Forgot your password?

Comment: Re:The good news (Score 1) 640

by plover (#48213045) Attached to: FTDI Reportedly Bricking Devices Using Competitors' Chips.

Look at how counterfeiting laws work for money. If you pay with a $100 bill in a smokey bar at night and get a $20 counterfeit bill in change, and don't realize it until the next day, you're out the $20. If you try to spend it, you're actually committing a felony - it doesn't matter if you printed the phony bill yourself, or if you just accepted it as change and are passing it forward. It also doesn't matter if you realize it's counterfeit or not, although the Secret Service agents may agree to give you a pass the first time you try to spend phony money if you claim you didn't realize it was counterfeit, and cooperate completely.

However, currency counterfeiting laws are very specific to money. Let's look at product counterfeiting, which works similarly but probably without the felony charges.

If FTDI discovered a container of devices with counterfeit chips was en route, they could tell Customs, who would order the contents of the container to be destroyed once they arrived on the dock. This would be a problem for the shipping company, who accepted the devices for shipment and never delivered them, so they would have to pay out an insurance claim. The insurer then has to deal with the liability by going back to the shipper and saying "hey, your devices were destroyed by Customs, I had to pay out for failing to deliver the goods." I expect the shipping companies deal with this all the time, though, and have a contract clause that absolves them of insurance liability in this case. In this case, the supplier is out the money. Their recourse would be to go back to the manufacturer and ask for their money back. Maybe the manufacturer will honor the request, maybe they won't.

If FTDI discovered a shipment of devices with counterfeit chips already went to MicroCenter, they would call the Secret Service, who would contact MicroCenter and MicroCenter would have to pull them off the shelves and destroy them, leaving MicroCenter without the money. Their only recourse would be to contact their supplier and say "hey, you sold us counterfeit goods, we want our money back." Maybe they'd get their money back, maybe they wouldn't. It's a risk.

So FTDI has now found a way to destroy a consumer device. As above, the consumer is similarly out of luck. Their recourse is to go back to MicroCenter and say "hey, this adapter, it's broke." Maybe they'll get their money back, maybe they won't. It's a risk. MicroCenter might eat the losses, or they might go back to their supplier, who might go back to the manufacturer.

In every case when the counterfeits are discovered they are destroyed, leaving somebody without the device and without the money.

I think FTDI may have a pretty solid legal ground for behaving like this, even though it's always a crappy experience to the person who got stuck with the phony. The main difference is that FTDI is doing this without asking the Secret Service to investigate the counterfeits first.

Comment: Re:If you can't do, sue! (Score 1) 122

by plover (#48209519) Attached to: Security Company Tries To Hide Flaws By Threatening Infringement Suit

Nope. Legal protections for intellectual property include patents, trademarks, and copyright. However, all these have limited lifetimes. Having a trade secret means you forgo any legal protection, and you take on defending your secret through your own security systems. That means you can retain a trade secret for as long as you can keep it secret, but once the genie's out of the bottle, too bad. The courts can't help you directly, but you could sue a disgruntled employee if he published the 11 secret herbs and spices in breach of his employment contract.

Comment: Re:If you can't do, sue! (Score 1) 122

by plover (#48209443) Attached to: Security Company Tries To Hide Flaws By Threatening Infringement Suit

On the one hand, there is the philosophy that "locks only keep honest people out." If someone is using a hack to bypass their door security, the current legal framework could be used to charge them with trespassing, breaking and entering, illegal use of lock-picking equipment, possession of burglary tools, or some other charge. If a prosecutor wants to file charges against you for using such a device, he will. To that end, HID may feel they have to try to defend their system through the legal system, or the courts may not take their products seriously as a security system.

On the other hand, anyone who has such a system protecting their buildings and grounds is now at Pucker-Factor One. These SLAPP lawsuits are just confirmation that HID acknowledges the threat to their systems is real, and the attack code is already in the hands of vandals and bad guys. If building security was my job I'd be on the phone to HID today, and googling the competition while their account manager lied in my ear about how it's not a crisis.

Comment: Re:Oh, another one (Score 1) 122

by plover (#48209355) Attached to: Security Company Tries To Hide Flaws By Threatening Infringement Suit

You have just described the crime of barratry, or of a SLAPP. Neither will get you disbarred.

Remember, the bar is populated by other lawyers, and they like to practice freely. They're won't disbar someone for defending their client through vigorous means - to defend someone in any other way would be unethical to their client. A SLAPP has to be really, really egregious before it sinks to that level.

Comment: Re:Boil it down to cost (Score 2) 104

by plover (#48200901) Attached to: Ask Slashdot: Event Sign-Up Software Options For a Non-Profit?

You have essentially lead them into making the decision that you want them to make.

I agree with everything except your conclusion. It's not a contest, with a winner and loser. Everyone at the table needs to be trying to serve the users and business interests. Once the goals and requirements come out, it may turn out his initial decision was not the best. It's about cooperating to deliver the best fit solution that meets everyone's requirements to the maximum extent practical.

To that degree, it often helps not to look at it as a process of compromise; it's better to think that you're all agreeing to deliver the most important stuff.

Comment: Boil it down to cost (Score 5, Insightful) 104

by plover (#48197639) Attached to: Ask Slashdot: Event Sign-Up Software Options For a Non-Profit?

A couple of years ago, I was asked to be the registration chair for a national event, which we successfully held this spring. All previous events had been run strictly on paper-and-pencil mail-in forms, but that involves a lot of manual work, including a lot of last minute work at the event door. I looked long and hard at various open source and commercial event management offerings, and I spoke to other people who ran similar events. Based on recommendations from other event organizers, I landed on regonline as a good blend of features and customizability, even though it was a bit expensive (though they offer a discount for a 501(c)(3) organization.) What it came down to for me was effort. I wouldn't have time to set up all the hosting needed, to install and configure the software, or to integrate with a payment gateway, and I got a lot of really valuable features from their system. I didn't want us to make our attendees suffer through hour-long lines at a registration booth. And I was able to provide instant reports to the conference chair, who used them to help run the event smoothly.

Something it sounds like you need to do here is figure out "who is the Registration Chair"? If it's you, your only question to the Event Chair should be "what is my budget?" Base your solution on the bottom line. If your budget is $5/registrant, and it includes lanyards and ID cards, your options are wide open. If your budget is $0.50/registrant, and you have to use a box of old "Hello my name is..." stickers, your options are a bit more limited. The important thing is: the Registration Chair is in charge of registration. He or she decides how to best solve the problem, not "here are some random developers, you must write us a site."

One thing that still isn't clear is why you would have to "write" a new site. It sounds like you created one a few years ago, and then another, and then another. I realize your group is a precious snowflake, completely unique in the world, but events really are just events. They all have web sites, registrants, admins, venues, agenda items, merchandise, travel, lodging, taxes, payments, receipts, badges, volunteers, and reports. And there is nothing in that list you can't get from the marketplace. Ultimately, if you absolutely can't use a packaged solution because of [illogical rationale], you should only need to have someone reconfigure the existing site. That's a lot less effort, perhaps not much more than c/2014/2015/g

Finally, if you're taking payments on line, you're going to run into extra effort and risk to interface with them. No matter what, you really, really don't want to be responsible for someone else's credit cards. Not these days. The risk is more than you can imagine. If that's something you can foist off on a third party, you'll keep a ton of liability out of your organization.

Comment: Re:And meanwhile (Score 2) 86

by plover (#48178153) Attached to: India Successfully Launches Region-Specific Navigation Satellite

Yes, many of India's people are impoverished. That condition has existed for thousands of years. Instead, look at the rate at which India has been lifting her people out of poverty. Forty years ago, less than 5% were wealthy, and she had virtually no middle class. Today, about a third of the people are middle class or wealthier. That means that about 400,000,000 people are a whole lot better off than their grandparents.

They won't ever be able to eradicate poverty with the signing of a law, or with a "government cheese" kind of program. Instead, they know it takes a long time, and a strong competitive nation to provide her citizens with opportunities to lift themselves up. India has not been squandering her new independence. It's not perfect, it's not corruption-free, it's not smooth, and it's not fast. But what they have done in the last few decades has been nothing short of amazing.

Comment: Re:GPS (Score 2) 86

by plover (#48178115) Attached to: India Successfully Launches Region-Specific Navigation Satellite

I think we can safely assume that since Indian engineers are designing and building the chips they'll be using in their own system, it would certainly be possible for them to build their own GPS receivers that aren't subject to the American munitions export restrictions on velocity and altitude. They are doing this strictly for independence from all foreign influences.

Comment: Re:Region-Specific (Score 4, Interesting) 86

by plover (#48178031) Attached to: India Successfully Launches Region-Specific Navigation Satellite

You jest, but it's a real problem they are solving by creating their own Indian standard time infrastructure.

The entire system is being designed, built, launched, flown, and operated in India, by Indians, with absolutely no foreign dependencies. Having been burned more than a few times in their short existence by various nations who disagreed with their internal decisions, they take their independence very seriously. This is slightly different than the average American who pretty much takes their own independence for granted these days.

Comment: Re:Why not? When you have kids.. (Score 1) 323

by plover (#48170273) Attached to: Court Rules Parents May Be Liable For What Their Kids Post On Facebook

Civil disobedience is an option, but it generally requires popular support. When Rosa Parks refused to sit in the back of the bus, there were a lot of people who agreed that it was an unjust law, and supported her. If he tries that with libel and slander laws, he'll likely find that most people would rather not be lied to, they would not like granting random strangers the freedom to post photoshopped pictures of them smoking crack and costing them their jobs, and ultimately would not support repealing the law.

The Supreme Court has found many cases of unprotected speech, including threats, extortion, incitement, and this goes way back. They have long held that freedom of speech is not absolute.

Now, the laws regarding intentional infliction of emotional distress are new, and are pretty awful. There are other laws that could used to prosecute harassment, and so I can see those eventually being challenged. But libel and slander? Those go all the way back to English law, and at least as of today, they help keep a civil society.

So when I suggested he run for office, that was really my way of saying "go away, and spend your time fruitlessly in pursuit of this nonsense."

Comment: Re:Why not? When you have kids.. (Score 1) 323

by plover (#48164999) Attached to: Court Rules Parents May Be Liable For What Their Kids Post On Facebook

According to him, it's the fault of the believer for being so stupid as to trust a random web site claiming he's a pedo. But given how many people believe "it must be true, I read it on the Internet, and they can't publish anything on the Internet that isn't true", I don't think arguing with a potential employer is a winning strategy for a job seeker.

While I haven't really considered where I'd fall on the line of how much the slander and libel laws abridge the right to free speech, the case law itself is well established. To establish a defamation claim, most states require the plaintiff prove four elements: the defendant made a defamatory communication to a third party, the statement was false, the defendant was at fault in communicating it, and the plaintiff suffered harm. The courts have established that sending an email to someone else meets the publication requirement, as does posting on a web site. The plaintiff is supposed to only recover actual or compensatory damages commensurate with the harm suffered. Punitive damages may be awarded if the act was wanton, malicious, reckless, or in willful disregard for another's rights. And in the case of libel, the plaintiff may not have to prove harm.

He may or may not like the law and how it's been interpreted, but either way he's obligated to follow it. If it's that important to him, he can run for office and try to change it.

Comment: Re:why use this instead of say dm-crypt? (Score 4, Informative) 220

by plover (#48136365) Attached to: VeraCrypt Is the New TrueCrypt -- and It's Better

The OS's built-in encryption for many people is not dm-crypt, but BitLocker, a closed source implementation by Microsoft. And we know nothing about it. When is the key present in RAM? Is the key derived on boot up? How is it protected between boots? Is there an escrow key obscurely baked into the trillion bytes stored somewhere on the hard drive? And can it contain deniable drive images in the slack space of a parent drive?

Because the open source TrueCrypt code has been subjected to code reviews, and backdoors have not been found, it's somewhat more trustworthy than the closed source implementation that comes with the expensive versions of Microsoft's OS.

Comment: Re:Does K-Mart use the same stuff as Sears? (Score 1) 101

by plover (#48125873) Attached to: Kmart Says Its Payment System Was Hacked

While it's possible (unlikely in these days of PCI) that a POS register could have a direct route to the internet, it's also likely that the registers weren't the only machines in their system that were hacked. It is probable that the criminals found a little-used server in K-Mart's HQ systems, compromised it, and set up what's called a "dump site." The registers are then configured to exfiltrate their data to this internal HQ server, perhaps by periodic FTP, and the hackers had the HQ server send batches of data out to the internet at a later time.

HELP!!!! I'm being held prisoner in /usr/games/lib!