Slashdot Mirror


User: tepples

tepples's activity in the archive.

Stories
0
Comments
68,260
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 68,260

  1. Distinguishing torrents from Atari v. Nestle on The Windows App Store is Full of Pirate Streaming Apps (torrentfreak.com) · · Score: 1

    There are two different practical meanings of "copyright infringement".

    • One is common in news sites about torrents and movie streaming sites and the like, which attempt to provide a complete, exact copy or performance of someone else's work.
    • The other happens when someone creates a different work but elements are alleged to be too similar to someone else's work, as in the recent story "Kit Kat Accused of Copying Atari Game Breakout".

    The mainstream media often uses the term "piracy" for the former but not the latter. What unbiased term would you use to unambiguously refer to each of these two different shades of copying?

  2. Re:Windows app store just junk on The Windows App Store is Full of Pirate Streaming Apps (torrentfreak.com) · · Score: 1

    their modeling seems backwards doing things like Windows 10S before creating a livable store for apps.

    How many apps were available when Apple's App Store launched alongside iPhone OS 2.0?

  3. Re:Malware Heaven on The Windows App Store is Full of Pirate Streaming Apps (torrentfreak.com) · · Score: 3, Interesting

    UWP apps from Windows Store run in a container that restricts how much damage malware can do. For extra protection, spin up a copy of Windows 10 in a virtual machine. But I concede that most users aren't going to be using a VM, and many apps are built with Desktop Bridge instead of UWP.

    So to protect users even further, you can set the takedown process in motion. Download each app, search for X-Men films, and report them to Fox. Then search for Star Wars and Avengers films and report them to Disney. Then search for DC films and the other Avengers and report them to Warner Bros.

  4. Re:Torrentfreak get shut down for it. on The Windows App Store is Full of Pirate Streaming Apps (torrentfreak.com) · · Score: 1

    How did "Torrentfreak get shut down"? TorrentFreak is a news site about file sharing and Internet privacy. It hosts the featured article, and this article is still viewable in the United States.

    Might you have confused TorrentFreak with a site that actually hosts, links to, or tracks infringing torrents?

  5. Re: Manage your devices on Google Warns Webmasters About Insecure HTTP Web Forms (searchengineland.com) · · Score: 1

    The issue is the current owner of the device does not have the final say as to what is trusted and what isn't. It's the current owner's trust that is important, not the device manufacturer's.

    Then the current owner does have the final say. The interstitial mentioned by Anonymous Coward (#55051981) reminds the user that the current owner has exercised his final say.

  6. Reply was to the other AC on Ask Slashdot: What Would You Pay To See Open Sourced? · · Score: 1

    Anonymous Coward #55050609 wrote, with a link to Krita:

    You're doing it wrong.

    A presumably different Anonymous Coward #55050697 wrote:

    Also Serif Photo. It is paid, but it is at a price of a dinner for 2

    When I tried to look up its price to verify the claim of "a price of a dinner for 2", the first result for serif photo on Google Search was Serif PhotoPlus. I assumed that "Serif Photo" was a colloquial abbreviation for Serif PhotoPlus. The Serif PhotoPlus page states that the Serif PhotoPlus product has been discontinued in favor of Affinity Photo. So I instead looked up the price of Affinity Photo and wrote in reply to Anonymous Coward #55050697:

    Now called Affinity, and priced at $50.

    You wrote:

    What does that mean? Krita is not Affinity.

    That's why I replied to Anonymous Coward #55050697, who suggested the predecessor of Affinity Photo, not Anonymous Coward #55050609, who suggested Krita.

  7. Re:Playing chicken with national censors works on Google Warns Webmasters About Insecure HTTP Web Forms (searchengineland.com) · · Score: 1

    Recompiling snaps everytime an update comes out just to change the CA bundle, renders snaps utterly pointless. I may as well just run a bunch of VMs

    If you have determined that snaps fail Debian's desert island test by making internal deployment of private applications unnecessarily difficult, then use --dangerous, or don't use snaps in your organization and write a blog post about why you chose to use something other than snaps in your organization.

    Because we all want to whitelist a search engine in a setting where content filtering is federally mandated, and any "objectionable" content is our liability.

    If you have determined that your country's laws prohibit use of a Chromebook, have you opened a support case with each Chromebook manufacturer to make them aware of this prohibition? If so, what was their reply?

    They could just as easily save money by removing the keyboard, touchscreen, and mouse, and doing everything themselves to ensure no-one will mess up.

    I can tell this is hyperbole because a product with no functionality will produce zero revenue. Let me rephrase: Taking away the user's ability to do dangerous things without explicitly acknowledging that they are dangerous strikes what a company has determined to be the appropriate balance among functionality, security, and support costs.

    Hell, employers could just as easily save money by hiring someone who is competent enough to follow directions.

    Good luck finding such an employee locally.

    Hell, the previous owner should wipe it to protect themselves and their personal information before selling it

    You sure love a certain town in Michigan, don't you?

    Anyway, the design protects the buyer who buys a used device from a seller who has wiped it to protect himself and then installed dubious software onto the freshly wiped device to spy on the buyer who is using a device that appears to have still been freshly wiped.

    A failure that should be addressed directly through education

    Who foots the bill for said "education"?

    and legal liability (if needed), not indirectly by removing chances for screw up.

    And who foots the bill for monopoly or oligopoly rents once "legal liability (if needed)" causes the market to contract as businesses go out of business on grounds that the cost of doing business has become prohibitive?

  8. Re:SSH warns that no fingerprint is stored on Google Warns Webmasters About Insecure HTTP Web Forms (searchengineland.com) · · Score: 1

    The possibility that a man in the middle is intercepting an HTTP request whose URL specifically requested encryption should scare users. That's why OpenSSH's SSH and SFTP clients require the exact 3-character string yes when a fingerprint isn't stored instead of just letting the user press Enter. I'd prefer to go further, requiring the user to retype the first two and last two characters of the fingerprint.

    So let me repeat the question: How do you verify that no MITM is altering the fingerprint the first time you connect to an SSH server?

  9. Playing chicken with national censors works on Google Warns Webmasters About Insecure HTTP Web Forms (searchengineland.com) · · Score: 1

    "Oh, I'm sorry. Snapd won't support that because that might compromise security."

    Use the --dangerous flag, or use the SNAPPY_FORCE_CPI_URL root environment variable to switch the machine to a different store. Or what am I missing?

    "Chromebooks only support changing the cert store at the user level. It won't work with your federally mandated content filter because we protect our users."

    Then perhaps Google should be playing chicken with a national government as a means of showing that said government's communications policy is harmful to its citizens' well-being by weakening security. When Wikipedia played chicken in June 2015, censorship dropped.

    It seems like, if anything, the developers don't trust the users

    Given how prevalent PEBKAC is, it saves the support department money not to have to trust the users.

  10. Re: Manage your devices on Google Warns Webmasters About Insecure HTTP Web Forms (searchengineland.com) · · Score: 1

    That's because the person to whom you later sell on your phone doesn't trust the CA you added.

  11. SSH warns that no fingerprint is stored on Google Warns Webmasters About Insecure HTTP Web Forms (searchengineland.com) · · Score: 1

    Https could have been designed to work the same way as ssh, store a fingerprint, if it changes then throw up alarms.

    It does work that way. The warning you see when visiting an HTTPS site whose certificate has an unknown issuer, such as a self-signed certificate, is analogous to SSH's warning that no fingerprint is stored for that hostname. A domain-validating CA is just a way to skip that warning. If you think that's a racket, then answer me this: How do you verify that no MITM is altering the fingerprint the first time you connect to an SSH server?

    Sites could have stored their current fingerprint as a record in their DNS entry to automate validation

    That's called DANE. It's not implemented in browsers because until less than a year ago, DNSSEC keys were 1024-bit RSA, and 1024-bit RSA is too short for current safety margin expectations. In addition, several registrars appear to charge extra for DNSSEC. There is a Chrome extension to run a DANE check on a certificate, but I don't know whether that or a similar Firefox legacy extension will survive the WebExtensions cutover.

  12. MITM has to intercept more connections for DV on Google Warns Webmasters About Insecure HTTP Web Forms (searchengineland.com) · · Score: 1

    Self-signed means the man in the middle (MITM) who intercepted the connection is decrypting what the server sends, storing it and/or altering it, and re-encrypting it to send to the client. CA-signed means the same MITM also had to intercept the CA's connection to the DNS when the server operator obtained the certificate, which is a bit harder to do for actors smaller than a nation-state. And it's even harder if the server operator regularly checks Certificate Transparency and/or Convergence.

    I don't see how Let's Encrypt, an automated domain-validated CA, is a "racket". DNS is more of a "racket", as people who operate an internally reachable server on a LAN have to buy a domain in order to qualify for a certificate.

  13. The problem with the recommendation based only on breakage is that it ignores a very streamlined system for replacing broken items.

    Who pays for e-waste disposal? I mean the whole cost.

  14. Debugging symbols and comments on Ask Slashdot: What Would You Pay To See Open Sourced? · · Score: 1

    Machine language proper lacks variable and subroutine names, comments (which document each subroutine's preconditions), and the original data from which compressed level maps were generated. This is what an NES game's asm source code looks like:
    Thwaite; RHDE

  15. Radio protocols have a shelf life on Ask Slashdot: What Would You Pay To See Open Sourced? · · Score: 1

    Unlikely to happen. By the time the patents expire on 20-year-old radio protocols, the spectrum licensees have moved on to protocols several generations newer and sunset service using the old protocol. Case in point: Neither analog cell phone service nor D-AMPS TDMA works anymore on U.S. carriers.

  16. You eat at expensive places on Ask Slashdot: What Would You Pay To See Open Sourced? · · Score: 1

    Now called Affinity, and priced at $50. I could buy dinner for 7 with that.

  17. Manage your devices on Google Warns Webmasters About Insecure HTTP Web Forms (searchengineland.com) · · Score: 1

    Install device configuration management software on your clients, and deploy the proxy's root certificate through that.

  18. Re:Stop flagging self signed certs insecure on Google Warns Webmasters About Insecure HTTP Web Forms (searchengineland.com) · · Score: 1

    end the end a self signed cert means that the traffic between your browser and the web server has been encrypted.

    And decrypted and reencrypted by a man in the middle.

  19. False sense of security on Google Warns Webmasters About Insecure HTTP Web Forms (searchengineland.com) · · Score: 1

    Self signed means false sense of security. The HTTP scheme without S means a true sense of insecurity. True sense is better than false sense.

  20. Re:Chrome copies Firefox ... Again on Google Warns Webmasters About Insecure HTTP Web Forms (searchengineland.com) · · Score: 1

    How many, realistically, are willing to carry a second computer or second phone just to run Safari?

  21. Re: nO on Android O Is Officially Launching August 21 (techcrunch.com) · · Score: 1

    Presumably a device with an unlocked bootloader on which AOSP (Android without GMS) has been installed.

  22. Statutory damages on Kit Kat Accused of Copying Atari Game Breakout (bbc.com) · · Score: 1

    In some countries, such as Slashdot's home country, the owner of copyright doesn't have to show quantifiable harm but can instead choose to take statutory damages.

  23. Square Enix Taito on Kit Kat Accused of Copying Atari Game Breakout (bbc.com) · · Score: 1

    Quick, do a cross-marketing promo with Squeenix.

    Uhh, what? Taito published Arkanoid.

    Since then, Squaresoft has merged with Enix and Taito.

  24. Re: break me off a piece of that big law suit! on Kit Kat Accused of Copying Atari Game Breakout (bbc.com) · · Score: 1

    The game itself is a ripoff of Pong.

    Also an Atari product, unless you count Pong itself being a ripoff of Odyssey.

  25. Re:I don't get it. Explain? on E-Commerce To Evolve Next Month As Amazon Loses the 1-Click Patent (thirtybees.com) · · Score: 1

    How can it be "1 click"? At the very least, you will need to put it in a virtual shopping basket and then "confirm purchase"

    If you have 1-Click on, the purchase is automatically confirmed once the product is added to the 1-Click basket. I imagine that each user's 1-Click purchases are aggregated into a single shipment at the end of the day.