Home Tags Photographer

Tag: Photographer

$7.5 billion Kemper power plant suspends coal gasification

Owners of the plant made the decision to burn natural gas exclusively for now.

Regulators suggest $7.5 billion coal gasifier facility give up, burn natural...

After years of delays and cost overruns, Southern Companyrsquo;s plant may be a bust.

Telemarketing etiquette leads to $280 million fine for Dish Network

The satellite TV provider says it will appeal.

Amid coal plant closures, coal mines open (but not for electricity)

Coking coal sees a bit of a bump but electricity is still winding down coal.

Volkswagen, Bosch, Fiat diesel emissions cheats cracked open in new research

Current US and EU emissions testing is insufficient to confirm compliance.

Get Out is the rare movie that perfectly blends horror and...

Terrific, smart twist makes this movie even more enjoyable.

Arista beats Cisco’s $335M copyright claim with an unusual defense

Scott Jonesreader comments 23 Share this story After a two-week trial, a San Jose jury has cleared Arista Networks of allegations that it infringed copyrights and patents belonging to Cisco Systems. In a lawsuit filed in 2014, Cisco accused Arista of violating copyright because Arista's high-end switching equipment used some of the same commands from Cisco's Command Line Interface, or CLI.

Arista lawyers claimed that the CLI was an industry standard, promoted by Cisco, and that now Cisco was trying to change the rules because of Arista's success. This morning, the eight-person jury cleared Arista of both patent and copyright infringement.

The copyright claim, which was the bulk of Cisco's case, was rejected by the jury based on a legal doctrine known as "scènes à faire." A French term that means "scene that must be done," the phrase refers to a situation in which the creation of a certain work can only be accomplished in a limited number of ways, thus producing a more limited copyright. During closing arguments, Arista's lawyer Robert Van Nest described Cisco's CLI as using simple, uncreative phrases, according to a report in Law360. He called the commands unoriginal and noted that they were based on 40-year-old technology from older systems.

By finding in favor of a "scènes à faire" defense, the jury has shown that those arguments, questioning the creativity behind CLI, had a strong effect. Van Nest, whose firm defended Google earlier this year in its second trial against Oracle, presented three possible copyright defenses under which jurors might find in his favor: fair use, merger, and scènes à faire.

The jury said that only scènes à faire weighed in Arista's favor. The case will likely be appealed, and because of the inclusion of a patent claim, it will head to the US Court of Appeals for the Federal Circuit, which hears all patent appeals.

That's one of several similarities between this case and Oracle v.

Google
, which also headed to the Federal Circuit despite the patent claim being a minor part of the case that was ultimately dropped. "We thank the jury for their diligence in reviewing the evidence, though we respectfully disagree with the verdict," said a Cisco spokesperson in an e-mailed statement to Ars. "The jury found that Arista infringes Cisco’s user interface and that it was not fair use.

But the jury found on the narrow legal issue of 'scènes à faire.' We are reviewing the details of the ruling and determining Cisco’s options for post-trial motions and appeal given the clear testimony that other suppliers use very different commands." The statement also notes that Cisco recently won a patent infringement case against Arista at the International Trade Commission. Scènes and switches As a legal doctrine, "scènes a faire" developed from copyright disputes over movies, as a way to describe scenes that were so stock, obvious, or cliched, they didn't warrant copyright protection.

A well-known 1990 paper by Prof. Jessica Litman, entitled "The Public Domain," traces the history of the doctrine. In the 1940s,  Judge Leon Yankvich described scènes a faire as "the common stock of literary composition—'cliches'—to which no one can claim literary ownership." In a 2003 case, a photographer who'd been hired to do a marketing shoot for Skyy Vodka sued the liquor company when it hired someone else to produce similar product photographs.

Both the district court judge and the appeals court held that Skyy was protected by the doctrines of scenes a faire and merger. "This long-running litigation is fundamentally about how many ways one can create an advertising photograph, called a 'product shot,' of a blue vodka bottle," wrote the 9th Circuit judges who decided Ets-Hokin v.
Skyy Spirits
. "We conclude there are not very many." While the original photographer did indeed own a copyright to photograph of a blue vodka bottle, courts limited the ways in which he could stop others from "copying" him.

There are only so many ways to get that product shot. In Atari, Inc. v. North American Phillips Consumer Elecs Corp., a 1982 case at the 7th Circuit, a panel of judges used the concept in a copyright case regarding Atari's Pac-Man game.

They held that a competing game couldn't be infringing just because it used a maze, scoring table, and wrap-around tunnels—those concepts were the video-game equivalent of "scènes a faire." (The competing game was found to infringe for borrowing other elements, however.) Another use of "scenes a faire" came up in a 1988 video game decision, Data East USA v.

Epyx
.

Data East claimed that the Epyx video game International Karate was a rip-off of the Data East game, Karate Champ. Judges for the 9th Circuit held that "the visual depiction of karate matches is subject to the constraints inherent in the sport of karate itself," and certain game elements amount to scènes à faire, since they were "indispensable, or at least standard."

20 Questions Smart Security Pros Should Ask About 'Intelligence'

Threat intel is a hot but complicated topic that encompasses a lot more than just data feeds. Here's how to get beyond the fear, uncertainty, and doubt to maximize its potential. To be perfectly honest, the topic of intelligence has always annoyed me a bit. Not because I don’t enjoy it or think it is important; quite the contrary, intelligence is one of those areas that has so much potential, but whose potential is lost and adrift in a sea of hype and noise.

Allow me to illustrate this point through an example. More often than not, when I discuss the topic of intelligence, people immediately jump to a frame of reference built around data feeds.

This is unfortunate, mainly for two reasons: Data feeds are about data, not about intelligence. Relevant, accurate, timely data can be considered information. Only that information, plus the appropriate context, can be considered intelligence.
Semantics are important here. Data feeds do nothing for my risk mitigation goals.
Intelligence needs to be applied to real-world use cases,  for example, using intelligence to assess and prioritize risk, or using intelligence to investigate and understand a given event to assess the risk it presents to the organization.
In other words, turning information into knowledge.  How can astute buyers get beyond the fear, uncertainty and doubt to maximize the potential of intelligence and make sense of the chaos? You guessed it! Here are 20 questions worth asking anyone trying to sell you intelligence. By DuMont Television/Rosen Studios, New York-photographer.Uploaded by We hope at en.wikipedia (eBay itemphoto frontphoto back) [Public domain], via Wikimedia Commons. 1. What is the underlying philosophy that drives your intelligence capability? If I am going to pay you for your intelligence, I want to be sure I understand what makes you as a vendor tick. 2. What kind of data do you collect? Don’t tell me it’s only one or two different types of data from one or two different sources. Real intelligence comes from a wide variety of data types and sources. 3. Where do you get your data? I don’t expect you to reveal specific sources and methods to me, but you should at least be able to articulate why your secret sauce is better than the next vendor’s. 4. In how many countries do you operate? You can’t tell me you can see what’s going on around the world when you’re only looking at one corner of it. 5. How many languages does your team speak? As I’m sure you’re aware, attackers do their work in many different languages. 6. Do you have a physical presence in specific local and regional attacker communities? As great as the Internet is, there is still no substitute for being there locally, and being on the inside. 7. How does a piece of information make its way from the field into your database? 8. What does the overall collection architecture look like? I don’t need you to reveal secrets to me, but you ought to be able to articulate how the data you collect is accurate, reliable, and high-fidelity. 9. In how many locations do you store and analyze the data you collect? In other words, please tell me you have high availability and redundancy.

A power outage shouldn’t wipe out your entire operation. 10. What volume of data are you collecting on a daily basis? 11. How do you scale to the level required for that large amount of data? 12. How do you normalize all that data? 13. Do you have structured data, unstructured data, or both? 14. How many analysts do you have to chew through all that data? 15. What types of professional backgrounds do your analysts come from? 16. How do you analyze the data? I don’t expect you to reveal your tradecraft secrets to me, but I want to be confident that you have a sound methodology.
I want to be sure you aren’t making educated guesses, or otherwise rolling the dice. 17. How do you ensure that the data guide your findings and conclusions, rather than your biases? We are all human and have biases. How do you ensure that your intelligence doesn’t succumb to the biases of your analysts? 18. Can I buy intelligence aimed at different audiences (e.g., the board, executives, analysts, incident handlers, etc.)? I’m trying to please a diverse audience, and I need a vendor who can help me get there. 19. How can you help me assess and prioritize risk? I know that doing so can help me optimize security spending and show good return on investment, but I need help. 20. How can you integrate easily into my workflow? Whether I am looking to leverage intelligence to help with alerting, adding additional context to investigations, or otherwise, I want to make sure that you aren’t going to create a bunch of additional work and manual labor for my already overworked team. The pressure to make the right choices in acquiring information security products and services can be intense, particularly when it comes to a hot topic like intelligence.

A game of 20 questions can help you interrogate the true capabilities of intelligence vendors.
It’s the intelligent thing to do. Related Content:   Josh is an experienced information security analyst with over a decade of experience building, operating, and running Security Operations Centers (SOCs). Josh currently serves as VP and CTO - Emerging Technologies at FireEye. Until its acquisition by FireEye, Josh served as ...
View Full Bio More Insights

Trump’s pick for CIA director has called for Snowden’s execution

Enlarge / Representative Michael "Mike" Pompeo, during an interview in 2013. Pompeo won an election for the first time in 2010 following a career as an army officer, tax lawyer, aerospace entrepreneur, and Republican National Committee member. Photographer: Julia Schmalz/Bloomberg via Getty Imagesreader comments 122 Share this story President-elect Donald J. Trump has made three key national security picks this morning, tapping Sen. Jeff Sessions (R-Ala.) as attorney general, Rep. Mike Pompeo (R-Kan.) as head of the Central Intelligence Agency, and retired Gen. Michael Flynn as his security adviser. Pompeo, the 52-year-old conservative Congressman, is a surprise choice, but he agrees with Trump on key issues. Just yesterday he tweeted his opposition to the Iran nuclear deal, saying that he looked forward to "rolling back this disastrous deal with the world’s largest state sponsor of terrorism." Pompeo joined Congress in 2010, coming in as part of a wave of Republicans affiliated with the Tea Party movement. Before his political career, Pompeo worked as a lawyer and founded an aerospace company. On the intelligence committee, Pompeo has taken a particularly hard-line stance on how to treat NSA whistleblower Edward Snowden. After Snowden's allies began a campaign to get him pardoned, the entire House Select Committee on Intelligence wrote a letter to President Barack Obama urging against a pardon. The letter said Snowden was no whistle-blower, but rather a "serial exaggerator and fabricator." At that time, Pompeo issued his own press release, calling Snowden a "liar and a criminal," who deserves "prison rather than pardon." In a C-SPAN interview earlier this year, Pompeo went further, stating: He should be brought back from Russia and given due process, and I think that the proper outcome would be that he would be given a death sentence for having put friends of mine, friends of yours, in the military today, at enormous risk because of the information he stole and then released to foreign powers. Snowden has said he only gave information to journalists. Pompeo's comments about Snowden begin around the 23-minute mark. Pompeo "will be a brilliant and unrelenting leader for our intelligence community to ensure the safety of Americans and our allies,” said President-elect Trump in today's statement. Immigration-focused AG Sen. Jeff Sessions has long been known as taking a hard line on the immigration issue, one of Trump's popular hot-button issues. His opposition was critical in stopping immigration reform efforts in both 2007 and 2013. In 1986, Sessions was denied a federal judgeship because of accusations that he made racist remarks, including referring to an African-American lawyer as "boy." He also called both the ACLU and the National Association for the Advancement of Colored People "un-American." "He is a world-class legal mind and considered a truly great Attorney General and U.S. Attorney in the state of Alabama," said President-elect Trump in the nomination statement. "Jeff is greatly admired by legal scholars and virtually everyone who knows him." Retired Lieutenant General Mike Flynn will be Trump's national security adviser, a position that doesn't require Senate approval. Flynn was close to Trump throughout the campaign and advised him on security issues. He was head of the Defense Intelligence Agency until 2014, when he was relieved of his duties. Flynn says he was fired because he spoke out vigorously about Islamic extremism, but others he worked with cited severe management problems. The New York Times notes that Flynn would enter the White House with "significant baggage." The consulting firm after he left the military in 2014 "appeared to lobby for the Turkish government," and Flynn had a paid speaking position for Russia Today, a Kremlin-funded TV network.

Trump’s been called almost everything—let’s add IP “pirate” to the list

Gage Skidmorereader comments 74 Share this story Anybody familiar with the US presidential election campaign knows that the GOP candidate, Donald Trump, has been called pretty much every name in the book.

But labeling him a copyright pirate wasn't one of them—that is until now. According to a federal lawsuit (PDF) brought by a UK-based photographer named David Kittos, the Trump campaign ripped off one of the copyright protected photos the artist posted on Flickr, a picture of a bowl of the candy Skittles.

The Trump campaign has used the picture in online advertising to highlight what the campaign calls the "Syrian refugee problem." The lawsuit says the photographer is a refugee from the Republic of Cyprus and that the unauthorized use of his photograph in the advertisement is "reprehensibly offensive." "The effect of this iterated unauthorized reproduction and redistribution is the rampant viral infringement of Plaintiff’s exclusive rights in his Photograph," the suit says. The Trump campaign did not immediately respond for comment.

The controversy went viral last month when Twitter removed the copyrighted picture from the Trump ad on Twitter in response to a complaint from Kittos. The suit, which names Trump and others, seeks unspecified damages.

But it calls the infringement "willful." That could net $150,000 per violation, according to the US Copyright Act.

20 Questions To Explore With Security-as-a-Service Providers

This list will help you leverage the niche expertise of security-as-a-service providers, and assess which vendor can best meet your needs Security-as-a-service is a topic on the minds of many people these days.
It’s not difficult to understand why. More and more organizations are becoming aware of the need to run security operations and incident response on a continual basis, in addition to a traditional compliance-based frequency.

At the same time, many organizations today are realizing that building out a mature security capability to counter the modern threat landscape is not a simple exercise; it is a complex and ongoing endeavor that requires considerable effort and continual attention as risks and threats develop and change.Security feels different than it did even just a few years ago. Many auditors now want to know whether or not an organization has an incident response plan, and whether it is effective. With organizations moving parts of their business and infrastructure to the cloud, they are looking for security solutions that will move there with them.

And, as if all that were not enough, customers now routinely scrutinize the data custodianship practices of their vendors, suppliers, and providers.

This comes just as attackers are getting better and better at stealing credentials and masquerading as legitimate users when accessing data, often using no malware at all. Given all this, it’s no surprise that organizations are looking to leverage the niche expertise of security-as-a-service providers to help them meet a wide variety of needs in a short period of time. Where the market is looking for solutions, the hype and noise has quickly followed. How can organizations see through the hype and noise to understand the true capabilities of security-as-a-service providers and assess which provider best meets their needs? By DuMont Television/Rosen Studios, New York-photographer.Uploaded by We hope at en.wikipedia (eBay itemphoto frontphoto back) [Public domain], via Wikimedia Commons Let’s begin another game of 20 questions, only this time about the issues you should explore with vendors before considering a security-as-a-service play.

As noted before, this is not an exhaustive list of questions, but a good place to start. What is the vendor’s overall philosophy and vision? I don’t think it’s unreasonable for a potential customer to ask for one or two sentences explaining what drives and motivates a Security-as-a-Service vendor to strive for greatness. What does the vendor offer beyond compliance? It’s easy to collect data required by various regulations but doing something valuable with that data is another matter entirely. What issues drive the content development process and the day-to-day operational workflow? Please tell me it is driven by understanding the risks and threats my company faces, prioritizing them, and helping me mitigate them. How is alerting developed, implemented, and maintained? If you’re going to monitor my organization, I deserve to know how exactly you will produce timely, actionable, high-fidelity, low-noise alerting to do so.

The last thing I need is for you to deluge my already resource-constrained staff with false positives and busy work. How will you instrument my network? After all, even the best content development process and alerting logic needs network data to operate on. How will you instrument my endpoints? This includes traditional endpoints, such as desktops and laptops, as well as newer endpoints, such as smartphones, tablets, and thin clients.
Visibility across a wide variety of devices is extremely important to me. Can you monitor web applications and servers for me? Attackers are opportunistic and won’t merely attack endpoints.
If a web application or a server is vulnerable, they will attack it.
If this happens, I want to know as soon as possible.

Better yet, do you also offer services to help me proactively identify these vulnerable assets before I have an issue? How will you provide visibility into the infrastructure I have in the cloud, which needs to be monitored just as much as my traditional enterprise does? How will you provide visibility into my outsourced Software-as-a-Service (SaaS) applications? If there is crime, fraud, data theft, or an insider threat issue, I need that visibility.
I can’t be in the dark. Do you have a centralized portal where I can interact with my own data in an easy-to-use and meaningful manner? Help me see and understand the state of security within my own organization quickly and easily. What type of data reduction, aggregation, and visualization do you support within this portal? Will you allow me to identify patterns and dig deeper if I want to or need to? What tools do you provide to allow me to create my own alerting and do my own hunting and investigating if I desire? What can you offer to help me prevent compromise, in addition to detecting and responding to it? How can I be sure that you will quickly detect compromise within my organization given the volume and complexity of the data I am providing you? How do you analyze and investigate alerts? I want to make sure you have good methodologies, firm techniques, and sound expertise. What process do you have documented around which types of incidents? I want to make sure that if one of many different scenarios were to occur, you are prepared to handle it. If you do detect a compromise, how will you contain and remediate that compromise? Response procedures are important here, but more than just that, technology to make response as smooth as possible is also important. What type of reporting do you offer? I need relative metrics that communicate the value you are providing to my leadership. How many tickets you opened and how many AV alerts fired isn’t going to help me here. How do you provide lessons-learned post-incident to help me learn from my mistakes and continually improve my security posture? How do you continually iterate, improve, and mature your own capabilities as a provider to ensure that I receive a Security-as-a-Service offering that keeps pace with the changing threat landscape? There is certainly no shortage of Security-as-a-Service providers. Where the business need has emerged, the marketing has followed.

Business and security leaders need a clear-cut way to cut through the hype and noise to make educated and informed decisions.

As you might expect, I’m a big fan of playing a game of 20 questions to get there. Related Content: Josh is an experienced information security analyst with over a decade of experience building, operating, and running Security Operations Centers (SOCs). Josh currently serves as VP and CTO - Emerging Technologies at FireEye. Until its acquisition by FireEye, Josh served as ...
View Full Bio More Insights

New Hampshire law barring ballot selfies is unconstitutional, court rules

Lower Columbia Collegereader comments 18 Share this story Just in time for the Nov. 8 presidential elections, a federal appeals court on Wednesday declared a New Hampshire law banning so-called ballot booth selfies "facially unconstitutional." The 1st US Circuit Court of Appeals ruled (PDF) there was no compelling government need to restrict First Amendment rights and ban voters from disseminating pictures of their ballots or of themselves posed with their ballots.
State lawmakers, when approving the law that carries a $1,000 fine, had maintained in 2014 that the statute was needed to combat voter fraud—like having people coerced into voting a certain way and then having to prove it via social media or by some other means, for example.

The appeals court explained: Digital photography, the internet, and social media are not unknown quantities — they have been ubiquitous for several election cycles, without being shown to have the effect of furthering vote buying or voter intimidation.

As the plaintiffs note, “small cameras” and digital photography “have been in use for at least 15 years,” and New Hampshire cannot identify a single complaint of vote buying or intimidation related to a voter’s publishing a photograph of a marked ballot during that period. No federal law addresses the issue.

That means across the US, the law in the 50 states on voting booth selfies remains mixed.

There's a few court challenges across the country.

The court that ruled Wednesday covers the states of New Hampshire, Massachusetts, and Maine.

The Huffington Post has a lengthy guide on which state's it's OK to post a picture of yourself showing your votes this November. In essence, the ballot-booth selfie issue is a collision of the nation's history of ballot box secrecy and a public willing to post selfies of themselves doing just about anything, from having sex to eating dinner. In a friend-of-the-court brief in the New Hampshire case, Snapchat essentially argued that a ballot booth selfie was a God-given, American First Amendment right-of-passage.

Ballot selfies, the company maintained, "are important ways that younger voters participate in the political process and make their voices heard." In a footnote, Snapchat defined the selfie as being, "a photo where the photographer is also a subject.

But the term has also been used to describe all smartphone pictures shared online, including those here." New Hampshire argued that its law outlawing selfies "preserves the integrity of New Hampshire elections." "The statute secures voter's right to vote their conscience while in the voting booth," New Hampshire told the court. The three-member panel circuit court's unanimous decision upholds a lower court judge who had ruled similarly.