Slashdot Mirror

It appears they may have removed it in the most recent version of the Mac App Store on macOS but it was certainly there in previous versions of macOS, as can be seen here.

Don't forget about telemetry!

https://news.softpedia.com/new...

On the other hand, knowingly having compromised servers like that would be a PR nightmare, so Apple and Amazon would also have an incentive to say 'everything is fine'. That is what makes stories like this so frustrating... unless the FBI chimes in, everyone is saying pretty much what you would expect to say regardless of if the story is accurate or not.

DHS already chimed in.

https://news.softpedia.com/new...

The fact that they used Linux render farms for a while now was not knowledge to you, I assume.
Here an article from 2007 : https://news.softpedia.com/new...
And they talk about movies that came out in 1998 (Antz) that used Linux to render.

So yeah.

Microsoft produced a work eligible for copyright. They sell copies of that work.

No, Microsoft sells a $25 license to use that work. The work is free to download.
The $25 license is a *new* OEM license key, meant to be used with a pc that did not previously have a license key. For example, a pc that was put together from parts from other pc's of the same exact series and model.

Lundgren made his own copies, distributed them, and benefitted from that distribution of someone else's work.

Lundgren made copies of a freely downloadable copy of a Dell Restore Disc, as a convenience to customers, to sell with old/refurbished computers, that already *had* an OEM license key.

Please tell me why, in very specific terms, it would be just to allow this act?

Microsoft relies on consumers to buy a new pc with a newer version of windows when their old pc becomes unworkable, for example when a harddrive crashes, requiring a new harddrive in that pc, and then restoring the operating system with a Restore Disc, or if the file system corrupts beyond repair (or if said harddrive has a restore image which becomes corrupt), requiring again, restoring the operating system with a Restore Disc.
By the time this happens, the Restore Disc will often have gone missing, and/or the user/customer might have forgotten/lost the information that a Restore Disc even exists, or can be downloaded for free.

From my perspective, Lundgren was endangering sales of new licenses of newer operating systems, as well as sales of $25 licenses to go with old/refurbished pc's (as refurbishers will often go that route), by making it very convenient for users/customers to keep using old pc's with older versions of operating systems, in a way that was freely available, but seldom used, probably due to non-awareness.

Lundgren may have been infringing copyright in a minor way, but it certainly doesn't look as if he was doing it in a for-profit way. He had set a $0.50 price target for each disc. He was even very specific as to why he got in trouble: he put an official Microsoft and Dell logo on each disc, and that's against the terms of use for (the copy of) that Restore Disc.
Source: https://news.softpedia.com/new...

Precisely, facebook can easily be blocked as it's just one or two domains, but what about the biggest privacy-breaching data-collector of them all - the serial tracker Google?!

Pretty simple: using one of their countless javascript trackers, or through Chrome browser or Android.

Google has countless trackers all over the web, from doubleclick, analytics, captcha, to ad services, and tag manager, etc. Google is a serial tracker.

And if you know any amount of js, you'll realise how easy it is to fingerprint users using modern browsers, and the power a simple js script has over a page, including anything a user does from mouse movements, to keystrokes, etc.

It's quite interesting that companies like Apple and Mozilla are fighting for your rights and privacy, and yet it is these companies that get abused most often.

don't hurry.

browse these screenshots, particularly the second and third ones...

http://news.softpedia.com/news...

apache's openoffice, btw, is >>> that way >>> openoffice.org.

In both cases there was a lot of worry about the threat. An countermeasure was rushed out, and it seems like the countermeasure may have some side effects.

https://en.wikipedia.org/wiki/...

You have to wonder in each case if there's an element of overreaction going on.

In the Meltdown/Spectre case it the browser vendors are going to fuzz the timing functions to make side channel timing attacks harder to pull off

E.g.

http://news.softpedia.com/news...

Just like Microsoft and Mozilla, Google Chrome 64 will disable SharedArrayBuffer by default and modify the behavior of performance.now() by reducing precision from 5us to 20us in order to block exploits attempting to take advantage of the security vulnerabilities.

Also you can block third party scripts using uBlock Origin.

https://github.com/gorhill/uBl...

China, apparently: http://news.softpedia.com/news...

You mean like they didn't when Symantec did it?

This: http://www.softpedia.com/get/T...

Should take care of that annoyance for you.

Now that they are doing "roll-up" style updates, who TF knows which update was "poisoned".

Remember when Twitter shut down access to 3rd party access?
http://www.digitaltrends.com/m...
https://www.independent.co.uk/...
http://www.idownloadblog.com/2...
http://news.softpedia.com/news...
http://www.eweek.com/developme...

VPN's may only protect you from your own ISP, but what about the biggest spyware organisations, such as Google/Facebook?
They all rely on browser fingerprinting more than anything else these days, and subtly transmitting information back in an encoded form, including mouse movement patterns to learn about the individual.

Cookies/HTML5 storage are so last decade, as I've seen a growing number of companies (Cyberfend / iovation / iesnare / "cformanalytics", browser.id (navigator.io), etc) provide services specialising in tracking and individually identifying users - even surprisingly across devices, somehow.

As far as I can tell, only Mozilla is attempting to reduce/fight this with their browser, especially as they recently removed the Battery status API, added disconnect.me to blacklist known trackers in v43, Font fingerprinting, etc.

Sure, you can use addons like adblockplus, noscript, decentraleyes, etc to some degree, but many times they break websites as more and more sites are utilising javascript exclusively for a website to function, including third-party scripts, such as GoogleTagManager, etc.
Just recently discovered that the popular London travel website TfL also contains a third-party tracker, without which their journey planner doesn't work, thus the website doesn't work with Firefox's disconnect.me privacy list.

Because it's SO difficult for someone to write a new app with no backdoors. Britain can't stop this; they can pass all the laws they want. But terrorists really don't care what the law says by definition. Plus it is a proven fact that British police can't stay within the lines when it comes to information like this.

Although intriguing and saddening that they've unlocked the iPhone 6 (but not 6s?).

What's more intriguing is that, why are Android phones so easy to break?!
And why is it we never hear from Google/Microsoft wanting to protect its users against government surveillance, unlike Apple.
... I guess everyone is aware that Google is a corporate spying empire, and yet there are people here who still argue against Apple and advocate for Android spyware?

Would you advocate GMail/Hangouts over Signal/Telegram/WhatsApp ?

That's not exactly true.
Although Google provide a nice little re-assuring interface, the fact their entire business model depends on gathering as much data about an individual and going deep into their lives*, I don't think it's exactly turning off data gathering, but rather not providing tailored ads. I believe Google also sells data to the highest bidders, especially governments and insurance firms.
Because if their entire revenue was based on ads, what is quite interesting is that Google isn't fighting harder against ad blockers and instead, actively allow people to use YouTube / Mail / Search with an adblock / domain blocker.

But the more worrying aspect is their hidden trackers.
Unlike facebook / microsoft, you can choose not to use their products and block their handful of domains. However, that's virtually impossible with Google, especially considering captcha / tag manager / syndication / Google's web api's / google user content / analytics, etc... the list goes.

* as the former CEO of Google (Eric Schmidt) said: "We know where you are; We know where you've been; We can more or less know what you're thinking about".
As well as saying: "I actually think most people don’t want Google to answer their questions, they want Google to tell them what they should be doing next".

The same can be said about any Google product from Android/ChromeOS to Search/Maps/Mail to Doubleclick/Captcha/Analytics/Tag Manager/APIs/+1/etc.

I'm not defending MS doing it so openly, but we should put things in perspective and realise how powerful Google is compared to any other company. They even have their hands dirty in the system behind tax and health in various companies and governments, not to mention corporate email systems!

"yelling very loudly at your hardware vendor and refusing to buy from them again unless they cut this crap out"

3.18 was released slightly over 2 years ago (7 Dec 2014). It went LTS 3 months later (2015/3/11). At the time, "it will be supported with patches for at least two more years from today." Now it's gone, less than 2 years later. And, 2 years isn't "long term" by any reasonable definition to begin with. Don't yell loudly at anyone who used it, yell loudly at Greg Kroah-Hartman and the other kernel maintainers for over-promising and under-delivering, who think 2 years is a long time and won't even keep that commitment. 3.16 (LTS) is projected to go to 2020, when it's 5 1/2 years old (kudos to Ben Hutchings, who's a bit more realistic about what "long term" means).

(and of course, anyone the size of Google should be able to put their own resource on maintaining a kernel they chose to use for longer if need be, not that they've figured out how to keep Android devices up-to-date anyway)

The preference for paying nothing at all...

Libreoffice 100 million users, zero pirates

So 6.9 people billion choose not to use it? I'm not sure your definition of 'preference' is sound...

The preference for paying nothing at all...

Libreoffice 100 million users, zero pirates

ARK claims a 20% performance increase in DX12. We'll see.

As much as I hate and disdain the spying empire Google; private companies only thought about adopting https because of Google's hint of ranking sites based on utilising https encryption.

Anything Google does is for its own selfish purpose, not for the good of humanity - so the reason for the push towards https is so that Google (almost alone) has analytics and information about site visitors and the amount of money e-commerce and such sites are making. Without encryption, countless other firms (such as alexa) was capturing user analytics through approaching different providers, and often directly from ISP's.

Remember, Google's trackers are almost ubiquitous (unlike facebook), so they want to own alone the vast amounts of info on users and organisations - and then use this info to either catalogue people and/or sell this to evil companies/organisations, such as insurance firms and governments.

Information is power, user information is even more power, especially if you alone hold that data.

Not allowed to deviate from GPS?? so the uber auto drive car will just drive

Into a sand pile? http://www.news.com.au/lifesty...
drive down boat launch into lake https://youtu.be/a2QIH2uz3p8

drive into Pacific Ocean https://youtu.be/h89RT_dc-v0 http://www.redlandcitybulletin...

drivers off cliff https://www.youtube.com/watch?...

follows directions onto railroad tracks http://www.telegraph.co.uk/new...

follows GPS down flight of steps http://croatiantimes.com/?id=5...

directed to wrong part of Italy http://www.telegraph.co.uk/new...

takes goat trail up mountain http://metro.co.uk/2010/09/28/...

  into Tree http://news.softpedia.com/news...

crash after GPS orders U-turn http://www.expatica.com/fr/new...

While we are following up at this story, do we know what happened to the security researcher that disapeared after accusing the central bank of poor security practice?

"Because Windows has a bad habit of hiding file extensions, whenever the device owner accesses their NAS, they see this file as a folder, fooled by the fake icon." - http://news.softpedia.com/news...

So part of the problem is windows too. Hiding file extensions and allowing scripts to be run without confirmation. That's the same rubbish which made macro viruses so rampant in msoffice formats.

I guess that John McAfee lawsuit is useless now.

Learn how to use href FFS.

You're kidding right?
Surely you can't be that ignorant of Google's power?!

Here's a quick search to answer your question.

Google literally have the power to change leadership of entire nations and sway voters, and even make or break an entire company!

Google products are 100% voluntary, if you don't want to use them, then don't...

Err, no they're not.
You're Google's product and slave whether you like it or not.
It's easy (for a technical person) to simply not use facebook and block their 2/3 domains, but it's almost impossible to do that with Google, considering GoogleAPIs, Captcha, Doubleclick, Analytics, GoogleAdServices, GoogleSyndication, GTM, Plus, etc, etc.

Cisco already has.

http://news.softpedia.com/news...

In the case of Android... how?
When most of the tracking mechanisms are built into their proprietary (non-open source) modules? ... which are then picked up and blindly adopted by cyanogenmod.

And in the case of the web, Google has made life very difficult by ensuring their trackers are virtually everywhere and thus, almost impossible to block, especially by normal users. Think about GoogleAPIs, Analytics, Doubleclick, Capcha, GoogleTagManager, DNS, etc.

Go educate yourself: Google is a serial tracker.

M$ doesn't sell or support XP anymore, release the source code and let the market create it's own security patches.

Maybe everyone can buy patches for windows 2000 server from the Russian mob or a github account

It didn't wipe anything. It was FOSSHUB, a repository of OPEN SOURCE applications, which had been hacked. People installed malware from it and then blamed Windows 10. http://news.softpedia.com/news...

http://www.gamespot.com/articl...

Clickbait from 2014.

http://www.fool.com/investing/...

Clickbait that claims that the Fire TV/mobile is a competitor to the PS4/Xbox.

http://www.cnet.com/news/xbox-...

This one is about Windows apps on Xbox, and has nothing to do with your premise.

http://news.softpedia.com/news...

Clickbait from 2009, which means the "last generation" they were referring to was the 360 and PS3!

Sony is talking about no future playstations.

I've seen nothing of the sort, citation needed from SCEfoo themselves.

And as to ease of use... learn to use a computer or render yourself too incompetent to participate in the modern world.

I run Linux so by my standards, you windows using gamer dudebros are the incompetents who shouldn't even be trusted to admin their own computer.

The level of competence required to manage a gaming PC is within the easy reach of a ten year old child. If that's too much for you... then that can only be pitied.

The masses simply can't be trusted to admin their own machines well. They don't have the time, knowledge or inclination. Said people should not be gaming on PC's....at all. They probably shouldn't even be using PC's for web browsing or media consumption.

Again, I run Linux, so NEVER pull that "console gamers are dumb" shit with me.

http://www.gamespot.com/articl...

http://www.fool.com/investing/...

http://www.cnet.com/news/xbox-...!

http://news.softpedia.com/news...

The writing is on the wall. MS is talking about making the Xbox effectively a gaming PC with a console formfactor. Sony is talking about no future playstations. The industry is moved on.

The entire console system doesn't make sense. Its more expensive... period. In every way. The quality that you get is generally a lot less. Compatibility is less. And as to ease of use... learn to use a computer or render yourself too incompetent to participate in the modern world. The level of competence required to manage a gaming PC is within the easy reach of a ten year old child. If that's too much for you... then that can only be pitied.

Video demonstration http://news.softpedia.com/news...

CryptoStalker - http://news.softpedia.com/news...

There's no connection between the hacked forums and the Apple ID incident. According to this Softpedia article (who apparently talked to the hacker), he used a vBulletin zero-day to hack the forums. What does that have to do with Apple? http://news.softpedia.com/news...

Yes it is. Xu was one of the engineers that worked on GPFS: http://news.softpedia.com/news...

This is shameful. This is just a re-wording of the Softpedia article from this morning, including the editor's train of thought when arranging and phrasing paragraphs. The dead giveaway is the mention of the NATO report at the end of the article and the Google quotes in the same position. http://news.softpedia.com/news... Nice work The Stack!!!

>> I'd rather they quit pestering me to do something I do not want to do.
> I understand... I don't want to pay my taxes either, but I have to...

False equivalence much? You're comparing apples and oranges assuming they are the same thing.

NOT paying taxes is illegal.

NOT upgrading is legal.

> You don't have to like it, but you have to do it.

[[Citation]]

I get to decide what patches to install on my computer, not Microshit.

> If you're online, you have to keep your computer up to date, to do otherwise is irresponsible and unsafe...

Assuming the updates are safe AND work. Oh look, why did Microsoft pull updates KB 3114409, The Windows 10 Nov. Update, /KB3001652, etc.

But keep drinking that Kool-Aid (TM) and astroturfing there buddy.

http://tech.slashdot.org/story...
http://www.theregister.co.uk/2...
http://news.softpedia.com/news...
http://www.dshield.org/diary/D...
http://www.dshield.org/diary/D...
http://www.dshield.org/diary/D...
http://threatpost.com/ultradns... restored_after_ddos_takes_out_dns/
http://www.dshield.org/diary/I...
http://www.itnews.com.au/News/...
http://tech.slashdot.org/story...
http://news.softpedia.com/news...
http://www.dshield.org/diary/P...
http://www.dshield.org/diary/D...

APK

http://tech.slashdot.org/story...
http://www.theregister.co.uk/2...
http://news.softpedia.com/news...
http://www.dshield.org/diary/D...
http://www.dshield.org/diary/D...
http://www.dshield.org/diary/D...
http://threatpost.com/ultradns... restored_after_ddos_takes_out_dns/
http://www.dshield.org/diary/I...
http://www.itnews.com.au/News/...
http://tech.slashdot.org/story...
http://news.softpedia.com/news...
http://www.dshield.org/diary/P...
http://www.dshield.org/diary/D...

APK

It actually happened with the US and Philippines as well. http://www.databreaches.net/19... http://news.softpedia.com/news...

Krebs and others have been talking about these kinds of Chinese surveillance products for awhile: https://news.slashdot.org/stor...

Here's another: http://news.softpedia.com/news...

The catch with *this* story is that it is about a product available through Amazon. That's it, in a nutshell.

You mean like this "related" news story from the same site? http://news.softpedia.com/news...

lol...softpedia has an interview in the related links with a guy that describes himsefl as "the scourge of Bitcoin payment sites". no wonder they went bankrupt with d-bags like these lurking around the web http://news.softpedia.com/news...

No real surprise in all of this, tbh. ~15 years of writing AV stuff getting me absolutely nowhere, and I got burned out, hence pulling the plug. I've said this many times, but there needs to be a centralized database that vendors pull their info from. The next step is seeing which AV vendor can write the most efficient detection algorithm. The only thing I brought table with my project was a bare minimum standard of efficiency. The result was this:

1 Dependency installer
No further "installation" needed
Comprehensive databases (Whitelist, blacklist, port list, API calls, filenames/sizes (forensic blacklist/whitelist), default install paths - ~400 million unique matches)
Fast data access times (only limited by hardware and internet latency 0/0000-F/FFFF hash database format @ avg 220 bytes per file, 17GB overall)
Small frontend with low overhead (5MB package size, ~2MB overhead)

http://www.softpedia.com/get/A...
And sauce - https://www.planet-source-code...
This particular industry is indeed a popularity contest. At this juncture, I can at least prove I know what I'm talking about.

Most AV programs have not only become bloatware, adding more and more useless "features", but they have actually become malware themselves.

For example:

The AVG Web TuneUp Chrome extension, forcibly added to Google Chrome browsers when users install AVG antivirus, is vulnerable to trivial XSS (cross-site scripting) attacks.

"This extension adds numerous JavaScript APIs to Chrome, apparently so that they can hijack search settings and the new tab page. The installation process is quite complicated so that AVG can bypass the Chrome Store malware checks, which specifically tries to stop abuse of the Chrome Extension API."

The story has now been updated to read:

Microsoft has just confirmed that the update it made to the Windows Store FAQ page was just a mistake and that Windows 10 would continue to support Bitcoin.