Slashdot Mirror

ka9dgx writes: "According to CNN, the judge has decided that the FBI has to make public how Carnivore works. The FBI has to come up with a timetable for disclosing how it works." More detail: The court has said that the FBI has 10 working days to create a timetable for when it would start producing records of how the system works. This comes as a result of EPIC's fast-track Freedom of Information Act ^[?] request for information. This does not mean, however, that the source code will be made public - but it's a step in the right direction.

Adam Bertil was one of a number of people who've written about the recent announcement from www.plex86.org that Plex86 will now run DOS applications. Kevin Lawton apparently did the work and a screenshot is on Plex86 ^[?] .org.

It came across the wire today that Caldera Systems is buying a big chunk of SCO. Caldera is buying SCO's Server Software and Professional Service Divisions from SCO, giving SCO 28% of the company. As well, one of Caldera's major investors is loaning $18 million to SCO, who will be keeping their Tarantella Divison - the press release has the other statistics in mind-numbing detail. The company is being renamed from Caldera Systems to Caldera, Inc. and Ransom Love ^[?] (who I think should win coolest CEO name) will remain as CEO.

MaxVlast asks: "I was browsing around Helix Code's site looking at their interpretation of GNOME when I found the program that they claim is 'the next step forward in GNOME applications,' Evolution. I was startled and upset--this program is, from what I can tell, a direct transfer of MS Outlook to Linux. It's bothered me for some time that the two major file and desktop managers for Linux are all clamoring to look more like Windows than their competitors, and in the scuffle, are missing some very effective paradigms (like Miller columns). Do people think it is good that Linux seems to be shooting for the 'looks like Windows, but without all the features' market? The popularly available apps seem to say so." Please pause for a moment before saying "But you've done this already!". Before the question was "Do new GUIs exist?", the answer to that was a resounding yes, but now the question is "Why do our applications still look the same?", even across platform boundaries and for two different applications?

Why does Evolution have to look like Microsoft Office? I'll buy the form-follows-function argument to an extent, but there are other alternatives to things like the standard menu/button bar and other GUI elements that could be applied to applications and at the very least, give users more choice in how they operate. Are there any projects looking to bring other not-often-seen UI elements like pie-menus and the previously mentioned Miller Columns ^[?] to our applications?

An Anonymous Coward asks: "WaveLan and other cards promise wireless Internet, but can be quite costly in lower-income areas. I know that Bluetooth ^[?] technology is supposed to be used in close proximity to each other, but can it (in large numbers) be used to hook up a congested city? Although Bluetooth is only supposed to work within a few meters of other Bluetooth devices, I have read that by upping the power, the range can be increased to 100 meters. Instead of using relatively expensive wireless LAN cards, Bluetooth is supposed to cost just a few bucks (may be a few tens of bucks with higher power?). What if a highly congested city were to mount these Bluetooth devices on rooftops to create a mesh of Bluetooth receivers and transmitters? At a few optimum locations, connections to the local back-bone could, essentially wire a whole city. These devices wouldn't have to be in direct line of site, since a chain of Bluetooth devices would eventually get to the back bone. I understand that it may be slow and there may be lag, but it is better than no Internet at all. It will also be very cheap, since marginal cost of getting Internet service in this scenario would be extremely low. I need some technical feedback here. Is it possible? What possible problems exit and can they be solved?"

People interested in this subject might also want to check out the older article, "Wireless Networks in Metropolitain Areas"

Recently WAP ^[?] has come under serious criticism from a wide variety of places... Angus wrote a short piece saying that it'll be replaced. IcesTorm-I sent us an message on an IETF mailing list criticizing the format, and to suggesting that we use open formats like LEAP instead. Even Microsoft rejects the standard. Slashdot has supported WAP (well, kinda anyway) since I got bored a few months ago and slapped it together, and I'd tend to agree that its a crappy standard, but more due to the limitations of the devices that use it. (note: if anyone has a PDA format they're dying for on Slashdot, Send diffs -- not requests! We're working on some PDA formats, but there are only so many hours in the day, and we don't have devices that can do most of the formats users email me asking for). [Updated 7 July 18:25 GMT by timothy] Readers may also be interested in a WAP report prepared by Rohit Khare for 4K Associates, which is probably the most incisive (and one of the most critical) analyses on the topic to be had anywhere.

tjgoodwin asks: "I'm the SysAdmin in an astronomy department. Our currently supported mail user agent is pine ^[?] , but I'm looking at alternatives. I'm particularly interested in strong support for qmail's maildirs. I need to support at least one text-based UA: mutt ^[?] does what I need with maildirs, but is it really suitable for a user base, many of whom are new to Unix? I'm also considering graphical UAs, preferably gnome-based. I've failed to find any useful comparison information (the UNIX Email Software Survey FAQ is seriously out of date). Any pointers?"

tjgoodwin asks: "I'm the SysAdmin in an astronomy department. Our currently supported mail user agent is pine ^[?] , but I'm looking at alternatives. I'm particularly interested in strong support for qmail's maildirs. I need to support at least one text-based UA: mutt ^[?] does what I need with maildirs, but is it really suitable for a user base, many of whom are new to Unix? I'm also considering graphical UAs, preferably gnome-based. I've failed to find any useful comparison information (the UNIX Email Software Survey FAQ is seriously out of date). Any pointers?"

Bryan Mattern was the first of hundreds to note that MySQL is being released under the GPL, as well as forming a partnership with VA Linux (which of course now owns Andover). This means nice things like it can move out of non-free in debian, and that the postgress/MySQL debate can now be argued in terms of features instead of license. MySQL's license was definitely a hurdle for the FAISC ^[?] so I'm really glad to see this happen.

Quite a number of people have written with news from the USENIX annual technical conference. The news? The Xfree86 ^[?] folks have announced that XFree86 will now have CVS access.

njcfm writes: "Ok, you've all heard and seen embedded Linux running in all sorts of useful devices; now with the backing of Intel it can run your home network too!" The story is about UPnP ^[?] for which Intel has released a Linux toolkit.

An Anonymous Coward wrote in about the Salon article of an unedited transcript of Courtney Love's speech to the Digital Hollywood online entertainment conference. Gnutella News wrote in and told us that Inside Music is running a story about the RIAA uncovering very incriminating internal memos and e-mails between Napster executives that the RIAA says is "proof that the service represents a haven for music piracy and should be closed immediately". Also, head on over to Camp Chaos for the latest flash cartoons about Napster, including one featuring the real Motley Crue. There's also a parody over at Everything2 to check out. Also here is a Wall Street article about the copyright office and the age of the Internet.

An Anonymous Coward wrote in about the Salon article of an unedited transcript of Courtney Love's speech to the Digital Hollywood online entertainment conference. Gnutella News wrote in and told us that Inside Music is running a story about the RIAA uncovering very incriminating internal memos and e-mails between Napster executives that the RIAA says is "proof that the service represents a haven for music piracy and should be closed immediately". Also, head on over to Camp Chaos for the latest flash cartoons about Napster, including one featuring the real Motley Crue. There's also a parody over at Everything2 to check out. Also here is a Wall Street article about the copyright office and the age of the Internet.

An anonymous reader pointed out one of the greatest concerns about UCITA ^[?] :it allows software publishers to ban negative reviews of their products. Apogee(r) has now done this. It does give right to mention them or their trademarks on BBSs or chat rooms (gee thanks!) but not in any 'Negative Context', or in a way that is negative for Apogee. So by criticizing Apogee's license, am I defaming their trademark and violating this license agreement? Isn't there (oh I don't know) a bill of rights or something that just might have precedence over this? Here is the questionable document. I also must express my distaste that Apogee has a trademark on 'Pinball Wizards'(r) since I suspect Townshend's late 60s composition probably came before, oh I don't know PAC-MAN much less Commander Keen(r). Is that saying something negative about Apogee(r) again?

Back from our trip to Boston, we return with a brand-spanking-new episode. Nate was gone working on Everything2, but that didn't stop us from discussing the new Slash code release, efm, web crawlers, GNOME 1.2, and more.

Matthew Miller recently went through the RH300 training course, as well as the RHCE Certification Exam. He was kind enough to write an overview and give us his opinions on both of them, as well as his opinions on the relevance and quality of the training and the exam. Certification has been discussed extensively with regards to Linux, and here's a big scoop of food for thought.

The following was written by Slashdot Reader Matthew Miller

I'm fortunate enough to work at a place that realizes the importance of keeping employees educated and up-to-date. Since my largest current project is Linux-related, and based on Red Hat's distribution in specific, we thought it'd be worthwhile to send me to Red Hat for their RH300 course. I'm pretty familiar with Linux, but I'm a long way from knowing everything, and it's always interesting to learn what the vendor thinks are the most important parts of their product. We chose RH300 because it's the highest-level systems administration class currently offered. It's also the one linked to the RHCE exam, which was an added bonus, but learning was my main goal, not getting the certification. This is my report on the experience -- hopefully, it will help you decide if this is a good choice for you, either as a sysadmin or as an employer.

The Training Center

This course is not only available directly from Red Hat, but also from various partner organizations, including Global Knowledge, which has a training center here in Boston. However, we decided that if we were going to go to the expense of sending me, I might as well go directly to Red Hat, to increase the chances of getting a good instructor, and to insure adequate access to resources. We've had experiences in the past with third-party instructors who didn't know much beyond what was written in the materials. Of course, I don't know that this would be the case with Global Knowledge's version of RH300 -- perhaps someone else can comment on any experience they've had there.

So, it was off to the Red Hat headquarters in Durham, NC. Incidentally, I stayed in the Residence Inn there -- it was on Red Hat's site as being nearby. They didn't mention that it was on the other side of a major highway, with no provision for pedestrians to get across. Moral: stay at one of the closer hotels, or else get a car. Anyway, the RH building is very nice -- much bigger than I expected. (I suppose the IPO cash is going to good use.) Of course, as students, we weren't shown much of it -- no tour, and we weren't introduced to any of the celebrity employees. (Fair enough -- with several classes coming through every week, they'd never get anything done.) The people I did meet seemed pretty cool, and in general I got the impression that it's a fun place to work.

The classroom was about as I expected -- projection screen up front, rows of decent-enough small-brand Celeron-based systems (one per student). The machines were on a private network -- reasonable for the course, but unfortunately there was no provision for Internet access, which at the least would have been nice to have when I finished labs early.

We did have access to a breakroom with free soft drinks / juice and various snack items. This is also where the lunches were served -- to my surprise, these were quite good, and there were even decent non-meat choices.

The Teacher

The instructor was very knowledgeable -- not necessarily a complete guru, but he knew his stuff, including the "why" behind the course material. He was able to present the material in a good way, and was good at answering questions. I think the decision to go to Red Hat directly was wise; unlike a third-party consultant, he had some idea of what was going on inside of Red Hat and of their potential future plans. For example, during the section on the printing subsystem, he mentioned that they're considering a replacement for LPR in future releases -- perhaps LPRng or even CUPS. It's unlikely that someone from a different company would have had access to that kind of information.

Other Students

The other students in the course had a wide range of skills and backgrounds. I think that everyone probably met the listed better than pico. However, I could tell that some people were struggling. The instructor mentioned that the pass rate for the exam is about 65%, and I wouldn't be surprised if our class came out at that level or worse. It's not that anyone was stupid -- just that some people were out of their depth. On the other end of the spectrum, there were some people who were over-qualified: a few highly experienced sysadmins, and some folks from IBM taking the class because they are soon going to teach it.

The Course

The course was generally similar to the outline found on Red Hat's site, although I think the online information is a bit out of date. (Notice that the Web page makes reference to ipfwadm instead of ipchains or netfilter.) The eight units had slightly different names, and covered slightly different information. In the most drastic example, Unit 8, listed on the Web site as "Systems Administration and Security II", has turned into "Routers, Firewalls, Clusters and Troubleshooting". Some of the information listed in the online Unit 8 was moved into Unit 7, and some of it (cops, for instance) wasn't talked about at all. Hopefully, the online info will be updated soon.

Overall, the class went into less depth than I was hoping. Some of this was due to limitations of the lab setup -- it's a bit difficult to experiment with RAID in any meaningful way when you've only got one IDE hard drive, and obviously impossible to set up a cluster on one machine (short of running VMware). Other things where just plain introductory -- the section on the kernel, for example, focused on the steps required to build and install a new kernel, rather than being an in-depth discussion of tunable parameters. The part about Apache was similar; I was hoping to hear "You've all configured Apache before; here's things you should be aware of when you need it to do such-and-such", but the most advanced we got was setting up a virtual host. Building RPMs from source was mentioned briefly, but there was no information given on important and largely undocumented topics like --buildpolicy.

That's not to say I didn't learn anything -- the section on LVS / Piranha was enlightening even without hands-on experience, and I appreciated the part about quotas, which isn't something I've worked with much. And, I learned a large number of tiny things which add up to making the experience worthwhile to me. RPM can now do globbing over ftp! Portmap uses tcp_wrappers, but doesn't do reverse name lookups, so be sure to use IP addresses instead of names. RH Linux provides a little script called "service" that lets one avoid the tedium of typing /etc/rc.d/init.d/servicename all the time. And so on....

The "300" designation is a bit misleading. This isn't really what I'd consider an upper-level course -- it's more along the lines of SysAdmin 101. Overall, I think this class is probably worthwhile to someone with a good RH Linux background who hasn't done any systems administration. In fact, I'd even recommend it to people in that situation. On the other hand, if you've been a Linux sysadmin for a while, you'll probably be bored most of the time. It might be valuable to experienced Unix sysadmins who haven't dealt with Linux much (or even Linux admins who haven't used Red Hat Linux), but the course wasn't particularly taught from that angle and there are probably better options.

The Exam

Since I signed a confidentiality agreement, I can't talk about specific details of the test, but I will address the exam in general terms. It's a day-long three part process, with each part being worth 1/3 of the total. To pass, your overall score must be at least 80%, and you can't do worse than 50% on any one part.

One of the sections is a typical multiple-choice test, but the other two are lab based. I was quite impressed with the hands-on tests -- they are certainly what makes the RHCE meaningful. I'm not aware of any other sysadmin certifications that work this way.

For one of the lab tests, students are given a several-page specification, and must install and configure Red Hat Linux and several network services. This wasn't particularly difficult, and shouldn't be for anyone with much experience. For me, the hardest part was resisting the temptation to go beyond the spec -- since I finished the given requirements with plenty of spare time, I considered installing and setting up additional services in a way that would fit in with the listed goals. But, I decided that it'd be better to leave well-enough alone -- there's no concept of extra credit.

The other hands-on test is the cool and exciting one. Students are given preconfigured setups which are broken in some way, and given a task that must be completed. The system's problem doesn't necessarily relate directly to the task, but does interfere with it. The test-taker must find out what's wrong and correct the error. (Reinstalling packages is not allowed.) Being able to list the steps taken and to repeat the fix is important, but ultimately the test is scored on a works / doesn't work basis. One the examiner verifies that the problem is fixed, he or she wipes the system and provides another broken config.

This problem-solving section directly tests skills important to being a sysadmin in the real world; if someone has trouble with these, they're probably not ready for a systems administration job. Of course, just passing this test doesn't guarantee good problem solving skills (let alone all the other needed abilities), but it does seem a genuinely valuable indicator.

I've only two complaints with this part of the test. First, I'd make it a much larger section -- at least 50% -- and I'd increase the number of problems given so that there'd be a better sample size. The various challenges are assigned at random, and some are easier than others, and each tests knowledge of different parts of the system. The way it's done isn't bad, but it wouldn't hurt to have a lot more of it. Second, I'd give each student two computers, and make more of the problems network-related. This has logistical and cost issues (especially in places other than Red Hat's own training centers), but since many of the problems faced in the real world have to do with the way systems interact, I feel it'd be worth it.

The Exam Separated From The Course

You may have noticed that I seem a lot more excited by the exam than by the course itself. I think both are valuable, but they seemed aimed at slightly different levels. The course definitely can serve as a good review for the exam, but if you need the course, you won't do well on the test. If you're tight on cash and the certification seems valuable to you or to your employer, going straight to the exam would be reasonable. (Make sure you take a look at Red Hat's test prep page.) On the other hand, if you need to be quickly brought up to speed on the basic knowledge required of a RH Linux sysadmin, it might make sense to take this course without worrying about the test. Since RH300 is equivalent to RH033 + RH133 + RH253, this could be a much more intensive and time-efficient option.

Red Hat-Specificness

It's probably obvious, but bears mentioning anyway: this is a Red Hat Linux course and certification, not a general Linux one. I found this to be true both explicitly and implicitly. The instructor was good about saying "This is the Red Hat way of doing things -- it's possibly different on other distributions." (I found the increase-the-whole-pie attitude to be common to all of the RH employees I talked to.) There were also quite a few things that were just assumed. If you take the exam without knowing a lot about Red Hat Linux in particular, you're likely to have trouble.

This doesn't make the certification meaningless for organizations running other distributions -- many of the skills and knowledge required for the test (especially the problem solving part) are generally applicable anywhere. In fact, due to the lab-based testing process, I have more respect for this exam than I might for a multiple-choice test covering more distributions. I think this issue is a one-way sort of thing: the RHCE exam requires knowledge of Red Hat Linux, but anyone who can pass it shouldn't have much trouble picking up other flavors.

Stuff

Ok, the Web page promises that they'll give Red Hat promotional items to course participants. Yeah, well, they can do better on this front. Not even a t-shirt! C'mon, everyone gives t-shirts. Vendor shirts are a staple of my wardrobe! All we got was a mousepad, some stickers, and a baseball cap. (No chance of getting a red fedora.) Oh, and of course an official copy of the CD (with the 180 days of support). Many people in the class were surprised to learn that Red Hat doesn't sell anything from their offices -- you can't buy copies of the distro or additional merchandise. They've got a lot of students coming through there, so it seems like this could be a decent (even if relatively small) revenue stream.

A Bit About Study Guides

Before I went, I flipped through RHCE Exam Cram , the sole study guide I found at the local bookstore. Someone in the class actually purchased it and brought it with them, and I got a chance to read more of it then. I wasn't really impressed. The book was especially concerned with what it called "trick questions", and indeed its sample questions were sometimes a bit confusing -- and often poorly worded. After taking the test, I can say that this seems mostly to be a problem with the book, not something encountered on the actual exam, which was mostly straightforward and fair.

There are RHCE study guides, but I wouldn't recommend spending any money on any of them. As the course instructor told us: if you're going to pass, you'll do so even if you don't have a guide. And if you're going to fail, the guide won't be much help.

Conclusion

I think the RH300 course and RHCE certification can be valuable to both employers and individuals. The course provides a nice quick overview of the basics needed to move, for example, from being a systems operator to being an admin. I wouldn't think of it as either a requirement for the test or as something that can make someone not ready suddenly have the skills required for the exam. Since the exam is hands-on and lab based, those abilities can only come from real world experience. Looking at that from the other direction: this is exactly what makes the RHCE worth anything. While it's not a total statement on someone's talent, being able to pass is a strong indicator that they have the basic skills for a systems administration job. If I were making hiring decisions, I wouldn't make the RHCE a requirement, but I would have more confidence in applicants who have it.

DAldredge sent us linkage to a ZD Net article that talks about Red Hat announcing that it would be sending the EFF ^[?] $70k to help with the defense in fair use and reverse engineering cases, specifically like the recent DeCSS hoopla. Update: 05/22 12:30 by CT : Marc Ewing wrote in to tell us that this $ actually came from the Red Hat Center, started by him and Bob Young.

What follows this introduction is a rough summary of the crazy hell that we endured with the intermittant DDoS[?] attacks we experienced last Thursday through Saturday. I'm sorry it took this long to put this together and tell you what happened, but as these things go, we were too busy trying to solve the problem to waste time talking about it. Big thanks to Andover.Net's Netops PatL, Martin and Liz, as well as Slashcode-wranglers PatG, Chris, Marc, Kurt and CowboyNeal, plus scoop (from freshmeat) and others who chimed in along the way. Tomorrow is part2: A good description of how the new Slashdot @ Exodus works.

What follows is more-or-less Pat "BSD-Pat" Lynch's account of the DDoS... Pat is our super 31337 BSD Junkie sysadmin. He wants everyone to know that the timeline below is little screwy, but things are more or less in sequential order. Things might not be exactly perfect, but hey, what do you expect after 30 hours without sleep?

Having moved the day before, none of us were truly familiar with exactly how the new hardware would handle the full burden of being 'slashdot.org'. The cluster (known affectionately as The Matrix) had handled its premiere day with flying colors, but we didn't really have an accurate feel of how things would react. Combine this with a couple of extremely high traffic stories posted on both Thursday and Friday, and it took us a awhile to determine that the problems were external, and not a flaw in some new component in the cluster."

The Attacks began Thursday morning. Most of it came in the form of SYN floods, from obvious /16's no less, and some /24's. We didn't have any zombie-killing software or a firewall installed because of certain network topology issues. Later on, a second wave came, this closer to 8 or 9pm and the load balancer (an arrowpoint CS-100) died under the load.

The DDoS, as far as I could see, was a lot of SYN and Zero port packets coming from various /16's and /24's as well as a bunch of RFC1918 reserved addresses (10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16) At one point we reached 109Mbits worth of traffic into our network.

Liz and I went back to Exodus and rebooted the Arrowpoint, then the site seemed "ok" for a bit. By 3 in the morning, Liz decided that the PIX (Cisco's firewall) could simply not do what it was supposed to do, so we went back and started building a FreeBSD box as a bridging firewall.

just before we went to plug it in, I tried to ssh into the vpn-gate and noticed that nothing was working right: while the site worked, outgoing traffic and source groups on the Arrowpoint was screwed. As if that wasn't enough, two ports died on it already!

At some unknown point (time blurs after 30 hours straight!) Martin and PatG show up (thank the gods!) and they force us to go to sleep, they bring the site up outside the Arrowpoint, while Liz and I watch from a hotel room.

As of Friday morning, the site is semi-working, but the adsystem can't be updated, and we have no access to the backend servers. I scream bloody murder to Arrowpoint, who eventually shows up to blame the router: a cisco 6509 switch with two RSM/MSFCs.

Liz and I do packet dumps and determine it's not the router, the little CS-100 had died the night before, and thats where it all started. The Arrowpoint guy insists we did something to make the Arrowpoint not work (CT: Explicit description of precisely where Liz and and Pat wanted to store the newly deceased Arrowpoint removed to keep things rated PG) By 7 the CS-800 CSS is up we're almost done for the day, but we stay to make sure. By 10pm we're exhausted but stable, although we're running 4 servers on a round-robin DNS while the new load balancer waits.

Netops (Liz , Martin and I) regroup, and do reintegration of new Arrowpoint CS-800 and installation of a new FreeBSD Firewall box instead of the PIX during Saturday Afternoon. Slashdot returns to normal. Sysadmins get well-deserved sleep.

So that was the story. It was a pretty hellish weekend for everyone involved, but thanks again to those that helped get our ducks back in a row. Again, Part #2 to this (which originally was gonna be run last Thursday, but with all this ddos stuff got pushed aside) is a fairly detailed description of the new Slashdot setup at Exodus, complete with all the changes mentioned above. Fun for the whole family if your family is really into clusters of web servers."

A number of people have written in with the initial news blurb that the RIAA ^[?] has won the initial battle against Napster. The US District Court in San Fransico has ruled that Napster is not just a "mere conduit" for files, but that it is actually liable for material transfered by the program. This comes on the heels of MP3.com's recent loss to the RIAA as well. Ouch.

An anonymous reader sent us linkage to a MMORPG ^[?] called Arianne. It looks like crap, but it could be an interesting framework for a group of hugely ambitious and impatient artists and hackers not willing to wait for Diablo3. I also found it very humorous that they have a warning that the windows bins are infected with a virus...

ChrisUK writes "A new article posted on the BBC's Sci/Tech news site states that pollution in the form of PCB's is lowering intelligence. Interesting reading; a good background for which would be available from Neal Stephenson's book 'Zodiac'. "

ChrisUK writes "A new article posted on the BBC's Sci/Tech news site states that pollution in the form of PCB's is lowering intelligence. Interesting reading; a good background for which would be available from Neal Stephenson's book 'Zodiac'. "

A couple of people sent the 2600 story that's currently running about mafiaboy, the alleged brains behind the spate of recent large-scale DoS ^[?] attacks. 2600 has an interesting claim - that they went on IRC as mafiaboy, and that the security expert who claims to have found mafiaboy was snowed by what they told him over IRC - snowed by lies.

ESR ^[?] sent a feature about the Microsoft Web Server Backdoor - interesting stuff, and makes some good points about Open Source.

News services all over the world reported today (14 April 2000) that Microsoft programmers had inserted a security-compromising back door in their FrontPage web server software. Thousands of websites worldwide may be affected. Representative coverage of this story can be found at http://news.cnet.com/news/0-1003-200-1696137.html.

Amidst all the nervousness about yet another Windows security hole, and not a little amusement at the passphrase the Microsoft programmers chose to activate the back door ("Netscape engineers are weenies!") there is one major implication of this story that is going unreported.

This back door seems to have been present since at least 1996. That's four years -- *four years* -- that nobody but the pranksters who wrote it has known about that back door. Except, of course, for any of the unknown crackers and vandals who might have found it out years ago. All the world's crackers certainly know about it now after the worldwide media coverage.

Webmasters all over the world are going to be pulling all-nighters and tearing their hair out over this one. That is, webmasters who are unlucky enough to work for bosses who bought Microsoft. At the over 60% of sites running the open-source Apache webserver, webmasters will be kicking back and smiling -- because they know that Apache will *never* have a back door like this one.

Never may sound like a pretty strong claim. But it's true. Because back doors (unlike some other kinds of security bugs) tend to stand out like a sore thumb in source code. They're hard to conceal, easy to spot and disable -- *if you have access to the source code*.

It's the fact that the compromised Microsoft DLL was distributed in opaque binary form that made it possible for the good guys to miss this back door for four long years. In the Apache world, every every one of the tens of thousands of webmasters who uses it has access to the Apache source code. Many of them actually look at code difference reports when a new release comes out, as a routine precaution against bugs of all kinds.

Under all that scrutiny, a back door would be unlikely to escape detection for even four *days*. Anybody competent enough to try inserting a back door in Apache knows this in their bones. So it would be pointless to try, and won't be tried.

What's the wider lesson here?

It's pretty clear. Anybody who trusts their security to closed-source software is begging to have a back door slipped on to their system -- with or without the knowledge of the people who shipped the code and theoretically stand behind it. Microsoft HQ is doubtless sincere when it says this back door wasn't authorized. Not that that sincerity will be any help at all to the people who will have to clean up the mess. Nor will it compensate their bosses for what could be millions of dollars in expenses and business losses.

If you don't have any way to know what's in the bits of your software, you're at its mercy. You can't know its vulnerabilities. You can't know what *other people might know about it that you don't*. You're disarmed against your enemies.

Does this mean every single webmaster, every single software consumer, has to know the source code of the programs they use to feel secure? Of course not. But open source nevertheless changes the power equilibrium of security in ways that favor the defence -- it means back doors and bugs have a short, inglorious lifetime, because it means the guys in white hats can *see* them. And even if not every white hat is looking, potential black hats know that plenty of them will be. That changes and restricts the black hats' options.

Apache has never had an exploit like this, and never will. Nor will Linux, or the BIND library, or Perl, or any of the other open-source core software of the global Internet. Open-source software, subject to constant peer review, evolves and gets more secure over time. But as more crackers seek and find the better-hidden flaws in opaque binaries, closed-source software gets *less* secure over time.

Who knows what back doors may be lurking right now in other Windows software, only to be publicly acknowledged four years in the future? Who *can* know? And who in their right mind would be willing to risk their personal privacy or the operation of their business on the gamble that this is the *last* back door in Windows?

The truth is this: in an environment of escalating computer-security threats, closed source software is not just expensive and failure-prone -- it's *irresponsible*. Anyone relying on it is just asking, *begging* to be cracked. If theory didn't tell us that, the steadily rising rate of Windows cracks and exploits over the last eighteen months would.

Cockcroaches breed in the dark. Crackers thrive on code secrecy. It's time to let the sunlight in. --

http://www.tuxedo.org/~esr
Eric S. Raymond

"...quemadmodum gladius neminem occidit, occidentis telum est."
[...a sword never kills anybody; it's a tool in the killer's hand.]
-- (Lucius Annaeus) Seneca "the Younger" (ca. 4 BC-65 AD),

Carnage4Life writes: "There's a very interesting interview on Upside with Vint Cerf ^[?] who is currently senior vice president for Internet architecture and technology at MCI Worldcom. In the article he discusses the problems facing the current specifications for wireless protocols, UUNet and how it will be adapted to face the future (maybe by becoming an optically switched network), his home wireless network, IPv6 ^[?] and his expectations of how broadband will change the Net. " Ya ever think what the world owes these guys? Wow.

Carnage4Life writes: "There's a very interesting interview on Upside with Vint Cerf ^[?] who is currently senior vice president for Internet architecture and technology at MCI Worldcom. In the article he discusses the problems facing the current specifications for wireless protocols, UUNet and how it will be adapted to face the future (maybe by becoming an optically switched network), his home wireless network, IPv6 ^[?] and his expectations of how broadband will change the Net. " Ya ever think what the world owes these guys? Wow.

Thursday, I flew to Charlotte to ask executives of the Pinkerton Special Services Group to scrap or modify WAVE America, a "school safety" Web site that encourages schoolkids to anonymously turn in classmates they consider dangerous. We brawled politely for hours over chicken salad, iced tea and fries about school safety, oddball profiling, privacy and reality. Although righteously armed with some amazing and eloquent e-mailed screeds, reports, quotes, studies and pleas from Slashdotters, my expectations were low. I returned with a penetrating glimpse into the corporatist soul. (Read more).

Dawn, Jim, Shannon and I sat down around a conference table in a tightly-secured office building south of downtown Charlotte, N.C. on a brilliant spring day. From the window, we could see the hills of South Carolina in one direction, the towers of downtown in the other. A collection of Pinkerton baseball caps filled a wooden shelf.

If anybody had told me that I would be munching chicken salad sandwiches and fries with executives from the Pinkerton Corporation, the largest security concern on the planet, arguing about kids, violence, oddball profiling and the Net, I would have refused to believe it. But that's the Net for you. Jim was a Pinkerton senior veep, Dawn and Shannon, the Web developer and site architect, respectively.

Jim was courteous, but clearly exasperated.

Two weeks ago, I wrote a highly critical column here about a WAVE (Working Against Violence Everywhere) America Web site developed by the Pinkerton Services Group under contract to the state of North Carolina and soon to go national. It offered an anonymous toll-free number, so schoolkids could turn in classmates they believed were acting strangely or dangerously. After the column appeared, Jim revealed, WAVE America received more than 70,000 e-mails and a few mail bombs, and repelled a number of assaults on their system firewalls. Jim had clearly never heard of Slashdot before all this, and he was still struggling to figure out exactly what it was or why he had to pay attention to it. This Net furor had clearly put a bit of a cloud over Pinkerton's ambitious plan to peddle WAVE America all over the United States in response to the post-Columbine school-violence hysteria. My guess was that this meeting was Dawn and Shannon's idea.

I'd flown to Charlotte, against what I knew were hopeless odds, to persuade Pinkerton to trash WAVE America . We argued for more than three hours behind closed doors. Clearly, the flap over the Web site was something Pinkerton wanted resolved if possible. Jim said the company hoped to set up anonymous toll-free "safety" and anti-violence hotlines across the country to relieve unnerved and overburdened school districts of the responsibility of monitoring students who might be disturbed or dangerous.

Although I write often about corporatism and its unhappy impact on free speech and culture, I had rarely penetrated so deep into the belly of the beast, nor felt so affirmed and unnerved by what I saw there. These were perfectly nice people I was meeting with, and they were unwaveringly embarked on what I believe is an awful course. Corporatism doesn't allow for moral notions like right or wrong, however. Corporatism (which is not the same thing as capitalism or corporations) has one ideology: successful, profitable marketing. Corporatism doesn't like controversy, because it, potentially at least, can scare off or offend potential customers. That's why I was there. I would be reminded of this 20 times over the next few hours. Ethical arguments, like peas off an M-1 tank, failed to penetrate.

It's hard to imagine going into any confrontation better prepared. I felt righteously equipped with the usual brilliant assortment of eclectic e-mail, screeds, quotes, citations, studies, suggestions and encouragements from Slashdotters. The Center on Juvenile and Criminal Justice had sent me some stats -- school homicides declined 40% in a single year, from l998 to l999. Students have a one-in-two-million chance of being killed in school, even though the public thinks it's likely to happen.

Computer engineer Chris Burke of the University of Michigan sent me a wonderful set of applied criterion measuring the probability that children considered dangerous actually will be. Chris's criteria are too complex to detail here, but he concluded that the probability that someone who meets the criterian actually is potentially dangerous turns out to be surprisingly low. "If we assume that the number of dangerous students is 1/25000 -- which is ridiculously high, but for the sake of argument I'll use it ... then only 6.7 per cent will be dangerous. Which means that 92.3% of the time you will be harassing innocent people." Reading this aloud to the Pinkerton people was one of the highlights of my life.

Meredith Dixon and many others e-mailed me about Todd Strasser's eerily prescient novel, The Wave, (which became a movie), about a junior high school teacher who uses anonymous reporting techniques reminiscent of the Hitler Youth to demonstrate how easily independent thought and moral conscience can be subordinated to an evil system. The book, published in 1981 and still available (Laurel Leaf Library: ISBN: 0440993717), was based on an actual incident in Palo Alto in l969. The Pinkerton folks were not happy to hear of this antecedent name for their cheeful, up-with-America, let's-promote-some-respect Web site. Nor were they impresed by my repeated arguments that every repressive political system in the 20th century -- Nazism, Communism, Fascism, Apartheid -- featured anonymous reporting -- especially by children -- as a cornerstone tool in their efforts to subjugate dissidents. The idea that this might not be the way to teach citizenship in a democratic society didn't seem to make much of an impression.

Joey Maier e-mailed me this quote from former Supreme Court Justice Louis Brandeis: "The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding." If anything captured the spirit of WAVE America, that was it.

A Slashdot editor and writer urged me to ask Pinkerton what remedies students and parents would have against false accusations. (The answer: None. Pinkerton doesn't make accusations, they just pass along information. That wasn't the company's problem, the execs said. Nor were any misuses of anonymously reported information by the schools that received it).

I also brought this message: "When I was a teenager, I didn't want people to listen to me because they might be afraid of what I might do," chromatic wrote on Threads. "I wanted people to listen to me because they cared about me and could identify with the way I was feeling and the thoughts I was thinking. Don't alienate young people even further in the guise of helping them. Please."

Even as I was searching for one of my favorite Aleksandr Solzhenitsyn quotes, Jamie McCarthy e-mailed it to me: It's from The Gulag Archipelago, his epic story of Stalin's concentration camps: "... In every village there were people who in one way or another had personally gotten in the way of the local activists. This was the perfect time to settle accounts with them of jealousy, envy, insult. A new word was needed for all these new victims as a class -- and it was born. By this time it had no 'social' or 'economic' content whatsoever, but it had a marvelous sound: podkulachnik -- 'a person aiding the kulaks.' In other words, I consider you an accomplice of the enemy. And that finishes you!'"

I confess to being buoyed by these smart, eloquent messages and citations, which I read and re-read on the flight to North Carolina. I was especially happy to be writing for a site where so many people -- hundreds -- could send such messages, and had such passionate perspective on what freedom really means, in a culture where it's constantly trampled and manipulated for profit, ratings, political gain or cultural power. Somewhere deep in my consciousness was the naive (or just plain dumb, maybe) belief that the Pinkerton execs would hear these messages, experience an epiphany and abandon WAVE America on the spot.

What emerged instead was as strange a cultural stand-off as one might imagine, a mix of the fascinating -- it was amazing to have a face-to-face confrontation with executives of the storied Pinkerton company (the writer Dashiell Hammett was a Pinkerton man, and the company had a bloody history of strike-breaking around the turn of the century) yet it was innately futile, and we all soon knew it. Over the sandwiches and iced tea, which hardly any of us touched, we each epitomized our distinctly opposite sides of a cultural chasm. Shannon and Dawn (given the volume of hostile e-mail Pinkerton was getting, I've decided not to use their full names) let Jim do the policy talking.

If there was any comfort to be drawn from the encounter, I suspect it would have to be from the fact that it was taking place. Voices on the Net had reached deep into a company that wasn't exactly famous for being interactive. That was something new.

These were pleasant, articulate, reasonable sounding -- and profoundly intractable -- people. We weren't speaking from the same sensibility or history or even using the same language. We butted heads all afternoon, but it was an odd argument in that scrapping WAVE America was never really on the table, and it was clear the company wasn't particularly interested in refuting any of my arguments, or those of the people who had e-mailed me theirs. I wouldn't swear that they disagreed. It simply didn't matter. The point was, there was a market for school-safety programs like this, and if Pinkerton didn't pursue them, somebody else would. The corporatist ethic doesn't allow for relinquihing potentially lucrative markets to competitors, any more than it does for conventional notions of right or wrong. In that sense, the meeting was exhausting and, probably, largely pointless. If there was leverage, it was in the fact that Pinkerton clearly wanted to go forward with its program in the least controversial way -- another corporatist hallmark.

I argued that WAVE America was simply wrong. That it was neither necessary, since the amount of school violence had been insanely exaggerated, nor effective -- kids could hardly be expected to accurately gauge the emotional or mental states of their classmates. I also argued that it was dangerous, that anonymous reporting was one of the primary tools of every evil political system in modern times. I reminded them that some of the smartest, most interesting and ultimately successful kids often experienced extreme and systematic harassment and brutality for being different, alienated or otherwise non-normal. That if educators, politicians or private corporations like Pinkerton really cared about school safety, they would do something to protect these outcasts.

The experience, in many respects, resembled talking to an affable stone wall. I did encounter more flexibility than I expected. Yes, my hosts acknowledged, they knew that school violence was dropping sharply (more about this later), but so what? It was still a problem, politicians like those in North Carolina were demanding some action, and so were parents, journalists and educators. Schools didn't have the resources or security skills to police themselves. Somebody had to respond, and Pinkerton was in the "secure environment" business, so why not step up to the plate?

Jim told me something I hadn't quite grasped: the anonymous reporting culture is a growing business, now deeply entrenched in the United States, a result of the victimization movement and lawsuit epidemic rampant for nearly a generation. Encouraged by federal and local governments, and many corporate and educational institutions, hotlines operate all over the country to report date rape, sexual harassment, abuse, and other forms of brutality and insensitivity. Since so many institutions in the United States are now presumed to be unresponsive to the needs of one group or another, privately-administered anonymous reporting hotlines are spreading. Pinkerton itself runs more than 800 such lines. It was inevitable, said Jim, that they would move into schools, and that Pinkerton would extend its security expertise and set them up. I found this amazing, which made Jim shake his head and shrug. I was transfixed by the idea of a democratic country whose response to social problems was to create an entire new tradition of informing. It had been happening for some time, he told me.

Yes, my hosts further acknowledged, they were aware that anonymous reporting was a staple ingredient of some of the world's most repressive regimes. Until the Wave America flap, however, Pinkerton had received no complaints about its hotlines. Privacy and security are the company's cornerstone marketing values, Jim insisted, and it's very careful about screening and disseminating the information it receives. Pinkerton's credibility depends on it.

Basically, the Pinkerton people spouted the now-familiar rationale for behavior like this: "Hey, don't blame us. A North Carolina Task Force came up with this, got the governor's blessing, and somebody is going to run it.Why not us? We know how, and if we don't do it, somebody else will."

Fine, I countered, but what about the schools that receive these forwarded anonymous tips. What about their privacy rules? Their security? Do these reports stay in files forever, or go into computerized law enforcement agency files? Are they destroyed after a given time, especially if they prove false or unfounded? Couldn't a kid be wrongly -- and anonymously -- on file, never know it, yet find this information in government or corporate files years later? Here, the Pinkerton people just shrugged. That was the school's problem. But, I persisted, didn't they just say that schools didn't have the resources to run such programs, which is why Pinkerton was involved in the first place? More shrugs.

Reports will be carefully screened and analyzed by professionals, I was assured.Only the most serious calls, involving serious violence -- rape, assault, possible crimes with guns -- were forwarded to school officials; the rest were not passed along at all. What happened to the not-passed-along reports? Nothing; they stay within Pinkerton's secure walls. For how long? Nobody knew.

Pinkerton was unhappy with some of the media portrayal of some of WAVE America's more controversial features.

Initially, the press reported (and I passed along) that kids were being offered cash and other gifts as incentives to turn in their angry, depressed or trouble classmates. But although the site clearly did offer gifts -- a computer, CD's -- the Pinkerton execs denied that they had or would offer cash or other goodies as a direct incentive for reporting their peers.

Things get a bit murky here, as the site has been hurriedly altered and re-designed in the past week or so. Under "Fun Stuff," the web site now has a message that simply says: "Coming Soon." Clearly, gifts will be used as incentives to draw kids onto the site, and reward them for participating, even if kids can get them without reporting anyone. But Pinkerton explained, there may be marketing tie-ins with companies promoting school safety in the future. Let's see: no direct reward for turning in a classmate, but gifts and prizes encouraging kids to use a site that offers anonymous reporting. A fine line.

The execs seized somewhat obsessively on this point as an example of how the program's goals -- to promote respect and school safety, and to provide a last-resort outlet for reporting of serious crimes in a country where schools are overwhelmed, underfunded and rattled by recurring media and political hysterias -- had been distorted by people like me.

"We understand that you disagree with the program," Jim said, "but we expect you to be responsible and accurate." Fair enough. But I pointed out repeatedly that the goodie give-aways were incidental, never the main issue.

The central question, I argued, was that the Net culture included, even embraced, kids who are brainy, individualistic, sometimes-alienated and rebellious, and often outside the norm in their values, attitudes and behavior. These kids suffer enormously at the hands of hostile peers, unknowing teachers, clueless parents, journalists and politicians. It's hard to imagine how WAVE America would benefit them in any way, but simple to foresee how it might still provide another forum in which they'd be branded -- anonymously, no less -- dangerous.

Pinkerton conceded that the "symptoms" of dangerous behavior its site had listed earlier were too vague. These initial "early signs of violence" included: Suddenly has bad grades or little interest in school; Expresses uncontrolled anger; Has excessive feelings of isolation and/or rejection; Is easily angered by minor things. Dawn and Shannon showed me their new, improved criteria, still under consideration and design and not yet up on the Web site. These new "warning signs," says Pinkerton, were provided by the American Psychological Association.

"If you see these immediate warning signs," WAVE America will announce, "violence is a serious possibility":

• loss of temper on a daily basis
• frequent physical fighting
• significant vandalism or property damage
• increase in use of drugs or alchohol
• increasing risk-taking behavior
• detailed plans to commit acts of violence.
• announcing threats or plans for hurting others
• enjoying hurting animals
• carrying a weapon

My response was that these symptoms were still awfully vague, and in any case that school kids weren't psychologists and shouldn't be asked to evaulate their peers emotional lives, or to try and differentiate between transitional depression or alienation and being potentially violent. What kind of risk-taking behavior? Agressive skateboarding? I still didn't understand why these weren't school or parental problems, rather than Pinkerton ones, or why the monitoring of emotional disturbance was being handed off to children. I still believed it was offensive and disturbing to put schoolkids in the position of anonymously turning in their classmates, enemies, and friends to an anonymous hotline run by a profit-making corporation with a vested interest -- and a classic conflict-of-interest -- in promoting the notion that schools were dangerous. This didn't promote safety, it subverted responsibility and democracy.

Besides, I added, many knowledgeable Constitutional scholars believe that the Supreme Court will eventually overturn police or other administrative actions based solely on anonymous reporting of crimes or potential crimes without supporting evidence. Two weeks ago, the Supreme Court overturned the arrest of a Florida man who was searched because of an anonymous tip and found to have a gun. This, the court said, violated Fourth Amendment strictures against unreasonable search and seizure; the police needed evidence beyond an anonymous report. Though kids are stripped of Constitutional rights in most American schools, it's hard to believe courts will ultimately uphold educational or police actions taken on the basis of anonymous calls. If they do, though, Pinkerton and its Web site will have succeeded in undermining a fundamental freedom.

The Pinkerton people did say they'd consider refining their "symptoms" still further. And they made the inevitable co-opting gesture: Would I be interested in working with Pinkertons on WAVE America, or in writing for the site? Would Rob Malda perhaps like to contribute something? I said "No" on my behalf, and giggled a bit at the idea of Cmdr Taco or his partner in crime, Hemos, as columnists for WAVE America. But if the site were going forward, I suggested, Pinkerton could at least set-up an e-mail account to receive and consider feedback from people involved in the issue. It might even consider assembling some sort of advisory panel to help safeguard the interests of the kids it affects.

I found WAVE America too exploitive, offensive and disturbing to participate in, but others can make their own decisions.

Still, I left the meeting discouraged by the spectre of a country where the emotional welfare of schoolkids, and the potential violence that emotionally disturbed kids might wreak, seem to have been turned over to profit-making security corporations rather than to teachers, guidance counselors, therapists, and parents. The Task Force in North Carolina that came up with this dunderheaded response to a complex social problem is the first candidate that should be reported on that hotline.

Last Sunday, nearly a year after the Columbine massacre, the New York Times finally got around to publishing an exhaustive look at "Rampage Killers." The paper profiled 102 killers in 100 rampage attacks in a computer-assisted study looking back more than 50 years and including the shootings at Littleton in l999. Four hundred and twenty-five people were killed and 510 people were injured in the attacks. The newspaper found -- and convincingly detailed -- what should have been obvious from the first. The most common thread in these horrific sprees isn't media, technology or culture, but mental illness: at least half of the killers shown signs of seriousl mental health problems. Also this week, the National Association of Attorneys General reported that the most important factor in preventing youth violence was a "stable, loving home." The group also reported numerous instances of bullying and harassment of schoolkids all across America because students wore unusual clothing or were taller, shorter or heavier than other kids. This rare outburst of sanity was almost completely ignored by the mainstream media. But since unstable and unloving parents have now been identified as a child safety issue, perhaps we need a new anonymous hotline so that kids can turn in their unstable or unloving moms and dads -- or their neighbor's mom and dad -- along with the angry classmate in the next row. It would seem to follow. And it would seem inevitable.

The Times' series is detailed and impressive. But it comes after years of hysterical media reporting linking violence among the young to pop culture and new media technologies -- TV, movies, computer gaming, the Net. More than 80% of all Americans, reported the Washington Post last year, believed the Internet was at least partly responsible for the killings at Columbine. The very idea that programs like WAVE America will alter this horrific reality is itself a mental health problem.

Was the trip worth it? I don't honestly know. I appreciated the Pinkerton people meeting with me, though it didn't cost them anything, other than a few hours and some sandwiches. (Slashdot paid my traveling expenses.) I made some points directly to the people who needed to hear it. They are well aware that thousands of people are watching them; that's a strong stimulus to behave. They're tightening up vague criteria and dropping the idea of of rewarding tipsters with cash, gifts or caps. They seemed to understand that abuse of the different is a safety issue, along with guns and assaults.

But the meeting also reinforced my growing belief that corporations like Pinkerton are inherently amoral. I'm sure their workers are kind to their spouses, pets and kids. But the Pinkerton people don't see morality as their concern, which, in a sane society, might be one reason not to turn issues like school safety and violence among the young over to private corporations. Theirs is a simple equation, a statement right from the contemporary corporatist heart: they perceive a profitable opportunity in the security market, one created not by them but by irresponsible journalists, lazy educators and exploitive politicians. Someone will fill it. Might as well be them.

Sunday, I received this e-mail from the head of Pinkerton's WAVE America Web Development team:

"Jon,

It was very nice to meet you in person the other day. From that meeting we have made several changes to the WAVE website. The changes include clarifying that there are no prizes, cash, or other rewards for submitting a report via the website or phone. We also made clear that only reports which contain safety concerns should be submitted to WAVE. Our privacy policy, while not yet in it's final form, is much more complete now than the last time you saw it.

While here, you also suggested we get some input from the readers of slashdot to help us with the WAVE project. If you would be so kind, please include the email address [suggestions@waveamerica.com] in your article. We hope the WAVE website will be used not only as a tool to aid in preventing school violence, but also as an educational hub where students, teachers and parents can go to collaborate. Any suggestions or constructive criticism about how to make the website better would be greatly appreciated.

The WAVE website is now, and probably always will be, a work in progress. We hope that with the help and suggestions of you and your readers, we will be able to build a website that will empower the students and give them a voice.

I know that you didn't agree with everything about the WAVE project, but hopefully when you left here, you were able to see that this isn't a "big brother" program, but rather an educational program that hopes to prevent school violence by teaching Resolve, Respect, and Responsibility."

A number of people have written in with the news that the MPAA ^[?] has filed another injunction in the DeCSS case. This time around, they've filed for an injunction against 2600 seeking to stop 2600 from linking to the DeCSS Source Code. Interestingly enough for both (and us, who are in a similar situation) a Judge recently ruled that deep linking was legal. Hopefully, this will enable a better defense.

2001: A Space Odyssey is one of the kings of science fiction movies, and widely regarded as one of Stanley Kubrick ^[?] 's best films. With the recent anniversary of the movie has come a spate of 2001 retrospectives. rombuu has reviewed one such work, titled The Making Of 2001: A Space Odyssey. The book is written in team format: Selections by Stephanie Schwam; Series Edited by Martin Scorsese; Introduction by Jay Cocks. The Making Of 2001: A Space Odyssey author Selections by Stephanie Schwam; Series Edited by Martin Scorsese; Introduction by Jay Cocks pages 326 publisher Random House, 01/2000 rating 8/10 reviewer rombuu ISBN 0-375-75528-4 summary A series of articles and interviews about the making of 2001: A Space Odyssey. The Scenario I remember being seven or eight when my father, who was all too aware of my love of science fiction at that age (well, Star Wars at least), sat me down in front of the television. "There is a movie coming on that you might enjoy," he said, although I don't think he had seen it. I remember being intrigued as the first strains of Strauss' Zarathustra blared out of the TV. Three hours later I was convinced I had just experienced one of the most interesting, puzzling, disturbing, confusing and at times beautiful things I ever had encountered. Twenty years later, and after more viewings that I would probably like to admit, my feelings toward this movie are largely the same -- although I'd like to think I have a little more insight about what happens to Dave Bowman at the end of the movie. (And I now have a computer than can actually primitively "talk" to me, which is more than I can say for my Timex-Sinclair 1000 back then.)

The Making of 2001: A Space Odyssey collects articles and interviews about the making of the first great science fiction movie. Starting with a reprinting of Sir Arthur C. Clarke's short story The Sentinel, which provided the seed for the movie, the book explores the writings and thoughts of those involved in the creation of both the book and the film. Clarke's diary entries show the slow and methodical creation of the story, and provides insights into the changes made over the four years between the beginning of the story-writing process and the final print of the film. For example, in some early drafts, all of the Discovery's astronauts make it into the room at the end of the film. The iconic monolith was originally conceived as a large transparent crystalline pillar with shimmering multi-faceted pictures appearing within, and later as a large ebony pyramid.

The book also includes articles on how the impressive effects on the film were achieved, such as Dave's run around the inside of the Discovery, or how the astronauts' walks in space were filmed without showing the wires, back in the days before CGI.

A selection of reviews from the original release of the film are included, showing the decidedly mixed reaction the film received in 1968. These are interesting just to see the befuddled attitudes of reviewers looking more for the bomb-tossing satire of Dr. Strangelove or: How I Learned to Stop Worrying and Love the Bomb than the cold, almost clinical atmosphere of 2001. One New York Times reviewer, at the end of a not-particularly-pleasent review, complains that the monolith looks like "a 1950's chocolate bar."

The book ends with a collection of interviews with Clarke and Kubrick years after the movie's release, and Simson Garfinkel's excellent, if non-techncial, "Happy Birthday, HAL" in Wired magazine from 1997 (the year of HAL's "birth") showing the gap between where computer technology is now and where Clarke's film had projected it would be.

What's Good? The book provides a great look at the evolution of the film and book 2001 from its infancy in Clarke's short story. Interesting articles include those about the technical challenges in filming Kubrick's vision of the movie and the advances in filmmaking he created during the production. The interviews with Clarke and Kubrick show some new (to me at least) insights into their creation -- interestingly, both of them view 2001 as very spiritual -- not religious, but spiritual, along with other insights that make me want to go fire up the DVD player right now and watch this great flick again.

What's Bad? Some of the more technical filmmaking details probably won't grab the attention of readers with little interest in the actual nuts and bolts of filmmaking. Some of the reviews, too, particularly Annette Michelson's Bodies In Space: Film As Carnal Knowledge (I'm not making this up, hell, I wish I could think this stuff up) are unbearable. Bodies in Space is 20 pages of the worst kind of torture that film criticism has to offer -- long winded, self-important, and largely irrelevant -- but is oddly enough one of the few positive reviews included in the book.

So What's In It For Me? If you love 2001 or Stanley Kubrick's other works, this book provides a fantastic glimpse into his creative process as work, both as a storyteller and as a technician. Although you may not gain any great insights into the film itself -- not really a bad thing since the process of digesting the ambiguity is a great deal of fun -- you will have a better idea of why this film was made the way it was.

Table of Contents

1. SK /
2. Jay Cocks
   The Production: A Calendar / Carolyn Geduld
   Credits / Carolyn Geduld
   The Sentinel / Arthur C. Clarke
   Beyond the Stars / Jeremy Bernstein
   Christmas, Shepperton / Arthur C. Clarke
   Shipbuilding / Piers Bizony
   First Day of Shooting
   Monoliths and Manuscripts / Arthur C. Clarke
   How About A Little Game / Jeremy Bernstein
   Filming 2001: A Space Odyssey / Herb A. Lightman
   Front-Projection for 2001: A Space Odyssey / Herb A. Lightman
   Creating Special Effects for 2001: A Space Odyssey / Douglas Trumbell
   Testimonies
   Ancedotes
   Reviews
   Happy Birthday, HAL / Simson Garfinkel
   2001: A Space Odyssey Re-viewed / Alexander Walker
   Stanley Kubrick Raps / Charles Kohler
   Free Press Interview: Arthur C. Clarke / Gene Youngblood
   How the Book Ends / Arthur C. Clarke
   Playboy Interview: Stanley Kubrick
   Appendix: Stanley Kubrick Filmography
   

MacRonin writes: "Richard Stallman interview Value Your Freedom at Wired." The RMS ^[?] interview clocks in at 21 minutes, talking about User Liberation, Amazon Boycotts, Hackers Crackers Pirates, and "Advice to Users." The last one kinda sounds like a William S. Burroughs ^[?] bit.

MacRonin writes: "Richard Stallman interview Value Your Freedom at Wired." The RMS ^[?] interview clocks in at 21 minutes, talking about User Liberation, Amazon Boycotts, Hackers Crackers Pirates, and "Advice to Users." The last one kinda sounds like a William S. Burroughs ^[?] bit.

xlogan writes, "The Defense Advanced Research Projects Agency (DARPA) is soliciting innovative research proposals on Exoskeletons for Human Performance Augmentation (EHPA). The agency has put their proposal online. " The sheer number of mundane tasks I could accomplish with an exoskeleton is amazing. Why, I could rearrange furniture in the blink of an eye, all while defending the Earth from Evil! And with my super-enhanced vision and hearing, I might finally be allowed to join The Justice League of America ^[?] .

onethumb writes: "Looks like an artist has been commissioned to do some concept artwork for Snowcrash, a movie adaptation of Neal Stephenson ^[?] 's book " Obviously we have no confirmation, and the artist says he messed up and did a "Real" city instead of a metaverse one, but regardless, it's the first I've heard of a Snowcrash ^[?] movie. There's some other cool stuff on that site too, but the images aren't quite high enough resolution to qualify for Rob's First Rule of Art ^[?] ;)

onethumb writes: "Looks like an artist has been commissioned to do some concept artwork for Snowcrash, a movie adaptation of Neal Stephenson ^[?] 's book " Obviously we have no confirmation, and the artist says he messed up and did a "Real" city instead of a metaverse one, but regardless, it's the first I've heard of a Snowcrash ^[?] movie. There's some other cool stuff on that site too, but the images aren't quite high enough resolution to qualify for Rob's First Rule of Art ^[?] ;)

onethumb writes: "Looks like an artist has been commissioned to do some concept artwork for Snowcrash, a movie adaptation of Neal Stephenson ^[?] 's book " Obviously we have no confirmation, and the artist says he messed up and did a "Real" city instead of a metaverse one, but regardless, it's the first I've heard of a Snowcrash ^[?] movie. There's some other cool stuff on that site too, but the images aren't quite high enough resolution to qualify for Rob's First Rule of Art ^[?] ;)

Kenneth Ng was one of the folks who wrote to us about an article CNN is running, courtesy of Federal Computer Weekly. The piece talks about scenarios that have caused the Army some consternation -- namely, crackers being able to take the wheel of remote-controlled military weapons systems like tanks, ships and planes. I dunno -- I kinda like the idea of being able to play Grand Theft Auto ^[?] with an M-1 Abrams tank.

mwillis was the first of those who deluged us with this story: Robin Williams is set to sing the South Park song "Blame Canada" at the Oscars. There's been some...discussion as to who would actually sing the song (I just can't understand why Anne Murray ^[?] refused *grin) but it appears Williams will be the man of the hour. I might even watch this time.

bmc wrote to us about an interview that is currently running over at Salon.com. Salon is talking with Bob Lewin, the CEO of TrustE. Honestly, it's depressing. There's a real dearth of legislation that will protect privacy rights ^[?] and even groups like TrustE have loopholes the size of Mack trucks.

YAH00 writes: "The 4.0 release of xfree is now available!!! I'm downloading it from ftp.xfree86.org as I type!!! " I've played around with the preview releases, and 4.0 looks to be a much needed improvement over the 3.3.x tree, with xinerama ^[?] features and improved performance for many graphic chipsets.

Fred Palmer writes: "Linsider was launched recently. We're featuring lots of business-related news, profiles for every major Linux company, stock information, content licensed under the OpenContent license, and much more. You can read our press release, or skip straight to the home page. " We don't usually post new sites, but there's been a lot of word going around about Linsider/Linsight and what its aim is. Post-LinuxToday, Dave Whitinger ^[?] was rumoured to be spending a lot of time working on Linsight and this -- and it looks like it was worth the effort.

Joey Lawrance wrote to us with an updated announcement from the fine folks from Slackware with the news that the wait is over: slackware-current has been updated with the 2.2.14 kernel, XFree86 3.3.6, and a few minor fixes.' Kudos to Patrick Volkerding ^[?] and the Slackware team.

Jett wrote to us with an interesting article concerning links between drugs, computers and intellectual culture as a whole. The usage of drugs, ranging from hardcore substances to alcohol and such is an interesting intersection within the computer world. One of the other pieces that I've also liked in Feed was Steven Johnson's piece on Everything2.com. And to be straight: Yes, I am involved with Everything2. But it's because I think it's cool.

It's that time again. Yep, we're back with another episode and it's a special one. We talk about the Quake source release, Everything 2 and much more with special guest Darrick Brown.

pal writes "Roger Waters (of Pink Floyd fame) is recording an album in February, according to his web site. The interesting part is that the web site is being used as what looks to be an interactive forum! Under "Questions?" there is a bit about the Declaration of Independence, and The Spirituality of the Internet, all with WWWboards there for feedback. Does he intend to allow the internet-going public to influence his lyrics? The last question is: "What do you think?" " This sort of work - remote collabrative work is kind of what Everything2 is trying to do. It's a very interesting point: How do you work over-the-wire?