if you have a NEW platform that NEEDS a virus scanner for any reason other than passing along infected documents, it's a design fail.
My opinion is that a device should run managed code like iPhone or heavily sandboxed scripts like a web browser. At minimum an "unsecured" OS like Android should mandate every app install have some kind of valid third-party certificate to sign it.... similar to how SSL works. To guarantee you got the code from a known vendor and that the code they published was not tampered with along the way. Sure, it can be faked, social engineered.. but you force it for every app installed... eventually with Certificates you get into Wire fraud or Mail fraud for misrepresenting yourself to get the certificate and the law can get you.
but the REAL flaw is a system where my $50 phone bill can some how rack up $100's in extra charges... no other form of consumer credit is that open-ended. Why I need to make "payments" to other companies with my phone bill is just crazy in the first place.
The simple fact is that the telco has a very, very tiny overhead and benefits from "mistakes" 100x over.
the trouble is that C is rarely the case. Getting locks on all the various ways you can be charged is difficult at best. Every time you make a plan change the telco tries to take away the locks... you usually find out when your 10 year old couldn't sleep and was texting all the numbers on KIDS TV channels.
I've mostly seen that stop now, but there for a while it was really, really bad. I don't think very many people INTEND to sign up for these services until they see the bill and want them stopped. My favorite is still the online "quiz" that wants to text you the answer... so the kid types in dad's text number and when they get the reply they just rang up $9.99. You can argue about "watch the phone better" all you want, but essentially it's an organized "trap" to get money by "accident" just like mislabeling products on a grocery store shelf.
How hard is it really? If I sign up for a $50 plan... why would I ever use $500 or even $200 without needing special arrangements? My $500 credit card doesn't let me charge $500 at 10 different places.. OK it can be done, but it's the BANK'S money so they don't let that happen. Telcos spent like a nickel in costs and get several dollars in fees... there's just no "lose" to allowing this crap.
but the bad PR is on some deadbeat that didn't pay their bill... because their 7 year old signed up for a bunch of texts they saw on KIDS TV. There's no real downside for the telco here. They get a sizable chunk of that $9.99 charge up front, and I doubt they refund to the "content providers" when somebody want's backcharges. There's literally ZERO LOSE for them! Default doesn't matter because if the bill goes over 60 days while you dispute it starts hitting your credit report, so the higher income folks most able to argue, have the most to lose with even a minor credit ding from the reputable phone company... they can lose security clearance, or pay thousands more for their loans... they literally HAVE to pay up first, they might get a "credit" back.
So run the numbers of how many people (that aren't bad credit lamers) are able to get through the whole process without having to essentially prepay... and at that point the telco has your money... they won. How many folks are going to risk a credit ding over $9.99? really? As I've seen these basically targeted at tweens and teens, it's basically scamming for free money... I'd bet the percentage of un-allowed or misunderstood is 70% or more.... considering how many of these commercials are on TV at many $$ per pop somebody is making serious coin.
effectively the phone company claims to "own" the phone, at least the cell firmware.... so why CAN'T your phone know that stuff, in nearly real time? I can understand international charges being difficult, but cell transmission is specifically designed to mimic the circuit-switched networks and have near absolute traceability... heck it wasn't that long ago they charged premium if your call "roamed" to a different tower driving down the highway.
What needs to happen is that regulations need to change to make mis-billing cost the phone company more than the kickback they get. So if the telco gets $3 for "billing" they should compensate the users for $6 when an error is found. That's what we had to do when groceries implemented barcode scanning years ago so there's plenty of precedent (in for a nickle pay 5x back). The problem is that in the press they throw around 200% numbers... while at the same time down playing that only 10% of mischarges might get reported and rolled back (with no consideration for your trouble)
this is where the carriers are part of the problem. They get big kickbacks for managing "billing" on all these fraudulent text-to scams.
When you sign up for a telephone line you sign up for "unlimited" credit. I never, ever understood how I could sign up for a $50 phone bill and get $500+ in charges? That's like 10x the amount of "credit" extended in the first place, no sane business would ever do that... except the phone company's "product" in this case is essentially free, so take what sticks. If that happened with a Credit Card company, courts would laugh at them trying to collect that debt. Why does "on a phone" make any difference. My personal bane are the little IQ tests that want a cell phone number to get the answer. Any pre-teen without a phone is going to punch in the number and not think twice... Happy $9.99 (and $3 pure profit for the telco!). Getting blocks on all the lines, for all the different charges is a pain in the Ass. My wife has spent hours on the phone... but every time you make a change to the plan, all the "unconventional" locks get dropped and 2 months later you find out when something slips through.... it's not like the monthly statement TELLS you what locks you have or anything.
Except what's the draw of Open Source for users.... think about it.
Hint, it's the fact that almost all the stuff you need is on a LiveCD or in a Repository.... so it's right back to a "garden" even if it isn't walled because what normal user has any business editing or compiling their own code... ultimately, they still trust some company, or community, to tell them the code they're running is OK.
and lots of big companies got Sued over it too! They learned their lesson, and now they've paid up so they use it as a market share tool. Now that "they" have paid and "we" haven't it's just a business tool, morality of IP is secondary. The big issue is that we need a FREE way for people to build pages that can interact with mobile devices... i.e. NOT using patented codex they can run around and sue "the Internet" for using. Mobile is the future, if "commoners" can't write pages in the "new Internet" without paying fealty free speech goes right out the window.
but seriously, is Apple going to give up Quicktime and Fairplay? Is Microsoft going to give up h.264 and Windows Media Player? keep dreaming kids. None of the big companies have any intention of using "open" HTML5 video anyway. I wish Google, Opera, Mozilla, & the W3C would cut them off and stop listening to them.
no, DRM makes things not searchable... there's no way Google wants that. Most of what's on YouTube doesn't NEED DRM...
The whole point of HTML5 video is so that "everyman" can use video services... for family videos... i.e all the crap that's on YouTube, Flickr, picassa, etc. HTML5 video isn't about SELLING videos... it's something that should have been done ten years ago... why should every browser not support a modern video format, like they support gif, png, jpeg? That's what everybody misses in this discussion. Everybody has their own DRM versions... I don't really see those going away, there's no reason the big guys like Apple, Microsoft, Adobe will have their own anyway...
The whole thing is bogus anyway... the big guys aren't going to give up their private DRM schemes anyway... all they're doing is stalling the process to fuck over the little people. Once Open HTML5 video hits and Google and Mozilla start implementing it then Apple and Microsoft will come along. Hell, if Adobe was clever they'd tack Vorbis and WebM into the next Flash and all the enterprise businesses would be none the wiser and keep using IE6!
when multi-million dollar CEOs don't get their trades spot on.. or have to wait. (AAAHHH!) they fling the blame around.. from the golf course, to the call girls.. word gets around.
breaking into other people's "free" accounts has been punished lots of times. Most recently with Palin's email with a crappy easy to guess hint. The law says "unauthorized access" and the ToS defines what that is.
To put it another way, what if the officer gave his Work login credentials to his teenage son to show their friends. it's just a ToS after all... he wouldn't be charged with any crime.. would he? Maybe the guy needs a federal student loan or wants to work at a different prison.
any background check agency worth it's coin has plenty of ways to see your facebook friends and other things the public can't see. If they DON'T then you shouldn't be using them. Disclosing your Facebook ID should be enough. Demanding the password is truly criminal and totally political.
the line is crossed at "password". As a security professional, it could be argued that they need to DISCLOSE their social media log-ins this would help make sure cons weren't trying to target them or set them up for crimes as well. But asking for the PASSWORDS crosses a line... and they know it.. it's more about control than security at that point.
exactly, like many people pointed out, most child molesters are in the same family... so we should be extra weary of every male living with a younger person.
I feel the same way with my own kids and they're getting double digits now. But you still wait by the restroom in a busy gas station for the kids to be counted... while FoxNews on the TV nearby makes you feel like a pervert even though you're waiting by the door of the restroom.
where the NSA by law does not need a warrant to inspect anything they want because it's "outside the USA" and the constitution stops at the boarder. Seriously, haven't you been reading anything?
it's mostly American Companies pimping out the Great Firewall anyway.
I've often wondered the ethics of those companies... it's like being an arms maker but complaining about somebody practice shooting a.50 cal in your gated neighborhood. Seriously, what do these guys think this stuff is for?
the DoJ pushed for a few dozen domain seizures just last week for some lame IP offense... and took out 84,000 honest folks along with them redirecting the sites to scary "under investigations" pages. Sorry we scarred your customers for life... move along.
Except they're starting to essentially drown in all the data they can legally get... and still not get anything MEANINGFUL. There's too much focus on CSI-style smoking gun evidence hidden in techno babble...
The problem now is that it's going from hearing you when you're under investigation, to collect from everybody and review it for faults later. Just about every thing like Toll cams etc that "won't affect privacy" end up used for just that purpose.. and just about any beat cop can use it to stalk the girl they want with the stuff whenever they want.
But that's not really the case. Privacy is about not having your personal information collected all the time.. about somebody not snooping on you. There's a difference between a public Facebook post and somebody downloading ALL the Facebook posts from you and your friends from all time. Until recently collecting that much data on somebody was time intensive and quite obvious... and was considered illegal in many places. Even for law enforcement as a type of harassment because it was used for social "blackmail" when the lawman didn't have a case. Now that all the stuff is available with and SQL query away, law enforcement wants it all. Of course 90% of this stuff is circumstantial at best in a criminal case.. but that's not really the point. It's about POWER. About being able to tell some guy investigated for taxes that his wife has a girlfriend and his daughter is pregnant to get a better deal in court... exactly WHY we don't allow that stuff admitted in the first place.
Slashdot Mirror
if you have a NEW platform that NEEDS a virus scanner for any reason other than passing along infected documents, it's a design fail.
My opinion is that a device should run managed code like iPhone or heavily sandboxed scripts like a web browser. At minimum an "unsecured" OS like Android should mandate every app install have some kind of valid third-party certificate to sign it.... similar to how SSL works. To guarantee you got the code from a known vendor and that the code they published was not tampered with along the way. Sure, it can be faked, social engineered.. but you force it for every app installed... eventually with Certificates you get into Wire fraud or Mail fraud for misrepresenting yourself to get the certificate and the law can get you.
but the REAL flaw is a system where my $50 phone bill can some how rack up $100's in extra charges... no other form of consumer credit is that open-ended. Why I need to make "payments" to other companies with my phone bill is just crazy in the first place.
The simple fact is that the telco has a very, very tiny overhead and benefits from "mistakes" 100x over.
the trouble is that C is rarely the case. Getting locks on all the various ways you can be charged is difficult at best. Every time you make a plan change the telco tries to take away the locks... you usually find out when your 10 year old couldn't sleep and was texting all the numbers on KIDS TV channels.
I've mostly seen that stop now, but there for a while it was really, really bad. I don't think very many people INTEND to sign up for these services until they see the bill and want them stopped. My favorite is still the online "quiz" that wants to text you the answer... so the kid types in dad's text number and when they get the reply they just rang up $9.99. You can argue about "watch the phone better" all you want, but essentially it's an organized "trap" to get money by "accident" just like mislabeling products on a grocery store shelf.
How hard is it really? If I sign up for a $50 plan... why would I ever use $500 or even $200 without needing special arrangements? My $500 credit card doesn't let me charge $500 at 10 different places.. OK it can be done, but it's the BANK'S money so they don't let that happen. Telcos spent like a nickel in costs and get several dollars in fees... there's just no "lose" to allowing this crap.
but the bad PR is on some deadbeat that didn't pay their bill... because their 7 year old signed up for a bunch of texts they saw on KIDS TV. There's no real downside for the telco here. They get a sizable chunk of that $9.99 charge up front, and I doubt they refund to the "content providers" when somebody want's backcharges. There's literally ZERO LOSE for them! Default doesn't matter because if the bill goes over 60 days while you dispute it starts hitting your credit report, so the higher income folks most able to argue, have the most to lose with even a minor credit ding from the reputable phone company... they can lose security clearance, or pay thousands more for their loans... they literally HAVE to pay up first, they might get a "credit" back.
So run the numbers of how many people (that aren't bad credit lamers) are able to get through the whole process without having to essentially prepay... and at that point the telco has your money... they won. How many folks are going to risk a credit ding over $9.99? really? As I've seen these basically targeted at tweens and teens, it's basically scamming for free money... I'd bet the percentage of un-allowed or misunderstood is 70% or more.... considering how many of these commercials are on TV at many $$ per pop somebody is making serious coin.
effectively the phone company claims to "own" the phone, at least the cell firmware.... so why CAN'T your phone know that stuff, in nearly real time? I can understand international charges being difficult, but cell transmission is specifically designed to mimic the circuit-switched networks and have near absolute traceability... heck it wasn't that long ago they charged premium if your call "roamed" to a different tower driving down the highway.
What needs to happen is that regulations need to change to make mis-billing cost the phone company more than the kickback they get. So if the telco gets $3 for "billing" they should compensate the users for $6 when an error is found. That's what we had to do when groceries implemented barcode scanning years ago so there's plenty of precedent (in for a nickle pay 5x back). The problem is that in the press they throw around 200% numbers... while at the same time down playing that only 10% of mischarges might get reported and rolled back (with no consideration for your trouble)
this is where the carriers are part of the problem. They get big kickbacks for managing "billing" on all these fraudulent text-to scams.
When you sign up for a telephone line you sign up for "unlimited" credit. I never, ever understood how I could sign up for a $50 phone bill and get $500+ in charges? That's like 10x the amount of "credit" extended in the first place, no sane business would ever do that... except the phone company's "product" in this case is essentially free, so take what sticks. If that happened with a Credit Card company, courts would laugh at them trying to collect that debt. Why does "on a phone" make any difference. My personal bane are the little IQ tests that want a cell phone number to get the answer. Any pre-teen without a phone is going to punch in the number and not think twice... Happy $9.99 (and $3 pure profit for the telco!). Getting blocks on all the lines, for all the different charges is a pain in the Ass. My wife has spent hours on the phone... but every time you make a change to the plan, all the "unconventional" locks get dropped and 2 months later you find out when something slips through.... it's not like the monthly statement TELLS you what locks you have or anything.
he paid Woz $5 and a tangled ball of yarn to do it.
Except what's the draw of Open Source for users.... think about it.
Hint, it's the fact that almost all the stuff you need is on a LiveCD or in a Repository.... so it's right back to a "garden" even if it isn't walled because what normal user has any business editing or compiling their own code... ultimately, they still trust some company, or community, to tell them the code they're running is OK.
and lots of big companies got Sued over it too! They learned their lesson, and now they've paid up so they use it as a market share tool. Now that "they" have paid and "we" haven't it's just a business tool, morality of IP is secondary. The big issue is that we need a FREE way for people to build pages that can interact with mobile devices... i.e. NOT using patented codex they can run around and sue "the Internet" for using. Mobile is the future, if "commoners" can't write pages in the "new Internet" without paying fealty free speech goes right out the window.
but seriously, is Apple going to give up Quicktime and Fairplay? Is Microsoft going to give up h.264 and Windows Media Player? keep dreaming kids. None of the big companies have any intention of using "open" HTML5 video anyway. I wish Google, Opera, Mozilla, & the W3C would cut them off and stop listening to them.
no, DRM makes things not searchable... there's no way Google wants that. Most of what's on YouTube doesn't NEED DRM...
The whole point of HTML5 video is so that "everyman" can use video services... for family videos... i.e all the crap that's on YouTube, Flickr, picassa, etc. HTML5 video isn't about SELLING videos... it's something that should have been done ten years ago... why should every browser not support a modern video format, like they support gif, png, jpeg? That's what everybody misses in this discussion. Everybody has their own DRM versions... I don't really see those going away, there's no reason the big guys like Apple, Microsoft, Adobe will have their own anyway...
The whole thing is bogus anyway... the big guys aren't going to give up their private DRM schemes anyway... all they're doing is stalling the process to fuck over the little people. Once Open HTML5 video hits and Google and Mozilla start implementing it then Apple and Microsoft will come along. Hell, if Adobe was clever they'd tack Vorbis and WebM into the next Flash and all the enterprise businesses would be none the wiser and keep using IE6!
when multi-million dollar CEOs don't get their trades spot on.. or have to wait. (AAAHHH!) they fling the blame around.. from the golf course, to the call girls.. word gets around.
breaking into other people's "free" accounts has been punished lots of times. Most recently with Palin's email with a crappy easy to guess hint. The law says "unauthorized access" and the ToS defines what that is.
To put it another way, what if the officer gave his Work login credentials to his teenage son to show their friends. it's just a ToS after all... he wouldn't be charged with any crime.. would he? Maybe the guy needs a federal student loan or wants to work at a different prison.
let's simplify this....
If the officer gave his work password to his wife... would the DoC think THAT was a crime or not?
any background check agency worth it's coin has plenty of ways to see your facebook friends and other things the public can't see. If they DON'T then you shouldn't be using them. Disclosing your Facebook ID should be enough. Demanding the password is truly criminal and totally political.
the line is crossed at "password". As a security professional, it could be argued that they need to DISCLOSE their social media log-ins this would help make sure cons weren't trying to target them or set them up for crimes as well. But asking for the PASSWORDS crosses a line... and they know it.. it's more about control than security at that point.
exactly, like many people pointed out, most child molesters are in the same family... so we should be extra weary of every male living with a younger person.
I feel the same way with my own kids and they're getting double digits now. But you still wait by the restroom in a busy gas station for the kids to be counted... while FoxNews on the TV nearby makes you feel like a pervert even though you're waiting by the door of the restroom.
don't want to damage the "merchandise!"
where the NSA by law does not need a warrant to inspect anything they want because it's "outside the USA" and the constitution stops at the boarder. Seriously, haven't you been reading anything?
it's mostly American Companies pimping out the Great Firewall anyway.
I've often wondered the ethics of those companies... it's like being an arms maker but complaining about somebody practice shooting a .50 cal in your gated neighborhood. Seriously, what do these guys think this stuff is for?
referring to last week's news:
the DoJ pushed for a few dozen domain seizures just last week for some lame IP offense... and took out 84,000 honest folks along with them redirecting the sites to scary "under investigations" pages. Sorry we scarred your customers for life... move along.
What you do with your "PRIVATE" is the STATE's Business.... damn it!
Except they're starting to essentially drown in all the data they can legally get... and still not get anything MEANINGFUL. There's too much focus on CSI-style smoking gun evidence hidden in techno babble...
The problem now is that it's going from hearing you when you're under investigation, to collect from everybody and review it for faults later. Just about every thing like Toll cams etc that "won't affect privacy" end up used for just that purpose.. and just about any beat cop can use it to stalk the girl they want with the stuff whenever they want.
But that's not really the case. Privacy is about not having your personal information collected all the time.. about somebody not snooping on you. There's a difference between a public Facebook post and somebody downloading ALL the Facebook posts from you and your friends from all time. Until recently collecting that much data on somebody was time intensive and quite obvious... and was considered illegal in many places. Even for law enforcement as a type of harassment because it was used for social "blackmail" when the lawman didn't have a case.
Now that all the stuff is available with and SQL query away, law enforcement wants it all. Of course 90% of this stuff is circumstantial at best in a criminal case.. but that's not really the point. It's about POWER. About being able to tell some guy investigated for taxes that his wife has a girlfriend and his daughter is pregnant to get a better deal in court... exactly WHY we don't allow that stuff admitted in the first place.