If you don't have a patent license for anything they have patents on, if you fork it, you can still be held actionable under the GPLv2 licensing grant- they can still sue you over that until in re Bilski gets set in stone by the SCOTUS- and even then, it'd only apply in the US. If there's a jurisdiction that allows software patents (Somewhere in Asia, I suspect, as the EU still holds that sort of stuff unpatentable...) you'd still be actionable in the same manner as you might find yourself now.
In my sig, I do not claim I do not owe taxes- in no way is that claim in my sig indicating that this is the case. In fact, I ended up finally paying the back taxes owed during the dot-com bust back with my 2007 returns. I take quite a bit of umbrage at you insinuating that with what I claim there is about taxes. It's actually quite telling and part of the reason I put it there in the first place.
What I do claim in that line is that those in government and business should quit treating me as "just a taxpayer" or "just a consumer"- which is what they are all doing (Even with the current US Administration and Government... Change I can believe in...largely more of the same...).
I'm a Citizen of a specific State, and the State and the Federal Government are answerable to me for what they do. I'm not just a money source and an occasional source for votes.
I'm your customer if you're a business- consumers just take what they're given and they should enjoy the privilege. As a customer, you have to convince me to take on your products and services and I'm just as likely as not to turn my back on you if you do something stupid (RIAA members, for example...) and find other sources or do without.
Heh... Where in all of that (Or my sig, for all that matter...) comes what you came up with? There ISN'T anything of the sort and you assumed something. But, hey, I guess I shouldn't be upset...this is/. after all; where lack of critical thinking and understanding of your rights passes for the opposite all the time.
Apparently, in the UK, you can, according to the NPG. You'll note I said "apparently", as I'm not wholly sure what is and isn't applicable. If it does apply with UK Copyright, it's one less place I guess I'll visit when I'm over there.
It's liable to be just blobs for the SGX530 stuff- there is NO info that is not explicitly under NDA on the programming on that core right at the moment. There's an RE effort going on with a few people on the OpenPandora boards, but it's not complete yet.
The only ones that aren't are the ones they supply with select Atom based machines. The GMA500 isn't an Intel part, but an SGX-53X series part from Imagination Technologies (PowerVR part...).
You wouldn't steal data. You wouldn't be "singling them out" for direct attack. You would, though, leave things that would instill terror behind that looked for these passports.
The video's bogus (It looks too smoke and mirrors for them to have actually DONE the exploit they're talking to...), but the risk is actually very real- especially considering that it'd only cost $500 above the cost of the explosives to set up a car-bomb or similar that wouldn't go off until it saw an American passport that way. And if you get the passport cards, you don't even have the RFID "shield" they've developed for the regular passports.
The only problem I have is that while Flexilis may have a good point, the video you linked to is rubbish as far as proving their point. It could just as easily have been a rigged thing for their "demo". They needed to show things just a bit better than that- it's all smoke and mirrors with it as it is now.
The biggest problem with this thinking is that the experts eventually sell the tech to the script kiddies to gain maximal value from the exploit. So, in this case, you have the worst of both worlds- they use it over a longer period of time AND then you have a lot of clueless script kiddies doing it over a medium period of time before the companies get pressured into fixing the damn thing in the first place.
Security through obscurity is NOT an answer- as you pointed out, they typically don't fix it if they can help it.:-D
Actually, they HAD time to fix it. It still is highly problematic- but the big problem with all this thinking that bars people from disclosing this stuff at the stage it's at right now is the highly flawed thinking that disclosing a vulnerability discloses it to potential attackers which will use it.
It's a bad thing to think the bad guys don't already know what you're showing off and presume that they're not doing it. Depending on the hack, they may be prepping for it or already screwing you over with it and you just don't know it yet. If a white/grey hat found it, I can assure you a black hat either has already found it or will shortly.
The position is pretty explicit. The past law was such that if it were a business process or describing an algorithm in the traditional sense (the bulk of software patents do this...) then it wasn't patentable- same goes for that which resides in nature. Bilski puts it back to where it was prior to all the fun and games when it was thought that it was a "good idea" to allow patenting damned near anything. It's not throwing the baby out with the bath water- it's fixing part of what's been broken for a while now.
Heh... You'd have to be well heeled to promulgate either a SJ procedure on the subject or the defense of an infringement case against you, violating their patents.
Keep in mind, though... The court system doesn't work the way you think it does and the MPEG-LA patents are conveniently for us something that can be implemented on a PC. They're really intended for dedicated hardware which passes the Bilski litmus test. It makes for a difficult call there and I wouldn't want to be the one to gamble on that decision. I'd go gunning for other stuff that's dead certain to cause woe, may have caused it in the recent past, is definitely something that would be invalidated by Bilski, and would delight many people to see that one get nuked so they can quit paying a certain corporation royalties on their nifty consumer electronics devices like GPS systems, cameras, etc.
Unfortunately, many of the filings should never have been granted on the basis that they fail on 2 and/or 4 in most cases with the software patents out. I've had the misfortune of having to read through some of the most atrocious things, including stuff referred to in initial refusals from patent examiners.
We're talking things like Amazon's One-Click patent atrocious here.
I'm hoping in re Bilski will withstand SCOTUS review or they deny cert on it for the appeal- and then we see a LOT more decisions like this one. It'd take the wind out of the sabre rattling over there in Redmond and then we can quit bickering about Mono (Even with their "new" MCP, it's not a good thing as it has entirely too many loopholes for words- give us a PATENT license guys!) and we can quit worrying about things like VFAT.
That's how NTTA, HCTRA, and TxDOT is running it right at the moment, but nobody's been in a position that it would be worth the trouble to run the defense up the flagpole. It's cheaper to pay the toll in question and go on. Seriously.
Heh... Why run the toll booth anyhow? It's cheaper to go get a pre-paid TxTag or to get a TollTag than to run the booths or do ZipCash- by about 30% now, and 45% soon...
Actually, they could adopt DirectFB and gain most of what they're needing for ChromeOS. It has a simpler acceleration framework, already has example drivers, and works precisely as needed for that application- and it wouldn't be too hard for someone to come up with drivers for select GPUs as needed. Moreover, you can layer X11 back on top of it later and do it nicely.
It would require more resources than keeping xorg, yes. But a ton more...nope. And the "little gain" is somewhat debatable as well.
X11 isn't GPU intensive. It's not even really RAM intensive.
It is, however, more complicated than needs be for an embedded device type application as it's network centric and all that comes with being a client/server system.
You'd have a clash with the provider of the original code- which DOES have patents on the algorithms in question and licensed them out to the FOSS community for that purpose.
There's been a vetting of what's there and there's not been deemed any sorts of conflict that might occur- at least not any more likely than using h.264 or MPEG4 would provide as a risk once you get the licenses for use on those.
Typically, if they have an MBX or SGX Core on the SoC, they have a multimedia DSP capable of the task. You only use the hardware provided on the GPUs because the vendors have asked for it and there's nothing like the DaVinci that's typically included as a coprocessor like the GPUs on PC's.
I guess that is the fear. We assume that vital systems are not only "hardened" but that they have a robust backup/restore plan. State systems that deliver vital services are a really good example where you'd assume everyone would be fired and start from scratch if auditors found there was no backup/restore plan in place. It might be a matter of degree that we're talking about here. Does every vital system need a cold site that can be made hot with yesterday's data within 12 hours? Maybe.
Unlikely.
It's because it's actually "too expensive" to make that sort of plan implemented- most of this stuff is secured only to about 1/4-1/2 of the cost incurred by a complete loss of the system in terms of security. Most of the measures would be roughly 2/3rds to two times the cost of the lost in many cases and therefore would be viewed as insane by the people responsible for the system. Now, keep in mind, the assessments are based off of THEIR loss, not the overall cost of the devastation. So, if you're worrying about only losing a million or so on a refinery (hypothetical cost, it's a lot more...) you will typically see a company only pour about 250-500k maximum (typically a lot less...they often go, "what are the odds..." on some of this stuff.) because that's the liability they're facing and they've done "due diligence" as far as they are concerned on things- why spend more than the loss will cost you directly? This doesn't get into the collateral damage from some of this going wrong because they are typically removed in many cases from the liability of that damage.
In most cases, there won't be the things you talk to in place.
I'd have to concur- and this doesn't even get into the problems with the infrastructure that we're looking at.
I won't say things like "Cyber Perl Harbor" (Geez... The Hype is completely over the top on that one...) but there really IS a serious problem with some of the things in that space and it's much more of one than the people calling this stuff "annoyance" attacks and the like.
Agreed - the likelihood of a "fire sale" scenario is very minimal, but the odds for any given individual getting caught up in a specific attack on a "soft target" such as in the TJ Maxx case are about 1:1. I have already been involved in 3 - one of those incidents put a coworker in the sights of an identity thief.
Indeed. In fact, there's quite a few soft-target attacks that're possible that people just don't give thought to that can really cause a lot of havok.
Moreover, there's a few hard-target risks that really DO exist out there that aren't getting anywhere near the attention that they need to get. While the doom and gloom prophets ARE hyping things up, there ARE things that're being left unguarded that ought not to be and could be something that CAN bring about a vast amount more damage than the gainsayers will tell you about or even realize themselves.
Slashdot Mirror
If you don't have a patent license for anything they have patents on, if you fork it, you can still be held actionable under the GPLv2 licensing grant- they can still sue you over that until in re Bilski gets set in stone by the SCOTUS- and even then, it'd only apply in the US. If there's a jurisdiction that allows software patents (Somewhere in Asia, I suspect, as the EU still holds that sort of stuff unpatentable...) you'd still be actionable in the same manner as you might find yourself now.
No, he's just doing the /. exercise program. Jumping to conclusions is quite good exercise you know... ;-)
Excuse me...
In my sig, I do not claim I do not owe taxes- in no way is that claim in my sig indicating that this is the case. In fact, I ended up finally paying the back taxes owed during the dot-com bust back with my 2007 returns. I take quite a bit of umbrage at you insinuating that with what I claim there is about taxes. It's actually quite telling and part of the reason I put it there in the first place.
What I do claim in that line is that those in government and business should quit treating me as "just a taxpayer" or "just a consumer"- which is what they are all doing (Even with the current US Administration and Government... Change I can believe in...largely more of the same...).
I'm a Citizen of a specific State, and the State and the Federal Government are answerable to me for what they do. I'm not just a money source and an occasional source for votes.
I'm your customer if you're a business- consumers just take what they're given and they should enjoy the privilege. As a customer, you have to convince me to take on your products and services and I'm just as likely as not to turn my back on you if you do something stupid (RIAA members, for example...) and find other sources or do without.
Heh... Where in all of that (Or my sig, for all that matter...) comes what you came up with? There ISN'T anything of the sort and you assumed something. But, hey, I guess I shouldn't be upset...this is /. after all; where lack of critical thinking and understanding of your rights passes for the opposite all the time.
Nooooobody expects the Spanish Inquisition!
Apparently, in the UK, you can, according to the NPG. You'll note I said "apparently", as I'm not wholly sure what is and isn't applicable. If it does apply with UK Copyright, it's one less place I guess I'll visit when I'm over there.
They're not misinformed, but they're trying to misinform because they want everything to be controlled.
And I do love the irony in it all that Cory pointed out.
It's liable to be just blobs for the SGX530 stuff- there is NO info that is not explicitly under NDA on the programming on that core right at the moment. There's an RE effort going on with a few people on the OpenPandora boards, but it's not complete yet.
The only ones that aren't are the ones they supply with select Atom based machines. The GMA500 isn't an Intel part, but an SGX-53X series part from Imagination Technologies (PowerVR part...).
I wouldn't say far fetched.
You wouldn't steal data. You wouldn't be "singling them out" for direct attack. You would, though, leave things that would instill terror behind that looked for these passports.
The video's bogus (It looks too smoke and mirrors for them to have actually DONE the exploit they're talking to...), but the risk is actually very real- especially considering that it'd only cost $500 above the cost of the explosives to set up a car-bomb or similar that wouldn't go off until it saw an American passport that way. And if you get the passport cards, you don't even have the RFID "shield" they've developed for the regular passports.
The only problem I have is that while Flexilis may have a good point, the video you linked to is rubbish as far as proving their point. It could just as easily have been a rigged thing for their "demo". They needed to show things just a bit better than that- it's all smoke and mirrors with it as it is now.
Good analogy- so it's not in keeping with the "proper, slashdot analogy" thinking.
You have to do a **BAD** car analogy for it to be that.
The biggest problem with this thinking is that the experts eventually sell the tech to the script kiddies to gain maximal value from the exploit. So, in this case, you have the worst of both worlds- they use it over a longer period of time AND then you have a lot of clueless script kiddies doing it over a medium period of time before the companies get pressured into fixing the damn thing in the first place.
Security through obscurity is NOT an answer- as you pointed out, they typically don't fix it if they can help it. :-D
Actually, they HAD time to fix it. It still is highly problematic- but the big problem with all this thinking that bars people from disclosing this stuff at the stage it's at right now is the highly flawed thinking that disclosing a vulnerability discloses it to potential attackers which will use it.
It's a bad thing to think the bad guys don't already know what you're showing off and presume that they're not doing it. Depending on the hack, they may be prepping for it or already screwing you over with it and you just don't know it yet. If a white/grey hat found it, I can assure you a black hat either has already found it or will shortly.
It is quite unsurprising, really. We see the same thing going on in the SCADA security space. The book, Hacking Scada: Industrial Network Security From the Mind of the Attacker , has been held up for at least a year past it's original planned publication date for similar thinking.
The position is pretty explicit. The past law was such that if it were a business process or describing an algorithm in the traditional sense (the bulk of software patents do this...) then it wasn't patentable- same goes for that which resides in nature. Bilski puts it back to where it was prior to all the fun and games when it was thought that it was a "good idea" to allow patenting damned near anything. It's not throwing the baby out with the bath water- it's fixing part of what's been broken for a while now.
Heh... You'd have to be well heeled to promulgate either a SJ procedure on the subject or the defense of an infringement case against you, violating their patents.
Keep in mind, though... The court system doesn't work the way you think it does and the MPEG-LA patents are conveniently for us something that can be implemented on a PC. They're really intended for dedicated hardware which passes the Bilski litmus test. It makes for a difficult call there and I wouldn't want to be the one to gamble on that decision. I'd go gunning for other stuff that's dead certain to cause woe, may have caused it in the recent past, is definitely something that would be invalidated by Bilski, and would delight many people to see that one get nuked so they can quit paying a certain corporation royalties on their nifty consumer electronics devices like GPS systems, cameras, etc.
Unfortunately, many of the filings should never have been granted on the basis that they fail on 2 and/or 4 in most cases with the software patents out. I've had the misfortune of having to read through some of the most atrocious things, including stuff referred to in initial refusals from patent examiners.
We're talking things like Amazon's One-Click patent atrocious here.
I'm hoping in re Bilski will withstand SCOTUS review or they deny cert on it for the appeal- and then we see a LOT more decisions like this one. It'd take the wind out of the sabre rattling over there in Redmond and then we can quit bickering about Mono (Even with their "new" MCP, it's not a good thing as it has entirely too many loopholes for words- give us a PATENT license guys!) and we can quit worrying about things like VFAT.
That's how NTTA, HCTRA, and TxDOT is running it right at the moment, but nobody's been in a position that it would be worth the trouble to run the defense up the flagpole. It's cheaper to pay the toll in question and go on. Seriously.
Heh... Why run the toll booth anyhow? It's cheaper to go get a pre-paid TxTag or to get a TollTag than to run the booths or do ZipCash- by about 30% now, and 45% soon...
Actually, they could adopt DirectFB and gain most of what they're needing for ChromeOS. It has a simpler acceleration framework, already has example drivers, and works precisely as needed for that application- and it wouldn't be too hard for someone to come up with drivers for select GPUs as needed. Moreover, you can layer X11 back on top of it later and do it nicely.
It would require more resources than keeping xorg, yes. But a ton more...nope. And the "little gain" is somewhat debatable as well.
X11 isn't GPU intensive. It's not even really RAM intensive.
It is, however, more complicated than needs be for an embedded device type application as it's network centric and all that comes with being a client/server system.
You'd have a clash with the provider of the original code- which DOES have patents on the algorithms in question and licensed them out to the FOSS community for that purpose.
There's been a vetting of what's there and there's not been deemed any sorts of conflict that might occur- at least not any more likely than using h.264 or MPEG4 would provide as a risk once you get the licenses for use on those.
Typically, if they have an MBX or SGX Core on the SoC, they have a multimedia DSP capable of the task. You only use the hardware provided on the GPUs because the vendors have asked for it and there's nothing like the DaVinci that's typically included as a coprocessor like the GPUs on PC's.
Unlikely.
It's because it's actually "too expensive" to make that sort of plan implemented- most of this stuff is secured only to about 1/4-1/2 of the cost incurred by a complete loss of the system in terms of security. Most of the measures would be roughly 2/3rds to two times the cost of the lost in many cases and therefore would be viewed as insane by the people responsible for the system. Now, keep in mind, the assessments are based off of THEIR loss, not the overall cost of the devastation. So, if you're worrying about only losing a million or so on a refinery (hypothetical cost, it's a lot more...) you will typically see a company only pour about 250-500k maximum (typically a lot less...they often go, "what are the odds..." on some of this stuff.) because that's the liability they're facing and they've done "due diligence" as far as they are concerned on things- why spend more than the loss will cost you directly? This doesn't get into the collateral damage from some of this going wrong because they are typically removed in many cases from the liability of that damage.
In most cases, there won't be the things you talk to in place.
I'd have to concur- and this doesn't even get into the problems with the infrastructure that we're looking at.
I won't say things like "Cyber Perl Harbor" (Geez... The Hype is completely over the top on that one...) but there really IS a serious problem with some of the things in that space and it's much more of one than the people calling this stuff "annoyance" attacks and the like.
Indeed. In fact, there's quite a few soft-target attacks that're possible that people just don't give thought to that can really cause a lot of havok.
Moreover, there's a few hard-target risks that really DO exist out there that aren't getting anywhere near the attention that they need to get. While the doom and gloom prophets ARE hyping things up, there ARE things that're being left unguarded that ought not to be and could be something that CAN bring about a vast amount more damage than the gainsayers will tell you about or even realize themselves.