's not a flaw in the algorithm because I think that's an unsolvable problem -- if nobody ever notices the similar jokes, there's nothing anyone can do. What my algorithm ensures is that if just one person notices the plagiarized joke, then at least it will get flagged (and after it's flagged, the random-sample-vote determines whether it really is a duplicate). If the original joke-writer and the joke-duplicator have non-trivial-sized audiences, then that increases the chances that at least one person will notice.

Of course, the potential for abuse is also high. Changing a single word can parody an original post, yet changing a different single word may not avoid plagiarizing.

Yes that's a good point, the system doesn't take into account the idea of making a small change for the purposes of parody. (For example, when "On the Internet, nobody knows your a dog" got changed to, "On the Internet, nobody knows your a god -- Jerry Garcia.")

So, here's a proposed change: If a user flags your joke as a "duplicate" of an earlier joke, and you don't agree, you should have the opportunity to respond with a "rebuttal" and explain, "No, this alters the original and adds such-and-such which makes it into a new joke." To avoid ruining your joke by having to explain it, that "rebuttal" would not, by default, be displayed alongside your original joke (to your Twitter followers or wherever else people view the original). But, if the "flagger" does not agree with your rebuttal, and it gets pushed to a random-sample-vote anyway, then your rebuttal is displayed alongside the original, and the voters can take it into account when deciding if you really created a new joke or not. (My Jerry Garcia example isn't a very good one, because most voters would figure out that that's a genuinely new joke, even without having to read a "rebuttal". But there may be other examples where the difference is subtle enough that it has to be spelled out explicitly.)

Do you think that would take care of that problem? If not, why not?

An automated algorithm won't likely be able to tell the difference, so it will fall to manual effort to identify which flagged duplicates are actually malicious.

True, but no part of my proposal involves an automated algorithm anyway.

Shakespeare plagiarized. Plato plagiarized. Tom Lehrer penned many verses praising plagiarism. The bottom line is that plagiarism goes hand-in-hand with creation, and it should always be evaluated only in the entire context of both works - the plagiarizing and the plagiarized. What is being said is often not what's being written.

All true, but also involved authors adding new creative elements, to the point where nobody seriously disputes that they deserve credit for the resulting work. I'm talking about taking care of low-hanging fruit where someone just steals another person's 140-character joke and pretends they made it up.

Comment Re:Is Haselton going to jail? (Score 1) 187

No. Sorry for the confusion. To clarify:

The "forgot your password" page only confirms that whatever information you have entered, is valid information for that user. So if you enter your target's name and email address, it will confirm that there is a user on file with that name and email address -- but if you already had your target's name and email address, you knew that already.

However, the space of PINs is small enough that you can brute-force it, so when you try enough PINs, now you know that your target with that name, is using that PIN. You as the attacker can't actually retrieve the account number, because it will get sent to the email address they already have on file for that user. But now you have their PIN (which quite likely is the same 4-digit PIN they use on other services that require one).

Comment Re:Is Haselton going to jail? (Score 1) 187

I'm not saying they should disable all automated methods to retrieve your account number, just the method that requires a PIN.

Remember, I said that the "Forgot your account number?" page lets you retrieve your account number if you enter your name along with any ONE of the following:
your e-mail address
your street address
your phone number
your PIN
your password
your "old MileagePlus number"

That means if you disable the ability to retrieve it using a PIN, the only people you're locking out are people who remember their PIN but have forgotten everything else on that list, i.e., almost nobody

Comment Re:Birthday Attack (Score 1) 187

That's absolutely right, I mentioned this in the article (in the section starting with "However, if the attacker has a database of 1000 customer names...") but in the context of using it on PINs instead of passwords.

Basically, they allow really weak passwords, then any attack that works on PINs will work on passwords. (Well, almost -- even if they allow weak passwords, at least they can't force everyone to have a weak password -- they do however force all new users to choose a 4-digit PIN.)

Comment Re:You forgot to mention one thing... (Score 1) 187

That's even worse, because that means they know about this gaping hole that lets you steal other users' 4-digit PINs, and they still haven't fixed it. (It should not take long to push an update to their site that removes the "PIN" option from the "forgot your account number" page -- and it should not negatively impact their users either, since you can still retrieve your account number if you enter your name along with your address, your email address, your phone number, or your password.)

Comment Re:Obvious (Score 1) 187

Had you read the article, you might have noticed that (1) they say, "We do not allow execution of brute-force attacks on other users", which all sane English-speakers would interpret to mean they allow brute-forcing your own account, and (2) they also list "brute-force attacks" on the list of things they will pay 250,000 air miles for.

Comment Re:Why Brute Force PIN? (Score 1) 187

That's correct, this attack doesn't let you reset a user's password. It only lets you find out their 4-digit PIN, which is (1) bad in and of itself, and (2) bad because the person probably uses the same 4-digit PIN for other services that require one.

By contrast, if you enter a known first-name/last-name/phone-number combination, all the site does is tell you that's a valid combination -- but you already knew that before you entered it, so there's no attack there.

Thank you however for posting a non-deranged comment!

Comment Re:TOTALLY fair use (Score 1) 255

My point is that any time you create an original work using someone else's characters, you've already met 3 of the 4 criteria above, and if you make it free, then you've met all 4 criteria.

And yet, we do have the concept of character copyrights, which says that you cannot use someone else's copyright characters even for your own entirely original work.

So my point is that the very existence of character copyrights means that that reasoning cannot be entirely valid.

In particular, I would dispute your reasoning in this step: "How much of the original work does it copy? In this case, very little. Just the appearance of the characters. All the footage is original."

But the copyright that we're talking about is not a copyright on the original work, it's a copyright on the characters. And then the question becomes "How much of the original character did you use?" and the answer, is, essentially, 100% -- because a character either makes an appearance in your story, or they don't. (Especially in this case where the whole short film is about these characters.)

It is easier to change the specification to fit the program than vice versa.