Maybe I misunderstood what the article author was suggesting. It sounds to me from the writeup that they already have unencrypted drives, and he is proposing that they encrypt the drives then destroy the key as their disk destruction technique. If that's the case then taking time to encrypt the drive would both be much slower than a random pass, and not as secure: if not done correctly it could leave unencrypted data behind in unused blocks, and there's always a (fairly negligible) risk that the encryption algorithm gets fundamentally broken.
Meanwhile both methods have the same remenance problems, but a random pass could be done multiple times (though I guess they could encrypt the encrypted data with a new key).
Yep, this is better than encrypting the drive in that it's possible to secret away a copy of the encryption key and later unlock all the data, or perhaps the algorithm used for encryption gets broken, so suddenly the data is readable again, and so forth.
Encryption offers no advantage over a strict drive wipe, particularly with random data. Realistically multiple passes are not needed because modern bit densities make it improbable that magnetic memory can be meaningfully recovered. Thinking it does demonstrates failed thinking. If you're encrypting just certain files, then empty sectors may still contain unencrypted data. If you're encrypting the whole drive with the intention that it's unrecoverable, then random passes are the same thing.
However, I see any soft destruction as most likely being completely out of the question. It's impossible to look at the outside of a drive and know if it's been correctly wiped, no matter how good the wipe process was. To audit the destruction you'd have to load up each disk and examine it electronically one at a time. And if full-disk encryption was used (maliciously), but it was advertised as a random wipe, that would be impossible to spot.
If it's not your own data that you're destroying, physical destruction of the device is the only way to be sure it was done as advertised.
They usually either wear masks, beards, or other things which make it difficult to identify them, or they are brought in from out of state, and the only people who would recognize them in that context are other agents who are in on the action.
In my experience, this does a good job of clearing up over-the-phone misunderstandings. But it does little to deter liars, who will ignore the email and simply claim later (if called out on their lie) that they hadn't read your call minutes, and this wasn't what they intended to say. "Those were your words, not mine."
Agreed with GP, a lie told by email is written record. A lie told by phone or in person can be refuted. Why would people prefer to leave a paper trail? Maybe it is just for fibs or other inconsequential lies.
Also I've had similar experience as GP with our sales force. Those guys will drop a lie like it's going out of style, any time they perceive it might work out in their favor. "I did XYZ yesterday on Customer ABC, but there's no record in the system of that today, and this caused me to miss my numbers." "No, in fact, not only did nobody even bring that customer record up, you weren't even signed into the system yesterday." I don't get how the level of dishonesty they demonstrate on a regular basis goes unpunished. I sincerely doubt I'd still have a job if I had the same standard of honesty.
I don't get the same heat problems out of my phone when connected to a normal charger, even when I'm using the crap out of it (being a developer, I am often pushing my device to its limits). I can get the phone pretty warm, but nothing like the heat generated while in the car dock with the screen turned off and not running navigation or anything like that (eg, just to charge it). Out of the car dock, it can be downright uncomfortable to hold.
Interesting, I never had a problem with my Nexus One. I only switched phones about a month ago when I got a Nexus S for the NFC support (I'm a developer writing an app against that functionality). I gave my NexOne to my wife who uses it to great success. My one-year old daughter even got it and chewed on it a bunch (very little cosmetic damage, but enough drool got inside to trip the moisture sensor - the trackball glows red). A night in a rice bowl later, and it's still going strong.
The closest thing I ever had to a problem with it was the car mount would cause the phone to get very hot (not sure if it's the phone or the mount which generates the heat, I tend to think it's the mount because my phone would not overheat at any other time), which of course is bad for battery life, and makes the screen less sensitive while it's overheated.
There's an app for Android phones, called Antennas. It shows you the location and status of nearby towers, and can be configured to run and collect the status of nearby towers in the background.
If a modified version of this app was used to crowd-source information about towers, false towers such as this could be identified. These mobile false towers will be physically located close to the interception victim, and will be a lot less powerful and have a lot less range than a typical tower. They'll also have less capacity than a normal tower, and maybe be physically located in an unusual spot (eg, on the street). These details should be able to be aggregated and the information used to warn about a new tower or a tower which has moved, or a tower whose signal strength is not on par with typical towers. Anyone curious about the status of a suspicious tower can drive out to its location and have a look to see if there's a real tower there, or instead it's a "news van" at that spot.
It seems like on a rooted phone, you ought to be able to blacklist certain towers, maybe give the device a whitelist of verified towers to use in a certain area. Maybe even make that black/whitelisting selective - only disable suspicious towers when making / receiving a call (since it seems likely the purpose is not location awareness, but call interception).
That's more of an argument for security through obscurity.
No, it's saying that something which requires an extremely elaborate feat of social engineering and even when pulled off successfully is able to affect only a small fraction of the user base, and only some of the time, is not very much of a security risk. It's undesirable behavior which they should probably change, but the chances of successfully exploiting it are vanishingly small, particularly compared to alternate attacks with much greater efficacy and lower threshold for success, and which are easier to exploit (namely social engineering in general, i.e. "run this.exe file I'm going to send you").
In HF trading, there's still risk that the trade is unprofitable. By taxing profits and giving no discount for losses, this may make the practice at large unprofitable. Even if not, this could still be a significant source of revenue for the government. Whatever the means, whether by a percentage based tax, flat transaction fee, per-share transaction fee, or some combination thereof, the point is that there should be an increase in friction for rapid trading, preferring to reward long term share holders, and making same-day trades rarely profitable.
The current setup rewards companies exclusively for short-term profit. It's short-sighted at a national level even if very profitable at an investor level. Basically it allows investors (the "1%") to sap value directly out of the economy. Every dollar they make is a dollar that came from somewhere else where it most likely did more good than it does in a wealthy portfolio.
With so much of that capital on Wall Street today being typically invested only for minutes, if not seconds, I don't think it offers much value to the company.
There's a huge problem in the US economy at large where stock holders don't care about what's good for a company's long term prospects any longer, they care instead only about the shortest possible term changes to stock price. They incent CEOs to make decisions which raise stock price for today, but which cannibalize value from the company in the longer term. The CEO's have these golden parachutes, when things start going bad, they bail and take a pile of cash with them, so there's no downside.
Except that a company which employs people and which produces a product which is presumably valuable to society is less able to employ and less able to produce.
I think a new tax is in order. Tax stock profits based on how long the stock was held for. Anything 5 years or longer gets zero capital gains tax. Anything shorter gets taxed on a scale according to how long it was held, with the highest tax reserved for any stock held for less than 24 hours. The tax rates should be sufficiently steep that most investors are looking to invest for at least 1 year in order to maximize value.
High frequency trading contributes nothing to society, it merely saps value out of the economy and puts it in the pockets of those who can afford the hookups. Worse yet it causes some of our best and brightest intellectual minds to waste their skills trying to game a system rather than produce something of value to society.
I'm coming to see you guys at the Theatre of the Living Arts tonight (Sep 30)! My question is: can I borrow a copy of your latest album? And a couple of blank tapes?
Also, if you want to hang out after the show with someone nerdier than you, I wouldn't turn you down.
The loophole I mentioned is that although they must "produce" it themselves, it's not difficult to create a financially independent subsidiary which is effectively managed by some third party, in space rented from that third party and on equipment owned by that third party for a negligible amount, which then sells exclusively to that third party for prices reflecting what would have been the original licensing fees.
Let's say New Patent Troll Incorporated (NPT, Inc.) "invented" a widget (in the past tense, along with some entirely-internal paperwork supporting this), which Some Startup Company (SSC) has a patent on and recently demonstrated a market for. Bob's Widget Supply (BWS) contacts SSC and asks what it costs to license the patent so they can produce it too. SSC isn't really interested in price competition since they have been working without income for the last few years, and have a lot of debt to make up, so they demand $0.50 per unit in royalties (SSC selling the widget at $1.00 wholesale).
BWS doesn't like this price, they realize that they can't compete against SSC like that (whose net is around $0.30 per unit). So BWS contacts NPT Inc. NPT, Inc., after a few days of "exhaustive" searching is able to produce some documentation showing that they have been using some prototypes of the exact same invention. NPT, Inc. offers to sell this product to BWS for $0.10 each, but as part of the agreement, BWS must provide manufacturing space and equipment to NPT to "bolster" NPT's current supply line, and must cover the increased costs of payroll and materials acquisition for NPT.
Basically NPT becomes a proxy for BWS to manufacture this item, and they pay a greatly reduced "markup" on the final product, but BWS is responsible for all of the details. On paper, NPT is manufacturing this product and selling it on the market exclusively to BWS at a rate which allows BWS to directly compete against the patent holder, because the law says NPT is allowed to do this even though they don't hold a patent for the product and SSC does.
The physical widget example is a little strained, but NPT can charge any amount less than SSC's license requirements, and it's a better deal for BWS. But in the technology world, when it comes to things like software patents, there isn't actually manufacturing involved. So there's no shady setups to create where BWS has to provide manufacturing capacity to NPT, NPT's actual costs for "producing" more units of a particular software product are trivial, and that's the arena where this really creates a truck sized hole in the patent process.
Maybe SSC could sue NPT. If NPT is a shell corporation created by BWS explicitly for this purpose, they draw things out to ramp up legal costs for SSC, then bankrupt NPT. SSC, being a startup (and therefore the "little guy"), will have had to have exhausted a lot of resources to shut NPT down, and in the mean time, BWS has spent a few years with free reign on the market, and with no permanent consequences in the end. But more likely SSC realizes it's a legal quagmire and sends a few threatening letters for good measure, but never really pursues it since they see they would bankrupt themselves and accomplish nothing.
...or the transfer or sale of the end result, is immune from patent infringement
Sure, they don't own a patent that they can sell, and they can't sue others for breaching the patent (so it's not an item in their patent warchest), but they can compete directly with the actual inventor without needing to pay royalties, including selling a competing product on the market.
There's a loophole here big enough to drive a truck through. Even though they can't license this invention directly, they can still accomplish the same thing in effect. The third party is their "distributor" and pays them a "commercial" rate equivalent to whatever the original patent licensing fee would have been. This company just has to be responsible for the manufacturing (heavily and directly subsidized, perhaps even overseen by the third party).
Because they have the resources to cast the widest possible net without regard to working out specifics or surmounting challenges present in the invention. Basically they are "inventing" in the sense that they think of an idea, and document it entirely internally (read: completely forgeably), then let the market prove the invention worthwhile. They can then pursue only those inventions the market has demonstrated a demand for.
In effect they can let third parties take all the risk while they reap the reward. Small inventors don't have the resources to do something similar, so any time they patent something, as soon as they start seeking royalties they potentially risk having invested years of research and work creating something incredible only to have a big corporation show up claiming "Oh, we've been doing that all along, it's just that nobody but these two guys in our extremely highly paid R&D team knew about it," and start selling licenses of their own. Their investment is much lower, and their risk is practically none.
I could understand if this exception permitted continued use in the same manner as the company has already been using it. That is, if any scale, so you get the ability to sell it the same as the patent owner does," is just a smack in the face to anyone without enormous R&D budgets.
Since the patent system is intended to reward people for taking the risk of inventing, a clause such as this which shifts the burden of risk from the big kids to the little kids is directly opposed to the design of the patent system in the first place. It's turned into a cash-back guarantee for big companies, and this legislation furthers that trend.
As one example, the Act expands the Prior Use defense to patent infringement to apply to all inventions (it was previously limited to business method patent claims) in a manner that encourages those with sufficient R & D resources -- generally, large companies -- to discover, document, use in an "internal commercial use," and maintain as a trade secret new methods and/or materials producing a "useful end result" which can then be sold or transferred with impunity. If a patent application claiming the new methods and/or materials is filed a more than a year later by another entity, and issues as a patent, this prior internal commercialization, or the transfer or sale of the end result, is immune from patent infringement, and is protected thereafter so long as it is continuously performed.
Basically if they do a large amount of internal R&D (most big tech companies), anything they piloted internally gets them a license to the tech. Even if you come up with an amazing new idea, if their R&D team spent any time on something similar, they can sell it commercially even though you have a patent.
There are some very high powered handheld lasers out there. Strong enough to start a fire. They are very dangerous because even a momentary hit to an eye can cause permanent damage, and many are illegal for sale in the US. 1w is the highest power you can legally own in the US for personal reasons, but even this will cause permanent blindness even from a reflected beam, and is powerful enough to light matches and burn through plastic. More powerful lasers are out there and not that hard to acquire.
Seems like Elmer's glue would wash off the next time it rains. But then maybe many of these cameras have a rain shield (keeping them functional in inclement weather, but preventing self cleaning). Cooking oil would probably resist the weather a bit better.
I wonder if an epoxy solution would be effective (though it'd require two devices). Epoxy paintballs could be mixed together in a single device and could be a lot more damaging than many of the other means.
I'm surprised surveillance networks like this aren't huge vandalism targets. Simple approaches come to mind, such as air rifles or paintball guns.
It seems like such a network would be easy to keep pretty much offline as it takes less time, effort, and expense to disable a camera than it takes to repair it.
If you receive a letter from your ISP about supposed piracy on your connection, change your ISP if you can. They're spying on you.
Not necessarily. If the letter is, "We got a report of XYZ activity from your IP address from the following complainant," they're just forwarding on the information as they are required to do.
They didn't find the phone there. Maybe they pulled a favor at Cava and got a creditcard receipt, then located that CC number in their own internal creditcard database from iTunes. Even if they only had last-four digits, there can't be that many matches in the area.
There are several forms of 'meta cookie' which can be used to uniquely identify you, and which have nothing to do with either Flash or standard browser cookies. For example, check out Panopticlick. There are also older attacks such as history sniffing (defeated in modern browsers, but still available in the majority of active browsers). Plus there's permanently cached files (a JS file with an expiry set unreachably far in the future, with a server which responds that the file is always fresh, while the content of that file is uniquely identifiable information). DOM storage, HTML5 offline cache, and many other vectors are ways to stick information on your computer in ways you're probably not expecting.
Some sites have put together combinations of these approaches to make super cookies which are almost impossible to defeat without simultaneously erasing cache, cookies, flash cookies, all browsing history, and also making sure you're running a completely vanilla OS with a completely vanilla browser install (each addon or font, and many 3rd party programs can contribute to your fingerprint being more unique). If you have an unusual font or two installed, this all by itself can make you uniquely identifiable in a way that no level of browser scrubbing will protect you.
A "super" cookie is one where every means of uniquely identifying yourself has to be simultaneously scrubbed. If you miss even one, the rest are restored.
If an SSH key changes, you know why or can find out, because you're connecting either to a device under your control, or under the control of someone you have the capacity to contact. This is not true if an SSL key were to change. If a major website had a data breach and decided they needed to revoke their SSL cert, then all of their customers would see a "Warning, this certificate does not match" message, and would have no way to know if it was because the key was legitimately changed, or if this is a MITM attack.
So, we're worried that a doctor goes hunting on an open forum on facebook for medical advise? I think we have to worry about whether this is an actual doctor... or human with an IQ over 17.
Let me say that I have seen this happen first hand. A doctor with a patient he believed was entering cardiac arrest attempted to use a "Share your story" form on an unrelated product website to get advice during weekend hours. I'm not sure if he just panicked and was trying to protect himself from having to say, "You need to go to the hospital now" or what. This form of course was just a mailer form to the product manager for that website, who got the email on Monday morning. Also, the doctor forgot to include his contact details, we had no way to get back in touch with him (or her?).
We had to remove the entire feature because we could not risk that happening again. The pharmaceutical company needs to protect itself and its patients against medical malpractice perpetrated by doctors, because aside from the regulatory and ethical requirement to handle this correctly, when it comes time to figure out who to sue when something goes wrong, there's the small private practice doctor good for maybe a few hundred grand (who maybe declares bankruptcy and pays out nothing), and the often-despised multi-billion dollar pharmaceutical good for a few million or maybe even a few hundred million.
The FDA expects pharmaceuticals to respond to and report on all adverse event reports. Pharma companies need to work very hard to control their communications channels because it turns out that about the only thing you need to secure an MD is a lot of time and money plus roughly average intelligence (lower intelligence can be made up for with more time and money).
Slashdot Mirror
Maybe I misunderstood what the article author was suggesting. It sounds to me from the writeup that they already have unencrypted drives, and he is proposing that they encrypt the drives then destroy the key as their disk destruction technique. If that's the case then taking time to encrypt the drive would both be much slower than a random pass, and not as secure: if not done correctly it could leave unencrypted data behind in unused blocks, and there's always a (fairly negligible) risk that the encryption algorithm gets fundamentally broken.
Meanwhile both methods have the same remenance problems, but a random pass could be done multiple times (though I guess they could encrypt the encrypted data with a new key).
Yep, this is better than encrypting the drive in that it's possible to secret away a copy of the encryption key and later unlock all the data, or perhaps the algorithm used for encryption gets broken, so suddenly the data is readable again, and so forth.
Encryption offers no advantage over a strict drive wipe, particularly with random data. Realistically multiple passes are not needed because modern bit densities make it improbable that magnetic memory can be meaningfully recovered. Thinking it does demonstrates failed thinking. If you're encrypting just certain files, then empty sectors may still contain unencrypted data. If you're encrypting the whole drive with the intention that it's unrecoverable, then random passes are the same thing.
However, I see any soft destruction as most likely being completely out of the question. It's impossible to look at the outside of a drive and know if it's been correctly wiped, no matter how good the wipe process was. To audit the destruction you'd have to load up each disk and examine it electronically one at a time. And if full-disk encryption was used (maliciously), but it was advertised as a random wipe, that would be impossible to spot.
If it's not your own data that you're destroying, physical destruction of the device is the only way to be sure it was done as advertised.
They usually either wear masks, beards, or other things which make it difficult to identify them, or they are brought in from out of state, and the only people who would recognize them in that context are other agents who are in on the action.
There was an issue with the NYPD being upset that they couldn't film the protests in order to provide a fuller context to their actions
Interesting, if true. Can you provide more detail? What could have kept the NYPD from filming?
In my experience, this does a good job of clearing up over-the-phone misunderstandings. But it does little to deter liars, who will ignore the email and simply claim later (if called out on their lie) that they hadn't read your call minutes, and this wasn't what they intended to say. "Those were your words, not mine."
Agreed with GP, a lie told by email is written record. A lie told by phone or in person can be refuted. Why would people prefer to leave a paper trail? Maybe it is just for fibs or other inconsequential lies.
Also I've had similar experience as GP with our sales force. Those guys will drop a lie like it's going out of style, any time they perceive it might work out in their favor. "I did XYZ yesterday on Customer ABC, but there's no record in the system of that today, and this caused me to miss my numbers." "No, in fact, not only did nobody even bring that customer record up, you weren't even signed into the system yesterday." I don't get how the level of dishonesty they demonstrate on a regular basis goes unpunished. I sincerely doubt I'd still have a job if I had the same standard of honesty.
I don't get the same heat problems out of my phone when connected to a normal charger, even when I'm using the crap out of it (being a developer, I am often pushing my device to its limits). I can get the phone pretty warm, but nothing like the heat generated while in the car dock with the screen turned off and not running navigation or anything like that (eg, just to charge it). Out of the car dock, it can be downright uncomfortable to hold.
Interesting, I never had a problem with my Nexus One. I only switched phones about a month ago when I got a Nexus S for the NFC support (I'm a developer writing an app against that functionality). I gave my NexOne to my wife who uses it to great success. My one-year old daughter even got it and chewed on it a bunch (very little cosmetic damage, but enough drool got inside to trip the moisture sensor - the trackball glows red). A night in a rice bowl later, and it's still going strong.
The closest thing I ever had to a problem with it was the car mount would cause the phone to get very hot (not sure if it's the phone or the mount which generates the heat, I tend to think it's the mount because my phone would not overheat at any other time), which of course is bad for battery life, and makes the screen less sensitive while it's overheated.
There's an app for Android phones, called Antennas. It shows you the location and status of nearby towers, and can be configured to run and collect the status of nearby towers in the background.
If a modified version of this app was used to crowd-source information about towers, false towers such as this could be identified. These mobile false towers will be physically located close to the interception victim, and will be a lot less powerful and have a lot less range than a typical tower. They'll also have less capacity than a normal tower, and maybe be physically located in an unusual spot (eg, on the street). These details should be able to be aggregated and the information used to warn about a new tower or a tower which has moved, or a tower whose signal strength is not on par with typical towers. Anyone curious about the status of a suspicious tower can drive out to its location and have a look to see if there's a real tower there, or instead it's a "news van" at that spot.
It seems like on a rooted phone, you ought to be able to blacklist certain towers, maybe give the device a whitelist of verified towers to use in a certain area. Maybe even make that black/whitelisting selective - only disable suspicious towers when making / receiving a call (since it seems likely the purpose is not location awareness, but call interception).
That's more of an argument for security through obscurity.
No, it's saying that something which requires an extremely elaborate feat of social engineering and even when pulled off successfully is able to affect only a small fraction of the user base, and only some of the time, is not very much of a security risk. It's undesirable behavior which they should probably change, but the chances of successfully exploiting it are vanishingly small, particularly compared to alternate attacks with much greater efficacy and lower threshold for success, and which are easier to exploit (namely social engineering in general, i.e. "run this .exe file I'm going to send you").
In HF trading, there's still risk that the trade is unprofitable. By taxing profits and giving no discount for losses, this may make the practice at large unprofitable. Even if not, this could still be a significant source of revenue for the government. Whatever the means, whether by a percentage based tax, flat transaction fee, per-share transaction fee, or some combination thereof, the point is that there should be an increase in friction for rapid trading, preferring to reward long term share holders, and making same-day trades rarely profitable.
The current setup rewards companies exclusively for short-term profit. It's short-sighted at a national level even if very profitable at an investor level. Basically it allows investors (the "1%") to sap value directly out of the economy. Every dollar they make is a dollar that came from somewhere else where it most likely did more good than it does in a wealthy portfolio.
With so much of that capital on Wall Street today being typically invested only for minutes, if not seconds, I don't think it offers much value to the company.
There's a huge problem in the US economy at large where stock holders don't care about what's good for a company's long term prospects any longer, they care instead only about the shortest possible term changes to stock price. They incent CEOs to make decisions which raise stock price for today, but which cannibalize value from the company in the longer term. The CEO's have these golden parachutes, when things start going bad, they bail and take a pile of cash with them, so there's no downside.
Except that a company which employs people and which produces a product which is presumably valuable to society is less able to employ and less able to produce.
I think a new tax is in order. Tax stock profits based on how long the stock was held for. Anything 5 years or longer gets zero capital gains tax. Anything shorter gets taxed on a scale according to how long it was held, with the highest tax reserved for any stock held for less than 24 hours. The tax rates should be sufficiently steep that most investors are looking to invest for at least 1 year in order to maximize value.
High frequency trading contributes nothing to society, it merely saps value out of the economy and puts it in the pockets of those who can afford the hookups. Worse yet it causes some of our best and brightest intellectual minds to waste their skills trying to game a system rather than produce something of value to society.
I'm coming to see you guys at the Theatre of the Living Arts tonight (Sep 30)! My question is: can I borrow a copy of your latest album? And a couple of blank tapes?
Also, if you want to hang out after the show with someone nerdier than you, I wouldn't turn you down.
The loophole I mentioned is that although they must "produce" it themselves, it's not difficult to create a financially independent subsidiary which is effectively managed by some third party, in space rented from that third party and on equipment owned by that third party for a negligible amount, which then sells exclusively to that third party for prices reflecting what would have been the original licensing fees.
Let's say New Patent Troll Incorporated (NPT, Inc.) "invented" a widget (in the past tense, along with some entirely-internal paperwork supporting this), which Some Startup Company (SSC) has a patent on and recently demonstrated a market for. Bob's Widget Supply (BWS) contacts SSC and asks what it costs to license the patent so they can produce it too. SSC isn't really interested in price competition since they have been working without income for the last few years, and have a lot of debt to make up, so they demand $0.50 per unit in royalties (SSC selling the widget at $1.00 wholesale).
BWS doesn't like this price, they realize that they can't compete against SSC like that (whose net is around $0.30 per unit). So BWS contacts NPT Inc. NPT, Inc., after a few days of "exhaustive" searching is able to produce some documentation showing that they have been using some prototypes of the exact same invention. NPT, Inc. offers to sell this product to BWS for $0.10 each, but as part of the agreement, BWS must provide manufacturing space and equipment to NPT to "bolster" NPT's current supply line, and must cover the increased costs of payroll and materials acquisition for NPT.
Basically NPT becomes a proxy for BWS to manufacture this item, and they pay a greatly reduced "markup" on the final product, but BWS is responsible for all of the details. On paper, NPT is manufacturing this product and selling it on the market exclusively to BWS at a rate which allows BWS to directly compete against the patent holder, because the law says NPT is allowed to do this even though they don't hold a patent for the product and SSC does.
The physical widget example is a little strained, but NPT can charge any amount less than SSC's license requirements, and it's a better deal for BWS. But in the technology world, when it comes to things like software patents, there isn't actually manufacturing involved. So there's no shady setups to create where BWS has to provide manufacturing capacity to NPT, NPT's actual costs for "producing" more units of a particular software product are trivial, and that's the arena where this really creates a truck sized hole in the patent process.
Maybe SSC could sue NPT. If NPT is a shell corporation created by BWS explicitly for this purpose, they draw things out to ramp up legal costs for SSC, then bankrupt NPT. SSC, being a startup (and therefore the "little guy"), will have had to have exhausted a lot of resources to shut NPT down, and in the mean time, BWS has spent a few years with free reign on the market, and with no permanent consequences in the end. But more likely SSC realizes it's a legal quagmire and sends a few threatening letters for good measure, but never really pursues it since they see they would bankrupt themselves and accomplish nothing.
Maybe you missed this part:
...or the transfer or sale of the end result, is immune from patent infringement
Sure, they don't own a patent that they can sell, and they can't sue others for breaching the patent (so it's not an item in their patent warchest), but they can compete directly with the actual inventor without needing to pay royalties, including selling a competing product on the market.
There's a loophole here big enough to drive a truck through. Even though they can't license this invention directly, they can still accomplish the same thing in effect. The third party is their "distributor" and pays them a "commercial" rate equivalent to whatever the original patent licensing fee would have been. This company just has to be responsible for the manufacturing (heavily and directly subsidized, perhaps even overseen by the third party).
Because they have the resources to cast the widest possible net without regard to working out specifics or surmounting challenges present in the invention. Basically they are "inventing" in the sense that they think of an idea, and document it entirely internally (read: completely forgeably), then let the market prove the invention worthwhile. They can then pursue only those inventions the market has demonstrated a demand for.
In effect they can let third parties take all the risk while they reap the reward. Small inventors don't have the resources to do something similar, so any time they patent something, as soon as they start seeking royalties they potentially risk having invested years of research and work creating something incredible only to have a big corporation show up claiming "Oh, we've been doing that all along, it's just that nobody but these two guys in our extremely highly paid R&D team knew about it," and start selling licenses of their own. Their investment is much lower, and their risk is practically none.
I could understand if this exception permitted continued use in the same manner as the company has already been using it. That is, if any scale, so you get the ability to sell it the same as the patent owner does," is just a smack in the face to anyone without enormous R&D budgets.
Since the patent system is intended to reward people for taking the risk of inventing, a clause such as this which shifts the burden of risk from the big kids to the little kids is directly opposed to the design of the patent system in the first place. It's turned into a cash-back guarantee for big companies, and this legislation furthers that trend.
He does explain why:
As one example, the Act expands the Prior Use defense to patent infringement to apply to all inventions (it was previously limited to business method patent claims) in a manner that encourages those with sufficient R & D resources -- generally, large companies -- to discover, document, use in an "internal commercial use," and maintain as a trade secret new methods and/or materials producing a "useful end result" which can then be sold or transferred with impunity. If a patent application claiming the new methods and/or materials is filed a more than a year later by another entity, and issues as a patent, this prior internal commercialization, or the transfer or sale of the end result, is immune from patent infringement, and is protected thereafter so long as it is continuously performed.
Basically if they do a large amount of internal R&D (most big tech companies), anything they piloted internally gets them a license to the tech. Even if you come up with an amazing new idea, if their R&D team spent any time on something similar, they can sell it commercially even though you have a patent.
There are some very high powered handheld lasers out there. Strong enough to start a fire. They are very dangerous because even a momentary hit to an eye can cause permanent damage, and many are illegal for sale in the US. 1w is the highest power you can legally own in the US for personal reasons, but even this will cause permanent blindness even from a reflected beam, and is powerful enough to light matches and burn through plastic. More powerful lasers are out there and not that hard to acquire.
Seems like Elmer's glue would wash off the next time it rains. But then maybe many of these cameras have a rain shield (keeping them functional in inclement weather, but preventing self cleaning). Cooking oil would probably resist the weather a bit better.
I wonder if an epoxy solution would be effective (though it'd require two devices). Epoxy paintballs could be mixed together in a single device and could be a lot more damaging than many of the other means.
I'm surprised surveillance networks like this aren't huge vandalism targets. Simple approaches come to mind, such as air rifles or paintball guns.
It seems like such a network would be easy to keep pretty much offline as it takes less time, effort, and expense to disable a camera than it takes to repair it.
If you receive a letter from your ISP about supposed piracy on your connection, change your ISP if you can. They're spying on you.
Not necessarily. If the letter is, "We got a report of XYZ activity from your IP address from the following complainant," they're just forwarding on the information as they are required to do.
Pop quiz, if one of the employees in your company (not necessarily your division) was embezzling, and caught, should you be held liable too?
If it was my job to catch people like that, and I knowingly turned a blind eye, then I should be held accountable accordingly, yes.
They didn't find the phone there. Maybe they pulled a favor at Cava and got a creditcard receipt, then located that CC number in their own internal creditcard database from iTunes. Even if they only had last-four digits, there can't be that many matches in the area.
There are several forms of 'meta cookie' which can be used to uniquely identify you, and which have nothing to do with either Flash or standard browser cookies. For example, check out Panopticlick. There are also older attacks such as history sniffing (defeated in modern browsers, but still available in the majority of active browsers). Plus there's permanently cached files (a JS file with an expiry set unreachably far in the future, with a server which responds that the file is always fresh, while the content of that file is uniquely identifiable information). DOM storage, HTML5 offline cache, and many other vectors are ways to stick information on your computer in ways you're probably not expecting.
Some sites have put together combinations of these approaches to make super cookies which are almost impossible to defeat without simultaneously erasing cache, cookies, flash cookies, all browsing history, and also making sure you're running a completely vanilla OS with a completely vanilla browser install (each addon or font, and many 3rd party programs can contribute to your fingerprint being more unique). If you have an unusual font or two installed, this all by itself can make you uniquely identifiable in a way that no level of browser scrubbing will protect you.
A "super" cookie is one where every means of uniquely identifying yourself has to be simultaneously scrubbed. If you miss even one, the rest are restored.
If an SSH key changes, you know why or can find out, because you're connecting either to a device under your control, or under the control of someone you have the capacity to contact. This is not true if an SSL key were to change. If a major website had a data breach and decided they needed to revoke their SSL cert, then all of their customers would see a "Warning, this certificate does not match" message, and would have no way to know if it was because the key was legitimately changed, or if this is a MITM attack.
AKA: This is still no solution.
So, we're worried that a doctor goes hunting on an open forum on facebook for medical advise? I think we have to worry about whether this is an actual doctor ... or human with an IQ over 17.
Let me say that I have seen this happen first hand. A doctor with a patient he believed was entering cardiac arrest attempted to use a "Share your story" form on an unrelated product website to get advice during weekend hours. I'm not sure if he just panicked and was trying to protect himself from having to say, "You need to go to the hospital now" or what. This form of course was just a mailer form to the product manager for that website, who got the email on Monday morning. Also, the doctor forgot to include his contact details, we had no way to get back in touch with him (or her?).
We had to remove the entire feature because we could not risk that happening again. The pharmaceutical company needs to protect itself and its patients against medical malpractice perpetrated by doctors, because aside from the regulatory and ethical requirement to handle this correctly, when it comes time to figure out who to sue when something goes wrong, there's the small private practice doctor good for maybe a few hundred grand (who maybe declares bankruptcy and pays out nothing), and the often-despised multi-billion dollar pharmaceutical good for a few million or maybe even a few hundred million.
The FDA expects pharmaceuticals to respond to and report on all adverse event reports. Pharma companies need to work very hard to control their communications channels because it turns out that about the only thing you need to secure an MD is a lot of time and money plus roughly average intelligence (lower intelligence can be made up for with more time and money).