I recently set up automated watering in our backyard. The gutters on our garage fill a rain barrel that has a timer attached to a soaker hose that runs through the garden. This is especially nice solution because (1) there’s no running water on that side of the house, (2) the rain water is free, (3) I can spend gardening time on other tasks, and (4) the chipmunks that used to love to hide in that downspout have to find another home now. It’s not fertilizing like in this article, but it wouldn’t be hard to add if we wanted to.
If there’s any interest, I might make a video of this. Please let me know in the comments.
“Recently, I have seen a large-ish uptick in customers reverse engineering our code to attempt to find security vulnerabilities in it. < Insert big sigh here. > This is why I’ve been writing a lot of letters to customers that start with “hi, howzit, aloha” but end with “please comply with your license agreement and stop reverse engineering our code, already.”
This article is hard to believe. Imagine if the people that discover these vulnerabilities sold them on the black market instead of reporting them to Oracle. I would hope that Oracle would prefer receiving an email to widespread zero-day attacks.
Though I’m not a lawyer, this makes me wonder what constitutes reverse engineering, and also the legality of license clauses that disallow reverse engineering in this situation. Unfortunately, Wikipedia doesn’t mention anything about reporting security vulnerabilities, which seems like something that should always be allowed.
In the United States even if an artifact or process is protected by trade secrets, reverse-engineering the artifact or process is often lawful as long as it has been legitimately obtained.
Reverse engineering of computer software in the US often falls under both contract law as a breach of contract as well as any other relevant laws. This is because most EULA’s (end user license agreement) specifically prohibit it, and U.S. courts have ruled that if such terms are present, they override the copyright law which expressly permits it (see Bowers v. Baystate Technologies).
Sec. 103(f) of the DMCA (17 U.S.C. § 1201 (f)) says that a person who is in legal possession of a program, is permitted to reverse-engineer and circumvent its protection if this is necessary in order to achieve “interoperability” – a term broadly covering other devices and programs being able to interact with it, make use of it, and to use and transfer data to and from it, in useful ways. A limited exemption exists that allows the knowledge thus gained to be shared and used for interoperability purposes.
Do security vulnerabilities fall under “interoperability”? Are there “whistle blower” laws that encourage security vulnerabilities to be reported and dealt with responsibly? If not, should there be?
On Monday, the Iowa City City Council voted to help fund a bike-sharing grant with the University of Iowa, authorized the creation of dedicated bike lanes to parts of First Avenue and Mormon Trek Boulevard, as well as changes to the city’s biking ordinance.