Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Potential market for upscale Faraday cages. (Score 1) 107

I think there is a potential market for upscale Faraday cages. I mentioned this a while ago on BoingBoing.

The more ostentatious, the better. It should be about the size and beauty of a fine humidor. Some would be gold, silver or platinum plated. But, you could also have ones that appeared to be mahogany, rosewood or teak. Market it as "The Privacy Box", or perhaps just pBox. You pitch it as a critical accessory for the upwardly mobile. When you absolutely need privacy, just put the phone in the "Pbox".

Expensive lawyers would use it to reassure clients that they took their privacy seriously. C-level executives would use it to highlight the importance of their discussions. The ritual of placing the cell phones in the "Privacy Box" would help seal the deal.

The primary attributes of this product would be:

  • * It must demonstrate "Tasteful Expense" like a fine watch.
  • * It must look good on an executive's desk.
  • * It must block the sensors of any cell phone that is placed inside.
  • * It must close with a smooth, audible click.

For extra points, you could easily design it to:

  • * Restrict interaction between multiple cell phones in the same container, tho this isn't as critical as looking expensive.
  • * Automatically trigger airplane mode (to limit battery drain.)
  • * Recharge the phone(s).

Wish I had the capability to make something that looked expensive and tasteful. I think this would sell itself.

Comment Re:Depends (Score 1) 286

I tailor my note-taking device, depending on how I want to interact with others. I have found that some people are more willing to interact with me if I am taking notes with pen and paper. I have also found that the later work of transcribing paper to electronic form is not really wasted if it helps me to organize my followup.

But, sometimes, a phone is all I have. And sometimes, I just need the speed and organization of taking notes with a laptop.

Comment Re:Actually 3rd point was agreement with trial jud (Score 1) 23

Actually whoever the new guy is, I don't find the site to be "improved" at all; seems a little crummy. The story was butchered and incorrectly interpreted, and the all important software for interaction seems less interactive.

But what do I know?

As to my absence I've been a bit overwhelmed by work stuff, sorry about that, it's no excuse :)

Comment Actually 3rd point was agreement with trial judge (Score 4, Informative) 23

The story as published implies that the ruling overruled the lower court on the 3 issues. In fact, it was agreeing with the trial court on the third issue -- that the sporadic instances of Vimeo employees making light of copyright law did not amount to adopting a "policy of willful blindness".

Submission + - Appeals court slams record companies on DMCA in Vimeo case

NewYorkCountryLawyer writes: In the long-simmering appeal in Capitol Records v. Vimeo, the US Court of Appeals for the 2nd Circuit upheld Vimeo's positions on many points regarding the Digital Millenium Copyright Act. In its 55 page decision (PDF) the Court ruled that (a) the Copyright Office was dead wrong in concluding that pre-1972 sound recordings aren't covered by the DMCA, (b) the judge was wrong to think that Vimeo employees' merely viewing infringing videos was sufficient evidence of "red flag knowledge", and (c) a few sporadic instances of employees being cavalier about copyright law did not amount to a "policy of willful blindness" on the part of the company. The Court seemed to take particular pleasure in eviscerating the Copyright Office's rationales. Amicus curiae briefs in support of Vimeo had been submitted by a host of companies and organizations including the Electronic Frontier Foundation, the Computer & Communications Industry Association, Public Knowledge, Google, Yahoo!, Facebook, Microsoft, Pinterest, Tumblr, and Twitter.

Comment Re:Patent != Innovation (Score 1) 54

It is nice to see that the exponential growth in the number of patents has finally faltered: http://www.uspto.gov/web/offic... It's a pity that the current rate of patent creation is more than sufficient to destroy almost all production and innovation.

We have been fooled into thinking that patents are innovation. But, the current rate of patent creation is anti-innovation and anti-productive.

Patents are not Innovation. Patents are not Progress. Patents are simply grounds to file a lawsuit against an industry. More Patents are simply more grounds for more lawsuits. Patents don't guarantee production or innovation. They only enable lawsuits.

An occasional lawsuit might possibly spur innovation. BUT LAWSUITS DO NOT PRODUCE. Lawsuits are parasitic on innovation and production. The current patent industry is responsible for enormous numbers of lawsuits every year. This legal deathtrap has captured marketplaces, destroyed production and stagnated innovation.

Comment Similar problem, better outcome. (Score 3, Insightful) 172

We had a similar problem. Fortunately we had a better outcome.

On of our university's IT group noticed that the university's police were using a packaged IT police support solution that had no security. An attacker could change arrest reports, access and change all the secret log entries, and track the real-time deployment and activity of the police. We verified that the problem existed across hundreds of police departments all over the country. The university police were horrified, when we presented the problem to them.

I think the main thing that led to a better outcome was the university IT team worked closely with the university police team to present the problem to the external vendor. During the presentation, the external vendor went through all the stages of grief: denial, anger, bargaining, depression and acceptance. When the vendor got to the anger stage, they threatened to have us arrested. We just kept asking how arresting somebody would fix the code, until they got on to the next stage.

Still, it took months before the vendor deployed fixed code.

Comment Where do I sign up for handcuffs? (Score 2) 73

I spend a good chunk of every workday defending my institution from network attacks by the governments of China and Russia. They are not the only ones. I imagine all of them give themselves permission to attack. I expect all of them eventually make it illegal to resist their attacks. As more and more governments create these crazy laws and international agreements, my defensive actions will become more and more illegal. Thanks Five Eyes!

Comment Focused on attack instead of defense. (Score 5, Insightful) 247

Part of the problem is that many believe that we can attack our way to security. They are confused about the fundamental nature of attack and defense when applied to the internet. They don't understand the combination of global connectivity and automation. They don't understand that any action of internet attack or defense has unintended consequences.

In the old days, you could attack one thing. You could defend one thing. But, that doesn't map well to the internet. Now, we all talk to each other. We all use the same methods of defense. When one actor attacks another, the attack is exposed, analyzed, and re-used. Now, when somebody attacks, they increase the cost of defense for everybody. When somebody comes up with improved defense, we all learn how to increase the cost of attack for everybody.

For over a decade, several branches of the US government have focused almost all their energy on attacking others across the internet. The result is an internet where compromise and breach are daily events. Somehow, our protectors don't see that they are crafting the tools of our demise and handing them to our enemies. If we are honest, we are more to blame for the great compromise at the OPM than our attackers. If we had spent the last decade on creating and encouraging defense, then breach would be difficult and rare.

Now, our governments are blindly following the tradition of attack. They wish to attack the protocols we use to determine identity and create security. They don't see or care that everybody else will do likewise. They don't see the great devastation that will follow.

Comment The benefits of handling attack. (Score 4, Interesting) 44

I do IT Security for a research university. For the last 10 years, we have attempted to handle all incoming attack. Some gets missed, but we make an attempt. It is good work for the interns/trainees. We document the incident, block the attacking IP for an appropriate amount of time, and notify the remote abuse contact. We have found that handling attack provides significant benefits:
  • * Our security team remains functional. Ignoring incidents creates bad habits in the security team.
  • * It creates memory of how we are attacked. We need to know how we are attacked, so our defenses are anchored in reality.
  • * It greatly reduces the amount of attack. The number of attacks drop off sharply a couple weeks after we begin religiously reporting attacking IPs. We have tested this effect several times. When we stop reporting, it ramps up. When we start, it drops to about 1/10th it's prior levels.
  • * It notifies the owner/ISP of the remote computer that they are attacking. Usually they are also innocent victims.
  • * In the last few years, the percentage of remote resolutions has been climbing. Currently, about 1/2 of the reported non-Chinese incidents appear to result in remote resolution.

We utilize some automation to handle the load. We have a few honey-pots. We also monitor our dark IPs. We learned to distinguish DoS backscatter, and the various types of frequently spoofed attacks. We thought that an enterprising hacker would attempt to spoof an important Internet resource and cause us to auto-immune ourselves to death. So we whitelisted a bunch of critical external IPs and looked for critical spoofing. In the last 10 years the amount of spoofed attack has dropped drastically. We recently found an incident where an attacker spoofed a critical Google resource and tried to get us to block it. That is the only time we have detected that kind of spoofed attack.

We have found that most attackers (even governments) don't like to have their attack methods documented and publicized. We have found that some ISPs turn evil and knowingly host attack, but they are quickly and easily blocked until they go broke or come to their senses.

We have found many institutional scans. The best of these groups provide timely assistance to those who are making mistakes. In our view, the best groups include the ShadowServer Foundation, EFF, and the Chaos Computer Club. The worst of these groups are simply feeding on the mistakes of others. The worst groups provide no assistance to others. The worst groups actually have motivation to preserve or enhance the problems of others.

More info is available here:

Comment Re:Righthaven (Score 1) 67

What is right wing about filing a lawsuit to unmask a doe, suing that person, then settling for a much smaller amount. It seems this is used by many different trolls, and likely doesn't have any political ideology behind it. It is sleazy though. Filing a lawsuit with the intention of settling just to get a payout is wrong. It is short circuiting the justice system for personal profit.

Yeah that's neither right nor left, it's the universal language of greedy bloodsuckers.

Comment Re:Righthaven (Score 3, Interesting) 67

What is right wing about that process? The Democrats support the movie industry, not the Republicans.

The fact that Democrats support something doesn't negate the possibility of something being right wing. The Democrats are not ideologically pure, or ideologically homogenous, and very few of them can be considered "left".

To me, pretending that copyright is only about property rights, and ignoring the fact that copyright was also supposed to be about free speech and about making material available for free to the public after a limited time, is definitely "right wing".

Slashdot Top Deals

Moneyliness is next to Godliness. -- Andries van Dam

Working...