That's a lot of rage for a mid-Monday. You may want to move to Colorado and get a hobby...or just get a SlashDot account like the rest of us, you f***ing n00b.
This is for India (note the primary video is in Hindi) and other places used to paying for crappy Internet. In these cases, a less-crappy Internet from Facebook is deemed (cue Martha Stewart) a good thing. However, if (or when if you're Google) someone figures out how to give Indians full-blown Internet for free, then Facebook's partial Internet thing dies and two years later no one will remember it anymore.
The Bard's Tale - a pretty widely played RPG in the 1980's - had "hobbits." But I also doubt EA paid anything for its use of "Mongo" (Blazing Saddles) or any of the the ripped-off tunes in the software: everyone was just a lot less uptight then.
>> Instead, it's some guy blindly pursuing some nerdy "open source is the best!" dialogue like it was 2003.
Duh - the author's disabled. It's taken him 12 years just to resolve the driver issues on his adaptive devices to write and submit the article from his Linux desktop.
>> Law-enforcement officials also don't want to reveal information that would give new ammunition to defense lawyers in prosecutions where warrants weren't used
I didn't get this either - shouldn't this normally be part of the discovery process? (Remember that scene in My Cousin Vinny where Vinny discovers...er...discovery?)
>> also renews the expiring parts of the Patriot Act through 2019
This should be the headline: Bipartisan bill renews Patriot Act for four years, with minor tweaks
In fact, I think there's really no reform. From TFA: "data would instead be stored by the phone companies themselves, and could be accessed by intelligence agencies only after approval of the secret Foreign Intelligence Surveillance Act court"
Um...guess what happens as soon as this bill is passed? "Hey Obama, er, I mean secret court, can we please continue access all the data from those boxes we installed at the phone companies again? Of course? Well, thanks!"
>> So basically, Google is giving you access to their hash, salt, and saying "Enjoy unlimited cracking attempts...
Not exactly. The 37-bit version is just less than 25% of the full 160-bit SHA-1 so, as the source mentions (https://raw.githubusercontent.com/google/password-alert/master/SECURITY.md) the intent is to keep enough of the password to tell when the same password has been tried twice, but not enough of the hash to allow someone to authoritatively crack it. (I hope - haven't seen the proof of 37-is-the-right-number yet.)
This isn't the first time someone's used hashes with high collision rates to see if the same passwords are being tried without actually storing enough of a hash to flag the password. See this article for a different example (trying to tell badly configured clients from brute forcing attempts): http://www.filetransferconsult...
I know if my mother-in-law had just the Hallmark channel, the game show network and one other she'd switch providers, even it only saved her 30%.
Alternatively, if there was a way to just get Netflix to stream random stuff in preselected genres all day I could get her off cable altogether - tens of millions of people just want the TV on all the time because they live alone, but can't stand the crap the broadcast networks have during the day and have no need for ESPN.
As I remember it, the Nexus 7 was part of a strategic campaign by Google to ensure that "tablet" didn't mean "iPad" by introducing a high-quality Android device supported by Google itself to the masses. Now that that mission's largely been accomplished (e.g., if you're just looking for a tablet to browse the Internet and run a couple of simple apps, would you really shell out the extra money buy an iPod?) and there are many high-quality Android tablet alternatives in every form factor imaginable, the Nexus 7 isn't needed so much.
This is already happening. Just look around your local state for "tuition-free online public school" (often also a "charter" school) and you will find this model already in use.
At a national and state level, government wonks are also pushing this model. Look up "common core" and note how well the OP's concept of a (centralized national) "curriculum facilitator" fits vs. the old concept of a (decentralized and local) "content expert."
That's the "short" version? Yeesh. Anyway, here's what that article was trying to say:
Two things are likely to pass: 1) Cybersecurity Information Sharing Act: Lets Homeland Security invent regulations to let companies and governments at all levels share data about people. Good for law enforcement, bad for privacy and civil rights, good for corporations who share too much trying to please the government (because of a liability shield). 2) Something else similar with some provisions keeping the NSA at arms length to molify the public, but I lost interest exactly what it was because the article was pretty confusing.
>> How can a system at the same time aggregate and make data anonymous
Given existing PC-driven redaction of police reports, I'd expect it to read something like this:
(race redacted) (gender redacted) (age redacted) adult or child wearing (clothing redacted) and (method of transportation redacted), possibly named (name redacted) wanted as a person of interest in the alleged (incident redacted) that was reported on (date/time redacted) at (place redacted). If you have any information about this alleged incident or this person, please call (main, overloaded and disinterested dispatcher phone number with 30-minute hold time) and remember to obey all police commands at all time.
>> influx of skilled developers and engineers, Yahoo still struggles to define its place on the modern tech scene
If it helps put it in context, I recently left a Midwestern tech job and advertised a yahoo email address (rather than one that would have highlighted my moonlighting - ahem) for people who wanted to stay in touch. The number of people who showed up on Twitter to give me shit for still having a Yahoo address was telling.
>> how does the external malware know what certificates your organization allow
The same way hackers with malicious HTTPS sites do today. They look at the ungodly-long list of default Microsoft CA certs, find a "broken" CA in that list that can be corrupted or whose issuer doesn't really care, and get a signed certificate that looks legit to 99.9% of all corporate users today.
(So far the signing system for Microsoft has also used the Microsoft Certificate Store; the certificates used to allow signed executables just have a different role.)
Unless Microsoft's changed something, you can still change the code in (non-device driver) SIGNED executables. (Try it today by flipping a few junk bits in a signed app and see if Microsoft notices the difference.) If that remains true, this isn't much of a deterrent to malware at all.
Furthermore, some of the biggest recent hacks (e.g., Sony) used a SIGNED commercial device driver (running in trial mode) to circumvent NTFS permissions; a default scheme that allows only signed executables wouldn't stop that down either.
Slashdot Mirror
>> They hate us.
That's a lot of rage for a mid-Monday. You may want to move to Colorado and get a hobby...or just get a SlashDot account like the rest of us, you f***ing n00b.
>> why do we need a walled garden?
This is for India (note the primary video is in Hindi) and other places used to paying for crappy Internet. In these cases, a less-crappy Internet from Facebook is deemed (cue Martha Stewart) a good thing. However, if (or when if you're Google) someone figures out how to give Indians full-blown Internet for free, then Facebook's partial Internet thing dies and two years later no one will remember it anymore.
mod parent up
all it says = true
The Bard's Tale - a pretty widely played RPG in the 1980's - had "hobbits." But I also doubt EA paid anything for its use of "Mongo" (Blazing Saddles) or any of the the ripped-off tunes in the software: everyone was just a lot less uptight then.
>> Instead, it's some guy blindly pursuing some nerdy "open source is the best!" dialogue like it was 2003.
Duh - the author's disabled. It's taken him 12 years just to resolve the driver issues on his adaptive devices to write and submit the article from his Linux desktop.
>> Law-enforcement officials also don't want to reveal information that would give new ammunition to defense lawyers in prosecutions where warrants weren't used
I didn't get this either - shouldn't this normally be part of the discovery process?
(Remember that scene in My Cousin Vinny where Vinny discovers...er...discovery?)
>> also renews the expiring parts of the Patriot Act through 2019
This should be the headline: Bipartisan bill renews Patriot Act for four years, with minor tweaks
In fact, I think there's really no reform. From TFA:
"data would instead be stored by the phone companies themselves, and could be accessed by intelligence agencies only after approval of the secret Foreign Intelligence Surveillance Act court"
Um...guess what happens as soon as this bill is passed? "Hey Obama, er, I mean secret court, can we please continue access all the data from those boxes we installed at the phone companies again? Of course? Well, thanks!"
What's the point of predicting riots if all we're going to do is stand around and give people "space to destroy" when they do riot?
These aren't thunderstorms...
>> So basically, Google is giving you access to their hash, salt, and saying "Enjoy unlimited cracking attempts...
Not exactly. The 37-bit version is just less than 25% of the full 160-bit SHA-1 so, as the source mentions (https://raw.githubusercontent.com/google/password-alert/master/SECURITY.md) the intent is to keep enough of the password to tell when the same password has been tried twice, but not enough of the hash to allow someone to authoritatively crack it. (I hope - haven't seen the proof of 37-is-the-right-number yet.)
This isn't the first time someone's used hashes with high collision rates to see if the same passwords are being tried without actually storing enough of a hash to flag the password. See this article for a different example (trying to tell badly configured clients from brute forcing attempts): http://www.filetransferconsult...
In Soviet Russia Cargo Boxes Open You!
You're right - I do feel better.
Still happy Verizon's giving the finger to ESPN
http://entertainment.slashdot....
>> the survey, which covered 114 square miles, may have just uncovered the proverbial tip of the iceberg
An iceberg is 90% submerged, so...the survey only covered 10% of the total area? Or found only 10% of the stuff? Or which 10%?
>> Web is for video playback, reading news and blogs, Business app?, desktop
And how long have you been out of work?
I know if my mother-in-law had just the Hallmark channel, the game show network and one other she'd switch providers, even it only saved her 30%.
Alternatively, if there was a way to just get Netflix to stream random stuff in preselected genres all day I could get her off cable altogether - tens of millions of people just want the TV on all the time because they live alone, but can't stand the crap the broadcast networks have during the day and have no need for ESPN.
As I remember it, the Nexus 7 was part of a strategic campaign by Google to ensure that "tablet" didn't mean "iPad" by introducing a high-quality Android device supported by Google itself to the masses. Now that that mission's largely been accomplished (e.g., if you're just looking for a tablet to browse the Internet and run a couple of simple apps, would you really shell out the extra money buy an iPod?) and there are many high-quality Android tablet alternatives in every form factor imaginable, the Nexus 7 isn't needed so much.
>> Population of Earth: 7 billion X a generous 1% of all humans, so 700,000,000 users
Are you sure SlashDot is the right forum for you?
>> Where does this business find its customers?
Just put an ad in "Self" magazine. Or figure out who the hell is buying selfie sticks and advertise next to those.
This is already happening. Just look around your local state for "tuition-free online public school" (often also a "charter" school) and you will find this model already in use.
At a national and state level, government wonks are also pushing this model. Look up "common core" and note how well the OP's concept of a (centralized national) "curriculum facilitator" fits vs. the old concept of a (decentralized and local) "content expert."
That's the "short" version? Yeesh. Anyway, here's what that article was trying to say:
Two things are likely to pass:
1) Cybersecurity Information Sharing Act: Lets Homeland Security invent regulations to let companies and governments at all levels share data about people. Good for law enforcement, bad for privacy and civil rights, good for corporations who share too much trying to please the government (because of a liability shield).
2) Something else similar with some provisions keeping the NSA at arms length to molify the public, but I lost interest exactly what it was because the article was pretty confusing.
>> How can a system at the same time aggregate and make data anonymous
Given existing PC-driven redaction of police reports, I'd expect it to read something like this:
(race redacted) (gender redacted) (age redacted) adult or child wearing (clothing redacted) and (method of transportation redacted), possibly named (name redacted) wanted as a person of interest in the alleged (incident redacted) that was reported on (date/time redacted) at (place redacted). If you have any information about this alleged incident or this person, please call (main, overloaded and disinterested dispatcher phone number with 30-minute hold time) and remember to obey all police commands at all time.
>> kidnappings
If you live in a city where "kidnappings" is just considered another statistics...it might be time to move.
>> influx of skilled developers and engineers, Yahoo still struggles to define its place on the modern tech scene
If it helps put it in context, I recently left a Midwestern tech job and advertised a yahoo email address (rather than one that would have highlighted my moonlighting - ahem) for people who wanted to stay in touch. The number of people who showed up on Twitter to give me shit for still having a Yahoo address was telling.
>> how does the external malware know what certificates your organization allow
The same way hackers with malicious HTTPS sites do today. They look at the ungodly-long list of default Microsoft CA certs, find a "broken" CA in that list that can be corrupted or whose issuer doesn't really care, and get a signed certificate that looks legit to 99.9% of all corporate users today.
(So far the signing system for Microsoft has also used the Microsoft Certificate Store; the certificates used to allow signed executables just have a different role.)
Unless Microsoft's changed something, you can still change the code in (non-device driver) SIGNED executables. (Try it today by flipping a few junk bits in a signed app and see if Microsoft notices the difference.) If that remains true, this isn't much of a deterrent to malware at all.
Furthermore, some of the biggest recent hacks (e.g., Sony) used a SIGNED commercial device driver (running in trial mode) to circumvent NTFS permissions; a default scheme that allows only signed executables wouldn't stop that down either.
What? Athletes? Assholes? Aardvarks?