Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Submission + - Google Books case dismissed on Fair Use Grounds

NewYorkCountryLawyer writes: In a case of major importance, the long simmering battle between the Authors Guild and Google has reached its climax, with the court granting Google's motion for summary judgment, dismissing the case, on fair use grounds. In his 30-page decision (PDF), Judge Denny Chin — who has been a District Court Judge throughout most of the life of the case but is now a Circuit Court Judge — reasoned that, although Google's own motive for its "Library Project" (which scans books from libraries without the copyright owners' permission and makes the material publicly available for search), is commercial profit, the project itself serves significant educational purposes, and actually enhances, rather than detracts from, the value of the works, since it helps promote sales of the works. Judge Chin also felt that it was impossible to use Google's scanned material, either for making full copies, or for reading the books, so that it did not compete with the books themselves.

Comment Re:HTTPS on Slashdot (Score 1) 335

There is absolutely no reason that I'm aware of not to think the certificate authorities weren't compromised from the very beginning.

Even if you had compromised a CA, there would be a huge risk of being exposed the very first time you abused it. You have to send a legitimate certificate to the site owner, otherwise they would not be able to setup their https site in the first place. However a CA cannot abuse the legitimate certificate because they don't know the corresponding secret key. So in order to do any abuse, you have to forge another certificate.

Now there are two certificates each of which is definitely visible to a small set of legitimate users. If certificate pinning was widespread, then that would be enough to guarantee exposure. We just need a standard for chaining the legitimate certificates over time, such that certificate pinning can work well when the legitimate certificate is replaced with a new legitimate certificate before the old has expired. Ideally it would be designed in a way, that does not require cooperation from the CAs, because they might be afraid of losing control, if such a chaining was readily available.

It is useful and important to focus on as strong security against passive attacks as possible, even if it doesn't improve security against active attacks. Strong security against passive attacks will mean active attacks are needed in more cases, and it also means it is hard to make those active attacks well targeted. And systematic active attacks is both difficult to pull off and also easily detected. Additionally widespread deployment of cryptography, which is only resilient to passive attacks is easier, since it does not rely on key distribution.

It is just important to ensure that you still do use methods secured against active attacks, when the extra security is really needed. Additionally protocols must be designed such that an active attack is required to find out if a connection was protected against them. If you can passively tell if a connection is secured against active attacks, then passive security is practically worthless.

Comment Drinking Water Isn't So Easy As You Think (Score 3, Interesting) 247

When I was a kid I did Unicef collection every Haloween. We got an orange cardboard coin box at school, and collected donations to it along with our trick-or-treat. Unicef used these funds to build water wells for people in Africa who had only access to contaminated surface water.

A decade or two later, we found that many of these wells accessed aquifers that were contaminated by arsenic. And that thus we kids had funded the wholesale poisoning of people in Africa, and that a lot of them had arsenic-induced cancers that were killing them.

OK, we would not make that mistake again, and today we have access to better water testing. But it caused me to lose my faith that we really do know how to help poor people in the third world, no matter how well-intentioned we are.

And we had better not go around curing disease withoput also promoting birth control. Despite what the churches say, and the local dislikes and prejudices. Or we'll just be condemning more people to starve.

Comment Re:Er, wait, what? (Score 5, Insightful) 140

Well, nuclear reactions that we can turn off like laser-initiated fusion are a lot nicer than the alternatives. The inside of your car engine is a raging inferno shot with electric sparks and compressed with inexorable steel cylinders. That doesn't keep you from going on a nice drive with your sweetie.

Submission + - Aereo required to testify about non-public patent info

NewYorkCountryLawyer writes: In ABC v Aereo, a copyright infringement action against Aereo, the Magistrate Judge has overruled Aereo's attorney/client privilege objection to being forced to divulge non-public details about its patented technology. In his 15 page decision (PDF) he ordered the continued deposition of the company's CTO and CEO about their patent applications. My gut reaction is that this sets a very dangerous precedent, giving the big copyright plaintiffs yet another 'in terrorem' device to use against technology startups — the power to use the lawsuit as a chance to delve into a defendant's non-public tech secrets.

Slashdot Top Deals

grep me no patterns and I'll tell you no lines.