Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.


Forgot your password?

Comment: Re:A different kind of justice for multinationals (Score 1) 134

by ledow (#48610175) Attached to: Microsoft Gets Industry Support Against US Search Of Data In Ireland

The problem you have is the word "valid".

It's invalid to issue a court order that extends outside your court's jurisdiction, especially if to do so actually encroaches on - and contradicts the law of - another jurisdiction.

In the EU, it's illegal to reveal or transfer personally-identifying data without the explicit permission of the persons mentioned in that data. Neither Microsoft America, nor Microsoft EU, have that permission. To do so, they would have to ask the people who the data is about (who are going to say no), or get a *VALID* EU court order that says they can.

Of course, this could all be resolved by the US court asking the EU court to help by getting the EU court to provide an order for discovery, but they're too fucking stupid to do that and apparently think they control the world.

Comment: Sigh. (Score 1) 134

by ledow (#48610125) Attached to: Microsoft Gets Industry Support Against US Search Of Data In Ireland

Again, if they comply with the order, whoever does so in Europe (or is in Microsoft Europe and even *allows* it to happen by lax security, or whatever excuse) is in breach of the EU Data Protection laws.

The courts are thick if they don't understand this. Either Microsoft US gets brought before a US court for non-compliance of Microsoft Europe gets brought before a European court for compliance.

This is why we have jurisdiction. This is why you apply to have your court order validated in the jurisdiction you want to enforce it in. This is why it would be refused in such a jurisdiction, anyway.

Anyone who complies, assists or even ALLOWS this kind of movement of personal data, on European soil, will be brought before a court.

It doesn't matter what industry supporters come out (and Apple / Microsoft are hardly rivals - don't they own shares in each other?), it's just a stupid, overreaching legal decision that nobody can legally comply with.

Comment: Re:Hmmmm ... legality? (Score 1) 138

by ledow (#48607469) Attached to: Amazon UK Glitch Sells Thousands of Products For a Penny

Consider a shop (store if you're that side of the pond).

They price-gun a ton of items but the minimum-wage employee forgets to change the price. He tags a widescreen TV as 2-for-1 at 0.50c.

In law, this has arisen for decades. If it's obvious that it's an error, they are not obliged to honour it. If it's not obvious (i.e. he tagged it at 200 instead of 300 or whatever), then they are. It's in the case law, it's as simple as that.

Whether you are online, mail order or physical store, it's the same. Pricing errors are not required to be honoured if no sensible person would consider them anything but an error.

Now some places may honour the lower price if it saves them lots of legal hassle, or if it generates a news story. But that's at their discretion.

Similarly, if you see something with a sticker on it saying 1p, the retailer is quite within their rights to say "No, sorry, someone's been switching around the stickers - it's actually $1000".

The sale of goods is not exclusively on the customers side, or there'd be no large businesses. You have to both agree. And we both know that if you queried it, Amazon (or rather the third-party reseller in this case) would say "No! That's obviously a mistake!". The consumer can't have it every way - they are entitled to change their mind, refund, etc. Similarly, the business has rights too. And where it's obvious that it's a mistake (or which could even have been the last malicious act of an ex-employee), they aren't required to honour it.

Comment: Re:Amazon is run by Nazis (Score 3, Insightful) 138

by ledow (#48603275) Attached to: Amazon UK Glitch Sells Thousands of Products For a Penny

Not if the price is obviously an error.

And not until both sides have consciously accepted the contract. Acknowledging receipt of your order request is NOT acceptance of the contract.

English law contains this, so I imagine American law and almost all first-world law systems are similar.

Comment: Re:Hmmmm ... legality? (Score 4, Informative) 138

by ledow (#48602907) Attached to: Amazon UK Glitch Sells Thousands of Products For a Penny


If the price is obviously a mistake, it's not a binding contract.

Offer and then ACCEPTANCE is a basis of all contract law. You make an offer but then you BOTH have to accept the offer to make it valid. The point of acceptance is not necessarily when you get an email saying Amazon has received your order. It's worded quite carefully.

Online, you get certain consumer protections but no consumer protection extends to obvious pricing errors, and sellers get the same kinds of protections.

It's similar to the "moron in a hurry" test. And even a moron in a hurry knows that it's not 1p for a widescreen TV.


IT WASN'T AMAZON. It was a third party bit of shitty software that automatically "adjusts" prices, not unlike an eBay sniping tool gone awry.

Comment: Sigh. (Score 3, Interesting) 152

by ledow (#48601275) Attached to: Small Bank In Kansas Creates the Bank Account of the Future

Welcome to the 20th Century. Oops, we're not there any more!

I deliberately wasted several hours of my bank manager's time once. When he sussed what I was doing, he asked why. Because it had taken four days for a cheque to clear - a cheque I had received every month from the exact same employer, for many years, and paid in immediately using their fast-track cheque machines that take a photo of the cheque for you, then wrap it in an envelope and send it on.

And because of the delay, for a fraction of a second, my bank account went overdrawn by a few pounds even though the cheque was in the bank's possession. They delayed and delayed it, further than necessary or normal, in order to ENSURE I was charged for going overdrawn. The cheque was an amount enough to clear the transaction they bounced several hundred times over. They then charged me £50 on top as an administration fee.

I'm an IT guy. I know that transaction takes milliseconds to process. The fraud selection? That's in place 24 hours a day on CC transactions anyway - there's nothing special about that. This is just an extension.

The antiquated system of "it has to arrive at the other branch for the cheque to clear"? Nonsense and zero justification when you have the cheque in your possession. This stuff is chicken feed on the bottom of the banking balance sheets, but they can play it and make money by making it slow and cumbersome. Because most people will just keep quiet and pay it.

The only question I really wanted an answer to? Has four hours of your time cost the bank more or less than the (unfair, I would posit) overdraft fee you charged? What about the loss of my banking business? How much has that cost you?

Happened to run into the same guy at another branch when I was going in with my ex-wife to sort out her account. He ran a mile.

Sorry, guys, you can make all the excuses you want, but that transaction system is slow BECAUSE YOU MAKE IT SO, not because it needs to do. The real-time clearing is already in place - try using a blocked credit card and see how long the gap is between you reporting it missing and all your vendors saying they couldn't charge you card for your usual monthly payments. The same applies to Direct Debits (in the UK) and myriad other banking technologies.

I once recorded a 3 minute interval between my phoning my bank to cancel a Direct Debit and the company that it was paying phoning me up to threaten a lawsuit over non-payment (long story short, they "agreed to overlook the matter", including the complete refund they'd had forcibly taken from their bank account, after I offered to initiate the lawsuit for them).

It's all nonsense. Banking systems do nothing special nowadays, especially not the personal / small business banking sector of the industry. They don't need tons of supercomputers and overnight batch processing - they just do that to eke out to the last second how long your money is with them.

Comment: Because it doesn't work? (Score 4, Informative) 130

by ledow (#48599867) Attached to: Sony Pictures Leak Reveals Quashed Plan To Upload Phony Torrents

Because it doesn't work?

It takes a handful of comments to stop a fake torrent being seeded any further, and why would you continue to seed a fake-torrent anyway? It's just sucking up bandwidth for something that you know is worthless.

Similarly with CC numbers - if you flood a ton of fake ones, it'll be next to no time before someone flags which ones work and which don't, and which uploaders were reliable and which not.

As such, it's a pathetic idea to do either.

How about you offer a DRM-free copy in a reasonable format for a half-decent price on a half-decent timescale? Or is it too hard to DO WHAT YOU'RE PAID TO DO? Make a movie, sell it to the masses.

The Imitation Game I went to see in the cinema - my first cinema movie in about 10 years. Unless I want to pay full-price again, I have to wait until the DVD comes out to watch a movie I'm interested in again. When will that be? God knows. But I can't watch it until they choose to bring it out. And then it will be region-protected, copy-protected and almost certainly won't work on my laptop (like most Disney movies).

I'm sure they'd rather I went to the cinema multiple times, like my ISP would rather I take out multiple lines. I'm sure they'd rather I pay a fortune for a DVD I can't backup or watch on a laptop, like my car company would love to be able to stop me adding on third-party components and only use them. I'm sure they'd rather I wouldn't be able to download it or stream it until it's a 10 year old movie or more and generating no income for them, like I'm sure my local McDonald's would rather give me an old piece of lettuce instead of a new one.

But if you want to keep your customers, it might be an idea to not seed fake torrents, and spend your time in court shutting down torrent site, but sell your damn product in a less restrictive way in the first place.

Comment: Re:Why don't browsers clean it up? (Score 1) 157

by ledow (#48599201) Attached to: How Identifiable Are You On the Web?

Most of it isn't "reported" by the browser.

Most of it is fed to your browser and then your browser regurgitates it as it's expected to.

If I modify a web server to send only you a random numbered URL, and then watch for that random-numbered URL, I've formed a correlation between your IP and your browser session. If I can get that to tie in with other sites, or give me the slightest hint about those, I can correlate the information.

If I get your browser to go to a random link, and you have history settings that made visited links a different colour, I can use Javascript to distinguish sites you've been on from sites you haven't. This is how this site's predecessor worked. If you take away that functionality, it breaks some Javascript theming where it tries to pick a suitable background colour given what your link colour is, etc.

It's not that your browser is deliberately advertising this stuff. It's having its features used to do correlation attacks that NO browser is designed to combat. If your browser refused this stuff, or worked in the perfect way you describe, then it would be a pain in the butt to use and sites would appear broken for no reason.

Do you even realise how many sites use custom fonts nowadays? I didn't until my browser broke on custom fonts and replaced then with random fonts. Damn the Internet can look ugly when that happens nowadays.

Plugins are the least of your worries. And any sensible browser will disable by default and force you to "press play" to enable any plugin of interest. And Do Not Track is an absolute waste of time, given that it's not at all binding and the web is international. You might as well set the "This is not spam" flag on every genuine email and configure your email client to believe it absolutely. I'd give it a week before you got spam that advertised as "This is not spam".

The data reported is reported because it's necessary for basic website rendering and things like Javascript compliance. Sure, you can fake bits of it, but even a browser ignoring certain HTML tags, or rendering one pixel different to another, is information that can be used against you. Have you not seen the Acid Tests? Failing just one of those would be enough to craft a test that it's actually your browser doing that. Apply the same kind of logic to the standardised programming languages in every browser and guess at a handful of sites you might have used and you have a tool that can identify your history from what your browser MUST give back for sites to work.

Comment: Re:Identifiable enough that Google targets ads (Score 4, Interesting) 157

by ledow (#48599157) Attached to: How Identifiable Are You On the Web?

Not being funny, but that's hardly tracking unless you are actually after a watch or shoes. I imagine a watch / shoes ad is the kind of thing that a company will push to everyone this near to Christmas.

Also, I once got several months of leotard adverts because I happened to click something in our (school) web logs to check it was okay for pupils to see. There's just a correlation on the ad networks between your IP and something you may have clicked / searched / been on. It doesn't mean they are tracking you, per se. They just realise that you are two separate browsers with two separate signatures. Lots of things can do that, even being a single plugin different. Just being logged into a certain account on one site might push certain ads your way.

Load up Ghostery and visit your normal sites. See how many of them are also serving up ads etc. that can form correlations between your browser and a certain product. Cookies blocked everywhere? I don't believe it, you'd never be able to log into anything. Flash disabled? Well, yes, I have that by default but for security not tracking. "Do not track" is an absolute waste of time. And just because duckduckgo doesn't track you, doesn't mean the sites you land on don't.

Take this "for instance" - your wife went on a shoe shop once. You went on a watch shop once. Both the same IP. But one of you was also logged in elsewhere on a single other site. Bam. You get different ads. Just being a 0.1 version out on your browser will distinguish one from the other. Or having slightly different plugins. Or even just having different source port numbers (as NAT'ing will ensure).

Sorry if you don't realise this, but the amount of effort you're putting into making your life hard and hiding, is actually just making you stand out just the same. How many hours have you wasted trying to block this stuff, and still you're identifiable?

Either start fresh every session with a Privoxy proxy and fake user-agent strings, or don't bother. And even that won't hide you. And even then, you'll never know if the watch advert was for something you clicked years ago, or random spam because they know nothing about you and pick a random product. Hell, do you even know if you haven't each separately cached a random advert?

Comment: Re:Or people could, you know, do their damn jobs.. (Score 1) 57

by ledow (#48588357) Attached to: BGP Hijacking Continues, Despite the Ability To Prevent It

Agreed. It's like saying SSL is secure when it relies on every CA to operate in the same secure way. Oops.

Or email is reliant on one particular server not relaying out spam to others and faking return addresses, etc.

Lots of big tech relies on "honesty". The only way to fix it is to enforce a protocol that ensures compliance (or punsihes non-compliance with relegation).

If you don't play ball in DNSSEC, for example, then people know you're not playing ball. You either participate properly or not at all.

If we made all the protocols like this, and revoke trust / power / reputation from those who mess up, people might start to manage these system for the benefit of others instead of just themselves.

"You don't go out and kick a mad dog. If you have a mad dog with rabies, you take a gun and shoot him." -- Pat Robertson, TV Evangelist, about Muammar Kadhafy