Writing is terrible as others have mentioned..... I won't rehash, but how could you get anyone to agree when they can't maintain interest.
Also, the premise is poor - at least how I understood it - "Advice is only good if it is followed" ?? People don't do simple things, so the problem is not the advice, it is the inherent laziness or not caring of most people.
Using your example - advice to quit smoking is not good as people still smoke. Sorry, the advice is still valid, but for some reason people feel that it doesn't apply to them. Tech is only different because advice can be simple or overly complex. The overly complex may be valid in some cases - but because people don't do it, doesn't make it bad advice.
"However, the app didn’t validate those connections, so users’ financial information was exposed during transmission." - This is false, the channel was still encrypted, but it is possible for an MTM attack to occur. Now if the client knows who it is talking too (IP Address) with some messages exchanged in the application layer, then SSL verification may not be needed. The real purpose of SSL cert validation is to authenticate who you are talking too - if you know you want to talk to server 10.10.10.10, then someone would have to subvert the routing protocols to intervene. And even with Cert validation, there are ways to conduct a MTM attack if that is turned on - NG firewalls and other SSL decryption corporate tools do it all the time if the users machine or phone has a custom issuing cert installed.
Google hasn't changed their home page since '97 ish - why should slashdot. What you have works. The mobile site sucks, and seems to be like the Beta. Classic is fast and works. Don't change just to change.
The expensive SSDs are not always expensive because the manufacturers are greedy. Data corruption on SSDs is a huge issue. And even before this article I would not touch OCZ if you paid me. But the author is scraping the bottom of the barrel to find a suitable solution, and the title should reflect this - sub 100 pounds is one cheap SSD. Since Intel makes Flash I would expect them to pass - or by horrified if they didn't. I would expect Samsung to pass as well as they fab lots of the flash that everyone else buys. Many of the others just buy it, arrange it on a PCB and sell it - not as much understanding or engineering going on there.
Nice to know, but the blurb would be better if all the main players were included in the testing.
We put soffit lights in. They point down and illuminate the ground - just like other DarkSky solutions. Dark sky lights point down and have a shield around the bulb, so all light goes down. Soffit lights are can lights in the soffit - the roof overhang area. There is nothing to shine in neighbors eyes, and the light is around the perimeter of the house as a security deterrent. Flood lights that point up, make a house look creepy.
Again, simple solution. Downward pointing lights with shielded bulbs.
VCs have different contractual terms, but in the end they want to see at least a 4 to 1 ROI. As others have said, you need to tell them how it will make them money.
Do you expect to have a software company and sell an app? Will you license this tech? If so, who is your target. Does this take time - meaning if Samsung was a licensee would this algorithm work in real time on a phone? Will someone have to transfer video to a PC and then post process? If it is the latter, you really need to talk about who will buy it. Have you done any market research? You have to convince the VCs that this will make them money - so you should have a solid idea of who your customer is, and if it will sell.
"no one calls to say they misplaced their printer icon"; No adobe update notifications, don't need to defrag or update, etc..... Why not? Linux doesn't do away with any of this. Package updates break things on Linux as often as they do on any other platform. Adobe needs updates on Linux too.
The difference is that the users are scared to touch anything, so they don't. Instead of users buying software and doing their own work, they hire him to administer free software - I am OK with that, but I hate the myth that Linux "just works". There is a reason, that even with all the free software that exists, the software companies are still in business.
The article tries to make the point that side loading is the cause of piracy. That because anyone can search for a pirated game, find it, and easily install it, that this ability to sideload is what makes Android a poor OS from a security perspective. Windows, Mac, Linux, Solaris, BeOS, AIX, HP-UX, and others allow installing applications from "unknown sources" and they are not platforms of evil (take your MS shots here).
It is silly that Slashdot even promoted this blog post. The author should address how software gets pirated (same way it does elswhere) - through exploits, hacks, cracks etc. Making it easy to install is not what causes piracy. It is a moral decision by the person doing the pirating.
One thing that would help stop it: trial versions or timed versions of software. But don't blame sideloading. This is one thing that makes android development and alternate app stores so much easier on Android then other platforms.
Of course the other option for any developer - sell your APK directly, and provide your own serial tied to something on the phone. Some companies do this and it can work. But as always, if someone has physical access to a device, then true security is impossible.
I hope the guy gets punished as a traitor. If everyone took his stance that "information should be free" and released what they should be shared, where would be? The next guy may want to level the playing field and share fighter plans, nuke designs, whatever he thinks should be free.
No sympathy from me. And Assange is a jerk as well - he thinks he knows best on what to share. - I don't think or govt is perfect by any stretch, but sharing every secret without thought of the consequences is insane.
If every Mother-in-Law knew every thought or feeling that another in-law had about her... we would have no one left alive after Thanksgiving dinners. Secrets are made to be secret.
I concur. Article is incorrect and Slashdot just regurgitated it. At least the blog post by the original author is correct. A Windows trojan - nothing else.
In EU they decided years ago to block EMEI numbers on stolen handsets - all the carriers participate and handset theft dropped to manageable levels. In the US, AT&T could do it for the iPhone and other phones but they do not...
Why - it is not worth the hassle. They don't want the complaints from potential customers that bought an iPhone on eBay. AT&T would rather have the revenue of the new customer then deal with the complaints that someone bought a stolen phone.
Why would Amazon behave any differently? They have the potential to sell hundreds of ebooks to the user of the stolen kindle and sell a new device to the victim that lost the original kindle. Amazon wins on all counts.
People need to face facts - no vendor really cares. They will not bite the hand of recurring revenue.
I agree. OP is an idiot.
Another point is that no one should depend on client sided data as the sole means for input validation. That is why Web Servers check input even though JavaScript does it on the web site - clients can't be trusted. The only reason client side validation is done is to save time, and catch some errors early, but the real validation always comes later - for this package it would be the code checking at install time. MS knows Browser headers are spoofed all the time, so they chose not to bother checking them.
I agree 100%. The story sucks. The author gives MS a fail because it would download? The author never installed it and then said the system was F'd up.
Guess what, I can download a Mac binary or DMG from apple to my XP box. Where is the big story on that?
Maybe the next story should be "I downloaded warez and got malware". Give us some more non-news news.
I worked at Dell during the dot com bubble burst. When Dell laid off people in IT, the H1-B visa employees were the last to go (if at all).
They were half the price as their American counterparts. Nothing changed then, nothing will change now. For most positions, all that the higher ups care about is the cost of labor, not skill set or what is right.
Microsoft will do the same.
Actually, BestBuy does not have access to your home address via your credit card. Credit Card companies don't give this out to merchants unless their is some type of fraud investigation. If this is a debit card that is issued by a local bank, then it is even less likely that a merchant could get your address.
As mentioned elsewhere, you probably bought something else, in the past, at BB and they had your name and address already associated to your CC number.
To the writer of this article:
I think your article is sensationalism. As a commenter above pointed out, this has been going on for years with BB and other AT&T/GSM cell phones.
To put iPhone in the title and to suggest that people on con calls are asked "to move their iPhone" is just misleading. Anyone that knows the sound from a con call, would say Blackberry before even imagining iPhone, but most likely would just say "can someone move their cell phone away from the phone".
You even quote Polycom as saying they have been working on this for years... so why is iPhone in the title? I will guess you are a new or unknown writer that is trying for his 5 minutes of fame. You got on Slashdot, but now I have little respect for you due to your bogus "journalism".
It would be interesting to hear more about this hack as they seem to make a pretty bold and bogus claim in the article:
"Unlike modern personal computers and other advanced smartphones like the iPhone, the Google phone creates a series of software compartments that limit the access of an intruder to a single application."
The iPhone is very compartmentalized. That is why there is no cut and paste - all apps are limited to their own directory. Anyone that has jailbroken an iPhone is familiar with how one app can NOT access data in another apps directory unless permissions are changed.
Anyone else know more about this comment? It is true for WinMo smartphones - no perms at all, but I am pretty sure that the iPhone does not apply. Is this just a dig at apple?
This is the same country that was going to execute a man for converting to Christianity.
Good thing we defeated the Taliban so the Afghans could dismantle a repressive religious government and bring about free thought and tolerance.
I may take a harsh position, but I liken this trying to bring electronics to cave men. Their society is not ready to jump that far ahead.
So if I post a conspiracy theory that links Bin Laden to Bush's successful election, i will get a score of informative? Or do i need to do something crazier like talk about how we ourselves blew up the twin towers?
You can write off un-reimbursed business expenses and charitable contributions.
Working on OSS projects does not qualify as either one unless your company is paying you to do this from home - then you can write off your router/internet/etc. as long as they are for business only.
Driving to LUG - how does that fit? LUG is not a recognized charity, nor is 99.999% of OSS.
Taxes on your home should be deducted as part of one of your normal itemized deductions; if you are taking another part of them for this OSS work, you are double dipping.
Ask your CPA if he will pay the fines when you get audited? You may want to be ready with an alibi when IRS comes knocking - tell them you have a wireless router that has no encryption and someone was parked outside, posting to slashdot.
Also, I would find a reputable CPA, as this one is giving you some bogus info.
You have not found a loophole. If you buy disk and then burn your software and donate the disks, you can write off the cost of the disks. You still can NOT write off your time.
It is no different then other trades. If I donate my time building a shed for a charity, I can write off any materials I bought while building that shed (lumber, roofing, nails, etc.) but I still can not write off my time.
Now, if you sold a completed product and donated 50 of them to charity, there is a cost of goods sold deduction (what is the cost of the product), but this is usually established in past accounting documents - what is the retail versus wholesale price when you are selling this to the public. You can't just make this stuff when you want to turn something into a charitable contribution.
I take that back, you can make up anything you want and deduct anything you want. You can claim that you don't owe any tax as the tax laws are violations of a bunch of amendments to the constitution. Just be prepared to go toe to toe with the IRS - and they usually win.
Imagine - the biggest issues that the governor has to deal with revolve around online gambling. I guess with the Creationism museum (oops! Intelligent Design), Kentucky must truly be heaven on earth now that the gambling problem is cleared up.
Maybe the Governor will get the Nobel peace prize for this? I guess he already tackled the hard stuff like poverty and health care. Could he be our 2012 presidential candidate? Maybe he will win on write in votes this year.
Wow! It is good to be an American. I am sure the other states will follow and Utopia is just around the corner.
Slashdot Mirror
Writing is terrible as others have mentioned..... I won't rehash, but how could you get anyone to agree when they can't maintain interest.
Also, the premise is poor - at least how I understood it - "Advice is only good if it is followed" ?? People don't do simple things, so the problem is not the advice, it is the inherent laziness or not caring of most people.
Using your example - advice to quit smoking is not good as people still smoke. Sorry, the advice is still valid, but for some reason people feel that it doesn't apply to them. Tech is only different because advice can be simple or overly complex. The overly complex may be valid in some cases - but because people don't do it, doesn't make it bad advice.
"However, the app didn’t validate those connections, so users’ financial information was exposed during transmission." - This is false, the channel was still encrypted, but it is possible for an MTM attack to occur. Now if the client knows who it is talking too (IP Address) with some messages exchanged in the application layer, then SSL verification may not be needed. The real purpose of SSL cert validation is to authenticate who you are talking too - if you know you want to talk to server 10.10.10.10, then someone would have to subvert the routing protocols to intervene. And even with Cert validation, there are ways to conduct a MTM attack if that is turned on - NG firewalls and other SSL decryption corporate tools do it all the time if the users machine or phone has a custom issuing cert installed.
Google hasn't changed their home page since '97 ish - why should slashdot. What you have works. The mobile site sucks, and seems to be like the Beta. Classic is fast and works. Don't change just to change.
The expensive SSDs are not always expensive because the manufacturers are greedy. Data corruption on SSDs is a huge issue. And even before this article I would not touch OCZ if you paid me. But the author is scraping the bottom of the barrel to find a suitable solution, and the title should reflect this - sub 100 pounds is one cheap SSD. Since Intel makes Flash I would expect them to pass - or by horrified if they didn't. I would expect Samsung to pass as well as they fab lots of the flash that everyone else buys. Many of the others just buy it, arrange it on a PCB and sell it - not as much understanding or engineering going on there. Nice to know, but the blurb would be better if all the main players were included in the testing.
We put soffit lights in. They point down and illuminate the ground - just like other DarkSky solutions. Dark sky lights point down and have a shield around the bulb, so all light goes down. Soffit lights are can lights in the soffit - the roof overhang area. There is nothing to shine in neighbors eyes, and the light is around the perimeter of the house as a security deterrent. Flood lights that point up, make a house look creepy. Again, simple solution. Downward pointing lights with shielded bulbs.
VCs have different contractual terms, but in the end they want to see at least a 4 to 1 ROI. As others have said, you need to tell them how it will make them money. Do you expect to have a software company and sell an app? Will you license this tech? If so, who is your target. Does this take time - meaning if Samsung was a licensee would this algorithm work in real time on a phone? Will someone have to transfer video to a PC and then post process? If it is the latter, you really need to talk about who will buy it. Have you done any market research? You have to convince the VCs that this will make them money - so you should have a solid idea of who your customer is, and if it will sell.
"no one calls to say they misplaced their printer icon"; No adobe update notifications, don't need to defrag or update, etc..... Why not? Linux doesn't do away with any of this. Package updates break things on Linux as often as they do on any other platform. Adobe needs updates on Linux too. The difference is that the users are scared to touch anything, so they don't. Instead of users buying software and doing their own work, they hire him to administer free software - I am OK with that, but I hate the myth that Linux "just works". There is a reason, that even with all the free software that exists, the software companies are still in business.
I like the humorous stories, but clicking 3 times to get to them has to go. Kill the ROT13 part..... I guess i need to stay away until tomorrow.
The article tries to make the point that side loading is the cause of piracy. That because anyone can search for a pirated game, find it, and easily install it, that this ability to sideload is what makes Android a poor OS from a security perspective. Windows, Mac, Linux, Solaris, BeOS, AIX, HP-UX, and others allow installing applications from "unknown sources" and they are not platforms of evil (take your MS shots here). It is silly that Slashdot even promoted this blog post. The author should address how software gets pirated (same way it does elswhere) - through exploits, hacks, cracks etc. Making it easy to install is not what causes piracy. It is a moral decision by the person doing the pirating. One thing that would help stop it: trial versions or timed versions of software. But don't blame sideloading. This is one thing that makes android development and alternate app stores so much easier on Android then other platforms. Of course the other option for any developer - sell your APK directly, and provide your own serial tied to something on the phone. Some companies do this and it can work. But as always, if someone has physical access to a device, then true security is impossible.
I hope the guy gets punished as a traitor. If everyone took his stance that "information should be free" and released what they should be shared, where would be? The next guy may want to level the playing field and share fighter plans, nuke designs, whatever he thinks should be free. No sympathy from me. And Assange is a jerk as well - he thinks he knows best on what to share. - I don't think or govt is perfect by any stretch, but sharing every secret without thought of the consequences is insane. If every Mother-in-Law knew every thought or feeling that another in-law had about her... we would have no one left alive after Thanksgiving dinners. Secrets are made to be secret.
I concur. Article is incorrect and Slashdot just regurgitated it. At least the blog post by the original author is correct. A Windows trojan - nothing else.
In EU they decided years ago to block EMEI numbers on stolen handsets - all the carriers participate and handset theft dropped to manageable levels. In the US, AT&T could do it for the iPhone and other phones but they do not... Why - it is not worth the hassle. They don't want the complaints from potential customers that bought an iPhone on eBay. AT&T would rather have the revenue of the new customer then deal with the complaints that someone bought a stolen phone. Why would Amazon behave any differently? They have the potential to sell hundreds of ebooks to the user of the stolen kindle and sell a new device to the victim that lost the original kindle. Amazon wins on all counts. People need to face facts - no vendor really cares. They will not bite the hand of recurring revenue.
I agree. OP is an idiot.
Another point is that no one should depend on client sided data as the sole means for input validation. That is why Web Servers check input even though JavaScript does it on the web site - clients can't be trusted. The only reason client side validation is done is to save time, and catch some errors early, but the real validation always comes later - for this package it would be the code checking at install time. MS knows Browser headers are spoofed all the time, so they chose not to bother checking them.
I agree 100%. The story sucks. The author gives MS a fail because it would download? The author never installed it and then said the system was F'd up.
Guess what, I can download a Mac binary or DMG from apple to my XP box. Where is the big story on that?
Maybe the next story should be "I downloaded warez and got malware". Give us some more non-news news.
I worked at Dell during the dot com bubble burst. When Dell laid off people in IT, the H1-B visa employees were the last to go (if at all). They were half the price as their American counterparts. Nothing changed then, nothing will change now. For most positions, all that the higher ups care about is the cost of labor, not skill set or what is right. Microsoft will do the same.
Actually, BestBuy does not have access to your home address via your credit card. Credit Card companies don't give this out to merchants unless their is some type of fraud investigation. If this is a debit card that is issued by a local bank, then it is even less likely that a merchant could get your address.
As mentioned elsewhere, you probably bought something else, in the past, at BB and they had your name and address already associated to your CC number.
There is no address stored on a mag stripe.
To the writer of this article: I think your article is sensationalism. As a commenter above pointed out, this has been going on for years with BB and other AT&T/GSM cell phones. To put iPhone in the title and to suggest that people on con calls are asked "to move their iPhone" is just misleading. Anyone that knows the sound from a con call, would say Blackberry before even imagining iPhone, but most likely would just say "can someone move their cell phone away from the phone". You even quote Polycom as saying they have been working on this for years... so why is iPhone in the title? I will guess you are a new or unknown writer that is trying for his 5 minutes of fame. You got on Slashdot, but now I have little respect for you due to your bogus "journalism".
It would be interesting to hear more about this hack as they seem to make a pretty bold and bogus claim in the article:
"Unlike modern personal computers and other advanced smartphones like the iPhone, the Google phone creates a series of software compartments that limit the access of an intruder to a single application."
The iPhone is very compartmentalized. That is why there is no cut and paste - all apps are limited to their own directory. Anyone that has jailbroken an iPhone is familiar with how one app can NOT access data in another apps directory unless permissions are changed.
Anyone else know more about this comment? It is true for WinMo smartphones - no perms at all, but I am pretty sure that the iPhone does not apply. Is this just a dig at apple?
This is the same country that was going to execute a man for converting to Christianity. Good thing we defeated the Taliban so the Afghans could dismantle a repressive religious government and bring about free thought and tolerance. I may take a harsh position, but I liken this trying to bring electronics to cave men. Their society is not ready to jump that far ahead.
So if I post a conspiracy theory that links Bin Laden to Bush's successful election, i will get a score of informative? Or do i need to do something crazier like talk about how we ourselves blew up the twin towers?
You can write off un-reimbursed business expenses and charitable contributions. Working on OSS projects does not qualify as either one unless your company is paying you to do this from home - then you can write off your router/internet/etc. as long as they are for business only. Driving to LUG - how does that fit? LUG is not a recognized charity, nor is 99.999% of OSS. Taxes on your home should be deducted as part of one of your normal itemized deductions; if you are taking another part of them for this OSS work, you are double dipping. Ask your CPA if he will pay the fines when you get audited? You may want to be ready with an alibi when IRS comes knocking - tell them you have a wireless router that has no encryption and someone was parked outside, posting to slashdot. Also, I would find a reputable CPA, as this one is giving you some bogus info.
You have not found a loophole. If you buy disk and then burn your software and donate the disks, you can write off the cost of the disks. You still can NOT write off your time. It is no different then other trades. If I donate my time building a shed for a charity, I can write off any materials I bought while building that shed (lumber, roofing, nails, etc.) but I still can not write off my time. Now, if you sold a completed product and donated 50 of them to charity, there is a cost of goods sold deduction (what is the cost of the product), but this is usually established in past accounting documents - what is the retail versus wholesale price when you are selling this to the public. You can't just make this stuff when you want to turn something into a charitable contribution. I take that back, you can make up anything you want and deduct anything you want. You can claim that you don't owe any tax as the tax laws are violations of a bunch of amendments to the constitution. Just be prepared to go toe to toe with the IRS - and they usually win.
Tell him he is a tool! http://governor.ky.gov/contact/contact.htm And thank him for the Creationism museum too.(Dinos and Man living side by side)
Imagine - the biggest issues that the governor has to deal with revolve around online gambling. I guess with the Creationism museum (oops! Intelligent Design), Kentucky must truly be heaven on earth now that the gambling problem is cleared up. Maybe the Governor will get the Nobel peace prize for this? I guess he already tackled the hard stuff like poverty and health care. Could he be our 2012 presidential candidate? Maybe he will win on write in votes this year. Wow! It is good to be an American. I am sure the other states will follow and Utopia is just around the corner.
I agree, I like the stories. For those that don't like this segment, it is clearly marked, so just don't read it.