And how does taking the metro to work stop you from using a lightening based headphone jack during the commute? They come with one. You typically cannot charge on the metro so there is nothing there preventing it.
Or it could be that it IS working as it is supposed to, and the 3.5mm port is not as needed as you want. From my experience it is only needed by a few, at home people connect to bluetooth speakers, that lets them charge and play. Similar in modern cars, and you should not have head phones in while driving anyways. For exercise is the only time you need something and charging is not something you normally can do at that time anyways.
Actually from a security standpoint it makes them look good. I am anot a Google apologist, but I am also not a google hater. just because you dont understand how security works does not mean I have to be just as ignorant.
The patch downloader had ALREADY been distributed, not *being*. and that is not what is meant by "mitigating procedures" I dont know of a reporting company in the world who would say, "well you released a patch, no need to release the details", they all do, all that holding it does is lead to more exploits by people who figure the issue out.
My god you really went around the neighborhood to try and attack google.
the exploit was vulnerable to any APP with WRITE_EXTERNAL_STORAGE permission. Any app with the name com.epicgames.fortnite could have been downloaded an installed via that. It did not have to come from a hijacked access point. It was mostly a glorified permissions issue.
Again, no PR attack, just them following their procedures and being responsible.
AFTER it has been patched so uses can patch? That is not how it works dude. If they announced the bug BEFORE a patch was made available then sure, but after a patch is released it is more irresponsible to NOT release the details because people wont know they need to patch, but exploiters will know there was a patch and can seek it out.
Actually before they released the patch they ensured that darn near everyone had the patch, even Epic stated that:
"Sweeney concedes that "Google did privately communicate something to the effect that they're monitoring Fortnite installations on all Android devices(!) and felt that there weren't many unpatched installs remaining"."
Also pretty much every disclosure I have seen has had technical details.
What abuse? The patch was released in a matter of a day or so..
What happens if a hacker finds the vulnerability and targets the users who dont know they need to patch? Well Epic and Google would have put those people in jeopardy by holding it. This way people know they need to patch.
That is in fact the nature of Epic's objection. Google did more than they were obligated to do, and the thing they did put users at risk, it did not protect them.
I disagree. In order to install the app they had to disable several security mechanisms, and probably not turn them back on. They told epic about the flaw and waited for them to fix it, once it was fixed and released a patch it is best for all people to know they need to immediately patch, since there are no guarantees their loader auto patches.
and that's where they should have stopped. If Epic were not addressing the bug, then full and immediate disclosure would have been warranted, but that was not the situation.
incorrect. Google has an obligation to continue, unless you think flaws should not be disclosed unless they fail to fix them?
Nice bug you've got there. Shame if someone announced it unnecessarily while you were fixing it. Guess you should have paid the protection money, eh?.
Again they did not disclose it during the fix, they disclosed it after a patch had been released. They followed their own guidelines.
Google followed its own guidelines. Their guidelines are that they will release the details when the first of 2 things happens, either 90 days has expired OR a general availability patch has been released. The second happened, but Epic wanted google to violate its own guidelines for them.
The problems is in bypassing the play store they did open themselves up some and now they want google to change, not them.
Google followed its own guidelines. Their guidelines are that they will release the details when the first of 2 things happens, either 90 days has expired OR a general availability patch has been released. The second happened, but Epic wanted google to violate its own guidelines for them.
Slashdot Mirror
if their vote directly hurts them, which it often does, then it is voting against their best interests.
for example republicans vote to cut the 3 large saftey nets, which that group largely depend on.
there is a difference between giving out free internet and cheating paying customers.
And this is the actual reason why people don't like systemd. It's quality is bad and when it crashes the kernel panics.
We all panic.
That is your opinion, again your experience is limited.
That i t is not needed and there is a drive to make the devices thinner.
And how does taking the metro to work stop you from using a lightening based headphone jack during the commute? They come with one. You typically cannot charge on the metro so there is nothing there preventing it.
Or it could be that it IS working as it is supposed to, and the 3.5mm port is not as needed as you want. From my experience it is only needed by a few, at home people connect to bluetooth speakers, that lets them charge and play. Similar in modern cars, and you should not have head phones in while driving anyways. For exercise is the only time you need something and charging is not something you normally can do at that time anyways.
You know unless it constitutes an actual threat to others, like yelling "FIRE!" in a crowded theater, or convey a real threat..
Actually from a security standpoint it makes them look good. I am anot a Google apologist, but I am also not a google hater. just because you dont understand how security works does not mean I have to be just as ignorant.
Actually the policy says 7 days after a patch has been released, not if being misused, that is their policy.
The patch downloader had ALREADY been distributed, not *being*. and that is not what is meant by "mitigating procedures" I dont know of a reporting company in the world who would say, "well you released a patch, no need to release the details", they all do, all that holding it does is lead to more exploits by people who figure the issue out.
if by "looks like shit" you mean looks responsible, you are correct.
My god you really went around the neighborhood to try and attack google.
the exploit was vulnerable to any APP with WRITE_EXTERNAL_STORAGE permission. Any app with the name com.epicgames.fortnite could have been downloaded an installed via that. It did not have to come from a hijacked access point. It was mostly a glorified permissions issue.
Again, no PR attack, just them following their procedures and being responsible.
Except there were no mitigating procedures in process, and google had already identified that nearly all downloads had patched.
AFTER it has been patched so uses can patch? That is not how it works dude. If they announced the bug BEFORE a patch was made available then sure, but after a patch is released it is more irresponsible to NOT release the details because people wont know they need to patch, but exploiters will know there was a patch and can seek it out.
Actually before they released the patch they ensured that darn near everyone had the patch, even Epic stated that:
"Sweeney concedes that "Google did privately communicate something to the effect that they're monitoring Fortnite installations on all Android devices(!) and felt that there weren't many unpatched installs remaining"."
Also pretty much every disclosure I have seen has had technical details.
You would think most slashdot readers would understand this, apparently not.
So you are saying Google should have put users in danger by holding on to the discloser, for what reason?
What abuse? The patch was released in a matter of a day or so..
What happens if a hacker finds the vulnerability and targets the users who dont know they need to patch? Well Epic and Google would have put those people in jeopardy by holding it. This way people know they need to patch.
No they are not. They released the patch to the general public patch. Google waited 7 days more and released the vulnerability.
That is in fact the nature of Epic's objection. Google did more than they were obligated to do, and the thing they did put users at risk, it did not protect them.
I disagree. In order to install the app they had to disable several security mechanisms, and probably not turn them back on. They told epic about the flaw and waited for them to fix it, once it was fixed and released a patch it is best for all people to know they need to immediately patch, since there are no guarantees their loader auto patches.
and that's where they should have stopped. If Epic were not addressing the bug, then full and immediate disclosure would have been warranted, but that was not the situation.
incorrect. Google has an obligation to continue, unless you think flaws should not be disclosed unless they fail to fix them?
Nice bug you've got there. Shame if someone announced it unnecessarily while you were fixing it. Guess you should have paid the protection money, eh?.
Again they did not disclose it during the fix, they disclosed it after a patch had been released. They followed their own guidelines.
Google followed its own guidelines. Their guidelines are that they will release the details when the first of 2 things happens, either 90 days has expired OR a general availability patch has been released. The second happened, but Epic wanted google to violate its own guidelines for them.
The problems is in bypassing the play store they did open themselves up some and now they want google to change, not them.
Google followed its own guidelines. Their guidelines are that they will release the details when the first of 2 things happens, either 90 days has expired OR a general availability patch has been released. The second happened, but Epic wanted google to violate its own guidelines for them.
courts have ruled you do have rights, its just that you have less of a right to privacy.
The constitutionality of it has not actually been upheld. All that is upheld is you have *less* rights to the right of privacy at the border.