[LINK] Federal police asked to probe Google

Richard Chirgwin rchirgwin at ozemail.com.au
Mon Jun 7 06:50:59 AEST 2010 

Craig Sanders wrote:
> On Sun, Jun 06, 2010 at 10:05:09PM +1000, Jan Whitaker wrote:
>   
>> At 09:39 PM 6/06/2010, Richard Chirgwin wrote:
>>     
>>> A "payload" frame, however, has the destination address set. An
>>> interface with the wrong address, upon receiving that frame, is
>>> supposed to drop it (a behaviour that's been in Ethernet forever -
>>> the old coax networks behaved like this). Sniffer software ignores
>>> what is an explicit part of the standard - "drop frames not addressed
>>> to you". So it's at least tenable to argue that anyone who captures
>>> frames not addressed to them *is* breaching the TIA, irrespective of
>>> whether or not the payload is encrypted.
>>>       
>> Could this be a case of the programmer not paying attention to the    
>> standard?                                                             
>>     
>
> possibly. but it's certainly a case of Richard only understanding
> a small part of the standard and ignoring everything in it that
> contradicts the point he wants to make (which is that it's somehow
> unusual or "standards-breaking" to not drop packets "not addressed to
> you" - and identifying which packets are "not addr..." is far from as
> clear-cut and well-defined as he's stating)
>   
So point out the bit of the standard which I supposedly don't 
understand. Please do, I actually like getting new information.

RC
>   
>> Google said whoever wrote it was 'experimenting' or something         
>> similar, part of their 'innovation' thing. If there were whiz kids    
>> writing code for them without proper training, that could happen. It  
>> could be a case of wow, neat, I wonder if I can bypass this or get    
>> that data without the sender knowing?                                 
>>     
>
> it's not a matter of "bypassing" anything. it's more a matter of not
> bothering to put in a lot of extra work to filter out stuff (possibly
> because no-one had bothered telling him/her that it would be a good
> idea).
>
> capturing packets is easy.  filtering out the noise is hard.  
>
> and programmers are lazy. without detailed specifications they'll focus
> on the "interesting" bits of the program and ignore the boring bits.
>
>
>   
>> If the coder had no sense of compliance requirements, it could easily
>> happen out of pure ignorance. Doesn't excuse google from knowing what
>> their code does, but I can see how it could happen.
>>     
>
> AFAICT, it was when somebody higher up reviewed the code that the
> requirements were established.
>
> craig
>
>

More information about the Link mailing list