Anyhow, I don't get all these silly whiners (this isn't directed at you in particular, btw), and their OH NOES, KDE 3.5 IS BETTER!!!.
Well, in some way, Kde 3.5 was better (more feature complete, less bugs)...
Nobody forced you to switch to 4.x.
Nobody held a gun to our head, that much is true. However, as many distributions jumped on the 4.x bandwagon way too quickly, you were pretty much forced to use KDE4 if you wanted to upgrade your distro for other reasons (such as new features in other, unrelated, packages).
Either offer some constructive criticism, and file a bug report, or crawl back to your hole.
Actually, many people did file bug reports, but often these are just brushed away, or ignored.
It's not like you're forced to update to 4.x, for God's sake.
No, but if you want to keep uptodate on other packages, you eventually had to upgrade your distribution, and along with it came KDE4.
And all this melodrama about how it killed the project, please. It's really starting to get painful to read.
It's supposed to be painful. That way, maybe the developers and distributors will (hopefully) think a little bit more when KDE 5.0 will come around, in order to avoid themselves a similar pain (... which pales in comparison to the pain that they inflicted on the users...)
Really nice straw man. The real story is that the police are releasing this data
No, they aren't. They released a properly redacted document, with all info that could be used by an identity thief properly covered up.
and that lifelock can't be expected to watch the entire internet 24/7
... and yet, they expect their customers to pay $10 / month for exactly this "service".
but they're catching blame from this anyway somehow.
... because they're selling snake oil, then are caught red-handed trying to censor the news, and finally spin their censorship as just protecting their employee's id data (which was never actually exposed in the police report).
Good analysis, except that police didn't even fuck up the redaction of the PDF document. Well, it's a plausible error to do, indeed lots of institutions, even 3 letter agencies should should have known better have goofed in such a way.
But in this case, police actually did just fine, by putting the rectangles right into the image, rather than adding them as an (easily removed) additional layer into the PDF.
So why is Livelock fighting this then, if it didn't actually expose the employees data?
Easy: because it's egg on their (the corporation's) face. But they can't admit that of course. so they send out their astroturfers with some silly "o God, police redacted the document poorly", and slashbots are falling for this without actually doublechecking that document.
Why is parent Interesting? Even for those without access to the IP log, Redundant would be more appropriate, given the number of time this same comment has been splattered all over Slashdot.
You can do more things in your car than just driving. One such thing is playing with your USB stick (or with a potato, or with whatever...). And these other activities are often done on the backseat where you have (slightly) more room than on the front seat.
If you do, make sure you attach a string to it, for easy retrieval when done. And refrain from doing it in your car, the brown stains are awfully difficult to get out of the back seat...
I didn't get my question answered, as the developers immediately discussed the fact I was using the "old tech" version (5) and the entire discussion became about when I was going to upgrade to the latest greatest version (7).
7 is still alpha. I wouldn't use that for production system. What's more, most modules are still unavailable for 7.
Heck, some useful modules are even unavailable for 6, such as views_ticker. Or are there any other tickers that show titles of nodes of a view? There are plenty which show all nodes of a certain type, or featuring certain taxonomy keywords, or from a hand-picked list, but no tickers based on a view. For that you have to stay with 5.
With drupal, you've got a good excuse for wearing last year's fashion: your favourite module or theme is still unavailable.
That's not a miss, then, is it? You visited Facebook. It doesn't make the technique invalid in the slightest.
It doesn't make the technique invalid, it only makes it unsuitable for this attack. Too many false positives, and people become suspicious about login tabs that seem to pop up from out of nowhere...
But then, the history snooping works on exact URLs. These test sites were proof-of-concept, so they probably chose the target site's root URL, rather than picking a URL which would only get fetched after an actual login. A real attacker would chose his URLs more carefully.
Obviously, this won't subvert SSL certs or anything;
Nor would it need to. This is not an attack on the connection (or routing, or DNS), but on the user's "laziness" to doublecheck the URL if for some reason he believes he entered it himself an hour ago. Of course, the SSL certificate would match the URL... but the URL won't be the URL of the bank.
Speakerphones are annoying, even more annoying than normal phones.
So that indeed, casts some doubt of the explanation of the study that phonecalls are annoying because you only hear half the conversation...
Personally, it has more to do with the loudness, and (in case of "hidden" phones like earplugs) with constantly having to wonder "is this person talking to me?"
You have to capture frames in order to identify the SSID's of the AP's (the whole point of the exercise)
Wouldn't an AP normally announce the SSID in separate packets?
And if their goal was to also get the SSID's of those APs that were configured not to broadcast their SSID, wouldn't that be nefarious on their own right? I mean, somebody who switched off SSID broadcasting took an explicit step to make his AP unavailable for others, and google shouldn't go and "hack" this.
Germany's privacy laws generally restrict photographs of people and property without a person's consent, except in very public situations, such as a sporting event.
Then, how do they handle tourist photos, when there just happen to be unrelated people somewhere in the background.
And if property is protected as well, what if somebody's house (or even car, or even bike, or pub's table...) shows up in the picture?
Slashdot Mirror
There are black hat hackers, there are white hat hackers and now there are brown hat hackers.
Do you really think they bother with condoms if they skip the enema?
No idea why Microsoft decided this is not needed.
User frienliness
In any case, the victims "deserve" what they got. Don't they have any geek friends, and didn't any of these warn them about Windows Mobile?
They could have combined it with the "history stealing" exploit, registered domains bananas.com and peaches.com, and picked for each victim the "appropriate" site to like.
But what if you didn't answer all the questions? You'd get 0% for those, wouldn't you?
Anyhow, I don't get all these silly whiners (this isn't directed at you in particular, btw), and their OH NOES, KDE 3.5 IS BETTER!!!.
Well, in some way, Kde 3.5 was better (more feature complete, less bugs)...
Nobody forced you to switch to 4.x.
Nobody held a gun to our head, that much is true. However, as many distributions jumped on the 4.x bandwagon way too quickly, you were pretty much forced to use KDE4 if you wanted to upgrade your distro for other reasons (such as new features in other, unrelated, packages).
Either offer some constructive criticism, and file a bug report, or crawl back to your hole.
Actually, many people did file bug reports, but often these are just brushed away, or ignored.
It's not like you're forced to update to 4.x, for God's sake.
No, but if you want to keep uptodate on other packages, you eventually had to upgrade your distribution, and along with it came KDE4.
And all this melodrama about how it killed the project, please. It's really starting to get painful to read.
It's supposed to be painful. That way, maybe the developers and distributors will (hopefully) think a little bit more when KDE 5.0 will come around, in order to avoid themselves a similar pain (... which pales in comparison to the pain that they inflicted on the users...)
Maybe, but LifeLock is still an overpriced and useless service run by crooks.
But then the Chief of Police himself could press CTRL-X CTRL-Z to instantly make the perp's head explode.
Really nice straw man. The real story is that the police are releasing this data
No, they aren't. They released a properly redacted document, with all info that could be used by an identity thief properly covered up.
and that lifelock can't be expected to watch the entire internet 24/7
... and yet, they expect their customers to pay $10 / month for exactly this "service".
but they're catching blame from this anyway somehow.
... because they're selling snake oil, then are caught red-handed trying to censor the news, and finally spin their censorship as just protecting their employee's id data (which was never actually exposed in the police report).
But in this case, police actually did just fine, by putting the rectangles right into the image, rather than adding them as an (easily removed) additional layer into the PDF.
So why is Livelock fighting this then, if it didn't actually expose the employees data?
Easy: because it's egg on their (the corporation's) face. But they can't admit that of course. so they send out their astroturfers with some silly "o God, police redacted the document poorly", and slashbots are falling for this without actually doublechecking that document.
Why is parent Interesting? Even for those without access to the IP log, Redundant would be more appropriate, given the number of time this same comment has been splattered all over Slashdot.
The report was redacted just fine (image editing, rather than just "covering up" the redacted info using a different layer)
You can do more things in your car than just driving. One such thing is playing with your USB stick (or with a potato, or with whatever...). And these other activities are often done on the backseat where you have (slightly) more room than on the front seat.
Now, where did I put my 30MB "full height" 5.25" drive...
You're "sitting" on it...
Prior art, I do this all the time.
If you do, make sure you attach a string to it, for easy retrieval when done. And refrain from doing it in your car, the brown stains are awfully difficult to get out of the back seat...
I didn't get my question answered, as the developers immediately discussed the fact I was using the "old tech" version (5) and the entire discussion became about when I was going to upgrade to the latest greatest version (7).
7 is still alpha. I wouldn't use that for production system. What's more, most modules are still unavailable for 7.
Heck, some useful modules are even unavailable for 6, such as views_ticker. Or are there any other tickers that show titles of nodes of a view? There are plenty which show all nodes of a certain type, or featuring certain taxonomy keywords, or from a hand-picked list, but no tickers based on a view. For that you have to stay with 5.
With drupal, you've got a good excuse for wearing last year's fashion: your favourite module or theme is still unavailable.
That's not a miss, then, is it? You visited Facebook. It doesn't make the technique invalid in the slightest.
It doesn't make the technique invalid, it only makes it unsuitable for this attack. Too many false positives, and people become suspicious about login tabs that seem to pop up from out of nowhere...
But then, the history snooping works on exact URLs. These test sites were proof-of-concept, so they probably chose the target site's root URL, rather than picking a URL which would only get fetched after an actual login. A real attacker would chose his URLs more carefully.
Obviously, this won't subvert SSL certs or anything;
Nor would it need to. This is not an attack on the connection (or routing, or DNS), but on the user's "laziness" to doublecheck the URL if for some reason he believes he entered it himself an hour ago. Of course, the SSL certificate would match the URL... but the URL won't be the URL of the bank.
Speakerphones are annoying, even more annoying than normal phones.
So that indeed, casts some doubt of the explanation of the study that phonecalls are annoying because you only hear half the conversation...
Personally, it has more to do with the loudness, and (in case of "hidden" phones like earplugs) with constantly having to wonder "is this person talking to me?"
You have to capture frames in order to identify the SSID's of the AP's (the whole point of the exercise)
Wouldn't an AP normally announce the SSID in separate packets?
And if their goal was to also get the SSID's of those APs that were configured not to broadcast their SSID, wouldn't that be nefarious on their own right? I mean, somebody who switched off SSID broadcasting took an explicit step to make his AP unavailable for others, and google shouldn't go and "hack" this.
Germany's privacy laws generally restrict photographs of people and property without a person's consent, except in very public situations, such as a sporting event.
Then, how do they handle tourist photos, when there just happen to be unrelated people somewhere in the background.
And if property is protected as well, what if somebody's house (or even car, or even bike, or pub's table...) shows up in the picture?
Wouldn't that generate an artificial gravity equal to that of the earth at 42000km of altitude?
Oops, you do have a point. But it would equal gravity at 36000km of altitude (the 42000km include the earth radius of 6000km).
So, in order to get gravity like at ground level, the station would need to much larger, more like 1500000km. Or rotate much faster than once per day.
how big would the torus have to be to have reasonable days and nights and eathlike gravity?
a radius of 42000km
... and not one Dell joke?
... machines could start spontaneously displaying goatse...
OMG, now I'm blind!