sumgai’s Techdirt Profile

sumgai

About sumgai




sumgai’s Comments comment rss

  • Mar 21st, 2019 @ 6:53pm

    Re:

    @ AC

    Your wording is likely better from a legal standpoint, and I did say "or words to that effect". I know I was just shooting from the hip on that one. ;)

    Still and all, whether or not any warning label helps, there's one sure bet that no one will miss, and that is that a court case can (and will!) be made that the user "was given a proper warning" of the dangers. IOW, ignoring that warning label will get your "Get Out Of Jail Free" card rendered null and void.

    @ Thad

    I'm under the impression that parts of the IoT industry are no longer even installing a password, marking the device with a label that says: You must first install a password in order to proceed and connect to the Internet". Quite likely I haven't gotten the correct wording there, but the point is that the industry is starting to take note, and starting to do a CYA job. I wouldn't be surprised if they're hoping to ward off any potential lawsuits, or worse, ignorant government regulations.

    sumgai

  • Mar 21st, 2019 @ 11:25am

    Re:

    @btr1701

    While your scenario looks good and proper, the fact is that courts know that the DOC has its own set of rules, and expects a sentencee to abide by them as part of the punishment. Those rules are provided for in statute law, and have been upheld in numerous court cases.

    To cut it short, if you are incarcerated and you fail to abide by DOC rules, you can indeed earn "bad time", which extends your time to serve beyond the court's initial sentence. It shouldn't need a lengthy analysis to point out that if one or more guards are not happy with you, their reports, especially if they come from more than one guard, can be weaponized against you.

    Therein is where a lawyer will be needed to get the prison system to divulge all records of both good and bad time earned, in order to persuade a judge that a prisoner's time has been miscalculated. (Or indeed, it is correct, and the prisoner has no right to complain.)

    sumgai

  • Mar 21st, 2019 @ 10:30am

    (untitled comment)

    So far, only one asshat has entered an opinion, and the rest of you have jumped on him like he deserves. (But I must interject here, given this golden opportunity, that printing text that says "Click here to show it" is quite parsimonious. Said link does not work, and it can't work - there's no underlying link code of any kind. What gives with that, Mike?)

    So let me move on past all that, and get to the reality of what threats can be observed by the emergence of botnets. And BTW, I do indeed know several polititions who can't even spell botnot three times out of five, with an open dictioinary in front of them, let alone know what they're all about, and the derivative dangers therefrom.

    The dangers are twofold, in the majority sense. There are lots of secondary problems, but I relegate those to the back burner. Those two are "invasion of privacy" and the attending problem of disruption of business, and influencing public opinion. I'll leave off discussing the latter, I don't consider myself qualified to offer an effective solution to that problem. Well, other than a Constitutional Amendment that corrects the Founding Father's omission of not qualifying the First Amendment that one must be not stupid in order to use the Internet... but how could they have known so far ahead of time?

    In the former case, the answer is quite simple - stop putting every last iota of date online!!! Do we really need our medical records online? No. Do we really need our insurance information online (medical, home/auto, etc.)? No. Do we really, really need our government information online (SS, VA, etc.)? Hell no!

    But it doesn't stop quite just there. Referring back to my wish to have Internet users be not stupid, I think a government-mandated warnging label should be attached to any Internet-connected device, both on the box at retail, and on the device itself. "Warning - this device can be used in a botnet, unless you change the password", or words to that effect. If the Surgeon General can make that happen for cigarettes, then I'm sure that's a good enough precedent to make it happen for IoT devices.

    For those of you who have to deal with recalcitrant folks ("I don't wanna know anything about it, just make it work for me"), here's a non-car analogy: An outdoor camera pointed at your driveway, and showing zero cars present says to me "no one home, time to go shopping". (Ditto for an in-garage camera.) A camera in the newborns' nursery says to a company owner "start injecting advertisements for baby products/services into the home's Internet connection". A refrigerator with a shopping list full of alleged "crap" food says to a health insurer "high risk, charge more". IOW, no one can be trusted to not abuse your IoT devices and Internet connection itself.

    We could go much further, but I trust I've made my point.

    sumgai

  • Mar 21st, 2019 @ 9:52am

    I'd vote for something else as the cause

    First, take a look at the DOC's own document on Early Release Times:

    https://www.doc.wa.gov/information/policies/files/350100.pdf

    12 pages - Yikes!

    But the very first page tells a chilling story: The official policy was instituted in 1982, and has been modified/recodified no less than 19 times since then. Double Yikes!!

    But any reasonably competent code monkey could implement those changes without breaking the system, given that he/she wasn't told to "get it done in 20 hours or less". I'd also opt to have a sample testing regimen put in place, but nobody ever askes me how to do their job....

    And now we get to the crux of the problem - guardware. It should be obvious, with or without reading the above doc, that guards have a very major impact on Early Release Time calculations. While the actual entry of time earned (or taken away) is done by only a few individuals, said individuals rely on reports from prison guards. Guards can't directly input data to change ERT calculations, but they can sure as Hell have an impact through the way they create their reports. And unless there's an especially egregious error, they are almost never questioned.

    Thus, a flawed but fixable system is not only influenced by, but easily corrupted by the lowest level (first tier) of input - the prison guards.

    Disclosure: I'm a resident of Washington State, and I know, or have known, several prison employees, both guards and others in administrative capacities. And no, such knowledge wasn't gained "from the inside". :)

    sumgai

  • Mar 10th, 2019 @ 5:36pm

    Re: Upping the encryption game.

    Not bad, but let me add this to your proposal:

    For years I've added the words "Guns, Bombs, President" to my tagline. I feel strongly that if everyone did this, every time they were about to hit "Send", then the State Surveillance would crack apart soon enough.

    Encrypt everything else, but leave those three words in plain text - that'll keep 'me up nights!

    sumgai

  • Mar 7th, 2019 @ 3:15pm

    A quick show of hands, please....

    ... for those of you who have ever encountered a public news report wherein a law enforcement agency claims to have averted a major crime, thanks to reading the contents of a phone. Haven't seen anything yet, but perhaps I'm getting a bit blind in my old age....

    And insofar as I'm concerned, Wray (and any successors) can speak up all he wants. Not for the amusement value, but to keep the topic of why we have encryption in the first place on the front burner. Better to know what the other side is thinking/whining about, than to suddenly wake up one morning, only to find that they serruptitiously passed a new law that we now have to fight over in court.

    sumgai

  • Feb 7th, 2019 @ 12:12pm

    half-baked?

    This assurance that the government won't demand full-fledged backdoors...

    Hmmm. Would that be as versus a half-fledged backdoor? Said door being either open or closed, but this isn't Schrodinger's cat we're talking about here. Either the encryption is intact, or it had been compromised. Completely, not partially.

    Like the EU and it's never-to-be-sufficiently-damned copyright cartel sponsered triumvirate of leaders, this will do nothing to stop what I view as common behavior (and I make no judgments here), it will only make, automatically, criminals where there were none ere now.

    Actually, all encryption can be broken, given enough time. The gist of the law can be restated thusly: since it can be broken, then it must be broken... but instantly - time be damned! Not to mention several and various other Laws Of The Universe.

    Wouldn't it be nice if everyone just started using the same encryption schema instead of trying to make up their own? I can picture it now: "Hey there officer, I can't break this, it comes from Company X in [name your favorite country here], and they have laws against giving out keys or "shudder" backdoors. So sorry, have a nice day!".

    sumgai

  • Feb 5th, 2019 @ 2:02pm

    The little man behind the curtain....

    Here's the problem in a nutshell. What the middle-men/gatekeepers are looking for is to offload the risk portion of the age-old business formula of risk versus benefit - you don't do something if the risks (costs) outweigh the potential benefits.

    By setting up ISPs and indexers as a quasi-police force (unpaid by anyone, let alone the public), they will be able to unilaterally control the entire internet, from stem to stern, at no cost to them at all. Not even a shred of accountability, because... laws!

    I don't have a car analogy handy, but I think the next best thing might be:

    1. Buy legislation that benefits you;
    2. BS the public about how this legislation "really benefits all of you";
    3. Kick everyone to the curb, at will;
    4. Profit!

    This is a business model that only a 90-Day Wonder (aka a Harvard MBA) could love. For the rest of us, all that jabberwocky about hard work will pay off is now shorn of its trappings, laid bare for all to see as the lie it will become.

    Good think I'm on the tail end of this go-round in life. I'm not giving any more advice to my grandsons, what I've already told them is pretty much null-and-void in today's world.

    Sorry, but I can't take the credit for thinking this up, I'm merely paraphrasing that which I've read elsewhere. (But I'll be hornswoggled if I can find it anymore! That'll teach me to not bookmark things right away....)

    sumgai

  • Jan 13th, 2019 @ 6:27pm

    (untitled comment)

    I'm sorry to have missed Scote's comment about not wanting to see "a separate page/site for comments". In point of fact (and I speak from experience here), a single page can contain content from more than one server, and there are several ways to do that.

    Sadly (but not unexpectedly), Google ignores the robots.txt file if the content is called (linked) from another resource. But... Google does obey the 'noindex' META tag, and the "X-Robots-Tag" resonse header.

    If either of those are inserted into the page sitting on the "comments" server, then Google (and perhaps Bing as well) should not be able to see the actual content, only the call to that page. But to the user, everything would appear seamless, as it does now.

    (For all I know, Mike is doing exactly that now!)

    HTH

    sumgai

  • Nov 14th, 2018 @ 2:54pm

    (untitled comment)

    I must admit, I'm surprised at the reach, and the findings of preceding courts, that a civil disagreement can be forged (weaponized) into a criminal one. Yes, the government can't legally interfere with a citizen's activities without good cause, that's the Liberty part of the First Amendment and the due process clause of the Fifth. But to say that an individual person can be dismissed for whatever cause is somehow... automatically a criminal action on the part of the dismisser? That's not what the Founding Fathers meant when they formulated our Constitution and Amendments.

    While you as a citizen are "free" to enter any government building or open place that conducts goverment business, there are good and sufficient reasons why you can't enter each and every one of them... security being the highlight of this day and age, but we certainly didn't start that just 17 years ago. Likewise, a newpaper or other outlet of news that holds itself out to the public as a source of information has no special "right" to enter a government structure that somehow negates the requirements placed on "normal" citizens.

    Indeed, the only protections afforded to the Press are a freedom from government interference in what they print, and what spin they may impart to that information. The Founding Fathers may have intended that, in a polite society, members of the Press would be civil in their discourse with government personnel, and that was a failing, I'll admit. But nonetheless, we're stuck with what they gave us, and for the vast majority of the time, it's worked out quite well, in my opinion.

  • Nov 14th, 2018 @ 2:31pm

    Constitutional cite needed, please

    ... on the whole I think governments should be much more inclusive of media. But if the decisions are based on the content of their reporting, it would appear to be entirely unconstitutional.

    Per my usual recalcitrance to take anyone's statements at face value when they reference some particular law, I have to interject here that there is no Constitutional requirement that the President (nor any other Federal office holder) must hold open press conferences. In fact, it was only 105 years ago (less than half of our country's age) that Woodrow Wilson held the first such. Sadly, the prevailing conventionally held wisdom that "open to one, open to all" is not a guaranteed right. The concept really hasn't even been enshrined in law, at least not directly. Indirectly, I can see that in several ways, but not directly.

  • Nov 7th, 2018 @ 6:14pm

    Be careful what you wish for, HBO...

    ... the Malodorous Orange will likely respond by calling you "Fake Entertainment".

  • Nov 7th, 2018 @ 5:54pm

    Re: Implied Endorsement

    I always wanted to know... who gave artists as a class the right be more moral than the rest of us?

  • Nov 7th, 2018 @ 5:47pm

    Re: They should have put out their own version

    Either that, or perhaps "Stormy Is Coming!"

  • Nov 7th, 2018 @ 12:35pm

    Speaking of examples...

    I consider this to be a "reverse canary" that deals with NN. Consider:

    All ISPs have always had the ability to do a MITM attack of this nature, but for the most part they haven't, if for no other reason than not wishing to drive customers away. AKA, good business practice.

    Banhof is one of the staunchest defenders of the principles of NN, but now they've been forced to do a MITM attack for reasons that are highly repugnant to Americans (of the USA variety) - keeping mind that other countries don't make the same laws as we do. I see this as a warning shot aimed at dinosaur businesses - it says that things can get much nastier than they might desire, that maybe they should take a moment to think things over. After all, if there's no law against each ISP "poisoning the DNS" they carry for their customers.... now who's speaking from power?

    It's also an example for other ISPs that might wish to fight back in a similar manner.

    To Mike:
    I understand the core idea of adhering to one's principles, and the idea of setting a good example for others. But if Banhof were to lie down and wait for someone else to save them, that would have exactly the same result as planning to fail. Remember, all that's necessary for Evil to succeed is for Good Men to do nothing.


    sumgai

  • Nov 2nd, 2018 @ 7:42pm

    Yes there is a solution....

    It is not easy to seal off every possible vector of attack. There are always new attacks.

    It is possible to seal off all but one vector of attack - simply isolate the data into a non-web-facing storage area. i.e. it can be accessed only from a local console. Keep that console in a locked room, and your exposure is quite limited indeed. Put a card reader on the doorlock, and a camera in the hallway, and you'll know who's been selling user data to nefarious parties, without permission.

    Yes, it's possible that a MITM attack can take place during the initial yielding of data by the user, but that would take considerable resouces in both time and processing power, each of which are more easily detected than the usual back-door skullduggery about which we hear so much.

    sumgai

  • Sep 13th, 2018 @ 9:49am

    Re: This is going to be stupid hard to legislate.

    I respectfully disagree.

    Instead of saying (legislating) that IoT devices must be more secure, California could simply implement the "All Things Cause Cancer" concept into a rating system for these units.

    For instance, a board/commission/bureau could apply a meaningful set of tests to a device, and develop a rating that would be required to be displayed prominently on boxes at the retail level. Likewise for advertising, both online and off. Failure to display said ratings as required would simply mean "no sales allowed here".

    California, like it or not, has more than 10% of the total American population, thus setting it up as a leader in potential sales. If something fails in Cal., likely it won't go over too well in the rest of the country. Again, like it or not, that's the way of things in these times.

    I'd suggest that Cal "draft" some of the industry big-wigs like Bruce Schneier and others of like knowledge, to get a first-pass methodology for this kind of testing. Obviously it will need to be monitored and modified as real-world devices come in for testing, but in esssence, a Rating System of any kind will be a good measure for retail-level buyers to think about, as they make their decisions.

    Enforcement efforts might include Mystery Shoppers who can be on the lookout for unrated devices, plus sales people that espouse that buyers "just ignore that rating, it's worthless".


    sumgai

  • Sep 5th, 2018 @ 11:11am

    Re: Re:

    Mike,

    Allow me to both agree and disagree on some of your points, please.

    1) Alleged filters on social media are something about which I know nothing - I refuse to give up my last shards of privacy, so I don't participate in anyway. I limit my on-line presence to Fora such as yours, where I usually find evidence of the median participant IQ to be somewhat higher than that of a raw carrot.

    2) The fact that "most people don't care that much" is concerning, at least to me. It says a whale of a lot about apathy, and opens a large diorama of reasons for that willingness to not participate in one's own government, even at a visceral level. Wanting to avoid assholes and/or trolls of various kinds is laudable, but in point of fact, if we avoid them, then we are just pretending to ourselves that they aren't there in reality.

    Compare this to the SESTA/FOSTA crap - "If we remove this (already criminal) activity from the internet, then it will go away entirely". I'm sure you can think of other examples near and dear to your heart.

    To quote Sgt Springer, from my Boot Camp days: "If you stick your head in the sand, then your ass is exposed, with a couple of nice big red rings painted on it." Better to know where they are, what they're doing, and how to keep them from causing ever greater harm.

    3) I must defer to my statements in 1) above. However, I do hold out hope that you're correct, that people will become less inurred to the actions of their fellow citizens, particularly those in the business of governing others. I'm not looking for outrage and a desire for retribution, I'll be happy to see merely a high degree of concern and a willingness to express a thoughtful opinion. (Read that last as: not an emotional outpouring, devoid of any rationality.)

    Thanks Mike. ;)


    sumgai

  • Sep 4th, 2018 @ 10:23pm

    (untitled comment)

    The reason this won't work? It will do no more than reinforce one's opinions, which will stem from what one reads, and accepts, as fact(s).

    The fact that no post ever published, anywhere, at any time, on any medium, has stated "This is my opinion, you should make up your own mind.", or words to that effect, tells me that we internet uses, all of us, are pretty much looking to be part of the herd, and not very willing to stand out for our own selves.

    Stated another way, this idea will lead to confirmation bias on a level never before dreamed of. I predict that somewhere along the line, the repercussions of "us versus them" is going to become very ugly.

    Please note that I am not saying that we should be forced to read other's opinions that we find to be repugnant, but simply that we should not wander willy-nilly down a path of "I don't like what 45 is saying, so I'm going to tune him out, just ignore him and all of his cronies." At some point in the future, when they're pretty sure that we're all ignoring them, they're going to come for us. And it won't be with pitchforks and firebrands, either. The survivors will be lamenting that we could've had prior warning, if we were not so close-minded, and had been paying at least a little attention to their rantings and ravings.

    Uncharacteristically, I have no "better solution" to the problem. Sorry, I'll keep thinking on it, but in the meantime....

    sumgai

    p.s. Sorry Mike, hope your Cheerios still taste OK!


    Disclaimer: See the quote in my second paragraph.

  • Aug 31st, 2018 @ 10:16am

    Re: Net neutrality hypocracy

    Perfect demonstration of someone who slept through Civics class in high school.

More comments from sumgai >>