Domain: slashdot.org
Stories and comments across the archive that link to slashdot.org.
Stories · 37,380
-
Apple: an 'App Store' Is Not a Store For Apps
recoiledsnake writes "What would be your first guess about what an app store sells? Don't be fooled, Apple warns, the phrase 'app store' is not generic and can only be used to describe Cupertino's... um, app store? 'Apple denies that, based on their common meaning, the words "app store" together denote a store for apps,' Apple said in a Thursday filing with a California district court. All this notwithstanding that Jobs himself used the phrase generically while referring to Android app stores. We've previously discussed this ongoing legal battle." -
Massive LinkedIn IPO Raises Dotcom Bubble Concerns
The Installer writes with news of yesterday's stock offering from LinkedIn, which shocked investors by closing at more than double the initial price. "Buyers crowded the floor of the New York Stock Exchange, and financial news networks flashed LinkedIn's stock price urgently all day. By the closing bell, the company had a market value of $9 billion, the highest for any Internet company since Google had its initial public offering seven years ago. Millionaires and even one billionaire were made, at least on paper. The stock, issued at $45, went as high as $122.70 just before noon and closed at $94.25 on a trading volume of 30 million shares." That price values the company at over 30 times its 2010 revenue, leading to speculation that this is either evidence of the second dotcom bubble (a possibility we discussed in February) or a "watershed moment for social media." Many experts are questioning the value of LinkedIn, while others are claiming intentional market manipulation. -
MeeGo 1.2 Released
jrepin sends word that the Meego project has announced the release of version 1.2: "This release provides a solid baseline for device vendors and developers to start creating software for various device categories on Intel Atom and ARMv7 architectures. This release also includes the following: Netbook UX, In-Vehicle Infotainment (IVI) UX, Tablet Developer Preview and MeeGo SDK." -
Netflix Isn't Swamping the Internet
itwbennett writes "Remember the Sandvine report from earlier this week that said Netflix gobbles up 30% of Internet traffic during peak hours? It needs clarification on a couple of important points, says blogger Kevin Fogarty. First, yes, Netflix traffic spikes during prime time, but only across the last mile. Second, ISPs underestimate what a 'normal' level of Internet use really is. 'When AT&T announced its data caps – 150GB per month for DSL users and 250GB for broadband – it called the data levels generous and said limits would only affect 2 percent of its customers. It turns out Netflix users take up an average of 40GB per month just from streaming media, according to a different Sandvine report (PDF).'" -
Judge Puts Righthaven Cases In Colorado On Hold
Hugh Pickens writes "Senior US District Judge John Kane says there are serious questions about the validity of Righthaven's copyright infringement lawsuits in Colorado, and has put them all on hold. Kane says the main case in which he'll rule on the jurisdiction issue is that of Righthaven defendant Leland Wolf, who was sued over a Denver Post TSA pat-down photo. Wolf's attorneys filed briefs saying that based on Righthaven's lawsuit contract with Review-Journal owner Stephens Media LLC, its lawsuit contract with the Post is likely similar, and that their contract doesn't give Righthaven standing to sue. 'Righthaven very likely is neither the owner nor exclusive holder of any rights in the copyrighted work underlying this lawsuit,' say attorneys for Wolf. 'As such, Righthaven has suffered no injury or other cognizable harm required for it to have standing.' Judge Kane says he wants to resolve that issue before proceeding. 'Because there are serious questions as to whether my exercise of subject matter jurisdiction over Righthaven's claim of copyright infringement is proper, I think it most prudent to stay the proceedings in all pending cases in this district in which Righthaven is the named plaintiff,' wrote Kane. 'Should I find that I lack subject matter jurisdiction over Righthaven's claim of copyright infringement, it is likely that I will be required to dismiss all pending actions.'" -
TI vs. Calculator Hobbyists, the Next Round
An anonymous reader writes "Texas Instruments has struck back against Nspire gamers and hackers with even stronger anti-downgrade protection in OS 3.0.2, after the TI calculator hacking community broke the anti-downgrade protection found in OS 2.1 last summer and the new one in OS 3.0.1 a month ago. In addition to that, in OS 3.0.1 the hacker community found Lua programming support and created games and software using it. Immediately, TI retaliated by adding an encryption check to make sure those third-party generated programs won't run on OS 3.0.2." But if you want it, you can get OS 3.0.2 here. -
Australian Government To Widen Spy Agency Powers, Again
An anonymous reader writes "It seems the Australian Government has a fondness for expanding the powers of the domestic spy agency, ASIO, be it for hacking into servers or tapping citizens' phones. Now the plan is to make it easier to engage in economic and industrial espionage, as well as on groups such as WikiLeaks." -
Australian Government To Widen Spy Agency Powers, Again
An anonymous reader writes "It seems the Australian Government has a fondness for expanding the powers of the domestic spy agency, ASIO, be it for hacking into servers or tapping citizens' phones. Now the plan is to make it easier to engage in economic and industrial espionage, as well as on groups such as WikiLeaks." -
Linux-Friendly Alternatives To Skype
jfruhlinger writes "When Microsoft bought Skype, Linux and Mac users were assured that their platforms wouldn't be neglected — but you can understand why they might be a bit suspicious. Steven Vaughan-Nichols has compiled a list of five Linux-friendly alternatives — do you know of any others?" -
Intel Shifts Might To Mobile
CWmike writes "After years of dominance in computer chips, Intel now is chasing the mobile chip market and trying to redefine its future. During Intel's financial analyst meeting Monday, CEO Paul Otellini announced that he is refocusing the company, moving its 'center' from PC processors to processors for the burgeoning mobile market. 'I think Intel recognizes that they absolutely have to get a win here,' said analyst Rob Enderle. 'All the activity is in mobile. A post-PC era would be a post-Intel era if they don't get a beachhead established.' Earlier this month, Intel made a move in this new direction when it unveiled its new 3D transistor technology that is expected to position the chip maker to grab a piece of the mushrooming tablet market." -
Apple Support Forums Suggest Malware Explosion
dotwhynot writes "According to ZDNet, the volume of in-the-wild malware reports on discussions.apple.com is truly exceptional. With the launch of the first malware DIY kit for OS X earlier this month, and now this, has the malware industry threat finally caught up with the growth of Apple, and what do Mac users need to do?" -
Local Atmosphere Heated Rapidly Before Japan Quake
eldavojohn writes "A new paper presented at NASA's Goddard Space Flight Center in Maryland shows the rapid heating of the atmosphere directly above the fault days before the devastating earthquake hit. This is theorized to be the Lithosphere-Atmosphere-Ionosphere Coupling mechanism that occurs when large amounts of radon are released due to massive stress in the fault right before the quake. This can be detected with satellites analyzing infrared waves: 'The radioactivity from this gas ionizes the air on a large scale and this has a number of knock on effects. Since water molecules are attracted to ions in the air, ionization triggers the large scale condensation of water. But the process of condensation also releases heat and it is this that causes infrared emissions.' This is a shift from the Haiti earthquake where DEMETER was used to monitor ultra low frequencies. The presence of radon could also possibly explain erratic wildlife behavior prior to an earthquake." -
Microsoft Adds Chrome Support For Office Web Apps
CWmike writes "Microsoft will release the first service pack for Office 2010 in late June, when it will for the first time support Google's Chrome running the suite's online applications using SharePoint 2010, the company said on Monday. Google and Microsoft have repeatedly knocked heads over each others' online applications. In May 2010, Matthew Glotzbach, Google's enterprise product management director, kicked off the public battle by urging companies to forget about upgrading to Office 2010 and calling on them to instead add Google Docs to their mix. 'Google Docs makes Office 2003 and 2007 better,' Glotzbach said at the time. Microsoft quickly countered by saying that Google Docs' integration with Office was inferior to Office Web Applications' and that its rival's claims were 'simply not true.'" -
Bing Adds 'Like' Button
Tiek00n wrote in with something that might sound familiar, saying, "Microsoft on Monday expanded its use of Facebook within its Bing search engine, adding 'likes' and recommendations from friends and strangers into search results. Going forward, if you search for something one of your Facebook friends has 'liked,' Bing will note that in its search results. Did your sister and roommate 'like' a nearby Italian restaurant? A small photo, the Facebook 'thumbs up' icon, and a note that said they approve will show up in search results, Microsoft said." -
Groklaw Torch Handed To Mark Webbink
eldavojohn writes "A month ago we read a Eulogy for Groklaw, but now PJ has announced that Groklaw will not be shutting down. Instead, it is now Mark Webbink's Groklaw 2.0. If you don't know who he is, Webbink is a member of the board of the SFLC and was General Counsel at Red Hat. Legal FOSS news will continue to flow." -
Lodsys Responds To In-App Purchasing Patent Controversy
An anonymous reader writes "Last week, a heretofore unknown company named Lodsys sent FedEx packages to a number of independent iOS developers informing them that their use of in-app purchasing infringed on valid patents they owned. Now Lodsys has publicly responded to a number of issues/questions levied at them over the past few days." -
Japan Says No To PlayStation Network Restart
tekgoblin writes "Although Sony may be restoring services on the PlayStation Network around the world, one country has said 'No.' Japan has not yet given Sony approval to start up their online services, making the company wait until they have proven that they have taken the necessary measures to secure their network against another incident." -
Ultramobile PC To Make a Comeback?
jfruhlinger writes "Remember the Oqo and other 'ultra-mobile PCs' — full-fledged Windows machines in a cell phone form factor, pushed without success in the early-to-mid '00s? Well, Japan's NTT DoCoMo thinks that they could still catch on, making plans for a Windows 7 computer with a 4-inch, 1024-by-600 screen." -
BitCoin, the Most Dangerous Project Ever?
Jamie found a followup to the bitcoin story we've been following awhile. The article talks about the untraceable, un-hackable nature of BitCoin. They can't be locked down like PayPal, and the article predicts that governments will start banning them in the next 18 months. -
Keeping a Cellphone System Going In a War
dogsbreath writes "An Al Jazeera article provides fascinating insight about how engineers for one of the Libyan cell providers in the rebel held East have kept the system going in the middle of a civil insurrection. Administering a now-free cellular system in a war zone brings new meaning to the term BOFH as the engineers deal with bandwidth hogs and prioritize international traffic. A technical decision to keep a copy of the user database (the HLR) in Benghazi was crucial to keeping people's phones on line. There are reasons besides earthquakes and Tsunamis to keep your data backed up in geographically diverse locations. The report expands on and corrects the WSJ article covered on Slashdot before." -
Adobe Rolls Out Privacy Controls In Flash Player 10.3
adeelarshad82 writes "Adobe has released Flash Player 10.3, which includes enhanced privacy controls for how your activity is tracked online. Users can now clear local storage — sometimes known as 'Flash cookies' — on versions of Chrome, Internet Explorer, and Firefox. Flash cookies, or local shared objects, made headlines last year when the Federal Trade Commission released a report that called on browser makers to include a 'do not track' option in their products. The FTC also mentioned Adobe because it said the cookies gathered by Flash are collected regardless of the browser's settings." -
Book Review: Using CiviCRM
Hershel Robinson writes "A new book released by Packt Publishing called Using CiviCRM defines CiviCRM as 'a web-based, open source Constituent Relationship Management (CRM) system, designed specifically to meet the needs of advocacy, non-profit and non-governmental organizations.' What is not mentioned in this definition is that CiviCRM is a large and complex package with a wealth of features--the rest of this book deals with discovering and explaining how to use them." Read below for the rest of Hershel's review. Using CiviCRM author Joseph Murray and Brian Shaughnessy pages 464 publisher Packt Publishing rating 9/10 reviewer Hershel Robinson ISBN 1849512264 summary All about CiviCRM and how to use it Initiated by a small team around the year 2005, CiviCRM runs as a module for either Drupal or Joomla!. Knowledge of one of these CMS's is not strictly necessary to use CiviCRM, although if one wants to integrate "client-facing" aspects of CiviCRM into his public websites, that would involve the CMS.
As noted, CiviCRM itself, however, is a complicated and feature-rich package. In my opinion, the basic features are not difficult to use and in my experience, a somewhat tech-savvy laymen can make use of them without trouble. For users with less experience and knowledge with computers, however, even basic tasks may require training, and for most any lay-user, understanding the more advanced features will involve training and/or self-study.
While there is an online book, and an excellent wiki called CiviCRM Documentation available already, >Using CiviCRM makes learning CiviCRM easier. The two advantages I can see are that first, it is more in-depth in many areas than the other two resources, and secondly, many people will undoubtedly appreciate the ease of use of a traditional, printed book that they can open on their desk as they work online.
The authors, Joseph Murray and Brian Shaughnessy, bring to their book talent, years of experience working with CiviCRM and a dedication to explain and clarify virtually every aspect of CiviCRM. Both are well-regarded as knowledgeable professionals by the CiviCRM team and the community and are active supporters of the project.
Overall, the book is in-depth and covers all relevant subject areas for a person interested in learning about CiviCRM and using it. The layout and formatting are clean and the prose flows smoothly. As noted in the introduction and preface, both the official CiviCRM team had some involvement in this book, as well as other prominent members of the community.
Beginning with broad issues such as what a CRM is and why an NPO needs one, the book even gives fair space to other CRM tools, pointing out differences of each and outlining in what situations CiviCRM might be the best choice. This broad introduction includes such issues as third-party feedback regarding CiviCRM, total cost of ownership, documentation, community, and the unique hosting requirements of CiviCRM. The introductory section end with a review of the various stages in the life of any software package usage scenario. First is the planning stage, including hardware, software and personnel etc, and then the initial installation and basic configuration.
Next the book goes through each major functional section of CiviCRM, such as working with Contacts, importing data, mass email, fundraising, memberships, event management, case management, grant management and reporting.
These chapters are of course the main part of the book, and will most probably be the most used. The authors go to lengths to present each various feature of CiviCRM in depth, discussing only best practices (i.e. without shortcuts that can later cause problems), and with real-life examples. The book uses an approach of maintaining two unique case studies throughout the entire work, showing how these two organizations felt a need for various features and then how they actually implemented them.
The last chapter closes the book with a discussion of customization, the CiviCRM community, and looking towards the future, in particular with regard to future versions of CiviCRM.
The book appears to somewhat be geared towards a dual audience. The bulk of the book is perfect for a typical (if there is one) NPO staff member who is not an IT professional, yet needs to use a CRM. Such a person is taken step by step through all the various tasks he needs to perform, complete with examples and screenshots of the various pages involved. Many sections, however, are quite technical and seem only relevant to someone already somewhat knowledgeable in IT, including Linux, PHP, MySQL etc. These sections, such as installation and configuration, including setting up cron jobs, appear geared towards an IT support department or individual.
Even in the non-technical sections, technical points (such as how to use Drupal hooks or how to find certain data directly in the database) are occasionally thrown in. This may be a drawback of this book, as some readers may be confused or even scared by technical jargon and concepts with which they are not familiar.
Hopefully, most readers will not be bothered by such--there is no doubt that a beginner or even mid-level user of CiviCRM will gain a wealth of knowledge from this book. With 464 pages, it can well be used as a textbook, to read cover to cover and learn all about CiviCRM, and then be kept as a reference tool when dealing with the details of any particular area.
I would recommend this book to anyone interested in learning about CiviCRM, or anyone wanting to learn how to better utilize the tools it provides.
Hershel Robinson is a long-term member of the CiviCRM community, runs a specialty hosting business for CiviCRM hosting called CiviHosting, and is also a freelance web developer specializing in Drupal and CiviCRM development.
You can purchase Using CiviCRM from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Book Review: Using CiviCRM
Hershel Robinson writes "A new book released by Packt Publishing called Using CiviCRM defines CiviCRM as 'a web-based, open source Constituent Relationship Management (CRM) system, designed specifically to meet the needs of advocacy, non-profit and non-governmental organizations.' What is not mentioned in this definition is that CiviCRM is a large and complex package with a wealth of features--the rest of this book deals with discovering and explaining how to use them." Read below for the rest of Hershel's review. Using CiviCRM author Joseph Murray and Brian Shaughnessy pages 464 publisher Packt Publishing rating 9/10 reviewer Hershel Robinson ISBN 1849512264 summary All about CiviCRM and how to use it Initiated by a small team around the year 2005, CiviCRM runs as a module for either Drupal or Joomla!. Knowledge of one of these CMS's is not strictly necessary to use CiviCRM, although if one wants to integrate "client-facing" aspects of CiviCRM into his public websites, that would involve the CMS.
As noted, CiviCRM itself, however, is a complicated and feature-rich package. In my opinion, the basic features are not difficult to use and in my experience, a somewhat tech-savvy laymen can make use of them without trouble. For users with less experience and knowledge with computers, however, even basic tasks may require training, and for most any lay-user, understanding the more advanced features will involve training and/or self-study.
While there is an online book, and an excellent wiki called CiviCRM Documentation available already, >Using CiviCRM makes learning CiviCRM easier. The two advantages I can see are that first, it is more in-depth in many areas than the other two resources, and secondly, many people will undoubtedly appreciate the ease of use of a traditional, printed book that they can open on their desk as they work online.
The authors, Joseph Murray and Brian Shaughnessy, bring to their book talent, years of experience working with CiviCRM and a dedication to explain and clarify virtually every aspect of CiviCRM. Both are well-regarded as knowledgeable professionals by the CiviCRM team and the community and are active supporters of the project.
Overall, the book is in-depth and covers all relevant subject areas for a person interested in learning about CiviCRM and using it. The layout and formatting are clean and the prose flows smoothly. As noted in the introduction and preface, both the official CiviCRM team had some involvement in this book, as well as other prominent members of the community.
Beginning with broad issues such as what a CRM is and why an NPO needs one, the book even gives fair space to other CRM tools, pointing out differences of each and outlining in what situations CiviCRM might be the best choice. This broad introduction includes such issues as third-party feedback regarding CiviCRM, total cost of ownership, documentation, community, and the unique hosting requirements of CiviCRM. The introductory section end with a review of the various stages in the life of any software package usage scenario. First is the planning stage, including hardware, software and personnel etc, and then the initial installation and basic configuration.
Next the book goes through each major functional section of CiviCRM, such as working with Contacts, importing data, mass email, fundraising, memberships, event management, case management, grant management and reporting.
These chapters are of course the main part of the book, and will most probably be the most used. The authors go to lengths to present each various feature of CiviCRM in depth, discussing only best practices (i.e. without shortcuts that can later cause problems), and with real-life examples. The book uses an approach of maintaining two unique case studies throughout the entire work, showing how these two organizations felt a need for various features and then how they actually implemented them.
The last chapter closes the book with a discussion of customization, the CiviCRM community, and looking towards the future, in particular with regard to future versions of CiviCRM.
The book appears to somewhat be geared towards a dual audience. The bulk of the book is perfect for a typical (if there is one) NPO staff member who is not an IT professional, yet needs to use a CRM. Such a person is taken step by step through all the various tasks he needs to perform, complete with examples and screenshots of the various pages involved. Many sections, however, are quite technical and seem only relevant to someone already somewhat knowledgeable in IT, including Linux, PHP, MySQL etc. These sections, such as installation and configuration, including setting up cron jobs, appear geared towards an IT support department or individual.
Even in the non-technical sections, technical points (such as how to use Drupal hooks or how to find certain data directly in the database) are occasionally thrown in. This may be a drawback of this book, as some readers may be confused or even scared by technical jargon and concepts with which they are not familiar.
Hopefully, most readers will not be bothered by such--there is no doubt that a beginner or even mid-level user of CiviCRM will gain a wealth of knowledge from this book. With 464 pages, it can well be used as a textbook, to read cover to cover and learn all about CiviCRM, and then be kept as a reference tool when dealing with the details of any particular area.
I would recommend this book to anyone interested in learning about CiviCRM, or anyone wanting to learn how to better utilize the tools it provides.
Hershel Robinson is a long-term member of the CiviCRM community, runs a specialty hosting business for CiviCRM hosting called CiviHosting, and is also a freelance web developer specializing in Drupal and CiviCRM development.
You can purchase Using CiviCRM from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
LimeWire Settles For $105 Million
eldavojohn writes "LimeWire has settled its suit with the RIAA for $105 million. It's several orders of magnitude lower than the $1.5 trillion initially demanded by the RIAA, but it ends a nearly five-year legal battle. P2P networks take heed; the monster may start looking for other targets." -
LimeWire Settles For $105 Million
eldavojohn writes "LimeWire has settled its suit with the RIAA for $105 million. It's several orders of magnitude lower than the $1.5 trillion initially demanded by the RIAA, but it ends a nearly five-year legal battle. P2P networks take heed; the monster may start looking for other targets." -
Yahoo Beats Patent Troll That Beat Google
jfruhlinger writes "You may recall the saga of patent troll Bedrock, which claims that it has patents over Linux and successfully sued Google over Google's Linux use. Well, the verdict from Bedrock's suit against Yahoo on similar grounds has come in — and Yahoo is victorious, not least because Yahoo went second and got to see how the arguments in the Google case went." -
Scientists Develop iPhone Tickling Transmission
itwbennett writes "Last week, a video circulated of how Japanese scientists were working on a machine that lets you kiss over the Internet. Now, the same team is working on a project that would let two iPhone users tickle each other's palms (or, presumably, other body parts) across the Internet." -
PROTECT IP Act Follows In COICA's Footsteps
Last fall, Senator Patrick Leahy (D-VT) introduced the Combating Online Infringement and Counterfeits Act (COICA), which was dubbed the "internet blacklist" by opponents worried about its broad provisions for allowing the removal of websites based on vague criteria. COICA stalled in Congress, but now Leahy has proposed a new, similar piece of legislation called the PROTECT IP Act (PDF). "Like COICA, Protect IP expands the web of enforcement techniques by requiring advertising networks and financial transaction providers to cut ties to domains found to violate the law. But the new version now adds search engines and others to the list of providers who can be conscripted into complying with court orders. Protect IP would require 'information location tools' to 'take technically feasible and reasonable measures, as expeditiously as possible,' to remove or disable access to the site associated with a condemned domain, including blocking hypertext links to the site. ... Perhaps most worrisome of all, Protect IP adds a provision that allows copyright and trademark holders to sue the owner/operator of a domain directly. Again, the provision applies only to nondomestically-registered domains, but it allows the private party, like the government, to sue the domain name itself if the registrant does not have a US address. That's important because in all cases, once a suit is initiated, the plaintiff can ask the court to issue an injunction or restraining order effectively shutting the site down." -
PROTECT IP Act Follows In COICA's Footsteps
Last fall, Senator Patrick Leahy (D-VT) introduced the Combating Online Infringement and Counterfeits Act (COICA), which was dubbed the "internet blacklist" by opponents worried about its broad provisions for allowing the removal of websites based on vague criteria. COICA stalled in Congress, but now Leahy has proposed a new, similar piece of legislation called the PROTECT IP Act (PDF). "Like COICA, Protect IP expands the web of enforcement techniques by requiring advertising networks and financial transaction providers to cut ties to domains found to violate the law. But the new version now adds search engines and others to the list of providers who can be conscripted into complying with court orders. Protect IP would require 'information location tools' to 'take technically feasible and reasonable measures, as expeditiously as possible,' to remove or disable access to the site associated with a condemned domain, including blocking hypertext links to the site. ... Perhaps most worrisome of all, Protect IP adds a provision that allows copyright and trademark holders to sue the owner/operator of a domain directly. Again, the provision applies only to nondomestically-registered domains, but it allows the private party, like the government, to sue the domain name itself if the registrant does not have a US address. That's important because in all cases, once a suit is initiated, the plaintiff can ask the court to issue an injunction or restraining order effectively shutting the site down." -
Square Enix Facing Big Losses For 2010
eldavojohn writes "It's no secret that Final Fantasy XIV took a lot of heat early on, which required extensive damage control. And the Japanese tsunami (which appears to have added $7.5 million to their losses) certainly didn't help. But if what early investor reports are saying is true, then Square Enix is expected to report $148 million in losses for the closing fiscal year. Expect title cancellations (which might add to the hurt) and a very painful realization for the owner of Final Fantasy and Dragon Warrior (PDF). Perhaps a move to re-releasing classics will prove more fruitful than high development cost MMORPGs?" -
Square Enix Facing Big Losses For 2010
eldavojohn writes "It's no secret that Final Fantasy XIV took a lot of heat early on, which required extensive damage control. And the Japanese tsunami (which appears to have added $7.5 million to their losses) certainly didn't help. But if what early investor reports are saying is true, then Square Enix is expected to report $148 million in losses for the closing fiscal year. Expect title cancellations (which might add to the hurt) and a very painful realization for the owner of Final Fantasy and Dragon Warrior (PDF). Perhaps a move to re-releasing classics will prove more fruitful than high development cost MMORPGs?" -
Comcast Helps Fix Pirate Bay Connection Problems
MagusSlurpy writes "Far from blocking The Pirate Bay, Comcast was just one of several ISPs on which TPB was unreachable today. Comcast reached out to the torrent site, and its engineers provided technical support, eventually determining that the connectivity issues stemmed from a reverse path filtering issue at an intermediate ISP, Serious Tubes Networks." -
Google Engineers Deny Hack Exploited Chrome
CWmike writes "Several Google security engineers have countered claims that a French security company, Vupen, found a vulnerability in Chrome that could let attackers hijack Windows PCs running the company's browser. Instead, those engineers said the bug Vupen exploited to hack Chrome was in Adobe's Flash, which Google has bundled with the browser for over a year. Google's official position, however, has not changed since Vupen said it had sidestepped not only the browser's built-in 'sandbox' but also by evading Windows 7's integrated anti-exploit technologies. But others who work for Google were certain that at least one of the flaws Vupen exploited was in Flash's code, not Chrome's. 'As usual, security journalists don't bother to fact check,' said Tavis Ormandy, a Google security engineer, in a tweet earlier Wednesday. 'Vupen misunderstood how sandboxing worked in Chrome, and only had a Flash bug.' Chris Evans, a Google security engineer and Chrome team lead, tweeted, 'It's a legit pwn, but if it requires Flash, it's not a Chrome pwn.'" -
Google's Honeycomb Source Code Release Is On Ice
itwbennett writes "'Ice Cream Sandwich', that is. Apparently it's source code delay week, as Google joins Apple in delaying the release of source code for open source licensed software. Except, unlike Apple, which promptly released the LGPL WebKit code in question Monday afternoon, Google stated yesterday that it will not release the source code for Android 3.0 (Honeycomb) until after the release of the next version of Android (Ice Cream Sandwich). This is not necessarily news, since Google said last month that source code would be held for an indeterminate time and released when it was ready. It's just that now 'indeterminate' has an actual date: post-launch of Ice Cream Sandwich. The question, says blogger Brian Proffitt, is: 'How the heck can they do this, given that Honeycomb is licensed under the Apache Software License v2?'" -
Google's Honeycomb Source Code Release Is On Ice
itwbennett writes "'Ice Cream Sandwich', that is. Apparently it's source code delay week, as Google joins Apple in delaying the release of source code for open source licensed software. Except, unlike Apple, which promptly released the LGPL WebKit code in question Monday afternoon, Google stated yesterday that it will not release the source code for Android 3.0 (Honeycomb) until after the release of the next version of Android (Ice Cream Sandwich). This is not necessarily news, since Google said last month that source code would be held for an indeterminate time and released when it was ready. It's just that now 'indeterminate' has an actual date: post-launch of Ice Cream Sandwich. The question, says blogger Brian Proffitt, is: 'How the heck can they do this, given that Honeycomb is licensed under the Apache Software License v2?'" -
Book Review: BackTrack 4: Assuring Security by Penetration Testing
RickJWagner writes "Watch out, System Admins. The floodgates to BlackHat Hackerdom are now open. Packt Publishing has just released BackTrack 4: Assuring Security by Penetration Testing, a how-to book based on the freely available BackTrack 4 Linux distribution. The intent of the book is to educate security consultants on the use of this devastatingly complete Hacker's toolkit, and to provide sage words of advice on how to conduct yourself as a penetration testing consultant. On both counts, the authors do well." Keep reading for the rest of Rick's review. BackTrack 4: Assuring Security by Penetration Testing author Shakeel Ali, Tedi Heriyanto pages 392 publisher Packt rating 9/10 reviewer Rick J Wagner ISBN 1849513945 summary Covers the core of BackTrack with real-world examples and step-by-step instructions I have to admit, at first blush I wasn't impressed by the book. I usually start looking a tech book over by thumbing through it, quickly glancing over snippets every chapter or so to get a feel for how the book is written. My initial impression was that the book contained many 2-page introductions to what appeared to be system tools, showing how to invoke them and the type of text output they would produce. Who needs that, I thought? I settled down to read the text front to back, then realized the full horror of what I was reading. More on that later.
The book starts out telling you how to find BackTrack 4, how to install it or run it as a live DVD, and how to get the parts working. Suffice it to say this is all easy for anyone who's installed a Linux distribution before.
Next up, the authors cover some solid basics for the would-be security professional. There are other tips throughout the book, too-- what kinds of written agreements you should have, what types of reports you should produce, and generally how you should conduct yourself. Well done, and I'm sure anyone reading this book will have the thought that maybe they'll go into business doing this someday. At least that's what I hope everyone is thinking, because after that the gloves are off and you are shown the dark side of this magnificent machinery.
The authors outline a disciplined framework for penetration testing. By myself, I never would have considered such a thing, but these guys clearly have given this a lot of time and effort. The following chapters are broken out into each phase, and within those chapters the various tools of the trade are grouped. (So you'd find the tools that can provide you with a reverse shell in the 'Target Exploitation' chapter, for example.)
The first phase is Information Gathering, and here the reader is introduced to several tools that can glean information like domain names, IP addresses, host names, and other data that can identify potential targets. The 2-page tool introductions I mentioned earlier contain all the tools that do this kind of work. There's enough introductory material to let you figure out which ones you want to try (it seems each chapter covers at least a dozen tools), and how to get started.
Target Discovery is the next phase, it's all about finding hosts and identifying operating systems. Again, no malicious stuff goes on yet, just methodically gathering information. Par for the course, there are a variety of tools presented to help the user.
Target Enumeration is next. The user is exposed to applications that can help find which ports are open, which services (i.e. MySQL) are running, and even what kinds of VPN are present. By the way, throughout the book the authors throw in brief but relevant snippets concerning the topic at hand. As an example, in this chapter you'll find an example of the TCP protocol (SYN, SYN-ACK, etc.) that will tell you when a port's available and when it's not. There's more of this kind of information throughout the book, too. Some of it I knew (not much, really) and some I didn't, so I felt the book advanced my basic knowledge of IT systems in some ways.
Now that the user has all this useful information, they can proceed on to Vulnerability Mapping. Here the tools are used to help calculate which vulnerabilities might exist in the targeted systems.
The following chapters are where the really bad toys come out. They deal with Target Exploitation, Privilege Escalation, and Maintaining Access. True to their titles, they tell all about how the user can attack the targeted systems, set up shop, and leave a backdoor for returning later.
Of course, no good book on penetration technique would be complete without a chapter on Social Engineering, and so we have one here as well. Hardcore hackers might look down their nose at such a thing, but I imagine this is really one of the more effective avenues of attack.
So, who is this book good for? First, for security professionals. They'll want to get a copy just so they can be sure they understand what they're up against, and how to check their own systems using the same tools the bad guys have. Second, programmers with an active sense of curiosity. I fall into this category. Lastly, the bad guys will probably buy a copy (or pirate one), unfortunately. I hope they're too lazy to read it well and end up getting busted and thrown in the clink. Maybe they can talk ethics in programming with Hans Reiser while they're awaiting parole.
If your livelihood depends on keeping a secure environment, you probably ought to get a copy of this book for your in-house penetration tester. It's an eye-opener.
You can purchase BackTrack 4: Assuring Security by Penetration Testing from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Book Review: BackTrack 4: Assuring Security by Penetration Testing
RickJWagner writes "Watch out, System Admins. The floodgates to BlackHat Hackerdom are now open. Packt Publishing has just released BackTrack 4: Assuring Security by Penetration Testing, a how-to book based on the freely available BackTrack 4 Linux distribution. The intent of the book is to educate security consultants on the use of this devastatingly complete Hacker's toolkit, and to provide sage words of advice on how to conduct yourself as a penetration testing consultant. On both counts, the authors do well." Keep reading for the rest of Rick's review. BackTrack 4: Assuring Security by Penetration Testing author Shakeel Ali, Tedi Heriyanto pages 392 publisher Packt rating 9/10 reviewer Rick J Wagner ISBN 1849513945 summary Covers the core of BackTrack with real-world examples and step-by-step instructions I have to admit, at first blush I wasn't impressed by the book. I usually start looking a tech book over by thumbing through it, quickly glancing over snippets every chapter or so to get a feel for how the book is written. My initial impression was that the book contained many 2-page introductions to what appeared to be system tools, showing how to invoke them and the type of text output they would produce. Who needs that, I thought? I settled down to read the text front to back, then realized the full horror of what I was reading. More on that later.
The book starts out telling you how to find BackTrack 4, how to install it or run it as a live DVD, and how to get the parts working. Suffice it to say this is all easy for anyone who's installed a Linux distribution before.
Next up, the authors cover some solid basics for the would-be security professional. There are other tips throughout the book, too-- what kinds of written agreements you should have, what types of reports you should produce, and generally how you should conduct yourself. Well done, and I'm sure anyone reading this book will have the thought that maybe they'll go into business doing this someday. At least that's what I hope everyone is thinking, because after that the gloves are off and you are shown the dark side of this magnificent machinery.
The authors outline a disciplined framework for penetration testing. By myself, I never would have considered such a thing, but these guys clearly have given this a lot of time and effort. The following chapters are broken out into each phase, and within those chapters the various tools of the trade are grouped. (So you'd find the tools that can provide you with a reverse shell in the 'Target Exploitation' chapter, for example.)
The first phase is Information Gathering, and here the reader is introduced to several tools that can glean information like domain names, IP addresses, host names, and other data that can identify potential targets. The 2-page tool introductions I mentioned earlier contain all the tools that do this kind of work. There's enough introductory material to let you figure out which ones you want to try (it seems each chapter covers at least a dozen tools), and how to get started.
Target Discovery is the next phase, it's all about finding hosts and identifying operating systems. Again, no malicious stuff goes on yet, just methodically gathering information. Par for the course, there are a variety of tools presented to help the user.
Target Enumeration is next. The user is exposed to applications that can help find which ports are open, which services (i.e. MySQL) are running, and even what kinds of VPN are present. By the way, throughout the book the authors throw in brief but relevant snippets concerning the topic at hand. As an example, in this chapter you'll find an example of the TCP protocol (SYN, SYN-ACK, etc.) that will tell you when a port's available and when it's not. There's more of this kind of information throughout the book, too. Some of it I knew (not much, really) and some I didn't, so I felt the book advanced my basic knowledge of IT systems in some ways.
Now that the user has all this useful information, they can proceed on to Vulnerability Mapping. Here the tools are used to help calculate which vulnerabilities might exist in the targeted systems.
The following chapters are where the really bad toys come out. They deal with Target Exploitation, Privilege Escalation, and Maintaining Access. True to their titles, they tell all about how the user can attack the targeted systems, set up shop, and leave a backdoor for returning later.
Of course, no good book on penetration technique would be complete without a chapter on Social Engineering, and so we have one here as well. Hardcore hackers might look down their nose at such a thing, but I imagine this is really one of the more effective avenues of attack.
So, who is this book good for? First, for security professionals. They'll want to get a copy just so they can be sure they understand what they're up against, and how to check their own systems using the same tools the bad guys have. Second, programmers with an active sense of curiosity. I fall into this category. Lastly, the bad guys will probably buy a copy (or pirate one), unfortunately. I hope they're too lazy to read it well and end up getting busted and thrown in the clink. Maybe they can talk ethics in programming with Hans Reiser while they're awaiting parole.
If your livelihood depends on keeping a secure environment, you probably ought to get a copy of this book for your in-house penetration tester. It's an eye-opener.
You can purchase BackTrack 4: Assuring Security by Penetration Testing from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Google To Offer Chrome OS Notebooks For $20/month
An anonymous reader writes "Hot on the heels of the $25 ARM computer, Google is to offer a $20 per month package for students, which includes a Chrome OS laptop (like the Cr-48) and an online component, which will likely include a storage bump for a user's Google Docs, Gmail, Picasa Web, and Google Music files. This would serve two purposes for Google: first, Google will be able to expand its existing user base for Chrome OS. For half the price of a typical cell phone contract, students will be able to pick up a netbook with 3G connectivity. Second, Google will be able to test the package offering publicly prior to eventually adding an enterprise version for Google Apps users." -
Do Geeks Make Better Adults?
mcgrew writes "What makes people unpopular in the hallways of high school, mainly an unwillingness to conform, tends to translate into success as an adult. Robbins lists several companies—including Yahoo!—that prioritize hiring quirky individuals who shun conventional thinking. She also name-checks historical and current celebrities, including director Steven Spielberg (who was taunted for being Jewish in high school) and Lady Gaga (a self-described former theater 'freak'), whose weirdness led to later fame. (Other now-validated former outsiders she touts: Steve Jobs, Taylor Swift, Bruce Springsteen and Angelina Jolie.)" -
Microsoft Buying Skype for $8.5B
Approximately one trillion readers wrote in to tell us that there is a big rumor that Microsoft is buying Skype. This follows an earlier rumor that the suitor was Facebook. Unsurprisingly many people are already wondering what it would mean for Linux users of the popular VoIP platform. Many major publications are running versions of the story. -
23,000 File Sharers Targeted In Latest Lawsuit
wiedzmin writes "Subpoenas are expected to go out to ISPs this week in what could be the biggest BitTorrent downloading case in US history. At least 23,000 file sharers are being targeted by the US Copyright Group for downloading The Expendables. The Copyright Group appears to have adopted Righthaven's strategy in blanket-suing large numbers of defendants and offering an option to quickly settle online for a moderate payment. The IP addresses of defendants have allegedly been collected by paid snoops capturing lists of all peers who were downloading or seeding Sylvester Stallone's flick last year. I am curious to see how this will tie into the BitTorrent case ruling made earlier this month indicating that an IP address does not uniquely identify the person behind it." -
Book Review: Alfresco 3 Records Management
ecmguru writes "My first impression of the book was that the author did an excellent job in presenting records management (RM) concepts, describing how Alfresco implemented the RM features in Share, and how you could customize this features if necessary. I was somewhat excited about reading this book because I am currently working on an RM project." Read on for the rest of ecmguru's review. Alfresco 3 Records Management author Dick Weisinger pages 488 publisher Packt rating 8/10 reviewer ecmguru ISBN 1849514364 summary Provides a good mix of records management concepts and technical details for developers The author begins by introducing RM in layman's terms, then details how to install an RM module and describes the RM features built for 5015.2 DoD certification for Alfresco. One big thing to note – Alfresco RM module is FREE. This may not be a surprise to typical Alfresco users or developers, but having access to RM functionality without having to pay a fortune is very appealing. He then talks about the Alfresco Content Model. RM content model is generic; there is DoD content model that follows 5015.2 DoD spec. There is a good diagram on model-view-controller application process flow and affected RM files.
If you are not familiar with what a File Plan is, the author defines what a 5015.2 File Plan is: three-level folder structure that contains Series, Categories, and Folders. Each object type in the File Plan has to follow specific RM rules. Series can only contain Categories; it cannot contain Folders and Records. Categories can only contain Folders and has support for disposition schedule. Retention rules are inherited by all Folders underneath a Category. Folder may contain records and non-declared records.
The author mentions benefits of developing a formal file plan. It helps with consistency when filing & retrieving records, enables compliance, provides an audit trail, and supports predictable disposition of records. There are several means of creating a file plan: 1) follow company organizational chart, 2) develop a file plan that maps to functionality or activity of the organization, or 3) a hybrid of both. #1 is simpler to identify, but generally not recommended since records for a group or department may have different retention & disposition values. #2 allows modeling based on process, activities and transactions, and enables clustering of similar types of records. #3 is typically the best approach. Use organization structure to define series, use processes to define categories, and finally use entity or time periods to define folders.
He next talks about Disposition Schedules and how they work in an RM module. The author does a good job in describing the details without making it too dry. Disposition normally includes retention, transfer, and destruction phases. The lifecycle of a record before it gets disposed can be described in the following fashion:
- When a document is moved into a File Plan, it's still an undeclared record.
- When all mandatory fields are completed, only then can it be declared as a record.
- Declared records located in a File Plan are automatically associated with a disposition schedule, which is inherited indirectly from Category
- Once a record is declared, the content cannot be changed; only metadata can be changed.
- All changes in metadata values are audited.
There are some complexities about disposition that the author tries to explain, but if you are not a records person, the topics seem esoteric. For example, there are 5 types of disposition steps and three main disposition rules:
- 1st step must be Cutoff or Retain
- No two steps can be of the same type
- No steps can come after Destroy
Here is another rule about disposition — if disposition occurs at folder and folder contains no records or undeclared records, folder will not be Cutoff. There can only be Cutoff if and only if there is at least one record. Most of these statements seem logical, but they do not really help me understand more about disposition.
The best chapter in the book has to be Chapter 9. If you only have time to read one chapter, this is one that you need to read. The author reviews various RM concepts and then describes various scenarios and what-if situations that a record can be in. Other topics include: freeze/hold, unique record ID that Alfresco creates for each record, and the two cron jobs that the RM module uses to support RM functionality.
The author concludes with how Alfresco RM supports searching, auditing, security, and configuration settings. The author provided a list of all RM features as it maps to RM groups/roles that are pre-configured in RM module. You can disable/enable features per role using the role editing UI. This feature is not in Alfresco Share.
In summary, I really liked this book. It provides a good mix of records management concepts and technical details for developers. My only suggestion for the author is that it would have been nice if he provided a fictitious use case that could be referenced throughout the book. Other Alfresco books that I have reviewed include such samples and I feel that it can be very helpful to readers who are trying to pick up a new concept.
You can purchase Alfresco 3 Records Management from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Book Review: Alfresco 3 Records Management
ecmguru writes "My first impression of the book was that the author did an excellent job in presenting records management (RM) concepts, describing how Alfresco implemented the RM features in Share, and how you could customize this features if necessary. I was somewhat excited about reading this book because I am currently working on an RM project." Read on for the rest of ecmguru's review. Alfresco 3 Records Management author Dick Weisinger pages 488 publisher Packt rating 8/10 reviewer ecmguru ISBN 1849514364 summary Provides a good mix of records management concepts and technical details for developers The author begins by introducing RM in layman's terms, then details how to install an RM module and describes the RM features built for 5015.2 DoD certification for Alfresco. One big thing to note – Alfresco RM module is FREE. This may not be a surprise to typical Alfresco users or developers, but having access to RM functionality without having to pay a fortune is very appealing. He then talks about the Alfresco Content Model. RM content model is generic; there is DoD content model that follows 5015.2 DoD spec. There is a good diagram on model-view-controller application process flow and affected RM files.
If you are not familiar with what a File Plan is, the author defines what a 5015.2 File Plan is: three-level folder structure that contains Series, Categories, and Folders. Each object type in the File Plan has to follow specific RM rules. Series can only contain Categories; it cannot contain Folders and Records. Categories can only contain Folders and has support for disposition schedule. Retention rules are inherited by all Folders underneath a Category. Folder may contain records and non-declared records.
The author mentions benefits of developing a formal file plan. It helps with consistency when filing & retrieving records, enables compliance, provides an audit trail, and supports predictable disposition of records. There are several means of creating a file plan: 1) follow company organizational chart, 2) develop a file plan that maps to functionality or activity of the organization, or 3) a hybrid of both. #1 is simpler to identify, but generally not recommended since records for a group or department may have different retention & disposition values. #2 allows modeling based on process, activities and transactions, and enables clustering of similar types of records. #3 is typically the best approach. Use organization structure to define series, use processes to define categories, and finally use entity or time periods to define folders.
He next talks about Disposition Schedules and how they work in an RM module. The author does a good job in describing the details without making it too dry. Disposition normally includes retention, transfer, and destruction phases. The lifecycle of a record before it gets disposed can be described in the following fashion:
- When a document is moved into a File Plan, it's still an undeclared record.
- When all mandatory fields are completed, only then can it be declared as a record.
- Declared records located in a File Plan are automatically associated with a disposition schedule, which is inherited indirectly from Category
- Once a record is declared, the content cannot be changed; only metadata can be changed.
- All changes in metadata values are audited.
There are some complexities about disposition that the author tries to explain, but if you are not a records person, the topics seem esoteric. For example, there are 5 types of disposition steps and three main disposition rules:
- 1st step must be Cutoff or Retain
- No two steps can be of the same type
- No steps can come after Destroy
Here is another rule about disposition — if disposition occurs at folder and folder contains no records or undeclared records, folder will not be Cutoff. There can only be Cutoff if and only if there is at least one record. Most of these statements seem logical, but they do not really help me understand more about disposition.
The best chapter in the book has to be Chapter 9. If you only have time to read one chapter, this is one that you need to read. The author reviews various RM concepts and then describes various scenarios and what-if situations that a record can be in. Other topics include: freeze/hold, unique record ID that Alfresco creates for each record, and the two cron jobs that the RM module uses to support RM functionality.
The author concludes with how Alfresco RM supports searching, auditing, security, and configuration settings. The author provided a list of all RM features as it maps to RM groups/roles that are pre-configured in RM module. You can disable/enable features per role using the role editing UI. This feature is not in Alfresco Share.
In summary, I really liked this book. It provides a good mix of records management concepts and technical details for developers. My only suggestion for the author is that it would have been nice if he provided a fictitious use case that could be referenced throughout the book. Other Alfresco books that I have reviewed include such samples and I feel that it can be very helpful to readers who are trying to pick up a new concept.
You can purchase Alfresco 3 Records Management from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
2 RMS Books Hit Version 2.0
jrepin writes "The Free Software Foundation (FSF) has just released in tandem the second edition of its president and founder Richard Stallman's selected essays, Free Software, Free Society, and his semi-autobiography, Free as in Freedom: Richard Stallman and the Free Software Revolution." -
Sony Encourages Linux On Their Phones
neokushan writes "Sony has been in the news a lot lately — from the PSN downtime and the identity theft issue that came with it, to the numerous court cases launched to try and quell the PS3 hacking scene. It may come as a surprise to many, then, that Sony's mobile smartphone division has taken an almost polar-opposite approach — they're actively encouraging developers to create, modify and install customized Linux kernels into their latest lineup of phones, including the Xperia Play, the device that was once known as the 'PlayStation Phone.'" -
Sony Encourages Linux On Their Phones
neokushan writes "Sony has been in the news a lot lately — from the PSN downtime and the identity theft issue that came with it, to the numerous court cases launched to try and quell the PS3 hacking scene. It may come as a surprise to many, then, that Sony's mobile smartphone division has taken an almost polar-opposite approach — they're actively encouraging developers to create, modify and install customized Linux kernels into their latest lineup of phones, including the Xperia Play, the device that was once known as the 'PlayStation Phone.'" -
KDE 4.6.3 Released
jrepin writes "KDE has released a series of updates to the Plasma Desktop and Netbook workspaces, the KDE Applications and the KDE Frameworks. This update is the second in a series of monthly stabilization updates to the 4.6 series. 4.6.3 brings many bugfixes and translation updates." -
CNET Sued Over LimeWire Client Downloads
suraj.sun writes with this quote from Ars Technica: "Alki David, the wealthy film producer and entrepreneur behind sites like FilmOn, has sued CNET and its owner, CBS, for providing hundreds of millions of downloads of LimeWire P2P software over the last decade. He argues that CNET had 'direct participation in massive copyright infringement on peer-to-peer systems, such as LimeWire, that are used to copy and distribute songs, films and other artistic works,' and that CNET's Download.com was the 'main distributor' of the software. P2P software isn't illegal, though companies that use it to induce or encourage copyright infringement can be held liable. The principle, most famously articulated by the US Supreme Court in the Grokster shutdown, was extended to LimeWire last year when a federal judge shut down most of the company's activity." -
A Court's Weak Argument For Blocking IP Subpoenas
Frequent Slashdot contributor Bennett Haselton writes to point out some unfortunate holes in a judge's recent ruling that was largely welcomed 'round these parts: "A federal judge has ruled that a Canadian adult film producer cannot subpoena the identities of ISP users that were alleged to be sharing its copyrighted movies. Regardless of whether one supports the conclusion, the judge's reasoning was pretty weak. But the real hurdle is convincing people that a non-lawyer is entitled to call out a federal judge on their logic in the first place." Read on for the rest of Bennett's thoughts.A federal judge has ruled that a Canadian adult film producer cannot subpoena the identities en masse of over 1,000 "John Doe" defendants whom the producers accused of sharing their films and violating their copyright. Quebec-based VPR Internationale had obtained the IP addresses of 1,017 users that they suspected of sharing their copyrighted films over the Internet, and wanted a federal court to sign off on subpoenaing the subscribers' identities from their ISPs.
Judge Harold Baker's ruling denying VPR's request has been lauded as a victory of judicial common sense against abuses of the legal system. Even though this will probably put me in the minority among self-described civil libertarians, I beg to disagree. First, because I don't think that subpoenaing a defendant's identity from a service provider constitutes an abuse of the legal system in and of itself. But more importantly, whether or not one agrees with the judge's decision, I think it contained plenty of logical errors, including a paragraph near the end which literally averaged about one error per sentence.
But back up for a second. Some of you are already thinking: What is a math major doing making legal criticisms of a ruling of a federal judge? So here's what I mean in each instance where I say that the judge made a "logical error": I mean that if you were to take the point made by the judge, and take the opposite point made by someone who disagreed, and you asked a group of experts (certainly if you asked a group of mathematicians, but probably even if you asked a group of lawyers) to read the two points and vote on which one was right, and you didn't tell them which position was the one taken by the judge — that most of the respondents would vote that the judge's position was incorrect.
Conversely, I'm always interested in hearing why people think I might be mistaken, if they say exactly what I've said that they think is incorrect, and why. In my most recent article, I offered a cash prize split between readers who submitted arguments that I was wrong (or, really, that my idea needed more work), and I enjoyed the responses so much that I ended up paying out more than the originally stated prize total. But if someone tries pulling rank and saying that I should defer to them on a legal question because they are a lawyer, law student, Supreme Court justice etc., here's the question I want them to answer: If we rounded up 10 lawyers to act as expert "voters," and showed each of them my argument and the heckler's counter-argument, and didn't tell the voters which argument was made by the math major and which one was made by the law school graduate, for whose argument would the majority vote? If the heckler won't explicitly make that claim, then there's no reason to take them seriously — because, obviously, if only 5 out of any given 10 lawyers would agree with their point, then why should we listen to the 5 who agree, instead of the other 5 who don't? (This does not apply if someone is making a bona fide argument — then the argument can be analyzed on its own terms. But if it's a good argument, the person shouldn't have to invoke their credentials to make it.)
Back to Judge Baker. His argument in support of his ruling begins on the second page, by rejecting the plaintiff's analogy between ISPs and car rental agencies:
VPR compares the Doe defendants' IP addresses to "records of who rented which car at a busy car rental agency, in that IP addresses are like cars "leased by subscribers. If a plaintiff was injured by a rental car, the plaintiff can discover the information on who leased the car from the agency by specifying the license plate of the offending vehicle and the date and time when the injury occurred. Without access to the agency's records, all the plaintiff has is the identity of the rental agency, but not who was driving the rental car." The comparison is not apt. The rental agency owns the car and is a potential defendant, so the adversarial process would yield the driver's information.
Huh? If you're injured by a rental car, how is the rental agency a "potential defendant"? Well, technically, anybody in the world is a "potential defendant" — you can put anyone's name on a lawsuit until a court shoots you down — but since that would make the phrase meaningless, presumably Judge Baker meant that the rental agency would be a legitimate potential defendant, one whom the accident victim would be justified in suing. So again: Huh? Why is a rental car agency liable for an accident caused by one of its renters? Obviously if the rental car agency was negligent in the maintenance of one of its vehicles and that negligence led to the accident, they might be liable — but not simply if their customer did something reckless over which they had no control (which would be analogous to an ISP subscriber committing a copyright infringement that the ISP didn't know about).
So, to translate that into vote-off terms as discussed above. What I mean is that if you took these two points:
- "The analogy between an ISP and a rental car agency is inappropriate, because a plaintiff could sue the rental car agency in order to subpoena the identity of the renter that hit them, but a copyright owner could not do the same to an ISP." [Judge Baker's argument.]
- "The statement that the analogy is inappropriate, makes no sense. In either situation, the plaintiff wants to sue a customer of a third-party company, when the third-party company itself is probably not liable. So in either case, the plaintiff can sue a 'John Doe' defendant, and subpoena the company for the customer's identity. One could argue that this should be permitted in both cases, or prohibited in both cases, but no reason has been given as to why they should be treated differently." [My argument.]
and asked lawyers or mathematicians to vote on which was more correct, and you didn't tell them which argument was made by a judge and which argument was made by a math major, that the second point would get more votes. (I certainly think that if you fibbed and told your respondents that the first argument was made by a defendant, and the second argument was made by a judge in rejecting the defendant's line of reasoning, that most people would vote, "The judge is right." That would be cheating — playing on people's tendency to believe that a judge's reasoning is usually superior — but I could point out that if respondents are really evaluating the two arguments objectively, then it shouldn't matter!)
I'm not going to convert every such disagreement highlighted here into the point-counterpoint format; I think in each case it should be non-controversial how the conversion would go.
To proceed: in claiming that subpoenaing a rental car agency for the identity of their customer is not analogous to subpoenaing an ISP for the identity of their subscriber, Judge Baker adds: "And such information is not necessarily confidential; accident reports and police records may also identify the driver." True, but what does this have to do with anything? The question is: given a certain probability that a company's customer is guilty, is it appropriate to let a plaintiff subpoena the customer's identity from that company? If some customers in similar situations have had their identities made public by other circumstances, the judge's ruling gives no reason why that should be relevant at all, in a situation where the customer's identity is not public.
Judge Baker then raises the point that the customers to whom the IP addresses were assigned might not be the actual infringers:
Moreover, VPR ignores the fact that IP subscribers are not necessarily copyright infringers. Carolyn Thompson writes in an MSNBC article of a raid by federal agents on a home that was linked to downloaded child pornography. The identity and location of the subscriber were provided by the ISP. The desktop computer, iPhones, and iPads of the homeowner and his wife were seized in the raid. Federal agents returned the equipment after determining that no one at the home had downloaded the illegal material. Agents eventually traced the downloads to a neighbor who had used multiple IP subscribers' Wi-Fi connections.
Well, true — the assignee of the IP address might not be the actual copyright infringer. But, more generally, being named as a defendant in a lawsuit does not mean that you're at fault anyway — that's what the trial is for. For a court to take a plaintiff's case against a given defendant seriously, they just have to believe that there is a reasonable probability of the plaintiff winning. If the VPR has a list of IP addresses of users sharing out their copyrighted material, it may be true that not literally all of those infringers are living in the household that the IP address has been assigned to — but what percentage of them probably are? 90% or more? In any other scenario, wouldn't that have been considered quite a "reasonable" likelihood that the plaintiff had a legitimate case against a defendant, and that the case should go forward so that more facts can be brought to light, with the expectation that those facts would move you to a higher degree of certainty about whether the defendant was in fact at fault?
On the same note, Judge Baker goes on to say:
"The list of IP addresses attached to VPR's complaint suggests, in at least some instances, a similar disconnect between IP subscriber and copyright infringer. The ISPs include a number of universities, such as Carnegie Mellon, Columbia, and the University of Minnesota, as well as corporations and utility companies."
But there is no reason to think that in the case of these entities, there would be any more "disconnect" between the actual infringer and the user on the network that the IP address had been assigned to. In fact, in the case of, say, a corporate network, it's more likely that an IP address would have been assigned by the IT department to a specific, trackable user, and not shared out on an unsecured Wi-Fi network where the IP could have been hi-jacked by a car parked on the street, a scenario that's probably more likely for a home network. I'm moderately confident that if you compared commercial home ISPs to corporations and looked at the percentage of times that the "user of record" for an IP address according to the logs was the same as the actual person using it, that percentage would be higher for a corporation than for an ISP serving home users. In any case, Judge Baker certainly gives no reason to expect that it would be lower.
Now here we get to the home stretch, the last paragraph on page 2, where I'm claiming almost one logical error or non sequitur per sentence:
- "As VPR points out,
ex parte motions for expedited discovery have been granted in similar cases in other districts;
among the thousands of Does in those cases, relatively few motions to quash have been filed."
I'm not even sure what Judge Baker is saying here, but given the context, it seems to be: The innocent John Does' only defense against abuse of the discovery process is to quash the subpoenas (basically, file a motion saying "I'm not guilty, so the plaintiff can't have my identity"), but that's been relatively rare, so we can't rely on that as a defense against abuses of the system. Of course, there could be a simpler explanation as to why it's rare: Perhaps a lot of the John Doe defendants thus named are, in fact, guilty! I certainly don't want to take the position that anyone who doesn't deny their guilt is guilty — but we shouldn't assume that they're innocent, either. Come on — it's not that hard for a copyright holder to join a p2p network or find a Torrent tracker, and get a list of the IP address of a few users who are sharing or downloading their content illegally. Is it that hard to believe that most of the users on that list are probably doing what VPR said they were doing? -
"In
at least one case, counsel has sought leave to amend the complaint to add more Doe defendants.
See Lightspeed Media Corp. v. Does 1 - 100, Case No. 1:10-cv-05604, d/e 16 (N.D. Ill.) (seeking
leave to add Does 101 - 1000 as defendants)."
Uh, OK. Plaintiff started with a list of 100 defendants, and then expanded it to 1,000. What does this have to do with the legitimacy, generally, of suing John Doe defendants and subpoenaing their identities? -
"In Hard Drive Productions, Inc. v. Does 1 - 1000,
counsel sought leave to dismiss more than 100 Doe defendants, stating that some of the Does had
'reached a mutually satisfactory resolution of their differences' with the plaintiff."
Well, yeah, that's what you're supposed to do — try and settle out of court instead of bringing every single case before a judge. How does the fact that some plaintiffs settled make it less legitimate to sue John Doe defendants in the first place? -
"Could expedited discovery be used to wrest quick settlements, even from people who have done
nothing wrong? The embarrassment of public exposure might be too great, the legal system too
daunting and expensive, for some to ask whether VPR has competent evidence to prove its case."
Now these are actually all fair points. The logical error is that they apply to any lawsuit — Judge Baker makes no argument why these problems would be more pronounced in a lawsuit against 1,000 John Does.
In fact, some of these problems would probably be less severe in the case of a lawsuit against 1,000 John Doe defendants than in the case of a lawsuit against a single, named defendant. If you're one of 1,000 people who is accused of illegally downloading an adult movie, then even if the plaintiff learns your identity, it's unlikely that your name is going to appear in any articles about the case — far less likely than if you're the only defendant in the lawsuit. And if, out of over 1,000 defendants, there are at least several dozen who decide to fight the case, they'd be more likely to be able to split the costs of hiring a good lawyer than if only one defendant was named who had to pay all the costs on their own. Both embarrassment and legal fees are less of a burden when you can share them with hundreds of other people.
Now, I'd be happy to live under a legal regime that reached either conclusion — it's not an egregious miscarriage of justice if plaintiffs are able to subpoena the identities of ISP subscribers who show a high probability of being guilty, but it's not an egregious miscarriage of justice if they aren't, either. I think we need more healthy skepticism about the reasoning that judges use to reach those conclusions.
The practice of "judge-bashing" is unfortunately associated in most people's minds with extremists, usually on the right wing, but my reason for being skeptical is simple and non-partisan. Suppose that you were take, say, an economic argument published by a prominent economist, and asked the public to identify what they thought were "mistakes" and submit counter-points to those specific points in the argument. Then, suppose for each such disagreement, you asked an independent panel of economists to vote on who was right without saying which was the point made by the economist and which was the counter-point made by the layperson. (I'm not talking about errors that the author would voluntarily correct once they were pointed out; rather, points where they "dig their heels in" and refuse to back down.) I think it would be quite rare to find a disagreement where the experts were split 50/50 on whether the economist or the layperson was right, and extremely rare to find cases where 80% of the experts voted with the layperson. By contrast, polling my lawyer buddies about this or that part of a judge's reasoning, the 50/50 splits are extremely common, and there were quite a few cases where the vast majority agreed that a judge's reasoning was wrong — but always with the same shrug that there's not much you can do about it.
-
A Court's Weak Argument For Blocking IP Subpoenas
Frequent Slashdot contributor Bennett Haselton writes to point out some unfortunate holes in a judge's recent ruling that was largely welcomed 'round these parts: "A federal judge has ruled that a Canadian adult film producer cannot subpoena the identities of ISP users that were alleged to be sharing its copyrighted movies. Regardless of whether one supports the conclusion, the judge's reasoning was pretty weak. But the real hurdle is convincing people that a non-lawyer is entitled to call out a federal judge on their logic in the first place." Read on for the rest of Bennett's thoughts.A federal judge has ruled that a Canadian adult film producer cannot subpoena the identities en masse of over 1,000 "John Doe" defendants whom the producers accused of sharing their films and violating their copyright. Quebec-based VPR Internationale had obtained the IP addresses of 1,017 users that they suspected of sharing their copyrighted films over the Internet, and wanted a federal court to sign off on subpoenaing the subscribers' identities from their ISPs.
Judge Harold Baker's ruling denying VPR's request has been lauded as a victory of judicial common sense against abuses of the legal system. Even though this will probably put me in the minority among self-described civil libertarians, I beg to disagree. First, because I don't think that subpoenaing a defendant's identity from a service provider constitutes an abuse of the legal system in and of itself. But more importantly, whether or not one agrees with the judge's decision, I think it contained plenty of logical errors, including a paragraph near the end which literally averaged about one error per sentence.
But back up for a second. Some of you are already thinking: What is a math major doing making legal criticisms of a ruling of a federal judge? So here's what I mean in each instance where I say that the judge made a "logical error": I mean that if you were to take the point made by the judge, and take the opposite point made by someone who disagreed, and you asked a group of experts (certainly if you asked a group of mathematicians, but probably even if you asked a group of lawyers) to read the two points and vote on which one was right, and you didn't tell them which position was the one taken by the judge — that most of the respondents would vote that the judge's position was incorrect.
Conversely, I'm always interested in hearing why people think I might be mistaken, if they say exactly what I've said that they think is incorrect, and why. In my most recent article, I offered a cash prize split between readers who submitted arguments that I was wrong (or, really, that my idea needed more work), and I enjoyed the responses so much that I ended up paying out more than the originally stated prize total. But if someone tries pulling rank and saying that I should defer to them on a legal question because they are a lawyer, law student, Supreme Court justice etc., here's the question I want them to answer: If we rounded up 10 lawyers to act as expert "voters," and showed each of them my argument and the heckler's counter-argument, and didn't tell the voters which argument was made by the math major and which one was made by the law school graduate, for whose argument would the majority vote? If the heckler won't explicitly make that claim, then there's no reason to take them seriously — because, obviously, if only 5 out of any given 10 lawyers would agree with their point, then why should we listen to the 5 who agree, instead of the other 5 who don't? (This does not apply if someone is making a bona fide argument — then the argument can be analyzed on its own terms. But if it's a good argument, the person shouldn't have to invoke their credentials to make it.)
Back to Judge Baker. His argument in support of his ruling begins on the second page, by rejecting the plaintiff's analogy between ISPs and car rental agencies:
VPR compares the Doe defendants' IP addresses to "records of who rented which car at a busy car rental agency, in that IP addresses are like cars "leased by subscribers. If a plaintiff was injured by a rental car, the plaintiff can discover the information on who leased the car from the agency by specifying the license plate of the offending vehicle and the date and time when the injury occurred. Without access to the agency's records, all the plaintiff has is the identity of the rental agency, but not who was driving the rental car." The comparison is not apt. The rental agency owns the car and is a potential defendant, so the adversarial process would yield the driver's information.
Huh? If you're injured by a rental car, how is the rental agency a "potential defendant"? Well, technically, anybody in the world is a "potential defendant" — you can put anyone's name on a lawsuit until a court shoots you down — but since that would make the phrase meaningless, presumably Judge Baker meant that the rental agency would be a legitimate potential defendant, one whom the accident victim would be justified in suing. So again: Huh? Why is a rental car agency liable for an accident caused by one of its renters? Obviously if the rental car agency was negligent in the maintenance of one of its vehicles and that negligence led to the accident, they might be liable — but not simply if their customer did something reckless over which they had no control (which would be analogous to an ISP subscriber committing a copyright infringement that the ISP didn't know about).
So, to translate that into vote-off terms as discussed above. What I mean is that if you took these two points:
- "The analogy between an ISP and a rental car agency is inappropriate, because a plaintiff could sue the rental car agency in order to subpoena the identity of the renter that hit them, but a copyright owner could not do the same to an ISP." [Judge Baker's argument.]
- "The statement that the analogy is inappropriate, makes no sense. In either situation, the plaintiff wants to sue a customer of a third-party company, when the third-party company itself is probably not liable. So in either case, the plaintiff can sue a 'John Doe' defendant, and subpoena the company for the customer's identity. One could argue that this should be permitted in both cases, or prohibited in both cases, but no reason has been given as to why they should be treated differently." [My argument.]
and asked lawyers or mathematicians to vote on which was more correct, and you didn't tell them which argument was made by a judge and which argument was made by a math major, that the second point would get more votes. (I certainly think that if you fibbed and told your respondents that the first argument was made by a defendant, and the second argument was made by a judge in rejecting the defendant's line of reasoning, that most people would vote, "The judge is right." That would be cheating — playing on people's tendency to believe that a judge's reasoning is usually superior — but I could point out that if respondents are really evaluating the two arguments objectively, then it shouldn't matter!)
I'm not going to convert every such disagreement highlighted here into the point-counterpoint format; I think in each case it should be non-controversial how the conversion would go.
To proceed: in claiming that subpoenaing a rental car agency for the identity of their customer is not analogous to subpoenaing an ISP for the identity of their subscriber, Judge Baker adds: "And such information is not necessarily confidential; accident reports and police records may also identify the driver." True, but what does this have to do with anything? The question is: given a certain probability that a company's customer is guilty, is it appropriate to let a plaintiff subpoena the customer's identity from that company? If some customers in similar situations have had their identities made public by other circumstances, the judge's ruling gives no reason why that should be relevant at all, in a situation where the customer's identity is not public.
Judge Baker then raises the point that the customers to whom the IP addresses were assigned might not be the actual infringers:
Moreover, VPR ignores the fact that IP subscribers are not necessarily copyright infringers. Carolyn Thompson writes in an MSNBC article of a raid by federal agents on a home that was linked to downloaded child pornography. The identity and location of the subscriber were provided by the ISP. The desktop computer, iPhones, and iPads of the homeowner and his wife were seized in the raid. Federal agents returned the equipment after determining that no one at the home had downloaded the illegal material. Agents eventually traced the downloads to a neighbor who had used multiple IP subscribers' Wi-Fi connections.
Well, true — the assignee of the IP address might not be the actual copyright infringer. But, more generally, being named as a defendant in a lawsuit does not mean that you're at fault anyway — that's what the trial is for. For a court to take a plaintiff's case against a given defendant seriously, they just have to believe that there is a reasonable probability of the plaintiff winning. If the VPR has a list of IP addresses of users sharing out their copyrighted material, it may be true that not literally all of those infringers are living in the household that the IP address has been assigned to — but what percentage of them probably are? 90% or more? In any other scenario, wouldn't that have been considered quite a "reasonable" likelihood that the plaintiff had a legitimate case against a defendant, and that the case should go forward so that more facts can be brought to light, with the expectation that those facts would move you to a higher degree of certainty about whether the defendant was in fact at fault?
On the same note, Judge Baker goes on to say:
"The list of IP addresses attached to VPR's complaint suggests, in at least some instances, a similar disconnect between IP subscriber and copyright infringer. The ISPs include a number of universities, such as Carnegie Mellon, Columbia, and the University of Minnesota, as well as corporations and utility companies."
But there is no reason to think that in the case of these entities, there would be any more "disconnect" between the actual infringer and the user on the network that the IP address had been assigned to. In fact, in the case of, say, a corporate network, it's more likely that an IP address would have been assigned by the IT department to a specific, trackable user, and not shared out on an unsecured Wi-Fi network where the IP could have been hi-jacked by a car parked on the street, a scenario that's probably more likely for a home network. I'm moderately confident that if you compared commercial home ISPs to corporations and looked at the percentage of times that the "user of record" for an IP address according to the logs was the same as the actual person using it, that percentage would be higher for a corporation than for an ISP serving home users. In any case, Judge Baker certainly gives no reason to expect that it would be lower.
Now here we get to the home stretch, the last paragraph on page 2, where I'm claiming almost one logical error or non sequitur per sentence:
- "As VPR points out,
ex parte motions for expedited discovery have been granted in similar cases in other districts;
among the thousands of Does in those cases, relatively few motions to quash have been filed."
I'm not even sure what Judge Baker is saying here, but given the context, it seems to be: The innocent John Does' only defense against abuse of the discovery process is to quash the subpoenas (basically, file a motion saying "I'm not guilty, so the plaintiff can't have my identity"), but that's been relatively rare, so we can't rely on that as a defense against abuses of the system. Of course, there could be a simpler explanation as to why it's rare: Perhaps a lot of the John Doe defendants thus named are, in fact, guilty! I certainly don't want to take the position that anyone who doesn't deny their guilt is guilty — but we shouldn't assume that they're innocent, either. Come on — it's not that hard for a copyright holder to join a p2p network or find a Torrent tracker, and get a list of the IP address of a few users who are sharing or downloading their content illegally. Is it that hard to believe that most of the users on that list are probably doing what VPR said they were doing? -
"In
at least one case, counsel has sought leave to amend the complaint to add more Doe defendants.
See Lightspeed Media Corp. v. Does 1 - 100, Case No. 1:10-cv-05604, d/e 16 (N.D. Ill.) (seeking
leave to add Does 101 - 1000 as defendants)."
Uh, OK. Plaintiff started with a list of 100 defendants, and then expanded it to 1,000. What does this have to do with the legitimacy, generally, of suing John Doe defendants and subpoenaing their identities? -
"In Hard Drive Productions, Inc. v. Does 1 - 1000,
counsel sought leave to dismiss more than 100 Doe defendants, stating that some of the Does had
'reached a mutually satisfactory resolution of their differences' with the plaintiff."
Well, yeah, that's what you're supposed to do — try and settle out of court instead of bringing every single case before a judge. How does the fact that some plaintiffs settled make it less legitimate to sue John Doe defendants in the first place? -
"Could expedited discovery be used to wrest quick settlements, even from people who have done
nothing wrong? The embarrassment of public exposure might be too great, the legal system too
daunting and expensive, for some to ask whether VPR has competent evidence to prove its case."
Now these are actually all fair points. The logical error is that they apply to any lawsuit — Judge Baker makes no argument why these problems would be more pronounced in a lawsuit against 1,000 John Does.
In fact, some of these problems would probably be less severe in the case of a lawsuit against 1,000 John Doe defendants than in the case of a lawsuit against a single, named defendant. If you're one of 1,000 people who is accused of illegally downloading an adult movie, then even if the plaintiff learns your identity, it's unlikely that your name is going to appear in any articles about the case — far less likely than if you're the only defendant in the lawsuit. And if, out of over 1,000 defendants, there are at least several dozen who decide to fight the case, they'd be more likely to be able to split the costs of hiring a good lawyer than if only one defendant was named who had to pay all the costs on their own. Both embarrassment and legal fees are less of a burden when you can share them with hundreds of other people.
Now, I'd be happy to live under a legal regime that reached either conclusion — it's not an egregious miscarriage of justice if plaintiffs are able to subpoena the identities of ISP subscribers who show a high probability of being guilty, but it's not an egregious miscarriage of justice if they aren't, either. I think we need more healthy skepticism about the reasoning that judges use to reach those conclusions.
The practice of "judge-bashing" is unfortunately associated in most people's minds with extremists, usually on the right wing, but my reason for being skeptical is simple and non-partisan. Suppose that you were take, say, an economic argument published by a prominent economist, and asked the public to identify what they thought were "mistakes" and submit counter-points to those specific points in the argument. Then, suppose for each such disagreement, you asked an independent panel of economists to vote on who was right without saying which was the point made by the economist and which was the counter-point made by the layperson. (I'm not talking about errors that the author would voluntarily correct once they were pointed out; rather, points where they "dig their heels in" and refuse to back down.) I think it would be quite rare to find a disagreement where the experts were split 50/50 on whether the economist or the layperson was right, and extremely rare to find cases where 80% of the experts voted with the layperson. By contrast, polling my lawyer buddies about this or that part of a judge's reasoning, the 50/50 splits are extremely common, and there were quite a few cases where the vast majority agreed that a judge's reasoning was wrong — but always with the same shrug that there's not much you can do about it.