1016 posts • joined 4 Mar 2011
Menus that rearrange themselves based on what you've used recently are bad enough, and now they want to add an extra layer of unpredictability by taking the time of day into account? Not that having to launch things by trying to scribble with your finger was ever a good idea to start with.
It's semantics, but I don't know if I could really agree the first sentence. As I understand it, gravity is the only thing holding it in place. I mean, it bounced and came back down. That sounds like a landing to me. But I do of course agree that the situation is precarious. Doing anything rash could easily make it "jump" and even if it didn't achieve escape velocity (estimated to be 1 m/s) it might not be so lucky to land mostly right-side-up next time.
Re: Not much of a deal was it?
Presumably they were threatening him with a dozen more charges for a total of 7854 years or something of the sort. That's that's their usual tactic.
Re: So, (from down here in the antipodes)
Only by default. But from what I understand (I'm not in the UK either) some companies, especially mobile providers, are determined to make opting out as inconvenient and annoying as possible.
Did anyone catch this?
piracy websites, child pornography websites, and/or the like
I think Disney just said piracy is equivalent to child pornography. Seriously? Even if we could all agree those are both "bad" (which is in doubt), they are bad in completely different ways. Only the most fanatic free-marketeer would suggest that the main problem with child pornography is that the performers aren't bring properly compensated. In fact I think most people would agree that when it comes to CP, authenticity is directly correlated with "bad".
Re: Serious question
It does seem strangely at odds with the real name policy (although they claim they've relaxed that as well). But I guess one use case is that you post under your real name, but need to protect your location. Alternatively, Tor can also be used to bypass censorship, so people in countries where Facebook is banned might possibly find it useful.
Re: custom .onion address?
It's a little scary actually. But yeah they brute forced the whole thing. I doubt they were specifically aiming for the corewwwi part though. More likely what they did was generate tons of these, and filter for facebook<words>.onion and then have a human look over the results to pick one that kinda made sense.
Still, it's an impressive achievement, and it probably means the 16 character addresses won't be good enough all that much longer.
Let me see if I understand that right. The bug is it could create symlinks and then follow those symlinks so it would actually be writing outside the intended target directory. Is that accurate?
Also, it doesn't sound like it's exactly fixed. All they did was turn off creating symlinks by default. So if you ever actually needed that and turned it on you'd still be vulnerable.
Re: I thought April 1st came early
All they're doing is scanning public tweets. I don't see how it could be illegal. It's just creepy as heck.
Re: Love the article
If you only run a relay node (not an exit node) the chance of getting a knock at your door is pretty much zero. It has never happened as far as I'm aware. (Obviously I'm assuming you don't live in China, that wouldn't be a a different situation.)
You do risk getting blocked from certain websites though, since apparently they can't be bothered to distinguish between exit and relay nodes despite the Tor Project publishing a list of which is which.
I don't think the author is particularly well informed, especially with regard to terminology. Starting with the (admittedly trivial) fact that Tor is a name, and properly capitalized as such, despite its acronymic origins.
But more importantly, exit node has a specific meaning, and it most definitely doesn't refer to "every user". It's also 100% incorrect that everyone using Tor automatically shares bandwidth, either as an exit node (i.e. a gateway to the normal internet) or otherwise. You have to specifically turn on sharing if you want to help out.
The article seems confused about the JS exploit incident too. The exploit was specifically inserted in hidden service websites hosted by Freedom Hosting (which incidentally included legitimate sites like webmail service). So I'm not sure in what sense it could be "not aimed at Freedom Hosting". And then in the second paragraph down it starts talking about exit nodes again, when hidden services like these don't use exit nodes.
Re: Never ever trusted TOR enough to use it
You can also use https to theoretically get protection for the last step, but of course that has been proven repeatedly to be imperfect.
It's not that having ads is so terrible. I don't feel like a product when I visit The Register, for instance. The key words are "ad-driven". There's a difference between making a great site and displaying ads, and making a great site for displaying ads.
"You can hear the roar of a space shuttle launch or Neil Armstrong's 'one small step for man, one giant leap for mankind' every time you get a phone call," the agency said.
Did they really? I thought they still maintained he said the more logical "for a man", even if you can't hear it.
Re: Could this be sent over email?
Yes it's possible to install a .apk sent through email (if you turn off the restriction to install only for Google). But it doesn't sound like just clicking on the image would do anything, although it wasn't totally clear. It sounds like you need a "helper" evil app already installed for the code embedded in the image to do anything.
While it's a legitimate problem, I'd really like to hear how they define it. It would be very easy to write this in a way that covers non-malicious actions. If someone sends you an explicit selfie and you share without permission, that's inconsiderate and uncouth, but it doesn't on its own mean you're trying to get revenge. You might just think it's a nice picture.
Re: Looking the wrong way...
I do remember hearing it put forward that sending fat astronauts was actually the most logical choice. Basically what you do is put them on a diet after liftoff. The amount of food they're not eating during the mission more than makes up for their weight at the start because fat is a more efficient way to store energy than food.
Re: Honestly confused
Because Whisper pushes itself as a privacy app. Duh.
You won't hear people complaining that Whisper's search function is crappy (Is it? Does it even have one? I have no idea. It's just an example.) But if Google suddenly stopped being able to find relevant content it would be a pretty big deal.
Others thought that compulsion would put people off. Others challenged this, saying that you could make that argument against teaching anything.
That doesn't prove it's wrong.
Re: Good idea, but how well does it hold up in practice?
You're making the assumption that the people who post passwords on pastebin are making any effort to hide them at all. I don't think that's generally the case. If they wanted it to stay secret they wouldn't put it on pastebin in the first place.
Rather they probably fall into one of two categories:
People who people who stole passwords for the lulz, dubious glory, or to give a certain company a black eye and wish to publicly display their trophy.
More serious cybercriminals who steal a bunch of passwords and post a fraction to prove they've got the goods before trying to sell the rest.
To some extent it's probably true the the FBI does go through the proper court channels when they want access to something, they are after all law enforcement, not a spy agency. But if their job has become harder it's only as a result of the misdeeds of their friends at the NSA. So here's an idea, FBI guys: Why don't you investigate the NSA? Get their unconstitutional bulk surveillance programs shut down and people will presumably relax about security again.
1. I thought this BS ended like a decade ago.
2. Open source your crypto. Sell your product with whatever weak encryption the government allows but design it to accept strong encryption as a plug-in
Wait, why does she want my country to... oh.
I was briefly confused until I realized that was a just shouty "us" not "U.S."
Since they skipped Win9, won't that make this IE13?
A Beautiful War
I wondered what it was supposed to mean. It could just be a misspelling of bellow, but apparently it could also mean "beautiful" or "war", depending on what language they're speaking. All of the above seem strangely apt.
I'm not at all convinced one vague paragraph in the EULA covers that level of spying. It only it says "communicate with Adobe", it doesn't say anything about the content of that communication. Or even hint that it collects or reports data on your reading habits. I think a reasonable person would understand that paragraph to mean it only sends as much information as needed for one of the purposes mentioned. So reporting individual pages or reading time is totally unexpected behavior except in the (highly unlikely) event the particular book you're reading had a license where that mattered. And it shouldn't report anything at all on DRM-free eBooks.
And that's without getting into the allegations that it sends data on books you're not even reading with it or fact that sending it unencrypted is inexcusable. You'd think even from an evil corporate perspective they'd want this encrypted in transit.
That 1988 law actually sounds fairly suitable. Revenge porn is indecent and has intent to cause distress. But if anything, the 2003 law tends to undermine that by banning all 'indecent' messages. If Alice sends Bob a naked selfie, either that's a crime, or it's not a crime when Bob posts it online. It sounds like they're trying for some wiggle room by talkijg about considering the "whole message", but if the photo is simply passed on with minimal commentary, I don't see how that will help.
1.3 billion tonnes
Sounds like alot, but the moon already weighs 50 billion times that much. I doubt we'd even notice. No one expects real science in typical sci-fi, but this is the kind of detail they could have so easily looked up, like I just did. It shows a total lack of caring.
Another way to put that figure in perspective (of some strange sort) is that Earth itself has lost more mass than that due to escaping hydrogen since dogs were domesticated.
Speaking of keyboard "shortcuts", it amazes me how many people pick up the mouse to click "Go", "Search" or whatever after typing a query instead of just pressing Enter. Even on URL bars where the button is tiny little thing the UI designers obviously weren't expecting to see much use.
That does sound notably less horrible. Perhaps the biggest remaining problem is that if TIFKAM apps are supposed to be so great, there needs to be a way to install them without going through Microsoft or begging for their permission and still having to do a bunch of intentionally user-unfriendly fiddling.
Didn't the FBI just arrest a a guy for selling something very similar?
Still got the fish oil, though? I'll pass.
Even if they could be trusted to obey the law, what he's saying is totally unreasonable. "law enforcement needs to be able to take every legally available step". In other words, if it's legal, we must also make it possible. Would it be legal to remotely disable a suspected kidnapper's car? I'm sure it would. Therefore every car must have a remote killswitch.
What is this? I've never heard of it before. Nor can I find anything on the web to suggest it's a real organization. It sounds like something that was made up solely for the purpose of advancing the anti-privacy agenda.
Re: Separate Browsers
For even better protection, I don't use Facebook on a any browser or on any mobile device.
That would be a total disaster for bitcoin. But people have good reason to think it won't happen. Even worse, and possibly more likely since it's newer technology would be someone finding a way to break the epileptic curve encryption used to prove ownership of each address.
Re: My token of choice is bitcoin thanks.
I don't think Bitcoin is necessarily the answer, but it does offer something no other popular payment system has. It requires each transaction, including the amount and the payee to be digitally signed by the payer. It seems to me something similar is the ultimate goal we should be working towards for secure payment. There also needs to be a way to make sure a transaction signature can't be used twice. Bitcoins handles that with the blockchain, but it could also be done with either a random number that must be unique, or even a sequential number like checks (cheques) have. A time stamp or expiration date (again, like checks have) would also be a good idea. All of that should be cryptographically signed by the payer.
If eBay does away with the near obligation to use PayPal I will actually consider shopping there again.
You just want to see fanbois getting poisoned by their phones, don't you?
All I need to know:
If they have to coerce, trick or bribe people to use it, it must not be very tempting in its own right.
Re: Cheap rubber
Probably because it's actually expensive rubber. Cheap products are happy the leave the finish in ordinary plastic. But high end products use some kind of fancy rubber, which, I must admit, feels very nice to hold when it's new.
Re: Heat Shrink Tubinng
Or in keeping with the theme of this article, perhaps bondage tape would do the job.
Re: Damaged without authorization...
I was confused by that part as well. 18 U.S.C. § 1030(a)(5) relates leaks that could be "used to the injury of the United States, or to the advantage of any foreign nation", but what's this talk about damaged computers in five or more districts? They must have had something specific in mind when they wrote that, but I can't really make sense of it.
The only thing that comes to mind is perhaps they're talking about a botnet. But if so they're deliberately being very obscure about it.
I thought this was well known. I knew it anyway. I'm sure you could have simply got in touch with the Bitcoin Foundation to verify it rather than using this strange "allegation" phrasing.
Tor isn't a browser...
I'm guessing the source of the confusion is the difference between surfing through Tor and running a Tor exit node. Doing the latter on your home internet connection really isn't a great idea. I did it that for a while a long time ago, but thought better of it after getting my IP address banned on a whole bunch of sites.
That's what "temporarily allow all this page" is for. (Assuming you're using NoScript). Although it looks like you actually only need to allow one domain, albeit a big one: google.com
I'm afraid I don't understand the purpose of this. Is it just for use when you have access to an 802.11 network but no cellular (which seems like an unusual situation) or does it save you minutes if you have a non-unlimited voice plan? Or what?
You mean you have to PAY for the privilege of having your nude selfies stolen? I'd assumed that feature came free with the phone.
Re: I'm conflicted
I just looked at a list of file types it goes after, and mp3 doesn't seem to be on the list, but zip, rar and 7z are. So if you've happened to download something in one of those formats and left the packed file sitting around you could simply download it again to get your cleartext. Or maybe you emailed a big docx to someone recently. Chances are you can retrieve it from your mail server, or failing that ask the recipient to mail it back.
It does target a wide variety of files so I'd bet that the vast majority of people do have something on their disks in one of those formats which is duplicated elsewhere, even without making an intentional backup.
- Product round-up Too 4K-ing expensive? Five full HD laptops for work and play
- Review We have a winner! Fresh Linux Mint 17.1 – hands down the best
- Vid Antarctic ice THICKER than first feared – penguin-bot boffins
- 'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
- You stupid BRICK! PCs running Avast AV can't handle Windows fixes