Slashdot Mirror

The BfR report, which was the basis for at least the EU reports was largely copied from Monsanto texts without listing those as sources: https://www.theguardian.com/en... . Given that Monsanto is far from a neutral party in this it makes the contents look rather suspect. Best case the guy in charge of the report was too lazy to do his job right, worst case he got a preprinted conclusion and only filled in some blanks.

I wasn't aware of that accusation, thanks for the interesting dive. The skeptic in me does however first want to raise a few red flags in the reporting done by The Guardian's author Arthur Neslen. First of all, a surprising amount of them cover glyphosate and Monsanto:
[2015/jul/15]
[2015/nov/12]
[2016/jan/13]
[2016/mar/04]
[2016/may/16]
[2016/may/17]
[2017/may/24]
[2017/sep/15]
[2017/sep/28]
[2019/jan/15]
[2018/may/16]

These articles show a consistent style, giving undue weight by never reporting on the scientific consensus, and instead promoting the minority view of politicians, Greenpeace members, other environmental activists and study authors to criticize glyphosate, and often giving them a chance to rebut the few token sentences given by those defending glyphosate.

I note that the style is completely different for another The Guardian author, which even mentions the views of other regulatory agencies than IARC and BfR, and presents a case for why the 4,300 page report (see [2017/sep/15]) contains copied texts from the Glyphosate Task Force in a non-sensationalist way.

The plagiarism claim was also denied by BfR; and at the end of the article you linked, Arthur Neslen again was uncritical of the article's last cited study in which glyphosate is criticized, where the possible conflict of interest of the organic food researcher Charles M. Benbrook isn't even mentioned.

I meant mostly that citing each one was pointless since they just repeat the conclusions of the same review(s). Listing all of them makes it look as if you had veri

This is the evaluation by IARC that opened up for the lawsuits:

IARC Monographs Volume 112: evaluation of five organophosphate insecticides and herbicides, International Agency for Research on Cancer, 2015:

The herbicide glyphosate and the insecticides malathion and diazinon were classified as probably carcinogenic to humans (Group 2A).
[...]
For the herbicide glyphosate, there was limited evidence of carcinogenicity in humans for non-Hodgkin lymphoma. The evidence in humans is from studies of exposures, mostly agricultural, in the USA, Canada, and Sweden published since 2001. In addition, there is convincing evidence that glyphosate also can cause cancer in laboratory animals.

That IARC evaluation was subsequently criticized, and other high-profile papers and agencies were unable to reach the same conclusions:

A regulatory perspective on the potential carcinogenicity of glyphosate, Journal of Toxicology and Health, 2015:

It appears that IARC has overreached in its conclusion by failing to consider the vast body of literature supporting the notion that glyphosate is not a carcinogen. Besides, IARC has failed to place potential hazard into a context of actual risk. When the conditions of glyphosate use in Egypt is rationally analyzed, it appears that exposure of the public to glyphosate is order of magnitudes far below the zero-risk dose.

The BfR has finalised its draft report for the re-evaluation of glyphosate - BfR, German Federal Institute for Risk Assessment, 2015:

In conclusion of this re-evaluation process of the active substance glyphosate by BfR the available data do not show carcinogenic or mutagenic properties of glyphosate nor that glyphosate is toxic to fertility, reproduction or embryonal/fetal development in laboratory animals.

Systematic review and meta-analysis of glyphosate exposure and risk of lymphohematopoietic cancers, Journal of Environmental Science and Health, 2016:

Bias and confounding may account for observed associations. Meta-analysis is constrained by few studies and a crude exposure metric, while the overall body of literature is methodologically limited and findings are not strong or consistent. Thus, a causal relationship has not been established between glyphosate exposure and risk of any type of LHC.

EPA Releases Draft Risk Assessments for Glyphosate, Environmental Protection Agency, 2017:

The draft human health risk assessment concludes that glyphosate is not likely to be carcinogenic to humans. The Agency’s assessment found no other meaningful risks to human health when the product is used according to the pesticide label. The Agency’s scientific findings are consistent with the conclusions of science reviews by a number of other countries as well as the 2017 National Institute of Health Agricultural Health Survey.

Glyphosate toxicity and carcinogenicity: a review of the scientific basis of the European Union assessment and its differences with IARC, Archives of Toxicology, 2017:

Since glyphosate was introduced in 1974, all regulatory assessments have established that glyphosate has low hazard potential to mammals, however, the International Agency for Research on Cancer (IARC) concluded in March 2015 that it is p

TFA is trying to make the situation seem bad, when in fact it's good.

The 2020 plan is extremely ambitious. It was supposed to be really, really hard to meet and they knew as far back as 2013 that they were likely to miss it. The idea isn't to set an easy goal that can be met with minimal effort, it's a Kennedy style moon shot. It worked too, like the US there is a lot of public support for it and willingness to put the effort in.

The 2020 goal was a 22% cut in emissions, but it looking like a 15% cut will be possible. Some people say that is a failure... Ignoring that it's still a massive cut. Coal plan shut-downs started last year and will continue into 2019, so picking stats from just before this started is unfair.

The 2050 plan is the bigger, longer term goal that involves really massive cuts to emissions. 2020 is just a step on the way to it.

Quality of life in Germany remains high. Base energy cost is comparable to the rest of western Europe, including France, it's just the tax that makes it more expensive to consumers. And there are big discounts available for those less well off. They decided to pay for clean energy, that was a conscious decision and the electorate have had multiple opportunities to express their support for it.

Similar to the End of Life Vehicles Directive in the EU, Similar to the German End-of-Life Vehicles Act of 2002 (extended from a similar law in 1997). Manufacturers are responsible for recycling their vehicle at the vehicles end of life, this means manufacturers design their cars to be more easily recycled and means any overhead costs are built into the cost of the car up-front. There is no good reason that this shouldn't be the case for any larger or common products, why should the cost of recycling be deferred until the product has reached end of life, no consumer will pay more money to have their product recycled *after* it is useless.

http://www.bmi.bund.de/DE/Them...

Seit dem 1. November 2007 werden in elektronischen Paessen der zweiten Generation zusaetzlich zwei Fingerabdruecke gespeichert.

Personalausweis is also biometric nowadays, but fingerprints are - so far - optional.

Are you really now saying that the energy act is not law? You can simply look it up. You are IGNORANT, and intentionally so. The law requires the use of ALL AVAILABLE WIND AND SOLAR, ALL THE TIME. JUST FUCKING READ IT AND ADMIT YOU FABRICATED THE IDEA THAT WIND IS TURNED ON AND OFF FOR PEAKING! You made it up, and you wont' admit it. Why won't you admit it? I can guess.

http://www.bmub.bund.de/filead...
http://www.bakermckenzie.com/f...

Grid operators must, immediately and as a priority, purchase, transmit and distribute the entire available quantity of electricity from a renewable energy installation (Section 8 EEG).

Germany has enough wind turbines built that the total generation charts show a good representation of the wind generation profile across the country. But, you have already proven you ignore facts and obvious data, so what good is it to have this discussion until you admit you fabricated the contention that wind is turned on and off for peaking. You made it up, and you won't admit it.

You are a bullshitter who makes stuff up. Cite your source or admit it.

Don't be a pedant. "Import to" or "import into" is a valid linguistic phrase:
http://www.daff.gov.au/biosecurity/import
http://www.cbp.gov/linkhandler/cgov/newsroom/publications/trade/iius.ctt/iius.pdf
http://www.bund.de/EN/Economy-And-Trade/Importing-to-Germany/Importing-to-Germany_node.html

Although I will admit that I would have used "export" if I had been thinking about it properly.

Recently I have became wobbly on use of m$ products. I admit my failure now. My spirits were strong but my flesh was weak. Last weeks made me understand my failures. What has happened were three things:

1. I moved from vista to windows7. There are few good things but the rest is just shitty.
2. Snowden did his whistling and now I have even bigger doubts on anything coming from US
3. German government did issue this warning about TPM. They say of course that for common user there is no worry but they put a question mark on use of the trusted computing shit in business and in government other than US.

Now dear microsoft and others - how on earth should I trust any US company? Not that we have all too much choice but hey in OS area we do. Fuck you - you NSA smurfs!

In view of this I consider minor changes described here completly irrelevant.

If only there was somewhere that could explain what the article means without RTFA.

Here you go: it's a lot shorter, but it's still in German:
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2013/Windows_TPM_Pl_21082013.html

It's more nuanced: the Bundesamt für Sicherheit in der Informationstechnik (B.S.I.) says it *doesn't* warn agains Microsoft Windows 8, it only warns the (German) government not to use Microsoft Windows 8 in certain scenarios on computer hardware with TPM 2.0:

"Hierzu erklärt das Bundesamt für Sicherheit in der Informationstechnik (BSI): Das BSI warnt weder die Öffentlichkeit, deutsche Unternehmen noch die Bundesverwaltung vor einem Einsatz von Windows 8. Das BSI sieht derzeit jedoch einige kritische Aspekte im Zusammenhang mit bestimmten Einsatzszenarien, in denen Windows 8 in Kombination mit einer Hardware betrieben wird, die über ein TPM 2.0 verfügt."

Then, they first say that you can go ahead and buy MS Windows 8 on a TPM computer, as long as you don't worry/care ("kümmern") about the security of that computer. (There must be use cases within national and other governments where it just doesn't matter so much that a computer is insecure).

In the next paragraph, If I read it correctly (German is not my first or second language), they warn against using MS Windows 8 on a TPM 2.0 computer in case where security is of value: for " die Bundesverwaltung und kritische Infrastrukturen", they warn for the dangers of D.O.S. attack and sabotage where both the hardware and software become unusable. You got to read it yourself if you don't like my crummy translation. Corrections welcome.

I interpret the end of the press message as: maybe one day there will be a TPM 3.0 spec with "(...) ein bewusstes Opt-In sowie die Möglichkeit eines späteren Opt-Outs (...)" and then the BSI would be happy again.

I'd like to know when the Germans thought they had control over the operating system.

https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2013/Windows_TPM_Pl_21082013.html

4th paragraph translated through google:

"From the perspective of the BSI, the use of Windows 8 in combination with a TPM 2.0 is accompanied by a loss of control over the operating system and the hardware used. This result for the user, especially for the federal government and critical infrastructure, new risks. In particular, on a hardware, which is operated with a TPM 2.0, with Windows 8 caused by accidental errors of the hardware or operating system manufacturer, is also the owner of the IT system error conditions that prevent further operation of the system. This can cause such an extent that in case of error in addition to the operating system and the hardware used is permanently no longer be used. Such a situation would not be acceptable for the federal nor for other users. In addition, the newly established mechanisms can also be used for sabotage of third parties. These risks need to be addressed."

The BSI (Bundesamt für Sicherheit in der Informationstechnik) published a clarification after websites reported about that Windows 8 warning: https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2013/Windows_TPM_Pl_21082013.html

Basically, they pedalled back a bit. They now claim they never warned about Windows 8 itself, but about possible risks when combining Windows 8 with TPM 2.0, because the user no longer has complete control over his system and that because of that, the user could end up in a situation where the system is permanently unusable. They no longer mention the US / the NSA and the possibility for backdoors, instead they now just mention the possibility of "sabotage", and the need for an opt-in AND opt-out for things like TPM 2.0.

In the last days of the Staatssicherheit of the former East Germany, many documents were shredded, but now they are reconstructed by scanning the remainings and having a semiautomated process searching through the scans and finding fitting parts to reconstruct the original relations - basicly doing a big puzzle. There are online reports about it, albeit they are in german.

So what he was saying is, that they are padding with a potentially unencrypted random number, that can be used to guess earlier and later random numbers, and thus break SSH. The random number is a hint for crackers / PRNG guessers.

No, that a deliberately "broken" implementation of ssh (either on server or on client) could use the padding to leak the session key, and that without access to the code there would be no way to tell (... because the padding is "supposed" to be random...).

Quite clever actually, and reminescent about the ways how the French subverted the Luxembourgish Luxtrust system.

Luxtrust token are hardware crypto token containing a private key. The key (supposedly) is generated randomly by the token at initialization and never leaves the token, and can only be used to establish session keys and sign messages, where the critical calculation happens on the token. The key is used to secure banking transactions, so that for example, the French tax administration cannot spy on the communication between French citizens and their Luxembourgish bank.

That's the theory. The catch is, the tokens are manufactured by the French company Gemalto, and each token's random number generator will only ever "generate" private keys from a limited set (different for each token, of course). So, French tax administration can trivially infer the private key by looking up the public key in a table provided by Gemalto.

The scheme is virtually undetectable, because:

• The keyset is different for each token
• Each token can only be initialized a very limited amount of times (much smaller than number of possible keys for that token)
• The tokens supplied to BSI for audit didn't have this weakness. And moreover, the German tax authorities would be quite happy to listen in too :-)

Result: Luxembourg spent millions on an inconvenient crypto scheme, which works neither on modern 64 bit compiters nor on mobiles, and which is useless for its purpose.

From here:

Der Windows7-eigene Screenreader fängt beim Vorlesen die Eingaben über die Tastatur direkt ab. Dadurch wird auch die eingegebene PIN im Klartext vorgelesen.

Translation: The Windows7 built in screen reader captures entries directly from the keyboard when reading. Therefore also the entered PIN is read aloud in cleartext.

Which shows two things:
(i) There should be a separate keypad on the card reader. You simply cannot trust the computer.
(ii) Using Windows7 can lead to unexpected security holes even on non-compromised computers (after all, this should apply to anything expecting passwords). But then, it's from Microsoft, so that's somewhat expected :-)

For those who can't read German here's a basic summary of the article:

There is a vulnerability not in the ID cards but in the desktop software that makes use of them for authentication on the Net. This software's update mechanism is apparently vulnerable to a DNS spoofing attack that would allow a skilled attacker to download and unpack a ZIP file on the user's machine (but not directly execute any code). The article was updated to say that the government agency responsible for this software has stopped downloads of it as of yesterday and there's no a press release on that agency's website saying they're working on a fix:
https://www.bsi.bund.de/sid_9CC745E82FC9ED59215EB75FB9479819/ContentBSI/Presse/Pressemitteilungen/AusweisApp_101110.html (Also in German)

There are absolutely no gay marriages that can build a proper family.

Really? Reality is disagreeing with you.

http://pediatrics.aappublications.org/cgi/content/abstract/peds.2009-3153v1
http://www.apa.org/pi/lgbt/resources/parenting.aspx

If you can read German or Spanish, here's a couple more
1
2

I can link some more if you like.

https://www.bsi.bund.de/ContentBSI/Presse/Pressearchiv/Kurzmit2008/090908chrome_htm.html

And they also recommended against Opera 10.50:

http://www.buerger-cert.de/newsletter_suche.aspx?param=HGf116Hsnmjdg%2B95Lx4xLVfgHeBWpfgcdyqiMrbjzdH9yQ4jIcV6TY4STnzgjITQ%2BhD3uF8Dgn3F1%2BDy1Synkw%253d%253d#anchor1

So, nothing to see here.

This is all very strange - on BSI (this is what the german abbreviation of Federal Office for IT Security is) site there is nothing about this, BuergerCert site informs about new upcoming release of firefox that is going to fix unspecified security problem. If you compare it with IE warning from some time ago there is a difference - back then BSI issued a warning telling people not to use compromised software that is actively used for attacks and here you have a warning based on information of new release. Fear mongering - that is what it is - a new and terrible thing has happened - somebody is releasing software to fix the bug that nobody has abused yet. Good that German Gov. is issuing warning but judging on this government record (Moevenpick subsidy to hoteliers or sucking of Mr Sawicki on request of big Pharma) I'd say FDP and/or CDU (governing parties) took money from somebody again. I would not look for conspiracy anywhere but current government actually does not even bother with hiding their deplorable attitude towards private money - funny thing is that they do it in such incompetent way that it is almost laughable (well one should cry actually - they have our tax money).

But somehow, all this auditing, code reviewing and certification doesn't manage to uncover a simple date encoding bug.

It's actually worse: if during routine maintenance, a employee, partner or customer stumbled across the bug, he would be dismissed as mistaken, because such bugs are just not possible, or else the very strident auditing would have caught it.

... and now, the emperor is standing there alone on hangman's hill, without his underwear, trying hard to conceal a huge hardon with his hands... What the hell did happen to his fine clothes?

Actually, all country trust roots (not _signatures_) end up in an international database, and terminals SHOULD check that passports are signed by one of those. The "hack" does not work for this reason (and relevant countries' terminals do check, even if the standard-testing software does not).

FYI, country certs are also published on human-readable pages, such as these:

http://www.bsi.bund.de/english/topics/csca/index.htm
http://www.bmi.gv.at/csca/startseite.asp

So hypothetically, you could collect these (they won't be changed more than once every few years) and perform your own verification.

How about an actual health problem that only happens with the finely particlized version of an otherwise harmless product? here.

The ability of nanoparticles to pass the blood-brain barrier is documented and is even being exploited for novel medical treatments. Many products we use daily are generally considered safe only because they do not penetrate the lungs, skin, or blood-brain barrier. This doesn't mean nanomaterials are automatically dangerous but it does mean that they cannot be presumed to be safe simply because the non-nano particle version is safe. Even where a substance is generally considered safe if ingested, a version with nano-particle carriers cannot be assumed safe.

In the field of health and safety, no evidence for safety means it's NOT to be considered safe. Since we know that nanoparticles can interact with biological systems differently than larger particles of the same substance, we know that we cannot infer safety of a nanomaterial based on the safety of larger particles of the same substance.

It really stands to reason. If nanomaterials DIDN'T behave in novel ways compared to micro and larger materials, they wouldn't be interesting at all.

As others have pointed out, asbestos is a great analogy. When fired into stoneware, it's perfectly harmless. When pulled into fibers it causes a serious and often fatal medical condition over a period of years with few advance warning signs.

The irony of the situation is that the German government actively sponsors work on security tools such as GPG, OpenVAS, BOSS.

The irony of the situation is that the German government actively sponsors work on security tools such as GPG, OpenVAS, BOSS.

Instead of getting all worked up and randomly speculating and inventing what law prohibits, how about actually reading the text of the law??

First, it's not about "sections 200 and following" (section 200 is followed by a break, and a new block, the one that concerns protection of privacy, begins with section 201). More specific, it's really only about changing 202a and adding 202b and 202c.

The proposal that now became law, together with detailed explanations, can be found on this official government site:

http://www.bmj.bund.de/files/-/1317/RegE%20Compute rkriminalit%E4t.pdf

The only controversial one of the additions is the second number under 202c:

(1) Wer eine Straftat nach 202a oder 202b vorbereitet, indem er
  1. Passworte oder sonstige Sicherungscodes, die den Zugang zu Daten ( 202a Abs. 2) ermöglichen, oder
  2. Computerprogramme, deren Zweck die Begehung einer solchen Tat ist,
[herstellt, sich oder einem anderen verschafft, verkauft, einem anderen überlässt, verbreitet oder sonst zugänglich macht,]
wird mit Freiheitsstrafe bis zu einem Jahr oder mit Geldstrafe bestraft.

Translated:

(1) The person who prepares an offence according to 202a or 202b by
[creating, procuring for himself or someone else, selling, leaving to someone, disseminating or make accessible by other means,]
  1. Passwords or other security codes, which allow the access to data ( 202a Abs. 2), or
  2. Computer programs, whose purpose is the commiting of such an offence,
will be punished by a term of imprisonment of up to one year or a fine.

So what's said in the article ("Manufacturing, programming, installing, or spreading software that
can circumvent security measures is verboten) is wrong. Only "Computer programs, whose *purpose*
is the commiting of such an offence" are forbidden. Computer programs which may be use for circumventing
security (like packet sniffers, port scanners...) but whose purpose is not expressly mainly to illegally
gain access to other people's data are not prohibited. As an example of a program that would be, take
your common trojan whose main purpose is to hide on someone's computer and secrectly sniff data.

http://www.bmj.bund.de/media/archive/1317.pdf

And the relevant words in english (my translation)

German penal code section 202c

Whosoever prepares a felony according to section 202a or section 202b by

• enabling passwords or other such codes, or
• selling, obtainig, or giving computer programs for that purpose to another

Note: sections 202a and 202b are both about gaining access to data meant for somebody else.

This would be a drastic measure, but it might make a point. Somehow I would guess though that the judge would rule that people have to pay a fine instead of going to prison.

The link to the law StGB shows only the old version without the new paragraph 202.
Besides,in it you can find the following line:

Ausfertigungsdatum: 15.05.1871

Which must mean something like issue date 15.05.1871, now that is incremental change!

I just found the paragraph here: http://www.kes.info/archiv/online/06-6-006.htm
Seems like it took until May the 25th (since 2006) to get it signed.

Paragraph 202c says:

(1) Wer eine Straftat nach 202a oder 202b vorbereitet, indem er
  1. Passworte oder sonstige Sicherungscodes, die den Zugang zu Daten ( 202a
Abs. 2) ermöglichen, oder
  2. Computerprogramme, deren Zweck die Begehung einer solchen Tat ist,
  herstellt, sich oder einem anderen verschafft, verkauft, einem anderen überlässt, ver-
breitet oder sonst zugänglich macht, wird mit Freiheitsstrafe bis zu einem Jahr oder mit
Geldstrafe bestraft.

In English that means that if you prepare a criminal offense according 202a/b through

1.) providing passwords
2.) providing software to achieve the above mentioned criminal offence

you will go to prison for a year or pay a fine.

The article mentioned above explains that security companies should still be able to write
tools to test their systems since the criminal offense wasn't planned even though it was on peoples minds that the tool might be used for that.

Damn this sounds bad, I agree with the CCC now that this is a gray area. This would require some mind reading capabilities I guess.

The other two paragraphs address gathering and collection of data which is not meant for you or protected from you in some way.

The pdf file for the change proposal can be found here:
http://www.bmj.bund.de/files/-/1317/RegE%20Compute rkriminalit%E4t.pdf

BTW, I'm not a lawyer. This might also explain my bad english, how could one possibly translate between German and English legalese anyway ;)

> Anybody with a link to the original law?

No. And there is a simple reason for that. The law doesn't (yet) exist, it is being discussed at the moment. The draft from the government can be downloaded at http://www.bmj.bund.de/media/archive/1174.pdf

If you can read German, http://www.netzpolitik.org/2006/reaktionen-zum-2-k orb-kabinettsbeschluss/ may be a nice resource.

They might as well start a group on MySpace and issue bumper stickers and T shirts.

Germany's BND might not be a match for the intelligence capabilities, but they're ahead in the merchandizing section :-)

In Germany, we already do that: Zentrale Bergungsort Bundesrepublik Deutschland (German, but pictures). Here is a short description in english. All the documents are kept on microfilms, but I don't know what they do with audio/video material.

Having said that, I will note that this evaluation was to an actual protection profile (the CAPP), so the evaluation means something, unlike some other evaluations that I could mention.

Having said that, I will note that this evaluation was to an actual protection profile (the CAPP), so the evaluation means something, unlike some other evaluations that I could mention.

The official press release states that, "Das Urheberrechtsgesetz sieht so genannte Schrankenregelungen vor, nach denen der Zugang zu urheberrechtlich geschützten Werken zu bestimmten Zwecken, wie zum Beispiel für wissenschaftliche und kulturelle Nutzungen, zulässig ist. Die letzte Novelle des Gesetzes, deren einschlägige Regelungen im September 2004 in Kraft getreten sind, sieht hierfür ausdrücklich die Möglichkeit von Vereinbarungen zwischen Verbänden vor, um diese Nutzungen auch von kopiergeschützten Medien zu ermöglichen."

I think they are referring to this particular revision in the German copyright law, which apparantly states that associations such as the Phonographic Industry have the right to allow particular institutions, such as the National Library, to duplicate copyright-protected media (for the sake of science and culture).

Alex,
MobileRead.com

I've always thought that would be an obvious Digital Age upgrade to the services provided by notary publics. Their seal is already valid on all sorts of contracts and legal documents, so why can't they also be taught to use PGP to sign public keys?

As far as I know are digital notary signares are valid in Germany.

http://www.bsi.bund.de/literat/faltbl/F10Elektroni scheSignatur.htm (in German)

the official German Government institution for IT (BSI) security says they want to see "different browsers" and people should "not only use IE"

Heise reporting about the BSI comment

(Link to German site)

Apart from that, SWR3 (the biggest German radio station) have a small "Multimedia" feature (weekly?). While it is quite light and sometimes has apparent errors (for a geek like me :), they _did_ plug the new firefox this week and told people to switch browsers. It nearly floored me when I heard that:

SWR3
(Link to German site)

Imagine hearing on the biggest radio station that users should switch to FireFox!

The only minor drawback was that the guy literally said Firefox is now at "version one" - oh well. Friendly User version numbers, they are not.

Best wishes,

Tels

Where things were kept was probably my biggest issue when I first started to. If you want you can check here for more information on where everything is kept. It's long and dry, but you'll learn a lot. There is also this which is the migration guide the Germans paid for. If you ever just need a question answered and can't find anyone, feel free to send me a message through here. Again, good luck and have fun. :)

Everything changes when the attacker has physical access to your hardware (as others have pointed out).

The Common Criteria is an internationally-recognized standard, so the U.S. gov't would recognize the German EAL3 augmented evaluation of SuSE Linux Enterprise Server V8 that just finished up in January 2004.

I would further like to encourage German readers to write an email or fax to the federal minister of Justice to complain about her decision and to support journalists in decoding the network of what seems (on first sight) filthy lobbyism and inconsistent behaviour. Written letters and faxes are expected to have more impact due to their tangible nature.

If you don't spend EUR 1 on a stamp now, you might have to spend EUR 10000 on lawyers later, or get fined for using an algorithm that somebody happens to have patented without you knowing.

[E-mail me if you can't find your rep contact details but would like to do something about it.]

Ideas should be free.

I did not here a beep about this here in Germany, I guess the plan is to introuce the system through the backdoor.

Well, maybe, but than they wouldn't make a press release, right?

Is this just a minor side effect of a basically beneficial system that will simply work itself out as the patents are challenged? Or does this have to be fought?

If this is something that needs fighting, it would be good to know who is doing this, either on a grassroots level or as elected officials.

In the US, I guess it's mainly the EFF and FSF, but I'm not very familiar with the situation there.

Also there's no way of knowing (that I can see) what extra software was installed. Sendmail? Apache? Or are we just talking a basic kernel and networking?

I don't know much about the EAL standard, but after a quick look at the previous certification(EAL 2), I think it probably includes all of the software.

a list of freaks is German officalism (english) there, a German page about the banking freaks is here

Often they fake only parts of the ATMs system in Germany (reading it at the door, putting slices of plastic on top of the keypads)

The laws are strange in Germany for that problem. But often if you can prove that it was not your problem, they give you money.

they want everybody to believe that it IS safe, but it is not.

a list of freaks is German officalism (english) there, a German page about the banking freaks is here

Often they fake only parts of the ATMs system in Germany (reading it at the door, putting slices of plastic on top of the keypads)

The laws are strange in Germany for that problem. But often if you can prove that it was not your problem, they give you money.

they want everybody to believe that it IS safe, but it is not.

Well, I'm not really sure about it, but if I read that law right, the copyright holders might be forced to give DeCSS to _you_.

Now this is obviously all in German, but have a look at the text, 95b. What it basically says (if I read the lawyerspeak correctly) is this:
If a copyright holder uses technical protection measures to protect their work, they must provide certain people the means to circumvent this technical measure. This is the case in what you might call "fair use" situations such as:
- translation into another form for physically challenged people
- copying for educational purposes (i.e. teachers handing out copies to their class)
- copying for personal use

In other words, I buy a "copy-protected" audio CD and the copyright holder has to provide me the means for ripping the tracks off the CD to add them to my Ogg collection. Sounds... interesting. I wonder what will happen when somebody goes to court over this.

The German parliament which has just adopted DMCA-style provisions to outlaw the circumvention of technical protection measures that control and curtail the fair use of intellectual property (and only needs the other House's assent for part of the new legislation) makes Germany the third country, following Denmark and Greece, to implement the highly controversial "monstrosity" known as the European Union Copyright Directive 2001/29/EC.

This move, allegedly a "propaganda victory" dubbed "lex Bertelsmann" (after the giant media conglomerate expected to line their corporate pockets under the new laws) in furious disapproval by tech-savvy parts of the news media, makes Germany one of the early adopters setting an unfortunate precedent for further European countries like the UK and France whose citizens, and notably developers like Linux kernel guru Alan Cox, will probably not be spared from similar legislation for much longer either.

Although open-source researchers, cyber-rights activists and even the ruling Social Democrats' very own IT experts as well as hardware manufacturers underlined the severe dangers and inconsistencies of this new and doubtful philosophy extending copyright law to reduce many of the general public's rights to insignificance, in a debate focusing only on academic exemptions from the publishers' power grab, the opposition even tried to tighten the government's bill, ignoring widespread experiences of Chilling Effects such as censorship and assaults on the Freedom to Tinker during the past four years under the EUCD's U.S. counterpart of draconian "bad law and bad policy", the flawed Digital Millennium Copyright Act, another overreaching implementation of the

The German parliament which has just adopted DMCA-style provisions to outlaw the circumvention of technical protection measures that control and curtail the fair use of intellectual property (and only needs the other House's assent for part of the new legislation) makes Germany the third country, following Denmark and Greece, to implement the highly controversial "monstrosity" known as the European Union Copyright Directive 2001/29/EC.

This move, allegedly a "propaganda victory" dubbed "lex Bertelsmann" (after the giant media conglomerate expected to line their corporate pockets under the new laws) in furious disapproval by tech-savvy parts of the news media, makes Germany one of the early adopters setting an unfortunate precedent for further European countries like the UK and France whose citizens, and notably developers like Linux kernel guru Alan Cox, will probably not be spared from similar legislation for much longer either.

Although open-source researchers, cyber-rights activists and even the ruling Social Democrats' very own IT experts as well as hardware manufacturers underlined the severe dangers and inconsistencies of this new and doubtful philosophy extending copyright law to reduce many of the general public's rights to insignificance, in a debate focusing only on academic exemptions from the publishers' power grab, the opposition even tried to tighten the government's bill, ignoring widespread experiences of Chilling Effects such as censorship and assaults on the Freedom to Tinker during the past four years under the EUCD's U.S. counterpart of draconian "bad law and bad policy", the flawed Digital Millennium Copyright Act, another overreaching implementation of the

All hope abandon, as far as Europe is concerned...

...or could these developments still be stopped before setting a bad precedent for further countries such as the UK, which will probably not be spared from similar legislation for much longer either?

While this article assumes that Wednesday's approval by the Committee on Legal Affairs makes adoption of Germany's "DMCA" bill in plenary session on Friday "a mere formality" (as even the opposition's sole regret seems to be that fair use rights should have been curtailed even further), many of you sure wish to recount some experiences of the Chilling Effects from Four Years under the DMCA to the Members of the German Parliament about to repeat most of the DMCA's mistakes in their attempt to implement yet another overreaching implementation of the 1996 WIPO Copyright Treaty, the highly controversial "monstrosity" known as European Copyright Directive 2001/29/EC.

Governments are already involved in the gaming industry. America's Army is just one example of computer games produced for state PR (read: propaganda).

There has always been a long tradition of anti hate-games in Germany, funded by the ministry of the interior. The game series is called "Dunkle Schatten" (dark shadows").

If Peter wants funding "just for fun", he might think of giving something back to the one who funds him.

Oh, that reminds me of one question. Are the ads and banners in sport games (for making the game more realistic) sponsored by real companies?

BSI = "Bundesamt fuer Sicherheit in der Informationstechnik" -> "Federal Department for Security in Information Technology". Their mission is comparable to NSA's Information Assurance Directorate. Their site is far more informative than NSA's site, chock full of security advice though as always in all things security I advise to take whatever anybody says with a grain of salt. They've also got that other mission just like NSA does.

They've opensourced Sphinx, formerly a project aimed at providing secure email within German government agencies which is essentially a plugin for various email clients (appa which implements S/MIME as well as an S/MIME incompatible national encrypted email standard called MailTrust (spec available in German only). Apparently they're integrating the Sphinx code in KDE's kMail and in mutt. You can find the Sphinx code here.

Another opensource project I could find right away is DiCop (Distributed Computing in Perl), a GPL'd distributed job execution environment consisting of an administration server and client/worker software. The administration server sends jobs to the client/workers and collects the results. You can get DiCop here.

Please keep in mind that BSI is an agency of a foreign government no longer outright sympathetic to American interests.