×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

NASA Study Proposes Airships, Cloud Cities For Venus Exploration

ledow As with all space missions: (198 comments)

As with all space missions:

Fabulous.

Let's do it.

Start planning now.

Go, go go.

When will it happen?

I have a feeling in 50 years time this will be dragged out of the archives and the same idea posited once more.

2 days ago
top

Microsoft Gets Industry Support Against US Search Of Data In Ireland

ledow Re:A different kind of justice for multinationals (137 comments)

The problem you have is the word "valid".

It's invalid to issue a court order that extends outside your court's jurisdiction, especially if to do so actually encroaches on - and contradicts the law of - another jurisdiction.

In the EU, it's illegal to reveal or transfer personally-identifying data without the explicit permission of the persons mentioned in that data. Neither Microsoft America, nor Microsoft EU, have that permission. To do so, they would have to ask the people who the data is about (who are going to say no), or get a *VALID* EU court order that says they can.

Of course, this could all be resolved by the US court asking the EU court to help by getting the EU court to provide an order for discovery, but they're too fucking stupid to do that and apparently think they control the world.

3 days ago
top

Microsoft Gets Industry Support Against US Search Of Data In Ireland

ledow Sigh. (137 comments)

Again, if they comply with the order, whoever does so in Europe (or is in Microsoft Europe and even *allows* it to happen by lax security, or whatever excuse) is in breach of the EU Data Protection laws.

The courts are thick if they don't understand this. Either Microsoft US gets brought before a US court for non-compliance of Microsoft Europe gets brought before a European court for compliance.

This is why we have jurisdiction. This is why you apply to have your court order validated in the jurisdiction you want to enforce it in. This is why it would be refused in such a jurisdiction, anyway.

Anyone who complies, assists or even ALLOWS this kind of movement of personal data, on European soil, will be brought before a court.

It doesn't matter what industry supporters come out (and Apple / Microsoft are hardly rivals - don't they own shares in each other?), it's just a stupid, overreaching legal decision that nobody can legally comply with.

3 days ago
top

Amazon UK Glitch Sells Thousands of Products For a Penny

ledow Re:Hmmmm ... legality? (138 comments)

Consider a shop (store if you're that side of the pond).

They price-gun a ton of items but the minimum-wage employee forgets to change the price. He tags a widescreen TV as 2-for-1 at 0.50c.

In law, this has arisen for decades. If it's obvious that it's an error, they are not obliged to honour it. If it's not obvious (i.e. he tagged it at 200 instead of 300 or whatever), then they are. It's in the case law, it's as simple as that.

Whether you are online, mail order or physical store, it's the same. Pricing errors are not required to be honoured if no sensible person would consider them anything but an error.

Now some places may honour the lower price if it saves them lots of legal hassle, or if it generates a news story. But that's at their discretion.

Similarly, if you see something with a sticker on it saying 1p, the retailer is quite within their rights to say "No, sorry, someone's been switching around the stickers - it's actually $1000".

The sale of goods is not exclusively on the customers side, or there'd be no large businesses. You have to both agree. And we both know that if you queried it, Amazon (or rather the third-party reseller in this case) would say "No! That's obviously a mistake!". The consumer can't have it every way - they are entitled to change their mind, refund, etc. Similarly, the business has rights too. And where it's obvious that it's a mistake (or which could even have been the last malicious act of an ex-employee), they aren't required to honour it.

3 days ago
top

Amazon UK Glitch Sells Thousands of Products For a Penny

ledow Re:Amazon is run by Nazis (138 comments)

Not if the price is obviously an error.

And not until both sides have consciously accepted the contract. Acknowledging receipt of your order request is NOT acceptance of the contract.

English law contains this, so I imagine American law and almost all first-world law systems are similar.

4 days ago
top

Amazon UK Glitch Sells Thousands of Products For a Penny

ledow Re:Hmmmm ... legality? (138 comments)

No.

If the price is obviously a mistake, it's not a binding contract.

Offer and then ACCEPTANCE is a basis of all contract law. You make an offer but then you BOTH have to accept the offer to make it valid. The point of acceptance is not necessarily when you get an email saying Amazon has received your order. It's worded quite carefully.

Online, you get certain consumer protections but no consumer protection extends to obvious pricing errors, and sellers get the same kinds of protections.

It's similar to the "moron in a hurry" test. And even a moron in a hurry knows that it's not 1p for a widescreen TV.

And...

IT WASN'T AMAZON. It was a third party bit of shitty software that automatically "adjusts" prices, not unlike an eBay sniping tool gone awry.

4 days ago
top

Amazon UK Glitch Sells Thousands of Products For a Penny

ledow Sigh. (138 comments)

WAS NOT AMAZON.

It was a junky piece of third-party software that automatically adjusted prices for Marketplace sellers.

The software cocked up, made everything a penny, and - I imagine - everyone stopped using it.

4 days ago
top

Small Bank In Kansas Creates the Bank Account of the Future

ledow Sigh. (155 comments)

Welcome to the 20th Century. Oops, we're not there any more!

I deliberately wasted several hours of my bank manager's time once. When he sussed what I was doing, he asked why. Because it had taken four days for a cheque to clear - a cheque I had received every month from the exact same employer, for many years, and paid in immediately using their fast-track cheque machines that take a photo of the cheque for you, then wrap it in an envelope and send it on.

And because of the delay, for a fraction of a second, my bank account went overdrawn by a few pounds even though the cheque was in the bank's possession. They delayed and delayed it, further than necessary or normal, in order to ENSURE I was charged for going overdrawn. The cheque was an amount enough to clear the transaction they bounced several hundred times over. They then charged me £50 on top as an administration fee.

I'm an IT guy. I know that transaction takes milliseconds to process. The fraud selection? That's in place 24 hours a day on CC transactions anyway - there's nothing special about that. This is just an extension.

The antiquated system of "it has to arrive at the other branch for the cheque to clear"? Nonsense and zero justification when you have the cheque in your possession. This stuff is chicken feed on the bottom of the banking balance sheets, but they can play it and make money by making it slow and cumbersome. Because most people will just keep quiet and pay it.

The only question I really wanted an answer to? Has four hours of your time cost the bank more or less than the (unfair, I would posit) overdraft fee you charged? What about the loss of my banking business? How much has that cost you?

Happened to run into the same guy at another branch when I was going in with my ex-wife to sort out her account. He ran a mile.

Sorry, guys, you can make all the excuses you want, but that transaction system is slow BECAUSE YOU MAKE IT SO, not because it needs to do. The real-time clearing is already in place - try using a blocked credit card and see how long the gap is between you reporting it missing and all your vendors saying they couldn't charge you card for your usual monthly payments. The same applies to Direct Debits (in the UK) and myriad other banking technologies.

I once recorded a 3 minute interval between my phoning my bank to cancel a Direct Debit and the company that it was paying phoning me up to threaten a lawsuit over non-payment (long story short, they "agreed to overlook the matter", including the complete refund they'd had forcibly taken from their bank account, after I offered to initiate the lawsuit for them).

It's all nonsense. Banking systems do nothing special nowadays, especially not the personal / small business banking sector of the industry. They don't need tons of supercomputers and overnight batch processing - they just do that to eke out to the last second how long your money is with them.

4 days ago
top

How Identifiable Are You On the Web?

ledow Re:Ask yourselves these questions... apk (159 comments)

Seriously, this guy is still doing the rounds?

Come back when the advertisers have all moved onto the same CDN's as everyone else and you can't block by IP.

The rest? Well, apart from the utter bullshit, it's called a DNS proxy.

4 days ago
top

Sony Pictures Leak Reveals Quashed Plan To Upload Phony Torrents

ledow Because it doesn't work? (130 comments)

Because it doesn't work?

It takes a handful of comments to stop a fake torrent being seeded any further, and why would you continue to seed a fake-torrent anyway? It's just sucking up bandwidth for something that you know is worthless.

Similarly with CC numbers - if you flood a ton of fake ones, it'll be next to no time before someone flags which ones work and which don't, and which uploaders were reliable and which not.

As such, it's a pathetic idea to do either.

How about you offer a DRM-free copy in a reasonable format for a half-decent price on a half-decent timescale? Or is it too hard to DO WHAT YOU'RE PAID TO DO? Make a movie, sell it to the masses.

The Imitation Game I went to see in the cinema - my first cinema movie in about 10 years. Unless I want to pay full-price again, I have to wait until the DVD comes out to watch a movie I'm interested in again. When will that be? God knows. But I can't watch it until they choose to bring it out. And then it will be region-protected, copy-protected and almost certainly won't work on my laptop (like most Disney movies).

I'm sure they'd rather I went to the cinema multiple times, like my ISP would rather I take out multiple lines. I'm sure they'd rather I pay a fortune for a DVD I can't backup or watch on a laptop, like my car company would love to be able to stop me adding on third-party components and only use them. I'm sure they'd rather I wouldn't be able to download it or stream it until it's a 10 year old movie or more and generating no income for them, like I'm sure my local McDonald's would rather give me an old piece of lettuce instead of a new one.

But if you want to keep your customers, it might be an idea to not seed fake torrents, and spend your time in court shutting down torrent site, but sell your damn product in a less restrictive way in the first place.

4 days ago
top

How Identifiable Are You On the Web?

ledow Re:Why don't browsers clean it up? (159 comments)

Most of it isn't "reported" by the browser.

Most of it is fed to your browser and then your browser regurgitates it as it's expected to.

If I modify a web server to send only you a random numbered URL, and then watch for that random-numbered URL, I've formed a correlation between your IP and your browser session. If I can get that to tie in with other sites, or give me the slightest hint about those, I can correlate the information.

If I get your browser to go to a random link, and you have history settings that made visited links a different colour, I can use Javascript to distinguish sites you've been on from sites you haven't. This is how this site's predecessor worked. If you take away that functionality, it breaks some Javascript theming where it tries to pick a suitable background colour given what your link colour is, etc.

It's not that your browser is deliberately advertising this stuff. It's having its features used to do correlation attacks that NO browser is designed to combat. If your browser refused this stuff, or worked in the perfect way you describe, then it would be a pain in the butt to use and sites would appear broken for no reason.

Do you even realise how many sites use custom fonts nowadays? I didn't until my browser broke on custom fonts and replaced then with random fonts. Damn the Internet can look ugly when that happens nowadays.

Plugins are the least of your worries. And any sensible browser will disable by default and force you to "press play" to enable any plugin of interest. And Do Not Track is an absolute waste of time, given that it's not at all binding and the web is international. You might as well set the "This is not spam" flag on every genuine email and configure your email client to believe it absolutely. I'd give it a week before you got spam that advertised as "This is not spam".

The data reported is reported because it's necessary for basic website rendering and things like Javascript compliance. Sure, you can fake bits of it, but even a browser ignoring certain HTML tags, or rendering one pixel different to another, is information that can be used against you. Have you not seen the Acid Tests? Failing just one of those would be enough to craft a test that it's actually your browser doing that. Apply the same kind of logic to the standardised programming languages in every browser and guess at a handful of sites you might have used and you have a tool that can identify your history from what your browser MUST give back for sites to work.

4 days ago
top

How Identifiable Are You On the Web?

ledow Re:Identifiable enough that Google targets ads (159 comments)

Not being funny, but that's hardly tracking unless you are actually after a watch or shoes. I imagine a watch / shoes ad is the kind of thing that a company will push to everyone this near to Christmas.

Also, I once got several months of leotard adverts because I happened to click something in our (school) web logs to check it was okay for pupils to see. There's just a correlation on the ad networks between your IP and something you may have clicked / searched / been on. It doesn't mean they are tracking you, per se. They just realise that you are two separate browsers with two separate signatures. Lots of things can do that, even being a single plugin different. Just being logged into a certain account on one site might push certain ads your way.

Load up Ghostery and visit your normal sites. See how many of them are also serving up ads etc. that can form correlations between your browser and a certain product. Cookies blocked everywhere? I don't believe it, you'd never be able to log into anything. Flash disabled? Well, yes, I have that by default but for security not tracking. "Do not track" is an absolute waste of time. And just because duckduckgo doesn't track you, doesn't mean the sites you land on don't.

Take this "for instance" - your wife went on a shoe shop once. You went on a watch shop once. Both the same IP. But one of you was also logged in elsewhere on a single other site. Bam. You get different ads. Just being a 0.1 version out on your browser will distinguish one from the other. Or having slightly different plugins. Or even just having different source port numbers (as NAT'ing will ensure).

Sorry if you don't realise this, but the amount of effort you're putting into making your life hard and hiding, is actually just making you stand out just the same. How many hours have you wasted trying to block this stuff, and still you're identifiable?

Either start fresh every session with a Privoxy proxy and fake user-agent strings, or don't bother. And even that won't hide you. And even then, you'll never know if the watch advert was for something you clicked years ago, or random spam because they know nothing about you and pick a random product. Hell, do you even know if you haven't each separately cached a random advert?

4 days ago
top

BGP Hijacking Continues, Despite the Ability To Prevent It

ledow Re:Or people could, you know, do their damn jobs.. (57 comments)

Agreed. It's like saying SSL is secure when it relies on every CA to operate in the same secure way. Oops.

Or email is reliant on one particular server not relaying out spam to others and faking return addresses, etc.

Lots of big tech relies on "honesty". The only way to fix it is to enforce a protocol that ensures compliance (or punsihes non-compliance with relegation).

If you don't play ball in DNSSEC, for example, then people know you're not playing ball. You either participate properly or not at all.

If we made all the protocols like this, and revoke trust / power / reputation from those who mess up, people might start to manage these system for the benefit of others instead of just themselves.

about a week ago
top

3D Printer Owner's Network Puts Together Buyer's Guide

ledow 3D printers (62 comments)

I work for schools. We don't have a huge budget, but a 3D printer is a good "show-off" item. The kids can make something in Google Sketchup, throw it to the printer, and take it home at the end of term after we've used it on a display for parent's evening.

We bought the Cubify Cube3D. It does the job. It's robust enough, cheap enough, works well enough. For what most people would ever use a plastic 3D printer for, it fits.

All we need is the price to come down to inket-printer costs and people will start buying them for home.

Problem is, quite how many people want to print out large Christmas-cracker toys at great expense?

about a week ago
top

The Case For Flipping Your Monitor From Landscape to Portrait

ledow Sigh (566 comments)

My eyes are aligned horizontally, not vertically.

Sure, I can make the case for more vertical space. But not at the expense of horizontal.

The only thing we use vertically is paper, and that's because we rarely consider the whole page in one go - only caring about one half at a time. And that makes it two pieces of landscape A5.

Books are portrait, I'll give you that. But you unfold them into a landscape A5-ish or large book with multiple columns (because of the difficulty of printing very near the gutter in the middle).

Children's picture books? Almost all landscape.
Movies? Landscape.
Photographs? Mostly landscape and certainly specified in landscape size and cameras are mostly designed for landscape operation (except when making portraits - for which we shockingly use them portrait!)

You have two eyes, one left, one right. Together they focus on the object of interest.

If you want a BIGGER landscape monitor so you can put a full A4 piece of paper on it - do that. Get it in landscape format and it will be wide enough to visualise two pieces at the same time at full height. That's not true if you flip the portrait/landscapes in those sentences.

Portrait displays have specific and specialised uses. And almost all of them leave horizontal space in everyone's visions (sometimes for a purpose, e.g. portraits without lots of side-art on them, sometimes because of cost - airport displays not being wider than necessary). If you fill that horizontal space, you get a landscape display of the same height that is suited for all purposes.

I can't see the case for portrait monitors for ordinary desktops at all except to "be different" or in very specialised applications where a landscape monitor of the same height will do twice as much.

about a week ago
top

Excuse Me While I Kiss This Guy: The Science of Misheard Song Lyrics

ledow Ricky Martin? (243 comments)

For years, my ex had been singing:

She never drinks the water, makes you order "fresh and pay"...

until I pointed out that it was probably French Champagne.

about a week ago
top

New Destover Malware Signed By Stolen Sony Certificate

ledow Re:Here come the certificate flaw deniers....... (80 comments)

Is this not why we have CRL's, though?

You can't guarantee your key won't be stolen and used to sign malware. But you can say that you'll revoke it when that's the case, and re-sign your official software with the new key.

Sure, it's a pain, and I don't know if Sony have done this - but the facility is there for the original owner to say "Actually, no, that's no longer a trusted cert... here, have this one instead".

about two weeks ago
top

Stealthy Linux Trojan May Have Infected Victims For Years

ledow Re:Well (129 comments)

If you honestly think anyone with a brain or in any position of repute has ever claimed those three things, then you're a bigger idiot than posting that on Slashdot makes you appear.

about two weeks ago
top

Stealthy Linux Trojan May Have Infected Victims For Years

ledow Hate being several clicks away from the actual inf (129 comments)

It's an ordinary piece of malware.

It talks home to a hard-coded URL.

It has to have a secret "knock" before it will talk back to you (port-knocking has uses both ways, it seems!).

It contains easily-greppable strings.

Quite what distinguishes this from other malware, I'm not too sure. Just that nobody had seen it before?

about two weeks ago

Submissions

ledow hasn't submitted any stories.

Journals

ledow has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?