elemecca’s Techdirt Profile

elemecca

About elemecca




elemecca’s Comments comment rss

  • Aug 26th, 2016 @ 12:40pm

    One plan to rule them all

    Initially, I assume both T-Mobile and Sprint will try to argue that this isn't that big of a deal, because users can always switch to metered plans that don't involve charging you more money for un-throttled services. At least until those other plans quietly disappear over a period of months, and paying a premium to actually use content the way it was intended is all the consumer has to choose from.


    T-Mobile has already done it. Starting September 6th, T-Mobile One is their only plan. You won't be able to sign up for or switch to a metered plan. Existing customers get to keep their plans for now, but we've seen how that goes with AT&T's continuing war on their grandfathered unlimited customers.

  • Mar 16th, 2016 @ 12:37pm

    Re: And now for the bad news...

    Why, yes, I would be happy to pay more (even substantially more) for an Internet connection unencumbered by technically nonsensical restrictions designed to protect the revenue streams of legacy products from the same company. I would much prefer that my ISP offer unbundled Internet access at a price that reflects their actual costs, rather than subsidize their Internet service with the profits from services I neither want nor need and then attempt to force me to use those services.

  • Feb 16th, 2016 @ 7:08pm

    Re: or maybe it's more calculated than it appears...


    And Apple is not likely to say "Yeah, we can write this backdoor brute-force buddy software" because that would mean that someone else could write that software, which would mean that Apple's encryption now has a known point of potential compromise. So Apple will say it can't write that software. And then the US Attys will hopefully shut up about it already.


    This isn't entirely true: as noted in the order, any OS-level software to be run on an iPhone needs to be signed by a cryptographic key held only by Apple unless it exploits a vulnerability in the phone's existing software to install itself (i.e. jailbreaking). It is therefore much easier for Apple to provide this kind of modified software than for a third party. The signature requirement also means that if, as requested in the order, Apple makes the putative custom OS image check the device ID of its host to ensure that it's running on the target device, that check will have teeth because if it's edited out the signature will no longer be valid.

    Also, the modified software wouldn't actually weaken the disk encryption scheme itself. It would make it easier to attack weaknesses in the user's choice of key on this particular device, but if the user chose a decent password a brute-force search would still take prohibitively long.

    Of course, that doesn't really change the likelihood of Apple complying with this order without a fight. It just affects your reasoning as to their motivations.

  • Feb 12th, 2016 @ 2:43pm

    Re: Re: Re: Stuart Gibson, partner

    I'm pretty sure it's intended as a Vi/Vim command, where a colon begins a command and then the s command behaves much like it does in sed.

  • Jan 6th, 2016 @ 3:32pm

    Re:

    Ad blocking via DNS remapping (which is what modifying the hosts file does) isn't easily distinguished from real network issues, but it's certainly detectable.

    While it may not be what they're doing now, it's possible for them to require all of the ads to load before they display the page content. Depending on how much they're willing to impact page load performance, they could go as far as making it impossible to fetch the actual content without submitting tokens included in the ads. That would mean the user's browser would need to at least fetch, if not actually display, the ads in order to get the page content.

    That would impact their performance for users who don't block and would require significant additional resources and complexity on the server side, but that hasn't stopped people from using DRM before...

  • Feb 12th, 2015 @ 4:28pm

    (untitled comment)

    It's reality TV!

  • Dec 5th, 2014 @ 2:05pm

    Re: Apple checked...

    I assume that what they actually checked was the date of manufacture or the date the lot was shipped to the retailer. If either of those is after the cutoff their point stands.

  • Nov 9th, 2014 @ 4:25am

    Re: Re: We need TLS everywhere

    That's... just not true, at least for a properly set up TLS connection. They can't add to, remove from, or change anything that goes over a TLS channel in a way that either party will accept without knowing the session key. It doesn't just guarantee that nothing in a particular HTTP request will be altered, as you seem to imply. It guarantees that nothing sent over the TLS connection will be altered. Even were that not true, the header would need to be inserted into the middle of the user's HTTP request and would thus require alteration of the message itself.

    If Verizon has a CA cert that's trusted by mobile browsers they could be MITM-ing the TLS negotiation. That's even plausible for phones distributed by Verizon. If that were the case, though, it'd be called out by the researchers who've been reporting on this. We'd also see calls for it to be removed from the trust roots.

    Gumnos' concerns about TLS-stripping attacks are much more likely to be valid, although the particular case mentioned probably wasn't malicious.

  • Oct 16th, 2014 @ 12:46am

    Re:

    This isn't good so much because the judiciary will be able to toss out bad suits on their own (though that would be awesome). It's good because it means that the initial complaint the defendant gets served with has to tell them what they're accused of doing wrong. Right now it's not uncommon for defendants to not know which of their products or processes is accused of infringing which patent claims until discovery, hundreds of thousands of dollars into the suit. If this goes through they'll hopefully have the ammunition to get the suit dismissed much earlier in the process.

  • Apr 10th, 2014 @ 10:29pm

    Re: Re:

    IANAL, but I believe that the difference is one of scope. In the case of the Netherlands' writable media levy, the ECJ directly struck down the national law. The data retention directive, on the other hand, is a EU directive which implemented by local laws in each member state. Since the directive was struck down each state must re-examine their implementations and ensure they comply with the ruling. Until they do so or the laws are struck down directly they remain in force.

  • Mar 17th, 2014 @ 2:12am

    Re:

    Also worth knowing: if you append a + to a bit.ly link you get its stats page, which includes the target URL.

  • Nov 8th, 2013 @ 7:42pm

    Re:

    See, this is the kind of chilling effect we worry about. Canonical's trademark bullying has got him worried enough to subconsciously misspell their mark.

  • Oct 31st, 2013 @ 12:28pm

    Re: Gag Orders

    But American citizens and entities are bound by them anywhere in the world. A fully independent part of Level 3 operating from a foreign country bound to its American parent only by contract obligations would be (mostly) immune from American court orders. Anything that's legally part of the American company is within the jurisdiction of the American court system regardless of where in the world they operate.

  • Oct 10th, 2013 @ 9:50am

    Re: Re: Going to the source

    The browser vendors are relevant here because they exert strong market pressure on the CAs in their root store to have reasonable revocation policies. Since the majority of their customers are using their certificates to operate HTTPS web sites even one major browser removing their root certificate is a business-ending event for a CA.

  • Oct 10th, 2013 @ 9:46am

    Re: Possible out

    The certificate holder doesn't even have to say they're in breach of contract. They just need to push a CRL entry with reasonCode=keyCompromise. Most CAs are more than happy to revoke keys that have been compromised; especially since they'll often get to charge the customer to re-issue them.

  • May 31st, 2013 @ 5:17pm

    Re: What?

    We haven't quite gotten to the point that gag orders issued by the executive branch apply to a federal judge with specific jurisdiction. Yet.

  • Mar 16th, 2013 @ 7:15am

    Re: Copyright property

    This. A thousand times this. Indirection and the various derived objects it creates is something many, many people have trouble following.

    I have one gripe with your explanation, though. You set out to explain that the creative work itself is not and cannot be owned, but then you describe it using the terminology of property (including the word "own"). The copyright in a work does not grant ownership of the work. Rather, it grants a temporary, exclusive right to exploit some aspects of the work. Inasmuch as we have collectively agreed that such a right exists, its exclusivity makes it rivalrous and thus it can reasonably be owned and transferred as property. Even allowing for the existence of the exclusive right, however, the work itself remains non-rivalrous and thus cannot be property.

  • Feb 25th, 2013 @ 10:02pm

    Re: Security Expert

    I tried looking for other filings that might go into more detail, but they seem to be behind a paywall. Anyone with access interested enough to check?

  • Feb 25th, 2013 @ 9:58pm

    Re:

    Horrifically bad indeed. They apparently don't know about GET parameters. To find the case documents you have to go here and enter "BC495593" in the Case Number field at the bottom:

    http://lasuperiorcourt.org/CivilCaseSummary/index.asp

    I couldn't figure out a way to create a direct link. It seems to POST the case number to one page which then redirects you to the display page without passing along the case number. I guess it stores it in your session or a cookie or something.

  • Feb 25th, 2013 @ 9:47pm

    Security Expert

    ... concerning a security expert who pretended to be Plaintiff's lawyer and challenges to Dr. Glaser's diagnosis ...


    This seems like it would be an interesting story in and of itself, but the ruling makes no further mention of it.

More comments from elemecca >>