"Say what you like about the tenets of National Socialism, Dude, at least it's an ethos."
It's a funny quote from a movie, but it has some truth to it: I find their beliefs beyond despicable, but at least they have some, unlike the current governments who seem to believe in getting the most to their corporate friends. Is it any wonder that they are growing in popularity? (Not only in Greece, but also in France and elsewhere)
Actually, timestamped hashes like Google Authenticator uses can be easily used to prevent phishing: after you log in with a generated code, you wait for the next code (30s using GA) and then the server shows the new code to the user, authenticating itself the same way he did.
You obviously have no fucking clue of what you're saying. If you hash the pass before sending, then what happens if someone sniffs the connection? They can just send the hash!
The hash effectively becomes the password.
So no, it doesn't increase security. But you know what does? Two-factor authentication. And do you know what big consumer oriented company start offering those first? I'll give you an hint.
Yes. And as Carmack said, using software patents is essentially mugging people.
Parents are supposed to protect innovation. Here, like in so many cases with SW patents, it's pure rent seeking.
You mean to say you cannot think of any other way to do that?
Irrelevant. The fact that I can take another path to avoid the thief doesn't make him any less of a thief.
But no, I don't see any other way which doesn't force the user to install compatibility software, since Windows doesn't support but proprietary and patented filesystems.
Microsoft is better lately? Yeah, right. Except when it comes to suing people and companies for writing their own code to turn "bigfilename.txt" into "BIGFIL~1.TXT" and therefore being able to interface with their OS, which is only needed because they have an ill gained market dominance.
1) You may not care about the privacy aspects if you're OK with everything going public anyway 2) Misuse of data: see above 3) time sink? You could say the same about/., yet here you are. FB is only as big a time sink as you let it.
That said, I don't have an FB account, since I don't see many benefits for me and I don't want to litter.
Gallery is a poor choice unless you really need the features. Being an application, it's both slower and less safe (there's a reason the last release was a "security release") than a static generator.
Firstly, they did something: they analyzed and shared it internally between employees. That alone is bad enough: it wouldn't be the first time an employee used people's private data for his personal profit.
Secondly, considering the US government track record with demands to people's private data is enough to make just collection and storage wrong. I mean, read it from Google's own testimony: the current law is outdated and does not offer the appropriate protection, and governmental agencies make thousands of requests per year under that law.
You should get one of these connections that let you download from more than one server at the same time, they're pretty awesome.
Sarcasm aside, for a family that is used to download and stream stuff, it's easy to hit 20Mbps, particularly if you don't want to fill the pipe, which is bad for latency sensitive applications like gaming and VoIP.
If you're scared about company employees having access to this data, you should be even more scared about people going freelance with a Kismet setup and collecting it for themselves.
"There are worse people in the world" is not an excuse. If someone steals $1000 from you, should you give them a free pass because there are people who steal $100k?
Besides, this particular situation is a red herring. I'm talking about the company attitude towards user data in general, of which this was just an example.
My home connections are wired, so I don't need to "fear" a guy with Kismet. But a huge percentage of the websites out there - including Slashdot - have some kind of tracking code by Google, both via Anaytics and Ads. Many emails I send go to gmail accounts - sometimes, even without my knowledge, if the user or company is using Google Apps with their own domain.
There are hundreds or thousands of ways in which Google collects users' data - it's essentially their business model! - often without their knowledge and explicit consent. So it's important to know how much can they be trusted with it. And the answer seems to be "not much".
Worry not; my country is proof that you can go from "God - Homeland - Family" and heavy Church influence to "Yeah, we're Catholics, but contraception is fine (95%) and abortion shouldn't be a crime (54%)" in a few decades.
I disagree with that analogy; the guy walking down the street can't help if he sees something, just like Google couldn't avoid having the packets processed by Kismet in memory. But saving them to disk and analyzing them is akin to that guy then writing the intimate things he saw to paper, shared it with friends and thought "can I profit from this?".
I never said people should be entitled to any expectation of privacy for data they broadcast. What Google did was legal and should be legal.
But none of that excuses their attitude. We know people broadcast their data mostly because their ignorant about the system, and Google essentially took advantage of their ignorance, which is always a shitty thing to do regardless of whether you have the right to do it or not.
Should people protect their data? Yes. Are they to blame if it gets sniffed? Absolutely. But again, none of that excuses Google and their attitude; it's, in fact, completely irrelevant.
If you took the activity out of the living room and onto the front porch, do you really have any call to complain when people watch from the sidewalk? No.
No, the people don't have any call to complain. But I will still despise anyone who sits there watching just because they can.
I don't think this specific event was really all that bad.
What's really troubling, though, is the attitude towards the users' data. And it's not a single "rogue" guy; he talked to other people, even asking a member of the Search team if it could be useful - why didn't he or she report it? Are they really that numb towards protecting people's privacy? Consented data mining is one thing, but this was wardriving!
I'm still a Google fan - they make a bunch of things that I really like - but I think this just strengths my decision of giving up on Gmail and not joining G+ (besides the real name policy nonsense).
By the way, before you accuse me of nonsense like being a shill, I'd like to say that Google is still the only major tech company that I actually like. The others could all burn for all I care.
Here it's the same, and I love that time. Since every party including those who are just a guy and his family get airtime, there's some extremely funny stuff. I feel like I'm watching the Royle Family doing a political ad.
Slashdot Mirror
"Say what you like about the tenets of National Socialism, Dude, at least it's an ethos."
It's a funny quote from a movie, but it has some truth to it: I find their beliefs beyond despicable, but at least they have some, unlike the current governments who seem to believe in getting the most to their corporate friends. Is it any wonder that they are growing in popularity? (Not only in Greece, but also in France and elsewhere)
Actually, timestamped hashes like Google Authenticator uses can be easily used to prevent phishing: after you log in with a generated code, you wait for the next code (30s using GA) and then the server shows the new code to the user, authenticating itself the same way he did.
It doesn't protect you from MITM, though.
Protecting against replay attacks is easy: don't allow two logins to the same account in the same window of time (30s, using Google Authenticator).
Most people won't login twice in 30s anyway, so they aren't affected.
I never said hashing is useless. Hell, the Google Authenticator that I linked does exactly that (HMAC-SHA1 with the Unix timestamp as the message).
I said that an hash of the password is useless, and it is. An hash of pass+timestamp+salt is not the same thing as an hash of the password.
If the test is checking log files, it's 1) not a unit test and 2) broken.
There is no way you can protect yourself against careless developer.
Of course there is. It's called "code review".
You obviously have no fucking clue of what you're saying. If you hash the pass before sending, then what happens if someone sniffs the connection? They can just send the hash!
The hash effectively becomes the password.
So no, it doesn't increase security. But you know what does? Two-factor authentication. And do you know what big consumer oriented company start offering those first? I'll give you an hint.
Well that's how patents work.
Yes. And as Carmack said, using software patents is essentially mugging people.
Parents are supposed to protect innovation. Here, like in so many cases with SW patents, it's pure rent seeking.
You mean to say you cannot think of any other way to do that?
Irrelevant. The fact that I can take another path to avoid the thief doesn't make him any less of a thief.
But no, I don't see any other way which doesn't force the user to install compatibility software, since Windows doesn't support but proprietary and patented filesystems.
Microsoft is better lately? Yeah, right. Except when it comes to suing people and companies for writing their own code to turn "bigfilename.txt" into "BIGFIL~1.TXT" and therefore being able to interface with their OS, which is only needed because they have an ill gained market dominance.
Better indeed.
1) You may not care about the privacy aspects if you're OK with everything going public anyway /., yet here you are. FB is only as big a time sink as you let it.
2) Misuse of data: see above
3) time sink? You could say the same about
That said, I don't have an FB account, since I don't see many benefits for me and I don't want to litter.
And Michael Phelps was diagnosed with ADHD, so everyone who was diagnosed with ADHD is a gold medal winning swimmer.
I don't know if porn is detrimental to kids or not, but your "argument" doesn't even deserve that name.
Not Android - a Maemo/Meego with OpenMobile's ACL (Android app support) would be the best of both worlds: different from the competition but keeping compatibility with thousands of apps.
Personally I think he has been dead for years now. It makes more sense than the alternatives, in my opinion.
Not that I really care or have a strong opinion.
Twitter is good as an RSS for people who can't use RSS. Just post your actual message to a normal website or blog and "tweet" a link to it.
Since I actually can use RSS and I don't have a blog, it's useless to me.
Gallery is a poor choice unless you really need the features. Being an application, it's both slower and less safe (there's a reason the last release was a "security release") than a static generator.
Firstly, they did something: they analyzed and shared it internally between employees. That alone is bad enough: it wouldn't be the first time an employee used people's private data for his personal profit.
Secondly, considering the US government track record with demands to people's private data is enough to make just collection and storage wrong. I mean, read it from Google's own testimony: the current law is outdated and does not offer the appropriate protection, and governmental agencies make thousands of requests per year under that law.
Most servers only let data out at 10 Mbps tops.
You should get one of these connections that let you download from more than one server at the same time, they're pretty awesome.
Sarcasm aside, for a family that is used to download and stream stuff, it's easy to hit 20Mbps, particularly if you don't want to fill the pipe, which is bad for latency sensitive applications like gaming and VoIP.
How is this, in any way, a strawman?
If you're scared about company employees having access to this data, you should be even more scared about people going freelance with a Kismet setup and collecting it for themselves.
"There are worse people in the world" is not an excuse. If someone steals $1000 from you, should you give them a free pass because there are people who steal $100k?
Besides, this particular situation is a red herring. I'm talking about the company attitude towards user data in general, of which this was just an example.
My home connections are wired, so I don't need to "fear" a guy with Kismet. But a huge percentage of the websites out there - including Slashdot - have some kind of tracking code by Google, both via Anaytics and Ads. Many emails I send go to gmail accounts - sometimes, even without my knowledge, if the user or company is using Google Apps with their own domain.
There are hundreds or thousands of ways in which Google collects users' data - it's essentially their business model! - often without their knowledge and explicit consent. So it's important to know how much can they be trusted with it. And the answer seems to be "not much".
Worry not; my country is proof that you can go from "God - Homeland - Family" and heavy Church influence to "Yeah, we're Catholics, but contraception is fine (95%) and abortion shouldn't be a crime (54%)" in a few decades.
So Google employees are not people?
I disagree with that analogy; the guy walking down the street can't help if he sees something, just like Google couldn't avoid having the packets processed by Kismet in memory. But saving them to disk and analyzing them is akin to that guy then writing the intimate things he saw to paper, shared it with friends and thought "can I profit from this?".
No.
I never said people should be entitled to any expectation of privacy for data they broadcast. What Google did was legal and should be legal.
But none of that excuses their attitude. We know people broadcast their data mostly because their ignorant about the system, and Google essentially took advantage of their ignorance, which is always a shitty thing to do regardless of whether you have the right to do it or not.
Should people protect their data? Yes. Are they to blame if it gets sniffed? Absolutely. But again, none of that excuses Google and their attitude; it's, in fact, completely irrelevant.
If you took the activity out of the living room and onto the front porch, do you really have any call to complain when people watch from the sidewalk? No.
No, the people don't have any call to complain. But I will still despise anyone who sits there watching just because they can.
I don't think this specific event was really all that bad.
What's really troubling, though, is the attitude towards the users' data. And it's not a single "rogue" guy; he talked to other people, even asking a member of the Search team if it could be useful - why didn't he or she report it? Are they really that numb towards protecting people's privacy? Consented data mining is one thing, but this was wardriving!
I'm still a Google fan - they make a bunch of things that I really like - but I think this just strengths my decision of giving up on Gmail and not joining G+ (besides the real name policy nonsense).
By the way, before you accuse me of nonsense like being a shill, I'd like to say that Google is still the only major tech company that I actually like. The others could all burn for all I care.
I don't have a 2nd Amendment right.
In any case, my point was simply that tests are hardly enough to prevent guns from being misused. I wasn't making an argument against guns.
Here it's the same, and I love that time. Since every party including those who are just a guy and his family get airtime, there's some extremely funny stuff. I feel like I'm watching the Royle Family doing a political ad.