aldestrawk’s Techdirt Profile


About aldestrawk

aldestrawk’s Comments comment rss

  • Jan 15th, 2016 @ 12:07pm

    Bieber and the Fairuseanalists

    I think the beliebers would burn you at the stake for heresy if you usurped their messiah for the Fairuse-Analists. That might be forgiven if Bieber became a martyr by being actually imprisoned for uploading his own songs. Until then, your treading in dangerous waters.
    I suggest instead you go with Aqua's megahit "Barbie Girl". You know:
    I'm a Barbie girl, in the Barbie world.
    Life in plastic, it's fantastic...

    Their copyright/trademark fair use cred was established when Mattel sued MCA records over dilution of the Barbie trademark. Mattel's claim that the song made Barbie into a sex object was especially funny considering Barbie herself is closely based on the German "Bild Lilli" doll. In the cartoon strip in which Bild Lilli first appeared she was very much akin to a call girl. The judge cemented the claim to fame for this case by dismissing the suit, and the counter suit, while saying "The parties are advised to chill."

  • Dec 18th, 2015 @ 10:10am

    (untitled comment)

    Back in the late 90s, I was working for a company that made network switches. I was a software engineer and only once visited a customer site to debug a difficult problem. The VP of engineering came with me and we brought a couple of spare switches to help in debugging. The site was Livermore National Laboratories, in particular, the group that oversaw the National Ignition Facility (you know, the big building filled with massive lasers that was supposed to be used for controlled fusion but ended up just as a way of testing nuclear weapon design). During our visit, with their head IT guy present, we found that the password had been set for one of our spare switches and no one there knew it. The other engineer who came with us mentioned there was a backdoor, a hard-coded password, to gain administrative control. I was unaware of that despite knowing most of the code. Both that engineer and the VP seemed not to be fazed by the existence of a backdoor. I desperately tried to change the subject while entering the hard-coded password. When we got back I immediately changed the code to eliminate the backdoor. My point is that the backdoor was introduced just as a convenience for the development engineers who weren't terribly concerned about security repercussions. I am not dismissing the possibility that Juniper's backdoor was introduced for nefarious reasons. If the code is designed to allow access to VPN keys once you have administrative access, it is conceivable that this backdoor was an ill-advised convenience rather than intentionally set for allowing surreptitious surveillance.

  • Sep 15th, 2015 @ 10:47am

    Re: Re: Re:

    Sorry, to make that more clear, fair use in trademark is different from fair use in copyright. Nominative (trademark) fair use must avoid a suggestion of sponsorship or endorsement. It is irrelevant whether this video is a parody or not because there appears to be no copyrights, owned by BMORG, that are applicable. The video has to be explicit that Quiznos is not being endorsed by BMORG.

  • Sep 15th, 2015 @ 10:10am

    Re: Re:

    Fair use is only applicable to copyrights, not trademarks.

  • Sep 14th, 2015 @ 3:14pm

    (untitled comment)

    "There was no intellectual property infringed in this ad"

    I agree that BMORG has abused copyright law, but the video contains two registered trademarks, the phrase "burning man" and the burning man logo, and I think there may be infringement there. Apart from the video being a parody of the burning man festival it is, at it's core, an ad for Quiznos sandwiches. The juxtaposition of the two trademarks with the Quiznos sandwiches could imply an endorsement of Quiznos by BMORG. There is nothing in the video that explicitly says there is no such endorsement. If one didn't know that BMORG absolutely refuses any such endorsements, one might believe it to be an endorsement, despite the parody nature of the video.

  • Aug 14th, 2015 @ 2:34pm

    (untitled comment)

    I will point out that when Thomas Kinkade ("Painter of Light") died in 2012, there was a bitter battle between his live-in girlfriend and his ex-wife, the controller of the Thomas Kinkade Trust. one aspect of that battle was that Nanette Kinkade, the ex-wife, asked for, and was granted, a temporary injunction prohibiting the girlfriend, Amy Pinto-Walsh from discussing pretty much anything to do with Thomas Kinkade, his art factory, or his ex-wife. Meanwhile, Nanette was free to make any public criticism she wished to.

    "Santa Clara County Superior Court Judge Patricia M. Lucas signed the order on April 16 prohibiting Amy Pinto-Walsh from making statements or engaging in conduct that has the effect of defaming, criticizing, disparaging or discrediting Kinkade, his widow Nanette Kinkade, or any company owned by Kinkade" b614ff19

    This most certainly is prior-restraint and it was applied to only one side in a court battle. The justification for it was that the girlfriend had signed a non-disclosure agreement, the same one that all employees of the art factory had to sign. As far as I could tell, the reason for this part of the NDA was to protect Thomas Kinkade's reputation as a devout and good Christian since sales of his paintings to his Christian devotees relied upon this. In reality he was a philandering alcoholic prone to wild behavior while drunk. For example:

    And then there is Kinkade's proclivity for "ritual territory marking," as he called it, which allegedly manifested itself in the late 1990s outside the Disneyland Hotel in Anaheim.
    "This one's for you, Walt," the artist quipped late one night as he urinated on a Winnie the Pooh figure, said Terry Sheppard, a former vice president for Kinkade's company, in an interview.

    What really bothers me is if this type of prior-restraint becomes accepted. A NDA for a personal relationship is an abuse of the power/wealth imbalance and is outrageous.

    The community local to Thomas Kinkade engaged in a lively and colorful debate in the Los Gatos Patch. If you have the time, it is entertaining as well as informative. An example of the terms used on each side are; "thuggish Christian witches" and "gold-digging whore".

  • Jul 30th, 2015 @ 4:01pm


    This is the actual quote by DA Mike Ramos at the press conference yesterday:

    “I just want you to know, that if an intentional act of a drone was to cause one of these wonderful men and women fighting fires to go down and be injured or killed, or another civilian on the ground, we will prosecute you for murder. I need you to know that,” Michael Ramos said.

    This statement is less ambiguous than the paraphrasing done in the press release.

  • Jul 30th, 2015 @ 3:50pm

    (untitled comment)

    The DA is being intentionally ambiguous. What he really means is that he will file murder charges in the situation where a drone actually collides with an aircraft and causes any of the aircraft crew to die or if anyone on the ground is hit. This is the only legally reasonable way that one could convict on a murder charge. The DA is hoping potential drone flyers will ingest the ambiguity without thinking too critically about it. It is far too remote a connection to say that, because grounded planes allowed a fire controlled by hugely unpredictable factors to grow larger and sometime later (even days later) someone was killed by the fire because you flew a drone in the area.

  • Jul 20th, 2015 @ 7:13pm

    potential culprits

    1). insider, or former insider, seeking vengeance.
    2). angry, vindictive, cheated upon female with mad h@xor skillz. (that may be sexist, but, according today's AMA by a former Avid Life Media employee, it was only angry females who contacted them or showed up at the, guarded, front door in Toronto.
    3). moralizing religious hacktivist.
    4). opportunistic hacker doing it for the Lulz.

    "Avid Life Media runs Ashley Madison, the internet's #1 cheating site, for people who are married or in a relationship to have an affair. ALM also runs Established Men, a prostitution/human trafficking website for rich men to pay for sex, as well as cougar life, a dating website for cougars, man crunch, a site for gay dating, swappernet for swingers, and the big and the beautiful, for overweight dating."

    The moralizing, as evidenced in their statement (, seems inconsistent. Their main goal is shutting down both the Ashley Madison and Established Men websites. However, they also publish the usertable for Swappernet with the rationale that this was the only site with cleartext passwords contained in the database. So, they are going after swingers, but only partially, and leaving the gay folk alone. The Ashley Madison site also requires females to sign up for this to work at all. The male/female ratio is heavily skewed towards males, especially after deleting the constant influx of bogus female accounts meant to drive traffic to webcam girls. However, that still means there are real females on the site looking for a very discreet affair. One would assume they are cheaters also. Yet, their statement contains this sentence:

    "Too bad for those men, they're cheating dirtbags and deserve no such discretion."

    What about the cheating dirtbags who are females? That may point to an angry, vindictive female hacker but I am confused by their strategy. They didn't dump the entire Ashley Madison database. They didn't even just dump only the males on that database. They are releasing the details on one account per day until both the Ashley Madison and Established Men sites are shut down. I would think that releasing the data all at once would effectively shut down those websites without the power trip game/drama. This is the main reason I am leaning towards a vengeful insider as the culprit. Their statement includes stuff that appears to be personal:

    "Well Trevor [ALM's CTO], welcome to your worst fucking nightmare."

    "And it was easy. For a company whose main promise is secrecy, it's like you didn't even try, like you thought you had never pissed anyone off"

    Yet, there is the following statement as well.

    "Our one apology is to Mark Steele (Director of Security). You did everything you could, but nothing you could have done could have stopped this."

    The tone, and inconsistency, of those two statements reeks of anger and bragging. It certainly does not fit a purely moralizing hacktivist.

    Finally, the name "Impact Team" was probably inspired by the recent "Hacking Team" exploits. I can't help but notice though that the acronym is "IT". If, in fact, a former member of ALM's IT department is seeking revenge than ALM probably already has a good idea who it is. Although, like most companies, they will attempt to keep all details secret while reassuring their paid subscribers that everything will soon be OK.

  • Jul 20th, 2015 @ 5:50pm

    (untitled comment)

    Note: "the company takes every measure possible to ensure the safety of their members' information...." Or, maybe not.

    Of course they did! Even the hacker(s) at Impact Team say so in their statement:

    "Our one apology is to Mark Steele (Director of Security). You did everything you could, but nothing you could have done could have stopped this."

  • Jun 17th, 2015 @ 10:22pm

    Re: Re: Would you like to play a game? let's play chicken.

    Speed is a very important factor in the decision to swerve. If you're going 60 mph that maneuver to avoid a deer will likely cause your vehicle to roll. The problem is, unless you have trained specifically for such maneuvers, your split second decision may not take into account the speed your going. Also, if you had somebody too close behind you, their actions might kill you. It's all very hard to predict.

  • Jun 17th, 2015 @ 7:31am


    Control freak! Just learn to relax and let Skynet handle all the driving. Seriously, even if the autonomous cars did occasionally cause accidents, there would still be far fewer than those caused by humans. This produces the least overall harm. You are just worried that your car will kill you and your family and you'll be innocent victims without another human to blame.

  • Jun 17th, 2015 @ 7:10am

    Would you like to play a game? let's play chicken.

    "...calculating the possible trajectory of two cyclists blotto on Pabst Blue Ribbon and crystal meth."

    This is the real question of interest. I cannot see a scenario where there is a greater/lesser evil choice in an unavoidable accident. Cars have brakes and are supposed to allow enough distance to brake without colliding in the event of unforeseen incidents. Humans often makes things worse, for themselves and others, by veering or veering and braking at the same time. The autonomous vehicle should be able to sense that the braking system is functional.

    If you really want to test the ability of software to take action that will produce the least harm, have it play modified games of chicken (real or virtual). Chicken, both with other traffic and without, where the opposing driver's actions are unpredictably:
    1). completely random.
    2). distracted for a random amount of time before realizing that a collision must be avoided.
    3). evilly intent on causing an accident no matter what you do.
    I think you'll find that most of the time braking without veering produces the least harm. There may be some narrow situations where you can avoid a collision. However, if there are multiple cars veering things can get unpredictably ugly.

    A case in point: the Bruce/Caitlyn Jenner crash from last February. In this multiple car accident, Jenner was the person primarily at fault. However, Kim Howe, the woman who was killed driving the Lexus, had just started to veer into the center lane while braking to avoid hitting the Prius. When Jenner's Cadillac hit the Lexus it was propelled in the direction the front wheels were aligned. This meant the Lexus traveled across the center lane into the opposing lane. If Howe had not veered she would have been forcibly rammed into the Prius in front of her. At the moment of the first impact, the Cadillac was going 38 mph and the Lexus about 19 mph. That would have been a very survivable accident, perhaps without any serious injury.

  • Jun 15th, 2015 @ 7:49am

    58,000 files?

    Again, it is repeated that Miranda was carrying 58,000 documents. You might imagine that the forensic techs working for the UK government simply counted all the encrypted files. It is not very likely these files were just sitting there individually encrypted. The whole set was probably doubly encrypted by putting all these individual files into an encrypted drive or volume. In fact Greenwald et al. used TrueCrypt which is oriented to encrypting entire drives. There would be no way then to know, even the approximate, number of files contained in that volume(s).
    I am surprised the Sunday Times did not mention that Miranda was found to have a written password on him. When the UK government mentioned this they were clearly hinting that the password was capable of decrypting the supposed 58,000 files. In an article based on the Sunday Times story, Business Insider did mention this password:

    Of course, the UK government was just hinting at that when, in fact, that password was unrelated to the encryption of any files obtained from Snowden. This was an attempt to show the journalists (and couriers) who were handling these sensitive files were practicing poor operational security. The disclosure that China and Russia have access to the entire cache of unencrypted documents obtained by Snowed. may be a further attempt by the UK not just to smear Snowden, but to use their apparent failure at operational security to justify detaining, or even arrest of, any of the journalists who have access to these files or to confiscate any computer or device they can find that holds those encrypted files.

  • May 28th, 2015 @ 8:00am

    Re: Not an overreaction...

    I'll bet you that there were, at least, several other objects in that car related to cooking. Objects, the police are being coy about describing now. Also, it would have been awfully easy to cover the pressure cooker so it was not easily visible. Same potential danger. Any terrorist who isn't a total moron would have covered it up. If a terrorist merely put a detonator on the gas tank that could be as dangerous. My point is that common sense would direct you to looking at the entirety of the situation. After all, restaurant kitchens are being invaded to destroy all pressure cookers. Also, why couldn't they have contacted the owner first, while maintaining a cordoned off area around the vehicle?

  • May 28th, 2015 @ 7:45am

    Re: Wrong - blowing up potential bombs is standard practice

    "dangerous objects" are left behind in all sorts of public places every day. Law enforcement has to balance detonating every single one of these against what is potentially a real threat. It's paranoia versus common sense. I do give our government, and local police forces, some credit for not blowing up any and all shoes left unattended in public playgrounds.

  • May 28th, 2015 @ 7:38am


    "Also not sure how the officials justified a 'driving after revocation' charge..."

    This is why any lawyer will recommend you never, ever, talk to the police. When they interviewed this guy he probably admitted to driving his vehicle and parking it with the leaky explosive device (i.e. gas tank + engine) attached to it. Of course, he had to balance the possibility of being held indefinitely as a material witness while refusing to cooperate against admitting to actually driving the vehicle.

  • May 27th, 2015 @ 2:09pm


    The crime that was actually prosecuted was a portion of the CFAA, unauthorized access of a protected computer in a way that caused "impairment" of said computer. The perpetrators lived in two different states, California and Maryland, so it seems quite appropriate that the FBI was called in and it was prosecuted under federal law.
    What is more disturbing than this is how the FBI raided, and arrested, numerous individuals for letting their computers be involved in the DDOS attacks organized by Anonymous. It shows how flexible the CFAA is and how unfair the penalties are for crimes that become suddenly much more serious when they involve a computer.

  • May 27th, 2015 @ 1:54pm

    Re: Re:

    If you read the Fusion article that is linked to here, the prosecutor is quoted as saying "[they] pled guilty last year to misdemeanor “unauthorized impairment of a protected computer.” Tim's article is misleading with respect to that. I think the question of "theft" is what the prosecutor was interested in talking about because it is new territory. The prosecutor was a federal prosecutor, so I assume the law involved was part of the CFAA. Given that, an additional crime of fraud would be applicable if the victim suffered some sort of loss. Maybe that loss, being virtual, can be considered more of a loss of a service than loss of a real item.

  • May 19th, 2015 @ 5:20pm

    IFE network is connected to the Avionics networks

    After reading the comments, I see there is some skepticism here about the fact that, on more modern aircraft, the IFE network shares the same network cabling as the avionics network(s). It is true. This was done to save weight despite the fact that you can no longer use the best security, which is a air-gapped networks. The aircraft manufacturers, such as Boeing, claim that the security they have in place in sufficient. They claim that even if a passenger laptop is connected to the IFE, no packets can be injected into the avionics networks. They probably have a network switch which is set to filter out any packets coming from the boxes under the passenger seats. What they probably really mean is that no conversations can be initiated from the seats as a lot of common protocols, including those used for the IFE, involve packets sent from these seats. Such a system can be secure, but I would be very nervous about proclaiming this set up to actually be secure. One of the possible vulnerabilities are commands to the network switches themselves to change the filtering.

    Not only is there common cabling between the networks, but the manufacturers have moved away from a proprietary protocol stack and are using TCP/IP on top of a modified Ethernet protocol. This allows someone, with a little knowledge, to connect their laptop to the box underneath the seat. [Please note, Timothy Geigner, that this does not involve the WI-FI network] Undoubtedly, the FAA, and the aircraft manufacturers, have put some effort into assuring passengers can't affect any of the avionics controls or sensors. The question is, have they done enough? Since the industry is also relying on security through obscurity by keeping the details secret, it makes it hard for independent researchers to confirm this.

More comments from aldestrawk >>