Slashdot Mirror

According to a story on News.com, legal online gambling may return to the US. The ban, put into place last year, is now in jeopardy thanks to the efforts of folks like Barney Frank, the Democratic chairman of the House Financial Services committee. Frank is of the opinion that adults should police themselves for excessive gambling, and the government should stay out of their way. "Friday's hearing included witnesses from companies that process online payments. In general, they echoed the arguments once used in favor of ending alcohol prohibition and that are now being invoked to decriminalize marijuana: It's better to legalize, tax and carefully regulate an industry than let it flourish with far less oversight in the black market. Some countries already do just that. In the United Kingdom, for instance, Internet gambling is legal and strictly regulated. Some of the larger online casino operators are publicly traded on the London Stock Exchange. "

jhigh writes "Proposals to tax the Internet are gaining steam as state legislators see a giant pot of money just waiting to be dipped into. "At the moment, states and municipalities are frequently barred by federal law from collecting both access and sales taxes. But they're hoping that their new lobbying effort, coordinated by groups including the National Governors Association, will pay off by permitting them to collect billions of dollars in new revenue by next year.""

thejakebrain writes "Intel has built its 80-core processor as part of a research project, but don't expect it on your desktop any time soon. The company's CTO, Justin Rattner, held a demonstration of the chip for a group of reports last week. Intel will be presenting a paper on the project at the International Solid State Circuits Conference in San Francisco this week. 'The chip is capable of producing 1 trillion floating-point operations per second, known as a teraflop. That's a level of performance that required 2,500 square feet of large computers a decade ago. Intel first disclosed it had built a prototype 80-core processor during last fall's Intel Developer Forum, when CEO Paul Otellini promised to deliver the chip within five years.'" Update: 06/01 14:37 GMT by Z : This article is about four months old. We discussed this briefly last year, but search didn't show that we discussed in February.

Green Monkey writes "LiveJournal has been suspending accounts suspected of promoting incest — except that many of them were communities for survivors of abuse and people discussing Vladimir Nabokov's Lolita. Even after being informed of the problem, LiveJournal apparently refuses to reinstate the banned accounts. LiveJournal's official news blog has filled up with hundreds of complaints protesting the decision, so we could have another Digg-style user rebellion brewing." Update: 05/31 11:50 GMT by KD : strredwolf writes to let us know that in their offical blog LiveJournal admits to botching the suspension, saying "We made a mistake and now we are going to try to fix it."

An anonymous reader writes "In its annual report for the fiscal year ended October 31, 2006, Novell expressed concerns over how the new version of the GPL may affect their business. Microsoft might stop distributing Suse coupons if the GPL version 3 interferes with their agreement or puts Microsoft's patents at risk, ultimately causing Novell's business and operating results to be adversely affected."

thanksforthecrabs writes to let us know that the Linux-sponsored Indy 500 car had a rough day at the track this weekend: it was the first car to crash on the track and finished dead last. Joost sponsored a car that came in a respectable seventh.

An anonymous reader writes "News.com offers up an interview with Arbor Networks' senior security researcher Jose Nazario. He takes stock of the denial-of-service attack against the Baltic nation of Estonia, and considers the somewhat disturbing wider implications from the event. 'You look around the globe, and there's basically no limit to the amount of skirmishes between well-connected countries that could get incredibly emotional for the population at large. In this case, it has disrupted the Estonian government's ability to work online, it has disrupted a lot of its resources and attention. In that respect, it's been effective. It hasn't brought the government to a crippling halt, but has essentially been effective as a protest tool. People will probably look at this and say, That works. I think we're going to continue to do this kind of thing. Depending on the target within the government, it could be very visible, or it could not be very visible.'"

pcause writes "There has been a lot of talk recently about the need for programmers to shift paradigms and begin building more parallel applications and systems. The need to do this and the hardware and systems to support it have been around for a while, but we haven't seen a lot of progress. The article says that gaming systems have made progress, but MMOGs are typically years late and I'll bet part of the problem is trying to be more parallel/distributed. Since this discussion has been going on for over three decades with little progress in terms of widespread change, one has to ask: is parallel programming just too difficult for most programmers? Are the tools inadequate or perhaps is it that it is very difficult to think about parallel systems? Maybe it is a fundamental human limit. Will we really see progress in the next 10 years that matches the progress of the silicon?"

News.com ran an article earlier in the week talking about the somewhat strained relationship between newspapers and Google. Google's stance is firm: 'We don't pay to index news content.' Just the same, newspapers with an online presence are starting to reconsider their relationship with Google, the value of linking, and the realities of internet economics. Talk of paying for content, as well as ongoing court cases, has observers considering both sides of the issue: "While some in newspaper circles point to the Belgium court ruling and the content deals with AP and AFP as a sign Google may be willing to pay for content, Google fans and bloggers interpreted the news quite differently. To them, it was obvious that the Belgium group had agreed to settle--even after winning its court case--because they discovered that they needed Google's traffic more than the fees that could be generated from news snippets. Observers note that with newspapers receiving about 25 percent of their traffic from search engines, losing Google's traffic had to sting."

cnet-declan writes "State and local governments in Washington this week began an all-out lobbying push for the power to tax the Internet, according to our article at News.com. A new Senate bill would usher in Internet sales taxes, and the Federation of Tax Administrators (representing state tax collectors) advised senators at a hearing on Wednesday not to renew a temporary moratorium limiting broadband taxes that expires in November. One irked Republican senator warned that unless the moratorium is renewed, we could start seeing email taxes by the end of the year. Former House Majority Leader Dick Armey blames it on the Democrats taking over, as do Yahoo and eBay lobbyists. Is this a non-hoax version of bill 602P?"

cnet-declan writes "State and local governments in Washington this week began an all-out lobbying push for the power to tax the Internet, according to our article at News.com. A new Senate bill would usher in Internet sales taxes, and the Federation of Tax Administrators (representing state tax collectors) advised senators at a hearing on Wednesday not to renew a temporary moratorium limiting broadband taxes that expires in November. One irked Republican senator warned that unless the moratorium is renewed, we could start seeing email taxes by the end of the year. Former House Majority Leader Dick Armey blames it on the Democrats taking over, as do Yahoo and eBay lobbyists. Is this a non-hoax version of bill 602P?"

cnet-declan writes "State and local governments in Washington this week began an all-out lobbying push for the power to tax the Internet, according to our article at News.com. A new Senate bill would usher in Internet sales taxes, and the Federation of Tax Administrators (representing state tax collectors) advised senators at a hearing on Wednesday not to renew a temporary moratorium limiting broadband taxes that expires in November. One irked Republican senator warned that unless the moratorium is renewed, we could start seeing email taxes by the end of the year. Former House Majority Leader Dick Armey blames it on the Democrats taking over, as do Yahoo and eBay lobbyists. Is this a non-hoax version of bill 602P?"

Frequent Slashdot contributor Bennett Haselton gives the full-disclosure treatment to the widely known and surprisingly simple technique for finding treasure-troves of credit card numbers online. He points out how the credit-card companies could plug this hole at trivial expense, saving themselves untold millions in losses from bogus transactions, and saving their customers some serious hassles. Read on for Bennet's article.
Some "script kiddie" tricks still work after all: Take the first 8 digits of a standard 16-digit credit card number. Search for them on Google in "nnnn nnnn" form. Since the 8-digit prefix of a given card number is often shared with many other cards, about 1/4 of credit card numbers in my random test, turned up pages that included other credit card numbers, and about 1 in 10 turned up a "treasure trove" of card numbers that were exposed through someone's sloppily written Web app. If the numbers were displayed along with people's names and phone numbers, sometimes I would call the users to tell them that I'd found their cards on the Internet, and many of them said that the cards were still active and that this was the first they'd heard that the numbers had been compromised.

Now, before this gets a lot of people mad, let me say that at first I was planning on holding off writing about this for months if necessary, to give the credit card companies time to do something about it. In other words, I actually had the presumptuousness to think that I had been the first one to discover it, but only because the credit card numbers that I found were still active. (If the trick had been widely known, I reasoned, surely the credit card companies would have found any credit card numbers listed in Google before I did, and gotten them cancelled.) Then I found that the trick had been publicized about three years earlier in a C-Net article by Robert Lemos and was probably widely known even before that. (The article stops just short of describing the actual technique, but one reader posted the full details in a follow-up comment.) Another article from that year in CRM Daily describes an even more efficient trick: Googling for number ranges like 4060000000000000..4060999999999999 to find Visa card numbers beginning with "4060". Google has now blocked that trick, so that trying that as a Google search leads to an error page. But the basic technique of Googling for working credit card numbers, apparently still works. In other words, credit card companies have apparently known about this technique for at least three years, probably longer, and presumably have hoped it would continue being swept under the rug.

At this point, I think the right thing to do is to shine a light on the problem and insist that they fix it as soon as possible. It may result in a short-term spike in people using this technique, but if it results in the problem being fixed, then the total number of fraud incidents will probably be less in the long run.

It would be simple for companies like Visa, MasterCard, and Discover to take a list of the most common 8-digit prefixes, query for them every day on Google, and de-activate any new credit card numbers that were found that way. (American Express cards are apparently not vulnerable to this trick, because when their 15-digit card numbers are written with spaces, they are usually written in the format "3xxx xxxxxx xxxxx", and Googling for the first 10 digits as "3xxx xxxxxx" didn't yield anything in my random test of ten AmEx numbers. But this is still their problem too, since the searches that turn up "treasure troves" of card numbers usually include AmEx numbers as well.) A Perl programmer could write a script in one afternoon that could run through all the known 8-digit prefixes, parse the search results, and pick out any URLs that weren't listed as matches the day before. From there, the search results would have to be reviewed by a human, in order to spot any situations where one credit card number was exposed at one URL, and a slight variation on the same URL (such as varying an order ID number) would expose other credit card numbers as well, which was the case with several of the hits that I found. Simple, but time-consuming with so many different 8-digit prefixes -- but every minute of effort expended on tracking down and canceling leaked credit card numbers, would save time and grief later by preventing the numbers from being used by criminals. If it would save them time in the long run and help prevent fraud, then why don't they do this?

It's considered good etiquette among security researchers, when finding a new security hole, to give the affected companies a chance to fix the issue before publicizing it. When I first contacted the credit card companies and described exactly how the exploit worked and how to block it, after getting a polite "We can't comment" from each one, I figured I'd give them a few months to get a system in place that could find leaked cards on a daily basis and de-activate them before they could be used. But then I found the C-Net article from 2004, and figured that if the card companies hadn't taken action in three years, it was fair game to publicize the trick in order to increase the pressure on them to plug the gap. Of course, it's not the card companies' fault that these card numbers are leaked onto the Web; it's the fault of the merchants that allowed them to get leaked. But the credit card companies are the only ones who are in a position to do something about it.

I did try the "Good Samaritan" approach, calling the credit card companies when I found one of their customers' card numbers on the Web. For each of the four major card companies, I called their security departments and reported two of the cards that I had found compromised, and then a week later, called the cardholders themselves to see if the card companies had notified them. Surprisingly, of the four companies, American Express was the only one whose customers in this experiment, when I called them a week later, said that AmEx had contacted them and told them to change their numbers. But even if all four credit card companies were more proactive about acting on reports of leaked numbers, the problems with scaling this approach are that (a) I usually had to wait on hold for a few minutes with each company and then spell out each card number that I'd found, which doesn't scale for a large number of stolen card numbers, and (b) if lots of people started doing this, then the credit card companies would be inundated with duplicate reports about the "low-hanging fruit", card numbers with common prefixes that appear near the top of some Google search result. Both problems could be avoided if the card companies simply ran their own script that queried Google and brought up a list of any indexed card numbers, whereupon an employee could copy and paste the numbers into an interface that would flag the cards instantly.

Google does have a feature where you can request the removal of pages that contain credit card numbers and other personal data such as Social Security Numbers. Any pages that I found containing credit card data, I submitted for removal, and Google did handle each removal request within two days. But this doesn't guard against the possibility that someone might have found the credit card information before it was removed, and of course it doesn't mean that other search engines like Alta Vista (remember Alta Vista?) might not have indexed the same pages. Running a sample of 8-digit prefix searches on Alta Vista, I found about as many credit cards as I found through Google, including some pages that were not in the Google index (maybe Google never indexed them, or maybe they had removed them already). So removing a page from any engine's search results is more like covering up a symptom of a problem than fixing the problem itself, which is the fact that the card number was leaked to the Web in the first place.

If nothing else, this is another reminder of how terrible the security model is for credit card numbers as a token of payment -- one universal piece of information shared with every merchant, that can be used for unlimited unauthorized charges if it gets compromised, until someone notices. About the only desirable property of credit card numbers from a security point of view is that they can be changed, and most of your existing recurring billing relationships will carry over, but even that is a hassle. Several credit card companies do provide the ability to generate single-use credit card numbers, each one authorized only for a limited purchase amount. The problem with that is that as any security analyst will tell you, if it takes even one extra step, most people won't bother -- as long as all-purpose credit card numbers are the default, that's what most people will use. Perhaps incidents like this will push people towards more 21st-century-aware styles of payment (like PayPal, but without all the horror stories), where you can pay a bill through a system that debits your card or your bank account, without sharing all your information with the merchant.

But in the short term, as long as credit card numbers are still with us, the card companies should make more proactive efforts to find and deactivate the ones that have been leaked on the Internet. If the card numbers are found to be leaked by a clumsy Web interface on one company's site, then that company should be chastised by the card companies that issued them a merchant account. If the numbers are found together in a list posted on some third-party forum, then the companies can cross-reference the charge history against each card in the list, to narrow down which merchant may have been responsible for the leak. I'm sure the card companies do something like this already when they find a list of leaked cards; what they don't seem to be doing is acting aggressively enough to find the leaked numbers in the first place.

Maybe the real moral is not the insecurity of credit card numbers, but the value of transparency and online community relations. If MasterCard had been a hip company like Wikia, some volunteer probably would have discovered this attack very early, and another volunteer would have written an open-source tool to find and deactivate leaked MasterCard numbers automatically, and the problem would have been solved ten years ago. In fact many tech companies, if you report a security problem to them, will thank you and fix it immediately, and some of them will even offer you cash if you find any more, like Netscape used to do with their $1,000 Bugs Bounty program. We get so used to big companies having obvious holes in their security practices and answering every question about security with a flat "No comment", that we forget it doesn't have to be that way -- transparency is not just trendy, it works. After years of having bug hunters poke at the Netscape browser, the security may not have been perfect, but it didn't have any security holes that were as simple and obvious as to be analogous to finding credit card numbers on Google.

Frequent Slashdot contributor Bennett Haselton gives the full-disclosure treatment to the widely known and surprisingly simple technique for finding treasure-troves of credit card numbers online. He points out how the credit-card companies could plug this hole at trivial expense, saving themselves untold millions in losses from bogus transactions, and saving their customers some serious hassles. Read on for Bennet's article.
Some "script kiddie" tricks still work after all: Take the first 8 digits of a standard 16-digit credit card number. Search for them on Google in "nnnn nnnn" form. Since the 8-digit prefix of a given card number is often shared with many other cards, about 1/4 of credit card numbers in my random test, turned up pages that included other credit card numbers, and about 1 in 10 turned up a "treasure trove" of card numbers that were exposed through someone's sloppily written Web app. If the numbers were displayed along with people's names and phone numbers, sometimes I would call the users to tell them that I'd found their cards on the Internet, and many of them said that the cards were still active and that this was the first they'd heard that the numbers had been compromised.

Now, before this gets a lot of people mad, let me say that at first I was planning on holding off writing about this for months if necessary, to give the credit card companies time to do something about it. In other words, I actually had the presumptuousness to think that I had been the first one to discover it, but only because the credit card numbers that I found were still active. (If the trick had been widely known, I reasoned, surely the credit card companies would have found any credit card numbers listed in Google before I did, and gotten them cancelled.) Then I found that the trick had been publicized about three years earlier in a C-Net article by Robert Lemos and was probably widely known even before that. (The article stops just short of describing the actual technique, but one reader posted the full details in a follow-up comment.) Another article from that year in CRM Daily describes an even more efficient trick: Googling for number ranges like 4060000000000000..4060999999999999 to find Visa card numbers beginning with "4060". Google has now blocked that trick, so that trying that as a Google search leads to an error page. But the basic technique of Googling for working credit card numbers, apparently still works. In other words, credit card companies have apparently known about this technique for at least three years, probably longer, and presumably have hoped it would continue being swept under the rug.

At this point, I think the right thing to do is to shine a light on the problem and insist that they fix it as soon as possible. It may result in a short-term spike in people using this technique, but if it results in the problem being fixed, then the total number of fraud incidents will probably be less in the long run.

It would be simple for companies like Visa, MasterCard, and Discover to take a list of the most common 8-digit prefixes, query for them every day on Google, and de-activate any new credit card numbers that were found that way. (American Express cards are apparently not vulnerable to this trick, because when their 15-digit card numbers are written with spaces, they are usually written in the format "3xxx xxxxxx xxxxx", and Googling for the first 10 digits as "3xxx xxxxxx" didn't yield anything in my random test of ten AmEx numbers. But this is still their problem too, since the searches that turn up "treasure troves" of card numbers usually include AmEx numbers as well.) A Perl programmer could write a script in one afternoon that could run through all the known 8-digit prefixes, parse the search results, and pick out any URLs that weren't listed as matches the day before. From there, the search results would have to be reviewed by a human, in order to spot any situations where one credit card number was exposed at one URL, and a slight variation on the same URL (such as varying an order ID number) would expose other credit card numbers as well, which was the case with several of the hits that I found. Simple, but time-consuming with so many different 8-digit prefixes -- but every minute of effort expended on tracking down and canceling leaked credit card numbers, would save time and grief later by preventing the numbers from being used by criminals. If it would save them time in the long run and help prevent fraud, then why don't they do this?

It's considered good etiquette among security researchers, when finding a new security hole, to give the affected companies a chance to fix the issue before publicizing it. When I first contacted the credit card companies and described exactly how the exploit worked and how to block it, after getting a polite "We can't comment" from each one, I figured I'd give them a few months to get a system in place that could find leaked cards on a daily basis and de-activate them before they could be used. But then I found the C-Net article from 2004, and figured that if the card companies hadn't taken action in three years, it was fair game to publicize the trick in order to increase the pressure on them to plug the gap. Of course, it's not the card companies' fault that these card numbers are leaked onto the Web; it's the fault of the merchants that allowed them to get leaked. But the credit card companies are the only ones who are in a position to do something about it.

I did try the "Good Samaritan" approach, calling the credit card companies when I found one of their customers' card numbers on the Web. For each of the four major card companies, I called their security departments and reported two of the cards that I had found compromised, and then a week later, called the cardholders themselves to see if the card companies had notified them. Surprisingly, of the four companies, American Express was the only one whose customers in this experiment, when I called them a week later, said that AmEx had contacted them and told them to change their numbers. But even if all four credit card companies were more proactive about acting on reports of leaked numbers, the problems with scaling this approach are that (a) I usually had to wait on hold for a few minutes with each company and then spell out each card number that I'd found, which doesn't scale for a large number of stolen card numbers, and (b) if lots of people started doing this, then the credit card companies would be inundated with duplicate reports about the "low-hanging fruit", card numbers with common prefixes that appear near the top of some Google search result. Both problems could be avoided if the card companies simply ran their own script that queried Google and brought up a list of any indexed card numbers, whereupon an employee could copy and paste the numbers into an interface that would flag the cards instantly.

Google does have a feature where you can request the removal of pages that contain credit card numbers and other personal data such as Social Security Numbers. Any pages that I found containing credit card data, I submitted for removal, and Google did handle each removal request within two days. But this doesn't guard against the possibility that someone might have found the credit card information before it was removed, and of course it doesn't mean that other search engines like Alta Vista (remember Alta Vista?) might not have indexed the same pages. Running a sample of 8-digit prefix searches on Alta Vista, I found about as many credit cards as I found through Google, including some pages that were not in the Google index (maybe Google never indexed them, or maybe they had removed them already). So removing a page from any engine's search results is more like covering up a symptom of a problem than fixing the problem itself, which is the fact that the card number was leaked to the Web in the first place.

If nothing else, this is another reminder of how terrible the security model is for credit card numbers as a token of payment -- one universal piece of information shared with every merchant, that can be used for unlimited unauthorized charges if it gets compromised, until someone notices. About the only desirable property of credit card numbers from a security point of view is that they can be changed, and most of your existing recurring billing relationships will carry over, but even that is a hassle. Several credit card companies do provide the ability to generate single-use credit card numbers, each one authorized only for a limited purchase amount. The problem with that is that as any security analyst will tell you, if it takes even one extra step, most people won't bother -- as long as all-purpose credit card numbers are the default, that's what most people will use. Perhaps incidents like this will push people towards more 21st-century-aware styles of payment (like PayPal, but without all the horror stories), where you can pay a bill through a system that debits your card or your bank account, without sharing all your information with the merchant.

But in the short term, as long as credit card numbers are still with us, the card companies should make more proactive efforts to find and deactivate the ones that have been leaked on the Internet. If the card numbers are found to be leaked by a clumsy Web interface on one company's site, then that company should be chastised by the card companies that issued them a merchant account. If the numbers are found together in a list posted on some third-party forum, then the companies can cross-reference the charge history against each card in the list, to narrow down which merchant may have been responsible for the leak. I'm sure the card companies do something like this already when they find a list of leaked cards; what they don't seem to be doing is acting aggressively enough to find the leaked numbers in the first place.

Maybe the real moral is not the insecurity of credit card numbers, but the value of transparency and online community relations. If MasterCard had been a hip company like Wikia, some volunteer probably would have discovered this attack very early, and another volunteer would have written an open-source tool to find and deactivate leaked MasterCard numbers automatically, and the problem would have been solved ten years ago. In fact many tech companies, if you report a security problem to them, will thank you and fix it immediately, and some of them will even offer you cash if you find any more, like Netscape used to do with their $1,000 Bugs Bounty program. We get so used to big companies having obvious holes in their security practices and answering every question about security with a flat "No comment", that we forget it doesn't have to be that way -- transparency is not just trendy, it works. After years of having bug hunters poke at the Netscape browser, the security may not have been perfect, but it didn't have any security holes that were as simple and obvious as to be analogous to finding credit card numbers on Google.

Nichole writes "Sam Peterson II was charged with unauthorized use of computer access for using a coffee shop's free WiFi. He is facing a 5 year felony charge and a $10,000 fine but apparently got off lucky and received only a $400 fine and 40 hours of community service because he was a first time offender. 'it seems few in the village of Sparta, Mich., were aware that using an unsecured Wi-Fi connection without the owner's permission--a practice known as piggybacking--was a felony. Each day around lunch time, Sam Peterson would drive to the Union Street Cafe, park his car and--without actually entering the coffee shop--check his e-mail and surf the Net. His ritual raised the suspicions of Police Chief Andrew Milanowski, who approached him and asked what he was doing. Peterson, probably not realizing that his actions constituted a crime, freely admitted what he was doing ... [the officer] didn't immediately cite or arrest Peterson, mostly because he wasn't certain a crime had been committed.'"

grag writes "Cnet is reporting that the US Congress, in their quest for immigration reform, seeks to force employers to utilize a database to determine a person's eligibility for employment. The Department of Homeland Security would operate the database and would be given access to IRS records for this purpose. The article mentions similarities between this proposal and the no-fly list — and the expectation of similar difficulties the proposed database could pose to valid people seeking employment."

theodp writes "How do you replace your Chief Pretexting Officer? HP CEO Mark Hurd announced that Joel Hyatt, an individual of 'exceptional judgment and outstanding character,' has joined HP's Board of Directors, filling one of the seats vacated during last year's boardroom scandal. Hyatt, who drew the ire of a judge over the illegal, Philadelphia-like treatment of an attorney at Hyatt's namesake law firm who was diagnosed with AIDS, was also appointed to HP's HR and Compensation Committee. Presumably, the HP womenfolk won't hold it against Hyatt that he reportedly once advocated keeping alma mater Dartmouth female-free. Hyatt acknowledged making mistakes that he's learned from, but said he was not eager to share them."

drhamad writes "Apple stock dropped 2.2% today in mid-afternoon trading as Engadget published news based on a faked e-mail inside Apple. 'Apparently an internal memo was sent to several Apple employees--and forwarded to Engadget--around 9am CT today saying that Apple issued a press release with the news that the iPhone was now scheduled for October, and Leopard was delayed until January. About an hour and a half after that e-mail went out, a second e-mail was sent--this time officially from Apple--saying the first e-mail was a fake, and that the delivery schedule for the iPhone and Leopard had not changed.'"

cnet-declan writes "Attorney General Alberto Gonzales is asking Congress to make 'attempted' copyright infringement a federal crime. The text of the legislation as well as the official press-release is available online. Rep. Lamar Smith, a key House Republican, said he 'applauds' the idea, and his Democratic counterpart is probably on board too. In addition, the so-called Intellectual Property Protection Act of 2007 would create a new crime of life imprisonment for using pirated software in some circumstances, expand the DMCA with civil asset forfeiture, and authorize wiretaps in investigations of Americans who are 'attempting' to infringe copyrights. Does this go too far?"

C|Net is carrying an article looking into new technology MySpace is rolling out to combat user violation of copyright laws on their pages. Called 'Take Down, Stay Down', the service will attempt to ensure that once content is removed because of a complaint it can never be uploaded again. "Copyright owners have access to Take Down Stay Down free of charge, according to a release from MySpace. If the social-networking service receives a takedown notice regarding a copyrighted clip hosted through its MySpace Videos hosting service, MySpace's new feature will take a 'digital fingerprint' of the video and add it to a copyright filter that blocks the content from being uploaded again. '(It's) the ability to have a piece of content imprinted and put in a database so we can identify it,' said Vance Ikezoye, CEO of Audible Magic." The article goes on to discuss the problems YouTube is facing with the same issues, as well as recent investigations of this issue in the political arena.

Romer!can writes "C|Net Editor Michael Kanellos offers a potentially contentious opinion piece about patents and copyright on the CNet site. Highlights of the fairly biased piece include: a cheap shot dismissing open source projects as existing only to act as a foil for Microsoft, blatantly equating copyright infringement with stealing, and an embarrassing failure to even casually mention the current term lengths of patents and copyrights as a driving factor behind popular dissatisfaction. Instead, he wades through obscure humor and emotional appeals characterizing patent trolls as the guy next door. 'Nearly every so-called [patent] troll turned out to have a somewhat persuasive story. Intellectual Ventures, a patent firm started by former Microsoft chief scientist Nathan Myhrvold, was staffed with fairly renowned scientists who didn't fit the profile of people trying to make a quick buck in court. Another man, criticized as one of the most litigious people in the U.S., had a great explanation for his behavior. He had only sued people who had signed--and then violated--nondisclosure agreements.'"

georgewilliamherbert writes "CNet has the news that EA is reporting a slight loss for the quarter. It expects profits for the year to fall short about ten cents, hitting a high of $1.20 as opposed to the expected $1.31. The company's share price was down 3% in extended trading yesterday. The reason for these adjustments? EA reluctantly announced that Spore has been delayed until Q2 2008. ' Redwood City, Calif.-based Electronic Arts said it taken out Spore, a game where players build organisms from scratch, from its financial projections for the fiscal year ending in March 2008, adding that the game could be delayed until fiscal 2009. In the fourth quarter ended March 31, the company said its net loss widened to $25 million, or 8 cents per share, from $16 million, or 5 cents, in the year-earlier period. Excluding items, the company earned 6 cents per share versus 14 cents in the year-earlier period.'" From a technology perspective, this thing seems at least as complicated as some Massive games; makes perfect sense it would take about as long to build this title as a game in that genre.

Adroit Ape asks: "The FCC is scheduled to begin auctioning the radio spectrum salvaged from analog television by February 28, 2008. Public interest groups are calling for auction rules that give new entrants a fair shot at the spectrum, which includes 60Mhz in the 700Mhz band. Are we likely to see groundbreaking innovation in wireless broadband? Who do you foresee to be the major players in the auction and subsequent technologies?"

cnet-declan writes "If you don't like the idea of a federalized ID card, you have only have an hour left to let Homeland Security know your thoughts: the deadline to file comments on the Real ID Act is 5:00 pm EDT on Tuesday. Probably the best place to do that is a Web site created by an ad hoc alliance called the Privacy Coalition (they oppose the idea, but if you're a big Real ID fan you can use their site to send adoring comments too). Alternatively, Homeland Security has finally seen fit to give us an email address that you can use to submit comments on the Real ID Act. Send email to oscomments@dhs.gov with 'Docket No. DHS-2006-0030' in the Subject: line. Here's some background on what the Feds are planning."

cnet-declan writes "If you don't like the idea of a federalized ID card, you have only have an hour left to let Homeland Security know your thoughts: the deadline to file comments on the Real ID Act is 5:00 pm EDT on Tuesday. Probably the best place to do that is a Web site created by an ad hoc alliance called the Privacy Coalition (they oppose the idea, but if you're a big Real ID fan you can use their site to send adoring comments too). Alternatively, Homeland Security has finally seen fit to give us an email address that you can use to submit comments on the Real ID Act. Send email to oscomments@dhs.gov with 'Docket No. DHS-2006-0030' in the Subject: line. Here's some background on what the Feds are planning."

El Lobo writes "The Mono open-source project will create a Linux version of Silverlight by the end of year, said Miguel de Icaza, a Novell vice president and head of Mono. Asked about plans for Linux, Microsoft executives have been non-committal, saying that it will depend on demand. But de Icaza, who is attending Mix, was able to commit without hesitating."

kotj.mf writes "Cnet is reporting that Dell will shortly announce a partnership with Canonical to offer Ubuntu pre-loaded on certain consumer-oriented desktops and notebooks. The announcement comes after a groundswell of support for pre-installed Linux on Dell's IdeaStorm site. 'The company is starting its business by trying to appeal to users of desktop computers. From there, Canonical Chief Executive Mark Shuttleworth has said, the company plans to head to the server market, where the real Linux bread and butter can be found. [Dell spokesman Kent] Cook wouldn't comment on whether Dell plans to offer Ubuntu on its servers as well.'."

C|Net passes on the words of Forrester analyst James McQuivey, who lambasts Sony for failing to live up to the opportunity the PSP presented. Though the handheld has certainly been doing better of late, it's hard not to point out that the PlayStation Portable's sales numbers flag in the face of the DS's incredible popularity. McQuivey also makes a point of stating how well the system could have done at taking a slice of Apple's death-grip on the downloadable media market. "'The thing is, Sony could have been all this,' McQuivey said. 'The Sony PSP is one of the best portable entertainment media devices that anyone has come up with in years. It has a relatively big screen, plays video beautifully, has good storage and audio. It could have been the first big mobile carrier for TV shows and movies.' Instead, the mobile-video play of one of the world's largest electronics companies is straggling behind Apple, has shaken the confidence of supporters--especially in Hollywood--and added to the woes of CEO Howard Stringer."

An anonymous reader writes "C|Net is reporting on some trouble Google is having integrating DoubleClick into their family of products. External problems, like antitrust allegations and privacy concerns, are bad enough. The worst problems might come from within, though, as a division within DoubleClick was essentially created to game the very systems the Google search engine is founded on. '"Google is treading in dangerous waters right now," writes Ross Dunn of WebProNews.com. Google's search results "are supposed to be unbiased and highly relevant," but with Performics, "Google is put into the conflicted position of trying to generate profits by providing result-oriented organic ranking services for its own unbiased organic search results." The worry, in other words, is that Google's search results could be compromised by operating a division with an interest in skewing those results in favor of clients.' The article goes on to say how this Performics division is likely to be sold off to make sure everything stays above board."

GoIBMPS3 writes "Soon the powerful 'Cell' microprocessor that fuels Sony's PlayStation 3 console will be available in IBM mainframe computers. The intent is to allow high-performance machines to run complex online games and virtual worlds. 'The integration initially will be accomplished by networking the mainframe with IBM's Cell blades, but eventually the Cells will be plugged more directly into the mainframes via PCI adapter cards, IBM said. It's the latest twist in IBM's years-long effort to keep mainframes not only relevant but also cutting-edge. IBM is touting the partnership as an example of hybrid computing--a trend sweeping the high-performance computing industry as companies augment general-purpose servers with special-purpose chips that to accelerate particular tasks.'"

An anonymous coward writes "MySQL, purveyor of the open-source database of the same name, is on the road to becoming a publicly traded company, bolstered by $50 million in revenue in 2006. "It's still in the pipeline," Chief Executive Marten Mickos said of the plan to hold an initial public offering of his company's stock. He declined to discuss when the company planned to go public, but said, "We're making good progress, doing all the things we need to get done.""

Ken Erfourth writes "The Inquirer.net is running a story about what they consider two powerful indications that Vista is failing in the marketplace. One, Dell has reintroduced PCs running Windows XP on its website due to customer demand. Two, Microsoft is conducting a worldwide firesale on a bundle of Microsoft Office 2007/WindowsXP Starter Edition. According to Inquirer.net, at least, these are signs of serious problems selling Vista. Are we seeing the stumbling of the Microsoft Juggernaught with the slow adoption of Windows Vista?"

Ken Erfourth writes "The Inquirer.net is running a story about what they consider two powerful indications that Vista is failing in the marketplace. One, Dell has reintroduced PCs running Windows XP on its website due to customer demand. Two, Microsoft is conducting a worldwide firesale on a bundle of Microsoft Office 2007/WindowsXP Starter Edition. According to Inquirer.net, at least, these are signs of serious problems selling Vista. Are we seeing the stumbling of the Microsoft Juggernaught with the slow adoption of Windows Vista?"

An anonymous reader writes "When CPU manufacturers ran up against the power wall in their designs, they announced that 'the Gigahertz race is over; future products will run at slower clock speeds and gain performance through the use of multiple cores and other techniques that won't improve single-threaded application performance.' Well, it seems that the gigahertz race is back on — a CNET story talks about how AMD has boosted the speed of their new Opterons to 3GHz. Of course, the new chips also consume better than 20% more power than their last batch. 'The 2222 SE, for dual-processor systems, costs $873 in quantities of 1,000, according to the Web site, and the 8222 SE, for systems with four or eight processors costs $2,149 for quantities of 1,000. For comparison, the 2.8GHz 2220 SE and 8220 SE cost $698 and $1,514 in that quantity. AMD spokesman Phil Hughes confirmed that the company has begun shipping the new chips. The company will officially launch the products Monday, he said.'"

EMB Numbers writes "Shane Macaulay just won a MacBook as a prize for successfully hacking OS X at CanSecWest conference in Vancouver, BC. The hack was based on a Safari vulnerability found by Dai Zovi and written in about 9 hours. CanSecWest organizers actually had to relax the contest rules to make the hack possible, because initially nobody at the event could breach the computers under the original restrictions. 'Dai Zovi plans to apply for a $10,000 bug bounty TippingPoint announced on Thursday if a previously unknown Apple bug was used. "Shane can have the laptop, I want the money," Dai Zovi said in a telephone interview from New York. TippingPoint runs the Zero Day Initiative bug bounty program.'"

An anonymous reader wrote with an article at ZDNet, discussing further implications of their patent cross-licensing initiative. With options already in place with Fuji Xerox, the company is now signed up with Samsung as well. From Samsung's perspective, it is simple: these deals ensure it can sell products using Linux without facing a suit from the Redmond-based corporation. "The notion that customers and businesses need Microsoft's legal go-ahead to run Linux has been controversial for some time, with the issue rising to the surface last November after Microsoft reached an accord with Linux vendor Novell. Novell has since taken issue with Microsoft's assertion that the deal represents an acknowledgment that Linux infringes on Microsoft patents."

marct22 writes "Stephen J Dubner, co-writer of 'Freakonomics' said there will be a second Freakonomics book. One of the items that will be covered is capuchin monkeys' use of washers as money, buying sweets, budgeting for favored treats over lesser treats. He mentioned that one of the experiments had similar outcomes as a study of day traders. And lastly, he watched capuchin prostitution!"

phalse phace writes "With so many consumers still asking for Windows XP to be loaded on Dell's consumer level PCs, the PC maker has finally decided to offer that as an option. 'Like most computer makers, Dell switched nearly entirely to Vista-based systems following Microsoft's mainstream launch of the operating system in January. However, the company said its customers have been asking for XP as part of its IdeaStorm project, which asks customers to help the company come up with product ideas. Starting immediately, Dell said, it is adding XP Home and Professional as options on four Inspiron laptop models and two Dimension desktops.' The Dell models with the Windows XP option are: Dell Inspiron 1405, 1705, 1505, and 1501; and Dell Dimension E520 and E521."

Brian writes "According to CNET and others, "A system failure at Research In Motion has affected BlackBerry users in the Western Hemisphere, a news channel reported on its Web site late on Tuesday. The infrastructure failed on Tuesday night, and e-mails were not being delivered to the handheld devices.""

A number of readers (some from the audience at Web 2.0 Expo) wrote to let us know that Google is adding presentations to their Docs and Spreadsheets package. With the announcement the company revealed that they have purchased Tonic Systems to help with the new presentation software. It's expected to be ready by summer. Google's CEO Eric Schmidt was asked if Docs and Spreadsheets will compete with MS Office, and he said, "We don't think so. It doesn't have all the functionality, nor is it intended to have the functionality of products like Microsoft Office."

cnetfeed writes "Google CEO says an automated system will soon be available to track pirated content and prevent it from being uploaded to video sharing site. The system was supposed to be rolled out as early as last October, and the long delay in brining the technology online has resulted in ill will from companies like NBC and Viacom. 'Network executives accused Google of stalling so YouTube could reap the big traffic that professionally-created shows generate. Viacom filed a $1 billion lawsuit against Google last month and accused Google of massive intentional copyright infringement. "Ah Viacom," [CEO Eric Schmidt] Schmidt said. "You're either doing business with them or being sued by them...we chose the former, but ended up the latter." Schmidt took the opportunity to poke fun at Microsoft's assertion that Google's pending acquisition of DoubleClick may be a threat to fair competition. Other companies, including Yahoo and AT&T have also asked regulators to review the transaction closely.'"

An anonymous reader writes "C|Net has a story about the value of aging computer hardware, and the subculture of people who collect them. The story details some of the more enthusiastic collectors currently participating in the hobby, as well as their old-school beautiful hardware. '[Sellam Ismail] recently brought a quarter century-old Xerox Star computer back to life to be used as evidence in a patent lawsuit. The pride of his collection is an Apple Lisa, one of the first computers (introduced in 1983) with a now standard graphical interface. Such items sell for more than $10,000. In an old barn in Northern California that also houses pigs, Bruce Damer, 45, keeps a collection that includes a Cray-1 supercomputer, a Xerox Alto (an early microcomputer introduced in 1973) and early Apple prototypes. '

prostoalex writes "Fed up with numerous violations of tax law by individuals and businesses selling goods on eBay, Amazon Marketplace, uBid.com, etc., IRS is pushing Congress to make online marketplaces responsible for reporting the sales information to the tax man, in order to prevent under-reporting of the income. eBay's 'own statistics suggest that there are 1.3 million people around the world who make their primary or secondary source of income through eBay, with just over 700,000 in the United States', News.com says." How long before the same fate befalls the folks who make a living working the Massively Multiplayer secondary markets?

Federal regulator Mark Pryor, in a Senate Commerce Committee hearing, has stated that spyware distributors should face harsher penalties than fees. His solution: imprisonment. "Federal Trade Commissioner William Kovacic said most wrongdoers in the spyware arena 'can only be described as vicious organized criminals. Many of most serious wrongdoers we observed in this area, I believe, are only going to be deterred if their freedom is withdrawn,' so it's important for the FTC to collaborate on its cases with criminal law enforcement authorities, Kovacic said."

terrymr writes "The Court of Appeals for the federal circuit has stayed the injunction against Vonage pending their appeal." The appeals judge agreed with Vonage's argument that the amount of consumer churn that Vonage or any telco suffers from would surely mean disaster for their bottom line, were they denied an influx of new customers.

mikesd81 writes "Over at C|Net there is an article about Michigan spending $38 million to distribute an iPod to every kid, for learning purposes. From the article: 'On Thursday, House Democrats delivered a spending bill that includes the idea of putting $38 million worth of public funds toward outfitting every student with a digital music player.' The plan included measures to tax soda and satellite TV services to pay for it, among other things, to raise funds. If you recall, Duke University tried something like this with mixed results. How financially strained will Michigan residents feel about paying higher taxes to buy someone else's kid an iPod?"

mikesd81 writes "Over at C|Net there is an article about Michigan spending $38 million to distribute an iPod to every kid, for learning purposes. From the article: 'On Thursday, House Democrats delivered a spending bill that includes the idea of putting $38 million worth of public funds toward outfitting every student with a digital music player.' The plan included measures to tax soda and satellite TV services to pay for it, among other things, to raise funds. If you recall, Duke University tried something like this with mixed results. How financially strained will Michigan residents feel about paying higher taxes to buy someone else's kid an iPod?"

The Webguy wrote to mention a C|Net article talking about Google's newest toy - Local Voice Search. The service is dirt simple: you call a 1-800 number and, via voice recognition software, say the category of business you're trying to reach. You can also try for a specific name, though the C|Net blogger had some problems with that. The Google Blog has been updated with details as well: "Google Voice Local Search lets you search for local businesses from any phone and for free. If you're in the US, call 1-800-GOOG-411 and say what you want to find. Here are some of the features -You can find a business listing by category. Just say "pizza," for example. You can send the listing details to your mobile phone via SMS. The service is fully automated, so it doesn't rely on human operators. It connects you directly to the business, free of charge."

BillGatesLoveChild writes "CNET reports VeriSign has made its move, increasing domain name prices by 7%. From October 15 2007, .com domains will now cost $6.42 (up from $6) and .net domains $3.85 per annum. ICANN had previously voted to support the increase. Despite annual income of $323.4M from .com domain names alone, VeriSign claims it needs the increase to provide "a high level of security and reliability for .com." This increase comes in the face of complaints by customers, registrars and senators alike that VeriSign is abusing its ICANN monopoly. Yet the furrowed brows and promises of senators of investigations have come to nothing, even though the only people seemingly in favor of the monopoly are ICANN and VeriSign. With complaints about the pair running back to 2002, what can we the public do to get our elected representatives to take the great domain name ripoff seriously?"

BillGatesLoveChild writes "CNET reports VeriSign has made its move, increasing domain name prices by 7%. From October 15 2007, .com domains will now cost $6.42 (up from $6) and .net domains $3.85 per annum. ICANN had previously voted to support the increase. Despite annual income of $323.4M from .com domain names alone, VeriSign claims it needs the increase to provide "a high level of security and reliability for .com." This increase comes in the face of complaints by customers, registrars and senators alike that VeriSign is abusing its ICANN monopoly. Yet the furrowed brows and promises of senators of investigations have come to nothing, even though the only people seemingly in favor of the monopoly are ICANN and VeriSign. With complaints about the pair running back to 2002, what can we the public do to get our elected representatives to take the great domain name ripoff seriously?"