I was with Apple through the late 90's. Yes, that was an era of leaks -- but more often than not, they came from up top, not from the folks down in the trenches.
What was the difference? If I or a colleague said anything, it was a leak, and we'd be fried. But if someone on top said something, well, that was strategic.
Really? Are they being targeted, or are they seeing the same crap everyone else does?
I track probes coming into my home router. I usually see hundreds of probes per day with IP addresses in China banging on the usual ports (7212, 9090, 1026, 1027) as well as the ports do jour (55657). Some of these Chinese IP addresses I've been seeing for a year or more. Go to a site like http:..isc.sans.org/ and look at the stats for the 221.208.x.x block. 221.192.x.x seems to be popular these days as well.
Depending on what kind of outward facing net presence they have, 70k probes per day doesn't seem to be out of the ordinary based on the usual network scanning that goes on.
Activity Type Code Desc: PROGRESS COMMENTS Activity Type Code: PROG
OTDR readings were taken by AT&T West and a cut was located 1600 ft from the San Jose, CA central office. AT&T West technicians are onsite working to isolate the exact location of the cut. There are 4 cables impacted. AT&T Mobility has 61 GSM and 45 co-located UMTS sites out of service off of Santa Clara Base Station Controllers 15 & 23, and Santa Clara Radio Network Controller 4. E911 has 52 Location Measuring Units down. The AT&T West Santa Cruz 11 central office (41,803 ATNs) is experiencing an SS7 isolation and the San Martin central office (11,904 ATNs) lost it's umbilical and is isolated at this time. The Bailey remote site (4,973 ATNs) is also isolated. Scott's Valley has 3 out of 4 SS7 links down. The Santa Cruz 01, Aptos, Scott's Valley, Felton, Boulder Creek, Ben Lomand, San Jose 11, San Jose 13, San Jose 21 central offices have trunks impacted such that all lines are busy and incoming calls are receiving trouble messages. The Santa Cruz County SO (178,040 ATNs), Scott's Valley PD (12,007 ATNs) and the UC Santa Cruz PD (14,909 ATNs) are all without ALI at this time. The Gilroy PD PSAP and the Morgan Hill PD and CDF have been rerouted with ALI/ANI. The Felton CDF has not been rerouted. There are 17 DSLAMS and 4 ATMS out of service impacting DSL service. There are 3 SMDI Links down impacting voicemail service. Verizon's Morgan Hill and Gilroy central offices are currently isolated. There have been 224,865 blocked calls.
(1) controlling cell signals in prisons or other controlled access facilities is a discrete issue. Faraday cages, micro-cells, and how about making everything pass through microwave fields strong enough to fry anything more complex than a flashlight?
(2) jamming cell phones on the fly to prevent what Schneier calls movie-plot threats. Talk to an Old Crow... In addition to all the issues brought up already, such as interfering with legitimate and probably life-saving communications, do these people actually believe that they can increase security by denying use of an infinitesimally small sliver of the RF spectrum? What about... 27 and 49 MHz for radio controlled gadgets? 300 for garage door openers? All the ham bands? Any other frequency someone cares to build a tx-rx pair for?
Oh, and if your jammer has an identifiable signature, guess what? Look at the history of anti-radiation missiles.
Okay, I'll just blanket the whole spectrum (fat chance)... Then it's a dead-man switch, set to trigger when the comm link goes down.
The little Apex 502 is one of the few coupon eligible converters with S-video out.
If you have a TV or monitor with S-Video inputs, you'll get a better picture than using RS170 composite video (and much better than CH3/4 RF)
I worked for an investigator at the Uni many moons ago who was too damn cheap to use disposable gel electrodes, or even to use conductive gel or paste -- he insisted on using 30 gauge needle electrodes instead. Think acupuncture needles with wires connected to them.
Scared off many an experimental "subject" -- mostly Intro to Psych students who were required to "volunteer" for a certain number of hours of experiments to pass the class. That makes them cheaper than lab rats -- you have to feed the rats and clean their cages. Intro to Psych students are supposed to feed and clean themselves. Well, usually feed...
...And that's why in the next breath I said the administrator of the program should have the discretionary ability to pay out awards to non- or ex- employees!
I'm a patent attorney in Silicon Valley, and have worked with, under, and around a number of different schemes.
This isn't legal advice -- these are my opinions -- if you want legal advice, go buy some.
It is common to condition payment of filing awards on the signing of the declaration, oath, and assignment by the inventor -- the company doesn't pay until the inventor has signed.
Some also condition payment on being an employee at the time of the event -- filing the patent, issue date of the patent. That way you don't have the obligation to pay departed employees. But having said that, whoever is running the scheme should have the discretion to pay out equal amounts to ex- and non- employees when named on filed and/or issued patents. You get more interest and attention that way.
Another common approach is to pay $N per inventor for up to 4 named inventors, and for N>4 to pay each inventor $4N/k where k is the number of inventors.
Some places pay on disclosure submission. If you decide to do that, pay on *accepted* disclosures, not everything that gets thrown over the wall. While you want lots of disclosures, you don't want a lot of crap.
Decide at the outset *when* you're going to pay inventors -- some pay and present quarterly with great fanfare. My opinion is that significantly decouples the desired behaviour from reward. I much prefer having a system where things get filed, I send a note to payroll, and the $$ automagically appears in people's next paychecks. That system also minimizes the chances of people dropping through the cracks over a quarter. Yeah, have quarterly or annual beer bashes where you honor inventors as well, but don't hold up the money!
Oh, as part of that whole deal, work out with your finance types which department pays for awards -- my feeling is that it should follow who pays for filing, prosecution, issuance, and maintenance costs. If the division/group (hardware, let's say) pays for filing and prosecution, they should pay for awards. On the other hand, if filing and prosecution gets billed to G&A (corporate overhead) then awards should follow. Doing it that way puts awards costs into the entire life-cycle costs of a patent filing.
How, I wonder, are normal folks going to know how much they're using?
As a geek, between the squid in the closet, and cacti, I can figure out how much bandwidth we're using.
But normal folks? Not a chance!
Correct, and the (more public) stance both court and plaintiff are taking now (post-TRO) would seem to indicate that both f*cked up in spades, and are actually beginning to appreciate that -- plaintiff by not thinking things through and actually talking to someone who could understand and explain the technical aspects of things, and the court for believing the plaintiff.
As pointed out, the purpose of a TRO is (was) to *temporarily* freeze the situation until the court can be briefed fully, and make a more reasoned decision.
But we're running on Internet time now, and Plaintiff did what defendant couldn't have done, which was to disseminate even more information to a wider forum, and generate orders of magnitude more interest in this information than defendant could have done on their own...
The other thing plaintiffs did in this action -- going for a TRO takes cojones, and a good reputation with the court. As plaintiff, you're going to the court asking them to act preemptively -- to restrain someone who has not yet acted. If the court doesn't believe you, they'll say, "Nah, if you're damaged, you can bring suit." Here, plaintiffs not only didn't understand the situation, but in their filings, they did orders of magnitude more damage to themselves than the action they got the court to enjoin.
Courts and judges tend to have long memories -- and in this case, they'll most likely remember that these guys were bozos, and evaluate their arguments accordingly.
I went through the Green Plug website. Could this technology help a particular company with their family of products?
No information on power levels -- I could really use some information in I and V ranges. I could use some basic information about protocols. Is it designed for intermittent use, like charging, or can I design my widget to use one of these for full time operation?
I'd rate the website +5 for marketing speak and -200 for lack of technical detail that could give interested technical folks some basic information to decide whether to take this to the next level.
A lot of ham radio operators set up separate 12vdc systems for powering radios and other emergency equipment. 12v deep cycle batteries plus ways of charging them -- solar panels and a solar charge controller, ac chargers, and a handful of diodes and maybe some relays so the ac operated charger only runs when needed (and there's no solar power available). Such systems are fairly simple and robust.
This is going to be interesting. Section 337 actions are brought in rem, so success in this action could result in an exclusion order against any product incorporating or including the infringing device. That's lots of stuff! Section 337 actions are also fast, furious, and expensive!
A 1/8 inch high-speed drill bit in the drill press does wonders. Punch through the top cover, platters, base, circuit board. Repeat in a second location if desired. Quick and effective, particularly on glass platters (and the sticker on the drive says "rattling noise is normal").
Virgin Mobile, phones available at Target or Best Buy, starting at around $20 for a phone that doesn't have a camera, mp3 player, or corkscrew. Just a phone.
A long time ago, when computers remembered using little donuts made of rust, I worked on on a mainframe computer system (CP/V) that supported batch, timesharing, realtime, the works. It had performance monitoring tools, and a large basketload of parameters for sys admins to twiddle.
One of our favorite parameters was SL:BB, documented as batch bias, an input to the process scheduler. When someone called or wrote to us saying they were having problems with performance tuning, we usually suggested they redo their tests varying the setting of SL:BB and let us know what happened. Try different values, 0, 1, 5, 20, 50, 100, things like that. Try it and get back to us.
And lo, they would go off and redo performance runs, and report back.
And we would collect their results and go and muse over them, usually over beer.
SL:BB told us a lot about the user, because SL:BB was a knob that wasn't connected to anything. Oh, the value was range-checked by the parameter setting tool, and dutifully stored in memory, and displayed on performance displays, but it didn't change system performance in any way at all.
That's not what the documentation said, but who believes documentation? We had plans for SL:BB, we just hadn't gotten around to writing the code yet.
So if the user reported that setting SL:BB to 25, but not 24 or 26 gave them incredibly better (or worse) results, we definitely factored that into our analysis.
Those that reported back that the setting of SL:BB didn't make a damn bit of difference, and there were some, we honored as brothers, took into our confidences, and shared beer with at the soonest opportunity. Their bug reports and feature requests received far more attention, for they had passed an important test.
And how many of these Firefox parameters are like SL:BB?
...based on download counts from Micro$oft, right? Ignore the fact that IE7 is forced on (most) users; it's more popular than Sasser!
What do people want? Most people want content, not features. 35gb, 50gb, red, blue, purple doesn't matter if the movie the kid down the street wants isn't available. We'll know which side has won when the major studios release their blockbusters on only that format. I think it may be a while yet -- (standard) DVDs have only recently beaten VHS.
The early S-100 systems (Altair, Imsai, Poly, Northstar) used linear supplies and ran unregulated DC on the S-100 bus. Most designers aimed for +8 to +9 volts to feed the onboard +5 volt regulators (and the3 volt or so headroom for 7805 regulators). Can't think of any that ran high current AC on the bus. Some systems, such as the Poly, ran a squared-up 60 HZ signal for real-time clocks.
The heat losses in S-100 on-card linear regulators were immense! That and the weight of the (linear) transformers helped make the Apple ][, with its switching power supply, so popular (I still have an old Poly power transformer; makes a great doorstop).
Some mainframe computers used the scheme mentioned by others -- polyphase high-frequency AC distribution. High frequency (think 800 Hz) power transformers are small and efficient; that's why switching supplies run at high frequencies (in the hundreds of KHz range).
Efficiency is not only about wasting less power, it's about generating less heat!
Look at it as local control vs. remote. If I have the application and the data on my local machine, what do I care if another company gets an injunction against the manufacturer of something? I can still do what I need to do.
But if things are remote -- Blackberry, remote storage, remote applications such as SaaS are examples -- then I'm far more vulnerable.
Not just to injunctions shutting down the service, "upgrades" that go wonky, but to idiots with backhoes!
It comes down to that risk - benefit analysis. Am I willing to risk having key parts of my infrastructure in the hands of someone else, or do I want it local, where I can see it (and screw it up myself, but that's another part of the equation).
Do I want to put myself in the position where someone can say, "Sorry, you don't have permission to open that document any more."
Nope, I want things where I can see them. Remote backup is another story, but I want the primaries under my control.
And saying this is another death-blow to OSS is just more FUD.
Of course if you deal with M$ and look at their confidentiality/nondisclosure agreements, they specifically reserve residual rights -- so they're complaining about an ex-employee possibly doing what they explicitly say they're going to do to others.
Slashdot Mirror
I keep company information on my personal laptop. It's in a TrueCrypt partition.
That keeps company information:
(1) Segregated from everything else
(2) Secured, as it's in an encrypted partition
I do the same with some of my own personal information. Makes things easy to manage.
What was the difference? If I or a colleague said anything, it was a leak, and we'd be fried. But if someone on top said something, well, that was strategic.
See the difference?
Really? Are they being targeted, or are they seeing the same crap everyone else does?
I track probes coming into my home router. I usually see hundreds of probes per day with IP addresses in China banging on the usual ports (7212, 9090, 1026, 1027) as well as the ports do jour (55657). Some of these Chinese IP addresses I've been seeing for a year or more. Go to a site like http:..isc.sans.org/ and look at the stats for the 221.208.x.x block. 221.192.x.x seems to be popular these days as well.
Depending on what kind of outward facing net presence they have, 70k probes per day doesn't seem to be out of the ordinary based on the usual network scanning that goes on.
Activity Type Code Desc: PROGRESS COMMENTS
Activity Type Code: PROG
OTDR readings were taken by AT&T West and a cut was located 1600 ft from
the San Jose, CA central office. AT&T West technicians are onsite
working to isolate the exact location of the cut. There are 4 cables
impacted. AT&T Mobility has 61 GSM and 45 co-located UMTS sites out of
service off of Santa Clara Base Station Controllers 15 & 23, and Santa
Clara Radio Network Controller 4. E911 has 52 Location Measuring Units
down. The AT&T West Santa Cruz 11 central office (41,803 ATNs) is
experiencing an SS7 isolation and the San Martin central office (11,904
ATNs) lost it's umbilical and is isolated at this time. The Bailey
remote site (4,973 ATNs) is also isolated. Scott's Valley has 3 out of 4
SS7 links down. The Santa Cruz 01, Aptos, Scott's Valley, Felton,
Boulder Creek, Ben Lomand, San Jose 11, San Jose 13, San Jose 21 central
offices have trunks impacted such that all lines are busy and incoming
calls are receiving trouble messages. The Santa Cruz County SO (178,040
ATNs), Scott's Valley PD (12,007 ATNs) and the UC Santa Cruz PD (14,909
ATNs) are all without ALI at this time. The Gilroy PD PSAP and the
Morgan Hill PD and CDF have been rerouted with ALI/ANI. The Felton CDF
has not been rerouted. There are 17 DSLAMS and 4 ATMS out of service
impacting DSL service. There are 3 SMDI Links down impacting voicemail
service. Verizon's Morgan Hill and Gilroy central offices are currently
isolated. There have been 224,865 blocked calls.
So wrong in so many ways --
(1) controlling cell signals in prisons or other controlled access facilities is a discrete issue. Faraday cages, micro-cells, and how about making everything pass through microwave fields strong enough to fry anything more complex than a flashlight?
(2) jamming cell phones on the fly to prevent what Schneier calls movie-plot threats. Talk to an Old Crow... In addition to all the issues brought up already, such as interfering with legitimate and probably life-saving communications, do these people actually believe that they can increase security by denying use of an infinitesimally small sliver of the RF spectrum? What about... 27 and 49 MHz for radio controlled gadgets? 300 for garage door openers? All the ham bands? Any other frequency someone cares to build a tx-rx pair for?
Oh, and if your jammer has an identifiable signature, guess what? Look at the history of anti-radiation missiles.
Okay, I'll just blanket the whole spectrum (fat chance)... Then it's a dead-man switch, set to trigger when the comm link goes down.
Another movie-plot deal.
Dumb.
The little Apex 502 is one of the few coupon eligible converters with S-video out.
If you have a TV or monitor with S-Video inputs, you'll get a better picture than using RS170 composite video (and much better than CH3/4 RF)
I worked for an investigator at the Uni many moons ago who was too damn cheap to use disposable gel electrodes, or even to use conductive gel or paste -- he insisted on using 30 gauge needle electrodes instead. Think acupuncture needles with wires connected to them.
Scared off many an experimental "subject" -- mostly Intro to Psych students who were required to "volunteer" for a certain number of hours of experiments to pass the class. That makes them cheaper than lab rats -- you have to feed the rats and clean their cages. Intro to Psych students are supposed to feed and clean themselves. Well, usually feed...
...And that's why in the next breath I said the administrator of the program should have the discretionary ability to pay out awards to non- or ex- employees!
I'm a patent attorney in Silicon Valley, and have worked with, under, and around a number of different schemes.
This isn't legal advice -- these are my opinions -- if you want legal advice, go buy some.
It is common to condition payment of filing awards on the signing of the declaration, oath, and assignment by the inventor -- the company doesn't pay until the inventor has signed.
Some also condition payment on being an employee at the time of the event -- filing the patent, issue date of the patent. That way you don't have the obligation to pay departed employees. But having said that, whoever is running the scheme should have the discretion to pay out equal amounts to ex- and non- employees when named on filed and/or issued patents. You get more interest and attention that way.
Another common approach is to pay $N per inventor for up to 4 named inventors, and for N>4 to pay each inventor $4N/k where k is the number of inventors.
Some places pay on disclosure submission. If you decide to do that, pay on *accepted* disclosures, not everything that gets thrown over the wall. While you want lots of disclosures, you don't want a lot of crap.
Decide at the outset *when* you're going to pay inventors -- some pay and present quarterly with great fanfare. My opinion is that significantly decouples the desired behaviour from reward. I much prefer having a system where things get filed, I send a note to payroll, and the $$ automagically appears in people's next paychecks. That system also minimizes the chances of people dropping through the cracks over a quarter. Yeah, have quarterly or annual beer bashes where you honor inventors as well, but don't hold up the money!
Oh, as part of that whole deal, work out with your finance types which department pays for awards -- my feeling is that it should follow who pays for filing, prosecution, issuance, and maintenance costs. If the division/group (hardware, let's say) pays for filing and prosecution, they should pay for awards. On the other hand, if filing and prosecution gets billed to G&A (corporate overhead) then awards should follow. Doing it that way puts awards costs into the entire life-cycle costs of a patent filing.
How, I wonder, are normal folks going to know how much they're using? As a geek, between the squid in the closet, and cacti, I can figure out how much bandwidth we're using. But normal folks? Not a chance!
Correct, and the (more public) stance both court and plaintiff are taking now (post-TRO) would seem to indicate that both f*cked up in spades, and are actually beginning to appreciate that -- plaintiff by not thinking things through and actually talking to someone who could understand and explain the technical aspects of things, and the court for believing the plaintiff.
As pointed out, the purpose of a TRO is (was) to *temporarily* freeze the situation until the court can be briefed fully, and make a more reasoned decision.
But we're running on Internet time now, and Plaintiff did what defendant couldn't have done, which was to disseminate even more information to a wider forum, and generate orders of magnitude more interest in this information than defendant could have done on their own...
The other thing plaintiffs did in this action -- going for a TRO takes cojones, and a good reputation with the court. As plaintiff, you're going to the court asking them to act preemptively -- to restrain someone who has not yet acted. If the court doesn't believe you, they'll say, "Nah, if you're damaged, you can bring suit." Here, plaintiffs not only didn't understand the situation, but in their filings, they did orders of magnitude more damage to themselves than the action they got the court to enjoin.
Courts and judges tend to have long memories -- and in this case, they'll most likely remember that these guys were bozos, and evaluate their arguments accordingly.
I went through the Green Plug website. Could this technology help a particular company with their family of products?
No information on power levels -- I could really use some information in I and V ranges. I could use some basic information about protocols. Is it designed for intermittent use, like charging, or can I design my widget to use one of these for full time operation?
I'd rate the website +5 for marketing speak and -200 for lack of technical detail that could give interested technical folks some basic information to decide whether to take this to the next level.
U.S. Patent 7,065,520 (issued in June 2006) would seem to be the US equivalent.
When you look at the claims, all the independent claims contain some key limitations:
receiving a search request from a user,
searching a database,
(other stuff, ending with)
"wherein the visual content comprises a plurality of mini-images in the form of a conveyor belt slide show."
A conveyor belt slide show? WTF? Gee, that seems fairly narrow to me!
Read the claims -- they define what the patent seeks to protect.
You can read a good summary at law.com:
http://www.law.com/jsp/article.jsp?id=1202421556225
A lot of ham radio operators set up separate 12vdc systems for powering radios and other emergency equipment. 12v deep cycle batteries plus ways of charging them -- solar panels and a solar charge controller, ac chargers, and a handful of diodes and maybe some relays so the ac operated charger only runs when needed (and there's no solar power available). Such systems are fairly simple and robust.
This is going to be interesting. Section 337 actions are brought in rem, so success in this action could result in an exclusion order against any product incorporating or including the infringing device. That's lots of stuff! Section 337 actions are also fast, furious, and expensive!
You can get a copy of the patent from http://www.pat2pdf.org/
A 1/8 inch high-speed drill bit in the drill press does wonders. Punch through the top cover, platters, base, circuit board. Repeat in a second location if desired. Quick and effective, particularly on glass platters (and the sticker on the drive says "rattling noise is normal").
So we can expect the next generation of malware to alter systems to use OpenDNS?
Might make some systems a little more useful!
Virgin Mobile, phones available at Target or Best Buy, starting at around $20 for a phone that doesn't have a camera, mp3 player, or corkscrew. Just a phone.
Prepaid plans, pay-as-you-go, or monthly plans.
I'll pay a reasonable amount for a shareware tool that will let me turn that e-mail address into anything I want...
How many days until we see such a tool?
A long time ago, when computers remembered using little donuts made of rust, I worked on on a mainframe computer system (CP/V) that supported batch, timesharing, realtime, the works. It had performance monitoring tools, and a large basketload of parameters for sys admins to twiddle.
One of our favorite parameters was SL:BB, documented as batch bias, an input to the process scheduler. When someone called or wrote to us saying they were having problems with performance tuning, we usually suggested they redo their tests varying the setting of SL:BB and let us know what happened. Try different values, 0, 1, 5, 20, 50, 100, things like that. Try it and get back to us.
And lo, they would go off and redo performance runs, and report back.
And we would collect their results and go and muse over them, usually over beer.
SL:BB told us a lot about the user, because SL:BB was a knob that wasn't connected to anything. Oh, the value was range-checked by the parameter setting tool, and dutifully stored in memory, and displayed on performance displays, but it didn't change system performance in any way at all.
That's not what the documentation said, but who believes documentation? We had plans for SL:BB, we just hadn't gotten around to writing the code yet.
So if the user reported that setting SL:BB to 25, but not 24 or 26 gave them incredibly better (or worse) results, we definitely factored that into our analysis.
Those that reported back that the setting of SL:BB didn't make a damn bit of difference, and there were some, we honored as brothers, took into our confidences, and shared beer with at the soonest opportunity. Their bug reports and feature requests received far more attention, for they had passed an important test.
And how many of these Firefox parameters are like SL:BB?
...based on download counts from Micro$oft, right? Ignore the fact that IE7 is forced on (most) users; it's more popular than Sasser!
What do people want? Most people want content, not features. 35gb, 50gb, red, blue, purple doesn't matter if the movie the kid down the street wants isn't available. We'll know which side has won when the major studios release their blockbusters on only that format. I think it may be a while yet -- (standard) DVDs have only recently beaten VHS.
The early S-100 systems (Altair, Imsai, Poly, Northstar) used linear supplies and ran unregulated DC on the S-100 bus. Most designers aimed for +8 to +9 volts to feed the onboard +5 volt regulators (and the3 volt or so headroom for 7805 regulators). Can't think of any that ran high current AC on the bus. Some systems, such as the Poly, ran a squared-up 60 HZ signal for real-time clocks.
The heat losses in S-100 on-card linear regulators were immense! That and the weight of the (linear) transformers helped make the Apple ][, with its switching power supply, so popular (I still have an old Poly power transformer; makes a great doorstop).
Some mainframe computers used the scheme mentioned by others -- polyphase high-frequency AC distribution. High frequency (think 800 Hz) power transformers are small and efficient; that's why switching supplies run at high frequencies (in the hundreds of KHz range).
Efficiency is not only about wasting less power, it's about generating less heat!
Look at it as local control vs. remote. If I have the application and the data on my local machine, what do I care if another company gets an injunction against the manufacturer of something? I can still do what I need to do.
But if things are remote -- Blackberry, remote storage, remote applications such as SaaS are examples -- then I'm far more vulnerable.
Not just to injunctions shutting down the service, "upgrades" that go wonky, but to idiots with backhoes!
It comes down to that risk - benefit analysis. Am I willing to risk having key parts of my infrastructure in the hands of someone else, or do I want it local, where I can see it (and screw it up myself, but that's another part of the equation).
Do I want to put myself in the position where someone can say, "Sorry, you don't have permission to open that document any more."
Nope, I want things where I can see them. Remote backup is another story, but I want the primaries under my control.
And saying this is another death-blow to OSS is just more FUD.
Namaste--
Of course if you deal with M$ and look at their confidentiality/nondisclosure agreements, they specifically reserve residual rights -- so they're complaining about an ex-employee possibly doing what they explicitly say they're going to do to others.
Big surprise.