This system could be very secure from hacking. It doesn't require a newly invented solution. The general problem of one-way authentication has been solved already. However, it is unclear if the Federal Signal Corporation (the supplier for Dallas) has provided such security in its controllers for the siren systems. It is also unclear if either Dallas, or the contractor hired to maintain and repair the system have configured the controllers to have their highest security. It seems all this is likely to remain unclear because city authorities buy into "security through obscurity". Another issue is that officials want multiple, maybe non-technical folk, to be able to activate the sirens. Security may be compromised in the interest of simplicity.
Here is what we know. The hacker used a radio signal from within signal reach of a base controller. The hacker knew the codes to trigger every siren in the system which is achieved through radio relays. Each siren can be triggered individually or as part of a group. In this case the code for "all sirens" was used. The hacker continually sent signals to activate the sirens, thus overiding the officials who sent signals to turn the sirens off. The officials eventually changed something in authentication so the hacker could no longer activate the sirens. I am guessing how authentication works here. It may be possible that it was turned off entirely in Dallas. The simplest, and maybe only method, is to use a programmed fixed sequence of digits that represents an authentication code. I do know that Federal Signal controllers have that capability at least. However, the hacker in this case can use a replay attack. Herein, the hacker listens and records the signals used during a periodic system test. He, or she, simply plays back the same signal. The solution is to change the authentication code for every activation. Such a rolling-code system is used in many areas such as for unlocking cars and opening garage doors. Unfortunately, the companies that design such systems try to maintain secrecy and the cryptography doesn't get well vetted. I think all these systems had to be corrected once the system was already in the field. There are algorithms for rolling-code systems that don't suffer from known vulnerabilities. The user may have to configure that level of security to make sure they are protected.
Here is Trump's take on Wikileaks (circa 2010). This is from banter before an actual interview with Brian Kilmead on the "Kilmead and Friends" radio show. Kilmead is part of Fox and Friends on the Fox TV network. Kilmead mentions another guest will talk about Wikileaks. Trump says (about Wikileaks) "I think it is disgraceful. I think there should be, like, death penalty or something." https://www.youtube.com/watch?v=fDEDQFj9sFk
I was a teenager when "A Clockwork Orange" came out. Great film indeed! Do you recognize Darth Vader in that film (actor David Prowse)? The soundtrack was a great part of that movie. I had an early interest in electronic music started listening to "Switched on Bach" and the "Well Tempered Synthesizer" back in 1970. Wendy Carlos is one of the great electronic music pioneers. I do object to you bringing up the fact that she is transgender in a rather disdainful way. Firstly, it is entirely irrelevant to the discussion of whether her lawsuit has a valid legally valid claim of copyright infringement. Issues concerning transgenderism have been much in the news in the last couple of years. Wendy Carlos transitioned in 1968 but didn't come out publicly till 1979. She has never made a big issue of it and does not consider herself any sort of activist. So, she hasn't participated in the recent publicizing of transgender issues. This makes mentioning it all the more irrelevant in a discussion of fair use under copyright law.
Surely people here must recognize that a recorded performance of a public domain composition has a valid copyright in itself. Otherwise, why would any company try to sell recordings of classical music. Just the fact that the composition is in the public domain doesn't invalidate all copyright claims. Let's characterize all the 4 factors in this case even though Tim's focus in this article is that one of the 4 fair use factors is usually ignored.
1). the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes.
A parody short film freely available on Youtube. Profit doesn't seem to be the motive here but the parody addresses a very newsworthy occurrence. As Tim noted, the music background is not the subject of the parody. The musical piece is played in its entirety without any transformation.
2). the nature of the copyrighted work.
This is an original arrangement of a portion of a composition which is in the public domain. I don't know if the following is relevant to infringement considerations but in 1971 it took a lot of time to set up and record even an electronic piece that is only 1 minute 17 seconds long.
3). the amount and substantiality of the portion used in relation to the copyrighted work as a whole.
This recording of, an abridged, William Tell Overture is used in its entirety and is not changed at all from the original.
4). the effect of the use upon the potential market for or value of the copyrighted work.
I agree with Tim's point that this parody will not have any negative effect of the market or value of this Carlos' recording.
Overall, it seems the infringement claim is marginal but Serendip may win the lawsuit. I would advise Wendy Carlos to drop the lawsuit. Any of you can do this by writing to Wendy via this one-way mailbox: http://www.wendycarlos.com/write.html
When you are offering information about records for only 4 patients in which some minor details are already known, it is pretty much impossible to anonymize (de-indentify is the term used in HIPAA) those records. Pretty much any detail, including appointment times is considered Protected Health Information (PHI) in the context of releasing it publicly to a media outlet. The only defense would be if those details were already public from the patients themselves.
The attack on Biddle's mental health is not just an ad hominem attack. It is the basis for the 4th cause of action in the lawsuit. Here, it is assumed that Biddle's "abuse" of benzodiazepines and SSRIs are responsible for his "caustic and reckless" writing of articles. According to the lawsuit, Denton and Cook should have known that and continuing to employ him was negligent on their part.
Unless you're a scientologist, I don't see how using SSRIs can be termed abuse, much less responsible for the writing of caustic articles. I wonder if Biddle was using antidepressants and, if so, how Ayyadurai's lawyers knew of it (that's part of his medical history and covered by HIPAA).
“Shiva is the name of the lord of creation and destruction in the Hindu religion,” she says. “And Shiva” — her brother — “is truly the creator. He will fight for destruction if it means fighting for justice. And he will die in that fight for justice, at any cost.”
The "fight for destruction" sounds ominous. I am not sure what she means by that. I kind of feel sorry for Shiva Ayyadurai as loss of this suit will destroy him. I can't understand his obsession with being recognized as the inventor of email. He could still use his mind to create innovative things.
"The lifeblood of the criminal justice system has always been witness testimony. Now however, with witness intimidation, the cell phone data mine from these phones of victims, witnesses, and criminals, the cellphone now, and its data, have become our lifeblood."
So, Mike, it is unfair of you to say that the police fail to do their jobs when, as DA Moore explain, witness intimidation has become so rampant that cellphone data must now take its place.
I am thinking more and more that the exploit was a lie and the FBI appears to be fine tuning that lie to use it for maximum advantage. When public opinion and, just as importantly, their legal case didn't seem to be going their way, suddenly they have an exploit and don't need Apple's help. The lie appears so perfect! I'm imagining a conversation a wily teenager is having with his skeptical dad.
I thought you said there was no way to do this without Apple's help?
Uhm, that's still true. This secret hacker company figured it out and only told us at the last minute. I can't tell you who they are and I won't tell you any details about the exploit because, you know, National Security.
Didn't you say it would only work on that one specific phone?
Yeah, sorry about the ambiguity. I meant that one type of phone.
Will you ever tell Apple any details about this exploit?
Since the exploit only applies to this one version, it affects only a small percentage of their phones and that percentage will be getting less and less over time. Anyway, Apple has already fixed it and the exploit is still useful to us because, you know, National Security. so I don't think I really should tell Apple the details.
Will you help other law enforcement agencies with their cases using this exploit?
Of course, I'll always help my law enforcement brethren when I can. That is, when the phone, hardware and software just matches this one, and the case involves, you know, National Security in some way. Cause I really don't want to have the details revealed in court.
I wonder if the FBI has hired some smart teenagers to be part of a Tailored Lie Operations Group. One thing that is a bit comforting is that their doesn't appear to be a known exploit to crack the data encryption itself. So, if the exploit is a way to bypass the limits on guessing the passcode, then the data can still be protected with a good choice of passcode. If you choose a random 7 character (alphanumeric using only lower case letter plus 10 digits) it will take 99 years on average to brute force the passcode.
Thanks for pointing that out I hadn't read that. However, is that really how the display works? It shows you how many digits, or characters, the password is before you enter it? If so, that is a security weakness in itself. At any rate, once the 10 guess limit is bypassed, it doesn't really matter whether the passcode was four digits or six. Both are doable in a reasonable amount of time. If Farook's passcode was four alphanumeric characters, then let's calculate how long that would take to crack. ((36 ^ 4) * .08s) / 3600) = 37 hours max or 18.5 hours on average. Just one more character, 5 total, would take a month to crack on average. Still doable, but a pain.
The minimum passcode length is four digits but the default is six digits and probably is the length Farook used on this iPhone. Each attempt requires 80 milliseconds to execute on the iPhone. Yes, it is intentionally slow. If he used just a six digit passcode there are 1 million possibilities which would take (1,000,000 x .08s) or 22 hours to crunch through all possibilities without taking into account extra time needed if the method wasn't just a program supplying attempts directly to the iPhone without interruption. The average time to crack the passcode, given this scenario, is 11 hours. However, if a six character alphanumeric passcode was used, it would take more than two years on average to crack the passcode. So, the level of security seems to now lie with the user's choice of passcode.
This article ought to have mentioned that any code used to update an Apple iPhone has to be digitally signed. Only Apple has the key necessary to sign such code. The FBI has not asked for that key and they will not be required to release it. This is the whole reason the FBI wants to compel Apple to write code that defeats their own security. The FBI may be capable of writing such code but they can't update an iPhone with their version. The FBI also asked Apple to make the update work on only the one iPhone in question. The way to do this is have the update check for one or more of the unique Ids used only on that particular phone (e.g UUID, serial #, cell IMEI, Bluetooth and WI-FI MAC addresses). The presence of a digital signature also means that the FBI, or anyone besides Apple, cannot alter the code even if they had a copy of the, un-compiled, source code. So, what's all the worry about then? I don't know the particulars of where, and how, these unique are stored on the iPhone. What may be possible though is to spoof these Ids to make another iPhone appear to be the one used by the San Bernardino terrorists. Another possible weakness is that every time a small change is made in the digitally signed code, it becomes easier to crack the key. A multitude of law enforcement agencies getting a new version for each case may allow the signing key to be discovered. I don't know if that is realistic in this instance, but it is something that should be looked at.
I think the beliebers would burn you at the stake for heresy if you usurped their messiah for the Fairuse-Analists. That might be forgiven if Bieber became a martyr by being actually imprisoned for uploading his own songs. Until then, your treading in dangerous waters. I suggest instead you go with Aqua's megahit "Barbie Girl". You know: I'm a Barbie girl, in the Barbie world. Life in plastic, it's fantastic... https://www.youtube.com/watch?v=ZyhrYis509A
Their copyright/trademark fair use cred was established when Mattel sued MCA records over dilution of the Barbie trademark. Mattel's claim that the song made Barbie into a sex object was especially funny considering Barbie herself is closely based on the German "Bild Lilli" doll. In the cartoon strip in which Bild Lilli first appeared she was very much akin to a call girl. The judge cemented the claim to fame for this case by dismissing the suit, and the counter suit, while saying "The parties are advised to chill."
Back in the late 90s, I was working for a company that made network switches. I was a software engineer and only once visited a customer site to debug a difficult problem. The VP of engineering came with me and we brought a couple of spare switches to help in debugging. The site was Livermore National Laboratories, in particular, the group that oversaw the National Ignition Facility (you know, the big building filled with massive lasers that was supposed to be used for controlled fusion but ended up just as a way of testing nuclear weapon design). During our visit, with their head IT guy present, we found that the password had been set for one of our spare switches and no one there knew it. The other engineer who came with us mentioned there was a backdoor, a hard-coded password, to gain administrative control. I was unaware of that despite knowing most of the code. Both that engineer and the VP seemed not to be fazed by the existence of a backdoor. I desperately tried to change the subject while entering the hard-coded password. When we got back I immediately changed the code to eliminate the backdoor. My point is that the backdoor was introduced just as a convenience for the development engineers who weren't terribly concerned about security repercussions. I am not dismissing the possibility that Juniper's backdoor was introduced for nefarious reasons. If the code is designed to allow access to VPN keys once you have administrative access, it is conceivable that this backdoor was an ill-advised convenience rather than intentionally set for allowing surreptitious surveillance.
Sorry, to make that more clear, fair use in trademark is different from fair use in copyright. Nominative (trademark) fair use must avoid a suggestion of sponsorship or endorsement. It is irrelevant whether this video is a parody or not because there appears to be no copyrights, owned by BMORG, that are applicable. The video has to be explicit that Quiznos is not being endorsed by BMORG.