Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Businesses

Why Bad Directors Aren't Thrown Out 205

An anonymous reader writes "For publicly-owned companies, the CEO gets most of the spotlight. If the company is successful and the stock goes up, the CEO gets the credit. If the company stumbles, the CEO gets the blame. But an article at the NY Times points how the board of directors for most companies seem to get a free pass, even when their decisions or their CEO selections consistently go wrong. 'Last year, there were elections for 17,081 director nominees at United States corporations, according to the service. Only 61 of those nominees, or 0.36 percent, failed to get majority support. More than 86 percent of directors received 90 percent or more of the votes. Of the 61 directors who failed to get majority approval, only six actually stepped down or were asked to resign. Fifty-one are still in place, as of the most recent proxy filings.' The article uses Hewlett-Packard as an example; the past several years have seen poor CEO choices, the abominable Autonomy acquisition, and billions in write-offs for other failed endeavors. Yet HP's directors were all re-elected."
Electronic Frontier Foundation

DOJ Often Used Cell Tower Impersonating Devices Without Explicit Warrants 146

Via the EFF comes news that, during a case involving the use of a Stingray device, the DOJ revealed that it was standard practice to use the devices without explicitly requesting permission in warrants. "When Rigmaiden filed a motion to suppress the Stingray evidence as a warrantless search in violation of the Fourth Amendment, the government responded that this order was a search warrant that authorized the government to use the Stingray. Together with the ACLU of Northern California and the ACLU, we filed an amicus brief in support of Rigmaiden, noting that this 'order' wasn't a search warrant because it was directed towards Verizon, made no mention of an IMSI catcher or Stingray and didn't authorize the government — rather than Verizon — to do anything. Plus to the extent it captured loads of information from other people not suspected of criminal activity it was a 'general warrant,' the precise evil the Fourth Amendment was designed to prevent. ... The emails make clear that U.S. Attorneys in the Northern California were using Stingrays but not informing magistrates of what exactly they were doing. And once the judges got wind of what was actually going on, they were none too pleased:"
Networking

Misconfigured Open DNS Resolvers Key To Massive DDoS Attacks 179

msm1267 writes with an excerpt From Threat Post: "While the big traffic numbers and the spat between Spamhaus and illicit webhost Cyberbunker are grabbing big headlines, the underlying and percolating issue at play here has to do with the open DNS resolvers being used to DDoS the spam-fighters from Switzerland. Open resolvers do not authenticate a packet-sender's IP address before a DNS reply is sent back. Therefore, an attacker that is able to spoof a victim's IP address can have a DNS request bombard the victim with a 100-to-1 ratio of traffic coming back to them versus what was requested. DNS amplification attacks such as these have been used lately by hacktivists, extortionists and blacklisted webhosts to great success." Running an open DNS resolver isn't itself always a problem, but it looks like people are enabling neither source address verification nor rate limiting.
Businesses

Ask Slashdot: Should We Have the Option of Treating Google Like a Utility? 238

eegad writes "I've been thinking a lot about how much information I give to technology companies like Google and Facebook and how I'm not super comfortable with what I even dimly know about how they're handling and selling it. Is it time for major companies like this, who offer arguably utility-like services for free in exchange for info, to start giving customers a choice about how to 'pay' for their service? I'd much rather pony up a monthly fee to access all the Google services I use, for example, and be assured that no tracking or selling of my information is going on. I'm not aware of how much money these companies might make from selling data about a particular individual, but could it possibly be more than the $20 or $30 a month I'd fork over to know that my privacy is a little more secure? Is this a pipe dream, or are there other people who would happily pay for their private use of these services? What kinds of costs or problems could be involved with companies implementing this type of dual business model?"
Google

Google Patents Staple of '70s Mainframe Computing 333

theodp writes "'The lack of interest, the disdain for history is what makes computing not-quite-a-field,' Alan Kay once lamented. And so it should come as no surprise that the USPTO granted Google a patent Tuesday for the Automatic Deletion of Temporary Files, perhaps unaware that the search giant's claimed invention is essentially a somewhat kludgy variation on file expiration processing, a staple of circa-1970 IBM mainframe computing and subsequent disk management software. From Google's 2013 patent: 'A path name for a file system directory can be "C:temp\12-1-1999\" to indicate that files contained within the file system directory will expire on Dec. 1, 1999.' From Judith Rattenbury's 1971 Introduction to the IBM 360 computer and OS/JCL: 'EXPDT=70365 With this expiration date specified, the data set will not be scratched or overwritten without special operator action until the 365th day of 1970.' Hey, things are new if you've never seen them before!"
Programming

Why Hasn't 3D Taken Off For the Web? 320

First time accepted submitter clockwise_music writes "With HTML5 we're closer to the point where a browser can do almost everything that a native app can do. The final frontier is 3D, but WebGL isn't even part of the HTML5 standard, Microsoft refuses to support it, Apple wants to push their native apps and it's not supported in the Android mobile browser. Flash used to be an option but Adobe have dropped mobile support. To reach most people you'd have to learn Javascript, WebGL and Three.js/Scene.js for Chrome/Firefox, then you'd have to learn Actionscript + Flash for the Microsofties, then learn Objective-C for the apple fanboys, then learn Java to write a native app for Android. When will 3D finally become available for all? Do you think it's inevitable or will it never see the light of day?"
The Courts

Dutch MP Fined For Ethical Hacking 122

An anonymous reader writes "Dutch Member of Parliament (MP) Henk Krol was fined 750 (US$1,000) by the district court of Oost-Brabant on Friday for breaking and entering the system of the Dutch medical laboratory Diagnostics for You. Krol said he entered the system as an ethical hacker to show that it was easy to access and download confidential medical information. Krol, leader of the Dutch 50plus party, accessed the systems of the laboratory with a login and password he had obtained from a patient of the clinic, who in turn had overheard the information at the laboratory from a psychiatrist that worked there ... In April last year, Krol used the login information to enter the company's Web server and subsequently viewed and downloaded medical files of several patients. He did this to prove how easy it was to get access to the systems, according to the ruling (PDF in Dutch).'"

Comment Re:"Flaw"? (Score 1) 269

It used to send a generated email such as 2r3qw-45co-i987@checkout.google.com (at least for some orders) so you could contact the customer if you needed to. But as of a few minutes ago it seemed my sales were listing real emails for all the orders I checked (just a few). So I'm not sure if they have these generated emails anymore or not. (I suppose it's possible they started getting spammed at addresses like that).

As a dev I don't think this is ideal. I liked the generated email solution. (I'm not sure how that worked exactly, I always got a mix of generated and real emails). But I don't think this is as terrible as people are making it out to be. They are not giving out the credit card number or embarrassing photos of you as a kid or anything. They provide the merchants with name, account age, coarse location (zip/city), email address, and email marketing preference: opt in/out.

They also do send the user a receipt email that describes the transaction as being between the customer and the developer.

It looks like this:

Thank you.
You've made a purchase from [developer ] on Google Play.
Order number: (.....)
Order date: (.....)
Payment method: (.....)

Questions? Contact [developer's email]

See your Google Play Order History.
View the Google Play Refund Policy and the Terms of Service.
Need help? Visit the Google Play help center.

So the questions are: How should it be presented to the user? What level of information should a merchant have?

Keep in mind the system supports web merchants and carrier billing. Should there be multiple systems?

I'm not sure I know the right answer or even what all the logistical issues are. Personally I use Google wallet to buy "cloud" backup services and other stuff not related to Android. In some small ways this affords me more privacy from the vendor than if I had just bought directly with a credit card.

Anyways as a dev it's interesting to have some level of geographical data. Names are helpful for dealing with customers. Emails are good for support. But I'd definitely like the customer to know what they are getting in to. /incidentally if Google wants to just act like a payment processor they could charge a more reasonable rate ( 5% ? ) :)

Google

Google Store Sends User Information To App Developers 269

Several readers have passed on news of a privacy hole in the Google app store. Reader Strudelkugel writes with the news.com.au version, excerpting: "Every time you purchase an app on Google Play, your name, address and email is passed on to the developer, it has been revealed today. The 'flaw' — which appears to be by design — was discovered this morning by Sydney app developer Dan Nolan who told news.com.au that he was uncomfortable being the custodian of this information and that there was no reason for any developer to have this information at their finger tips."

Comment Re:Killer 'Do Not Track' App? (Score 3, Informative) 207

Interesting, but I am pretty sure DNT was Mozilla's Idea. And frankly, it always seemed like a waste of time. Given all the ways that one can be tracked though, a technical solution seems difficult as well.

- Cookies
- JavaScript
- tracking pixels
- HTML local DBs
- Flash objects
- fonts
- screen size/colors
- plugin config/versions
- User agent
- IP address
- and now.... "DNT" toggle...

It almost seems as the only way to keep from being tracked is via the TOR browser incognito mode in a freshly wiped VM or something. I honestly wonder if the 'net need to move more towards mesh/tor/ad-hoc networking. Basically if the "darknet" should be the "mainnet".

Anyways, some info:

EFF tool to see how well you can be tracked (fingerprinted)
https://panopticlick.eff.org/index.php?action=log

NAI (Network Advertising Initiative)
Tracking opt out of 99 of some of the largest ad networks, including Google and MS (but guess who isn't there?)
http://www.networkadvertising.org/choices/

Apple iAd opt out
http://support.apple.com/kb/HT4228

Slashdot Top Deals

Time to take stock. Go home with some office supplies.

Working...