eclecticdave’s Techdirt Profile

eclecticdave

About eclecticdave




eclecticdave’s Comments comment rss

  • May 24th, 2013 @ 6:21am

    Re: Re: Re: Why didn't they prevent it?

    Errm, murderer not owning a gun, I mean!

  • May 24th, 2013 @ 6:20am

    Re: Re: Why didn't they prevent it?

    As I also don't know the details I can't say for certain if the murder NOT owning a gun would have prevented this murder...

    Just sayin'

  • May 24th, 2013 @ 6:14am

    Re:

    "If that dog doesn't shut up I will kill myself and then the rest of the neighborhood"

    At first I felt sure there was a flaw there somewhere ...

    ... then I realised - your way is better!

  • Dec 20th, 2012 @ 2:32pm

    Re: Re: Re: Re: Re: Re: Browser plugin not an optional extra

    > Are you suggesting a bug, or intentionally malicious code?

    I was primarily thinking of intentionally malicious alterations.

    > I would trust an open source implementation.

    So would I, up to a point. It doesn't make security issues magically disappear, but does make things a lot more difficult for a potential attacker.

    I'll concede my concerns over plugin security might be overblown, but I stand by my main point that web cryptography cannot be done entirely in javascript without some sort of browser support.

  • Dec 19th, 2012 @ 2:59pm

    Re: Re: Re: Re: Browser plugin not an optional extra

    No, I'm referring here to the situation where you're *not* using a plugin, but where all the encryption is done using Javascript.

    Several comments have pointed out that it would be a complete joke if you were to give Google your encryption key as it would be no better than not using encryption at all (in fact it would be worse, as you might *think* your email was private).

    I was originally trying to make the point that this would be completely insecure even if you were to attempt to keep the private key client-side (or on dropbox etc) and do the encryption locally, which the article implied might be more secure.

    While using a plugin is potentially more secure - it's still possible for security to be compromised here too. Suppose the plugin as originally distributed was fine and got the all clear by the security community, but was later compromised by the browser's auto-update feature. How long would it take to be noticed and how much email would be compromised before it was? What if the Feds were targeting you specifically and only you got the compromised plugin, how long would it be before you smelled a rat? Could Google be relied upon to push back against either of these if the government twisted it's arm?

    The bottom line is: Do you trust Google? If you do, then HTTPS is all you need to secure your email from everyone else. If you don't trust Google then why would you trust their encryption implementation?

  • Dec 19th, 2012 @ 9:25am

    Re: Re: Browser plugin not an optional extra

    All code running in a browser is downloaded from the server (it can be cached, but you have no control over when it is refreshed).

    Therefore you have no real control over anything the code running on your browser is doing, despite the fact that it running on the client rather than on the server.

  • Dec 19th, 2012 @ 6:06am

    Browser plugin not an optional extra

    The biggest problem is the need for a browser plugin to be able to do this securely, which is much more of a big deal to organize than the article suggests.

    Any solution that involves adding a button to gmail's web interface fundamentally cannot be secure. Even if you did public-key encryption with all the work done client-side in the browser, that still involves downloading the javascript to do it from the server and there's no way to prevent Google from installing a backdoor at any time if they want or are forced to by the government.

    Even *with* a browser plugin it's problematic as it's difficult to do it in a way that ensures it cannot be bypassed. e.g. the client-side javascript could request the text you entered to be encrypted by the browser, so you get all the right feedback, then substitute it with the unencrypted version when submitting it to the server.

    And let's not forget that if Google have provided the plugin it also might be compromised through the browser's auto-update feature.

  • Nov 12th, 2012 @ 5:54am

    Time dependent?

    new key value in said sequence being produced at a time dependent upon a predetermined characteristic of the data being transmitted over said link

    I don't think TLS handshakes do anything like this, do they?

  • Nov 1st, 2012 @ 4:02pm

    Why general purpose computing gets a pass

    People would certainly question why general purpose computing gets a pass

    It'd be interested to look at some of the patents covering modern processors. Wouldn't these already have claims covering the running of arbitrary programs on the hardware?

    Why then would taking a PC with a processor whose patent covers running software - and running software on it - generate a new patent?

  • Oct 23rd, 2012 @ 6:26am

    Re: Re: Re: Re: Re: Re: Re: "If you didn't take the hint [fill in latest corporate policy]"

    First of all there is no need to try again. I was asked to show one, I showed Google and you agreed!

    Well no, you were asked:

    "Show me a historical corporation that got powerful and needed a government to bring it down that wasn't given that power by the government to begin with."

    Google wasn't granted any significant power by the government, nor does it show any real need to be "brought down" (FDA's threatened anti-trust investigation non-withstanding). Incorporated in 1998, it arguably isn't even an "historical corporation" ;-)

    Second, the statement seemed to indicate that the Government 'helped' specific companies by creating incentives for a specific company or industry, at least that is how I read it. In many cases this is true. The government, for example, helped the railroad, phone companies, etc by creating conditions that made it favorable for the company to do something it otherwise would not. In fact the government required it.

    Yes, it granted them significant property rights over the land and a monopoly over the resulting infrastructure. If you're going to do that then you need to properly regulate the companies to ensure they don't abuse the privileged position they've been granted. Unfortunately the government has largely failed to do this and I'm not altogether convinced it is even possible to make this work.

    The Government did not aim to create a software company (Microsoft) or a smartphone / tablet maker (Apple). Microsoft and Apple did what all companies, and in fact nearly all people do, they exploit an existing situation to their advantage. That is pretty much nature, you find it in plants, animals, and people.

    No argument there - offer someone power and they will take it. It's also clear that they will often abuse it if they can get away with it, particularly in the case of corporations whose only motive is profit. I don't have any magic solutions to this problem, but identifying it as a problem has to be the first step.

    Government attempts, often wrong headed to be sure, to level the playing field. The problem, especially today, is that the game is changing nearly daily and the laws don't. Any person or company can, and will use that to their advantage.

    The problem is, nearly every example that appears on this site is an example of the government tipping the playing field in favour of someone, or failing to level the playing field when it is clear that they need to do so. Some of it is down to glacial reaction speeds, sure, but often it is down to people or corporations with government granted power and influence using said power to their unfair advantage.

    You sound like Obama "If you have a business, you didn't build that". That is patently absurd. People (and corporation are made up of *gasp* people, and will exploit their environment, to their advantage, to reach their goal. This will happen, with or without government intervention.

    I'm not one of those people who think corporations and/or capitalism are inherently evil. A free market is supposed to be largely self-regulating, at least in theory. However it's difficult to tell as I'm not sure we have ever had a true free market economy to observe!

    You could kill copyright today and in a short period of time those affected would come up with other ways to make money

    Good! I don't want companies to stop making money - I just want them to stop gaming the system while they are doing it. Getting rid of copyright and patents would be an excellent first step!

  • Oct 22nd, 2012 @ 5:09pm

    Re: Re: Re: Re: Re: "If you didn't take the hint [fill in latest corporate policy]"

    "Show me a historical corporation that got powerful and needed a government to bring it down that wasn't given that power by the government to begin with."

    Just one? How about Apple. Nah, I can't stop there; Google; Microsoft; General Electric; I am sure I could come up with a lot more.


    Well OK then ...

    Microsoft wouldn't even have a business model without copyright (a government granted monopoly whether you agree with it or not).

    Apple might do a bit better, but they would probably have done less well if they hadn't been able to enforce their EULA forbidding Mac OS installs on third party hardware. More recently they've used patents mercilessly to try to prevent competition.

    General Electric - don't power companies in the US get their operating license from the government?

    Which just leaves Google. The only company in your list that didn't get much government help AFAIK and as a consequence doesn't much need to be brought down as it doesn't hold a monopoly position.

    Try again.

  • Aug 7th, 2012 @ 6:14am

    Clever Apple?

    Some admittedly clever companies, such as Apple, recognized that they could acquire patents, take a perpetual license to them, and then sell them off to NPEs such as Intellectual Ventures


    If Apple et al were really that clever, surely they would have heard the maxim "what's good for the goose...". What is to prevent Apple's competitors from selling their portfolios to a different NPE with a nudge and a wink that it might want to go after Apple?

    Hell, never mind finding a different NPE, I wouldn't be at all surprised to find IV playing both sides of the fence, just with a different set of shell companies...

  • Apr 24th, 2012 @ 9:35am

    Carrot not Stick

    This idea needs to be flipped over - instead of trying to charge more for people who act like jerks, try to identify likable/popular players and offer them vouchers for money off your next game.

    This is a much more manageable situation - it makes it less likely that you would get trolls attempting to get others classified as jerks as there wouldn't be as much incentive. Instead it encourages players to behave responsibly in the game in order to get the reward - it doesn't even really matter if they're naturally likable people or if they're just repressing they're normal jerky behaviour - it's results that count ;-)

  • Mar 9th, 2012 @ 2:02am

    Re: Re: Re: Re:

    You know what you get with "monthly password changes with no repeats"?

    password1
    password2
    password3
    password4
    ...

    So then you really ramp up the security and insist on mixed case with mandatory punctuation characters ...

    %Password1
    %Password2
    %Password3
    %Password4
    ...

  • Mar 7th, 2012 @ 3:38am

    Disclosure

    For me, it's not just the prior art and/or obviousness of this kind of patent that should make it invalid. You can often argue about those until the cows come home - whether a particular thing counts as prior art or whether people would really have considered this as obvious at the time, can be rather subjective.

    For me it's the lack of any real disclosure that annoys me. Patents are supposed to provide sufficient information that a person skilled in the art can reproduce it with relative ease. Generally this means it should be sufficiently detailed that the recipient does not need to add any significant creativity or ingenuity of his own.

    So for example, if I were attempting to patent the Carburetor, I should need to provide blueprints and specifications such that anyone with a workshop and sufficient skill would be able to build one. It would be no good me putting "a device that mixes gasoline and air" and more or less leaving it at that! Even a lengthy explanation of what it does and the principles on which it operates would still be considered insufficient disclosure in most fields.

    The equivalent disclosure for software patents should be to provide full source code such that any reasonably skilled developer can reproduce the invention without writing the thing from scratch himself.

  • Feb 18th, 2012 @ 3:19am

    Just 'fess up (as Eclecticdave)

    Surely the customers were spooked only because they were unaware of how the magic trick worked. If they just added a link to a FAQ that said basically "we're not stalking you, here's how we're doing it" maybe that's all that's needed?

  • Feb 9th, 2012 @ 4:15am

    Re: Re: New Texas voter!

    Ok, now you're just making me remember stuff probably best left forgotten ...

    http://en.wikipedia.org/wiki/Mr._Smith_%28TV_series%29

    Mind you, maybe this Mr Smith would be a better candidate ... he could hardly do a worse job.

  • Feb 8th, 2012 @ 6:37am

    Re: Re: Re: Re:

    Yes, I've read about it - like you I think they've got some way to go to make it an interesting proposition to the "average joe".

    It helps with the cost issue - replacing a rental fee with a one off payment of what - $60 or something like that? That's an improvement but I think they still have a hill to climb to persuade millions of people to shell out for one. They need a killer app - the idea they're running with of it helping you retain control over your private data probably isn't enough of an incentive on its own to get most to open their wallets.

  • Feb 7th, 2012 @ 3:17pm

    Re: Re:

    True, but then there's also the cost of running a Diaspora node, or equivalent, that needs to be addressed.

    With free software we're lucky that the economics works in our favour - although we aim to emphasize the freedom aspect over "free-as-in-beer", the latter undoubtedly plays a big part when it comes to the widespread adoption of a particular application.

    As others have already said, p2p is one solution to the cost problem, but risks taking a step back in ease of use, as you now need a social networking client application instead of just firing up a browser. Might work with mobile apps though.

    Now if there were a p2p based system that ran in the browser, maybe that would be the sweet spot. I'm not sure that such as thing is currently possible though.

  • Feb 7th, 2012 @ 2:34am

    (untitled comment)

    We talk a lot here about how piracy can be dealt with if the entertainment industry offered an alternative that had most of the same content as file-sharing, but was simple to use and more convenient.

    With social networking, the boot is pretty much on the other foot - Facebook et al are the easy option (just sign up and go), while the open distributed alternatives like Diaspora typically require you to install the software on a server (which you will need to buy or rent).

    Until this problem is solved, I don't see any distributed alternative to Facebook getting any traction outside of the "geek" community.

More comments from eclecticdave >>