Kids are not supposed to know the full range of consequences of their actions, that is why we call them children and treat them in a certain way.
First of all, the in-app purchasing is specifically designed to not warn you when a purchase is made, and to make the purchases as subtle as possible. Even if that were not the case, you'd have to buy the app or whatever and wait 30 minutes before handing the device back to your child to be safe, yet there is currently no indication that the timer is even running or when it expires - not one that is easily accessible. And the mere fact that Google expects you to sit around with your device for 30 minutes, waiting for a timer to expire is unreasonable in the extreme.
This is absolutely a tech issue, as well as an ethics issue. Google likes the easy money, and their responses to parents who have complained about it have been less than stellar. Google is in a position to both build and destroy trust in consumer computing, on behalf of not only themselves, but everyone who develops for their devices and similar devices. The position Google has taken on this issue is the money-grab-and-run short term approach, and they've been pointing at the app developers for the fix. This is unreasonable, and doesn't actually fix the broken eco-system that is Android apps. The good guys will continue to be the good guys and you're giving a free pass to the rotten apples. Couple this with the fact that it is almost impossible to tell good from bad on Android until you get burned, and you have a major issue going forward, and Google is well on its way to forcing legislation on this issue. Legislation that I bet Google is going to piss and moan over when it passes, even though they, and fuckwits like them, were the ones to cause it.
Short story even shorter: fix the fucking issue and get on with it already. The fix is so simple it would be hilarious if it wasn't such a fucking money-grab from a supposedly not evil corporation. Make purchasing passwords one time only, or allow for restrictions on where and when the purchasing can be made.
My use of the term "terrorist" was also meant as a jab against the mentality of thinking of Arab guys with gun belts and AK-47s. You don't need to blow up a train station to have an impact on people's daily lives, as witnessed time and time again when some BigCorp gets their entire customer catalog siphoned off.
The real threat is not some religious nut job in a cave somewhere, its the ingenious people who spend months or years researching an attack vector, setting up the heist and making off with millions. You just need to switch out the "profit/greed" motivator with a "chaos" motivator to see why those guys are much more dangerous than any "terrorist" we've seen to date.
Sure, bombs have a direct and altogether final consequence for the people nearby, but the blatant ignorance we display with regard to our digital infrastructure has a much larger potential for large scale harm.
Bullshit. Why do people like you always assume that the fabled terrorist doesn't already know about these holes? Or are actively searching for them? If you've been following security for any length of time, you would know that in most cases the "bad guys" are many steps ahead of the researchers, if not on a whole other playing field. This renders the standard security by obscurity irrelevant, if not straight up dangerous.
But, suppose an imaginary terrorist group has decided that they wish to conduct some good old fashioned cyber-terrorism, what the fuck do you think they're going to do? Wait for a talk at some random conference? Or start utilizing the expertise they have on hand? The massive security holes in the digital infrastructure do not magically appear once a researcher publishes a paper on them, they were there all along. If you're a terrorist and itching for some mayhem, you're not going to sit idly by, twiddling your thumbs and waiting for the next research paper.
By keeping your mouth shut about these holes, you are pretty much guaranteeing that they will remain open for exploitation. People in positions with the authority to make decisions about patching the holes will remain oblivious, because let's face it, very few of said people have a fucking clue.
Stupid terrorists go in the front door with guns blazing, and get gunned down in the courtyard. Smart terrorists exploit holes nobody is aware of to maximize their payoff.
There are so many of them it's not even funny anymore, it has become easier to count the institutions with a grasp on their own security, then those without. So please good sir, wake the fuck up.
All types of idiocy are equally valuable here, rest assured. I did start moderating here, but decided I'd rather participate in the discussion with my actual logged in account, contrary to the whining scumbags that come here and berate us for wanting privacy - utilizing this site's generous mechanisms for anonymity and posting as FUCKING anon. Pathetic really.
And yeah, who cares about the trolls? It's/. shills and trolls are here for our amusement.
The shill pickings must be really slim for NSA these days for them to recruit someone who can't tell the difference between his own country and a socialist system.
It's completely telling the the only people that love Snowden are people that deal with computers all day.
Only people? You don't get out much do you?
Why would they have a classified system with filters in the first place if privacy wasn't a concern?
Why not? It's obviously no hindrance to operations. You could have armies of robotic bunnies singing the national anthem all day long, it would have the same impact.
Remember, the NSA does serve a defense purpose. There actually are dangerous elements in the world, with Russia being the obvious latest example.
Yeah, I'm sure Mrs. Jackson's grocery list is of utmost importance when unraveling the latest Russian plot. Not like the resources to plow through all that data could have been spent much smarter, they're endless and unsupervised after all. And while sifting through all that useless data, your friends over at Fort Meade got caught with their pants down, yet again. And not just a little tug that shows the top of their tighty whities, no, a complete drop to the ankles and off the one foot.
blah, blah blah blah
Yeah, I stopped reading, your opinion is after all insignificant and irrelevant in the grand socialist scheme of things.
At the core of evolution is survival of the fittest. The theory of evolution also implies that "man", as in created by God in his own image, is nothing special, only a series of fortunate mutations, migrations and accidents. The Christian Bible basically starts out with a huge lie.
What is really perplexing is the fact that the Catholic Pope has conceded that man is descended from the apes, and there really isn't anywhere else in the first world where this "creationism vs evolution" is even a thing (to my knowledge at least).
Most schools I've gone to have not had everything from the curriculum on the exam. One of the first questions when a new topic is introduced is this: "will this be on the midterm/review/exam?", and if the answer is "no" the students promptly doze of. Not having it on the exam (guaranteed) is the same as not having it in the curriculum at all.
If you're using public FB data to determine if a prospective employee is a good fit, you're getting what you deserve: only idiots have a publicly accessible timeline. A properly managed FB profile will only give you a picture and if you're lucky an email address, something you could have gotten by just asking for it.
On a side note, that "study" in the article hardly sounds robust.
Six months later, the researchers got in touch with their guinea pigs’ employers to ask about their job performances. Unfortunately, of the over 500 guinea pigs, just 56 of the employers responded. So the sample is small, but the researchers found a strong correlation between those employers’ reviews and the employability predictions they had made based on folks’ profile pages.
Congratulations, your ~10% response rate allows you to draw wildly speculative conclusions. The second study has similar problems, trying to insinuate a correlation between their performed IQ tests, FB profile data and eventual student transcripts. Bullshit.
Either is quite possible, though default password issues require that a PC on the LAN already be infected.
No. This guy mapped the entire IPv4 Internet using a bot-net running inside routers only linky link. Apparently he just used the default root:root or admin:admin to build the bot-net. Point being, he never used the infrastructure behind the routers, only the routers themselves.
From there it's not hard to imagine how you would go about changing the DNS settings on the router, and you could expand the bot-net if you know the algorithm the default passwords on newer routers are created with.
It's no more a tutorial on programming, than watching the Nature channel is an education to become a biologist. It might spark someone's interest, but I do think that interest would have been sparked regardless.
A Russian can be an Eastern European while an Eastern European can also be a Russian. I don't see the problem. Besides, the actual criminals that Krebs is covering don't seem to mind the mingling, case in point: A First Look at the Target Intrusion, Malware
From the second to last paragraph:
Group-IB goes on to link that account to a set of young Russian and Ukranian men who appear to be actively engaged in a variety of cybercrime activities, including distributed denial-of-service (DDoS) attacks and protests associated with the hackivist collective known as Anonymous.
So I guess until the Eastern European criminals themselves make the distinction, you'll have to live with it. Or clean up at home.
But I got to thinking, how about instead of sitting back and yelling like little kids, we act like the nerds we are? Grab the CSS from the classic site, grab the scripts, fire up GreaseMonkey and implement classic as a client side option. Would that be possible? I'm not nearly skilled enough in the black arts of web development to do it, but it seems to me the data model must be the same if they can run classic and beta alongside each other.
On the other hand, I would feel extremely uncomfortable if they/did/ moderate the comments. Because that sort of activity can quickly snowball from their just deleting spammer accounts/comments to zapping comments that they disagree with or feel is not in the company's interests. Especially since the users do such a good job of cleaning up the trash themselves (honestly, except on the occassions when I read at comment level 0, I never even SEE these MyCleanPC or other spam/troll comments anymore).
Yes, there are plenty of other places on the 'net where anal mods have free roam, we don't need another. I don't agree that the users here do a good job of cleaning up. They do a very good job of promoting circle jerking by instantly promoting mundane comments to +5 Funny/Insightful/Interesting for agreeing with them. I always browse at -1 for that very reason, once in a while a -1 comment will actually have something novel to say.
I wish Dice did better editing the SUBMISSIONS
I agree! But that is a problem to which my original explanation also applies. They've got no reason to clean it up. Posting craptastic submissions just spawns threads much like this one, where people discuss how god awful/. has become and how much better "the olden days" were./. is unique in the way it handles news aggregation and user composed content. Dice has just elected to take a dump all over the concept to maximize profits. They could do something about the shit that keeps dripping on us, but why should they when we keep coming?
I find that blocking submissions from Roblimo actually takes care of most of the idiocy that gets posted, at least the obvious for-profit stories goes away. Now they just need a spell checker, if they get that right we could go for gold and demand they also fact check.
You're confusing User with Customer. We're the users, advertisers are the customers.
"Can remove spam" and "will remove spam" are not the same thing. They absolutely, trivially could prevent this kind of spam - but why would they? Nobody at Dice cares! In all the years I've come here I've never seen the admins do anything remotely resembling administration of their site.
Another comment on a thread, no matter how trivial or spammy, enforces the illusion of a site that is still alive. This illusion is used to make the search indexers think that something of relevance is going on at the site, and rate it higher, which in turn exposes yet more of Dice's advertising. The key to proper SEO is novel content, the trick is that the content doesn't have to be at all relevant or even coherent, it just has to be new and Google will swallow it like a junior at the prom with the star jock.
Whenever some moron codes up a new incarnation of retardo-bot and launches it in a flurry of masturbation, a whole host of/. users will flock around and comment on the spam. It's a viscous cycle and Dice has no incentive to stop it.
Short story even shorter: Dice runs the site. Dice profits from not removing spam posts.
Slashdot Mirror
Kids are not supposed to know the full range of consequences of their actions, that is why we call them children and treat them in a certain way.
First of all, the in-app purchasing is specifically designed to not warn you when a purchase is made, and to make the purchases as subtle as possible. Even if that were not the case, you'd have to buy the app or whatever and wait 30 minutes before handing the device back to your child to be safe, yet there is currently no indication that the timer is even running or when it expires - not one that is easily accessible. And the mere fact that Google expects you to sit around with your device for 30 minutes, waiting for a timer to expire is unreasonable in the extreme.
This is absolutely a tech issue, as well as an ethics issue. Google likes the easy money, and their responses to parents who have complained about it have been less than stellar. Google is in a position to both build and destroy trust in consumer computing, on behalf of not only themselves, but everyone who develops for their devices and similar devices. The position Google has taken on this issue is the money-grab-and-run short term approach, and they've been pointing at the app developers for the fix. This is unreasonable, and doesn't actually fix the broken eco-system that is Android apps. The good guys will continue to be the good guys and you're giving a free pass to the rotten apples. Couple this with the fact that it is almost impossible to tell good from bad on Android until you get burned, and you have a major issue going forward, and Google is well on its way to forcing legislation on this issue. Legislation that I bet Google is going to piss and moan over when it passes, even though they, and fuckwits like them, were the ones to cause it.
Short story even shorter: fix the fucking issue and get on with it already. The fix is so simple it would be hilarious if it wasn't such a fucking money-grab from a supposedly not evil corporation. Make purchasing passwords one time only, or allow for restrictions on where and when the purchasing can be made.
My use of the term "terrorist" was also meant as a jab against the mentality of thinking of Arab guys with gun belts and AK-47s. You don't need to blow up a train station to have an impact on people's daily lives, as witnessed time and time again when some BigCorp gets their entire customer catalog siphoned off.
The real threat is not some religious nut job in a cave somewhere, its the ingenious people who spend months or years researching an attack vector, setting up the heist and making off with millions. You just need to switch out the "profit/greed" motivator with a "chaos" motivator to see why those guys are much more dangerous than any "terrorist" we've seen to date.
Sure, bombs have a direct and altogether final consequence for the people nearby, but the blatant ignorance we display with regard to our digital infrastructure has a much larger potential for large scale harm.
Bullshit. Why do people like you always assume that the fabled terrorist doesn't already know about these holes? Or are actively searching for them? If you've been following security for any length of time, you would know that in most cases the "bad guys" are many steps ahead of the researchers, if not on a whole other playing field. This renders the standard security by obscurity irrelevant, if not straight up dangerous.
But, suppose an imaginary terrorist group has decided that they wish to conduct some good old fashioned cyber-terrorism, what the fuck do you think they're going to do? Wait for a talk at some random conference? Or start utilizing the expertise they have on hand? The massive security holes in the digital infrastructure do not magically appear once a researcher publishes a paper on them, they were there all along. If you're a terrorist and itching for some mayhem, you're not going to sit idly by, twiddling your thumbs and waiting for the next research paper.
By keeping your mouth shut about these holes, you are pretty much guaranteeing that they will remain open for exploitation. People in positions with the authority to make decisions about patching the holes will remain oblivious, because let's face it, very few of said people have a fucking clue.
Stupid terrorists go in the front door with guns blazing, and get gunned down in the courtyard. Smart terrorists exploit holes nobody is aware of to maximize their payoff.
* In this reply, the term terrorist is used as a stand-in for <insert scapegoat of choice>, a good choice could be the guys who did this, or this guy, or maybe these guys.
There are so many of them it's not even funny anymore, it has become easier to count the institutions with a grasp on their own security, then those without. So please good sir, wake the fuck up.
All types of idiocy are equally valuable here, rest assured. I did start moderating here, but decided I'd rather participate in the discussion with my actual logged in account, contrary to the whining scumbags that come here and berate us for wanting privacy - utilizing this site's generous mechanisms for anonymity and posting as FUCKING anon. Pathetic really.
And yeah, who cares about the trolls? It's /. shills and trolls are here for our amusement.
The shill pickings must be really slim for NSA these days for them to recruit someone who can't tell the difference between his own country and a socialist system.
Does the money feel dirty when you spend it, or do you just block it out?
It's completely telling the the only people that love Snowden are people that deal with computers all day.
Only people? You don't get out much do you?
Why would they have a classified system with filters in the first place if privacy wasn't a concern?
Why not? It's obviously no hindrance to operations. You could have armies of robotic bunnies singing the national anthem all day long, it would have the same impact.
Remember, the NSA does serve a defense purpose. There actually are dangerous elements in the world, with Russia being the obvious latest example.
Yeah, I'm sure Mrs. Jackson's grocery list is of utmost importance when unraveling the latest Russian plot. Not like the resources to plow through all that data could have been spent much smarter, they're endless and unsupervised after all. And while sifting through all that useless data, your friends over at Fort Meade got caught with their pants down, yet again. And not just a little tug that shows the top of their tighty whities, no, a complete drop to the ankles and off the one foot.
blah, blah blah blah
Yeah, I stopped reading, your opinion is after all insignificant and irrelevant in the grand socialist scheme of things.
At the core of evolution is survival of the fittest. The theory of evolution also implies that "man", as in created by God in his own image, is nothing special, only a series of fortunate mutations, migrations and accidents. The Christian Bible basically starts out with a huge lie.
What is really perplexing is the fact that the Catholic Pope has conceded that man is descended from the apes, and there really isn't anywhere else in the first world where this "creationism vs evolution" is even a thing (to my knowledge at least).
Most schools I've gone to have not had everything from the curriculum on the exam. One of the first questions when a new topic is introduced is this: "will this be on the midterm/review/exam?", and if the answer is "no" the students promptly doze of. Not having it on the exam (guaranteed) is the same as not having it in the curriculum at all.
If you're using public FB data to determine if a prospective employee is a good fit, you're getting what you deserve: only idiots have a publicly accessible timeline. A properly managed FB profile will only give you a picture and if you're lucky an email address, something you could have gotten by just asking for it.
On a side note, that "study" in the article hardly sounds robust.
Six months later, the researchers got in touch with their guinea pigs’ employers to ask about their job performances. Unfortunately, of the over 500 guinea pigs, just 56 of the employers responded. So the sample is small, but the researchers found a strong correlation between those employers’ reviews and the employability predictions they had made based on folks’ profile pages.
Congratulations, your ~10% response rate allows you to draw wildly speculative conclusions. The second study has similar problems, trying to insinuate a correlation between their performed IQ tests, FB profile data and eventual student transcripts. Bullshit.
Either is quite possible, though default password issues require that a PC on the LAN already be infected.
No. This guy mapped the entire IPv4 Internet using a bot-net running inside routers only linky link. Apparently he just used the default root:root or admin:admin to build the bot-net. Point being, he never used the infrastructure behind the routers, only the routers themselves.
From there it's not hard to imagine how you would go about changing the DNS settings on the router, and you could expand the bot-net if you know the algorithm the default passwords on newer routers are created with.
It's no more a tutorial on programming, than watching the Nature channel is an education to become a biologist. It might spark someone's interest, but I do think that interest would have been sparked regardless.
Too addictive
Something to do with dogs trading their bones or some such nonsense.
Stop posting AC timothy
A Russian can be an Eastern European while an Eastern European can also be a Russian. I don't see the problem. Besides, the actual criminals that Krebs is covering don't seem to mind the mingling, case in point: A First Look at the Target Intrusion, Malware
From the second to last paragraph:
Group-IB goes on to link that account to a set of young Russian and Ukranian men who appear to be actively engaged in a variety of cybercrime activities, including distributed denial-of-service (DDoS) attacks and protests associated with the hackivist collective known as Anonymous.
So I guess until the Eastern European criminals themselves make the distinction, you'll have to live with it. Or clean up at home.
So?
www.slashdottersinexile.org
No
I agree, fuck the beta.
But I got to thinking, how about instead of sitting back and yelling like little kids, we act like the nerds we are? Grab the CSS from the classic site, grab the scripts, fire up GreaseMonkey and implement classic as a client side option. Would that be possible? I'm not nearly skilled enough in the black arts of web development to do it, but it seems to me the data model must be the same if they can run classic and beta alongside each other.
On the other hand, I would feel extremely uncomfortable if they /did/ moderate the comments. Because that sort of activity can quickly snowball from their just deleting spammer accounts/comments to zapping comments that they disagree with or feel is not in the company's interests. Especially since the users do such a good job of cleaning up the trash themselves (honestly, except on the occassions when I read at comment level 0, I never even SEE these MyCleanPC or other spam/troll comments anymore).
Yes, there are plenty of other places on the 'net where anal mods have free roam, we don't need another. I don't agree that the users here do a good job of cleaning up. They do a very good job of promoting circle jerking by instantly promoting mundane comments to +5 Funny/Insightful/Interesting for agreeing with them. I always browse at -1 for that very reason, once in a while a -1 comment will actually have something novel to say.
I wish Dice did better editing the SUBMISSIONS
I agree! But that is a problem to which my original explanation also applies. They've got no reason to clean it up. Posting craptastic submissions just spawns threads much like this one, where people discuss how god awful /. has become and how much better "the olden days" were. /. is unique in the way it handles news aggregation and user composed content. Dice has just elected to take a dump all over the concept to maximize profits. They could do something about the shit that keeps dripping on us, but why should they when we keep coming?
I find that blocking submissions from Roblimo actually takes care of most of the idiocy that gets posted, at least the obvious for-profit stories goes away. Now they just need a spell checker, if they get that right we could go for gold and demand they also fact check.
I guess for some, very broad, interpretations of the word "administration". Kind of like how a steaming pile of dog shit resembles chocolate cake.
Yes, although it's a pretty stupid unit to use for the numbers involved.
We really should! In my defense I work with fluid mechanics so viscosity comes up a lot.
You're confusing User with Customer. We're the users, advertisers are the customers.
"Can remove spam" and "will remove spam" are not the same thing. They absolutely, trivially could prevent this kind of spam - but why would they? Nobody at Dice cares! In all the years I've come here I've never seen the admins do anything remotely resembling administration of their site.
Another comment on a thread, no matter how trivial or spammy, enforces the illusion of a site that is still alive. This illusion is used to make the search indexers think that something of relevance is going on at the site, and rate it higher, which in turn exposes yet more of Dice's advertising. The key to proper SEO is novel content, the trick is that the content doesn't have to be at all relevant or even coherent, it just has to be new and Google will swallow it like a junior at the prom with the star jock.
Whenever some moron codes up a new incarnation of retardo-bot and launches it in a flurry of masturbation, a whole host of /. users will flock around and comment on the spam. It's a viscous cycle and Dice has no incentive to stop it.
Short story even shorter: Dice runs the site. Dice profits from not removing spam posts.