What's this "have to hide" bullshit? What if you want to hide? A large percentage of the population are introverts, and a significant proportion of both those (among others) don't have any desire to share anything personal with anyone, at least aside from those they choose to. Some people like privacy, like anonymity, like not being seen by others. Hell - I get a serious case of anxiety if someone is merely standing behind me, no matter how innocuous my activities.
Please, don't start with this "if you have nothing to hide, you have nothing to worry about" utter crap. The next step to that is "if you have anything to hide, you're probably a pedophile" which you're already alluding to. No, we just don't like oxygen-wasting cretins sticking their nose into our lives. Considering such a vast number of people value their privacy in exactly the same way, this behavior is *natural*.
I make very little effort to hide my presence online. But if I did choose to, then by no means does anyone have any justification to suggest that there's something wrong with wanting to hide. It's part of the human condition - some people like being seen, being known, being pored over - some people prefer the exact opposite.
You might suggest this is an over-reaction, that you're merely pointing out that the internet isn't for people who want to hide. But the point is, it should be. You should be directing your energies to fixing the problem - not just throwing your hands up and saying 'don't bother trying to hide even if you want to'.
Naw, HTTPS only protects you against folks who don't already have the keys. You pretty much can't trust virtually any data communication that takes place on the internet. However, that doesn't mean stop doing stuff - it just means weigh the value of what you're doing against the expectation that the information is likely to be used against you. For example - the NSA may have my internet banking credentials - but am I worried they're going to steal my money? No - either 1) they don't need to, 2) if some rogue agent decided to, there are legal protection and insurance avenues I can take to regain my money, 3) if the government decided they needed to steal my money, then even them not having my internet banking credentials isn't going to stop them anyway.
I'm not an advocate for "if you have nothing to hide, you have nothing to worry about" at all. I'm just facing the realization that our government is completely morally corrupt, and outside of changing it by force, I can never protect my information online unless it's information I've encrypted and uploaded myself (and even then I'm still at risk if my OS is rooted or my encryption algorithm has a master algorithm). So, I weigh that knowledge against my activities and don't worry too much. If I was concerned about being identified, then you can protect yourself, but it largely involves not using your net connection, among other things.
That, and, they'll simply legislate against anything which removes their central control. It'll only be a matter of time before darknets are legislated against "for the children", at least those they haven't already entirely honeypotted.
"so he is at least partly motivated by greed" is a negative aspersion against him. I refered to this statement quite specifically. That the ultimate effect may be at least neutral has no bearing on the impropriety of your statement. Unless you have evidence that he's partially motivated by greed, then you can't build a case around that presumption. At best, you might say "he MAY be at least partially motivated by greed", but even then the rest of your statements about possible advantages for the company are at best supporting that hypothesis, rather than a being a defendable position of certainty.
Clicked on comments to come and see all the folks who'd make negative comments about him for this. You, among others, didn't disappoint.
There is no indication he's motivated by greed whatsoever, and it's either ignorant or wilfully destructive to cast such aspersions without some concrete evidence.
How is Dropbox not secure? Do you mean the client you have control of isn't secure? That's all the article is speaking of - they haven't found a way to steal your data from Dropbox unless they already have a secret from your PC.
In order to access your account, they need the secret host_id (which is generated per device and unique to that device) and host_int from your computer (although, if they already have host_id, they can get host_int from the server - so really, they only need host_id). Presuming they have access to your computer, they can use these keys to access your account. (ie, without actually having your password). If they already have access to your computer however - well, at this stage we're splitting hairs. Any software which stores your login credentials on your own computer is at best hiding an access method through obscurity.
The only way to avoid this is to require you to enter your password each time you want to sync your files. Same with Google Drive. Same with.. every piece of software that stores login credentials on the client. Calling DropBox "insecure" when you actually mean "as secure as any client-side auto-login software can be" is a misnomer.
A lot of the commentators in this article are mentioning "security through obscurity" as if the fact it doesn't work long-term should be some revelation to the Dropbox team, or that Dropbox has somehow dropped the ball through using this method. It's an unfair stance to take, considering that outside of hardware based platforms like TPM, *ALL* client-side software security is at best security through obscurity.
The only news here is that Dropbox is the latest fairly major player to have their client reverse-engineered. Obfuscation is merely a means of delaying the inevitable, and for all we know it has done it's job wonderfully. Plenty of other people may have tried to reverse-engineer the code before but gave up because of the complexity of the obfuscation. The fact that an 'adversary' has dedicated sufficient time and commitment to the effort is news to be sure, but the news shouldn't be turned into "Dropbox did a bad". Anyone with any reasonable experience in IT (which I'd hope most readers here have) should know by now that there are no means to secure software on a computer which someone has control of.
Fair enough, and I did mean to add to my original post (but was called away by work), that despite all my protestations regarding the strict legality of implied rights transferral or lack thereof, any case raised under these circumstances should certainly fail since they (Prenda) apparently used a form of distribution which will generally force downloaders to redistribute - as you have pointed out. In other words, no willful infringement. Still not sure I'd extend that to "implied permission", but I do understand the sentiment.:)
There's a false equivalency there using Fedex as the example. And equivalency would be if the ISP was being sued, but that's not the case.
The first part is correct, however - if you configured your client to not upload, or even if they can't prove you did upload it to anyone (ie, their bots didn't download it off you), then I agree whole-heartedly that in this scenario (where the copyright holder uploaded the content) that they have no case against you for downloading it.
The second part, that permission is implied for you to do the same, is incorrect, however. Unless you have prior permission from the uploader, you have no expectation that you have permission to redistribute the content. While many people distribute their content on BitTorrent purposefully, they generally do so either with express permission to redistribute (ie, a CC license), their own software doing that interaction (ie, Blizzard Downloader, with a TOU saying you won't reverse engineer their protocol), or a license forbidding re-distribution outside of the torrent from their private trackers (ie, downloading purchased HumbleBundle games via torrent). If content is copyrighted, then unless you have express permission to redistribute, you can't presume you do.
Nothing is implied by their distribution to you that you're permitted to redistribute it to other people. If I buy a game from EA, and they give me permission to download it, they're not giving me permission to then give that to other people. If they give away ten thousand copies of a game, they're still not giving permission for the receivers of those copies to redistribute them (outside of the first sale doctrine, where applicable). I can create a new video, and put it up on Youtube for an unlimited number of people to view and download, but I still retain full rights to that video, except the rights I have passed to Youtube (namely, you can read the legalese, when you upload a video to Youtube, you grant Google the permission to reproduce it on that site and distribute it, but these rights are not confered to people viewing the video).
I'm not saying I agree with how copyright law works in a digital age. I'm just pointing out that no matter how many people they allow to download something, that never infers a right for those downloaders to redistribute.
Submitted too early. To answer your second point - I never claimed torrenting was illegal. I said, torrenting something you don't have permission to torrent, is illegal. I download all my HumbleBundle games on BitTorrent. I download a fair number of open documentaries on BitTorrent. Etc. Twisting my statement that you're distributing somebody elses porn without permission into "all torrenting is illegal" is absurd, but you're in luck that plenty of the target audience here are teens who actually have no clue what they're talking about. For all I know, you could be one too..:O
Except in that case, you're distributing WITH authorisation. You have explicit permission to distribute. A copyright holder making a torrent available may inadvertantly be permitting reproduction by you, but without explicit permission to redistribute, they're not saying you can share it with other people. When I buy a movie online and download it, I have explicit permission to receive that from the copyright holder. I don't have any permission to pass that on to anyone else.
Except, with torrenting, you're distributing without authorization. While they shouldn't be able to nab you on downloading it yourself, as you have contravened any rights of reproduction in taking your copy, you are violating the rights of distribution. Unless, you happen to only download from that single seed and never peer, although if their bots can download it off you, they can already prove you're violating copyright.
I believe your assessment of the determining factor to be wrong. Presumably, he was doing so under the purview of his employment - that being, he was sent out to sell them. Thus, he's authorized to distribute them. No matter what you thought about their legitimacy, if you can prove that his distribution to you was an authorized distribution, then you haven't fallen foul of copyright law. Furthermore, first sale doctrine applies here, and you could sell those same discs to other people (you just couldn't make copies of them). The onus on the prosecution would be to "prove intent to receive stolen goods" (which I'm not certain is even a federal crime on its own, but I'm sure they could get you on some 'conspiracy to commit criminal enterprise' law). However proving that intent would be difficult. You'd have to have very specific audio statements alluding to that. OPs scenario was that the discs appear genuine.
Right, but the article isn't "Ubuntu Edge now most backed escrowed campaign". It's claiming it's the biggest crowd-funded campaign, which it's clearly not. Although, it's not Star Citizen either. I believe World War II takes out that title. $185.7 billion in un-adjusted crowd-funded dollars.
Just because I know this information is vitally important to the continuation of the species, this quote was misattributed to Twain 20 years after he died. Extensive research on the phrase: http://quoteinvestigator.com/2012/06/09/urge-to-exercise/
$25 million has gone to IBM. This means the Qld government has wasted the other $1.175 billion on 'consulting', 'implementation' and 'training'. IBM is just a scapegoat here for the state government's incredible incompetence in, really, everything they touch.
FTWA: HeLa cells have a modal chromosome number of 82, with four copies of chromosome 12 and three copies of chromosomes 6, 8, and 17. As these are cancer cells, orderly cell division does not take place. Therefore the number of chromosomes they have can vary considerably, even within a single culture.
We can be sure it's useful because it's been used successfully for trials since 1951. I know reading the article is passe, but this is in the summary. Here's a Wikipedia article if you'd like to know more. http://en.wikipedia.org/wiki/HeLa Additionally - the fact it IS a cancerous cell line is extremely useful in testing involving cancer drugs.
Right and wrong. If you're narrowing the definition to the source, you're correct, however if your brain interprets what it sees in three dimensions, then you're seeing 3D. Or simply: Projected Image - not 3D. Visualised image - 3D.
I see - yes, those comments do seem extremely petty in the context of what is a fairly remarkable feat of dedication, and certainly to the individual involved would be a major milestone.
There was no attempt at humor in my post. BTW, the person I just referenced who built one in his basement is both a geek and a Slashdotter, so really not sure what point you're trying to make? That french waiters, private pilots, AND geeks, have the same potential technical prowess? That's exactly what I was pointing out - this isn't really news as it's been done by a large variety of people already. Pretty much anyone with the time, money and passion could throw this together. But all you're pointing out is it takes a Frenchman to displace his son in the process..
I had a good friend who was the chief engineer for a major multi-national telecommunications company, who laid out around half a million building a fully functional 747 cockpit in his basement - and that was back in '99. Even had a seat and controls for the navigator.
I use the cloud for data backups extensively, however the data I upload I've already encrypted myself. I always considered this the only sane way to use cloud data storage securely. The author is either an idiot or a plant. More encryption IS the answer.
Slashdot Mirror
What's this "have to hide" bullshit? What if you want to hide? A large percentage of the population are introverts, and a significant proportion of both those (among others) don't have any desire to share anything personal with anyone, at least aside from those they choose to. Some people like privacy, like anonymity, like not being seen by others. Hell - I get a serious case of anxiety if someone is merely standing behind me, no matter how innocuous my activities.
Please, don't start with this "if you have nothing to hide, you have nothing to worry about" utter crap. The next step to that is "if you have anything to hide, you're probably a pedophile" which you're already alluding to. No, we just don't like oxygen-wasting cretins sticking their nose into our lives. Considering such a vast number of people value their privacy in exactly the same way, this behavior is *natural*.
I make very little effort to hide my presence online. But if I did choose to, then by no means does anyone have any justification to suggest that there's something wrong with wanting to hide. It's part of the human condition - some people like being seen, being known, being pored over - some people prefer the exact opposite.
You might suggest this is an over-reaction, that you're merely pointing out that the internet isn't for people who want to hide. But the point is, it should be. You should be directing your energies to fixing the problem - not just throwing your hands up and saying 'don't bother trying to hide even if you want to'.
Naw, HTTPS only protects you against folks who don't already have the keys. You pretty much can't trust virtually any data communication that takes place on the internet. However, that doesn't mean stop doing stuff - it just means weigh the value of what you're doing against the expectation that the information is likely to be used against you. For example - the NSA may have my internet banking credentials - but am I worried they're going to steal my money? No - either 1) they don't need to, 2) if some rogue agent decided to, there are legal protection and insurance avenues I can take to regain my money, 3) if the government decided they needed to steal my money, then even them not having my internet banking credentials isn't going to stop them anyway.
I'm not an advocate for "if you have nothing to hide, you have nothing to worry about" at all. I'm just facing the realization that our government is completely morally corrupt, and outside of changing it by force, I can never protect my information online unless it's information I've encrypted and uploaded myself (and even then I'm still at risk if my OS is rooted or my encryption algorithm has a master algorithm). So, I weigh that knowledge against my activities and don't worry too much. If I was concerned about being identified, then you can protect yourself, but it largely involves not using your net connection, among other things.
That, and, they'll simply legislate against anything which removes their central control. It'll only be a matter of time before darknets are legislated against "for the children", at least those they haven't already entirely honeypotted.
"so he is at least partly motivated by greed" is a negative aspersion against him. I refered to this statement quite specifically. That the ultimate effect may be at least neutral has no bearing on the impropriety of your statement. Unless you have evidence that he's partially motivated by greed, then you can't build a case around that presumption. At best, you might say "he MAY be at least partially motivated by greed", but even then the rest of your statements about possible advantages for the company are at best supporting that hypothesis, rather than a being a defendable position of certainty.
Clicked on comments to come and see all the folks who'd make negative comments about him for this. You, among others, didn't disappoint.
There is no indication he's motivated by greed whatsoever, and it's either ignorant or wilfully destructive to cast such aspersions without some concrete evidence.
How is Dropbox not secure? Do you mean the client you have control of isn't secure? That's all the article is speaking of - they haven't found a way to steal your data from Dropbox unless they already have a secret from your PC.
In order to access your account, they need the secret host_id (which is generated per device and unique to that device) and host_int from your computer (although, if they already have host_id, they can get host_int from the server - so really, they only need host_id). Presuming they have access to your computer, they can use these keys to access your account. (ie, without actually having your password). If they already have access to your computer however - well, at this stage we're splitting hairs. Any software which stores your login credentials on your own computer is at best hiding an access method through obscurity.
The only way to avoid this is to require you to enter your password each time you want to sync your files. Same with Google Drive. Same with .. every piece of software that stores login credentials on the client. Calling DropBox "insecure" when you actually mean "as secure as any client-side auto-login software can be" is a misnomer.
A lot of the commentators in this article are mentioning "security through obscurity" as if the fact it doesn't work long-term should be some revelation to the Dropbox team, or that Dropbox has somehow dropped the ball through using this method. It's an unfair stance to take, considering that outside of hardware based platforms like TPM, *ALL* client-side software security is at best security through obscurity.
The only news here is that Dropbox is the latest fairly major player to have their client reverse-engineered. Obfuscation is merely a means of delaying the inevitable, and for all we know it has done it's job wonderfully. Plenty of other people may have tried to reverse-engineer the code before but gave up because of the complexity of the obfuscation. The fact that an 'adversary' has dedicated sufficient time and commitment to the effort is news to be sure, but the news shouldn't be turned into "Dropbox did a bad". Anyone with any reasonable experience in IT (which I'd hope most readers here have) should know by now that there are no means to secure software on a computer which someone has control of.
Fair enough, and I did mean to add to my original post (but was called away by work), that despite all my protestations regarding the strict legality of implied rights transferral or lack thereof, any case raised under these circumstances should certainly fail since they (Prenda) apparently used a form of distribution which will generally force downloaders to redistribute - as you have pointed out. In other words, no willful infringement. Still not sure I'd extend that to "implied permission", but I do understand the sentiment. :)
There's a false equivalency there using Fedex as the example. And equivalency would be if the ISP was being sued, but that's not the case.
The first part is correct, however - if you configured your client to not upload, or even if they can't prove you did upload it to anyone (ie, their bots didn't download it off you), then I agree whole-heartedly that in this scenario (where the copyright holder uploaded the content) that they have no case against you for downloading it.
The second part, that permission is implied for you to do the same, is incorrect, however. Unless you have prior permission from the uploader, you have no expectation that you have permission to redistribute the content. While many people distribute their content on BitTorrent purposefully, they generally do so either with express permission to redistribute (ie, a CC license), their own software doing that interaction (ie, Blizzard Downloader, with a TOU saying you won't reverse engineer their protocol), or a license forbidding re-distribution outside of the torrent from their private trackers (ie, downloading purchased HumbleBundle games via torrent). If content is copyrighted, then unless you have express permission to redistribute, you can't presume you do.
Nothing is implied by their distribution to you that you're permitted to redistribute it to other people. If I buy a game from EA, and they give me permission to download it, they're not giving me permission to then give that to other people. If they give away ten thousand copies of a game, they're still not giving permission for the receivers of those copies to redistribute them (outside of the first sale doctrine, where applicable). I can create a new video, and put it up on Youtube for an unlimited number of people to view and download, but I still retain full rights to that video, except the rights I have passed to Youtube (namely, you can read the legalese, when you upload a video to Youtube, you grant Google the permission to reproduce it on that site and distribute it, but these rights are not confered to people viewing the video).
I'm not saying I agree with how copyright law works in a digital age. I'm just pointing out that no matter how many people they allow to download something, that never infers a right for those downloaders to redistribute.
Submitted too early. To answer your second point - I never claimed torrenting was illegal. I said, torrenting something you don't have permission to torrent, is illegal. I download all my HumbleBundle games on BitTorrent. I download a fair number of open documentaries on BitTorrent. Etc. Twisting my statement that you're distributing somebody elses porn without permission into "all torrenting is illegal" is absurd, but you're in luck that plenty of the target audience here are teens who actually have no clue what they're talking about. For all I know, you could be one too.. :O
Except in that case, you're distributing WITH authorisation. You have explicit permission to distribute. A copyright holder making a torrent available may inadvertantly be permitting reproduction by you, but without explicit permission to redistribute, they're not saying you can share it with other people. When I buy a movie online and download it, I have explicit permission to receive that from the copyright holder. I don't have any permission to pass that on to anyone else.
*as you haven't contravened
Except, with torrenting, you're distributing without authorization. While they shouldn't be able to nab you on downloading it yourself, as you have contravened any rights of reproduction in taking your copy, you are violating the rights of distribution. Unless, you happen to only download from that single seed and never peer, although if their bots can download it off you, they can already prove you're violating copyright.
I believe your assessment of the determining factor to be wrong. Presumably, he was doing so under the purview of his employment - that being, he was sent out to sell them. Thus, he's authorized to distribute them. No matter what you thought about their legitimacy, if you can prove that his distribution to you was an authorized distribution, then you haven't fallen foul of copyright law. Furthermore, first sale doctrine applies here, and you could sell those same discs to other people (you just couldn't make copies of them). The onus on the prosecution would be to "prove intent to receive stolen goods" (which I'm not certain is even a federal crime on its own, but I'm sure they could get you on some 'conspiracy to commit criminal enterprise' law). However proving that intent would be difficult. You'd have to have very specific audio statements alluding to that. OPs scenario was that the discs appear genuine.
Right, but the article isn't "Ubuntu Edge now most backed escrowed campaign". It's claiming it's the biggest crowd-funded campaign, which it's clearly not. Although, it's not Star Citizen either. I believe World War II takes out that title. $185.7 billion in un-adjusted crowd-funded dollars.
http://en.wikipedia.org/wiki/South_Korean_won
Just because I know this information is vitally important to the continuation of the species, this quote was misattributed to Twain 20 years after he died. Extensive research on the phrase: http://quoteinvestigator.com/2012/06/09/urge-to-exercise/
$25 million has gone to IBM. This means the Qld government has wasted the other $1.175 billion on 'consulting', 'implementation' and 'training'. IBM is just a scapegoat here for the state government's incredible incompetence in, really, everything they touch.
FTWA:
HeLa cells have a modal chromosome number of 82, with four copies of chromosome 12 and three copies of chromosomes 6, 8, and 17. As these are cancer cells, orderly cell division does not take place. Therefore the number of chromosomes they have can vary considerably, even within a single culture.
We can be sure it's useful because it's been used successfully for trials since 1951. I know reading the article is passe, but this is in the summary. Here's a Wikipedia article if you'd like to know more. http://en.wikipedia.org/wiki/HeLa Additionally - the fact it IS a cancerous cell line is extremely useful in testing involving cancer drugs.
Right and wrong. If you're narrowing the definition to the source, you're correct, however if your brain interprets what it sees in three dimensions, then you're seeing 3D. Or simply: Projected Image - not 3D. Visualised image - 3D.
I see - yes, those comments do seem extremely petty in the context of what is a fairly remarkable feat of dedication, and certainly to the individual involved would be a major milestone.
There was no attempt at humor in my post. BTW, the person I just referenced who built one in his basement is both a geek and a Slashdotter, so really not sure what point you're trying to make? That french waiters, private pilots, AND geeks, have the same potential technical prowess? That's exactly what I was pointing out - this isn't really news as it's been done by a large variety of people already. Pretty much anyone with the time, money and passion could throw this together. But all you're pointing out is it takes a Frenchman to displace his son in the process..
But haven't dozens of people already done this over the years? For example - http://tech.slashdot.org/story/12/04/18/2036248/man-builds-737-simulator-in-a-garage
I had a good friend who was the chief engineer for a major multi-national telecommunications company, who laid out around half a million building a fully functional 747 cockpit in his basement - and that was back in '99. Even had a seat and controls for the navigator.
I use the cloud for data backups extensively, however the data I upload I've already encrypted myself. I always considered this the only sane way to use cloud data storage securely. The author is either an idiot or a plant. More encryption IS the answer.