Slashdot Mirror

Tesseract asks: "Since I run my own mail server, and have several processes in place to stop spam from hitting my mailbox, could it not be construed as a violation of the DMCA for spammers to 'bypass' my anti-spam protections? On a similar note, wouldn't retention of my copyrighted information (email address) be a violation of copyright law? It would seem that [parts of section 1201 might cover such situations]. How about this reference, as well? Isn't there some way to turn this legal nightmare back on itself kung-fu style?"

Columbia Law School professor Eben Moglen has been the Free Software Foundation's (pro bono) general counsel since 1993. He's also involved with the Electronic Frontier Foundation and has been mentioned on Slashdot a number of times because of his participation in these groups and some of the worthy causes they support, as well as other freedom-related matters. One question per post, please. We'll run Prof. Moglen's answers to 10 of the highest-moderated questions as soon as he gets them back to us.

irabinovitch writes "Representatives Rick Boucher and John Doolittle introduced the DMCRA which would to quote the EFF would "require labelling requirements for usage-impaired "copy-protected" compact discs, as well as several amendments to 1998's infamous Digital Millennium Copyright Act (DMCA)." We always seem to complain about the DMCA around here now is our chance to change it! Check out this "Action Alert" at the EFF."

irabinovitch writes "Representatives Rick Boucher and John Doolittle introduced the DMCRA which would to quote the EFF would "require labelling requirements for usage-impaired "copy-protected" compact discs, as well as several amendments to 1998's infamous Digital Millennium Copyright Act (DMCA)." We always seem to complain about the DMCA around here now is our chance to change it! Check out this "Action Alert" at the EFF."

Ren Bucholz writes "In what was designed to be a "safety valve," the Copyright Office is holding its tri-annual search for exemptions to the DMCA's prohibitions on circumventing access controls. The Electronic Frontier Foundation submitted comments last December that outlined four "classes of works" that should be exempt, including copy-protected CDs, region-coded DVDs, DVDs with unskippable promotional material, and public domain works that are only available on DVD. They are asking people to write in support of the four exemptions that they have proposed. The Copyright Office is only accepting comments until February 19th, so get on it!"

Ren Bucholz writes "In what was designed to be a "safety valve," the Copyright Office is holding its tri-annual search for exemptions to the DMCA's prohibitions on circumventing access controls. The Electronic Frontier Foundation submitted comments last December that outlined four "classes of works" that should be exempt, including copy-protected CDs, region-coded DVDs, DVDs with unskippable promotional material, and public domain works that are only available on DVD. They are asking people to write in support of the four exemptions that they have proposed. The Copyright Office is only accepting comments until February 19th, so get on it!"

Ren Bucholz writes "In what was designed to be a "safety valve," the Copyright Office is holding its tri-annual search for exemptions to the DMCA's prohibitions on circumventing access controls. The Electronic Frontier Foundation submitted comments last December that outlined four "classes of works" that should be exempt, including copy-protected CDs, region-coded DVDs, DVDs with unskippable promotional material, and public domain works that are only available on DVD. They are asking people to write in support of the four exemptions that they have proposed. The Copyright Office is only accepting comments until February 19th, so get on it!"

Ren Bucholz writes "In what was designed to be a "safety valve," the Copyright Office is holding its tri-annual search for exemptions to the DMCA's prohibitions on circumventing access controls. The Electronic Frontier Foundation submitted comments last December that outlined four "classes of works" that should be exempt, including copy-protected CDs, region-coded DVDs, DVDs with unskippable promotional material, and public domain works that are only available on DVD. They are asking people to write in support of the four exemptions that they have proposed. The Copyright Office is only accepting comments until February 19th, so get on it!"

kylus writes "The EFF has a pretty nice article entitled "Unintended Consequences." Basically, it reviews the last four years of life under the law, and how use of the "anti-circumvention" clauses have been used to stifle innovation, censor free speech, and threaten academic/scientific research. It ends with a conclusion most on /. have been dicussing for ages: "Four years of experience with the "anti-circumvention" provisions of the DMCA demonstrate that the statute reaches too far, chilling a wide variety of legitimate activities in ways Congress did not intend."" You've joined the EFF, right?

kylus writes "The EFF has a pretty nice article entitled "Unintended Consequences." Basically, it reviews the last four years of life under the law, and how use of the "anti-circumvention" clauses have been used to stifle innovation, censor free speech, and threaten academic/scientific research. It ends with a conclusion most on /. have been dicussing for ages: "Four years of experience with the "anti-circumvention" provisions of the DMCA demonstrate that the statute reaches too far, chilling a wide variety of legitimate activities in ways Congress did not intend."" You've joined the EFF, right?

kylus writes "The EFF has a pretty nice article entitled "Unintended Consequences." Basically, it reviews the last four years of life under the law, and how use of the "anti-circumvention" clauses have been used to stifle innovation, censor free speech, and threaten academic/scientific research. It ends with a conclusion most on /. have been dicussing for ages: "Four years of experience with the "anti-circumvention" provisions of the DMCA demonstrate that the statute reaches too far, chilling a wide variety of legitimate activities in ways Congress did not intend."" You've joined the EFF, right?

David Schaffter writes "I bought Hacking Linux Exposed when it first came out. What struck me about it at the time was that it was unlike the other hacking books that were out there. Most seemed to play on the hacker craze, and were essentially lists of cracks. Hacking Exposed, presumably the model for HLE, was very much like this. Topical, overblown, and in the end it was outdated by the time you got it." Read on to see what David finds has changed (or not) in the second edition. Hacking Linux Exposed, Second Edition author Brian Hatch, James Lee pages 720 publisher Osborne McGraw-Hill rating 10 reviewer David Schaffter ISBN 0072225645 summary This second edition of the best selling Hacking Linux Exposed shows you in great detail how to secure your Linux box - or break into one.

HLE on the other hand was much more like a good textbook -- it taught you how to think about security, to see how each problem was caused and how to combat them. As the years went by, my copy of HLE was still as useful as it was the day I got it. For this reason, I was skeptical what they could put into a second edition -- the first seemed to stand the passage of time just fine.

Nonetheless, I bought it, and was surprised to find that the second edition is even stronger than the first, yet they have made it still work on its own -- you don't need to buy the first edition to have a complete understanding of Linux security. You should probably read their reviews page which has links to reviews of the original, as well as the Slashdot review from last time which have detailed breakdowns of what you'll find. I'll concentrate on the changes in this review.

The new edition deprecates or cuts a lot of old material that is no longer applicable -- the emphasis is on OpenSSH configuration vulnerabilities, rather than RLogin/RSH/etc, for example, which is fine since no Linux system comes with Rlogin installed by default any more. The second edition is 100 actual pages longer, but due to the condensing of old material, it's effectively 200 pages longer at least. They took out some of the material that isn't needed in the paper copy and put it online too, which was a great idea.

So, from my perspective, here are the noticeable differences:

• More tools are covered in detail -- Exim gets equal play with Sendmail and friends, DJBDNS gets covered as much as BIND. (For configuration, that is. Nothing can match BIND for vulnerabilities.)

• There's a whole new Denial and Distributed Denial of Service chapter, that covers the gamut - much more than just your simple TCP-connect floods.

• There are three new chapters about post-system-compromise tricks the crackers will play on you, showing you exactly what kind of things you'll need to clean up if they get in. This stuff was absolutely amazing, and the authors could probably write a whole book on this if they wanted to.

• More distribution-specific information.

• Step-by-step instructions on how to patch and rebuild your kernel using the existing kernel configuration parameters, detailed enough that any newbie could do it. They have specific variants for Red Hat and Debian as well.

• The best discussion of network-based attacks (ARP spoofing, Man-in-the-middle, session hijacking, etc) in any book, anywhere. You could easily use the stuff in this chapter to take over Windows machines too.

• More custom tools and code than before.

• Just passing references to things like the Morris worm, the Ping of death, ipfwadm, and other hacks and tools that are so old and irrelevant today that they shouldn't be discussed in depth any more. They get their nod, but the authors spend quality time with things of current relevance only, rather than wasting the space just to make the book look thick.

• Even more integration with the website.

That last one needs a bit of explanation. Brian Hatch, the lead author of HLE, has a weekly security newsletter called Linux Security: Tips, Tricks, and Hackery. (You can read the article archives or subscribe.) These often have very detailed implementation instructions, such as installing DJBDNS and migrating away from BIND, using /proc to investigate cracker activities, and occasionally has contests too.

The nice thing is that Hatch has built up a body of free online instructions, and thus rather than copy and pasting them into HLE, he can point to the online articles from within the book. This saves lots of paper, and keeps you focused on the goal of the book -- to learn attack methodologies and how to stop them.

One thing that these guys prove in their book is that "code is speech." Rather than having wordy passages such as "The user then needs to run the command 'nc client-ip-address 80' on server 'freddie' from the /etc/ directory where client-ip-address is the actual ip address of the target, and type ..." they show it all through a command-line view, embedding this extra location and user information in the prompts and formatting (bold/italics/etc) like this

jdoe@freddie:/etc$ nc client_ip 80
GET /some/web/page
<head><title>This is some web page</title>
...

They always show you what's actually going on behind the scenes -- an actual SMTP or POP conversation for example -- so you know how things really work, rather than living in a black box where Nessus says "vulnerable" and you don't know how to determine it on your own.

Here's a very quick table of contents:

• Part I: Linux Security Overview
  • Chapter 1 -- Linux Security Overview
  • Chapter 2 -- Proactive Security Measures
  • Chapter 3 -- Mapping Your Machine and Network

• Part II: Breaking In from the Outside
  • Chapter 4 -- Social Engineering, Trojans, and Other Cracker Trickery
  • Chapter 5 -- Physical Attacks
  • Chapter 6 -- Attacking over the Network
  • Chapter 7 -- Advanced Network Attacks

• Part III: Local User Attacks
  • Chapter 8 -- Elevating User Privileges
  • Chapter 9 -- Linux Authentication

• Part IV: Server Issues
  • Chapter 10 -- Mail Security
  • Chapter 11 -- File Transfer Protocol Security
  • Chapter 12 -- Web Servers and Dynamic Content
  • Chapter 13 -- Access Control and Firewalls
  • Chapter 14 -- Denial of Service Attacks

• Part V: After a Break-In
  • Chapter 15 -- Covert Access
  • Chapter 16 -- Back Doors
  • Chapter 17 -- Advanced System Abuse

• Part VI: Appendixes
  • Appendix A -- Discovering and Recovering from an Attack
  • Appendix B -- Keeping Your Programs Current
  • Appendix C -- Turning Off Unneeded Software
  • Appendix D -- Case Studies

The HackingLinuxExposed.com website has a more complete list of contents, as well as a sample chapter.

The other nice thing is the authors have put all their source code, tools, and example cracks online for free download, released under the GPL. You may notice that you need to type a password to get in, but if you have half a hacking cell in your body, you'll find that the authors think a password requirement is stupid as we do.

If I could change one thing about this book, it would be the risk ratings. These are the dumbest things I've seen. These are little boxes at the beginning of each 'Attack' that list three values: "Popularity", "Simplicity" and "Impact." It then averages these and comes up with a risk rating. Since all the Hacking Exposed books have them, I can only assume it was a requirement of the publisher -- I don't know if Hatch and Lee care for them one bit, but I can tell you I find them useless. (Of course, I give this book a 10 in spite of this fact.)

These numbers are presented as quantitative, but it can't possibly be. I can argue giving many different values in each category, so what does this actually tell us? For example take open X11 servers. Impact could be 10 because you could type a root password that's intercepted, or it could be 7 because it only gives you user-level access. Popularity could be 3 if you say most people don't set it up this way, or you could say it's 9 because many crackers look for open servers. I'd rather they just used impact, gave it a scale of 1-10 and were done with it. The popularity and simplicity factors override the impact in too many cases to make the final value anything but specious.

Aside from that drawback, which is easily ignored, the book is absolutely solid.

When I was about to buy my copy, I noticed that the authors are donating all online proceeds to the Electronic Frontier Foundation, so you should order through their website, regardless what the Slashdot link may be. ;-)

In my opinion, there's no Linux user who should be without this book. It's 720 pages of answers you need to keep yourself secure from the blackhats, or 720 pages of ways to become a blackhat yourself, depending on your ethical alignment. Either way, you won't be able to put it down, except to type as you follow along.

If David did not convince you otherwise, you can purchase Hacking Linux Exposed, Second Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Slashback this fine 23:59 GMT brings you a response to MS GPL FUD, an update on Lessig's challenge, a followup question regarding domain disputes, a reminder that clone claims aren't new, and more. Read on for the details.

Needed: One referee. Quixotic1 writes "A small company I work for has discovered that a domain name has been registered with their U.S.-trademarked (since 1980) name. Requests to the owner of the site (a U.S. citizen) have gone unanswered, so we're now moving on to filing an ICANN dispute. There was a query last week about inexpensive alternatives to the $1000+ UDRP arbiters. The discussion ended up revolving around whether the author had a valid claim or not, but I'd still like to know -- are there inexpensive alternatives?"

I bet there's money to be made if someone can come up with cheaper means of settling such disputes.

Store in the ammunition box. leonbrooks writes "Recently, images from a presentation by Microsoft Belgium were published on the web. The presentation made some startling (for Microsoft) concessions to Open Source, then set about FUDding the GPL into the ground. I whacked together a point-by-point answer to the anti-GPL FUD. Happy linking ..."

Tithe 10 percent. Luke Francl writes "Inspired by Lawrence Lessig's OSCON remarks, Lessig's Challenge is a way for people concerned by the attempts by the entertainment industry to close off the net to fight back. The challenge is to spend more on those who fight for the open network than you do on its enemies. Since it appeared on Slashdot last month, 10 people have joined me and we've raised over $2300 for good causes (organizations like the EFF, the ACLU, the FSF, along with free software/open source programmers and online artists). And that's just the ones I know about! Cory Doctorow wrote to tell me that many people were inspired by the challenge to join the EFF. ... Check out the list of suggested recipients."

Like obsidian, and coal, and dirt ... salimfadhley writes "Today BBC Radio 4 began serialising Phillip Pullman's popular "Dark Materials" trilogy. The beeb will be broadcasting one episode per week, with a RA stream of the latest episode that can be found on the promotional site. You can find "The Golden Compass" (called "Northern Lights" in Europe) on the website now. This stream will be replaced with episode 2 next Saturday.

The Dark Materials series was originally intended as children's fiction, however owing to excellent storytelling and a significantly darker theme than Harry Potter, has done rather well in U.S. and UK adult market.

The central premise of the series is that God is evil, a celestial impostor who pretends to have created the universe and who so intensely hates flesh and blood that he wants people to live a repressed, joyless existence. Unsurprisingly this theme has upset fundamentalist Christians."

Unfamiliar? Read the Slashdot review of the trilogy.

The clones I meet are mostly in pairs. PizzaFace writes "The Washington Post reports that the Raelian clone claim echoes a hoax of 25 years ago. And while we have better technology now for testing the claim quickly, there is still room for deception, and some people don't trust the science (and pseudoscience) reporter the Raelians appointed to test their claim."

MeanMF writes "Update to this article:Infoworld reports that the Justice O'Connor of the U.S. Supreme Court has lifted the temporary stay on the California Supreme Court's ruling that Pavlovich can not be tried in California courts. That ruling can now take effect. More from the EFF."

geekee writes "CNET has posted an article claiming the US Supreme Court will take up a 1999 case involving individuals posting DeCSS on web sites based in the US. In November, the California Supreme Court had ruled that Matthew Pavlovitch could not be sued in CA since he's not a CA resident 'with no substantial contact with California'. The injunction placed before the start of the CA trial will remain in effect. The case is essentially about juristiction when attempting to prosecute a number of defendants simultaneously in order to save on legal fees."

endall writes "Sandra Day O'Connor granted a stay last week for DVD Copy Control Association so that the court could gather more information. She requested filings by later this week. I'm guessing that this delays implimentation of the California Supreme court decision on the matter."

ryochiji writes "Wired Online is reporting in this article that the jury in the ElcomSoft trial requested access 'to the full copy of the DMCA to assist in their decision-making' but was declined. 'Instead, [Judge] Whyte said he would answer specific questions jurors had about portions of the law they must consider in determining ElcomSoft's guilt or innocence.' I don't know if this is common practice in the court of law, but it somehow doesn't sound right ..."

Henri Poole writes "I've got friends who ride their bikes for a week and get me and others to donate $100 to their cause. Spending more time on lists then roads, we've set up an analogous service for Free Software and Open Source projects. Substitute the physical sweat with a good hack, and you'll see the match. After you save your next newbie from tech-hell, just ask them to help your cause. In Lessig's blog, he writes "If there's one thing I've learned from watching, and tinkering, in this web-log space, it is that the many tiny brushstrokes of thousands paints more and more powerfully than the blast of even the most important and powerful papers...As I indicate on my Affero page, I count FSF and EFF as the two key players to support." And if you don't think you can make a difference, do this math: A $1 donation to the FSF for every user of GNU/Linux would increase their budget by 30 fold."

pberry writes "The EFF Action Center has two new alerts (1, 2) on stopping "Total Information Awareness." TIA is a collection of DARPA-funded initiatives that are very scary. The project is headed by Admiral John Poindexter and has no implementation guidelines thus far. In other words, it is misguided to say that these tools will be used in any particular way, but it is clear that if they do what they say they will, America could be a very scary place to live."

pberry writes "The EFF Action Center has two new alerts (1, 2) on stopping "Total Information Awareness." TIA is a collection of DARPA-funded initiatives that are very scary. The project is headed by Admiral John Poindexter and has no implementation guidelines thus far. In other words, it is misguided to say that these tools will be used in any particular way, but it is clear that if they do what they say they will, America could be a very scary place to live."

pberry writes "The EFF Action Center has two new alerts (1, 2) on stopping "Total Information Awareness." TIA is a collection of DARPA-funded initiatives that are very scary. The project is headed by Admiral John Poindexter and has no implementation guidelines thus far. In other words, it is misguided to say that these tools will be used in any particular way, but it is clear that if they do what they say they will, America could be a very scary place to live."

PureFiction writes "Peer networks are gaining some attention these days given advances in much more decentralized search architectures and swarming distribution networks. Research has indicated that these decentralized networks are resistant to legal and technological attacks. The continued proliferation of broadband and wireless networking will ensure pervasive deployment of distributed peer networking infrastructure that will drive significant innovations in personal and community digital communications services."

An Anonymous Coward writes: "Phil Lelyveld, (email) a Vice President for Disney, has written to the FCC to tell them to ignore Digital Consumer's comments on the Broadcast Flag issue. The Broadcast Flag is an inter-industry conspiracy to turn over the keys to general-purpose computing to Hollywood studio execs -- under this proposal, no one will be able to ship digital television technology (like DVD recorders and FireWire) without Hollywood's permission. Lelyveld wrote to the FCC -- who are taking comments on the proposal -- without mentioning his day-job, to tell them that Digital Consumer, a civil liberties groups with more than 40,000 members, is nothing more than a "two dot.com millionaires" working to create a world "where we are all artist/waiters." Joined the EFF Yet? (or is it time to renew?) Update: 12/06 14:55 GMT by M : Lelyveld is not a lawyer. Here's a summary of his background.

An Anonymous Coward writes: "Phil Lelyveld, (email) a Vice President for Disney, has written to the FCC to tell them to ignore Digital Consumer's comments on the Broadcast Flag issue. The Broadcast Flag is an inter-industry conspiracy to turn over the keys to general-purpose computing to Hollywood studio execs -- under this proposal, no one will be able to ship digital television technology (like DVD recorders and FireWire) without Hollywood's permission. Lelyveld wrote to the FCC -- who are taking comments on the proposal -- without mentioning his day-job, to tell them that Digital Consumer, a civil liberties groups with more than 40,000 members, is nothing more than a "two dot.com millionaires" working to create a world "where we are all artist/waiters." Joined the EFF Yet? (or is it time to renew?) Update: 12/06 14:55 GMT by M : Lelyveld is not a lawyer. Here's a summary of his background.

Spooky Suicide asks: "I own a slightly naughty website that among other things makes 20 some odd videos available for download in MPEG2 and MPEG4 format. I recently received a written letter from Acacia Research telling me my delivery of video is infringing upon some of their patents and I must choose between either licensing their technology or settling this issue in court. I called the EFF who told me they don't specialize in patent issues and don't know what to do next. Obviously, if all video on the web infringes on their patent, you'd think they'd go after the big guys, but they seem to be going after little content providers who can't afford to fight them in court. I can't help but feel like I'm being shaken down by the hi-tech version of Tony Soprano, what should I do? Anyone else dealt with these guys or no of any group of people grouping together to fight this?"

pberry writes "As previously reported here on slashdot, the Copyright Office is looking for suggestions for new exemptions to the DMCA. The EFF has posted a nice HOWTO document to make your comments as effective as possible."

pberry writes "As previously reported here on slashdot, the Copyright Office is looking for suggestions for new exemptions to the DMCA. The EFF has posted a nice HOWTO document to make your comments as effective as possible."

pberry writes "As previously reported here on slashdot, the Copyright Office is looking for suggestions for new exemptions to the DMCA. The EFF has posted a nice HOWTO document to make your comments as effective as possible."

wessman writes "In October 2002, Visa (the credit card company) convinced a Las Vegas federal court to prevent the small business JSL Corp. from using the term 'evisa' and the domain 'evisa.com' for its website offering travel, foreign language, and other multilingual applications and services. The court ruled that the website--run by Joe Orr from his apartment-- 'diluted' Visa's trademark, even though the site uses the word 'visa' in its ordinary dictionary definition, not in relation to credit card services. Now, the Electronic Frontier Foundation is helping JSL with an appeal. The EFF has a press release available."

wessman writes "In October 2002, Visa (the credit card company) convinced a Las Vegas federal court to prevent the small business JSL Corp. from using the term 'evisa' and the domain 'evisa.com' for its website offering travel, foreign language, and other multilingual applications and services. The court ruled that the website--run by Joe Orr from his apartment-- 'diluted' Visa's trademark, even though the site uses the word 'visa' in its ordinary dictionary definition, not in relation to credit card services. Now, the Electronic Frontier Foundation is helping JSL with an appeal. The EFF has a press release available."

XorNand writes "The Cyber Security Enhancement Act (which was attached to the Homeland Security Act) was overwelming approved by the U.S. Senate today. According the EFF this soon-to-be-law allows "any government entity (federal, state, or local) to request email and voicemail from your ISP or telephone provider without a warrant or probable cause." The passage of the Homeland Security Bill is covered here on CNN.com. Yippee."

Broadcatch writes "At the coming CardTech/SecurTech in Washington D.C. the Transportation Security Administration will make their first public announcement of the Registered Traveler ID Initiative . Seems they haven't gotten the word that ID cards are a bad idea."

DarkSparks writes "The EFF is urging everyone to contact their Representatives and ask them to co-sponsor Representative Rick Boucher and John Doolittle's recently introduced Digital Media Consumers' Rights Act (DMCRA, H.R. 5544), which would introduce labelling requirements for usage-impaired "copy-protected" compact discs, as well as make several key amendments to the DMCA, including affirming the right of scientific research into technology protection measures and affirming the right of citizens to circumvent technology measures to gain access to copyrighted works they've purchased."

DarkSparks writes "The EFF is urging everyone to contact their Representatives and ask them to co-sponsor Representative Rick Boucher and John Doolittle's recently introduced Digital Media Consumers' Rights Act (DMCRA, H.R. 5544), which would introduce labelling requirements for usage-impaired "copy-protected" compact discs, as well as make several key amendments to the DMCA, including affirming the right of scientific research into technology protection measures and affirming the right of citizens to circumvent technology measures to gain access to copyrighted works they've purchased."

tiltowait writes In response to the incredulity expressed in this story about the technical prowess of libraries, I'd like to present a short essay titled "Librarians: We're Not What You Think" - read on for more. Update: 10/20 18:15 GMT by M : The author has also put up his essay on his own webpage. From the spinster librarian in It's a Wonderful Life to the crochety archivist in Attack of the Clones, librarians are often portrayed (in everything from movies, musicals, children's books, literature, science fiction, comics and cartoons to pornography - yes, pornography) as something less than noble or admirable. The perception of librarians has been a popular topic recently, with several articles focusing on the fringe-type librarians (ska, rockabilly, bellydancing, modified, bodybuilding, laughing, and lipstick). Although something of an anti-stereotype, these people illustrate the range of librarian personalities.

Many people may hold the image of a librarian as a shushing school marm who does little more than stamp and shelve books because that's all they've seen librarians do. Well think again - that's about as inaccurate as believing that Alan Greenspan is nothing more than a glorified bank teller. The job titles may change but the mission of the profession remains the same: organize information and help people find it. Libraries have been around a lot longer than the Internet, and even library technology can hold its own with the best out there. For example, Google's savvy results ranking was hardly the birth of citation analysis (next up: metadata - cough, cataloging, cough), and there are enormous library systems that also predate the Internet.

Although library geeks and technology nerds may have contrary images, in today's world the boundary between the career of the librarian and the information technologist is disappearing. Librarians today not only administer Web servers and dynamic databases to help manage large digital collections and thousands of electronic resources, they teach people how to use library systems. And just as enlightened computer engineers are advocates of noncommercial software and campaign for online rights, the library profession has a long history of staunchly defending freedom - from book burnings to the FBI's Library Awareness Program to the latest copyright battles and almost all other current issues in intellectual freedom.

Check out LISNews.com (recognize the format?) and some library blogs if you're interested in reading more about real librarians.

Nept sent in a pointer to this story about the ACLU starting a media campaign challenging the PATRIOT Act. Good to hear.

Eric Blossom has responded to your questions about GNU Radio. He notes that he's gotten a lot of inquiries from people wanting to help out, and that they have their "hands full with the software and are hoping that some other folks will chip in on the hardware", so if you're interested in assisting, go to it.

1) Hardware requirements
by wowbagger

The GNU radio page is a little thin on the hardware requirements to run the code - could you spell them out?

I realize this might be complex, and that the answer might be of the form:

"to demodulate a 16QAM signal at 115.2kBaud, you would need an XYZ digitizer card reading the 455 kHz IF and a AAA GHz Athlon CPU. To recover standard multplex FM, you would need a 123 digitizer reading the 455 kHz IF and a BBB GHz Athlon. To decode GSM you need a FFF digitizer reading the 10.7 MHz IF and a quad Athlon."

But as both a ham and one who designs SDRs, I'd like to know where this resides on the Home Hacking Scale....

Eric: There are two basic paths down the software radio path. One I'll call "narrow band", and this corresponds to most of what you're seeing sold as "DSP enhanced" transceivers. The TAPR DSP-10 kit would fall in this category. In effect, these are conventional radios which are down converting to baseband, or near baseband, and have an IF bandwidth in the 20 kHz range.

For narrow band work with GNU Radio, you'll need some kind of RF tuner/transverter. Someone pointed out that in one of the latest issues of QEX magazine there's an article about a kit that is designed to be the RF front end for a software radio that connects to a sound card. I haven't seen the article so I can't comment. The TAPR DSP-10 would also work. Just leave out the Analog Devices DSP and plug the kit into your sound card. You could wiggle the control lines using the parallel port.

To summarize, for narrow band software radio work, you'll need your sound card and some kind of RF front end. Pretty much any contemporary Pentium/Athlon machine will have plenty of horsepower.

The other path I'll call "wide band". This is personally the area that I find most interesting because it is with wide band that you are able to do things that you can't do with a conventional radio. Chief among these is the ability to concurrently receive (or transmit) multiple channels/stations/frequencies. In the examples directory of the GNU Radio code, you'll find an example that receives and demodulates 2 FM broadcast stations and puts one out the left channel and one out the right. Matt Ettus, another GNU Radio developer, has built a demo that receives 4 narrow band FM channels concurrently. These demos run fine on a 1800+ Athlon, or 1.7 GHz P4.

For the wide band stuff our "standard configuration" is a TV tuner module designed for cable modems that tunes from 50MHz to 890MHz with an IF of 5.75 MHz. The module is a Microtune 4937 DI5. We connect the output of the tuner directly to a 20M sample/second 12-bit A/D converter. The converter we're using is the Measurement Computing PCI DAS4020/12. It'll do 4 channels at 10M sample/sec or 2 channels at 20M sample/second. From the hobbyist's point of view, it's not cheap, about $1300, but it is the cheapest, fastest off the shelf solution that we found.

With our "standard configuration" we ought to be able to handle IS-136. GSM would be possible if our RF front end would cover the 1.9 GHz range. Vanu, Inc has a GSM receiver running on a 1GHz pentium laptop, so we know it's possible.


2) Re:Hardware requirements
by d.valued

Tangential to this.. is there any talk amongst the GNU Radio folks on building a piece of hardware that complements this software project, or is supposed to work with whatever devices the user has on hand/will build?

Eric: This question comes up frequently. Mostly we've got our hands full with the software and are hoping that some other folks will chip in on the hardware. From our software point of view, we'll talk to any hardware that you can provide a driver for. Fundamentally all we need is a way to get samples into and out of memory.

We do have some ideas about our ideal hardware. See ettus.com/sdr/. The key items are:

• 14-bit A/D converter 40-100 Msamples/sec (e.g., AD6645 or AD9244)
• 14-bit D/A converter 40-100 Msamples/sec
• FPGA (digital downconverter / upconverter / bus interface)
• some kind of bus interface, either 64-bit PCI or USB-2

For flexibility, we keep the RF to IF conversion on a separate board.

There are also a few threads in the mailing list archives about ideal hardware.


3) Sounds familiar
by FreshMeat-BWG

As in WinModems doing the modulation/demodulation. These devices were a nightmare. After trying several I went back to a good old hardware-based-modulation modem.

Are there parallels to this technology? and if so, how will GNU Radio avoid those pitfalls?

Eric: Part of the problem with WinModems is the "Win" part of the equation. Modems place pretty substantial hard real time demands on the OS. It's not necessarily the total amount of CPU that's a problem. It's that it the code needs to be run on time or it's no good at all.

So far most of our work has been receive only, and we dodge the bullet by using the Measurement Computing A/D card which combined with the driver I wrote DMAs directly into user space. Given say, 16 MB of buffer, you can cover all sorts of non-real time problems. The driver is written so that it only needs service about once every 10ms, no problem on today's hardware, and will sustain 80 MB / second across the PCI bus.

When we attempt a TDMA transceiver, we may need hardware that will support time stamps so that we can synchronize our input and output streams. See above for ideal hardware with FPGA.


4) What external hardware?
by Consul

I read through the GNU Radio website, and even though I found it informative in terms of the basic idea and examples, I couldn't find anything relating to what extra hardware is needed. (Maybe I just didn't look long enough?)

What extra hardware is needed in addition to a computer? Are we talking DSP chips and boards, or something a little more exotic?

Thank you for a potentially exciting project, though. This makes me want to renew my ham radio license.:o)

Eric: See above. No DSP chips or boards. Today's commodity PC hardware kicks ass on just about all DSPs as long as you're not worried about power consumption. You'll need some kind of RF to IF transverter and A/D & D/A converters (either a sound card, or something with more bandwidth, depending on your interest and budget.)


5) Describe your dream hardware for a software radio
by geirt

I want a feature list containing all the geeky details:

Frequency range.

Eric: 30 MHz up to about 2.5 GHz.

Coverage in the 5 GHz unlicensed band would be nice too.

Bandwidth (do you want to sample the whole FM band (or GSM/GPS/CB/ham bands), or just a single channel/station).

Eric: Whole swaths of the RF spectrum!

12.5 MHz would be nice.

Sample frequency and depth (ie, fast and few bits, and do decimation in software or slow and many bits with less CPU overhead)

Eric: For 12.5 MHz we'll need about 31M samples/sec, call it 40M samples/sec. 14-bits. More is better.

Necessary spurious free dynamic range, or some other dynamic range specification.

Eric: More is better. The best part I know of is the AD6645, and they're claiming 100 dB multitone SFDR.

Interface to the PC (PCI, firewire, USB...).

Eric: 64-bit PCI would work, but it's a lousy interface for a laptop. Maybe USB-2. Firewire would be OK, but I think it's got more hair on both ends. We've also thought about Gig ethernet.

Antenna connector (OK, I know that one: BNC)

Eric: BNC.


6) Convergence Devices
by Nomad7674

This technology sounds like the kind of thing which could greatly add to the convergence of devices that clutter the electronic life. You could extend convergence not only as a Smartphone but have in one device (though perhaps not simultaneously):
1. Cell phone
2. Computing power (PDA)
3. FRS radio device
4. 802.11x network device
5. Police scanner
6. Television reciever
7. etc.

Eric: I believe that convergence is ultimately where we're headed. We're a way off, mostly with respect to power consumption, but I believe that that will take care of itself eventually. The MIPS/Watt of programmable hardware is unlikely to beat that of dedicated ASICs, but ultimately, if my universal reconfigurable communication device runs all day on a single charge, who cares?

Have you been approached by police departments, FedEx, etc. to develop devices to allow their people to do more stuff in fewer packages?

Eric: We haven't. I can see a scenario where somebody else is building the hardware and we're providing the software.


7) As a college student, how do I get involved? by McCart42

If I'm interested in doing research in this field someday, and I'm currently a computer engineering major, what are some good electives that I might take? Aside from general programming necessities, what sort of signal processing courses are necessary to understand the underlying aspects of software-defined radio?

Eric::

• DSP fundamentals, filtering, FFT, freq-vs-time domain, etc.
• Basic RF might be useful; you don't need to be a specialist
• Digital comms. Builds on the DSP stuff, but adds specifics for communications. Coding theory, ideal receiver design, channel capacity, phase lock loops, etc.
• Anything about protocols in general. Once you get up above the raw bits, software radios don't look that much different than any other layered communication protocol.

8) FCC vs. Software Radio
by minddog

I was recently at H2K2 and heard this forum which right away made me ecstatic(sp?). An issue that was brought up was how this can impact the DMCA, FCC, and the big corps. You guys were saying Sony, and the other conglomerates were forming a committee that would do a digital signature to say what was allowed to be copied, and not through a dual channel checking...My question is what is the status of digital radio and its rights in the present world? To my understanding you can have a very high number of digital channels inside a single band which makes licensed analog frequencies just a waste of money to corporations if they use GNURadio as a means to transmit data long distances. Anyways, looking forward to some feedback and goodwork, I'll be joining this revolution soon, just got the dual server built;)

Eric: Here are three subtopics under the "FCC vs Software Radio" flag:

(1) General prohibition on receiving certain signals

The FCC, throwing a bone to cell phone operators, banned the reception of certain frequency bands used by cellular phones. In addition, the Electronic Communication Privacy Act (ECPA) expanded the ban to include other communications such as pagers. These provisions have been called by others "The Foreign Intelligence Empowerment Act". That is, they ban the interception of signals that are trivially interceptable, as if making it illegal would "keep the customers safe". In fact, this same sham extends into the world of digital cellular, where the signals are still effectively in the clear, and are vulnerable to eavesdropping.

Free software has no problem complying with such regulations as the code below illustrates:

#ifdef IM_IN_THE_USA
if (freq >= 825e6 && freq throw "Forbidden Frequency";
#endif

(2) ATSC Digital TV "Broadcast Flag" MPAA/CPTWG/BPDG

Alphabet soup:

ATSC: Advanced Television Standards Committee (digital broadcast TV)
MPAA: Motion Picture Association of America (Disney, Fox, et al)
CPTWG: Copy Protection Technology Working Group (www.cptwg.org)
BPDG: Broadcast Protection Discussion Group.

Short form: Certain content providers (MPAA) want TV broadcasters to set a bit, called the "Broadcast Flag", in the MPEG transport stream that TV stations are broadcasting in the clear (i.e., no crypto). The flag is intended to mean "Don't copy me". The MPAA/CPTWG/BPDG folks are then trying to convince the consumer electronics manufacturers that it is in their best interest to build crippled devices that honor the bit, and finally, since it's not obvious than any consumer would buy such a damaged device, they want to ban non-compliant receivers.

After conversations with MPAA/CPTWG/BPDG, we have been unable to find any solution where open source or free software can comply with their proposed "Robustness Requirements". Hence, open source and free software implementations of ATSC receivers, VSB demodulators and VSB modulators would be banned under their proposals. Several fundamental issues are at stake: freedom of choice, freedom to innovate, and software as protected first amendment speech.

The FCC has issued a "Notice of Proposed Rule Making" about the Broadcast Flag. In addition, it is rumored that a bill is being drafted in case the FCC won't play along.

The EFF has a wonderful blog covering this topic in detail.

(3) SDR upgrades and FCC

Recognizing the importance of SDR, the FCC, in its First Report and Order dated September 14, 2001, created a new class of equipment and associated authorization procedures. In its Report the Commission stated, "We anticipate that software defined radio technology will allow manufacturers to develop reconfigurable transmitters or transceivers that can be multi-service, multi-standard and multi-band." Continuing, the FCC stated, "These changes will facilitate the deployment and use of this promising new technology, which we believe will facilitate more efficient use of the spectrum."

From the free software point of view, what remains to be seen is what kind of "authorization procedures" will be approved. What is envisioned is some kind of digitally signed configuration or executable that can be loaded into the existing hardware. In an free software/hardware world with no clear administrative hierarchy, it's not evident who gets to say what signatures the hardware will accept. This looks like a ruling that "software radio is OK for the incumbents", but doesn't really spell out what the situation is for the free software / open source / open spectrum point of view.


9) Re:Interference
by Louis_Wu

"This is one project where hacking the code can kill people or land you in jail. Don't broadcast on the wrong frequency! Keep this away from radio telescopes!"

Eric: OK.

That brings up a good question. Are there going to be some software restrictions on which frequencies you can use? Would those restrictions be in the source or options you can change on the fly?

Eric: Ultimately the frequency range that can be transmitted depends on the RF hardware, not the software. The vast majority (all?) of the code in a software radio has no idea of the final RF frequency. It's doing its processing at some IF frequency, which is ultimately up converted once the samples leave the CPU.

It seems like a good idea to put at least one barrier between users and transmitting on police frequencies. But what kind of barrier? Should any restrictions prevent listening as well? What about military transmissions? Or air traffic control frequencies? Or the band the Secret Service uses?

Eric: In general, my philosophy is that if people don't want their communications listened to they should encrypt them. This has been standard practice for thousands of years (see Kahn, "The Codebreakers").

I agree the that hardware should be designed such that accidents are minimized. One possible route for hobbyists would be to design the RF hardware such that it would only transmit on one of the unlicensed bands. There are still requirements about transmitted power, and these requirements vary depending on the band and the modulation strategy, but that would at least reduce the chances of accidental interference.

Note however, if you're building a software radio that bridges between different public safety networks, you'd certainly want to be able to transmit.

Where should the line be drawn? What does the law say?

Eric: Do no evil? The law of what land?

For another perspective on "interference" and who "owns" spectrum, I heartily recommend the "Open Spectrum Resource Page".


10) Hardware patents?
by cornice

Up until now, free software has mostly threatened closed commercial software. GNU Radio, however, might make some hardware manufacturers squirm a bit. If I can use a generic device along with GNU Radio to emulate a range of devices how will this impact the makers of those devices and are you (or users of GNU Radio) possibly violating patents for some of those devices? It seems that GNU Radio will stir up more mud in the IP and DRM debates. What are your thoughts on this?

Eric: Since the hardware manufacturers make their money selling hardware, and we want to buy hardware I don't really see a problem. I'd just like them to build some nice, inexpensive, fully documented hardware on which I can run my free software.

Yes, we will be able to emulate a bunch of devices, and it might cause some heart burn for certain folks. For example, I don't generally want to be carrying around a GPS receiver, but in the moment that I want to know where I am, it would be handy for my universal communication device to configure itself as one and figure out where we are. I'm not sure of the patent specifics on that particular application, but I understand your point nevertheless.

I think the mud will be stirred far and wide. I think that this is a good thing. General purpose hardware keeps getting more useful and powerful, and hence valuable to the end user. At the same time, in certain situations, dedicated devices clearly win over the general purpose in areas of convenience, size and ease of use. I think this tension is good, and better products will emerge from it.


11) Plans for UWB
by wfrp01

Will GNU Radio support Ultra Wide Band? Soon, someday, never?

Great project. Thanks.

Eric: We currently don't support Ultra Wide Band. GNU Radio is a signal processing toolbox. If you had the appropriate UWB RF front end, you could use GNU Radio for the signal processing.

See aetherwire.com for background info on ultra-wideband technology.

shaikeiro writes "A fine article in the Economist about Ed Felten and what he is up to now. Also a good summary of what "freedom to tinker" means. From the article: "Thus, the freedom to tinker ends up being about the freedom of culture."" Are you a member of the EFF yet?

Clive Thompson writes "All over the net, there are little shockwave games inspired by political events -- from the WTO-style New York Defender to War on Terrorism to even Downing Street Fighter (where British politicians beat each other senseless, Street-Fighter-Style). Sure, like most Shockwave-generated stuff, they may suck as games. But that's missing the point. What's happening here is nothing less than the emergence of the online video game as a form of social comment -- something you dash off in a couple of hours to make a sardonic political point about something. It's a new notepad for communication. Or at least, that's what I argued in this piece in Slate today. In addition to the craven self-promotion of sending it in to Slashdot, I'm interested in hearing what everyone thinks of this issue. After all, courts have recently been arguing that video games cannot be protected speech; these games make it patently obvious that this view is insane." The columnist missed a better example of the genre - the EFF's game of digital restrictions management.

CheapBrew writes: "Sarah Deutsch, a vice president and associate general counsel at Verizon, is interviewed by Declan McCullagh on CNet's News.com. She argues against the DCMA, anti-P2P bill, and the broadcast flag, and notes that Verizon is teaming with other telecoms and groups like the EFF to fight the 300 pound gorilla."

Paersona writes "Ever wonder what Colleen Kollar-Kotelly is doing to pass the time while she waits for the next step in the Microsoft case? Apparently she is now serving as the lead justice of the FISA court that oversees intelligence agencies' requests for domestic wiretapping. Today, the Washington Post reveals that the FISA court has released a rare public report rebuking the FBI and Justice Department for their handling of wiretap requests." The New York Times also has a story about the FISA court. The court's opinion is available.

80bower writes "Looks like Microsoft is going to allow an MIT student to display security flaws in the XBOX and won't use the DMCA to stop him. Read about it at EFF via Politech." Microsoft deserves kudos for this. But it is a sad state of affairs when people deserve kudos for NOT doing things.

Gekko writes "The FCC has caved to pressures and has rolled back their mandate to requiring HDTV to 2007." A follow-up to this article: looks like the answer is "yes", although an extra year's delay has been added. Cherish your analog televisions, they will be collector's items. Update: 08/08 20:38 GMT by M : Declan McCullagh notes that there was also a vote on the broadcast flag concept to prevent copying of digital television - a set of draft regulations will be released next week.

trifster writes "It appears that *some* ISPs encourage Wi-Fi hotspots from users connections. Cnet News.com has the article here." The list itself is on the EFF's site. Most of the ISPs with policies against wireless NATing seem to turn a blind eye to it most of the time anyhow, though.

Jamie Zawinski writes "Mark your calendars: on Thursday, August 22nd, we're throwing a benefit party for the EFF at DNA Lounge in San Francisco! In addition to great music from DDR, Kid606, and many others, you can also witness the carnage of the first ever Wil Wheaton versus Barney Celebrity Boxing Match! Can Wil, with his backing from the EFF, protect free speech and parody on the Internet and defeat Barney and his team of corporate lawyers? You can also join us earlier in the evening and meet Wil at a special VIP party: see the DNA Lounge announcement or the EFF press release for more details." Even if you can't attend, isn't now a good time to renew your membership?

Jamie Zawinski writes "Mark your calendars: on Thursday, August 22nd, we're throwing a benefit party for the EFF at DNA Lounge in San Francisco! In addition to great music from DDR, Kid606, and many others, you can also witness the carnage of the first ever Wil Wheaton versus Barney Celebrity Boxing Match! Can Wil, with his backing from the EFF, protect free speech and parody on the Internet and defeat Barney and his team of corporate lawyers? You can also join us earlier in the evening and meet Wil at a special VIP party: see the DNA Lounge announcement or the EFF press release for more details." Even if you can't attend, isn't now a good time to renew your membership?

Jamie Zawinski writes "Mark your calendars: on Thursday, August 22nd, we're throwing a benefit party for the EFF at DNA Lounge in San Francisco! In addition to great music from DDR, Kid606, and many others, you can also witness the carnage of the first ever Wil Wheaton versus Barney Celebrity Boxing Match! Can Wil, with his backing from the EFF, protect free speech and parody on the Internet and defeat Barney and his team of corporate lawyers? You can also join us earlier in the evening and meet Wil at a special VIP party: see the DNA Lounge announcement or the EFF press release for more details." Even if you can't attend, isn't now a good time to renew your membership?

Jamie Zawinski writes "Mark your calendars: on Thursday, August 22nd, we're throwing a benefit party for the EFF at DNA Lounge in San Francisco! In addition to great music from DDR, Kid606, and many others, you can also witness the carnage of the first ever Wil Wheaton versus Barney Celebrity Boxing Match! Can Wil, with his backing from the EFF, protect free speech and parody on the Internet and defeat Barney and his team of corporate lawyers? You can also join us earlier in the evening and meet Wil at a special VIP party: see the DNA Lounge announcement or the EFF press release for more details." Even if you can't attend, isn't now a good time to renew your membership?

Today brings several articles on the MPAA's attempt to create a "broadcast flag" to kill home recording of broadcast television. Lunenburg writes "Apparently too impatient to implement the Broadcast Flag in digital media through legislative means, both Sen. Hollings and Rep. Tauzin have both sent letters to FCC Chairman Michael Powell urging him to mandate the implementation of the Broadcast Flag under FCC rules, according to the EFF's Consensus at Lawyerpoint blog." There's a CNet story about a presentation given by the MPAA to pro-business lobbying groups, and a MSNBC story about digital video recorders.

Today brings several articles on the MPAA's attempt to create a "broadcast flag" to kill home recording of broadcast television. Lunenburg writes "Apparently too impatient to implement the Broadcast Flag in digital media through legislative means, both Sen. Hollings and Rep. Tauzin have both sent letters to FCC Chairman Michael Powell urging him to mandate the implementation of the Broadcast Flag under FCC rules, according to the EFF's Consensus at Lawyerpoint blog." There's a CNet story about a presentation given by the MPAA to pro-business lobbying groups, and a MSNBC story about digital video recorders.