Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×

Comment Re:Big Android Problem (Score 2) 176

This is something I have been hoping to get time to write for awhile, more of a Wiki with statistics of how apps creep in their permission usage. Basically a community informational tool. Unfortunately I haven't had the time, nor much server coding experience. (If anyone is interested in contributing please feel free to contact me through my website).

And while your cynical take on the "developer first market" is not far off the mark, I think we should remember that there is a social contract between dev and user. I write a program and you pay me to buy it, or look at ads to use it. This part isn't really one sided at all. The problem is actually that permissions are granted before the user has a real chance to evaluate the application. This puts the users on the defensive.

I think if the social contract between dev and user was something agreed to at the time a feature was used, that would be better. It would put both dev and user on equal ground. If an app dev needs that permissions (for technical or business reasons), and they are denied it, they can shut down the app gracefully. If a user wants to deny some overreaching, they can also do so. With this case, either side can walk away at any time.

However, when the OS starts spoofing data (like the IMEI) in place of things (ala the rejected cyanogen patch), it breaks that contract both figuratively, and possibly literally. (For example if the user has agreed to TOS, and is now breaking them). I worry as a user that if we ever hope to have a system by which we retain control over permissions, we cannot break the contract, it will start a arms race (akin to ad blocking on websites).

What we need is to give users better tools to push back against permission creep, and for devs to have opportunities to cut back to what they really need.

Comment Re:Balance it (Score 2) 176

It's not a contest -- the fact that iOS handles it well is a good thing. But it doesnt change the fact that what tepples said was also correct (though seems deprecated AFAICT). This was unfortunately the problem with that permission. It had very legitimate uses, and very nefarious ones too.

Nevertheless, you brought up the comparison to iOS. So kindly spare us the "only on slashdot" stuff when it was you who seemed to be spoiling for a brand fight.

Comment Re:Pause while in call (Score 1) 176

Games should not need it. Any time the host activity is paused the games should pause any background processing. Media players, especially music players do play in the background, even with the screen off though. So for them, it is a must.

The permission is too coarse though. They need to separate state and identity. Unfortunately they've dug a backwards compatibility hole pretty deeply though at this point.

Comment Re:"Also..." (Score 2) 40

by alostpacket (#43368997) Attached to: Mobile App Screens Calls With Brain Waves

Screen calls? Eventually the app could answer and have the conversation we were going to have. Also there will be apps to make calls for us based on what we're thinking. If all goes well, these apps will call each other and have the entire conversation without us. I hope it is an interesting conversation!

I wonder if they will get their own facebook accounts....
Businesses

Why Bad Directors Aren't Thrown Out 205

Posted by Soulskill from the power-behind-the-throne dept.
An anonymous reader writes "For publicly-owned companies, the CEO gets most of the spotlight. If the company is successful and the stock goes up, the CEO gets the credit. If the company stumbles, the CEO gets the blame. But an article at the NY Times points how the board of directors for most companies seem to get a free pass, even when their decisions or their CEO selections consistently go wrong. 'Last year, there were elections for 17,081 director nominees at United States corporations, according to the service. Only 61 of those nominees, or 0.36 percent, failed to get majority support. More than 86 percent of directors received 90 percent or more of the votes. Of the 61 directors who failed to get majority approval, only six actually stepped down or were asked to resign. Fifty-one are still in place, as of the most recent proxy filings.' The article uses Hewlett-Packard as an example; the past several years have seen poor CEO choices, the abominable Autonomy acquisition, and billions in write-offs for other failed endeavors. Yet HP's directors were all re-elected."
Electronic Frontier Foundation

DOJ Often Used Cell Tower Impersonating Devices Without Explicit Warrants 146

Posted by Unknown Lamer from the bending-the-rules dept.
Via the EFF comes news that, during a case involving the use of a Stingray device, the DOJ revealed that it was standard practice to use the devices without explicitly requesting permission in warrants. "When Rigmaiden filed a motion to suppress the Stingray evidence as a warrantless search in violation of the Fourth Amendment, the government responded that this order was a search warrant that authorized the government to use the Stingray. Together with the ACLU of Northern California and the ACLU, we filed an amicus brief in support of Rigmaiden, noting that this 'order' wasn't a search warrant because it was directed towards Verizon, made no mention of an IMSI catcher or Stingray and didn't authorize the government — rather than Verizon — to do anything. Plus to the extent it captured loads of information from other people not suspected of criminal activity it was a 'general warrant,' the precise evil the Fourth Amendment was designed to prevent. ... The emails make clear that U.S. Attorneys in the Northern California were using Stingrays but not informing magistrates of what exactly they were doing. And once the judges got wind of what was actually going on, they were none too pleased:"
Networking

Misconfigured Open DNS Resolvers Key To Massive DDoS Attacks 179

Posted by Unknown Lamer from the check-your-sources dept.
msm1267 writes with an excerpt From Threat Post: "While the big traffic numbers and the spat between Spamhaus and illicit webhost Cyberbunker are grabbing big headlines, the underlying and percolating issue at play here has to do with the open DNS resolvers being used to DDoS the spam-fighters from Switzerland. Open resolvers do not authenticate a packet-sender's IP address before a DNS reply is sent back. Therefore, an attacker that is able to spoof a victim's IP address can have a DNS request bombard the victim with a 100-to-1 ratio of traffic coming back to them versus what was requested. DNS amplification attacks such as these have been used lately by hacktivists, extortionists and blacklisted webhosts to great success." Running an open DNS resolver isn't itself always a problem, but it looks like people are enabling neither source address verification nor rate limiting.
Businesses

Ask Slashdot: Should We Have the Option of Treating Google Like a Utility? 238

Posted by Soulskill from the you-are-the-product-being-sold dept.
eegad writes "I've been thinking a lot about how much information I give to technology companies like Google and Facebook and how I'm not super comfortable with what I even dimly know about how they're handling and selling it. Is it time for major companies like this, who offer arguably utility-like services for free in exchange for info, to start giving customers a choice about how to 'pay' for their service? I'd much rather pony up a monthly fee to access all the Google services I use, for example, and be assured that no tracking or selling of my information is going on. I'm not aware of how much money these companies might make from selling data about a particular individual, but could it possibly be more than the $20 or $30 a month I'd fork over to know that my privacy is a little more secure? Is this a pipe dream, or are there other people who would happily pay for their private use of these services? What kinds of costs or problems could be involved with companies implementing this type of dual business model?"
Google

Google Patents Staple of '70s Mainframe Computing 333

Posted by Soulskill from the collecting-the-classics dept.
theodp writes "'The lack of interest, the disdain for history is what makes computing not-quite-a-field,' Alan Kay once lamented. And so it should come as no surprise that the USPTO granted Google a patent Tuesday for the Automatic Deletion of Temporary Files, perhaps unaware that the search giant's claimed invention is essentially a somewhat kludgy variation on file expiration processing, a staple of circa-1970 IBM mainframe computing and subsequent disk management software. From Google's 2013 patent: 'A path name for a file system directory can be "C:temp\12-1-1999\" to indicate that files contained within the file system directory will expire on Dec. 1, 1999.' From Judith Rattenbury's 1971 Introduction to the IBM 360 computer and OS/JCL: 'EXPDT=70365 With this expiration date specified, the data set will not be scratched or overwritten without special operator action until the 365th day of 1970.' Hey, things are new if you've never seen them before!"
Programming

Why Hasn't 3D Taken Off For the Web? 320

Posted by samzenpus from the adding-some-depth dept.
First time accepted submitter clockwise_music writes "With HTML5 we're closer to the point where a browser can do almost everything that a native app can do. The final frontier is 3D, but WebGL isn't even part of the HTML5 standard, Microsoft refuses to support it, Apple wants to push their native apps and it's not supported in the Android mobile browser. Flash used to be an option but Adobe have dropped mobile support. To reach most people you'd have to learn Javascript, WebGL and Three.js/Scene.js for Chrome/Firefox, then you'd have to learn Actionscript + Flash for the Microsofties, then learn Objective-C for the apple fanboys, then learn Java to write a native app for Android. When will 3D finally become available for all? Do you think it's inevitable or will it never see the light of day?"
The Courts

Dutch MP Fined For Ethical Hacking 122

Posted by Soulskill from the dutch-politicians-apparently-have-skills dept.
An anonymous reader writes "Dutch Member of Parliament (MP) Henk Krol was fined 750 (US$1,000) by the district court of Oost-Brabant on Friday for breaking and entering the system of the Dutch medical laboratory Diagnostics for You. Krol said he entered the system as an ethical hacker to show that it was easy to access and download confidential medical information. Krol, leader of the Dutch 50plus party, accessed the systems of the laboratory with a login and password he had obtained from a patient of the clinic, who in turn had overheard the information at the laboratory from a psychiatrist that worked there ... In April last year, Krol used the login information to enter the company's Web server and subsequently viewed and downloaded medical files of several patients. He did this to prove how easy it was to get access to the systems, according to the ruling (PDF in Dutch).'"

Slashdot Top Deals

"May your future be limited only by your dreams." -- Christa McAuliffe

Close