vivaoporto - Slashdot User

Submission + - Google ordered to remove links to stories about Google removing links to stories (arstechnica.co.uk)

Submitted by vivaoporto on Friday August 21, 2015 @11:52AM

vivaoporto writes: Ars Technica UK reports that the UK's Information Commissioner's Office (ICO) has ordered Google to remove links from its search results that point to news stories reporting on earlier removals of links from its search results. The nine further results that must be removed point to Web pages with details about the links relating to a criminal offence that were removed by Google following a request from the individual concerned.

The Web pages involved in the latest ICO order repeated details of the original criminal offence, which were then included in the results displayed when searching for the complainant’s name on Google. Toe company has 35 days to comply with the enforcement notice. If it does not, it faces financial sanctions, which can be significant.

Submission + - Amazon Work-Life Balance Defender: Prior Employer Nearly Killed Me and My Team

Submitted by theodp on Friday August 21, 2015 @01:08AM

theodp writes: New York Times Public Editor Margaret Sullivan questions whether her paper's portrayal of Amazon's brutal workplace was on target, citing a long, passionate response in disagreement from Nick Ciubotariu, a head of infrastructure development at Amazon. Interestingly, Ciubotariu — whose take on Amazon's work-life balance ("I’ve never worked a single weekend when I didn’t want to") was used as Exhibit A by CEO Jeff Bezos to refute the NYT's report — wrote last December of regretting his role as an enabler of his team's "Death March" at a former employer (perhaps Microsoft, judging by Ciubotariu's LinkedIn profile and his essay's HiPo and Vegas references). "I asked if there were any questions," wrote Ciubotariu of a team meeting. "Nadia, one of my Engineers, had one: 'Nick, when will this finally end?' As I looked around the room, I saw 9 completely broken human beings. We had been working over 100 hours a week for the past 2 months. Two of my Engineers had tears on their faces. I did my best to keep from completely breaking down myself. With my voice choking, I looked at everyone, and said: 'This ends right now'." Ciubotariu added, "I hope they can forgive me for being an enabler of their death march, however unwilling, and that I ultimately didn’t do enough to stop it. As a 'reward' for all this, I calibrated #1 overall in my organization, and received yet another HiPo nomination and induction, at the cost of a shattered family life, my health, and a broken team. I don’t think I ever felt worse in my entire career. If I could give it all back, I would, in an instant, no questions asked. Physically and mentally, I took about a year to heal."

Comment Re:Vulnerability in my pocket (Score 5, Funny) 88

by vivaoporto on Tuesday August 18, 2015 @12:30PM (#50340067) Attached to: Multiple Vulnerabilities Exposed In Pocket

Actually that would have been a marvelous title for this submission: "Multiple holes found in Pocket".

Submission + - Multiple Vulnerabilities in Pocket

Submitted by vivaoporto on Tuesday August 18, 2015 @12:00PM

vivaoporto writes: Clint Ruoho reports on gnu.gl blog the process of discovery, exploitation and reporting of multiple vulnerabilities in Pocket, the third party web-based service chosen by Mozilla (with some backslash) as the default way to save articles for future reading in Firefox.

The vulnerabilities, exploitable by an attacker with only a browser, the Pocket mobile app and access to a server in Amazon EC2 costing 2 cents an hour, would give an attacker unrestricted root access to the server hosting the application.

The entry point was exploiting the service's main functionality itself — adding a server internal address in the "read it later" user list — to retrieve sensitive server information like the /etc/passwd file, its internal IP and the ssh private key needed to connect to it without a password. With this information it would be possible to SSH into the machine from another instance purchased in the same cloud service giving the security researcher unrestricted access.

All the vulnerabilities were reported by the researcher to Pocket, and the disclosure was voluntarily delayed for 21 days from the initial report to allow Pocket time to remediate the issues identified. Pocket does not provide monetary compensation for any identified or possible vulnerability.

Submission + - Microsoft can now remotely disable pirated games, if you're running them on Wind (firstpost.com)

Submitted by totalcaos on Monday August 17, 2015 @12:53AM

totalcaos writes: Privacy concerns as Windows 10 EULA gives Microsoft the ability to remotely disable or un-install counterfeit software and games. How Microsoft will go about detecting this is still unknown, but raises real concerns as according to this Microsoft will be able to tell whats installed on you computer!

Submission + - Registered clinical trials make positive findings vanish

Submitted by schwit1 on Saturday August 15, 2015 @10:05PM

schwit1 writes: The requirement that medical researchers register in detail the methods they intend to use in their clinical trials, both to record their data as well as document their outcomes, caused a significant drop in trials producing positive results.
A 1997 US law mandated the registry's creation, requiring researchers from 2000 to record their trial methods and outcome measures before collecting data. The study found that in a sample of 55 large trials testing heart-disease treatments, 57% of those published before 2000 reported positive effects from the treatments. But that figure plunged to just 8% in studies that were conducted after 2000. Study author Veronica Irvin, a health scientist at Oregon State University in Corvallis, says this suggests that registering clinical studies is leading to more rigorous research. Writing on his NeuroLogica Blog, neurologist Steven Novella of Yale University in New Haven, Connecticut, called the study "encouraging" but also "a bit frightening" because it casts doubt on previous positive results.

In other words, before they were required to document their methods, research into new drugs or treatments would prove the success of those drugs or treatment more than half the time. Once they had to document their research methods, however, the drugs or treatments being tested almost never worked.

The article also reveals a failure of the medical research community to confirm their earlier positive results:
Following up on these positive-result studies would be interesting, says Brian Nosek, a psychologist at the University of Virginia in Charlottesville and the executive director of the Center for Open Science, who shared the study results on Twitter in a post that has been retweeted nearly 600 times. He said in an interview: "Have they all held up in subsequent research, or are they showing signs of low reproducibility?"

It appears the medical research field has forgotten this basic tenet of science: A result has to be proven by a second independent study before you can take it seriously. Instead, they would do one study, get the results they wanted, and then declare success.

The lack of success once others could see their methods suggests strongly that much of the earlier research was simply junk, not to be taken seriously.

Comment Re:Settle (Score 5, Interesting) 222

by vivaoporto on Friday August 14, 2015 @12:44PM (#50317109) Attached to: CNN and CBC Sued For Pirating YouTube Video

This is not one run-of-the-mill "personal use copyright infringement" suit. Some important things make this case special:

1. The plaintiff is an intelectual property lawyer
2. The use of the video was for profit
3. As the article says many other news outlets sought permission or licensed the clip but these two, despite knowing the clip was copyrighted, choose to use them anyway.

If Thomas-Rasset was ordered to pay $1,920,000 for making 22 mp3 available for download (not for profit) how much should these media be liable in this lawsuit? How many other videos they use without proper licensing and/or attribution?

This could be the first of many similar cases considering the media worldwide assume that if a video is available on Youtube they are free to reproduce them in their TV news and shows.

Submission + - CNN and CBC Sued For Pirating YouTube Video (torrentfreak.com)

Submitted by vivaoporto on Friday August 14, 2015 @10:05AM

vivaoporto writes: CNN and Canada's CBC are being sued after the companies allegedly ripped the "Buffalo Lake Effect" from YouTube and used it in their broadcasts without a license. In addition to claims of copyright infringement, the media giants face allegations that they breached the anti-circumvention measures of the DMCA.

New York resident Alfonzo Cutaia (an intelectual property attorney) sensed last year that he had a hit video on his hands and used the YouTube's account monetization program to generate some revenue.

The attorney uploaded his footage to the video site and selected "Standard YouTube License" that grants Youtube (and Youtube only) "a worldwide, non-exclusive, royalty-free, sublicenseable and transferable license to use, reproduce, distribute, prepare derivative works of, display, and perform the Content in connection with the Service and YouTube's (and its successors' and affiliates') business". All other rights are reserved to the copyright owner and standard copyright laws and exceptions apply.

According to a lawsuit filed this week by Cutaia in a New York court, around November 18 Canada’s CBC aired the video online without permission, with a CBC logo as an overlay.

After complaining to CBC about continued unauthorized use, last month Cutaia was told by CBC that the company had obtained the video from CNN on a 10-day license. However, Cutaia claims that the video was used by CBC and its partners for many months, having been supplied to them by CNN who also did not have a license. CBC and CNN are also accused of distributing the video despite knowing that the copyright management information had been removed.

Comment Re:Meh. Fuck em (Score 3, Interesting) 519

by vivaoporto on Wednesday August 12, 2015 @05:10PM (#50304439) Attached to: Will Ad Blockers Kill the Digital Media Industry?

Yes. Here is the angle this article is trying to spin:

Apple is trying to pull iPhone and iPad users off the web. It wants you to read, watch, search, and listen in its Apple-certified walled gardens known as apps. It makes apps, it approves apps, and it profits from apps. But, for its plan to work, the company will need those entertainers and publishers to funnel their content to where Apple wants it to be. As the company makes strategic moves to devalue the web in favor of apps, those content creators dependent on ads to stay afloat may be forced to play along with Apple.

That's one way to look at it. Here is another perspective:

The absence didn't last long. In two previous Monday Notes (News Sites Are Fatter and Slower Than Ever and 20 Home Pages, 500 Trackers Loaded: Media Succumbs to Monitoring Frenzy), my compadre Frederic Filloux cast a harsh light on bloated, prying pages. Web publishers insert gratuitous chunks of code that let advertisers vend their wares and track our every move, code that causes pages to stutter, juggle, and reload for no discernible reason. Even after the page has settled into seeming quiescence, it may keep loading unseen content in the background for minutes on end.

Submission + - Russian Government Threatening To Block Reddit Over Cannabis

Submitted by Anonymous Coward on Wednesday August 12, 2015 @11:45AM

An anonymous reader writes: The Russian Government is threatening to block the social linking site Reddit across its country if they do not comply with removing a thread dedicated to growing cannabis. According to a post on VK.com, a site similar to Facebook in Russia, they have asked Reddit administrator to read their emails and their social media posts stating that they want /r/trees brought down which had posted an article about growing narcotic plants. Recently, Reddit changed its rules to allow illegal discussions on its site but they say that they would continue to block things such as copyrighted material.

Submission + - Banned article about Megamos Crypto chip finally gets released (www.ru.nl)

Submitted by Anonymous Coward on Tuesday August 11, 2015 @11:57PM

An anonymous reader writes: In 2012, three computer security researchers at Radboud University discovered weaknesses in the Megamos chip, which is widely used in immobilisers for various brands of cars. Based on responsible disclosure guidelines, the scientists informed the manufacturer immediately, and they wrote a scientific article on the topic that was accepted for publication at a prestigious digital security symposium (USENIX 2013). However, the publication never took place because in June 2013 an English court, acting at the request of Volkswagen, ruled that the article had to be withdrawn. Now, in August 2015, the controversial article that was 'banned' in 2013 is being published after all.

What went before

In 2008, Radboud scientists discovered weaknesses in the MIFARE CLASSIC chip that was used for instance in the public transport chip card for the Netherlands, the ‘OV-chipkaart’, and in London's Oyster card. At that time, the Dutch court refused to ban publication, partly because Radboud University scrupulously complies with responsible disclosure rules.
Because of this, Volkswagen took the ‘Megamos case’ to an English court in 2013. This was possible because one of the researchers had transferred to the University of Birmingham in the meantime. In June 2013, the English court issued an injuction.

Defence

Radboud University, together with the University of Birmingham, immediately challenged this English publication ban: the data about the chip that the researchers used in their study was acquired in a lawful manner. The manufacturer was also informed more than 9 months prior to the proposed publication. According to the responsible disclosure guidelines of the Dutch government, pre-publication notice of 6 months is sufficient.
The controversial article contains a scientific analysis of the level of security of the Megamos chip and is certainly not a manual for hackers. Radboud University is a strong defender of academic freedom and believes that car owners have the right to know the strengths and weaknesses of the security of their car.

Negotiation and solution

Negotiations through lawyers were unproductive for a long time. However, direct informal consultation in the autumn of 2014 in London was successful. Volkswagen finally agreed to publication, after accepting the authors' proposal to remove one sentence from the original manuscript. This single sentence contains an explicit description of a component of the calculations on the chip. The removal of this sentence makes it more difficult to reconstruct the entire algorithm for improper use, but does not affect the scientific content.

Professor Bart Jacobs, head of the Digital Security Group in Nijmegen was closely involved in the whole process. He can live with the text change, he says. “We academics have to stand up for our rights; we continue to believe that solving security problems is best served by responsibly identifying weaknesses, not by keeping them under wraps. But it is frustrating that so much time, money and effort has been wasted. This is not an incentive to report defects only to the manufacturer concerned.”

Presentation in Washington

The researchers will present their article on Wednesday 12 August at the same conference that was scheduled two years ago: the USENIX Security Symposium in Washington. The presentation concerns the following manuscript: Roel Verdult, Flavio D. Garcia and Baris Ege, Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer.

Usenix Security 2015 program
https://www.usenix.org/confere...

Special Paper Presentation foreword:
https://www.usenix.org/sites/d...

Submission + - Firefox exploit found in the wild, served via advertisement on a news site

Submitted by vivaoporto on Friday August 07, 2015 @05:48AM

vivaoporto writes: A post in the Mozilla Security Blog reports that a Firefox exploit was found in the wild and that all " Firefox users are urged to update to Firefox 39.0.3".

According to Daniel Veditz, Mozilla's security lead, they were informed by a Firefox user that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine.

The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer. Mozilla products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable. The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files.

He warns that the exploit "leaves no trace it has been run on the local machine. If you use Firefox on Windows or Linux it would be prudent to change any passwords and keys found in the above-mentioned files if you use the associated programs. People who use ad-blocking software may have been protected from this exploit depending on the software and specific filters being used."

Submission + - Amid agony, scientists discover world's first venomous frog (sciencemag.org)

Submitted by sciencehabit on Thursday August 06, 2015 @01:39PM

sciencehabit writes: Brazilian biologists have discovered the world’s first venomous frog the hard way. When Carlos Jared of the Butantan Institute in São Paulo, Brazil, picked up a Brazilian hylid frog—a small, lumpy, green amphibian—while doing fieldwork in a jungle in the Goytacazes National Forest near the southwest coast of Brazil, the frog raked the spines hidden within its upper lip across his hand. He dropped the frog, and excruciating pain shot up his arm for the next 5 hours. Several other species of frogs are poisonous, but until now none have been shown to be venomous—that is injecting a toxin into their host. C. greening’s venom is twice as potent as that of the deadly pit viper, the researchers report.

Comment Re:Top voted post of that thread, interesting poin (Score 4, Insightful) 410

by vivaoporto on Thursday August 06, 2015 @11:43AM (#50263183) Attached to: Reddit Updates Content Policy, Bans More Subreddits

The complaint is about the difference in the treatment of two similar problem subreddits: FPH and SRS, along with the current batch of banned ones.

The former got banned (according to the official explanation) not because of their ideas but because of the behaviour of their members (doxxing, harassing). The current batch was banned because (according to the official explanation) they "are banning a handful of communities that exist solely to annoy other redditors, prevent us from improving Reddit, and generally make Reddit worse for everyone else".

SRS exhibits the same behaviour that got FPH banned (brigading, harassing) and arguably exhibits the same behaviour that was used to justify the banishment of the current batch: existing "solely to annoy other redditors".

The above posted explanation from the admin admits SRS is a problem but only touches the brigading and anti brigading measures.

It gives the impression that existing "solely to annoy other redditors" was not the real reason for banning the current batch and that "doxxing and harassing" was not the real reason for banning FPH.

Comment Re:Top voted post of that thread, interesting poin (Score 2) 410

by vivaoporto on Thursday August 06, 2015 @10:55AM (#50262855) Attached to: Reddit Updates Content Policy, Bans More Subreddits

This exchange seems to contradict that they don't consider /r/ShitRedditSays/ a problem but the remedies they are willing to try on that subreddit are very different from similarly problematic ones.

spez -944 points 18 hours ago

For the the time being we believe that brigading is best fought with technology, which we are actively working on.

Synsc 894 points 18 hours ago

What does that mean exactly?

spez -772 points 17 hours ago

It means that we can see downvoting brigades in that data, and we are working on preventing them from working. We used to do this in the past, and it worked quite well.

Ultimate_Cabooser 1479 points 17 hours ago

That still doesn't mean anything. They're blatantly violating the "exist solely to annoy other redditors" and they make Reddit a lot worse for everyone who isn't them.

The "we don't need to remove them because we're developing technology that won't let them break the rules" could be said about a shit ton of subreddits that were removed.

I'm not in the "fatpeoplehate shouldn't have been removed"-circlejerk, because I agree it was shitty and was rightly removed, but the "it doesn't need to be removed because we're working on technology that doesn't let them break the rules" argument could have been used for that. If you remove subreddits like that, you have to remove SRS.

spez -601 points 16 hours ago

We take banning very seriously. I believe we can combat negative actions like theirs by improving our own technology without banning them, so that is what we'll try first.

As mentioned in another comment the behaviour of that subreddit goes way beyond simply brigading but in the realm of raiding, doxxing and harassing individual users.

The difference in remedies here is what makes this interesting: if Reddit is not banning for ideas but for behaviour what is the difference between SRS and FPH that justifies the difference in treatment?

Slashdot Top Deals