Ehud Gavron’s Techdirt Profile

gavron

About Ehud Gavron




Ehud Gavron’s Comments comment rss

  • Sep 5th, 2019 @ 1:50pm

    Brian Krebs on passwords

    This is a slightly over week-old article where security expert (a real one) talks about passwords, encryption, choices, company responsibilities, etc.

    It's a good read because the above posts about "whose fault is it" really miss the point. It's not about assigning blame but about correcting the issues. If all one wants to do is figure out whom to blame, that's easy. Fixing authentication, encryption, and security is HARD.

    https://krebsonsecurity.com/2019/08/forced-password-reset-check-your-assumptions/

    Ehud

  • Sep 5th, 2019 @ 9:08am

    Adding on a character

    You also don't understand passwords and should not be writing about them. Adding on a character to a randomly generated password to satisfy a site is completely safe and not "literally a bad practice".

    YOU are the one who doesn't understand cryptography, (not "passwords") and shouldn't be writing about it (not "them").

    There's nothing which "is completely safe" and yes, it's bad practice to limit an encryption key length or choice of bit patterns.

    You're not just an anonymous coward, you're an anonymous know-nothing bad-information-spouting dangerous-if-anyone-paid-attention-to coward.

    Thanks for playing; you are awarded no points; may God have mercy on your soul. (Thanks, Adam Sandler).

    E

  • Sep 4th, 2019 @ 5:05pm

    What the law says

    DMCA says '(2) DESIGNATED AGENT.-...by providing to the Copyright Office, substantially the following information..."

    If you provided it prior to 2016 and have not changed it and continue to provide it on your website as per the law, you are in compliance.

    The arbitrary decision on the part of the Copyright office to

    • change the process
    • add a fee
    • remove registrations already submitted
      Is their choice to violate the law requiring them to hold on to the registrations, their choice to collect a fee without Congressional approval, and their choice to willfully cheat you out of your 3 months and make you jump through hoops.

    HOWEVER, should you be sued in the interim, the DMCA actual language says you've got the safe harbor protections.

    Not that it ever helped Yahoo.
    Or many many other organizations.

    The DMCA's safe harbor protections AT THEIR BEST were never worth much.

    Ehud "DMCA registered agent since 2003 and paid $0" Gavron
    Tucson AZ

  • Aug 22nd, 2019 @ 4:00pm

    Re: Re: Big news? No.

    Also, pro tip: out of shareholders, employees, suppliers, and customers, what can a business live/operate without?

    If your goal is to burn through investment dollars while doing no real business, all you really need is shareholder. No employees, vendors, nor customers are needed.

    If your goal is to meet customer expectations you need customers, employees, and likely vendors.

    If your goal is to chew through your own funds appearing to have a business (see e.g. Jeffrey Epstein) you need none of the above.

    E

  • Aug 22nd, 2019 @ 3:39pm

    Re: Re: Big news? No.

    Show me where [I can't bother to google things and] any company has ever been sued for mismanagement ever by its shareholders. Ever! You can't [because I can't bother to google things and maybe you can't either]...

    How about:
    Cates v Sparkman
    Uri Sikorski v Chiptole Mexican Grill, Inc.
    R Andre Klein v Timothy D. Cook et al
    Hind Bou Salman v Peter A Darbee et al

    E

  • Aug 22nd, 2019 @ 2:02pm

    UPL

    Yes, perfect example of UPL.

    And a total lack of knowledge of law.

    E

  • Aug 22nd, 2019 @ 10:11am

    Re: The changes are irreversable

    Change is entropy and it is always toward chaos.

    50 years ago Internet standards were made by engineers, who worked out the best way to do things. It started with open non-patented requests for comments (RFCs). After strenuous discussions at Internet Engineering Task Force (IETF) conferences and online, decisions would be made.

    Today standards are made by committees of vendor representatives, each pushing their [patented] [proprietary] method of accomplishing the new standard. The winner takes all because everyone else must pay licensing fees. These decisions take multiple meetings, in multiple cities, in multiple countries, to give every "stakeholder" a chance to spend their company's money in a new hotel, over multiple years.

    5G is a perfect example. TD has eloquently explained why there's no 5G. There's some new WiFi thing that each company offering it is doing in different ways that allows the two new phones (S10, MotoZ) to access... but it has nothing to do with making your phone go to the Internet any faster out there on Route-66 [I-40].

    All of this is driven by shareholder value. Pretend you are about to release 5G and people will buy your shares. Say you don't intend to deploy 5G and the masses think you have no "vision" and will leave you. Either way there's still no 5G, nobody has phones that get 5G, 5G doesn't work any further than a Wi-Fi hotspot... but go buy that stock now before others raise its price up!!

    Entropy causes chaos. It works in shareholder value. It works in government regulations (always more, always more limiting, always removing rights). Inevitably it leads to an ending, either in that chaos, or in a revolution that replaces the whole system with something sane. Neither option sounds like it would be fun to go through.

    E

  • Aug 21st, 2019 @ 5:34pm

    Costs vs Benefits in a Social World

    Disclaimer: I am a former corporate officer of a US public corporation. I am a current corporate officer of several US nonpublic corporations and limited liability companies. I have been an officer of a US private nonprofit corporation.

    People buy shares in a public company for one of two reasons: 1) Long-term growth... I buy it today for X and I sell it next year for much more than X. 2) Short-term profits... I buy it today for X and every quarter I get some money and I sell it when the price drops but my dividends plus the sales price are greater than X.

    Either way I expect the corporate officers, directors, managers, and employees to ensure I make a profit... even though the irony is that in the stock market for every dollar I make, someone loses a dollar. [Extra issuance of stock aside. That's an Oroborous problem.]

    Fiduciary responsibility to the shareholders, or to society, or to short-term or long-term profits, or even in a nonprofit) are usually spelled out in the incorporation or founding documents. This is vital because if it's not done, than any number of entities [shareholders, customers, vendors, FTC, FDA, etc.] can claim in court a violation of this inviolable requirement.

    Corporations are formed because of many reasons, but number one in US corporations is either growth (long term gain but perhaps lose money for 14 years like AMZ.) Then there's bottom-line profit (short term gain, but if you're eking out an existence to reward with dividends, bonuses, or other distributions, you're not able to reinvest into the company.

    If the founding documents are in conflict with the focus on either top-line growth or bottom-line revenue then someone will file suit. Suits are expensive because already overworked CEOs, CFOs, etc. now have to sit for depositions, go through documents, and pay hundreds of thousands or millions to lawyers.

    The only corporation I've seen in the US in the last two decades that had a high-profile IPO and said they care about society would be GOOG's "Do no evil." That didn't last long, as profits and a large bank balance and DARPA contracts seemed a bit of an easier target.

    E

  • Aug 9th, 2019 @ 4:25pm

    Re: Re: UDP is the new bad guy?

    SO you're ok with discssing UDP and UPnP as if they're the same thing but "a lot less" and "fewer" get your panties in a bunch.

    Roger, got it. Please unbunch your panties and go back to discussing the topic. Hint: it's in the article above.

    Best regards and best wishes for your eventual recovery,

    E

  • Aug 9th, 2019 @ 2:37am

    Re: Re: UDP is the new bad guy?

    UDP is used for lots of useful stuff including DNS to e.g. Google's servers at 8.8.8.8/8.8.4.4. Of course YOU don't need that. You don't need to be on the net at all... because you're OK with being on an internal network where all services are offered on a COMPROMISED IoT router.

    You did read the original article, right?
    Oh. No?

    Try that first.

    E

  • Aug 8th, 2019 @ 6:42pm

    UDP is the new bad guy?

    Two thirds of the routers tested came with UDP enabled by default...

    UDP is definitely evil. It makes DNS and DHCP and BOOTP and lots of things work. If we got rid of UDP and IP we'd have a lot less problems with IoT.

    Seriously, I can only think MAYBE you meant UPnP and proofreading is too hard.

    E

  • Jul 15th, 2019 @ 6:28pm

    Settled

    The 2015 issue that became well known in 2016 has been settled in 2019.

    The original $44M claim that became a $51M claim has been settled, it was announced today, for $12M.

    https://www.cnn.com/travel/article/yosemite-national-park-name-changes/index.html

    Our taxes at work.

    E

  • Jul 12th, 2019 @ 3:04am

    English

    When writing in English try to make sense. If you're unable... that's understandable... but not ok. Have someone who speaks English review your postings before you post them.

    Illiteracy isn't a sin. Not having someone review your work and prevent you from appearing illiterate is.

    E

  • Jun 28th, 2019 @ 4:07pm

    Is it even possible to outlaw encryption

    While the talk is of 'outlawing' encryption, as you and others have pointed out, anything from pig latin to literally saying numbers and letters (let alone Morse 'Code') are constitutionally protected forms of speech.

    The solution to this non-problem in the 1990s was 'The Clipper Chip', a purposely broken encryption/decryption mechanism that The Authorities™ could decrypt its output anytime. It was going to be 'mandated' as THE ONLY method to encrypt in the US. As a result of this and other such brilliant ideas, people outside the US developed FOSS encryption software (e.g. PGP) that worked around Clipper.

    See:
    https://en.wikipedia.org/wiki/Clipper_chip

    I don't think they'll ever 'outlaw' encryption... but mandating a method they can break... they can certainly do that.

    It still doesn't prevent four people in a park from whispering to each other. Wait till they mandate a minimum vocal amplitude, and a requirement to let 'The Authorites' know when you intend to have a meeting so they can attend or record.

    Ehud

  • Jun 28th, 2019 @ 3:17pm

    Them vs. us

    THEY don't want to ban encryption for everyone.
    THEY want to ban encryption for us.
    THEY will exempt THEMselves from any such ban.
    After all, encryption is necessary to secure national... security.

    This is yet another attempt to erode our rights, and increase the power gap between "authorities" and "civilians."

    Ehud
    Note: cops are civilians. So are firefighters. After 2001/09/11 they've pushed a narrative that they are not. Yeah, they are.

  • Jun 20th, 2019 @ 10:59am

    Ipso facto and other made up things

    There is no "defense" and no "legal arguments made by the defense" and therefore none that "would be appropriate".

    You just made all that up.

    Ipso facto the host country has no responsibility to augment the security provided to the foreign dignitary by his own staff.

    Please... if you must invent stuff, especially reasons why the US needs to beef up Erdogan's security, DO include at least some shred of information that backs up your absurd position.

    Ipso facto and all that.

    E

  • Jun 17th, 2019 @ 12:32pm

    Odds on an appeal being filed?

    He didn't take a plea agreement, which suggests he will appeal.

    Anyone offering/taking odds on that?

    E

  • Jun 13th, 2019 @ 7:30am

    Trumpian says treaties are only suggestions

    No, they are not. Treaties are legal agreements between international entities and others. They have the force of law.

    Perhaps you equate driving 56MPH in a 55MPH zone with a treaty. You would be wrong. The former gets you a possible civil traffic citation, and at best a pass for not going too far above the speed limit. Violating a treaty gets you a lot worse.

    It takes someone as brain-dead as DJT to purposely violate a treaty or to threaten to (e.g. NAFTA).

    Your statement is wrong on the face of it, and in its interpretation. I award you no points, and may God have mercy on your soul. (h/t Adam Sandler).

    E

  • Jun 12th, 2019 @ 3:50pm

    Terrorism

    Terrorism isn't to inspire terror. It is to chill behavior and create fear and uncertainty. We just call it terrorism because "Bully Fearmongering Bad Guys" just aren't scary enough.

    Leave Wikipedia behind and check out:
    https://www.fbi.gov/investigate/terrorism

    E

  • Jun 12th, 2019 @ 3:47pm

    Re: Re: Diplomatic Immunity

    It's all in the 1961 Vienna Convention on Diplomatic Relations, and it's subtle and requires the cooperation of the sending country:

    Article 9 (1) US tells Turkey their staff is persona non grata and Turkey should remove them or they lose their immunity.

    Article 9 (2) If they have not been recalled they lose their immunity and can be prosecuted for events PRIOR to said date.

    Article 43 (b) backs this up.

    E

More comments from Ehud Gavron >>