TKnarr’s Techdirt Profile


About TKnarr

TKnarr’s Comments comment rss

  • Feb 8th, 2019 @ 7:18pm

    (untitled comment)

    I think the political solution needs applied to this PD. That solution: ordinary residents starting a campaign for the next election based on the narrative of "This is the current mayor's position: that it's perfectly fine for the police to kill ordinary citizens while not catching any drug dealers. We need a mayor who'll give the police chief and the police a choice: do it the other way around or I'll replace you with someone who will. And since the current mayor won't do that, it's time to replace him with someone who will.". Keep the emphasis on the part the cops like to crow about but that they aren't actually doing, which isn't that hard considering the results they're piling up.

  • Jan 22nd, 2019 @ 10:31am

    Re: Does LucasFilm even have a say any more?

    Because LucasFilm, not Disney, owns the rights. Disney owns LucasFilm, but that's a matter between them and doesn't affect anyone dealing with LucasFilm over the rights.

    Yes Disney can tell LucasFilm what terms they can offer and LucasFilm has to obey, but Disney can't unilaterally revoke or change agreements LucasFilm's already entered into with other parties. So once LucasFilm set the rules and Toos agreed to them and released his work abiding by them, Disney lost the ability to retroactively change those rules. They could prohibit any future works, but they can't go back and rewrite the contractual past (especially unilaterally without the consent of the other party). If they asserted in court that they could, then LucasFilm could assert the same right to unilaterally and retroactively change the terms under which Disney bought them to give LucasFilm control over Disney and Disney wouldn't be legally able to challenge whether they had that right. Even Disney's lawyers aren't quite that stupid.

  • Dec 26th, 2018 @ 11:15pm

    Re: Re: Esports Vs Leagues

    Unless of course the game requires a server (and even a lot of nominally single-player games these days require a server for authentication), in which case the game probably won't run unless it's patched to the most current level. And under copyright law as it stands today, patching the game client to bypass the server check is copyright infringement plain and simple (the cases that set precedent in large part stem from just that, patching the client to run without a server or otherwise bypass publisher-imposed DRM).

    The fundamental problem is that any eSports league is either run by the publisher and subject to their whims, or it's utterly dependent on a product owned and controlled by someone who may well consider the league to be a competitor.

  • Dec 20th, 2018 @ 1:35pm


    Underlining is moderately common styling for links these days. Not a consistent standard, but more common than not. Blue as a convention (for unvisited links, purple for visited links) is long gone. The most you can count on is link text being styled differently from the body text around it. And if it's an image, all bets are off because the link border around images went the way of the dodo a good decade ago.

  • Dec 3rd, 2018 @ 12:58pm

    (untitled comment)

    There's another solution to the situation, the same solution that the software industry's "responsible disclosure" farce encourages for handling bugs and vulnerabilities. Instead of sources talking to reporters privately and reporters filtering the information to avoid disclosure of anything not truly needed, sources contact reporters anonymously and mass-dump all the original materials through a service like Wikileaks that allows for large-scale duplication making it all but impossible to shove the documents back in the safe. Then reporters don't need to vet the source, they can vet the original documents and report based on that. If the reporter never knows who provided the information, they can't reveal more than that they don't know the source's identity. The government can go chase the original documents and the original source, but the material's still out there regardless so they won't accomplish their goal. Sources of course need to make sure they're untraceable when uploading the information, but that's what they're having to do already so no major change there.

  • Nov 19th, 2018 @ 1:51pm

    (untitled comment)

    I think the biggest thing would be to stop requiring judgements to be "reasonable" in the aggregate. Work up an average cost for an individual to deal with the results of a data breach (including their own personal time), then by law set the liability of the data collector per individual exposed at either that average or the actual documented costs, whichever is greater, plus legal costs and fees. 50 million records exposed at an average cost of $200 per person to fix? Total liability starts at $10 billion and goes up from there, plus lawyers' fees on top of that. No trying to figure a reasonable total penalty, you take the reasonable cost per individual and multiply it by the number of individuals and the company's responsible for contacting all individuals affected.

  • Nov 19th, 2018 @ 1:40pm

    Re: Is there a deadhand option?

    There isn't an easy way to set up an automatic wipe like you describe, but many phones have an option to encrypt the storage (internal and SD card) so that a password has to be entered during boot before the phone can even read it's own storage. You'd combine this with a scheduled-reboot app (requires a rooted phone to work) that would trigger a restart of the phone at a certain time each day. You could use a remote-power-off app as well, but doing it automatically on a preset schedule avoids the issue of you having to actively do something after the phone was confiscated. I'd have to dig into whether there's software out there that could invalidate the decryption credentials (forcing a re-entry of the password) if the device is idle for longer than a set time (something like the lock screen, but operating at the hardware layer rather than the level of the UI and external interfaces).

  • Oct 29th, 2018 @ 7:20am


    Have to agree. "Don't enable the Submit button before the form's completely ready to be submitted." is a standard thing for any Web page or application. If that button does anything before the form's completely loaded and rendered, the developers failed even India Consulting Firm Coding 101.

  • Oct 21st, 2018 @ 9:53pm

    Re: Response to: TKnarr on Oct 20th, 2018 @ 4:08pm

    As to #2, these chips were installed in the Ethernet connector itself. That means they have access to the physical Ethernet so they can inject their own packets in between legitimate packets. And if you'd read the article, the extra network traffic that would imply was exactly how they were in fact detected according to the author.

    As to #1, go look up the specs for Intel's chipsets like the current X299. They include on-board network hardware (specifically an Intel I219) which is connected to the Ethernet connector itself via a PCIe x1 and the SMBus. That would give hardware embedded in the Ethernet connector a nice neat line into the hardware's internals.

    And perhaps it might be a lot of money. Maybe. Remember that this is China, which specializes in manufacturing chips for electronics manufacturers. I'm pretty sure their government could fund a fab line for the necessary chip, they could probably even piggyback it onto an existing fab line other companies were paying for. Installing it in every Supermicro board manufactured in China wouldn't be expensive, it's just a small tweak to the cost they're already charging Supermicro to manufacture the boards after all. Putting it into every board would actually make it less likely to be detected since there'd be no anomalies in the components to be noticed and the chip is probably on the original blueprints labelled as something innocuous so anyone checking would see that the connector's exactly as specced. You'd need to actually peel the chip apart before you'd find any hint of anything wrong. Or be monitoring for unusual network traffic, and that's often difficult as there's so much and only the most paranoid would go to that effort. Your targets wouldn't be the high-security networks that'd be the main places that'd spot that traffic either, they'd be the lower-security stuff in big datacenters where you can scoop up information from the commercial side where security isn't nearly as tight. Set the chip up to do a limited number of time-delayed pings at first power-up and shut itself off if it didn't get a response and by the time anyone looking notices the traffic and goes hunting for the source the trail's gone cold.

    As for juicy, remember that the government contracts out almost all of it's military hardware. You may not be able to steal the designs from the government, but scoop up the info on what the civilian subcontractors are making for the contractors making the hardware and you can get a pretty good idea what's being delivered. Plus the sheer monetary value of simple commercial espionage, of course, and commercial security is a complete joke as we've witnessed time and time again.

  • Oct 20th, 2018 @ 4:08pm

    (untitled comment) in-u-s-telecom

    This article covers something that appears different from the original article. It looks plausible: the extra chip is in the connection between the Ethernet connector itself and the internal NICs in the CPU, which'd give it both network access and potentially access to the PCIe bus and/or the internal bus connecting components within the CPU. In a multi-layer motherboard I can see hiding some extra traces that'd be sufficient to give the chip enough access to monitor memory and the hard drives. Add in the claims that the technique was also found in NSA leaks back in 2013 (the TAO catalog from the NSA's Advanced Network Technologies group) and it looks like it falls into the "I really don't want to think they did that, but I can see too many ways they can feasibly do it and I know the potential payoff would be enough to tempt even a saint" category.

  • Aug 17th, 2018 @ 11:07am

    (untitled comment)

    It's probably that the wording is controlled by the marketing and legal departments, who aren't intimately familiar with the internals of the various products. The engineers, who truly know what's going on under the hood, aren't consulted until after the fact (if then). There's also the disconnect in world-view: to the engineers the fact that Weather stores location data in it's own data storage for it's own purposes isn't relevant at all to whether that same data appears in the Location History storage. As long as Weather doesn't feed the data to Location History, the statement that turning off Location History makes Location History stop recording your location is correct even though Weather is still tracking your location so it can show you the weather in places you visit regularly. To make matters worse, I suspect the average smartphone user's understanding is closer to the engineers' than the lawyers' so you end up with not one but two layers of translation errors.

  • Aug 13th, 2018 @ 10:59am

    (untitled comment)

    I think, though, that agent Schwartz would do well to cancel any plans he has for vacations in Mexico for the foreseeable future.

  • Aug 13th, 2018 @ 9:55am

    (untitled comment)

    I'd like to note something that's skipped over here: the nature of the choice companies/platforms give users. All the transparency and control in the world is useless if the choice offered is "give us permission to do anything/everything or don't use our platform/website". Hobson's choice is no choice at all most of the time.

  • Aug 10th, 2018 @ 11:49am

    Re: "Would you look at that, seems I need to leave RIGHT NOW."

    I think judges should start enforcing the rule that once the defendant files anything in the case, even just a response, the plaintiff can't voluntarily dismiss the case anymore without the defendant agreeing to the dismissal. Along with an explicit rule that says the fact that the defendant refused to agree to a dismissal may not be used to the defendant's detriment at any later point in the case (ie. no more saying that if the plaintiff offers to settle and dismiss the case and the defendant rejects it and ends up winning less than the settlement offer the defendant's treated as having lost).

  • Jul 26th, 2018 @ 2:59pm


    Remember that their plan isn't to protect their DRM against cracking. It's to protect their ability to sell their DRM to game companies. I'd even bet that their financial people see the DRM being cracked as a revenue opportunity: version N of it being cracked means the game companies have to shift to version N+1, which being a major version upgrade requires buying a new license.

  • Jul 19th, 2018 @ 1:05pm

    (untitled comment)

    When it comes to "balanced" reporting, I just remember what Robert Heinlein had several of his characters expound: the second best way to lie convincingly is to tell the truth but not all of it. Report the facts but omit some crucial ones so that people reading the material will get a distorted view and jump to incorrect conclusions.

    A lie of omission is still a lie.

  • Jul 11th, 2018 @ 7:35pm

    Re: Re: Re: It's not just games though

    With Calibre there's no time spent on the book. You need a few minutes when you install the plug-in to configure it with the info from/for your reader. After that the plug-in operates in the background, silently removing the DRM as you import the e-book into Calibre. I haven't seen it add any appreciable time to the import either, so it's basically negligible overhead.

  • Jun 25th, 2018 @ 12:56pm


    What'd be even better is if the court ruled that since the government has no authority to retaliate in this manner and the councilmembers knew or should have known this, their actions cannot have been in the course of their duties and they are personally liable for the damages (and if they want the city to pay they'll have to sue it themselves).

  • Jun 19th, 2018 @ 12:49pm

    (untitled comment)

    I think the out is in the fact that the prohibition is on a party requiring disclosure of source code owned by a different party. In the case of open-source licenses, the party requiring the disclosure is the one who owns the code. In such a case they wouldn't be demanding disclosure of source code owned by a different party and the prohibition wouldn't apply.

  • May 22nd, 2018 @ 11:27am

    Re: Re: Amusing

    The idea isn't to get a ruling about whether it's de minimis fair use. The idea is to get a ruling that the defendant (HBO) can't raise de minimis fair use as a defense either because they've themselves prevailed on the claim that de minimis use is still infringing or (better, because it'd apply to all media companies and not just HBO) that de minimis use doesn't make it fair use. This would hit the media companies hardest because they have the widest variety of possible-fair-use occurrences in their product and are open to claims from the largest number of copyright holders.

More comments from TKnarr >>