Slashdot Mirror

WebHostingGuy writes "The State of Maine rejected the federally mandated ID cards passed by Congress. In a non-partisan vote the legislature flatly stated that they would not force its citizens to use driver's licenses that comply with digital ID standards, which were established under the 2005 Real ID Act. It also asked Congress to repeal the law."

XenoPhage writes "Yet again, Diebold has shown their security prowess. This time they posted, on their website, a picture of the actual key used to open all of their Diebold voting machines. Ross Kinard of Sploitcast crafted three keys based on this photo. Amazingly enough, two of the three keys successfully opened one of the voting machines. But fear not, Diebold has removed the offending picture, replacing it with a picture of their digital card key. Take that, hackers!"

Regular Slashdot contributor Bennett Haselton wrote in with a story about the DMCA. He starts "On January 16, a man named Guntram Graef who invoked the Digital Millennium Copyright Act to ask YouTube to remove a video of giant penises attacking his wife's avatar/character in the virtual community "Second Life", retracted the claim and stated that he now believes the video was not a copyright violation. (He had sent similar notices to BoingBoing and the Sydney Morning Herald just for posting screen shots of the video.) His statements in a C-Net interview suggest that he didn't mean to alienate the anti-censorship community and was probably angry over what he saw as a sexually explicit attack on his wife. But the event sparked renewed debate over the DMCA and what constitutes abuse of it. I sympathize with Graef and I admire him for admitting an error, but I still think the incident shows why the DMCA is a bad law." Hit that link below to read the rest of his story.

The DMCA is known mainly for its two most controversial provisions: the ban on technology to circumvent copyright restrictions, and the procedures by which ISPs must respond to "take down" notices if a third party claims that one of the ISP's users is violating their copyright. The first of these, I am opposed to in principle; the second, I am not opposed to in principle but I think is too easy to abuse in practice -- because I think incidents like the Graef case and my own limited court experience in related areas has suggested that the protections against DMCA-type abuses are very weak.

First, I'm against the anti-circumvention provision in principle because I agree with the position espoused by the EFF that computer code is protected under the First Amendment, even if some uses of that computer code may be illegal. After all, at one point a U.S. court even ruled that a manual for carrying out murders as a hit man was protected speech! That ruling was overturned on appeal, and the case was settled out of court before a final decision was ever reached, but still -- given that a handbook for killing people was considered free speech by at least one court, it's a bit of a stretch to think that a DVD-copying program should be given less protection. Just because X is illegal does not mean that tools or instructions for doing X should also be illegal.

With regard to the second provision, I'm not against requiring ISPs to take down infringing material on receipt of a notice from the copyright holder. But in practice there are two avenues for abuse here: (a) the party sending the take down notice can make statements that are not technically false, but which have the effect of persuading the ISP to take the material down, or (b) the party sending the take down notice can simply lie -- because the truth is that in too many cases, false statements made "under penalty of perjury" are not prosecuted, or even noticed, by the courts.

The EFF has already done a good job documenting abuses under the DMCA, and I'm not going to repeat all of that here. My argument is that these are not just temporary problems with a relatively new law, but rather that the abuses are the result of realities that won't change any time soon: ISPs being too busy to look closely at every complaint, and courts being too busy to go after everyone who violates court rules to get what they want. And thus it does no good to say that the DMCA would be fine if only enforcement actually got done properly instead of the ham-handed way it's been carried out so far, because that's not going to happen.

As I said, I think that if you have a bona fide case against a party, there's nothing wrong with taking action against them that would otherwise be considered a violation of their privacy and other rights. I've never sent a DMCA take down notice myself, but I've been involved in court cases in which I asked the judge to sign an order requiring a third party to turn over information about someone that was pertinent to the case. I don't consider that an abuse of the system, if the information you're after is relevant.

I realize this may separate me from some fellow privacy advocates, and some of the things I've done may make them uncomfortable. In one case, I had invited a girl to a charity luncheon where the tickets were $100 apiece, and when she showed up she had "forgotten her checkbook" and needed to borrow the money... Now, don't get ahead of me... Later, in what will not come as a huge spoiler to my fellow male Seattle residents, she apparently decided that, being a non-overweight, non-single-Mom, non-sexually-repressed girl in a city full of rich single guys, she was under no obligation to pay me back, and said, "Go ahead and sue me". Anyone who knows about my sideline taking spammers to court would tell you, it is not a terrifically smart move to say to me, "Go ahead and sue me". So, since I was going to be at the courthouse for an upcoming case against a spammer, I figured, why not, and filled out a Small Claims form with the defendant's address listed as "to be determined", since all I had was her cell phone number. Then I asked the judge to sign an order asking T-Mobile to give me the rest of her information so I could serve the papers on her. The judge signed it, I mailed it off to T-Mobile, and three weeks later T-Mobile sent me a letter containing her address, where I had the papers served. Most people don't know it's possible to do this just in a case where someone owes you $100 and all you have is a phone number, but that's just because a lawyer would never bother with such a small case, and most non-lawyers don't know the option exists -- and of course, it also depends on the judge, who may or may not sign the order.

(In that vein, people always ask me, is that sort of thing really worth the time? In this case, since I was going to be at the courthouse anyway, the extra time to write the motion, get it signed, and mail it off, was less than 30 minutes. But I was mainly curious about whether or not it could be done, and how much privacy protection there really is under the law, and knowing that was worth more to me than the $100 anyway.)

So I don't think it's unethical to request such information if you have a genuine case against a party. But while I don't think that what I did constitutes abuse of the system, I think it clearly shows how the system could be abused. Nobody checked my ID when I filed the case or asked the judge to sign the subpoena; I could have been anybody, and I could have disappeared once I had the information. (I had T-Mobile mail it to my address, but I could have just as easily had them mail it to the court, and then gone down and asked to look at the court file.) DMCA opponents should be aware that even without the DMCA, privacy protections are not as great as most people probably think they are.

As a result, I'm especially nervous about laws that enable abuse based on copyright assertions, because almost all of the legal threats we've ever received at Peacefire were based on what I considered to be bogus "copyright" claims. In 1997 we published a program that you could run on any computer with CYBERsitter blocking software installed, and it would decrypt the file that stored CYBERsitter's "secret" blocked-site list, and print it out in plain text. The CEO of CYBERsitter claimed that we were "violating every intellectual property law ever written" and sent threatening notices to our ISP demanding that they remove the program. I argued that every byte of the decryption program was our original work, so it didn't violate their copyright. In fact, it didn't even enable violations of their copyright, because it didn't make it any easier for someone to distribute illegal copies of their program, and I also said the decryption program served a worthwhile purpose by allowing customers or potential customers to see what the program really blocked. (Although to me, the enabling issue and the "worthwhile purpose" issue were secondary to the primary point, that original works of computer code should be protected by the First Amendment.) Fortunately our ISP stood their ground, but if the DMCA had existed back then, CYBERsitter could have invoked it, and possibly the extra pressure might have caused our ISP to back down. (Blocked-site-decryption programs were originally exempt from the DMCA as a result of the decision of the Copyright Office, but that exemption was revoked in 2006 because nobody had written a new decryption program in three years.)

So that was an example of how a company could intimidate an ISP into taking down material, without technically lying about the situation, but tacking on the words "copyright violation" and hoping the ISP would capitulate. What about cases where the sender of a DMCA take down notice just lies?

The Dutch activist group Bits Of Freedom conducted an experiment in 2004, in which they signed up with 10 different ISPs and posted a copy of a work that was clearly labeled with a notice that the author had died 100 years ago and the copyright had expired. Then they sent fake "complaints" to all 10 ISPs from an anonymous Hotmail address. 7 of the 10 ISPs removed the content immediately, and one even replied to give the personal details of the account holder, without being asked to do so. So completely fictitious complaints do apparently work. The DMCA does more protection than that because it requires the complainer to make a copyright claim "under penalty of perjury". But how much assurance does that really provide?

No one has yet tried to get our site shut down with a copyright claim or other accusation that was simply made up out of whole cloth. But my experiences in other areas have left me without much confidence in statements that are made "under penalty of perjury". The times I've been to court against spammers, I usually get to watch a few other Small Claims cases being tried. Probably at least once every time that I've been there, it's come to light that some party in a case said something that they almost certainly knew was not true, and I've never seen a judge do anything about it -- and court employees who have been there much longer have said they've never seen it happen either. (Judges are far more likely to get upset about people speaking out of turn. It's OK to lie, as long as you do it while the judge isn't talking!) It's true that Small Claims court is for resolving small matters, but lying under oath in Small Claims court is still a felony, punishable at least in theory by up to 10 years in jail. (And in any case, lawyers have told me that even in higher-level courtrooms, most false statements don't get anyone in big trouble. High-profile cases like Martha Stewart are the exception.) I don't think that everyone who lies under oath should go to the big house for 10 years. But I have no faith in the DMCA just because it requires accusatory statements to be made "under penalty of perjury", when judges usually let false statements under oath go completely unnoticed.

I doubt that a lawyer would risk their career and even their freedom to make up a completely fraudulent DMCA claim against us, such as claiming a page on our site was a ripoff of something originally produced by their client. But I don't think it's out of the realm if possibility that a lawyer would claim that, for example, a parody of one of their logos that appeared on our site, was a "copyright violation" -- even though the company would almost certainly be advised by their lawyer that such parodies are protected speech, which means their statement would constitute perjury, but it would probably never be punished.

The low point of my own confidence in the enforcement of anti-perjury laws, came when I sued a spammer who appeared in court and claimed that he had absolutely no knowledge of the spam being sent, and had never accepted any orders for spamming of any kind, while the judge, who appeared to hate anti-spam cases even more than most judges did, kept haranguing me for suing a clearly "innocent" person. I then played a recording of a conversation that I had with the spammer over the phone, pretending to be an interested customer (with a disclaimer played at the beginning of the call saying that it could be recorded, in order to make the taping legal), in which he said, among other things:

"I mean, we have all their information to back up any email we send them. If we have their ISP information, we can prove that they've given it out, because you can't get someone's ISP unless they've given it to somebody." [sic -- he meant "get someone's e-mail address", although the statement is still wrong]

"Do you already have your creatives and everything? So I've just got to upload what you have and just blast it out?" [note: "creatives" are copies of ads that sent out for you by advertisers and spammers]

"It's a United-States-based company but they pump everything through China and then it comes back to the United States."

The judge appeared very flustered at that point and started accusing me of "entrapment" (which was backwards -- I'd never heard of the spammer until he spammed me first, and then I called him afterwards, just to get evidence that he was in the spamming business in case he showed up in court and denied it). Since she claimed it was entrapment, I still lost and the spammer walked out home-free, without the judge ever even commenting on the questionable veracity of the statements he had made at the beginning. And that is all the protection that exists in the real world against people making false statements "under penalty of perjury".

The point is that when reading the wording of a proposed law, there's a temptation to think that the scenario described is exactly how the law will play out when it's enforced (see the "Alice, Bob and Charlie" scenario in the Wikipedia entry on the relevant section of the DMCA), and that anyone who deviates from the rules will be punished. But my narrow experience in court, in an area unrelated to the DMCA, taught me some things that several lawyers, with sad smiles, have confirmed to be true throughout the law: (a) judges will do what they want; (b) even if judges do sincerely want to follow the law, they're unlikely to agree on what it says; and (c) courts don't have the will or the time to chase down every person who violates the rules.

Don't judge a law by what it says will happen. Judge it by how it will play out if more than half of the steps in the process get screwed up. Guntram Graef apparently wasn't even trying to do anything dishonest when he got a video removed from YouTube on the basis of copyright claims that turned out not to be valid. Imagine how much abuse is possible when you're gaming the system on purpose.

Several readers wrote in to let us know that Wal-Mart is planning to buy SUSE Linux vouchers from Microsoft in the course of building out its infrastructure. These are the support vouchers that Microsoft must distribute to hold up its end of the bargain with Novell. Wal-Mart has been a customer of Red Hat Linux. CBR Online notes that the deal is not entirely unexpected because Microsoft's COO, Kevin Turner, is the former CIO of Wal-Mart.

theodp writes "A week before the release of Vista, Microsoft is expanding its fight against software piracy with a new educational effort that includes comics. Making its U.S. debut Monday, the Genuine Fact Files campaign aims to make Microsoft's message more accessible to a broader audience. BTW, Vista's Software Protection Platform (SPP) can put unvalidated copies of the software into a reduced-functionality mode. From the article: 'Microsoft plans to draw attention to it through banner ads on its Web sites and promotional material that it will hand out through partners. By using comics, the company aims to make the message more accessible to a broader audience. They are black and white, in a style similar to newspaper comics.'"

ffejie writes "Verizon has announced that it will be spinning off rural assets to FairPoint Communications. These include all assets in the states of Maine, New Hampshire, and Vermont. The deal will close sometime in 2007 and is worth $2.7 billion. 1.6 million phone lines, 234,000 DSL subscribers, and 600,000 long-distance customers will be moved to FairPoint in Verizon's effort to shed its low-margin lines in rural areas. The sale has been rumored since the summer at least. With Verizon aggressively rolling out high-speed FiOS (FTTP) in its service area, what will happen to the consumers stuck with a smaller telco like those moving to FairPoint?"

Knytefall writes "Joe Biden, Dianne Feinstein, and two GOP senators are sponsoring a bill called the PERFORM Act that would require podcasts with music and satellite radio to be locked-up with music industry-approved DRM software. From the article: 'All audio services — Webcasters included — would be obligated to implement "reasonably available and economically reasonable" copy-protection technology aimed at preventing "music theft" and restricting automatic recording.'"

sproketboy writes "Sun Microsystems has released an alpha version of a new programming language called Fortress to eventually replace Fortran for high performance scientific computing tasks. Fortress was designed specifically for multi-core processors and is published under the BSD license."

eldavojohn writes "The Month of Apple Bugs (MOAB) is well under way with a startling bug released Monday. From the description: 'Application Enhancer (APE) is affected by a local privilege escalation vulnerability which allows local users to gain root privileges.' APE is the same software used to deploy fixes during 'The Month of Apple Fixes' (MOAF). I know it's confusing but MOAB came first and MOAF was a developer's answer to the bugs — after all, the purpose of posting bugs is to have them identified, confirmed and eradicated. The article talks about potential remote root access by an intruder. Note that this is third party software that all of the bugs seem to be stemming from. I guess Apple has made a fairly secure system but they can't expect all third party developers to follow the same rigorous standards."

eldavojohn writes "Google has signed on with the Large Synoptic Survey Telescope project that will construct a powerful telescope in Chile by 2013. Google's part will be to 'develop a search engine that can process, organize, and analyze the voluminous amounts of data coming from the instrument's data streams in real time. The engine will create "movie-like windows" for scientists to view significant space events.' Google's been successful on turning its search technology on several different media and realms. Will they be successful with helping scientists tag and catalog events in our universe?" The telescope will generate 30 TB of data a night, for 10 years, from a 3-gigapixel CCD array.

srizah writes "At CES, Las Vegas, two companies — Arizona-based WildCharge and Michigan-based Fulton have demonstrated what are very different ways to charge gadgets sans wires. "

loganrapp writes "We've all watched the Matrix, and regardless of how we felt about them, the concept of plugging into a virtual reality appeals greatly to us. It appears that a nonprofit group called the International Association of Virtual Reality Technologies plans to build a network purely for virtual reality. Its name? Neuronet, and the first generation is planned for 2007, with "consumer applications" planned for 2009. There is some fear, however, that the whole thing is a scam."

An anonymous reader writes to tell us that several start up companies include one from MIT are looking at using (both natural and engineered) algae as source of bio-fuel. Since algae grows quickly and absorbs green house gases. From the article "Soybeans can give you 50 to 60 gallons of oil an acre compared to 75 to 125 gallons for canola, but algae is almost limitless because it grows so fast, so potentially you could get 10,000 gallons per acre."

theodp writes "Federal prosecutors are reportedly looking closely at stock option administration documents that were apparently falsified by Apple execs to maximize the profitability of option grants. While Apple has said CEO Steve Jobs did not profit from the stock-option backdating, Jobs has reportedly hired his own attorney to deal with the SEC and Justice Department."

News.com is reporting the somewhat unsurprising news that a government program we were assured was 'perfectly safe', has actually been proven to be a privacy nightmare. The 'Secure Flight' program matched air traveler information with commercial databases in the interests of national security. The charter for the program specifically forbade the TSA from accessing this information; the organization got their hands on it anyway. The Department of Homeland Security has released a report, detailing these findings and analyzing the situation. The News.com piece makes it clear the report was released on Friday in an attempt to obscure it from public notice; it was only linked to from a DHS subsite, and has not shown up on the DHS or TSA main pages. From the article: "The report from the Homeland Security privacy office takes pains to say that the privacy compromises over Secure Flight were 'not intentional,' and includes a list of seven recommendations to avoid similar mishaps in the future. Those include explaining to the public exactly what's going on and creating a 'data flow map' to ensure information is handled in compliance with the 1974 Privacy Act. This isn't the first report to take issue with Secure Flight. Last year, auditors at the U.S. Government Accountability Office reported that the program violated the Privacy Act."

VE3OGG writes "It would seem that scientists are not the only ones facing censorship from the White House. According to several news sources the New York Times originally had intended to run an article co-authored by a former employee of the National Security Council, critical of the current administration's policies toward Iran. The article had passed the CIA's publication review board, but was later redacted on orders from the White House. Article authors Flynt Leverett and Hillary Mann were former advisers to the White House, and thus all of their publications are scrutinized by a board before they can be published. Of the numerous documents this pair has published since leaving their positions, they say this was the first that was actively censored.

An anonymous reader writes "A Texas judge has ruled that, if a copyright owner objects to the linking of content from another web site, that link must be taken down. This case, which may have some far-reaching implications, centered around a motorcross website. The site, run by a Robert Davis, provided links directly to live feeds of 'Supercross' events streaming from the SFX Motor Sports site. The company filed suit, claiming that the direct links were denying it advertising revenue. The article cites previous cases, where sites were prohibited by judges from linking to files which violated copyright law (such as DVD decryption software). From the article: 'But in those lawsuits, the file that was the target of the hyperlink actually violated copyright law. What's unusual in the SFX case is that a copyright holder is trying to prohibit a direct link to its own Web site. (There is no evidence that SFX tried technical countermeasures, such as referrer logging and blocking anyone coming from Davis' site.)'"

An anonymous reader writes "Google search terms have helped convict a wireless hacker. The queries the hacker performed were introduced into evidence at court, where Matthew Schuster was charged with disrupting his former employer's wireless network and imitating other users' MAC addresses to obtain access. From the article: 'Court documents are ambiguous and don't reveal how the FBI discovered his search terms. That could have happened in one of three ways: an analysis of his browser's history and cache; an Alpha employee monitoring the company's wireless connection; or a subpoena to Google from the police for search terms tied to his Internet address or cookie. Google has confirmed that it can provide search terms if given an Internet address or Web cookie, but has steadfastly refused to say how often such requests arrive.'

Regular Slashdot contributor Bennett Haselton writes in to say "The December 1st release of Psiphon has sparked renewed interest in the various software programs that can help circumvent Internet censorship in China, Iran, and other censored countries. (Some of this interest undoubtedly being motivated by the fact that many of these programs also work for getting around blocking software at work or school.) Have you ever wanted to understand the science behind these programs, the way that mathematicians and codebreakers understand the magic behind PGP? If you loved the mental workout of reading "Applied Cryptography", have you ever wanted a tutorial to do the same for Psiphon and Tor and other anti-censorship programs?" The rest of his editorial follows.

Well, here's a primer, but you might be disappointed. Like making the Statue of Liberty disappear, it doesn't sound very cool once you know how it's done; the truth is that most anti-censorship programs, including mine, only work because the censors are not trying very hard.

(Note that I am going to be talking about ways that certain anti-censorship programs can be defeated. I don't believe that this is giving much help to censors, because these are obvious weaknesses that would occur to anyone who knows how the programs work. For reasons I'll get into at the end, I don't think these weaknesses actually make much difference.)

Basically, all anti-censorship programs fall into two categories: those that require you to have a helper outside of the censored country, and those that don't.

Take Psiphon. To use Psiphon, someone in a non-censored country has to install it on their home computer, which turns their computer into a Web server with an interface similar to Anonymouse.org, where you type in the URL of the page you want to view and it fetches it for you. The difference, of course, is that Anonymouse.org is widely known and blocked by any self-respecting Internet filtering system, while your newly created Psiphon URL pointing to your home computer is not blocked anywhere, yet. So if you set up a Psiphon URL on your computer in the U.S. and e-mail it to your friend in China, your friend can use it to surf wherever they want. (Note that this also has the desirable property that the person in China doesn't have to install any software, so they can use the URL even from a cybercafe computer with restricted user permissions.) The hurdle, of course, is that the person in China has to have a contact outside the country to help them. This is not a huge barrier for many Chinese, but it still means the program doesn't have the instant gratification property of something that you turn on and it just works.

Peacefire, by the way, had released the Circumventor program in 2003 which did essentially the same thing. (And the Circumventor was itself really just a wizard for installing a Web server with James Marshall's CGIProxy script, which deserves most of the credit, although the Circumventor did help bring it "to the masses", since most users don't have the ability to set up an SSL-enabled Web server themselves.) Psiphon made some improvements, namely:

• Ability to create password-protected accounts to restrict the URL to certain users.
• Smaller download (although it may not matter much since only broadband users would be installing it anyway).
• Ability to run on Linux. (Circumventor only works on Windows, although you can install CGIProxy on a Linux webserver if you know how.)

Circumventor has some of its own advantages, although they're the kind that could easily be incorporated into Psiphon soon:

• A wizard to help users forward incoming connections on their router and enter exceptions in software firewalls to make the software work. (If they want to. No tweaking people's firewall settings without asking them!)
• Slightly harder to block, due to some strategies such as using a different SSL certificate for each install (Psiphon uses the same one each time).

And both programs fall victim to the same attacks, although as far as I know, none of these have been implemented in practice:

• Blocking sites whose SSL certificates do not match the site hostname (easier for a censoring proxy server like the ones used in the Middle East, than for an IP firewall like the Great Firewall of China).
• Blocking outgoing Web connections to residential IP address ranges like Comcast.

But basically, they're the same program -- so the difference in press coverage has been illustrative of how much context matters to reporters. Psiphon is the "politically correct" version -- they've played down the fact that it can be used to get around blocking software in schools and played up the fact that it can be used to beat the censors in China and Iran, and the press coverage has focused exclusively on that human rights aspect. The Circumventor was also written to help foreign victims of censorship, and articles have been written about its uses for that purpose, but I've also been unapologetically promoting its use to get around blocking software at home and in school, as part of an advocacy for greater civil rights for people under 18. (Also because the more installations there are in the U.S., the more it helps users abroad.) As a result, some of the TV news pieces about it have used such ominous music and lighting that they practically looked like recycled footage from "To Catch a Predator". Of course, Psiphon can be used for exactly the same thing. (I also emailed some of the reporters who recently wrote about Psiphon, to tell them about Circumventor; so far, I haven't heard back from any of them, but I doubt they're being politically correct this time, I think they're just not thrilled that C-Net scooped them by three years and seven months.)

So, Psiphon and Circumventor fall in the first category -- programs that only work if you've got a contact outside the censored country to help you. In the second category is Tor, which was originally written to provide mathematically secure anonymity, but had the nice property that it could be used to get around the Great Firewall of China as well. With your browser in China using Tor as a proxy, packets are routed to other Tor nodes outside the country, which connect you with any blocked Web site that you want to see. Best of all, you just install it on a machine in China, and presto, it works, no nagging your expat cousin in the U.S. to install something on their computer to help you. Dynamic Internet Technologies, run by Chinese dissident Bill Xia in North Carolina, runs another service that works "out of the box" -- you send an instant-message to one of the DIT screen names, and it replies with a list of currently running Web proxies. (Bill has asked me not to publicize the actual screen names that perform this service, because it's intended only for Chinese users. I think that's a case of "security through obscurity", but I respect his wishes.)

Unfortunately, all such "instant gratification" solutions have the same basic weakness, which by a simple argument can be extended even to hypothetical future programs in the same category. In the case of a program like Tor, the censor only has to install the software, look at what IP addresses the software connects to when it bootstraps itself, and add those IP addresses to the blacklist. Even if the software chooses at random from multiple IP addresses to bootstrap to, the censor can still obtain all of them by repeatedly re-installing the software (possibly wiping the machine each time so the software can't tell that it's been installed before). No matter how you slice it, if Alice the legitimate user and Bob the censor download the program on the same day, Bob can make the program not work for Alice if he updates the blacklist quickly enough. He doesn't even have to reverse-engineer the software, he just has to use a network sniffer to see where it connects to. (For DIT's proxy-by-instant-message system, the censor can instant-message the screen name repeatedly, from different accounts, until they've collected and blocked all the available proxies; this would be analogous to re-installing Tor repeatedly and seeing what IPs it connects to.)

Peacefire has produced other approach which is a simple, obvious idea, and it was quite by accident that we found out it slips through the cracks of the seemingly "unsolvable" problem with instant-gratification outlined above. Like the other solutions, it works only as long as the censors are fairly lazy, but they are, and it does. About 30,000 people have signed up through a form on our site to be notified each time we create a new Circumventor site and mail it out, every 3 or 4 days. Agents of the blocking companies have joined the list too, of course, but we mail different sites to different subsets of the list. Now, an attack analogous to the attacks listed in the previous paragraph, would be for the censors to join under many different accounts, and then block any site that gets mailed to any of those accounts. But the catch is that when an address joins the list, a new site doesn't get mailed to that address until some random time in the future. So the censor has to check all of the fake Hotmail accounts that they've created, over and over, if they want to block all of the new sites as soon as they're released. Hardly impossible, but the censor can no longer use the instantaneous approach of: (1) enter the system / join the list / install the software; (2) see where it connects to and block those points of access; (3) repeat. (If we instantly e-mailed a randomly selected site to each new signup, then this attack would work.) By going from instant gratification to almost-instant-gratification, you change one of the conditions for the theorem stated in the previous paragraph, so that it no longer holds true. Still, like Tor and the DIT system, it could be blocked with a moderate amount of effort.

The Tor protocol, by the way, has been the subject of a great deal of sophisticated mathematical analysis, really brainy stuff that is beyond the scope of this article. But it's important to understand that that analysis focuses on the security of the Tor protocol for achieving anonymity. For anonymity, the protocol is very strong; for routing around censorship, it's fairly straightforward to defeat. That's not at all a criticism of the Tor developers; Tor was designed to achieve anonymity, and just turned out to work for beating censorship as well -- but only, of course, as long as the censors aren't making much effort to block it.

Which all leads to the obvious question: Why have the censors not bothered?

Nobody knows for sure, but I fear the answer is that the Chinese government and other censors know that the greatest weapon in their arsenal is not IP blocking, or keyword filtering, or even the threat of arrest. It's just apathy. The Chinese censors know what we anti-censorware developers in the free world keep forgetting: that most Chinese are not liberty-minded Jeffersonians chomping at the bit under the oppressive yoke of their government and waiting to be freed by circumvention software. As Michael Chase and James Mulvenon of the RAND Corporation put it in their report on Internet usage by Chinese dissidents, You've Got Dissent!: "[A]lthough some peer-to-peer applications... are designed specifically to combat censorship on the Internet and address privacy concerns, most Chinese Internet users are undoubtedly more interested in using peer-to-peer applications for entertainment purposes such as downloading MP3 music files." The censors know what Netscape knew when they fought tooth and nail against Microsoft including Internet Explorer on the desktop of every Windows machine: defaults matter. It doesn't matter that users can go to Netscape's site and download their browser, and it doesn't matter that users can access a banned site by installing a cool p2p program. Most people just don't.

When I first started working on the Circumventor, I assumed that since the Chinese Internet censorship bureau reportedly employed about 30,000 people, surely if they were already spending that much effort and money, they'd throw plenty of resources at defeating any new anti-censorship program, so the Circumventor would have to be able to withstand any such attack. But I was wrong. According to the RAND corporation paper, the censors have been quite busy, for example, policing political forums for dissident postings that other users might casually run into. But they apparently assume -- correctly, it seems -- that content doesn't pose much of a threat if users have to go out of their way and download a program to access it. And if the user has to have a friend outside the country to help them, then forget it.

This is not to downplay the enormous good that programs like Tor, Circumventor and Psiphon can do in bringing free speech to the people in censored countries who want it. But it's easy to forget that those often do not comprise a large part of the population.

One of the biggest disappointments for me came in May 2005 when I was looking for ways to get around the word filter on MSN China's blogging service. Microsoft, apparently acting on public relations advice from Lex Luthor, had decided to filter the words "freedom", "democracy", and "Taiwan independence" from the titles of blogs on MSN China. (I know, I know, they have to comply with Chinese laws to do business there. But I don't think the Chinese have actually outlawed the word "democracy".) Eventually I did find a loophole, so I searched on MSN for some Chinese blogs published by expatriates to ask them to help test the workaround for me. With a few exceptions, most of the bloggers were rather hostile, saying that they supported their government's efforts to censor the Internet and to stamp out Falun Gong as a dangerous "cult". (These were expats living in the U.S., so presumably they were not worried about the Chinese government sending a tank across the Pacific to run them over if they criticized the ruling party. Even if they thought they had to watch what they said because they might someday return to China, or because they still had family there, surely it would have been easier just to ignore me; the hostility that I encountered sounded genuine.) The moral is, no matter how much your movement believes in its efforts to help oppressed people, you can't just assume you'll be greeted as liberators (ahem).

So now you know most of what there is to know about the state of the art in anti-censorship software. It's just that there is less to understand than the hype originally suggests -- the programs aren't really secure, but they work because the censors aren't really trying. And there aren't any cool mathematical formulas that you can impress your friends with -- for that, you'll still have to go back to Applied Cryptography. It's a lot less impressive to be the Bruce Schneier of circumvention algorithms than it is to be the real Bruce Schneier.

Bennett Haselton has another article on offer for us today, this time looking at the implications of a Canadian initiative to protect children online. Bennet writes: "Cybertip.ca, a Canadian clearinghouse for providing information to law enforcement about online child luring and child pornography, has announced that a group of major ISPs will begin blocking access to URLs on Cybertip's list of known child pornography sites. A Cybertip spokesperson says that the list fluctuates between 500 and 800 sites at any given time." Read on for the rest of his analysis. The system is named after a similar filtering system used by service provider BT in the UK. It is also reminiscent of a law passed in Pennsylvania in 2002 requiring ISPs to block URLs on a list of known child pornography sites; the law was struck down in 2004 on First Amendment grounds. Although child pornography is of course not protected by the First Amendment, the law was struck down partly because the ISPs were blocking entire servers and IP address ranges, hundreds of thousands of non-child-pornography sites were also being blocked.

Under the implementation of the Cleanfeed system, representatives from Sasktel, Bell Canada, and Telus claim that only exact URLs will be filtered, not sites hosted at the same IP address. (Although conventional Internet filtering programs sold to parents and schools have also made the same claims, only to turn out to be filtering sites by IP address after all, so we'll have to wait until the filtering is implemented before we know for sure.) The other difference of course is that the Cleanfeed system is not the law, so there's nothing to "strike down" in court. Cybertip did acknowledge that this means customers can get around the filtering for now by switching to a non-participating service provider, although they are encouraging more providers to sign up. Cybertip declined to say whether any providers had simply refused to participate. But of course it's much easier than that to get around the filter, since filter circumvention sites like Anonymouse and StupidCensorship will not be blocked.

So, if it's that easy to circumvent, does it do any good? Even respected Canadian academic and columnist Michael Geist, hardly a friend of censorship in other forms, has spoken out in favor of the plan. I'm going to go out on a limb and say that it doesn't accomplish anything meaningful, and may set a horrible precedent that could make it much easier to block other content in the future.

First of all, it seems that it obviously won't stop anyone who is deliberately looking for child porn. Empirically there's no way to tell -- we don't whether systems like Cleanfeed in the UK have prevented people from accessing child pornography on purpose. Even if the providers are counting the number of blocked accesses to known child porn sites, nobody knows what people have been looking at instead through proxy sites like Anonymouse. All we can do is ask, logically, whether it is likely to work. I think purely logical arguments are frustrating when there is no empirical data to act as a referee, but let's face it, users are not going to self-report on their success at finding child pornography, and there's no way to see what users are accessing through encrypted circumvention sites. Logic is all we have.

So, consider people who are deliberately looking for child pornography. Such people are likely to be resourceful to begin with (since real child porn -- remember, non-sexual pictures of naked children do not count -- is vastly less common than regular porn; Cybertip claims after all that they "only" have about 800 sites on their list, compared to millions of regular porn sites). Virtually all such people would be aware of circumvention sites like Anonymouse, or of peer-to-peer networks, which Cybertip says they have no plans to block. So nothing is blocked from people who want to get around the filter.

The only scenario where the filters could make a difference is the case where someone accidentally accesses a child porn site. Now when I first read the Cybertip press release announcing that the filter would aim to stop "accidental" exposure to child porn, I thought that was just a tactfully sarcastic way of referring to the people who get caught accessing child porn and claim it was just a mistake. But Cybertip.ca claims they've received over 10,000 reports since January 2005 from people who accessed child porn by accident. Even though that only works out to about 15 per day, I have to concede in those cases it almost certainly was a bona fide mistake, for the simple reason that nobody would voluntarily report accessing a child pornography URL that they visited on purpose. But even so, there's the question: What have you accomplished by blocking accidental exposure?

I would argue that the harm done by child pornography is to the minors coerced into the production of it, not to the people who view it. (This, by the way, corresponds with current U.S. jurisprudence; the U.S. Supreme Court ruled in 2002 that a law banning fake child porn was unconstitutional, even when the viewer can't tell the difference.) Obviously you prevent the most damage by stopping child porn at the production stage, but if it's too late for that, you can try to stop people from obtaining it willfully. This lowers the demand and decreases the incentive for people to produce more in the future.

But how would it lower demand if you block people from accessing it accidentally? If those people weren't going to proceed to buy or download more pictures anyway, then they're not fueling the demand. You can block them from accessing the pictures, but the pictures are still out there, and the people who really are fueling the demand can still access them.

So it seems that by blocking someone from accidentally viewing child porn, all you've really accomplished is to avoid offending their sensibilities. Now I don't mean that mockingly, I'm certainly not disagreeing with anyone whose sensibilities are offended by child porn. But there are lots of graphic pictures on the Internet that could offend someone's sensibilities, which are outside of Cleanfeed's mandate. Consider a photo of a 16-year-old having sex, versus a photo of an adult woman fellating a horse; even though the former is illegal to possess and the latter isn't, I think most people would be more grossed out by the second one. (I would even argue that there was more harm to the participants in the making of the second one, and in this case the law's priorities are a bit screwed up. Poor horse!)

So, why block 1% of the content that would offend someone's sensibilities, when 99% of the content that would still offend that person would still be out there? The fact that the 1% is illegal doesn't answer the question; even if it's illegal, you don't have to block it, so what have you accomplished if you do?

Possibly law enforcement is sick of people using the "I accidentally clicked on it" excuse when they get caught accessing child pornography, and wants to remove that as a defense. But couldn't someone just as easily claim that they "accidentally" accessed child pornography through a circumvention site like Anonymouse? They could claim that they thought they were accessing a regular porn site, they were using a circumventor to protect their privacy, and they didn't know that the site carried child porn and didn't find out until they'd already accessed it. So it doesn't seem like the filtering would remove the "accidental" defense.

So, I don't think the filtering accomplishes much at all, but it could set a very bad precedent once the filters are in place. Once Internet users have accepted the precedent that ISPs should block content that is "probably" illegal, what's to stop organizations and lawmakers from demanding that ISPs block access to overseas sites that violate copyright, for example, as the RIAA did in 2002? The technical means will already be in place, and more importantly, people will have gotten used to the idea that legally "questionable" content should be blocked. And with lobbyists claiming that 90% of content on peer-to-peer networks violates copyright laws, wouldn't it follow logically to block peer-to-peer traffic as well?

In a legislative climate where lawmakers have proposed everything from jail time for p2p developers to letting the RIAA hack people's PCs for distributing copyrighted files, we should resist any kind of content-based blocking that would let them get their foot in the door. That includes even well-intentioned efforts like Cleanfeed.

An anonymous reader writes "News.com is carrying an article on a 'mini-conference' held at Yahoo's HQ this past Wednesday. The get-together put representatives from Google, Microsoft, Yahoo!, and HP together to talk about their experiments with predictive networks. The 'wisdom of the crowds' allows these companies to make use of the collective knowledge their employees hold to answer important questions for the company." From the article: "David Pennock, a principal research scientist at Yahoo Research, said the company has created a currency called a Yootle. It's described as a 'scorekeeping system for favors owed.' Pennock offered as an example a programmer offering to write a piece of code for a few Yootles. Or, when organizing a dinner outing, one employee could use an internal SMS tool to bid 2 Yootles for Italian and 4 Yootles for Mexican. 'If you don't get to go to the restaurant you want to, you get compensation' in Yootles, he said. Related to Yootles is Yahoo Research's experiment with a fantasy prediction market for technology called the Tech Buzz Game. It's a modified version of software licensed from NewsFutures in conjunction with O'Reilly Media and features topics like Atlantic hurricanes and portable media devices. Winners are those who predict how popular a topic will be on Yahoo Search. "

An anonymous reader writes "Homeland Security chief Michael Chertoff is defending the upcoming rollout of the national ID card as vital for the nation's security. Chertoff reminded reporters of the importance of the initiative after this week's uncovering of an ID-forging ring. The Real ID Act of May 2005 dictates the uses and requirements for the documentation, which by 2008 may be required for everything from travel to banking. Just the same, the HSD has yet to dictate how exactly the cards will work. " From the article: "The Homeland Security chief, who is nearing his two-year mark with the agency, was likely trying to quell rampant skepticism about the IDs voiced by some privacy advocates, immigrants and other groups. Some have said they fear that the IDs are a stepping stone to a veritable police state, complete with ready surveillance of individuals. Some have argued that the idea of creating more tamperproof IDs is only a marginally better way to screen out those intent on committing terrorist acts because ID cards don't even begin to tackle a core crime prevention challenge: determining a person's unspoken intentions. "

illeism writes to note that, a mere six weeks after the launch of Firefox 2, Firefox 3 is now available in alpha. CNet reports that it is currently recommended only for software developers and testers. The big change is the upgraded Gecko rendering engine (the UI is unchanged from version 2). From the CNet article: "Firefox 3 will include some significant changes. It uses version 1.9 of the Gecko rendering engine — which itself hasn't been released yet but which includes the Cairo graphics layer. Gecko 1.9 has been in development since before the release of Firefox 2, and it provides vector-based rendering on all platforms. As the Gecko 1.9 road map explains, Cairo will 'bring modern, hardware-accelerated 2D-graphics capabilities to the whole of the Web without requiring proprietary plug-ins or rendering obsolete the broad and rich set of Web-authoring techniques developed over the past decade.'"

ptorrone writes "If you can't stand the idea of a cookie-cutter laptop and you live in New York City, you have a new option: laser-etching. Phil Torrone, an editor at Make magazine, and Limor Fried, a former fellow at the tech-focused art studio Eyebeam R&D, are working together on Adafruit Laser Services, a new, by-appointment-only business in Manhattan that etches custom artwork onto customers' laptops, iPods, cell phones, and other gadgets." The entire business will be open source. From the Adafruit Laser Services site: "We are publishing how to use the high powered laser system, set up, techniques, business practices and templates. You could start your own laser business, we'll even help you."

Erris writes "Senator John McCain has proposed a bill to extend federal obscenity reporting guidelines to all forms of internet communications. Those who fail to report according to guidelines could face fines of up to $300,000 for unreported posts to a blog or mailing list. The EFF was quick to slam the proposal, saying that this was the very definition of 'slippery slope', and citing the idea of 'personal common carrier'." From the article: "These types of individuals or businesses would be required to file reports: any Web site with a message board; any chat room; any social-networking site; any e-mail service; any instant-messaging service; any Internet content hosting service; any domain name registration service; any Internet search service; any electronic communication service; and any image or video-sharing service."

An anonymous reader writes "Reuters is carrying a story indicating that NBC, CBS, Fox, and Viacom are considering banding together to work on a competitive video-hosting site. The goal would be to provide an alternative to Google's YouTube, and presumably direct some revenue in their direction." From the article: "While a deal is still far off, the four media companies envision a jointly owned site that would be the primary Web source for videos from their television networks, the paper said in an online report on Wsj.com, citing people close to the situation. The companies aim to cash in on the fast-growing market of Web video advertising and have also discussed building a Web video player that could play clips, the Journal said. "

theodp writes "Grab your COBOL Coding Forms and head on over to comp.lang.cobol, kids! Yesterday was Grace Hopper's 100th birthday, and many are still singing the praises of her Common Business-Oriented Language."

Romerican writes "C|Net is running an interview with Greg Papadopoulos, CTO of Sun Microsystems, about the Very Near Future where he essential sees the Internet as no longer competitive. He has blogged his belief that the end game is here and nothing is likely to unseat the new world order." From the C|Net article: "It's called software as a service. It really is the running of what we think of as IT through the network. You don't buy software, you buy the consequence of the software. That starts with the small and medium enterprises. eBay, in my mind, is the leading example of small businesses being absorbed by services. Anybody who clicks their store on eBay is in fact consuming a service. They are contributing to a larger-scale eBay rather than them buying some server and sticking it on their desk."

theodp writes "The California Attorney General's Office negotiated a $14.5 million payoff from HP as part of a settlement that calls for the state not to pursue civil charges related to the now infamous spy scandal against the company and its current or former officers or directors (felony criminal charges against five individuals still remain). HP also agreed to maintain the watchdog positions of chief ethics officer and chief privacy officer for five years."

rijit writes " It appears very likely that taxation of online games assets is inevitable. Quote: 'That's because game publishers may well in the not too distant future have to send the forms — which individuals receive when earning nonemployee income from companies or institutions — to virtual world players engaging in transactions for valuable items like Ultima Online castles, EverQuest weapons or Second Life currency, even when those players don't convert the assets into cash.' "

cnet-declan writes "We already knew the FBI can secretly listen in to car conversations by activating microphones of systems like OnStar. A new Mafia court case suggests that the FBI can do the same thing to cell phones. The judge's opinion and some background information [pdf] are available for reading online. The most disturbing thing? According to the judge, the bug worked even if the phone appeared to be 'powered off.' Anyone up for an open-source handset already?" From the article: "This week, Judge Kaplan in the southern district of New York concluded that the 'roving bugs' were legally permitted to capture hundreds of hours of conversations because the FBI had obtained a court order and alternatives probably wouldn't work. The FBI's 'applications made a sufficient case for electronic surveillance,' Kaplan wrote. 'They indicated that alternative methods of investigation either had failed or were unlikely to produce results, in part because the subjects deliberately avoided government surveillance.'"

cnet-declan writes "We already knew the FBI can secretly listen in to car conversations by activating microphones of systems like OnStar. A new Mafia court case suggests that the FBI can do the same thing to cell phones. The judge's opinion and some background information [pdf] are available for reading online. The most disturbing thing? According to the judge, the bug worked even if the phone appeared to be 'powered off.' Anyone up for an open-source handset already?" From the article: "This week, Judge Kaplan in the southern district of New York concluded that the 'roving bugs' were legally permitted to capture hundreds of hours of conversations because the FBI had obtained a court order and alternatives probably wouldn't work. The FBI's 'applications made a sufficient case for electronic surveillance,' Kaplan wrote. 'They indicated that alternative methods of investigation either had failed or were unlikely to produce results, in part because the subjects deliberately avoided government surveillance.'"

bulled writes "News.com is running a story on differences found in Wikipedia's Chinese site content, as compared to content on the same subjects from the English site. The article goes into a discussion about how the 'sanitized' information is so prevalent in Chinese education that it is seen as the 'truth'." From the article: "[Some] say the object should be to spread reliable information as widely as possible, and that, in any case, self-censorship is pointless because the government still frequently blocks access to Wikipedia for most Chinese Internet users. 'There is a lot of confusion about whether they should obey the neutral point of view or offer some compromises to the government,' said Isaac Mao, a well-known Chinese blogger and user of the encyclopedia. 'To the local Wikipedians, the first objective is to make it well known among Chinese, to get people to understand the principles of Wikipedia step by step, and not to get the thing blocked by the government.'"

stevew writes "A small company in Florida is trying to take on the FCC in an attempt to make their Cell phone jamming product legal. Their main argument seems to be that the Communications act of 1934 conflicts with the HomeLand Security Act — so the Communications act has to go." From the article: "Local and state law enforcement agencies, which would be the first responders to a terrorist attack here at home, are prohibited by law from obtaining such gear. 'It just doesn't make much sense that the FBI can use this equipment, but that the local and state governments, which the Homeland Security Act has acknowledged as being an important part of combating terrorism, cannot,' said Howard Melamed, chief executive of CellAntenna. 'We give local police guns and other equipment to protect the public, but we can't trust them with cellular-jamming equipment? It doesn't make sense.'"

Agram writes, "This week Apple has released fixes for 31 vulnerabilities in its OS, although reportedly a number of known flaws remain un-addressed (according to the instigator of the Month of Kernel Bugs, 'Apple hasn't fixed any of the bugs published during [MoKB], except for the AirPort issue'). Earlier this year, in a move reminiscent of Microsoft's past patching faux pas, Apple released a 'fix' the installation of which broke features unrelated to the targeted flaw. With the growing number of low-level flaws, one has to wonder if Apple's 'more secure' argument still stands. Earlier this month, Microsoft released 6 fixes. Linux does not seem to fare much better. Despite all of these fixes, exploits remain in the wild for each platform. Perhaps, security-wise, the OS choice really boils down to a 'pick-your-poison X user-base' equation?"

bulled writes to tell us about coverage on CNet regarding a ruling a couple of weeks back that allows a spamming company to procede with their suit against a spamfighter. The 4th Circuit court ruled that the U.S. CAN-SPAM Act, much derided here, trumps the Oklahoma law under which anti-spam activist Mark Mumma sued Omega World Travel for spamming him. The ruling allows Omega World Travel's countersuit, for defamation, to go forward. From the article: "'There's been a lot of activity in the states to pass laws purportedly to protect their citizens' from spam, said Eric Goldman, a law professor at Santa Clara University. 'The 4th Circuit may have laid waste to all of those efforts.'"

bulled writes "News.com is running a story about a case coming before the US Supreme Court on testing new patents for 'obviousness'. The decision has potential to significantly impact the High Tech industry." From the article: "Several Silicon Valley heavyweights, including Intel and Cisco Systems, have submitted supporting briefs that urge the Supreme Court to revise an earlier ruling. That ruling, they claim, has helped make it easier to obtain patents on seemingly 'obvious' combinations of pre-existing inventions."

News.com is running an article on an emotionally-responsive dinosaur robot that the Ugobe company has in the works for 2007. Called 'Pleo', the animatronic Apatosaurus will respond to the vocal intonations of its owners. It won't be able to understand vocal commands; instead, its mood will be dictated by the tone of voice used at it. A terse tone can result in a depressed dino. From the article: "Ugobe will try to go beyond selling a walking/talking toy. The company will publish a developers' kit and open its source code, making the Pleo something of a cousin to the Lego Mindstorms kits or the old Radio Shack 64-in-1 electronics kits. Consumers thus will be able to download 'personality modules' and see how their Pleos react to different stimuli ... Ultimately, the company may license the technology so others can build or incorporate robots into their own products. 'We've created a toolset for making lifelike robots,' Ugobe CEO Bob Christopher said."

You're probably already aware of the United Kingdom's large network of video cameras inspecting public places. News.com now reports that they'll be listening for trouble as well. Based on a model in use in the Netherlands, new cameras will be fitted to 'listen for aggressive tones,' such as those used during an argument. From the article: "The system works by putting microphones in CCTV cameras to continually analyze the sound in the surrounding area. If aggressive tones are picked up, an alarm signal is automatically sent to the police, who can zoom in the camera to the location of the suspect sound and investigate the situation. 'Ninety percent of violent cases start with verbal aggression,' Van der Vorst said. 'With our system, the police can respond a lot quicker to a violent situation.'"

An anonymous reader writes to mention a News.com article, which reports on Microsoft's attempt to meet the EU's requirements in their ongoing antitrust case. The updated documents that Microsoft has delivered, they hope, will put off the leveling of a several-millions-of-dollars-a-day fine against the OS maker. Whether or not the documents have accomplished that task will not be known for several months yet. From the article: "The commission set a deadline of July but delayed it until a court proceeding finished in December, 2004. In July, 2006, the commission fined Microsoft $357.3 million for dragging its feet, on top of a fine of almost $646 million in 2004 for its initial violation. In a statement calling the submission of documents a 'milestone,' Microsoft said it had completed the review and editing of some 100 documents, which number 8,500 pages."

theodp writes "Just because Richard Stallman is paranoid doesn't mean Microsoft's not out to get you. For a hint about the possible end-game of Microsoft's Trusted Computing Initiative, check out the patent application published Thanksgiving Day for Trusted License Removal, in which Microsoft describes how to revoke rights to render based on 'who the user is, where the user is located, what type of computing device or other playback device the user is using, what rendering application is calling the copy protection system, the date, the time, etc.' So much for Microsoft's you-should-have-control assurances."

theodp writes "Just because Richard Stallman is paranoid doesn't mean Microsoft's not out to get you. For a hint about the possible end-game of Microsoft's Trusted Computing Initiative, check out the patent application published Thanksgiving Day for Trusted License Removal, in which Microsoft describes how to revoke rights to render based on 'who the user is, where the user is located, what type of computing device or other playback device the user is using, what rendering application is calling the copy protection system, the date, the time, etc.' So much for Microsoft's you-should-have-control assurances."

An anonymous reader writes "The days of the beige box are behind us, as computing becomes ever more a consumer electronics field. A New York Times article, hosted at News.com, discusses the newest trends in moving away from standard beige for PCs and laptops. Designer colors, artfully designed notebooks, and personalization are just some of the options outfits are now offering." From the article: "Apple Computer is widely credited with long ago shattering conventions that had for years dictated how a computer had to feel and look. Windows-based personal computers generally lagged far behind in fusing function with form in ways that consumers found exciting. But that is changing, executives from mainstay computer companies like Dell and Toshiba say."

theodp writes, "'The IT work force is not skilled enough and almost never can be skilled enough,' said Robert Cresanti, Under Secretary of Commerce for Technology. So what does the Poli Sci grad and ex-General Counsel for the ITAA think is the answer? Open the gates to more foreign workers, urged Cresanti, including H-1B holders."

dptalia writes "Israel is looking to create a small robot, no larger than a hornet to follow, film, and kill terrorists. It's just one of a series of weapons the country is considering as an alternative to conventional technologies. Other ideas floating around include gloves that would give their user 'bionic strength', and ultra-miniaturized sensors to detect explosives on suicide bombers." From the article: "The research integrates nanotechnology into Israel's security department and will find creative solutions to problems the army has been unable to address, Deputy Prime Minister Shimon Peres told Yedioth Ahronoth. 'The war in Lebanon proved that we need smaller weaponry. It's illogical to send a plane worth $100 million against a suicidal terrorist. So we are building futuristic weapons,' Peres said."

triskaidekaphile writes, "Cary Sherman, president of the RIAA, has an editorial on CNet responding to the Consumer Electronics Association's support of the Digital Freedom campaign for fair use. Sherman proclaims, 'The fair use doctrine is in danger of losing its meaning and value.' Like a true spinner, he indicates that fair use is indeed important, then states 'Let's be clear. The CEA's primary concern is not consumers, but technology companies — often large, multinational corporations which, like us, strive to make a profit... But to seize the mantra of "consumer rights" to advance that business interest is simply disingenuous.' Slashdotters, trollers, and pollsters one and all, what say you? Disingenuous or dissembling?"

An anonymous reader wrote to mention a New York Times article being hosted at News.com. It touches on a new initiative in upstate New York to deal with the problem of e-waste. The Town of North Hempstead has positioned helpers at the dump the last four weekends, assisting people with a flood of old monitors, keyboards, laptops, word processors, and even a Pong game or two. Besides the obvious benefit of getting this junk out of our homes, the article highlights why this should be a growing concern around the country. From the article: "While federal law regulates the disposal of electronics by businesses and government agencies, it does not affect individual consumers, who account for more than half the e-waste produced annually, according to the federal agency. Every old computer monitor contains about four pounds of lead, and other parts are filled with heavy metals like mercury, arsenic, cadmium and chromium. They have toxins that hover in the air after incineration or leach into the water supply when buried in landfills. Researchers at Carnegie Mellon University in Pittsburgh say that dumps around the nation's major cities, including New York, hold more than 60 million computers."

gnaremooz writes "A U.K. law has been passed that makes it an offense to launch denial-of-service attacks. The penalties for violating the new statues are stiff, with sentences increased from 5 to 10 years. The five year penalty was from the 1990 "Computer Misuse Act", which was enacted before the Internet became widespread. The idea of stiffer penalties for DoS attacks are probably something we can all get behind, but the language of the law is frustratingly vague." From the article: "Among the provisions of the Police and Justice Bill 2006, which gained Royal Assent on Wednesday, is a clause that makes it an offense to impair the operation of any computer system. Other clauses prohibit preventing or hindering access to a program or data held on a computer, or impairing the operation of any program or data held on a computer."

An anonymous reader writes, "PC manufacturer Acer is complaining that Microsoft has jacked up the price of Vista, and that the basic versions are so basic no one will ship them. Since the collapse of the Microsoft anti-trust case under the Bush administration in 2001, manufacturers have no choice but to accede, adding hundreds of dollars to the cost of each PC. With Gates now proclaiming victory over European regulators, Microsoft once again seems unstoppable. But Microsoft had drawn itself close to the Republican Party. With the Republicans now evicted from the House and Senate, is it time to look at the Microsoft anti-trust suit? Could Microsoft be compelled to lower its inflating Vista prices, or to open their tech or even supply funding to Linux-flavored Windows such as Wine? What do Slashdot readers think about the likelihood of another go at breaking up the Windows monopoly?"

illeism writes "C|Net is reporting on Intel's experimentation with nanotubes in processors. From the article: 'The chip giant has managed to create prototype interconnects — microscopic metallic wires inside of chips that link transistors ... Carbon nanotubes ... conduct electricity far better than metals. In fact, nanotubes exhibit what's called ballistic conductivity, which means that electrons are not scattered or impeded by obstacles.'"