Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:Human Shield? (Score 1) 151

by stephanruby (#49550065) Attached to: Pirate Bay Blockade Censors CloudFlare Customers

Where do you draw the line? Which countries' laws do you require all your sites to comply with?

The ones with money.

And what is lost by doing so?

You lose the market of the country in question.

In any case, you're asking the wrong questions. You're looking at it from the perspective of one of those big cloud providers. The truth is, the big players can't protect your site. The big players have too much to lose. If you want your site protected, you can not go to the cloud.

You have to contract with a small independent company (a real company, not just a reseller) who is willing to protect you. If you want to host a porn web site, there are hosting companies that specialize in that, these hosts can even protect you against denial of service attacks. If you want to host a site that doesn't bow down to China, there are hosting companies that specialize in that too. If you want to host a site that is free from the influence of the NSA, you at least know to stay away from US companies (even if they have their servers in your own country).

If you don't know where to look, you just need to look for content that is similar to yours on the internet and trace their ip address to see what host they're using. You'll have to pay a premium for their service, but that's only because those hosting companies are not reselling a commodity, they're selling you a very unique specialized service that is tailored to your needs.

Comment: Re:Done in movies... (Score 1) 224

Nor do I remember any calls to boycott a movie over such things. So, if popular culture approves of and encourages it, can't blame the cops too much for doing it despite it being merely illegal...

Finally, a like-minded individual. What movie/book should we boycott next?

I tried boycotting a Harry Potter matinee once, but those little 8 year old kids can be incredibly violent and cruel.

Comment: Re:Sell it to black hats then... (Score 4, Insightful) 147

And continuing on my initial line of thought.

I think that Groupon should assign $500 to that one security flaw disclosed by Brute_Logic (again, it can't be 32 flaws, because it's essentially only one flaw on 32 sites owned by Groupon), and then it should give that money as a donation to the EFF (under the pseudonym Brute_Logic).

This would send the right message to future researchers who discover future flaws, that Groupon can be fair, but that researchers need to follow protocol if they really want the money to go to them.

Comment: Re:Sell it to black hats then... (Score 3, Interesting) 147

Groupon doesn't fear bad PR. If it was afraid of bad press, it would have folded long ago.

Possibly they don't mind bad press, but i'll bet they mind press that says their site is insecure, or
that if you do businesses with them, "Your identity/credit card number might get stolen"

That's a good point.

By the way, it was actually one single XSS flaw that was affecting 32 different web sites.

At least, this is according to the researcher himself (either that, or he made a mistake expressing himself, because his English is obviously not too good). So if that's really the case that it was only one flaw, but on 32 sites, then I really do have no sympathy for him.

Once a vulnerability is disclosed for one site, it's obvious that hackers are going to try to exploit the same flaw on other sites owned by that same entity And by disclosing the vulnerability of two sites, a disclosure which was not accidental at all, it's obvious that he was pissed off that Groupon wouldn't commit to any minimum amount of money for his initial disclosure .

Comment: Re:Sell it to black hats then... (Score 3, Informative) 147

They'll pay.

It depends.

Groupon's entire business model is based on extracting as much cash as possible from desperate businesses, even if that means those businesses go bankrupt. Groupon doesn't fear bad PR. If it was afraid of bad press, it would have folded long ago.

Also, 32 XSS security issues seems like a pretty high number. Personally, I wouldn't be surprised if those 32 XSS vulnerabilities traced back to a single problem. That being said, I have no idea if that's the case, or not.

Either this researcher, or Groupon, would have to tell us what those 32 XSS vulnerabilities were in the first place, for us to really understand this situation.

Comment: Re:even when in offline mode (Score 1) 117

by stephanruby (#49541191) Attached to: iOS WiFi Bug Allows Remote Reboot of All Devices In Area

Exactly how does that work if the wifi is turned off?

That doesn't matter. The chip iPhone uses combines the wifi/baseband/bluetooth/radio/wifi-assisted-location all-in-one to save on battery.

And per the 3GPP technical specifications for GSM, the low baseband is never actually turned off (in case of an earthquake warning or a tsunami warning, it's always listening for a polling call for it to wake it up, or to boot up the device), This works even when the mobile cell phone service is turned off, when the wifi is turned off, and it can even work even when the phone itself is turned off. This standby mode is called the "paging channel" and it's supposed to only take 1% of the battery each day.

If you know people in Asia where there have been a few tsunami warnings, those people can tell you that their phone (or their friend's phones) will turn on all by themselves when there is a Tsunami warning. So we know that this functionality is already active in some parts of the world.

Comment: Re:Stripped down version (Score 1) 129

by stephanruby (#49526025) Attached to: YouTube Going Dark On Older Devices

This headline makes no sense. The first version of Google TV only came out after Android was at 3.0. There is no Google TV that exists below Android 3.0.

Also, my Sony Bravia TV is pretty old (with the crappy Sony OS on it). For a while, there was a "Youtube" app and a "New Youtube" app. Now only the icon of the New Youtube app is visible (which is fine with me, the old Youtube app didn't work with my phone as well as the New Youtube app anyway).

Comment: Re:Makers or Service providers? (Score 1) 350

I highly doubt the manufacturers of the phones (LG, Samsung, etc) are the ones pushing for the disabling of the FM chip but requirements from the mobile service providers (Verizon, AT&T, Sprint, etc).

In the case of iOS, it's Apple's fault. In the case of Android, it's usually Verizon's fault.

Many of the Android phones from Samsung, HTC, and Sony have a working FM transmitter as long as they are not purchased from Verizon. However, I'm not sure that makes a difference with most consumers. The FM transmitter needs the wired headset to act as an antenna. And who carries one of those around all the time? Personally, I keep my wired headset unused at home (and I usually use bluetooth instead). And if you're at home, or at your office, it probably means you have access to a standalone emergency FM/AM radio anyway.

From a bluetooth headset, the FM transmitter from the phone doesn't really work, but there is one headset model for instance from Sony that has a FM transmitter and an mp3 built into the headset. I have that model and it works, but I can't really recommend it because it's too easy to lose because of its dangling headphones and because the clip of the base often gets unclipped when I slide in or out of a car.

Comment: Actually visited your search engine (Score 1) 275

by stephanruby (#49501597) Attached to: Ask Slashdot: What Features Would You Like In a Search Engine?

When I open your search engine, I want the focus of my cursor to default your search form.

After I found out that you didn't even have this, which requires no more than one single attribute in html, I didn't have the confidence to go to any further. Usability testing is cheap. The idea that you would forgo any kind of basic usability testing, before asking for feedback from Slashdot users, tells me you don't have the experience, nor the real desire, to make a decent halfway usable search engine.

Comment: Re:It's about the PR, not the Hacking (Score 1) 270

by stephanruby (#49495305) Attached to: FBI Accuses Researcher of Hacking Plane, Seizes Equipment

This guy's angle is all about milking the PR now. He's hit the short term jackpot and will be the featured speaker at "aviation security" conferences and I hope he makes some money.

I understand the publicity angle, but it will be difficult for him to be the featured speaker at many conferences if he ever gets on the no-fly list.

Comment: Re:Pearson (Score 1) 325

by stephanruby (#49488525) Attached to: LA Schools Seeking Refund Over Botched iPad Plan

The contract was $768 / iPAD (I assume this includes warranty) + $200 / content & software license for 3 years.

The firewall-like software (the one that the school district is complaining about because it was bypassed by students) seems to be sold through Apple (here is the pricing sheet, but it's a pdf). Also, Pearson is a formal ConnectED educational partner of Apple (I'm not sure if that means Apple gets a cut of that contract, but I would think it does).

On an unrelated note: I actually don't know how Sphero actually made that list of Educational Partners. I suppose that by Apple's definition, any toy that can connect to iOS automatically makes it worthy enough to be considered educational.

Nothing will ever be attempted if all possible objections must be first overcome. -- Dr. Johnson