Yes, flash is a piece of turd. But it is a WORKING piece of turd, and HTML5 won't change that.
Unfortunately, it's also a DANGEROUS turd. I understand that many sites will continue to require Flash in the near future. These will continue to work, just with an extra click. We're not talking about the complete elimination of Flash here. But it should be treated as the dangerous malware vector that it is, and only activate when someone really wants to activate it. I agree that functionality-wise, Flash has a lot going for it. But it's just not worth the price we paid (and continue to pay) security-wise.
Adobe had Flash, Microsoft had ActiveX, and Java had its plugin. All three were major security disasters, and we're still feeling the negative effects of all of them even today. I welcome anything that sweeps those technologies toward the dustbin of internet history.
Which makes the price rise slightly for goods produced in China relative to regions which don't have these laws. That's the important bit. Just like states in the US do with favorable tax rates and incentives, countries also compete for international businesses. Each new bit of overhead or regulatory friction is a disincentive for businesses.
Fortunately, it's not designed as a passthough USB device, and it appears to be activated with a button. So, it seems sort of unlikely that it would be abused like that en masse, at least not without significant modification, which raises the bar quite a bit for malicious sorts.
I think a bigger danger is someone leaving the device lying around with a label printed "top secret" or "do not view", and letting natural human curiosity do the rest. That's still an expensive "prank" to play at $50 a pop, with no benefit to the users, so it seems unlikely to be widespread.
AT&T spokesperson: Sorry... what? I'm not sure what you're saying here. Is there a legal document that perhaps defines those terms in an appendix somewhere? If possible, we'd also like them defined in the proper context of how they relate to maximizing corporate profit and alienating customers. I'm afraid our discussions can go no further unless we're all on the same page with some of this confusing terminology.
Not anymore, I believe that's part of the rule41 changes
Hmm, it seems I was wrong, but not for that reason. In recent years (like, within the last five years or so) they've actually used botnet command and control systems to try to fix or patch up user systems. I've linked a legal paper in a different post that described some of these events.
I'm wondering if part of the intention of Rule 41 was to clarify the legal standing of the botnet issue. Will have to do a bit more reading on that, as it somehow slipped by my radar.
Unfortunately, there's no convenient global IP-to-email or IP-to-person database, so it's not as easy as you may think to contact those affected. IPs are usually dynamically assigned to consumer users, meaning there's no simple one-to-one mapping. While it's certainly *possible* to track down a user by IP, it's by no means trivial to do so, or even possible in all cases. ISPs may be reluctant to hand out that information to law enforcement without a subpoena, and that's generally a good thing for our privacy.
Probably the most effective response to help individuals, now that the authorities have the command and control systems, is to instruct the malware to remotely disable itself and patch any known infection vector / vulnerability. This has been done on several occasions by the FBI and Microsoft in recent years, which has a dedicated anti cyber-crime lab that works with them on these sorts of cases. Of course, this is fraught with both technical and legal concerns, due to potential abuse or a slippery slope encroachment of privacy rights. And things are made more complicated because of the various international laws that may impact the ability of law enforcement to do this.
I certainly understand your skepticism regarding governments, law enforcement, and potential for abuse by overreach, but I really do think they're doing the right thing here. It's unfortunate that governments and law enforcement has undermined the public trust with their actions, such that we can't help but question their motivations, even when they're (I believe) legitimately stopping criminals like this.
There's little choice but to seize command-and-control domains in order to stop these widely distributed botnets. My guess is that this is simply done at the DNS level, which would be pretty simple since they're apparently cooperating with ICANN authorities, according to the press release. Also, it's ridiculous to expect authorities to track down half a million victims and help them clean up their computers. Besides, in the US at least, I believe it would actually be illegal to do anything to a user's system without their express consent.
So, sorry, I don't see this as some nefarious plot by world governments to take over the internet... that's probably a different department. This is exactly what law enforcement needs to be doing to combat these fucking botnets operators and ransomware distributors who are ruining things for the rest of us.
The law specifically requires "habitual" viewing, so theoretically you wouldn't be charged unless you visited regularly over a period of time. Also, probably more relevantly, not unless you're living in France.
Bulk digital storage requires a robot? Is she perhaps talking about a device that can access stored digital tape media with a mechanical arm or something? Or is any high tech hardware these days just called a "robot" if people don't know what else to call it?
The article didn't provide any more details, which is a shame, since that sounds sort of interesting to see.
Someone please mod this +1 Informative, because this a key point. When people talk about "misleading advertisement", I also believe they are generally talking about expectations set by Sean Murray, who seems unable to constrain himself to describing features he knows will ship, and instead seems to describe the game as he'd imagine he would like it to become.
I'm a professional game developer, so naturally I've seen the "behind the scenes" view for a number of AAA title releases, especially the discrepancy between the released information and the true state of the game at the time. Most people would be shocked at how fluid the design of a game can be, how many iterations it takes to get things right, how many crazy ideas get tried and thrown away, and sometimes, how late in development things can really come together, especially if you're developing a lot of new technology. You have to be *extremely* disciplined when talking about your game, especially if you've got a hard deadline, because it's almost inevitable that many cool ideas and features are going to get cut simply because there's no time to polish them properly.
Unfortunately, some people like Peter Molyneux have demonstrated that they don't have the proper temperament for talking to the press or the public, because they can't stay on script, or can't simply tell the honest truth about a feature that's still very much up in the air. I suspect Murray is like this as well, and unfortunately, he damaged the reputation of the company because of his lack of media discipline.
ISPs also describe their services as "unlimited", so I'm not so sure I'd use their marketing jargon as a good benchmark for accurate technical descriptions.
Yeah, my thoughts exactly when I read the headline. It sounds like "high-bandwidth, reliable" instead of "superfast" would have been more appropriate.
But still, it's not like this is a tech site for nerds or anything. Gotta make it a bit more approachable for the less tech-savvy masses, so I guess we can give them a pass on the silly description, right?
Plus, even if I were to buy the most expensive Pixel, I tend to keep my phones for quite a while (over three years for my current model and going strong). So, I'm probably paying under a buck a day for the phone, and another two for my data plan. For that, I get a:
* phone * texting / messenger client * e-mail client * mobile web browser * GPS navigation device * Kindle reader * camera / video recorder * video player * music player * calendar * videogame player * alarm clock * flashlight * compass * and much more
... all in one convenient, portable device more powerful than supercomputers of a few decades ago. It's not a bad deal, if you ask me.
Remember when Google and Facebook and Microsoft and other huge tech corporations used to insist that engaging with Communist China and other totalitarian regimes was the best way to make them more free?
Did anyone ever buy that? You could almost hear the true motives ("over a BILLION customers... over a BILLION customers...") percolate as they regurgitated some carefully lawyered corporate claptrap. They don't even pretend to care anymore, of course.
I wonder if there's any chance of them actually going after the source of these products as well? Because, you know... heaven forbid we offend our Valuable Trading Partner(tm) where all these fakes are coming from, right? After all, we want to sell our cheap Chinese widget with our logo on it that costs 10x as much, not the fake brand Chinese widget that probably comes from the same factory after hours.
If you outsource manufacturing to a country that doesn't give a crap about international IP laws, this is the inevitable and rather obvious results. Online storefronts are easy to shut down, move, and re-open, unlike factories. Fine, they got a few middlemen, but the problem will remain. Unfortunately, even if we move manufacturing elsewhere, the Chinese knockoffs will continue, because they're *extremely* good at doing that now, and we financed their infrastructure and education. At the very least though, we could *stop* financing them. But then where would we get low-cost manufactured goods, which require hundreds of thousands of low-paid workers to keep costs down? Problems, problems...
Strange. Maybe Amazon's UK service quality differs from the US? Amazon service just recently gave me a credit for a purchase through a third-party seller. I was only reporting a seller that seemed to be charging an excessive amount of shipping (about $20), nearly as much as the product, which I hadn't notice at the time I purchased it (yeah, it was more or less my fault, but still). They said they'd look into the matter and then offered me a credit without me even asking for it.
Anytime I've contacted Amazon support, my issue has *always* been quickly resolved and completely, with outstanding service. Maybe it helps that I've been a customer for a very long time, probably over fifteen years or so. That's one of the reason I continue to buy from them almost exclusively - the other is they've got a good security track record.
I've also had support from 3rd party sellers... hrm, maybe two times? One time a replacement unit was sent, and another time, I shipped the product back because it was defective, and I got a refund because they couldn't get a replacement.
He's done nothing beyond telling us what he is going to do.
As opposed to Obama, who won a Nobel Peace Prize just for getting elected?
US Presidents, or even US President-elects are, almost by definition, extremely influential people. I'd say that this campaign has been unlike any I've ever seen, between two of the most polarizing candidates I could imagine, and the *most* polarizing candidate actually won, despite the incredible amount of baggage he had.
By the way, Hillary certainly would have properly been Person of the Year had she been elected. I think it's more a statement on this particularly brutal election cycle than of Trump himself.
I'm pretty sure they don't give you direct control over the botnet. I'd suspect you can only direct who to attack, attack timing/duration, and how many bots.
Maybe there's something you could do once you know all the IPs (for instance, you could direct them at a honeypot target), but a lot of malware closes the door behind itself once a device is compromised. I'm not sure how Mirai works, but I wouldn't be surprised if it behaved in a similar fashion.
Woah... Trump and Hitler mentioned in the same thread, and without being a Godwin. I looked back to see if that was true (it is), and as it turns out, Stalin was also person of the year. Twice, in fact: 1939 and 1942. Another historic note, from Wikipedia:
Since the list began, every serving President of the United States has been a Person of the Year at least once with the exceptions of Calvin Coolidge, in office at time of the first issue
Like or loathe him, it's hard to argue that Trump hasn't been one of the most influential people of the year.
Slashdot Mirror
Yes, flash is a piece of turd. But it is a WORKING piece of turd, and HTML5 won't change that.
Unfortunately, it's also a DANGEROUS turd. I understand that many sites will continue to require Flash in the near future. These will continue to work, just with an extra click. We're not talking about the complete elimination of Flash here. But it should be treated as the dangerous malware vector that it is, and only activate when someone really wants to activate it. I agree that functionality-wise, Flash has a lot going for it. But it's just not worth the price we paid (and continue to pay) security-wise.
Adobe had Flash, Microsoft had ActiveX, and Java had its plugin. All three were major security disasters, and we're still feeling the negative effects of all of them even today. I welcome anything that sweeps those technologies toward the dustbin of internet history.
Which makes the price rise slightly for goods produced in China relative to regions which don't have these laws. That's the important bit. Just like states in the US do with favorable tax rates and incentives, countries also compete for international businesses. Each new bit of overhead or regulatory friction is a disincentive for businesses.
Fortunately, it's not designed as a passthough USB device, and it appears to be activated with a button. So, it seems sort of unlikely that it would be abused like that en masse, at least not without significant modification, which raises the bar quite a bit for malicious sorts.
I think a bigger danger is someone leaving the device lying around with a label printed "top secret" or "do not view", and letting natural human curiosity do the rest. That's still an expensive "prank" to play at $50 a pop, with no benefit to the users, so it seems unlikely to be widespread.
Ethically/morally/etc it's one thing.
AT&T spokesperson: Sorry... what? I'm not sure what you're saying here. Is there a legal document that perhaps defines those terms in an appendix somewhere? If possible, we'd also like them defined in the proper context of how they relate to maximizing corporate profit and alienating customers. I'm afraid our discussions can go no further unless we're all on the same page with some of this confusing terminology.
Not anymore, I believe that's part of the rule41 changes
Hmm, it seems I was wrong, but not for that reason. In recent years (like, within the last five years or so) they've actually used botnet command and control systems to try to fix or patch up user systems. I've linked a legal paper in a different post that described some of these events.
I'm wondering if part of the intention of Rule 41 was to clarify the legal standing of the botnet issue. Will have to do a bit more reading on that, as it somehow slipped by my radar.
Unfortunately, there's no convenient global IP-to-email or IP-to-person database, so it's not as easy as you may think to contact those affected. IPs are usually dynamically assigned to consumer users, meaning there's no simple one-to-one mapping. While it's certainly *possible* to track down a user by IP, it's by no means trivial to do so, or even possible in all cases. ISPs may be reluctant to hand out that information to law enforcement without a subpoena, and that's generally a good thing for our privacy.
Probably the most effective response to help individuals, now that the authorities have the command and control systems, is to instruct the malware to remotely disable itself and patch any known infection vector / vulnerability. This has been done on several occasions by the FBI and Microsoft in recent years, which has a dedicated anti cyber-crime lab that works with them on these sorts of cases. Of course, this is fraught with both technical and legal concerns, due to potential abuse or a slippery slope encroachment of privacy rights. And things are made more complicated because of the various international laws that may impact the ability of law enforcement to do this.
I certainly understand your skepticism regarding governments, law enforcement, and potential for abuse by overreach, but I really do think they're doing the right thing here. It's unfortunate that governments and law enforcement has undermined the public trust with their actions, such that we can't help but question their motivations, even when they're (I believe) legitimately stopping criminals like this.
There's little choice but to seize command-and-control domains in order to stop these widely distributed botnets. My guess is that this is simply done at the DNS level, which would be pretty simple since they're apparently cooperating with ICANN authorities, according to the press release. Also, it's ridiculous to expect authorities to track down half a million victims and help them clean up their computers. Besides, in the US at least, I believe it would actually be illegal to do anything to a user's system without their express consent.
So, sorry, I don't see this as some nefarious plot by world governments to take over the internet... that's probably a different department. This is exactly what law enforcement needs to be doing to combat these fucking botnets operators and ransomware distributors who are ruining things for the rest of us.
The law specifically requires "habitual" viewing, so theoretically you wouldn't be charged unless you visited regularly over a period of time. Also, probably more relevantly, not unless you're living in France.
Ok, that made me laugh. Sorry, no mod points at the moment or you'd get a +Funny.
I do hope he's okay though.
Bulk digital storage requires a robot? Is she perhaps talking about a device that can access stored digital tape media with a mechanical arm or something? Or is any high tech hardware these days just called a "robot" if people don't know what else to call it?
The article didn't provide any more details, which is a shame, since that sounds sort of interesting to see.
Er, just to clarify, by "mod this up", I meant "mod parent up." I'm not quite shameless enough to actually request mods for my own post.
If you believe Donald Trump is racist, sexist, and bigoted, it's likely that nearly everything he says will appear hateful to you.
Someone please mod this +1 Informative, because this a key point. When people talk about "misleading advertisement", I also believe they are generally talking about expectations set by Sean Murray, who seems unable to constrain himself to describing features he knows will ship, and instead seems to describe the game as he'd imagine he would like it to become.
I'm a professional game developer, so naturally I've seen the "behind the scenes" view for a number of AAA title releases, especially the discrepancy between the released information and the true state of the game at the time. Most people would be shocked at how fluid the design of a game can be, how many iterations it takes to get things right, how many crazy ideas get tried and thrown away, and sometimes, how late in development things can really come together, especially if you're developing a lot of new technology. You have to be *extremely* disciplined when talking about your game, especially if you've got a hard deadline, because it's almost inevitable that many cool ideas and features are going to get cut simply because there's no time to polish them properly.
Unfortunately, some people like Peter Molyneux have demonstrated that they don't have the proper temperament for talking to the press or the public, because they can't stay on script, or can't simply tell the honest truth about a feature that's still very much up in the air. I suspect Murray is like this as well, and unfortunately, he damaged the reputation of the company because of his lack of media discipline.
This is either shear incompetence or shear malice, either of which is unacceptable, and therefore deserves instant derision.
So... "Win shear"?
ISPs also describe their services as "unlimited", so I'm not so sure I'd use their marketing jargon as a good benchmark for accurate technical descriptions.
Yeah, my thoughts exactly when I read the headline. It sounds like "high-bandwidth, reliable" instead of "superfast" would have been more appropriate.
But still, it's not like this is a tech site for nerds or anything. Gotta make it a bit more approachable for the less tech-savvy masses, so I guess we can give them a pass on the silly description, right?
Plus, even if I were to buy the most expensive Pixel, I tend to keep my phones for quite a while (over three years for my current model and going strong). So, I'm probably paying under a buck a day for the phone, and another two for my data plan. For that, I get a:
* phone
* texting / messenger client
* e-mail client
* mobile web browser
* GPS navigation device
* Kindle reader
* camera / video recorder
* video player
* music player
* calendar
* videogame player
* alarm clock
* flashlight
* compass
* and much more
Remember when Google and Facebook and Microsoft and other huge tech corporations used to insist that engaging with Communist China and other totalitarian regimes was the best way to make them more free?
Did anyone ever buy that? You could almost hear the true motives ("over a BILLION customers... over a BILLION customers...") percolate as they regurgitated some carefully lawyered corporate claptrap. They don't even pretend to care anymore, of course.
I wonder if there's any chance of them actually going after the source of these products as well? Because, you know... heaven forbid we offend our Valuable Trading Partner(tm) where all these fakes are coming from, right? After all, we want to sell our cheap Chinese widget with our logo on it that costs 10x as much, not the fake brand Chinese widget that probably comes from the same factory after hours.
If you outsource manufacturing to a country that doesn't give a crap about international IP laws, this is the inevitable and rather obvious results. Online storefronts are easy to shut down, move, and re-open, unlike factories. Fine, they got a few middlemen, but the problem will remain. Unfortunately, even if we move manufacturing elsewhere, the Chinese knockoffs will continue, because they're *extremely* good at doing that now, and we financed their infrastructure and education. At the very least though, we could *stop* financing them. But then where would we get low-cost manufactured goods, which require hundreds of thousands of low-paid workers to keep costs down? Problems, problems...
Yes, I'm a bit jaded.
Hulk love bananas!
Strange. Maybe Amazon's UK service quality differs from the US? Amazon service just recently gave me a credit for a purchase through a third-party seller. I was only reporting a seller that seemed to be charging an excessive amount of shipping (about $20), nearly as much as the product, which I hadn't notice at the time I purchased it (yeah, it was more or less my fault, but still). They said they'd look into the matter and then offered me a credit without me even asking for it.
Anytime I've contacted Amazon support, my issue has *always* been quickly resolved and completely, with outstanding service. Maybe it helps that I've been a customer for a very long time, probably over fifteen years or so. That's one of the reason I continue to buy from them almost exclusively - the other is they've got a good security track record.
I've also had support from 3rd party sellers... hrm, maybe two times? One time a replacement unit was sent, and another time, I shipped the product back because it was defective, and I got a refund because they couldn't get a replacement.
Maybe I've just been lucky?
He's done nothing beyond telling us what he is going to do.
As opposed to Obama, who won a Nobel Peace Prize just for getting elected?
US Presidents, or even US President-elects are, almost by definition, extremely influential people. I'd say that this campaign has been unlike any I've ever seen, between two of the most polarizing candidates I could imagine, and the *most* polarizing candidate actually won, despite the incredible amount of baggage he had.
By the way, Hillary certainly would have properly been Person of the Year had she been elected. I think it's more a statement on this particularly brutal election cycle than of Trump himself.
I'm pretty sure they don't give you direct control over the botnet. I'd suspect you can only direct who to attack, attack timing/duration, and how many bots.
Maybe there's something you could do once you know all the IPs (for instance, you could direct them at a honeypot target), but a lot of malware closes the door behind itself once a device is compromised. I'm not sure how Mirai works, but I wouldn't be surprised if it behaved in a similar fashion.
Doh. I didn't copy the entire Wikipedia quote. Here's the rest:
... Herbert Hoover, the next U.S. president, and Gerald Ford.
Woah... Trump and Hitler mentioned in the same thread, and without being a Godwin. I looked back to see if that was true (it is), and as it turns out, Stalin was also person of the year. Twice, in fact: 1939 and 1942. Another historic note, from Wikipedia:
Since the list began, every serving President of the United States has been a Person of the Year at least once with the exceptions of Calvin Coolidge, in office at time of the first issue
Like or loathe him, it's hard to argue that Trump hasn't been one of the most influential people of the year.