Sorry, looks like I picked the wrong week to give up Airplane gags.
347 posts • joined 12 Aug 2009
Sorry, looks like I picked the wrong week to give up Airplane gags.
Have you ever used an open WiFi access point? On an insecure, shared, WiFi network, it is trivial to modify plain HTTP traffic to serve up porn, ads, or exploits which install malware on computers.
Do you absolutely trust your ISP? Do you absolutely trust every employee at your ISP? Your ISP can see *everything* you do in plain HTTP. And, like the above WiFi situation, your ISP (and any technical employee thereof) is in the perfect man-in-the-middle position to modify all of your insecure traffic - with or without official blessing of the company.
So then tell me: Why should we *not* secure websites?
Think I'll wait...For those cheap aluminium batteries we were talking about a couple of weeks ago.
I'm still waiting for those cheap batteries we were talking about last year. And the year before, and the one before that, and the one before that, and... pretty much every year this century.
So I wouldn't hold your breath.
What about the multinationals that have info in several jurisdictions, and find they can't move data between them? They'll head for the places with the lightest regulation, as always, and the jobs will follow them.
Unless you're also suggesting that all the customers will also abandon the EU; reducing Europe to a depopulated wilderness of hunter-gatherer communities; then there will still be demand for these services in the EU, which means money to be made.
If the large multinationals don't want to obey the law to get some of that money, then I'm sure there will be some local companies to fill the void, and "create jobs" - probably more (and more varied) jobs than the large multinationals would have needed.
Which appears to be the point.
I thought this was going to be a story about Microsoft contributing to the free-software community. But that VMM screenshot sure doesn't look like the VMM that I'm used to.
I guess Red Hat really are the Microsoft of Linux. At least when it comes to naming software.
The argument here is that only real human beings can actually pay taxes. Alternatively, any and all taxes mean that the wallet of some live human being gets lighter. There ain't anyone else here but us, after all. So, we can charge taxes to legal persons (corporations) but it's always some real person (ie, human) who really pays it.
Is that not entirely tautological? The only reason that only real human beings are the only ones who pay tax, is because you've already declared that only real human beings pay tax.
One could take it from the opposite perspective: Most real human beings get their money from corporations, and give their money to corporations. So whenever we levy any tax on real human beings, "lightening their wallets", it's really the corporations that are having to pay that tax; through higher wages, lower margins, etc.
I'm not sure it's at all productive, or even sensible, to declare that one group or another is "really" the one who pays all the bills; not in the massively interconnected and interdependent economies we have.
The moment Google starts screwing over us consumers then we'll bugger off elsewhere.
That's only true if the consumer is informed that they're being screwed over. Who's going to do that? Google?
The obviousness and novelty of patents are judged, not by the patent's abstract (its introduction/summary), nor on media reports of that abstract, nor on commentards' interpretation of media reports of that abstract; but on the actual independent claims identified in the patent application.
Few people, even those who should (ie. media reporting on the patents), bother to actually read the most important parts of patents before criticising their obviousness.
“We are disappointed by the position taken by these tech firms and it only adds to our problems in getting to the communications of the most dangerous people that are abusing the internet,” he said.
Surely the NSA/GCHQ/etc. should have all their own communications on internal servers, so why would they have problems getting to them?
Installing taps on Internet backbones = abusing the internet.
Sending encrypted communications = using the internet.
1. Watchdog raises issues with corporation
2. Corporation makes changes to satisfy watchdog
It was a vaguely interesting idea but, at this point, with Microsoft's announcement of Hololens and Google's own significant investment in Magic Leap, it's very unlikely that Glass will ever see light again
Why do people insist on comparing Glass to VR and AR headsets? Can people really not see any further than "it sits on your face therefore must be the same"?
Glass' closest equivalents - in terms of actual functionality for the general consumer - are actually smart watches.
For Industrial and medical uses (eg. use during surgery), however, Glass has no equivalent AFAIK.
Faulty input validation is one thing, and the most obvious that people pick up on, but I can't help feeling that this occurred entirely because of a fundamental wtf in the API design:
It introduces path traversal making attacker’s job much easier - you only need to type '../sms' to turn /verify API call into /sms (/verify/../sms/authy_id) which will always return 200 status and will bypass 2FA,
So they appear to be using an HTTP-based API. In the HTTP protocol there are explicit places for communicating user-supplied variables - in the query string or POST body. So why, for the love of Tim, are they putting the (user-supplied) verification code in the request path?
That's just.... no.
It's about trying to keep a competitive market for services on the Internet.
If ISPs zero-rate particular services, then the ISPs are slanting competition toward their preferred winners, rather than the end users choosing the better service.
Also, if the ISPs let anyone zero-rate, but require payment for it, then established players get (yet another) advantage over any innovative new start-ups - who may not have the cashflow to be able to afford zero-rating their service on every major ISP on the planet.
Don't call them "trolls" like it's some new phenomenon that appeared with the interwebs (and therefore we need new laws to deal with it, goes the reasoning). Such people have been engaging in this kind of behaviour since time began, so call it what it is:
The US biz said in 2012 it would be working to get users over to Hangouts – which supports modern stuff like video conferencing.
You could do video conferencing using XMPP (Jingle) since well before Hangouts were ever a thing. IIRC Google even added support for it to Google Talk.
Why on $DIETY's Earth would they want a random link button?
On a large complicated project, sometimes writing a silly little feature that is mildly entertaining, but serves no real purpose, is the only thing which can keep a developer sane. For a while, at least.
I always thought his defence was going to be along the lines of: "Ulbricht sometimes had access the account identified as DPR, but so did several other people over the course of time, and it was not Ulbricht who performed any illegal acts using that identity."
Though I wasn't there, so I don't actually know how much evidence the prosecution was able to provide identifying Ulbricht as DPR (and the only DPR) at the time that the offences took place.
I wonder if "my lawyer was crap" is a valid basis for appeal?
<font face="Comic Sans MS" size="16" color="hotpink" >Me too!</font>
"~-,._.,-~"~-,._.,-~"~- Raumkraut -~"~-,._.,-~"~-,._.,-~"~-
Posted by Stuart Longland on 8 Jan 2015:
> Especially when said legalese tells the world + sundry that the email may contain "confidential" information and was sent to a publicly-archived mailing list! It seems to be the corporate fashion these days, as is HTML in email.
> I noticed recently my email signature started to show a long legalese blurb, and it was the first thing to go. I participate on far too many publicly archived mailing lists as part of my day-to-day job to have this hindrance to communication.
> I'm also the office Luddite with plain-text emails.
> A few reasons why legal disclaimers should not be placed in email signatures:
> - They are too long to fit in an email signature, which should be approximately 4 lines long, 6 at an ABSOLUTE maximum
> - The content often presumes facts about the email and its intended audience which mostly wind up not being the case or places restrictions which are not appropriate for the intended audience
> - They appear AFTER the email content, so it's only when you get to the footer do you realise "Oops, I shouldn't have been reading that!"
> Due to the last two points, I would suspect they have next to no legal value. Pretty sure for a legal document to stand, the person has to see it and agree to it first before it becomes binding.
> Moreover, email is inherently plain-text unless you've taken steps to ensure privacy (e.g. using industry-standard tools like S/MIME or OpenPGP). Unless you do this, I think it unreasonable to assume any kind of confidentiality over email.
Yep, this sounds like yet another WebRTC implementation. I hear about a new "secure video chat" service about every other week these days. Even Mozilla baked one into the Firefox browser itself. I thought that I might get a break over chrimbo, but apparently Herr Dotcom needed his dose of publicity this week.
The problem with the current crop of WebRTC clients is that, while the conversations are direct between clients in a p2p manner, they need a centralised server (website) to provide the routing of calls (aka call metadata), by virtue of the web browser security model.
The most interesting project to me in this space is Tox which, while still being in a rapidly-developing alpha stage, appears to be well functional for text/voice/video chat.
Well, https doesn't encrypt URLs, for one thing. So a snooper can see (the URL of) all pages you visit using https, even if they can't see the content.
Incorrect. HTTPS doesn't shield the destination server (domain/ip address) you connect to, but everything more specific than that is indeed encrypted - including any URLs you request on that server.
There are not only 2 states.
Chrome has: 1) A green bar for EV-certs, 2) A green lock for a valid cert, 3) A red strike through the "https" when the security is flawed, 4) No indicator for completely insecure sites
Firefox has: 1) A green bar for EV-certs, 2) A green lock and owner info for a valid cert, 3) A big stonking warning page when the security is flawed, 4) No indicator for completely insecure sites
Without any indicator in the case of 4, the effect is to imply that a complete absence of security is better than partial security (eg. no authentication, but protection from passive interference).
AFAICT, this proposal for Chrome is to treat 4 in a similar manner to 3. This appears sensible to me.
A broken HTTPS, i.e. something like a MITM or other attack, should set off alarm bells even in the brains of a clueless surfer, but it won't if it shares the same indication as half the sites he browses!
The problem is that it is impossible for the user to know whether there is a MITM if they're not using HTTPS. This proposal is to stop naively acting like HTTP is somehow magically a better environment than, for example, a site which uses a self-signed cert.
Google's engineers are idiots living in their ivory tower, not understanding that not everyone is an ubergeek who implicitly understands this stuff.
So because some people can't be helped, we should throw everyone else under the bus? There is a wide swath of people between "ubergeek" (who don't need this warning to understand) and "dufus"; and some of those people are capable of understanding, if they're given the right cues.
They think they're being clever and will encourage site owners to switch to HTTPS, but there's no point for a lot of sites to ever do so.
If a site doesn't want to prevent MITM attackers injecting malware into requests to their website (among other things) then sure, there's no point.
The vast majority of web content has zero security relevance. Who [i]cares[/i] if that cat picture is sent securely?
Do you like your web traffic to have ISP-injected advertising added to it?
Do you enjoy having your ISP add uniquely-identifying tokens to every page request?
Do you enjoy not knowing whether that file you just downloaded from $reputable_site has been tampered with?
Do you like receiving web pages which could be trivially rewritten to directly contain malware?
I don't. That's why I prefer the authentication and privacy offered by TLS.
And when we do "finally come to realise" that, what do you think will follow?
If this decision goes "against" Microsoft, et al, I think that what will follow will be a series of large multinational corporations splitting some of their operations and services into multiple individual national-level companies, rather than everything being directly owned by a single parent entity.
For the governments, it would reduce the ability of companies to "avoid" taxes, or other local laws, whenever it suited them.
For the corporations, they'd get a single, known, legal jurisdiction to deal with; and generally much smaller market variation to tailor their product to. They'd also, in theory, have more autonomy from "head office", and freedom to choose business partners (local laws permitting).
For the customer, we'd effectively get more competition between companies and legal jurisdictions; with the customer deciding which jurisdiction is best for them, and not the corporations deciding for everyone purely for their own financial gain.
I, for one, welcome our new federated corporate overlords.
Class-action suits aren't about getting the plaintiffs rich, they're about punishing corporate activity which illegally harms the consumer. Of course lawyers get rich in the process, but they do that whatever the case, so that's neither here nor there.
The interesting (and often most questionable) part IMO is what will become of the portion of the inevitable settlement which remains unclaimed by class members (which is usually most of it).
I think the thing with "female ejaculation" is that it looks very much (to law-makers) like urination, which is a big(ger) no-no (for some reason). Particularly in porn, they tend to squirt a lot of water into the woman beforehand, so to amplify the visual effect, but this also raises the similarity to peeing. Or so I hear.
It's the banning of "abusive language" I really don't get. I'm sure people hear worse things on TV all the time.
> Just to add to that; you're four times as likely to be killed by a lightning strike than by an act of terrorism.
> something less likely to kill us than choking on a peanut
> There have been far more citizens of this country forced into despair and suicide by benefit 'sanctions' than there have been people killed by terrorism.
> The ONS statistics show no deaths from any terrorism-related cause in the UK in 2013.
And yet you all still doubt the worthiness of the resources spent on anti-terror measures. What better evidence can there be of their efficacy?
Telefonica are behind Tokbox, which IIRC is the back-end system which powers Firefox Hello.
Now I'm not usually one to bash Firefox or Mozilla (I use a FxOS phone, FFS!), but IMO this is a stupid thing for Mozilla to embed directly in the web browser. It's effectively siding with one particular WebRTC service provider, and directly competing with all the other providers out there - providers which rely on Mozilla to remain neutral (at least technologically). Unless Telefonica came to them with a big bag of money, I really don't understand what they were thinking.
Not to mention that the feature may well suddenly stop working at some point in the future, once the business deal has run its course.
While it may be a misunderstanding that led to people targeting Target US, it is not necessarily a futile gesture if Target Aus licenses the brand from Target US (or from the same licensor if Target US is also a franchise).
The licensor of the shared Target brand should well take an interest in what license-holders do with that brand, and they could certainly threaten to withdraw (or at least not renew) the franchisee's ability to use the Target brand name, if they strongly disagreed with a decision.
So Google deletes all references to RaumKraut on their servers. Their spider finds the offensive web page with your name in it again, and because all instructions to the contrary have been deleted, it puts an entry in Google's index linking your name to the web page you do not like.
That's a fair retort to my explanation (which I guess in future I'll have to amend), but it doesn't change the essence of what Google are required to do by law. If the information was deemed - by Google - to be irrelevant, then the act of spidering it again won't change that relevance.
All those who think the 'right to be forgotten laws' are a good idea,
FWIW, there are no "right to be forgotten laws". These are data protection laws.
...point your browser's search box at google.eu
Everyone else use google.com or duckduckgo.com or baidu, bing, ¡Yahoo!, AOL, ask, wow, webcrawler, infospace, blekko, contenko, dogpile, alhea, ...
Yet, in fact, people using those search engines/domains which ignore these requests will see worse search results, because the only results removed due to this legislation should be incorrect or irrelevant.
The offensive material is not on a website controlled or owned by Google. They cannot delete it. What they are required to do is not show links to particular web pages when someone in the EU does a web search for a particular name.
No. While that is the narrative which seems to be encouraged by Google, it is factually incorrect.
The data in question is exactly on Google's website, because the data in question is the association (stored and displayed by Google) between a person's name and a particular third-party website. The third-party website itself might be entirely truthful and accurate, but the association made by Google is no longer relevant to searches performed today..
It's possible to see this working out in two different ways. Google might decide to simply scrub the offending pieces from the entire index. Or it might try some form of geo-location decisions on where the engine is being accessed from.
No. Only the first option would fulfil the requirement of the law. The issue isn't just about what gets shown to users. The issue is that Google continues to retain the information at all.
This is about data protection. Google have data on people (the associations between names and.search results). Those people, by right, can ask that that Google remove irrelevant and/or incorrect parts of that data. Google have a legal responsibility to delete that data where it is irrelevant and/or incorrect. Not "hide" or "censor"; delete.
Kate and Geany are both good ATEs. I used Kate when KDE was in the 3.x days, then Geany in the time between KDE 4.x being adopted and it becoming stable enough, and now I'm back to Kate - though ever wavering.
I use Kate day-to-day, but if asked for a recommendation I'd probably say Geany is the better of the two. Kate seems to have a lot more niggles and irritating bugs which I hit. I feel that Geany behaves more like what most people would expect (ctrl+tabbing between recent documents is only a recent addition to Kate!).
Honestly, the only things keeping me with Kate at the moment are how the "Documents" side-pane works (Geany has functionality close, but not close enough), and the MiniMap/DocumentMap which can replace the scrollbar (one mailing list post I saw says it'd be "trivial" to implement in Geany, yet nobody has done it yet).
One thing Geany does much better than Kate IME is indentation. I've had nothing but pain with how Kate handles indentation (particularly, its complete lack of automatic detection).
If the goods are a 1-1 copy of an original product, then it is counterfeit.
If someone manufactures a physical good which is identical to another product, there's nothing implicitly against the law about that AFAIK. If the recreation is represented as being an original - and not a replica - then it could be labelled as "counterfeit". What they're actually liable for depends on how they mis-represent the item:
* If they use a brand name - as part of the design, marketing, etc. - they could be liable for trademark infringement.
* If they use a brand logo, or a close approximation - as part of the design, marketing, etc. - then they could be liable for both copyright infringement (of the logo) and trademark infringement (of the logo specifically, and brand in general).
Additionally, even without the copyright/trademark aspect, a replica product could still infringe any (design/functional) patents which may apply to the product.
On the specific note, the crossguard is naff. ... have the 'light' part substituting for the part you hit people with, which makes sense. A guard is an odd choice here.
Not really. AIUI, the point of a crossguard is to protect the wielder from the opposition's blade "sliding" down their own, and lopping their hand or arm off. Since pretty much the only thing which can stop a lightsaber is another lightsaber, then you couldn't really make a functional crossguard out of anything else.
That said, the plain crossguard seen in the clip I would more expect from a Jedi, since its role is going to be mostly defensive. I would expect a Sith to have a more upturned guard, which would be more suited to an aggressive role of trapping the opponent's lightsaber, and wrenching it from their grip - disarming the opponent for an easier kill.
But yes, it does feel a bit naff.
If they want to operate in the EU, and shuttle a great deal of their money through the EU, then they need to play by EU rules.
The option to exit the EU market is always open to them, if they decide the rules are too onerous.
So if the obligations already apply to websites, such content should be dealt with by issuing a request to the publisher themselves to take down the offending content.
This is exactly what is being done, since the search listing is the content in question.
It's not a question of the information being available on other sites, and it never has been. It's a question of what Google, and other search engines, show on their own websites.
What I suspect Facebook's leeches *meant*, from my position of almost complete ignorance of the case, is that there is no evidence that the 25,000+ plaintiffs are, or ever have been, actual Facebook users.
Is/was there required any proof that one was a Facebook user, when signing up to be a plaintiff? The simplest way would probably be to have them sign up with their Facebook account...
I was fully prepared for another tiresome climate-scientist-bashing article from Ol' Reg, but what I got instead was a proper report of an interesting scientific survey.
I wonder how long it will be before the/an English language ditches the initial "e" on "experimental", etc. so all these acronyms start making logical sense.
And for those wondering what the actual IXV space-plane looks like, I found this: http://www.esa.int/About_Us/ESTEC/Last_chance_to_see_ESA_s_spaceplane
With great freedom comes great personal responsibility.
Just wait a little while and you might be able to pick up one of the good ones that GTAT's creditors will force them to sell off.
If you get there before Apple snap them all up for a song, that is.
Alas, it seems you've drunk the Google Koolaid. The point is not that the information is available on the internet. The point is that Google are making certain assertions about people, by virtue of search result rankings for peoples' names.
If you search Google for "viagra", you expect to get the most relevant results about the drug, not one hundred billion linkspam sites.
If you search Google for one "Horatio Hornswaggle", virtuoso Xylophone player, you expect to get the most relevant results about that person; which perhaps doesn't include their 1st grade homework, nor a "drunk and disorderly" conviction from 20 years ago.
The key phrase is "most relevant results". Google are still claiming this to be a censorship issue, thereby bringing up the region-locking and "OMG CHINA" bogeymen. What they should be doing is saying "thank you for the additional source of relevancy data, we have updated our search algorithms to provide even better search results".
Because that's effectively what this is all about: improving the relevancy of Google's search results.
To put this in perspective this is a lower rate of being subject to bullying and cyber-bullying than average.
The "one in four" is only counting homophobic bullying, so the remainder of the bullied gay young people probably just get it exclusively for other reasons instead (for being poor, rich, tall, short, fat, thin, etc.).
But it does somewhat depend on the definition of "homophobic" bullying used. If being called a "faggot" counts, then given some of the environments young people are likely expose themselves to on the Internet, I'd expect one in four heterosexual young people experience homophobic bullying as well.
Cryptography is a complete waste of time if you have any closed-source software on your computer
If the closed-source (or open-source) software on your computer is compromised/malware, then that malicious party could get access to your data, indeed. But if you don't use cryptography, then anyone could get access to your data.
So a bunch of proprietary-software companies decide to set up an open-source software organisation, but they apparently didn't think to invite any of the already established Free/Open-source software organisations?
Yeah, call me sceptical.
What exactly was the problem with hosting these videos? Unless such content is highlighted by Twitch on the main page or something, people have to actively go out and seek these streams. So surely the sensible answer would be for Twitch not to highlight such streams, and have people who want to see them go find them specifically.
But instead we get the moral police waving their truncheons.
Norway’s biggest ISP, Telenor, was keen to improve the quality of its OTT video service, and offered a commercial rates direct connection, said Layton...
“Telenor said ‘send it direct to us and customers will get a better experience’, but the US company said it preferred direct connection,” said Layton.
Telenor offered a direct connection, but Netflix refused because they wanted a direct connection?
Going OTT lets CBS simultaneously cut out the middleman and hold him to ransom. That is: it can bypass the cablecos, ISPs and satellite companies by going straight to any consumer with an adequate internet connection, while also using that threat as a hammer to beat them down in contract negotiations.
You can't bypass the ISPs, if you rely on your customer's ISP to deliver your content.
"That's a nice content delivery platform you have there, Mister CBS. Would be a shame if it were to get... congested."