Slashdot Mirror

Rock-n-Rolf writes "In a previous story Slashdot reported that the German Wikipedia was threatened with injunction. The court has now ruled, as reported in German magazine Spiegel, and Wikipedia is likely to remain online (Babelfish translation). The dispute was about Wikipedia publishing the real name of a dead hacker in an article, and the parents objected to this."

quenting writes "In the debate around the anti-piracy bill, the French Parliament voted yesterday into law an amendment to the DADVSI bill that allows free sharing of music and movies over the internet, considering the downloaded files as a private copy. This decision goes against the French government and the music industry's recommendations, who argue the deputies only wanted to show their independence from the government. The initial bill's detractors who pushed for this amendment want a tax for author rights to be paid by everyone on the ISP fees." The French government has vowed to fight this decision (babelfish link).

ndverdo writes "There are reports of a working magnetic field engine prototype based on Alfvén waves designed by Austrian scientists. According to the reports fuel savings in rocket engines of 90% could be achieved. Other benefits include enhanced durability due to the nozzle forming outside the engine."

An anonymous reader writes "Engadget reports about 3700 Creative Zen "Neeons" shipped with a virus. The virus in question was the W32.Wullik.B@mm worm. Creative released a statement today to help consumers pinpoint the possibly effected devices."

Bill Kendrick writes "Back in January, ZDNet reported that the city of Vienna, Austria was looking to move at least a portion of its desktops to Linux. Well, it looks like it happened (in German; use the fish). Their official distro is based on Debian with KDE, and is called WEINUX." Update: 07/06 12:49 GMT by T : Several readers wrote to correct the spelling here: the correct name of the distro is "WIENUX."

starrsoft writes "The official BitTorrent search has debuted. The search engine was built by BT inventor Bram Cohen. The question? Will he get sued? The BT search seems to be down right now. (It'll really be down after this story is posted...) Spiegel has more (En): "Naturally other sites such as Bitoogle, Isohunt, SuprNova or Torrentspy have tried before, but either they became fast a goal of legal attacks on the part of the industry or they furnished rather durchwachsene [??] results. BitTorrent search however proves with first tests [that it is] as...Google...fast. The results come from a large number [of] more well-known and unknown... sites, and...permits sufficient restricting to the inquiry, in order to obtain really relevant results.""

Rene Rebe writes "The German News site Golem is running a report (babelfish translation) about the next generation X11 projects, like the OpenGL X-Server Xgl, Luminocity as well as Enlightenment 17. The report is including many screenshots and five videos."

hjf writes "According to a new presidential decree, and effective July 31, 2005, telecom carriers in Argentina will have to log every activity, including Internet chats, website visits, e-mails, phone calls, etc, made in Argentina. The data must be stored for 10 years, and must be available to the police and intelligence agencies within one hour, 24 hours a day. The telecom companies must pay for 'everything': software, hardware, and human resources, and will be required to use state-of-the-art technology as soon as it is available. This news was known already in specialized circles, but only yesterday it was published in major media. This is causing outrage among legislators and businessmen. Lawyers claim that it violates privacy laws and Constitutional rights (article 14), and the 'presumptive innocence principle' (innocent until proven guilty)." (The Fish comes in handy yet again.)

EtherAlchemist writes "Sakakibara Kikai has pictures and even a movie of their Land Walker robot (Babelfish translation here) which appears to work. Powered by a 250cc gas engine and armed with several guns (including 2 that fire Nerf-like balls) it stands at a little over 3 meters. What makes this one interesting is that it is actually armed and it is piloted instead of being an exo-skeleton. Makes me wonder if the creators of shows like Robotech or comics/RPGs like Battletech have any kind of licensening rights on appearance. I'd like to see a Warhammer..."

orzetto writes "Italian newspaper La Repubblica is reporting that Silvio Berlusconi's company, Mediaset (that owns three of the six main TV stations in Italy), has been tagging employees with Rfid chips since last December (for English version, ask the fish). The chips would allegedly be able to track the movements of any worker, even if Mediaset spokesmen say it's only to automatically open some doors to authorized personnel only and such things. Trade unionists from CGIL have reported the company's behaviour to the authorities, as it would be in violation of the Italian workers' charter (again, fish). This would probably be small news (yet another bad employer) if Silvio Berlusconi were not the Italian Prime Minister, violating the same laws he should enforce."

orzetto writes "Italian newspaper La Repubblica is reporting that Silvio Berlusconi's company, Mediaset (that owns three of the six main TV stations in Italy), has been tagging employees with Rfid chips since last December (for English version, ask the fish). The chips would allegedly be able to track the movements of any worker, even if Mediaset spokesmen say it's only to automatically open some doors to authorized personnel only and such things. Trade unionists from CGIL have reported the company's behaviour to the authorities, as it would be in violation of the Italian workers' charter (again, fish). This would probably be small news (yet another bad employer) if Silvio Berlusconi were not the Italian Prime Minister, violating the same laws he should enforce."

A reader writes:"A french appeal court ruled yesterday in favour of somebody who downloaded about 500 movies, on the ground that those were private copies, and that he didn't redistributed them, and that a tax was payed on blank media. This sets the huge precedent that P2P is legal over there. For the details, apparently no distinction was made on the method used to download the movies (upload issues) and the famous EUCD directive was even used by the defending lawyer." You'll want the fish for this one, unless you speak French.

wertarbyte writes "According to the German IT news site Heise, german Telekom and the german railway corporation Deutsche Bahn have formed an alliance to equip the ICE high speed trains with WLAN access (Babelfish translation), as well as the stations those trains arrive at. This offer is aimed at business travellers, and will first be introduced on routes frequented by those ("travel time is usable time")."

Philipp Lenssen writes "Heise reports the German search engines Google.de, Lycos Europe, MSN Germany, AOL Germany, Yahoo.de, T-Online and T-Info today in Berlin announced the forming of a self-regulating organization (Babelfish version) under the hood of the German FSM (the "Voluntary Self-Control for Multimedia Service Providers"). Their combined goal is to streamline the process of censoring content ruled illegal under German law, so that a user's search results are stripped from such items."

Lord An writes "It seems the decision about software patents in Europe has been delayed again for at least a week (link in German). Once again we have to thank Poland that the corresponding item was removed from the A-list of the Council of Agriculture and Fisheries. Hopefully this delay will be enough that the opposition vs. the patents will finally get the upper hand." Non-German speakers might find it useful to plug that URL into the Fish.

German site GameZone is running a piece discussing the late, lamented True Fantasy Online. In it they mention that the Xbox MMOG may be released on the Xbox 2, based on commentary from the president of Level-5. From the article: "Now these hopes are affirmed by the level 5-Praesidenten Akihiro Hino, because in the Japanese Dorimaga said it that according to its estimates True Fantasy Live one on-line one could nevertheless still appear."

baquiano writes "Today the Venezuelan press reports that the government has formally issued a decree (English translation) which prioritizes the use of free/open source software over proprietary systems in government entities. This follows a year of pilot deployments in Venezuela's Info Centros (Internet public access points) and some ministries. (Past attempts, reported by Slashdot, by former Minister of Science and Technology Felipe Perez Marti to push ahead this initiative were allegedly foiled by Microsoft.) The decree calls for plans to actively deploy FOSS during a 24-month period."

An anonymous reader sent in some pointers to Yahoo rolling out a video search tool. We've mentioned searching digital video previously, and AltaVista (remember them?) also has a video search available.

Zode writes "Jesse James Garrett reports that Amazon Mobile Japan customers can purchase a item with their camera phones. "Snap a photo of a product bar code using your cell phone, and Amazon Japan will give you a price check," according to Garrett, relaying from this article in Ketai Watch (Wireless Watch). Here's the English translation from Babelfish."

Mihg writes "Try searching Google Images for abu ghraib, lynndie england, or Lynndie's boyfriend charles graner and note how you don't get any pictures of US soldiers torturing Iraqi prisoners of war. Now try it with some of their competitors, like AltaVista, Lycos, or Yahoo!. Google used to be able to find them, as is discussed in this AnandTech forum thread." I'm guessing that this is another case of our administration confusing "National Security" with "Politically Undesirable". Update: 11/07 20:18 GMT by P : Google has a reasonable explanation.

An anonymous reader writes "German online news sites heise.de and spiegel.de has stories, that from April 2005 on a fee of about 17 to 18 EUR per month must be paid to the national broadcasters in Germany for personal computers in private households, which have possible access to the internet. The fee must not be paid, if it is already paid for a TV set. Companies are said to be obliged to pay that fee from 2007 on." Those who don't read German should make use of the Fish.

An anonymous reader writes "German news source Spiegel are reporting (english babelfish translation) that some TV journalists have found a seemingly abandoned Russian space shuttle in the Persian Gulf. It looks like it could be the atmospheric test demonstrator Buran OK-GLI which was in Sydney, Australia. Pictures here (external) and here (internal). Boy, what I would give to be able to sit in that seat and flip those switches!" Another reader, grm_wnr writes "German tabloid newspaper Bild reports that a russian Buran shuttle has been found in the Bahrain desert. Here is the story (in german, Google translation here). What's funny is that noone knows how it ended up there. At least the fate of one of the four Buran prototypes is now confirmed." There is not much confirmation on this, outside of a few pictures... let the reader beware.

JoScherl writes "The German news site Heise reports (German, Babelfish version) that the city council of Munich (3rd biggest city in Germany, 1.3 million inhabitants) has voted for the detailed concept of the LiMux - Linux for Munich (German, Babelfish version) project with votes from all parties except the CSU (Christlich Soziale Union, christion social union). With this decision the 13,000 Desktops and Servers of the city administration will be migrated to Linux. CSU, which has just won the European elections, said they won't support Linux since its Feierabendprogrammierer ('leisure-time coders') would destroy Munich's IT-landscape (Microsoft Germany and other big companies are located in and around Munich) and they also fear that the personnel would have problems with learning how to use OpenOffice and other migrated systems. The migration plan has the following steps: This year the Windows NT desktops get OpenOffice and Mozilla as their default office and browsing suite. In 2005 and 2006 the systems will be migrated to Linux, with some applications running on Windows application servers. In 2008 all applications should run native on Linux."

JoScherl writes "The German news site Heise reports (German, Babelfish version) that the city council of Munich (3rd biggest city in Germany, 1.3 million inhabitants) has voted for the detailed concept of the LiMux - Linux for Munich (German, Babelfish version) project with votes from all parties except the CSU (Christlich Soziale Union, christion social union). With this decision the 13,000 Desktops and Servers of the city administration will be migrated to Linux. CSU, which has just won the European elections, said they won't support Linux since its Feierabendprogrammierer ('leisure-time coders') would destroy Munich's IT-landscape (Microsoft Germany and other big companies are located in and around Munich) and they also fear that the personnel would have problems with learning how to use OpenOffice and other migrated systems. The migration plan has the following steps: This year the Windows NT desktops get OpenOffice and Mozilla as their default office and browsing suite. In 2005 and 2006 the systems will be migrated to Linux, with some applications running on Windows application servers. In 2008 all applications should run native on Linux."

Heraklit writes "As reported on German news site Heise, the system administrators of the Technical University of Braunschweig have temporarily given up the fight against spam. Because of the legal obligation to deliver all mail and of the delay time exceeding critical 5 days(!), they decided to switch off all filter mechanisms. Before, the 20 servers dedicated to processing e-mail alone had been breaking down under a load of 100000 unprocessed mail messages, ca. 98% of which had been spam or viruses. ... A similar e-mail jam occurred recently at the IT central of the German Federal Government. Is this the beginning of the end of e-mail?" (The Fish may be useful.)

Autoversicherung writes "Even if NEC tells you its impossible, German netzine Golem is reporting hackers have created an updated, unofficial version of the firmware providing DVD+DL (Double Layer) capabilities. Currently model 2100A and 2500A are patchable, more will hopefully follow soon. How cool, this enables me to skip an update cycle for burners!!" It's always fun to use the fish, and sometimes to void your warranty.

frankkubiak asks: "I recently bought the new iPod with 40GB. I understand the arguments of the record industry, that I should buy the music I want to hear. Alright. So I don't want to get MP3 files by file-sharing. But here is my problem: I live outside the U.S., in Germany to be exact. iTunes only offers service to those inside the U.S. (see this related Slashdot article). I don't want a CD, vinyl record, tape or minidisc. I simply want to listen to the music. Even if I decide to buy a legacy audio CD, it is often copy-protected and won't load in my PC. So, strictly speaking, it is not even an audio-CD. Heise keeps a database of those un-CDs (German language. English speakers can use this fish-translated page). It sounds incredible, but even after hours of research on the web, I don't see a legal way to use this device with new songs. The only way I see to use this device is to buy a CD, and if I can't rip it, I'll have to [break the law and] download the MP3-file via file-sharing. I believe there are more people like me out there who want to listen to their music, without feeling guilty. Why is there no one meeting this demand? How does Slashdot feel about this?" Before you mention Napster, let's note that it has similar restrictions (see the "International Considerations" section). So where can non-U.S. internet users go to download the legal MP3s that they want?

fmstasi writes "La Repubblica, one of the main Italian newspapers, reports shortly about an interview (in Italian) with Mariella Gramaglia, Communication Councillor at the Municipality of Rome. They are planning to start soon trying Linux on the desktop: 'The first tests will concern e-mail, address book software and sharing systems', she says. The Councillor also says that motivations are political rather than economic: 'In the short term, the money saved on license will have to be spent on training'. It seems that there haven't been any reaction yet from Microsoft: 'At Microsoft they know how much we esteem them', she says; 'for example, they are sponsoring a campaign to spread the use of computers among the elderly. And we'll keep on cooperating with them on other projects'. Maybe Microsoft also appreciates that there is (yet) no project of migrating all the clients? The Municipality has about 9,500 clients, so an eventual migration project would be slightly smaller than the one taking place in Munich."

gfrege writes "Perhaps you remember some long physics lectures from your days at school. But as part of a general strike of students at the Humboldt-Universitaet zu Berlin concerning cuts in funding for the city's universities, some physicists are in the middle of what could be the longest physics lecture in history. It started at noon on Monday, and is planned to run to noon on Thursday. Check out the topics, and if you're in Berlin, come on down. The Babelfish translations of the lecture titles make for some fun reading, too, if you can't make it there yourself."

CharonX writes "The Galileo project, an european alternative to the US based (and controlled) GPS system, recieved a severe setback today. Under US pressure the EU has agreed to use transmission frequencies that could be easily disturbed or completely jammed by the US military. Since one of Galileo's main advantages had been being independent of goverment or military control, this is a severe setback. Read more here on Heise.de (German - ya might want to use the fish)" Some of the background on this had NATO being unhappy with some of the provisions of it as well - at the least military structure.

Sique writes "The german newspaper Sueddeutsche Zeitung reports on its website, that the german ISP T-Online wants to buy AOL. The article is titled American Dream, but the actual wording is german. Ask the fish for help." There's also the article in Der Spiegel about the potential purchase as well; you can also check out T-Online's site.

Sique writes "The german newspaper Sueddeutsche Zeitung reports on its website, that the german ISP T-Online wants to buy AOL. The article is titled American Dream, but the actual wording is german. Ask the fish for help." There's also the article in Der Spiegel about the potential purchase as well; you can also check out T-Online's site.

Chirag Mehta writes "I just released a freeware service called BotBlock (barebones demo) that lets site owners copy/paste a few lines of PHP code and insert a CAPTCHA image-verification system into any web form. The amount of form spamming by bots is on a rise. While remedies exist for MT blogs, a more efficient solution is to use image-verification or text-identification. Used for a while by sites like Yahoo! (scroll to bottom), Hotmail and patented in 2001 by AltaVista, CAPTCHAs are now being used more widely. PARC also came up with two algorithms Baffletext and Pessimal Print. The technology always existed, but until now required the site owners to install image libraries and understand how to generate images that cannot be OCR'ed. With BotBlock it is like inserting a page counter."

poshul the hyper puppy writes "Is Square Enix planning on doing a follow up to its best-selling game of all time? Nearing press time at this year's Tokyo Game Show 2003 - it appears a scan from the upcoming V-Jump magazine has given away Square's surprise by revealing Final Fantasy VII: Advent Children. Leaked by Japanese site Quiter the details say it takes two years after the original, should be released on some form of DVD media (looks like this could this be a movie, not a game?), and involves our legendary hero Cloud. So either bust out Babelfish to read the details directly at Quiter or get the news from SquareAMP: Final Fantasy VII - Advent Children." Update: 09/25 18:54 GMT by S : IGN PS2 are pretty sure that this is a direct-to-DVD CG movie, as the poster suggested above, not a videogame.

SCO's McBride claims that IBM is stage-managing all the attacks and bad press, which would probably explain why I cleared this article with IBM World Headquarters before running it (not!). The publisher of Linux Journal invites SCO to sue. One of SCO's lawyers has this barely coherent interview where he spouts legal rubbish for a gullible reporter. There's an interview in German (machine translation) with SCO's execs. And finally, SCO is still hoping for a settlement with IBM. Update: 08/22 18:26 GMT by M : ESR responds.

FurbyXL writes "With the RIAA roaring to grab peer-to-peer users by their IP addresses, Freenet - fully anonymized production and consumption of content - is gaining renewed attention. Articles in New Scientist, ZDNet UK, Wired and CNET (and here) set a somewhat typical context for Freenets major release 0.52. Significant performance improvements through NIO-based messaging, probabilistic caching etc. should provide increased rest to Chinese dissidents, but may finally wake-up the RIAA's Matt Oppenheim..." The announcement on the Freenet home page lists several improvements found in the new version: "a new NIO technology that brings improved performance using less CPU and system resources," "Individual nodes are now more efficient," "the speed and routing of the entire network have significantly improved," probabilistic caching, user interface improvements, and more.

erbse2 writes "It may be that the (L)GPL can not be (fully) enforced under German jurisdiction. This is at least the conclusion professor Gerald Spindler of the jurisprudential faculty of the University of Goettingen came to when he examines the Legal questions of the open source software (It's long, it's complex and it's in German and it's written by a professor, so don't expect to understand anything, if you are not a German lawyer). Heise News has the article in German, however, the fish may be with you. IANAL, however, as one can put some of the legal problems aside, most of the concerns mentioned in there should provoke at least some thought by brave men around RMS."

neves writes "A brazilian consumer has sued EMI and Sony, and won! The reason was a copy protection technology in the best seller album "Tribalistas" that didn't play in his car. You can read about it in Folha de São Paulo (babelfish translation here), brazilian biggest newspaper. They must be very afraid, since EMI vice-president defended the company himself in a lawsuit involving less than US$ 350,00. A more detailed report is in my music site Agenda do Samba & Choro (babelfish here), where we release some of the lawsuit files to make it easier for others to sue them. Since last year, we are calling for a boycott (babelfish) of copy protected albums. The companies appealed, and said that they will take the case to the Supreme Court, because it is a 'question of principles'. The consumer is sueing them again, because all new EMI albums in Brazil are being released with copy protection and won't work in his car."

neves writes "A brazilian consumer has sued EMI and Sony, and won! The reason was a copy protection technology in the best seller album "Tribalistas" that didn't play in his car. You can read about it in Folha de São Paulo (babelfish translation here), brazilian biggest newspaper. They must be very afraid, since EMI vice-president defended the company himself in a lawsuit involving less than US$ 350,00. A more detailed report is in my music site Agenda do Samba & Choro (babelfish here), where we release some of the lawsuit files to make it easier for others to sue them. Since last year, we are calling for a boycott (babelfish) of copy protected albums. The companies appealed, and said that they will take the case to the Supreme Court, because it is a 'question of principles'. The consumer is sueing them again, because all new EMI albums in Brazil are being released with copy protection and won't work in his car."

neves writes "A brazilian consumer has sued EMI and Sony, and won! The reason was a copy protection technology in the best seller album "Tribalistas" that didn't play in his car. You can read about it in Folha de São Paulo (babelfish translation here), brazilian biggest newspaper. They must be very afraid, since EMI vice-president defended the company himself in a lawsuit involving less than US$ 350,00. A more detailed report is in my music site Agenda do Samba & Choro (babelfish here), where we release some of the lawsuit files to make it easier for others to sue them. Since last year, we are calling for a boycott (babelfish) of copy protected albums. The companies appealed, and said that they will take the case to the Supreme Court, because it is a 'question of principles'. The consumer is sueing them again, because all new EMI albums in Brazil are being released with copy protection and won't work in his car."

fixit! writes "This guy built his own CPU and VGA card. The site is in German. Here is the Babelfish translation of the site."

You asked nmap creator Fyodor many excellent questions, and his answers (below) are just as excellent. You'll want to set aside significant time to read and digest this interview, because Fyodor didn't just toss off a few words, but put some real time and energy into his answers.

1) Interesting stories involving nmap?
by Neologic

Nmap has obviously become a huge success in the *nix world. I would wager that practically all sysadmins and security folk use nmap. With this sort of use by such creative and lazy people, there must have been some interesting stories involving nmap, perhaps unusual uses of it, or funny anecdotes. Are there any you would like to share?

Fyodor

The coolest use ever was undoubtedly when Trinity used it to try and save the human race :). But the use I find most gratifying are the Chinese students and residents who have written me about how they use Nmap to locate open proxies. These proxies allow for surfing the uncensored Internet, including the news, educational, pornographic, religious, open source software, government, political, search engine, and human rights sites that are blocked by the Great Firewall of China.

Many of the best features in Nmap came from the user community in ideas if not implementation. For example, the protocol scan (-sO) determines what IP protocols (TCP, UDP, GRE, etc.) a host is listening for. I had not thought of this, but the idea and patch came out of the blue one day in an email from Gerhard Rieger. On another day, a guy named Saurik sent a patch called Nmap+V that allows Nmap to do basic service/version fingerprinting against open ports. It has attracted a cult following, and I plan to add similar functionality to Nmap this year. The initial Windows port by eEye arrived similarly. Despite all these great suggestions, certain other user-contributed ideas are not on the agenda.

Then there are a small handful of users who detect problems nobody else would ever notice, like 4 byte/host memory leaks. They send me error messages with notes saying the bug happens "about once per 700,000 IPs". I have no idea what these guys are up to, but some have been sending me this kind of mail for years. They can't be spammers, as they are intelligent and also use more sophisticated scan techniques than you would need to just find SMTP servers.

2) Recent increases in anal-retentiveness...?
by Zeriel

There's been a marked increase in system administrators thinking that anything even remotely resembling a network scan is eeeeevil (case in point, last year I almost got kicked out of college for scanning port 80 on my dorm subnet looking for interesting websites to read)...

What do you think can be done to make scanning IP addresses/ports have less of a negative stigma? This is in the same sort of category as legit vs. illegit uses of anything else (P2P, whatever)--what's the rationale for punishing something that could maybe lead to criminal activity, and how can we make network scanning tools have practical uses again?

Fyodor

That is an excellent question, and one that concerns me as well. But first, I think your final statement is too extreme. I would guess 90% of network scanning is non-controversial. You will rarely be badgered for scanning your own machine or the networks you administer. The controversy comes when scanning other networks. There are a lot of (good and bad) reasons for doing this sort of network exploration. Perhaps you are scanning the other systems in your {dorm, department, cable LAN, conference LAN} to look for publicly shared files (FTP, SMB, WWW, etc.). Or perhaps your just trying to find the IP of a certain printer. Maybe you scanned your favorite web site to see if they are offering any other services, or because you are curious what OS they run. Perhaps you are just trying to test connectivity, or maybe you wanted to do a quick security sanity-check before handing off your credit card details to that ecommerce company. You might be conducting Internet research, or be bored on a rainy afternoon. Or are you conducting reconnaissance in preparation for a breakin attempt?

The remote administrators rarely know your true intentions, and do sometimes get suspicious. The best approach is to get permission first. I've seen a few people with non-administrative roles land in hot water after deciding to "prove" network insecurity by launching an intrusive scan of the entire company or campus. Admins tend to be more cooperative when asked in advance than when woken up at 3AM by an IDS alarm claiming they are under massive attack.

You compared Nmap to P2P tools in having a "negative stigma". In both cases, one effective way to fight the stigma is to limit your own use to "legitimate" purposes. Use BitTorrent to download RedHat ISOs, but not Matrix Reloaded. Use Nmap to secure and monitor your computers, but not to attack other networks. And if you decide to attack other networks anyway, please be courteous and set the evil bit.

Now I'll admit that I don't always obtain explicit permission before scanning other networks. I don't believe (but IANAL) that a simple port/OS scan of a remote system is or should be illegal. Any machine connected to the Internet will be scanned so often that most admins ignore such "white noise" anyhow. But scan other networks often enough, and someone will eventually complain. So my advice would be:

1. Don't do anything controversial from your work or school connections. Even though your intentions may be good, you have too much to lose if someone in power (boss, dean) decides you are a malicious cracker. Do you really want to explain your actions to someone who may not even understand the terms "port scanner" or "packet"? Spend $10 bucks a month for a dialup or shell account. You didn't really violate this rule, as scanning your dorm subnet for just port 80 should not even be remotely controversial!
2. Target your scan as tightly as possible. If you are only looking for web servers, specify -p80 rather than scanning all 65,535 TCP ports on each machine. If you are only trying to find available hosts, do an Nmap ping scan. Don't scan a /16 when a /24 will suffice. The random scan mode now takes an argument specifying the number of hosts, rather than running forever. So consider -iR 1000 rather than -iR 10000 if the former is sufficient. Use the default timing (or even "-T Polite") rather than "-T Insane".
3. Nmap offers many options for stealthy scans, including source-IP spoofing, decoy scanning, and the more recent Idle Scan technique. But remember there is always a trade-off. You will be harder to detect if you launch scans from an open WAP far from your house, with 17 decoys, while doing followup probes through a chain of 9 open proxies. But if anyone (such as Tsutomu Shimomura) does track you down, they will be mighty suspicious of your intentions.

I occasionally consider adding some sort of "notification packet" prior to a scan that would give hosts the chance to respond and opt-out. This would be like the /robots.txt directives currently used to control polite Web robots. Perhaps the format could even include a text string that IDS systems could log, like: nmap -sS -p- -O -m "Direct questions about this scan to ops at x3512" 192.168.0.0/16 nmap -sS -p- -O -m "mY n4m3 iZ Zer0 |<00L and I'll 0wn j0o%#@" targetcompany.com/24 Of course Nmap would have an option to omit the notification or to send it and ignore any negative responses. Some scanners, such as ISS Internet Scanner already send out NetBIOS popup messages to scanned hosts by default, and other scanners use syslog. I won't be adding any features like this to Nmap unless I see substantial demand and the obvious issues are worked out.

3) OS fingerprinting
by neoThoth

What are the latest advances in fingerprinting networked devices that seem most promising to you? I have started reading papers on HTTP fingerprinting and such and wonder how these will figure into the NMAP architecture. What are the most elusive OS's that aren't on the NMAP OS fingerprint database?

Fyodor

There are a number of OS detection techniques I hope to add this year. One is to guess (or calculate) the initial TTL of response packets, since this varies by OS. Some operating systems also "reflect" your own chosen TTL under various circumstances. Then there are some newer TCP options, such as selective ack that I might test for. Explicit Congestion Notification (RFC 2481/3168) also shows promise. I'll probably add all of these at once later this year, after discussions with the Nmap-dev list. If you wish to participate, you can join that list by sending a blank email to nmap-dev-subscribe@insecure.org. There is also a low volume, moderated list for announcements about Nmap, Insecure.org, and related projects. You can join the 15,000 current members by mailing nmap-hackers-subscribe@insecure.org [archives].

While adding new fingerprinting techniques is fun and exciting, improving the signature database often ads more value. The DB now contains more than 850 signatures, from the Acorn RISC OS and Aironet wireless LAN bridge to the ZoomAir wireless gateway and Zyxel Prestige routers. We're talking gaming consoles, phones, PBX systems, PDAs, webcams, networked power switches, you name it! New fingerprints are submitted daily.

Application level fingerprinting (including HTTP) is coming. I usually regret stating dates, but I hope to develop this functionality within the next 3 months.

4) Stepping into a network security career
by Anonymous Coward

I'll be graduating this month with a shiny new BS in Computer Science. I've done plenty of Unix sysadmin work throughout college and even deployed some high-interaction honeynets. I'm very interested in network security and systems programming. Do you have any advice for people in my situation who want to head into a career in network security?

Fyodor

Congratulations on your graduation! Unfortunately (for newcomers), the security field is one that often expects substantial experience and references. This is partly because these jobs require extraordinary trust, and also because of an aversion to mistakes. Everyone makes mistakes, but they can be extraordinarily costly in security and neophytes tend to make more of them. But don't lose hope! Talented security minds are still in very high demand, just be aware that you will have to work even harder to prove yourself.

Here are my suggestions for anyone starting out in network security, whether for fun or profit:

Step 1: Learn everything you can

1. You may wish to start with reading a general overview of security, such as Practical Unix and Internet Security 3rd Edition.
2. Reading alone won't teach you much. Hands-on experience is critical, so I would set up at least a basic test network. At the very minimum you should have a Unix box or two and a Windows machine (because these are very common in the real world). You can use very cheap machines, or even emulate a large network with virtualization software such as VMWare.
3. Next you should learn more about how attacks are performed. Take a look at the excellent and free Open Source Security Testing Methodology Manual (OSSTMM). This document aims to provide a comprehensive framework for security testing. But it mostly lists tasks to perform, without specifying how to do so. You will gain a lot from this manual if you research the tasks you don't know how to complete, and if you actually try performing the tasks on your test network. If this manual is too curt or hard to follow, you could try a more verbose book on vulnerability assessment, such as Hacking Exposed 4th Edition.
4. Now that you understand many of the general security ideas, it is time to get current. This is one area that has actually become easier in the last decade. The thinking used to be that vulnerability information should only be distributed to well-known and trusted administrators and security researchers through private digests such as Zardoz. This was a disaster for many reasons, and the full disclosure movement was born. In the last couple of years things have started to shift toward more limited ("responsible") disclosure and there is also a disturbing pay-money-for-early-disclosure trend. But information is still much more available than it used to be. Most of the news is carried on mailing lists, and I archive the ones I consider the best at Lists.Insecure.Org. You must subscribe to Bugtraq, and I would also highly recommend pen-test, vuln-dev, and security-basics. Read at least the last 6-12 months of archives. Choose other lists that correspond to your interests. SecurityFocus also offers a security-jobs list which is an excellent resource for finding jobs or just understanding what employers desire.

   There are two major reasons for reading Bugtraq. One is that you must react quickly to new vulnerabilities by patching your servers, notifying your clients, etc. You can get this by simply scanning the subject lines or advisory summaries for bugs that directly apply to you. But then you will miss out on another crucial purpose of Bugtraq. Actually understanding a vulnerability helps you defend against it, exploit it, and identify/prevent similar bugs in the future. When you are lucky, the advisory itself will provide full details on the bug. Check out this excellent recent advisory by Core Security Technologies. Note how they describe exactly how the Snort TCP Stream Reassembly vulnerability works in detail and even include a proof-of-concept demonstration. Unfortunately, not all advisories are so forthcoming. For bugs in Open Source software, you can understand the problem by reading the diff. The next step is to actually write and test an exploit. I would recommend writing at least one for each general class of bug (buffer overflow, format string, SQL injection, etc.) or whenever a bug is particularly interesting.

   Be sure to read the latest issues of Phrack and the research papers posted to the mailing lists. Send your comments and questions to the authors and you may start interesting discussions. Read well-regarded books on the security topics that interest you most.

   I can't emphasize enough that you should intersperse hands-on work with all of this reading. Install unpatched RedHat 8 (or whatever) and run Nmap and Nessus against it. Then compromise it remotely, maybe via the latest Samba hole. Start out with a prewritten exploit from Bugtraq, which isn't quite as easy as it sounds. You may have to modify the 'sploit to compile, brute force the proper offset, etc. Then break in again using a different technique, and your own exploit. Install Ethereal and/or tcpdump and ensure you understand the traffic on your network during both your exploitation and normal network activity. Install Snort on an Internet-facing machine and watch the attacks and probes you'll experience. Wander around your neighborhood with Kismet, Netstumbler, or Wellenreiter on your Laptop or PDA to look for open WAPs. Install DSniff and execute an active MITM attack on an SSH or SSL connection between two of your computers. Take a look at my Top 75 Tools List and ensure you understand what each does and when it would be useful. Try out as many as you can.

5. Take a vacation, or at least a weekend camping! You deserve it! The steps above would probably take at least 3-12 months full-time, depending on your motivation level and the depth and breadth of your research.

Step 2: Now apply your newfound knowledge

Now you have learned enough to be dangerous. At this point, you would have little trouble obtaining most certifications, after studying the specifics of each topic. If your main goal is to find a job quickly, perhaps adding these extra feathers to your cap might be worthwhile. But I think your best bet is to prove your knowledge by joining and contributing to the security community. While this does indeed help others, it isn't an entirely selfless act. It improves your skills, leads to important contacts, and demonstrates your knowledge and ability in a constructive way. The latter is important if securing a career is one of your goals. These steps should also be fun! If not, perhaps you should keep looking at other fields. Here are some ideas:

Start participating with insightful comment and answers on the mailing lists. This is very easy and serves as a great learning experience, way to meet people, and garners some name recognition. If a security manager with a stack of 60 resumes recognizes your name, that is a huge win!

When a new worm or a big new vulnerability comes out, everyone wants to know the details. If you stay up all night disassembling the worm/patch and write the first comprehensive analysis, many folks will find that valuable. And you will learn a lot. Let your first priority be quality - if someone beats you to it, just compare your results with theirs to see if you (or they) missed (or misinterpreted) anything. You can also post your own exploits, although that is more of a political hot potato.

Attending security conferences is a great way to learn, party with fellow hackers, and network (in every sense of the word). Much better is to speak at these conferences. This field changes rapidly so there are always new topics and technologies to discuss. You don't have to be a well-known expert with a long history - just learn your topic well and put in the effort for a quality presentation. You could present at Defcon, at one of the more commercial events, or at a smaller regional con like ToorCon, CodeCon, Hivercon, etc. Among other advantages (often free admission/travel/hotel), this is a great way to meet people with similar interests. I spoke at the latest CanSecWest and have submitted a proposal for the next Defcon.

Now that you've seen and understand a wide variety of software vulnerabilities from your Bugtraq research, start finding your own. You can start by downloading any PHP app from Sourceforge. Most of those are hopelessly vulnerable to Cross-Site-Scripting, SQL injection, and/or remote code execution by "remote include" directives. Many (if not most) Windows shareware daemons are also vulnerable to simple buffer overflows and format-string bugs. Notify the authors and then write an advisory. After a few of these "easy targets", try breaking some more widely deployed programs.

Write a security tool! I could list some suggestions, but by this point you will have many of your own ideas as to what is needed. Scratch an itch.

I hope this helps. If you want more suggestions, Ask Slashdot. From that story, I found this post particularly insightful, especially the emphasis on "people skills". I don't claim to have any, but understand the value :).

5) Have you ever been tempted to use your gifts...
by Tim_F

...in a negative manner?

Have you ever hacked into someone else's computer? Have you ever considered it? What would cause you to think of doing this? Would your tools (nmap, etc.) be enough to allow you to do this?

And if you haven't, why is that the case?

Fyodor

I never do script-kiddie style "hack any random vulnerable box on the Internet" cracking. But sometimes I will launch targeted attacks at specific companies. I'll usually start with just a web browser and various search engines to learn everything I can about my target. I need to understand what the company does, who it partners with, and whether it has any corporate siblings, subsidiaries, or parents. Beyond that, posts by individual employees can be a gold mine. Besides providing names and titles for social engineering and brute force password attacks, the IPs in the mail/news routing headers can be very valuable. One of the reasons I run my own mailing list archive is to maintain access to the raw mail folders which contain the routing info and X-no-archive posts that web archives strip out. Another advantage to locating employees is that you can send them trojan executable attachments, which can be a very effective way into the network.

Next I'll gather known IP network information on the companies via DNS, whois, regional registries like ARIN, routing info, Netcraft, etc. Then comes the scanning (I tend to use Nmap), application-probing, vulnerability discovery, and exploitation stages.

Of course, I only do this when the company is paying me to do so. Performing these pen-tests offers several advantages over blackhat activity:

1. You don't go to jail (If you've worded your contract carefully.)
2. Instead of having to keep your übertechniques secret to avoid prosecution, you get to demonstrate them to management.
3. They actually pay you for this! And you are helping to protect them and the privacy of their customers.

Now some people might ask how you gain these skills without practicing on other networks first. Cheap hardware and the evolution of free UNIX operating systems have made this much easier than in the past. See the previous answer for some suggestions. And remember that you can always work together with friends, or participate in hacking contests like Defcon's Capture the Flag.

6) You'll have seen a lot of breakins.
by Hulver

During your time running Honeypots, you'll have seen a lot of compromised systems. Is there any incident that's really stuck in your mind because of the audacity of the attempt, or the stupidity of the person attempting the breakin.

Fyodor

On the humorous front, one attacker was was running a public webcam during his exploits, so we were able to watch him crack into our boxes in real time :). I will resist the urge to link a screenshot. His rough location was determined when we noticed Mrs. Doubtfire playing on his TV and correlated that with public schedule listings. He was working with a Pakistani group, but was actually on the US East Coast.

In the "disturbing audacity" front, this year we found that a group of crackers had broken into an ecommerce site and actually programmed an automated billing-sytem-to-IRC gateway. They could obtain or validate credit card numbers by simply querying the channel bot! Expect a more detailed writeup soon.

7) What makes a honey net enticing?
by cornice

It seems that many of the honey nets that the average hobbyist would run are built to attract a lesser cracker. What I mean is that ports are left open that normally would not be left open. Services are running that normally should not, etc. I think that a really smart fish would see this as nothing but a cheap lure and refuse the bait. Do you think it's possible to fool the really smart fish? Is is possible to bait with something enticing enough without tipping off the big fish? Does publication of your work make this task more difficult?

Fyodor

Excellent question, and I had many of the same concerns upon joining the project. Then I remembered that most of the attacks and real-world compromises are committed by these marginally skilled script kiddies. So there is still a lot of value in understanding their tools, tactics, and motives. Despite this apparent limitation, I have been surprised by some of the sophisticated things we have found. For example, the first known "in the wild" attack using the Solaris dtspcd vulnerability was caught by one of our honeynets and resulted in this CERT advisory. Then one of our Honeynet Alliance members had their Win2K honeypot compromised and joined into a botnet with 18,000 machines! Attackers on such a grand scale won't even know all of the companies they have compromised, much less whether any of the systems are honeynets.

I do believe baiting the "smart fish" might be possible, but I have never done this. Is not legally entrapment, as we aren't any sort of police force, but I am not very comfortable with the idea. If someone attacks my box that is just unobtrusively sitting on the network, I believe the attacker should have no expectation of privacy for his activities on the system. Things become more complex if I try to lure the attacker.

8) IPv6
by caluml

Do you think that with the very large address space of IPv6 that random scanning for a certain port will die off? (I notice nmap doesn't support random IPv6 address scanning - maybe you've already come to the same conclusion?) Simply put, the chances of finding a machine if it's not advertised anywhere will be very much reduced. Will this make people lazy and complacent, trusting on the large numbers involved to protect them?

Fyodor

Finding a machine by by pinging a completely random 128-bit address will probably never be effective. Fortunately, we won't have to! Nmap does not even do that for 32-bit IPv4 addresses - it is smart enough to skip huge blocks of address space that are unallocated or used for private (RFC1918, localhost) addresses. We will also see patterns emerge for IPv6. For example, they may often be allocated sequentially so that finding one leads to many others. I am waiting until adoption rises and we start seeing these patterns emerge before I can implement them appropriately in Nmap. Certain new DNS features may also prove useful for locating IPv6 machines and networks.

9) standalones and small home nets
by zogger

it seems like most of the emphasis is on enterprise networks, but that still leaves millions and millions of home machines and small home networks just stuck. What do you see as some of the trends and solutions for those people? Their data and system integrity is just as important to them as any corporations is, and usually not having the appropriate skill set, is even harder to implement.

Fyodor

I am afraid the focus by security companies on enterprise networks will continue, as that is where the money is. The good news is that securing small home networks is far easier. But that doesn't make it simple, nor mean that many people will bother. I would categorize the risks into 3 categories:

Traditional network server vulnerabilities: Your average home user doesn't need to run any network daemons or have any TCP/UDP ports open to the Internet. Most of the time they only have 1 IP, used either by a standalone PC or a NAT device (e.g. "broadband router") in front of their small network. This is a good configuration, as it limits what attackers can reach directly. But you need to be sure that the IP doesn't have any unnecessary ports open. You can verify this by running 'netstat' on the Windows or UNIX machine using the IP. I would also recommend confirming using a port scanner such as Nmap. Here are example commands:

nmap -p- -sS -T4 -v -O [your IP]
nmap -p- -sU -v [ your IP ]

The TCP and UDP scans could be combined into one execution, but are listed separately since the TCP scan may go much faster. Remote UDP scans are also less reliable against some heavily filtered hosts. You may have to rely on the netstat info or configuration details in this case.

Any open ports found should be evaluated with extreme prejudice. Unless clearly necessary, close Windows file sharing, external NAT device admin ports, and everything else found.

Don't forget the wireless backdoor! Blocking the Internet link from your private machines is insufficient if anyone can hop on your open WLAN and attack your machines. WEP isn't perfect, but the 104-bit (so-called 128-bit) version should at least keep people from accidentally connecting to your network or sniffing your data. Be sure to set a good password and upgrade to recent firmware for your WAP and other network devices.

Subscribe to the security advisory lists for all the operating systems (and devices, if available) you run. Major vendors such as RedHat, Debian, FreeBSD, Mandrake, and Microsoft all offer these. Most even offer automatic updates if you desire that.

Client vulnerabilities: Once you close the services you don't need (ideally all of them), client vulnerabilities must be addressed. Keeping your web browser and mail reader up-to-date is particularly crucial. Also harden them as much as possible. For example, IE is full of holes but at least has a good interface for site-by-site security policies (Tools -> Internet Options -> Security). Go through and neuter the "Internet zone" settings by disabling ActiveX and Java. In the rare case that sites need this, find an alternative site or add them to the trusted zone. If your are really serious about security, neuter "trusted sites" and "local intranet" privileges as well. Many recent IE vulnerabilities trick the browser into using the wrong zones. Consider using a different browser. Also configure your mailer to disregard HTML and JavaScript.

Remember to pay careful attention to security warnings, whether they come from IE, Mozilla, your ssh client, or anything else. Don't just click OK. And don't shoot yourself in the foot when configuring your apps. It is hard to entirely blame the vendor when users tell P2P apps or Windows filesharing to share their whole drive without any password. Failing to change default passwords or enable basic restrictions on X Window or FTP servers is only slightly more forgivable. All of these errors happen frequently! The apps/devices should be secure by default, but you have the ultimate responsibility for protecting your data.

Malware: This is what I consider the biggest problem on desktops: people running applications they can't trust. Email borne viruses, worms and trojans are an obvious example. Be very careful what you click on. Unfortunately, it is very difficult to know what to trust. Mail is trivial to forge, and even the "proper" installers for many P2P applications infest your computer with loads of invasive spyware. Even Intuit TurboTax was caught writing to customers' boot information track.

What can you do? My honest suggestion is to run peer-reviewed open source applications on a free OS such as Linux or FreeBSD. You still have to be careful, but these problems are far less prevalent on UNIX platforms, which also have better tools and procedures to deal with them.

What if dumping Windows is not an option? Run NT/2K/XP instead of Win9X/ME, and try to run everything you can as an unprivileged (non-administrator) user. Be extraordinarily careful about what you install and run, and make frequent backups. You might also want to look into a personal firewall such as Zone Alarm (limited free version.

10) What is your favourite tool?
by Noryungi

I have just read your top 75 security tools list. Thank you for posting all this information, which I am going to study very carefully.

One question though: in all these tools, which one is your personal favourite? (This excludes Nmap, of course).

Fyodor

I have far too many favorites among this great group to choose just one! But here are a few developers and tools that are particularly worthy of mention:

One of the people I most admire in the security field is Solar Designer. He is a guru in networking, security, and low level kernel/assembly/architecture details. He has also created many tools that security professionals use daily. Yet he never exhibits the arrogance, elitism, and egotism that sadly characterizes so many "stars" of the security community.

Among SD's tools is John the Ripper, my longtime favorite local password hash cracker. It has been around forever, but was written with a flexible and powerful interface while keeping extensibility in mind. So it is still as useful in these days of shadowed password files and MD5/Blowfish hashes as it was back in the days of crypt() and unprotected /etc/passwd. Lately SD has been working on the Owl secure GNU/Linux distribution, which can be installed on disk for hardened systems like firewalls, or booted and run from CD as an easy way to run security tools such as John and Nmap.

Another of those "brilliant yet still nice" security developers is Dug Song. Even after the seminal "Insertion, Evasion, and Denial of Service" paper by Ptacek and Newsham, many IDS vendors continued to ignore the problem. When Doug released Fragrouter (now fragroute), which implements some of these attacks, vendors finally took notice! He has also written the excellent libdnet library, but my favorite of his tools is DSniff, a suite of tools for advanced network sniffing and "monkey-in-the-middle" attacks. It even handles ARP poisoning and other techniques for sniffing hosts on a switched LAN.

While I'm on this topic, let me also give "mad props" to the Hping2 packet prober, Kismet wireless stumbler, Ethereal packet decoder, Netcat, recent THC releases, Snort IDS, the Nessus vulnerability scanner, and all the other great Open Source tools out there!

I would also like to thank Slashdot for granting me this interview and to everyone who asked such excellent questions. I only wish I had time to answer more of them. Then again, I have probably rambled on enough. Now it is your turn to ramble in the comments :).

Cheers,
Fyodor

Kurt Pfeifle writes "Steve Ballmer's recent trip to Munich to offer up to 90% rebates for the Microsoft Software Assurance and Licenses was in vain. The ruling party of Germans biggest city and self-proclaimed 'technology capital' now decided to migrate 14.000 workstations to Linux and an OSS office suite. A study comparing the alternatives had assigned 6218 (out of 10.000) points to Linux/OSS, while the MS Windows platform only scored 5293. Babelfish translation of the latest newsticker story."

RoLi writes "Heise has a story (The babelfish translation sounds like a speech from Yoda, but the important facts are translated correctly.) about LinuxTag taking legal action against SCO. SCO will either have to retract their claims, disclose their "proof" (if it exists) or be fined. That's certainly good news." Update: 05/26 17:25 GMT by T : Reader Fizz points to the more understandable LinuxTag press release (in English and German), and adds: "The notice, dated Friday, May 23, maintains that SCO Group is sowing uncertainty among the community of GNU/Linux users, developers and suppliers."

MiniDVfanatic writes "Last year I read an article in Slashdot about using MiniDV as a backup medium. Now I've found a recent article about the same topic in bulmalug.net. It's in Spanish, and it just talks about dvbackup, the same tool recommended in some old Slashdot posts, but it adds some interesting ideas such as data compression and interleaved Reed Solomon for error detection and correction, using a tool called rsbep. According to the author's tests, this should let you backup 13GB in a cheap MiniDV tape in a safe manner, and restore it all later. Example commands provided, with simple workarounds for slow machines which cannot feed the tape at 3.6MB per second." You can fish the translation, for those who need - I was able to get by with my high school Spanish. Pretty cool stuff.

TKS writes "It's one of those cases you study that can send a whole network to failure but never really happens. However, this time it did. Today Vodafone's spanish nation wide network stopped working [google Translation / Original Verion] for more than 7 hours leaving eight million clients without service. Allegedly an error updating a node's software expanded to the whole network affecting mobile connections and internet access." The Fish comes in handy if you don't speak Spanish.

Nate writes "Overture announced that they bought AltaVista today for $140M in cash and stock. This follows closely on the heels of Yahoo's purchase of Inktomi. Considering the significant financial muscle of Yahoo and Overture, I hope that Google can continue to maintain their lead. For those of you who aren't familiar with Overture, they are the 800-pound gorilla in the pay-for-placement listing market. When you search in Yahoo, those Sponsor Matches at the top are provided by Overture."

jorlando writes "On Sunday (06-Oct) Brazil will again use electronic ballots for its Presidential Elections. Since a lot of /. readers from time to time talk about the pros and cons of this type of technology, it's a chance to see how it perform well (at least in Brazil...). Representatives from NGOs, ONU and foreign Governments were invited as observers and to see a working electronic votation system in a huge scale, since there are more than 115 million of voters in Brazil ... usually the results of the election are given 4 hours after the closing of the ballots (17:00 Brasilia -3GMT), with a small margin of error, since only 98% of the votes are computed in 4 hours ... some ballots are in places (mostly in far-away rural areas and in the Amazon region) that need to be taken to larger cities to be connected to the vote-download system ... ballots are made by Procomp, the comunication sytem is a VPN-like made by Embratel. The election can be accompanied by the main Brazilian notice sites (http://www.uol.com.br , http://www.estado.com.br, http://www.globo.com and others), mostly only Portuguese, so use the fish!"

Slashback is loaded with updates to recent (and not-recent) Slashdot postings. More opportunity to hot-rod your Dreamcast with an ethernet adapter, continuing seed-patent madness, more stolen moon rock, an update to Chrisd's favorite MP3 player and more, all below.

Not a paperweight. 13Echo writes: "CSI, the manufacturer of the Dreamcast broadband adapter, is extending its reservations option by another week. They wish to meet a goal of 1,000 units before production will start. A rough Babelfish translation can be found here. This device is very beneficial in Dreamcast home-brew software development, and is also supported in the various Linux and BSD distributions on the Dreamcast. It is available for pre-order from this page at NCSX, or other import shops at a price of US $49.00. If any other Slashdotters are interested, now is the last time that we will be able to get one of these things. I've already placed my order with NCSX."

How about sell moon bits to sponsor the trips up there? Anonymous Coward points to this AP report which begins: "Four grains of moon dust brought to Earth by the first manned lunar mission were stolen from a space exhibit in Sweden, a museum official said."

Will the stolen moon rock madness ever end?

The race is on, Apple. SailorBob writes "The NexII got good reviews on slashdot (Review: Nex II CF MP3 Player) a while back and now a newer version named the NexIIe is shipping. Some nice functionality has been added such as drawing power from the usb while copying files and being able to hook to an external AC adapter. They've also told me via e-mail that they're considering adding Ogg Vorbis support, which wouldn't be a problem after the fact since the player can be updated for new formats with a firmware update."

Graphomania has a name, and it is Orson. Binestar writes "Author Orson Scott Card has released his latest book, Shadow Puppets. As usual, the first 3 chapters are available online. He's definitely one of my favorite authors."

Just kidding, folks -- just kidding. Afraid to play video games in Greece? Elonka indicates this BBC story (Court Allows Greek gamers to play on), excerpting: "In reference to the recent law enacted in Greece which bans all computer games, a court in northern Greece today threw out the case against two internet cafe owners who were arrested for allowing clientele to play Counter-Strike and online chess. The court said the law was unconstitutional."

Monsanto should invest in helicopters and lawyers for a whole new revenue stream. dwprice writes "A Saskatchewan farmer loses a patent infringement case when it turns out patented canola is growing in his fields and he didn't pay for it. He claims it blew into his field." When this farmer, Percy Schmeiser, lost the first round, I figured it was a simple lapse of sanity and would be overturned on appeal. No such luck.

Best TV news I've heard in a while. Masem writes "Offical word has been announced that Futurama will be shows on Cartoon Network (most likely as part of the Adult Swim Comedy block) starting in Jan 2003, according to Cartoon Reasearch. No indication of new episodes, but CN will have all 72 episodes that have been made."

JayBonci writes "Dust off the old Dreamcast. If you're one of the many like myself who still enjoy their Dreamcast or are aspiring DC hackers, then you may want to pay attention to a quiet announcement by CSI, the Japanese manufacturer of the Dreamcast Broadband Adapter (flaky, but understandable translation provided by the fish). If you have no idea what the BBA is, the official page here. If CSI gets 1000 pre-orders for the unit, they will be willing to make another production run. Keep in mind that these units are very useful for the Dreamcast Linux efforts and NetBSD/Dreamcast, and that Japanese units work on US systems."