Slashdot Mirror

jones_supa writes: A North Korean official said that the secretive regime wants to mount a joint investigation with the United States to identify who was behind the cyber attack against Sony Pictures. An unnamed spokesman of the North Korean foreign ministry was quoted by the country's state news agency, KCNA, describing U.S. claims they were behind the hack as "slander." "As the United States is spreading groundless allegations and slandering us, we propose a joint investigation with it into this incident," the official said, according to Agence France-Presse. Both the FBI and President Barack Obama have said evidence was uncovered linking the hack to to North Korea, but some experts have questioned the evidence tying the attack to Pyongyang. Meanwhile, reader hessian notes that 2600: The Hacker Quarterly has offered to let the hacker community distribute The Interview for Sony. It's an offer Sony may actually find useful, since the company is now considering releasing the movie on a "different platform." Reader Nicola Hahn warns that we shouldn't be too quick to accept North Korea as the bad guy in this situation: Most of the media has accepted North Korea's culpability with little visible skepticism. There is one exception: Kim Zetter at Wired has decried the evidence as flimsy and vocally warns about the danger of jumping to conclusions. Surely we all remember high-ranking, ostensibly credible, officials warning about the smoking gun that comes in the form of a mushroom cloud? This underscores the ability of the agenda-setting elements of the press to frame issues and control the acceptable limits of debate. Some would even say that what's happening reveals tools of modern social control (PDF). Whether or not they're responsible for the attack, North Korea has now warned of "serious consequences" if the U.S. takes action against them for it.

HughPickens.com writes: Nicolas Niarchos has a profile of 2600 in The New Yorker that is well worth reading. Some excerpts: "2600 — named for the frequency that allowed early hackers and "phreakers" to gain control of land-line phones — is the photocopier to Snowden's microprocessor. Its articles aren't pasted up on a flashy Web site but, rather, come out in print. The magazine—which started as a three-page leaflet sent out in the mail, and became a digest-sized publication in the late nineteen-eighties — just celebrated its thirtieth anniversary. It still arrives with the turning of the seasons, in brown envelopes just a bit smaller than a 401k mailer."

"There's been now, by any stretch of the imagination, three generations of hackers who have read 2600 magazine," Jason Scott, a historian and Web archivist who recently reorganized a set of 2600's legal files, said. Referring to Goldstein, whose real name is Eric Corley, he continued: "Eric really believes in the power of print, words on paper. It's obvious for him that his heart is in the paper."

"2600 provides an important forum for hackers to discuss the most pressing issues of the day — whether it be surveillance, Internet freedom, or the security of the nation's nuclear weapons—while sharing new code in languages like Python and C.* For example, the most recent issue of the magazine addresses how the hacking community can approach Snowden's disclosures. After lampooning one of the leaked N.S.A. PowerPoint slides ("whoever wrote this clearly didn't know that there are no zombies in '1984' ") and discussing how U.S. government is eroding civil rights, the piece points out the contradictions that everyone in the hacking community currently faces. "Hackers are the ones who reveal the inconvenient truths, point out security holes, and offer solutions," it concludes. "And this is why hackers are the enemy in a world where surveillance and the status quo are the keys to power."

First time accepted submitter themusicgod1 (241799) writes According to 2600, their distributor (Previously known as "Source Interlink", now recently renamed to "TEN: The Enthusiast Network") has decided to consolidate its resources and is keeping the money retailers paid for the last two issues of the quarterly magazine. 2600, in the meanwhile, is still busy trying to organize the upcoming HOPE X conference. However, according to the link: "In the worst case scenario, being ripped off at this level would make it almost impossible for us to continue publishing. We would have to make a lot of painful choices and cut back on things for no reason other than some outside company's mismanagement. Our readers have supported both our print and digital publications and we've been doing quite well overall." Note: As it says at the linked explanation, 2600 is not a charity, and they're not seeking donations -- but they would like you to buy the magazine (in print or Kindle form), and to attend the upcoming HOPE X conference. (I wish I could make this year's HOPE but can't; as conferences go, HOPE is a wildly good bargain.)

guises writes: "A recent story discussing the cover of Byte Magazine reminded me of just how much we've lost with the death of print media. The Internet isn't what took down Byte, but a lot of other really excellent publications have fallen by the wayside as a result of the shift away from the printed page. We're not quite there yet, though. There seem to still be some holdouts, so I'm asking Slashdot: what magazines (or zines, or newsletters, or newspapers) are still hanging around that are worth subscribing to?"

The hacker with perhaps the most famous first name around, Kevin Mitnick, has gone from computer hacking of the sort that gets one on the FBI's Most Wanted list (and into years of solitary confinement) to respected security consultant and author, helping people minimize the sort of security holes he once exploited for fun. His new book is called Ghost in the Wires: My Adventures as the World's Most Wanted Hacker; it's his first since the expiration of an agreement that he could not profit from books written about his criminal activity. Kevin's agreed to answer your questions; we'll pass the best ones on to him, and print his answers when they're ready. Note: Kevin also answered Slashdot questions most of a decade ago; that's a good place to start. Please observe the Slashdot interview guidelines: ask as many questions as you want, but please keep them to one per comment.

theodp writes "Back in 1972, Georgle Carlin gave us the Seven Words You Can Never Say on Television. Thirty-eight years later, Valleywag reports on The Definitive List of Words Google Thinks Are Naughty. You've probably noticed how the new Google Instant tries to guess what you're searching for while you type — unless it thinks your search is dirty, in which case you'll be forced to actually press ENTER to see your results. Leave it to the enterprising folks at 2600 to compile an exhaustive list of words and phrases Google Instant won't auto-search for."

bernieS writes "The Washington Post describes what happens when a construction backhoe accidentally cuts buried fiber so secret that it doesn't appear on public maps — and what happens when the Men in Black SUVs appear out of nowhere. Apparently, the numerous secret fiber and utility lines used by government intelligence agencies are being dug up with increasing frequency with all the increased construction projects in the DC area. It's amazing how quickly they get repaired!"

fsterman writes "We've been working on compiling the audio and video from The Fifth HOPE, and we're pleased to announce that all of the audio from the conference (some 78 hour-long files covering 69 panels) is now available."

Emmanuel Goldstein writes "We've gone through all of our submissions, and selected nearly 70 talks and panels for the next HOPE conference in New York City, to be held from July 9th-11th. We have Steve Wozniak, Kevin Mitnick, and Jello Biafra as keynotes, and many more interesting talks and seminars, plus a round the clock hacker movie room and a lockpicking workshop." The official website explains: " This is a conference by, for, and about hackers on as many levels as we can come up with, ranging from the highly technical to the down to earth, from computers to phones, from serious to hilarious. And our doors are open to anyone interested in what the hacker world has to say." We previously ran a story on this conference a couple of months back, before full speaker details were available.

An anonymous reader writes "The next HOPE (Hackers on Planet Earth) conference will feature Steve Wozniak as one of the keynotes according to conference organizers at 2600. Mitnick's also got a keynote spot, and there's more to be announced."

prostoalex writes "Why are networked computing environments so insecure? You've heard the story before - early computers were not designed to work in the network environment, and even most software written later was designed to work on benevolent networks. As Bruce Schneier says in the preface to Building Secure Software: How to Break Code, 'We wouldn't have to spend so much time, money and effort on network security if we didn't have such bad software security.'" Read on for prostoalex's review of Exploiting Software, which aims to balance that situation somewhat. Exploiting Software: How to Break Code author Greg Hoglund, Gary McGraw pages 512 publisher Addison Wesley Professional rating 8 reviewer Alex Moskalyuk ISBN 0201786958 summary Techniques and software used to attack applications.

What kind of secure are you after? There are many published titles on the topic of software security are numerous, but most of them follow certain patterns. Building Secure Software by Viega and McGraw was mainly concerned with proper techniques and general software engineering mindset without going into specifics. Then there was Writing Secure Code , by Howard and LeBlanc, which provided concrete examples and showed the "right way" to do secure coding. I heard the title instantly became a required reading at world's largest software corporation. It's currently in its second edition.

Secure Programming Cookbook for C/C++ by Viega and Messier, was the hands-on title for those developing C/C++ application with security in mind, as the cookbook recipes generally gave examples of good code, with each chapter providing some general background information on the topic discussed (I reviewed it on Slashdot in September last year).

Just in case you were wondering, the list above wasn't just retrieved by a quick search at Amazon. My Master's degree, completed last summer, dealt with the topic of software security, and those are the titles I've read preparing to write the theoretical part.

From the other side With the variety of books on how to write secure software, and what techniques to use to make existing software more secure, there was a niche for a book targeted specifically to those who wanted to break software. Black hat or white hat, the network security experts always had titles like Hacking Exposed to give them an idea of what was available in terms of techniques and methodologies used out there. For software security most of the articles and books generally would tell you something in the terms "do not use strcpy(), as it introduces buffer overruns".

Great, so I won't use strcpy(), did it make my application more secure? Is it more or less hack-proof? What if I am a tester and required to play with this aspect of the application to ensure the application's security before the product ships? Theoretically hanging out at proper IRC rooms and getting lifetime Phrack and 2600 subscriptions should be enough to cover you at the beginning, however, the learning curve here leaves much to be desired, let alone the fact you will probably be kicked out of the IRC rooms for asking n00b questions. Another path would be to take an expensive training course by someone with a name in the industry, but the price tag for those generally leaves out self-learners and those operating on limited budgets, which adds up to about 99% of software engineers and testers out there.

Exploiting Software to the rescue.

Exploiting Software fills the void that existed in this market. Eight chapters take you through the basics and some advanced techniques of attacking software applications with the purpose of executing arbitrary code supplied by an attacker (you).

The book mainly deals with Windows applications for x86 platforms, and some knowledge of C/C++ and Win32 API is required to go through the example applications. To automate some processes and demonstrate possible attacks the authors use Perl, so knowledge of that would help the reader, too. Some chapters, (e.g. the buffer overflow one) show disassembler output, and while you're not expected to read x86 ASM code as if it were English, knowledge of how the registers work and how the subprocedure calls are handled on this Intel architecture are required. After all, if potential attackers know it, you better familiarize yourself with some low-level code, too.

While discussing various possible attacks, the authors post different attack patterns. The patterns themselves usually appear in gray textboxes and talk about the possible exploit in general terms. After that, a series of attack examples follow, with specific descriptions on what can be done, and how. For example, the attack pattern on page 165 is titled "Leverage executable code in non-executable files." The following attack example is "Executable fonts," and it talks how the font files are generally treated by the Windows systems (they are a special form of DLLs). Thus it's possible to embed some executable code into a font library you're creating, for which the authors provide an example in Microsoft Visual Studio.

What's cool is that all the attack patterns are listed in a separate table of contents (alas, not on the Web site table of contents, which just lists the chapters and subchapters), so you can browse to the attack pattern you decide to learn about, read some general info about it and then study specific examples. The examples themselves are not in the table of contents, which I think is a mistake, as it would make searching for possible patterns much easier. After all, how are you supposed to know that "Informix database file system" (p. 189) is under "Relative path traversal" pattern? Well, unless you know specifically that the line http://[Informix database host]/ifx/?LO=../../../etc/ is the one discussed in the example, you would have to either go through the index hoping no omissions were made, or read the chapter in its entirety.

One of the best chapters of the book, Reverse Engineering and Program Understanding, which provides a good introduction into techniques used throughout the book, is available online from Addison Wesley. By having a free chapter you already have 1/8th of the book, but don't think that the low number of chapters makes this 512-page title an introductory book.

Target Audience

Looks like there are two major audiences and reading patterns for this book: those wanting to fix their systems ASAP and thus using Exploiting Software as a reference, and those using it as a text book to learn about security. I've discussed the organization of the book above, and the reference types will probably be more interested in patterns and examples. For a casual reader (although casual readers wouldn't generally pick up a title with C++, Perl, ASM and hex dumps spread around the chapters) this is a book with great educational value, from two authors who have discovered numerous security vulnerabilities themselves.

Exploiting Software is not an easy title to read. Addison-Wesley shipped me the manuscript copy a month before it hit the bookshelves in its final version, and I found myself going through about two pages an hour. The authors bring up sometimes unfamiliar Win32 APIs and occasionally use ready-made tools available on the Web, so generally I found myself visiting MSDN and Google a lot to read through available documentation and download the latest version of the tools used. The book doesn't come with a CD. Some of the stuff, like inserting a malicious BGP packet to exploit a Cisco router (p. 281) is not really testable at home, and I have some reservations about verifying the example with my employer's routers.

The book is probably apt for 2nd or 3rd year computer science students and above. Besides the variety of languages that I mentioned above, you need to be familiar with the basics of Intel architecture, and generally be fluent with terminology like "buffer," "stack," "syscall," "rootkit," etc., as this is not an "Introduction to..." title. From my experience, you probably won't read it from page 1 to page 512 understanding everything perfectly, but for anyone interested in security and those making a career in software development it looks like a bookshelf must-have.

I interviewed Gary McGraw on the current state of software security, the relevance of the topic to the issues beyond C/C++ and improper buffer usage, and future directions in security. Network World magazine also ran an interview with the McGraw in which he talks about the reception of the book at the RSA Conference, whether the economics is right to invest in building secure systems, and whether his book does more harm by providing a compendium of known exploits.

Alex has written numerous reviews of other software and security titles. You can read more of his opinions at his Web site. You can purchase Exploiting Software: How to Break Code from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

double-oh three writes "It's an even numbered year, and that means that 2600 is holding the party again this summer. The 5th HOPE conference has been announced and scheduled for July 9th to 11th(a Friday-Sunday weekend), again at the Hotel Pennsylvania in New York. This year's 'theme' for the conference is Propaganda, and if this is anything like H2k2, it'll be by the phone companies. And for those of you who are clueless, here's a roundup of the last HOPE con."

double-oh three writes "It's an even numbered year, and that means that 2600 is holding the party again this summer. The 5th HOPE conference has been announced and scheduled for July 9th to 11th(a Friday-Sunday weekend), again at the Hotel Pennsylvania in New York. This year's 'theme' for the conference is Propaganda, and if this is anything like H2k2, it'll be by the phone companies. And for those of you who are clueless, here's a roundup of the last HOPE con."

jgercken asks: "I recently survived a 16-hour drive solo thanks to having downloaded 10+ hours of old Off the Hook shows, a 2600 sponsored radio program. It is so refreshing to hear news from a technically cognizant perspective. Is anyone aware of any similar programs or maybe sources of recorded lectures?"

jgercken asks: "I recently survived a 16-hour drive solo thanks to having downloaded 10+ hours of old Off the Hook shows, a 2600 sponsored radio program. It is so refreshing to hear news from a technically cognizant perspective. Is anyone aware of any similar programs or maybe sources of recorded lectures?"

Slashdot Chaplain writes "At the 2600 site, you can see today's details about why 2600 is withdrawing from taking their suit to the Supreme Court." So let's recap the case: 2600 published the DeCSS utility on their website. The movie studios filed suit, and the EFF agreed to assist 2600 with their case. 2600 lost the case in District Court, receiving a tongue-lashing from Judge Kaplan, which ordered them not to post or even link to DeCSS. 2600 appealed. They lost. They attempted to have their case heard again, by the full Appeals court rather than a three-judge panel, and were rejected. And although they have the option of appealing to the Supreme Court, they are saying today that they will not: so Judge Kaplan's decision stands. The case in California is still ongoing. No doubt this will be discussed at H2K2 next week.

Slashdot Chaplain writes "At the 2600 site, you can see today's details about why 2600 is withdrawing from taking their suit to the Supreme Court." So let's recap the case: 2600 published the DeCSS utility on their website. The movie studios filed suit, and the EFF agreed to assist 2600 with their case. 2600 lost the case in District Court, receiving a tongue-lashing from Judge Kaplan, which ordered them not to post or even link to DeCSS. 2600 appealed. They lost. They attempted to have their case heard again, by the full Appeals court rather than a three-judge panel, and were rejected. And although they have the option of appealing to the Supreme Court, they are saying today that they will not: so Judge Kaplan's decision stands. The case in California is still ongoing. No doubt this will be discussed at H2K2 next week.

narftrek cut-and-pastes the text from 2600's announcement that Ford has conceded the case they brought against 2600 over a certain domain. Our earlier story has some background. A Volvo repair shop near me is named "Island Vo Vo"; the L is silent, you see, because Ford really sucks.

mrbrown1602 writes: "It was bound to happen - 2600.com is reporting that Turner Broadcasting CEO Jamie Kellner is calling PVR users thieves. When asked why personal video recorders are bad for the industry, Keller says 'Because of the ad skips.... It's theft. Your contract with the network when you get the show is you're going to watch the spots. Otherwise you couldn't get the show on an ad-supported basis. Any time you skip a commercial or watch the button you're actually stealing the programming.' Since when have we made contracts with the broadcasters for watching their content? More of the 2600 article can be found here."

mrbrown1602 writes: "It was bound to happen - 2600.com is reporting that Turner Broadcasting CEO Jamie Kellner is calling PVR users thieves. When asked why personal video recorders are bad for the industry, Keller says 'Because of the ad skips.... It's theft. Your contract with the network when you get the show is you're going to watch the spots. Otherwise you couldn't get the show on an ad-supported basis. Any time you skip a commercial or watch the button you're actually stealing the programming.' Since when have we made contracts with the broadcasters for watching their content? More of the 2600 article can be found here."

tomcat writes "For those who don't know, Freedom Downtime is 2600's two hour long documentary that deals with one of the stories the mass media managed to overlook - that of hacker Kevin Mitnick, imprisoned for nearly five years on charges that to this day remain unclear."

corran__horn writes: "2600 Victory in the ford case has been appealed by Ford. Looks like the guys at 2600 have some fun ahead. This site has some background to the problem."

corran__horn writes: "2600 Victory in the ford case has been appealed by Ford. Looks like the guys at 2600 have some fun ahead. This site has some background to the problem."

AnimeFreak writes: "According to this 2600 article, 2600 has won the right to link to Ford's website after Ford sued them for doing so. Ford had asserted that hyperlinking to their website or referring to it in DNS records constituted a variety of trademark violations. Judge Cleland rejected Ford's twisted interpretation of the trademark act, which claimed that by disparaging Ford's mark and preventing it from 'fully exploiting the value of its mark,'" 2600 was in violation of trademark law by redirecting a possibly offensive domain to Ford's site. We've mentioned this before, and it's nice to see a ruling in favor of linking. Thanks to Phalse Phace, here's a link to the 11-page decision.

AnimeFreak writes: "According to this 2600 article, 2600 has won the right to link to Ford's website after Ford sued them for doing so. Ford had asserted that hyperlinking to their website or referring to it in DNS records constituted a variety of trademark violations. Judge Cleland rejected Ford's twisted interpretation of the trademark act, which claimed that by disparaging Ford's mark and preventing it from 'fully exploiting the value of its mark,'" 2600 was in violation of trademark law by redirecting a possibly offensive domain to Ford's site. We've mentioned this before, and it's nice to see a ruling in favor of linking. Thanks to Phalse Phace, here's a link to the 11-page decision.

AnimeFreak writes: "According to this 2600 article, 2600 has won the right to link to Ford's website after Ford sued them for doing so. Ford had asserted that hyperlinking to their website or referring to it in DNS records constituted a variety of trademark violations. Judge Cleland rejected Ford's twisted interpretation of the trademark act, which claimed that by disparaging Ford's mark and preventing it from 'fully exploiting the value of its mark,'" 2600 was in violation of trademark law by redirecting a possibly offensive domain to Ford's site. We've mentioned this before, and it's nice to see a ruling in favor of linking. Thanks to Phalse Phace, here's a link to the 11-page decision.

RazzleDazzle writes: "There is a free and open debate between Jack Valenti of the MPAA vs Larry Lessig of Stanford Law about the DMCA. Following the disappointing loss of the Felton case this might be a good place to spread literature and show support for freedom if you can make it. ... This evening at the University of Southern California in Los Angeles. For info on the live webcast click here. 2600 has more information."

Politech is featuring this press release from EFF stating Judge Garrett Brown of the Federal District Court in Trenton, New Jersey, threw out the EFF-Felten case challenging the DMCA after less than 25 minutes of debate. DoJ and RIAA both made motions to dismiss the case, which the court granted. We'll have a story about what occurred at the hearing tomorrow. EFF plans to appeal. In addition, 2600 is reporting that they've lost their Appeal in the 2nd Circuit court.

Politech is featuring this press release from EFF stating Judge Garrett Brown of the Federal District Court in Trenton, New Jersey, threw out the EFF-Felten case challenging the DMCA after less than 25 minutes of debate. DoJ and RIAA both made motions to dismiss the case, which the court granted. We'll have a story about what occurred at the hearing tomorrow. EFF plans to appeal. In addition, 2600 is reporting that they've lost their Appeal in the 2nd Circuit court.

People who love sausage and respect the law should never watch either one being made. Law professor and copyright expert Jessica Litman takes a hard look at the process which makes copyright law, and most readers will likely finish her new book, Digital Copyright, with their respect for the law substantially lessened. This is the book for everyone who has ever gotten fed up with IANAL posts and wanted answers that were a bit more informed, everyone who's gotten tired of soundbite analysis of Napster and overheated mailing list discussions. If you're looking for one book to help you understand the Digital Millennium Copyright Act and the past and future of copyright law, this is it.

Digital Copyright author Jessica Litman pages 208 publisher Prometheus Books rating 10/10 reviewer Michael Sims ISBN 1-57392-889-5 summary how copyright law is like sausage-making

For a free introduction to Professor Litman's work, you may want to see her webpage, taking special note of the various articles and papers linked at the bottom. Several of her previous articles have been revised into chapters of Digital Copyright, so if you don't find them interesting, the book isn't likely to interest you (though the book is written for a slightly more general audience than the papers).

Almost every discussion of copyright on the web degenerates into name-calling between a faction that insists "copyright is property - you're STEALING!" and a faction that insists "copyright is a bargain between the public and producers, it exists solely to promote the progress of science and the arts, and the producers are trying to gouge the public within an inch of its life". Litman's book will show you the roots of those two viewpoints, the heavy propaganda effort by the copyright industry that has made that shift in law from the second to the first and is trying to make that shift in public perception, and you'll be one up on the average copyright debater.

She goes into excruciating, fascinating, absorbing detail about the process that produced current copyright law and is highly likely to produce future copyright law - the bribes to Congress, the back-room deals, the slimy public relations tactics, the elected officials who don't want to spend the time to learn about a tangential, unimportant issue like copyright. The history of copyright law shows that this is not a new issue - these same battles have been fought over each new medium of storing or transmitting information, and Litman mentions, at least briefly, each of those battles. With each new medium came an expansion of copyright law to cover that medium and a narrowing of the rights of readers/viewers/listeners, until we've reached the Digital Millennium Copyright Act, which arguably allows publishers cradle to grave control of every copyrighted work they produce.

One of the major themes expressed in the book is the disconnect between how the average layman supposes that copyright law is and how it actually works. In general, people who haven't read copyright law have many misunderstandings about it, and often refuse to accept the real law when it is presented, because it doesn't make a lot of sense and they have a fundamental belief that law should make sense. Indeed, the odds are (at least in my experience) that any individual random person asserting facts about copyright law is dead wrong.

When you have laws that have been written and revised for one hundred years with no significant input from the public, only people who want to maximize their profits from the resulting law, there's going to be a disconnect.

And that's the "sausage" aspect of this book. Most people respect the law, even copyright law, even if they don't understand it (they obey what they think the law is, or what they think it should be). But after reading this book, I think most people won't respect copyright law any more - they'll realize that copyright law is just a method for a very few companies and industries to maximize their profits at the public's expense, and they'll simply cease to respect it. I'm not at all certain this is a bad thing. A little less respect for authority would probably do American society some good. But be aware of the consequences: if you want your daughter to grow up thinking that making an MP3 from a CD you own is theft, don't use this book for bedtime reading. It will warp impressionable minds.

Chapter 1, Copyright Basics, is just as you'd expect: an overview of copyright law. It's not deep, but the rest of the book does not require in-depth knowledge of copyright law. It's a book written for a popular audience, with enough footnoted references that scholars won't be disppointed or short-changed.

Chapter 2 is available online (so is the introduction). Litman maps out where she intends to go in chapter 2, so it's really the best sales pitch for the book: read it, and you'll either be hooked or not.

Chapter 3 covers compromise - the compromise between copyright interests that creates modern copyright law. When you realize that Congress literally and explicitly (and apparently, shamelessly) rubber-stamps the law written from start to finish by corporate copyright interests, you may feel the bile rise in your throat.

Chapter 4 is a short thought experiment: if you were a lawyer representing the public, and the "bargain" of the 1976 copyright statute was presented to you, would you accept it?

Chapter 5 is an important chapter for advocacy efforts. It covers metaphors, and the important role they play in debate. We've seen this play out in recent news as perjorative terms like "pirate" are applied to organizations like 2600, which, after all, is not even accused of copying a single thing unlawfully, while the New York Times and other large publishers, which freely admit that they copied tens of thousands of articles which they had no rights to in order to sell them for a profit, are called pirates by no one (one newspaper article, in the Christian Science Monitor, mentioned that the individual writers describe this as "cyber-piracy" - that's the closest I got to an adverse characterization of the publishers' position). This "piracy gap" illustrates perfectly Litman's point - controlling the metaphor for any given debate or conflict is of utmost importance.

Chapter 6 covers the collision between copyright lawyers and computers/the internet. Imagine: a world where every single use of any piece of information involved making a copy, if only in a computer's RAM. Suddenly, the right to "make copies", which once covered only the initial production of copyrighted materials, is invoked with every single usage of a material. And instead of revising the law to have roughly the same effect as it used to, copyright interests seized on revising the law in favor of its letter, not its spirit. (Though Litman doesn't mention Lessig here, she's making exactly the same argument that Lessig is in his book Code and Other Laws of Cyberspace , and I wish it was expanded just a bit.) The chapter generally covers the efforts in the early 1990's that will lead up to the Digital Millennium Copyright Act.

Chapter 7, Creation and Incentives, examines what sort of incentives are actually needed to get people to create copyrighted works. In the face of all evidence, the copyright industry argues that massive incentives are needed. There's a great hypothetical, which I won't ruin for you here, that looks at the copyright incentives needed in two major industries today.

Chapter 8 is titled "Just Say Yes to Licensing!". I don't think I really need to discuss the subject matter here, do I? She points out that the paper which led to the DMCA recommends massive citizen re-education programs - since the law didn't fit with public perceptions, clearly the public's perceptions were at fault, not the law.

Chapter 9 covers the DMCA's passage - each little bargain hammered out by one copyright interest or another, all at the public's expense.

Chapters 10 and 11 cover Napster, DeCSS, and similar areas that regular slashdot readers will be familiar with.

The final two chapters examine the requirements for a digital copyright law that will comport with the expectations of Americans - whose expectations include items like being able to read a work they've published on a device of their own choosing without violating copyright law - and yet still provide an incentive to authors. Although there is nothing wrong with the solution Litman proposes, one gets the impression that it is a sort of pro forma exercise, that she knows there is no realistic hope of her solution being implemented.

Overall, the work is both a strong piece of scholarship (Litman has been studying this for years, and it shows in every footnote) and solid read. Readers on a budget can get the flavor and most of the arguments by reading her papers online, but the work as a coherent whole is solid addition to the library of anyone who cares about copyright issues. Highly recommended.

I'd like to also mention another book about the DMCA, one that I'm not going to do a full review on. Marcia Wilbur has a self-published book titled DMCA, which can be located through various booksellers. I received a copy from the author, and it is about as different from Digital Copyright as night is from day. DMCA draws very strongly from online debates -- it's fast-paced, rushed, very much a persuasive work rather than an informative, scholarly one, and could use some serious copy-editing. Nevertheless, it's an interesting read, and the only paper work I've seen to date that accurately captures the flavor of online discussions about the DMCA.

You can purchase Digital Copyright at Fatbrain.

lizrd writes: "The New York Times is reporting in their cyber law section that Eric Corley is in trouble in the courts again. This time he's being sued by Ford Motor Company for pointing a domain name that the New York Times won't mention to Ford's website. It will be interesting to see how this comes out in the courts, both sides seem to have some fairly strong arguments."

Slashback tonight with more on patents, Douglas Adams, and becoming a Jedi in New Zealand. Please read below for the details;)

Fitting tributes? SEWilco writes "New Scientist reports that an asteroid was officially named "18610 Arthurdent" on May 9; it is not known if Douglas Adams heard of it before he died May 11."

And dclydew writes "We at Binary Freedom would like to propose "Towel Day." May 25, two weeks after Douglas Adams' passing, all fans worldwide are encouraged to carry a towel around for the day."

It would be nice to see Thursday renamed as well.

Wait till the Jedi control the Senate. Slightly aging news, but CuriousGeorge113 writes "According to this Theage.com.au article, the Australian Government has issued yet another warning to Star Wars fans intent on writing in 'Jedi' as their religion in the upcoming census. It appears that this e-mail is beginning to pick up some steam."

Join the parade. Macki writes "Three weeks ago, Ford Motor Company sued 2600 over a DNS entry pointing FuckGeneralMotors.com at the Ford website. A hearing is set for May 18th in Detroit. Supporters are invited to join a caravan to Detroit that will go through up state New York and Canada in time for the hearing. A motion has already been filed for a protective order from legal shenanigans while in Michigan-- it's a good read and gives a thorough run-down of the case."

Open for the public, yes. Delphion may be about to start charging for certain of its formerly free services, but my note that the USPTO should put more documents on the Web was too harsh. A USPTO employee helpfully wrote:

"The United States Patent and Trademark Office offers the entire USPTO Patent database online for free (we've been doing this for some time now) -- just click any of the Search Patents links to get started.

You can search text for all patents since 1976 and view images of all patents since 1790 (except those files lost in the early Patent Office fires and fractional patents). We have the entire available patent database on line. You will need a TIFF image browser plugin (we offer a link to a free plugin on our site).

We also offer Patent Application Publications online. These are pending patent applications received after the new rules went into effect (from March 15 2001 through the present weekly issue). The database consists of the full text of US published applications (including new utility and plant). The full text of a published application includes all bibliographic data, such as the inventor's name, the published application's title, and the assignee's name, as well as the abstract, the full description of the invention, and the claims. All of the words (text) in the publication are searchable."

Thanks for the information. Sorry for being the source of FUD. Now where are the searchable PDFs? :)

Slashback tonight with more on patents, Douglas Adams, and becoming a Jedi in New Zealand. Please read below for the details;)

Fitting tributes? SEWilco writes "New Scientist reports that an asteroid was officially named "18610 Arthurdent" on May 9; it is not known if Douglas Adams heard of it before he died May 11."

And dclydew writes "We at Binary Freedom would like to propose "Towel Day." May 25, two weeks after Douglas Adams' passing, all fans worldwide are encouraged to carry a towel around for the day."

It would be nice to see Thursday renamed as well.

Wait till the Jedi control the Senate. Slightly aging news, but CuriousGeorge113 writes "According to this Theage.com.au article, the Australian Government has issued yet another warning to Star Wars fans intent on writing in 'Jedi' as their religion in the upcoming census. It appears that this e-mail is beginning to pick up some steam."

Join the parade. Macki writes "Three weeks ago, Ford Motor Company sued 2600 over a DNS entry pointing FuckGeneralMotors.com at the Ford website. A hearing is set for May 18th in Detroit. Supporters are invited to join a caravan to Detroit that will go through up state New York and Canada in time for the hearing. A motion has already been filed for a protective order from legal shenanigans while in Michigan-- it's a good read and gives a thorough run-down of the case."

Open for the public, yes. Delphion may be about to start charging for certain of its formerly free services, but my note that the USPTO should put more documents on the Web was too harsh. A USPTO employee helpfully wrote:

"The United States Patent and Trademark Office offers the entire USPTO Patent database online for free (we've been doing this for some time now) -- just click any of the Search Patents links to get started.

You can search text for all patents since 1976 and view images of all patents since 1790 (except those files lost in the early Patent Office fires and fractional patents). We have the entire available patent database on line. You will need a TIFF image browser plugin (we offer a link to a free plugin on our site).

We also offer Patent Application Publications online. These are pending patent applications received after the new rules went into effect (from March 15 2001 through the present weekly issue). The database consists of the full text of US published applications (including new utility and plant). The full text of a published application includes all bibliographic data, such as the inventor's name, the published application's title, and the assignee's name, as well as the abstract, the full description of the invention, and the claims. All of the words (text) in the publication are searchable."

Thanks for the information. Sorry for being the source of FUD. Now where are the searchable PDFs? :)

Slashback tonight with more on patents, Douglas Adams, and becoming a Jedi in New Zealand. Please read below for the details;)

Fitting tributes? SEWilco writes "New Scientist reports that an asteroid was officially named "18610 Arthurdent" on May 9; it is not known if Douglas Adams heard of it before he died May 11."

And dclydew writes "We at Binary Freedom would like to propose "Towel Day." May 25, two weeks after Douglas Adams' passing, all fans worldwide are encouraged to carry a towel around for the day."

It would be nice to see Thursday renamed as well.

Wait till the Jedi control the Senate. Slightly aging news, but CuriousGeorge113 writes "According to this Theage.com.au article, the Australian Government has issued yet another warning to Star Wars fans intent on writing in 'Jedi' as their religion in the upcoming census. It appears that this e-mail is beginning to pick up some steam."

Join the parade. Macki writes "Three weeks ago, Ford Motor Company sued 2600 over a DNS entry pointing FuckGeneralMotors.com at the Ford website. A hearing is set for May 18th in Detroit. Supporters are invited to join a caravan to Detroit that will go through up state New York and Canada in time for the hearing. A motion has already been filed for a protective order from legal shenanigans while in Michigan-- it's a good read and gives a thorough run-down of the case."

Open for the public, yes. Delphion may be about to start charging for certain of its formerly free services, but my note that the USPTO should put more documents on the Web was too harsh. A USPTO employee helpfully wrote:

"The United States Patent and Trademark Office offers the entire USPTO Patent database online for free (we've been doing this for some time now) -- just click any of the Search Patents links to get started.

You can search text for all patents since 1976 and view images of all patents since 1790 (except those files lost in the early Patent Office fires and fractional patents). We have the entire available patent database on line. You will need a TIFF image browser plugin (we offer a link to a free plugin on our site).

We also offer Patent Application Publications online. These are pending patent applications received after the new rules went into effect (from March 15 2001 through the present weekly issue). The database consists of the full text of US published applications (including new utility and plant). The full text of a published application includes all bibliographic data, such as the inventor's name, the published application's title, and the assignee's name, as well as the abstract, the full description of the invention, and the claims. All of the words (text) in the publication are searchable."

Thanks for the information. Sorry for being the source of FUD. Now where are the searchable PDFs? :)

Slashback tonight with more on patents, Douglas Adams, and becoming a Jedi in New Zealand. Please read below for the details;)

Fitting tributes? SEWilco writes "New Scientist reports that an asteroid was officially named "18610 Arthurdent" on May 9; it is not known if Douglas Adams heard of it before he died May 11."

And dclydew writes "We at Binary Freedom would like to propose "Towel Day." May 25, two weeks after Douglas Adams' passing, all fans worldwide are encouraged to carry a towel around for the day."

It would be nice to see Thursday renamed as well.

Wait till the Jedi control the Senate. Slightly aging news, but CuriousGeorge113 writes "According to this Theage.com.au article, the Australian Government has issued yet another warning to Star Wars fans intent on writing in 'Jedi' as their religion in the upcoming census. It appears that this e-mail is beginning to pick up some steam."

Join the parade. Macki writes "Three weeks ago, Ford Motor Company sued 2600 over a DNS entry pointing FuckGeneralMotors.com at the Ford website. A hearing is set for May 18th in Detroit. Supporters are invited to join a caravan to Detroit that will go through up state New York and Canada in time for the hearing. A motion has already been filed for a protective order from legal shenanigans while in Michigan-- it's a good read and gives a thorough run-down of the case."

Open for the public, yes. Delphion may be about to start charging for certain of its formerly free services, but my note that the USPTO should put more documents on the Web was too harsh. A USPTO employee helpfully wrote:

"The United States Patent and Trademark Office offers the entire USPTO Patent database online for free (we've been doing this for some time now) -- just click any of the Search Patents links to get started.

You can search text for all patents since 1976 and view images of all patents since 1790 (except those files lost in the early Patent Office fires and fractional patents). We have the entire available patent database on line. You will need a TIFF image browser plugin (we offer a link to a free plugin on our site).

We also offer Patent Application Publications online. These are pending patent applications received after the new rules went into effect (from March 15 2001 through the present weekly issue). The database consists of the full text of US published applications (including new utility and plant). The full text of a published application includes all bibliographic data, such as the inventor's name, the published application's title, and the assignee's name, as well as the abstract, the full description of the invention, and the claims. All of the words (text) in the publication are searchable."

Thanks for the information. Sorry for being the source of FUD. Now where are the searchable PDFs? :)

Thanks to Macki from 2600 who sent the DeCSS Reply Brief Filed on 2600. You can read it in all of the appropriate formats - the next hearing is May 1, at the 2nd Court of Appeals in NY.

Thanks to Macki from 2600 who sent the DeCSS Reply Brief Filed on 2600. You can read it in all of the appropriate formats - the next hearing is May 1, at the 2nd Court of Appeals in NY.

eclectro writes "The EFF representing 2600 has appealed the district court's decision that banned the posting of the DeCSS source code on websites. The case will be argued in April." EFF's brief makes good reading. If this is new to you, we've posted a few things about the DeCSS cases before.

A 2600 staffer known as Shapeshifter was arrested in the Philadelphia protests during the Republican convention in August. Here's Slashdot's coverage of that arrest. On Tuesday, Shapeshifter, whose real name is Terrence McGuckin, was convicted on two of the six misdemeanor counts. Apparently, the only evidence used at the trial was the uncorroborated testimony of a Philadelphia detective.

McGuckin was held in August for a week on a half-million dollars bond. The four charges that were dropped include the infamous accusation that his cell phone was an instrument of crime. The two counts he was convicted of were disorderly conduct and obstructing a highway.

His sentence is three months' probation and a fine of $135.50. He says he will appeal.

According to 2600, despite having a great deal of videotape, the prosecution used none of it, and convicted McGuckin entirely on the testimony of one police detective. Detective Angelo Parisi says he saw McGuckin talk on his cell phone, then point in a particular direction. A small group of people then moved in that direction to block an intersection for about twenty minutes.

Though Parisi was walking through the city capturing video of protesters' activities, this action was not caught on video.

Ironically, the protesters demonstrating to block the intersection "dispersed after getting a warning from police," with no arrests, says 2600.

Another protester arrested at the same demonstration was John Sellers, an environmental activist who was described in court as sowing "violence and mayhem." According to the Philadelphia Inquirer, "prosecutor Martelli spoke ominously of the massive dossier that federal and local authorities had built against Sellers."

Because of such comments, Sellers was held on $1 million bond, which is unheard of for misdemeanor charges. He was released Tuesday because, according to the prosecutor, there was no evidence against him. The same police detective who testified against McGuckin had been observing Sellers.

A 2600 staffer known as Shapeshifter was arrested in the Philadelphia protests during the Republican convention in August. Here's Slashdot's coverage of that arrest. On Tuesday, Shapeshifter, whose real name is Terrence McGuckin, was convicted on two of the six misdemeanor counts. Apparently, the only evidence used at the trial was the uncorroborated testimony of a Philadelphia detective.

McGuckin was held in August for a week on a half-million dollars bond. The four charges that were dropped include the infamous accusation that his cell phone was an instrument of crime. The two counts he was convicted of were disorderly conduct and obstructing a highway.

His sentence is three months' probation and a fine of $135.50. He says he will appeal.

According to 2600, despite having a great deal of videotape, the prosecution used none of it, and convicted McGuckin entirely on the testimony of one police detective. Detective Angelo Parisi says he saw McGuckin talk on his cell phone, then point in a particular direction. A small group of people then moved in that direction to block an intersection for about twenty minutes.

Though Parisi was walking through the city capturing video of protesters' activities, this action was not caught on video.

Ironically, the protesters demonstrating to block the intersection "dispersed after getting a warning from police," with no arrests, says 2600.

Another protester arrested at the same demonstration was John Sellers, an environmental activist who was described in court as sowing "violence and mayhem." According to the Philadelphia Inquirer, "prosecutor Martelli spoke ominously of the massive dossier that federal and local authorities had built against Sellers."

Because of such comments, Sellers was held on $1 million bond, which is unheard of for misdemeanor charges. He was released Tuesday because, according to the prosecutor, there was no evidence against him. The same police detective who testified against McGuckin had been observing Sellers.

Phlux writes "I was one of the original group of people sent letters by the MPAA back in March to stop posting DeCSS on the Web. I immediately removed the code from my site at that time. I have now been sent another letter telling me to cease and desist from linking to any other sites on the matter (there is a link to 2600 on the page). The standard list of threats apply. The page, and the text of the letter, can be found here." I think these form letters are sent with little or no human supervision. Which ought to be illegal in and of itself.

Hyena writes "Jello Biafra's surprisingly brilliant H2K address is now available online compliments of 2600, with many more H2K panels to follow. Expect further civil unrest in coming years." Here's a description of the speech written at the time. Despite being given at H2K, it isn't technical in nature, it's primarily a reflection of Biafra's decidedly anti-establishment views.

askheaves writes "2600 has a quick article about how they are no longer in the hotseat over their registration of the domain name verizonreallysucks.com. Seems that Verizon laid out a blanket of letters to 200 domain holders with Verizon in the name. They retracted in this particular case since it was not an example of domain squatting, like they had originally thought."

askheaves writes "2600 has a quick article about how they are no longer in the hotseat over their registration of the domain name verizonreallysucks.com. Seems that Verizon laid out a blanket of letters to 200 domain holders with Verizon in the name. They retracted in this particular case since it was not an example of domain squatting, like they had originally thought."

MattLesko writes: "Looks like the MPAA is now even going after those who link to copies of DeCSS, flying high on the recent ruling in their favor. 2600 has a copy of the letter they are sending out here , along with the usual lucid comments that we've come to expect from Mr. Goldstein." Some Slashdot readers have already written to say that access to their e-mail accounts has been yanked by (academic) providers for linking to DeCSS from their home pages. Has it happened to you?

MattLesko writes: "Looks like the MPAA is now even going after those who link to copies of DeCSS, flying high on the recent ruling in their favor. 2600 has a copy of the letter they are sending out here , along with the usual lucid comments that we've come to expect from Mr. Goldstein." Some Slashdot readers have already written to say that access to their e-mail accounts has been yanked by (academic) providers for linking to DeCSS from their home pages. Has it happened to you?

DivideX0 writes "Emmanuel Goldstein's response and analysis of the decision against 2600 in the DeCSS case appears in this article at the 2600 website." As always, Emmanuel's lucid and interesting to read.

DivideX0 writes "Emmanuel Goldstein's response and analysis of the decision against 2600 in the DeCSS case appears in this article at the 2600 website." As always, Emmanuel's lucid and interesting to read.

Welcome to another episode of Slashback, since stories keep popping up in parts rather than in neat, hermetic, well-encapsulated little packages. So read this -- it's like going to the demolition derby. You want to see the slip-ups, the revisions, the torture of correction, but without having beer poured on you by strangers. Read on if you'd like (at the very least) to know more about the the British Columbia law which relegated naughty (violent) video games to the back of the arcade.

And no, he didn't just slip through the bars. Grexnix writes "ShapeShifter, the 2600 staffer arrested during the Republican convention protests, has finally been released, after a series of events that clearly illustrate the sort of things to expect when the wheels of judicial bureaucracy start grinding. Read the article here."

Sticking up for common sense in the Great White North. Ant writes "http://www.globeandma il.com/gam/National/20000812/USOLDN.html Victoria -- The U.S. manufacturers of Soldier of Fortune are launching a legal battle over an unprecedented British Columbia ruling classifying the graphic computer game as an adult motion picture. Activision Inc. announced yesterday it will appeal the decision by B.C.'s provincial director of film classification that restricts minors under 18 from renting and selling the CD-ROM game. The Canadian distributor of the game, Beamscope Canada, has also filed an appeal with B.C.'s Motion Picture Appeal Board."

Well, it's not a law of nature, fellas. Ian01 writes "Here is an article from MIT's Tech Review magazine about how Moore's Law is false." Well, "false" is a little strong a word for as loose an idea as Mr. Moore's -- errr, "conjecture" -- but isn't it nice to see things keep getting smaller faster and cheaper?

Lars Lars Lars Lars Lars Lars Lars Obiwan Kenobi writes: "As quoted from the Q Online article: 'Napster's number one critic Lars Ulrich - who can barely contain his pleasure at seeing the file sharing company in strife - has done a U-turn. The Metallica drummer's business, the no-brainer monikered The Music Company, will promote work from its artists online at www.theMusicCom.com. And users will be able to sample one of the artists, Goudie through MP3 downloads on the band's official site, which it linked through The Music Company site.'

Dudn't it just seem...you know...ironic?"

While Lars hawking online music may seem ironic at first blush, reading the words he spoke to slashdot a few moons ago, it's not that surprizing at all. Metallica, after all, has long allowed fans to bootleg their concerts, and as Lars said, "So of course there will be at some point -- we are not stupid, of course we realize the future of getting music from Metlalica to the people who are interested in Metallica's music is through the Internet. But the question is, on whose conditions, and obviously we want it to be on our conditions." Now at some level, doesn't that strike a chord?

Welcome to another episode of Slashback, since stories keep popping up in parts rather than in neat, hermetic, well-encapsulated little packages. So read this -- it's like going to the demolition derby. You want to see the slip-ups, the revisions, the torture of correction, but without having beer poured on you by strangers. Read on if you'd like (at the very least) to know more about the the British Columbia law which relegated naughty (violent) video games to the back of the arcade.

And no, he didn't just slip through the bars. Grexnix writes "ShapeShifter, the 2600 staffer arrested during the Republican convention protests, has finally been released, after a series of events that clearly illustrate the sort of things to expect when the wheels of judicial bureaucracy start grinding. Read the article here."

Sticking up for common sense in the Great White North. Ant writes "http://www.globeandma il.com/gam/National/20000812/USOLDN.html Victoria -- The U.S. manufacturers of Soldier of Fortune are launching a legal battle over an unprecedented British Columbia ruling classifying the graphic computer game as an adult motion picture. Activision Inc. announced yesterday it will appeal the decision by B.C.'s provincial director of film classification that restricts minors under 18 from renting and selling the CD-ROM game. The Canadian distributor of the game, Beamscope Canada, has also filed an appeal with B.C.'s Motion Picture Appeal Board."

Well, it's not a law of nature, fellas. Ian01 writes "Here is an article from MIT's Tech Review magazine about how Moore's Law is false." Well, "false" is a little strong a word for as loose an idea as Mr. Moore's -- errr, "conjecture" -- but isn't it nice to see things keep getting smaller faster and cheaper?

Lars Lars Lars Lars Lars Lars Lars Obiwan Kenobi writes: "As quoted from the Q Online article: 'Napster's number one critic Lars Ulrich - who can barely contain his pleasure at seeing the file sharing company in strife - has done a U-turn. The Metallica drummer's business, the no-brainer monikered The Music Company, will promote work from its artists online at www.theMusicCom.com. And users will be able to sample one of the artists, Goudie through MP3 downloads on the band's official site, which it linked through The Music Company site.'

Dudn't it just seem...you know...ironic?"

While Lars hawking online music may seem ironic at first blush, reading the words he spoke to slashdot a few moons ago, it's not that surprizing at all. Metallica, after all, has long allowed fans to bootleg their concerts, and as Lars said, "So of course there will be at some point -- we are not stupid, of course we realize the future of getting music from Metlalica to the people who are interested in Metallica's music is through the Internet. But the question is, on whose conditions, and obviously we want it to be on our conditions." Now at some level, doesn't that strike a chord?