..to keep the noise in Facebook down to a minimum. This way I don't see any of the quizzes people want me to take..
little known facebook trick, is that if you hover over the notification, then click the x, you can select hide all from this application (also report as spam), a similar thing can be done when hiding friends who talk too much!
That was my old policy, however check this out it does allow much greater control over apps than previously available. At a minimum i have to give the app maker "my name, networks, and list of friends", which is much better than the old choice of everything/nothing, and IIRC the defaults are fairly tight too mine only gave away basic info ("Your basic info consists of your birthday, gender, hometown, political views and when you last updated your profile.") & my profile pic.
Unlike many slashdoters i feel the need to keep in touch with my friends outweighs the need to live in a basement with a tinfoilhot keeping my data (that nobody wants as anyway) private, so i do have a facebook account *gasp*. I have always taken care to keep my data private though, this is so that while i can tell my friends that im a racist, in-bread(hence all the spelling mistakes), thieving, crack addict, hopefully prospective employers will never know about it. It's surprising that facebook is in trouble now, because i was surprised at how well i can keep my data private while still using 3rd party apps. Originally there was no privacy on FB, then you could protect yourself from facebook themselves, but if you installed one bad app all your data goes straight to the CIA, now this page, that i noticed the other day in my regular app clean-up (how could i not accept an invite to pacman), allows you pretty granular control over your data, ranging from all your data (which some apps may use) to "name, networks, and list of friends", which I'm pretty happy to hand out.
Privacy is not black/white, i was never happy giving a stupid flash game developer access to all my information for whatever evil purposes they have, but tbh ill trade my list of friends and name (which they can surely indirectly get from my friends list of friends) for a stupid flash game anyday! I assume the problem the canadians have is that even without installing any apps, if all my friends do they get access to my name, my list of friends, my wall posts, photos of me taken by others and photos of others including me. Perhaps that will be the next push in the facebook privacy API, stopping friends from giving your data away?
They still do business in Canada when they sell ads for Canadian companies/sell stuff to Canadians/etc, now they could lose that revenue, or they could work with officials to improve the privacy of their users, thus keeping that revenue while improving their site. Do facebook really want to lose 11m users worth of revenue (and probably more long term as the EU may follow suit) ?
Does anyone actually expect privacy from these networking sites anymore?
Yes many people do, not all countries believe so strongly in the market as the US and we often want restrictions put on businesses to keep our data the way we want it.
Besides, who puts something on Facebook that they _want_ to keep _private_?
People with friends, FB is not myspace (its not a site to go meet random people off the internet with) it's a site to allow friends (of varying levels of technical competency) to keep in touch and communicate. I put stuff i want my friends to see on my facebook profile that perhaps i don't want everybody in the world to know about! embarrassing pictures people take of me can be tagged on facebook, tbh i don't care if my mates see me passed out in a field but i sure as hell don't want everybody on the internet (including prospective employers) to see it. If i have a choice between 1)total privacy 2)a convenient way being able to organise events and nights out much easier at the expense of privacy. I'm going to choose 2, however if that expense can be reduced then that is great.
Re:I'd fix bugs and contribute quality code
on
Firefox 3.5.1 Released
·
· Score: 2, Interesting
If there is a browser/extention (they run at browser level)/plugin(yes even a flash or adobe exploit) or other program vulnerability they can perminantly modify your firefox binary to execute whatever code they want. In addition to having your user account, where all your data is, completely owned, no OS has a particularly good record on preventing malicious binaries from getting root (ubuntu with sudo is particularly bad as it can just request permisions just after you grant another process root using sudo) (and unless you've gone out of your way all your protection (apparmor in particular) is next to useless against a 3rd party binary).And I wouldn't dream of putting plugins in ~ either, even if it means it takes a few minutes they belong in/usr/share/mozilla/plugins/ (or/usr/lib64/m... for some reason on this fedora)
So in summary, as i have no clue about security, i make sure my 3rd party binaries are safely locked away in/opt and can only be updated by root.
litmus mozilla qa Both seams simple but time consuming but i don't think they need to be done in one sitting (unless you are on the nighties), unfortunately Linux x86_64 only has nighties.
p.s does anybody know a good way to update firefox (mozilla builds) as launching it as root isn't great and the idea of installing a webbrowser somewhere it can update itself is retarded.
Even so, it looks better than something like a typical Linux distro (only two remote kernel vulnerabilities in the last six months, plus however many application vulnerabilities you got from all of the extra stuff that's installed by default)
Obviously i agree it will be better, but most distros have ssh disabled by default, so the only count of remote vulnerabilities is kernel
only two remote kernel vulnerabilities in the last six months
No security conscious distros ship with vanilla kernels, typically its an old (2/3 versions 6-9months) secured kernels that has had most vulnerabilities ironed out, obviously some vulnerability come out that affect all recent versions or all 2.6.x versions but generally counting vulns on the vanilla kernel is a very bad measure, tbh thats why i asked i have no idea how much worse a stable distro is (over its supported life, obviously BSD completely owns if you compare unsupported versions)
what do you want a TCP scanner to do? TCP scan. I fail to see how you benifit from clustering, if you know what your doing you can bash out a script that can use a cluster of computers to use nmap, but if you can't do that you don't really have enough of a clue to benifit from it. I also really dislike the idea of adaptive code in a network scanner, you can either recognise a scan as belonging to an os (or being similar) or you cant adaptive AI may workaround having outdated config files but you lose too much in terms of reliability!
Enterprise features?
like? NMAP is a security tool, security tools have to be dumb and require smart operators, what sort of enterprise features do you want from a TCP scanner?
Performance is really the only thing that matters if portscanners are going to matter in ipv6
You think Linux is a representative OS. There's your problem.
linux, bsd, osx, just about any os (including windows)
Third parties rely on the Windows OS not to just change overnight.
windows 98 was the 1st windows version that shipped with IE integrated from the start, i very much doubt much software relied on IE! Its also impossible to rely on the IE binary (unless your software is really retarded).
Microsoft has this thing called quality control (insert Micro$haft joke here)
You are telling me that quality control on windows98 (first edition) which: *Lasted less than a year *Would degrade then crash after 49.7 days *was renowned for how crash/error prone IE4.0 was got more than 28days Quality control (here's a hint it didn't get 50days)
Remove all links to the executable (including the mimetype those in explorer that launch it on hmtl files), you can remove (or just rename or leave) the executable iexplorer.exe as that is not linked to by anything (it a binary FFS), just leave all the dlls and libraries. Everything that's not iexplorer.exe makes calls to the relevant dlls, that's how other browsers can render the web as badly as IE, removing iexplorer.exe removes the part that competes with other browsers while allowing all other products to work fine.
"Dependencies" - go look it up.
I think it's you that has no idea how they work. nothing in ubuntu depends on firefox (even if i install programs that use gecko, they rely on xulrunner not the firefox executable), nothing on os X depends on safari, they depends on the webkit libraries, nothing on windows depends on IE they depends on the trident libraries, maybe even some grahics toolkit libraries/icons for IE, but its almost impossible (unless the system was designed by complete retards, which i doubt) for them to depend on the GUI app that is IE.
Ended up going back to noscript recently but it really is an ugly solution, yesscript is only helps against tracking. What is really needed is a good guide for using controldescripts (or a similar extention) allowing all sites to access a list of known safe fucntions (to let you browse the web without it getting in the way), some to be blacklisted (to protect you from tracking), an easy GUI way to allow a greater subset of functions to be accessed (for trusted site) and an security workarounds to stop any vulnerabilities working in the wild.
3.5 is good for speed ups and being able to disable the awsomebar (if you want), but generally most mozilla browsers need a couple of security patches before they are truely ready for the masses. 3.5.1 or 3.5.2 would be a good one to upgrade to.
I posted once AC and that was more because i didn't want the post to have a high rating that to be anon as it was a direct reply to somebody.
Astroturfing is a word in English describing formal political, advertising, or public relations campaigns seeking to create the impression of being spontaneous "grassroots" behavior, hence the reference to the artificial grass, AstroTurf.
I've never given the impression of being anything other than a fan, and as im not associated with the company in any way (other than being a fan), i live on a different continent, i hardly count as astroturfing. Is everybody that post positive comments about something they like, a shill "astroturfing"? Look what happens whenever people mention pandora or do you think openpandora are paying people to sit around and promote their product on slashdot whenever its mentioned?
How can you be a "big fan"
: It's a touchscreen & tablet device It's running on open hardware (the change from entirely open specifications to ones they only mail to you if you work in OSS is worrying) It's running on a much more suitable chipset than x86 for portable devices It's running linux The screen is detachable
I'm sorry if your experiences have left you bitter and jaded by products in the past, but if somebody is putting out a good product that I would like to see succeed, I still get excited.
And to add insult, just look at the "real" pictures in the gallery, they are more renders than a toy story movie.
Let me guess you can tell by the pixels? I'm no expert so i can't say either way but i doubt your such a pro either.
the page say they are "expecting" the first units to go out in July (hello, it is mid july and there's nothing),
Again neither of us pre-ordered and so can't really be sure but this suggests that the product isn't just vapourware.
Sounds like a weird setup, so you'll probably need to do most of it yourself. Perhaps the easiest way is 1) setup a normal local wiki, with care to name pages the same as the relevant wikipedia page [I'm guessing you know how to do this] 2) use DNS redirects or similar tricks to get all wikipedia requests to go to a proxy 3a) do html injection on the page and stick your stuff at the bottom [MITM attack using ettercap or something like that]. This is probably a pretty bad solution, but is going to be the easiest to research as its textbook hacking. 3b) host dynamic pages that mash-up the 2 wikis (python,php,something like that). This is probably the closest to the right way to do it, no hmtl injection just a DNS redirect, but will require serverside processing for every. 3c) use injection, but only inject a bit of javascript/an iframe that tacks on your wiki stuff at the end (when avalible), This doesn't require much to be done serverside, just inject the same html on all pages.
Whatever you do you will probably spend more time reading hacking tutorials than wikihowtos
30days* is plenty of time to remove a few links and a mimetype. Or can explorer magically open up excel files by typing the URLs into the addressbar. the system only requires the rendering engine (which is in MSHTML.dll) to be there. OS X could easily be modified to not have safari but still keep webkit that is used extensively (itunes,etc).
*this included 28days to test the minor changes you've made.
Why should the EU get to decide what MS puts in its OS?
Antitrust laws, we enforce them here, the DOJ also has similar powers over microsoft in the US! You see the thing is if you threaten people to stop them shipping competing browsers, you just being a dick,if you do it while your company holds ~95% OS market share, its called illegal monopolistic behaviour.
[In my experiences]On the last box of mine i infected with windows, kubuntu definatly felt snappier than XP+SP3 (both were setup but not tweeked beyond graphics settings) I don't agree that its more convenient to tweek xp than linux, tweaking services is much easier with sysv-rc-conf/similar tools than under windows (its also not really needed on most distro), tweaking system settings is just editing the relevant text file/using some gui to edit a text file is much easier than regedit/a wide variety of control panel applets.
perhaps XP+SP0 may be faster than a clean ubuntu install but: 1) can't connect to WPA wireless (SP3 is needed for WPA2) 2) has no firewall 3) has exploitable vulnerabilities(see 2)
I think its very chicken and egg: 1)Modders want to work on the engine they are already playing games on which is invariably going to be a large, multiplayer, commercial pc release. 2)Current gen stuff, source/idtech5/etc have had a lot of work put in, this is hard to achieve without an large active development & userbase see 1
If there was a popular, multiplayer, OSS game this would hopefully reach a sort of critical mass as modders could go right down and do/ask for engine level mods and the developers would benefit from more bug report/beta testers/itch scratchers/ports from the expanded userbase.
Good thing were not talking about games then. FLOSS would be a great development model for just the engines, companies start with a great base modify the engine to their games requirements and get all compatibility/features that large groups of people want (3d rendering, wii, etc)charge for the stuff that makes the game fun (graphics, story, sounds, gameplay, etc). There are reasons this has never happened, partly because its counter-intuitive to work with your competition, partly because competing against companies that do the tech (ID,Unreal) requires a significant investment of time & money, but the idea of the tech being OSS and the art being what you pay is brilliant.
Slashdot Mirror
..to keep the noise in Facebook down to a minimum. This way I don't see any of the quizzes people want me to take..
little known facebook trick, is that if you hover over the notification, then click the x, you can select hide all from this application (also report as spam), a similar thing can be done when hiding friends who talk too much!
That was my old policy, however check this out it does allow much greater control over apps than previously available. At a minimum i have to give the app maker "my name, networks, and list of friends", which is much better than the old choice of everything/nothing, and IIRC the defaults are fairly tight too mine only gave away basic info ("Your basic info consists of your birthday, gender, hometown, political views and when you last updated your profile.") & my profile pic.
Is this, what your looking for?
Unlike many slashdoters i feel the need to keep in touch with my friends outweighs the need to live in a basement with a tinfoilhot keeping my data (that nobody wants as anyway) private, so i do have a facebook account *gasp*. I have always taken care to keep my data private though, this is so that while i can tell my friends that im a racist, in-bread(hence all the spelling mistakes), thieving, crack addict, hopefully prospective employers will never know about it. It's surprising that facebook is in trouble now, because i was surprised at how well i can keep my data private while still using 3rd party apps. Originally there was no privacy on FB, then you could protect yourself from facebook themselves, but if you installed one bad app all your data goes straight to the CIA, now this page, that i noticed the other day in my regular app clean-up (how could i not accept an invite to pacman), allows you pretty granular control over your data, ranging from all your data (which some apps may use) to "name, networks, and list of friends", which I'm pretty happy to hand out.
Privacy is not black/white, i was never happy giving a stupid flash game developer access to all my information for whatever evil purposes they have, but tbh ill trade my list of friends and name (which they can surely indirectly get from my friends list of friends) for a stupid flash game anyday! I assume the problem the canadians have is that even without installing any apps, if all my friends do they get access to my name, my list of friends, my wall posts, photos of me taken by others and photos of others including me. Perhaps that will be the next push in the facebook privacy API, stopping friends from giving your data away?
They still do business in Canada when they sell ads for Canadian companies/sell stuff to Canadians/etc, now they could lose that revenue, or they could work with officials to improve the privacy of their users, thus keeping that revenue while improving their site. Do facebook really want to lose 11m users worth of revenue (and probably more long term as the EU may follow suit) ?
Does anyone actually expect privacy from these networking sites anymore?
Yes many people do, not all countries believe so strongly in the market as the US and we often want restrictions put on businesses to keep our data the way we want it.
Besides, who puts something on Facebook that they _want_ to keep _private_?
People with friends, FB is not myspace (its not a site to go meet random people off the internet with) it's a site to allow friends (of varying levels of technical competency) to keep in touch and communicate. I put stuff i want my friends to see on my facebook profile that perhaps i don't want everybody in the world to know about! embarrassing pictures people take of me can be tagged on facebook, tbh i don't care if my mates see me passed out in a field but i sure as hell don't want everybody on the internet (including prospective employers) to see it. If i have a choice between
1)total privacy
2)a convenient way being able to organise events and nights out much easier at the expense of privacy.
I'm going to choose 2, however if that expense can be reduced then that is great.
If there is a browser/extention (they run at browser level)/plugin(yes even a flash or adobe exploit) or other program vulnerability they can perminantly modify your firefox binary to execute whatever code they want. In addition to having your user account, where all your data is, completely owned, no OS has a particularly good record on preventing malicious binaries from getting root (ubuntu with sudo is particularly bad as it can just request permisions just after you grant another process root using sudo) (and unless you've gone out of your way all your protection (apparmor in particular) is next to useless against a 3rd party binary).And I wouldn't dream of putting plugins in ~ either, even if it means it takes a few minutes they belong in /usr/share/mozilla/plugins/ (or /usr/lib64/m... for some reason on this fedora)
So in summary, as i have no clue about security, i make sure my 3rd party binaries are safely locked away in /opt and can only be updated by root.
litmus
mozilla qa
Both seams simple but time consuming but i don't think they need to be done in one sitting (unless you are on the nighties), unfortunately Linux x86_64 only has nighties.
p.s does anybody know a good way to update firefox (mozilla builds) as launching it as root isn't great and the idea of installing a webbrowser somewhere it can update itself is retarded.
Even so, it looks better than something like a typical Linux distro (only two remote kernel vulnerabilities in the last six months, plus however many application vulnerabilities you got from all of the extra stuff that's installed by default)
Obviously i agree it will be better, but most distros have ssh disabled by default, so the only count of remote vulnerabilities is kernel
only two remote kernel vulnerabilities in the last six months
No security conscious distros ship with vanilla kernels, typically its an old (2/3 versions 6-9months) secured kernels that has had most vulnerabilities ironed out, obviously some vulnerability come out that affect all recent versions or all 2.6.x versions but generally counting vulns on the vanilla kernel is a very bad measure, tbh thats why i asked i have no idea how much worse a stable distro is (over its supported life, obviously BSD completely owns if you compare unsupported versions)
mode != mean
2 vs ? This is just the count of kernel vulnerabilities right? obviously this varies by distro but what sort of record do debian/redhat have?
what do you want a TCP scanner to do? TCP scan. I fail to see how you benifit from clustering, if you know what your doing you can bash out a script that can use a cluster of computers to use nmap, but if you can't do that you don't really have enough of a clue to benifit from it. I also really dislike the idea of adaptive code in a network scanner, you can either recognise a scan as belonging to an os (or being similar) or you cant adaptive AI may workaround having outdated config files but you lose too much in terms of reliability!
Enterprise features?
like? NMAP is a security tool, security tools have to be dumb and require smart operators, what sort of enterprise features do you want from a TCP scanner?
Performance is really the only thing that matters if portscanners are going to matter in ipv6
You think Linux is a representative OS. There's your problem.
linux, bsd, osx, just about any os (including windows)
Third parties rely on the Windows OS not to just change overnight.
windows 98 was the 1st windows version that shipped with IE integrated from the start, i very much doubt much software relied on IE! Its also impossible to rely on the IE binary (unless your software is really retarded).
Microsoft has this thing called quality control (insert Micro$haft joke here)
You are telling me that quality control on windows98 (first edition) which:
*Lasted less than a year
*Would degrade then crash after 49.7 days
*was renowned for how crash/error prone IE4.0 was
got more than 28days Quality control (here's a hint it didn't get 50days)
Remove all links to the executable (including the mimetype those in explorer that launch it on hmtl files), you can remove (or just rename or leave) the executable iexplorer.exe as that is not linked to by anything (it a binary FFS), just leave all the dlls and libraries. Everything that's not iexplorer.exe makes calls to the relevant dlls, that's how other browsers can render the web as badly as IE, removing iexplorer.exe removes the part that competes with other browsers while allowing all other products to work fine.
"Dependencies" - go look it up.
I think it's you that has no idea how they work. nothing in ubuntu depends on firefox (even if i install programs that use gecko, they rely on xulrunner not the firefox executable), nothing on os X depends on safari, they depends on the webkit libraries, nothing on windows depends on IE they depends on the trident libraries, maybe even some grahics toolkit libraries/icons for IE, but its almost impossible (unless the system was designed by complete retards, which i doubt) for them to depend on the GUI app that is IE.
Ended up going back to noscript recently but it really is an ugly solution, yesscript is only helps against tracking. What is really needed is a good guide for using controldescripts (or a similar extention) allowing all sites to access a list of known safe fucntions (to let you browse the web without it getting in the way), some to be blacklisted (to protect you from tracking), an easy GUI way to allow a greater subset of functions to be accessed (for trusted site) and an security workarounds to stop any vulnerabilities working in the wild.
3.5 is good for speed ups and being able to disable the awsomebar (if you want), but generally most mozilla browsers need a couple of security patches before they are truely ready for the masses. 3.5.1 or 3.5.2 would be a good one to upgrade to.
I posted once AC and that was more because i didn't want the post to have a high rating that to be anon as it was a direct reply to somebody.
Astroturfing is a word in English describing formal political, advertising, or public relations campaigns seeking to create the impression of being spontaneous "grassroots" behavior, hence the reference to the artificial grass, AstroTurf.
I've never given the impression of being anything other than a fan, and as im not associated with the company in any way (other than being a fan), i live on a different continent, i hardly count as astroturfing. Is everybody that post positive comments about something they like, a shill "astroturfing"? Look what happens whenever people mention pandora or do you think openpandora are paying people to sit around and promote their product on slashdot whenever its mentioned?
How can you be a "big fan"
:
It's a touchscreen & tablet device
It's running on open hardware (the change from entirely open specifications to ones they only mail to you if you work in OSS is worrying)
It's running on a much more suitable chipset than x86 for portable devices
It's running linux
The screen is detachable
I'm sorry if your experiences have left you bitter and jaded by products in the past, but if somebody is putting out a good product that I would like to see succeed, I still get excited.
And to add insult, just look at the "real" pictures in the gallery, they are more renders than a toy story movie.
Let me guess you can tell by the pixels? I'm no expert so i can't say either way but i doubt your such a pro either.
the page say they are "expecting" the first units to go out in July (hello, it is mid july and there's nothing),
Again neither of us pre-ordered and so can't really be sure but this suggests that the product isn't just vapourware.
Sounds like a weird setup, so you'll probably need to do most of it yourself. Perhaps the easiest way is
1) setup a normal local wiki, with care to name pages the same as the relevant wikipedia page [I'm guessing you know how to do this]
2) use DNS redirects or similar tricks to get all wikipedia requests to go to a proxy
3a) do html injection on the page and stick your stuff at the bottom [MITM attack using ettercap or something like that]. This is probably a pretty bad solution, but is going to be the easiest to research as its textbook hacking.
3b) host dynamic pages that mash-up the 2 wikis (python,php,something like that). This is probably the closest to the right way to do it, no hmtl injection just a DNS redirect, but will require serverside processing for every.
3c) use injection, but only inject a bit of javascript/an iframe that tacks on your wiki stuff at the end (when avalible), This doesn't require much to be done serverside, just inject the same html on all pages.
Whatever you do you will probably spend more time reading hacking tutorials than wikihowtos
30days* is plenty of time to remove a few links and a mimetype. Or can explorer magically open up excel files by typing the URLs into the addressbar. the system only requires the rendering engine (which is in MSHTML.dll) to be there. OS X could easily be modified to not have safari but still keep webkit that is used extensively (itunes,etc).
*this included 28days to test the minor changes you've made.
Why should the EU get to decide what MS puts in its OS?
Antitrust laws, we enforce them here, the DOJ also has similar powers over microsoft in the US! You see the thing is if you threaten people to stop them shipping competing browsers, you just being a dick,if you do it while your company holds ~95% OS market share, its called illegal monopolistic behaviour.
But the thing is... why is Microsoft a Monopoly and Apple isn't?
How about you learn what a monopoly is and how they are defined in the real world (hint you don't really need 100% market share, just 70ish).
And I have yet to find an explanation as to why nobody sees it that way.
Learn to google you fucking idiot!
[In my experiences]On the last box of mine i infected with windows, kubuntu definatly felt snappier than XP+SP3 (both were setup but not tweeked beyond graphics settings)
I don't agree that its more convenient to tweek xp than linux, tweaking services is much easier with sysv-rc-conf/similar tools than under windows (its also not really needed on most distro), tweaking system settings is just editing the relevant text file/using some gui to edit a text file is much easier than regedit/a wide variety of control panel applets.
perhaps XP+SP0 may be faster than a clean ubuntu install but:
1) can't connect to WPA wireless (SP3 is needed for WPA2)
2) has no firewall
3) has exploitable vulnerabilities(see 2)
None, just a big fan and don't want to see another open hardware + open software + arm project go by the wayside because nobody knew about it.
I think its very chicken and egg:
1)Modders want to work on the engine they are already playing games on which is invariably going to be a large, multiplayer, commercial pc release.
2)Current gen stuff, source/idtech5/etc have had a lot of work put in, this is hard to achieve without an large active development & userbase see 1
If there was a popular, multiplayer, OSS game this would hopefully reach a sort of critical mass as modders could go right down and do/ask for engine level mods and the developers would benefit from more bug report/beta testers/itch scratchers/ports from the expanded userbase.
Good thing were not talking about games then. FLOSS would be a great development model for just the engines, companies start with a great base modify the engine to their games requirements and get all compatibility/features that large groups of people want (3d rendering, wii, etc)charge for the stuff that makes the game fun (graphics, story, sounds, gameplay, etc). There are reasons this has never happened, partly because its counter-intuitive to work with your competition, partly because competing against companies that do the tech (ID,Unreal) requires a significant investment of time & money, but the idea of the tech being OSS and the art being what you pay is brilliant.