×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

The Sony Pictures Hack Was Even Worse Than Everyone Thought

Aaden42 Re:Can't avoid medical records (528 comments)

And one of the more out of shape folks lands wrong and blows out a knee, or runs too much and drops of a heart attack, or... The opportunities to get sued are practically limitless with such a thing. My own employer gave up on the idea a few years before I came on when somebody ended up with a compound fracture in their leg as part of a friendly basketball game. Ran, fell, landed wrong, bones sticking out of torn muscle, not a good day for anyone...

If there was any chance of benefit from a once-a-week thing, maybe it’d be worth it, but someone who habitually overeats and is significantly overweight isn’t going to see that “exercising can actually be fun” from a half-assed sportsball game once a week. They’ll see that exercising makes them hurt and sweaty and out of breath and oh-by-the-way they worked out, so they “earned” a “treat” after work which puts them an extra 1000kcal over their BMR for the day, and they get bigger as a result

You can’t outrun a bad diet. Encouraging someone to exercise without convincing them to also bring their intake inline and preferably below their maintenance calorie level is more likely to injure them, turn them even more off on the idea of exercise, and make them fatter.

Unfortunately an employer can’t realistically convince anyone to change their eating habits. Even if anyone would listen, the idea of my employer being able to say, “Put down the extra slice of pizza, or you’re fired,” isn’t something I’d like nor respond well to. For most people, even their closest friends and family can’t convince them.

It takes a personal moment of clarity, and for some people that never comes. Mine came after seeing a friend who was always about my size drop half is body weight over a couple of years between seeing him. It was the kick in the ass I needed. If he could do it, maybe I could too. 180lbs down, maybe another 70-80 to go...

about two weeks ago
top

New Effort To Grant Legal Rights To Chimpanzees Fails

Aaden42 Re:Free from captivity... for how long? (341 comments)

Zoos are generally a bit more lacking in the roof, heat, and running water department, though I’ve yet to hear a chimp complain about any of that.

about two weeks ago
top

New Effort To Grant Legal Rights To Chimpanzees Fails

Aaden42 Re:Free from captivity... for how long? (341 comments)

Even strict liability offenses aren’t generally chargeable against otherwise normal children who lack the reasoning to understand they committed a crime. I think the most generous figure I’ve read compared chimp intelligence to that of a human five-year old (and that was challenged as an over simplification and they’re really not equivalent to a kindergartener at all).

You wouldn’t charge a five-year old with disturbing the peace for throwing a tantrum in public. (The fact that I’d occasionally like to se the parents charged for it has nothing to do with this discussion...)

about two weeks ago
top

New Effort To Grant Legal Rights To Chimpanzees Fails

Aaden42 Re:Free from captivity... for how long? (341 comments)

If it came to that, you’d have to appoint an attorney to stand for the critter’s interests who would argue diminished capacity and no ability for form mens rea.

So at best, they’re arguing for defining chimps as mentally challenged persons. I think we have enough mentally challenged persons as it is, several of whom can no doubt be found on one end of the ‘versus’ in this court case...

about two weeks ago
top

Lessons Learned From Google's Green Energy Bust

Aaden42 Re:Simple (222 comments)

That should be long enough for the sun to go red giant, no? I think we’ll have plenty of deuterium on Earth after that...

about a month ago
top

UK Hotel Adds Hefty Charge For Bad Reviews Online

Aaden42 Re: Ask the credit card for a refund (307 comments)

Start with http://consumerist.com/

It’s a big jump to communism for a couple of lousy hotels. Shame them into better behavior or out of business. Either way, the market’s working properly in this case.

about a month ago
top

US Gov't Issues Alert About iOS "Masque Attack" Threat

Aaden42 Re:I don't get it... (98 comments)

But we don’t have Steve Jobs to tell us that we’re doing it wrong!

He did tell you. He was against the Enterprise provisioning system from day one. I can only assume it was because it would make attacks like this possible. The other ways of running non-Apple signed code are all per-device limited (you need an Apple-signed profile with each device’s UDID in it, max of 100 devices). Enterprise provisioning allows running on unlimited devices without needing to know the UDID’s in advance.

about a month ago
top

US Gov't Issues Alert About iOS "Masque Attack" Threat

Aaden42 Re:I don't get it... (98 comments)

You also have to enter your phone’s unlock code (assuming you set one) to install the provisioning profile.

I’d have a *tiny* amount of concern if it was tap-tap-tap-pwn3d, but it’s not something anyone could realistically do accidentally. Do without realizing the impact of it yes, but not “tap the wrong thing and you’re dead”.

At the point that you’re keying in your phone’s password (something you’d never do when installing a normal Apple app store app, unless your iTunes account & phone use the same password, in which case WTF???), you have to be pretty willfully ignorant OR dead set on installing some l33t p1r4t3 w4r3z to go though all those hoops. If the former, seriously, get a clue. If your das compüterbox is asking you to do something it’s never asked you to do before and you have no idea why, STOP and ask a grown up FFS! (If the latter, enjoy your malware. You earned it!)

As much as I hate to admit it, this thing actually validates Apple’s original stance that users can’t handle side-loading intelligently. Before the enterprise provisioning program was created, this attack would have been impossible. The only way to run non-Apple signed code would have been with a developer profile which requires each individual phone UDID to be encoded in it with an Apple-imposed maximum of 100 devices. Enterprise provisioning profiles are pretty much exactly equivalent to Android side-loading.

This is why we can’t have nice things...

about a month ago
top

WireLurker Mac OS X Malware Found, Shut Down

Aaden42 Re:Now (59 comments)

RTFA, please. This didn’t require jailbreaking to infect the phone.

Infection process:

1) Download pirate-friendly AppStore app for your Mac.
2) Download & run one of the trojaned, probably pirated apps on your Mac.
3) Plug in your phone.
4) Accept the prompt to install an enterprise provisioning profile, enter your device’s unlock code to authorize that, confirm one more time that you’re certain you want to install the profile (at least that was the process last time I added a custom profile: Two “Are you sure?"’s and an authentication prompt, not just TouchID).
5) Trojaned apps on Mac scan for interesting apps on the phone & replace them with trojaned versions of the iOS apps.

No iOS or Mac bugs were exploited.

The Mac side was just downloading & running dodgy software from (software) houses of ill repute.

The iOS side relied on a legitimate Apple-signed key that was issued to some company (haven’t found the name of the company yet — redacted to protect the careless?) It does seem that the key had greater than usual entitlements to allow additional background execution beyond what’s usually allowed. The trojaned iOS apps ran on a non-jailbroken, non-compromised (by bugs anyways) phone because the user allowed installation of the enterprise provisioning profile which allows the phone to run apps signed by someone other than Apple.

As far as mitigation, Apple added signatures for the Mac-side stuff to Gatekeeper so OS X won’t run them any more unless you stand on your head and accept a bunch of, “This will explode your computer!” prompts.

They also revoked the provisioning profile signing key on the phone side, so it can’t create newly trojaned apps on the phone, and the profile won’t be installable on new phones. I’m not sure at the moment what effect that revocation has on phones that have already installed the profile or on apps that were already modified by it. I’m also not sure if it’s vulnerable to the “change the date on your phone” thing that was used to installed NES emulators a while back. At one point, apps’ signatures were only checked on initial install, but I *think* expired or revoked enterprise profiles are actually checked at each launch and the apps should die now.

about a month and a half ago
top

The Fight Over the EFF's Secure Messaging Scoreboard

Aaden42 Re:Don't buy American. (63 comments)

Right, I forgot about WinCE, I mean WinMo, I mean WinRT, I mean “just-Windows, but it’s different and doesn’t run the same apps”. That’s a much more trust-worthy option than Android or iOS. Or were you talking about WebOS (US-made, essentially defunct) or Blackberry (long standing tradition of rolling over for oppressive governments to prop up their bottom line).

Anything else?

about a month and a half ago
top

Virginia Court: LEOs Can Force You To Provide Fingerprint To Unlock Your Phone

Aaden42 Re:don't use biometrics (328 comments)

Okay, okay. I know what this is Your “phone” is really one of these:

Motorola DynaTAC

You had me going there for a minute.

about a month and a half ago
top

Virginia Court: LEOs Can Force You To Provide Fingerprint To Unlock Your Phone

Aaden42 Re:don't use biometrics (328 comments)

That’s a very nice delusional world you live in that you believe that you need actual evidence that would stick in court and lead to a jury actually convicting you in order to have your life ruined.

“Leak” to the press or your employer from the cops or DA? Nice knowing you

about a month and a half ago
top

Virginia Court: LEOs Can Force You To Provide Fingerprint To Unlock Your Phone

Aaden42 Re:don't use biometrics (328 comments)

If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.
  -- Cardinal Richelieu

Do you have any idea how many “lines written by [your] hand” are on your phone? I would bet you your phone that a dedicated investigator could find either evidence of a crime OR evidence sufficient to bolster suspicion of a crime which would be adequate to secure further warrants to search your home, vehicle, person, etc. The only question is whether you’re interesting enough to an investigator or if one of those crimes is in vogue for “zero tolerance” prosecutions at that time.

about a month and a half ago
top

MPAA Bans Google Glass In Theaters

Aaden42 Re:Who likes a horrible recording? (357 comments)

And clearly teenagers who can neither get to a theater nor pay for a ticket are exactly the untapped segment of the customer base that the MPAA is just dying to...... no... wait...

about a month and a half ago
top

MPAA Bans Google Glass In Theaters

Aaden42 Re:Smart phones still acceptable. (357 comments)

Because the 128GB of flash in your phone isn’t enough to cap a two hour movie without a network connection? Math much?

I don’t spend two hours in places that have no reception. It doesn’t happen. Yes, my phone is on silent & in my pocket. No, I don’t pull it out & light up the screen in the middle of the show. But if one of a handful of distinctive vibrate patterns goes off while I’m watching the film, I’m out the door in the lobby to answer it before it stops ringing, or else I’m out of a job.

about a month and a half ago
top

MPAA Bans Google Glass In Theaters

Aaden42 Re:Laywer fight (357 comments)

Wearing Glass != making a recording. Prove I made an MP4 or no law has been violated.

about a month and a half ago
top

MPAA Bans Google Glass In Theaters

Aaden42 Re:So the question is ... (357 comments)

I had my iPad bag searched going in to watch The Giver a couple of months ago. My group of four respectable looking 30-something’s who were having a conversation about the book it was based on at the time, were physically blocked by the Rent-a-Truncheon(tm) who demanded to paw though my stuff before I could be permitted to walk in. They’d already taken our tickets, so I wouldn’t even have been permitted to run it back out to the car without paying for a second ticket. He pointedly gestured at the “Absolutely no re-entry!” sign when I stated that’s what I wanted to do.

You’ll never catch me at that theatre again. I have to just about be bodily dragged to a theater anyways, and I’m kind of a stickler when it comes to being secure in my person and effects...

about a month and a half ago
top

MPAA Bans Google Glass In Theaters

Aaden42 Re:No sympathy for either side (357 comments)

Except of course when the abusers “lose” the cameras or they “malfunction,” coincidentally at the exact moment the abuse was about to occur.

All the more reason for abusees and disinterested third parties to be camera-equipped. Sorry to hear your $50,000 police cruiser dash cam malfunctioned. Here’s the MP4 from my $600 smartphone that caught the whole thing. You’re welcome!!!!

about a month and a half ago
top

MPAA Bans Google Glass In Theaters

Aaden42 Re:I dunno what's worse... (357 comments)

The theaters kind of do care actually. I’d put money down that every screening has the date/time and theater’s location and/or ID steganographed into the video and audio. When something gets cammed and leaked, the *AA knows what theater f-d up and the theater knows who was on duty when it happened. I’m positive there are contractual stipulations with respect to how much the theater chain pays when they f-up, how many times they can f-up before being penalized in terms of not getting first-run movies, and how close to zero tolerance they have for employees who let it happen on their watch.

The tech to do it is TRIVIAL considering they’re already doing per-viewing DRM to unlock the encrypted digital copies stored on-site. Just post-process the A/V while you’re playing it back. Simple

about a month and a half ago
top

Why CurrentC Will Beat Out Apple Pay

Aaden42 Re:Not a chance (631 comments)

That debit fraud has been reversed in hours is a courtesy extended to you by your bank, not a legal requirement placed upon them. They may legally hold debited funds until the conclusion of any investigation into the charge. In contrast, credit cards are required by law to reverse the deduction in your clear to spend and not charge any interest or late fees upon the beginning of an investigation.

Some banks are usually nice about it on debit transactions, but they don’t have to be. If they were last time is no guarantee they will be next time.

about 2 months ago

Submissions

Aaden42 hasn't submitted any stories.

Journals

Aaden42 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?