Slashdot Mirror

rlsnow writes "Kubrick's (Spielberg's) upcoming movie AI has a promotional campaign to warm the hearts and blow the minds of puzzle-hungry science-fiction lovers everywhere; more than 3800 of them at last count, in fact. The group's latest accomplishment has been the development of a distributed computing client to brute force one of the more fiendish puzzles. The combined power of this group is pretty incredible -- the emergent phenomena of directed distributed cognition is startling. This may be the closest this many humans have come to developing a (somewhat focused) hive mind,, yet."

Iain Banks doesn't just write science fiction; he's also a fine writer of other sorts of novels. The Business is his recent novel about a semi-sinister keiretsu which is large, rich, powerful, invisible and nameless. Perhaps the most intriguing aspect of The Business is their method for promoting talent: you get promoted to the next level of The Business when your peers agree that they want you leading them.

The Business author Iain Banks pages 393 publisher Simon and Schuster rating 9/10 reviewer Michael Sims ISBN 0-7432-0014-4 summary life in the world's most powerful and least visible corporation

The tale starts off with the protagonist getting woken up at 4AM: one of her subordinates, who is due to participate in an important deal the next day, has woken up with half of his teeth surgically removed.

Who controls the British Crown?
Who keeps the metric system down?

The Business is the world's largest and most powerful entity that you've never heard of. Supposedly predating the Christian Church, the Business once owned the Roman Empire (but only for a little while -- it didn't work out), and now has a great many fingers in a great many pies. Swiss banks? Yes. Offshore islands? Yes. Covert operations? Yes. The Business is like a sort of capitalistic fantasy come to life, the Illuminati made real.

Who keeps Atlantis off the maps?
Who keeps the Martians under wraps?

Kathryn Telman is a Level Three in the Business, which makes her Rather Important in the scheme of things but she still has ambitions to make it to the top. Kate is one of the Business' experts in the modern world of high technology, and this expertise has allowed her to rise quickly -- she has a natural gift for buying low and selling high, as you will see. But besides the day-to-day operations, the Business is moving strategically: they want to purchase a nation so that they can have a seat at the United Nations. This is one of the few perks that the Business does not already possess, and they are a bit envious of the other Seats ... errr, Nations.

Who holds back the electric car?
Who makes Steve Guttenberg a star?

The whole book is written in the lyrical, flowing, pleasant style that characterizes several of Banks' less gruesome books, such as Look to Windward or Inversions. It's a bit odd, since most writers would write a book like this in a very tense, clipped fashion and Banks rejects that. It's a fun read, all the way through, and even if it won't leave you with a feeling of wonder like some of Banks' books, it's still well worth your time.

Who robs cave fish of their sight?
Who rigs every Oscar night?

We do, we do!

You can find this book at Fatbrain, which also features an excerpt from the book.

Having just finished reading an advance copy of American Gods, the newest book from Neil Gaiman ^[?] , and enjoying it (I will write the review soon) - I wanted to point out tour dates that are in his blog journal. I'd also like to applaud the decision to use the blog format for keeping a Gods journal - it's definitely interesting to see the process on screen.

GroundBounce writes "Here's an article at NewsForge detailing how Red Hat is taking the initiative to broker deals with state legislatures to change parts of UCITA ^[?] which are damaging to open source software, such as mandatory warranties and reverse engineering. They are also working with the uniform law commission to try to change the prototype for the law." Good work by Red Hat - that's a necessary change.

An Anonymous Coward writes: "Newsforge ^[?] has a story about TransGaming Technologies releasing a patch to support the Direct 3D gaming API to Linux. It sounds like this could have the potential to greatly improve gaming in Linux." We've done a story about this already, but it looks like they're starting to make progress. It would be very impressive indeed to be able to run all new-release Windows games without Windows...

Robin Gross, one of the very nice people at the EFF ^[?] wrote to us about their new public music license. As the press release states: "...EFF's Open Audio License allows anyone to freely copy, share, perform, and adapt music in exchange for providing credit to the artist for her gift to humanity. EFF's Open Audio License enables musicians and society to build upon and share creative expression, creating a rich public commons. Artists who chose to release a song under the public license can build their reputation by offering unfettered access to their original works in exchange for recognition. Open Audio works are designated as "(O)" by the author and may be lawfully traded on file-sharing systems such as Napster or played by traditional and Web DJs royalty-free. Numerous musicians have traditionally taken advantage of super-distribution of their music, such as the Grateful Dead, a band that attributes much of its success to its encouragement of fans to freely copy and share its music. "EFF's Open Audience License hopes to use the power of copyright to protect copyright's ultimate objectives: a vibrant and accessible public domain, incentivising creativity, and promoting the free exchange of ideas," said EFF Staff Attorney for Intellectual Property Robin Gross. "EFF's public music license strikes a new deal between creators and the public, granting more freedoms to the public to experience music while ensuring the artist is compensated." You can read more details in the FAQ and more about their Campaign for Audiovisual Free Expression.

Boban Acimovic writes "According to this story on the Yahoo Financial News", IBM is going to buy Informix Database Software for $1 billion in cash. The main players in database leader struggle will be Oracle and IBM after this acquisition." That's in the commericial space - obviously SleepyCat, PostGres and MySQL and others aren't going away. And it appears that the other parts of Informix will be staying around as a seperate biz, so we should continue to see their support for OSS ^[?] .

Tim Smith of The Stencil Group pointed out a white paper that The Stencil Group put together concerning UDDI ^[?] . With UDDI's six month birtday, they say that it's building momentum, and postulate about why it will work in the end. Check out UDDI.org for other information as well.

basscomm writes "Nintendojo has the first two parts of a two part editorial on the career of Gunpei Yokoi. Mr. Yokoi worked at Nintendo for many years and was responsible for such innovations as the D-pad, R.O.B., the Game and Watch, Kid Icarus, Metroid, the Game Boy, and the ill-fated Virtual Boy. This prolific inividual was killed in an automobile accident in 1997."

basscomm writes "Nintendojo has the first two parts of a two part editorial on the career of Gunpei Yokoi. Mr. Yokoi worked at Nintendo for many years and was responsible for such innovations as the D-pad, R.O.B., the Game and Watch, Kid Icarus, Metroid, the Game Boy, and the ill-fated Virtual Boy. This prolific inividual was killed in an automobile accident in 1997."

mansoft was one of several to send us a followup to last week's story about the massive MSIE/Outlook security hole. He points us to this Wired news article: "Your computer may not be protected against a recently discovered and dangerous security hole -- despite all claims to the contrary from Microsoft." Ack! If you tried the patch and got the message, "This update does not need to be installed on this system," you may need to upgrade your IE and re-patch. I'm amazed at how poorly this has been handled. I'll be even more amazed if there is no fallout. If Melissa or ILOVEYOU had been able to install backdoors as they spread, that would have really, really sucked. Update: 04/03 04:24 PM GMT by J : According to this Wired story, Microsoft was given six weeks of silence to prepare and issue the patch.

Stavr0 noted that Everything 2 has now hit its 1 Millionth Node: [list collector] by [stepnwolf]. Long long long time readers of Slashdot remember Everything as The Mystery Project thought up and developed years ago by Nate & I, which has since taken on a life of its own. Congrats to Nate, Bones, Darrick, Tim, Ron, and the thousands of people who have contributed a million nodes, both priceless and worthless to this bizarre experiment in distributed collection and maintanence of information. Nostalgia rises up in me whenever I read the original nodes that Nate and I wrote when Everything was just a wierd drunken idea. If only we figured out a way for it to break even ;)

Stavr0 noted that Everything 2 has now hit its 1 Millionth Node: [list collector] by [stepnwolf]. Long long long time readers of Slashdot remember Everything as The Mystery Project thought up and developed years ago by Nate & I, which has since taken on a life of its own. Congrats to Nate, Bones, Darrick, Tim, Ron, and the thousands of people who have contributed a million nodes, both priceless and worthless to this bizarre experiment in distributed collection and maintanence of information. Nostalgia rises up in me whenever I read the original nodes that Nate and I wrote when Everything was just a wierd drunken idea. If only we figured out a way for it to break even ;)

Stavr0 noted that Everything 2 has now hit its 1 Millionth Node: [list collector] by [stepnwolf]. Long long long time readers of Slashdot remember Everything as The Mystery Project thought up and developed years ago by Nate & I, which has since taken on a life of its own. Congrats to Nate, Bones, Darrick, Tim, Ron, and the thousands of people who have contributed a million nodes, both priceless and worthless to this bizarre experiment in distributed collection and maintanence of information. Nostalgia rises up in me whenever I read the original nodes that Nate and I wrote when Everything was just a wierd drunken idea. If only we figured out a way for it to break even ;)

TDScott writes: "Well, it seems after H2G2 was bought out by the BBC, they've finally managed to get the site up and running again. But here's something new - all the guide entries, even the unapproved ones, are being moderated! Looks like the Beeb doesn't want anything objectionable on it's domain ..." I agree with hemos that E2 is overall a cooler place, but I think a lot of people will like even a bowlderized Hitchiker's Guide.

Alert reader Sin Yuhara writes: "I've encountered [an interview in which] Jun-ichiro "itojun" Ogino(KAME Project Core/NetBSD Core/FreeBSD Comitter) talks about IPv6. The KAME IPv6 ^[?] stack is very well known in the BSD world and beyond. I'm sure IPv6 and related stuff must deploy, and this article may help all people." It's a really good read -- itojun talks about the IPv6 tools that are already integrated into the various BSD systems, about the need for ever more testing, and about why Japan rocks.

Dasheiff writes: "A federal appeals court [NYTimes, free reg. req. ^[?] ] struck down a set of regulations today that had prevented the nation's largest cable companies from growing beyond serving more than 30 percent of the cable and satellite market's subscribers and providing more than 40 percent of its channels with programming from its affiliated companies. In other words AT&T and AOL Time Warner can now continue to expand their monopoly. However it's not clear if this is a bad thing, if shows continue to be poor people will not watch them. Companies need to compete with the viewer more than the other companies." So, were those limits actually doing customers good or not? And will this make high-speed access (even if AOL-TW dominated) available in many places it's not right now?

abde writes: "Sad news on Space.com -- NASA has canceled the X-33 reusable launch vehicle program due to cost overruns and severe budget cuts. Looks like we are stuck with the aging Space Shuttle ^[?] and NASA has relinquished the quest for cheap space launch capability. But hey, at least rich people get a tax cut (even if they don't want one)..."

Slashback, the semi-regular attempt to bring some new light to old stories, continues briskly tonight with just a few items: clarification about words from RMS, early vacation plan reminders for anyone up for a little Wanderungenmitpenguinenborkborkbierdrinkinundsoweiter, and more on Deja. Deja.

Which way to America, please? After word of Microsoft Honcho Jim Allchin's (somewhat bizarre) words on Free software (later "clarified" by MS), we linked to a (preliminary) response to Allchin from RMS. Now RMS has himself issued a final version of his statement, here for your edification, passed on by Dan Gillmore, technology columnist for the San Jose Mercury News.

Very eloquent.Thanks, Dan.

And if you're not yet out of sparklers, pie, bunting or RAM, matthew writes: "Bradley M. Kuhn, the new Vice President of the Free Software Foundation, has an essay published here. It's a more personal answer to Microsoft's attack against the GPL."

Start flossing that stein and pressing those Lederhosen! Jetzt! Alex writes: "I'm proud to announce that we finally got it managed. The date is fixed. The Linuxbierwanderung 2001 (1) will take place from 25th of August to the 1st of September in Bouillon (2), Belgium. As the hall we get the upper floor of the Archeoscope (3), a museum direct in town. It's warm, dry, nice, with enough electricity and has up to some 20 ISDN-lines. To get things easier for you we added a lot of phonenumbers and addresses of camping sites and hotels on the webpage. See (4) to look for your favorite place. So, now it's time to register ! To register yourself, your family, your pets, your computers and your lectures see (5). Thank you for your attention, Cheers, Alex.

(1) The Linuxbierwanderung 2001
(2) Bouillon on the Net
(3) The Archeoscope
(4) Hotel Overview
(5) Join the Linuxbierwanderung and register !"

I wish this didn't sound suspiciously close to LinuxWorld (San Francisco) 2001, because a lot of people would probably like to go to both. Lucky Europeans;) How about one of these in the Great Smoky Mountains of Tennessee? I'll bring the fireworks, you bring the moonshine ...

I would have stopped at Pizza-Nizza afterward ... Google bought Deja. RallyDriver sends a report from the coolest six-letter city on I-35 between Dallas and San Antonio (gulp -- covered my bases?).

"On Thursday at the Omni hotel here in Austin ^[?] , we had the now familiar wake: the auction. While the public was overbidding on everything from furniture to laptops, dual P3 VA FullOn servers were going for as low as $275 a piece.

The show, however, goes on. Rumors of unemployment levels in Austin are greatly exaggerated, and it seems like most of the Deja people are already moving on to new opportunities. If you work in high tech, Austin is a small town of 1 million people.

Most of the server equipment (they still had the previous generation of equipment and the one before that) was picked up by junk dealers and resellers according to its vintage, but ironically a number of the rackmount boxes will be going right back where they came from -- Exodus Austin, where Deja was hosting, is also our co-lo provider."

The good people of Ogg Vorbis have a new beta release out (number 4) for which they claim better compression, nicer sound, fewer bugs and more protein than the last. While that's nice enough, that's not the only news on the Vorbis front: probably more important in the long run is that the guys behind Vorbis have formed a non-profit called Xiph.org to replace the S-class corporation they've been developing as for a while, Xiphophorous. Emmett of BinaryFreedom had a cool chat with Vorbis developers Christopher Montgomery and Jack Moffit about the new release,foundation, encoding, and hardware capable of playing back the Vorbis format -- well worth reading. Plus, you can download the new beta (and some sample tunes), too. Oh, yes, and there's the little matter of moving from the GPL ^[?] to BSD license ^[?] , with what they say is RMS' blessing. You will have to read to find out why, though;)

The good people of Ogg Vorbis have a new beta release out (number 4) for which they claim better compression, nicer sound, fewer bugs and more protein than the last. While that's nice enough, that's not the only news on the Vorbis front: probably more important in the long run is that the guys behind Vorbis have formed a non-profit called Xiph.org to replace the S-class corporation they've been developing as for a while, Xiphophorous. Emmett of BinaryFreedom had a cool chat with Vorbis developers Christopher Montgomery and Jack Moffit about the new release,foundation, encoding, and hardware capable of playing back the Vorbis format -- well worth reading. Plus, you can download the new beta (and some sample tunes), too. Oh, yes, and there's the little matter of moving from the GPL ^[?] to BSD license ^[?] , with what they say is RMS' blessing. You will have to read to find out why, though;)

TDScott writes "Woohoo! After a bit of uncertainty, Douglas Adams' H2G2 community site is being integrated into BBC Online! Here's the BBC press release. Nice to know that it's going to survive." I like H2G2 - it reminds me a lot E2, which has a somewhat similar concept.

justin sane writes: "The NY Times has an article about the one of the tiniest functioning robots to date.[Note: free reg. req. ^[?] -- t.] They faced numerous problems and build the robots layer by layer with photolithography on expoxy compounds. The microprocessor is raw (i.e. without a package to save on size). The batteries are the biggest part by far (not surprisingly). There is an MPEG of one in action as it's speed 20 in/min velocity but alas it just looked like a photo album on my M$ player--still the photos are cool. No word if they are working on a port of Embedded Linux that can run the 8k memory space though. That would be my next step, then ... Python ;-)"

Jason Bennett, frequent reviewer of books, now regales you with this great piece on the background and development of the new encryption standard to replace the pretty-good-till-now DES. It's full of linked information you'll want to digest, too. Update: 02/23 12:32 AM by T : Note: The links I borked are better now; mea culpa (and beware copying in Mozilla).

Since it was officially approved by the U.S. Government in November of 1976, most of the world's sensitive commercial traffic has been secured through the use of the Data Encryption Standard (DES). In its twenty-five year lifetime, it has become the most widely used, most widely trusted, and most widely studied encryption algorithm in existence. Alas, in the same way that your Atari 2600 ^[?] is currently sitting on the floor of your closet, DES' lifetime has come to an end as well. This was most dramatically demonstrated in the three DES Challenges sponsored by RSA Labs between January of 1997 and January of 1999, with a DES-encrypted message eventually being broken in less than 24 hours. This challenge also witnessed the birth of a DES-specific cracking computer, a machine widely theorized about, but never before (publicly) built. Although variants of DES (most notably Triple DES) are still widely used, it became clear that a new algorithm would be needed for the next twenty-five years.

Thus was born the Advanced Encryption Algorithm Development Effort. Beginning in January, 1997 (just before the RSA challenges finally broke DES), the National Institute of Standards and Technology announced its intent to begin the Advanced Encryption Standard (AES) process. The initial AES workshop was held in April, with the official call for algorithms going forth in September. Importantly, this call specified that the algorithms submitted have a key length of 128 bits, and be free of intellectual property constraints. Algorithms would be accepted from domestic and international submitters, and the resulting algorithm would be completely public. The con test would also consider both the hardware and the software implementation -- a divergence from DES, which was specifically designed for use in hardware. Importantly, the hardware that the AES had to operate in could vary from the largest supercomputer to a ROM-based smart card or other embedded ed environment. A candidate algorithm might well be optimized for one or the other, but had to perform at least reasonably well on all to have a real chance of being selected. Finally, this algorithm would be designed from the ground up to use the long key length, and thus would be faster and more secure than Triple-DES is at that length.

Thus came the warriors to the joust. On August 20-22, 1998, the first AES conference was held, with fifteen different algorithms being presented. Over the next seven months, these algorithms were tested in laboratories around the world to probe for weaknesses and to test the their speeds. There is a huge selection of papers on these tests at the AES1 site for your perusal, so I will not try and detail those tests here. Suffice to say, several of the algorithms had serious problems identified, while others came through with flying colors. The next March, the second AES conference was the forum for the presentation of these results, and a subsequent discussion of which algorithms should thus advance to the final round. These finalists were announced in August of 1999, thus beginning the second round of competition. NIST subsequently issued an excellent report detailing their rationale about each algorithm, including the problems and benefits associated with each.

The AES finalists were:

• MARS (IBM) (their case)
• RC6 (RSA) (their case)
• Rijndael (their case) (how to pronounce it)
• Serpent (their case)
• Twofish (Counterpane) (their case)

Obviously, each candidate comes to the conclusion that their cipher is the best. Nevertheless, there are some shared criticisms of the various ciphers that show patterns in each one. Serpent, for example, is universally named the slowest algorithm (in software), even by its creators. Nevertheless, they make their case based on being the most secure algorithm of the bunch. RC6 and MARS are both very fast on certain processors, but terrible on others. As noted above, any serious AES candidate had to perform well across all platforms, and thus this variable performance tended t o compromise these candidates. None of the algorithms were ever broken by a practical attack, however, and all should be considered secure enough for serious encryption work. Thus was held the third AES conference in April of 2000. This was the final conference before the official AES selection, and the last chance for each algorithm to make it s case. The statements above were presented at the end of this conference in an effort to make that case. Once the conference ended, it was up to NIST to make its selection. The candidates could only wait.

Finally, on October 2, 2000, NIST released their final decision, that R ijndael was to be the AES selection. Simultaneously, NIST released a paper detailing their rationale for the selection. In sum, this paper says that any of the finalists could have been selected (an opinion echoed by man y in the industry), but that Rijndael proved to have the proper balance necessary between speed in hardware, speed in software, and security. To quote from NIST's statement:

Rijndael appears to be consistently a very good performer in both hardware and software across a wide range of computing environments regardless of its use in feedback or non-feedback modes. Its key setup time is excellent, and its key agility is good. Rijndael's very l ow memory requirements make it very well suited for restricted-space environ environments, in which it also demonstrates excellent performance. Rijndael's operations ons are among the easiest to defend against power and timing attacks. Additionally, it appears that some defense can be provided against such attacks without significantly impacting Rijndael's performance. Rijndael is designed with th some flexibility in terms of block and key sizes, and the algorithm can accommodate alterations in the number of rounds, although these features would require e further study and are not being considered at this time. Finally, Rijndael's internal round structure appears to have good potential to benefit from instruction-level parallelism.

At this point, it's all over but the shouting. At some point later this year, the Secretary of Commerce will officially designate Rijndael the Advanced Encryption Standard, and a new era will have begun. AES was specified (and is expected) to remain a standard for at least as long as DES, and to protect data for even longer, and barring a major development (such as faster-than-forseen developments in quantum computing), this standard will likely be met. No one expects research into new algorithms to die, however. There will continue to be parallel algorithms developed and used, just as there are today. Thanks to be combined efforts of NIST and the community, however, there will always be the bedrock of AES available.

In conclusion, I'd like to point out the positive role that the U.S. Government, as represented by NIST, has played in this process. The Free Software/Open Source community has taken its share of shots at the government over patents, copyright and crypto export over the past several years, and deservedly so. The AES process, however, was lauded throughout the encryption community as a fair and open process that brought together the best minds available to select the algorithm for the next century (as NIST likes to say). Making an algorithm a FIPS standard gives it a legitimacy that cannot be obtained in any other way, especially given the way that this standard was arrived at. The algorithm is completely free of any IP hurdles, as was specified at the beginning of the process, and since the code is open, it can be downloaded by anyone in the world (and since it was designed outside of the U.S., any attempt to regulate its export from the U.S. would be silly). It is reasonable to criticize when a situation is bad, but it is only fair to praise when something is good.

Bibliography

I used a great number of sources from print and the web, so it's only fair to list them here. I also put many links in the body itself, most of which go into much more detail than I did.

• NIST's main AES site is the place to start. It links to most of the technical information I linked to above.
• RSA's crypto FAQ has been around for many years, and the latest edition only gets better. Covers all sorts of ground on cryptography, both general and specific. If you're trying to learn more about crypto, this is the definitive place to go.
• SANS InfoSec has a good overview of the process and the finalist algorithms.
• A Cryptographic Compendium has a good AES section
• SecurityPortal has an excellent perspective on what AES means
• Everyone's favorite IT rag The Register has a solid overview of the process
• Bruce Schneier publishes a crypto newsletter through his company, Counterpane Internet Security. See especially the issues from May 15, 1998, March and August 15, 1999, and April and October 15 of 2000.
• Simon Singh's The Code Book provided some excellent background

twivel writes "This Yahoo article clarifies their position. It is not "open source" software that "destroys intellectual property", but in fact it's the GNU General Public License that does. I can't wait for RMS' response. " What's interesting is their retroactive clarification that it's about taxpayer-supported software - a silly assurance, IMHO. Why? Because taxpayer software should be kept open - we paid for it, we should be able to use it. Locking it up into companies is not the answer - but Microsoft at least acknowledges other potentials, like the BSD license ^[?] . Check out Dan Gillmor's take on this - well done.

7213 noted that the Tradewars site has announced "Tradewars, Dark Millennium", which presumably will be a MMORPG ^[?] RTS based on the terrifyingly addictive game that I used to write scripts to play my turns for me in middle school. Screenshots and descriptions are available, but its gonna be vapor for a long time I'm sure. TW2002 is really where I met Hemos, Nate, and Kurt The Pope. God I loved that game.

Jeffv323 writes: "I was thinking the other day, what would my Logitech optical mouse look like with a superbright blue LED ^[?] ? I couldn't find any Web sites that had any technical specifications on how the optical sensor works, so I am not sure whether this idea might work. All the sites I did go to said the sensor was actually a small camera taking 1500 pictures a second. If this is true it seems like my idea could work." Has anyone out there replaced the LED in his optical mouse, out of necessity or curiosity? Have you found any good information about wavelength tolerances, voltages, etc? Anything that can handle a blue LED ought to have one in it, IMHO.

fitsy wrote to us that Philip Zimmerman, the creator of PGP ^[?] has left Network Associates. NA had bought PGP Inc back in December 1997, and PRZ has been working there since then - his depature marks an interesting turn in the life of PGP - but his message (below) has a lot more detail. One of cool links of things he's working on is the OpenPGP Consortium.

The message:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A note to PGP users:

As most PGP users know, Network Associates Inc (NAI) acquired my company, PGP Inc, in December 1997. For three years after that, I stayed on with NAI as Senior Fellow, to provide technical guidance for PGP's continued development, and to ensure PGP's cryptographic integrity. But I can't stay on forever. In the past three years, NAI has developed a different vision for PGP's future, and it's time for me to move on to other projects more fitting with my own objectives to protect personal privacy.

Let me assure all PGP users that all versions of PGP produced by NAI, and PGP Security, a division of NAI, up to and including the current (January 2001) release, PGP 7.0.3, are free of back doors. In all previous releases, up through PGP 6.5.8, this has been proven by the release of complete source code for public peer review. New senior management assumed control of PGP Security in the final months of 2000, and decided to reduce how much PGP source code they would publish. If NAI ever publishes the complete PGP 7.0.3 source code, I am confident that the public will be able to see that there are still no back doors. Until that time, I can offer only my own assurances that this version of PGP was developed on my watch, and has no back doors. In fact, I believe it to be the most secure version of PGP produced to date.

While it is true that NAI holds the PGP trademark and the source code for the NAI implementation of PGP, I'd like to point out that PGP is defined by an IETF open standard called OpenPGP, embodied in IETF RFC 2440, which any company may implement freely into its products. I will be working with other companies to support implementations of the OpenPGP standard, to turn it into a real industry standard supported by multiple vendors. I think the emergence of more than one strong commercial implementation of the OpenPGP standard is necessary for the long term health of the PGP movement, and will, incidentally, ultimately benefit NAI.

To this end, I will be assisting the makers of HushMail, Hush Communications (http://www.hush.com), to implement the OpenPGP standard in their future products. They will be doing their own announcement of this new relationship.

In addition, I will be assisting Veridis (http://www.veridis.com), a recent spin-off of Highware (http://www.highware.com), to create other OpenPGP compliant products, including software for certificate authorities for the OpenPGP community.

I am also launching the OpenPGP Consortium (http://openpgp.org), to facilitate interoperability of different vendors' implementations of the OpenPGP standard, as well as to help guide future directions of the OpenPGP standard.

This coming June marks the 10 year anniversary of the 1991 release of PGP to the public. PGP was originally designed for human rights applications, and to protect privacy and civil liberties in the information age. By proliferating the OpenPGP standard, we can renew that promise, and continue the commitment to personal privacy that captured the imagination and participation of millions around the world.

Philip Zimmermann
19 Feb 2001
prz@mit.edu
http://web.mit.edu/prz
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3

iQA/AwUBOpDtWmPLaR3669X8EQLv0gCgs6zaYetj4JwkCiDSzQ JZ1ugMhqsAoMgS me78KR5VEfCVEUFpwOCCk8Tx =JVF2
-----END PGP SIGNATURE----- -- --------------------------------------------------

Audent asks: "I've been reading (and writing) about 'Bluetooth ^[?] Coming Soon!' for what seems like years now... Is it time to give up? Where are the products? Where are the new devices that promise piconetworks and the like? And what about the risks from having an entire network of Bluetoothed devices beaming around this already saturated office of mine (100 people plus PCs plus printers, scanners, laptops, palmtops, cellphones times Bluetooth equals...?) I know they run on the same band as microwave ovens (2.4GHz) but they won't interfere with each other but are we all going to be cooked by these tiny chips? Or will Bluetooth take off in the way USB did once the first products came out in commercial quantities?" Bluetooth sounds great on paper, but have life's realities proven too much in terms of getting working implementations out of the door?

An unnamed correspondent writes: "The University of California school systems is considering to stop using SAT scores in college admissions. Story at Yahoo." The usual double-edged sword here: the SATs, ACTs and similar tests may be close to worthless, but other factors (like how GPAs ^[?] are calculated and weighted) varies wildly from school to school. (What might a GPA of 3.9 at Stuyvesant High be worth elsewhere, for instance?)

fdiskne1 wrote to us with the news from C|Net concerning out litigious 'lil buddy RAMBUS ^[?] who's got the SDRAM patent in Court right now. Because, hey, if what you are making sucks, why not go out and sue everything that moves? Excuse my editorial feeling on this, but it seems like everytime I see Rambus in the news, it's not for a new technology, it's because they are suing someone. Erg. Now I'm cranky. Time for more coffee. Anyway, the article is the pretrial highlights of the Micron/Hitachi vs. Rambus suit. Interestingly, although Rambus is supposed to win, if they lose, they lose all the royality money. And if you read the article, there's some more trouble brewing for Rambus.

Covad is in the news this week for unplugging ISPs who didn't pay their bills. Covad, in a partly helpful, partly self-serving gesture, has attempted to get disconnected customers hooked up with other ISPs using Covad's service. Oddly enough, the submissions seem to blame Covad - it looks to me like the ISP was the one to blame, taking subscriber payments but not paying off Covad. Covad's financial situation is best described as precarious, with one-third of all its DSL customers not paying - Covad's trying to throw off the dead-weight. So what's the deal with CLEC ^[?] 's these days? Is there any hope of survival against the incumbent phone companies who will do anything to squash competition?

Newsforge ^[?] has a story about Turbolinux laying off a substantial portion of its staff in preparation for its planned merger with Linuxcare. We've gotten a few anonymous submissions about this as well; perhaps some Turbolinux staff - or former Turbolinux staff - who know what's going on can comment.

During LWCE last week, LinuxWorld Paris was also going on. RMS ^[?] was there, and gave this year's award to Brian Paul. Brian is known for his amazing work on the Mesa 3D Graphics library - and deserves lots of credit. They took a *really* big video shoot of it - you can grab the video and a player from our servers at SourceForge.

We've been at LinuxWorld for the last couple days, and some interesting stuff has been going on: The SAMBA folks won the $25,000 IDG/Linus Torvalds award, and SGI announced the availability of RH7-based distro using XFS ^[?] . In other news, our BOF went well with many questions about Slashcode - and the Perl Monks booth has been doing great in donations. Update: 02/01 05:18 PM by CT : The highlight for me so far was judging the "Coveted" Golden Penguin Awards w/ Don. Actually, I seriously did covet the award, beautiful hand blown glass penguin made me wish I was a contestant. We judged that Linus got the definition of BogoMIPS wrong. Fortunately his still won, but it was truly joyous seeing the surprise on his face.

gimpy writes "Alan Emrich is a gaming veteran's veteran. He's done it all, from boardgames to card games, from computer games to pen and paper role-playing. Now, he's working as designer and lead writer on a title that has strategy fans drooling: Master of Orion ^[?] III. SharkyGames recently had a chance to sit down with Alan and get the inside scoop on what's happening with MOO3." The website for the game is available as well. I cannot count the sheer number hours spent playing MOO/MOO2 - hopefully this can live up the legacy of those games.

RossyB asks: "What format for my mailbox is best? The University of Washingtom IMAP server only supports mbox, and claims that maildir is slow and dangerous. Qmail only supports maildir, and claims that mbox is slow and dangerous! Who is right? Why?" I think one of the large problems with the adoption of maildir is the lack of MUA ^[?] 's that support it.

"I currently store all of my e-mail in a local mbox-style IMAP store in ~/mail/, so that I am not tied to any particular mail client. However, I am planning on syncing my mail across multiple machines (home, work, and soon a laptop) so I need to have mail in a form which can be synced easily. MBox is bad for this because if I grab mail on one machine, and later delete some mails from the same folder on another machine, then sync, the new mails will be lost. This is where maildir is good - each message is a separate file. But why do so many people hate it? If I do change over to mailbox, what IMAP/SMTP servers should I use? A hacked sendmail/UoW IMAP? Courier-IMAP + QMail? Something else? How do other people keep their mailstores synced across many machines, and what software do they use?"

stevenl writes "A new project on sourceforge has just been set up for a cross-platform packaging standard. Whilst there isn't much there at the moment, plans are to produce a standard that will allow people to use it even if they have no binary utilities or a compiler to compile one with, and it's expected to be platform independent whilst still being lightweight. What's people's opinions of the cross-platform aspect taking off, or will we see another situation like we have with DPKG - great packaging sysetm, but not widely used due to the inferior (but still good) RPM and proprietary things like installshield?" Frankly, apt-get ^[?] does just about everything that I need - but I'm curious as to what people about something like this actually working - is it a pipe dream? Or possible?

Pheno writes: "This looks like a fun LUG project. A simple setup for a Linux cluster called OSCAR from the Open Cluster Group. The people behind it are Oak Ridge National Labs and the National Center for Supercomputing Applications and some private companies. According to this Newsforge (part of the Keiretsu) story their 'Supercomputer on a CD' software is supposed to make it so easy to put a Beowulf cluster together a high school student or MCSE can do it in a few hours."

Quite a number of people have been writing the news that Akira is coming back to the US soon. The proposed release is "sometime this Spring". Akira ^[?] is one of the biggies in anime movies - and was a darn fine comic book series as well.

Komi asks: "I am a senior EE student at Purdue, and in my design class we're making an mp3 player that can read from a hard disk. We're using an 8-bit microcontroller (Rabbit 2000), and I've read documentation on how to interface it with a 16-bit IDE interface (where you latch the upper bits and get those on the next cycle). So actually doing reads and writes shouldn't be a problem. My question is what file system should I use? I want to be able to copy the songs to the hard drive from a PC, then attach the drive to my player and have the player read it. I've read that the FAT system is a horror to use on a small micro, so I was wondering if I should use ext2 ^[?] or ext3 ^[?] . Or should I just stick to reading from CD's?"

Komi asks: "I am a senior EE student at Purdue, and in my design class we're making an mp3 player that can read from a hard disk. We're using an 8-bit microcontroller (Rabbit 2000), and I've read documentation on how to interface it with a 16-bit IDE interface (where you latch the upper bits and get those on the next cycle). So actually doing reads and writes shouldn't be a problem. My question is what file system should I use? I want to be able to copy the songs to the hard drive from a PC, then attach the drive to my player and have the player read it. I've read that the FAT system is a horror to use on a small micro, so I was wondering if I should use ext2 ^[?] or ext3 ^[?] . Or should I just stick to reading from CD's?"

A semper-fi Anonymous Coward asks: "I've been seriously thinking of enlisting in the USMCR ^[?] for a while now and I think I'm pretty set except for the question of how it will affect my civilian IT career. I'm planning to leave my current job when I decide to go to boot camp, but I'm wondering if my having to be away one weekend/month, 2 weeks/year will adversely affect my job prospects. Theoretically my being in the Reserves can't be held against me when applying for a job. Also, if I ever need to be deployed my position is supposed to still be available when I get back. I was wondering if any readers out there could give me some of their experiences with being in the Reserves and working in the IT field?"

"I've never had any problems finding IT jobs ever since I graduated high school (I'm 21 now) so I'm hoping that my experience and knowledge will balance out the fact that I might have to pick up and leave in the middle of a project. I'm also thinking that maybe I could just become a freelance consultant so that I could at least try to work around my drills (the scheduled Reserve training each month and once a year)."

Masem sent in a link to a NYTimes story (free blah blah required. Why is the Times so lame that they don't realize that hundreds of people are registered with my address?) on self adaptive websites. It talks about us, Everything2 (which IMHO is among the best examples of the genre out there, but since I helped create it, I'm biased ;) and of course the recently announced (and Slashcode Based) suck/feed Slashclone, Plastic. I found at least one mistake, but besides that, its not a bad piece, although it probably isn't saying anything that a regular Slashdot reader doesn't know already.

Jonas Acres writes: "Lowtax of the [in]famous Something Awful has posted a commentary on the future of Internet advertising. It's a pretty interesting read. He's bounced from dying ad network to dying ad network, so he has a decent platform to preach from." I've also had to deal with a number of ad networks over the years - both for Slashdot prior to the Andover acquisition and a couple of other projects. It definitely sucks. Companies that break contracts, don't pay you, and never getting any return phone calls or anything is the norm that I dealt with.

jopasm writes "The Matrix sequels may be in trouble. They've had one of the major actors pull out due to scheduling conflicts and Keanu is rumored to have broken his ankle while in training. Scifi.com is carrying the rumour/style. " Yes, Michelle Yeoh ^[?] (Crouching Tiger, Hidden Dragon) has pulled out - but the other part to remember is that SAG ^[?] will almost be certainly going on strike, delaying production in any case.

jopasm writes "The Matrix sequels may be in trouble. They've had one of the major actors pull out due to scheduling conflicts and Keanu is rumored to have broken his ankle while in training. Scifi.com is carrying the rumour/style. " Yes, Michelle Yeoh ^[?] (Crouching Tiger, Hidden Dragon) has pulled out - but the other part to remember is that SAG ^[?] will almost be certainly going on strike, delaying production in any case.

There's an interesting story running about the need/development of genetic mark-up language. It's called GEML - Gene Expression Mark-up Language and is basically a DTD ^[?] . Obviously, with working with things like genes, GEML is useful - and a good example of why DTD is muy bein.

ravedaddy and quite a number of other folks wrote in with the news that Sharky's looks at the processor which benchmarks very well in comparison to Intel's 800MHz Celeron - the AMD Duron 850. Last week, with the release of the Celeron with a 100 Mhz FSB ^[?] , Intel jumped forward - while AMD's Duron has an equivalent 200 Mhz bus (100 Mhz buses). It looks like AMD is keeping the crown in the "Value" category.

A number of people have written in regarding AnandTech's new Celeron 800 review. Why does this one matter? This is the first Celereon to use a 100 Mhz FSB, rather then the 66 Mhz FSB ^[?] it has been hobbled with - the competition between the Duron and Celeron heats up.