I'm not sure I buy that first part, given that no online service is ever going to be 100% secure.
Reasonable care would imply robustly isolating transaction processing systems and user accessible systems from systems that store primary account numbers such as credit card/bank account numbers from online/public access systems such as the internet, or the playstation network.
Reasonable care would include complying with PCI requirements, relating to auditing, security practices, separation of computer systems by role, and enforcing strong unique access credentials for users and systems.
So that a compromise of the publicly accessible network cannot lead to compromise of the account numbers.
This is highly doable. The only commands/services the PSN/publicly accessible servers need from account servers is a command to "add a new account number" to the database linked to a certain customer,
a command to "erase an account number", a command to list privacy-filtered summary to display a 'delete' user interface,
and a command "authorize/charge a transaction to account number" (without revealing what the number actually is to the transaction processing server).
Because of that, the complaint alleges, Sony did not allow its customers 'to make an informed decision as to whether to change credit card numbers, close the exposed accounts, check their credit reports, or take other mitigating actions.'"
Normally to sue a corporation over claimed negligence; you actually have to show that you were harmed.
Meaning, the plaintiff will probably have to show his inability to take mitigating actions due to Sony's negligence
actually resulted in a loss or damages.
I suspect that will be difficult to pull off, unless his CC account was hacked / fraud was committed against him already
as a result of the intrusion into Sony's network.
As for damages related to 'closing the account'.... if he were taking mitigating action, he would have to incur that loss
regardless of whether Sony informed him earlier or not.
Now his bank and the payment card industry should be the ones taking the strongest stance against Sony;
since it's the banks that most immediately bear the cost of fraud (due to policy of $0 liability for unauthorized account use;
once the account owner identifies the transactions as fraudulent).
Not only is cooperation from the phone company not required, but
the phone company doesn't get to know when it's being used,
and has no technical means to stop it or prevent it.
It's a legal requirement that the government is given the means to tap
at will, and a legal requirement that their tapping cannot be discovered.
That's what is happening when telecom/network equipment vendors are touting the "lawful intercept" feature
compliance of their latest product models.
More than 50 detainee reports refer to the Casio timepieces. The records of 32 detainees refer to the black Casio F-91W, while a further 20 make reference to the silver version, the A-159W.
It's not silly at all. But it's not the reason they arrested them either.
They could make reports about what kind of socks detainees are wearing and find 100 wearing black brand X socks and 30 wearing silver brand X socks.
That doesn't make it any less silly to characterize detainees by type of sock.
The association with the watches and being terrorist is just a heuristic guest/wild speculation,
unless they can actually compare/characterize Casio F91W/A159W ownership rates among terrorists versus the general population.
I'd say the bigger question is what is it about THAT watch that makes it attractive?
The low price the unit sells for ~$7.50? Water resistance? Reliability?
The fact it has a calendar and daily alarm function?
My hunch:
I doubt the explosives people are hacking into timing circuits; it's probable they are doing something
simpler like gluing the alarm speaker to something vibration sensitive, or attaching leads to alarm
outputs on the watches.
And honestly, why should they (ARIN) have the right? I'm sure HP considered their second/8 when they bought Digital (at least I think that's who they got it from)...why should they now be forced to give them away for free?
It doesn't matter how they got it; the RIR the address space lives in should be raising the justified need question -- and if they're not utilizing it, it should be reclaimed. Even if HP had never bought DEC, this question could and should be raised with regards to the/8 and all/8 assignments that were issued before the internet migration to CIDR.
Why does everything have to be monetized? Why can't ARIN just reclaim blocks that are not well utilized and reissue them? Does HP really need two/8 blocks?
Maybe ARIN can just reclaim blocks, that are not "well utilized", but you'll need to explain how you want it to work.
Once you make a proposal, then ARIN can either accept it, or the community will have explained why the proposal cannot work.
If you want ARIN to reclaim blocks, subscribe to the policy mailing list ARIN-PPML and champion your policy proposal that will result in ARIN reclaiming blocks; follow the ARIN PDP to submit a formal proposal. Build consensus; if people on the mailing list agree with you, your proposal might become policy.
Be prepared to show up in person at an ARIN meeting to defend your proposal, explain, and justify, as required by the policy development process.
You'll need to provide a proposal for exactly how the reclaiming process should work, what should be subject to reclamation,
and address any major concerns.
If you can't even do that -- then the reason ARIN "can't" "just reclaim blocks", is that noone has provided a reasonable acceptable policy proposal that permits ARIN to accomplish it .
The extent of your ability, motivation to perform, and luck in that sitting of the IQ test.
The degree of correlation of IQ score from a sitting in an IQ test to intelligence versus correlation of IQ score to other factors remains an open question; with now this reminder that 'motivation' is a factor that influences the score when taking almost any test.
Wake me up, when you have directions for making a urine-powered car.
Bourbon is more expensive per BTU than gasoline.
And there is a Federal excise tax that applies to distilled liquors such as bourbon.
The current rate is $13.50 per proof gallon
So at approximately 50% ABV, you pay $6.75 per gallon just in taxes to the feds.
Probably a couple more $$, so the producer can actually earn some money?
I agree.. As their punishment; the court should order Sony to turn over all intellectual property related to the PS3 hardware and firmware to the public domain, together with all source code, and full rights granted to the public in perpetuity.
Abuse your customer; misuse your government granted patent and copyrights, then lose those special rights.
They've got 1760 PS3's in a supercomputer cluster (http://www.physorg.com/news/2010-12-air-playstation-3s-supercomputer.html) I wonder what happens there if they ever need an update or want to add more nodes?
You think they lack the expertise to reverse engineer Sony's software and hack around any new restrictions?
It's also probable (more likely) they got a special deal with Sony to supply the hardware in a state suitable to them.
Sure, techies may only be a small percentage of total buyers but even if its only 1 or 2% thats still a lot of sales money for Sony to lose to its competitors.
There's another factor.... many techies do have friends and will tell them something about Sony and the PS3 or PS4.
If the techie doesn't like Sony, it probably won't be a very positive message that the friends get told.
Techies might influence non-techie friends to buy something else instead; especially after giving glowing recounts of their experience with the Xbox, versus the PS3, an expensive brick.
Just curious, can you give examples for Amazon's and Apple's removed features?
Text to speech.
It used to be a feature of all books. At the behest of a certain publisher monopoly (who wants to charge extra for 'audio books'); Amazon turned removed the feature for any publisher who decided after the fact they wanted the feature removed.
This will be a lively discussion. I think it's a great move. Should get the backpack mass down.
Only if the School mandates all Textbooks must be available as eBooks for the iPad2,
and they actually ban backpacks, requiring students to only bring an 'iPad carrier'
with a small pouch for pens and pencils.
Wireless Security is no longer an academic problem; as we can see from the article, it's now going beyond miscreants merely stealing access/internet bandwidth, or possibly pirating/illegal activities using the internet connection.
This goes to more serious crimes that more severely impact the operator of the network connected to the wireless AP.
SMBs can no longer safely dismiss wireless security with excuses such as "only a real expert hacker could break in anyways; there's no harm anyone's actually going to do; etc".
With money to be made breaching networks, practitioners of one of the oldest professions in the world, will be learning to breach insecure WiFi networks, to ply their trade of stealing....
More so, the more credit card computers get plugged into LANs without at least isolation from the wireless segment.
Now they can justify raising rates to... recapitalize for infrastructure upgrade, and includes several hundred million to... retain... talent in the... company managerial class. Frankly I would be surprised if nobody saw that one coming.
No. Their customers would jump ship to other providers who have better built out networks, and then the problem would solve itself (fewer users = fewer bandwidth issues).
Their filing with the FCC is going to be used as justification for buying out other providers (T-Mobile, Verizon, and Sprint) to "improve" ATT's network.
The more important question is, how exactly does one "choose" a green energy source. I don't know about other parts of the world, but up here in Canada we generally only have one choice of power provider. We don't get to shop around for which power plant we want to produce our power. I guess if you are big enough to be able to "choose a location for the new datacenter" then you kinda can... but for the large majority of users not so much.
It's not like their power is being wasted or there is a massive surplus of clean energy being generated that goes to waste.
If your company uses power from that "clean" source, then that means someone else has to get their electricity from another source.
Unless of course... you're suggesting that companies pay extra for their electricity on condition of it being clean to ensure it's made artificially more profitable for a clean source to produce that electricity.
First, the ISP takes down the content. Next, they send a note to the account holder who uploaded the content informing them of the DMCA action.
First the content/hosting provider takes down content.
Sometimes copyright owners will send letters to the ISP, but the ISP is not required to act to maintain DMCA 512(a) safe harbour protection related to the user's internet connection or traffic passing through their network not stored by the ISP.
ISPs that only route packets, without storing or caching data, have a different safe harbor, the 512(a) safe harbour -- one that does not have a "DMCA letter" process, or require the ISP to perform a takedown to maintain liability protection; if the infringing content is not stored on the ISP's computers, the ISP is protected from liability under 512(a), even if they receive and don't act on DMCA takedown letters for content they do not cache.
There are two different safe harbour provisions in the DMCA; one for ISPs, and one for hosting/information providers.
512(b) apply to providers that cache data and hosting providers that store data for users, and 512(c) takedown provisions
apply to that second safe harbor.
If they locked the door but left open a window, I want to know. And I want to know how open that window was left.
Sometimes leaving the window ajar is a good idea, if you don't want the thief to smash the window on the way in.
I'm not sure I buy that first part, given that no online service is ever going to be 100% secure.
Reasonable care would imply robustly isolating transaction processing systems and user accessible systems from systems that store primary account numbers such as credit card/bank account numbers from online/public access systems such as the internet, or the playstation network.
Reasonable care would include complying with PCI requirements, relating to auditing, security practices, separation of computer systems by role, and enforcing strong unique access credentials for users and systems.
So that a compromise of the publicly accessible network cannot lead to compromise of the account numbers.
This is highly doable. The only commands/services the PSN/publicly accessible servers need from account servers is a command to "add a new account number" to the database linked to a certain customer, a command to "erase an account number", a command to list privacy-filtered summary to display a 'delete' user interface, and a command "authorize/charge a transaction to account number" (without revealing what the number actually is to the transaction processing server).
Because of that, the complaint alleges, Sony did not allow its customers 'to make an informed decision as to whether to change credit card numbers, close the exposed accounts, check their credit reports, or take other mitigating actions.'"
Normally to sue a corporation over claimed negligence; you actually have to show that you were harmed.
Meaning, the plaintiff will probably have to show his inability to take mitigating actions due to Sony's negligence actually resulted in a loss or damages.
I suspect that will be difficult to pull off, unless his CC account was hacked / fraud was committed against him already as a result of the intrusion into Sony's network.
As for damages related to 'closing the account'.... if he were taking mitigating action, he would have to incur that loss regardless of whether Sony informed him earlier or not.
Now his bank and the payment card industry should be the ones taking the strongest stance against Sony; since it's the banks that most immediately bear the cost of fraud (due to policy of $0 liability for unauthorized account use; once the account owner identifies the transactions as fraudulent).
Not only is cooperation from the phone company not required, but the phone company doesn't get to know when it's being used, and has no technical means to stop it or prevent it.
It's a legal requirement that the government is given the means to tap at will, and a legal requirement that their tapping cannot be discovered.
That's what is happening when telecom/network equipment vendors are touting the "lawful intercept" feature compliance of their latest product models.
Finally you get to know what those svchosts are actually doing.
Maybe some day Redhat will add a PS command option to show what those xinetd instances are doing.
(J/K)
In theory, yes. But when the difference between guantanamo or not is a cheap casio watch, then things are very different.
Yes, but we have to hand it to them.... at least Casio watch ownership is not 'racial profiling'.
Although it might be proportionally unfair to people who can only afford cheap watches.
It's not silly at all. But it's not the reason they arrested them either.
They could make reports about what kind of socks detainees are wearing and find 100 wearing black brand X socks and 30 wearing silver brand X socks.
That doesn't make it any less silly to characterize detainees by type of sock.
The association with the watches and being terrorist is just a heuristic guest/wild speculation, unless they can actually compare/characterize Casio F91W/A159W ownership rates among terrorists versus the general population.
I'd say the bigger question is what is it about THAT watch that makes it attractive?
The low price the unit sells for ~$7.50? Water resistance? Reliability? The fact it has a calendar and daily alarm function?
My hunch: I doubt the explosives people are hacking into timing circuits; it's probable they are doing something simpler like gluing the alarm speaker to something vibration sensitive, or attaching leads to alarm outputs on the watches.
Ok, fair enough, you get to sell 192.168.0.0/16. But I call dibs on 240.0.0.0/8.
ERR. I call dibs on 240.0.0.0/4
I could sell the entire 192.168.x.x domain. If it wasn't unroutable, therefore worthless on the inert net, that is...
Ok, fair enough, you get to sell 192.168.0.0/16. But I call dibs on 240.0.0.0/8.
Now selling at $15/ip address
And honestly, why should they (ARIN) have the right? I'm sure HP considered their second /8 when they bought Digital (at least I think that's who they got it from)...why should they now be forced to give them away for free?
It doesn't matter how they got it; the RIR the address space lives in should be raising the justified need question -- and if they're not utilizing it, it should be reclaimed. Even if HP had never bought DEC, this question could and should be raised with regards to the /8 and all /8 assignments that were issued before the internet migration to CIDR.
Why does everything have to be monetized? Why can't ARIN just reclaim blocks that are not well utilized and reissue them? Does HP really need two /8 blocks?
Maybe ARIN can just reclaim blocks, that are not "well utilized", but you'll need to explain how you want it to work. Once you make a proposal, then ARIN can either accept it, or the community will have explained why the proposal cannot work.
If you want ARIN to reclaim blocks, subscribe to the policy mailing list ARIN-PPML and champion your policy proposal that will result in ARIN reclaiming blocks; follow the ARIN PDP to submit a formal proposal. Build consensus; if people on the mailing list agree with you, your proposal might become policy .
Be prepared to show up in person at an ARIN meeting to defend your proposal, explain, and justify, as required by the policy development process. You'll need to provide a proposal for exactly how the reclaiming process should work, what should be subject to reclamation, and address any major concerns.
If you can't even do that -- then the reason ARIN "can't" "just reclaim blocks", is that noone has provided a reasonable acceptable policy proposal that permits ARIN to accomplish it .
The extent of your ability, motivation to perform, and luck in that sitting of the IQ test.
The degree of correlation of IQ score from a sitting in an IQ test to intelligence versus correlation of IQ score to other factors remains an open question; with now this reminder that 'motivation' is a factor that influences the score when taking almost any test.
Wake me up, when you have directions for making a urine-powered car.
Bourbon is more expensive per BTU than gasoline. And there is a Federal excise tax that applies to distilled liquors such as bourbon. The current rate is $13.50 per proof gallon
So at approximately 50% ABV, you pay $6.75 per gallon just in taxes to the feds. Probably a couple more $$, so the producer can actually earn some money?
I agree.. As their punishment; the court should order Sony to turn over all intellectual property related to the PS3 hardware and firmware to the public domain, together with all source code, and full rights granted to the public in perpetuity.
Abuse your customer; misuse your government granted patent and copyrights, then lose those special rights.
They've got 1760 PS3's in a supercomputer cluster (http://www.physorg.com/news/2010-12-air-playstation-3s-supercomputer.html) I wonder what happens there if they ever need an update or want to add more nodes?
You think they lack the expertise to reverse engineer Sony's software and hack around any new restrictions?
It's also probable (more likely) they got a special deal with Sony to supply the hardware in a state suitable to them.
Sure, techies may only be a small percentage of total buyers but even if its only 1 or 2% thats still a lot of sales money for Sony to lose to its competitors.
There's another factor.... many techies do have friends and will tell them something about Sony and the PS3 or PS4. If the techie doesn't like Sony, it probably won't be a very positive message that the friends get told.
Techies might influence non-techie friends to buy something else instead; especially after giving glowing recounts of their experience with the Xbox, versus the PS3, an expensive brick.
Just curious, can you give examples for Amazon's and Apple's removed features?
Text to speech.
It used to be a feature of all books. At the behest of a certain publisher monopoly (who wants to charge extra for 'audio books'); Amazon turned removed the feature for any publisher who decided after the fact they wanted the feature removed.
Therefore, I can't even tell you how many miles we walked in the blazing sun, uphill, both ways!
Were there not enough lesser nations to take the necessary numbers from?
This will be a lively discussion. I think it's a great move. Should get the backpack mass down.
Only if the School mandates all Textbooks must be available as eBooks for the iPad2, and they actually ban backpacks, requiring students to only bring an 'iPad carrier' with a small pouch for pens and pencils.
Why in my day, we had to buy our own graphing calculators — in the snow, both ways, uphill!
Why in my day, graphing calculators had not yet been developed. We had to buy our own abacus for a few month's pay.
And row our little pirogue through marshland 5 miles to school every day in the rain, upstream, both ways!
Wireless Security is no longer an academic problem; as we can see from the article, it's now going beyond miscreants merely stealing access/internet bandwidth, or possibly pirating/illegal activities using the internet connection.
This goes to more serious crimes that more severely impact the operator of the network connected to the wireless AP.
SMBs can no longer safely dismiss wireless security with excuses such as "only a real expert hacker could break in anyways; there's no harm anyone's actually going to do; etc".
With money to be made breaching networks, practitioners of one of the oldest professions in the world, will be learning to breach insecure WiFi networks, to ply their trade of stealing....
More so, the more credit card computers get plugged into LANs without at least isolation from the wireless segment.
Now they can justify raising rates to... recapitalize for infrastructure upgrade, and includes several hundred million to... retain... talent in the... company managerial class. Frankly I would be surprised if nobody saw that one coming.
No. Their customers would jump ship to other providers who have better built out networks, and then the problem would solve itself (fewer users = fewer bandwidth issues).
Their filing with the FCC is going to be used as justification for buying out other providers (T-Mobile, Verizon, and Sprint) to "improve" ATT's network.
The more important question is, how exactly does one "choose" a green energy source. I don't know about other parts of the world, but up here in Canada we generally only have one choice of power provider. We don't get to shop around for which power plant we want to produce our power. I guess if you are big enough to be able to "choose a location for the new datacenter" then you kinda can... but for the large majority of users not so much.
It's not like their power is being wasted or there is a massive surplus of clean energy being generated that goes to waste. If your company uses power from that "clean" source, then that means someone else has to get their electricity from another source.
Unless of course... you're suggesting that companies pay extra for their electricity on condition of it being clean to ensure it's made artificially more profitable for a clean source to produce that electricity.
First, the ISP takes down the content. Next, they send a note to the account holder who uploaded the content informing them of the DMCA action.
First the content/hosting provider takes down content.
Sometimes copyright owners will send letters to the ISP, but the ISP is not required to act to maintain DMCA 512(a) safe harbour protection related to the user's internet connection or traffic passing through their network not stored by the ISP.
ISPs that only route packets, without storing or caching data, have a different safe harbor, the 512(a) safe harbour -- one that does not have a "DMCA letter" process, or require the ISP to perform a takedown to maintain liability protection; if the infringing content is not stored on the ISP's computers, the ISP is protected from liability under 512(a), even if they receive and don't act on DMCA takedown letters for content they do not cache.
There are two different safe harbour provisions in the DMCA; one for ISPs, and one for hosting/information providers. 512(b) apply to providers that cache data and hosting providers that store data for users, and 512(c) takedown provisions apply to that second safe harbor.