Follow Slashdot stories on Twitter


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment I don't know if they actually 'helped' (Score 3, Insightful) 105

The article doesn't seem to say it, but it looks like Apple and Facebook probably just replied to standard (presumably well-formed) requests from law enforcement to hand over information about a suspect in a criminal copyright case.

Regardless of how you feel about criminal copyright as a thing (and if this bloke was making $31m in your months it's hard to think of him as a brave fighter for copyright reform :), if this is what happened then at least I feel ok about it. He wasn't caught in a massive dragnet that invaded the piracy of millions; it was a targeted search done lawfully with due process.

There might be more info in the full complaint but it's a bit much reading for me so I'll make do with this somewhat inflammatory headline and my uninformed opinion!

Comment Re:Elon Musk is still missing the point (Score 1) 219

Everything you say is true - but I would argue that what is important are the actual results. If the number of lives saved by the current implementation of the Autopilot system is greater than the number of deaths it causes, then surely we're better off with it - even if some of the deaths are the result of boneheaded behaviour by clueless inattentive drivers who are mistakenly assuming it is driving the car for them.

At the moment there are only a few high-profile stories from both sides of the fence (like this one and the previous story about the dude that was killed in the truck collision). So I think it's far too early to tell. If you believe some of the stats (accidents per km/driven) it is kind of encouraging.

So while I agree with you I think it's hard to state confidently that it's a bad idea yet (though it certainly seems like one) until we have a lot more data!

Comment Re:Somebody didn't get the memo... (Score 1) 283

It should be noted that very shortly after that story broke there were some retractions by the authors.

This is a note by the author where they have reduced the number of affected papers - initially around 40,000 - down to around 3,000.

The publication in which the paper first appears has agreed to publish a correction.

So while there is definitely room for improvement, it appears the impact was grossly exaggerated in the original coverage.

Comment Won't block them? (Score 2) 32

The statement by Erik Johnson ends with the following:

"Using the OpenID API and making the same web calls as Steam users to run a gambling business is not allowed by our API nor our user agreements. We are going to start sending notices to these sites requesting they cease operations through Steam, and further pursue the matter as necessary."

It might just be too hard/risky/boring for them to actually actively block these users so sending them a letter asking them to stop is probably a fair starting point.

Comment What else do you need to know (Score 1) 982

... other than the fact that they are so desperate for people to install it they are resorting to the most amazing levels of subterfuge to basically trick people into installing it?

How good would it need to be to justify looking past that?

Don't fall for their "fear of missing out" deadline.

The only other thing I know about Windows 10 (aside from all the alleged tracking/phone home stuff, which I haven't looked into in great detail but would be a dealbreaker for me) is that it will reboot after running updates without warning (... according to people I know who have suffered from this). I am not sure if this is just some sort of default setting or if it works this way by design. Either way, wtf.

Comment Seems reasonable (Score 4, Interesting) 218

... If only because it's documented and clear about pricing (at least at a glance from the summary).

I know this will be an unpopular opinion here but as an Australian that has lived under data caps since forever (the first broadband cap in Aus was 300mb, raised not long after to 3gb where it sat for a while), even considering how much time has elapsed 1TB is a staggering amount of data.

The biggest problem we had in Australia (... Outside of just generally ludicrously high costs for data) was pland being offered as "unlimited *", where the * basically meant go fuck yourself. This was, fortunately, clamped down on quickly and since then we've had crystal clear (if low) data limits.

I've been in the US for the last 2 years on some vaguely defined TWC plan. Despite having netflix running nearly all day every day (I've not been working for the last year so have had lots of spare time) I could barely manage more than 300gb a month, between me and my partner.

But even so I was constantly worried that eventually someone would be all like "you're using too much data!". Knowing there was a real limit would have been awesome, because I was used to thinking like that anyway and I'm tech savvy enough to deal with it.

I have no problems with data plans, as long as "unlimited" fucking well means what it says, even if you have to pay more for it. Having vague, opaque limits is harmful for everyone. Non-tech-savvy end users can just be filtered or rate capped, but for those of us that actually give a shit about service levels, it needs to be clear what we're paying for and what we're actually getting.

Comment Uh, ads? (Score 2) 103

Their site is plastered with ads, or at least was the last time I looked at it (doesn't load for me so I can't check; I've recently moved countries so maybe it's blocked in the UK).

Given its popularity I'm sure they're making thousands per month simply from ad traffic.

I have to wonder if the low donations is reflective of the fact that people are actually unwilling to donate to people/organisations when they know they're actually doing the "wrong" thing. People have no problems pirating content but they don't actually want anyone to profit off it if it can be avoided.

Although I recall an interview with Bram Cohen (BitTorrent creator) many years ago where he mentioned his father convinced him to put that "please donate" in the original Python client, and he said after that he was making hundreds a day. So maybe not.

Comment Re:Harsh laws... (Score 1) 293

I just left the US after two years there and had the same astonishment from the other side. I'm from Australia where, like the UK, it is massively socially unacceptable.

Within weeks of being in the US we found a lot of people in our new social circles would think nothing of getting in the car after an extended drinking session. It was staggeringly common.

Took me a while to understand that they don't have random breath testing like they do in Australia (and I assume the UK). At least in the state I was in (Ohio), the police had to publicly announce where they would be setting up to do their "random" testing for drunk drivers. I think I saw two or three of these announcements in the two years I was there.

The risk of getting caught is so close to zero that people don't even think about it.

This is because of some Constitutional thing (4A IIRC?). It seems to make sense in the scope of the Constitution but the practical effects I think are pretty serious (e.g., the fatality rate for a lot of the states that I was in around the midwest was quite a bit higher than it was in Australia.

Friends from other states told me that Ohio was actually pretty good compared to some of the neighbouring states in terms of their attempts to enforce it. - a quick search indicates that it's 5.4 deaths / 100k population in Australia, vs 8.7 in Ohio - but Kentucky is 15.2 and Tennessee is 14.7!

Comment Everything is being hidden on every website (Score 1) 92

Literally every different type of website has something 'hidden' on it. The only criteria is that it has been remotely compromised.

This is such a massive problem that Google have gone to lengths to add features into their Webmaster Tools to hint to website operators that their site has been compromised.

So this is staggeringly unsurprising. It's just another reminder that the average tolerance for security is very low.

Comment Re:hmm... (Score 1) 142

Question: aside from the obviously massively added complexity, could you even have an electric engine if you could just jettison the battery packs after take off?

e.g., have some sort of external unit to the plane that simply falls off and flies itself to the ground (like a battery pack drone).

Without knowing anything about it I imagine a significant chunk of power is required to take off and climb, but no idea how much would be required to stay in flight. So if you could periodically get rid of used packs it'd have the same benefit as burning off fuel.

Although if you were super clever you could have these drones return to base, recharge, and then reconnect to planes in flight?!@#

Comment Interesting but not sure how 'practical' it is (Score 5, Informative) 48

I glanced through some of the Android parts of the paper; it describes these as 'practical attacks' but it also opens with "we assume that a victimâ(TM)s PC has been compromised, allowing an attacker to perform Man-in-the-Browser (MitB) attacks", so it would appear the immediate risk would be at least on the low side. Unless your PC is pwned, but of course if that's the case, you're in trouble already.

For Android, the paper describes a mechanism by which a malicious app can be published to the Google Play store, then silently installed and activated through a Google Chrome plugin trojan (installed as part of the PC pwnage). There are more [interesting] details about how that process works and circumvents some existing Google tricks intended to stop it (e.g., static analysis of apps).

At this point, the app can now intercept SMS tokens that are sent to you as part of 2FA.

I was mostly interested to see if there were vulnerabilities in the Google Authenticator mechanism/implementation; it seems that this is not the case. It basically just takes advantage of the fact that Google offer a way to skip the Google Authenticator by using an SMS instead, although I guess this requires that your Google account is set up with a phone number (which may or may not be a requirement?).

The end of the paper notes that "Google believes that our proposed attack is not feasible in practice". I feel like eventually we'll see a bunch of common trojans that are set up to mess with 2FA. I kind of think that this is a pretty involved process with a lot of room for things to go wrong (for the attackers) so how effective it is remains to be seen. (I also wonder with Android M if the permissions model is different enough so that the SMS reading permission needs to be invoked on a per-app basis? But that might be work-aroundable anyway.)

Slashdot Top Deals

Congratulations! You are the one-millionth user to log into our system. If there's anything special we can do for you, anything at all, don't hesitate to ask!