Your hack intended to stop people's cars from starting unintentionally also cuts the brakes at 60 mph? Here's your unintentional manslaughter.
I wasn't talking about unintentional effects; I was talking about hidden effects. Unless the code can be effectively analyzed, it could do anything. (Read up on the phrase "arbitrary code execution" sometime. That's what it means.)
This is not theoretical; real-world malware has been doing equivalent things in computers for decades, and sometimes it's not easy to figure out what they're intended to do. To give a real-world example, the original computer worm, created by Robert Tappan Morris, brought the Internet of 1989 to its knees, crashing a huge amount of servers by making so many copies in memory that it bogged them down until they were unable to do anything.
Morris claimed, after he was caught, that all he wanted to do was create something that would "count the number of machines on the Internet," and a bug causes it to multiply out of control. It wasn't until much later that analysis of the source code showed a very different picture: he was a cybercriminal mastermind, years ahead of his time. There was code in the worm to establish what we call "a botnet" today, and it was only due to a fortuitous glitch that it never became active.
Any malware found in a vehicle should be treated as evidence of attempted murder by default, even if it's detected before it actually kills anyone. If you understand the meaning of "arbitrary code execution," that's obvious. If not, please do some studying before declaring that those of us who do understand it are wrong.
On the one hand, yes, exemptions are necessary for legitimate access. On the other, I can totally see why such a high penalty would be appropriate for actual malicious hacking.
If you talk with security professionals, they paint a very different picture than the opinion given here:
One tends to think of prison terms as being somewhat related to the harm caused and if someone fires off malware that prevents someone from starting their vehicle, there's no way that should be punished by a life sentence. I'm sure the legislators are contemplating worst-case scenarios where someone electronically hijacks a vehicle and causes someone's death, but that sort of thing should be punishable under other laws more commensurate with the end result of the hacking.
Ask someone trained in computer security how to handle a malware infection, and the answer, if the person you're talking to is competent, will invariably be some variation on "nuke it from orbit; it's the only way to be sure." There are so many places on a computer where malware can hide itself that the general consensus is that there is no way to "clean" an infected system and feel confident afterwards that it's truly gone.
Needless to say, the ramifications of this are very different for a computer that costs a few hundred dollars to replace, and for a car that costs tens of thousands! Also, along the same lines, there's no way to be sure what malware does simply by analyzing observable behavior, because it could always be waiting for new circumstances to arise in order to then trigger new behavior. The "mostly harmless" virus that prevents you from starting your vehicle may seem like a silly prank that doesn't warrant locking anyone up, right up until you manage to get it started, feeling safe, and then it disables your brakes at 60 MPH.
There are two ways for the law to deal with this sobering reality. One is to ban all black-box development. Everything must be open-source and thoroughly analyzable by everyone, with system-level enforcement of this requirement. Under such circumstances, it would be possible to be sure that a system has been cleaned without having to throw it out. But the industry would never go for it.
The other is draconian-grade deterrence, which is what we're seeing here. Until the first alternative can be implemented, it is, unfortunately, really the only reasonable option available.
The two are one and the same. The thing most people don't get these days is that racism was never about racism. It was always simply a means to an end, and that end was profit.
If you look at historical documents of Southern slaveholders' anti-emancipation arguments, you find very little in the way of ideological justification for racism for its own sake. In fact, what you do find sounds surprisingly modern, basically boiling down to "if you force us to treat our laborers like human beings, it will DESTROY OUR ECONOMY!!!!!!"
The only real difference is, it used to be black laborers being oppressed, and now it's everyone.
No, they're in favor of establishing corporatocracy by using the specter of "big government" as FUD to thwart any efforts to rein in large, abusive corporations.
On the first one, they talk about increasing funding for innovation. That's not a bad thing, per se, but it almost never works when the government is the one behind such a project.
... ... ... seriously?
Are you even aware of where the Internet, that you use to post that ridiculous line, came from?
No, it's not encrypted data. The essential characteristic of encrypted data is that it can be decrypted. Hashed data can't be un-hashed back to the original data, because it throws away information.
Just a minor nitpick: a hash is not encryption, by definition. Encryption is something that can be decrypted back to the original plaintext if you have the key. With a hash, there is no key and no way to restore the original plaintext--which is why you use hashing, rather than encryption, to store passwords.
Problem is, this is not abuse of the DMCA. This is people using it exactly as designed: a process that allows content that someone claims violates the law to be removed under color of law without having to go to all the pesky effort and expense of actually proving that the law has been violated in court.
When the stated purpose of the law is to provide an end run around a legal system that filters out fraud and illegitimate business practices, it's hard to make any serious claim that using it for fraud and illegitimate business practices is "an abuse" of the DMCA. This is the DMCA takedown system doing exactly what it was designed to do: facilitate the legitimization of fraudulent copyright claims with no Presumption of Innocence, no Due Process, and no accountability.
Re: Re: Re: Re: How to turn off microsoft's notice
I disagree about content creation, but to a certain degree it depends on what kind you're doing. Certain very specialized things are dependent on Windows software.
...or on Apple's, if you don't mind going from bad to worse. But it's hardly "very specialized things;" most of the most fundamental content creation tools simply aren't available. There's no Photoshop on Linux and no alternative to it, for example. (Some people who have never actually used both Photoshop and GIMP suggest GIMP as an alternative. Those who are actually familiar with both programs are much more likely to use it as support for my position. It's that bad.)
And there's a number of things you can do with Linux that you can't do with Windows (at least not without great difficulty).
Let's pretend, for a moment, that the "you" in question is not me, lifelong computer programmer, but rather John Q. Person, who sees computers as a tool to use rather than a thing to tinker with. How confident are you in that statement, and particularly in its relevance to things that I would actually ever care about doing?
Which sounds great, in theory, until you realize it can't actually do anything because all the programs are written for Windows. Particularly in this day and age when the advent of the mobile device has moved low-end work off of PCs, the main uses that are left are for heavyweight stuff like gaming (a vast, barren desert in Linux-land) and content creation (ditto.)
I saw a great cartoon in the paper once. For context, it was right after Jackson had escaped justice for his child molesting for the second time, and right around that same time, Allied forces in Iraq had overthrown Saddam Hussein's government and captured Saddam.
The cartoon depicted Saddam Hussein speaking with his lawyer, and the lawyer looks grim. "Mr. Hussein, I won't lie to you, things are pretty bleak. After reviewing all the evidence, it appears that the only chance we'd have of getting you cleared would be to have your case transferred to California."
Precisely. As has been said of others in the past, "I'm not glad he's dead but I'm glad he's gone." Whatever his musical talents may have been, his impact on the broader world of music, and its culture, was more negative than positive.
There are lots of problems with ECPA, but the big one that everyone points to is that it considers any communication that's on a server more than 180 days to be "abandoned" and accessible without a warrant. That perhaps made some amount of sense back in 1986 when the law was written, because everything was client-server and you downloaded your email off the server. But in an age of cloud computing and webmail it makes no sense at all.
In all fairness, how often do you go back and look at--or even care about--mail over 6 months old on your webmail account? It might as well be "abandoned," realistically speaking, no matter where it's stored, no?
If I want to go about booking a hotel, "booking.com" is descriptive of the service that is being offered at the site.
No, if you want to book a hotel, "booking" is descriptive of the service being offered. This is one case where "adding 'on a computer'", as it were, actually does make a fundamental difference. "Booking" is an action; "booking.com" is a specific tool to perform that action.
Having said that, if I want to go about booking a hotel, I generally just use Orbitz. :P
On the post: Michigan Politicians Want People Who Hack Cars To Spend The Rest Of Their Lives In Prison
Re: Re:
I wasn't talking about unintentional effects; I was talking about hidden effects. Unless the code can be effectively analyzed, it could do anything. (Read up on the phrase "arbitrary code execution" sometime. That's what it means.)
This is not theoretical; real-world malware has been doing equivalent things in computers for decades, and sometimes it's not easy to figure out what they're intended to do. To give a real-world example, the original computer worm, created by Robert Tappan Morris, brought the Internet of 1989 to its knees, crashing a huge amount of servers by making so many copies in memory that it bogged them down until they were unable to do anything.
Morris claimed, after he was caught, that all he wanted to do was create something that would "count the number of machines on the Internet," and a bug causes it to multiply out of control. It wasn't until much later that analysis of the source code showed a very different picture: he was a cybercriminal mastermind, years ahead of his time. There was code in the worm to establish what we call "a botnet" today, and it was only due to a fortuitous glitch that it never became active.
Any malware found in a vehicle should be treated as evidence of attempted murder by default, even if it's detected before it actually kills anyone. If you understand the meaning of "arbitrary code execution," that's obvious. If not, please do some studying before declaring that those of us who do understand it are wrong.
On the post: Michigan Politicians Want People Who Hack Cars To Spend The Rest Of Their Lives In Prison
If you talk with security professionals, they paint a very different picture than the opinion given here:
Ask someone trained in computer security how to handle a malware infection, and the answer, if the person you're talking to is competent, will invariably be some variation on "nuke it from orbit; it's the only way to be sure." There are so many places on a computer where malware can hide itself that the general consensus is that there is no way to "clean" an infected system and feel confident afterwards that it's truly gone.
Needless to say, the ramifications of this are very different for a computer that costs a few hundred dollars to replace, and for a car that costs tens of thousands! Also, along the same lines, there's no way to be sure what malware does simply by analyzing observable behavior, because it could always be waiting for new circumstances to arise in order to then trigger new behavior. The "mostly harmless" virus that prevents you from starting your vehicle may seem like a silly prank that doesn't warrant locking anyone up, right up until you manage to get it started, feeling safe, and then it disables your brakes at 60 MPH.
There are two ways for the law to deal with this sobering reality. One is to ban all black-box development. Everything must be open-source and thoroughly analyzable by everyone, with system-level enforcement of this requirement. Under such circumstances, it would be possible to be sure that a system has been cleaned without having to throw it out. But the industry would never go for it.
The other is draconian-grade deterrence, which is what we're seeing here. Until the first alternative can be implemented, it is, unfortunately, really the only reasonable option available.
On the post: Ted Cruz Pushing Bill Protecting Large ISPs From Competition
Re: Re:
If you look at historical documents of Southern slaveholders' anti-emancipation arguments, you find very little in the way of ideological justification for racism for its own sake. In fact, what you do find sounds surprisingly modern, basically boiling down to "if you force us to treat our laborers like human beings, it will DESTROY OUR ECONOMY!!!!!!"
The only real difference is, it used to be black laborers being oppressed, and now it's everyone.
On the post: Ted Cruz Pushing Bill Protecting Large ISPs From Competition
Re:
On the post: EU Regulators Can Barely Contain Their Desire To Attack Google And Facebook, Believing It Will Help Local Competitors
Re: Re:
On the post: EU Regulators Can Barely Contain Their Desire To Attack Google And Facebook, Believing It Will Help Local Competitors
...
...
...
seriously?
Are you even aware of where the Internet, that you use to post that ridiculous line, came from?
On the post: Senators Burr & Feinstein Write Ridiculous Ignorant Op-Ed To Go With Their Ridiculous Ignorant Bill
Re: Re: Hashing is not encryption
As for where I heard it, it's common knowledge among people who work in this area. Simply Googling "difference between hashing and encryption" turns up plenty of useful references.
On the post: Senators Burr & Feinstein Write Ridiculous Ignorant Op-Ed To Go With Their Ridiculous Ignorant Bill
Hashing is not encryption
On the post: Reputation Management Revolution: Fake News Sites And Even Faker DMCA Notices
Re:
When the stated purpose of the law is to provide an end run around a legal system that filters out fraud and illegitimate business practices, it's hard to make any serious claim that using it for fraud and illegitimate business practices is "an abuse" of the DMCA. This is the DMCA takedown system doing exactly what it was designed to do: facilitate the legitimization of fraudulent copyright claims with no Presumption of Innocence, no Due Process, and no accountability.
On the post: Reputation Management Revolution: Fake News Sites And Even Faker DMCA Notices
On the post: Annoying Windows 10 Update Request Highlights Its Annoying-Ness On Live Weather Broadcast
Re: Re: Re: Re: How to turn off microsoft's notice
...or on Apple's, if you don't mind going from bad to worse. But it's hardly "very specialized things;" most of the most fundamental content creation tools simply aren't available. There's no Photoshop on Linux and no alternative to it, for example. (Some people who have never actually used both Photoshop and GIMP suggest GIMP as an alternative. Those who are actually familiar with both programs are much more likely to use it as support for my position. It's that bad.)
Let's pretend, for a moment, that the "you" in question is not me, lifelong computer programmer, but rather John Q. Person, who sees computers as a tool to use rather than a thing to tinker with. How confident are you in that statement, and particularly in its relevance to things that I would actually ever care about doing?
On the post: Annoying Windows 10 Update Request Highlights Its Annoying-Ness On Live Weather Broadcast
Re: Re: Just upgrade already, sheesh
On the post: Annoying Windows 10 Update Request Highlights Its Annoying-Ness On Live Weather Broadcast
Re: Re: How to turn off microsoft's notice
On the post: Lessons From Prince's Legacy And Struggle With Digital Music Markets
Re:
The cartoon depicted Saddam Hussein speaking with his lawyer, and the lawyer looks grim. "Mr. Hussein, I won't lie to you, things are pretty bleak. After reviewing all the evidence, it appears that the only chance we'd have of getting you cleared would be to have your case transferred to California."
On the post: Lessons From Prince's Legacy And Struggle With Digital Music Markets
Re: Not really, no
On the post: Nervous About Regulatory Action, Comcast Bumps Usage Caps To One Terabyte Per Month
Re: Reasonable Billing
On the post: House Votes Unanimously In Favor Of Requiring A Warrant To Search Emails
In all fairness, how often do you go back and look at--or even care about--mail over 6 months old on your webmail account? It might as well be "abandoned," realistically speaking, no matter where it's stored, no?
On the post: DailyDirt: A Mars Mission By 2018?!
Re: Re: Re: Why?
A journey of a thousand light-years begins with a single colony. ;)
On the post: Priceline Throws A Fit And Sues USPTO For Not Granting Them Booking.com Trademark
No, if you want to book a hotel, "booking" is descriptive of the service being offered. This is one case where "adding 'on a computer'", as it were, actually does make a fundamental difference. "Booking" is an action; "booking.com" is a specific tool to perform that action.
Having said that, if I want to go about booking a hotel, I generally just use Orbitz. :P
On the post: Nervous About Regulatory Action, Comcast Bumps Usage Caps To One Terabyte Per Month
Re: It's still an abysmally small cap...
Next >>