Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment I'm sure ACLU worked hard to find this example (Score 0) 76

I'm pretty sure it took some significant research to find this area where CFAA limitations might be causing problems. Unfortunately the area they have found is so narrow that it is almost completely useless to anyone living in the real world. Most of the world's population is not doing research on discriminination, at least via means of hacking to protected computer systems. Further, there is no real proof that these considerations are not taken into account whenever CFAA is being applied to real use cases. So their lawsuit is academic at best, and misleading at worst.

The people whose activities CFAA are targeting, are much more significant problem. Computer systems gets hacked and password protections skipped, bots are sending millions of spam messages, protected computer systems integrity violated in blatant way, worms, viruses and randomware are spreading all over our networks. ACLU can get minor exceptions to CFAA passed, but they have no way of overthrowing the whole act. Minor tweaking is just fine, but they can't claim significant victories for those.

Comment Paypal's position is ok (Score 0, Redundant) 126

I think paypal is doing the right thing here. There seems to be two possibilities: 1) either the service is legal, 2) or the service is illegal. If the service is illegal, Paypal is in tough position, since money trail is going directly to paypal. This means they''ll be responsible of the illegal behaviour. Given paypal's size, they might have significant problems with deadlines for checking that their organisation is on ok legal position. Thus their position kinda makes sense.

The cloud company on the other hand, does not seem in very good position. Their position is that they're not allowed by law to monitor what happens in their own network. This sounds completely bullshit. All the german privacy laws is guaranteed to not apply for a request like this, where paypal is asking their position on their legal status. Given that the company refused to give any position on the legality of their file service, paypal's decision is exactly the right choice. Their best choice would be to provide the statistics that paypal is requesting.

Comment There's another argument that youtube is illegal (Score 1) 428

What the article is claiming that youtube is illegal, and based on stolen content. I don't think that claim to be true. But I have different, but equally important argument for youtube's illegality.

It's based in minimum wage. Companies who want to use other people's work effort, must pay them at least minimum wage. Youtube does not keep large amounts of people as their employees, but instead they're licensing the work contained in their service. Unfortunately, the rates they're paying while licensing, does not leave much room to pay salary to the people whose work is being bought in their licensing tricks (in their web page). The main argument goes like this: 1) When youtube insists on licensing videos from people with very cheap price 2) they must know someone in their food chain is being ripped off, since the money is not enough to pay salary for the effort being licensed, not even minimum wage 3) based on this, the service as a whole is illegal.

Normally while licensing work, companies that pay bad rates to people working for them, can usually claim that they're not the only entity who gets access to the work, and thus the rates they pay don't need to cover the whole cost of producing the work. Unfortunately that argument is unavailable to youtube, since most of the videos in their catalog are not available anywhere else. Thus they should ensure that their whole supply chain gets the rates that they deserve.

Basically youtube's licensing in their web page is based on subcontracting large work amount. But they're systematically avoiding paying salary for the work. They should instead consider everyone contributing to their service as employees of the company, based on the huge work amount in that community.

(otoh, other internet companies have similar problems, including wikipedia etc.. So youtube is not unique.)

Comment Re:It might be correct course of action (Score 1) 130

> IOW, you may be obliged to protect that data but it doesn't have to be technical. You just boobietrap the thing with legal red tape and done. Which means that if you tell people about their technical protection oversights you're going to get ensnared and jailed, while if you simply snatch the data and sell it, nobody cares.

Maybe their cunning plan for data security was that the ip address of their ftp site is already enough protection for their patient data. If noone knows the server exists, it might even work. The article gave some pretty strange description of how the security researcher's found out about the server's existence. "They were researching issues about fixed database credientals". Which kinda sounds like operation that already requires authorised access -- who would give some random person on the internet access to a password file? Probably the real unauthorised access happened some time _before_ accesssing the ftp site. The article focuses that the anon ftp site and how anyone should be permitted access to such things, but it completely forgets that the unauthorised access can happen at the place where server's location on the internet is discovered, Normally you need a port scan or (in this case, examining the credientals), which might not exactly be legal operations in the first place.

Comment Re:It might be correct course of action (Score 1) 130

> And are you really assuming that they were password protected because they're medical records, which are "always under password protected area?" They must have been password protected, simply because they should have been password protected? Your faith in humanity is astounding. And misplaced.

The company is legally required to keep that data in secure location. Thus the company's secure location extends to the place where the patient data was found. And accessing it without authorisation is illegal. It's basically similar situation than if you accidentally found out someone's credit card pin code. The person might be careless with communicating his secrets, but still it's still illegal to use the pin code for anything. Same happens with patient data, the secret data might be carelessly handled, but any access to the data is still illegal operation.

Comment It might be correct course of action (Score 0) 130

There's many aspects which goes against the "security researchers": It's medical records, which need to be password protected. If the researcher knew what he was doing, he would understand that medical records are always under password protected area. Seeing those records anywhere should indicate those "experts" that they have _already_ exceeded their authorisation. Also the article wasn't exactly clear whether it really was anonymous ftp access -- at some point it claimed that the researcher had "explored the fixed passwords" of some equipment. That explanation didn't sound like anonymous ftp access. Instead it sounds like guessing passwords based on how other such equipment works, which is clearly illegal activity. It is classic case of exceeding authorisation. And the dental software company clearly knows what they're doing, since they can summon the appropriate legal mechanisms for exactly that situation. So their action is accurate response to illegal hacking.

on the other hand, the security researchers did try to report their findings. I dunno what special rules need to be followed when reporting such issues publicly. But medical records definitely have strict rules how such disclosures should be handled, so that criminals can't get access to the data. Random people on the internet trying to report their findings can do nothing but more harm to everyone...

Comment Re:I'm on oracle's side on this (Score 1) 436

> If Google could create an alternate API they would. Except they don't want to spend tens of millions and several years to come up with a new API and implementation.

I don't think this is the reason why google doesn't implement their custom api. They could create completely new api very easily. The real reason is that programmers will reject it because it doesn't provide the same functions than java standard library. The momentum is in java api's structure, the actual implementation issues are minor problems compared to building your own communities and popularity to the technologies in question.

Google's android is clearly freeriding on java's popularity. The reason is that everyone who has ever looked at android, will think that it's an implementation of java platform. They simply can't avoid this, because any programmer that looks into the technology will immediately regognize the structure of java platform in android technology. So the analysis is that they do need java license for that technology. It's amazing that they do not have a license, even though the tech is clearly available all over the world.

Comment Re:I'm on oracle's side on this (Score 1) 436

> >They couldn't enter the market that oracle/sun built for themselves

> A market is not something you can build for yourself. You can only build artificial barriers for the others to enter, which is often illegal in a regulated market.

Why would hostile takeovers of companies markets be allowed? For normal large companies, it's extreamly important that they don't _accidentally_ enter markets which they don't have license paperwork in good condition. It's possible to do accidentally, and large companies know to avoid such problems. But in the current situation, it seems google is trying hostile takeover of sun/oracle market using oracle's own tech.... This kind of situations are exactly what copyright/patent laws are designed to solve.

Comment Re:I'm on oracle's side on this (Score 1) 436

> Science and technology can't move forward if we don't allow ourselves to stand on the shoulders of giants.

You can just get a license to the work. People already are forgetting that it's possible to spend your money and buy a permission to use the underlying technology.

How else are the developers of the technology going to get their invested money back, if people just steal the technology, fill the market with copies of the tech, and then hide illegally obtained money to luxenburg?

Comment Re:I'm on oracle's side on this (Score 1) 436

> This isn't some strange obscure loophole, it's a basic principle of copyright.

Well, the court paperwork explicitly rejected this idea, for the reason that api definitions are part of program source code, and thus covered by copyright. The exact quote is as follows:

"petitioner argued that theSSO constitutes aâoesystemâor âoemethod of operationâthat is ineligible for copyright protection under Section 102(b)of the Copyright Act."

"The court of appeals rejected that argument,ex-plaining that Section 102(b) âoerestate[s]*** the basic dichotomy between expression and idea.â"

"The court concluded that, for these purposes,computer code is âoeexpressionâ despite its functional character. "

Comment Re:I'm on oracle's side on this (Score 1) 436

> APIs have been free to copy and adapt and enhance and extend since the IBM PC BIOS was first legally cloned.

This sounds like very dangerous idea. Cloning of PC BIOS most likely involved very accurate legal manovering, which normal companies simply do not have access to. This idea is clearly at the edge of what is allowed, and popularizing it to be something that everyone should be doing just sounds like dangerous for the people involved. Basically every person must ensure that the operations they're doing are legal, and going to the very edge of what is allowed, is simply very stupid idea. People should assume this stuff is simply illegal, even though there exists people who have managed to do it without getting sued.

Comment Re:I'm on oracle's side on this (Score 1) 436

> The parts of the Java API that define the names and types of the various elements are the declarations, and there is only one way in Java to express them without changing the meaning and functional specifications for the API being expressed. Thus, Google's declarations are going to be almost identical to Oracle's, and that should not be infringing.

No, this does not hold. Nothing in the law guarantees that google is allowed to express the _exactly_ the same idea than oracle is using. In fact, the opposite is true -- it's explicitly illegal to copy large number of elements from a plot of a book, even if they didn't use exactly the same words to express it. Manual translations of the original to different form creates a derived work, instead of losing their copyright protection. And the current situation seems to be that they used exactly the same api definitions.

It's a strange development that people tend to utilize every alternative available to go towards the edge of what is allowed by copyright law. The default still is that those actions are illegal, and instead of trying to find loopholes in the law, people should just accept that the actions are simply illegal. Examining these situations shouldn't require a lawyer's degree -- the real problem is that people want to stretch the permissions they're given, instead of actually fixing the problem. Fixing it means that you simply do not have access to other people's technology when you implement your own technology. Why should google have _exactly the same_ technology than what oracle is using? It's important that every company is doing slightly different stuff, instead of just copying what other companies are doing.

If they want to use a copy of oracle's tech, they can always license the technology from oracle. But guess the tech was more difficult to create than they expected, if they didn't get licensing deal done for faforable enough terms.

Comment Re:I'm on oracle's side on this (Score 0) 436

> The API isn't the text, it's an idea that happens to be represented by text

Well, if this was true, google wouldn't have needed to copy-paste the api definitions. Representing the same idea would be possible many different ways. And no copying would be needed.

> Oracle would have had to hold a patent to the Java API,

According to paperwork, they sued google for patent infringement too, those arguments were just rejected by the legal people.

> Should astronomers re-derive general relativity from first principles every time they calculate the orbit of an asteroid, simply because Einstein wrote some words on a page?

Yes, at least for the first 70 years... both patents and copyrights are for limited amount of time. Of course applying the information in new context is still possible, in case you don't need to copy-paste the text exactly like it was written in the original.

Comment Re:I'm on oracle's side on this (Score 2) 436

> But my understanding is that they are duplicating an implementation via black box reverse engineering.

from the paperwork, it didn't sound like black box reverse engineering... Instead they copy-pasted the api definitions and then implemented the missing functions. This requires no reverse engineering activity. It just requires a text editor + some programmers to write new code based on _existing_ api specification. But they had no reason to assume that they are allowed to use that specification.

but if you're reading some other paperwork, maybe i missed the information ;)

Slashdot Top Deals

Science is what happens when preconception meets verification.

Working...