TKnarr’s Techdirt Profile

tknarr

About TKnarr




TKnarr’s Comments comment rss

  • Jun 25th, 2015 @ 10:52am

    (untitled comment)

    I think the theory is that it worked to get the French aristocracy out of power so it's good enough for anything else. What's annoying is that often I find myself agreeing with the protester's points, but that agreement's overwhelmed by the desire to smack them up the side of the head for their idiotic antics.

  • Jun 24th, 2015 @ 11:40am

    Re: Re:

    All the service providers I use have an RSS feed of their blogs where they post information like this policy change. I subscribe to them and put them in a Providers feed so I can keep up with things I may need to know about. If someone owns a domain and isn't keeping up with what's required of a domain owner in some fashion... tough, that's what happens when you don't pay attention to your stuff.

    As for scary emails, most of them are obvious fakes (I don't have an account there, wrong email address, obviously bogus source and so on). When I get one that isn't an obvious fake, yes I do check my account to make sure there isn't anything I need to take care of. It doesn't happen that often, maybe once every couple of months, so it's not a big deal.

  • Jun 24th, 2015 @ 10:46am

    (untitled comment)

    I'd suggested one solution to EasyDNS: have a way to verify the information from the domain's information page in addition to the e-mail, so when you got one of those e-mails you could simply log in to EasyDNS as usual and check the domain information to see if verification was really required. That'd comply with ICANN's spec and allow those that care about it to avoid phishing attempts at the same time.

  • Jun 9th, 2015 @ 12:41pm

    (untitled comment)

    I'd've gotten a lawyer and seen about having him write a letter back including a copy of their letter plus screen and source captures of my Web site and what they presented showing that theirs is a modified version of mine, and asking essentially "Are you really admitting, publicly and in writing, to modifying and distributing a copyrighted work (my web site) for commercial gain without the permission of the copyright holder (me)?". I'd also send a counternotice to Github citing that I am the copyright holder of the Web page in question and that the code posted was a copy of the code for my page served to me from my server through complainant's network which I had not granted permission to modify my work and distribute the modified version.

  • Jun 8th, 2015 @ 11:27am

    (untitled comment)

    Maybe a simple adjustment: set a statutory royalty rate, and say that anyone can use any work without a registered copyright owner merely by agreeing to pay the statutory rate per copy made up to the point where an owner registers the work, proves ownership and informs the user of the change or the user is informed through an annual check of the registration each user is required to make. No creator can sue for any relief other than the statutory rate for any use prior to registration. Give copyright owners 1 year to file registrations before this change goes into effect. That would seem to give at least clarity on how to go about using an orphan work without violating the Berne Convention (as far as I know) and without allowing copyright owners to ambush users nor users of a work to abuse claims that the work was orphaned.

  • Jun 4th, 2015 @ 6:36am

    Re: Re: Forced to lie

    But can you imagine a situation where it's useful to the government for the government to force a person to lie? That's the relevant question.

  • Jun 4th, 2015 @ 2:04am

    Forced to lie

    One thing I have problems with is the common assumption that the gag order can't legally require the subject to lie about the gag order. I'm of the opinion that courts would have no problem with an order requiring the subject in the general case to not do anything that would either by commission or omission disclose the existence of the order, ie. if failing to say X would mean you'd received an order then the subject must say X even if that means lying.

    The only way around that I can see is to involve one of the special cases where not even the government can require someone to lie. The lowest-risk case would be to have the person making the statement be an attorney in an attorney-client relationship with the subject, have that attorney be the only proper and official person authorized to receive all legal demands, and have the canary state under penalty of perjury that the above is to the best of the attorney's knowledge true and correct and be cryptographically signed by that attorney. That might be the only case where even the most pro-law-and-order judge might balk at requiring a lie. Especially if the canary was still being posted but the lack of either the signature or the "true and correct" language was the tip-off that something was wrong.

  • Jun 2nd, 2015 @ 12:54am

    Re:

    Yes, independent contractors do. However, their clients aren't obligated to let the contractor set the rate the client's willing to pay. If I say I need a carpenter for a job and I'm willing to pay $35 per hour the job takes (with the carpenters submitting estimates of how long it'll take them, but I'm still going to pay based on actual hours taken and not the dollar value of the estimate), a carpenter who wants $45/hour isn't going to get $45/hour. He'll either accept the $35/hour I'm offering or I'll decline his services. Same for Uber, they're willing to offer a fixed rate and if you want more they simply won't contract with you.

  • Jun 1st, 2015 @ 11:49am

    Intent not commonly found?

    Hello? Manslaughter? It and several other charges exist for the sole purpose of being an appropriate criminal charge for someone who did something without intent. Ditto sexual assault and related crimes, the defendant can be charged and convicted even if they honestly believed they had consent and so couldn't have intended sexual assault (eg. the victim was under-age and concealed that fact by lying to the defendant).

  • May 30th, 2015 @ 12:27am

    Not just diet and health

    Here's a list of papers appearing in chemistry journals:
    http://pipeline.corante.com/archives/2015/05/12/a_glance_across_the_literature.php

    To give you an idea, here's titles for some of the papers:
    JACS: "Science Rejected It, and Angewandte Couldn't Think Up a Bad Enough Joke, So Here We Are"
    Ang. Chem.: "A Metal-Organic Framework With Nanostructured BODIPY Ligands, Published Without Review on the Basis of the Title Alone"
    J. Med. Chem.: "This Project Looks Good, But It Did Not Work. And 18 Out of the 23 Authors have Typographical Symbols Behind Their Names, Because The Work Took Place During Bush's First Term"

  • May 26th, 2015 @ 12:33pm

    Re:

    Cox's IP assignments are relatively static. I've had the same IP address for several years now. As far as I can tell they associate a DHCP lease with the cable modem's serial number and check whether an address is in use before handing it out, so the only times it'll assign a new address is if you replace your modem, your router's off-line long enough for the lease to expire and then for someone else to request a new lease while your router's unable to respond to the head-end's in-use test, or your router's off-line when they reset the head-end (clearing the lease database) and stays off-line long enough for the head-end to hand out your address to someone else.

    And even if IP addresses changed regularly, the DHCP servers log the assignments so given an address and a timestamp you can determine from the logs which subscriber had that address at that time. At least as long as the logs haven't aged out, anyway.

  • Apr 24th, 2015 @ 10:53pm

    On WiFi at all?

    My reaction was "Why is anything related to aircraft safety or control on WiFi at all?". That sort of stuff should be running on a hardwired network where getting access wouldn't be a trivial job or, if it absolutely must be broadcast, on a securely-encrypted network on a band not usable by common consumer electronics. This isn't just a vulnerability in the system, it's a fatal flaw in the very foundation of the system itself: as long as it exists the system can't be adequately secured.

  • Apr 22nd, 2015 @ 5:46pm

    (untitled comment)

    Full-disk encryption won't protect you from most attacks. They most often occur when your system's operating normally and decrypting the disk for the attacker. It only protects you against physical theft of the drive or, in hosted data centers, access to the physical drives your volumes reside on. I'd only use it on a mobile device that was at a relatively high risk of being stolen.

    Why not in a hosted data center? Because there's the issue of how your host gets the decryption key during startup so it can mount the volume. All practical methods allow the attacker to get the plaintext key if he could access the encrypted volume, so it might as well not be encrypted. If it's not encrypted, nobody gets fooled into thinking it's secured against things it isn't.

  • Apr 15th, 2015 @ 10:21pm

    Re: Re: Development

    Notice that I said "yet". I definitely want to add it, but not when it's just running on my local workstation or on the developer network and I'm trying to get the code itself working. One thing at a time.

    And what are they going to do with IPv6 and built-in IPSec, where the authentication and encryptiong are handled at the IP level rendering SSL/TLS redundant? IPSec is an RFC-level standard, after all.

  • Apr 15th, 2015 @ 9:28pm

    Development

    I can see an issue here: development environments and internal operations where by design it's not necessary to verify the endpoint's identity or secure the content from eavesdropping, either because the client and endpoint are on the same machine via 127.0.0.1, because everything's running over a VPN that handles the encryption or because they're on a secured network where if an intruder's in a position to spoof an endpoint or eavesdrop on traffic you've got far, far bigger problems than HTTP traffic to worry about.

    Especially when I'm developing software I don't want to add SSL and it's complications to the mix yet. I have enough bugs without adding SSL certificate issues (including such fun as "I can't get real SSL certificates for the domain, security policies on the systems prevent me from adding a local root CA certificate and bits of software don't have the ability to handle self-signed certificates without errors.") and having to correctly configure SSL on both ends before I can even start seeing output.

    I'm strongly of the opinion that protocol layers should be independent. HTML shouldn't depend on features of HTTP nor require that it only be served over HTTP. HTTP likewise shouldn't care whether it's running over TCP or SSL or SNA for that matter (yes, even in this decade good old LU6.2 and SNA over bisync is alive and well despite all attempts to correct the situation).

  • Apr 12th, 2015 @ 12:22pm

    Mason Wheeler's comment

    Cabreja wasn't asked whether the NDA would legally permit them to withhold the evidence if ordered by the court to produce it. He was asked whether the NDA said to withhold it, which it did regardless of whether or not he can legally comply with that instruction. Lawyers and legal cases live or die by that kind of non-obvious distinction.

  • Apr 9th, 2015 @ 6:22pm

    Re: How come felons losing the right to vote isn't...

    The court isn't saying it violates the Constitutional rights of the person. They're saying the lower court erred in not considering the issue at all. Now the lower court's got to go back and reconsider the balancing between the 4th Amendment and the case the state presents for why they have a compelling need to monitor the offender after he's served his time. As far as voting rights, most convicted felons regain their right to vote after completing their sentence. Only a minority of states don't automatically restore suffrage, and almost all of them allow for a petition to restore it. Only in very limited cases is the right to vote lost permanently.

    I'm of the opinion that these sorts of programs should be thrown out entirely. If he's that dangerous that he can never be trusted again, why is he being let out of jail? And if he's safe enough to re-enter the community, why are we treating him like he'll never be? Either up-front sentence him to a lifetime or other term on parole, or let him get on with his life.

  • Mar 31st, 2015 @ 9:41am

    (untitled comment)

    To make a streaming service profitable while paying the artists a decent rate, you have to do the one thing the music publishing industry won't allow: pay the artists. Directly. Without going through the labels and their one-sided contracts with the artists that see 90+% of the royalty payment going to the label. Without that, you'll fail. (Even with it you may still fail, but at least you'll have a chance.)

  • Mar 12th, 2015 @ 11:10am

    Re: The reason they fed them that line...

    It sounds like the Feds asked, not for e-mail to/from the accounts in question and the Yahoo address, but all e-mails in the date range that were in response to the ad. Google's problem then is that they can't take a particular e-mail and programmatically decide definitively whether it's in response to that ad or not (and doing that manually for every e-mail to/from every GMail address for a date range is infeasible). Probably the form of their response was then a result of someone at Google going "Screw this, I'm tired of the government's games. Just tell them we can't respond and let them figure out how to correct their mistake, it's not our job to teach them how to request what they want.". The government's correct reaction then should've been to ask for all e-mails between the GMail accounts in question and the Yahoo account in question, which is something Google can produce easily. Instead the government's throwing a tantrum because they aren't being allowed to have their way.

  • Mar 1st, 2015 @ 1:55pm

    Re: Syntax Error

    That was my immediate thought. I can see the status change entry:

    Bug: code sets "guy" to "good" unconditionally and always calls letIn() method with an argument of True.
    Status: Closed
    Reason: Working as specified.

More comments from TKnarr >>