Comparing the overthrow of a far inferior professional force by a far superior professional force is very different than dealing with an ongoing insurgent war. Ukraine did not have ongoing tribal warfare where everyone is happy to shoot anyone not of their tribe. In Ukraine combatant can be identified by being in uniform. In Iraq anyone could be a combatant. In the Ukraine all combatants were on military bases. In Iraq combatants could be anywhere. In the Ukraine the soldiers knew that they would be killed if they resisted and for no good. In Iraq death in battle means martyrdom and a place in paradise. In Ukraine both sides are professional. In Iraq only one side was professional. It takes two sides to fight and the Ukrainians did not because they knew it was futile. The Iraqis have been fighting and dying for decades. The Ukraine and Iraq are very different situations.
Agreed, though you could mitigate that somewhat, at the expense of resolution, by moving the laser assembly further away from the resin.
It is also at the expense of accuracy as any error in mirror movement will be multiplied as the distance between the laser and the media gets larger. In effect you are just trading one error for another.
I am just really tired of people posting "but you can do it for cheap with this device" when there is no way that the cheap device will be able to produce the object. There is no way that Peachy would ever be able to produce the tape or calipers. The technology is just not accurate enough.
They have been playing with Peachy for a very long time yet they have shown less than ten different very small, very rough objects. Every object has the same type of horizontal striations as fused deposition printers. Take a look at this picture. Even the vertical column that comes off the cube has very rough sides. That is an indication of very poor accuracy of beam placement. Sorry but I am not confidant that they can get an actual smooth surface on an object of significant size.
It's pretty remarkable, really, for a device they plan to sell for only $100.
The kit, that requires extra parts, is $100. The assembles Peachy is $400.
Another problem with the technology, and a reason for the small parts, is that it uses a steered mirror system. The laser will be coming from one spot and as the piece gets bigger horizontally the laser will hit the resin at more of an angle. The laser spot will be larger, no longer circular and angled near the edge of the tank. Higher priced printers move the mirror much like a plotter so the laser always hits the resin in the exact same manner.
Still lots of horizontal lines, they call them z artifacts, and nowhere near smooth. They make references to what they could do but why didn't they just do it and show us the higher quality output.? Also why are all the objects they show less that a couple of inches on any dimension? Their video spends a lot of time blurring in and out of the objects they made and very little time in focus. It looks to me like they don't want people looking too closely at their output. Sorry but it is still a toy and nowhere near what a multi-thousand dollar printer can do. Comparing Peachy to the printer that made the tape measure is like comparing a go-cart to a Corvette. Yes they both have 4 wheels but one has much better performance.
What I mean is the light to be on whenever there is power to the hardware. If it can respond to a voice command it is on and the light should be on. I also can not found anywhere that there is a light visible to someone other than the Glass user. If there is power to the Glass the light should be on.
My biggest objection to Glass is that there is no way for anyone else to know when it is on. Sure it will not be recording all the time but I only care it it is recording when it is pointed at me. How about a small led (it does not have to be red) that is on when Glass is on. I don't mean recording because snap shots can be taken in a split second. Yes it will make Glass even more dorky but I think it would help with people's acceptance.
Take a look at the quality of the objects that can be printed by Peachy. It appears to use a very large beam with very rough placement. Just because it uses UV does not mean it creates the same quality. I doubt very much if you could do the tape or calipers on the Peachy.
No because you did not run a script to try millions of different character combinations to find the link. Also the information is obviously meant to be public.
It all depends on how you look at it. If you look at the IMEI as a password then it is very different. There is also a huge difference between typing a few characters differently and writing a script to try millions of different combinations. The latter looks very much like a brute force crack.
Agreed. If more people took the stance of "both are wrong and should be punished" maybe something would happen. The "Weev is innocent" chant just muddies the waters and dilutes any pressure to prosecute AT&T.
Would you defend the government for making a system where simply using a street address would allow one access to information (taxes etc.)? How about your Bank? Explain your reasoning, please.
I am not defending AT&T. I think they should be heavily fined and hopefully someone go to jail. I also think that someone who exploited the hole should also be sent to jail and heavily fined. The only people I am defending are the ones who had their information stolen.
Absolutely it does, it's implicit when it's on the web (short for World Wide Web) especially without authentication (doesn't that usually involve username + password?)
There are some authentications that do not use user/password. For example, Paypal Payflow uses a signature which is a single long number that identifies that account and gives authorization for access. It is a single number somewhat like an IMEI.
FYI email addresses are not private information.
Have you ever seen an directory of email addresses? There may be a reason for that. I have looked and I have not found a legal definition one way or the other. By the way, the parallel with phone numbers may be flawed as some numbers are unlisted and not allowed to be published in directories. I believe that the owner of the number must authorize listing the number.
You make a point of mentioning that this occurred thousands of times.
Make that millions of time with millions of different combinations.
What if you clicked on a link via a URL shortening service that directed you to one of these links, do you think you should be put in jail?
That is one URL and not millions of different URLs.
Do you think you should be liable for fraud for entering IMEI#s?
Yes, if the IMEI does not belong to you or you have not been authorized by the owner to use it.
What about accessing a website or service when its really busy (DDOS)?
If most of that load is caused by your servers hitting their servers then yes. If it is by normal browser traffic then no.
What about visiting slashdot and typing in an account name that's a misspelling of yours which happens to have the same password?
Don't you see how this is very different from trying millions of different password combinations? One of the precepts of law is intent. It is pretty easy to show no intent when typing in a few incorrect characters. It is easy to show intents when you create a script that generates millions of possible IMEIs and spams a server with them.
Lazy/incompetent/unprofessional people get no sympathy from me
I completely agree. I also think that people who exploit flaws for the purpose of profit and/or self aggrandizement should be held accountable for their actions. We are actually not too far apart. In my view the problem was caused by both Weev and AT&T they both should be prosecuted. What do you think?
So, he walks into an office building, asks the security guard if he can walk right up to the conference room, and the guard says 'yeah, sure, why not' so he does...and now he's being arrested for trespassing.
A closer analogy would be the following;
Walk into an office building a few million times each time asking for different room numbers and when he find one that exists the security guard says "yeah, sure, why not"...
By the way the security guard is blind so he has no way of knowing if you have been there before. It was the act of brute forcing the IMEIs with millions of attempts gaining over 100k email address that got Weev into trouble. The judge even said that had he stopped a few he would have gone free.
Here are a couple of differences between what Weev did and what the reporter did.
Reporter Tried a sequence of numbers totaling maybe 100k in sequence of which most were valid. The data retrieved is movie genre tags. The use of the data is to translate a number into a string of text to display the Netfix genre code on browsers and apps. There is no privacy concerns or profit potential for this data. Each data point retrieved is designed to be used by millions of people. Anyone with "Japanese Horror Movies" in their list would use code 10,000.
Weev Tried millions of possibilities of which most were invalid The data downloaded was valid email addresses of over 100k people. This is a serious privacy breach as these emails can be used as identity on many web sites and sold to spammers which will facilitate spam. The data is designed to be used by the owner of the phone as identified by the IMEI and not anyone who can spam enough possible IMEIs to fins a valid one.
Sorry but these are very different things. The Netflix database was meant to be public while the iPad one was not.
Ah... no. If I can type the exploit into the address bar and I need no more than autohotkey to download their entire god damned database then that's not a hack
Too bad that is not what happened. He tried millions of possible IMEIs to get the information. That is not far off from a brute force password attack. That was also where the identity fraud charge came from. The IMEI is used to identify the owner of the phone and by using someone else'es IMEI her was fraudulently acting as the owner of the phone.
The Mark isn't just for the yellow. The multimeter also has to have a grey face. You also need to check the location of the web site and manufacture location. For example I found this. It sure looks like a Fluke knockoff. But wait, the website is in the UK. Any multimeter manufactured in the US would also not go through customs.
Also, a lot of things slip by customs. Nobody is perfect and they deal with a lot of traffic.
I always assume the best in people. While I don't know Wodehouse myself I feel a bit vindicated as my friend, the linguistics major and avid reader, didn't know his works either.
It's not physically possible to remain in a public place for long periods of time without having to relieve oneself.
This is one of the few exceptions I would consider as a private act.
Public is NOT the opposite of private.
The difference between us is that you see public acts as the exception while I see private acts as the exception.
Claiming that a point is invalid by calling it "a matter of opinion" is nothing but sophistry.
Where the opinion comes in is the classification of private act and public act. In my opinion there are many more public acts that what you seem to think.
This issue has been discussed numerous times on Slashdot, have you been asleep?
I have been involved with those conversations. My point is that just because a person thinks it should be private does not make it legally so.
Once we acknowledge that there can be an expectation of privacy even in public places, it is entirely appropriate to determine what the limits of that privacy are.
That is your opinion. In my opinion there is no expectation of privacy in a public place therefore nothing to acknowledge. If you don't want something recorded in a public place then don't do it in a public place.
It is entirely appropriate to bar recordings of people made without their permission, with some reasonable exceptions.
I see it as the opposite where "It is entirely appropriate to allow recordings of people made without their permission, with some reasonable exceptions". We agree that either extreme, "no limits on filming" and "no filming allowed", are wrong but we draw the line at a different place. I draw it further to the allowing side and you draw it further to the privacy side. The further differentiation between public and private individuals is irrelevant; everyone deserves the same level of privacy.
Slashdot Mirror
Comparing the overthrow of a far inferior professional force by a far superior professional force is very different than dealing with an ongoing insurgent war. Ukraine did not have ongoing tribal warfare where everyone is happy to shoot anyone not of their tribe. In Ukraine combatant can be identified by being in uniform. In Iraq anyone could be a combatant. In the Ukraine all combatants were on military bases. In Iraq combatants could be anywhere. In the Ukraine the soldiers knew that they would be killed if they resisted and for no good. In Iraq death in battle means martyrdom and a place in paradise. In Ukraine both sides are professional. In Iraq only one side was professional. It takes two sides to fight and the Ukrainians did not because they knew it was futile. The Iraqis have been fighting and dying for decades. The Ukraine and Iraq are very different situations.
Agreed, though you could mitigate that somewhat, at the expense of resolution, by moving the laser assembly further away from the resin.
It is also at the expense of accuracy as any error in mirror movement will be multiplied as the distance between the laser and the media gets larger. In effect you are just trading one error for another.
I am just really tired of people posting "but you can do it for cheap with this device" when there is no way that the cheap device will be able to produce the object. There is no way that Peachy would ever be able to produce the tape or calipers. The technology is just not accurate enough.
They have been playing with Peachy for a very long time yet they have shown less than ten different very small, very rough objects. Every object has the same type of horizontal striations as fused deposition printers. Take a look at this picture. Even the vertical column that comes off the cube has very rough sides. That is an indication of very poor accuracy of beam placement. Sorry but I am not confidant that they can get an actual smooth surface on an object of significant size.
It's pretty remarkable, really, for a device they plan to sell for only $100.
The kit, that requires extra parts, is $100. The assembles Peachy is $400.
Another problem with the technology, and a reason for the small parts, is that it uses a steered mirror system. The laser will be coming from one spot and as the piece gets bigger horizontally the laser will hit the resin at more of an angle. The laser spot will be larger, no longer circular and angled near the edge of the tank. Higher priced printers move the mirror much like a plotter so the laser always hits the resin in the exact same manner.
You may be impressed but I am much more picky.
Still lots of horizontal lines, they call them z artifacts, and nowhere near smooth. They make references to what they could do but why didn't they just do it and show us the higher quality output.? Also why are all the objects they show less that a couple of inches on any dimension? Their video spends a lot of time blurring in and out of the objects they made and very little time in focus. It looks to me like they don't want people looking too closely at their output. Sorry but it is still a toy and nowhere near what a multi-thousand dollar printer can do. Comparing Peachy to the printer that made the tape measure is like comparing a go-cart to a Corvette. Yes they both have 4 wheels but one has much better performance.
Just a but more than necessary, lol
What I mean is the light to be on whenever there is power to the hardware. If it can respond to a voice command it is on and the light should be on. I also can not found anywhere that there is a light visible to someone other than the Glass user. If there is power to the Glass the light should be on.
My biggest objection to Glass is that there is no way for anyone else to know when it is on. Sure it will not be recording all the time but I only care it it is recording when it is pointed at me. How about a small led (it does not have to be red) that is on when Glass is on. I don't mean recording because snap shots can be taken in a split second. Yes it will make Glass even more dorky but I think it would help with people's acceptance.
Take a look at the quality of the objects that can be printed by Peachy. It appears to use a very large beam with very rough placement. Just because it uses UV does not mean it creates the same quality. I doubt very much if you could do the tape or calipers on the Peachy.
Did you read what I was replying to?
if you don't want something publicly accessible, begin by not putting it online
The poster's contention is that anything online is public and I was showing how some private things are also online.
That is why there is the legal term "reasonable person" and that is what juries are assumed to be.
No because you did not run a script to try millions of different character combinations to find the link. Also the information is obviously meant to be public.
It all depends on how you look at it. If you look at the IMEI as a password then it is very different. There is also a huge difference between typing a few characters differently and writing a script to try millions of different combinations. The latter looks very much like a brute force crack.
Agreed. If more people took the stance of "both are wrong and should be punished" maybe something would happen. The "Weev is innocent" chant just muddies the waters and dilutes any pressure to prosecute AT&T.
Would you defend the government for making a system where simply using a street address would allow one access to information (taxes etc.)? How about your Bank? Explain your reasoning, please.
I am not defending AT&T. I think they should be heavily fined and hopefully someone go to jail. I also think that someone who exploited the hole should also be sent to jail and heavily fined. The only people I am defending are the ones who had their information stolen.
Absolutely it does, it's implicit when it's on the web (short for World Wide Web) especially without authentication (doesn't that usually involve username + password?)
There are some authentications that do not use user/password. For example, Paypal Payflow uses a signature which is a single long number that identifies that account and gives authorization for access. It is a single number somewhat like an IMEI.
FYI email addresses are not private information.
Have you ever seen an directory of email addresses? There may be a reason for that. I have looked and I have not found a legal definition one way or the other. By the way, the parallel with phone numbers may be flawed as some numbers are unlisted and not allowed to be published in directories. I believe that the owner of the number must authorize listing the number.
You make a point of mentioning that this occurred thousands of times.
Make that millions of time with millions of different combinations.
What if you clicked on a link via a URL shortening service that directed you to one of these links, do you think you should be put in jail?
That is one URL and not millions of different URLs.
Do you think you should be liable for fraud for entering IMEI#s?
Yes, if the IMEI does not belong to you or you have not been authorized by the owner to use it.
What about accessing a website or service when its really busy (DDOS)?
If most of that load is caused by your servers hitting their servers then yes. If it is by normal browser traffic then no.
What about visiting slashdot and typing in an account name that's a misspelling of yours which happens to have the same password?
Don't you see how this is very different from trying millions of different password combinations? One of the precepts of law is intent. It is pretty easy to show no intent when typing in a few incorrect characters. It is easy to show intents when you create a script that generates millions of possible IMEIs and spams a server with them.
Lazy/incompetent/unprofessional people get no sympathy from me
I completely agree. I also think that people who exploit flaws for the purpose of profit and/or self aggrandizement should be held accountable for their actions.
We are actually not too far apart. In my view the problem was caused by both Weev and AT&T they both should be prosecuted. What do you think?
if you don't want something publicly accessible, begin by not putting it online
So no online banks, credit card companies, etc. Just because it is on the web does not mean it is public.
Defending negligence will not improve things.
Defending people who exploit negligence does not improve things either. In my opinion there should be consequences for both Weeve and Apple.
How about if I did lock the door but you made a really fast key cutter and tried a million different keys on the lock and a few of them worked.
So, he walks into an office building, asks the security guard if he can walk right up to the conference room, and the guard says 'yeah, sure, why not' so he does...and now he's being arrested for trespassing.
A closer analogy would be the following;
Walk into an office building a few million times each time asking for different room numbers and when he find one that exists the security guard says "yeah, sure, why not"...
By the way the security guard is blind so he has no way of knowing if you have been there before.
It was the act of brute forcing the IMEIs with millions of attempts gaining over 100k email address that got Weev into trouble. The judge even said that had he stopped a few he would have gone free.
Here are a couple of differences between what Weev did and what the reporter did.
Reporter
Tried a sequence of numbers totaling maybe 100k in sequence of which most were valid.
The data retrieved is movie genre tags. The use of the data is to translate a number into a string of text to display the Netfix genre code on browsers and apps. There is no privacy concerns or profit potential for this data.
Each data point retrieved is designed to be used by millions of people. Anyone with "Japanese Horror Movies" in their list would use code 10,000.
Weev
Tried millions of possibilities of which most were invalid
The data downloaded was valid email addresses of over 100k people. This is a serious privacy breach as these emails can be used as identity on many web sites and sold to spammers which will facilitate spam.
The data is designed to be used by the owner of the phone as identified by the IMEI and not anyone who can spam enough possible IMEIs to fins a valid one.
Sorry but these are very different things. The Netflix database was meant to be public while the iPad one was not.
Ah... no. If I can type the exploit into the address bar and I need no more than autohotkey to download their entire god damned database then that's not a hack
Too bad that is not what happened. He tried millions of possible IMEIs to get the information. That is not far off from a brute force password attack. That was also where the identity fraud charge came from. The IMEI is used to identify the owner of the phone and by using someone else'es IMEI her was fraudulently acting as the owner of the phone.
The Mark isn't just for the yellow. The multimeter also has to have a grey face. You also need to check the location of the web site and manufacture location. For example I found this. It sure looks like a Fluke knockoff. But wait, the website is in the UK. Any multimeter manufactured in the US would also not go through customs.
Also, a lot of things slip by customs. Nobody is perfect and they deal with a lot of traffic.
here
that the text never could have been mine.
I always assume the best in people. While I don't know Wodehouse myself I feel a bit vindicated as my friend, the linguistics major and avid reader, didn't know his works either.
It's not physically possible to remain in a public place for long periods of time without having to relieve oneself.
This is one of the few exceptions I would consider as a private act.
Public is NOT the opposite of private.
The difference between us is that you see public acts as the exception while I see private acts as the exception.
Claiming that a point is invalid by calling it "a matter of opinion" is nothing but sophistry.
Where the opinion comes in is the classification of private act and public act. In my opinion there are many more public acts that what you seem to think.
This issue has been discussed numerous times on Slashdot, have you been asleep?
I have been involved with those conversations. My point is that just because a person thinks it should be private does not make it legally so.
Once we acknowledge that there can be an expectation of privacy even in public places, it is entirely appropriate to determine what the limits of that privacy are.
That is your opinion. In my opinion there is no expectation of privacy in a public place therefore nothing to acknowledge. If you don't want something recorded in a public place then don't do it in a public place.
It is entirely appropriate to bar recordings of people made without their permission, with some reasonable exceptions.
I see it as the opposite where "It is entirely appropriate to allow recordings of people made without their permission, with some reasonable exceptions". We agree that either extreme, "no limits on filming" and "no filming allowed", are wrong but we draw the line at a different place. I draw it further to the allowing side and you draw it further to the privacy side.
The further differentiation between public and private individuals is irrelevant; everyone deserves the same level of privacy.
A quote without attribution is plagiarism,