aldestrawk’s Techdirt Profile


About aldestrawk

aldestrawk’s Comments comment rss

  • May 12th, 2016 @ 4:01pm


    The attack on Biddle's mental health is not just an ad hominem attack. It is the basis for the 4th cause of action in the lawsuit. Here, it is assumed that Biddle's "abuse" of benzodiazepines and SSRIs are responsible for his "caustic and reckless" writing of articles. According to the lawsuit, Denton and Cook should have known that and continuing to employ him was negligent on their part.

    Unless you're a scientologist, I don't see how using SSRIs can be termed abuse, much less responsible for the writing of caustic articles. I wonder if Biddle was using antidepressants and, if so, how Ayyadurai's lawyers knew of it (that's part of his medical history and covered by HIPAA).

  • May 12th, 2016 @ 3:48pm


    “Shiva is the name of the lord of creation and destruction in the Hindu religion,” she says. “And Shiva” — her brother — “is truly the creator. He will fight for destruction if it means fighting for justice. And he will die in that fight for justice, at any cost.”

    This is from a 2012 article where the author talks with Ayyadurai's sister.

    The "fight for destruction" sounds ominous. I am not sure what she means by that. I kind of feel sorry for Shiva Ayyadurai as loss of this suit will destroy him. I can't understand his obsession with being recognized as the inventor of email. He could still use his mind to create innovative things.

  • May 12th, 2016 @ 3:20pm

    Re: So...

    He has listed 20 John Does in his lawsuit so there is still room to make it in.

  • Apr 19th, 2016 @ 10:35am

    from the dog and pony show, uuh, press conference

    Moore the DA for Baton Rouge explains:

    "The lifeblood of the criminal justice system has always been witness testimony. Now however, with witness intimidation, the cell phone data mine from these phones of victims, witnesses, and criminals, the cellphone now, and its data, have become our lifeblood."

    So, Mike, it is unfair of you to say that the police fail to do their jobs when, as DA Moore explain, witness intimidation has become so rampant that cellphone data must now take its place.

  • Apr 7th, 2016 @ 5:24pm


    I am thinking more and more that the exploit was a lie and the FBI appears to be fine tuning that lie to use it for maximum advantage. When public opinion and, just as importantly, their legal case didn't seem to be going their way, suddenly they have an exploit and don't need Apple's help. The lie appears so perfect! I'm imagining a conversation a wily teenager is having with his skeptical dad.

    I thought you said there was no way to do this without Apple's help?

    Uhm, that's still true. This secret hacker company figured it out and only told us at the last minute. I can't tell you who they are and I won't tell you any details about the exploit because, you know, National Security.

    Didn't you say it would only work on that one specific phone?

    Yeah, sorry about the ambiguity. I meant that one type of phone.

    Will you ever tell Apple any details about this exploit?

    Since the exploit only applies to this one version, it affects only a small percentage of their phones and that percentage will be getting less and less over time. Anyway, Apple has already fixed it and the exploit is still useful to us because, you know, National Security. so I don't think I really should tell Apple the details.

    Will you help other law enforcement agencies with their cases using this exploit?

    Of course, I'll always help my law enforcement brethren when I can. That is, when the phone, hardware and software just matches this one, and the case involves, you know, National Security in some way. Cause I really don't want to have the details revealed in court.

    I wonder if the FBI has hired some smart teenagers to be part of a Tailored Lie Operations Group. One thing that is a bit comforting is that their doesn't appear to be a known exploit to crack the data encryption itself. So, if the exploit is a way to bypass the limits on guessing the passcode, then the data can still be protected with a good choice of passcode. If you choose a random 7 character (alphanumeric using only lower case letter plus 10 digits) it will take 99 years on average to brute force the passcode.

  • Mar 28th, 2016 @ 8:21pm

    Re: Re: Apple security

    I believe if you forget your passcode then you can reset the phone. This makes the phone still useful but all your encrypted data is lost.

  • Mar 28th, 2016 @ 8:17pm

    Re: Re: Apple security

    Thanks for pointing that out I hadn't read that. However, is that really how the display works? It shows you how many digits, or characters, the password is before you enter it? If so, that is a security weakness in itself. At any rate, once the 10 guess limit is bypassed, it doesn't really matter whether the passcode was four digits or six. Both are doable in a reasonable amount of time. If Farook's passcode was four alphanumeric characters, then let's calculate how long that would take to crack. ((36 ^ 4) * .08s) / 3600) = 37 hours max or 18.5 hours on average. Just one more character, 5 total, would take a month to crack on average. Still doable, but a pain.

  • Mar 28th, 2016 @ 8:05pm

    Re: Re: Apple security

    I am assuming the FBI's new method of gaining access is just that, a way to bypass the 10 guess limit.

  • Mar 28th, 2016 @ 4:40pm

    Apple security

    If we take the FBI's report as true and they were able to access the data on this iPhone, then the most likely method would have been finding the passcode through brute force.

    "iOS supports four-digit and arbitrary-length alphanumeric passcode".
    from Apple's iOS security white paper:

    The minimum passcode length is four digits but the default is six digits and probably is the length Farook used on this iPhone. Each attempt requires 80 milliseconds to execute on the iPhone. Yes, it is intentionally slow. If he used just a six digit passcode there are 1 million possibilities which would take (1,000,000 x .08s) or 22 hours to crunch through all possibilities without taking into account extra time needed if the method wasn't just a program supplying attempts directly to the iPhone without interruption. The average time to crack the passcode, given this scenario, is 11 hours. However, if a six character alphanumeric passcode was used, it would take more than two years on average to crack the passcode. So, the level of security seems to now lie with the user's choice of passcode.

  • Mar 9th, 2016 @ 1:07pm


    This article ought to have mentioned that any code used to update an Apple iPhone has to be digitally signed. Only Apple has the key necessary to sign such code. The FBI has not asked for that key and they will not be required to release it. This is the whole reason the FBI wants to compel Apple to write code that defeats their own security. The FBI may be capable of writing such code but they can't update an iPhone with their version. The FBI also asked Apple to make the update work on only the one iPhone in question. The way to do this is have the update check for one or more of the unique Ids used only on that particular phone (e.g UUID, serial #, cell IMEI, Bluetooth and WI-FI MAC addresses). The presence of a digital signature also means that the FBI, or anyone besides Apple, cannot alter the code even if they had a copy of the, un-compiled, source code.
    So, what's all the worry about then? I don't know the particulars of where, and how, these unique are stored on the iPhone. What may be possible though is to spoof these Ids to make another iPhone appear to be the one used by the San Bernardino terrorists. Another possible weakness is that every time a small change is made in the digitally signed code, it becomes easier to crack the key. A multitude of law enforcement agencies getting a new version for each case may allow the signing key to be discovered. I don't know if that is realistic in this instance, but it is something that should be looked at.

  • Feb 24th, 2016 @ 10:14am

    (untitled comment)

    You fail to recognize that Eduardo Gomez de Diego can be both an attorney and a doctor, otherwise known by the common portmanteau as an "actor".

  • Jan 15th, 2016 @ 12:07pm

    Bieber and the Fairuseanalists

    I think the beliebers would burn you at the stake for heresy if you usurped their messiah for the Fairuse-Analists. That might be forgiven if Bieber became a martyr by being actually imprisoned for uploading his own songs. Until then, your treading in dangerous waters.
    I suggest instead you go with Aqua's megahit "Barbie Girl". You know:
    I'm a Barbie girl, in the Barbie world.
    Life in plastic, it's fantastic...

    Their copyright/trademark fair use cred was established when Mattel sued MCA records over dilution of the Barbie trademark. Mattel's claim that the song made Barbie into a sex object was especially funny considering Barbie herself is closely based on the German "Bild Lilli" doll. In the cartoon strip in which Bild Lilli first appeared she was very much akin to a call girl. The judge cemented the claim to fame for this case by dismissing the suit, and the counter suit, while saying "The parties are advised to chill."

  • Dec 18th, 2015 @ 10:10am

    (untitled comment)

    Back in the late 90s, I was working for a company that made network switches. I was a software engineer and only once visited a customer site to debug a difficult problem. The VP of engineering came with me and we brought a couple of spare switches to help in debugging. The site was Livermore National Laboratories, in particular, the group that oversaw the National Ignition Facility (you know, the big building filled with massive lasers that was supposed to be used for controlled fusion but ended up just as a way of testing nuclear weapon design). During our visit, with their head IT guy present, we found that the password had been set for one of our spare switches and no one there knew it. The other engineer who came with us mentioned there was a backdoor, a hard-coded password, to gain administrative control. I was unaware of that despite knowing most of the code. Both that engineer and the VP seemed not to be fazed by the existence of a backdoor. I desperately tried to change the subject while entering the hard-coded password. When we got back I immediately changed the code to eliminate the backdoor. My point is that the backdoor was introduced just as a convenience for the development engineers who weren't terribly concerned about security repercussions. I am not dismissing the possibility that Juniper's backdoor was introduced for nefarious reasons. If the code is designed to allow access to VPN keys once you have administrative access, it is conceivable that this backdoor was an ill-advised convenience rather than intentionally set for allowing surreptitious surveillance.

  • Sep 15th, 2015 @ 10:47am

    Re: Re: Re:

    Sorry, to make that more clear, fair use in trademark is different from fair use in copyright. Nominative (trademark) fair use must avoid a suggestion of sponsorship or endorsement. It is irrelevant whether this video is a parody or not because there appears to be no copyrights, owned by BMORG, that are applicable. The video has to be explicit that Quiznos is not being endorsed by BMORG.

  • Sep 15th, 2015 @ 10:10am

    Re: Re:

    Fair use is only applicable to copyrights, not trademarks.

  • Sep 14th, 2015 @ 3:14pm

    (untitled comment)

    "There was no intellectual property infringed in this ad"

    I agree that BMORG has abused copyright law, but the video contains two registered trademarks, the phrase "burning man" and the burning man logo, and I think there may be infringement there. Apart from the video being a parody of the burning man festival it is, at it's core, an ad for Quiznos sandwiches. The juxtaposition of the two trademarks with the Quiznos sandwiches could imply an endorsement of Quiznos by BMORG. There is nothing in the video that explicitly says there is no such endorsement. If one didn't know that BMORG absolutely refuses any such endorsements, one might believe it to be an endorsement, despite the parody nature of the video.

  • Aug 14th, 2015 @ 2:34pm

    (untitled comment)

    I will point out that when Thomas Kinkade ("Painter of Light") died in 2012, there was a bitter battle between his live-in girlfriend and his ex-wife, the controller of the Thomas Kinkade Trust. one aspect of that battle was that Nanette Kinkade, the ex-wife, asked for, and was granted, a temporary injunction prohibiting the girlfriend, Amy Pinto-Walsh from discussing pretty much anything to do with Thomas Kinkade, his art factory, or his ex-wife. Meanwhile, Nanette was free to make any public criticism she wished to.

    "Santa Clara County Superior Court Judge Patricia M. Lucas signed the order on April 16 prohibiting Amy Pinto-Walsh from making statements or engaging in conduct that has the effect of defaming, criticizing, disparaging or discrediting Kinkade, his widow Nanette Kinkade, or any company owned by Kinkade" b614ff19

    This most certainly is prior-restraint and it was applied to only one side in a court battle. The justification for it was that the girlfriend had signed a non-disclosure agreement, the same one that all employees of the art factory had to sign. As far as I could tell, the reason for this part of the NDA was to protect Thomas Kinkade's reputation as a devout and good Christian since sales of his paintings to his Christian devotees relied upon this. In reality he was a philandering alcoholic prone to wild behavior while drunk. For example:

    And then there is Kinkade's proclivity for "ritual territory marking," as he called it, which allegedly manifested itself in the late 1990s outside the Disneyland Hotel in Anaheim.
    "This one's for you, Walt," the artist quipped late one night as he urinated on a Winnie the Pooh figure, said Terry Sheppard, a former vice president for Kinkade's company, in an interview.

    What really bothers me is if this type of prior-restraint becomes accepted. A NDA for a personal relationship is an abuse of the power/wealth imbalance and is outrageous.

    The community local to Thomas Kinkade engaged in a lively and colorful debate in the Los Gatos Patch. If you have the time, it is entertaining as well as informative. An example of the terms used on each side are; "thuggish Christian witches" and "gold-digging whore".

  • Jul 30th, 2015 @ 4:01pm


    This is the actual quote by DA Mike Ramos at the press conference yesterday:

    “I just want you to know, that if an intentional act of a drone was to cause one of these wonderful men and women fighting fires to go down and be injured or killed, or another civilian on the ground, we will prosecute you for murder. I need you to know that,” Michael Ramos said.

    This statement is less ambiguous than the paraphrasing done in the press release.

  • Jul 30th, 2015 @ 3:50pm

    (untitled comment)

    The DA is being intentionally ambiguous. What he really means is that he will file murder charges in the situation where a drone actually collides with an aircraft and causes any of the aircraft crew to die or if anyone on the ground is hit. This is the only legally reasonable way that one could convict on a murder charge. The DA is hoping potential drone flyers will ingest the ambiguity without thinking too critically about it. It is far too remote a connection to say that, because grounded planes allowed a fire controlled by hugely unpredictable factors to grow larger and sometime later (even days later) someone was killed by the fire because you flew a drone in the area.

  • Jul 20th, 2015 @ 7:13pm

    potential culprits

    1). insider, or former insider, seeking vengeance.
    2). angry, vindictive, cheated upon female with mad h@xor skillz. (that may be sexist, but, according today's AMA by a former Avid Life Media employee, it was only angry females who contacted them or showed up at the, guarded, front door in Toronto.
    3). moralizing religious hacktivist.
    4). opportunistic hacker doing it for the Lulz.

    "Avid Life Media runs Ashley Madison, the internet's #1 cheating site, for people who are married or in a relationship to have an affair. ALM also runs Established Men, a prostitution/human trafficking website for rich men to pay for sex, as well as cougar life, a dating website for cougars, man crunch, a site for gay dating, swappernet for swingers, and the big and the beautiful, for overweight dating."

    The moralizing, as evidenced in their statement (, seems inconsistent. Their main goal is shutting down both the Ashley Madison and Established Men websites. However, they also publish the usertable for Swappernet with the rationale that this was the only site with cleartext passwords contained in the database. So, they are going after swingers, but only partially, and leaving the gay folk alone. The Ashley Madison site also requires females to sign up for this to work at all. The male/female ratio is heavily skewed towards males, especially after deleting the constant influx of bogus female accounts meant to drive traffic to webcam girls. However, that still means there are real females on the site looking for a very discreet affair. One would assume they are cheaters also. Yet, their statement contains this sentence:

    "Too bad for those men, they're cheating dirtbags and deserve no such discretion."

    What about the cheating dirtbags who are females? That may point to an angry, vindictive female hacker but I am confused by their strategy. They didn't dump the entire Ashley Madison database. They didn't even just dump only the males on that database. They are releasing the details on one account per day until both the Ashley Madison and Established Men sites are shut down. I would think that releasing the data all at once would effectively shut down those websites without the power trip game/drama. This is the main reason I am leaning towards a vengeful insider as the culprit. Their statement includes stuff that appears to be personal:

    "Well Trevor [ALM's CTO], welcome to your worst fucking nightmare."

    "And it was easy. For a company whose main promise is secrecy, it's like you didn't even try, like you thought you had never pissed anyone off"

    Yet, there is the following statement as well.

    "Our one apology is to Mark Steele (Director of Security). You did everything you could, but nothing you could have done could have stopped this."

    The tone, and inconsistency, of those two statements reeks of anger and bragging. It certainly does not fit a purely moralizing hacktivist.

    Finally, the name "Impact Team" was probably inspired by the recent "Hacking Team" exploits. I can't help but notice though that the acronym is "IT". If, in fact, a former member of ALM's IT department is seeking revenge than ALM probably already has a good idea who it is. Although, like most companies, they will attempt to keep all details secret while reassuring their paid subscribers that everything will soon be OK.

More comments from aldestrawk >>