Slashdot Mirror

Hi Simon, Apple hater here,

And that's pitiably sad.

I agree we deserve people's pity. You can paypal your support by making a donation to applecustomersaregaynoexceptions1942@gmail.com.

thanks in advance!!

My procmail filters at one point were so busy filtering incoming spam that my ISP disabled them for using 80% of the CPU.

That's why they invented Gmail? ;D

Srsly tho, public forums be crunk ways of holding p2p conversations. How about if you email me via jesset@gmail.com?

We're all accepting the results of this survey because it meshes with our intuition that people ignore security warnings. But the article says nothing of the method of the experiment. Were people told specifically to evaluate the warnings, or were they told to visit site X or Y to answer some questions? How much was the idea of security influenced by the authority of the person who gave them the URL? How important did they feel that encryption was to the security of the connection? I.e., did a portion of them decide that the encrypted connection was unimportant for the task they were performing? All of these things can factor into the results.

But assuming the results are valid, I concur with another poster who lays the blame squarely on the widespread misuse of certificates. Many sites use a single certificate for multiple URLs other than the URL(s) listed on the certificate. (https://m.gmail.com/ anyone?) Others fail to promptly renew their certificates before they expire. The attention people pay to warnings is inversely proportional to the frequency with which they appear, and proportional to the severity of consequences for failing to heed it. Relatively high frequency warnings with no visible consequences for ignoring it = 0 attention.

From: emad.elharaty@gmail.com
To: esr@catb.org
Date: JUN 20 2009 16:27
Subject: IRANIAN HACKER COMMUNIQUÉ

Eric,

It's Emad.

I know we haven't spoken since that whole Michael incident, but I think we should put our heads together about these Iranian hackers.

Meet me at the Carney's Point Flying J at 10 PM. Get shower stall 16 and wait for me. I'll be wearing a Slashdot t-shirt and drinking Bawls.

Don't be late. The future of Iranian hackers depends on it. So does the security of America too I guess, and gun ownership or something.

Emad

Read more

roxton@gmail.com

'Every year, life is getting more and more expensive. Insurance. Rent. Food. And, at the same time, software is getting cheaper and cheaper, sometimes as cheap as a dollar, as we engage in a full speed race to the bottom. This is not going to help developers stay in business. This is not how a healthy industry is maintained.'"

I agree. The race to the bottom for software is not how a healthy industry is maintained. What will we do if software reaches a price point of zero?

There are no clear examples out there of how free software or applications can stay in business.

*rolls eyes*

The pictures seems to be taken near NYU ( Broadway and Waverly and WSP ).

The words seems to indicates that these was entirely done at WSP.

Is there any evidence of the author trying tougher challenges like union square or handling traffic lights?

My super-secret sources tell me that this was the first in a series and that you can be notified of upcoming missions (and new bot designs) by sending a note to a super-secret email address.

What happened here is just that Google wasn't expecting such a huge surge in usage and had no other choice to disable for 3rd party clients for now.

It's a bit ironic that you start your post by blasting someone for reading between the lines, and then you proceed to do the same thing yourself. Unless you work at Google, you have no way to know why this decision was made.

But it's funny that you make it sound like Google is a helpless victim. How much traffic exactly pushed their feeble servers over the capacity limit only 11 days after this software became "popular"? How many iPhone users broke the camel's back?

The reality here is that Google made a policy decision, not a capacity decision. Especially since Google is one of the best in the business at scaling. This message should silence any doubt: "SMS_ERROR_10: Sorry we don't support free SMS messaging through this client. Visit http://gmail.com/sms for more info."

just go to:
http://offline.gmail.com/

I'd like to be able to open an ssh client and use the on-screen keyboard.

http://en.wikipedia.org/wiki/Web-based_SSH

Add some kind of notepad software you can write notes quick and immediately send it out to another device/computer.

http://gmail.com/

And have other usable apps

http://docs.google.com/

Here's his contact info:
Primary email
Secondary email
Phone number: 917-355-6517

Note: it was incredibly easy to get (2 clicks)

Imagine, a guy with the name muggs would have the inside scoop on this story.

Reading your thread you do a very fine job justifying a means to an end, but I'd still wager that the means that Google used are abominable.

"It means that now, people who have Google accounts can login to my website without having to register."

It also means FooBarWidget's dad (the proverbial Joe the Plumber of this thread) also has to remember that on every other site he has to use something else. And if he wants to use his Yahoo or MSN account, he has to remember its something totally different. Google has simply added to the confusion by throwing in their own proprietary non-interoperable standard, further fractioning a standard you've already argued is unusable for its complexity.

The only acceptable way to make this a win for users was to make some kind of a standard. Google didnt. Instead they've only further exacerbated the mess of online identity standards. I'm happy that you're happy that you can tell your dad to just use his email, but for Dad thats only ever going to work on a very very small handful of sites for users who happen to want to use their google account identity; for the other 99.99% of use cases it only murkier the water further.

The real insult-to-injury here is that OpenID already supports email logins. Theres no reason Google couldnt have let good ole dad login with foo.dad@gmail.com; OpenID translates this to http://gmail.com/ which happens to be a valid web address. But instead of implementing an existing standard at no cost to developers everywhere, Google added more complexity for developers and more confusion for users.

I dont see whats salvagable about this. Google didnt add anything new for users, made it so users of gmail couldnt use 99.999% of OpenID consumers, put a huge burden on developers, and confused a lot of users struggling with an complex system whose only boon was interoperability.

I'm happy its easy for you and your dad. But theres about eighty things a 9 year old programmer would have made better decisions about, and at no cost to the rediculously low bar you've set for your expectations.

I see two options Google could have pursued if they'd wanted to embrace and extend OpenID to let users use their email addresses.

1) Define a mapping users can use. Tell users to use http://gmail.com/~ApathyMaybe or http://apathymaybe.gmail.com/ for their url's for example.

2) Define a protocol for developers to map email addresses to URLs. Use some kind of URI-template to convert ApathyMaybe@gmail.com into one of the aboves.

As you sarcastically point out, they ignored both options and dropped a heinously ugly black box in front of OpenID that developers must correspond with first. They didnt embrace and extend OpenID, they hacked a solution they internally are content to suffer with.

I see two options Google could have pursued if they'd wanted to embrace and extend OpenID to let users use their email addresses.

1) Define a mapping users can use. Tell users to use http://gmail.com/~ApathyMaybe or http://apathymaybe.gmail.com/ for their url's for example.

2) Define a protocol for developers to map email addresses to URLs. Use some kind of URI-template to convert ApathyMaybe@gmail.com into one of the aboves.

As you sarcastically point out, they ignored both options and dropped a heinously ugly black box in front of OpenID that developers must correspond with first. They didnt embrace and extend OpenID, they hacked a solution they internally are content to suffer with.

That's what I read into it too, but actually you can already use an email address, sort of. If they relying party assumes the OpenID given is a URL, then username@gmail.com would resolve to http ://username@gmail.com/, which is a valid URL, pointing to http://gmail.com/. Some OpenID 2.0 providers allow you to enter a generic url (like just a domain name), and when redirected to the OpenID provider you're asked to provide both your username and password, rather than just your password. Yahoo supports this, you can enter yahoo.com in an OpenID login box.

It would be trivial for google to accept OpenIDs at http://gmail.com/, but relying parties might not accept the email address as a URL.

That's what I read into it too, but actually you can already use an email address, sort of. If they relying party assumes the OpenID given is a URL, then username@gmail.com would resolve to http ://username@gmail.com/, which is a valid URL, pointing to http://gmail.com/. Some OpenID 2.0 providers allow you to enter a generic url (like just a domain name), and when redirected to the OpenID provider you're asked to provide both your username and password, rather than just your password. Yahoo supports this, you can enter yahoo.com in an OpenID login box.

It would be trivial for google to accept OpenIDs at http://gmail.com/, but relying parties might not accept the email address as a URL.

TFA links to the website (botmaster.net...you probably don't want to go there) that sells XRumer. And what do I see for contact information? botmaster.net@gmail.com.

Sure hope they don't get spammed. Whatever you do, don't publish that email address! botmaster.net@gmail.com -- don't do it!

Don't be silly, Google *loves* URLs. Well, at least certain ones. http://www.google.com/ is awesome, as are http://www.blogger.com/ http://www.gmail.com/ http://www.youtube.com/ and http://www.froogle.com/ just to name a few!

Writing junk like foo [at] bar [dot] com simply wastes time time of your colleagues and friends, who now have to rewrite your address by hand, and confuses the non-techies.

How dare you!? The hours I spend every week crafting clever rewrites of my email address is precisely that which keeps the spammers on their toes. How else do you think Gmail capable of filtering any spam mails out? I'm keeping their volume down. It's not just some stupid security superstition, either: it really works! And way better than whatever algorithm they're training over in Mountain View.

From,
seinjunkie@gmail.com

Tell that to Google.

Gmail will use SSL for the actual email IF (and only if) you get to it by typing https://www.gmail.com/ rather than http://www.gmail.com/ (this gives you a certificate error though, you really need to use https://mail.google.com/ - it will stay on whatever protocol you initially access it with.

Gmail will use SSL for the actual email IF (and only if) you get to it by typing https://www.gmail.com/ rather than http://www.gmail.com/ (this gives you a certificate error though, you really need to use https://mail.google.com/ - it will stay on whatever protocol you initially access it with.

I'm surpised no one mentioned this, but https://gmail.com/gmail.com pops up this alert in FF3, because the certificate is actually for mail.google.com. I'm surprised Google didn't fix this - especially considering how much money they give to Mozilla.

Ads in gmail? Even legitimate users don't have those.

Go with the flow :-) Use mobile websites where possible eg http://m.gmail.com./ Many websites still have have text pages - use them.

Ordinary email clients, such as Thunderbird work well at dialup speeds.

I agree with most of what you say, I just take a small exception to:

[...] certain features which are not in Google's interest like easy encryption support will likely never get implemented [...]

It's actually quite easy to use encryption while reading your email. Go to https://gmail.com/ to log in, and the entire session will be https. If you go to http://gmail.com/ then only the login page is encrypted.

Hope this helps your experience!

I agree with most of what you say, I just take a small exception to:

[...] certain features which are not in Google's interest like easy encryption support will likely never get implemented [...]

It's actually quite easy to use encryption while reading your email. Go to https://gmail.com/ to log in, and the entire session will be https. If you go to http://gmail.com/ then only the login page is encrypted.

Hope this helps your experience!

You should use https://www.gmail.com for a secure connection

This article is about Demonoid. Like Orkut, like Advogato, and like Google Mail when it was in beta, Demonoid is part of the remaining 1%

According to http://gmail.com/, Google Mail is still in beta. Did you mean something else?

EMAIL US at MASSJUNK@GMAIL.COM & WIN A FREE LINUX!

WIN a FREE TRIP in SPACE! email us at MASSJUNK@GMAIL.COM

I won't. I want to flood this email account. You can flood this email with your spam, subscribe it to newsletters, add it to spambot lists, whatever...

massjunk@gmail.com

massjunk@gmail.com

My name is Nathanael Majoros. I like making jokes about gay hardons!

Here's my linkedin page: http://www.linkedin.com/in/nmajoros

Here's my website: http://majoros.net/

I am a Design Administrator at Belgacom Mobile (Proximus) http://www.proximus.be/ in Brussels, Belgium

I use the emails troudenouille@gmail.com and nmajoros@majoros.net

I've worked as a Developer at FL Consulting, and an Academic Assistant at Vrije Universiteit Brussel

I was educated at Vrije Universiteit Brussel and Koninklijk Atheneum Keerbergen

• Links to Tens of Thousands of Legal Music Downloads

If you're a musician or music hosting site operator, and offer at least one COMPLETE track from your site, I'll be happy to give you a link. It's even OK if you charge for your music, as long as there are some complete tracks and not just samples. Email me at legaldownloads@gmail.com

I had this problem when I went to http://gmail.com./ Change your bookmark to https://mail.google.com/ and it will stay secure. (I learned this trick by following a gmail link back to itself)

My iPhone took 55 seconds. EDGE is good enough on sites that don't have a lot of big images... it really seems to choke on those. Sites like Kotaku bring my iPhone to its knees. But I mostly use the EDGE to do web-based MSN chat and email, and EDGE works well for those applications.

An educated guess? (I haven't used either, but AM in the industry) -- not really.

Except for the nice tight integration with pointy-hair-endorsed mail systems, of course. There is nothing like the crack from a berry that originates from your OWN internal mail server and scheduler. They even call it "Blackberry Enterprise Server" to make sure it is fully buzzword compliant.

Oh yes, one other minor detail, RIM has managed to work out fantastic data deals with many carriers -- or rather convince them to offer them to their customers -- such that data to/from Blackberry e-mail servers is virtually free in some cases..

I'm suprised Google doesn't offer push notification of new emails. There must be a way to do this, but I haven't looked carefully at what SMS interfaces are available from J2ME.

Me? I'm quite happy with http://m.gmail.com./

if you like my spam please phone and email me today!

Registrant:
Denver iPod Supply

1225 E 18th Ave
Denver, Colorado 80218
United States

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: BUYMYBROKENIPOD.COM
Created on: 22-Feb-07
Expires on: 23-Feb-08
Last Updated on: 07-Jun-07

Administrative Contact:
Mosley, Brett bmosley.ipodbuyer@gmail.com
Denver iPod Supply
1225 E 18th Ave
Denver, Colorado 80218
United States
(619) 200-2138

Technical Contact:
Mosley, Brett bmosley.ipodbuyer@gmail.com
Denver iPod Supply
1225 E 18th Ave
Denver, Colorado 80218
United States
(619) 200-2138

if you like my spam please phone and email me today!

Registrant:
Denver iPod Supply

1225 E 18th Ave
Denver, Colorado 80218
United States

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: BUYMYBROKENIPOD.COM
Created on: 22-Feb-07
Expires on: 23-Feb-08
Last Updated on: 07-Jun-07

Administrative Contact:
Mosley, Brett bmosley.ipodbuyer@gmail.com
Denver iPod Supply
1225 E 18th Ave
Denver, Colorado 80218
United States
(619) 200-2138

Technical Contact:
Mosley, Brett bmosley.ipodbuyer@gmail.com
Denver iPod Supply
1225 E 18th Ave
Denver, Colorado 80218
United States
(619) 200-2138

I'm reluctant to do this, but I've sort of gone all out tonight to alert people searching for Fossett because of a white plane I found. I know people will say, "Well give us the coordinates so we can verify" but I'm not going to do that until the Mono County Sheriff and whomever else has a chance to go out there in the morning when it's light and see what it is.

I did a post about it leaving out the coordinates but you can see the screengrab I did from Google Earth: http://www.iconnectdots.com/ctd/2007/09/is-this-st eve-f.html/

If anyone knows how to contact the Mechanical Turk folks at Amazon, email me please.

I disagree. It's not their responsibility to make you be secure, especially in terms of using their free service. If you give a damn, you'll add the one letter to the url to secure your connection. If you don't you'll keep blissfully using the service unsecured, and that's your own look out.

This attitude makes me want to scream. Two reasons:

* The average user doesn't know what SSL is, and doesn't know that he doesn't know. When will the utterly pathetic Slashdot segment that assumes the world revolves around their pet obsession realize that most people don't have an interest in this? You'd be mightily pissed if you bought crashed your car, and the airbag didn't work, because "duh, you have to turn on the flux capacitor if you want it enabled -- anyone with any interest in modern car construction knows that! If you gave a damn you should have done that yourself." In this particular case, there's not even a link to establishing a permanently secure session on Gmail's homepage. And if you login through https://gmail.com/ it doesn't keep the session encrypted, you have to use https://mail.google.com./ It's not even obvious to a techie that there is such an option. It wasn't to me, and I work in the security field. How on earth can you put this responsibility on the users?
* That the service is free doesn't absolve them of basic responsibilities. Obviously, you have no understanding of the laws that apply to these matters, another piece of evidence for your professional myopia.

People like you is the reason we have such immense problem with security in the first place. I say that in all seriousness. It was people like you who thought not checking for overflows in strcp was a good idea, because "anyone who cares will figure it out anyway." But it's really the thinly-veiled contempt for the large segment of your fellow humans who don't share your particular interest in internet protocols, the "let them burn" attitude, that I find disgusting. Please tell me you don't work developing applications for use by the average Joe, or we're all fucked.

Anyone else's https gmail connection gets owned when they visit http://www.gmail.com (the unencrypted page)?

Only Gmail's login process is https, once you get to the mail page it's standard http. However you can change the URL to https and it seems to stick.

-- stj

Only Gmail's login process is https, once you get to the mail page it's standard http. However you can change the URL to https and it seems to stick.

-- stj

Gmail by default only uses https for your login, not actually reading/sending mail. To get a full session via https you need to login to this URL: https://mail.google.com/ Note: https://gmail.com/ will NOT encrypt the session further than the login screen (see for yourself, look for the https connection).

    Having said all of that: Email is not an encrypted protocol by default! The method above is a good method for preventing sniffing on the last hop between you and Gmail (which is why I use it when I'm on an unsecured wifi connection to prevent easy eavesdropping). However, once the mail server sends the message on the open network... it is 100% cleartext. If you want real encryption, get PGP, this advice was true long before Slashdot got its panties in a bind over ISP's 'snooping' on your traffic.

    Oh and one more thing: I love the Slashdot doublethink: Having a large evil corporation (the ISP) possibly being able to sniff traffic to read some of my emails is a terrible invasion of my privacy!! Simultaneously: Having a large non-evil (because they said so) corporation (Google) actually store all my emails (much easier to get at them then trying to wire-sniff) and index them and use them to generate ads: SUPER!

It's more like gmail keeps track...If you go to http://gmail.com/ it will redirect you to https to log in, and then back to http for your mail. However, if you go to https://gmail.com/ then you will stay in https the whole time. This is exactly the way it's supposed to work, where your status is maintained, though it can be argued that they should default you to https for security.

If you use the "Gmail notifier" plug in for Firefox, it defaults to https. There is also a "gmail customizer" app that will let you specify HTTPS as the default, but I've never used it.