Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Re:Downloaded 1 or more bits (Score 1) 66

The plaintiff should be required to download the entire file and to ensure that the checksum of said file matches the file offered via the plaintiff's service.

They did. That's the whole point of the "direct detection" statement. They connected to the peers in the swarm and were able to download valid (SHA1 verified) chunks of the file from the defendants.

Comment Re:We burn a ton of DVD's every week (Score 1) 380

One of the tricks in production of litigation documents is to produce them in the least convenient form that conforms to the rules. So if the opposing side requests a bunch of e-mails and Word documents, and they don't have the foresight to request them in native format with metadata intact (or the rules don't require you to send them that way), you send them a stack of CDs full of TIFFs. There are even programs that will load up all the documents for review by the baby attorneys* and then convert them all to TIFFs for production. And when the other side sends you a bunch of TIFFs on CDs, it will load those all up, OCR them, and tag them with keywords. This is in part why production is so ridiculously expensive. (The other reason is that the attorneys will spend half a million dollars filing motions and counter-motions fighting over the search terms to use on document and e-mail searches.) (This is why attorneys always win lawsuits, as long as the client is solvent. Occasionally, one of the clients wins too.)

*If you retain a big law firm, they will still bill you $300/hr. for the baby attorney to sit in front of his computer all day, flipping through documents looking for stuff that should be tagged as "hot" or "damaging" or whatever before they go out. Then when the opposing side sends their production, baby attorney sits and reviews all of those too. The whole time, baby attorney is thinking, "I got seven years of post-secondary education for THIS?" But he'll do it, because the partner told him to, and they're paying him a salary of $160,000 plus bonuses that depend on billable hours, and as mind-numbingly boring as it is, it is the easiest way on earth to rack up billable hours, and he still has $200,000 in student loans to pay off.

Comment Re:from the five-days-too-late dept (Score 2) 42

Unfortunately it's the only two factor authentication system that's going to work for the public at large. It's a simple system that works with any and every cell phone on the market, with no need to (re)develop applications for multiple OSes, manage syncing those applications to a master server, and then handle user support issues when those applications break.

The problem with "proper" security is that it works against the user. Long passwords that you can't remember, SecurID tokens that you never have when you need them, and finicky fingerprint readers that are too easily fooled by fakes. And in the end, all of this just gets subverted by social engineering, calling the help desk and convincing the rube on the other end to reset the account password. Unbreakable security fails at being friendly when faced with the fallibility of users, and at the same time it's only as strong as the weakest human who has control over it.

The fact of the matter is that the only real threat to PSN users is going to be criminal gangs harvesting accounts en masse. A token two factor system, properly implemented, is going to be enough to stop that. It's security that's good enough. Otherwise you'll quickly discover first-hand how perfect can be the enemy of good.

Which is not to say I advocate poor security. But so far no one has come up with a better way to do it. It has to be universally compatible and it has to handle user failures gracefully, and there are very few ways to do that.

Comment Set up a dummy account (Score 1) 348

If push came to shove I'd set up dummy Facebook and Twitter accounts and let CBP see them. No good way to tell which of the several hundred Laura Hallidays on Facebook is me. Post some pictures of cats, a few likes, done.

I already engage in some self-censorship. There are a few CDs (mainly Russian and Israeli acts) I leave at home when I cross the border.


Comment Re:Conspicuous Silence (Score 1) 93

It's a pathetic 35 magabits per second.

Unfortunately you're not going to get much better on cable, even with DOCSIS 3.1. Upstream requires valuable low-frequency spectrum, which there's only a limited amount of and there's contention with other services (cable boxes, VoIP, etc). Meanwhile it's a nosier shared environment, so you also can't use as high of a bitrate as you can on the downstream.

Fiber is clearly better in this respect. But it's the tradeoff of using the copper already in the ground as opposed to having to dig up streets to lay down new fiber.

Comment MOD PARENT UP (Score 1) 145

The parent is spot on.

And just to add to that, until their recent run of profitability, the last time the airlines as a whole were consistently profitable was in the 1990s, before the dot-com bubble popped. Between roughly 2001 and 2011, they cumulatively lost money (the one bright spot was 2006, but of course the Great Recession hit). (apologies for the tiny image, but historical data more than 5 years out is typically paywalled).

It wasn't until we exited the Great Recession, airlines started charging for food and bags, and airlines did more to increase the passenger load factor (percentage of seats that are filled) to historically crazy levels that they finally became profitable as they have been in the past few years. Until then, even in decently good times, the underlying costs were pulling them down. Too many pilots and attendants drawing too high of a salary, too many flights going out less than full (i.e. too much spare capacity), etc.

So you can imagine why airlines weren't in any rush to invest in high cost, risky IT upgrade projects. When you're trying to just stay in the black, any optional cost not part of the core business (flying) is a risk.

Comment Facebook is for old people (Score 1) 534

I accept that advertising is what supports platforms like Facebook (indeed, just about everything on the internet), but please remember the user in all of this. My computer is mine. My browser is mine. Monopolizing it while you play an irrelevant auto-play video is just not cool.

Facebook is relatively tame in this respect. I've seen worse.


Comment Unifiedcomplete Preference Removed (Score 1) 236

Heads up, FF 48 has removed the browser.urlbar.unifiedcomplete setting. This setting was introduced in Firefox 43 to disable the annoying Unified Complete system introduced in that build. Unified Complete is what causes the first drop-down result to be "Visit/Search With [domain]" rather than the most relevant result, as was the default before Firefox 43.

Since the preference has been removed entirely, there is no current way to get this behavior back. It would need to be fixed by an extension.

Comment Re:Vulnerabilty (Score 2) 38

Why is this considered a jailbreak (a good thing) and not lauded as a remote code execution vulnerability that it actually is. If one web page can execute code, that means another web page can execute different code, installing a backdoor to your network, etc.

Because no one uses the Vita browser. It's terrible, especially by modern smartphone standards. It's hard to seriously classify this as a threat when the odds of a Vita browser coming across a malicious site sits at just a hair above 0.0%

Comment Re:Locking out open source hardware (Score 4, Informative) 440

Thus is a move to make sure Open Source software developers and individuals cannot produce Kernel mode drivers.

No. This is a move to further prevent kernel mode malware, because it turns out trusting developers wasn't good enough. That it impacts OSS is collateral damage - and something that can be dealt with, at that - as while OSS is popular here on Slashdot, it's not much more than a blip in the wider Windows world.

The whole reason we're even going this route is that trusting developer signed drivers has proven inadequate. Microsoft started requiring developer signatures (cross-signed) in Windows 7. This significantly cut down on driver based malware, but it didn't eliminate it entirely. It just raised the barrier to entry. Instead malware authors would just eat the cost and buy a certificate, or the especially crafty/evil ones would steal another vendor's keys, as we saw with the Realtek case. Either way Microsoft has had enough of it. and hence Windows 10 requires that they sign off on all drivers so that no one can just ship a (obviously) malware-infected driver.

I don't mean to be snarky/belittling here, but if you think that Microsoft is doing this as a strike against OSS, then you haven't been paying attention to the wider world. OSS on Windows certainly exists, but OSS projects that require kernel mode drivers are exceedingly few and far between. Which is not to say that OSS isn't a threat to MS to some degree, but that threat is from Linux, not OSS projects that require a kernel mode driver running under Windows. MS's prime concern is further reducing the ability of malware to hang out in the kernel space, as once malware makes it there it becomes virtually impossible to identify, contain, and remove.

And yes, this definitely makes signing harder for everyone. By all indications that's intentional, as EV Certs make it harder to hide (you have to provide more information) and are harder to steal/fraudulently use. There are ways to work with that for OSS though, just as was the case with Windows 7, so we'll be okay. As Bruce likes to say, security is a process; it takes more than just the OS vendor to keep Windows machines secure. So this is our contribution to that process (whether we like it or not).

Comment Re:What's the big problem? (Score 1) 675

I remember a few years ago seeing that my Amex was about to expire, and wondering when my new card was going to arrive.

Then I got a phone call from American Express. Had my new card arrived? No. Did I live alone? Yes. Did I know any men with Russian accents? Uh, no...

Yup: somebody had stolen my card and had gone on a shopping spree with it, triggering security alerts. My bill that month was about 50 pages, interesting charges (all local, curiously), then pages of Credit for Fraudulent Charge. I asked what my liability in the matter was and they said zero: unlike most other credit cards, American Express cards may only be used by the cardholder ("non-transferrable"), and if the merchants hadn't verified the identity of somebody who was really unlikely to be named "Laura", that was their problem, not mine.


Comment Re:What's the big problem? (Score 1) 675

Yes its beyond the reach of most attackers to clone a chip card. Stolen card is still a problem though.

But the latter is not the problem that they even set out to solve. Fraud due to stolen cards is infinitesimal; most people don't lose their cards in a way they're easily found, and most people, when presented with a card, don't commit fraud with it. Not to say that it isn't annoying when you lose a card and someone does go on a spree, but it's always about the tradeoffs.

What chip-and-sig is designed to solve are the issues involving data breaches and duplicated cards. EMV means that retailers no longer have a vast database of all the information you need to produce a card, because part of the processing takes place on the card itself. Meanwhile good luck actually making a counterfeit EMV card, never mind getting the required information off of the original to duplicate it.

Comment Re:Linux Gaming Support (Score 1) 369

How has the way the Linux kernel is managed negatively affected proprietary graphics card drivers?

By not supporting a stable ABI and API for binary drivers. You can take a WinVista driver written in 2006 and still install it and use it today on a fully updated and supported OS. Linux doesn't offer any kind of binary compatibility remotely comparable.

Users appreciate minor OS updates not breaking their drivers. Hardware vendors appreciate not having to chase whatever direction the kernel devs are going to keep their drivers working.

Slashdot Top Deals

"Well, if you can't believe what you read in a comic book, what *can* you believe?!" -- Bullwinkle J. Moose