Re: Re: BlackBerry known to be insecure for at least 5 years
Large organisations (large enterprises, government agencies and so on) that use BlackBerries install their own Blackberry Enterprise Server (BES).
Blackberry the company doesn't have access to these BES servers. It is these servers that control and funnel the encryption between the users of blackberry devices connected to the same BES server. Each 'owner' of the BES server sets it up and initiates the encryption, keys, and so on. But the administrators of these BES servers CAN decrypt the communications between 'their' blackberry handsets, as they hold the master keys. That way, a 3rd-party (defined as someone outside the organization who owns the BES, including BlackBerry itself) cannot decrypt communications (without hacking the BES server etc). But the organization itself who owns the local BES can decrypt it's employees communications.
There are 'public' BES servers, these are owned and operated by BlackBerry. These public servers are what are used if someone just goes and buys a blackberry off the shelf and uses it on the 'public' mobile network. It is THESE that BlackBerry can decrypt, since they are the owners and operators of the public BES servers and hence hold the keys. However BlackBerry cannot decrypt the communications of those who purchase, install, operate and use their own BES servers, as they don't have the keys for those.
Of course, this assumes the operators of the BES servers don't leave the default keys/passwords in place and actually take the time to properly set up and secure the BES server and the master keys ;)
I don't find it appealing in that or any other department. I don't know why I would buy or use the nOb for anything in the programs I use. This one is too pretentious,
So, because you have no use for this it is pretentious?
I can see where, if this was much, much cheaper, it could be useful. Just within windows control/configuration there are often many sliders, e.g. in colour adjustments (saturation, brightness, contrast and so on) there are often sliders with tiny increments that can be hard to get the correct value by clicking or clicking-and-dragging. Sometimes games have similar adjustments that require fine control. This would make it easy to use, if it was much cheaper.
However, that being said, I could see using just their software with standard scroll-wheel mouses. So, rather than hovering over a control, then reaching over for the nOb (having to take hands off the mouse if using the same hand and reaching over to the nOb), just mouse over the control, and the scroll-wheel then becomes the adjustment for the control. Could be a simple keyboard shortcut (e.g. hold down ctrl while using the mousewheel) or similar. Don't really need a separate device. All the functionality of the nOb itself could be replaced by using the mouse scroll-wheel.
DMCA is also a US process, not an internationally recognized process. Therefore using the DMCA process is invoking US law to pull the material down, therefore US law applies, therefore fair use applies.
A DMCA notice requires the signer to swear under penalty of perjury that the allegedly offending material is breaching some copyright.
I find it hard to believe that an intellectual property lawyer could argue ignorance of the statutes such that: 1) they do not know the difference between copyright and trademark; 2) that they do not know that DMCA notices apply to copyrights only (and hence not trademarks); 3) that the allegedly infringing material is a copyright and not a trademark.
I think committing perjury is exactly the sort of thing that the Bar Grieve process was put in place for.
Ignorant of the concepts of freedom, free speech, free society. One does not live up to those ideals by denying those ideals to others. By limiting of deciding that one group can have free speech but another can't. By declaring those who I like can have these rights, and those who I don't like can't. One lives up to those ideals by extending those ideals to others irrespective of their beliefs and culture.
Thoughts, beliefs, ideas, words, knowledge, information are not evil or good. Disseminating such is not good or evil. They just are. It is ACTS that are good or evil.
If we are to use Google as a comparison, this would be more like Google, at the Chinese request, creating a custom portal for the Chinese government that was specifically designed to search down specific classes of dissidents. Not China being able to use the generic search engine with some clever search terms, but Google actively creating a custom portal that was easy to use, that optimized any searches entered into it to search for Falun Gong 'markers' and so-on without the user having to explicitly create the search themselves.
It's not just about Cisco providing bog-standard, stock, generic network equipment with bog-standard firmware and O/S that the Chinese were then free to use/configure at will.
Apparently, Cisco did more than just sell some products to the Chinese. The suits are alleging that Cisco took an active role in configuring, tuning, and customizing the devices specifically for tracking and hunting down Falun Gong members. It is being alleged that Cisco KNEW the customizations they were creating for the Chinese were for hunting down dissidents. That Cisco went beyond being a mere supplier of kit.
I have worked as an email administrator early in my career, looking after first cc:mail then later Lotus Notes for a large organization.
As email administrators, it was our common refrain to staff that wanted increased mailbox limits that "eMail is not a document storage or management system. It is a document delivery system." The email system is like the mailroom. You don't expect the mail room to have a copy of every piece of mail ever sent through the mail room do you?
There are products specifically for document management and storage, EDRMS (Electronic Document and Records Management System) which can be, and in my organization were, integrated with the email client. You received and/or sent an email that you thought was business-relevant, you clicked a button (or in some cases just added a specific cc address) and the email was filed into the EDRMS with a unique file reference number. Most EDRMS are analogous to and function as a virtual 'file' in the old meaning of the "file it" term.
I reiterate with my former email administrators hat on, that email is not a document storage, management or archival system, it is a message delivery system.
An email administrator is not in a position to determine whether individual emails from 10's of thousands of people who work in disparate fields is business relevant or not. Is that email a private joke between 2 co-workers? Is it an email asking if someone wants to go to lunch? The sender and/or receiver of an email is in the best position to know whether the contents of the email should be 'filed'.
Enterprise storage, backup and archiving is not cheap, it is as expensive as f***. It is not cost effective to archive any and all emails sent, with most emails sent through a work email account not being relevant to business decisions or processes or functions.
In my current organization, as it is with selective 'filing' rather than blanket retention of all emails, our EDRMS still grows about 1TB every 2 months (from multiple sources, not just emails). If that was expanded to all emails, we'd be at like 2 or 3 TB/month.
Now an argument could be made that senior managements emails should all be archived automatically (another bugbear of mine, backup != archive). I'm sure archiving all email of a few score senior management who make the critical business decisions while allowing the 10's of thousands of lower level employees to have to choose to file communications would be perhaps give the best of both worlds.
I think the most efficient method would be to provide the contact number for T-Mobile Customer/Tech Support and have everyone who wants to turn off BingeOn to call and have their support walk them through it, after first explaining how BingeOn works.
Don't have the support just turn if off for them, that'll take seconds on the phone. Have them perform a full walkthrough and make it as painful and timeconsuming as you can:
Support: First you have to login to your customer account page... Customer: Whats the URL of the page? Support: https://blah/login, once you've logged in... Customer: could you please repeat that? h-t-t-p-s-ummm-semicolon-slash-slash-b-l-a-h-backslash-what was the rest? Support: not semicolon, a colon, the 2 dots on top of each other, and a backslash, not a forward slash, then l-o-g-I-n. Then login... Customer: wait the page is still loading... Support: so once you've logged in... Customer: wait still loading...ahh here it is. What do I need to enter to login? Support: ...
I don't think the court is obligated to count this as serious "commentary" when it's of this nature. This factor is against fair use to me.
Define 'serious commentary'. How is it different from just 'commentary'? Who decides what is serious or not serious commentary? Who has to be 'serious' about the commentary? This sounds like a state of mind. Is it the state of mind of the author of the commentary or of the audience of the commentary? WHICH audience? There can be many audiences, each with different opinions. Which one will be chosen as the test for their state of mind in creating or viewing the commentary as being serious?
Why does it have to be serious? Do the 4 factors test use the word 'serious' with respect to commentary?
'serious commentary' vs 'commentary' is just as nebulous a concept as art or pornography. Whether something is serious, art or pornography differs depending on who you ask about the work.
Nice talk. I especially loved this prophetic bit (it was written in 2004) of it:
Anticircumvention is a powerful tool for people who want to exclude competitors. If you claim that your car engine firmware is a "copyrighted work," you can sue anyone who makes a tool for interfacing with it. ... We have companies like Lexmark claiming that their printer cartridges contain copyrighted works ... Even garage-door opener companies have gotten in on the act, claiming that their receivers' firmware are copyrighted works. Copyrighted cars, print carts and garage-door openers: what's next, copyrighted light-fixtures?
Re: Re: One of 3 possibilities here - NSA, CIA, FBI
Based on the hard-coded password:
<<< %s(un='%s') = %u
Who put it in is an open question, but based on the deliberate obfuscation, it was likely intended to be a surreptitious backdoor that would make it past automated code auditing routines into production firmware.
The album was sold through Paddle8, an online auction house, for $2 million to Martin Shkreli, a CEO of Turing Pharmaceuticals, who is notorious for purchasing the maker of toxoplasmosis drug Daraprim and increasing the price of the drug from $13.50 a pill to $750 a pill. THe FBI arrested Martin Shkreli on Thursday, December 17, 2015 on charges of "widespread" securities fraud.
The way 3d-printing is heading, it won't be long before I can download a car.
At the very least, we may reach a point in the not too distant future where rather than having a car shipped from Japan to Australia, there may be industrial-scale 3d-printers in major cities that produce the cars to-order in a few days.
There is no dispute that they and law enforcement agencies should have the necessary powers to detect and stop attacks before they happen.
Wow, and here I thought it was Law enforcements job to enforce the law. Arresting people for actually breaking the law. Dissuading people from breaking the law by being a visible, and practical deterrence to breaking the law by arresting people when they do break the law. Seems these people think it is law enforcements job to arrest people for thinking about breaking the law. Thought-crime police a reality.
I would suggest it's the military's job to stop these types of attacks before they occur. It is not the military's job to enforce the law, it's their job to 'defend/protect the country'.