The album was sold through Paddle8, an online auction house, for $2 million to Martin Shkreli, a CEO of Turing Pharmaceuticals, who is notorious for purchasing the maker of toxoplasmosis drug Daraprim and increasing the price of the drug from $13.50 a pill to $750 a pill.[72] THe FBI arrested Martin Shkreli on Thursday, December 17, 2015 on charges of "widespread" securities fraud.
On the other hand.. If they *were* a shill for google, this would be the perfect cover! A crappy legal complain that doesn't go anywhere and eventually exonerates google.
I was thinking exactly the same thing.
Not that I agree with EFF being a shill for Google, I don't think they are. Just expressing an opinion on the validity of an argument.
The way 3d-printing is heading, it won't be long before I can download a car.
At the very least, we may reach a point in the not too distant future where rather than having a car shipped from Japan to Australia, there may be industrial-scale 3d-printers in major cities that produce the cars to-order in a few days.
There is no dispute that they and law enforcement agencies should have the necessary powers to detect and stop attacks before they happen.
Wow, and here I thought it was Law enforcements job to enforce the law. Arresting people for actually breaking the law. Dissuading people from breaking the law by being a visible, and practical deterrence to breaking the law by arresting people when they do break the law. Seems these people think it is law enforcements job to arrest people for thinking about breaking the law. Thought-crime police a reality.
I would suggest it's the military's job to stop these types of attacks before they occur. It is not the military's job to enforce the law, it's their job to 'defend/protect the country'.
Dear Techdirt, please place appropriate titles and/or clarifying comments in the article.
Over the last couple of weeks there have been a few (physical) goods that I have been interested in.
I've clicked on the link, added to cart, then gone to checkout and get the message: "Unfortunately, some of your items are not shippable to .... We've updated your total."
Blatting the contents of my cart.
Could you please specify in the 'daily deal' heading and/or text that there are severe restrictions on these specific deals and if you aren't in the US, don't bother.
"Incentivizing vetting of passengers?" Isn't that pretty much the only task the TSA performs? (I mean, when not running its Instagram account or helping the DEA walk off with a traveler's money…) After 15 years on the job, you'd think the TSA's vetting incentive program would be humming away like a well-funded machine. Apparently not, though.
I think you are drawing the wrong conclusion from that statement. To me, that jargon/buzzword statement is actually a statement regarding MORALE. It's implying morale is low and staff don't care about what/why they are doing the work. They are drones just ticking the boxes on the paperwork.
Incentive: noun 1. something that incites or tends to incite to action or greater effort, as a reward offered for increased productivity. adjective 2. inciting, as to action; stimulating; provocative.
They're saying that they've gotta increase the morale of their staff so they CARE about the vetting, so that they do more than blindly, unthinkingly follow the procedures. Sp that they actively look for suspicious people rather than just being a drone ticking the boxes.
why? if they set up an SSL link first (i.e. SMTPS or IMAPS) you don't need STARTTLS.
STARTTLS is a fallback, something you use when you don't support proper link encryption. If you support SMTPS or IMAPS (which is equivalent to HTTPS), you don't need STARTTLS.
STARTTLS is at the bottom of the food chain for encryption of email connections. I very much doubt we are talking about them not using encryption, they just don't use STARTTLS. STARTTLS is what you use when you (as an admin) coulnd't be FireTrucked to set up SMTPS/IMAPS. STARTTLS has more vulnerabilities than SMTPS/IMAPS:
Because the initial handshake takes place in plain text using opportunistic encryption, an actor in control of the network can strip the STARTTLS from the network, silently forcing a user's emails to be sent in plain text in a STRIPTLS attack. In September 2014, major email providers in Thailand were subject to such large scale attacks. In October 2014 Cricket Wireless, then a subsidiary of VPN provider Golden Frog was found to be doing this using Cisco devices on their network in an attempt to inspect emails and block spam
If you are already encrypted using TLS/SSL before you perform application level connection between the client software and the mail server software i.e. at the protocal or transport layer, VPN or already SSL'ed, they you don't need STARTTLS.
And that's what having a PKI infrastructure usually means. Users usually have their own user certificate, the server has a server certificate, and encryption is performed by the PKI system in place instead of relying on the mail server and mail client to support STARTTLS. Basically, think of it as using a propriety encryption layer instead of using the open standard STARTTLS which is only necessary if you don't have your own encryption layer on top already.
Take where I work for example. We have multiple offices around the country and the world. We don't use STARTTLS between our internal email clients and our internal mail server because we use a thick client on our desktop that has encryption built-in (outside STARTTLS) for the mail server from the same vendor. Sure, our 'thick clients' do support STARTTLS, but it only uses that if I decide to point my client at a 3rd-part, non-vendor supplied mail server.
And our mail servers when connecting to the mail servers of our offices and partners also doesn't use STARTTLS or SSL/TLS for encryption. Nor does out client encrypt our emails. Why? Because out network infrastructure has VPN routers with pre-shared-keys in it, as does every one of our offices and our partners. When we communicate bewteen any of these, the core routers do NOT forward the connections to the border routers, they forward the connection to the VPN routers that establish a VPN - an encrypted pipe - with our partner/office, and send the data down that already encrypted pipe, therefore no STARTTLS, no SSL, no TLS, no email encryption is necessary as the LINK is encrypted between the locations and if encryption fails, the route to the office/partner fails until the VPN is re-established.
Therefore the users of the mail client or browser connecting to a partner do not have to take any steps, don't even have to know about, encryption. The software doesn't have to implement, support or even know about encryption. It's all handled transparently for them at the network infrastructure layer.
Of course, this is a 2-edged sword. Since the users are "dumb users" who have no idea, if they have to send sensitive information (which is against policy, and could be a sackable offense) to someone who isn't in a branch office or partner organisation, they have no idea about encryption/message security. Hell, there have been cases where someone has sent sensitive email to a partner, but also put a non-partner (I think it also cc'ed to a home account of someone who was on already getting the email via their work email) on the cc list, the emails to the partners all went down the encrypted pipes, but the email to fred@someisp.com went through normal, unencrypted public internet. The user to this day still doesn't understand what they did wrong, because all they did was add someone to the cc list.
But this is the type of system these agencies ARE using. They don't need to 'do' STARTTLS because they don't need the application software to set up their encryption because they are already encrypted before the application software is even aware that someone wants to connect to it. Probably with a much higher level of encryption in their encryption layer than that used by STARTTLS. Hell, STARTTLS is vulnerable to man-in-the-middle (MIM/MITM) attacks since it has to negotiate key exchanges and so on. With network layer security this is not possible if using pre-shared-keys. This also has the added side-benefit of simplifying software that doesn't have to have encryption built into the software (the network takes care of that) and when encryption changes, the entire network's encryption can be updated by patching some vendor-specific hardware devices and a single client piece of software on the PC that enables connection to the encrypted network, rather than the dozens, hundreds of individual different pieces of software that have to be patched because they have encryption builtin...
Just because they don't use STARTTLS doesn't mean they are not encrypted.
STARTTLS is used when the client initially establishes an insecure, un-encrypted connection to the mail server. The mail server then says "hey, let's encrypt this session with TLS, here's my public key" and whatnot, they then negotiate .
HOWEVER, if are already you do the initial connection using TLS at the network/protocol layer (TLS is more commonly called SSL - as SSL was revised and enhanced and newer versions release, it's name changed from SSL to TLS. Therefore strictly speaking SSL refers to SSL 1.0 to 3.0. SSL 3+ was renamed TLS, and TLS1.0 is basically SSL 4.0, etc)
I ride a motorbike ~16km to work in about 15 minutes, and likewise another ~16km back home again.
If I was fit enough, and could actually run at that speed (64km/h), how much CO2 would I emit in running ~32km in 30 minutes? How would that compare to the amount of CO2 my motorbike releases?
If the intent of a law differs significantly from the letter of the law, and/or how the law is applied in practice, then that's a sign of either a poorly written law or someone basically making up laws as they go along via 'creative interpretation'.
Exactly like 75% of the other laws on the books? So business as usual.
Legal loopholes do not result in multi-billion dollar fines
Neither has this. No jury has rendered a verdict, no judge has ruled. As far as I can tell no charges or case has been filed with any court yet. All we have is legal d**ck waving by the EPA making press releases. Sure they might be right, but at least wait until we have a court filing detailing the crimes/breeches and the requested penalties first.
The suit wasn't over the fact the other house HAD windows, or HAD a roof. It was over the non-functional, aesthetic aspects of the house.
Say I built a house with a roof that had 37 minarets of varying heights and thicknesses. Randomly scattered over the roof. Ranging from 5cm to 50cm across, and 20cm to 2 meters high. Varying cross-sectional shapes - some round, some oblong, some square, some penta-hexa-octa-deca-mora-sided. Built with different materials, some red-brick, some white-brick, different types of timber, some pored cement. The minarets served no purpose, they aren't for hanging, no space inside them for storage, they aren't meant for bird coops or perches. They are there because I had too much acid^H^H^H^H imagination when I pressed the send button on my "Confirm Final Specifications" email to my builder - just before I headed off on a 6-month around-the-world pub-crawl^H^H^H^H^H^H^H^H^H bender^H^H^H^H^H^H no computers/phones allowed eco-holiday expecting to find a completed home when I got back.
Now if someone else built a house with an identical set of 37 minarets, same positions, same sizes, same materials, EXACTLY the same except the roof was 2 streets over. I would call shenanigans on them.
But it is a similar principle as to what is happening here. It's that the second house's windows had the EXACT SAME non-common non-functional required shape. The EXACT SAME non-functionally required dimensions. The same number of windows in the same positions. The exact same size/shape roof.
If the second house had of JUST had the same roof, or just had the same windows, they'd probably have gotten away with it, the judge would have probably laughed the plaintiff out of court.
But once you combine ALL non-functional aesthetic factors, it's a straight copy of (for want of a better phrase) artistic non-functional elements.
Now, whether they SHOULD be able to copyright that design, and be able to enforce that copyright, now THAT is a different question.
I think that would depend on how the copies were made.
1) Were they purchased from the copyright holder? 2) Did the builder ask for a copy from the copyright holder who then complied? 3) Did the copyright holder put any restrictions on the use of the copy when it was obtained ? e.g. for informational purposes and not to be used as plans for actual construction? 4) Did the builder just obtain a copy without the consent of the copyright holder? 5) Where the plans provided for 1 purpose - building of the original house - and then re-purposed, without the copyright holders consent, in the construction of a second house?
From the description I have read of this so far, it seems that the builder of the original house and the 'copycat' house was the same builder. Therefore I suggest point 5 above was the likely scenario, therefore the only legal use of the legally made copy of the plans was for the construction of the original house. Once that purpose had been accomplished, the builder was no-longer authorised to use those plans for other construction purposes. Therefore when the builder reused the plans, at that point the copy became an illegal copy.
It's sorta like buying a piece of software - say MS Office. I purchase that copy, and have the rights to use it on a single computer. However, the retailer I bought that copy from (well, really, the license key) can't make a copy of the software and then sell that copy on to another customer.
"preponderance of the evidence," something that sounds like a lot but in reality is far lower than establishing guilt "beyond a reasonable doubt." If the latter edges towards a theoretical 75% assurance of guilt, the percentage for asset forfeiture approaches a coin flip: 51%.
IANAL, but I'd suggest the 75% assurance level you refer to would be more likely covered by the Clear and Convincing evidence standard, with beyond a reasonable doubt at more like the 90% (personally I'd have to be 95% convinced) level.
On the post: Merry Christmas Internet! Turing CEO Martin Shkreli Arrested on Securities Fraud
wow that was quick
On the post: EFF Files Legal Complaint Against Google At The FTC
Re:
Not that I agree with EFF being a shill for Google, I don't think they are. Just expressing an opinion on the validity of an argument.
On the post: Microsoft Lobbying Group Forces 'Pirate' To Get 200,000 Views On Anti-Piracy Video... Whole Thing Backfires
"You wouldn't download a car!"
At the very least, we may reach a point in the not too distant future where rather than having a car shipped from Japan to Australia, there may be industrial-scale 3d-printers in major cities that produce the cars to-order in a few days.
On the post: NY Times Gets It Right: Officials Calling For More Surveillance Are Proven Liars; Don't Listen To Them
Minority Report reality
I would suggest it's the military's job to stop these types of attacks before they occur. It is not the military's job to enforce the law, it's their job to 'defend/protect the country'.
On the post: Senator McCain Promises To Introduce Legislation To Backdoor Encryption, Make Everyone Less Safe
On the post: Daily Deal: UE BOOM Bluetooth Speaker
Pleas fix your titles
Over the last couple of weeks there have been a few (physical) goods that I have been interested in.
I've clicked on the link, added to cart, then gone to checkout and get the message: "Unfortunately, some of your items are not shippable to .... We've updated your total."
Blatting the contents of my cart.
Could you please specify in the 'daily deal' heading and/or text that there are severe restrictions on these specific deals and if you aren't in the US, don't bother.
On the post: TSA: Terrible At Security But Finally Willing To Work On Its Problems
Incentivizing vetting of passengers?
Incentive:
noun
1. something that incites or tends to incite to action or greater effort, as a reward offered for increased productivity.
adjective
2. inciting, as to action; stimulating; provocative.
They're saying that they've gotta increase the morale of their staff so they CARE about the vetting, so that they do more than blindly, unthinkingly follow the procedures. Sp that they actively look for suspicious people rather than just being a drone ticking the boxes.
On the post: French Restaurants: Home Cooking Really Is Killing The Restaurant Industry!
Re: Re: Re:
On the post: Appeals Court Doesn't Think Putting Historical Figures In Video Games Is Free Speech
On the post: State Court Says University Can't Punish Student For Off-Campus Tweets
Re: Re: Re:
On the post: Microsoft 'Addresses' Windows 10 Privacy Concerns By Simply Not Mentioning Most Of Them
Re: Re: Re: Re: Re: Re: Re:
On the post: CIA, FBI And Much Of US Military Aren't Doing The Most Basic Things To Encrypt Email
Re: Re: Re:
STARTTLS is a fallback, something you use when you don't support proper link encryption. If you support SMTPS or IMAPS (which is equivalent to HTTPS), you don't need STARTTLS.
STARTTLS is at the bottom of the food chain for encryption of email connections. I very much doubt we are talking about them not using encryption, they just don't use STARTTLS. STARTTLS is what you use when you (as an admin) coulnd't be FireTrucked to set up SMTPS/IMAPS. STARTTLS has more vulnerabilities than SMTPS/IMAPS:
On the post: CIA, FBI And Much Of US Military Aren't Doing The Most Basic Things To Encrypt Email
Re:
If you are already encrypted using TLS/SSL before you perform application level connection between the client software and the mail server software i.e. at the protocal or transport layer, VPN or already SSL'ed, they you don't need STARTTLS.
And that's what having a PKI infrastructure usually means. Users usually have their own user certificate, the server has a server certificate, and encryption is performed by the PKI system in place instead of relying on the mail server and mail client to support STARTTLS. Basically, think of it as using a propriety encryption layer instead of using the open standard STARTTLS which is only necessary if you don't have your own encryption layer on top already.
Take where I work for example. We have multiple offices around the country and the world. We don't use STARTTLS between our internal email clients and our internal mail server because we use a thick client on our desktop that has encryption built-in (outside STARTTLS) for the mail server from the same vendor. Sure, our 'thick clients' do support STARTTLS, but it only uses that if I decide to point my client at a 3rd-part, non-vendor supplied mail server.
And our mail servers when connecting to the mail servers of our offices and partners also doesn't use STARTTLS or SSL/TLS for encryption. Nor does out client encrypt our emails. Why? Because out network infrastructure has VPN routers with pre-shared-keys in it, as does every one of our offices and our partners. When we communicate bewteen any of these, the core routers do NOT forward the connections to the border routers, they forward the connection to the VPN routers that establish a VPN - an encrypted pipe - with our partner/office, and send the data down that already encrypted pipe, therefore no STARTTLS, no SSL, no TLS, no email encryption is necessary as the LINK is encrypted between the locations and if encryption fails, the route to the office/partner fails until the VPN is re-established.
Therefore the users of the mail client or browser connecting to a partner do not have to take any steps, don't even have to know about, encryption. The software doesn't have to implement, support or even know about encryption. It's all handled transparently for them at the network infrastructure layer.
Of course, this is a 2-edged sword. Since the users are "dumb users" who have no idea, if they have to send sensitive information (which is against policy, and could be a sackable offense) to someone who isn't in a branch office or partner organisation, they have no idea about encryption/message security. Hell, there have been cases where someone has sent sensitive email to a partner, but also put a non-partner (I think it also cc'ed to a home account of someone who was on already getting the email via their work email) on the cc list, the emails to the partners all went down the encrypted pipes, but the email to fred@someisp.com went through normal, unencrypted public internet. The user to this day still doesn't understand what they did wrong, because all they did was add someone to the cc list.
But this is the type of system these agencies ARE using. They don't need to 'do' STARTTLS because they don't need the application software to set up their encryption because they are already encrypted before the application software is even aware that someone wants to connect to it. Probably with a much higher level of encryption in their encryption layer than that used by STARTTLS. Hell, STARTTLS is vulnerable to man-in-the-middle (MIM/MITM) attacks since it has to negotiate key exchanges and so on. With network layer security this is not possible if using pre-shared-keys. This also has the added side-benefit of simplifying software that doesn't have to have encryption built into the software (the network takes care of that) and when encryption changes, the entire network's encryption can be updated by patching some vendor-specific hardware devices and a single client piece of software on the PC that enables connection to the encrypted network, rather than the dozens, hundreds of individual different pieces of software that have to be patched because they have encryption builtin...
On the post: CIA, FBI And Much Of US Military Aren't Doing The Most Basic Things To Encrypt Email
Just because they don't use STARTTLS doesn't mean they are not encrypted.
STARTTLS is used when the client initially establishes an insecure, un-encrypted connection to the mail server. The mail server then says "hey, let's encrypt this session with TLS, here's my public key" and whatnot, they then negotiate .
HOWEVER, if are already you do the initial connection using TLS at the network/protocol layer (TLS is more commonly called SSL - as SSL was revised and enhanced and newer versions release, it's name changed from SSL to TLS. Therefore strictly speaking SSL refers to SSL 1.0 to 3.0. SSL 3+ was renamed TLS, and TLS1.0 is basically SSL 4.0, etc)
On the post: VW Accused Of Using Software To Fool Emissions Tests: Welcome To The Internet Of Cheating Things
Re: Walking is not a big CO2 producer.
If I was fit enough, and could actually run at that speed (64km/h), how much CO2 would I emit in running ~32km in 30 minutes? How would that compare to the amount of CO2 my motorbike releases?
I am genuinely curious.
On the post: VW Accused Of Using Software To Fool Emissions Tests: Welcome To The Internet Of Cheating Things
Re: Re: Re: fraudulent info
On the post: VW Accused Of Using Software To Fool Emissions Tests: Welcome To The Internet Of Cheating Things
Re: Re: Re: Re: fraudulent info
Neither has this. No jury has rendered a verdict, no judge has ruled. As far as I can tell no charges or case has been filed with any court yet. All we have is legal d**ck waving by the EPA making press releases. Sure they might be right, but at least wait until we have a court filing detailing the crimes/breeches and the requested penalties first.
On the post: Australian Court Orders Homeowners To Physically Alter Exterior Of 'Infringing' House
Re: Re:
The suit wasn't over the fact the other house HAD windows, or HAD a roof. It was over the non-functional, aesthetic aspects of the house.
Say I built a house with a roof that had 37 minarets of varying heights and thicknesses. Randomly scattered over the roof. Ranging from 5cm to 50cm across, and 20cm to 2 meters high. Varying cross-sectional shapes - some round, some oblong, some square, some penta-hexa-octa-deca-mora-sided. Built with different materials, some red-brick, some white-brick, different types of timber, some pored cement. The minarets served no purpose, they aren't for hanging, no space inside them for storage, they aren't meant for bird coops or perches. They are there because I had too much acid^H^H^H^H imagination when I pressed the send button on my "Confirm Final Specifications" email to my builder - just before I headed off on a 6-month around-the-world pub-crawl^H^H^H^H^H^H^H^H^H bender^H^H^H^H^H^H no computers/phones allowed eco-holiday expecting to find a completed home when I got back.
Now if someone else built a house with an identical set of 37 minarets, same positions, same sizes, same materials, EXACTLY the same except the roof was 2 streets over. I would call shenanigans on them.
But it is a similar principle as to what is happening here. It's that the second house's windows had the EXACT SAME non-common non-functional required shape. The EXACT SAME non-functionally required dimensions. The same number of windows in the same positions. The exact same size/shape roof.
If the second house had of JUST had the same roof, or just had the same windows, they'd probably have gotten away with it, the judge would have probably laughed the plaintiff out of court.
But once you combine ALL non-functional aesthetic factors, it's a straight copy of (for want of a better phrase) artistic non-functional elements.
Now, whether they SHOULD be able to copyright that design, and be able to enforce that copyright, now THAT is a different question.
PS could we get the < del > tag added?
On the post: Australian Court Orders Homeowners To Physically Alter Exterior Of 'Infringing' House
Re: Something else seems off here.
1) Were they purchased from the copyright holder?
2) Did the builder ask for a copy from the copyright holder who then complied?
3) Did the copyright holder put any restrictions on the use of the copy when it was obtained ? e.g. for informational purposes and not to be used as plans for actual construction?
4) Did the builder just obtain a copy without the consent of the copyright holder?
5) Where the plans provided for 1 purpose - building of the original house - and then re-purposed, without the copyright holders consent, in the construction of a second house?
From the description I have read of this so far, it seems that the builder of the original house and the 'copycat' house was the same builder. Therefore I suggest point 5 above was the likely scenario, therefore the only legal use of the legally made copy of the plans was for the construction of the original house. Once that purpose had been accomplished, the builder was no-longer authorised to use those plans for other construction purposes. Therefore when the builder reused the plans, at that point the copy became an illegal copy.
It's sorta like buying a piece of software - say MS Office. I purchase that copy, and have the rights to use it on a single computer. However, the retailer I bought that copy from (well, really, the license key) can't make a copy of the software and then sell that copy on to another customer.
On the post: Virginia Lawmakers Attempting To Reform State's Asset Forfeiture Debacle By Pushing For A Conviction Requirement
75%?
Next >>