Thanks to Karl for pointing out that, even if the MPAA were so inclined to name Google et al as defendants in the suit, they would be protected by DMCA safe harbor provisions. That slipped by me, (IANAL, remember?).
My above post still stands, though. There's nothing wrong with a judge declaring a preliminary injunction against MovieTube itself.
I'm not sure that I agree with this. In cases of clear or egregious wrongdoing, a judge is perfectly within their rights, (though, IANAL), to grant preliminary injunctive relief while the case proceeds. A few caveats, though:
First, a preliminary injunction is not an assumption of guilt, and should not be treated as such. It merely means that, if granted, in the court's opinion, ongoing operations by the defendant will result in significant further damages to the plaintiff. Whether defendant is liable for said damages, or was criminal in causing them, is neither implied nor contraindicated.
Second, such preliminary injunctions must not be rubber stamped. They must be assessed on a case-by-case basis, and, if granted, only after significant deliberation.
Further, should the court rule for the defendant, they are entitled to remuneration for any lost profits stemming from the injunction. (Though, again, IANAL. They may need to counter-sue. If so, the law should be changed.)
Finally, under NO circumstances should an injunctive action be levied against any entity which is not a named defendant, as the MPAA tried here. Not only are such things prima facie foolishness, but the deeper concerns at play are very unsettling. If you seek preliminary injunctive relief against an entity, then name them as a defendant in your suit. Importantly, this provides said entity opportunity to present arguments against the injunction beforehand, rather than the court taking unilateral action.
Of course, the MPAA did not name Google et al as defendants, because accusing them of wrongdoing in this matter is an indefensible position. If they had the slightest case against "Goliath", can anyone honestly tell themselves that they wouldn't have pursued it with abandon?
They do, however, have a case against MovieTube. They have a reasonable argument for a judge to grant a preliminary injunction against MovieTube, ordering cessation of operations pending the result of the case. They do not have anything approaching a reasonable argument for seeking injunctive action against entities who are not accused of wrongdoing.
Why is the CEO of a major corporation throwing a tantrum?
If he really wanted people to take him and his company seriously, maybe he shouldn't be acting like a spoiled 5-year old after losing a game. Google and Facebook, regardless of what you may personally think of their products and policies, are hugely successful companies. So, seeing these new upstarts muscling on on big media's historic territory, what does Thomson do? Does he attempt to figure out how to make a better service to out-compete? No, he whines and rants and curses, then wonders why people stop listening to him, and more and more of his customers turn to other options. He is a joke.
Side note: What's with his obsession with LinkedIn? Is he cyber-stalking more successful CEOs or something, wallowing in envy?
The lawsuit Netflix settled featured one key difference: in that case, rental information -- in the form of "anonymized data" -- was released to third parties working on better suggestion algorithms in hopes of winning $1 million.
Huh. I actually participated in that contest. Did fairly well, I had ~82% accuracy on the test set. Not bad for a college kid at the time, though of course the winner was some big lab. My biggest problem was a lack of compute power. Had to rewrite my algorithm to use aggressive disk caching, 'cause the 6gb of RAM on my server wasn't nearly enough. Slowed the whole thing to a crawl, so that even the smaller training set took like 12 hours to process. This was, of course, before SSDs were economically feasible.
I'm pretty sure that I still have a copy of that data lying around.
Ehhh, I guess I half agree with you. While that specific piece was certainly a low-point for Ars (though it was an Op-Ed by a single author, if that makes a difference), it was also fairly thoroughly and uniformly blasted by the readers. None of which were banned for doing so.
[Side note: Do I want to know what a bronie (brony?) is?]
I can't say that I hate chocolate, but I certainly dislike it, as well as anything sweet. Chocolate isn't sweet enough to make me hate it, and dark chocolate's not bad in small quantities (the more bitter, the better). Though, I saw a friend eat a Cadbury Creme Egg a few months ago, and nearly vomited as a result... How can people stand that? Yet, somehow, I'm the odd one...
A couple of things... Minor errors? Really? A complete misunderstanding of the material at hand, and publishing an article that is effectively disinformation is a minor error?
Techdirt has made mistakes of this magnitude in the past. (They usually post corrections, but you're correct, that's neither here nor there.) This does not invalidate the claim that faulty reporting will lead to a loss in readership. There were a few instances in which techdirt nearly lost me as a reader due to blatant errors that invalidated the entire article.
This article isn't about bashing the other news sites for getting it wrong (at least, not primarily, it does feel like Techdirt is gloating a bit, which is not cool given that they have made similar mistakes), but informing the readers, whp may also be readers of one of the other sites, that the information reported therein was not accurate, and to stop the spread of disinformation.
Virtual objects are not objects, they are virtual.
Sigh... Nine years later and people are still spouting this nonsense.
If I flipped a couple of virtual ones and zeroes around and emptied your bank account, would you still claim that nothing was stolen from you? Or do you really believe that your money is just sitting in big vault somewhere? Ownership is a far more complicated concept than whatever physical items you can lay your hands on. Many aspects of ownership are "virtual", beyond just the obvious. Ownership of copyright, of land, of debt. These are all virtual concepts, yet they govern most aspects of our lives. This is not something new, the frameworks of virtual ownership have been around, in one form or another, for centuries.
Shrugging all of this off as "virtual, and hence meaningless", is... short-sighted.
The CA does not create or provide Certificates, they merely sign them so they are "trusted".
This has little to do with the actual encryption between a TLS enabled client and server. There are at least three legs here (more if you have a web of trust instead of a single trust authority): the client, the server, and the CA. Each of these points have their own private/public key pairs. Data to the client is encrypted using the server's private key, which the CA most certainly does not have.
If the CA were compromised by an attacker, they still couldn't decrypt communication between client and server. However, if the attacker was able to intercept traffic as a MitM, what they could do would be impersonate the server using the compromised CA. That way they wouldn't need to break the encryption, since the client is encrypting the traffic so that the MitM can decrypt it, thinking that they're talking to the server.
Blaming third-parties for not disobeying government orders is a red herring, anyway. The government should not be allowed to issue such orders. Period.
Just wanted to point out that it is possible to steal IP, and in context it's what Kerry was talking about. When you break or hack in to obtain confidential information that you aren't allowed access to (and possibly destroying or corrupting the original), that is most certainly theft.
When you distribute information that you obtained legally without permission and against Copyright laws, such as sharing a movie online, that is infringement, not theft. Corporate espionage falls under a different label than infringing.
The concepts, of course, are not mutually exclusive. The use of the stolen IP, such as by putting out a competing product based on the IP, is, once again, infringement.
That bit of pedantism aside, this was a great article.
TL;DR: Illegally obtaining confidential IP is theft; illegally using IP (secret or not) is infringement.
Ion Thrusters are interesting, but they're not a purely electric propulsion medium. They still rely on a propellant, xenon usually, which is expelled at high speeds. They're much more fuel efficient than chemical propellants, but they still need to carry fuel, which limits the usefulness for deep space exploration. They also tend to generate very low thrust, but by the time that we really need better thrusters that might no longer be true.
That EM drive, though.... I really hope that it's not just a mistake, and it does operate the way people think.
They could do that; as an ISP they could intercept any https requests, and act as a MitM proxy, decrypting and re-encrypting traffic in both directions. That would be troublesome if https was only about encryption. What they would not be able to do would be perfectly disguise the traffic as coming from the original source. They would need to automatically create certs for each site that a user requests. They could make these certs appear to be from the site in question, maybe even well enough to fool the browser, but they would not be identical to the certs provided by the site, and they would all be able to traced back to a single CA. When every https site in the world is suddenly using the same CA... Well, let's just say people will notice, and there will be an uproar. See the Lenovo/Superfish fiasco.
This type of MitM attack is untenable on a wide scale, particularly if you need to keep it quiet. Targeted attacks on less savvy individuals, however...
For anyone who is worried that using https will require trusting a third-party, there is a way around that. It's not all that difficult to run a CA yourself, many Enterprises do so for encrypting internal web applications. Certs usually cost money not because of some technical cost of encryption, but because of the man-hours that are required for the CA to verify that you are who you claim to be. You can cut out the middle man by running your own CA (you implicitly trust you, right?). The downside is that the certs you create won't be trusted by default (and the hoops you would have to jump through to do so are... untenable). Clients would need to install your root cert onto their machine, which is easy to do, and then any certs you create are trusted.
If that's too much to worry about, you can always forgo a CA entirely and use self-signed certs. No one will be able to trust them, but it's the easiest way to get encryption running. The problem with https/ssl is it's playing double duty as data encryption and identity verification. Providing encryption is cheap and easy, and solves most (though not all) of the concerns about modern web browsing. Unfortunately, encryption is caught up in identity verification/trust authority, which is difficult and expensive (though progress is being made on that front by EFF/Cloudflare/others). I'd love to see a protocol somewhere between http and https, that negotiates and encrypts traffic, but doesn't rely on a trust framework. It obviously wouldn't be as secure as https (MitM attacks would be much easier), so https would still need to be used for things like ecommerce, but it would be much better than http, and without the costs/difficulties of https.
Not the only one, no. Plenty of folks are mildly disinterested in the game even though they completely understand it. Myself, beyond interest in the world building algorithms and the possibilities of the in-game logic circuits (though the former is less about playing the game than it is interest in the mechanics, and there are better examples than Minecraft of the latter, e.g., Little Big Planet, Space Engineers), I find it rather dull.
That said, I completely understand why so many people enjoy it. The best analogy really is an endless set of legos; Minecraft allows for an enormous amount of creative expression. But, then, I never did enjoy legos as a kid. They always felt... pointless. Instead, I spent weekends and holidays building complex engineering feats (for a kid, anyway) out of K'nex. Less about making pretty structures than seeing what you could build, struggling against gravity, structural stability, load distribution (I think I figured out the awesomeness of the lowly triangle at about 6 or 7), etc. Throw some motors in the mix, and things start to get really fun. I remember spending a lot of time messing with a remote control motor, building various vehicles.
I guess I'm trying to explain that I'm creative, but not artistic, and that I that I think Minecraft appeals to those with an artistic tendency. Since allowing kids to explore their artistic side is laudable, I have a hard time understanding why anyone with a touch of sense would think Minecraft is bad for kids.
Re: Re: Technology leads to Frankenstein tragedies.
Isn't Bill O'Reilly registered as an Independent? Conservative, certainly, but not a Republican. Seems to me like you took two random examples on the failings of rigid, dogmatic ideologies, and interpreted it as a personal attack.
Do you have a persecution complex, or are you posting flamebait for the hell of it? I am inclined to believe the former, though your last statement gives me doubts, so correct me if I'm mistaken.
Techdirt should really know better. This is tabloid (or cable news) level bullshit. The only revelation here is that the campaign website uses Cloudflare. Good for them, Cloudflare knows what they're doing. The SSL certs used by CF often serve multiple websites. That's all that's going on here. It has nothing to do with Ted Cruz, and little to do with Cloudflare.
Cisco's plan makes a lot of assumptions about the NSA's capabilities, most of which aren't particularly sound...
I don't agree. Cisco is well aware of NSA capabilities, and they know that this plan isn't enough to prevent tampering en route. With enough tracking/surveillance/infiltration of Cisco operations/personnel, the NSA can and likely will still find, intercept, and tamper with intended targets.
In that case, why did Cisco bother? Two reasons. First, which was touched on in the article, is to simply make a statement. They are proclaiming to the world and to the NSA that they're not willing to sit idly by while the surveillance state drives their reputation (and their bottom line) into the ground. This is a symbolic protest as much as an actual mitigation.
Second, yes, this is a mitigation. These precautions won't make it impossible for resourceful (in both meanings) third parties to intercept equipment, but they will make it more difficult, and thus costlier. Even the NSA only has so many man-hours it can direct. If it now takes twice as many man-hours (an over-estimation, I'm sure, but no matter) in order to backdoor a router en route, then they are only able to do so half as often.
Cisco, or any US based company, can only do so much to thwart the surveillance state. Any pushback, however minor or symbolic, is to be applauded. On the same note, any willful collusion should be considered a betrayal of their customers, and the public at large.
Though, I'd like to point out that the first parenthetical in his post follows a full stop, and encapsulates a discrete sentence. In informal grammar, this indicates an aside, a thought tangentially related to the current topic, but not fitting in the paragraph flow. (Yes, in case you were wondering, I am enjoying myself.) It is perfectly valid, though, again, less than formal.
On the post: After Internet Companies Protest, MPAA Declares Victory And Walks Away From Attempt To Backdoor SOPA
Re: Re: Re: Re: @ "killing off the service"
My above post still stands, though. There's nothing wrong with a judge declaring a preliminary injunction against MovieTube itself.
On the post: After Internet Companies Protest, MPAA Declares Victory And Walks Away From Attempt To Backdoor SOPA
Re: Re: Re: @ "killing off the service"
First, a preliminary injunction is not an assumption of guilt, and should not be treated as such. It merely means that, if granted, in the court's opinion, ongoing operations by the defendant will result in significant further damages to the plaintiff. Whether defendant is liable for said damages, or was criminal in causing them, is neither implied nor contraindicated.
Second, such preliminary injunctions must not be rubber stamped. They must be assessed on a case-by-case basis, and, if granted, only after significant deliberation.
Further, should the court rule for the defendant, they are entitled to remuneration for any lost profits stemming from the injunction. (Though, again, IANAL. They may need to counter-sue. If so, the law should be changed.)
Finally, under NO circumstances should an injunctive action be levied against any entity which is not a named defendant, as the MPAA tried here. Not only are such things prima facie foolishness, but the deeper concerns at play are very unsettling. If you seek preliminary injunctive relief against an entity, then name them as a defendant in your suit. Importantly, this provides said entity opportunity to present arguments against the injunction beforehand, rather than the court taking unilateral action.
Of course, the MPAA did not name Google et al as defendants, because accusing them of wrongdoing in this matter is an indefensible position. If they had the slightest case against "Goliath", can anyone honestly tell themselves that they wouldn't have pursued it with abandon?
They do, however, have a case against MovieTube. They have a reasonable argument for a judge to grant a preliminary injunction against MovieTube, ordering cessation of operations pending the result of the case. They do not have anything approaching a reasonable argument for seeking injunctive action against entities who are not accused of wrongdoing.
On the post: News Corp's CEO Bizarre Obsession With Made Up Lies About Google
Why is the CEO of a major corporation throwing a tantrum?
Side note: What's with his obsession with LinkedIn? Is he cyber-stalking more successful CEOs or something, wallowing in envy?
On the post: Appeals Court Says Netflix Doesn't Violate Privacy By Displaying Viewing History To Anyone Using That Account
I still have that data...
Huh. I actually participated in that contest. Did fairly well, I had ~82% accuracy on the test set. Not bad for a college kid at the time, though of course the winner was some big lab. My biggest problem was a lack of compute power. Had to rewrite my algorithm to use aggressive disk caching, 'cause the 6gb of RAM on my server wasn't nearly enough. Slowed the whole thing to a crawl, so that even the smaller training set took like 12 hours to process. This was, of course, before SSDs were economically feasible.
I'm pretty sure that I still have a copy of that data lying around.
On the post: DailyDirt: Artificial Intelligence Is Here To Help Us...
Re: aND IN 1980
FTFY
On the post: Sting Operation Shows How Full Of Crap Health Journals Are When It Comes To Dietary Studies
Re: Re:
[Side note: Do I want to know what a bronie (brony?) is?]
On the post: Sting Operation Shows How Full Of Crap Health Journals Are When It Comes To Dietary Studies
Chocolate
On the post: Ford Pretends To Open Up Its Patents Like Tesla, But Doesn't; Media Falls For It
Re: Re: Re:
Techdirt has made mistakes of this magnitude in the past. (They usually post corrections, but you're correct, that's neither here nor there.) This does not invalidate the claim that faulty reporting will lead to a loss in readership. There were a few instances in which techdirt nearly lost me as a reader due to blatant errors that invalidated the entire article.
This article isn't about bashing the other news sites for getting it wrong (at least, not primarily, it does feel like Techdirt is gloating a bit, which is not cool given that they have made similar mistakes), but informing the readers, whp may also be readers of one of the other sites, that the information reported therein was not accurate, and to stop the spread of disinformation.
On the post: 2 Teen Diablo Players Were Charged, Got Probation For 'Stealing' Virtual Items That Were Replaced
Re: Re: Re: Re: Real vs Virtual
Sigh... Nine years later and people are still spouting this nonsense.
If I flipped a couple of virtual ones and zeroes around and emptied your bank account, would you still claim that nothing was stolen from you? Or do you really believe that your money is just sitting in big vault somewhere? Ownership is a far more complicated concept than whatever physical items you can lay your hands on. Many aspects of ownership are "virtual", beyond just the obvious. Ownership of copyright, of land, of debt. These are all virtual concepts, yet they govern most aspects of our lives. This is not something new, the frameworks of virtual ownership have been around, in one form or another, for centuries.
Shrugging all of this off as "virtual, and hence meaningless", is... short-sighted.
On the post: New Leak Shows NSA's Plans To Hijack App Store Traffic To Implant Malware And Spyware
Re: Re: Re: Re:
The CA does not create or provide Certificates, they merely sign them so they are "trusted".
This has little to do with the actual encryption between a TLS enabled client and server. There are at least three legs here (more if you have a web of trust instead of a single trust authority): the client, the server, and the CA. Each of these points have their own private/public key pairs. Data to the client is encrypted using the server's private key, which the CA most certainly does not have.
If the CA were compromised by an attacker, they still couldn't decrypt communication between client and server. However, if the attacker was able to intercept traffic as a MitM, what they could do would be impersonate the server using the compromised CA. That way they wouldn't need to break the encryption, since the client is encrypting the traffic so that the MitM can decrypt it, thinking that they're talking to the server.
Blaming third-parties for not disobeying government orders is a red herring, anyway. The government should not be allowed to issue such orders. Period.
On the post: Secretary Of State: We Must Have A Secure Internet; Homeland Security Secretary: A Secure Internet Makes Us All Less Safe
Theft of IP
When you distribute information that you obtained legally without permission and against Copyright laws, such as sharing a movie online, that is infringement, not theft. Corporate espionage falls under a different label than infringing.
The concepts, of course, are not mutually exclusive. The use of the stolen IP, such as by putting out a competing product based on the IP, is, once again, infringement.
That bit of pedantism aside, this was a great article.
TL;DR: Illegally obtaining confidential IP is theft; illegally using IP (secret or not) is infringement.
On the post: DailyDirt: Sailing Through Space Without Rockets
Ion Thrusters
That EM drive, though.... I really hope that it's not just a mistake, and it does operate the way people think.
On the post: Yes, Switching To HTTPS Is Important, And No It's Not A Bad Thing
Re: Re: Running a CA
I'm not surprised that there hasn't been much interest in it, though.
On the post: Yes, Switching To HTTPS Is Important, And No It's Not A Bad Thing
Re: Re: Re: Re: Troublesome certificates...
This type of MitM attack is untenable on a wide scale, particularly if you need to keep it quiet. Targeted attacks on less savvy individuals, however...
On the post: Yes, Switching To HTTPS Is Important, And No It's Not A Bad Thing
Running a CA
If that's too much to worry about, you can always forgo a CA entirely and use self-signed certs. No one will be able to trust them, but it's the easiest way to get encryption running. The problem with https/ssl is it's playing double duty as data encryption and identity verification. Providing encryption is cheap and easy, and solves most (though not all) of the concerns about modern web browsing. Unfortunately, encryption is caught up in identity verification/trust authority, which is difficult and expensive (though progress is being made on that front by EFF/Cloudflare/others). I'd love to see a protocol somewhere between http and https, that negotiates and encrypts traffic, but doesn't rely on a trust framework. It obviously wouldn't be as secure as https (MitM attacks would be much easier), so https would still need to be used for things like ecommerce, but it would be much better than http, and without the costs/difficulties of https.
On the post: Latest Pointless Moral Panic: Minecraft Is Ruining Our Children
Re:
That said, I completely understand why so many people enjoy it. The best analogy really is an endless set of legos; Minecraft allows for an enormous amount of creative expression. But, then, I never did enjoy legos as a kid. They always felt... pointless. Instead, I spent weekends and holidays building complex engineering feats (for a kid, anyway) out of K'nex. Less about making pretty structures than seeing what you could build, struggling against gravity, structural stability, load distribution (I think I figured out the awesomeness of the lowly triangle at about 6 or 7), etc. Throw some motors in the mix, and things start to get really fun. I remember spending a lot of time messing with a remote control motor, building various vehicles.
I guess I'm trying to explain that I'm creative, but not artistic, and that I that I think Minecraft appeals to those with an artistic tendency. Since allowing kids to explore their artistic side is laudable, I have a hard time understanding why anyone with a touch of sense would think Minecraft is bad for kids.
On the post: Sony Execs Freaked Out That Its Marketing People Wanted To Use Torrents For Marketing
Re: Re: Technology leads to Frankenstein tragedies.
Do you have a persecution complex, or are you posting flamebait for the hell of it? I am inclined to believe the former, though your last statement gives me doubts, so correct me if I'm mistaken.
On the post: Ted Cruz's New Presidential Campaign Donation Website Shares Security Certificate With Nigerian-Prince.com
Re: Cloudflare Certificates
I'm disappointed.
On the post: Cisco Shipping Hardware To Bogus Addresses To Throw Off NSA Intercept-And-Implant Efforts
Mitigation, not Prevention
I don't agree. Cisco is well aware of NSA capabilities, and they know that this plan isn't enough to prevent tampering en route. With enough tracking/surveillance/infiltration of Cisco operations/personnel, the NSA can and likely will still find, intercept, and tamper with intended targets.
In that case, why did Cisco bother? Two reasons. First, which was touched on in the article, is to simply make a statement. They are proclaiming to the world and to the NSA that they're not willing to sit idly by while the surveillance state drives their reputation (and their bottom line) into the ground. This is a symbolic protest as much as an actual mitigation.
Second, yes, this is a mitigation. These precautions won't make it impossible for resourceful (in both meanings) third parties to intercept equipment, but they will make it more difficult, and thus costlier. Even the NSA only has so many man-hours it can direct. If it now takes twice as many man-hours (an over-estimation, I'm sure, but no matter) in order to backdoor a router en route, then they are only able to do so half as often.
Cisco, or any US based company, can only do so much to thwart the surveillance state. Any pushback, however minor or symbolic, is to be applauded. On the same note, any willful collusion should be considered a betrayal of their customers, and the public at large.
On the post: How Hillary Clinton Exposed Her Emails To Foreign Spies... In Order To Hide Them From The American Public
Re: Re: grammar bugaboo
Next >>