TKnarr’s Techdirt Profile


About TKnarr

TKnarr’s Comments comment rss

  • Oct 1st, 2015 @ 12:46pm

    Re: Re:

    How about:

    "Your ISP does not wish to carry traffic from Google on their network. Per their wishes, we are not sending traffic into your ISP's network. If you wish to receive traffic from Google, please contact your ISP about allowing traffic from Google."

  • Sep 22nd, 2015 @ 2:47pm


    The problem there is that any company wanting to market another version has to either prove their version is identical to Daraprim (right down to the impurities, by chemical analysis and comparison of the results to those from Daraprim) or go through the entire FDA approval process as a new formulation. And Shkreli locked down distribution of Daraprim so competitors can't get samples of it for the comparison (which is also making the FDA unhappy on top of everything else).

  • Aug 27th, 2015 @ 2:46pm


    I think it's not that Smith got a warrant, but that the warrant was not supported by probable cause and Smith included no evidence in his application for the warrant to support a finding of probable cause. The second half of the 4th Amendment says that "no warrants shall issue, but upon probable cause".

  • Aug 25th, 2015 @ 8:19pm

    Re: "In-Browser User Engagement Solutions"

    I think it's time for a little user engagement here, of the sort usually covered by "rules of engagement". :) First, prime a browser so AT&T's serving up the most offensive, undesirable ads possible. Then hit some major news sites like CNN or the New York Times. Screen-grab the ads. Send them and dumps of the web page source to the site's complaints or abuse department attached to a complaint about the ads they're serving up, and topping it off with a complaint about how your antivirus software complained about other pages on their site as well and you're afraid it's those ads since you only have the problem when those ads show up. Slip in a mention somewhere about how it only happens when you're using AT&T's WiFi and can they check if they're doing something special for AT&T customers. I'd think even a few dozen complaints about bad ads and malware would get some attention, and attention from major news sites'll be a lot harder for AT&T to ignore.

  • Aug 19th, 2015 @ 12:20am

    Re: "Software interfaces" are not software

    I dunno about that. If I say "automobile control interface", does anyone think I'm talking about an interface made out of automobile controls? No, people are more likely to think I'm talking about an interface to control automobiles.

    Nobody would confuse the arrangement of the control pedals in a car with the mechanism used to link the gas pedal to the engine throttle setting. But mention software and everyone's brains turn to mush.

  • Aug 18th, 2015 @ 8:29pm

    GPS networks

    The controlling rule: you don't want critical military infrastructure to be controlled by your opponent. So any country who's not absolutely 100% positive their interests will always align perfectly with those of the US wants their own GPS system that the US can't interfere with or degrade at will. I consider it good, the more GPS networks there are the more redundancy there is and the harder it'll be for anyone to degrade/kill GPS capability without being forced to annoy someone big enough to swat them and willing to swat them.

  • Aug 15th, 2015 @ 8:44am

    (untitled comment)

    All it'd take is a judicial rule that the plaintiff has to either present a trademark registration in the industry category the defendant operates in, or identify the specific activities or marketing of the defendant's product that encroaches on the industry category the plaintiff's mark is registered in. The PTO has standardized industry categories, so it shouldn't be that hard to nail down. It just requires judges who're willing to do their jobs even if it inconveniences the plaintiff.

    Then again, a lot of cases could be readily dismissed if Iqbal standards were applied the way it's been ruled they should apply.

  • Aug 4th, 2015 @ 12:28pm

    Can't provide what you don't have

    This is actually a good response to be able to give in general. Law enforcement may not understand tech or TOR exit nodes, but they understand "we don't have any records to give you, never had them". I've always thought that was a good reason to keep logs and such only for as long as you needed for technical reasons (eg. unless you have a problem you're troubleshooting you keep them for 24 hours at most) unless the law specifically requires you to keep certain logs longer than that and then you keep only what the law requires and dump the rest.

    It's also a good reason to encourage proper strong encryption of e-mail (ie. encrypted with the recipient's public key by the sender, decrypted by the recipient on their system, mail systems never have the private keys at all). That way if a subpoena comes in you can just turn over the encrypted data and if law enforcement comes back wanting the keys you can honestly shrug and say "don't have 'em, never did, only person who has them is the recipient so you'll have to talk to them about it". (Yes, encrypted e-mail can work safely with webmail, Javascript has the APIs to decrypt the text if the page is coded to use them and the text is in a standard form in an easily-identified page element.)

  • Aug 3rd, 2015 @ 12:21pm

    (untitled comment)

    This is why I don't consider Github a primary repository for anything important. I don't trust any other party further than the explicit wording of my contract with them. Things like this just reinforce my reasons for that.

  • Jul 31st, 2015 @ 1:03pm

    New vs. used

    I do see a difference here. Brooks was talking about used CDs, where the royalty had already been paid when it was first sold. Swift is talking about new sales/streams, where a royalty hasn't already been paid. Suppose I sign a contract with a publisher giving me an X% royalty per book on a fixed cover price, no exceptions and no terms allowing for any sort of distribution at a discounted price. Then one day I walk into a bookstore and find copies of my book being given away for free in a publisher-sponsored giveaway program, I haven't been asked to agree to this and I'm not being paid any royalty on the theory that X% of zero is zero. These aren't used copies, they're brand-new books. Am I not entitled to take the position that my publisher owes me royalties on those copies based on the agreed-on cover price and they'll just have to chalk those royalties up as a cost of running the promotion?

  • Jul 27th, 2015 @ 1:26pm

    Re: Perfectly Secure

    The software's probably DD-WRT like seemingly every consumer-grade router uses these days, and the ISP's just using the guest-network capability already built in. The VLAN separation's built into the switch hardware, so I wouldn't be so worried about that (any bugs there would also show up in the switch maker's managed switches and they couldn't let it go very long without sales tanking).

  • Jul 27th, 2015 @ 11:50am

    Re: Re:

    As secure as your regular router is. Bear in mind that if you dig into the technical internals your router does not have a WAN port and 4 LAN ports. What it has is a 5-port switch. The firmware just configures 2 VLANs on the switch, usually assigning the 4 LAN ports and the WiFi interfaces to VLAN 1 and the single WAN port to VLAN 2. If there's a way to breach the VLAN separation then your router's already vulnerable to someone outside doing that and gaining access to the local VLAN through the WAN port. Which VLAN they start from won't change the vulnerability.

    Getting full control of this easily requires flashing DD-WRT, but since most router firmware's a modified version of DD-WRT anyway someone with enough knowledge and patience (or someone using a packaged exploit kit) can pull an NVRAM backup from the router, edit the VLAN setup and other configuration items and load in the new settings without having to flash new firmware. And if the router's running stock firmware it's probably outdated and has unpatched vulnerabilities in it.

  • Jul 1st, 2015 @ 12:09pm

    (untitled comment)

    So, basically another reason that I should travel by car if possible, with any important baggage traveling by FedEx or UPS.

  • Jun 25th, 2015 @ 10:52am

    (untitled comment)

    I think the theory is that it worked to get the French aristocracy out of power so it's good enough for anything else. What's annoying is that often I find myself agreeing with the protester's points, but that agreement's overwhelmed by the desire to smack them up the side of the head for their idiotic antics.

  • Jun 24th, 2015 @ 11:40am

    Re: Re:

    All the service providers I use have an RSS feed of their blogs where they post information like this policy change. I subscribe to them and put them in a Providers feed so I can keep up with things I may need to know about. If someone owns a domain and isn't keeping up with what's required of a domain owner in some fashion... tough, that's what happens when you don't pay attention to your stuff.

    As for scary emails, most of them are obvious fakes (I don't have an account there, wrong email address, obviously bogus source and so on). When I get one that isn't an obvious fake, yes I do check my account to make sure there isn't anything I need to take care of. It doesn't happen that often, maybe once every couple of months, so it's not a big deal.

  • Jun 24th, 2015 @ 10:46am

    (untitled comment)

    I'd suggested one solution to EasyDNS: have a way to verify the information from the domain's information page in addition to the e-mail, so when you got one of those e-mails you could simply log in to EasyDNS as usual and check the domain information to see if verification was really required. That'd comply with ICANN's spec and allow those that care about it to avoid phishing attempts at the same time.

  • Jun 9th, 2015 @ 12:41pm

    (untitled comment)

    I'd've gotten a lawyer and seen about having him write a letter back including a copy of their letter plus screen and source captures of my Web site and what they presented showing that theirs is a modified version of mine, and asking essentially "Are you really admitting, publicly and in writing, to modifying and distributing a copyrighted work (my web site) for commercial gain without the permission of the copyright holder (me)?". I'd also send a counternotice to Github citing that I am the copyright holder of the Web page in question and that the code posted was a copy of the code for my page served to me from my server through complainant's network which I had not granted permission to modify my work and distribute the modified version.

  • Jun 8th, 2015 @ 11:27am

    (untitled comment)

    Maybe a simple adjustment: set a statutory royalty rate, and say that anyone can use any work without a registered copyright owner merely by agreeing to pay the statutory rate per copy made up to the point where an owner registers the work, proves ownership and informs the user of the change or the user is informed through an annual check of the registration each user is required to make. No creator can sue for any relief other than the statutory rate for any use prior to registration. Give copyright owners 1 year to file registrations before this change goes into effect. That would seem to give at least clarity on how to go about using an orphan work without violating the Berne Convention (as far as I know) and without allowing copyright owners to ambush users nor users of a work to abuse claims that the work was orphaned.

  • Jun 4th, 2015 @ 6:36am

    Re: Re: Forced to lie

    But can you imagine a situation where it's useful to the government for the government to force a person to lie? That's the relevant question.

  • Jun 4th, 2015 @ 2:04am

    Forced to lie

    One thing I have problems with is the common assumption that the gag order can't legally require the subject to lie about the gag order. I'm of the opinion that courts would have no problem with an order requiring the subject in the general case to not do anything that would either by commission or omission disclose the existence of the order, ie. if failing to say X would mean you'd received an order then the subject must say X even if that means lying.

    The only way around that I can see is to involve one of the special cases where not even the government can require someone to lie. The lowest-risk case would be to have the person making the statement be an attorney in an attorney-client relationship with the subject, have that attorney be the only proper and official person authorized to receive all legal demands, and have the canary state under penalty of perjury that the above is to the best of the attorney's knowledge true and correct and be cryptographically signed by that attorney. That might be the only case where even the most pro-law-and-order judge might balk at requiring a lie. Especially if the canary was still being posted but the lack of either the signature or the "true and correct" language was the tip-off that something was wrong.

More comments from TKnarr >>