Slashdot Mirror

Matt_Bennett writes "According to this report from CNN, it is possible to send a SMS (Short Message Service) message to certain Nokia GSM phones, in particular the Nokia 7110, which will cause it to lock up. At this point, they are unsure if it is possible from an email-to-SMS gateway. The phone has to have its battery removed and replaced to return to normal operation." "Sorry I couldn't call you back, my phone was haxx0r3d." We laugh, but as personal electronics get better, we rely on them more... and at the same time, they become more complex: the potential security holes grow. Its kinda creapy.

StoryMan writes: "Amazon.com decides to revise its privacy policy and states that it considers consumer data a saleable asset. Story here at CNN." Michael notes that this only happens if Amazon.com is sold: essentially covering their butts in case they go bankrupt. Of course considering their burn rate, this doesn't make me feel better. I haven't shopped at Amazon since their one-click-shopping patent, but I'm sure they have plenty of stuff listed about me from an era when I happily shopped with them (mind you this is before Amazon diluted itself by selling so much crap, that buying books became a pain).

Jamie adds:

Note the language of the new privacy policy: "of course" your private information will be "one of the transferred assets."

Did you think your information would still be private five years from now, when the dozens of companies you've shopped at have all gone bankrupt one by one? Ha ha! Foolish consumer!

The first test case in bankrupt-privacy seems to be Toysmart, and the latest word on that is that a judge refuses to forbid such "asset transfers." We'll keep you posted on the Toysmart case, but for now, it doesn't look good.

cascino writes: "CNN is reporting that a French organization under the direction of Jean-Marc Philippe [KEO] is planning on launching a time capsule, called the KEO, next year that will contain electronic messages inscribed on CD's from people around the world. So what, you ask? It is planned to remain in orbit until the year 52001." But wouldn't DVDs hold a lot more data? Perhaps they would like my Visa statements. The cool thing is you can send up to 6,000 characters worth of what you think should be on there.

PacketMaster writes: "The United States Commerce Department is accepting proposals to change how the .US domain is administered and registered. Basically they want to know why the .US domain is unpopular, what can be done with it, and who should administer it. According to this AP story on CNN.com even the U.S. Postal Service didn't want anything to do with .US. The request for comments on the changes is here. The .US domain is governed by RFC 1480. It sounds like they want to rekindle interest in the .US domain. I think this change is interesting because I wanted to register in the .US domain earlier this year. The organization that holds the administration function for my geographic 3rd level domain wanted $40 a year to register my 4th level domain. I got a .net cheaper elsewhere but I wouldn't have minded a .US if it was cheaper or free like many .US's are and also shorter -- www.domain.city.state.us anyone? Many other countries give out domain.ccTLD or domain.com.ccTLD; why can't the U.S.?"

Legolas-Greenleaf writes: "The Royal Canadian Mounted Police are currently conducting an investigation into a software package called 'Promis,' used by the government, that allegedly contains a backdoor. According to Inslaw Inc. (original makers of Promis), the American and Israeli intelligence services pirated this software package, and resold a hacked version allowing them access. This software is possibly running in some of the RCMP's databases. The Canadian newspaper The Globe and Mail has a story on it here, and CNN has a story on it here." The whole thing reads a bit like a Monty Python sketch: a months-long investigation based on sketchy allegations from 1993, claiming some very interesting just-among-pals bureaucratic copyright violations. Hmmm. A handful of Canadian quarters says it's not an open-source product.

M$ Mole writes: "According to CNN, Microsoft is now developing their own chips for WebTV and other new internet appliances. The article is lacking in terms of technical details of the chips, but does bring up a good question of: What does this do to the Wintel relationship?" The idea of Microsoft making chips will raise a lot of eyebrows ceiling high, but it sounds like a fairly modest endeavor thus far, not MS jumping into the ring with AMD, Motorola, Intel, or even with the smaller X86 makers. As M$ Mole and the article say, it's about chips for appliances -- for now.

Jayvz writes "There is short article on CNN saying that Logitech is to release the iFell MouseMan this fall. It vibrates (or rather feed-back) as you move your cursor over "texturized" pictures. " I saw a variation on this way bacj that was quite practical, but wasn't "texture" it was more "magnetic" (resize a window and have it feel like you're stretching a rubber band... drag a window to a border a feel resistance). Awesome stuff, but I'll believe it when its happening on my desk.

Jayvz writes "There is short article on CNN saying that Logitech is to release the iFell MouseMan this fall. It vibrates (or rather feed-back) as you move your cursor over "texturized" pictures. " I saw a variation on this way bacj that was quite practical, but wasn't "texture" it was more "magnetic" (resize a window and have it feel like you're stretching a rubber band... drag a window to a border a feel resistance). Awesome stuff, but I'll believe it when its happening on my desk.

Do you remember the Piranha debacle back in April? Welcome to Part II. Last Tuesday, it was revealed that Microsoft SQL Server 7.0 is shipped with a default password - just like Red Hat's piranha module. Unlike Piranha, SQL Server is very common software for large e-business websites. Unlike Piranha, the vulnerable software has been shipping for months. Unlike Red Hat, Microsoft refuses to take responsibility for their mistake, which, unlike Red Hat's, has resulted in actual documented break-ins, some at high-profile websites. So why haven't you read about it?

Because unlike Red Hat, Microsoft is getting a pass by the media.

Piranha is web clustering/failover software that was released in April by Red Hat without much QA. It somehow went out the door with a default password ("Q") and without docs explaining in big bold caps that it must be changed. If you installed the Piranha RPM without reading the docs carefully, you had a security hole on your site.

The hole allowed an attacker to come in over port 80 and execute arbitrary commands as the Piranha user, which would have been the web user. Typically that's a nonprivileged "nobody" account. While this is never good, let's just note for the record that this is a read-only exploit unless the webserver is very poorly configured.

The media flipped, in a word, out.

Piranha: A Case Study

On April 25, Computerworld announced that the "backdoor password ... could allow an attacker to compromise a Web server and deface and destroy a Web site." Informationweek and Internetweek both warned about "a back-door security flaw that carries ISS's highest danger rating." MSNBC/ZDNET ran the story as "Red Hat Linux open to backdoor password" and explained "there's a backdoor account in Red Hat's Linux that would let a computer intruder access and alter files." The Standard's early report on April 25 wasn't too bad but attacked -- as all reports did to some degree -- the strawman myth that open source is inherently secure. At least it didn't use the word "backdoor." Newsbytes was pretty much the same.

"Backdoor" implies that the flaw was deliberately inserted, by a thoughtless or even malicious programmer. Why did most stories incorrectly use that word? Mostly because that was how it was described in the press release. A security firm called Internet Security Systems found the flaw on April 24 and sent out a security advisory that used the term four times by the end of the first paragraph.

ISS also made some interesting statements when speaking to the press about the vulnerability. Oft-quoted was a line about open-source being both a blessing and a curse (the media loves "on the one hand, on the other hand"). I also liked this comment from their research director:

"There's limited quality assurance in the open-source environment," says Rouland, "because open-source software is basically a bunch of peoples' hobby."

Of the early stories about Piranha, the best one I found was Henry Kingman's ZDNet piece on April 24 (both early and accurate: amazing). CNET's on April 25 wasn't bad either, though they let ISS lay down the anti-open-source and pro-Microsoft propaganda a little thick.

In the days to come, the story didn't change much except to note that Red Hat -- correctly, as it turned out -- denied the seriousness of the vulnerability and tried to explain that it wasn't really a backdoor. Inter@ctive Week's Charles Babcock did such a piece on May 1.

Computer Reseller News still called it a backdoor on April 27. And NetworkWorldFusion's report and Informationweek's followup both came out on May 1, both got the important facts right, but both still called it a backdoor.

ClieNT Server News ran an article in their May issue explaining "Red Hat Red-Faced." I'm not about to pay to read the whole thing. The free synopsis that's available smirks at how "embarrassed" the company must be, and ends: "It seems that Red Hat left a back door in," dot, dot, dot.

The Standard had a second, fair piece that eschewed the term and even, after quoting the line about open-source being a "hobby," gently suggested otherwise.

But the gold stars go to just two good reports. SecurityFocus' Elias Levy, on May 1, turned the spotlight on ISS by pointing out how they "...can make headlines by using the right jargon, even when it's wrong." And Linux World News' Liz Coolbaugh, who had weighed in a few days earlier, questioning the media's coverage in her story "Red Hat Security Hole Not a 'Backdoor'."

If you find any more stories about Piranha, post them below. The Red Hat-bashing pretty much came to a halt a week later, when a little Microsoft-specific email virus named "ILOVEYOU" did a few billion dollars' worth of damage.

(Breaking news: all charges dropped; to quote 10,000 Maniacs, "who ya wanna blame?")

Microsoft SQL Server 7.0

You've heard about the SQL Server vulnerability, right? The one found on Tuesday, six days ago?

Well, no, you probably haven't, unless you read NTBugtraq. Even the maintainer of SecurityPortal's Microsoft Security Digest missed it this week (don't worry: I dropped him a note, he added it).

As the cracker Herbless describes it:

"It has come to light that it is now common knowledge that MS-SQL has a blank 'sa' password by default. This seems to affect a _lot_ of servers on the internet."

A default password vulnerability? Sounds familiar, doesn't it?

Here's Herbless's description and exploit code, posted to BugTraq last Tuesday. And here's Microsoft's acknowledgement, posted on Thursday.

Herbless wasn't kidding when he said it affected a lot of servers. If you're running SQL Server 7.0, with a firewall that doesn't block its port, and you haven't changed the sysadmin password, you're vulnerable.

As he described it to me, unlike Piranha's vulnerability which gave read-only access as an unprivileged user, this one typically gives access as "BUILTIN\System." I don't speak NT, so he had to describe to me what this is: "god-like powers ... greater that those of even the 'Administrator' user."

In other words, you have been 0wn3d.

You may be thinking that this is a vulnerability. Go back and read Microsoft's acknowledgement again. They say quite clearly, "The code does not exploit a vulnerability."

Does it confuse you that what was previously a "backdoor" is now not even a "vulnerability"? That threw me for a loop too -- as well as some of Microsoft's other disclaimers, which only make sense when you realize you're reading non-sequiturs about the newer version SQL Server 2000 (the vulnerability only affects SQL Server 7.0).

All will become clear, though, once you read this story from vnunet.com -- the only media story I've seen, by the way. The fault lies with the website administrators:

"Hacked websites 'didn't read the manual'

"Microsoft has blamed administrator error, rather than a bug in its software, for leaving hundreds of websites running SQL server open to attack this week."

Did they say hundreds? Yes, hundreds, at the very least. And did they say "hacked websites"? Yes -- this is not a theoretical vulnerability with no known attacks, like Piranha was.

All this month, Herbless has been cracking into websites like the National Transportation Safety Board and leaving edgy political messages (while backing up the original files and telling the admins how to close the holes). He confirmed to me that all his attacks, including the Fish and Wildlife Service, the UK's Adult Learning Inspectorate, and the Commonwealth Telecommunications Organisation, were done by exploiting Microsoft SQL Server.

Just to make the story that much better, according to Herbless, the default configuration of SQL Server 7.0 also has logging turned off -- in which case a successful attack would leave few if any tracks.

Sites are lucky if their webpages are hijacked; that way they know to fix the problem, format and reinstall. But some of those "hundreds" of websites running the vulnerable installation have surely been cracked by black hats who quietly installed Back Orifice or a similar remote-exploit program. They can set an SQL Server password, but it won't help them: they'll still be 0wn3d.

The proper fix would be to force the password to be changed before the software can be used, as piranha now does. Wayne Sowery of MIS Corporate Defence Solutions confirmed for me that "versions up to SQL Server 2000 do not ask for the SA password during installation ... we also tried various install options such as 'typical' and 'custom,' neither prompted for a new SA password." Incidentally, he too questions whether this is properly described as a "vulnerability," but I'm not sure what else it could be called.

The lesson here is that the media doesn't treat security reports very fairly. Some organizations have their own selfish reasons to push one agenda or another. (Like Slashdot? You bet. But you know where we stand.)

The motive doesn't have to be that devious, though sometimes, of course, it is. If a reporter gets to write a story that questions a core belief of Linux zealots -- whether or not it's actually a core belief, and whether or not they're actually zealots -- that will be much more attractive than simply reporting security news. The nitty-gritty of security news, after all, is rather dry.

So next time you see a biased polemic about system security, or even a small media feeding frenzy about the latest exploit, take a moment to ask why it's being reported outside of the admins' mailing lists. Open source software is still a new idea to many in the traditional news media, and that means that it's a hook for them to hang any kind of story on -- good or bad.

Anonymous Coward writes: "Here is a nice article about how the IOC (International Olympic Committee) is banning the Internet from the Sydney Games. Here is the link: http://www.cnn.com/2000/TECH/computing/08/15/olympic.ban.idg/index.html". This story came from the Industry Standard, but since on their site it's an unfriendly multi-page format, we'll link to CNN. Are the Olympics nothing more than eyeballs to be sold to the highest bidder? Very thoughtful article. (A mostly-unrelated aside: Don't use the e-mail kiosks at the 2002 Olympics.)

stubob writes "CNN.com is reporting in this article that within the next 2 weeks a university will be selected to review Carnivore. This is apparantly a follow-up to this story posted on Slashdot last week. It will be a hardware and software review, lasting until December. The FBI has not decided which university will perform the review, and no information was given on who at the university will actually be performing the review."

stubob writes "CNN.com is reporting in this article that within the next 2 weeks a university will be selected to review Carnivore. This is apparantly a follow-up to this story posted on Slashdot last week. It will be a hardware and software review, lasting until December. The FBI has not decided which university will perform the review, and no information was given on who at the university will actually be performing the review."

webword asks: "There are many geek tools in the world, e.g., Palm Pilots, desktop computers, cell phones, cameras, digital watches. I've seen things recently like Samsung's cell phone camera and on Slashdot we've talked about the merger of cell phones and PDAs. Obviously, as time goes on, technology will improve so that these tools can talk to each other. However, it is entirely unclear how much physical merging can occur. There are screen limitations, human memory limitations, color limitations and so forth. So, just how much can our devices merge?"

Ever more information for you, the loyal photographic memory-blessed reader. That is to say, more on Linux on Macs -- and not just the sexy new ones. Evolving attitudes in Kansas. Misinformation about Survivor. And cheap, cheap boxes for your node-in-every-room home network.

Pardon me sir, are you going to finish that Apple? Marco van de Voort writes: "MkLinux now has official support for these much sold first Nubus based PowerMac generation, that is rotting away in basements. These machines make excellent X-Terms." And the same models can naturally run NetBSD, too. [Updated 6:26GMT by timothy] Reader vkulkarn corrects me here. Mea culpa, you're right -- only some of the old Nubus PowerMac models actually run NetBSD. But I bet someone, somewhere is plotting to change that.

Garage sales can now support Linux.GigsVT writes "Coollogic has released a new set-top box, this one with Linux already installed. Sounds like ripe hacking material to me. Blurb: The Internet Ready 7200 uses a National Semiconductor MediaGX processor, 16MB of flash memory instead of a hard disk, 32MB of RAM and has the ability to connect to the Internet via DSL, Ethernet or a modem. It uses a TV instead of a monitor and comes with Netscape's Web browser." And MrRobahtsu writes "Want a 64MB diskless 200MHz Linux box cheap? Try egghead. With IDE, USB, 10/100 ethernet, and Linux and Netscape in flash ram, it looks pretty cool. Even says "can be upgraded to a pc." Not bad for $129."

Toto, I don't think we're in the Pleistocene anymore! Claudius writes: "This cnn.com article reports that Kansas voters now support the teaching of evolution in their public schools, as evidenced by recent election results. They have voted to remove two incumbents to the Kansas Board of Education who have supported standards diminishing the importance of evolution, and a third, anti-evolution candidate was unable to defeat an opponent who opposes the current standards. The issue is still far from settled, however, since five of the ten seats on the board remain to be filled in November." For a refresher on the sticky state of evolution in Kansas education, see Hemos' story on it from a while ago.

Ha ha fooled ya good. TeacherReviews.com writes "Gervase just got voted off the Survivor island, meaning that RealWorldBlows discussed in a past story produced a false result and the actual winner of Survivor is still unknown." True enough. What was going through the collective CBS head when they failed to follow the directive of their own Web site?!

Still horrifying after all these days. chaidawg writes: "According to this article in the New York Times (free registration req.), author Stephen King's experiment with payment for e-publishing seems to be working. After the first of three promised chapters he has made back all but $10,000 of the more than $100,000 he spent on advertising." This still doesn't mean Jamie is wrong -- yet.

At 11:30 AM PDT today, Bennett Haselton of Peacefire is scheduled to begin speaking to the COPA Commission. The occasion is their third and final hearing on the subject of blocking software, aka censorware. Our highly hilarious report on the second hearing may still be fresh in your memory; this time around, Bennett takes on the products FamilyClick, CyberSentinel, and SurfWatch.

The reports themselves make for the most interesting reading; I'll just summarize them here:

FamilyClick

The following sites were blocked on the "18 or older" setting, in other words, the software thinks they were too violent, pornographic, hateful, etc. to be seen even by adults:

• AIDS Day 1997: China Responds to AIDS;
• Diccionario del VIH/SIDA (a dictionary of AIDS-related terms, in Spanish);
• Camp Sussex (a summer camp for low-income children);
• Triangles and Tribulations, an essay on the persecution of gay men and woman in Nazi Germany;
• "Homosexuality: Fact and Fiction", from the Christian Research Journal;
• genealogy of Alice Ficken (her last name means "fuck" in German).

and sodomy laws, pro-family protests of pornography, a defense of Wicca, etc.

Cyber Sentinel

The software's PR blurb says: "At the core of the technology is an advanced recognition engine developed by Security Software Systems engineers (patent pending). This proprietary engine is very fast, very low overhead, and is very accurate."

Blocked sites include:

• CNN.com homepage (because of the story headline "Naples museum exposes public to ancient erotica");
• searches for the term "COPA" on CNet, Wired, Time, and USAToday (because each results page had at least one filthy headline, such as "Back to court for Net porn law");
• The American Family Association (the right-wing group pushing for censorware in libraries and schools, including those surrounding the Slashdot Geek Compound);
• biographies of COPA Commission members Stephen Balkam and Donna Rice Hughes - because they both graduated "magna cum laude" (think about it);
• and, my favorite, the list of papers presented at the COPA Commission!

SurfWatch

This was a more interesting test; Peacefire took a sampling of 1,000 domains from the beginning of the .com zone file, and tested which ones that SurfWatch blocked. (Yours truly wrote the one-liner perl script to find sites that respond to ping; for that, Bennett almost named me co-author before I talked him down from his caffeine high.)

SurfWatch claims that it "adds over 400 new sites to the database every day, while also removing sites that no longer exist on the Internet or that have changed content. Our site database is the most accurate and reliable filtering you can find."

Of the 147 domains blocked, most (96) were clearly "under construction" and were ignored for the test. Of the remaining 51 blocked domains, 42 of them, or 82%, were erroneous blocks.

The 42 supposedly pornographic sites include:

• A-1 Dog Grooming and Kennels;
• American Builders;
• Waterbeds Online;
• A-1 Diamond Limousine;
• Poxy Coat;
• A-Antiques.com.

SurfWatch, for the record, is the software that the American Family Association (see above) and Family Research Council tried to force the Geek Compound's local library to install, earlier this year.

ka9dgx writes: "According to CNN, the judge has decided that the FBI has to make public how Carnivore works. The FBI has to come up with a timetable for disclosing how it works." More detail: The court has said that the FBI has 10 working days to create a timetable for when it would start producing records of how the system works. This comes as a result of EPIC's fast-track Freedom of Information Act ^[?] request for information. This does not mean, however, that the source code will be made public - but it's a step in the right direction.

Lady and Gentlemen, sit back and brace yourself for the assault of the quickies: AlexPixel sent us the curiously named Bilbo.com which actually sells feet keyboards for key modifiers and mouse clicks. cadfael sent us a sordid tale of a coder scorned. Some billboards: first from Ant we have a windows error and from mazur we have a bit of unix (must be california ;) mmca noted that scientists have discovered why candy wrappers are loudest in movie theaters. IcesTorm-I noted a supposed windows bug that will make ya wonder. DuncMonk sent us a cool comic strip called Sinfest that you might wish to add to your morning coffee. How about the x86 Still for those of you who believe that controlling your stereo, lights, garage door, and neighbors dog just isn't enough for your PC. Not out there enough for ya? How about RSA implemented entirely in javascript? (Doesn't work for me ... I leave that crap turned off ;) And finally to leave everyone on the proper melodic note, gribbly Symphony #2 for Dot Matrix Printers. Fortunately it's available in MP3 just in case you don't have a dot-matrix printer still handy...

Joe Moloughney was the first of several folks to point out that an emergency hearing is scheduled for 19:30GMT (3:30 Washington time) regarding disclosure of information about the FBI's Carnivore data surveillance system. The Electronic Privacy Information Center (EPIC) filed suit (pdf) and were granted the hearing because their request for details on how Carnivore works (under the Freedom of Information Act) have not yet been acted upon. [Updated 11:45GMT by t] voodoogumbo writes with an updated from Fox News that "[t]he courts declined to unwrap Carnivore."

Noctrnl writes: "Just caught this review of the new Apple optical mouse over at CNN. Looks like Microsoft may finally have some competition for the optical IntelliMouse."

Noctrnl writes: "Just caught this review of the new Apple optical mouse over at CNN. Looks like Microsoft may finally have some competition for the optical IntelliMouse."

After the spectacular failure of the last go-round, Kyle writes: "The commercial venture Sea Launch has successfully launched another communications satellite into geosynchronous orbit, restoring confidence in the floating launch system after a launch failure earlier this year. The video Webcast was entertaining, complete with hints that they threw a pretty good post-launch party out there in international waters." Reader marat points to CNN coverage of the launch. Isn't it neat how the space game is heating up?

CalamityJones writes: "This Reuters blurb briefly describes a comet erupting while researchers were tracking it with the Hubble Space Telescope. A slightly more complete article covering the event is on CNN.com. What are the chances of actually catching this event just at the moment you have the earth's most powerful telescope pointing right at the comet? Maybe these guys should be playing the lottery more often. :-)"

StoryMan was the first of a flood of readers to note: "Napster ruling has been stayed. Doesn't have to close by midnight! Woohoo!" As of 10:15 GMT, CNN is displaying a note that says "The injunction barring Napster from trading music online has been stayed. Details to come." Watch this space for updates.Update: 07/28 10:26 PM by H :Thanks to Sgt. Owen for the first real link about the stay. Update: 07/28 10:58 PM by t : And to michael hirschorn, who points to this story at inside.com.

lasertech writes "This story on CNN.com explains how the FBI will only use Carnivore to sift through e-mail only with a valid court order. Can the FBI be trusted with this?" While I don't want to stir the fire too much, the statistics concerning unauthorized wiretaps, which have similar restrictions, led me to believe that policing agencies need to get a grip on what they already have before they start working through more.

jmozena writes "Disney's failed Toysmart.com has gotten the go-ahead from the Federal Trade Commission to sell its customer database as part of a bankruptcy sale, as long as the buyer agrees to abide by Toysmart's privacy policy. The FTC also found that Toysmart violated the Child Online Privacy & Protection Act (COPPA) of 1998 by collecting information from children under 13 without their parents' consent, and is filing a complaint in federal court to get Toysmart to destroy that information before any sale. This is the first time the FTC has filed a complaint under COPPA. The FTC press release is here."

EasyKill adds: "[here] is a link to the zdnet story about the FTC allowing Toysmart to sell some of their customer database, albeit under limited circumstances. I don't think this is a good thing, but it could be worse."grahamwest also points out this CNNfn story on the decision.

You may also be interested in the story emmett posted when the plan to sell this data first came to light, and the followup hemos posted about the involvement of the FTC. For once, I think I (mostly) agree with the FTC.

Adam writes: "Below is a new HOWTO on escaping black hole, soon to be on linuxdoc.org ...Well, mabye not quite literally, still interesting. HOWTO-escape-bl ack-holes." Hmmm. Well, it's matter escaping from the accretion disk, which by definition is not inside the event horizon yet, so it's nothing really radical, but the producers of Star Trek-like shows can keep this handy for cheesy dialog on next season's shows. "Captain, we are activating the ion ray chambers to ride the supersonic winds out of the black hole!"

Darren M. writes: "This CNN article talks about a new law passed in Indianapolis. Apparently, starting the 1st of September, arcades will be required to place games with violence or strong sexuality away from non-violent games, separated by a wall or curtain. They will also be required to only allow persons 18 and over to play them. I cannot imagine how this is constitutional." This seems like a thin excuse to harden and extend the age stratification that passes in many areas of life for "common sense." Remind anyone of jamie's story about age restriction on Soldier of Fortune in British Columbia?

digitalfrustration writes: "The U.S. cellular telephone industry will start publishing information on the amount of radiation that enters users' heads when they use various wireless phones." Story by CNN. By the way, on the off-chance that the data says the equivalent of 'For The Love Of God, Stop Using This Device, We're Surprised You're Not Dead Yet,' does anyone think that people would stop using them?

ICANN is meeting once again, this time in Yokohama, Japan. And once again, No man's life, liberty or property are safe while the legislature is in session. Slashdot takes a look at ICANN and at the various attempts to beat some semblance of democracy and representation into the organization.

Before we even get into this, I'm going to recommend again that everyone sign up for ICANN's At-Large membership. The deadline is July 31 - if you haven't signed up by then, you've missed your chance to be one of a few thousand voters who will affect the course of the internet's development. U.S. registration is way below that of other internet-savvy nations on a percentage-of-internet-users basis, because the media in those countries has been running extensive registration campaigns. Slashdot will be covering the election process - register to vote! (Note: if you're planning to self-nominate yourself for one of the open board seats, even if it's not the North America seat, please email me - I'd like to talk to you.) We'll also take this opportunity to plug an unofficial site for the At-Large community created by a slashdot reader, www.applyatlarge.com. It's just getting started, but the At-Large community could use some non-ICANN methods of communication.

Jett writes "TomPaine.com has an interesting article discussing the upcoming ICANN elections. The article gives a lot of good info on how ICANN is set up as well as some analysis on some of the problems they are facing to ensure fair and democratic elections."

There's some information about the actual on-going meeting available in near-real-time, supposedly even a web-based chat though I haven't seen it in operation, sponsored by the Berkman Center. Keep in mind that Japan is ~14 hours ahead of the U.S., so the Saturday meetings will be occuring Friday night in the U.S.

Probably the most important news at this meeting is not the wrangling over new .TLDs, even though that is the only aspect of the ICANN meeting getting any press coverage. Though the vote hasn't happened yet, I'm willing to wager that the restrictive NSI proposals will win out - a few new .TLDs will be started, NSI will be running at least one of them (way to diversify!), with massive trademark protections so that most "good" domains will be unregistrable. That battle isn't going to be won any time soon. Note that every single problem associated with domain names - every single one, from squatting to scalping to companies hijacking domains from individuals - is caused by artificial scarcity of names. Eliminate the two sources of artificial scarcity (limited TLDs and trademark law) and all domain name problems vanish.

But the most important initiative at this meeting is the ambitiously-named Internet Democracy Project, started by the American Civil Liberties Union, Computer Professionals for Social Responsibility, and the Electronic Privacy Information Center. The site is already a great collection of links on ICANN, and promises more content in the future; it's a good place to start if you're new to this whole thing. They've articulated a civil society perspective on the ICANN elections process, ICANN itself, and the domain name system - excellent reading, excellent goals, I support them entirely. It remains to be seen what will come of this, but I hope that these organizations continue to do their utmost to push their views. Imagine a world where DNS was structured as they envision.

stubob writes: "CNN.com reports in this article that Ebay wants a federal judge to ban a user for life for 'using foul language and flouting its own attempts to ban him.' Ebay's defense is that he is 'disrupting the normal course of conduct.' This could be a great precedent, for /. at least, and maybe would give someone incentive to go after spammers (or even phone solicitors.)" Being that Ebay is a private, voluntary enterprise, isn't this a bit like asking a federal judge to keep the neighbors' dog out of your yard? Sounds like the user has already been banned -- by Ebay. Perhaps what they really want is a restraining order?

iatrim writes "CNN has a chilling story on the increasing use of new, more stealthy computer usage monitors." I know I would never work at a job which monitored me like this, but a lot of people don't really have the choice.

Allnighterking writes: "SBC has announced self installed DSL for large sections of their coverage area according to this article at CNN.com. More information available here for your area. Seems that they believe the support is available only for win98 at the moment with Linux et al support coming later. However, it's been my experience that with a little bit of networking knowledge and the external modem you can make it work on *nix now. The claim is that you can install in under one hour with 24/7 support available."

Allnighterking writes: "SBC has announced self installed DSL for large sections of their coverage area according to this article at CNN.com. More information available here for your area. Seems that they believe the support is available only for win98 at the moment with Linux et al support coming later. However, it's been my experience that with a little bit of networking knowledge and the external modem you can make it work on *nix now. The claim is that you can install in under one hour with 24/7 support available."

miss_america writes: "CNN is running an article about how the Internet has fueled distributed/parallel computing. It talks about the limitations, implications and possibilities of internet-based distributed computing. The article highlights UC Berkeley's SETI@home project, Distributed.net, and the ProcessTree Network."

miss_america writes: "CNN is running an article about how the Internet has fueled distributed/parallel computing. It talks about the limitations, implications and possibilities of internet-based distributed computing. The article highlights UC Berkeley's SETI@home project, Distributed.net, and the ProcessTree Network."

wrenling writes: "Toysmart promised to never share their customer's data. They lied. They are seeking to sell their customer databases. The FTC voted today to begin a court battle with Toysmart to block them from doing so. CNN has more details in a CNNfn article."

wrenling writes: "Toysmart promised to never share their customer's data. They lied. They are seeking to sell their customer databases. The FTC voted today to begin a court battle with Toysmart to block them from doing so. CNN has more details in a CNNfn article."

Anonymous Coward writes "CNN is running a story about a company that is saving periodic 'snapshot' archives of the whole www (or as much as they can) for historical purposes. Interestingly they say that although they might have considered saving everything except ads, they didn't throw away the ads because historians claim that ads give a better "glimpse of what life was like" in the past. I wonder what legal ramifications will arise for possessing such archives of the "whole web" as snapshots-in-time. Thoughts of DeCSS, CPHack, MS Kerberos' click-wrap license, I.P. "ownership" of collected databases cross my mind."

Do you want an i-Opener, and for how much? Are space-vehicle rescues "your thing"? Does your cute iMac suffer from a video-game-violence deficiency? Do your Web habits stray to courtroom and crime-scene voyeurism? Do you think that online privacy agreements must of needs outlive the dot-com-ephemera which offer them? If Yes to any or all, you've come to the right place.

Money changes everything. After numerous writeups about the hacking potential of their iOpener device, Netpliance changed their service model and even the design of the product itself. Sounds like that wasn't enough: Cy Guy writes: "Netpliance has announced that they are raising the price of the i-Opener from the introductory price of $99 to $399 (neither price reflects the $21.95/month cost of Netpliance's Internet service which must be used with the device.) In a c|net interview Netpliance president Kent Savage dismissed hacker modifications to the device as a factor in the price increase." As Ioldanach puts it, "Think its 'cause they finally realised it was cheaper to raise prices then 'hack-proof' their product?"

What I'd like to see is Netpliance package the LCD and CPU of the i-Opener and sell those packages to OEMs, so they could create custom housings, new uses, etc -- after all, lots of people would like a small LCD X-terminal.

MacGuyver, The A-Team, NASA ... Grave writes: "Looks like NASA got DS1 functioning again. A probe that was almost entirely made up of experimental technologies can be salvaged, yet two hopefully-soon-to-be-routine flights to Mars can't be. Ah, well, at least we know that Ion Engines are workable. Bring on the TIEs!"

TRUSTe dusts off the white hat for a bit? Last week, a story appeared which noted the alarming news that failed web-merchant Toysmart planned to sell its customer information in an effort to recover some money. According to this Standard story, "The nonprofit organization TRUSTe announced Friday it is planning to file a brief in bankruptcy court that will decide whether Toysmart.com can sell its customer lists." Jamie raises two points to consider:

1. Time will tell what effect (if any) TRUSTe's planned brief will have on the Toysmart bankruptcy proceedings.
2. The company that bought Boo.com insists they will continue to honor the old privacy policy for old customers.

Maybe we could combine this with 'Survivor'? jgalvin222 writes "APB Online, Inc. has filed for bankruptcy. This web site is known for offering in-depth breaking news, tons of information on ongoing investigations, and you can listen to live police scanners. This web site will surely be missed, and if you read the article, you can see that some of their techs have volunteered to post crime and safety articles over the next couple of weeks - without pay. If anything, you should peruse their video library, some of the clips are both amusing and interesting."

The Devil will find work for idle hands to do. Ryan writes: "Here is something to keep us Mac fans happy. Go2Mac reports that Diablo II has gone gold for Mac version, making this one of the quickest PC to Mac conversions ever." Here is the official announcement from Blizzard.

An Anonymous Coward pointed to a story on the AP wire, writing: "Why does the FBI and US government have problems with this merger? Is there some sinister wiretap access deal between the current US ISPs ? [From the article:] 'An NTT spokesman told the Journal a pending U.S. government review of the deal is a response to FBI and Justice Department concerns that law-enforcement agencies maintain access to Verio's Internet structure to obtain wiretaps and serve subpoenas for information. ... In telecommunications deals, the FBI has asked for assurances that only U.S. facilities be used to handle U.S. traffic. The FBI has insisted the companies employ U.S. citizens to handle wiretapping activities.'" A fellow-traveling A.C. points to coverage on CNNfn. Does this bother anyone?

In this episode of slashback, there's more on NanoStuff, censorship in various forms and venues, and further proof that the word "upstart" uttered or tapped in computer journalism regarding Linux is ever so much twaddle. You have been warned.

Sorry, but the print doesn't get any smaller. If the recent release of the Foresight Institute's nanotech guidelines intriguing to you, you might want to check out the new forum for nanotech advances and issues. bento writes: "From the press release: "I'm happy to report that one of Foresight's long-term goals -- to have a way to meet online that truly works -- is now a reality at http://nanodot.org. We think of this site as our daily newspaper -- all the news that's fit to "print" -- combined with a continual Nanoschmooze discussion. No login is needed to read the site." For those who are interested in nanotechnology's social and technological implications, this site should prove a great resource in finding out what's up in the field of nanotechnology."

One man's trash is other people's trash, too. psxndc writes: "FGNOnline has the scoop about the Interactive Entertainment Merchants Association unveiling new packaging options for PC Games at their annual conference. It brings up the point about games with large documentation not fitting into smaller DVD-type Keep Cases, but wasn't the digital revolution supposed to cut down if not eliminate the need for paper in the first place?? Most game-box contents are a jewel-cased CD, some docs, some ads, and a whole lot of unused space? Why?" Well, in the bad old days of the CD longbox (which are not that long ago), the most commonly cited reasons for the box of mostly-air were 1) the space is helpful for marketing purposes (pictures and blurbs and artwork, oh my!) and 2) everyone's favorite eupehmism for shoplifting, "shrinkage." Probably the same rules apply; game makers want to "stand out on the shelf." But if CDs can handle the switch, I bet games can, too.

How will the children survive? CuriousGeorge113 writes: "In a major decision today, a Federal Appeals Court has struck down COPA (The Children's Online Protection Act). According to this ACLU Press Release, a federal appeals court has deemed the law unconstitutional in nature and 'impossible to establish one "community standard" by which Internet speech could be governed.' You can also see the official court case here."

And in news that can only be called related ... Rude Turnip writes: "It looks like Mattel, one of the most despised toy companies discussed on Slashdot, is sellling off its notorious Cyber Patrol censorware. Cyber Patrol's parent company, The Learning Co., which is also owned by Mattel, is being sold off separately. Mattel said they would like to concentrate on their "core competency" of toys. The lucky buyer of Cyber Patrol is the British firm, JSB Software Technologies, PLC, who paid $100 million. With people like Jamie McCarthy out there fighting these purveyours of censorship and great sites like peacefire.org, I bet JSB will soon realize they paid just a little too much :-)" Maybe it's just not a sellers market; the article indicating that Cyber Patrol was to be sold went up a few months ago.

In six years, Tux will be driving. xannax writes: "I just bought a new IWILL VD133 motherboard, and after the usual setup and such, popped in the configuration cdrom - and was suprised to see a Linux kernel boot up on the monitor. When the cd boots, it gives users without an fdisk'ed partition a chance to make disks for board and chipset config; but the neat thing is the use of Linux for the cd. I mean, two years ago, when I wore my "Penguin Power" t-shirt, most of the attention I got was from hockey fans. But just as the logo on the shirt has faded from repeated washing, the exact opposite has happened to the visibility of the Linux OS; it's gone from hackers and nerds only to mainstream. Great to see a company with a reputation like IWILL use Linux in this fashion."

Come sirrah Jack Straw! MrM writes: "An IDG.net story on CNN says that in the face of increasing pressure from privacy groups, business groups and Internet service providers (ISPs), the U.K. government is backing away from some of the more controversial aspects of its e-mail surveillance bill currently under consideration in the House of Lords." The controversy is mostly over little things like, oh, (from the article) "Under the provisions of the RIP bill, the U.K. government -- specifically the Home Office and its head, the Home Secretary -- can demand encryption keys to any and all data communications with a prison sentence of two years for those who do not comply with the order."

In this episode of slashback, there's more on NanoStuff, censorship in various forms and venues, and further proof that the word "upstart" uttered or tapped in computer journalism regarding Linux is ever so much twaddle. You have been warned.

Sorry, but the print doesn't get any smaller. If the recent release of the Foresight Institute's nanotech guidelines intriguing to you, you might want to check out the new forum for nanotech advances and issues. bento writes: "From the press release: "I'm happy to report that one of Foresight's long-term goals -- to have a way to meet online that truly works -- is now a reality at http://nanodot.org. We think of this site as our daily newspaper -- all the news that's fit to "print" -- combined with a continual Nanoschmooze discussion. No login is needed to read the site." For those who are interested in nanotechnology's social and technological implications, this site should prove a great resource in finding out what's up in the field of nanotechnology."

One man's trash is other people's trash, too. psxndc writes: "FGNOnline has the scoop about the Interactive Entertainment Merchants Association unveiling new packaging options for PC Games at their annual conference. It brings up the point about games with large documentation not fitting into smaller DVD-type Keep Cases, but wasn't the digital revolution supposed to cut down if not eliminate the need for paper in the first place?? Most game-box contents are a jewel-cased CD, some docs, some ads, and a whole lot of unused space? Why?" Well, in the bad old days of the CD longbox (which are not that long ago), the most commonly cited reasons for the box of mostly-air were 1) the space is helpful for marketing purposes (pictures and blurbs and artwork, oh my!) and 2) everyone's favorite eupehmism for shoplifting, "shrinkage." Probably the same rules apply; game makers want to "stand out on the shelf." But if CDs can handle the switch, I bet games can, too.

How will the children survive? CuriousGeorge113 writes: "In a major decision today, a Federal Appeals Court has struck down COPA (The Children's Online Protection Act). According to this ACLU Press Release, a federal appeals court has deemed the law unconstitutional in nature and 'impossible to establish one "community standard" by which Internet speech could be governed.' You can also see the official court case here."

And in news that can only be called related ... Rude Turnip writes: "It looks like Mattel, one of the most despised toy companies discussed on Slashdot, is sellling off its notorious Cyber Patrol censorware. Cyber Patrol's parent company, The Learning Co., which is also owned by Mattel, is being sold off separately. Mattel said they would like to concentrate on their "core competency" of toys. The lucky buyer of Cyber Patrol is the British firm, JSB Software Technologies, PLC, who paid $100 million. With people like Jamie McCarthy out there fighting these purveyours of censorship and great sites like peacefire.org, I bet JSB will soon realize they paid just a little too much :-)" Maybe it's just not a sellers market; the article indicating that Cyber Patrol was to be sold went up a few months ago.

In six years, Tux will be driving. xannax writes: "I just bought a new IWILL VD133 motherboard, and after the usual setup and such, popped in the configuration cdrom - and was suprised to see a Linux kernel boot up on the monitor. When the cd boots, it gives users without an fdisk'ed partition a chance to make disks for board and chipset config; but the neat thing is the use of Linux for the cd. I mean, two years ago, when I wore my "Penguin Power" t-shirt, most of the attention I got was from hockey fans. But just as the logo on the shirt has faded from repeated washing, the exact opposite has happened to the visibility of the Linux OS; it's gone from hackers and nerds only to mainstream. Great to see a company with a reputation like IWILL use Linux in this fashion."

Come sirrah Jack Straw! MrM writes: "An IDG.net story on CNN says that in the face of increasing pressure from privacy groups, business groups and Internet service providers (ISPs), the U.K. government is backing away from some of the more controversial aspects of its e-mail surveillance bill currently under consideration in the House of Lords." The controversy is mostly over little things like, oh, (from the article) "Under the provisions of the RIP bill, the U.K. government -- specifically the Home Office and its head, the Home Secretary -- can demand encryption keys to any and all data communications with a prison sentence of two years for those who do not comply with the order."

Schnedt McWapt writes: "Oracle Says It Investigated Microsoft Allies. From the article: 'Oracle Corporation acknowledged today that it had hired a prominent Washington detective firm to investigate groups sympathetic to its archrival, the Microsoft Corporation, an effort that yielded documents embarrassing to Microsoft in the midst of its antitrust battle with the government.'" Myriad adds: "This apparently ties in with an earlier [CNN] report involving IGI and the failed purchase of Association for Competitive Technology office trash -- a group with ties to Microsoft. You can find the article on CNNfn here. I hate to say it, but would reactions be different if it was Microsoft who hired IGI against another company?"

Schnedt McWapt writes: "Oracle Says It Investigated Microsoft Allies. From the article: 'Oracle Corporation acknowledged today that it had hired a prominent Washington detective firm to investigate groups sympathetic to its archrival, the Microsoft Corporation, an effort that yielded documents embarrassing to Microsoft in the midst of its antitrust battle with the government.'" Myriad adds: "This apparently ties in with an earlier [CNN] report involving IGI and the failed purchase of Association for Competitive Technology office trash -- a group with ties to Microsoft. You can find the article on CNNfn here. I hate to say it, but would reactions be different if it was Microsoft who hired IGI against another company?"

Janthkin writes: "It seems the U.S. isn't going to allow MCI and Sprint to merge after all, so they WON'T be creating 'a telecommunications and Internet giant, one that would carry more data traffic than any other carrier and that would have left the U.S. long-distance market with only two major competitors instead of three.' (Text from the Standard story here). CNN coverage here." The U.S. side of the merger is not completely ruled out, but this seems a strong blow against it.

jamiefaye asks: "The San Jose Mercury News mentions that a digital signature bill has passed Congress by a lopsided margin of 426-4. Many states allow citizens to petition to pass laws through 'Citizens Initiatives' -- a process made difficult by the need to gather thousands of signatures on paper. Having digital signatures could make this much easier. What kind of legal changes can we expect if the somebody could throw up a Web page, attract attention, and pass a law? I would make telemarketers obey an 'opt-out list' for starters." Possibly, but this is one of the better ideas I've hear on the use of digital signatures. Thoughts? Update: 06/27 08:45 by C :Quite a number of you have pointed out that this bill is about Electric signatures and not Digital signatures as the story originally indicated. An electronic "signature" can be something as simple as clicking 'I agree' or pressing '1' on your phone. And now Congress wants such actions to be legally binding (Congress passed this unanimously, it was the House of Representatives that passed it by a vote of 426-4)? You can get more information by reading this analysis of the bill at Cryptome. This is not good. Also, the link to the above SJ Mercury article now seems to be invalid, but you can find more information on this from CNN. Thanks to all the folks who pointed this out, both in this discussion and by sending in submissions.

unigeek writes: "CNN -- Florida judge approves class-action lawsuit against America Online At issue: 'Pop-up' advertisements. A Florida judge has approved a class-action, multimillion-dollar lawsuit against the world's largest Internet service provider, America Online, on behalf of hourly subscribers who viewed so-called "pop-up" advertisements." I for one of dreamt of this day. It'll never win 'cuz you can turn them off of course, but it's pretty dang funny.

rit writes: "According to this CNN article, both The Human Genome Project and Celera Genomics, Inc., two groups who have been working on mapping the human genome, are scheduled to hold news conferences Monday in which they will announce the completion of the Human Genome. This should prove interesting, and makes me wonder: what will we do next?"

Lucius Lucanius writes "A smart gene that helps mice learn faster has been discovered. This follows recent discoveries about neuron generation in monkeys and the creation of doogie the smart mouse. Excitement abounds in the "smart pet" industry, but will it ever be applied to humans?"

blaine writes: "There is an interesting article at CNN regarding the differing policies towards privacy that the United States and most of Europe have. It details some of the disputes between the United States and Europe with respects to the United States not being as strict in enforcing online privacy."