Reminds me of the time I got a call about one of our configuration interfaces not working. User kept getting XSS errors and the page wouldn't even load.
Needless to say I was quite impressed to find out browsers were employing black box naive heuristic filters that not only were not effective and could themselves be leveraged to mask attacks and as vectors for denial service they also caused random failures in non-defective code due to chance coincidence and naming conventions.
The last thing the web needs is Nondeterminism. This not only pisses off users and developers alike it will be exploited to harass people and deny service. It's hard to think of a more asinine scheme than time based limits that depend on the characteristics and state of each device at the time document is being rendered.
Slashdotters need to learn and realize that the average consumer - read the vast vast majority of people - don't give a flying-rat-fuck about security or privacy.
What people like you need to learn to realize is that the only difference between a slashdotter and average consumer is knowledge of how the sausage is made.
GA is effectively dead. Millions of users are already blocking this and every other external service similar to it in existence. The result is data provided by these services is at very least incomplete.
If you want accurate figures install a stats package and parse your own web logs. It's not rocket science.
At the very least self-consistency should be demanded. Right now we have a definition of "information service" which depends on "telecommunications services" to facilitate providing the information service. By definition an information service cannot exist without telecommunications service to facilitate it.
This begs question where is the telecommunications service required to support "information service"? If you blanket assert ISPs are information services then your argument fails self-consistency.
Internet is layered sufficiently to clearly separate providing access to IP network from servers (NNTP, Gopher, WAIS, CHARGEN, WAP..etc) that offer information services over IP.
Saying an ISP can't offer both information and telecommunications services is like saying a movie theatre can't charge for admission to a movie and popcorn.
Arguing ISPs are information services because they have DNS servers is like arguing the business of movie theatres is selling popcorn not film viewing.
I personally would rather not see Title II applied to broadband or anything else.
Much better off with clean NN or meaningful legislation which actually encourages competition instead of FCC using its power to shield large providers from the burden of having to compete.
There have been more than a few school shootings where the shooter had posted shit like this and people shrugged it off as "no threat here, kinda funny." Then they cart bodies out of the classrooms while people wonder why the police didn't take action on pretty blatant warning signs. Now that people are doing their due diligence, retards like you are shouting "OVERSTEP! OVERSTEP!" There's no god damn winning here.
Reactive policy never leads to winning. It leads to local optima and overstep as opportunity costs mount.
You get better results with policy based on rational statistically significant evidence not capitulating to feelings and cowardice.
It doesn't matter whether technology is involved or not, or what their comedic intent was: stating something about wanting to go ahead with terrorism or murder is going to get the attention of authorities, and they are going to start by doing a full investigation of the threat with no smile or laughter whatsoever.
Personally I thought it was funny as shit. Don't forget to investigate Siri for her supporting role in the conspiracy.
This is why the world is far better off when monopolies are simply not allowed to exist.
I'm not sure I'd go THAT far with that ideology -- the answer isn't that clear cut IMHO. I'm going to play Devil's Advocate for a minute:
Governments have a monopoly on creating and enforcing Laws and Money.
My remarks were in the context of commercial endeavors. It's quite a stretch to even attempt to apply the term to governance. I'm quite comfortable with my anti-monopoly sentiment generally.
The underlying reason for my belief is the observation power almost always corrupts the user. People are incapable of acting properly unless guided by an environment designed to reinforce good behavior.
All successful states by definition have obtained a monopoly interest on the use of violence yet inter and intra state competition depends entirely on the governance structures of states themselves. While I certainly would never see myself preferring a one world government the monopoly interest of a states authority/legitimacy over its citizens isn't actually relevant. The structure and distribution of power within the centralized structure is what matters.
Dictatorships run by kings with absolute power tend to rot from the top down.
Other structures where power is disaggregated and jealously guarded by many competing interests limit accumulation and exercise of power thereby protecting participants from themselves.
In business leadership is naturally aligned with the objective function: making money. Becoming a monopoly and leveraging yourself is the dream of all money making corporations. In effect there are no competing interests, no guarding of power... corporations are effectively one organism doing whatever they can get away with within their environment to maximize the objective function.
Do you really every Tom, Dick, and Harry creating and enforcing new Laws? I believe THAT is called Anarchy. One of the problems with Anarchy is that it doesn't scale.
No, there can be centralized things de-centralized in their governance. For example the UN and IETF are simply forums for those with power to communicate and pursuit mutually beneficial outcomes.
Having the entire world influenced by the fruits of a global effort doesn't make it a monopoly simply because consensus was achieved and everyone decided to follow the same standard.
I think part of the confusion is that Monopolies and Standards go hand in hand. That is, Monopolies, at best, provide a "de facto" standard. Is a bad standard worse then no standard? Sometimes. Sometimes not.
I have no interest in playing word games which is all these characterizations amount to. My remarks had nothing to do with "standards" and the question you raise are irrelevant. Simply put global standards can exist in the absence of monopolies.
Do you honestly believe if Mozilla had 99% market share, they wouldn't be abusing it?
EVERYONE abuses a monopoly position. This is why the world is far better off when monopolies are simply not allowed to exist.
Presently Mozilla is just a browser. They don't have a monopoly on search and operate massive content/ad service like Google does. Google is way more dangerous as they continue to exert ownership over more and more of the stack fueled by NIH ethos.
Google browser running on Google OS over Google transport (QUIC) to get to Google services and search sites hosted on Google (AMP). Some lucky few have even managed to get Google fiber and close the loop entirely.
Now they have taken control over transport protocols and as a result 1 session to Google (QUIC) consumes twice the bandwidth of sum total of 20 other sessions (TCP) to other places combined over a bandwidth constrained link because Google has intentionally tweaked congestion algorithms with twice the aggression of normal TCP so that they win.
The primary reason Google chrome malware has the market share it does is persistent scare/nag campaigns against competing browsers by those using Google.
Look up the Carrington event. Realize that it's not a question of if, but of when the next X-class solar flare hits the Earth.
What about the Carrington event?
The telegraph systems survived largely unscathed.. with mostly momentary outages lasting several hours at best. This was all at a time (pre Maxwell) where the world was clueless when it came to basics of electricity. Protection circuits and grounding standards were non-existent.
It will be like an EMP, but it will last for days, not milliseconds, and it will be global. If we don't prepare for it, most electrically powered equipment will be destroyed, and in consequence most humans will die.
Saying most electrically powered equipment will be destroyed has no basis in reality. There is little danger of damage to electronic equipment from solar flares. Also if it really did happen there would be advanced notice and time to take action to limit grid damage.
The power grid itself could very well be damaged with widespread outages. Equipment necessary to replace damaged components could take years to come online. Sustained lack of access to grid may well cause humans to die in large numbers... yet this is a far cry from "most electrically powered equipment will be destroyed" which is not true.
What I'm waiting for is some disgruntled employee, l337 haxor or "axis power" to push a "security" update... think windows 10... with a time bomb that destroys hundreds of millions of computers simultaneously.
Would wipe all data then destroy the operating system. It could try and brick/corrupt any hardware containing field upgradable firmware (disk drives, NICs, GPUs, mgmt engines, keyboards, system firmwares...etc)
The current system in my view is simply too dangerous. It costs too little to fix programming mistakes and normalizing constant perpetual updates as if this is a normal and healthy exercise is an exceedingly dangerous local optima to fall into.
Likewise there is nothing wrong with field firmware updates so long as they are distributed upon boot and physically unable to persist after reboot. Current practices are simply too dangerous.
Differential privacy is a rigorous mathematical definition of privacy.... (supporting nonsense deleted)...
This gives a formal guarantee that individual-level information about participants in the database is not leaked.
This is getting old.
The issue isn't what is done with data stolen continuously in real-time from millions of people the issue is the theft in the first place.
If someone broken into your house and stole all of your shit... whether they donated it all to a worthwhile charity or pawned it all for crack is irrelevant.
They have quacks, anecdotes and scaremongering. Don't you think if vaccines were harmful, we would see a huge, statistically undeniable effect? But we don't. Just edge cases. That's very telling.
Don't you think if Atomic bombs really caused cancer we would see a huge, statistically undeniable effects on the populations of Hiroshima and Nagasaki?
I am an equal opportunity hater of crackpots and skeptics alike. Skeptics often confuse the threshold of detection in any reasonable campaign with evidence of no harm because after all they are skeptics and therefore used to hiding safely behind their default conclusions.
In certain cases it's easy statistically to detect even uncommon adverse reactions simply because it occurs so rarely in nature outliers are easy to spot. In other cases significant harm can remain out of scope of even well funded studies because a condition happens to be common regardless of presence of specific trigger under study. Here it takes significantly more resources to detect a harm signal in the noise of what occurs anyway.
When scientists stand in front of the public and conclude simply that they found no evidence for x without at the same time clearly communicating threshold below which conclusive detection is not possible they are doing the public a disservice.
If you believe AppleÃ(TM)s Ãoespyingà (whatever that means) decreases transaction security, please, tell us how.
It decreases security because there are more hands in the pot. Not only does the secrets comprising the underlying card still need to be guarded so does the account / device itself. More to go wrong, more opportunities for data collection and systems compromise.
The future of payment systems isn't layering one disaster (credit cards) upon another (hardware tied vendor specific proprietary payment schemes)... the future is in systems like SWIFT's RT-RPS.
And please show proof that any Apple Pay user has ever been compromised as a result of using it.
See anonymous reply. The DAN cannot be used by an aggregator to uniquely identify you. Your card number can.
If all the seller got was as you incorrectly asserted "a random card number" it would be an entirely different matter.
Equating a unique identifier sent to everyone you've ever bought anything from using Apple pay service with privacy is simply not credible. It's no different than NSA saying they only get phone numbers not names and addresses. Functionally in the age of mass re-identification it's a totally meaningless distinction.
It's a free service. Just don't use it. What the fuck is wrong with people?
They probably don't appreciate the "free service" using them without their permission even if they have never decided to use it.
Ohh wait the entire world has plenty of alternatives!
Who is Facebook's competitor? Some distributed open source Facebook clone nobody has heard of or uses? Can you name just one with any discernible market share?
Please don't bother to list job sites and messaging apps. These are NOT replacements for Facebook.
Oh look another sleazy company rummaging through millions of computers and collecting shit on all of the software everyone has installed when they don't have to then publically bragging about their exploits after the fact.
The only problem of import is ability for attackers to record login credentials due to continued use of insecure authentication algorithms.
What should be an obvious basic fact known to all I'm 100% certain will be totally lost on whoever is not furloughed and responsible for these systems.
DNS is the problem. Yes insecure DNS providing insecure pointers to insecure network addresses is the problem. It's all DNS... lock that shit down or a disaster will occur. Yep we're all really THAT stupid.
Personally I blame browser vendors for their persistent refusal to support secure authentication algorithms.
Most of that rant sounds like that of someone who doesn't understand what's going on under the covers.
Including yourself apparently.
Unless you're living in the dark ages and paying with cash for everything, you're actually safer and more private with Apple Pay.
Actually what's safer is not brandishing Apple smart phone/watch in public everywhere you go. Look at me I'm carrying expensive shit. No thanks some of us have more sense than that.
Saying Linux is a company because companies exist that support Linux makes no sense whatsoever.
It's like saying 'Trees' are a company because tree farms exist.
Did Linux exist prior to Linux foundation? YES. Does Linux's continued existence depend on Linux foundation? NO. Would Linux exist if the Linux foundation didn't? YES.
I don't know how they managed to do this yet the payment "app" actually still works even when battery on your phone runs dead or you *gasp* decided not to bring it with you.
The full value of each transaction is always transferred to the intended party without value needlessly being diverted to coffers of money changers.
Also transactions are inherently untraceable. If I buy something the seller can't use HSAC payment app to fingerprint me or otherwise obtain my identity so they can constantly harass me to buy more shit from them.
Slashdot Mirror
Reminds me of the time I got a call about one of our configuration interfaces not working. User kept getting XSS errors and the page wouldn't even load.
Needless to say I was quite impressed to find out browsers were employing black box naive heuristic filters that not only were not effective and could themselves be leveraged to mask attacks and as vectors for denial service they also caused random failures in non-defective code due to chance coincidence and naming conventions.
The last thing the web needs is Nondeterminism. This not only pisses off users and developers alike it will be exploited to harass people and deny service. It's hard to think of a more asinine scheme than time based limits that depend on the characteristics and state of each device at the time document is being rendered.
Slashdotters need to learn and realize that the average consumer - read the vast vast majority of people - don't give a flying-rat-fuck about security or privacy.
What people like you need to learn to realize is that the only difference between a slashdotter and average consumer is knowledge of how the sausage is made.
GA is effectively dead. Millions of users are already blocking this and every other external service similar to it in existence. The result is data provided by these services is at very least incomplete.
If you want accurate figures install a stats package and parse your own web logs. It's not rocket science.
At the very least self-consistency should be demanded. Right now we have a definition of "information service" which depends on "telecommunications services" to facilitate providing the information service. By definition an information service cannot exist without telecommunications service to facilitate it.
This begs question where is the telecommunications service required to support "information service"? If you blanket assert ISPs are information services then your argument fails self-consistency.
Internet is layered sufficiently to clearly separate providing access to IP network from servers (NNTP, Gopher, WAIS, CHARGEN, WAP..etc) that offer information services over IP.
Saying an ISP can't offer both information and telecommunications services is like saying a movie theatre can't charge for admission to a movie and popcorn.
Arguing ISPs are information services because they have DNS servers is like arguing the business of movie theatres is selling popcorn not film viewing.
I personally would rather not see Title II applied to broadband or anything else.
Much better off with clean NN or meaningful legislation which actually encourages competition instead of FCC using its power to shield large providers from the burden of having to compete.
There have been more than a few school shootings where the shooter had posted shit like this and people shrugged it off as "no threat here, kinda funny." Then they cart bodies out of the classrooms while people wonder why the police didn't take action on pretty blatant warning signs. Now that people are doing their due diligence, retards like you are shouting "OVERSTEP! OVERSTEP!" There's no god damn winning here.
Reactive policy never leads to winning. It leads to local optima and overstep as opportunity costs mount.
You get better results with policy based on rational statistically significant evidence not capitulating to feelings and cowardice.
It doesn't matter whether technology is involved or not, or what their comedic intent was: stating something about wanting to go ahead with terrorism or murder is going to get the attention of authorities, and they are going to start by doing a full investigation of the threat with no smile or laughter whatsoever.
Personally I thought it was funny as shit. Don't forget to investigate Siri for her supporting role in the conspiracy.
Having to grow up around paranoid, cowardly excessively serious adults who should know better.
Google doesn't hold a monopoly on search. Not within the US anyways.
Was just browsing yesterday's logs. 1400 hits from Google followed by 100 from Baidu of all things then Bing, Yandex and DDG each with about 40.
Assertion Google doesn't hold a monopoly on search is simply not a statement I care to waste my time entertaining.
This is why the world is far better off when monopolies are simply not allowed to exist.
I'm not sure I'd go THAT far with that ideology -- the answer isn't that clear cut IMHO. I'm going to play Devil's Advocate for a minute:
Governments have a monopoly on creating and enforcing Laws and Money.
My remarks were in the context of commercial endeavors. It's quite a stretch to even attempt to apply the term to governance. I'm quite comfortable with my anti-monopoly sentiment generally.
The underlying reason for my belief is the observation power almost always corrupts the user. People are incapable of acting properly unless guided by an environment designed to reinforce good behavior.
All successful states by definition have obtained a monopoly interest on the use of violence yet inter and intra state competition depends entirely on the governance structures of states themselves. While I certainly would never see myself preferring a one world government the monopoly interest of a states authority/legitimacy over its citizens isn't actually relevant. The structure and distribution of power within the centralized structure is what matters.
Dictatorships run by kings with absolute power tend to rot from the top down.
Other structures where power is disaggregated and jealously guarded by many competing interests limit accumulation and exercise of power thereby protecting participants from themselves.
In business leadership is naturally aligned with the objective function: making money. Becoming a monopoly and leveraging yourself is the dream of all money making corporations. In effect there are no competing interests, no guarding of power... corporations are effectively one organism doing whatever they can get away with within their environment to maximize the objective function.
Do you really every Tom, Dick, and Harry creating and enforcing new Laws? I believe THAT is called Anarchy. One of the problems with Anarchy is that it doesn't scale.
No, there can be centralized things de-centralized in their governance. For example the UN and IETF are simply forums for those with power to communicate and pursuit mutually beneficial outcomes.
Having the entire world influenced by the fruits of a global effort doesn't make it a monopoly simply because consensus was achieved and everyone decided to follow the same standard.
I think part of the confusion is that Monopolies and Standards go hand in hand. That is, Monopolies, at best, provide a "de facto" standard. Is a bad standard worse then no standard? Sometimes. Sometimes not.
I have no interest in playing word games which is all these characterizations amount to. My remarks had nothing to do with "standards" and the question you raise are irrelevant. Simply put global standards can exist in the absence of monopolies.
Do you honestly believe if Mozilla had 99% market share, they wouldn't be abusing it?
EVERYONE abuses a monopoly position. This is why the world is far better off when monopolies are simply not allowed to exist.
Presently Mozilla is just a browser. They don't have a monopoly on search and operate massive content/ad service like Google does. Google is way more dangerous as they continue to exert ownership over more and more of the stack fueled by NIH ethos.
Google browser running on Google OS over Google transport (QUIC) to get to Google services and search sites hosted on Google (AMP). Some lucky few have even managed to get Google fiber and close the loop entirely.
Now they have taken control over transport protocols and as a result 1 session to Google (QUIC) consumes twice the bandwidth of sum total of 20 other sessions (TCP) to other places combined over a bandwidth constrained link because Google has intentionally tweaked congestion algorithms with twice the aggression of normal TCP so that they win.
The primary reason Google chrome malware has the market share it does is persistent scare/nag campaigns against competing browsers by those using Google.
Easy one, a solar flare takes us all back to zero.
No, for those interested:
http://www.oecd.org/governance...
There is a worst case reality based assessment starting around page 24.
Look up the Carrington event. Realize that it's not a question of if, but of when the next X-class solar flare hits the Earth.
What about the Carrington event?
The telegraph systems survived largely unscathed .. with mostly momentary outages lasting several hours at best. This was all at a time (pre Maxwell) where the world was clueless when it came to basics of electricity. Protection circuits and grounding standards were non-existent.
It will be like an EMP, but it will last for days, not milliseconds, and it will be global. If we don't prepare for it, most electrically powered equipment will be destroyed, and in consequence most humans will die.
Saying most electrically powered equipment will be destroyed has no basis in reality. There is little danger of damage to electronic equipment from solar flares. Also if it really did happen there would be advanced notice and time to take action to limit grid damage.
The power grid itself could very well be damaged with widespread outages. Equipment necessary to replace damaged components could take years to come online. Sustained lack of access to grid may well cause humans to die in large numbers... yet this is a far cry from "most electrically powered equipment will be destroyed" which is not true.
What I'm waiting for is some disgruntled employee, l337 haxor or "axis power" to push a "security" update ... think windows 10... with a time bomb that destroys hundreds of millions of computers simultaneously.
Would wipe all data then destroy the operating system. It could try and brick/corrupt any hardware containing field upgradable firmware (disk drives, NICs, GPUs, mgmt engines, keyboards, system firmwares...etc)
The current system in my view is simply too dangerous. It costs too little to fix programming mistakes and normalizing constant perpetual updates as if this is a normal and healthy exercise is an exceedingly dangerous local optima to fall into.
Likewise there is nothing wrong with field firmware updates so long as they are distributed upon boot and physically unable to persist after reboot. Current practices are simply too dangerous.
Differential privacy is a rigorous mathematical definition of privacy. ... (supporting nonsense deleted) ...
This gives a formal guarantee that individual-level information about participants in the database is not leaked.
This is getting old.
The issue isn't what is done with data stolen continuously in real-time from millions of people the issue is the theft in the first place.
If someone broken into your house and stole all of your shit... whether they donated it all to a worthwhile charity or pawned it all for crack is irrelevant.
They have quacks, anecdotes and scaremongering. Don't you think if vaccines were harmful, we would see a huge, statistically undeniable effect? But we don't. Just edge cases. That's very telling.
Don't you think if Atomic bombs really caused cancer we would see a huge, statistically undeniable effects on the populations of Hiroshima and Nagasaki?
I am an equal opportunity hater of crackpots and skeptics alike. Skeptics often confuse the threshold of detection in any reasonable campaign with evidence of no harm because after all they are skeptics and therefore used to hiding safely behind their default conclusions.
In certain cases it's easy statistically to detect even uncommon adverse reactions simply because it occurs so rarely in nature outliers are easy to spot. In other cases significant harm can remain out of scope of even well funded studies because a condition happens to be common regardless of presence of specific trigger under study. Here it takes significantly more resources to detect a harm signal in the noise of what occurs anyway.
When scientists stand in front of the public and conclude simply that they found no evidence for x without at the same time clearly communicating threshold below which conclusive detection is not possible they are doing the public a disservice.
If you believe AppleÃ(TM)s Ãoespyingà (whatever that means) decreases transaction security, please, tell us how.
It decreases security because there are more hands in the pot. Not only does the secrets comprising the underlying card still need to be guarded so does the account / device itself. More to go wrong, more opportunities for data collection and systems compromise.
The future of payment systems isn't layering one disaster (credit cards) upon another (hardware tied vendor specific proprietary payment schemes) ... the future is in systems like SWIFT's RT-RPS.
And please show proof that any Apple Pay user has ever been compromised as a result of using it.
https://www.theverge.com/2018/...
See anonymous reply. The DAN cannot be used by an aggregator to uniquely identify you. Your card number can.
If all the seller got was as you incorrectly asserted "a random card number" it would be an entirely different matter.
Equating a unique identifier sent to everyone you've ever bought anything from using Apple pay service with privacy is simply not credible. It's no different than NSA saying they only get phone numbers not names and addresses. Functionally in the age of mass re-identification it's a totally meaningless distinction.
It's a free service. Just don't use it. What the fuck is wrong with people?
They probably don't appreciate the "free service" using them without their permission even if they have never decided to use it.
Ohh wait the entire world has plenty of alternatives!
Who is Facebook's competitor? Some distributed open source Facebook clone nobody has heard of or uses? Can you name just one with any discernible market share?
Please don't bother to list job sites and messaging apps. These are NOT replacements for Facebook.
Oh look another sleazy company rummaging through millions of computers and collecting shit on all of the software everyone has installed when they don't have to then publically bragging about their exploits after the fact.
The only problem of import is ability for attackers to record login credentials due to continued use of insecure authentication algorithms.
What should be an obvious basic fact known to all I'm 100% certain will be totally lost on whoever is not furloughed and responsible for these systems.
DNS is the problem. Yes insecure DNS providing insecure pointers to insecure network addresses is the problem. It's all DNS... lock that shit down or a disaster will occur. Yep we're all really THAT stupid.
Personally I blame browser vendors for their persistent refusal to support secure authentication algorithms.
Apple Pay is more secure and private than using a credit card because the merchant receives a random card number.
Apples own documentation clearly states sellers are given the phones unique device account number.
https://support.apple.com/en-u...
Most of that rant sounds like that of someone who doesn't understand what's going on under the covers.
Including yourself apparently.
Unless you're living in the dark ages and paying with cash for everything, you're actually safer and more private with Apple Pay.
Actually what's safer is not brandishing Apple smart phone/watch in public everywhere you go. Look at me I'm carrying expensive shit. No thanks some of us have more sense than that.
https://www.linuxfoundation.or...
Linux is NOT a company.
Saying Linux is a company because companies exist that support Linux makes no sense whatsoever.
It's like saying 'Trees' are a company because tree farms exist.
Did Linux exist prior to Linux foundation? YES.
Does Linux's continued existence depend on Linux foundation? NO.
Would Linux exist if the Linux foundation didn't? YES.
Now if you really want to complain, try living without Google, Microsoft, Apple, Linux and Amazon
One of these isn't a company.
It's totally emosewa.
I don't know how they managed to do this yet the payment "app" actually still works even when battery on your phone runs dead or you *gasp* decided not to bring it with you.
The full value of each transaction is always transferred to the intended party without value needlessly being diverted to coffers of money changers.
Also transactions are inherently untraceable. If I buy something the seller can't use HSAC payment app to fingerprint me or otherwise obtain my identity so they can constantly harass me to buy more shit from them.