@SteveBellovin@mastodon.lawprofs.org
@SteveBellovin@mastodon.lawprofs.org avatar

SteveBellovin

@SteveBellovin@mastodon.lawprofs.org

I'm a computer science professor and affiliate law prof at Columbia University. Author of "Thinking Security". Dinosaur photographer. Not ashamed to say that I’m still masking, because long Covid terrifies me.
https://www.cs.columbia.edu/~smb

This profile is from a federated server and may be incomplete. Browse more on the original instance.

kashhill, to random

This week, I got pitched by a PR guy who expressed admiration for a book I wrote. Except I didn't write the book and when I Googled the title, no one else had either. I emailed the guy back: "What did you think of the book? 😉" That led him to admit that "someone used ChatGPT" and it gave a bio for me with this invented piece of information. The guy was embarrassed but I found it fascinating. ChatGPT hasn't learned how to tell the truth but it has learned plausibility. Beware, early adopters!

SteveBellovin,
@SteveBellovin@mastodon.lawprofs.org avatar

@kashhill Yup. I asked it what books I had written and it made up some title—this despite the fact that I have a very complete publications web page that lists my books.

RollingStone, to random

Tucker Carlson will return to broadcasting through a partnership with Twitter. https://www.rollingstone.com/politics/politics-news/tucker-carlson-launching-new-twitter-show-1234732381/

SteveBellovin,
@SteveBellovin@mastodon.lawprofs.org avatar

@RollingStone @carlmalamud He and Musk deserve each other.

WillRobinson, to random
SteveBellovin,
@SteveBellovin@mastodon.lawprofs.org avatar

@WillRobinson @ncweaver And the Mishnah has a lot of discussion of what today we would call non-binary; see, e.g., https://www.jta.org/jewniverse/2015/the-6-genders-of-the-talmud. (The Mishnah was codified shortly after 200 CE, but some of its traditions go back to Jesus' time.)

Teri_Kanefield, to random

deleted_by_author

    •
    SteveBellovin,
    @SteveBellovin@mastodon.lawprofs.org avatar

    @mattblaze @Teri_Kanefield What percentage of his (male) supporters think that what he was accused of his actually a good thing? What percentage of his supporters, male and female, think it was all a lie and he was framed? The real issue, for many, is that his brand has been that he always wins—and here he's lost yet again.

    cstross, to random
    @cstross@wandering.shop avatar

    Interesting!

    At the same time I tooted about SEASON OF SKULLS, I tweeted a pretty much identical piece on the birdsite.

    I have 16.6K followers here and got 32 boosts and 33 likes.

    I have 52.5K followers on twitter and got 9 retweets and 43 likes.

    (Conclusion: Mastodon followers are MUCH more engaged than Twitter followers.)

    SteveBellovin,
    @SteveBellovin@mastodon.lawprofs.org avatar

    @cstross Well, I follow you on the bird site, but never saw the post there because I no longer use that account, save for monthly keep-alives, and that to prevent someone else from grabbing my login.

    riana, to random
    @riana@mastodon.lawprofs.org avatar

    Who's writing/written about the CFAA in the age of federation?

    SteveBellovin,
    @SteveBellovin@mastodon.lawprofs.org avatar

    @20002ist @joebeone @kendraserra @riana Especially Canter and Siegel.

    SteveBellovin,
    @SteveBellovin@mastodon.lawprofs.org avatar

    @joebeone @20002ist @kendraserra @riana A quick Lexis scan shows a remarkable number of cases involving Usenet. Many, but by no means all, involve copyright.

    jciv, to random

    Defamation / libel folks: can EJC sue DJT again now that he's again lied about what happened? I realize the actual direct damages may not be as large, but they're not zero, as a significant number of people will continue to believe his denials, and in any event, aren't there additional possible punitives for repeatedly defaming a person?

    SteveBellovin,
    @SteveBellovin@mastodon.lawprofs.org avatar

    @jciv @lou An injunction, perhaps, given that the speech has already been judged defamatory?

    Teri_Kanefield, to random

    deleted_by_author

    •
    SteveBellovin,
    @SteveBellovin@mastodon.lawprofs.org avatar

    @mattsheffield @Teri_Kanefield @pauliehedron A slight demurrer: that can't happen if the protocols have significant semantic differences. To give a simple example, Mastodon does not have a "Dislike" button, and I seem to be limited to one video per post. What should a bridge layer do if it receives dislikes or 4-video posts from Bluesky? TikTok, as I understand it, doesn't have the concept of followers. (I could be wrong.) What then? The late Google+ had "circles". What then?

    karlauerbach, to random
    @karlauerbach@sfba.social avatar

    After a couple of months of use I am finding the standard Mastodon web user interface to be quite inadequate.

    The lack of consolidation of duplicate materials is beyond annoying - it makes the system almost useless.

    Conversations are difficult because the pieces of any attempted conversation are spread everywhere.

    And now some posters create long, long, long threads of posts (with images) that occupy several screenloads - and then those threads are duplicated again and again and again.

    SteveBellovin,
    @SteveBellovin@mastodon.lawprofs.org avatar

    @karlauerbach @ivory More generally: there seem to be many Mastodon clients, with varying UIs. I'm very happy with Ivory (it's similar to Tweetbot, which I used to use), but there are others out there.

    SteveBellovin,
    @SteveBellovin@mastodon.lawprofs.org avatar

    @karlauerbach Try @ivory if you're a Mac/iOS user—it dedupes stuff.

    plragde, to random

    Slices of Lisboa public transit.

    Red seats on the Lisboa Metro with inlaid cork backs and seats.

    SteveBellovin,
    @SteveBellovin@mastodon.lawprofs.org avatar

    @plragde Are those seats cork?

    ncweaver, to random

    As soon as Firefox and Safari support passkeys (and my windows box can use my iphone's passkey) I'm going to go all-in on it.

    That architecture is solid, and the usability is even better. I don't want to try to get my parents to use a password manager, I could get them to use passkeys without a problem.

    SteveBellovin,
    @SteveBellovin@mastodon.lawprofs.org avatar

    @MildlyAggrievedScientist @ncweaver The big advantage, other than perhaps UX issues, is that PassKey authentication is inherently bidirectional. This completely prevents phishing attacks and MitM attacks. And you never send your secret anywhere, so even a compromised web site can't impersonate you to the real one.

    SteveBellovin,
    @SteveBellovin@mastodon.lawprofs.org avatar

    @MildlyAggrievedScientist @ncweaver Yup. And recovery from lost credentials will be a lot harder in a PassKey world.

    SteveBellovin,
    @SteveBellovin@mastodon.lawprofs.org avatar

    @MildlyAggrievedScientist @ncweaver Yup. But the UX issue is also really important. I've used 1Password for many years, and I always have it generate random passwords for me. I'm thus very aware of when that's annoyingly difficult, and when its browser plug-ins need manual assistance to fill in the fields.

    dangoodin, to random

    Help! A baby bird from the nest outside the front door just flew into the house. I've spent 10 minutes looking for it can can't find it. Anybody know what I should do?

    SteveBellovin,
    @SteveBellovin@mastodon.lawprofs.org avatar

    @jbaggs @dangoodin Many birds fledge—are able to fly—before they've learned to feed themselves.

    SteveBellovin,
    @SteveBellovin@mastodon.lawprofs.org avatar

    @dangoodin You're in the Bay Area, right? Contact https://www.birdrescue.org/ for help.

    SteveBellovin, to random
    @SteveBellovin@mastodon.lawprofs.org avatar

    My students bring me gifts…

    SteveBellovin, to random
    @SteveBellovin@mastodon.lawprofs.org avatar

    Dear law professors, legal historians, etc. What is the “C.D." reporter? Looking at some 100+ year-old patent documents and court opinions, I see references to things lik “Ex parte Berolzheimer, 1870 C.D., 33”. Neither Westlaw nor Lexis, at least in the versions I have access to, understand that citation, nor is “C.D." listed as an abbreviation in the Indigo Book except for "Central District", which it is not in this case. Context suggests that it has something to do with patent appeals.

    SteveBellovin,
    @SteveBellovin@mastodon.lawprofs.org avatar

    @alexg Thanks!

    SteveBellovin,
    @SteveBellovin@mastodon.lawprofs.org avatar

    @alexg I decided to turn https://www.cs.columbia.edu/~smb/blog/2013-05/2013-05-21.html into a properly researched paper, complete with older examples and exchanges with the Patent Office on what was or was not patentable. The results are—contradictory…

    SteveBellovin,
    @SteveBellovin@mastodon.lawprofs.org avatar

    @alexg Btw, the decision says exactly what I thought/was hoping it would say, based on the context in the citing documents. (And which will make my eventual conclusions all the more puzzling, but that's cool, too.)

    SteveBellovin, to random
    @SteveBellovin@mastodon.lawprofs.org avatar

    This is why HSMs are important: https://mastodon.social/@arstechnica/110347381169632573

    SteveBellovin,
    @SteveBellovin@mastodon.lawprofs.org avatar

    @jas The point of an HSM is that it NEVER discloses the key. You can ask it to do things like "sign this image”, which means that an attacker still in your system can get images signed, but they can't steal your signing key and use it later, after you've disinfected.
    And user-controllable firmware? Almost no one is qualified to read UEFI firmware, let alone write some; they're always trusting someone, be it MSI or the FSF. MSI apparently made two mistakes: no HSM and no revocation mechanism.

    SteveBellovin,
    @SteveBellovin@mastodon.lawprofs.org avatar

    @jas You can back up HSM keys; see, e.g., https://thalesdocs.com/gphsm/ptk/5.9/docs/Content/PTK-C_Admin/KMU/key_backup_tut.htm. And, per the article, other vendors do have a suitable mechanism for revocation of such keys: “To make matters worse, Matrosov said, MSI doesn’t have an automated patching process the way Dell, HP, and many larger hardware makers do. Consequently, MSI doesn’t provide the same kind of key revocation capabilities.” (Disclaimer: I haven't used or analyzed those mechanisms.)

  • All
  • Subscribed
  • Moderated
  • Favorites
  • provamag3
  • InstantRegret
  • mdbf
  • ethstaker
  • magazineikmin
  • GTA5RPClips
  • rosin
  • thenastyranch
  • Youngstown
  • osvaldo12
  • slotface
  • khanakhh
  • kavyap
  • DreamBathrooms
  • JUstTest
  • Durango
  • everett
  • cisconetworking
  • Leos
  • normalnudes
  • cubers
  • modclub
  • ngwrru68w68
  • tacticalgear
  • megavids
  • anitta
  • tester
  • lostlight
  • All magazines
    •