Slashdot Mirror

Fervent writes "There is a hilarious parody over at CNET called Diablo meets the Sims. What happens when someone imports a Diablo skin into the quaint Sims universe? All hell breaks loose."

MDMurphy writes "Got this in the email just now. Despite reports I'd read that you had to write Amazon and ask for a refund if you saw they charged others a lower price, it seems they are letting their customers know proactively: Greetings from Amazon.com. Thank you for your recent purchase from our DVD store. As you may be aware, we occasionally test various aspects of our web site--design, layout, and other features--for brief periods to determine how they resonate with customers. Recently, we tested the discounts we offered on selected DVDs, so that different discounts for certain titles appeared to individual customers chosen at random. Because you placed an order for the DVD "The Big Blue - Director's Cut" during this period, we wanted to let you know that we will be refunding the difference between the price you paid and the lowest test price that we offered on that DVD during the test period, in your case, $1.49. We also wanted you to know that if we conduct any price tests in the future, all customers who order items affected by these tests will automatically be refunded any price difference at the conclusion of the test, thereby ensuring that they will pay the lowest available price. We value your business and appreciate the trust you have placed in us by being a customer. Thank you for shopping at Amazon.com." You can see another news report about the havoc the "experiment" has played on things.

zephc writes: "Apple has announced its iBooks, now with more RAM and DVD drive options, and (sweetness) Firewire (among other things)." Looks like it's at least three new models - and in other Mac Expo news, as promised OSX has been released in beta. Of course, it's a beta that costs $29.95 in the Apple Store, but whatever. MacNN has some coverage as well, as well as photos from the floor -- including the infamous flooding incident.

A reader writes "Never mind if you've shut off cookies. If you are using IE 5+, the browser can still be used to track you, with no warning. An IE 5+ feature, "persistence", allows the browser to remember information, such as search queries. Which of course means that you can be uniquely identified and tracked. And since it is a feature, there is no warning either that this information is being stored or when it is given. Shutting off scripting in theory stops it. More on the story at www.news.c om ."

sdo1 pointed out this CNet story: "Out of court settlement, but it looks like Real won and Streambox lost. Real keeps it's broadcast format proprietary, and Streambox can't distribute tools that decode the stream for such fair use puposes as time shifting and personal archiving." This is not good news for anyone hoping for commonsense wisdom from the bench when it comes to the provisions of the DMCA. Instead, it looks like this settlement came about in part because "Judge Marsha Pechman ruled that RealNetworks made a strong case that the Streambox VCR could be in violation of the DMCA."

Numerous readers have pointed, as this unnamed correspondent does, to this CNET article: "There is an article on cnet claiming that both unix and linux systems contain security flaws, called 'format string' vulnerabilities, which allow hackers the ability to trick systems through command manipulation and subsequently run unauthorized applications."

Numerous readers have pointed, as this unnamed correspondent does, to this CNET article: "There is an article on cnet claiming that both unix and linux systems contain security flaws, called 'format string' vulnerabilities, which allow hackers the ability to trick systems through command manipulation and subsequently run unauthorized applications."

A reader writes "American Express is going to allow card holders to access one-time use card numbers for purchases online. Not only could this cut down online credit card fraud but it might lead to anonymous purchases. " I'm not sure this gets us closer to totally anonymous purchasing, but it does mean that you can take more steps to protect yourself in online purchasing - now only one megacorp (Amex) could have your records!

Nastard writes: "Theres a story over at C-Net News.com about making money with distributed processing. The article talks about several companies that are planning to launch per-per-idle projects this fall. Apparantly someone has finally caught on that there is money to be made in this. No surprise that one of the companies is headed up by SETI@Home founder David Anderson." I've always been a fan of distributed.net -- (Subliminal Message: Sign up for Team Slashdot!), but I do wonder with these pay schemes if the payment will actually be enough to cover the cost of electricity. Hurm.

[timothy butts in ...] Also, you may want to check this out. A semi-anonymous reader writes: "Distributed.net President David McNett recently did an interview here with the guys over at Geeknik.net. In the interview, he discusses his role with Distributed.net, future projects they are going to work on, and how he views competition between the various distributed computing organizations. Great read."

jjr writes: "An article over at Cnet talks about how bill on internet tax is going to the Governor's desk next week for signing. This bill will affect alot of companies since California is a hub for a lot of Internet companies. We will see how this one plays out." Note that California (not that it's the only state with such ambitions) seems eager to snare wads of interstate money by snagging it even when people buy goods or services online which the brick-and-mortar versions of the same merchants don't carry.

jjr writes: "An article over at Cnet talks about how bill on internet tax is going to the Governor's desk next week for signing. This bill will affect alot of companies since California is a hub for a lot of Internet companies. We will see how this one plays out." Note that California (not that it's the only state with such ambitions) seems eager to snare wads of interstate money by snagging it even when people buy goods or services online which the brick-and-mortar versions of the same merchants don't carry.

alfredo_tomato writes: "I would have liked to seen a larger selection, but here are three browsers reviewed: You'd be surprized at who came out on top. The ugliest of the lot won."

A reader sent to us the story that the fruits of the Palm/Sony alliance have been unveiled. Yes, it's the Palm V - sort of. It's got a jog dial with navigation - but the kicker is the Sony memory stick that's built in. That means for all those times that you fill up the memory with Kyle's Quest...I mean important notes, you can swap the stick out. Not amazing, but cool for a first product.

Carnage4Life writes:"Apple has found out the employee who leaked pictures of the PowerMac G4 Cube. So Apple has modified its original lawsuit against "unknown individual" for leaking trade secrets and changed the name to that of the employee in court filings. So as not to embarass any employees with the same name Apple has not revealed the employee's name as at now."

More below on what is surely one of the slowest patents ever granted (to our inquisitive friends with the radar domes, no less), and smidgeons of news on such various and sundry as Napster (perhaps you've heard of it?) and Iridium (perhaps you wish you'd never heard of it?), not to mention more on the destruction of the submarine Kursk.

The (cryptographic) wheels of government grind slowly. JOEL-V writes: "In August 2000, the United States Patent Office issued patent #6097812 to the National Security Agency, for 'Cryptographic System.' The patent application was filed in the year 1933, and this invention and patent are actually one version of the famous Enigma machine."

On a similar note, Paul Maud'Dib writes: "The Slashdot crew might be interested in checking out Enigmatic. They have java emulators for the Purple, Sigaba, Enigma, Russian Espionage Cipher and a public domain Bombe. They also have rather lucid descriptions of the various systems used. Interesting reads all."

That which does not kill him makes him stronger. You may recall that some maladjusted script kiddies threw a spanner in the works of the excellent kuro5hin a little while ago. Emmett told you more about the attack and its aftermath shortly thereafter. Looks like it's time for the (all volunteer, cool-content, graphically appealing) kuro5hin to emerge from a quick breather.

pope nihil writes: "kuro5hin.org has an update on their page. things should be back up (according to the update) by Sept 15 or so. check it out." Yes, Go there! Congratulations, guys.

88 bottles of bits on the wall, 88 bottles of bits ... NoWhere Man writes "The bankrupt Iridium venture has received another bid to save the wireless phone company's $5 billion satellite system from being pulled from space and destroyed. A California-based organization named CMC International is offering to pay $30 million to acquire Iridium's 88 satellites and other assets, according to a court filing submitted Friday."

It certainly would be nice if someone could eke out (even a meager) connection from Iridium rather than incinerating the satellites in the atmosphere, but honestly, the Will Burn / Will Fly status of these birds flip-flops enough to put a politician to shame. I'd like them to stay up, if only not to spook other folks from putting data-bouncing satellites up for our browsing pleasure.

In a nutshell, this is the problem with carrying around cavitation weapons. aleclee writes "It now appears that the Kursk was indeed carrying cavitation weapons and that she was sunk by a misfiring rocket. Supposedly, the rocket/torpedo can travel at 200 knots! Details can be found here."

Update: any port in a storm, and this one sounds nice. Patrick Ryan wrote: " Hello, I wanted you to know that CDSA [as mentioned in this slashdot story] has been updated at Intel and now includes a Linux port." Visit http://developer.intel.com/ial/security/ for more information about CDSA, and then the download site for your free-downloading pleasure.

KuRL writes "C|Net is reporting that Intel has begun to recall their 1.13-GHz chips, which had the best clock speed on the market, due to a glitch that caused the chip "to malfunction in laboratory tests under certain conditions." Yes, it was only that specific. It is quite clear that Intel rushed this chip out upon hearing that AMD would be releasing a 1.1-GHz chip of their own."

KuRL writes "C|Net is reporting that Intel has begun to recall their 1.13-GHz chips, which had the best clock speed on the market, due to a glitch that caused the chip "to malfunction in laboratory tests under certain conditions." Yes, it was only that specific. It is quite clear that Intel rushed this chip out upon hearing that AMD would be releasing a 1.1-GHz chip of their own."

Luke B writes "According to news.com Yahoo! will be offering users encrypted e-mail. This comes through the support of Zixit (www.zixit.com). Head to C|Net for the full scoop." Interesting.

Snatch Freedom writes "Peacefire has discovered a way to block censorware using Akamai's servers. For example you can see Yahoo! using http://a1.g.akamaitech.net/6/6/6/6/www.yahoo.com/. C|Net had a story about. Censorware cannot block akamai; that will piss off all the advertising people. Akamai says (in the cnet story) that they are not in the filtering business and they won't block anything. The makers of ``Bess'' wan't Akamai to filter it but Akamai says no. "

Fervent writes "Dell has started offering laptops today with the new UXGA screens. These higher-res LCD screens proport better, clearer graphics at no extra power cost. Details on the new laptops are available at CNet." They don't say how big the actual screen is, but ya gotta be scared... I can see 1280x1024 on a 15" screen, but 1600x1200 is pretty scary... I find a lot of things to small at that res on a 21" monitor. Then again, just pump up the font size and everything is crisper... of course those icons on web pages sure don't get any more legible.

Do you remember the Piranha debacle back in April? Welcome to Part II. Last Tuesday, it was revealed that Microsoft SQL Server 7.0 is shipped with a default password - just like Red Hat's piranha module. Unlike Piranha, SQL Server is very common software for large e-business websites. Unlike Piranha, the vulnerable software has been shipping for months. Unlike Red Hat, Microsoft refuses to take responsibility for their mistake, which, unlike Red Hat's, has resulted in actual documented break-ins, some at high-profile websites. So why haven't you read about it?

Because unlike Red Hat, Microsoft is getting a pass by the media.

Piranha is web clustering/failover software that was released in April by Red Hat without much QA. It somehow went out the door with a default password ("Q") and without docs explaining in big bold caps that it must be changed. If you installed the Piranha RPM without reading the docs carefully, you had a security hole on your site.

The hole allowed an attacker to come in over port 80 and execute arbitrary commands as the Piranha user, which would have been the web user. Typically that's a nonprivileged "nobody" account. While this is never good, let's just note for the record that this is a read-only exploit unless the webserver is very poorly configured.

The media flipped, in a word, out.

Piranha: A Case Study

On April 25, Computerworld announced that the "backdoor password ... could allow an attacker to compromise a Web server and deface and destroy a Web site." Informationweek and Internetweek both warned about "a back-door security flaw that carries ISS's highest danger rating." MSNBC/ZDNET ran the story as "Red Hat Linux open to backdoor password" and explained "there's a backdoor account in Red Hat's Linux that would let a computer intruder access and alter files." The Standard's early report on April 25 wasn't too bad but attacked -- as all reports did to some degree -- the strawman myth that open source is inherently secure. At least it didn't use the word "backdoor." Newsbytes was pretty much the same.

"Backdoor" implies that the flaw was deliberately inserted, by a thoughtless or even malicious programmer. Why did most stories incorrectly use that word? Mostly because that was how it was described in the press release. A security firm called Internet Security Systems found the flaw on April 24 and sent out a security advisory that used the term four times by the end of the first paragraph.

ISS also made some interesting statements when speaking to the press about the vulnerability. Oft-quoted was a line about open-source being both a blessing and a curse (the media loves "on the one hand, on the other hand"). I also liked this comment from their research director:

"There's limited quality assurance in the open-source environment," says Rouland, "because open-source software is basically a bunch of peoples' hobby."

Of the early stories about Piranha, the best one I found was Henry Kingman's ZDNet piece on April 24 (both early and accurate: amazing). CNET's on April 25 wasn't bad either, though they let ISS lay down the anti-open-source and pro-Microsoft propaganda a little thick.

In the days to come, the story didn't change much except to note that Red Hat -- correctly, as it turned out -- denied the seriousness of the vulnerability and tried to explain that it wasn't really a backdoor. Inter@ctive Week's Charles Babcock did such a piece on May 1.

Computer Reseller News still called it a backdoor on April 27. And NetworkWorldFusion's report and Informationweek's followup both came out on May 1, both got the important facts right, but both still called it a backdoor.

ClieNT Server News ran an article in their May issue explaining "Red Hat Red-Faced." I'm not about to pay to read the whole thing. The free synopsis that's available smirks at how "embarrassed" the company must be, and ends: "It seems that Red Hat left a back door in," dot, dot, dot.

The Standard had a second, fair piece that eschewed the term and even, after quoting the line about open-source being a "hobby," gently suggested otherwise.

But the gold stars go to just two good reports. SecurityFocus' Elias Levy, on May 1, turned the spotlight on ISS by pointing out how they "...can make headlines by using the right jargon, even when it's wrong." And Linux World News' Liz Coolbaugh, who had weighed in a few days earlier, questioning the media's coverage in her story "Red Hat Security Hole Not a 'Backdoor'."

If you find any more stories about Piranha, post them below. The Red Hat-bashing pretty much came to a halt a week later, when a little Microsoft-specific email virus named "ILOVEYOU" did a few billion dollars' worth of damage.

(Breaking news: all charges dropped; to quote 10,000 Maniacs, "who ya wanna blame?")

Microsoft SQL Server 7.0

You've heard about the SQL Server vulnerability, right? The one found on Tuesday, six days ago?

Well, no, you probably haven't, unless you read NTBugtraq. Even the maintainer of SecurityPortal's Microsoft Security Digest missed it this week (don't worry: I dropped him a note, he added it).

As the cracker Herbless describes it:

"It has come to light that it is now common knowledge that MS-SQL has a blank 'sa' password by default. This seems to affect a _lot_ of servers on the internet."

A default password vulnerability? Sounds familiar, doesn't it?

Here's Herbless's description and exploit code, posted to BugTraq last Tuesday. And here's Microsoft's acknowledgement, posted on Thursday.

Herbless wasn't kidding when he said it affected a lot of servers. If you're running SQL Server 7.0, with a firewall that doesn't block its port, and you haven't changed the sysadmin password, you're vulnerable.

As he described it to me, unlike Piranha's vulnerability which gave read-only access as an unprivileged user, this one typically gives access as "BUILTIN\System." I don't speak NT, so he had to describe to me what this is: "god-like powers ... greater that those of even the 'Administrator' user."

In other words, you have been 0wn3d.

You may be thinking that this is a vulnerability. Go back and read Microsoft's acknowledgement again. They say quite clearly, "The code does not exploit a vulnerability."

Does it confuse you that what was previously a "backdoor" is now not even a "vulnerability"? That threw me for a loop too -- as well as some of Microsoft's other disclaimers, which only make sense when you realize you're reading non-sequiturs about the newer version SQL Server 2000 (the vulnerability only affects SQL Server 7.0).

All will become clear, though, once you read this story from vnunet.com -- the only media story I've seen, by the way. The fault lies with the website administrators:

"Hacked websites 'didn't read the manual'

"Microsoft has blamed administrator error, rather than a bug in its software, for leaving hundreds of websites running SQL server open to attack this week."

Did they say hundreds? Yes, hundreds, at the very least. And did they say "hacked websites"? Yes -- this is not a theoretical vulnerability with no known attacks, like Piranha was.

All this month, Herbless has been cracking into websites like the National Transportation Safety Board and leaving edgy political messages (while backing up the original files and telling the admins how to close the holes). He confirmed to me that all his attacks, including the Fish and Wildlife Service, the UK's Adult Learning Inspectorate, and the Commonwealth Telecommunications Organisation, were done by exploiting Microsoft SQL Server.

Just to make the story that much better, according to Herbless, the default configuration of SQL Server 7.0 also has logging turned off -- in which case a successful attack would leave few if any tracks.

Sites are lucky if their webpages are hijacked; that way they know to fix the problem, format and reinstall. But some of those "hundreds" of websites running the vulnerable installation have surely been cracked by black hats who quietly installed Back Orifice or a similar remote-exploit program. They can set an SQL Server password, but it won't help them: they'll still be 0wn3d.

The proper fix would be to force the password to be changed before the software can be used, as piranha now does. Wayne Sowery of MIS Corporate Defence Solutions confirmed for me that "versions up to SQL Server 2000 do not ask for the SA password during installation ... we also tried various install options such as 'typical' and 'custom,' neither prompted for a new SA password." Incidentally, he too questions whether this is properly described as a "vulnerability," but I'm not sure what else it could be called.

The lesson here is that the media doesn't treat security reports very fairly. Some organizations have their own selfish reasons to push one agenda or another. (Like Slashdot? You bet. But you know where we stand.)

The motive doesn't have to be that devious, though sometimes, of course, it is. If a reporter gets to write a story that questions a core belief of Linux zealots -- whether or not it's actually a core belief, and whether or not they're actually zealots -- that will be much more attractive than simply reporting security news. The nitty-gritty of security news, after all, is rather dry.

So next time you see a biased polemic about system security, or even a small media feeding frenzy about the latest exploit, take a moment to ask why it's being reported outside of the admins' mailing lists. Open source software is still a new idea to many in the traditional news media, and that means that it's a hook for them to hang any kind of story on -- good or bad.

A bankruptcy judge has refused to prohibit Toysmart.com's customer information from being sold as an asset against its debts. See the New York Times or the AP wire (CNET) version. Judge Kenner notes that objections may be raised later, and believes that in the absence of a buyer, any decision now would be premature. This case is key because, if the web's privacy policies are not guaranteed after a company goes belly-up, they're mostly toilet paper. But the lawyer for the now-bankrupt company argued that the privacy contract between TRUSTe and Toysmart, allegedly guaranteeing visitors' privacy, "like others in a bankruptcy proceeding, may have to be broken in order to realize the highest value for creditors in a sale."

That lawyer went on to say that the "adverse publicity" raised about the auctioning-off of your privacy made it hard to find a buyer for your personal information. A shame. "Now we're back where we started."

Why is he so worried about not finding a buyer? Because information about customers is valuable. Don't let corporations pretend otherwise. Selling who you are and what you buy can be a substantial source of revenue; as far as these companies are concerned, that's just one of their assets, like their cash in the bank or their real estate. Toysmart will continue to try to auction off those databases, probably after media attention dies down and it becomes easier to make the sale quietly.

And sadly, even if privacy prevails this time, it may not be important enough to set precedent, since the presence of childrens' information makes the Toysmart case "unique."

Update: 08/18 04:09 AM by J : For background info on the dot-com going-out-of-business process, check out this PlanetIT article. Note in particular that it can be hard for many dot-coms to find any tangible assets to sell, thus, customer data becomes more important.

-|Oblom|- writes "AMD has partnered with SUSE to port Linux to its upcoming 64-bit Sledgehammer chip. The story is on CNET and the projects site is here www.x86-64.org Well... I have been waiting for a while for this announcment. Hopefully by the end of next year I'll be running dual-core 1.5Ghz(at least) Sledgehammer with Linux on it"

VF/VT Hunter was first with the news. Could you gush about a product announcement for us, Mr. Hunter? "Oh hell yes :) This link over at C|Net details Sony's plan to release a Transmeta-powered notebook by year's end. I KNEW I should wait! What's better, it will include a built-in digital camera. Add standard USB and iLink (aka Firewire) support which seem to be prevalent on most Sonys, plus Sony's reputation for making the coolest looking gizmo's, and I think I've found my next big purchase. It just better not come with a Winmodem." But since it's not a full-sized laptop, should we assume it will be full-featured? Update: 08/15 11:15 AM by michael : The Picturebook line of Vaios doesn't sell very well - it's too small to be useful as a "real" laptop. If only Sony were smart enough to put this chip in their regular Vaios, they wouldn't be able to keep them on the shelves.

Thomas Charron writes: " CNet reports that http://www.techpages.com/ has leaked a *gasp* Linux AOL client. More info can be found here: http://new s.cnet.com/news/0-1005-200-2520423.html. Note, this isn't the AIM messenger, but the whole hog of the AOL access software.." See our last story. Debian and AOL, two great pieces of software that go great together?

so.what writes: "C|net has a story about Yahoo's clubs site being blocked by Saudi Arabia because the contents of the site were "against the kingdom's religious, social and political values." Seems to be another situation where "Big Brother" is looking out for you. "Big Brother" isn't just here in the U.S. folks. Click here to read the full story." Saudi Arabia uses a modified version of the Smartfilter Internet censoring software to censor the Internet access of the entire country. It's not 100% effective, but anyone getting around it is risking legal punishment.

wadetemp writes: "CNET has a story with details on the release of Intel's newest chips. Supposedly 1.4Ghz P4 will be out in time for the holidays, with numerous other models at some random date in the near or far future." And just when I finally got a P3!

pug23 writes: "CNET has an article about the Samuel 2, [a 1 Ghz-plus] processor which Via plans to begin production on in the first half of next year. More competition in this area can only be a good thing. Apparently they introduced the Samuel 1 (at speeds between 500 and 600 MHz) in June, but have been marketing it primarily in Russia, India, China and Eastern Europe."

pug23 writes: "CNET has an article about the Samuel 2, [a 1 Ghz-plus] processor which Via plans to begin production on in the first half of next year. More competition in this area can only be a good thing. Apparently they introduced the Samuel 1 (at speeds between 500 and 600 MHz) in June, but have been marketing it primarily in Russia, India, China and Eastern Europe."

Curtis Diesel writes "C|Net is reporting that a Virginia Judge has struck down a law that made it a criminal offense to deliver or make available sexually explicit material to juveniles. This law didn't really have a leg to stand on since it was passed." One of those well-meaning, but not thought out laws - good riddance.

Bravo writes: "C|net has recently published an interesting article on abandonware and its legality. " They do a good job of covering both ends of the spectrum - the publishers who want to hold on to their old code, and folks who see it as being wasted.

Bravo writes: "C|net has recently published an interesting article on abandonware and its legality. " They do a good job of covering both ends of the spectrum - the publishers who want to hold on to their old code, and folks who see it as being wasted.

Apache 2.0a5 seems to have gotten C|Net's attention today in an article with a few factual errors. For example, despite the misquote in the last paragraph, Apache can currently use several technologies, such as mod_perl and PHP (as modules), currently. Also, spawning a new process for each request is something Apache hasn't done in ages. Still, it's nice seeing some acknowledgement of Apache's effort!

Apache 2.0a5 seems to have gotten C|Net's attention today in an article with a few factual errors. For example, despite the misquote in the last paragraph, Apache can currently use several technologies, such as mod_perl and PHP (as modules), currently. Also, spawning a new process for each request is something Apache hasn't done in ages. Still, it's nice seeing some acknowledgement of Apache's effort!

joseph writes: "This article on C|Net announces Publius, a system similar to Freenet, meant to battle censorship on the Internet. What makes this approach interesting is its backing from AT&T Labs. Of particular interest in the article are the safeguards against the common opposition to such projects, like their use for piracy. Publius features no search utility and a maximum file size of 100k."

joseph writes: "This article on C|Net announces Publius, a system similar to Freenet, meant to battle censorship on the Internet. What makes this approach interesting is its backing from AT&T Labs. Of particular interest in the article are the safeguards against the common opposition to such projects, like their use for piracy. Publius features no search utility and a maximum file size of 100k."

Gareth writes "CNET has more information on IBM's wrist watch running Linux, including an interview with the vice president of research." A lot meatier than we had yesterday. It looks legit, but it's still looks pretty impractical (despite scoring many points on the old cool-o-meter).

This is Slashback. Read it before it's wrong again. Find out more about Mandrake's new honcho, the neurons firing in the American legal system's brains on Napster, Yet Another Cool GPLization, and Larry's new toy.

View the meal from which the soundbite was extracted! Jim Tyre writes: "When Slashdot reported on the preliminary injunction against Napster, and then on the Ninth Circuit Court of Appeals' stay of that injunction, a missing piece was the actual ruling by the lower court, since it was an oral ruling from the bench, and a transcript had not yet been made available. C|Net now has the transcript here, and it makes for good reading for those interested in what the court's thinking was, not just the result."

On second thought, I'd rather not dance. Andreas writes: "As reported by the Heise Newsticker The German company CMG, which threatened to sue over the use of their registered name SAMBA, has stepped down from their plans. Nice to see at least some kind of clueness."

The article is in German, but the fish renders it quite intelligible.

If you want a kiss from CmdrTaco, you must be this big ... ClubNation writes: "Empeg have released their MP3 car player download software under the GPL. Before now you could only get an i386 binary for Linux, but now the source should build on pretty much anything with GCC or another good Posix C++ compiler with STL. I've heard on the empeg BBS that it builds out of the box on PPC and someone's working on a native Mac version.

You can get the code from their Web site or from their Geek Site which is also pretty cool and has a photo of CmdrTaco and Hemos in the photo album!"

And even though companies like Aiwa and Kenwood are selling MP3 head-units, the Empeg has one of the coolest industrial designs I've seen in anything for a long time. When I am a bazillionaire, I will put the Mark XXII in my Escort;)

So, in layman's terms, what might these projects be? Robert McMillan writes: "Linux Magazine has an interview with the brand new CEO of MandrakeSoft, Henri Poole. In it, he says that Tucows has apologized to his company about the Penguin Payola controversy. Poole also hints at some new open source projects that MandrakeSoft will be sponsoring in the next year and talks about what former CEO Jacques Le Marois will be doing now."

And now it's time for a mini, mini, mini review: invisik writes: "I got my NIC (New Internet Computer) yesterday. It's definitely a Linux box, running Netscape Navigator (browser only) 4.73, in 800x600 (can't change it). Connects easily to their ISP, your ISP, or your ethernet connection (DHCP or static IP). Has some utilities to make life easier, telnet, ssh, citrix, vnc, IRC clients. Also some games, solitaire, etc, etc. Speed is good, it doesn't really have much running on it to bog it down, though. And there's a little red light that flashed when it seen network activity--pretty cool. Not too bad for $199 if you really need some decent connectivity to your office (ssh/citrix/telnet) which I'd guess most other Internet terminal-type devices lack ..."

jackstaley sent us an article about Transmeta testing mass production of its Crusoe processor. They talk about IBM (which can make copper chips, but interestingly enough, has licensing deals with Intel that should protect Transmeta from potential lawsuits) as well as exporting the production to Taiwan.

hakker writes: "It seems that Sega is drawing on the opinions handed down by the judge in the Napster case regarding who is liable when copyrighted files are distributed over file-sharing networks. This C-Net article describes how Sega has already shut down more than 200 ROM sites in the last couple weeks and is now after the ROM file sharing service Swapoo, which is run by a 17-year-old student. This is probably just the first of the repercussions we will see from the Napster case. How can companies like Sega be convinced that products that don't make them money anymore should be made GPL?"

s|eeper writes: "C|Net just posted an article about Tivo publicly stating that at this time, they have no problem with people hacking their Tivos to add more disk space."

vsync64 asks: "My employer hosts the main Gnutella site, and with the recent ruling against Napster, our servers are being pretty much crushed by the flood of Napster refugees. I'm wondering how much longer people believe this software will be usable. Obviously, given past events such as the whole DeCSS thing, the software will never disappear. Since there is a long tradition of "piracy" and sharing, going back to world-writable FTP sites, IRC channels, and BBSes, the practice won't disappear. I'm just curious as to what options the government and major corporations have in trying to stop it. They could probably get the software removed from the main sites, and possibly enact legislation to criminalize 'systems [and software] for the primary purpose of violating copyright', but what would the media and the unwashed masses think of this? Could copyright violation become stigmatized, much as smoking has, or could such an action be the final straw that turns public opinion against the large corporations once and for all?"

toodrunk2f_ck writes: "News has been slow to trickle out about the new "Colorado Junk Email Law" (HB00-1309). Signed by Gov. Owen on June 6, the law is about to become active. CNET has this article on it and the legislative synopsis is here. Basically, the law allows receivers of unmarked "junk email" to sue senders for a $10 civil penalty per piece plus court costs. It seems unclear, though, how enforcement will work and what effects it may have. Imagine the workload on the courts if every person receiving spam were to sue over it. It will be interesting to see whether Colorado sets a precedent for other states to follow with this law." Hemos posted an article about the law before it was signed; that article is unfortunately no longer available, but the comments are.

toodrunk2f_ck writes: "News has been slow to trickle out about the new "Colorado Junk Email Law" (HB00-1309). Signed by Gov. Owen on June 6, the law is about to become active. CNET has this article on it and the legislative synopsis is here. Basically, the law allows receivers of unmarked "junk email" to sue senders for a $10 civil penalty per piece plus court costs. It seems unclear, though, how enforcement will work and what effects it may have. Imagine the workload on the courts if every person receiving spam were to sue over it. It will be interesting to see whether Colorado sets a precedent for other states to follow with this law." Hemos posted an article about the law before it was signed; that article is unfortunately no longer available, but the comments are.

Tower writes: "Compaq Computer (Digital) and the Pittsburgh Supercomputing Center have won a $36 million contract to build a 2,728-processor supercomputer using 1.1 GHz EV68 processors in a 682 node Beowulf setup. Check it out here." This is a different machine than this one: That one was supposed to be used to calculate nuclear explosions, this one will be used by the National Science Foundation to work on biophysics, global climate change, astrophysics and materials science, according to the article.

Ever more information for you, the loyal photographic memory-blessed reader. That is to say, more on Linux on Macs -- and not just the sexy new ones. Evolving attitudes in Kansas. Misinformation about Survivor. And cheap, cheap boxes for your node-in-every-room home network.

Pardon me sir, are you going to finish that Apple? Marco van de Voort writes: "MkLinux now has official support for these much sold first Nubus based PowerMac generation, that is rotting away in basements. These machines make excellent X-Terms." And the same models can naturally run NetBSD, too. [Updated 6:26GMT by timothy] Reader vkulkarn corrects me here. Mea culpa, you're right -- only some of the old Nubus PowerMac models actually run NetBSD. But I bet someone, somewhere is plotting to change that.

Garage sales can now support Linux.GigsVT writes "Coollogic has released a new set-top box, this one with Linux already installed. Sounds like ripe hacking material to me. Blurb: The Internet Ready 7200 uses a National Semiconductor MediaGX processor, 16MB of flash memory instead of a hard disk, 32MB of RAM and has the ability to connect to the Internet via DSL, Ethernet or a modem. It uses a TV instead of a monitor and comes with Netscape's Web browser." And MrRobahtsu writes "Want a 64MB diskless 200MHz Linux box cheap? Try egghead. With IDE, USB, 10/100 ethernet, and Linux and Netscape in flash ram, it looks pretty cool. Even says "can be upgraded to a pc." Not bad for $129."

Toto, I don't think we're in the Pleistocene anymore! Claudius writes: "This cnn.com article reports that Kansas voters now support the teaching of evolution in their public schools, as evidenced by recent election results. They have voted to remove two incumbents to the Kansas Board of Education who have supported standards diminishing the importance of evolution, and a third, anti-evolution candidate was unable to defeat an opponent who opposes the current standards. The issue is still far from settled, however, since five of the ten seats on the board remain to be filled in November." For a refresher on the sticky state of evolution in Kansas education, see Hemos' story on it from a while ago.

Ha ha fooled ya good. TeacherReviews.com writes "Gervase just got voted off the Survivor island, meaning that RealWorldBlows discussed in a past story produced a false result and the actual winner of Survivor is still unknown." True enough. What was going through the collective CBS head when they failed to follow the directive of their own Web site?!

Still horrifying after all these days. chaidawg writes: "According to this article in the New York Times (free registration req.), author Stephen King's experiment with payment for e-publishing seems to be working. After the first of three promised chapters he has made back all but $10,000 of the more than $100,000 he spent on advertising." This still doesn't mean Jamie is wrong -- yet.

limako writes: "According to this C/Net News article, it turns out that Microsoft's recent contracts with businesses obligated the businesses to buy an additional copy of Windows 2000 even if the machine came with a licensed copy already installed. Now that is getting you both coming and going." Or, as David St. Hubbins said about Tapster, "There's a fine line between exploitation and opportunism."

roca writes: "Check out this new CNET article, then check out the thread that spawned it. Some random person in a Mozilla newsgroup said "hey, wouldn't it be cool to build Office-like functionality on top of Mozilla", and CNET decided this means a MozOffice project is happening (WRONG), and that millions of people need to know about this. Naturally, many readers believe them and are now flaming away because "Mozilla hasn't shipped a browser and now they're doing THIS!" What can a free software project do about this? Close the mailing lists or newsgroups to the media? Flame/sue the people who screw up? What?"

Well, it looks like James Russel has set up a site devoted to this idea on which he outlines why he thinks such a confluence would be a good idea, but he honestly notes: "This site is a placeholder that I hope to turn into an organizational centerpiece for what I think has the potential to be the most powerful side of Mozilla yet." And why shouldn't it be? Can't a modular framework grow far enough to cobble some words together? So long as it stays modular, that is. Even if a pipedream, it's an interesting that will no doubt inspire further inquiry.

I get a steady trickle of e-mail from Microsoft employees who dislike many of their employer's actions, and I know many good, concerned reporters who work at ZDNet, the Washington Post, USA Today, and other media outlets who do not follow any secret "editorial agenda." There are plenty of real conspiracies out there. We shouldn't waste our time making up fake ones, and we should never assume that all employees or associates of a company or government agency are part of a faceless, marching mass that always does exactly what its leaders want.

Let's start with Microsoft. Remember when they asked us to pull some reader posts? That was the work of a few people in an obscure legal department, not a case of a leering, drooling Bill Gates calling a cowering subordinate and screaming, "Slashdot sucks! Kill Slashdot, kill, kill, kill!" And obviously not everyone at Microsoft agreed that it was a good idea to keep the matter alive, because it has since been allowed to die quietly. (We haven't written anything further on the subject because there has been nothing to say. No news is good news.)

There is no giant, singleminded conspiracy at Microsoft, just thousands of people trying to get through the day. This is how things really work at any large company. Good decisions get made and so do bad ones. Projects get started. Some of them work out and some of them don't. Orders issued from the top sometimes get carried out effectively and efficiently, and sometimes they don't. I often suspect that some of the worst software (and the worst Web sites) I see are so crappy because the workers actually putting them together are unenthusiastic about management's plans and are either consciously or subconsciously dragging their feet -- or, in this case, their coding fingers. I'm not implying any employee conspiracy, either; these tend to be individual decisions that, collectively, may look like a consipracy to an outsider (or a boss) when there really isn't one.

Now let's take a look at one of Slashdot readers' favorits media whipping boys: ZDNet, which is now part of CNET. If you look closely, you'll see that ZD is no more organized than rush hour traffic in Paris. There are dozens of publications listed on the ZD main page. Some of them deal with Linux all day long, some are pure Windows, others concern themselves with consumer electronics and are only interested in things like camcorders or stereo gear. Jesse Berst is often treated as if he is the boss of this whole thing. He's not. He is the front man for one little piece of it called AnchorDesk . Berst has nothing to do with PC Magazine or Yahoo! Internet Life or GameSpot , all of which are also part of ZDNet.

The people who write for all these separate publications never meet. Most of them don't even know each other. They have no idea what ads are going to run where, so even if they wanted to pander to a particular advertiser they'd have trouble doing it effectively. The guiding rule at a big media mill like ZD or CNET is to have usable copy to fill all the pages every day, and they have a lot of pages to fill. Editors at these places are help-short and constantly looking for new freelance and staff writers. They don't have time to sit there and say, "Oh my, we need more stories today that make Microsoft look good and Linux look bad."

Offline media workers are similarly rushed. In many publishing companies (including Andover.net) close contact between editorial-side employees and and business-side employees is discouraged. There are journalistic organizations that act as watchdogs to help keep editorial content free from business or outside influence. These groups avidly publish instances of improper behavior. Now and then, their work gets direct results, but more often the influence is subtle; a media outlet that gains a reputation among journalists for altering stories or trying to taint them to satisfy advertisers has trouble recruiting and retaining high-end writers, and almost always sets itself on a downward quality spiral.

Remember, the shortage of competent writers and editors, especially in tech-oriented fields, is almost as acute as the shortage of competent programmers. This has not always been so, and may not always be so, but right now there is no excuse for a tech media writer to accept conspiracy-level censoring from a publisher.

Now we'll talk about the biggest and most perfidious influence I believe does exist throughout media everywhere, even though it is not a conspiracy per se: denial of access.

Imagine a celebrity besieged by reporters. Imagine that you're the press agent for that celebrity. Your client has one interview time slot open this week. You have a dozen writers begging for that interview, all of whom have audiences of approximately equal size. One of those writers has always been "nice" to your client, six of them have been (in your opinion) fair but not necessarily nice, and five of them have written primarily negative stories about him or her.

Which writer gets the interview?

Twenty years ago there were hardly any celebrities in the computer industry. Even Steve Jobs and Bill Gates were thrilled to speak openly, off the cuff, to reporters from magazines that had only a few thousand or even a few hundred subscribers. Now the people at the top of the computer business tend to be as infected with celeb-itis as movie stars and top-end politicians, and as cautious about interviews as any other group of celebrities. It has gotten to the point where interviews with computer industry honchos are about as informative as Jay Leno's interviews with actors and acresses pushing their upcoming movies.

Worse, in many cases the hardware or software itself is the celebrity in question. A tech-news writer, like a political writer, is under a certain amount of pressure to break news ahead of his or her competitors. Getting pre-release access to new products can make or break careers in this field. And who gets the most "sneak peeks" at new stuff coming out of Redmond or Cupertino or wherever? Writers who are A) generally negative; B) generally fair and unbiased; C) usually full of "Golly! Gee Whiz!" praise for any new piece of hardware or software that falls into their hands?

Pretend, for a moment, that you're a PR person for Apple. You have only 20 demo/review units of the new G21, equipped with GNU/Hurd-based MacOS 40.2 and a 3.6 GHz Intelorola available. Of the 100+ reasonably well-known computer journalists who have requested pre-release units to review, which ones will you choose? If you don't select the Mac-boostingest people in that whole crowd, then you're not a good PR person.

Computer trade journalists know that this is how the game is played. I used Apple as an example, on purpose, because they have the worst reputation among computer journalists for playing the "If you want to see our latest stuff you'd better be nice to us" game. According to posts to some of the private online journalists' e-mail lists I'm on, Microsoft is evenhanded compared to Apple, and other companies vary widely in the level of journalistic favoritism they expect to have shown toward them in return for easy access to their latest products -- and easy interview access to their key people.

But none of this is a conspiracy. It's quite Randian, really, in that a whole lot of individuals are performing in ways they perceive to be in accordance with their own (or corporate) best interests. No one can plausibly argue that computer manufacturers or distributors have any legal obligation to hand out review products in an evenhanded manner. It's a fact of life that Tuxtops or Corel are going to send Slashdot editors their products before they throw demo units at Windows Magazine , just as Microsoft is going to display the exact opposite bias.

I have questioned the whole idea of using free, manufacturer-supplied review units more than once, even those that are short-term loaners instead of "keepers." I believe there's temptation on the corporate side to make sure review units are just a little better-tested than those sold to the general public. But while reviewers who stick to buying products anonymously through normal channels may give slightly more honest reviews than those who rely on company-supplied units, they will never get anything to review before it is released, so an ethically pure reviewer will often be left far behind those who are a little more (shall we say) flexible. This is especially true of magazine writers whose deadlines may be weeks or months before publication date. I have come to accept the incestuous relationship between computer product reviewers and the people who supply those products as a fact of life. I don't necessarily like this way of doing business (even when *I* do it), but I don't think it's part of any grand conspiracy to dupe the public.

Bigger companies also have a tendency to enclose "reviewer guides" with demo products to make sure reporters know all of the product's good points so that they can (hopefully) cover them in their articles. Indeed, you can just about write a credible-looking, if uncritical, "review" from most of these guides without ever actually testing the product yourself. I regard this as the worst thing that can happen, the equivalent of writing a "news" story about a politician directly from his or her press kit. And stories that are nothing but rewritten PR pieces appear every day in all kinds of media, about all kinds of topics. The sad secret of PR-rewriting is that it can be a bonanza for a free-lancer. Take (for example) a press release about a potential new cure for [insert disease here] from researchers at [insert university here]. A hungry freelancer can easily reword the statements in that press release to produce at least three or four stories for different media, ranging from the medical trade press to regional general-interest publications. Even at low-end freelance rates, a rapid typist who does this can crank out $1000 worth of stories in a single morning. Do this six or eight days a month, and you have a nice little income to support you, and still have most of your time free to work on your (inevitable) novel, go sailing or whatever else strikes your fancy. Again, no conspiracy, just individual greed. Editors are supposed to detect and prevent this sort of thing, but they are generally overworked and have "news holes" to fill, so lazy journalism often slips by their eyes -- and not only from freelancers. In-house writers, especially on small and understaffed publications, face the same temptation to cut corners -- and often yield to it.

And now, on to the great (gasp!) Slashdot editorial conspiracy. Real life around here is that this site is run, day to day, by about six people, all of whom are independent to the point of uncontrollability. We share many common biases, and CmdrTaco sets the overall tone of the site, but that's it. One editor might post a story another wouldn't. Jon Katz writes what Jon Katz feels like writing. Hemos is ... Hemos, and also determines which books whould be reviewed, and by whom. Timothy picks stories and SlashBack material on his own, Cliff chooses "Ask Slashdot" material, and Emmett decides what stories he should cover, all by himself. Sure, we kick stuff around and ask each other for advice, and CmdrTaco will sometimes issue general directives about kinds of stories he'd like to see more often and other kinds he'd like to see less often, and these directives get followed to a certain extent, but when you come right down to it the ruling principle around here is "Chaos is Better Than Order."

No human-run organization operates with Borg-like singlemindedness. People are incapable of that kind of groupthink. Not even the old Soviet Union achieved it. This is why I am leery of so many of the conspiracy theories touted here and elsewhere. Face it: once you get behind their public masks, Microsoft, "the mainstream media," the U.S. Department of Justice, and many of our other favorite alleged conspirators are no more organized than Slashdot, and are no more capable than we are of sustaining any kind of secret agenda for any length of time -- at least not without getting caught.

flufffy writes "According to this report on CNet, a new Jupiter Research report on 2200 online music fans has found that Napster users are likely to buy more rather than less music. "Because Napster users are music enthusiasts, it's logical to believe that they are more likely to purchase now and increase their music spending in the future," Jupiter analyst Aram Sinnreich said in a statement. OK so it's another Napster story -- but, of all the Net behaviour researchers out there, Jupiter are one set of people I would trust more to do their research methodically and impartially. I think that this is one of the strongest surveys of the issue released so far." I'm sure that the RIAA has statistics that will say the opposite, but I think I agree with this - just because I can download something doesn't mean I don't want the CD as well.