Re: I wonder how much Microsoft paid the feds for their services here?
Claims? The warrant application is mostly an affidavit from an FBI Special Agent, name redacted. It was absolutely a request from the FBI.
12336 publicly visible posts • joined 21 Dec 2007
Was this approved by a state judge and therefore were all of the servers in Texas?
No. Seriously, the answer to this question is right in the links in the article. You can't take a few minutes to check?
I admit the phrasing in the article is ambiguous: "The action was OK'd ... by a Texas court" is true, in the sense the court is in Texas, but it's not a court of the State of Texas. It's the US District Court for the Southern District of Texas. The servers were in several states. From the warrant application:
19. The presumptively U.S.-based Microsoft Exchange Servers, corresponding to the approximately web shells in Attachment A appear to be located in five or more judicial districts, according to publicly available Whois records and IP address geolocation. These districts include, but are not limited to, the following: Southern District of Texas, District of Massachusetts, Northern District of Illinois, Southern District of Ohio, District of Idaho, Western District of Louisiana, Northern District of Iowa and Northern District of Georgia.
Not "essentially a warrant" – it was a warrant. It's unsealed now and mostly redacted; the article contains a link to the FBI announcement, and the announcement has a link to download the unsealing order and the related documents. They're right there to be read.
The warrant is pretty specific. It was signed by Magistrate Judge Peter Bray of the US District Court, Southern Texas. FWIW, Bray has an engineering degree, and he was a Public Defender for 14 years.
The warrant says it was requested by telephone, and it was issued the day it was requested, so it's not like Bray spent a lot of time agonizing over it. But I don't see any grounds for claiming it was just rubber-stamped.
(I know. What kind of a nerd does actual research before commenting?)
I'm not complacent about this action, but it's significant that they did get a warrant – so they had legal authorization and satisfied the Fourth Amendment requirement – and they only got into the servers because malware was already installed on them, which means those sensitive documents were likely already in someone else's hands anyway.
Certainly it's far from the first time that the FBI or other law-enforcement organizations and representatives beat the "terrorists!" drum in an attempt to get backdoors. They're not going to pass up anything that looks like it might gain support for their case.
The team is also conscious of keyboard-driven users who, they said, "prefer a more efficient, distraction-free experience."
That's ... refreshing. The vast majority of my Linux use (and most of my Windows use) is command-line, so I don't really pay much attention to which window manager might be running, but it's nice they're aware that not everyone wants the screen cluttered with eye candy.
Linux users know how to use their operating system and bash it into making it work how they want it to
Well, to be fair, I do use bash to make Linux work as I want it to. And for pretty much everything else I do in Linux.
Sometimes ksh, if that's what my account has been set up with on one of our build VMs and I haven't bothered to change it.
One day in the life of Ivan Ivanovitch, eh? Though less Siberian than its literary namesake. Both Ivans take pride in the quality of their work, anyway.
There are insurmountable Constitutional barriers to banning lobbying -- at least insurmountable without an amendment. The courts have consistently found that political action is broadly protected by both the speech, assembly, and petition clauses of the First Amendment. It's essentially the same grounds as the decision in Citizens United v. FCC.
Essentially, the speech clause protects political speech; the assembly clause lets you do it as an organization; and the petition clause means you can't be restricted from doing it to members of the government. See for example the decision in Mine Workers v. Illinois Bar Assn..
As is usually the case with civil-rights issues, it's very difficult to formulate a legal basis for this sort of thing which improves the situation. You want to get rid of "lobbyists"? Fine. How do you do that with a bright-line rule in a constitutional amendment which doesn't interfere with, say, email campaigns to legislators? With political advocacy by NGOs? Maybe you want to ban those too -- but then you've gutted the petition right.
There's no substitute for a strong constitutionally-protected civil rights regime (and the one in the US is already tottering). Lobbying is the lesser evil.
Well, yes. He's a would-be autocrat hoping to become Trump 2.0.
I don't think he'll make it. He's better-educated (went to Stanford and Yale, don't'cha know) than Trump, even if he still manages to be dumb as a brick; and he's more successful. However much he panders to the deplorables, I don't think he'll wash off the perfume of the elite.
It's a stupid plan anyway, because Trump wasn't the real power for the past four years; McConnell was. If Hawley were half as smart as he thinks he is, he'd be aiming for Senate Majority Leader, and working to retake control of the Republican Party from the populists. Trump supporters aren't going to desert the Republicans any time soon even if the Republicans go back to ignoring them, and voter turnout is easy enough to crank up with some well-placed outrage at the last minute. The GOP doesn't need another Trump -- they just lost sight of the ball in 2016.
That said, I'm happy if they continue to fight internally for the foreseeable future, and Hawley continues to make an ass of himself.
It wasn't "inertia"; it was baldfaced regulatory capture. Pai was there to do the industry's bidding and everyone knew it. (Simington is just as bad -- a toady if ever there was one -- but less dangerous since the balance of power has shifted.)
There's certainly something to be said for familiarity. I still write a fair number of ad hoc analysis scripts in awk (or gawk, really). I wouldn't argue awk is good in any objective sense – though when its three famous authors created it, it was a terrific tool that didn't have any rivals, at least on UNIX. But I know it, and the scripts I'm writing don't need to be maintained (they're one-offs, even if I put them in source control just like everything else), so it's useful for me.
I do not like Perl, but I respect it, because the things I don't like about it are mostly explicit design decisions by Larry Wall, and I respect Larry and his rationale. Contrast that with PHP, which seems to be awful mostly because there's no design at all.
By the same token, I don't actually like traditional COBOL – I don't really care to write or maintain code in it – but I respect it because it was designed, and designed according to the principles that were understood at the time. And it's evolved; the 1985 standard helped a lot, and the 2002 standard helped somewhat more, and the major implementations offer extensions and relaxations which help more. (And managed COBOL is a modern OO language with access to major frameworks. Aside from a few historical infelicities, managed COBOL is quite nice.)
I recall highly contentious flamewars on Usenet back in the day
Definitely. This was true even pre-Usenet, in the era when listservs stalked the plains of BITNET and the IBM HONE network was larger than the Internet.
It's endemic to the nature of online written communication, which has nearly the immediacy of speech (because it's so easy to dash off a reply, compared to hand-writing a message; and even with email, delivery is much faster than the post or any other print transport), but lacks the additional channels of gesture, facial expression, prosody, etc. And it has the authority and durability of print.
'94 was also the year of the Flame Wars special issue of SCR, edited by Mark Dery, and if memory serves at least a couple of the pieces in that collection touch on the phenomenon too. I imagine Dery himself, a longtime observer of online discourse, could have discussed the question at length even some years before that.
It's not a matter of having "forgotten" how to discuss with respect. It's a frame that's strongly conditioned by the medium. We've known for decades in Composition Studies that media have a powerful influence on rhetoric and discursive pragmatics; methodologically-sound studies drawing on large corpora have shown that consistently. Similarly for work in sociolinguistics and probably in other fields. You can see that as confirming the theories of the Frankfurt School, or Marshall McLuhan, or Hayden White, etc, if you wish. (Personally I like the Frankfurt, find McLuhan rather lacking in rigor, and think White's Content of the Form is interesting but not particularly surprising.)
I touched on this topic in an article I published in Works and Days in 1994, and it was widely recognized then by people using online forums of various sorts.
There have been at least a few longitudinal studies of interactions among contributors to large open-source projects, typically by doing things like discourse analysis of public mailing lists. (There have also been some studies of such interactions in large proprietary-software projects, but those often have the luxury of direct access to developers, so they can use additional methods such as ethnography.)
The politics of those groups are complicated and tend to lean very heavily on in-group recognition and reputation. In-group-ness is often signaled by references to shibboleths which are not apparent to outsiders – usually the result of historical feuds or the whims of project heroes.
I'm guessing that refers to the fact that FreeBSD is not certified to use the UNIX® trademark (which should be written in block capitals, to please the lawyers). The trademark is owned by The Open Group, of course, and currently the only licensees are Apple, IBM, Cemprus,1 HPE, Huawei,2 and SCO.3
Just another minor clash between history and law.
1You know, that Cemprus.
2Does Congress know about this? The liberty!
3Does Xinuos know about this? Have they sued themselves yet?
Well, there's certainly some truth to that. An expectation of those prominent positions is that you'll moderate what you say about your employer, whatever the circumstances.
That said, I'm still willing to grant Bengio more credibility than pretty much anyone left at Google AI, probably including Croak. I know nothing of her motivation in accepting the position as lead of the new "Responsible AI" (ethics need not apply) group at Google, but Google is so obviously tainted in this area that it's very hard to feel good about it. Maybe she thinks she can fix some of the problems there. Personally, I wouldn't have touched it, but Croak has never been the retiring sort.
The Google Ethical AI ship has sunk, but it's not the rats who fled it.
Oh, yes, in the 1990s everyone was friendly and helpful and there were puppies everywhere and we all had free unicorns and there was no Lotus v. Borland.
I know people love their prelapsarian fantasies, but, jeez, 1990 was only 31 years ago. Is your historical horizon really that near?
Even to the limited extent that this is true, so what? Breyer's decision holds that API use is fair use. It doesn't matter whether the API is contained in the same file as the implementation – either way they're the same "work" for purposes of copyright law.
USC 17 is not a particularly complicated piece of legislation, even if its ramifications are. Just read the first section and its definitions. Proximity has no effect on copyright or fair use.
All the states have laws on the books which were found to be unconstitutional and thus unenforceable. Legislatures are reluctant to make the effort to clean this stuff up, partly because they all have personal projects to fight over, and partly because it's politically unpopular. People who don't like those laws know they're unenforceable anyway, so aren't very bothered one way or another; people who do like them (and there's no shortage of those idiots) get bent out of shape when someone tries to get them removed.
Just a few years ago the legislatures of both Tennessee and Idaho passed laws endorsing the Bible1. This happens every few years somewhere or other. Typically the governor of the state will veto it, because everyone with an ounce of sense knows it's just asking for an expensive lawsuit the state will lose. In Idaho's case, it violated both the Federal and state constitutions, making it a particularly boneheaded move.
When I lived in Nebraska, there was a ballot proposal to amend the state constitution to remove a provision, added in the 1940s, forbidding the teaching of German in public schools. Of course that had been struck down pretty much immediately after it was passed, so it had no effect anyway; it was just embarrassing crap stuck on the constitution. The ballot issue failed – a majority of voters decided to keep an unenforceable constitutional provision forbidding the teaching of German.
Of course this is why we have constitutions and supreme courts, and why "direct democracy" is a terrible idea. (The movement in the US, from the 1970s on, promoting ballot initiatives and other direct-democracy governance, was largely funded by right-wing groups interested in defanging the regulatory state by sabotaging the legislative process. It's been pretty successful.)
1Some Bible, anyway. Often the nitwits who write these bills don't specify.
it's hard to discount the possibility that copyright applies to APIs
Rupert mentioned the "process, mechanism, or function" test (USC 17 §102), which APIs do not pass. The First Circuit's 1995 decision in Lotus v. Borland held that software UI "look and feel" failed this test. If things like menu items and button labels aren't protected by copyright, why would APIs be? (CAFC's two decisions, in 2014 and 2018, in favor of Oracle shows that not only are the CAFC justices incapable of understanding software, they're also incapable of observing stare decicis. Maybe the worst circuit in the country, and that's saying something.)
US courts have consistently held that titles, chapter titles, and other short phrases are not protected by copyright. APIs are more similar to chapter titles than to anything else in other "literary works" (which are what software falls under in USC 17.
but once the criminals no longer get paid they will have no incentive to engage in ransomware attacks
This is a common but fallacious argument.
The cost of ransomware attacks is close to minimal, and there will always be some non-empty set of victims who will pay even if payment is illegal. Thus the return on investment for ransomware attacks will remain positive, and so they'll continue.
Moreover, many ransomware attack pipelines are largely or fully automated. Even if there were never any more payments, those systems will continue to mount attacks because there's no reason for their controllers to try to turn them off.
By definition that is half
Sigh. Only if your definition of "average" is "median". People really need to give up this incorrect sophomorism.
Of course, there's no good measure, quantitative or otherwise, for "intelligence", or even a good definition of "intelligence" in the first place; so the original statement is largely meaningless.
Electric Universe is a beautiful network of fallacies and misunderstandings. As a piece of kookery it finds a sweet spot that's comfortably outside reason without degenerating into the incoherence of Timecube or the "to hell with science, let's have fairy stories" lunacy of Inert Gas Devices.
This axiom ("the underpinnings of a model...") is a fine example of that: let's just take an intuitive assumption and elevate it to a law, then employ it in our logic system. What could go wrong?
Proof by Vehement Restatement is a good epistemological technique too, endorsed by kooks the world over.
"I worked in muon physics/chemistry for nearly two decades." just thrown in casually.
Indeed. Not the sort of thing I regularly see in Facebook comments.
(Not that I read many Facebook comments, it's true, so this is not a statistically-sound observation. And I admit that in the previous month I saw at least one comment on Facebook which was posted by someone with detailed technical knowledge of the subject, so it does happen. But still.)
Didn't the previous encrypted phone network get busted because the cops hacked the software update servers
Not even. They got a mole hired by the vendor, according to reports.
Good ol' HUMINT-style sabotage. People have been saying for decades that intelligence and police agencies should stop fetishizing technological solutions and continue to use older, less-glamorous techniques where appropriate. The EncroChat takedown is a fine example.
The maths say that you can break it with enough power and time.
A meaningless statement, in practice.
First, of course, "it" hasn't been defined. RSA? ADH? ECC? Some other key agreement protocol? AES? Some other symmetric cipher? Or is this just hand-waving?
Second, once you assume unbounded resources, the question is no longer interesting. If you have a decision procedure for determining what the correct plaintext is, you can just try every possible key, or even every possible plaintext, "with enough power and time".
Third, it's quite easy to scale cryptographic algorithms up to the point where there aren't enough resources in the visible universe to brute-force them using a conventional computer. It's quite easy to do that for symmetric algorithms and hashing even with general quantum computing. It's a bit harder to do that for asymmetric crypto (key agreement and signatures), but we have candidates with strong evidence for being secure under GQC.
It's vanishingly unlikely that any correctly-implemented, well-studied, modern cryptography was broken in this case. Any of the mooted alternatives -- bad implementation, false implementation (the "it was a trap" theory), insider compromise -- are all much, much more probable.
Years ago, Bruce Schneier famously claimed that cryptography was good enough, and that "if you think your problem is cryptography, you don't understand cryptography and you don't understand your problem". Since then there have been successful attacks on widely-deployed cryptographic algorithms (MD5, SHA1, RC4) and protocols (all SSL/TLS versions prior to TLSv1.2, pretty much anything using CBC and not making a special effort to mitigate padding oracles, etc.). And we have the perennial worry that maybe someone will get feasible large-scale GQC working and so we need post-quantum asymmetric cryptography. But Schneier's basic point was right: implementations and people are the big threats to communication and data security, not the underlying cryptography.
I'm pretty sure that short payloads are significantly easier to crack if you know the encryption
Only for certain broken protocols, and in the trivial sense that very short messages only have a small number of possible corresponding plaintexts. (If you intercept a single-bit message, you know the original plaintext was one of two bits, and the actual message was one of two possibilities.)
In fact large amounts of ciphertext are generally more problematic, though for modern algorithms and protocols, it's not an issue for most use cases.
and there's often "padding" put into short messages in real encryption to make it harder to crack.
Not really. A number of cryptographic algorithms and protocols make use of padding, but the technical reasons for that are more complex than just "it's too short". And as a practical matter, padding is more often a source of vulnerabilities, such as padding oracles.
Actually $2.13 per hour, provided the employee gets at least $30 in tips per month,1 under Federal law.
Many states and territories impose higher rates, though in some cases it's only marginally higher (New Mexico raises it to all of $2.55 / hour), and it's rarely a living wage. A handful of states don't allow discounting the minimum wage at all for tipping. Of course, cost of living varies hugely among states and considerably within states, so the real question is the minimum wage adjusted for local cost of living, and that gets complicated when you consider different living situations...
See:
https://www.dol.gov/agencies/whd/state/minimum-wage/tipped
The US does not do well by its service-sector workers and underemployed workers. But that's hardly news, unfortunately.
1Of course $30/month is a negligible sum for anyone with real expenses, and good luck contesting a fraudulent claim by your employer that you met this very low bar.