Not always. Scummy neighborhood gas stations usually have a fair list of banned customers who still loiter around anyways and harass people into buying smokes/booze/lotto tickets for them. The 7/11 where I used to live had a fair sized list that the hobos just waited around the corner and either begged for you to buy them the cheapo cigars or had a couple of crinkled bills for beer or lotto tickets.
If the conspirator had the patience and time, they could have just gotten all dirtied up and waited outside a station like this for a few hours one night and there'd surely be someone who'd buy him a ticket, especially if he used the aforementioned fortune cookie thing. If he gets the cops called on him, most of the time they just tell the hobo to move along since it's more of a hassle to arrest them.
Reading the whitepaper, the whole thing seems like it's focused on promoting Arxan's services. It's entirely possible that the presentation itself took a different tone/direction, but the whitepaper itself was fairly contentless sprinkled with a few good points about older MITM attacks exploiting the In-App purchases for iOS and the high piracy rates on Android in China and Russia.
Really that last part is the thrust of the article -- high piracy rates for which they don't really offer any solution except DRM and always-online games. (To their credit, they do make the recommendation of "some sort of protection on the networking layer, in-memory layer, and on disk layer...as well as portions dealing with receiving and unpacking the player's saved game or state.")
Everything else was either misleading, fairly obvious non-suggestions, or just plain outdated information.
Examples:
- Whitepaper dedicates a section to lost revenue from a MITM attack allowing iOS users to get in-app purchases for free. The reference they use is a 2012 article from the Guardian talking about how Apple already fixed it. Specifically, this was relating to iOS 5 and has since been resolved. While Jailbreak options still exist, the whitepaper does not mention these nor does it discuss any other actual leak.Referenced Article
- Whitepaper has section on Flappybird clones which reads:
...However, by March 2014, approximately 60 Flappy Bird clones a day were being added to the iOS App Store...Worst of all -- a reported 79% of these clones contained malware.
This section has a reference that points to a McAfee threat report from June 2014 - as the section reads, "these" refers to the clones on the iOS App Store, however, the McAfee report clearly shows that this is Android stores that are plagued, not iOS. http://www.mcafee.com/us/resou... Page 6
- Whitepaper has a section on how hackers damage communities, which is not incorrect, however, they provide the following "helpful" tips:
Learn how to tell when a hacker hacks
Include banning as a feature
Look for reports of hacking
While these are not bad suggestions, they're also absolutely common sense for mobile game developers, or just people dealing with problems in general.
The submitter is absolutely right that this could have been a really keen presentation, but based on what they produced in the whitepaper, it sounds like a business trying to drum up some more business for themselves with misleading and/or useless information.
The 'race to the bottom' is something anyone with half a brain can see, and anyone who's a developer looks at that and must feel some gnawing fear. Maybe I'm wrong, but I feel like we're all pushed to mobile (if you're not on mobile, you're out of touch!) and when I look at the market, it gives me the willies. I don't think the Google Play Store is doing any better in that regard either. Worse, I don't have the foggiest idea of how to correct the problem, not even one that would take Herculean effort from either company to employ.
I'm not sure that this is as much of an issue as people are making it out to be. I do agree that developers should get paid for their work and curation needs to be a bit better (though I find that is somewhat at odds with the complaint that the Review Board rejects stuff...should Apple be more hands on or more hands-off?)
After reading through the article, I checked out the apps that the folk made and used some left-over freebie money from when I last bought a Mac to get their product. They're absolutely right that it is a very clean, well polished, functional app. I also have absolutely no use for it.
The two apps mentioned in the article, Vesper and Twitteriffic, are not suffering because of poor visibility in the app store or the race to the bottom; instead, neither really fulfills any particular need, Vesper in particular. Their description left me just completely dumbfounded as to what the app was actually for:
Vesper is a simple and elegant tool for collecting notes, ideas, things to do -- anything you want to remember. Organize your notes whatever way comes naturally to you, without complications. Vesper's focus is on how it feels to use.
Did you get anything from that except that Vesper is a notepad application? Can you think of any reason you'd need an advanced notepad on iOS? Much less one that uses yet another cloud service instead of iCloud? Again, I can appreciate the quality of the app -- it really is a pretty application. But their problem isn't Apple facilitating people racing to the bottom, it's that their app is basically a $10 substitute for what already exists in iOS; yes, it's all in the same spot as opposed to being spread over apps, but that's not $10.
Twitteriffic itself isn't particularly well made -- it's a mess of a screen and it looks cobbled together. The ads are far more intrusive than the original Twitter app, the coloring looks really bad (like geo-cities era webdesign bad), and it feels so much more like a "me too" app than anything.
What these devs seem to be missing is that while there are issues with curation in the Appstore, it doesn't impact their applications in the way they imagine. Vesper is an app trying to solve a problem/need that no one has. Twitteriffic is just a bland twitter clone with a few functions that the native client already supports or that no one wants. Even if Apple kept both apps on the featured page for weeks, it wouldn't change anything -- the apps just don't really do anything. It's not enough to make a pretty app for iOS, it has to actually serve a need, and if you can do this, people will pay. On Cydia, there are a few tweaks and apps which met needs that iOS didn't have. Prior to iOS 8, there was a need for MyWi, and I still use it on iOS 8 cause I like it better. Maybe with enough marketing spin and catchy advertisements, the likes of Vesper can convince the public that they need Vesper, but as it stands, it's not that apps like this are being treated unfairly, it's that there just isn't a need. It's like an art student pouring months into a painting that no one wants to buy -- we recognize the talent, but we've deemed it's not worth it. You can't just make a really slick product that does nothing and expect it to sell at $9.99.
No idea why this is modded as Informative -- people wanting to buy HL3 sight-unseen isn't an indicator to make it, that's an indicator for a cash-in which they're not acting on. This is a sobering but good reason as to why there's no HL3. If they aren't feeling it, they shouldn't be doing it, because it's just going to end up with unhappy Valve and unhappy gamers. No one really wins except for Valve's bank account.
Demanding they put out HL3 without a creative impetus is like a kid demanding to eat ice cream for breakfast, lunch, and dinner. Seriously, not everything needs to be on a scheduled release cycle; it's okay for stuff to be done when it's done instead of just forcing out a new product 'cause it's about new product time. This mentality is what leads to so much awfulness from the tech sector.
YikYak runs off phones or via Chrome if you take the time to run YikYak as a package (or whatever the term is) for Chrome. If the device is connected to the school's wifi, they ought be able to get the log-in associated with that IP address at the time of posting, which YikYak stores and readily provides in the case of police investigations.
The campus I work for has basically taken a much more aggressive position on YikYak and we monitor it...as we remember to. YikYak itself is such a pain in the ass and most of the time it's just students bantering like students (I almost wrote idiots, but given how I was in university, I'm in no position to judge). Most of it is complaints and asking where the next party is.
Funny enough, YikYak's moderation system actually makes it really hard to deal with the threats that do pop-up because they get removed after 5 downvotes, meaning it's hard for us to find them before the students remove the threats. We effectively cannot take action despite wanting to. I wouldn't expect the YikYak folk to spend time contacting schools where the threats are occurring, but I hope that they log it well enough to allow institutions to take action if they feel that any one student is consistently using the service to post threats.
You have a few challenges ahead of you; political ones, technical ones, and fiscal ones.
Are you just hoping to be the initial voice of inspiration and get everyone behind you? Or are you ready to be the advocate for the two factor auth you're proposing? Unless you've done your research and you know a lot of others in your department are on board with this proposal already, your proposal is going ground itself without much more than a candle flicker.
People tend to be really resilient to change, even really bright tech folk. "Good enough" is the motto that most people live by, so you're going to have to make a really enticing argument or get a lot of support across the board before even presenting this. Check with the necessary Systems folk; do they have ideas or wants or problems with a Two-Factor auth for users? Do the math for your accounts; are you saving enough money that it will make someone look good? Check with your Help Desk/Ticketing software; are password resets really enough of a problem that they're impacting people's work flow?
I promise you that most folks in a position to make a decision like this aren't staying up at night wishfully hoping that someone suggests TFA for the company, and few non-tech people in the company are even going to know what the hell you're talking about.
You're going to need to be prepared to really explain your idea and show that it already has support, else they're just gonna look at you like you suggested catapulting the ring into Mordor.
Riot has had a system like this for some time, the Tribunal, and they allege it works pretty well. It used to have an in-game based reward (absolutely minuscule amount of IP, the in game currency), but they have since removed it, and last I checked it still had high numbers. I don't know if Riot is the originator, but I know it's a pretty major part of their abuse/harassment control.
I really don't know if a Tribunal style method would carry over to Twitter - I remember that part of the reason that people liked Tribunal was just the absolutely ridiculous stories you could read about players and the crap they pulled, and the in-game jokes made it worth it. Riot also made a mini-game of the system, insomuch that you get ranking based on how often your suggested ruling lines up with the actual ruling made on the case. You don't get anything in game anymore, nor does it affect your game profile, but people seem to like it. Likewise, Riot's punishments aren't just pardon/ban, but a range of punishments which can be administered by the admins there.
One thing that does make me kind of worried is that there's not a lot really holding people to the abuse Twitter accounts; in Riot's case, having a Level 30 account (necessary level to participate in the game in full) takes a bit of time, and while many users have accumulated quite a few spare accounts, eventually those pools run dry -- on top of that, primary accounts tend to have in game purchases tied to them, so loss of the account represents a financial loss. With Twitter, you can make a spoof account in seconds with no penalty, and harassment accounts are able to participate immediately and by necessity for Twitter to work. Without the time commitment or something tying people to the account, I'm not sure that this will have as great of an impact.
You haven't. You may have had headlines if you enabled it, you may have had spam, but you're not getting the targeted Google ads like with vanilla Gmail, and if you are, I'd love to see a picture of that with the non-gmail domain clearly visible. Honestly, a picture of screen instead of a screenshot is even preferred.
I really dislike Google in general, but GAFE is pretty straight forward and they're pretty honest about the whole "no ad tracking" stuff.
No, the point is that FairPlay stopped iTunes audio from being playable on other devices for a short period of time, which is a somewhat fair complaint in certain scenarios. For the plaintiffs who bought up the music on iTunes with the expectation that they could play it on other music devices, it really depends on what Apple wrote and did not write which will determine if that complaint is valid. For those who wanted to be able to put music from other services onto their player, it depends on if the courts deem the restrictions FairPlay added to be required by the Apple contracts with the Music folk.
The lawsuit site itself seems more interested with getting as many people involved as possible to add legitimacy rather than actually talking about how bad DRM was at the time, but at the time it was a fairly legitimate complaint, and nowadays that shit just wouldn't fly period.
However, at that time, the laws about DRM on music were very anti-consumer since the market was still trying to maintain the old style of music sales and weren't quite ready to give up the whole ordeal. The thrust of the complaint made in the lawsuit is that Apple's DRM obligations to the music companies did not require the restriction that the music only be played on Apple devices.
Whether or not that is true will be revealed once the contracts are shown, I guess, and it will be up to the courts to say if any interpretation is necessary.
I want to second this as the reason that a lot of people are afraid of going the proper security route.
At the University I work at, we have been trying to push through full disk encryption for computers that go out into the wild for years now, and each time we're told it's impossible because "what if someone loses the password?"
Even with two key solutions that would ultimately at least allow access should we need it, we're told that the possibility of someone leaving on a trip and getting locked out of their computer is completely unacceptable.
There is a PDF report on the main website for Unit42 about the malware, but it has a fairly invasive registration process. Signed up with bs info and uploaded to public google drive for everyone.
Well, GAFE accounts aren't normal google accounts. Function wise they're the same, but Google promotes that they are not put through the same advertising analytics that normal gmail accounts are.
Google Apps is governed by a detailed Privacy Policy, which ensures we will not inappropriately share or use personal information placed in our systems. Google complies with applicable US privacy law, and the Google Apps Terms of Service can specifically detail our obligations and compliance with FERPA (Family Educational Rights and Privacy Act) regulations. Google is registered with the US-EU Safe Harbor agreement, which helps ensure that our data protection compliance meets European Union standards for educational institutions
FERPA is the big stickler here, as google really couldn't offer the service without being FERPA compliant, and they couldn't run Google Business as usual and still be FERPA compliant.
Now, as to whether you choose to believe their claims, that's another story, but you're approaching it with a lot of misinformation, it seems.
This is really a "news for nerds" sort of deal here. The general public, and even most power users aren't going to be all that interested in it due to the niche. As to why Facebook has elected to pursue an onion site, who knows. I doubt it's because they see a big future in Tor, or maybe they do. Given that Tor has a bit of a burden of knowledge to actually understand what it offers, most users won't know or care.
I'm willing to believe that it's possible an irresponsible journalist could really misrepresent the story to the public, but I guess I'd like to see it before it happened, and I feel that the Facebook PR engine would be quick to jump on any major misrepresentation due to recent allegations of Law Enforcement Officers using Facebook to aide in arrests for drug users. It's just not the kind of urban legend that they'd want out there to have to deal with.
The evidence from the actual report that it's of Russian origins is a little specious for my taste, though part of the reasoning isn't exactly unfounded.
Their evidence that it's of Russian origin is that a large number of the malware samples (APT28 as categorized by FireEye) included Russian Language settings along with English and "neutral" (which defaults to the environment defaults). That certainly is an eye-brow raiser in my mind, but I wouldn't say we got anyone with their hand in the cookie jar.
The other reasoning is just specious and/or speculation. The compile times for the malware seem to correspond to the Timezone for Moscow/St. Petersburg working days, which just seems like an odd assessment to make. Even if the government were to be paying hackers in Russia to make and operate malware, are these hackers actually punching in and out for 8 hour work days? Not to suggest that this isn't exactly what is happening, but it just seems like coincidence is an equally plausible scenario with this.
The other evidence is FireEye's own speculation on the targets could apply to other actors as well.
Their analysis of the malware otherwise is pretty good, but I think there just isn't enough to really peg it down. There are plausible explanations for the evidence that FireEye brings up which is no more of a stretch than it being of Russian origin.The language setting is good evidence, but there are some fairly valid reasons why that might be the case.
Yeah, this is one I've never really understood. I used to think that you had to use the intermediary sites since when I was younger, my parents either always used agents or third party sites once we got Internet access.
But when someone pointed me to http://matrix.itasoftware.com/, which just lists flights and prices instead of actually letting you buy, I never went back to the annoying third party sites. I've never really gotten a deal on the third party sites that was any cheaper than just looking up the cost on the informational site and buying the itinerary straight from the airline, nor have the hotel deals been any cheaper or different for me than just booking the hotel independently. I know that my folks like it because it's all of the prep-work done from one site, which is a fair point, but I personally just haven't seen the benefit.
While this is useful information to have, the privacy implications are a bit unsettling.
As best I can tell from the description, this sounds similar to what Disney and other themeparks use to track their wait times for rides, except the amusement parks occasionally hand out little RFID "things" to guests at the ride entrance and ask the guest to give it to the operator.
As far as I'm aware, any time you're polling for WiFi networks you're broadcasting your MAC; this just seems like a fairly benign way to get information about a process without getting actual data on an individual.
Granted, you can somewhat reliably tie together a MAC addy's travel path if you have the ability to see all the places that MAC has been, but that was true even without this particular software.
So, yeah, what is the concern about this software in particular? It seems like the complaint is more with how the scanning for networks works.
Email users tend to fall into two distinct categories of usage; heavy and "guess I have to use email", and you can trace the distinction almost straight along generation gaps. From my experience, most of the heavy users of email tend to customize systems to what works best for them -- in my work at University IT, the heaviest users usually have very nuanced inboxes with dozed of folders and filters they constructed to suit their needs, disabling any and all auto-sorting for fear of missing an email. Our biggest complaint from users tends to come from the fear that we did something on our Google Apps for Education filter settings which is preventing email from reaching them (even though we run a "virtually" vanilla set up with our Google Apps domain).
The rest of the users just thrive in the chaos of an inbox and either reluctantly use the auto-sorting provided by Gmail or quickly search how to disable it. (The fuss when "Important" messages came into existence was absolutely balloons; users rightfully complained that they had no idea why there was a yellow indicator next to every message in their inbox, since the google filter was marking every message as important). Most people don't really get that much email, at least not the same way that Google seems to think. The inbox search is so good that many users just seem to be content remembering a few key words and then searching for the email when they need it. I constantly see inboxes with thousands of unread messages since the users just ignore any email they don't want to read.
Watching the video and reading the associated blog post, at best it looks like a dedicated app that does what the tabs already do, as well as a few extensions which monitor the contents of email. Some of the features, like the live flight updates, would probably be pretty cool, but I'm curious how well it can interpret itineraries that fly under other airlines for part of the itinerary. (e.g., last international flight I took was on Finnair, and I traveled American Airlines for part of the flight as part of the Oneworld flight alliance; so the actual AA flight was numbered differently than the Finnair listing as I received it, AA#### as opposed to AY###)
I really doubt that this is going to do anything except eat up more space on the Android default home screen as one of the many apps that phones have to ship with, but hopefully a few of the informational features will leak over to Gmail proper.
Except that's not what they're asserting. Law enforcement has been granted powers by the higher powers in the government to occasionally perform actions that would be considered illegal in order to resolve a larger crime. (e.g., impersonation, possession of drugs, possession of illegal firearms, purchasing illegal substances). The DEA's assertion is that this is merely an branch of those granted powers. You might not like that they have been granted the powers to do this, but that doesn't mean that they "...assert that we live in a lawless land where [the DEA] can do what they please." There are pretty strict rules about what it is they can and cannot do when they do these sorts of operations and judges can and often will throw out entire cases if the law enforcement officers mess up during the operation.
Facebook's contention isn't that the DEA can't do this; they openly acknowledge that there is a review of the process in place, and I have no doubt that if tomorrow the DEA released a statement saying "nah, we totally can", then Facebook wouldn't even pursue the angle. Facebook's argument is that such actions really mess with the business model Facebook has; if people have to live in fear that government agents are routinely posing as users to get information, then users are going to migrate away. Not all, but enough to probably hurt Facebook's reputation.
You can argue about what law enforcement should and should not do in the course of an investigation, but there is a long history of precedent which says "hey, this is a-okay", at least the impersonation part. Whether or not the Plaintiff actually "gave consent" as the DEA assumes is a whole different matter, and I suspect their case and all cases from it might get thrown out based on that alone.
"But much remains unanswered about the intrusion, including just who the hackers are, which other financial institutions were hit and why the hackers went down a path inside JPMorganâ(TM)s computer system that contained troves of customer information, but not financial data."
They have no motive, no indication of who, or why they did what they did. I agree with posters saying that it's officials throwing out a red herring to get everyone worked up over Russia instead of poor security.
Eh, most probably couldn't. If it's not a trusted developer, by default they cannot install it (a la apt-get or other package managers). They would have to have the known how and awareness to go in and change it to accept all installers, which I don't think many will.
The press is much to blame, never checking qualifications or accomplishments when reporting the work of so called 'scientists". Due to that, so much bullshit is promulgated that never comes to fruition, people naturally become skeptical. Promises of fuel cell being ready for mass adoption, promises of medical cures on the way, etc.
It's even worse that that though -- it's not just that the media doesn't fact check, it's that most media members lack the ability to fact check, as do their audience. It's the game telephone on a national scale, and it's hurting everyone when a rather important but nascent study on polymers gets conflated to "scientists create new ultra-capacity battery purple monkey dishwasher".
The report itself doesn't really focus so much on this disconnect though as much as it the social dynamics of credibility; according to the article, we're trained to focus more on "friend or foe" than "true or not true", and the first challenge in communicating serious scientific advances to people is getting past the friend or foe response. The article refers to Climate Change as an example of this, and it seems true that most people cannot enter into discussions of climate change without there being a political agenda attached.
What this really comes down to is poor logical training -- it's not that people are outright illogical or that science and pure logic are the most ideal way to be (as they aren't), it's that we're just wired to have an emotional investment, and too often, the public gets hurt by this wiring. Rather than take a second to try and see if the content is or is not valid, or to separate the person speaking from the evidence presented, which admittedly can be difficult if you are very invested in a particular belief (political, religious, mystical, personal, and so on). I've always used the example of liking Burzum versus liking/approving of Varg Vikernes and his personal beliefs; you don't need to subscribe to the latter to accept the former.
However, the article just suggests that we can't really get past that friend/foe check.
I think this is really where celebrity scientists (Tyson, Nye, Sagan, Asimov, etc) can really help out everyone. I'm re-reading two of Asimov's books "A short history of [chemistry|biology]" and I think that there needs to be more of this. Asimov was an incredible writer and had a knack for telling a good story, and even better just explaining science simply. Sagan has some fairly poetic ways of describing the universe which spoke to people in an easy way, Bill Nye brought a good sense of entertainment to science and made it fun for kids. The more writing and early exposure people can get to this sort of material, the better people can begin to separate the human behind the science from the evidence presented.
(Of course, this is not to say that scientists are without their own prejudices or agendas; reading the history of chemistry has shown how sometimes a leading scientists' personal agenda stymied progress just because they were perceived as an authority. Everyone, regardless of training, is subject to this bias)
Slightly different scenario. Yahoo had the data and refused to turn it over. Apple is in effect ensuring it can never have the data that the NSA is seeking without new code. Warrants, in this instance, can't really be used to compel you to make something you wouldn't otherwise make. That's not the type of a warrant they can actually seek; there is no "do what we tell you warrant".
Apple's entire gambit is to avoid the messiness of the law aspect by just preventing their own access to the data so they have no means to actually comply with such a request. They can't get in trouble for refusal for such requests anymore than they could get in trouble for being asked have Tim Cook shit out a unicorn.
That's kind of irrelevant when US cities can't match Latvian speeds. The major ISPs can claim they can, but what is advertised is quite frankly no where close to day to day usage.
Slashdot Mirror
Kaspersky probably is in bed in some way with the Kremlin, it has nothing to do with the quotes you listed.
Pretty much everyone figured it was a US/Israeli combo for Stux and Flame, not just Kaspersky.
Not always. Scummy neighborhood gas stations usually have a fair list of banned customers who still loiter around anyways and harass people into buying smokes/booze/lotto tickets for them. The 7/11 where I used to live had a fair sized list that the hobos just waited around the corner and either begged for you to buy them the cheapo cigars or had a couple of crinkled bills for beer or lotto tickets.
If the conspirator had the patience and time, they could have just gotten all dirtied up and waited outside a station like this for a few hours one night and there'd surely be someone who'd buy him a ticket, especially if he used the aforementioned fortune cookie thing. If he gets the cops called on him, most of the time they just tell the hobo to move along since it's more of a hassle to arrest them.
Reading the whitepaper, the whole thing seems like it's focused on promoting Arxan's services. It's entirely possible that the presentation itself took a different tone/direction, but the whitepaper itself was fairly contentless sprinkled with a few good points about older MITM attacks exploiting the In-App purchases for iOS and the high piracy rates on Android in China and Russia.
Really that last part is the thrust of the article -- high piracy rates for which they don't really offer any solution except DRM and always-online games. (To their credit, they do make the recommendation of "some sort of protection on the networking layer, in-memory layer, and on disk layer...as well as portions dealing with receiving and unpacking the player's saved game or state.")
Everything else was either misleading, fairly obvious non-suggestions, or just plain outdated information.
Examples:
- Whitepaper dedicates a section to lost revenue from a MITM attack allowing iOS users to get in-app purchases for free. The reference they use is a 2012 article from the Guardian talking about how Apple already fixed it. Specifically, this was relating to iOS 5 and has since been resolved. While Jailbreak options still exist, the whitepaper does not mention these nor does it discuss any other actual leak.Referenced Article
- Whitepaper has section on Flappybird clones which reads:
...However, by March 2014, approximately 60 Flappy Bird clones a day were being added to the iOS App Store...Worst of all -- a reported 79% of these clones contained malware.
This section has a reference that points to a McAfee threat report from June 2014 - as the section reads, "these" refers to the clones on the iOS App Store, however, the McAfee report clearly shows that this is Android stores that are plagued, not iOS. http://www.mcafee.com/us/resou... Page 6
- Whitepaper has a section on how hackers damage communities, which is not incorrect, however, they provide the following "helpful" tips:
While these are not bad suggestions, they're also absolutely common sense for mobile game developers, or just people dealing with problems in general.
The submitter is absolutely right that this could have been a really keen presentation, but based on what they produced in the whitepaper, it sounds like a business trying to drum up some more business for themselves with misleading and/or useless information.
The 'race to the bottom' is something anyone with half a brain can see, and anyone who's a developer looks at that and must feel some gnawing fear. Maybe I'm wrong, but I feel like we're all pushed to mobile (if you're not on mobile, you're out of touch!) and when I look at the market, it gives me the willies. I don't think the Google Play Store is doing any better in that regard either. Worse, I don't have the foggiest idea of how to correct the problem, not even one that would take Herculean effort from either company to employ.
I'm not sure that this is as much of an issue as people are making it out to be. I do agree that developers should get paid for their work and curation needs to be a bit better (though I find that is somewhat at odds with the complaint that the Review Board rejects stuff...should Apple be more hands on or more hands-off?)
After reading through the article, I checked out the apps that the folk made and used some left-over freebie money from when I last bought a Mac to get their product. They're absolutely right that it is a very clean, well polished, functional app. I also have absolutely no use for it.
The two apps mentioned in the article, Vesper and Twitteriffic, are not suffering because of poor visibility in the app store or the race to the bottom; instead, neither really fulfills any particular need, Vesper in particular. Their description left me just completely dumbfounded as to what the app was actually for:
Vesper is a simple and elegant tool for collecting notes, ideas, things to do -- anything you want to remember. Organize your notes whatever way comes naturally to you, without complications. Vesper's focus is on how it feels to use.
Did you get anything from that except that Vesper is a notepad application? Can you think of any reason you'd need an advanced notepad on iOS? Much less one that uses yet another cloud service instead of iCloud? Again, I can appreciate the quality of the app -- it really is a pretty application. But their problem isn't Apple facilitating people racing to the bottom, it's that their app is basically a $10 substitute for what already exists in iOS; yes, it's all in the same spot as opposed to being spread over apps, but that's not $10.
Twitteriffic itself isn't particularly well made -- it's a mess of a screen and it looks cobbled together. The ads are far more intrusive than the original Twitter app, the coloring looks really bad (like geo-cities era webdesign bad), and it feels so much more like a "me too" app than anything.
What these devs seem to be missing is that while there are issues with curation in the Appstore, it doesn't impact their applications in the way they imagine. Vesper is an app trying to solve a problem/need that no one has. Twitteriffic is just a bland twitter clone with a few functions that the native client already supports or that no one wants. Even if Apple kept both apps on the featured page for weeks, it wouldn't change anything -- the apps just don't really do anything. It's not enough to make a pretty app for iOS, it has to actually serve a need, and if you can do this, people will pay. On Cydia, there are a few tweaks and apps which met needs that iOS didn't have. Prior to iOS 8, there was a need for MyWi, and I still use it on iOS 8 cause I like it better. Maybe with enough marketing spin and catchy advertisements, the likes of Vesper can convince the public that they need Vesper, but as it stands, it's not that apps like this are being treated unfairly, it's that there just isn't a need. It's like an art student pouring months into a painting that no one wants to buy -- we recognize the talent, but we've deemed it's not worth it. You can't just make a really slick product that does nothing and expect it to sell at $9.99.
No idea why this is modded as Informative -- people wanting to buy HL3 sight-unseen isn't an indicator to make it, that's an indicator for a cash-in which they're not acting on. This is a sobering but good reason as to why there's no HL3. If they aren't feeling it, they shouldn't be doing it, because it's just going to end up with unhappy Valve and unhappy gamers. No one really wins except for Valve's bank account.
Demanding they put out HL3 without a creative impetus is like a kid demanding to eat ice cream for breakfast, lunch, and dinner. Seriously, not everything needs to be on a scheduled release cycle; it's okay for stuff to be done when it's done instead of just forcing out a new product 'cause it's about new product time. This mentality is what leads to so much awfulness from the tech sector.
YikYak runs off phones or via Chrome if you take the time to run YikYak as a package (or whatever the term is) for Chrome. If the device is connected to the school's wifi, they ought be able to get the log-in associated with that IP address at the time of posting, which YikYak stores and readily provides in the case of police investigations.
The campus I work for has basically taken a much more aggressive position on YikYak and we monitor it...as we remember to. YikYak itself is such a pain in the ass and most of the time it's just students bantering like students (I almost wrote idiots, but given how I was in university, I'm in no position to judge). Most of it is complaints and asking where the next party is.
Funny enough, YikYak's moderation system actually makes it really hard to deal with the threats that do pop-up because they get removed after 5 downvotes, meaning it's hard for us to find them before the students remove the threats. We effectively cannot take action despite wanting to. I wouldn't expect the YikYak folk to spend time contacting schools where the threats are occurring, but I hope that they log it well enough to allow institutions to take action if they feel that any one student is consistently using the service to post threats.
You have a few challenges ahead of you; political ones, technical ones, and fiscal ones.
Are you just hoping to be the initial voice of inspiration and get everyone behind you? Or are you ready to be the advocate for the two factor auth you're proposing? Unless you've done your research and you know a lot of others in your department are on board with this proposal already, your proposal is going ground itself without much more than a candle flicker.
People tend to be really resilient to change, even really bright tech folk. "Good enough" is the motto that most people live by, so you're going to have to make a really enticing argument or get a lot of support across the board before even presenting this. Check with the necessary Systems folk; do they have ideas or wants or problems with a Two-Factor auth for users? Do the math for your accounts; are you saving enough money that it will make someone look good? Check with your Help Desk/Ticketing software; are password resets really enough of a problem that they're impacting people's work flow?
I promise you that most folks in a position to make a decision like this aren't staying up at night wishfully hoping that someone suggests TFA for the company, and few non-tech people in the company are even going to know what the hell you're talking about.
You're going to need to be prepared to really explain your idea and show that it already has support, else they're just gonna look at you like you suggested catapulting the ring into Mordor.
Riot has had a system like this for some time, the Tribunal, and they allege it works pretty well. It used to have an in-game based reward (absolutely minuscule amount of IP, the in game currency), but they have since removed it, and last I checked it still had high numbers. I don't know if Riot is the originator, but I know it's a pretty major part of their abuse/harassment control.
I really don't know if a Tribunal style method would carry over to Twitter - I remember that part of the reason that people liked Tribunal was just the absolutely ridiculous stories you could read about players and the crap they pulled, and the in-game jokes made it worth it. Riot also made a mini-game of the system, insomuch that you get ranking based on how often your suggested ruling lines up with the actual ruling made on the case. You don't get anything in game anymore, nor does it affect your game profile, but people seem to like it. Likewise, Riot's punishments aren't just pardon/ban, but a range of punishments which can be administered by the admins there.
One thing that does make me kind of worried is that there's not a lot really holding people to the abuse Twitter accounts; in Riot's case, having a Level 30 account (necessary level to participate in the game in full) takes a bit of time, and while many users have accumulated quite a few spare accounts, eventually those pools run dry -- on top of that, primary accounts tend to have in game purchases tied to them, so loss of the account represents a financial loss. With Twitter, you can make a spoof account in seconds with no penalty, and harassment accounts are able to participate immediately and by necessity for Twitter to work. Without the time commitment or something tying people to the account, I'm not sure that this will have as great of an impact.
You haven't. You may have had headlines if you enabled it, you may have had spam, but you're not getting the targeted Google ads like with vanilla Gmail, and if you are, I'd love to see a picture of that with the non-gmail domain clearly visible. Honestly, a picture of screen instead of a screenshot is even preferred.
I really dislike Google in general, but GAFE is pretty straight forward and they're pretty honest about the whole "no ad tracking" stuff.
No, the point is that FairPlay stopped iTunes audio from being playable on other devices for a short period of time, which is a somewhat fair complaint in certain scenarios. For the plaintiffs who bought up the music on iTunes with the expectation that they could play it on other music devices, it really depends on what Apple wrote and did not write which will determine if that complaint is valid. For those who wanted to be able to put music from other services onto their player, it depends on if the courts deem the restrictions FairPlay added to be required by the Apple contracts with the Music folk.
The lawsuit site itself seems more interested with getting as many people involved as possible to add legitimacy rather than actually talking about how bad DRM was at the time, but at the time it was a fairly legitimate complaint, and nowadays that shit just wouldn't fly period.
However, at that time, the laws about DRM on music were very anti-consumer since the market was still trying to maintain the old style of music sales and weren't quite ready to give up the whole ordeal. The thrust of the complaint made in the lawsuit is that Apple's DRM obligations to the music companies did not require the restriction that the music only be played on Apple devices.
Whether or not that is true will be revealed once the contracts are shown, I guess, and it will be up to the courts to say if any interpretation is necessary.
I want to second this as the reason that a lot of people are afraid of going the proper security route.
At the University I work at, we have been trying to push through full disk encryption for computers that go out into the wild for years now, and each time we're told it's impossible because "what if someone loses the password?"
Even with two key solutions that would ultimately at least allow access should we need it, we're told that the possibility of someone leaving on a trip and getting locked out of their computer is completely unacceptable.
Also, they wrote a detection script: https://github.com/PaloAltoNet...
There is a PDF report on the main website for Unit42 about the malware, but it has a fairly invasive registration process. Signed up with bs info and uploaded to public google drive for everyone.
Link to the researchers website for those cautious about the gdocs link
Straight Link to the report (requires registration)
Have not read the technical details yet, but it looks fairly comprehensive.
Well, GAFE accounts aren't normal google accounts. Function wise they're the same, but Google promotes that they are not put through the same advertising analytics that normal gmail accounts are.
From the GAFE website:
Google Apps is governed by a detailed Privacy Policy, which ensures we will not inappropriately share or use personal information placed in our systems. Google complies with applicable US privacy law, and the Google Apps Terms of Service can specifically detail our obligations and compliance with FERPA (Family Educational Rights and Privacy Act) regulations. Google is registered with the US-EU Safe Harbor agreement, which helps ensure that our data protection compliance meets European Union standards for educational institutions
FERPA is the big stickler here, as google really couldn't offer the service without being FERPA compliant, and they couldn't run Google Business as usual and still be FERPA compliant.
Now, as to whether you choose to believe their claims, that's another story, but you're approaching it with a lot of misinformation, it seems.
I think more people will just think "What's Tor?"
This is really a "news for nerds" sort of deal here. The general public, and even most power users aren't going to be all that interested in it due to the niche. As to why Facebook has elected to pursue an onion site, who knows. I doubt it's because they see a big future in Tor, or maybe they do. Given that Tor has a bit of a burden of knowledge to actually understand what it offers, most users won't know or care.
I'm willing to believe that it's possible an irresponsible journalist could really misrepresent the story to the public, but I guess I'd like to see it before it happened, and I feel that the Facebook PR engine would be quick to jump on any major misrepresentation due to recent allegations of Law Enforcement Officers using Facebook to aide in arrests for drug users. It's just not the kind of urban legend that they'd want out there to have to deal with.
The evidence from the actual report that it's of Russian origins is a little specious for my taste, though part of the reasoning isn't exactly unfounded.
Their evidence that it's of Russian origin is that a large number of the malware samples (APT28 as categorized by FireEye) included Russian Language settings along with English and "neutral" (which defaults to the environment defaults). That certainly is an eye-brow raiser in my mind, but I wouldn't say we got anyone with their hand in the cookie jar.
The other reasoning is just specious and/or speculation. The compile times for the malware seem to correspond to the Timezone for Moscow/St. Petersburg working days, which just seems like an odd assessment to make. Even if the government were to be paying hackers in Russia to make and operate malware, are these hackers actually punching in and out for 8 hour work days? Not to suggest that this isn't exactly what is happening, but it just seems like coincidence is an equally plausible scenario with this.
The other evidence is FireEye's own speculation on the targets could apply to other actors as well.
Their analysis of the malware otherwise is pretty good, but I think there just isn't enough to really peg it down. There are plausible explanations for the evidence that FireEye brings up which is no more of a stretch than it being of Russian origin.The language setting is good evidence, but there are some fairly valid reasons why that might be the case.
Yeah, this is one I've never really understood. I used to think that you had to use the intermediary sites since when I was younger, my parents either always used agents or third party sites once we got Internet access.
But when someone pointed me to http://matrix.itasoftware.com/, which just lists flights and prices instead of actually letting you buy, I never went back to the annoying third party sites. I've never really gotten a deal on the third party sites that was any cheaper than just looking up the cost on the informational site and buying the itinerary straight from the airline, nor have the hotel deals been any cheaper or different for me than just booking the hotel independently. I know that my folks like it because it's all of the prep-work done from one site, which is a fair point, but I personally just haven't seen the benefit.
While this is useful information to have, the privacy implications are a bit unsettling.
As best I can tell from the description, this sounds similar to what Disney and other themeparks use to track their wait times for rides, except the amusement parks occasionally hand out little RFID "things" to guests at the ride entrance and ask the guest to give it to the operator.
As far as I'm aware, any time you're polling for WiFi networks you're broadcasting your MAC; this just seems like a fairly benign way to get information about a process without getting actual data on an individual.
Granted, you can somewhat reliably tie together a MAC addy's travel path if you have the ability to see all the places that MAC has been, but that was true even without this particular software.
So, yeah, what is the concern about this software in particular? It seems like the complaint is more with how the scanning for networks works.
Email users tend to fall into two distinct categories of usage; heavy and "guess I have to use email", and you can trace the distinction almost straight along generation gaps. From my experience, most of the heavy users of email tend to customize systems to what works best for them -- in my work at University IT, the heaviest users usually have very nuanced inboxes with dozed of folders and filters they constructed to suit their needs, disabling any and all auto-sorting for fear of missing an email. Our biggest complaint from users tends to come from the fear that we did something on our Google Apps for Education filter settings which is preventing email from reaching them (even though we run a "virtually" vanilla set up with our Google Apps domain).
The rest of the users just thrive in the chaos of an inbox and either reluctantly use the auto-sorting provided by Gmail or quickly search how to disable it. (The fuss when "Important" messages came into existence was absolutely balloons; users rightfully complained that they had no idea why there was a yellow indicator next to every message in their inbox, since the google filter was marking every message as important). Most people don't really get that much email, at least not the same way that Google seems to think. The inbox search is so good that many users just seem to be content remembering a few key words and then searching for the email when they need it. I constantly see inboxes with thousands of unread messages since the users just ignore any email they don't want to read.
Watching the video and reading the associated blog post, at best it looks like a dedicated app that does what the tabs already do, as well as a few extensions which monitor the contents of email. Some of the features, like the live flight updates, would probably be pretty cool, but I'm curious how well it can interpret itineraries that fly under other airlines for part of the itinerary. (e.g., last international flight I took was on Finnair, and I traveled American Airlines for part of the flight as part of the Oneworld flight alliance; so the actual AA flight was numbered differently than the Finnair listing as I received it, AA#### as opposed to AY###)
I really doubt that this is going to do anything except eat up more space on the Android default home screen as one of the many apps that phones have to ship with, but hopefully a few of the informational features will leak over to Gmail proper.
Except that's not what they're asserting. Law enforcement has been granted powers by the higher powers in the government to occasionally perform actions that would be considered illegal in order to resolve a larger crime. (e.g., impersonation, possession of drugs, possession of illegal firearms, purchasing illegal substances). The DEA's assertion is that this is merely an branch of those granted powers. You might not like that they have been granted the powers to do this, but that doesn't mean that they "...assert that we live in a lawless land where [the DEA] can do what they please." There are pretty strict rules about what it is they can and cannot do when they do these sorts of operations and judges can and often will throw out entire cases if the law enforcement officers mess up during the operation.
Facebook's contention isn't that the DEA can't do this; they openly acknowledge that there is a review of the process in place, and I have no doubt that if tomorrow the DEA released a statement saying "nah, we totally can", then Facebook wouldn't even pursue the angle. Facebook's argument is that such actions really mess with the business model Facebook has; if people have to live in fear that government agents are routinely posing as users to get information, then users are going to migrate away. Not all, but enough to probably hurt Facebook's reputation.
You can argue about what law enforcement should and should not do in the course of an investigation, but there is a long history of precedent which says "hey, this is a-okay", at least the impersonation part. Whether or not the Plaintiff actually "gave consent" as the DEA assumes is a whole different matter, and I suspect their case and all cases from it might get thrown out based on that alone.
From the article:
"But much remains unanswered about the intrusion, including just who the hackers are, which other financial institutions were hit and why the hackers went down a path inside JPMorganâ(TM)s computer system that contained troves of customer information, but not financial data."
They have no motive, no indication of who, or why they did what they did. I agree with posters saying that it's officials throwing out a red herring to get everyone worked up over Russia instead of poor security.
Eh, most probably couldn't. If it's not a trusted developer, by default they cannot install it (a la apt-get or other package managers). They would have to have the known how and awareness to go in and change it to accept all installers, which I don't think many will.
The press is much to blame, never checking qualifications or accomplishments when reporting the work of so called 'scientists". Due to that, so much bullshit is promulgated that never comes to fruition, people naturally become skeptical. Promises of fuel cell being ready for mass adoption, promises of medical cures on the way, etc.
It's even worse that that though -- it's not just that the media doesn't fact check, it's that most media members lack the ability to fact check, as do their audience. It's the game telephone on a national scale, and it's hurting everyone when a rather important but nascent study on polymers gets conflated to "scientists create new ultra-capacity battery purple monkey dishwasher".
The report itself doesn't really focus so much on this disconnect though as much as it the social dynamics of credibility; according to the article, we're trained to focus more on "friend or foe" than "true or not true", and the first challenge in communicating serious scientific advances to people is getting past the friend or foe response. The article refers to Climate Change as an example of this, and it seems true that most people cannot enter into discussions of climate change without there being a political agenda attached.
What this really comes down to is poor logical training -- it's not that people are outright illogical or that science and pure logic are the most ideal way to be (as they aren't), it's that we're just wired to have an emotional investment, and too often, the public gets hurt by this wiring. Rather than take a second to try and see if the content is or is not valid, or to separate the person speaking from the evidence presented, which admittedly can be difficult if you are very invested in a particular belief (political, religious, mystical, personal, and so on). I've always used the example of liking Burzum versus liking/approving of Varg Vikernes and his personal beliefs; you don't need to subscribe to the latter to accept the former.
However, the article just suggests that we can't really get past that friend/foe check.
I think this is really where celebrity scientists (Tyson, Nye, Sagan, Asimov, etc) can really help out everyone. I'm re-reading two of Asimov's books "A short history of [chemistry|biology]" and I think that there needs to be more of this. Asimov was an incredible writer and had a knack for telling a good story, and even better just explaining science simply. Sagan has some fairly poetic ways of describing the universe which spoke to people in an easy way, Bill Nye brought a good sense of entertainment to science and made it fun for kids. The more writing and early exposure people can get to this sort of material, the better people can begin to separate the human behind the science from the evidence presented.
(Of course, this is not to say that scientists are without their own prejudices or agendas; reading the history of chemistry has shown how sometimes a leading scientists' personal agenda stymied progress just because they were perceived as an authority. Everyone, regardless of training, is subject to this bias)
Slightly different scenario. Yahoo had the data and refused to turn it over. Apple is in effect ensuring it can never have the data that the NSA is seeking without new code. Warrants, in this instance, can't really be used to compel you to make something you wouldn't otherwise make. That's not the type of a warrant they can actually seek; there is no "do what we tell you warrant".
Apple's entire gambit is to avoid the messiness of the law aspect by just preventing their own access to the data so they have no means to actually comply with such a request. They can't get in trouble for refusal for such requests anymore than they could get in trouble for being asked have Tim Cook shit out a unicorn.
That's kind of irrelevant when US cities can't match Latvian speeds. The major ISPs can claim they can, but what is advertised is quite frankly no where close to day to day usage.