Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Google Starts Blocking Extensions Not In the Chrome Web Store

Quick Reply Re:Welcome to your new walled garden (225 comments)

On both Firefox and Chrome, the efforts to require permission to install an extension can be bypassed if the installer has local access to manually tell the config files that it has been 'approved' even when it has not, and this is quite prevalent.

Of course it's not going to affect technical folk who avoid installation of spyware to begin with, but this is a sensible security step for the masses.

about 2 months ago
top

Google Starts Blocking Extensions Not In the Chrome Web Store

Quick Reply Re:Welcome to your new walled garden (225 comments)

Chrome/Chromium doesn't have extensions on Android so that platform is not applicable to this move.
Chromebook laptops can be unlocked and replaced with Chromium builds.

about 2 months ago
top

Google Starts Blocking Extensions Not In the Chrome Web Store

Quick Reply Re:Welcome to your new walled garden (225 comments)

Chromium is open source so if you don't like it, fork you own copy and get whatever useless toolbars that install without permission that you want.

about 2 months ago
top

Yahoo DMARC Implementation Breaks Most Mailing Lists

Quick Reply Re:SPF.. (83 comments)

Currently, all mailing lists implementations break DMARC specs. At first glance it would appear that the Mailing List specs and the DMARC specs are incompatible with each other...

HOWEVER, There IS a way to be compliant with both specs.

The mailing list is just a transport agent of list messages right? Well it can also be the transport agent of how users' actual email addresses are handled, between their real email address and usernames that obfusicates their actual email address.

For example:
* User "Bob Smith" emails TESTLIST@DOMAIN.ORG

* Mailing List implementation on DOMAIN looks up "BOB.SMITH@YAHOO.COM" and determines his username to be "USER-ADF2S89T"

(more friendly usernames like "BOBSMITH-YAHOO" might also be possible if verified/allowed by the list owner, even "BOB.SMITH_AT_YAHOO.COM" could be his username if he has no intention of hiding his email address and is not scared of spam bots)

* Mailing List implementation on DOMAIN rewrites the message FROM and/or SENDER fields to "USER-ADF2S89T@MAILING-LIST-USERS.DOMAIN.ORG" instead of his actual email address

* A mail transport agent is set up on MAILING-LIST-USERS.DOMAIN.ORG to forward any messages that are sent to USER-ADF2S89T to BOB.SMITH@YAHOO.COM so the author/sender are still contactable.

This is compliant with the Mailing List specs because "USER-ADF2S89T@MAILING-LIST-USERS.DOMAIN.ORG" 'belongs' to John Smith (Just in the same way that JOHN.SMITH@YAHOO.COM 'belongs' to him too even though he doesn't own YAHOO.)

This will also have the following benefits:

- Actual email addresses are completely hidden from Spam Bots. This is huge. Mailing Lists are are huge source of email addresses that spam bots like to harvest.

(It may be possible to have a web interface or mailing list -request command to reveal the users' actual email address - using a CAPCHA if the requesting user is not trusted - so users can't hide behind their special address)

- List Managers might like the option for users to be able to update to their new their email address while keeping the same username(s).

(If users are representing their company, companies might like an option - maybe with the use of a TXT record on their domain - not to allow their users to do this so they can't keep 'representing' their company after they lose access to their company email address)

- This way DMARC can be freely implemented by everyone, including the mailing list server itself, so users can't spoof each other when posting to the mailing list, nor can they use their "USER-ADF2S89T@MAILING-LIST-USERS.DOMAIN.ORG" address to send mail 'FROM' this address.

about 3 months ago
top

Ask Slashdot: How Can I Prepare For the Theft of My Android Phone?

Quick Reply Re:Pretty easy. (374 comments)

And getting past the PIN? And how useful would an iPhone be without Wi-Fi/Cellular Internet connectivity?

You can't even restore the firmware without it verifying with Apple. Unless it is an old model that can be defeated offline, it would be more valuable for spare parts.

about 4 months ago
top

Nokia Announces Nokia X Android Smartphone

Quick Reply Sounds like a Niche, not a future (105 comments)

An AOSP phone without Google Play, let alone Amazon App Store or any other established Android App Store, sounds like a Niche phone for programmers/hackers.

I suspect that it is designed to succeed the legendary Maemo operating system & N900/N9 phones, than a serious attempt to build a future Operating System.

I expect that it will be highly prized among the hacker community, totally hacked to death with an onslaught of Linux-based operating systems including Ubuntu phone, Firefox OS, CyanagenMod, and Maemo itself. Maybe a few surprises with some left-field operating systems finding their way on there as well.

about 5 months ago
top

Ask Slashdot: Anti-Camera Device For Use In a Small Bus?

Quick Reply Isn't it obvious? (478 comments)

Just cover your head in tinfoil, hat shapes work best, and then they can take as many photos as they want but your brain waves remain safe

about 5 months ago
top

12-Lead Clinical ECG Design Open Sourced; Supports Tablets, Too

Quick Reply WTFPL (134 comments)

I doubt this was written by a lawyer. This might be an impediment to being picked up by a serious project because they can't take the risk that the WTFPL doesn't actually mean anything from a legal perspective.

about 8 months ago
top

Chrome Will End XP Support in 2015; Firefox Has No Plans To Stop

Quick Reply No (257 comments)

Web Developers have learnt from the past, there will never be a supported code that will be dependant on a specific version again.

Cross-compatibility and Browser Independence is a main focus that hasn't been in the past. Most websites are not locked into a particular browser, so there are more options if things go pear-shaped in a particular browser. If for example Firefox drops XP support and there is a bug with the old version, the customer can change to Chrome until another solution is put in place.

IE6 was the exception, because it was too difficult in many codebases to update it for compatibility beyond IE6 in the short term, for time(=money) reasons. As soon as the codebases were updated (or the solution replaced) to work beyond IE6, IE6 was kicked right out the door. IE6 didn't stay king because so many people loved that browser so much that they didn't want to change, it was because they HAD to keep using it for some reason. It is not uncommon for companies still relying on IE6 to have Firefox installed for general web browsing and IE6 only for the specific app they need. You can bet your ass they have retirement plans on how to eventually get off IE6 (& now also XP) altogether.

Unsupported code (eg: unmaintained websites) that won't work with new versions - Yes that is inevitable.

Supported code - No.
If it is a supported codebase - The web developer's solution would be to update it to work with the new version, not make it work with the old. If that means that it will break compatibility with the old version, then so be it, it is industry practice not to support unsupported software.

It's worth pointing out that Mozilla & Google are not supporting XP - They are supporting their browsers. If there is a problem in XP, they are not going to help you with it.

about 9 months ago
top

Open Rights Group International Says Virgin, Sky Blocking Innocent Sites

Quick Reply Re:BGP instead of DNS filtering makes more sense? (83 comments)

MitM is a Politically bad idea, not technical. If the proxy servers in the middle have enough bandwidth and resources, the performance could theoretically even be an improvement. I most certainly agree (from a Political perspective) it is a dangerously slippery slope.

From a technical perspective, it doesn't make the internet (banking, shopping, etc or other https activity) any different because a government/ISP MitM filter is no different to a Malicious Hacker MitM attack, which is already feasible. Also, I maybe wrong about HTTPS, but I believe that the Private SSL key would need to be installed on the MitM server, otherwise the MitM server would need to use a different certificate - a red flag - than the real server.

I wouldn't be surprised if government spying agencies are doing their own MitM attacks already on a BGP level, and in the case of HTTPS websites, compromise any private SSL keys they need to do it without detection.

about 9 months ago
top

LinkedIn Accused of Hacking Customers' E-Mails To Slurp Up Contacts

Quick Reply I think they are using the mobile apps (210 comments)

I am in a similar situation where I have a couple of Google Apps accounts that I ONLY use for work-related purposes. NOTHING ELSE. Never authorise anything to use them keep it all on my personal. Sure enough LinkedIn has slurped some contacts from sent items. I use different passwords for everything. I hardly have even used LinkedIn, much less with a work related email account open (I hardly open them). The ONLY way they could have stole it (That is the only thing running at the same time) would be a mobile app either from my Android or iOS device. I have these work accounts set up permanently on these devices and foolishly it seems loaded the LinkedIn app.

Funny enough ALL these email accounts have been getting spam lately from "Dr OZ" to their actual address, which is strange when I use disposable email addresses for EVERYTHING, including client contact. The only thing I use the actual address for is to log in and set up the mail client. These email addresses must have been slurped from a mobile app, not sure if it was LinkedIn or another app.

about 10 months ago
top

Lord Blair Calls for Laws To Stop 'Principled' Leaking of State Secrets

Quick Reply I actually agree with him (395 comments)

Well Yes and No.
No - I don't agree that the subject matter that has been actually leaked was right for governments to have done in the first place. eg: The deliberate killing of innocent civilians in Iraq. That is wrong.

Yes - I do agree that leaking information is harmful to government and beneficial to enemies, because the enemies can use what the government did wrong as a recruiting tool to gain support against them. With all the negativity against governments having all this data, I would say that it is working pretty well for the enemies of the government.

Note - Being an enemy of the government doesn't necessarily mean you have done anything wrong, it just mean that you don't agree with the governments actions. For example, the EFF is an enemy of the government, even though they are not doing anything wrong.

TL;DR - Governments should stop doing things wrong instead of hiding what they do wrong, because it is what they do in the first place that was leaked which is aiding the 'enemy' (anyone who disagrees with the government) recruit other people against the government (anyone who supports Leaking of coverups), rather than the act of leaking in itself.

about a year ago
top

Ask Slashdot: 4G Networking Advice For Large Outdoor Festival?

Quick Reply Why not WiFi (140 comments)

WiFi is going to be cheaper.

about a year ago
top

City of Johannesburg Leaks Personal Bills Online, Threatens Flaw Finder

Quick Reply How times have changed (46 comments)

5 years ago it would be considered a "Hacking" crime to bring to light such a trivial adjustment to the way you access a website by changing it's URL in a small way, but now it is grounds for class action against the operator for actual lax security.

about a year ago
top

Photocopying Michelle Obama's Diary, Just In Case

Quick Reply Car Analogy (218 comments)

It would be like Obama completely bugging his wife's car, not because she is under the protection of the Secret Service, but because he wants to watch everything that she is up to without her knowledge. GPS Tracking, Sound, Video, the works - he can watch her every breath.

And then when she realises that he has been spying on her, he would say "Well you wouldn't mind if you have nothing to hide! I'm just cleaning out the dirty dishes!"

about a year ago
top

Second SFO Disaster Avoided Seconds Before Crash

Quick Reply NO (248 comments)

"Is there a structural problem with computer-aided pilot's ability to fly visual approaches?"

No, Just Pilot error. The 777 has constantly landed at SFO everyday for years without issue and the cause of the Asiana has been well-documented.

about a year ago
top

Ask Slashdot: Secure DropBox Alternative For a Small Business?

Quick Reply Synology CloudStation is the closest thing. (274 comments)

Synology have been moving from the personal to the enterprise space as of late with their "DiskStation" NAS line of products. Some of their high end "NAS" boxes can get pretty powerful. There is a function of the DiskStation is called "Cloud Station", essentially a Dropbox clone.

Basically what you would be doing is having your own on-premises 'Dropbox appliance'. It is very easy to setup/integrate with it's user-friendly interface for the admin, and then all you really need to do then is forward the ports and install the client software.

about a year ago
top

Researchers Infect iOS Devices With Malware Via Malicious Charger

Quick Reply This Responsible Disclosure is very irresponsible (201 comments)

They should have saved this exploit for jailbreaking than to report it, comsidering the chances of an in-the-wild infection are low. Public charge stations are quite uncommon.

about a year ago

Submissions

top

How much do staff really represent their company?

Quick Reply Quick Reply writes  |  more than 3 years ago

Quick Reply writes "I had the 'magical' experience of Dealing with Apple today. One of their Sales staff suggested that I buy an extra battery to store long-term until the main battery needs replacing, at the time I bought my laptop a few years ago.

Well as it turns out, the second battery isn't designed to be stored long-term as it will "expire". Now the company is point blank refusing to replace the out of warranty item, justifying that it was the product was "Misrepresented" only by one particular staff member a few years ago, and the company can't take responsibility for what a particular staff member said a few years ago.

I ask Slashdot, when a company staff member makes a mistake, is the company right to say that this was a personal mistake of an individual staff member, or should the company be taking responsibility for the mistakes of their individual staff members while doing their job?

Maybe it is just me that finds it absurd to suggest that a company representative is not really representing their company."
top

Boy killed by exploding Office Chair

Quick Reply Quick Reply writes  |  more than 5 years ago

The Land of Smeg writes "Itay News (Japanese) and Sankaku Complex are reporting that a fourteen-year-old boy was killed after the chair he was sitting on exploded, propelling sharp chairs parts into his rectum, resulting in extensive bleeding, to which he succumbed before medical attention could stem the flow.

The chair in question was a standard gas cylinder type, where the height is regulated by an adjustable cylinder containing highly pressurised gas, and it was this which exploded, sending high velocity chair parts into the posterior of the unfortunate youth.

The illustrated chair shows the severity of such a cylinder malfunction. This really makes you think, is your office chair safe?"

Link to Original Source

Journals

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...