Rep. Curt Weldon : Thank you. Let me see if I can liven things up here in the last couple of minutes of the luncheon. First of all, I apologize for being late. And I thank Bob and the members of the caucus for inviting me here.
...
But the point is that when John Hamre briefed me, and gave me the three key points of this change, there are a lot of unanswered questions. He assured me that in discussions that he had had with people like Bill Gates and Gerstner from IBM that there would be, kind of a, I don't know whether it's a, unstated ability to get access to systems if we needed it. Now, I want to know if that is part of the policy, or is that just something that we are being assured of, that needs to be spoke. Because, if there is some kind of a tacit understanding, I would like to know what it is.
Because that is going to be subjected to future administrations, if it is not written down in a clear policy way. I want to know more about this end use certificate. In fact, sitting on the Cox Committee as I did, I saw the fallacy of our end use certificate that we were supposedly getting for HPCs going into China, which didn't work. So, I would like to know what the policies are. So, I guess what I would say is, I am happy that there seems to be a comming together. In fact, when I first got involved with NSA and DOD and CIS, and why can't you sit down with industry, and work this out. In fact, I called Gerstner, and I said, can't you IBM people, and can't you software people get together and find the middle ground, instead of us having to do legislation.
Rep. Curt Weldon: Thank you. Let me see if I can liven things up here in the last couple of minutes of the luncheon. First of all, I apologize for being late. And I thank Bob and the members of the caucus for inviting me here.
...
But the point is that when John Hamre briefed me, and gave me the three key points of this change, there are a lot of unanswered questions. He assured me that in discussions that he had had with people like Bill Gates and Gerstner from IBM that there would be, kind of a, I don't know whether it's a, unstated ability to get access to systems if we needed it. Now, I want to know if that is part of the policy, or is that just something that we are being assured of, that needs to be spoke. Because, if there is some kind of a tacit understanding, I would like to know what it is.
Because that is going to be subjected to future administrations, if it is not written down in a clear policy way. I want to know more about this end use certificate. In fact, sitting on the Cox Committee as I did, I saw the fallacy of our end use certificate that we were supposedly getting for HPCs going into China, which didn't work. So, I would like to know what the policies are. So, I guess what I would say is, I am happy that there seems to be a comming together. In fact, when I first got involved with NSA and DOD and CIS, and why can't you sit down with industry, and work this out. In fact, I called Gerstner, and I said, can't you IBM people, and can't you software people get together and find the middle ground, instead of us having to do legislation.
Modify the Slashcode to require Anonymous posters and registered users with low Karma to have their posts/replies approved by any user with a Excellent or greater Karma rating before the posts/replies become visible to anyone with less than Great Karma rating. Also have the following Slashdot moderation process affect the karma of the users who approved the posts.
Just trial it for a couple of months and see the difference it will make.
We have been told that because others in the West - and their advocates are here tonight - carry the fearful burden of a defence which terrorises as much as the threat it counters, we too must carry that burden. We are actually told that New Zealanders cannot decide for themselves how to defend New Zealand, but are obliged to adopt the methods which others use to defend themselves.
Lord Carrington [the Secretary-General of NATO] made a case in Copenhagen recently against the creation of nuclear weapon free zones. He argued that if the people of the United States - as advocated by my friend over there - found themselves bearing the burden alone, they would tire of bearing it. Now that is exactly the point. Genuine agreement[s] about the control of nuclear weapons do not cede the advantage to one side or the other: they enhance security, they do not diminish it. And if such arrangements can be made, and such agreements reached, then those who remain outside those arrangements might well and truly tire of their insecurity. They will reject the logic of the weapon and they will assert their essential humanity. They will look for arms control agreements which are real and verifiable.
Since the ISPs are complaining about their lack of competence to deal with the coming flood of content...
Once solution is to have all the broadband customers install/use wireless routers that can interconnect as many as possible to a geo-local area ( your local neighbourhood ) virtual private network that shares the bandwidth load for bulk content distribution across multiple customer to ISP connections. If N users wish to fetch the same content, each person only need to download 1/N of the content, using neighbourhood network to swap the different parts. Think of it as a neighbourhood bittorrent.
This could be set up/managed as a web service, with the client P2N2P ( Peer to Neighbourhood to Peer ) software running on each users computer ( or running as a proxy service on the wireless routers ), via managed a multi platform subscription aggregation client such as Miro 2.0 Open internet TV.
The service could operate like this:
1) Via a website or web2.0 interface, people create content "channels" which are a list of URIs ( HTTP/FTP/TORRENT) of content with descriptions, just like podcasts.
2) The service would then fetch the content, on demand and store the content temporarily on its host/distribution site. The host service would do sharing via torrent, so uploading is not done by the Neighbourhood Peers.
3) The service would hold the content and distribute it to P2N2P clients so that the content can be recombined via a local Neighbourhood VPNs.
4) Each piece of content itself be encrypted at the URI source, so the service need not hold the keys, to deal with any concerns over end use privacy issues.
5) The subscription aggregation client could incorporate and distribute advertising as a means of paying for hosting the service.
Network Neutrality : Two question for the great debate. In California there was an outrage when it was disclosed that electricity companies had deliberately idled plants while supplies were tight and then waited for prices to skyrocket on the spot market. If the current Internet network infrastructure provided by the backbone providers and Internet service providers can currently support much higher speeds and data quantities to current customers, then is the act of packet filtering and setting arbitrary low speed and data caps also effectively providing an "idled" service? Is a tiered Internet service, where content providers would be effectively competing on a similar market to the electricity "spot market", a market based entirely on Artificial Scarcity?
"The patent offices' decision has no preclusive effect on a court, and there are indeed cases where the patent office made a decision in a re-examination supporting a patent and a court later looked at the same exact issue, disagreed with the PTO, and found the patent invalid,"
Dan Ravicher, PUBPATs executive director and founder ( From Groklaw )
1. Microsoft, as a corporate entity would only need to supply a witness with sufficient relevant knowledge and/or duties relating to the patents....
No. If you name an individual for deposition, then the Judge is not going to look to kindly to Microsoft sending substitute, especially if that substitute did not have anything to do with the patent at the time of filing.
2. Scare tactic, unless you're bringing charges
That statement is pretty rich, given the lack of quality of Microsoft's patents is using against TomTom. However, this scare is not against Microsoft the corporation but the individual's being depositioned. Also your assuming that current administration will not change the USPTO perjury prosecution policy. US SEC prosecutions have laps over the last decade, but many more prosecutions for fraud are now proceeding.
Honestly, I'm not all that interested in seeing small fry Microsoft employees being prosecuted for a federal crime, but a few cases against so called "inventors" of obvious patent would do a lot to start cleaning up the massive multi billion dollar fraud perpetuated against the USPTO.
Ideally we need the USPTO to offer up an amnesty against the named inventors. IF any named inventor has been made aware of or "discovered" that there was existing prior art at the time of patent filing or a named invention was obvious ( Including multiple independent implementations before the patent was full disclosed ) THEN any of the inventors named in the patent should be able contact the USPTO and rescind the patent OR risk possible prosecution.
3. Bob the fat32 intern...
See answer to #1 above.
4. Client attorney privilege is pretty much regarded as sacred,
Only to the lawyer, not to the client. And the lawyers in question represent Microsoft not the individual client being depositioned. The client is not under any legal obligation not to disclose what Microsoft's lawyers said to him, or any correspondence including any written memos or emails. Microsoft's lawyer's apparently love memos.
......Profit?
Yes, via Publicity increasing TomTom's public profile leading to more sales.
IANAL but IMHO, TomTom's lawyers should:
1) request to deposition all the individual inventors named in the patents;
2) inform the inventors that they should have independent legal representation,
since submitting false claims to the USPTO is perjury, a federal crime in the USA;
3) at the deposition really closely grill each inventor over each patent's prior art and obviousness;
4) then ask the inventors what advice Microsoft's patent department and lawyers gave to the inventors regarding each patent's prior art and obviousness
( Lawyer client confidentiality is not necessarily a two way street );
5) start building a case for the disbarment of any of Microsoft's lawyers who
gave any advice or prodding to the inventors to ignore existing prior art and
obviousness;
6) re-write many Microsoft's patent claims in technical English
( removing legal patent jargon ) and publish the result;
7) put out a call to the technical community for written and signed
statements regarding the obvious nature of the patent claims;
8) fully publicise the outcomes of steps 1-7.
When Microsoft sold Xenix to the Santa Cruz Operation ( Not the current SCO Group ), wasn't there a Non-compete clause in the agreement? I thought that Microsoft was not allowed to sell any Unix based operating system - and that would include any NetBSD derivative.
"In place of MusicSentry, the RIAA says it will use Copenhagen-based DtecNet Software ApS. The music industry had worked with DtecNet previously both in the U.S. and overseas, and liked its technology, said RIAA spokesman Jonathan Lamy."
So the RIAA is already paying a foreign company to spy on Americans internet usage in the USA? Isn't that in violation of some state or federal privacy/computer intrusion legislation?
From June 14 2002 Is is about time that the government...
1) set up a minimum set of expectations, in the design and implementation of internet "accessing" software ; and
2) ensure that all deployments are more securely implemented ; and/or
3) remove inherently unsecure products from the marketplace.
Governments, organizations and individuals are becoming increasingly concerned about software compatibility, conflicts and the possible existence of spyware in the software applications they use. If you have access to the source code, then you can check it and compile it for yourself. This is not an option for closed source proprietary applications, and not everyone has the resources to check each line of source code. One solution for these issues is to employ a trusted third party, separate from the application developer, who is tasked with maintaining a trusted build environment, to build the binaries from source code. The Trusted Build Agent (TBA) would hold the source to each build in escrow, releasing the source code for only open source licensed code. Competing businesses providing a TBA service in a free market would compete with each other in not only price and level of certification, but also on the ability to detect hostile, vulnerable, incompatible or just plain buggy source code. You could request a trusted build from multiple TBAs test the ability to detect defects. Defects would be reported back to the application developers, along with any patches and suggestions that provide a fix. To a lesser extent, most Linux distributions and other operating system vendors that build and redistribute open source licensed code already provide this role.
Ubuntu Unpatched 0, Microsoft Unpatched 6 + Apps
on
Botnets As "eWMDs"
·
· Score: 1
Ubuntu: There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied. Remember that Ubuntu stats include the ALL the applications and servers in the Ubuntu repository.
Vista:SIX Unpatched which for Microsoft means ONLY the operating system, If,like Ubuntu, you included Microsoft's Office suite , Browser (IE7 has 6 Unpatched ), Email, servers ( SQL Server 7 has two Unpatched ) and other software vulnerabilities it would be a lot more.
And while The most severe unpatched Secunia advisory affecting Microsoft Windows Vista, with all vendor patches applied, is rated Less critical The most severe unpatched Secunia advisory affecting Microsoft Internet Explorer 7.x, with all vendor patches applied, is rated Moderately critical and The most severe unpatched Secunia advisory affecting Microsoft SQL Server 7, with all vendor patches applied, is rated Highly critical.
No stats.Just vulnerabilty list Microsoft no fix
on
Botnets As "eWMDs"
·
· Score: 1
In Vista, for example, that include SIX unpatched vulnerabilities that include information disclosure, denial of service and escalation of privilege ( the latter disclosed just under seven months ago 2008-04-18 ).
Microsoft desktop == Abetting Terrorists?
on
Botnets As "eWMDs"
·
· Score: 2, Insightful
These are all unpatched widely known vulnerabilities, and are only the ones in Microsoft's own product. Consider all the third party vulnerabilities, in downloadable codecs for example, that the design of Microsoft's platforms makes it so easy for crackers to exploit.
1) Any patent lawsuit against a user of a software component used by major vendors will automatically result in those vendors lending legal support to reduce the chance that their own customers will also end up being sued. 2) Any patent lawsuit costs the suing party at least several hundred thousand dollars.
3) Any patent put before the courts is at very great risk of being destroyed by prior art.
4) Any payout awarded from a single end user has to be in proportion to value of the patented technology. The value of a single instance will could only be measured in hundreds of dollars, not coming close to covering the costs of the lawsuit to the plaintiff.
5) Patent lawsuits take six years to over a decade to work it's way though appeals.
6) Developers will release new software using a method that circumvents the patent in question within two months. This will be quickly adopted and by the time the first patent case is resolved there will be no further customers for the patent holder to sue.
7) The outrage generated in taking out a case against any open source will result in Groklaw [groklaw.net] and other groups putting the suing party and their lawyers under the closest scrutiny. You will not believe the level of bad publicity, let alone the the amount of prior art, dirty business practices, and legal suspect practices and even violation of statutes that will be uncovered.
Lastly to quote Pulp Fiction, and then "we are going to get medieval on your ass."
Any IP case against users of open source puts the attacker at a far greater risk.
What now? Let me tell you what now. IBM will call a coupla hard, case-hittin' lawyers, who'll go to work on the trolls here with a combination of prior art and counter suits.
... the Sunday Herald understands that a hacker from India - new to the world of cyber-crime - succeeded in bypassing the system's security software and placing a Trojan virus on one of the Best Western Hotel machines used for reservations. The next time a member of staff logged in, her username and password were collected and stored.
"Large corporate companies rely on anti-virus products to protect their infrastructure, but the problem with this approach is that these products only detect around 60% of threats out there. In the right hands, viruses can easily bypass these programs, as was the case here," explained Erasmus.
Those Large corporate companies rely on anti-virus products to protect Microsoft OS desktops. There is no equivalent Linux plague of viruses in the wild to be concerned about. Even the threat to MacOSX based desktops systems is minute in comparison to the Millions of Microsoft-targeting virus out in the wild.
Microsoft's most widely deployed platform and applications have not been secured. The XP platform has still has 30 unpatched vulnerabilities, the latest version of Internet Explorer still has 10 unpatched vulnerabilities, and Outlook 2003 ( the most widely deployed business version of Outlook ) still has one vulnerability outstanding from . Microsoft Office 2003, still the most widely deployed version of Office, has four outstanding vulnerabilities which put the desktop at high risk of being infected. These are all unpatched widely known vulnerabilities, and are only the ones in Microsoft's own product, not to mention all the third party vulnerabilities, in downloadable codecs for example, that the design of Microsoft's platforms makes it so easy for crackers to exploit.
In comparison, all of the major Linux based distros have an excellent record of closing known vulnerabilities within days if not hours, before the holes get a chance to be exploited. Also SELinux is becoming more widely deployed to secure applications against such threats.
Fact: Using a Microsoft based desktop put you a far high risk of being hack than either a Linux or Mac based desktop.
Slashdot Mirror
CIA slipped bugs to Soviets
Re: Administration's new encryption policy.
Date: September 28, 1999.
Weldon statement.
Re: Administration's new encryption policy.
Date: September 28, 1999.
Weldon statement.
"Consultancy" explained in 7 minutes!
Just trial it for a couple of months and see the difference it will make.
DAVID LANGE, Oxford Union debate, 1985
Once solution is to have all the broadband customers install/use wireless routers that can interconnect as many as possible to a geo-local area ( your local neighbourhood ) virtual private network that shares the bandwidth load for bulk content distribution across multiple customer to ISP connections. If N users wish to fetch the same content, each person only need to download 1/N of the content, using neighbourhood network to swap the different parts. Think of it as a neighbourhood bittorrent.
This could be set up/managed as a web service, with the client P2N2P ( Peer to Neighbourhood to Peer ) software running on each users computer ( or running as a proxy service on the wireless routers ), via managed a multi platform subscription aggregation client such as Miro 2.0 Open internet TV.
The service could operate like this:
1) Via a website or web2.0 interface, people create content "channels" which are a list of URIs ( HTTP/FTP/TORRENT) of content with descriptions, just like podcasts.
2) The service would then fetch the content, on demand and store the content temporarily on its host/distribution site. The host service would do sharing via torrent, so uploading is not done by the Neighbourhood Peers.
3) The service would hold the content and distribute it to P2N2P clients so that the content can be recombined via a local Neighbourhood VPNs.
4) Each piece of content itself be encrypted at the URI source, so the service need not hold the keys, to deal with any concerns over end use privacy issues.
5) The subscription aggregation client could incorporate and distribute advertising as a means of paying for hosting the service.
Tortious interference
"The patent offices' decision has no preclusive effect on a court, and there are indeed cases where the patent office made a decision in a re-examination supporting a patent and a court later looked at the same exact issue, disagreed with the PTO, and found the patent invalid,"
Dan Ravicher, PUBPATs executive director and founder ( From Groklaw )
1. Microsoft, as a corporate entity would only need to supply a witness with sufficient relevant knowledge and/or duties relating to the patents....
No. If you name an individual for deposition, then the Judge is not going to look to kindly to Microsoft sending substitute, especially if that substitute did not have anything to do with the patent at the time of filing.
2. Scare tactic, unless you're bringing charges
That statement is pretty rich, given the lack of quality of Microsoft's patents is using against TomTom. However, this scare is not against Microsoft the corporation but the individual's being depositioned. Also your assuming that current administration will not change the USPTO perjury prosecution policy. US SEC prosecutions have laps over the last decade, but many more prosecutions for fraud are now proceeding.
Honestly, I'm not all that interested in seeing small fry Microsoft employees being prosecuted for a federal crime, but a few cases against so called "inventors" of obvious patent would do a lot to start cleaning up the massive multi billion dollar fraud perpetuated against the USPTO.
Ideally we need the USPTO to offer up an amnesty against the named inventors. IF any named inventor has been made aware of or "discovered" that there was existing prior art at the time of patent filing or a named invention was obvious ( Including multiple independent implementations before the patent was full disclosed ) THEN any of the inventors named in the patent should be able contact the USPTO and rescind the patent OR risk possible prosecution.
3. Bob the fat32 intern ...
See answer to #1 above.
4. Client attorney privilege is pretty much regarded as sacred,
Only to the lawyer, not to the client. And the lawyers in question represent Microsoft not the individual client being depositioned. The client is not under any legal obligation not to disclose what Microsoft's lawyers said to him, or any correspondence including any written memos or emails. Microsoft's lawyer's apparently love memos.
Yes, via Publicity increasing TomTom's public profile leading to more sales.
IANAL but IMHO, TomTom's lawyers should:
1) request to deposition all the individual inventors named in the patents;
2) inform the inventors that they should have independent legal representation, since submitting false claims to the USPTO is perjury, a federal crime in the USA;
3) at the deposition really closely grill each inventor over each patent's prior art and obviousness;
4) then ask the inventors what advice Microsoft's patent department and lawyers gave to the inventors regarding each patent's prior art and obviousness ( Lawyer client confidentiality is not necessarily a two way street );
5) start building a case for the disbarment of any of Microsoft's lawyers who gave any advice or prodding to the inventors to ignore existing prior art and obviousness;
6) re-write many Microsoft's patent claims in technical English ( removing legal patent jargon ) and publish the result;
7) put out a call to the technical community for written and signed statements regarding the obvious nature of the patent claims;
8) fully publicise the outcomes of steps 1-7.
When Microsoft sold Xenix to the Santa Cruz Operation ( Not the current SCO Group ), wasn't there a Non-compete clause in the agreement? I thought that Microsoft was not allowed to sell any Unix based operating system - and that would include any NetBSD derivative.
So the RIAA is already paying a foreign company to spy on Americans internet usage in the USA? Isn't that in violation of some state or federal privacy/computer intrusion legislation?
Vista:SIX Unpatched which for Microsoft means ONLY the operating system, If ,like Ubuntu, you included Microsoft's Office suite , Browser (IE7 has 6 Unpatched ), Email, servers ( SQL Server 7 has two Unpatched ) and other software vulnerabilities it would be a lot more.
And while The most severe unpatched Secunia advisory affecting Microsoft Windows Vista, with all vendor patches applied, is rated Less critical The most severe unpatched Secunia advisory affecting Microsoft Internet Explorer 7.x, with all vendor patches applied, is rated Moderately critical and The most severe unpatched Secunia advisory affecting Microsoft SQL Server 7, with all vendor patches applied, is rated Highly critical.
In Vista, for example, that include SIX unpatched vulnerabilities that include information disclosure, denial of service and escalation of privilege ( the latter disclosed just under seven months ago 2008-04-18 ).
Microsoft's most widely deployed platform and applications have not been secured.
The XP platform has still has 32 unpatched vulnerabilities,
The latest version of Internet Explorer still has 9 unpatched vulnerabilities,
and Outlook 2003 ( the most widely deployed business version of Outlook ) still has one outstanding unpatched vulnerability ( known since 2004-07-12 ).
Microsoft Office 2003, still the most widely deployed version of Office, has four outstanding vulnerabilities which put the desktop at high risk of being infected.
Even Microsoft's flagship product Vista has Six unpatched vulnerabilities.
These are all unpatched widely known vulnerabilities, and are only the ones in Microsoft's own product. Consider all the third party vulnerabilities, in downloadable codecs for example, that the design of Microsoft's platforms makes it so easy for crackers to exploit.
In comparison, all of the major Linux based distros have an excellent record of closing known vulnerabilities within days if not hours, before the holes get a chance to be exploited. Also SELinux is becoming more widely deployed to secure applications against such threats..At least with Linux there are existing concrete mechanisms in place ( Vulnerability and threat mitigation features in Red Hat Enterprise Linux and Fedora ), and currently deployable ( Writing policy for confined SELinux users ) to provide a locked down secured environment for Linux desktop users inside an organization.
Also from a more abstract point of view, read Increased security through open source.
If your using the Microsoft platform, then your abetting the people deploying botnets.
What now? Let me tell you what now. IBM will call a coupla hard, case-hittin' lawyers, who'll go to work on the trolls here with a combination of prior art and counter suits.
It's a slippery slope that will eventually lead to something like this.
Also from a more abstract point of view, read Increased security through open source.
Corrected link for Outlook: System access, From remote, Unpatched, Known since 2004-07-12.
See Fact, Fact and more Facts.
Those Large corporate companies rely on anti-virus products to protect Microsoft OS desktops. There is no equivalent Linux plague of viruses in the wild to be concerned about. Even the threat to MacOSX based desktops systems is minute in comparison to the Millions of Microsoft-targeting virus out in the wild.
Microsoft's most widely deployed platform and applications have not been secured. The XP platform has still has 30 unpatched vulnerabilities, the latest version of Internet Explorer still has 10 unpatched vulnerabilities, and Outlook 2003 ( the most widely deployed business version of Outlook ) still has one vulnerability outstanding from . Microsoft Office 2003, still the most widely deployed version of Office, has four outstanding vulnerabilities which put the desktop at high risk of being infected. These are all unpatched widely known vulnerabilities, and are only the ones in Microsoft's own product, not to mention all the third party vulnerabilities, in downloadable codecs for example, that the design of Microsoft's platforms makes it so easy for crackers to exploit.
In comparison, all of the major Linux based distros have an excellent record of closing known vulnerabilities within days if not hours, before the holes get a chance to be exploited. Also SELinux is becoming more widely deployed to secure applications against such threats.
Fact: Using a Microsoft based desktop put you a far high risk of being hack than either a Linux or Mac based desktop.