Become a fan of Slashdot on Facebook


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:Sweet I can cancel Comcast! (Score 2) 92

It's okay.

Cost for me for Internet (Very Fast) + Cable TV == $270 a month, plus $22 cable box rental plus $15 for HBO + $15 for Showtime. == $322 per month.

Cost for me for Internet alone: $150. $10 Netflix. $12 Hulu. $15 HBO, $11 Showtime. $10 one time OTA antenna of 3-day delay for CBS Online (Which is fine for me ), and of course Amazon Prime, which costs me $8.25 a month and saves me hundreds a year in shipping fees. But yeah, folks who like to watch sports are screwed, with NFL games online starting at $50 a month for four months and then getting worse.

Mind you, the vast majority of the people I've done the math for get things cheaper online, but that's not everybody. There will always be some folks who have no choice but to get the TV service.

Comment Re:Use tip jars (Score 1) 160

This is an excellent point. Further, the subscription costs are nuts compared to what most people actually consume.

For example, if I had to pay, say, $4.99 a month for each site that I look at some things on from Google News, I'd be spending several hundred a month on news.

Let's take a look at the situation. If I don't block ads, I see about ten ads per page. Let's take a generous $10.00 CPM rate (I'll ignore any CPC because I'll be damned if I'm going to click any of that cruft). That means my viewing the article is worth "ten cents" to them. None when I block the ads. In a given month, I might look at five to ten articles from a given site, perhaps an average of seven from each site I view. Thus, if I'm paying more than $1 a month for their internet drivel, I'm spending way more than my eyes and private information would be giving them.

Since they won't deal with not accosting my eyes with ads in favor of a dime per article I view -at absolute most- (I'd be willing to toss in a nickle maybe honestly for most of this junk), they get adblocked instead and get diddly squat from me. Don't like my adblock? Too bad, I'll find the same article elsewhere, and when I post the link for people who don't block ads to look, it won't be yours. Chasing away my ad-blocking view means the loss of potentially hundreds of non-blocking views I'd drive their way.

I guess the real downside is that advertising is all about scamming everybody with their product anyway. The user's eyes are the product. The "articles" are just bait for the product, like we're fish. The advertisers pay for the product. The publishers then try to milk as much money out of the advertisers as they can with clickbait junk and a page crammed with dozens of ads. Then they complain that their bait is getting eaten off the line without hooking a fish as the fish are getting smarter. If they want the users to be their customers and the content to be their product, they're gonna have to have fish food, not bait, so to speak.

Comment Re: Good (Score 1) 534

There is a fine balance in the value of your existence on Facebook. You are not a customer. You are an income source. You exist to make the company money directly or indirectly. For Facebook, it's game token revenue and advertising, mostly the latter. People buy advertising and data because the net result is more people buying their product, thus money in return for the advertising or data purchase.

Your information and existence is sold to advertisers whether you have an account or not, even if it's only in summary.

You may post content that brings other people to Facebook to have their data collected and their eyeballs used to advertise to.

By their basic logic, if you are not looking at ads, not providing good data, and not bringing in other people to look at ads and buy, you are a broken product and not a source of income. If what they lose (content that brings in viewers) is not as great as the cost of having you there, they have every logical right to want to throw you aside and get you gone. Why not throw away "broken product"?

It makes me wonder... If enough people suddenly became click-through views of ads with zero intent to purchase, the advertisers would see their costs go up (due to clicks as opposed to just impressions) and their revenue not match it. There is still the malvertisement issue, but those often come in the ads rather than the destinations. Makes me wonder if there could be a reasonably-secure way to automate click-through-spam aggressive advert sites as a way of protest.

Comment The digital addiction and EMP (Score 1) 537

All this work and cost he went to and the digital addiction will likely win over. The bar will get a reputation for having horrible signal and people will find other bars that don't. Unless he has really awesome drinks and everything else to overcome the need for data. Even then, you'll see many people convening outside to get their information fix or make calls to the S/O. Worse, how will people be able to fake receiving phone calls to get out of creepy bar conversations?

Makes me wonder if his bar is sufficiently EMP-proof now.

Comment Re:What Happens When you Forget Your Password? (Score 1) 388

There is no way that any apple owner would be OK with the idea that if they ever forget their password, their phone is bricked. So what do they do when the owner contacts them asking for a password reset?

If they forget their password, all the data on it is (theoretically securely) erased and the phone is factory reset.

But what if the phone was the only source of that information?
Then what if the phone got sat on wrong and broken? Much worse than losing the password, but the same loss of data.

And to the original observation...
There is no way that any apple owner would be OK with the idea that their phone would not be usable if they forgot to charge it for a whole week.
There is no way that any apple owner would be OK with the idea if it falls out their window on the highway and gets run over three times, their phone is bricked.

However since it's not bricked if they forget their password, it's a moot point. Though sometimes I think that more people would be more careful with their passwords if more bad things happened when they forgot them or accidentally gave them to other people. Like if peoples' bank accounts got drained or people got fired for... oh... wait...

Comment Re:Sorry, no exceptions to mathematics. (Score 1) 388

I would create multiple usernames/passwords that are allowed to unlock the system. E.g. Multi login. They keystore that secures the encryption on the device would then have to be doubly encrypted with two seperate encryption keys on the device using a public key of the 2nd user available on iCloud. The second encrypted store could be uploaded to iCloud and only decoded by that 3rd party who would then have access to decrypt the duplicated information.

You could do PK key exchange via bluetooth or something more personal to prevent against MITM attacks.

The device would then need a time delay to prevent that designated user from logging onto your phone through casual day to day usage. The device should only be accessable 30 days after not being used and would require the user to access iCloud to fetch and decrypt the store. The device would still be protected by encryption but may be decrypted by a designated person(s) so long as the designated person is nominated upfront.

I feel that there are a lot of holes in this plan...

Comment Re:joek (Score 1) 101

A different consideration can be summed up in the idea that PCI Compliance makes a company "impossible to be hacked" in the same sense that being an "important and secure government agency" makes the FBI "impossible to be hacked". A frequent view is that PCI DSS means nothing at all because even fully-compliant companies can be hacked.

The middle ground is the concept that PCI Compliance just makes the company less likely to be breached and the recognition that common sense isn't all that common (despite the sads this causes for people who would think "don't store PII unencrypted" should be akin to "don't stab yourself in the eye with a fork in an attempt to improve your vision"). PCI compliant companies can (and will) still be hacked. This is more of a question of "Is the PCI standard a proper balance to reduce the threat, and were these companies -really- PCI compliant, or just saying they were and so we need to revisit how we are addressing this one way or another?"

Comment Re:The deed is done (Score 2) 610

From one point of view, it could be said that I did not say the encryption scheme would be broken in that case. It would be the misappropriation of "legitimate" keys used to access the back door of the encryption system.

From another point of view, if the point of the encryption is to prevent any but explicitly-authorized entities - as defined by the data holder and assumed to not include the pool of "and whoever has backdoor keys to the encryption system" - from accessing the data, the very existence of a backdoor breaks the encryption scheme (though not the cipher-generation algorithm) to a degree as it both creates an unknown third party "authorized entity" and a larger attack surface against which a successful attack can compromise the security of your data.

The encryption scheme, taken as a whole, is the entirety of everything from the key storage to (in)secure hardware to the strength of the key against various attacks to the cipher algorithm and stuff in between and around. So the algorithm that generates the encrypted result and reverses that process may be "very secure", but the scheme as a whole can have other faults. Like "password written on a post it note and stuck to the back" or "intercept the self-destruct process to be allowed to brute-force 10,000 4-digit possibilities" to "offload the stored key and use knowledge of the pin-to-key process to extract the key by brute force on an external system".

Encryption cipher algorithms as we know them today is not "unbreakable". It's just "currently so hard to break that it cannot feasibly be assumed to be doable in a useful time period." But a sticky note with the password renders even an "unbreakable" quantum cipher useless in short order. So you protect the key.

If you are the only one in control of the key, you can make your own choices (within some limitations) on where that key exists and who/what has access to it. The moment there is a back door, you no longer have control over the fully-inclusive key set to your data and the people who do have proven that there is a strong potential for their backdoor key to become compromised, thus compromising the security of your data.

Comment Re:The deed is done (Score 4, Insightful) 610

The problem is that cryptography is mathematics and doesn't know the difference between criminals and innocent people.

It also doesn't know the difference between law enforcement requests to unlock the phone and criminal requests.

If they can get into a criminal's phone, they can get into anybody's phone. If they can get into anybody's phone, any criminal who gets the key can get into anybody's phone. As to "how likely is it for the criminals to get the keys?"... well, pretty much every system (FBI, DHS, Apple, etc) that could theoretically hold the keys has been breached at some point. Holding that capability also makes a huge target. So "Very Likely", even to the point that when things were previously unlockable, hackers were doing so already.

Thus it comes down to "Do you want to allow criminals to access your iPhone so that law enforcement can also access a criminal's iPhone?" at that level. And in the event that a smart criminal had an indication that Apple could defeat the encryption and lockout, they'd just store the important data in a place that no company controlled or had access to.

Comment Re:How do they know (Score 2) 95

The linked article is a short version of the Reuters article that is much more informative.

To address the concerns of European authorities, the Internet giant will soon start polishing search results across all its websites when someone conducts a search from the country where the removal request originated, a person close to the company said.

That means that if a German resident asks Google to de-list a link popping up under searches for his or her name, the link will not be visible on any version of Google's website, including, when the search engine is accessed from Germany.

The company will filter search results according to a user's IP address, meaning people accessing Google from outside Europe will not be affected, the person added.

So once again Anti-Geoblocking/Anti-Georestriction VPN becomes the solution for folks.

Comment Re:1-to-1 loss, bad math (Score 2) 261

True. It does not change the general premise of the post.

The entire premise behind the device is to protest the claim that was made and believed that sent him to jail and has him owing millions in debt. As TFA states: "The most important message, however, is that the millions of dollars in losses the industry claims from him and the other TPB founders are just as fictitious as the number displayed on the Kopimashin."

It even goes so far as to say that the piracy is a net GAIN for the industry, and this could potentially make sense. Take the doughnut example:

The friend offers ten doughnuts to ten people and three of them like the doughnut a lot, so end up each ordering a dozen doughnuts at the store at full price. Ten doughnuts loss, 36 doughnuts paid for. PROFIT! Loss leaders, free samples... all the same concept, and one that the industry is not understanding.

A lot of words to say I agree with you. ;)

Slashdot Top Deals

Honesty is for the most part less profitable than dishonesty. -- Plato