Forgot your password?

Comment: In other news (Score 3, Funny) 230

by theArtificial (#46699837) Attached to: Snowden: NSA Spied On Human Rights Workers
Prior to this announcement Human Rights Workers weren't included as part of the world population.

Snowden, addressing the Council of Europe in Strasbourg, said he did not believe the NSA was engaged in 'nightmare scenarios,' such as the active compilation of a list of homosexuals 'to round them up and send them into camps.

They're not camps, they're called festivals.

But he did say that the infrastructure allowing this to happen had been built

By IBM! /insert ww2 corporate references

Comment: Re:Where are the online Computer Science degrees? (Score 1) 370

by theArtificial (#46578263) Attached to: Ask Slashdot: Fastest, Cheapest Path To a Bachelor's Degree?

Anyone have recommendations for learning math starting from, say, Algebra I or II level (high school) that will actually teach in a way that will be useful rather than taking a test?

Mathematics for the Non-mathematician by M. Kline. This book begins with reason and progresses through history beginning with the origins of math. I found this very insightful. If you get stuck consider Khan Academy for some different approaches.

Comment: Re:Disable player chat (Score 1) 704

by theArtificial (#46553935) Attached to: Getting Misogyny, Racism and Homophobia Out of Gaming

Instead, openly gay characters are rare to the point of nonexistent in games.

One important part of successfully marketing something is broad appeal. Playing a gay protagonist evidently isn't something that appeals to the vast majority of game enthusiasts. Same for movies. If you were an enterprising individual perhaps you can see a lucrative niche?

The intent was to be shocking, and the casting very much reflected the societal assumption that white is good, dark is bad, and the violated expectation was part and parcel of the affect the movie wanted to have. That movie was released in 2005. Thirty years after the American civil rights movement, Hollywood still taps in to that cultural expectation, despite a generation of heavy political correctness in a much more visible medium than games.

Here's some references which predate the civil rights movement by about a thousand years. How shadow and light are referenced throughout history, having JACK ALL to do with some one's fucking skin. Black has a variety of meanings throughout history and especially to various cultures. Here's another one, the Yin and Yang, notice the colors?

These people and others like them are making the proposition that games should become part of the engine of social engineering that has made such a ham-fisted mess of television and movies, particularly for children.

Think of the children is effective at controlling people, why would there be any exception in today's political climate?

They think that games are for kids, and should therefore be used to condition children the same way they try to use TV. It would be unfortunate if that were to happen.

Do they ignore that the average age of gamers is 30s?

If games are to have any hope of being recognized as art, they have to be culturally relevant, and not be used as a bludgeon against culture.

Implying they're not works of art already is hilarious. Not every movie, just like games or that chunk of "pottery" made for mom, is a work of art either, but this is where taste comes in. Taste is highly subjective.

Comment: Re:An NPR reporter confessed to the same crime (Score 1) 246

I am not defending AT&T. I think they should be heavily fined and hopefully someone go to jail. I also think that someone who exploited the hole should also be sent to jail and heavily fined. The only people I am defending are the ones who had their information stolen. ... In my view the problem was caused by both Weev and AT&T they both should be prosecuted. What do you think?

Jail I believe should be for violent offenders exclusively, jail time for accessing something, even millions of times is ridiculous. If he obtained protected information (cardholder data, SSNs) maybe, but if it isn't "protected" (say an email, first and last name, type of phone etc.) or doesn't come with any terms, it's fair game and the blame for the boring disclosure resides solely with the company since each request was authenticated by them. We have far too many people in Jail as it is. We're the world leader's in incarcerations and it's a dirty ass privatized business which I don't want to support when we can put these people to work, and fines do a wonderful job along with some community service. If that's the case Google needs to go to jail for indexing, and bing too since bing fed itself off of google. There was no exploit, this was the system operating as intended, supply it with an IMEI and get info. You want someone in jail for randomly trying publicly accessible page, incrementally, much like what google does with google maps mapping vehicles. Why isn't this illegal, it's occurring on public roads, too!? They make copies of the data accessible at these locations, or to use your words, they "steal the information" (addresses are personally identifiable information, but also public).

There are some authentications that do not use user/password. For example, Paypal Payflow uses a signature which is a single long number that identifies that account and gives authorization for access. It is a single number somewhat like an IMEI.

Authentication is a fuzzy thing, quick google returned: Authentication is the act of confirming the truth of an attribute of a datum or entity. By entering the IMEI this satiated the authentication, pretty shitty authentication. "Yup, address is good!". In regards to the paypal thing, btw paypal isn't a bank in the majority of the countries they do business in. In order to obtain this signature you need to create an account though, which requires a few pieces of information something an IMEI doesn't require. The signature seems like a token and is part of an authentication scheme, not simply a (terrible) username. The first 8 digits of the IMEI are assigned to manufacturers and made public (pretty good for something "private"!), and Apple, for instance, tends to do 'batch' naming for the rest, so if you have one iPhone IMEI you can guess all the others from that batch just by incrementing. That's a terrible authentication idea there, lou.

That is one URL and not millions of different URLs.

So if each person (in a large pool of say 250k) accesses one URL, with an IMEI that was generated, it's cool? Rape is cool the first time around then too, eh? This conflicts with below :P

Yes, if the IMEI does not belong to you or you have not been authorized by the owner to use it.

Why would I need permission since they can be derived? It's not something that's secret, or is protected, or has any expectation of privacy, it's even broadcast (to the carrier). Otherwise sites like this wouldn't exist. Think they burn all of those "passwords"?

Don't you see how this is very different from trying millions of different password combinations? One of the precepts of law is intent. It is pretty easy to show no intent when typing in a few incorrect characters. It is easy to show intents when you create a script that generates millions of possible IMEIs and spams a server with them.

I asked this specifically to nail down what an IMEI number is. An IMEI is not a password or a username any more than using a credit card number or social security number is. Unlike SSNs or CC#s it's an identifier for a device which doesn't even identify an owner in many cases (see prepays). These are similar to VINs on cars. How is it illegal to generate and try different combinations of this series of numbers, especially since portions of these numbers are public knowledge, on a website that is/was publicly accessible without any terms of use or limitations imposed by the operators for any clients which request info using a valid IMEI?

Comment: Re:An NPR reporter confessed to the same crime (Score 1) 246

So no online banks, credit card companies, etc. Just because it is on the web does not mean it is public.

Absolutely it does, it's implicit when it's on the web (short for World Wide Web) especially without authentication (doesn't that usually involve username + password?). Ultimately I believe you're arguing about intent of the organization, something the web server and client know nothing about. Requests (not demands) are received, and the web server replies. Private networks are just that, not publicly accessible. This is the digital equiv. of driving down various streets (publicly accessible addresses) incrementally and being provided with information at the end.

How is an organization not responsible for what they put online, after all are they not the ones solely authorized to determine what they want to provide others access to? It's not like this involved a username and password like the online banks or credit cards do.

Remember those folks who would share out their entire drives on file sharing networks? It's not up to a client to determine validity of who is or isn't authorized - that's the job of the people configuring the server. It is up to the entity operating the server to ensure that data is protected, authentication isn't anything new, especially robust systems. Would you defend the government for making a system where simply using a street address would allow one access to information (taxes etc.)? How about your Bank? Explain your reasoning, please.

Defending people who exploit negligence does not improve things either.

What does this have to do with my point, you think I like this asshole? Are you under the impression that making an example out of this guy will somehow improve things? If that were the case simply putting a guy through the system, the first time, would've sent the message loud and clear! If you're a customer of this company after this, you're crazy but I can understand how you'd be upset; although you should really focus on WHY THIS HAPPENED. You're ready to punish him for what amounts to an embarrassment. Also, you included email addresses in your rant, FYI email addresses are not private information. They're as private as a phone number is (something listed in directories and/or published in books).

You make a point of mentioning that this occurred thousands of times. What if you clicked on a link via a URL shortening service that directed you to one of these links, do you think you should be put in jail? Is it an exploit only if you do it x number of times? Do you think you should be liable for fraud for entering IMEI#s? What about accessing a website or service when its really busy (DDOS)? What about visiting slashdot and typing in an account name that's a misspelling of yours which happens to have the same password? Swap out slashdot with your bank of choice. Is it criminal now since it's "unauthorized access" of a computer system?

Lazy/incompetent/unprofessional people get no sympathy from me, they've earned this, and the company (developers, sysops, and managers in charge of these systems) need to own up to their shitty half baked design and policies. They deserve to get their feet held to the fire. If they're unable to perform, there isn't a shortage qualified people who would jump at a chance to take their places in a fucking heartbeat.

Comment: Re:An NPR reporter confessed to the same crime (Score 1) 246

Sorry but these are very different things. The Netflix database was meant to be public while the iPad one was not.

The fact is both were on web servers. The entire point of a web server is to handle requests, if you don't want something publicly accessible, begin by not putting it online. How are we to determine what is or isn't authorized? If you put something online, and later say that someone wasn't supposed to access it, who is liable?

The data is designed to be used by the owner of the phone as identified by the IMEI and not anyone who can spam enough possible IMEIs to fins a valid one.

If only there were some way to flag and block repeated attempts... this is about as brilliant as those folks who decided using a Social Security Number as a means of identification.

TL;DR Defending negligence will not improve things.

Machines certainly can solve problems, store information, correlate, and play games -- but not with pleasure. -- Leo Rosten