Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:Expected (Score 1) 120

One generally uses a long, complex password for their password vault (which is fine, since you only have to remember the one password).

No. One does not. Because one needs to repeatedly enter that password in everytime one access anything, from as menial as slashdot to as important as one's bank.

Plus one needs to be able to enter it on a smartphone too; again... repeatedly.

Remembering a long complex password is easy. Repeatedly entering it over and over and over again is painful. So the practical length of most people's vault key is relatively short.

So while my bank password is long and complex and random, and i don't even know what it is; my vault password is shorter and easier for me to remember and use.

So my bank account and so forth is secure from bruteforce attacks directly on it, as well as immunity from password re-using since each is random.

My vault is relatively secure, you'd need to get a hold of it from me; and the vault password is relatively secure, but its not a 200 character pass phrase... simply because I'd go mental entering something like that in over and over again... or on a smartphone.

I've actually mitigated it a little bit as I use different vault files for different passwords, so I've actually got a couple vaults; and the vault the bank account is in is harder than the junk account vault, but while its better its still not ideal.

Comment Re:Nope. This involves active sharing and consent. (Score 1) 113

By comparison, I might own all the items in my safe deposit box at the bank. But clearly I don't own the bank, or even the bank lobby. And yet I cannot access my owned items except by using the bank's property.

Not a bad example. And likewise, if I wanted to send someone to the bank to retrieve or add to the contents of the safety deposit box, that would be my prerogative.

Well, OK. Then legally a legal court of law will come to a different legal conclusion than a person with no technical or legal expertise might come to.

Where the law varies significantly from people's expectations is where conflict arises, and the law is usually wrong or ultimately unenforceable, because society en masse simply ignores the law.

The law ultimately is supposed to reflect and enforce the social contract, not the other way around.

Also, civil engineer might build a bridge differently than a normal person would. News at 11!

Of course. But if the normal people couldn't cross the bridge, and kept hurting themselves on it, falling off of it, etc, etc ... because it didn't conform to their expectations of how to use a bridge, then the civil engineer failed.

The CFAA is a such a failure.

Comment Re:74 at time of crash (Score 2) 557

No wonder autopilot is safer than human drivers per mile driven.

Humans drive everywhere in all weather in all circumstances... autopilot only drives on uninterrupted stretches of highway, in clear weather... and it still demands the human sit there with his hands on the wheel as a backup.

Comment Re:EEE (Score 1) 394

Yes, they have an App Store on MacOSX but it's totally optional

It pretty much HAS to be installed, and you pretty much have to use it for OS updates.

And with each successive release OSX tightens the screws a little more, in the name of security...

You can't run apps you didn't get from the app store on a new mac until you go into security settings and turn on the ability to use apps you didn't get from the app store.

So its totally optional, in the sense that it comes pre-installed, you can't remove it, you have to use it for some things, and out of the box it is only option you are allowed to use to get new apps.

But yes, you can tweak the security settings to allow you to get software from other sources.

So...its like secureboot...which everyone here likes and thinks is ok... right?

Comment Re:Nope. This involves active sharing and consent. (Score 1) 113

Using a public service like twitter isn't in the same ball park as having a private account at a company where you most likely did sign an agreement that said something like 'you will not share company secrets' your company password would be classified as a company secret.

You are right, but that's kind of the point here -- while you and might see them as very different thing (and indeed most people do) ... the CFAA doesn't differentiate.

Comment Re:need to open sandbox to map editing / mods (Score 1) 394

yes, but steam isn't a really good platform for general purpose apps. I mean they're trying it...and also movies too... but I don't think it has a lot of traction... i don't really see it replacing cnet/sourceforge/etc to get torrent clients, file compression utilities, etc, etc. maybe they'll make it happen.

It always seems a bit wonky to have that stuff tied to a steam account in any way. Logging into steam... etc...

Comment Re:Nope. This involves active sharing and consent. (Score 2) 113

This is not stupid at all.

Yes, yes it IS stupid.

It mirrors the obvious principle that everyone here knows, which is that authorization to use a system does not necessarily confer authorization to authorize additional users.

But does that principle automatically apply here? Does a normal person *consider* their Twitter account their own property or the property of twiiter. (Not the legalese... but in terms of how they think about and interact with it.)

Moreover, it's a principle of our daily lives that's so obvious we don't even mention it. I let my neighbor Bob use my pool whenever he wants, but I would be shocked if Jill was using it and just said "Oh yeah, Bob said I could".

Exactly right. Its clearly your property, and your delegate has clearly exceeded his authority according to all social conventions. That would be quite the faux pas, and you'd be rightfully upset.

There is no reason that the principle of non-delegation (that is to say, without explicit authority granted to delegate) shouldn't apply to the virtual world just as much as it applies everywhere else.

It doesn't automatically apply everywhere else. It applies when the property being delegated is recognized as belonging to someone else. It doesn't apply when the property being delegated is recognized as belonging to me. The legalese underneath the transaction may cement that status, but socially what matters is how we perceive the property.

Bob's using YOUR pool. That is the social convention (and the legal reality) of the situation.

If I give you social media account password. Am I giving you access to MY account? Or am I giving you access to a (for example) twitter account that twitter lets me use?

Legally its probably the latter, but that's not how ANYBODY thinks about it. They think of it as THEIR OWN twitter account.

They'll say it's 'my account'; they'll complain 'my account was hacked'... everything surrounding it is framed in that sense of ownership.

The same way they think about their TV service, their cellular phone service, their steam account... that the account "belongs" to them, and they don't give a 2nd thought to whether their friends or guests or babysitters or whatever can watch their TV, or borrow their phone to make a call, or play some video games on my account.

Or even their bank account. People think of that as their property too. It gives them access to their money. Its not the banks money!! It's mine. The password is also mine. I chose it, and the bank shouldn't even know what it is. etc etc.

Yes legally, and when you get deep into it... the money is mine, but the servers are theirs. And the account is permission from them to use their servers using my chosen credential to access the money I entrusted them to hold for me... etc etc.

But if it ever came down to it, and I wanted to give someone my bank account password for some reason, my only thought would be in terms of the risk that represents to the security of MY money. I wouldn't give a 2nd thought to whether or not I had the right to delegate access to the banks servers.

Likewise with twitter... my only consideration in giving out my password would be the risk it represented to my 'reputation', the potential for greif to me from what they might say with it... etc.

The notion that I would be delegating access to twitter's server infrastructure in a way analogous to Bob letting Jill use your pool...? That would NOT be a consideration at all. No normal person thinks of their twitter account in that sense. (even if technically and legally that's what it is.)

Comment Re:Why does this matter? (Score 1) 666

Apparently this is the 'making fun of a black woman's name' thread:

https://wikileaks.org/dnc-emai...

Doesn't really strike me as "racist".

Steven Colbert had Alexander Skarsgaard on a few weeks back and spent spent a few minutes making light of the difficulty of pronouncing his last name correctly... was that racist against Swedes? A few weeks before that they had Steve Buscemi and they talked about the difficulty with his last name too....

Comment Re:Nope. This involves active sharing and consent. (Score 5, Interesting) 113

You might even be considered an "unauthorized user" from twitter's perspective

That is precisely what triggers the fraud and abuse act.

but by giving you their password,
the end-user has made you the defacto authorized user of that account.

The end user is not authorized to do that, per the Terms of Service.

Look, the point is that its is not an open and shut case. There is a valid legal argument, bolstered by recent court rulings that the CFAA can be triggered in this way. The most recent court cases was just such an example of an authorized user sharing their password with an ex-employee. Obviously that's not exactly the same thing.

But its close enough in a lot of ways, the twitter user, like the employee doesn't really 'own the account'. It is assigned to them and they aren't allowed to share it. So if they do share it the person they share it with is NOT an authorized user, and that in theory triggers the CFAA.

Yes, its all kinds of stupid... but the CFAA is all kinds of stupid too.

Comment Re:Is there a windows store for desktop windows 10 (Score 1) 394

Is there a windows store for the desktop version of windows 10?

Yes.

I did not even know that. Does it also Work with Windows 7/8?

It was released with Windows 8.

It only carries the new 'modern ui' apps. There are a variety of technologies in place to make the apps more self contained (more sandboxed); as well as let you potentially deliver the same app to Windows Desktop, tablet, and phone, (and xbox) consumers in one transaction.

Its not all bad. The original 'metro' was far too "phone/tablet" and lousy for desktop. The only one I personally use is Netflix.

Its gotten better, the apps will run in windows now ("small w" windows ie not full screen), and they added title bars and so on to the desktop version but I still have zero desire to use it for games or anything paid.

Myself, I like steam and gog. Both steam and gog are cross-platform (mac+windows+linux); which I actually value a lot vs (winphone+windesktop+xbox) which I do not value at all.

I could see the Windows store coming to replace random download sites for a lot of things, and that would be a good thing for the user experience and for safety + security. (e.g. it would be a good source for stuff like CPU-Z, qbittorrent, Acrobat Reader, Dropbox... etc etc... ) Having all that in the windows store would be good for the windows platform -- updates could be centralized instead of each doing their own.

The trouble with that is right now none of those apps will actually currently work if delivered by the windows store; due to the restrictions and sandboxing etc. CPU-Z I think needs admin rights to get the CPU information it reports, which store apps can't have. Dropbox needs shell integration which store apps cant' have. qbitttorrent... not sure if the windows store can distribute GPL stuff due to GPL license rules on making source available via the distributor...Maybe it is? And acrobat reader installs browser plugins etc which the again... app store apps can't do.

So... its a neat concept, that needs to happen but the chasm between what an app store app can do, and what windows desktop users need is still too wide.

This is why MS is focussed on games -- games are generally pretty self contained, and they are hoping to tie it together with xbox which makes sense, and may be of some value to xbox owners... to be able to play chunks of their xbox library at home or on their laptop...

The point being... a good app store run by microsoft would be good for the windows ecosystem. However, if Microsoft tries to squeeze out the other app stores, that would be a bad thing.

Comment Re:TFA is not terribly clear... (Score 1) 228

Was he compelled to actually put his finger on the phone, or was he just compelled to surrender his fingerprints?

The 5th only applies to testimony. Your finger print is not testimony.

They can already compel you to put your finger onto a finger print scanner or inkpad to collect your fingerprint.

It seems to me, that if we allow the government the authority to compel you to stick your finger onto anything (e.g. an inkpad) to collect your fingerprint; its not unreasonable that they have the authority to make you touch your phone too. With a warrant of course.

The upshot really should be, a fingerprint is a good way to keep random theives, children, and coworkers out of your phone. Not the government. Use a proper password for stuff you don't want the government to see.

Comment Re:Why would Putin fear Clinton? (Score 1) 764

Sounds like he has had a lot of fun. Golf is kind of boring by comparison.

Its something he enjoys. I'm not saying he had to be 'boring'.

And I'm not suggesting that he was wrong to do what he enjoys... he's certainly lived the life he wants to live, and that's fine, even something admirable in its own way. (perhaps not his life choices in particular, but the notion making the most of life is.)

Its not a demonstration of a fantastic business acumen.

He appears to still have more money than I know how to spend.

So does Paris Hilton. I guess she's a fantastic business woman?

Comment Re:Why would Putin fear Clinton? (Score 1) 764

Again, you can't judge business success by wealth itself, only by ROI

I'm not judging the business, I'm judging the man. The ROI on the the business maybe for 4M, but the ROI on the MAN is -1M.

Its meaningless to draw arbitrary boxes and look at them in isolation... what's the total package?

A business that *needlessly* flies around its executives on private jets. seats them in gold gilt chairs, and is wasting money (see definition of "needlessly").

A businessman that owns a business that is run responsibly, who then flies himself around on privates jets, gold gilt chairs... etc... is the same thing at the end of the day.

What are you suggesting? A person who is really great at making and managing money... until its his?

Slashdot Top Deals

"'Tis true, 'tis pity, and pity 'tis 'tis true." -- Poloniouius, in Willie the Shake's _Hamlet, Prince of Darkness_

Working...