mister anderson 's Techdirt Comments
Latest Comments (25)
-
On the post: Funniest/Most Insightful Comments Of The Week At Techdirt
-
On the post: IRS Drops Forfeiture Case, Returns $107,000 Taken In Bogus 'Structuring' Prosecution
mister anderson ( profile ), 15 May, 2015 @ 08:57pmRe: Asset Forfeiture
Hate to play devil's advocate here, but the Constitution only prohibits unreasonable seizures. It all comes down to your definition of what a reasonable seizure is.
Personally, I think that proving reasonableness in a court of law (e.g. due process of law) should be a minimum threshold. Even showing evidenciary support prior to seizing property would be a step in the right direction. -
On the post: Pentagon: What Happens In Vegas… Is Apparently Charged To Defense Dept. Credit Cards
mister anderson ( profile ), 13 May, 2015 @ 10:27pmRe: Backing up the DoD A.C.
Perhaps it is just my base, but I've been called in on the carpet in the past for a potentially unauthorized charge on my travel card. Was a tad freaked until I found out that it was just a ridiculous billing department delay. I had locked my keys in a rental car while on travel and it took them 6 months to bill my card for sending out a roadside assistance to unlock the car.
As I said, perhaps it is just my base, but they keep a close eye on things where I work.
To amplify what Former Fed said, I can tell you how we work travel at my base. Lodging, Airfare (plus bagage fees, if applicable), and rental car are all fully paid for. Other expenses are paid for out of a per diem allowance. If you use the travel card for incidental expenses, you have to provide receipts. However, you can elect to pay for the incidental expenses out of pocket and receive the per diem amount as a lump sum at the conclusion of the travel. If you charge expenses in excess of per diem, you are required to make it up.
When I signed up for my travel card, I signed an agreement that indicated that I am solely responsible for the charges on the card. The contractor will take me to court prior to charging my organization, at least to the best of my knowledge. -
On the post: If Virginia Elections Weren't Hacked, It's Only Because No One Tried
mister anderson ( profile ), 17 Apr, 2015 @ 07:50amRe: Re: Voter IDs
I'd say it depends on the ID used. Take, for example, the DoD Common Access Card. It contains a smart card chip that has an embedded security module, and exists as a part of a PKI. Using this as a basis for an ID, you can digitally sign your vote record, which will allow the vote counter to detect the alteration when it is counted (assuming that the attacker cant break the PKI system).
-
On the post: EFF Helps Bust Bogus Patent That Was Being Used To Shake Down Podcasters
mister anderson ( profile ), 12 Apr, 2015 @ 04:31pmRe: Re: Re: Re: Law school / An MBA
I would go more specific than that. I would say that the problem is the prioritization of short term profits over the long term viability of the company/industry. This is self-destructive, as it leads to decisions being made to make a quick buck at the expense of the long term stability and profitability of a company or even an entire industry. This is compounded by the view that business is a zero-sum game.
This is seen quite clearly in the recent actions of the MPAA, and other similar industries. Rather than ride the rising tide brought on by digital distribution and streaming over the internet, those in charge at the legacy industries would rather extract a quick profit at the expense of trashing a long term source of revenue that will trump all their expectations. The view of business as being zero sum also leads to the legacy industries trying to shut down emergent distribution channels (if they are profiting, then we must be losing), rather than come to a point that is mutually beneficial.
The question becomes how do we solve this problem? I don't have any good answers for that. -
On the post: Daily Deal: Innori 22400mAh Portable Battery Pack
mister anderson ( profile ), 08 Apr, 2015 @ 11:22pmRe: Re: credibility checkup
Quoting the capacity of the battery is easy and straightforward. Actual, usable energy output is necessarily lower than the capacity of the battery (the 2nd law of thermodynamics is a harsh mistress indeed), and will depend on rate of discharge, depth of discharge, and power conversion efficiency to name a few factors.
-
On the post: Defense Department Keeps Losing 'Sensitive' Explosives Gear, Then Finding It For Sale On Ebay
mister anderson ( profile ), 27 Mar, 2015 @ 05:27pmRe: Potentially misleading...
The list you refer to is th military critical technology list (MCTL). I have not been able to find it in an open source as of yet.
-
On the post: Chief Information Officers Council Proposes HTTPS By Default For All Federal Government Websites
mister anderson ( profile ), 19 Mar, 2015 @ 06:32amRe: But will they continue to self-sign?
The feds (or at least the DoD) already have their own CA (multiple CAs, actually) and their own web of trust set up. Therein lies the problem, though.
They already have their own CA network and web of trust set up as q cylinder of excellence (e.g. a stovepipe) that has little interconnection with the public web of trust set up with the public CA network. It would be straightforward to get the government CA network interconnected with the public CA network, but the bureaucracy stands in the way. -
On the post: Sorry: AT&T & Verizon Can't Upgrade Or Repair Your Aging DSL Line Because Parts Are Too Hard To Find
mister anderson ( profile ), 20 Feb, 2015 @ 03:47pmRe: Re: *Parts* are too hard to find
Perhaps I can offer some perspective on manufacturers making components for old equipment.
"Manufacturers will continue to make compatible parts if there's a demand for them - the fact that they don't actually purchase replacement parts is why they're no longer being made. I assure you, if they demanded them, they would be built."
This has not been my experience as an engineer. Ultimately, manufacturers have to make a certain amount of money on each product line to keep the manufacturing lines open. We do not make computers and components from the late 70s or early 80s anymore, even though there is demand for parts to keep critical infrastructure going. (I've seen this during my time at JPL and heard about it from my Dad who keeps a production line going)
Being a design engineer for DoD, I have to deal with this problem with all of my designs. I have to make a design that can be supported for 30+ years, including building new/replacement parts far after the design phase. This is a huge risk in the development and fielding of a new system.
In my experience, there are three methods of mitigating risk to parts obsolescence, presented here is list form:
1. Lifetime buy: If a part that I am using is going EOL, I can go to the manufacturer and buy out the stock of parts (either that or convince them to run an additional set of parts for me). Most of my manufacturers offer this option when they EOL a part. This option represents a large outlay of capital both to purchase the stock of components and to store them, and is by definition a short term solution, but it buys me time to come up with a long-term solution.
2. Technical Data package: I can contract with the manufacturer of the parts to purchase a technical data package and possibly the tooling used to build the parts that are going EOL. This enables me to build the parts myself, or sub it out to another manufacturer. This is frequently a large capital expense, but I can keep my current infrastructure going indefinitely using this option.
3. Technology upgrades: I can string the current systems along until a new technology is ready to be fielded. This may require a redesign of my current system, depending upon how the new tech integrates into my current infrastructure.
In examining the situation with the current DSL operators, they appear to be going with a fourth option, which is to let their current infrastructure burn out without any backup or continuation of business plan. This is terrible long term business, sacrificing future profits for short term gains.
I am reminded of my engineering economics class. About half of the class was devoted to making monetary decisions of this type. This case, replacing infrastructure for a DSL ISP, almost is a case study ripped straight from the book. It's dirt simple to make a business case for replacement and upgrading infrastructure. I am curious why the business wonks aren't on board with the upgrades. -
On the post: Wichita Police Respond To Request For Shooting Incident Details With A Handful Of Fully-Redacted Pages
mister anderson ( profile ), 30 Jan, 2015 @ 11:49pmPolice Academy
Sgt. Hightower... anyone else reminded of Bubba Smith's character from Police Academy?
Come to think of it, releasing a 5 page document with 4.5 pages blacked out wouldn't even fly in a Police Academy movie. -
On the post: Cops Decide Running Surprise School Shooter Drill During Class At A Middle School Is A Great Idea
mister anderson ( profile ), 19 Nov, 2014 @ 09:03pmRe:
By my count, the offi er most likepy violated all four.
They are:
1. Always assume the firearm is loaded. (I think it's pretty obvious that this one was violated. No responsible person would charge into a school with a loaded rifle during school hours unless there was a damned good reason, in my opinion)
2. Do not cover anything with the muzzle that you do not intend to destroy. (Again, pretty obvious that this was violated.)
3. Finger off the trigger until you are ready to fire. (This is, unfortunately, commonly violated by shooters of all stripes, including police officers.)
4. Know your target and what 7s behing it. (Once more, pretty obvious. If any of the officer's firearms would have discharged, it would be unlikely that they were pointed in a safe direction, and the day would likely end in tragedy.)
I just cannot see the benefit to taking such a large risk on the point of the police. I cant fathom why the decision was made to have such a drill during school hours, and without informing the community to boot!
The local police held a similar drill kast week near where I live. The difference was that the drill was held after hours, and only after the building was cleared of all extraneous personnel and secured. They also would do drills in a similar manner in the school district I attended growuing up (though that was some time ago). To me, that is a reasonable balance between the training needs of the officers, the requirement of providing a safe and constructive learning environment for the students, engagement with the community, and commonsense safety precautions. -
On the post: Anti Net Neutrality Crowd Reaches Deep For The Craziest Possible Response To President Obama's Call For Real Net Neutrality Rules
mister anderson ( profile ), 11 Nov, 2014 @ 10:46amNot all wrong
Like everything, the detractors aren't all wrong. Neither are they all right (I would say more wrong than right in the case of Cruz).
Title II is not an optimal solution for the current problem with ISPs and network neutrality. Unfortunately, it appears to be the best solution that can be readily implemented in the current time frame.
Perhaps we should take a longer look for this issue. Title II reclassification is a reasonable short term solution, but we will still have systemic problems with the ISP structure in this country, which mainly stem from the lack of players in the market and overall lack of competition. In my opinion, this lack of competition is the root of the net neutrality issue.
Even if title II reclassification happens, I think that we will still be left paying too much for substandard service. We need a solution that will deal with this issue, and I'm not sure what the solution will be.
What I know is that we cannot lose sight of the bigger picture in pushing for immediate term actions. We cannot afford to win the battle while we lose the war, not with something as critical as the open internet. We must engage in the longer term war of improving competition, lowering barriers to entry, and ensuring an open and neutral internet. -
On the post: IP Is No Excuse: Even If Someone Is Using Fake Chips, It's Not Okay To Kill Their Devices
mister anderson ( profile ), 24 Oct, 2014 @ 05:44pmRe: Re: Re: Re: counterfeit electronics are the real problem
Hanlon's Razor: Never account to malice what can be readily explained by stupidity (or ignotance, as the case may be).
FTDI cannot possibly know how each of the counterfeits is made. In a good design, the VID and PID should not be able to be changed post manufacture. The genuine FTDI chips have this stored in a bit of EEPROM either located in the package (As in teh FT232) or external (as in the FT2232). I'd have to check my programming manuals, but i don't think this is modifiable from the USB interface. It should not be capable of being modified from USB. In fact, it should not be capable of being modified at all.
FTDI's setting the PID to 0000 is questionable, but I think it was done as a matter of something that worked to prevent communications with the counterfeits, and they couldn't possibly test it with all variants of the counterfeits to ensure that there were no problems in the wild (such as soft locking some of the counterfeits).
With the BadUSB exploit coming onto the market here recently, I think that the emphasis is not on USB manufacturers to do some of their own housecleaning to prevent counterfeit products masquerading as legitimate from becoming an attack vector in the wild. This means 1. being able to detect the counterfeit and 2. stopping communications with the counterfeit.
This is the second attempt that FTDI has issued to prevent comms with the counterfeit chips. The first round, released several months ago, simply sent all zeros along the serial channel. This variant attempted to shut down all USB communications when it detected a fake. Granted, ti was done in a haphazard manner, but that strikes me as just sloppy coding.
I just think that this is representative of the points of view of some people. Companies put fake chips into products on teh market masquerading as a legitimate communication chip. Then, when the manufacturer of the legitimate chip decides to put out an update that, as a side effect, bricks a number of the fakes, everyone goes after the legitimate manufacturer? That just seems damn entitled to me. You're in effect saying that the legitimate company must test each new driver with potentially hundreds of variants of the fake to ensure that the new drivers don't do anything catastrophic when used with the sloppily put together fakes. Nobody's going to do that, and it has nothing to do with IP. -
On the post: IP Is No Excuse: Even If Someone Is Using Fake Chips, It's Not Okay To Kill Their Devices
mister anderson ( profile ), 24 Oct, 2014 @ 03:14pmRe: counterfeit electronics are the real problem
Okay, I have gone back and done some more reading on the new drivers they put out. I was thinking they were still using the old tactic (only writing zeros to the fake devices).
resetting the PID to all zeros is annoying, but it's not fatal. If you know what you're doing, you can get by the solf lock and, using teh old FTDI drivers, still use the device.
My point still stands, though. Would you have FTDI just sit aside and do nothing while their business is eroded by Chinese counterfeiters and companies that don't want to pay the few extra cents to buy a genuine chip? There's nothing stopping the manufacturers of products with the fake chips in them from releasing their own drivers that continue to use the chip, or use the bricked chips with the zeroed PID. They just want to use the money that FTDI is investing in developing their own drivers while not paying FTDI for the chips. That seems underhanded to me. -
On the post: IP Is No Excuse: Even If Someone Is Using Fake Chips, It's Not Okay To Kill Their Devices
mister anderson ( profile ), 24 Oct, 2014 @ 02:07pmcounterfeit electronics are the real problem
The problem with counterfeit chips is now coming to the mainstream, apparently. Good, this day has been too long in coming. Perhaps we'll actually get enough people to care to start fixing the problem.
Could someone explain to me why FTDI should be foreced to support counterfeit chips in their drivers? Why they shouldn't attempt to detect fakes and lock them out? After all, it is their business and their reputation on the line with the counterfeit chips, even though they had nothing to do with them.
To BentFranklin: I would hope that people who build safety critical and medical electronics verify their supply chains. They're required to for certification.
Anyway, if you want to see the difference between a real FTDI chip and a fake FTDI chip, there's an interesting teardown (with die photos) here: http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal -
On the post: In A First, Commerce Department Fines Intel Subsidiary For Exporting Encryption
mister anderson ( profile ), 16 Oct, 2014 @ 10:55amUsed against the NSA?
I wonder if this can be used against the NSA? fter all, they have freely published encryption standards, curves, and source code implementations for Suite B.
-
On the post: The NSA's Clearance Rack Goes Public, Offering An Assortment Of Declassified Patents For Use In The Private Sector
mister anderson ( profile ), 05 Oct, 2014 @ 10:37amRe: Re: Re: Re: Don't we already own them?
Yep, that's pretty much the scope of it. Really, it's more focused on protecting the Government's interest and the taxpayer's investment in the technology from unscrupulous contractors.
Such as a contractor filing for a patent on USG developed tech using the slide deck that was presented to them by USG engineers (actually happened, btw). Or another contractor being granted a patent on tech that was developed by USG engineers, who presented their tech as evidence of prior art, but were ignored. -
On the post: The NSA's Clearance Rack Goes Public, Offering An Assortment Of Declassified Patents For Use In The Private Sector
mister anderson ( profile ), 04 Oct, 2014 @ 09:10pmRe: Re: Don't we already own them?
I am a federal employee in technology research & development, and I'd like to give some perspective on this from the inside.
Any work that I do in my job that is novel can be patented. This patent can be used by the US Government for US applications without additional cost to the government or royalty to me. I only see royalties if my patent is licensed for use in non-domestic applications, such as foreign military sales.
We patent our ideas to protect the government and the taxpayers. the government does not manufacture anything, instead contracting that out. A fair amount of R&D is also contracted out. If I have the patent on work done that was funded by the taxpayer, the contractors can use it without royalty. However, if the contractor has the patent, they can (and do) charge 5-10x what the item is worth because of their "proprietary technology." -
On the post: Justice Dept. Official: We Could Get Lois Lerner's Emails From Backups, But It's Too Hard So Naaaaaah
mister anderson ( profile ), 27 Aug, 2014 @ 11:52amRe: Re: Typical and Far Too Common
That was my point exactly. Unless you are technically savvy enough to both understand the need and get past all the roadblocks, backups of the local machine are likely done rarely, if ever. It's a problem when you need to be accountable to the american taxpayers.
-
On the post: Justice Dept. Official: We Could Get Lois Lerner's Emails From Backups, But It's Too Hard So Naaaaaah
mister anderson ( profile ), 27 Aug, 2014 @ 06:24amTypical and Far Too Common
I am an engineer employed by the federal government. Permit me to explain to you the convoluted nature of how I have to back up my data on my issued machine.
In order to make a backup, I have to plug an external drive into my machine and manually run my backup software, rather than having an automated backup to the network. I start a obscure piece of software that I have been directed to use to make backups. I then start the process, which basically locks me out of actually using my machine until the backup is complete. There is a strong encryption requirement on any data put onto an external drive, which means that making a backup is nearly an all-day affair to allow my (somewhat underpowered) machine to crank through all the encryption. I can't leave the software to run unattended, though, because it is not quite smart enough to handle that. I can finally use my machine again once the whole process is completed.
I usually line up some work to do in the lab or on my other computers when I intend to run a backup on my primary machine. Otherwise, the day tends to drag.
I had to jump through hoops just to be able to do this. You see, I was not issued the external drive. Most of the machines are set up to *not* allow backups to external drives. If I did not have an external drive, I would have to use optical media. We also only recently (within the last two years) received DVD burners as standard in our machines. I suppose they think we are just supposed to back up to an assload of CDs, like anyone will do that with any regularity.
The trouble is, the backup and restore process should be easy. That's how you get people to actually make the backups they're supposed to! That's how you engineer things so that the records aren't lost when a hard drive dies. However, making the process easy would make sense and be efficient, so there is little chance of it happening.
On another note, I am not convinced that the emergency backup alluded to will be of any use. If the IRS system is set up similar to mine, then they probably only have 1995 levels of email storage (25MB or so) on the server that would be backed up at any one time. Either that or the files would mysteriously disappear before they were restored.
Re: The difference is not in the technology...
This is an extremely naive reading of history.
Let us examine the last true modern total war: world war 2. At the time, technology increases allowed for unprecedented range and payload of heavy bombers. Advancements in computer technology allowed unprecedented accuracy in bomb placement.
At the beginning of the war, the American doctrine was precision, daylight bombing raids. These raids would be targeted against purely military targets (such as factories, military installations, etc). This ended up being a unrealistic goal, with bombs often falling on civilian populations adjacent to the military targets.
The British, on the other hand, had a doctrine of attacking cities with saturation bombing at night. This was done for purely pragmatic reasons, as their radar bombsight technology was only really accurate enough to hit a city, and the though was that night bombing raids would be more survivable.
After several years of fighting, conducting raid after raid, the Americans lost their early idealism. They took on more of a total-war viewpoint, where killing civilians was a military goal (killing the civilians would lower the military output of a nation). This ultimately lead to the firebombing of Dresden, a combined operation of both British and American bomber commands that kept up raids for nearly two days. This completely flattened the city. Later conventional and atomic raids destroyed nearly every city in Japan, killing millions of civilians.
Contrast this with modern air strikes. We are using Hellfire missiles, with comparatively small warheads (300lb enhanced-blast frag, enough to flatten a building, but not much else), instead of massed, city crushing raids. Focused strikes aimed at high value targets, instead of directly targeting the civilian population.
The perspective of the American military is closer to the idealistic, no civilian casualty perspective that characterized the pre-WWII and early WWII eras. To that end, the military R&D complex has been developing new, extreme low collateral damage weapons, such as LOCO (http://www.navair.navy.mil/index.cfm?fuseaction=home.displayPlatform&key=921BECEB-71AC-48F8-B8D0-D4628B434FD8). The goal being to kill the target while not harming civilians. We're getting there, slowly.