The statement by Erik Johnson ends with the following:
"Using the OpenID API and making the same web calls as Steam users to run a gambling business is not allowed by our API nor our user agreements. We are going to start sending notices to these sites requesting they cease operations through Steam, and further pursue the matter as necessary."
It might just be too hard/risky/boring for them to actually actively block these users so sending them a letter asking them to stop is probably a fair starting point.
Do you have any examples of script-esque C++14 code? I haven't touched C++ for a zillion years but your post made me intrigued and I'd like to have a tinker with it to see if I could get up to speed with it easily enough to start trying to replace some scripts with it.
... other than the fact that they are so desperate for people to install it they are resorting to the most amazing levels of subterfuge to basically trick people into installing it?
How good would it need to be to justify looking past that?
Don't fall for their "fear of missing out" deadline.
The only other thing I know about Windows 10 (aside from all the alleged tracking/phone home stuff, which I haven't looked into in great detail but would be a dealbreaker for me) is that it will reboot after running updates without warning (... according to people I know who have suffered from this). I am not sure if this is just some sort of default setting or if it works this way by design. Either way, wtf.
... If only because it's documented and clear about pricing (at least at a glance from the summary).
I know this will be an unpopular opinion here but as an Australian that has lived under data caps since forever (the first broadband cap in Aus was 300mb, raised not long after to 3gb where it sat for a while), even considering how much time has elapsed 1TB is a staggering amount of data.
The biggest problem we had in Australia (... Outside of just generally ludicrously high costs for data) was pland being offered as "unlimited *", where the * basically meant go fuck yourself. This was, fortunately, clamped down on quickly and since then we've had crystal clear (if low) data limits.
I've been in the US for the last 2 years on some vaguely defined TWC plan. Despite having netflix running nearly all day every day (I've not been working for the last year so have had lots of spare time) I could barely manage more than 300gb a month, between me and my partner.
But even so I was constantly worried that eventually someone would be all like "you're using too much data!". Knowing there was a real limit would have been awesome, because I was used to thinking like that anyway and I'm tech savvy enough to deal with it.
I have no problems with data plans, as long as "unlimited" fucking well means what it says, even if you have to pay more for it. Having vague, opaque limits is harmful for everyone. Non-tech-savvy end users can just be filtered or rate capped, but for those of us that actually give a shit about service levels, it needs to be clear what we're paying for and what we're actually getting.
Their site is plastered with ads, or at least was the last time I looked at it (doesn't load for me so I can't check; I've recently moved countries so maybe it's blocked in the UK).
Given its popularity I'm sure they're making thousands per month simply from ad traffic.
I have to wonder if the low donations is reflective of the fact that people are actually unwilling to donate to people/organisations when they know they're actually doing the "wrong" thing. People have no problems pirating content but they don't actually want anyone to profit off it if it can be avoided.
Although I recall an interview with Bram Cohen (BitTorrent creator) many years ago where he mentioned his father convinced him to put that "please donate" in the original Python client, and he said after that he was making hundreds a day. So maybe not.
I just left the US after two years there and had the same astonishment from the other side. I'm from Australia where, like the UK, it is massively socially unacceptable.
Within weeks of being in the US we found a lot of people in our new social circles would think nothing of getting in the car after an extended drinking session. It was staggeringly common.
Took me a while to understand that they don't have random breath testing like they do in Australia (and I assume the UK). At least in the state I was in (Ohio), the police had to publicly announce where they would be setting up to do their "random" testing for drunk drivers. I think I saw two or three of these announcements in the two years I was there.
The risk of getting caught is so close to zero that people don't even think about it.
This is because of some Constitutional thing (4A IIRC?). It seems to make sense in the scope of the Constitution but the practical effects I think are pretty serious (e.g., the fatality rate for a lot of the states that I was in around the midwest was quite a bit higher than it was in Australia.
Friends from other states told me that Ohio was actually pretty good compared to some of the neighbouring states in terms of their attempts to enforce it. - a quick search indicates that it's 5.4 deaths / 100k population in Australia, vs 8.7 in Ohio - but Kentucky is 15.2 and Tennessee is 14.7!
I strongly suspect that a lot of them are basically parts of botnets run by shady marketers to sell likes/follows/etc. Tor is probably just used to avoid tripping certain Facebook mechanisms of multiple logins per IP or something.
Literally every different type of website has something 'hidden' on it. The only criteria is that it has been remotely compromised.
This is such a massive problem that Google have gone to lengths to add features into their Webmaster Tools to hint to website operators that their site has been compromised.
So this is staggeringly unsurprising. It's just another reminder that the average tolerance for security is very low.
Question: aside from the obviously massively added complexity, could you even have an electric engine if you could just jettison the battery packs after take off?
e.g., have some sort of external unit to the plane that simply falls off and flies itself to the ground (like a battery pack drone).
Without knowing anything about it I imagine a significant chunk of power is required to take off and climb, but no idea how much would be required to stay in flight. So if you could periodically get rid of used packs it'd have the same benefit as burning off fuel.
Although if you were super clever you could have these drones return to base, recharge, and then reconnect to planes in flight?!@#
I glanced through some of the Android parts of the paper; it describes these as 'practical attacks' but it also opens with "we assume that a victimâ(TM)s PC has been compromised, allowing an attacker to perform Man-in-the-Browser (MitB) attacks", so it would appear the immediate risk would be at least on the low side. Unless your PC is pwned, but of course if that's the case, you're in trouble already.
For Android, the paper describes a mechanism by which a malicious app can be published to the Google Play store, then silently installed and activated through a Google Chrome plugin trojan (installed as part of the PC pwnage). There are more [interesting] details about how that process works and circumvents some existing Google tricks intended to stop it (e.g., static analysis of apps).
At this point, the app can now intercept SMS tokens that are sent to you as part of 2FA.
I was mostly interested to see if there were vulnerabilities in the Google Authenticator mechanism/implementation; it seems that this is not the case. It basically just takes advantage of the fact that Google offer a way to skip the Google Authenticator by using an SMS instead, although I guess this requires that your Google account is set up with a phone number (which may or may not be a requirement?).
The end of the paper notes that "Google believes that our proposed attack is not feasible in practice". I feel like eventually we'll see a bunch of common trojans that are set up to mess with 2FA. I kind of think that this is a pretty involved process with a lot of room for things to go wrong (for the attackers) so how effective it is remains to be seen. (I also wonder with Android M if the permissions model is different enough so that the SMS reading permission needs to be invoked on a per-app basis? But that might be work-aroundable anyway.)
But if you buy the company, you might be buying their developer account as well - specifically to avoid the situation where app IDs change so that they can get away with this kind of behaviour.
If you're watching Netflix on the desktop using their (excellent) HTML5 player, you can actually set the streaming quality directly.
Hit CTRL-ALT-SHIFT-S to open up a settings dialogue. You'll get a list of different bitrates (and I think servers - don't have an active subscription at the moment so can't check) for video and audio streams.
(I watched a shitload of Netflix in the last year and most of it was in a tiny window on my deskop, so I always felt a little guilty about using so much bandwidth. I'd drop it to the lowest quality bitrate to save both me and them bandwidth.)
In my opinion, battery life should be measured against quartz watches -- years. Or compared to my self-winding Tag or my Seiko solar quartz -- never, bounded by my lifetime.
The problem with this comparison is that you can do exactly one thing with your quartz watch - check the time (or maybe two, if it has the date).
The utility of a smartwatch is significantly more - thus you will use it more. Comparing it to a phone, people use their phone way more now than they did when all it did was just make calls.
So (while I certainly want month long battery times in my watch) I do think it's a little unfair to compare them against plain ole regular watches which have a much smaller number of functions.
(note: I have no smart watch and occasionally wear a nice Seiko)
FWIW the default site works largely perfectly for me on mobile (Android, Chrome).
The only significant change I'd make is slightly increase the size of the story font, but it's usually not a problem for me as I've read the story via RSS already anyway.
The biggest screaming here over the many years I've been reading has undoubtedly been because of beta. I've been involved in a bunch of web projects where there was direction for a "new fresh design" so I understand the process - but/every time/ it resulted in massive community backlash.
Never more so than on Slashdot where the community is really the most significant part of the site.
There were some really confusing design decisions - removal of the 'read more' link to replace them with the social media bar, for example. I'm sure other/. readers would agree this really demonstrates a lack of understanding about the userbase & how people used the site.
For comparison though there were a few minor design touch-ups that I thought were quite nice - simple little aesthetic changes that DID NOT affect usability.
Ultimately I think very little change is required. Maybe winding back some of the recent changes. Ditching beta in its entirety.
Just back and forth, hardly any scoring, no serious risk of someone getting a concussion or something broken....
Yeh the back and forth of soccer is pretty boring - except when compared against the 11 minutes of actual gameplay in your typical three hour American football match.
My question is, are you really that scared? Are you that scared of your driving ability to avoid wrecks? Are you that worried about people around you?
I am generally way more scared of driving and being in cars than I am of, say, terrorist attacks - something which everyone probably should be given the statistical risks.
I've lost way more freedom due to the war on terror bullshit. I'd be way more happy losing whatever driving freedoms if it leads to an actual improvement in safety (even better if those costs are borne by the private sector and not my tax dollars, like they are with the war on terror!),
Wow. This makes me wonder if a good system for allowing submissions is to limit them to some factor of comments (or even better, comments that have had some positive moderation).
Slashdot Mirror
It should be noted that very shortly after that story broke there were some retractions by the authors.
This is a note by the author where they have reduced the number of affected papers - initially around 40,000 - down to around 3,000.
The publication in which the paper first appears has agreed to publish a correction.
So while there is definitely room for improvement, it appears the impact was grossly exaggerated in the original coverage.
The statement by Erik Johnson ends with the following:
"Using the OpenID API and making the same web calls as Steam users to run a gambling business is not allowed by our API nor our user agreements. We are going to start sending notices to these sites requesting they cease operations through Steam, and further pursue the matter as necessary."
It might just be too hard/risky/boring for them to actually actively block these users so sending them a letter asking them to stop is probably a fair starting point.
Do you have any examples of script-esque C++14 code? I haven't touched C++ for a zillion years but your post made me intrigued and I'd like to have a tinker with it to see if I could get up to speed with it easily enough to start trying to replace some scripts with it.
... other than the fact that they are so desperate for people to install it they are resorting to the most amazing levels of subterfuge to basically trick people into installing it?
How good would it need to be to justify looking past that?
Don't fall for their "fear of missing out" deadline.
The only other thing I know about Windows 10 (aside from all the alleged tracking/phone home stuff, which I haven't looked into in great detail but would be a dealbreaker for me) is that it will reboot after running updates without warning (... according to people I know who have suffered from this). I am not sure if this is just some sort of default setting or if it works this way by design. Either way, wtf.
... If only because it's documented and clear about pricing (at least at a glance from the summary).
I know this will be an unpopular opinion here but as an Australian that has lived under data caps since forever (the first broadband cap in Aus was 300mb, raised not long after to 3gb where it sat for a while), even considering how much time has elapsed 1TB is a staggering amount of data.
The biggest problem we had in Australia (... Outside of just generally ludicrously high costs for data) was pland being offered as "unlimited *", where the * basically meant go fuck yourself. This was, fortunately, clamped down on quickly and since then we've had crystal clear (if low) data limits.
I've been in the US for the last 2 years on some vaguely defined TWC plan. Despite having netflix running nearly all day every day (I've not been working for the last year so have had lots of spare time) I could barely manage more than 300gb a month, between me and my partner.
But even so I was constantly worried that eventually someone would be all like "you're using too much data!". Knowing there was a real limit would have been awesome, because I was used to thinking like that anyway and I'm tech savvy enough to deal with it.
I have no problems with data plans, as long as "unlimited" fucking well means what it says, even if you have to pay more for it. Having vague, opaque limits is harmful for everyone. Non-tech-savvy end users can just be filtered or rate capped, but for those of us that actually give a shit about service levels, it needs to be clear what we're paying for and what we're actually getting.
... is not as good as Ask Slashdot.
Their site is plastered with ads, or at least was the last time I looked at it (doesn't load for me so I can't check; I've recently moved countries so maybe it's blocked in the UK).
Given its popularity I'm sure they're making thousands per month simply from ad traffic.
I have to wonder if the low donations is reflective of the fact that people are actually unwilling to donate to people/organisations when they know they're actually doing the "wrong" thing. People have no problems pirating content but they don't actually want anyone to profit off it if it can be avoided.
Although I recall an interview with Bram Cohen (BitTorrent creator) many years ago where he mentioned his father convinced him to put that "please donate" in the original Python client, and he said after that he was making hundreds a day. So maybe not.
I just left the US after two years there and had the same astonishment from the other side. I'm from Australia where, like the UK, it is massively socially unacceptable.
Within weeks of being in the US we found a lot of people in our new social circles would think nothing of getting in the car after an extended drinking session. It was staggeringly common.
Took me a while to understand that they don't have random breath testing like they do in Australia (and I assume the UK). At least in the state I was in (Ohio), the police had to publicly announce where they would be setting up to do their "random" testing for drunk drivers. I think I saw two or three of these announcements in the two years I was there.
The risk of getting caught is so close to zero that people don't even think about it.
This is because of some Constitutional thing (4A IIRC?). It seems to make sense in the scope of the Constitution but the practical effects I think are pretty serious (e.g., the fatality rate for a lot of the states that I was in around the midwest was quite a bit higher than it was in Australia.
Friends from other states told me that Ohio was actually pretty good compared to some of the neighbouring states in terms of their attempts to enforce it. - a quick search indicates that it's 5.4 deaths / 100k population in Australia, vs 8.7 in Ohio - but Kentucky is 15.2 and Tennessee is 14.7!
I strongly suspect that a lot of them are basically parts of botnets run by shady marketers to sell likes/follows/etc. Tor is probably just used to avoid tripping certain Facebook mechanisms of multiple logins per IP or something.
Literally every different type of website has something 'hidden' on it. The only criteria is that it has been remotely compromised.
This is such a massive problem that Google have gone to lengths to add features into their Webmaster Tools to hint to website operators that their site has been compromised.
So this is staggeringly unsurprising. It's just another reminder that the average tolerance for security is very low.
Question: aside from the obviously massively added complexity, could you even have an electric engine if you could just jettison the battery packs after take off?
e.g., have some sort of external unit to the plane that simply falls off and flies itself to the ground (like a battery pack drone).
Without knowing anything about it I imagine a significant chunk of power is required to take off and climb, but no idea how much would be required to stay in flight. So if you could periodically get rid of used packs it'd have the same benefit as burning off fuel.
Although if you were super clever you could have these drones return to base, recharge, and then reconnect to planes in flight?!@#
I glanced through some of the Android parts of the paper; it describes these as 'practical attacks' but it also opens with "we assume that a victimâ(TM)s PC has been compromised, allowing an attacker to perform Man-in-the-Browser (MitB) attacks", so it would appear the immediate risk would be at least on the low side. Unless your PC is pwned, but of course if that's the case, you're in trouble already.
For Android, the paper describes a mechanism by which a malicious app can be published to the Google Play store, then silently installed and activated through a Google Chrome plugin trojan (installed as part of the PC pwnage). There are more [interesting] details about how that process works and circumvents some existing Google tricks intended to stop it (e.g., static analysis of apps).
At this point, the app can now intercept SMS tokens that are sent to you as part of 2FA.
I was mostly interested to see if there were vulnerabilities in the Google Authenticator mechanism/implementation; it seems that this is not the case. It basically just takes advantage of the fact that Google offer a way to skip the Google Authenticator by using an SMS instead, although I guess this requires that your Google account is set up with a phone number (which may or may not be a requirement?).
The end of the paper notes that "Google believes that our proposed attack is not feasible in practice". I feel like eventually we'll see a bunch of common trojans that are set up to mess with 2FA. I kind of think that this is a pretty involved process with a lot of room for things to go wrong (for the attackers) so how effective it is remains to be seen. (I also wonder with Android M if the permissions model is different enough so that the SMS reading permission needs to be invoked on a per-app basis? But that might be work-aroundable anyway.)
Wait until you hear about Slack.
But if you buy the company, you might be buying their developer account as well - specifically to avoid the situation where app IDs change so that they can get away with this kind of behaviour.
The few tasks that do require conversations, are also the complicated requests typically require humans and no bot can handle them today.
Most humans can't handle them today either.
If you're watching Netflix on the desktop using their (excellent) HTML5 player, you can actually set the streaming quality directly.
Hit CTRL-ALT-SHIFT-S to open up a settings dialogue. You'll get a list of different bitrates (and I think servers - don't have an active subscription at the moment so can't check) for video and audio streams.
(I watched a shitload of Netflix in the last year and most of it was in a tiny window on my deskop, so I always felt a little guilty about using so much bandwidth. I'd drop it to the lowest quality bitrate to save both me and them bandwidth.)
In my opinion, battery life should be measured against quartz watches -- years. Or compared to my self-winding Tag or my Seiko solar quartz -- never, bounded by my lifetime.
The problem with this comparison is that you can do exactly one thing with your quartz watch - check the time (or maybe two, if it has the date).
The utility of a smartwatch is significantly more - thus you will use it more. Comparing it to a phone, people use their phone way more now than they did when all it did was just make calls.
So (while I certainly want month long battery times in my watch) I do think it's a little unfair to compare them against plain ole regular watches which have a much smaller number of functions.
(note: I have no smart watch and occasionally wear a nice Seiko)
I started using it as well to launch Signal for Desktop. I don't even know how to launch it from the browser!
... the press stopped reporting the shit said by people that have been busted lying publicly.
FWIW the default site works largely perfectly for me on mobile (Android, Chrome).
The only significant change I'd make is slightly increase the size of the story font, but it's usually not a problem for me as I've read the story via RSS already anyway.
The biggest screaming here over the many years I've been reading has undoubtedly been because of beta. I've been involved in a bunch of web projects where there was direction for a "new fresh design" so I understand the process - but /every time/ it resulted in massive community backlash.
Never more so than on Slashdot where the community is really the most significant part of the site.
There were some really confusing design decisions - removal of the 'read more' link to replace them with the social media bar, for example. I'm sure other /. readers would agree this really demonstrates a lack of understanding about the userbase & how people used the site.
For comparison though there were a few minor design touch-ups that I thought were quite nice - simple little aesthetic changes that DID NOT affect usability.
Ultimately I think very little change is required. Maybe winding back some of the recent changes. Ditching beta in its entirety.
Nexus devices are satisfactory but not exceptional.
Yeh, this is about right. They are nice, standard reference phones for Android.
But: if my Nexus 4 was upgradable to Marshmallow (the latest Android OS) I probably would be upgrading it to being exceptional.
I've tried watching it...and BOOOORING.
Just back and forth, hardly any scoring, no serious risk of someone getting a concussion or something broken....
Yeh the back and forth of soccer is pretty boring - except when compared against the 11 minutes of actual gameplay in your typical three hour American football match.
My question is, are you really that scared? Are you that scared of your driving ability to avoid wrecks? Are you that worried about people around you?
I am generally way more scared of driving and being in cars than I am of, say, terrorist attacks - something which everyone probably should be given the statistical risks.
I've lost way more freedom due to the war on terror bullshit. I'd be way more happy losing whatever driving freedoms if it leads to an actual improvement in safety (even better if those costs are borne by the private sector and not my tax dollars, like they are with the war on terror!),
Wow. This makes me wonder if a good system for allowing submissions is to limit them to some factor of comments (or even better, comments that have had some positive moderation).