I bet the soon to come pro version will do a secure wipe of the phone so that the police can't perform a warrantless search on it. Obviously this version will be targeted at mobsters, drug dealers, and the tinfoil hat crowd.
"We are working with the provider of the Illini-Alert service to implement additional security features in the program to prevent this type of error."
After implementing the "additional security" we will hear how they were unable to send an alert for an actual event because the Chief of Police was dealing with the problem and couldn't come in to put his code in.
Only home users should be printing (usually PDF) via the browser. This is usually just some really big barcode where it doesn't matter if the layout changes.
If you are trying to print precise documents then you will need to develop a printout direct to the printers. If you are issuing passenger tickets then I'd recommend an industrial printer like a Zebra. The printing language is not that difficult to learn and those printers will just keep printing for years day-in day-out.
My guess would be that this is DRM related. It probably became very difficult to limit or explain the limit per account. When little Johnny with a separate profile installed the Watch Now feature on 5 of his friends' computers then Dad would be upset with Netflix when he called up trying to make his new Roku work. Or worse, the profiles where allowing people to get around the Watch Now limits. I don't know what the limits are but you can bet that the movie studios require them. With Netflix's push into streamed content, anything that gets in the way is likely to be cannibalized.
Wait... I'm confused. I thought one of the selling points of OpenID was that websites could verify things like your age and/or zipcode without you having to give personal information. Wouldn't my provider need to know who I am in order provide such information? Or is OpenID going to be one of those completely untrusted information things where 50-year-old men have ID's that say they are 14-year-old girls?
It is not cost effective for my ISP to log every DNS lookup or every IP I communicate with. The only way for the government to get at the information is a direct tap. This also only gives you information on my browsing habits from home. If instead you could gets records from my OpenID provider, you could see what membership websites I regularly visit whether it was from home, work, or Starbucks.
Working in reverse, lets say that there are VERY BAD websites that operate outside the USA but use OpenID. If your OpenID is at US provider then the government could simply ask the provider to list anyone who logged in to those VERY BAD websites. The problem is that VERY BAD ends up being broadly defined.
My point is that in creating centralized authentication you also create the potential for centralized tracking.
Doesn't this create a new privacy problem much like search data? How likely are companies providing the authentication services to create logs of which sites you login to? It is one thing to know what I search on but it is even more invasive to know which sites I actively login to.
Expectations have definately gotten out of hand. For years people made the argument that Dell should offer Linux pre-installed. Dell didn't want to do it because of the support problems. To which the typical Slashdotter replied, "don't worry, we just want to escape the MS tax and will likely re-install from scratch again anyway." Now that Dell actually does provide Linux installed on more and more machines they are taken to task because of support issues. This isn't going to make other manufacturers want to follow Dell's lead.
It is kind of like when your child says, "if you get me the puppy then I will feed and pickup after him, pleeeaaase!" Maybe the "Linux Community" needs to pickup after themselves and stop complaining.
In reading the article, the point of the scheme is to provide something like an SPF record for all those domains that don't implement SPF. If the combination of sending IP and sending domain do not already have an entry then the scheme places the email in a reject area. It then sends an email back to the sending address (or variation sub-address) asking for a reply for authorization. This is similar to the Earthlink authorization process only you are authorizing a IP and domain combination rather than a specific email address. One of the selling points is that people can setup an auto-reply for the authorization messages so the sending user never needs to see them.
If I read it correctly, I could use an existing account in any domain that doesn't have hard-fail SPF to authorize the IP address I was using. At this point I could spam from that IP from any made up or spoofed address in the domain I authorized to any address in the domain that sent me the authorization message. If I have a drone army that I use to send my spam then I probably don't even need to own the existing account I used; I simply need to sniff them out from the drone users (those people that only THINK they own their PC).
The author brings up ways to try and thwart the problem, but then the scheme starts getting burdensome again. My company uses hard-fail SPF for our domain, but we accept all email without checking SPF. SPF allows us to prevent some of the people trying to impersonate our domain. However, we run much of our customer service via email and can't start rejecting email because somebody's from address says gmail but the email is coming from an AOL server.
The problem isn't just getting higher SPF adoption, you would also need to figure out how to educate (or automate) users that send from various locations how to configure their mail client based on the sending domain. Then there is the problem of the many ISPs that block email sending ports (to thwart spam drones). For each of these problems there is an answer that starts with the words "all they have to do is...". Getting "they" to do anything at all, much less an appropriate anything is the most difficult thing in the world. It is similar to getting people to not only vote but to actually pay attention to the substance of who they are voting for rather than a sound byte.
I use SPF for my own domains and, yes, I do know what it solves. I was not slamming SPF. I was pointing out that this approach is vulnerable the same way SPF is. A spammer who authenticates via an SPF entry or via a reply to the the challenge email can get past both SPF and this approach. The difference is that with this approach you only need access to the email of a domain to spoof the scheme where as you need access to DNS to spoof SPF.
In addition, the scheme has the same flaw as SPF for those spammers who setup new domains. If the spammers setup SPF and the auto-reply software in the article then they can spam a great deal of people until caught by each receiving domain. Rinse... Repeat.
This is a good next step for Netflix. Here is a partial list of what they have done so far:
Let the postman deliver and return the movies. This got around the shelf space limit of the physical video store.
Introduce a monthly subscription that eliminated late fees. Procrastinators rejoice!
Get many of the studios to press (or allow Netflix to press) special editions of movies that travel through the mail better.
Compete with the new crop of VOD (video on demand) offerings by including it in the monthly fee (this might be an upgrade feature later).
Before there was widespread broadband we had a "last mile" problem that everyone was talking about. Now, many here are complaining about the "last room" problem of being able to watch this on their TV. I, for one, am glad that Netflix is not yet trying to solve this problem. It leaves it open to be solved in a non-restrictive way.
With the fast forward features from Netflix, all I need to stop watching in one room and start in another is a Internet connected browser. How soon before I can play this on my PS3, XBox360, Wii, SlingCatcher, or what ever other device that has the right connection to a TV. For my living room I would want something like the new Apple TV with HDMI connector. For other rooms, maybe I'll try to find some cheap unit with RCA output.
If Netflix continues to expand the number of movies offered by VOD like they have with DVD then I look forward to my multitude of choices. For action movies and long playing TV series I will continue to get the DVDs in the mail. For romantic movies and cartoons that the wife wants to watch, the downloaded quality would be fine.
Businesses that only ship bytes over the internet are usually hit with high amounts of fraud compared with those that ship physical items. I wonder what payment system Google is going to come up with and how it will deal with fraud. If fraud is high then credit card chargebacks are high and credit card processors want a bigger percentage to cover the risk.
Incedently, how long until this is full of pr0n? Or is that the point and the NBA is just a cover?
I think each person with a new HD drive will buy about one porn movie, and it would be their last. The ability to see the blades of grass on the soccer field is one thing, but being able to see every pimple on a porn star's behind is probably not going to go over well. Of course, if they bought a porn compilation full of older DVD movie scenes then they only need one.
You are kidding right? I run a CS 1.6 server in secure mode. Hacks abound. VAC takes a while (like months) to catch on and stop each new hack. The little kids that use them just their parents to by a new CD if they should ever get banned. The only thing that comes close to helping is some server mods from United Admins.
Umm... No... there is no such thing. Right of First Sale allows you to rent, lend, or sell what you have purchased. I work for a DVD rental company that does Netflix style rentals as well as weekly rentals and sales. We buy the DVDs wholesale. There is no alternate pricing.
They allow rentals of CDs in Japan, but I seem to remember there being some federal law that doesn't allow music to be rented in the US. Or maybe it was a court case. Anyone remember the same thing?
Does that mean that someone (anyone?) can make a nice little data collection device and place it near a walkway at an international airport to collect this information? It is one thing to be forced to give this information when entering a country, it is quite another if someone can just sniff it. Am I missing something?
I am probably going to hate myself for exposing this, but this delay tactic that Netflix uses has one hole you can exploit. Titles that are new releases are not effected by this as far as I can tell.
A title is a new release if it shows "Release on DVD..." under availability. These titles are available for shipment the date specified (usual a Tuesday). If you can make it so your return arrives on that day then you have a good chance of getting the new release no matter how many items you rented in the previous month.
A couple of tips:
1) Netflix will ship the day before release too (usually Monday).
2) Netflix doesn't process mail on Saturday so you can have the DVD show up on that day and get the new release.
3) New releases are NEVER shown in any browse links on Netflix. You have to search for them by name. There are quite a few sites on the Internet that list when movies come out on DVD. Netflix will usually have them as they release unless the title is from an independant (i.e. Bowling for Columbine).
Of course, now all these/. readers are going to be competing with me for the same movies.
I am also serviced out of the Santa Ana facility and have a single day delivery time. When movies take longer, it is because they are being sent from a different facility. You can tell when this happens because the Netflix ETA number is higher than 2 days (their minimum).
Unfortunately, you can't tell it from the envelope since Netflix is allowed to violate postal regs and put the northern CA mail from on all envelopes (saves on printing costs).
Umm... Could I have my 30 minutes back? Couldn't the author have made is point in like 5 minutes worth of reading? Maybe this guy is ex-NASA and dosn't know how to be economical with words.
Slashdot Mirror
I bet the soon to come pro version will do a secure wipe of the phone so that the police can't perform a warrantless search on it. Obviously this version will be targeted at mobsters, drug dealers, and the tinfoil hat crowd.
"I'm sorry, you cannot watch the food network due to your current girth. How about we tune in Biggest Loser instead?"
"We are working with the provider of the Illini-Alert service to implement additional security features in the program to prevent this type of error."
After implementing the "additional security" we will hear how they were unable to send an alert for an actual event because the Chief of Police was dealing with the problem and couldn't come in to put his code in.
Only home users should be printing (usually PDF) via the browser. This is usually just some really big barcode where it doesn't matter if the layout changes.
If you are trying to print precise documents then you will need to develop a printout direct to the printers. If you are issuing passenger tickets then I'd recommend an industrial printer like a Zebra. The printing language is not that difficult to learn and those printers will just keep printing for years day-in day-out.
Yes, yes, lets rip off that bandage as slooooowly as possible so we extend the pain and confusion as long as possible.
/sarcasm>
<
My guess would be that this is DRM related. It probably became very difficult to limit or explain the limit per account. When little Johnny with a separate profile installed the Watch Now feature on 5 of his friends' computers then Dad would be upset with Netflix when he called up trying to make his new Roku work. Or worse, the profiles where allowing people to get around the Watch Now limits. I don't know what the limits are but you can bet that the movie studios require them. With Netflix's push into streamed content, anything that gets in the way is likely to be cannibalized.
Wait... I'm confused. I thought one of the selling points of OpenID was that websites could verify things like your age and/or zipcode without you having to give personal information. Wouldn't my provider need to know who I am in order provide such information? Or is OpenID going to be one of those completely untrusted information things where 50-year-old men have ID's that say they are 14-year-old girls?
It is not cost effective for my ISP to log every DNS lookup or every IP I communicate with. The only way for the government to get at the information is a direct tap. This also only gives you information on my browsing habits from home. If instead you could gets records from my OpenID provider, you could see what membership websites I regularly visit whether it was from home, work, or Starbucks. Working in reverse, lets say that there are VERY BAD websites that operate outside the USA but use OpenID. If your OpenID is at US provider then the government could simply ask the provider to list anyone who logged in to those VERY BAD websites. The problem is that VERY BAD ends up being broadly defined. My point is that in creating centralized authentication you also create the potential for centralized tracking.
Doesn't this create a new privacy problem much like search data? How likely are companies providing the authentication services to create logs of which sites you login to? It is one thing to know what I search on but it is even more invasive to know which sites I actively login to.
Expectations have definately gotten out of hand. For years people made the argument that Dell should offer Linux pre-installed. Dell didn't want to do it because of the support problems. To which the typical Slashdotter replied, "don't worry, we just want to escape the MS tax and will likely re-install from scratch again anyway." Now that Dell actually does provide Linux installed on more and more machines they are taken to task because of support issues. This isn't going to make other manufacturers want to follow Dell's lead. It is kind of like when your child says, "if you get me the puppy then I will feed and pickup after him, pleeeaaase!" Maybe the "Linux Community" needs to pickup after themselves and stop complaining.
In reading the article, the point of the scheme is to provide something like an SPF record for all those domains that don't implement SPF. If the combination of sending IP and sending domain do not already have an entry then the scheme places the email in a reject area. It then sends an email back to the sending address (or variation sub-address) asking for a reply for authorization. This is similar to the Earthlink authorization process only you are authorizing a IP and domain combination rather than a specific email address. One of the selling points is that people can setup an auto-reply for the authorization messages so the sending user never needs to see them. If I read it correctly, I could use an existing account in any domain that doesn't have hard-fail SPF to authorize the IP address I was using. At this point I could spam from that IP from any made up or spoofed address in the domain I authorized to any address in the domain that sent me the authorization message. If I have a drone army that I use to send my spam then I probably don't even need to own the existing account I used; I simply need to sniff them out from the drone users (those people that only THINK they own their PC). The author brings up ways to try and thwart the problem, but then the scheme starts getting burdensome again. My company uses hard-fail SPF for our domain, but we accept all email without checking SPF. SPF allows us to prevent some of the people trying to impersonate our domain. However, we run much of our customer service via email and can't start rejecting email because somebody's from address says gmail but the email is coming from an AOL server. The problem isn't just getting higher SPF adoption, you would also need to figure out how to educate (or automate) users that send from various locations how to configure their mail client based on the sending domain. Then there is the problem of the many ISPs that block email sending ports (to thwart spam drones). For each of these problems there is an answer that starts with the words "all they have to do is...". Getting "they" to do anything at all, much less an appropriate anything is the most difficult thing in the world. It is similar to getting people to not only vote but to actually pay attention to the substance of who they are voting for rather than a sound byte.
I use SPF for my own domains and, yes, I do know what it solves. I was not slamming SPF. I was pointing out that this approach is vulnerable the same way SPF is. A spammer who authenticates via an SPF entry or via a reply to the the challenge email can get past both SPF and this approach. The difference is that with this approach you only need access to the email of a domain to spoof the scheme where as you need access to DNS to spoof SPF.
In addition, the scheme has the same flaw as SPF for those spammers who setup new domains. If the spammers setup SPF and the auto-reply software in the article then they can spam a great deal of people until caught by each receiving domain. Rinse... Repeat.
This is a good next step for Netflix. Here is a partial list of what they have done so far:
Before there was widespread broadband we had a "last mile" problem that everyone was talking about. Now, many here are complaining about the "last room" problem of being able to watch this on their TV. I, for one, am glad that Netflix is not yet trying to solve this problem. It leaves it open to be solved in a non-restrictive way.
With the fast forward features from Netflix, all I need to stop watching in one room and start in another is a Internet connected browser. How soon before I can play this on my PS3, XBox360, Wii, SlingCatcher, or what ever other device that has the right connection to a TV. For my living room I would want something like the new Apple TV with HDMI connector. For other rooms, maybe I'll try to find some cheap unit with RCA output.
If Netflix continues to expand the number of movies offered by VOD like they have with DVD then I look forward to my multitude of choices. For action movies and long playing TV series I will continue to get the DVDs in the mail. For romantic movies and cartoons that the wife wants to watch, the downloaded quality would be fine.
Businesses that only ship bytes over the internet are usually hit with high amounts of fraud compared with those that ship physical items. I wonder what payment system Google is going to come up with and how it will deal with fraud. If fraud is high then credit card chargebacks are high and credit card processors want a bigger percentage to cover the risk. Incedently, how long until this is full of pr0n? Or is that the point and the NBA is just a cover?
I think each person with a new HD drive will buy about one porn movie, and it would be their last. The ability to see the blades of grass on the soccer field is one thing, but being able to see every pimple on a porn star's behind is probably not going to go over well. Of course, if they bought a porn compilation full of older DVD movie scenes then they only need one.
You are kidding right? I run a CS 1.6 server in secure mode. Hacks abound. VAC takes a while (like months) to catch on and stop each new hack. The little kids that use them just their parents to by a new CD if they should ever get banned. The only thing that comes close to helping is some server mods from United Admins.
Umm... No... there is no such thing. Right of First Sale allows you to rent, lend, or sell what you have purchased. I work for a DVD rental company that does Netflix style rentals as well as weekly rentals and sales. We buy the DVDs wholesale. There is no alternate pricing.
They allow rentals of CDs in Japan, but I seem to remember there being some federal law that doesn't allow music to be rented in the US. Or maybe it was a court case. Anyone remember the same thing?
Does that mean that someone (anyone?) can make a nice little data collection device and place it near a walkway at an international airport to collect this information? It is one thing to be forced to give this information when entering a country, it is quite another if someone can just sniff it. Am I missing something?
I am probably going to hate myself for exposing this, but this delay tactic that Netflix uses has one hole you can exploit. Titles that are new releases are not effected by this as far as I can tell.
/. readers are going to be competing with me for the same movies.
A title is a new release if it shows "Release on DVD..." under availability. These titles are available for shipment the date specified (usual a Tuesday). If you can make it so your return arrives on that day then you have a good chance of getting the new release no matter how many items you rented in the previous month.
A couple of tips:
1) Netflix will ship the day before release too (usually Monday).
2) Netflix doesn't process mail on Saturday so you can have the DVD show up on that day and get the new release.
3) New releases are NEVER shown in any browse links on Netflix. You have to search for them by name. There are quite a few sites on the Internet that list when movies come out on DVD. Netflix will usually have them as they release unless the title is from an independant (i.e. Bowling for Columbine).
Of course, now all these
I am also serviced out of the Santa Ana facility and have a single day delivery time. When movies take longer, it is because they are being sent from a different facility. You can tell when this happens because the Netflix ETA number is higher than 2 days (their minimum). Unfortunately, you can't tell it from the envelope since Netflix is allowed to violate postal regs and put the northern CA mail from on all envelopes (saves on printing costs).
Maybe I exagerated a bit, but the story was still too damn long for the point it was trying to make.
Umm... Could I have my 30 minutes back? Couldn't the author have made is point in like 5 minutes worth of reading? Maybe this guy is ex-NASA and dosn't know how to be economical with words.