The FCC's rule change makes the manufacturers responsible for compliance, not the owner/operator. How, then, will the vendors deal with the updates required by the glibc bug, http://linux.slashdot.org/stor...
The vendors of anything that can't be reflashed by their users are now responsible to the FCC for any compliance-critical errors in their devices. A DNS hack can can allow anyone to change to an illegal channel or use an illegal power level.
Similarly, the vendors are at risk of being named in class-action suits for anyone whose router gets hacked through their negligence. Especially in the US, where suing people seems to be the national hobby (;-))
Do you suppose some tiny Taiwanese firm can afford to do a recall like an auto manufacturer, and fix all their locked-down devices? Or be haulded into a US court without going broke? I suspect not...
Locking down your products for the US market because "it's easy" may turn out to be a company-killing error.
Regrettably, they seem to have mistaken channel-based hardware with cryptographically-signed (linux, bsd) databases of allowed channels for something completely different, completely programmable "software defined radios".
The latter are an unsolved problem for the FCC: the former are the chip designers and the Linux networking team working hard to make it easy for the FCC... and being treated badly.
One of the cases considered was one in which the person could not get standing to remove a foreign original, but could argue that Google was keeping an excerpt, a link and possibly a copy in the EU, and so could be ordered to remove "their copy". It's not obvious how this will play out against opposing EU judgements that links are not publications.
"Hard cases make bad laws", Hodgens v. Hodgens (1837).
There's a ton of discussion elsewhere (ie, g+), and the Wired article completely misses that he's assuming we know about a classic (and cool) solved problem in computer science, "byzantine generals with collusion".
I suspect it will be attractive to anyone who could lose their master key of a sysadmin quits, and unattarctive to the security services, who don't want to ask for or honour court orders (:-))
We see the same "sorting" effect in Canada, where being the child of well-to-do parents is absolutely wonderful, and leads to success in business and industry, roughly commensurate with the sum of (intelligence && opportunity). Starting out the child of poor parents gets you no respect, and people assume you're stupid.
The smartest three people in my high schools were a poor kid with parents from the Ukraine, me, with mostly white middle-class parents and the son of a successful businessman. In business success over the years, the businessman's kid came first, then me, then the poor kid. We all did better than the merely not-dumb folks, and really really well by comparison to the dumb kids, with one exception...
Some immensely likeable dumb kids went into sales and did better than any of us (;-))
Tor and Tails try to protect data in flight and its destination from third parties, not your deal with the endpoint. The latter may well use an account and password.
There was an ACM article about hardware backdoors: turns out they show up as rarely-acessable code when you do a (normal) check to get rid of redundant or under-used circuts.
A US court rejected a motion to dismiss: the case still has to go to the jury.
And the judge appears to have ignored evidence before him, so it may not even get that far.
If you keep saying something, however impossible, eventually you'll get some people to believe you:
they strongly expect you to be shouted down if you're a liar.
This worked for Rob Ford (the druggie mayor of Toronto), and for two, maybe three, countries' rulers during WWII. So if you're a liar, don't stop lying! Redouble your efforts!
The supplier is CZ.NIC, a non-profit organization that runs the.CZ top level domain of the Czech Republic.
This is their second Turris, and they probably will be around for day or two.
My credit-card supplier will issue single-use or otherwise restricted numbers, to use with "untrustworthy vendors".
This allows a similar functionality: with the vendor I can be OscarTheSuspiciousGrouch and use a card number that is limited to legitimate stuff.
In both cases I can credibly demonstrate I'm really "Oscar"
If I was surveyed (and I have been), I'll report what I worry about the most. That may or may not be what I actually get to spend time on.
If I was a politician (and I'm not), I'd strictly answer what the questioner wants me to worry about the most.
Like you, I expect that cost-averse vendors will be reluctant to add anything pricey to the board. I was thinking of an independent radio chipset that could be locked down separately form the general-purpose processor, you were thinking of DRM. I understand this is what some cell phones have, and that there is a push toward getting rid of the extra expense...
http://hardware.slashdot.org/~Mark+Wilson says "The user you requested does not exist, no matter how much you wish this might be the case."
Vint Cerf, on the other hand, definitely exists, and his and Dave Taht's submission to the FCC pointed out that the problem existed, no matter how much you wish this might not be the case.
Regrettably, routers are designed to be extremely cheap, and have only one cpu and OS. Specific vendors (as noted in the IETF submission) have publicly claimed that the FCC rules require them to prevent any modification to the device, and lock it down.
IMHO, that gives them "forced obsolescence", and sales at full list price for newer models with bug-fixes.
He and Dave Taht wrote the reply to the former rulemaking proposal, which *specifically* asked how the vendor would prevent purchasers from flashing it with DD-WRT. Please see the IETF submission at http://apps.fcc.gov/ecfs/comme...
Yes: we're lucky in that we have a former open-pit mine on the top of a ridge, close by a river in a valley (the Crow), with a fall from the bottom of the pit to the surface of the river that's higher than Niagara Falls!
I wan't expecting that: I think of the area as gently rolling, but apparently it's typical of lots of areas along highway 7. Who knew!
Slashdot Mirror
If they lock it down, they become legally and financially resposnible for compliance-critical bugs like the glibc DNS one.
The FCC's rule change makes the manufacturers responsible for compliance, not the owner/operator. How, then, will the vendors deal with the updates required by the glibc bug, http://linux.slashdot.org/stor...
The vendors of anything that can't be reflashed by their users are now responsible to the FCC for any compliance-critical errors in their devices. A DNS hack can can allow anyone to change to an illegal channel or use an illegal power level.
Similarly, the vendors are at risk of being named in class-action suits for anyone whose router gets hacked through their negligence. Especially in the US, where suing people seems to be the national hobby (;-))
Do you suppose some tiny Taiwanese firm can afford to do a recall like an auto manufacturer, and fix all their locked-down devices? Or be haulded into a US court without going broke? I suspect not...
Locking down your products for the US market because "it's easy" may turn out to be a company-killing error.
--dave
Regrettably, they seem to have mistaken channel-based hardware with cryptographically-signed (linux, bsd) databases of allowed channels for something completely different, completely programmable "software defined radios".
The latter are an unsolved problem for the FCC: the former are the chip designers and the Linux networking team working hard to make it easy for the FCC... and being treated badly.
One of the cases considered was one in which the person could not get standing to remove a foreign original, but could argue that Google was keeping an excerpt, a link and possibly a copy in the EU, and so could be ordered to remove "their copy". It's not obvious how this will play out against opposing EU judgements that links are not publications.
"Hard cases make bad laws", Hodgens v. Hodgens (1837).
I happily use spamcop, because they do one thing relatively well, and when it's not well, medicate it quickly (;-))
--davecb@spamcop.net
There's a ton of discussion elsewhere (ie, g+), and the Wired article completely misses that he's assuming we know about a classic (and cool) solved problem in computer science, "byzantine generals with collusion".
I suspect it will be attractive to anyone who could lose their master key of a sysadmin quits, and unattarctive to the security services, who don't want to ask for or honour court orders (:-))
A single example always suffices as disproof (;-))
We see the same "sorting" effect in Canada, where being the child of well-to-do parents is absolutely wonderful, and leads to success in business and industry, roughly commensurate with the sum of (intelligence && opportunity). Starting out the child of poor parents gets you no respect, and people assume you're stupid.
The smartest three people in my high schools were a poor kid with parents from the Ukraine, me, with mostly white middle-class parents and the son of a successful businessman. In business success over the years, the businessman's kid came first, then me, then the poor kid. We all did better than the merely not-dumb folks, and really really well by comparison to the dumb kids, with one exception...
Some immensely likeable dumb kids went into sales and did better than any of us (;-))
Tor and Tails try to protect data in flight and its destination from third parties, not your deal with the endpoint. The latter may well use an account and password.
Anti-babelfish, methinks!
Mr Schmidt is a way better business manager than he is a philosopher (;-))
There was an ACM article about hardware backdoors: turns out they show up as rarely-acessable code when you do a (normal) check to get rid of redundant or under-used circuts.
A US court rejected a motion to dismiss: the case still has to go to the jury. And the judge appears to have ignored evidence before him, so it may not even get that far.
If you keep saying something, however impossible, eventually you'll get some people to believe you:
they strongly expect you to be shouted down if you're a liar.
This worked for Rob Ford (the druggie mayor of Toronto), and for two, maybe three, countries' rulers during WWII. So if you're a liar, don't stop lying! Redouble your efforts!
The supplier is CZ.NIC, a non-profit organization that runs the .CZ top level domain of the Czech Republic.
This is their second Turris, and they probably will be around for day or two.
My credit-card supplier will issue single-use or otherwise restricted numbers, to use with "untrustworthy vendors". This allows a similar functionality: with the vendor I can be OscarTheSuspiciousGrouch and use a card number that is limited to legitimate stuff.
In both cases I can credibly demonstrate I'm really "Oscar"
If I was surveyed (and I have been), I'll report what I worry about the most. That may or may not be what I actually get to spend time on. If I was a politician (and I'm not), I'd strictly answer what the questioner wants me to worry about the most.
I think we're in violent agreement (;-))
Like you, I expect that cost-averse vendors will be reluctant to add anything pricey to the board. I was thinking of an independent radio chipset that could be locked down separately form the general-purpose processor, you were thinking of DRM. I understand this is what some cell phones have, and that there is a push toward getting rid of the extra expense...
http://hardware.slashdot.org/~Mark+Wilson says "The user you requested does not exist, no matter how much you wish this might be the case."
Vint Cerf, on the other hand, definitely exists, and his and Dave Taht's submission to the FCC pointed out that the problem existed, no matter how much you wish this might not be the case.
Regrettably, routers are designed to be extremely cheap, and have only one cpu and OS. Specific vendors (as noted in the IETF submission) have publicly claimed that the FCC rules require them to prevent any modification to the device, and lock it down.
IMHO, that gives them "forced obsolescence", and sales at full list price for newer models with bug-fixes.
He and Dave Taht wrote the reply to the former rulemaking proposal, which *specifically* asked how the vendor would prevent purchasers from flashing it with DD-WRT. Please see the IETF submission at http://apps.fcc.gov/ecfs/comme...
Encrypt, then stripe the data across countries so you need cooperation from everyone to get anything (;-))
Yes: we're lucky in that we have a former open-pit mine on the top of a ridge, close by a river in a valley (the Crow), with a fall from the bottom of the pit to the surface of the river that's higher than Niagara Falls!
I wan't expecting that: I think of the area as gently rolling, but apparently it's typical of lots of areas along highway 7. Who knew!
My cottage is quite close, the project is described at http://ecogeek.org/2013/04/ope...
This approach is low-cost, and used in Brazil among other places: https://en.wikipedia.org/wiki/...