That sort of logic is exactly why Yahoo is a prime candidate for buying Hulu. They're suckers for buying video streaming services without a proper understanding of how it will operate in their own hands.
Consider their acquisition of Broadcast.com from Mark Cuban in the late nineties. It was the single deal that made him the billionaire he is today.
In April 1999, Yahoo! acquired the company for $5.7 billion in stock and renamed it Yahoo! Broadcast Solutions. Over the next few years Yahoo! split the services previously offered by Broadcast.com into separate services, Yahoo! Launchcast for music and Yahoo! Platinum for video entertainment. Yahoo! Platinum has since been discontinued, its functionality being offered as part of two pay services, AT&T Yahoo! High Speed Internet and Yahoo! Plus.
As of May 2011, neither broadcast.com nor broadcast.yahoo.com are distinct web addresses; both simply redirect to yahoo.com.
As you can see, the folks at Comcast, News Corp, and Disney have found their mark for dumping Hulu.
Kudos to you for empowering consumers with an app. This is the kind of reason I got a smart phone in the first place. Traditional voice mail was so torturous to me, I stopped listening to mine and changed the greeting to "If you leave a message, I'll never hear it. I'll return your call when I see your number on my caller-ID." When Apple introduced 'visual voicemail,' I bought an iPhone. Your app extends that empowerment to dealing with other people's voicemail / call trees.
No disrespect to you, because I think a few years back, this was a very relevant criticism. People like MafiaBoy were making a single splash, then promptly put behind bars without much delay.
Natural selection has largely removed those type of cyber vandals from the populace. What remains are the smarter hooligans who have learned from the failures of others how to properly cover their tracks.
The weakest link in any group of criminals is the group itself. In this case, I suspect the members have intentionally maintained anonymity between themselves. This will insulate their group from any member that might become compromised by law enforcement and/or promises of rewards.
I'm not convinced Apple plans to release products with this 'feature'. I think it's an investment in a concept with the goal of licensing the patent should a third-party decide to approach this solution to a perceived problem.
There has been a lot of research into this by the motion picture studios in their effort to squelch bootlegging movies in the theater. Most of their best results have been in bouncing IR throughout an auditorium and catching bounces that indicate a video camera lens is pointing at the movie screen. But they'd be much happier with the solution proposed by Apple's patent...
Here's how it could work-- Apple could charge $1 per unit for this license. All the hardware vendors (video camera, phone, DSLR, etc) would refuse to implement it because they don't want to increase their unit production costs. The movie studios, however, could pay the hardware folks $2 per device sold with the technology. The risk of movie piracy isn't so great from cellphone cameras, but more so from traditional handheld DV & DSLR cameras. If 50 million such cameras are sold each year, the studios would pay $100 million (half to the hardware companies, half to Apple). Not a huge cost in the grand scheme of their industry. They could also re-coup some of that investment by selling the blocking transmitters to private entities.
The code works by natural selection. If it executes a buy&sell sequence that amounts to a profit, it is allowed to continue it's rule execution on additional trades. A code monitor manage the rules that are in play. If something is performing poorly (losing money on repetitive trades or stuck holding an asset for an extended amount of time), its assets are dumped back to the market and it's pulled out of the mix.
In high frequency trading, you can also run your code in a simulator mode that will track 'what-if' purchase and sales, but you won't know for certain how the market (i.e. other high-frequency trading entities) will respond until you run your code live.
I could easily write a program to generate every possible 100-word review (for instance), store them in a closet, and claim copyright over every single 100-word review in the world.
I encourage you to attempt your proposed effort at writing such a program. All the computers in the world working 24 x 7 on such a task wouldn't complete it in your lifetime. The Oxford dictionary contains more than 171,476 English words. Do you know how many unique combinations of those words are possible within a 100-unit space? And consider all the alpha-numeric variations, proper nouns, foreign words and foreign nouns.
You're going to want to make some extra space in your closet for storing all those reviews.
I almost never do this with my real name. It can be my pseudonymous yelp, google, etc. account. No doctor would be able to know that some nick is my real name.
See, that's what I was thinking. Then I re-read the description of the agreement. The patient is turning over all copyrights to future reviews to the doctor. If the doctor has one of these documents signed by EVERY patient, then he can petition the review site (Yelp) to remove negative reviews because he would claim to have copyright ownership of those reviews purportedly written by patients with anonymous names.
People posting in this thread about signing away right to free speech, etc. have only skimmed the summary without understanding this is assigning copyright ownership of future reviews to the doctor. There is no surrender of free speech. It's saying the doctor owns the content the patient may produce as a result of the service. It's the same as a journalist working at a newspaper. The newspaper owns the copyright to all articles created by its staff. Sure, it's backassward and a powergrab on the part of whatever doctor is trying to use this to suppress negative ratings.
Should it ever go to court, it would be unlikely to hold up, but I doub't an outfit like Yelp would resist a formal letter with some attached photocopies of some signed legal-sounding agreements. They'd probably yank the criticism from the site and then offer to sell some ads to the doctor in the same conversation.
Don't forget, Yelp isn't selling anything to the users. Yelp's customer is the doctor.
and by massive I mean requiring them to pay millions of dollars.
Oh, you can bet they're already spending millions of dollars. They spent that from the day their service went offline and have continued to spend it each day it's unavailable to users.
The infrastructure costs of a firedrill like this are enormous. Consider that the State of Texas Comptroller's Office has already spent more than $1.8 million just to hire consultants to come in and figure out how their own staff screwed up and left 3.5 million people's SSN's, DOB's, names, and addresses on a publicly-available server for over a year. In the case of the Comptroller's Office, it appears that two of the consultants were campaign contributors, so it's not like the Comptroller's Office is wasting money on strangers.
I agree with you that millions should be spent to compensate the victims, though, if that's what you meant.
When you say Microsoft "put a gun to their head" who is the "their" you're referring to? The head belonging to Microsoft or someone else? Customers, perhaps?
Too bad the folks at Droid didn't realize until too late that they could have captured the same "geek" buzz -- and more of it -- more inexpensively by just shipping a bunch of phones with "limited edition" Bobba Fett cases.
I was 100% with you until you misspelled Boba Fett. Unforgivable.
These attackers might have a more significant zero-day vulnerability at their disposal than the SecureID system. They might have used that to breach RSA. But with this other vulnerability available for their private use, the greatest risk is that it will be discovered by victims and rendered obsolete. Now that SecureID has been compromised in some ambiguous way, it allows the attackers to ply their original vulnerability against RSA customers with SecureID being the assumed entry-point.
Meh, I'm still unconvinced that the "extremely sophisticated attack"
That used to be a good assumption to make until the steps required to manufacture the stuxnet worm were revealed.
The penetrator likely has eyes on a very specific secondary target, and grabbing this information was a preliminary step.. Imagine the resources that could have been applied. I'm betting physical access was required at RSA.
If one of these is in your home machine, you likely won't kill it. If you think you might, then you should already have practices in place to deal with disk failure.
How about a vicious piece of malware? Could a piece of code be written to circumvent the wear-leveling algorithm and carpet-bomb your SSD with repetitive writes so that it's worthless overnight? Could be a real PITA in cases like the Macbook AIR where the SSD drive is built into the mobo. It's not a case of just paying for a new SSD to replace. On the plus side, this type of hardware failure just limits additional writes to the device. You should still be able to retrieve your data.
I'm not sure how stuxnet is a proper illustration of old vulnerabilities being ignored. From what I recall of stuxnet, it is a WORM that exploits multiple zero-day vulnerabilities, at least one of which was due to security certs stolen from a hardware vendor in Asia.. Sure, best practices were ignored wherein industrial centrifuge controllers should have been physically firewalled from any devices that connect with other networks or devices.
But seriously, stuxnet isn't as good an example of a glaring security incompetence as the recent HBGary intrusion. That started with a simple SQL injection, and ended up with executive emails revealing nefarious corporate dealings by a company pretending to be a security consultant.
Here is an EXCELLENT technical dissection of the HBGary attack. Nothing spectacular involved. Just nuts-and-bolts hacking with impressive results.
Check the cost of that house outside Palm Springs. I'd be surprised if it wasn't right around $20 million. Also, check his car. That'll be the difference.
Even in bankruptcy, your creditors cannot take your house and must leave you one car. If you used all of your ill-gotten proceeds to purchase your house, then the money can't be retrieved. The house can be foreclosed on if the payments on a mortgage aren't made, but if the house is paid off, it's safe from creditors.
Another common move is to divorce your spouse prior to any big lawsuit with potential damages to be applied. Your assets are split in half, then if you lose the lawsuit, the winner only gets the half of your assets you kept. Then you hook back up with your spouse and have the other half to enjoy. (See Robert Tiltonand Hulk Hogan)
Balance of Power by Harry Turtledove on the Kindle is a prime example of an eBook plagued by OCR typographical errors. (see user reviews) Yes, somebody ran a spell-checker on the resulting text. The problem is that words are misused throughout. Man becomes men. Commas are in place of periods. It's quite distracting.
I submitted a message to Kindle support about the typos in this title just to give them a heads-up on the issue. Without any discussion, Amazon's off-shored tech support decided to refund my original purchase price and then remove the book from my collection. I wasn't complaining. I wasn't demanding a refund. I just sent them a message to alert them of the sub-par quality of their content conversion process. Instead of wanting to fix the problem, they are choosing to ignore it by dishing out refunds.
The existing Android 2.2 tablets are orders of magnitude more complex than the Ipad
And 'complexity' is a good thing? I think the GP was referring to the baseline specs that consumers can easily digest. Screen size is one of them. Price is another. How about third-party accessory ecosystem? Finally, app store selection is another. Not trying to be a hater here, but the Streak and Tab cannot match the iPad on any of these purchase criteria. At most, the Tab can claim more RAM, cameras, and lighter-weight, but those all come at a cost of shorter battery life (well, the cameras probably don't impact battery life).
Many criticisms of Apple relate to their products selling as a result of marketing. That is very true, but advertisements are only a very small part of marketing. Product lifecycle management is where Apple's marketing genius is exposed. The iPad1.0 has exactly the feature set Apple calculated would make it sell a bunch and establish it as a category leader. They could have included cameras. They could have included more RAM. Maybe even a faster processor. But then what would they be cannibalizing features planned for iPad2, which would force engineering to have to really scramble to give consumers an upgrade incentive. This is also why the savvy consumer holds out for iPad2 instead of buying the feature-poor iPad1.0.
Do these guys actually leave the NSA? Why aren't there quotation marks around the 'EX' part of his title? Sounds to me like a good way for no-such-agency to get a mole in a powerful position to install backdoors in a popular line of consumer communication devices. At a minimum, they could get a direct hotline listing of every vulnerability as soon as Apple is alerted to them, but before patches are released.
I never assumed the database was on the laptop. Encrypting data within the database means that client compromises like this one still protects critical assets such as SSN's. It means, as I alluded to in my original post, that a person or piece of malware, can't execute a select social_security_number, address, patient_name from patient_table and store the resulting rows in a clear text file. Well, at least the resulting rows will be encrypted in DES or some such algorithm. This has nothing to do with encrypting the communication between the client and the database server. It has everything to do with encrypting the content of the database and using a secure mechanism to read and write to those rows in an encrypted format. Developers can still work in the database without themselves being able to see or touch the content. Same with users. Same with compromised laptops. etc. etc.
That information should have been encrypted within the database. Why, just the other day SQLServerCentral.com posted a tutorial on creating a transparent database encryption layer. When managing critical information like SSN's or embassy cables, clear text is just asking for a compromise.
Oh, and I am not saying Windows is anything at all good to have in anyone's life. In fact, the insecure nature of laptops and malware demands that security be increased closer to the sensitive data.
I had a similar experience when switching from my first-generation iPhone to the iPhone 3GS. It turned out I had the SIM card from the first phone in the 3GS and was limited to only getting EDGE. I had to go to the AT&T store to get a new SIM card from them that supported 3G.
You might check that possibility. But if you see a letter 'E' in the upper right, you're on EDGE. If you see a 3G, then that's what you're on.
I still haven't seen any evidence to suggest that Assange is the target of anything more than an obsessed media and a lot of public outcry by the same stupid pundits that throw up a public outcry over every other damn thing in the news.
Because you haven't 'seen' something does not in any way suggest something doesn't exist. When it is your life on the line, you tend to look a lot more closely at what your foes are doing.
In this case, it's a routine method of avoiding extradition if you can convince your host country that your prosecution in another country can result in your death as a means of punishment. It's a flimsy claim here, but if his lawyers don't attempt, then they could be guilty of malpractice should he later be executed.
Slashdot Mirror
From wikipedia:
As you can see, the folks at Comcast, News Corp, and Disney have found their mark for dumping Hulu.
Shai,
Kudos to you for empowering consumers with an app. This is the kind of reason I got a smart phone in the first place. Traditional voice mail was so torturous to me, I stopped listening to mine and changed the greeting to "If you leave a message, I'll never hear it. I'll return your call when I see your number on my caller-ID." When Apple introduced 'visual voicemail,' I bought an iPhone. Your app extends that empowerment to dealing with other people's voicemail / call trees.
Thank you and best wishes,
Seth
No disrespect to you, because I think a few years back, this was a very relevant criticism. People like MafiaBoy were making a single splash, then promptly put behind bars without much delay.
Natural selection has largely removed those type of cyber vandals from the populace. What remains are the smarter hooligans who have learned from the failures of others how to properly cover their tracks.
The weakest link in any group of criminals is the group itself. In this case, I suspect the members have intentionally maintained anonymity between themselves. This will insulate their group from any member that might become compromised by law enforcement and/or promises of rewards.
Seth
I'm not convinced Apple plans to release products with this 'feature'. I think it's an investment in a concept with the goal of licensing the patent should a third-party decide to approach this solution to a perceived problem.
There has been a lot of research into this by the motion picture studios in their effort to squelch bootlegging movies in the theater. Most of their best results have been in bouncing IR throughout an auditorium and catching bounces that indicate a video camera lens is pointing at the movie screen. But they'd be much happier with the solution proposed by Apple's patent...
Here's how it could work-- Apple could charge $1 per unit for this license. All the hardware vendors (video camera, phone, DSLR, etc) would refuse to implement it because they don't want to increase their unit production costs. The movie studios, however, could pay the hardware folks $2 per device sold with the technology. The risk of movie piracy isn't so great from cellphone cameras, but more so from traditional handheld DV & DSLR cameras. If 50 million such cameras are sold each year, the studios would pay $100 million (half to the hardware companies, half to Apple). Not a huge cost in the grand scheme of their industry. They could also re-coup some of that investment by selling the blocking transmitters to private entities.
Seth
The code works by natural selection. If it executes a buy&sell sequence that amounts to a profit, it is allowed to continue it's rule execution on additional trades. A code monitor manage the rules that are in play. If something is performing poorly (losing money on repetitive trades or stuck holding an asset for an extended amount of time), its assets are dumped back to the market and it's pulled out of the mix.
In high frequency trading, you can also run your code in a simulator mode that will track 'what-if' purchase and sales, but you won't know for certain how the market (i.e. other high-frequency trading entities) will respond until you run your code live.
Seth
I encourage you to attempt your proposed effort at writing such a program. All the computers in the world working 24 x 7 on such a task wouldn't complete it in your lifetime. The Oxford dictionary contains more than 171,476 English words. Do you know how many unique combinations of those words are possible within a 100-unit space? And consider all the alpha-numeric variations, proper nouns, foreign words and foreign nouns.
You're going to want to make some extra space in your closet for storing all those reviews.
Seth
command-option-escape should do the trick.
See, that's what I was thinking. Then I re-read the description of the agreement. The patient is turning over all copyrights to future reviews to the doctor. If the doctor has one of these documents signed by EVERY patient, then he can petition the review site (Yelp) to remove negative reviews because he would claim to have copyright ownership of those reviews purportedly written by patients with anonymous names.
People posting in this thread about signing away right to free speech, etc. have only skimmed the summary without understanding this is assigning copyright ownership of future reviews to the doctor. There is no surrender of free speech. It's saying the doctor owns the content the patient may produce as a result of the service. It's the same as a journalist working at a newspaper. The newspaper owns the copyright to all articles created by its staff. Sure, it's backassward and a powergrab on the part of whatever doctor is trying to use this to suppress negative ratings.
Should it ever go to court, it would be unlikely to hold up, but I doub't an outfit like Yelp would resist a formal letter with some attached photocopies of some signed legal-sounding agreements. They'd probably yank the criticism from the site and then offer to sell some ads to the doctor in the same conversation.
Don't forget, Yelp isn't selling anything to the users. Yelp's customer is the doctor.
Seth
Oh, you can bet they're already spending millions of dollars. They spent that from the day their service went offline and have continued to spend it each day it's unavailable to users.
The infrastructure costs of a firedrill like this are enormous. Consider that the State of Texas Comptroller's Office has already spent more than $1.8 million just to hire consultants to come in and figure out how their own staff screwed up and left 3.5 million people's SSN's, DOB's, names, and addresses on a publicly-available server for over a year. In the case of the Comptroller's Office, it appears that two of the consultants were campaign contributors, so it's not like the Comptroller's Office is wasting money on strangers.
I agree with you that millions should be spent to compensate the victims, though, if that's what you meant.
Seth
When you say Microsoft "put a gun to their head" who is the "their" you're referring to? The head belonging to Microsoft or someone else? Customers, perhaps?
Seth
I was 100% with you until you misspelled Boba Fett. Unforgivable.
Seth
Here's a conspiracy theory:
These attackers might have a more significant zero-day vulnerability at their disposal than the SecureID system. They might have used that to breach RSA. But with this other vulnerability available for their private use, the greatest risk is that it will be discovered by victims and rendered obsolete. Now that SecureID has been compromised in some ambiguous way, it allows the attackers to ply their original vulnerability against RSA customers with SecureID being the assumed entry-point.
It is a theory.
Seth
That used to be a good assumption to make until the steps required to manufacture the stuxnet worm were revealed.
The penetrator likely has eyes on a very specific secondary target, and grabbing this information was a preliminary step.. Imagine the resources that could have been applied. I'm betting physical access was required at RSA.
Seth
How about a vicious piece of malware? Could a piece of code be written to circumvent the wear-leveling algorithm and carpet-bomb your SSD with repetitive writes so that it's worthless overnight? Could be a real PITA in cases like the Macbook AIR where the SSD drive is built into the mobo. It's not a case of just paying for a new SSD to replace. On the plus side, this type of hardware failure just limits additional writes to the device. You should still be able to retrieve your data.
Seth
I'm not sure how stuxnet is a proper illustration of old vulnerabilities being ignored. From what I recall of stuxnet, it is a WORM that exploits multiple zero-day vulnerabilities, at least one of which was due to security certs stolen from a hardware vendor in Asia.. Sure, best practices were ignored wherein industrial centrifuge controllers should have been physically firewalled from any devices that connect with other networks or devices.
But seriously, stuxnet isn't as good an example of a glaring security incompetence as the recent HBGary intrusion. That started with a simple SQL injection, and ended up with executive emails revealing nefarious corporate dealings by a company pretending to be a security consultant.
Here is an EXCELLENT technical dissection of the HBGary attack. Nothing spectacular involved. Just nuts-and-bolts hacking with impressive results.
Seth
Check the cost of that house outside Palm Springs. I'd be surprised if it wasn't right around $20 million. Also, check his car. That'll be the difference.
Even in bankruptcy, your creditors cannot take your house and must leave you one car. If you used all of your ill-gotten proceeds to purchase your house, then the money can't be retrieved. The house can be foreclosed on if the payments on a mortgage aren't made, but if the house is paid off, it's safe from creditors.
Another common move is to divorce your spouse prior to any big lawsuit with potential damages to be applied. Your assets are split in half, then if you lose the lawsuit, the winner only gets the half of your assets you kept. Then you hook back up with your spouse and have the other half to enjoy. (See Robert Tiltonand Hulk Hogan)
Seth
Balance of Power by Harry Turtledove on the Kindle is a prime example of an eBook plagued by OCR typographical errors. (see user reviews) Yes, somebody ran a spell-checker on the resulting text. The problem is that words are misused throughout. Man becomes men. Commas are in place of periods. It's quite distracting.
I submitted a message to Kindle support about the typos in this title just to give them a heads-up on the issue. Without any discussion, Amazon's off-shored tech support decided to refund my original purchase price and then remove the book from my collection. I wasn't complaining. I wasn't demanding a refund. I just sent them a message to alert them of the sub-par quality of their content conversion process. Instead of wanting to fix the problem, they are choosing to ignore it by dishing out refunds.
Seth
And 'complexity' is a good thing? I think the GP was referring to the baseline specs that consumers can easily digest. Screen size is one of them. Price is another. How about third-party accessory ecosystem? Finally, app store selection is another. Not trying to be a hater here, but the Streak and Tab cannot match the iPad on any of these purchase criteria. At most, the Tab can claim more RAM, cameras, and lighter-weight, but those all come at a cost of shorter battery life (well, the cameras probably don't impact battery life).
Many criticisms of Apple relate to their products selling as a result of marketing. That is very true, but advertisements are only a very small part of marketing. Product lifecycle management is where Apple's marketing genius is exposed. The iPad1.0 has exactly the feature set Apple calculated would make it sell a bunch and establish it as a category leader. They could have included cameras. They could have included more RAM. Maybe even a faster processor. But then what would they be cannibalizing features planned for iPad2, which would force engineering to have to really scramble to give consumers an upgrade incentive. This is also why the savvy consumer holds out for iPad2 instead of buying the feature-poor iPad1.0.
Seth
Executives usually bring in their own middle-managers. At a minimum they get sign-off on the hiring thereof.
Seth
Do these guys actually leave the NSA? Why aren't there quotation marks around the 'EX' part of his title? Sounds to me like a good way for no-such-agency to get a mole in a powerful position to install backdoors in a popular line of consumer communication devices. At a minimum, they could get a direct hotline listing of every vulnerability as soon as Apple is alerted to them, but before patches are released.
Seth
Sorry to write a vague comment.
I never assumed the database was on the laptop. Encrypting data within the database means that client compromises like this one still protects critical assets such as SSN's. It means, as I alluded to in my original post, that a person or piece of malware, can't execute a select social_security_number, address, patient_name from patient_table and store the resulting rows in a clear text file. Well, at least the resulting rows will be encrypted in DES or some such algorithm. This has nothing to do with encrypting the communication between the client and the database server. It has everything to do with encrypting the content of the database and using a secure mechanism to read and write to those rows in an encrypted format. Developers can still work in the database without themselves being able to see or touch the content. Same with users. Same with compromised laptops. etc. etc.
Seth
That information should have been encrypted within the database. Why, just the other day SQLServerCentral.com posted a tutorial on creating a transparent database encryption layer. When managing critical information like SSN's or embassy cables, clear text is just asking for a compromise.
Oh, and I am not saying Windows is anything at all good to have in anyone's life. In fact, the insecure nature of laptops and malware demands that security be increased closer to the sensitive data.
Seth
In so many organizations, I've seen cellphones as a perk given to management while the proles are given pagers for their 24/7 on-call servitude.
Bring back the pagers for ALL! Walkie-talkies, too!
Seth
I had a similar experience when switching from my first-generation iPhone to the iPhone 3GS. It turned out I had the SIM card from the first phone in the 3GS and was limited to only getting EDGE. I had to go to the AT&T store to get a new SIM card from them that supported 3G.
You might check that possibility. But if you see a letter 'E' in the upper right, you're on EDGE. If you see a 3G, then that's what you're on.
Seth
Because you haven't 'seen' something does not in any way suggest something doesn't exist. When it is your life on the line, you tend to look a lot more closely at what your foes are doing.
In this case, it's a routine method of avoiding extradition if you can convince your host country that your prosecution in another country can result in your death as a means of punishment. It's a flimsy claim here, but if his lawyers don't attempt, then they could be guilty of malpractice should he later be executed.
Seth