Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment 16 trolls brought 62% of suits (Score 1) 92

> there are a lot of patent trolls out there

When you said that, it got me wondering, how many patent trolls are there? A little research suggests there are about 16. They filed 62% of the patent suits last year. It shouldn't be too hard to take a look at how those 16 trolls operate "successfully" and find a few ways to ruin their business model.

That's encouraging to me because it means that a) it should be quite fixable and b) we don't have to take the risk of screwing over all the hard working people by adopting some new, untested system. We just need to throw a monkey wrench into what those sixteen companies are doing.

Comment Reagan appointee ordered breakup, Clinton dismisse (Score -1) 92

You've got things backwards yet again. Penfeld Jackson, a Reagan appointee, ordered the breakup of Microsoft. Clinton's appointee dismissed that verdict against Microsoft.

While we're at it:
Communications Decency Act - signed by Clinton
COPA - Clinton again
Voting rights act - filibustered by democrats
Longest serving democrat senator - Robert Byrd
Robert Byrd's first elected office - KKK leader

Comment hopefully some sense, great cases make bad law (Score 3, Interesting) 92

Hopefully they'll come up with some sensible changes that will address 96% of the problem.
All too often, a headline grabbing bad guy like Intellectual Ventures results in a demand for HUGE new laws, smashing to bits a system that needed a tune up. The Patriot Act is an example - a few words needed to be changed in the law regarding how the NSA, CIA, and FBI can and cannot share information. 9/11 was big though, so people demanded big change, and ended up with the constitution shredded.

Comment Bitlocker cracked since at least 2008 (Score 5, Informative) 125

There are three modes of operation possible with Bitlocker. The most secure has had an exploit publicly known for five years. In that most secure mode, reading the disk is inconvenient, but entirely possible even for independent security people like myself. For a nation-state, it's trivial.

Comment yeah, I've been R&Ding for years (Score 2) 125

> and make authentication someone else's problem with single-signon." Does anyone really know or have they merely amassed years of experience doing what they think is right?

I should know. I spent 17 years keeping ahead of the bad guys and ahead of the competition, developing a security system used by tens of thousands of sites. The thing is, there are a lot of ways to screw up authentication, and a lot of ways to screw up authorization. Professionals making security products screwed it up all the time, and we made two significant errors. We're arguably the best in the business, and still we made mistakes.

Therefore, "make it someone else's problem" isn't a bad answer, if someone else knows what they are doing. I'm not very careful with many things, but I'm darn careful with two - online authentication and explosives. I can answer any specific questions, but to try to cover the topic in a Slashdot post would be a lot like a post on how to make fireworks. There's not time or space to cover the topic properly. Feel free to post or email specific questions, though.

Comment any NSA backdoor in FOSS yet? I've studied Firefox (Score 5, Interesting) 125

Has anyone studied the Firefox code, you ask. Yep, I have. I happen to be a security professional too. Have all those people who used Firefox as the basis for their browser studied the hell out of it? Yep.

We know Microsoft is full of NSA backdoors. Has any government backdoor EVER been found in any FOSS, at any time. Nope.

The insistence on continuing to believe the ridiculous out of fandom is rather curious. Certainly on some level you understand your "beliefs" are laughable, but you're just completely incapable of changing your thoughts, of learning.

Comment non-rude sheepdog here (Score 1) 814

As a trained firearm owner, I agree there is no need to be rude to people who don't know in this kind of exchange. I think it is wise to educate people as Broken scope did, you do not shoot if you don't have to, and if you have to shoot, you shoot at the center of the threat. No need to be rude about it, though.

Comment most shot don't die, most defenders don't shoot (Score 1) 814

"Broken scope" correctly pointed out that you wouldn't attempt a trick shot in a life-or-death situation, but your overall point is true. Most criminals who are shot in self-defense don't die, which was your point. Also, 80% of the time a gun is presented in self-defense, it's not fired. So st least 90% of the time, noone dies.

    I once had an intruder intending violence climb through a window into my home. As they did,they found themselves looking down the twin barrels of my shotgun. They left very quickly. I've never fired at anyone, but I have defended my family. That's statistically the most common scenario.

Comment Github makes the problem far more likely (Score 1) 120

We're speaking in the context of Github. Github, specifically, makes the improbable "exploit" of this loophole much more probable. Maybe not particularly
likely, but likely enough to be a risk that should be considered.

As part of my job, I contribute to an open source project, using Github. I sync my Github to upstream so it's up to date, and commit our changes to it.
That way, our contributions are publicly accessible. In fact, they are publicly accessible in the context of a complete copy which includes our contributions.
That last sentence is key. What Github users publish on Github is a copy of the devel branch with their contributions added (but also including all contributions
from anyone else, including contributions not yet approved for the release version.)

Suppose I work for SpaceX, maintaining the SpaceX blog via Wordpress.
Using Github, I make our contributions to Wordpress public (as part of a complete Wordpress devel tree.)

Someone else at SpaceX invented a widget which is patented.

Orbital Science, a SpaceX competitor, could commit a Wordpress plugin which somehow relates to the patent.
My Github would automatically fetch their commit.
Now my company, SpaceX, is distributing code related to the patent, without ever having heard of Orbital Science's plugin.
Our patent is therefore nullified by the terms of GPLv3, if Wordpress were GPLv3.
That's WHY Wordpress is not GPLv3, but GPLv2, because v3 says:

Each contributor (SpaceX) grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version (including the Orbital Science plugin they've never heard of, but which was automatically mirrored).

Note that the license includes the right to modify it, such as by deleting 99% of it, leaving only the Orbital Science code, without any other part of Wordpress.
Therefore, Orbital Science can force SpaceX to license their code just by doing a Github commit to any project that SpaceX has a Github for.

Is it likely that Orbital Science would do that? Would some judges follow the actual text of the license and allow OR to pull that trick?
Maybe, maybe not. If you've committed $20 million in R&D to _anything_ you have a patent on, would you want to risk a competitor doing a sneaky trick like that?

One defensive solution, if you HAVE to contribute to a GPLv3 project, is to explicitly leave copyright with the individual author, who publishes it on his personal Github rather than having the company post it on Github. Assuming the author doesn't have any patents and never will, that works okay.

Comment difficult if it had never been tried (Score 1) 814

You could debate either way if you were just thinking in the abstract. To know, you'd need to try it. We did. The UK banned guns, violent crime DOUBLED. Look at Detroit, Washington DC, Australia. Gun bans are always followed by a huge increase in crime. It happens every time. Even when you make small "gun free zones" (helpless victim zones) you quickly see more crime in those places.

Compare Texas. They passed their CHL law, crime dropped. So we don't have to imagine "what would happen if". We can look at "what did happen when".

Comment you're thinking, but don't forget every US defeat (Score 1) 814

You seem to be thinking seriously, and come to some wise conclusions, such as the importance of training. I supported (and the NRA supported) the training requirements in Texas.

You seem to have forgotten, though, tha the US military has never been defeated by another military. It's always been by an armed populace. We defeated the Iraqi military in something like 30 hours. Many years later we hadn't stopped the ordinary Iraqis with ordinary guns - they chasing us out of the country.

It wasn't Afghan tanks that defeated the Soviet Union, it was shopkeepers with rifles.

Comment presented often, fired rarely, criminal caution (Score 2) 814

As someone else mentioned exact figures are hard to come by. Studies vary. What is clear is it guns are drawn but not fired in self defense daily.

It us also clear from studies in Texas after they introduced concealed carry and advertised the fact the civilians maybe armed, criminals reported they reduced criminal activity. Those studies suggest that letting criminals know "citizens may be armed" was almost as important as the licensing law itself - fear of armed "victims" matters as much as actual armed citizens.

Comment guns used for defense hundreds per day. nukes nevr (Score 4, Interesting) 814

Nukes have never been raised from their silos in self defense. Guns are drawn in self defense daily. One of the safest places in the world is a gun range, because you don't start a fight knowing that everyone is armed.

* bonus fact - 80% of the time they are presented in self defense, they are not fired.

Slashdot Top Deals

"Old age and treachery will beat youth and skill every time." -- a coffee cup

Working...