Slashdot Mirror

NewsCloud writes "Google has raised the required minimum traffic limit for publishers who wish to use its AdSense API to 100,000 page views per day. The AdSense API was introduced in March as a way for sites with user generated content to share advertising revenue with their members. Says Google, "This policy change will probably result in fewer developers going live and give us a chance to enhance our support resources and processes to more easily support a greater number of developers in the future...we hope to be able to lower it in the future as we become more efficient at supporting our developers!" Meanwhile, some publishers report waiting a month for their API usage to be approved. I take Google at its word for now but worry that small developers could be increasingly squeezed out of the mashup space if this were to become a trend."

NewsCloud writes "Google has raised the required minimum traffic limit for publishers who wish to use its AdSense API to 100,000 page views per day. The AdSense API was introduced in March as a way for sites with user generated content to share advertising revenue with their members. Says Google, "This policy change will probably result in fewer developers going live and give us a chance to enhance our support resources and processes to more easily support a greater number of developers in the future...we hope to be able to lower it in the future as we become more efficient at supporting our developers!" Meanwhile, some publishers report waiting a month for their API usage to be approved. I take Google at its word for now but worry that small developers could be increasingly squeezed out of the mashup space if this were to become a trend."

NewsCloud writes "Google has raised the required minimum traffic limit for publishers who wish to use its AdSense API to 100,000 page views per day. The AdSense API was introduced in March as a way for sites with user generated content to share advertising revenue with their members. Says Google, "This policy change will probably result in fewer developers going live and give us a chance to enhance our support resources and processes to more easily support a greater number of developers in the future...we hope to be able to lower it in the future as we become more efficient at supporting our developers!" Meanwhile, some publishers report waiting a month for their API usage to be approved. I take Google at its word for now but worry that small developers could be increasingly squeezed out of the mashup space if this were to become a trend."

chroma writes "It's been a long time since anyone has explored the surface of the moon. But now Google has teamed up with the X PRIZE Foundation to offer a $30,000,000 bounty to the first privately funded organization to land a robotic rover on the moon. Google, of course, has offered the free Google Moon mapping service for a few years now. Looks like the other search engines have some catching up to do in the space exploration department."

you-bet-it's-not-out-of-context writes "A blogger on KDE Developer's Journal has found an interesting post by Miguel de Icaza, the founder of GNOME and Mono, in a Google group dedicated to the discussion of his blog entries. Six days ago Miguel stated that 'OOXML is a superb standard and yet, it has been FUDed so badly by its competitors that serious people believe that there is something fundamentally wrong with it.' In the same post he says that to avoid patent problems over Silverlight, when using or developing Mono's implementation (known as Moonlight), i's best to 'get/download Moonlight from Novell which will include patent coverage.'"

ExE122 writes "The Department of Homeland Security has "scrapped an ambitious anti-terrorism data-mining tool." The tool, called ADVISE, was being tested with live data rather than test data without having proper security in place. This program had already been under criticism by privacy advocates and members of Congress. However, according to the article, a DHS spokesman assures that the program will be restarted once the security and cost are re-evaluated."

sheean.nl writes "A Belgian prosecutor recommended after a 10-year investigation that the government prosecute the church of Scientology. The church is accused of being a criminal organization involved in extortion, fraud, unfair trading, violation of privacy laws, and unlawfully practicing medicine. Both the Belgian and the European branches of the church should be brought to court, according to the authorities. The investigation was started in 1997 after former Scientologists complained about intimidation and extortion by the church. Other European countries such as Germany have problems with Scientology, but in the US it is officially recognized as a religion. Scientology has 10 million members including high-profile followers such as Tom Cruise and John Travolta." Scientology has long used heavy-handed legal and other tactics to suppress opposition on the Net.

insidedesign writes "Blogger Marco has recently discovered that the newest version of Google Earth includes a flight simulator. Though simple in comparison to full-blown simulators, Google Earth's is fun and addictive. To get started, press Ctrl+Alt+A for the initial dialog (on OS X, Command+Option+A). Then choose your plane (F16 or SR22) and initial airport. Joysticks are supported; it has even been reported that force feedback works. The game's controls are sensitive so it takes some getting used to. Here are all the available controls. For a quick overview, check out this YouTube video."

kiracatgirl writes "The NYTimes has a fun story about a relatively unknown Google employee and his hobby — taking photographs of himself with famous visitors to Google's headquarters. Tan Chade-Meng 'is a household name only in his own household,' but his gallery is posted on the walls at Google HQ. It's also available for our viewing pleasure at his Picassa photo album."

modapi writes "According to the EPA, data centers — not including Google et al. — are on track to double power consumption in the next five years, to 3% of the US energy budget. That is a lot of expensive power. Can we cut the power requirement? We could, if we had a reliable way to benchmark power consumption across architectures. Which is what JouleSort: A Balanced Energy-Efficiency Benchmark (PDF), by a team from HP and Stanford, tries to do. StorageMojo summarizes the key findings of the paper and contrasts it with the recent Google paper, Power Provisioning for a Warehouse-sized Computer (PDF). The HP/Stanford authors use the benchmark to design a power-efficient server — with a mobile processor and lots of I/O — and to consider the role of software, RAM, and power supplies in power consumption."

strider2004 writes to tell us that Barrapunto, a Spanish tech news site, has outed two TV stations in Spain, one public and the other private, for engaging in Wikipedia vandalism for the sake of a story. (The link is in Spanish; Google translation here.) The public station introduced falsehoods into the Wikipedia entry for John Lennon; the private one vandalized the Elvis Presley entry. Both stations said they were performing an "experiment" to check the reaction time of Wikipedia. Both articles were promptly corrected by other editors.
Update: 08/19 13:01 GMT by KD : Barrapunto is not affiliated with Slashdot.

An anonymous reader sends us to the www.xakep.ru forum where a poster claims that the worldwide Skype crash was caused by Russian hackers (in Russian). The claim is that they found a local buffer overflow vulnerability caused by sending a long string to the Skype authorization server. You can try Google's beta Russian-to-English translation, but the interesting part is the exploit code, and that's more readable in the original. The Washington Post reports that Skype has denied this rumor.

drxenos writes "I don't know how many of you are fans of old-school text adventures (interactive fiction), but Will Crowther's original Fortran source code has been located in a backup of Don Woods's old student account. For fans like me, this is like finding the Holy Grail."

thefickler writes "Google has come come up with a novel way to boost the information it has about local businesses. As part of its Business Referral Representative program, Google is offering individuals up to $10 to visit local businesses and tell them about Google Maps and Google AdWords, collect information (such as hours of operation and types of payment accepted), and take digital photos of the business. Reaction to the program has been mixed."

Jamie found this analysis of Google News's foray into community commentary. They are starting it off by only allowing people involved with the story to comment — and participants must first be authenticated by email. The article rounds up other bloggers' views on the game-changing nature, and the possible dangers to Google, of this new feature. Here is a sample of comments to a Google News story.

An anonymous reader writes "The first emulator for iPhone, iPhoneNES has been released. It run very slow, and has no sound, but hacker NerveGas has managed to modify the source to release an optimized version that is playable. " My favorite bit is that your controller is a clickable picture of the NES controller. Not exactly the ideal UI but still an amazing accomplishment.

eldavojohn writes "Guess who owns the patent on the touch-screen keyboard. Not Apple — SP Technologies has filed a suit based on just that. Ars brings out the intriguing detail that the founder of the patent troll company is serving prison time for health-care fraud." Read on for four more patent developments in the day's news.
Today the news broke that Aloft is suing Microsoft and Adobe for deliberately violating the patent entitled 'Network Browser Window with Adjacent Identifier Selector.' Qualcomm had a bad day as the US Trade Representative advised the President not to intervene in the patent beef it is losing against Broadcom. Today we found out Sharp is suing Samsung for an LCD infringement. Ending an eventful day on a note of sanity, a judge today threw out the jury verdict on Alcatel-Lucent vs. Microsoft and Microsoft no longer has to pony up $1.5 billion.

cybrpnk2 writes "Get ready to surrender your data sheets, study reports and blueprints of the Saturn V to stay in compliance with ITAR. Armed guards are reportedly taking down and shredding old Saturn V posters from KSC office walls that show rough internal layouts of the vehicle, and a Web site that is a source for various digitized blueprints has been put on notice it may well be next. No word yet if the assignment of a Karl Rove protege high up in NASA has any connection."

RZG writes "The U.S. Court of Appeals for the Ninth Circuit ruled on July 18th that contracts posted online cannot be updated without notifying users (PDF of ruling). 'Parties to a contract have no obligation to check the terms on a periodic basis to learn whether they have been changed by the other side,' the court wrote. This ruling has consequences for many online businesses, which took for granted their right to do this (see for example item 19 in Google's Terms of Service)."

terber writes "A German court has once again upheld the GPLv2 and convicted Skype (based in Luxembourg) of violating the GPL by selling the Linux-based VoIP phone 'SMCWSKP 100' without proper source code access. (Original is in German, link is a Google translation.) Skype later added a flyer to the phones' packaging giving a URL where the sources could be obtained; but the court found this insufficient and in breach of GPL section 3. The plaintiff was once again Netfilter developer Harald Welte, who runs gpl-violations.org. The decision is available in German at www.ifross.de (Google translation here)."

terber writes "A German court has once again upheld the GPLv2 and convicted Skype (based in Luxembourg) of violating the GPL by selling the Linux-based VoIP phone 'SMCWSKP 100' without proper source code access. (Original is in German, link is a Google translation.) Skype later added a flyer to the phones' packaging giving a URL where the sources could be obtained; but the court found this insufficient and in breach of GPL section 3. The plaintiff was once again Netfilter developer Harald Welte, who runs gpl-violations.org. The decision is available in German at www.ifross.de (Google translation here)."

csuftech writes "According to an article posted on vnunet, Google is pledging to bid at least $4.6bn for the FCC's upcoming auction of the 700MHz spectrum. However, Google would only be willing to pay said amount if the FCC agreed to a few conditions, namely, 'the wireless spectrum would allow consumers to download and use any software apps and content they want; allow handhelds to be used with any carrier; enable resellers to acquire wireless services at wholesale costs; and mandate that third parties such as ISPs interconnect at any point on the 700 megahertz band.' All this was disclosed in a letter [PDF] to FCC president Kevin Martin written by Google CEO Eric Schmidt."

GerbilSoft writes with news of a major security hole in Samsung's proprietary Linux printer drivers. From the Ubuntu Forums: "Just to inform you about a recent post on the French Ubuntu forum about Samsung drivers (sorry, in French). [Google translation here.] It appears that Samsung unified drivers change rights on some parts of the system: After installing the drivers, applications may launch using root rights, without asking any password. What is more, you may be able to kill your system, by deleting system components, generally modifiable only by using sudo." GerbilSoft adds: "Among the programs that it sets as setuid-root are OpenOffice, xsane, and xscanimage."

exigentsky writes "Having looked at BeOS technology, it is clear that, like NeXTSTEP, it was ahead of its time. Most remarkable to me is the incredible responsiveness of the whole OS. On relatively slow hardware, BeOS could run eight movies simultaneously while still being responsive in all of its GUI controls, and launching programs almost instantaneously. Today, more than ten years after BeOS's introduction, its legendary responsiveness is still unmatched. There is simply no other major OS that has pervasive multithreading from the lowest level up (requiring no programmer tricks). Is it likely, or at least possible, that future versions of Windows or OS X could become pervasively multithreaded without creating an entirely new OS?"

Vary writes "The LA Times is running a story today saying that marketers are pulling out of Second Life, primarily because — surprise, surprise — the 'more than 8 million residents' figure on the game's Web site is grossly inflated. Also, as it turns out, the virtual world's regular visitors — at most 40,000 of them online at any time — are not only disinterested in in-world marketing, but actively hostile to it, staging attacks on corporate presences such as the Reebok and American Apparel stores. The companies aren't giving up on virtual worlds altogether, though, but moving on to games like There, Gaia Online and Entropia Universe. The article also contains some commentary from a marketing executive who conducted an informal survey of the game and discovered that 'One of the most frequently purchased items in Second Life is genitalia.' What company wouldn't want to be in on that action?"

Vary writes "The LA Times is running a story today saying that marketers are pulling out of Second Life, primarily because — surprise, surprise — the 'more than 8 million residents' figure on the game's Web site is grossly inflated. Also, as it turns out, the virtual world's regular visitors — at most 40,000 of them online at any time — are not only disinterested in in-world marketing, but actively hostile to it, staging attacks on corporate presences such as the Reebok and American Apparel stores. The companies aren't giving up on virtual worlds altogether, though, but moving on to games like There, Gaia Online and Entropia Universe. The article also contains some commentary from a marketing executive who conducted an informal survey of the game and discovered that 'One of the most frequently purchased items in Second Life is genitalia.' What company wouldn't want to be in on that action?"

kripkenstein writes "Canonical, the corporation behind Ubuntu, has begun to open-source Launchpad. Canonical has been criticized for not doing so earlier. The first component of Launchpad to be open-sourced is Storm, described as an 'object-relational mapper for Python.' A tutorial with many examples is available. The license for Storm is the LGPL 2.1. Inspection of the source files shows they contain the common phrase, 'either version 2.1 of the License, or (at your option) any later version,' meaning that Storm is LGPLv3-compatible."

Baldrson writes "Alexander Ratushnyak compressed the first 100,000,000 bytes of Wikipedia to a record-small 16,481,655 bytes (including decompression program), thereby not only winning the second payout of The Hutter Prize for Compression of Human Knowledge, but also bringing text compression within 1% of the threshold for artificial intelligence. Achieving 1.319 bits per character, this makes the next winner of the Hutter Prize likely to reach the threshold of human performance (between 0.6 and 1.3 bits per character) estimated by the founder of information theory, Claude Shannon and confirmed by Cover and King in 1978 using text prediction gambling. When the Hutter Prize started, less than a year ago, the best performance was 1.466 bits per character. Alexander Ratushnyak's open-sourced GPL program is called paq8hp12 [rar file]."

We have another essay from Bennett Haselton for you to peruse. "Last week's coverage of AT&T's newly announced "anti-piracy initiative" mostly downplayed the key part of AT&T's proposal, which is filtering what their end users can access in the first place, not finding pirates or suing them after the fact. Friday's Associated Press article, which was reprinted on many news sites with headlines like "AT&T to Help Hollywood Track Down Internet Pirates" and "AT&T to ID Offshore Web Pirates", actually said only that "the effort is primarily aimed at pirates who set up operations in other countries" -- and since you can't really "aim" at pirates in Russia and China with anything except missiles, the statement suggests not identifying pirates or tracking them down, but pre-emptively blocking people from connecting to their servers. Only the Red Herring nailed it with their article title, "AT&T to Block Pirated Content"." Follow the magical URL to read the rest of Bennett's words on the matter.

I think this is a crucial distinction, because efforts to filter end users' connections (as opposed to making them pay consequences for their actions after the fact) have always been controversial, even when the content is illegal. The Center for Democracy and Technology successfully overturned a Pennsylvania law that required ISPs to block overseas child pornography sites, partly on the grounds that the filtering included many third-party Web sites as collateral damage. I've argued that a similar private-sector initiative called Canada Cleanfeed, where Canadian ISPs attempt to block child pornography Web sites, would do more harm than good. On the other hand, nobody's fighting very hard for the cause of child pornography downloaders who were caught and arrested. Web sites get sued and shut down all the time, but it was bigger news when Canadian ISP Telus blocked the Web site of a Telus labor union for three days. So it's a big deal whether we're talking about "pre-emptive" filtering, or fighting piracy "reactively" by going after violators.

AT&T Senior VP James Cicconi said in e-mail that "discussion about what the technology will or won't do is premature until we can invent it", but most of the hints so far have been that the anti-piracy technology will be "pre-emptive", i.e. filtering users' connections. Cicconi said on a conference panel that AT&T has to spend billions on network maintenance to carry illegal pirated traffic -- which they probably couldn't recoup by suing people, so the only way to prevent that would be to block it. And Cicconi has referred to the technology several times as a "network-based solution" -- but what else could that mean, except filtering?

So let's assume that's what's on the horizon. Interestingly, Cicconi said that AT&T did not plan to block actual Web sites. However, he said in e-mail, "If one could, with a high degree of certainty, spot and isolate illegal traffic from an offshore site, would you not think the copyright holders would have a reasonable argument for a court order to block that traffic (as opposed to the site itself)?" Presumably this could refer to a Web page with an index of links to BitTorrent files -- so they'd be willing to block the BitTorrent links, but not the Web page? But from that point of view, why not just block Web sites too? If an overseas webpage has a list of links to pirated content, and that content is served over http from the same Web server, wouldn't they want to block it?

But I doubt this would stem much piracy in the long run, because connection filtering to fight piracy became more commonplace, then the next generation of p2p file-trading programs would all just have circumvention capabilities built into them, that let you route your connection through a friend at an unfiltered ISP. You're on AT&T, you upload a file to your friend on Verizon which earns you some "credits" with his node in the p2p network, and instead of redeeming those credits to download a file from him, you use his node as a proxy to download a file indirectly from a site in Russia that AT&T is blocking you from accessing. Advanced users can do this already with tools like Virtual Private Networks and Tor, and some tweaks in a p2p program would just bring it within the range of the casual user.

On the other hand, if AT&T starts filtering traffic, it could set a bad precedent that any time a party in a legal proceeding wants a site declared "illegal", they can demand that AT&T (or other ISPs) block the site. It could be a site libeling a person, or a site hosting a decryption tool that breaks some company's poorly-designed code, or pretty much anything that some powerful person wanted to go away. Meanwhile, if an AT&T customer did get accused of downloading pirated content, now they could invoke the "AT&T didn't stop me" defense -- they thought that AT&T was filtering illegal content, and if they could get to it, then that meant it was legal! In both cases the problem comes from someone using the argument that once AT&T started doing any filtering at all, they should have gone further.

So I would watch the situation closely, even if you're not an AT&T user, and don't assume the situation will take care of itself. Cicconi said, "If a company like ours does dumb things and upsets our customers, we will lose them to someone else," which is something I'm skeptical of whenever I hear it used to defend various draconian anti-spam measures, but in this case I think it's even less applicable. When you're talking about spam filters, at least they always bring some benefit to the user (less spam), and the question is whether the free market weighs those benefits properly against the costs (more lost mail). On the other hand, if an ISP filters the user's connection, that brings no benefit to the user, and in a truly efficient market, all customers of such an ISP would just switch to an unfiltered one -- if that doesn't happen, it simply means the market in that case is not efficient. Is your ISP filtering your connection right now? Probably not, but how could you tell if they were? Right now we assume that ISPs don't filter connections because generally it's "just not done" (except when it is). In a few years we might not be so sure.

greenbird writes "Another patent fiasco has begun. Wired reports that a patent on location-based Internet searches was filed in 1996 and granted in 1999 (patent is here). A patent troll company name Geomas acquired the patent and has filed suit against Verizon in none other than Marshall, Texas. They claim this is the first in what will be a long line of lawsuits. Geomas has amassed a $20M war chest in venture capital to use for getting rich off of a clearly obvious idea."

abhinav_pc writes "PC World is reporting that Mozilla today made an early testing release available from its Firefox 3 browser. This alpha version (code-named Gran Paradiso) for the first time adds the anticipated Places feature for bookmarks. Firefox 3 alpha 5 also features a new password manager. A new crash reporting system called Breakpad is also now available in some Mac OS X and Windows builds but is not yet supported on Linux. 'Places will also be less likely to lose data in the event of program or Windows crashes. In fact, according to Connor, "We haven't figured out how to make Places lose data." For backwards compatibility and manual backups, Firefox 3 will save bookmarks in the traditional bookmarks.htm file when it closes. For other bookmark upgrades, Mozilla is planning to enable bookmark tagging, and is considering building its own synchronization client into the browser capable of backing up and sharing bookmarks. '"

mrcgran writes "Space.com is reporting a very deep hole found on Mars: 'The geological oddity measures some 330 feet (100 meters) across and is located on an otherwise bright dusty lava plain to the northeast of Arsia Mons, one of the four giant Tharsis volcanoes on the red planet. The Mars Reconnaissance Orbiter (MRO) used its High Resolution Imaging Science Experiment (HiRISE) instrument to draw a bead on the apparent deep hole — a feature that may cause more scientists to ponder about potential subsurface biology on Mars. Because the spot lacks a raised rim or tossed out material called ejecta, researchers have ruled out the pit being an impact crater. No walls or other details can be seen inside the hole, and so any possible walls might be perfectly vertical and extremely dark or — more likely — overhanging.' The original image and its cutout at full resolution can be found in the HiRISE site."

mrcgran writes "Space.com is reporting a very deep hole found on Mars: 'The geological oddity measures some 330 feet (100 meters) across and is located on an otherwise bright dusty lava plain to the northeast of Arsia Mons, one of the four giant Tharsis volcanoes on the red planet. The Mars Reconnaissance Orbiter (MRO) used its High Resolution Imaging Science Experiment (HiRISE) instrument to draw a bead on the apparent deep hole — a feature that may cause more scientists to ponder about potential subsurface biology on Mars. Because the spot lacks a raised rim or tossed out material called ejecta, researchers have ruled out the pit being an impact crater. No walls or other details can be seen inside the hole, and so any possible walls might be perfectly vertical and extremely dark or — more likely — overhanging.' The original image and its cutout at full resolution can be found in the HiRISE site."

Pcol writes "The New York Times is running a story about a woman who says her cat is clearly visible through the living room window of her second-floor apartment using Street View and that she has contacted Google asking that the photo be removed. 'The issue that I have ultimately is about where you draw the line between taking public photos and zooming in on people's lives,' Ms. Kalin-Casey said in an interview. 'The next step might be seeing books on my shelf. If the government was doing this, people would be outraged.' Wired has started a contest on the most interesting photos found using the new Google Tool that now includes sunbathing coeds, alleged drug deals, and the google van itself. 'I think that this product illustrates a tension between our First Amendment right to document public spaces around us, and the privacy interests people have as they go about their day,' says Kevin Bankston, a staff lawyer at the Electronic Frontier Foundation."

Bennett Haselton is back with another piece on e-mail privacy. He starts "On April 14, 2007, I signed up for an AmeriTrade account using an e-mail address consisting of 16 random alphanumeric characters, which I never gave to anyone else. On May 15, I started receiving pump-and-dump stock spams sent to that e-mail address. I was hardly the first person to discover that this happens. Almost all of the top hits in a Google search for "ameritrade spam" are from people with the same story: they used a unique address for each service that they sign up with, so they could tell if any company ever leaked their address to a spammer, and the address they gave to AmeriTrade started getting stock spam. (I don't actually do that with most companies where I create accounts. But after hearing all the AmeriTrade stories, I created an account with them in April just for the purpose of entering a unique e-mail address and seeing if it would get leaked.)" Bennett continues on if you're willing to click the link.

What's surprising is that as far as I can tell, AmeriTrade has taken almost no heat in the media for letting this happen. Despite the abundant testimonials from bloggers who had their addresses leaked, the story never crossed over into the "mainstream" Internet press. In a recent Bloomberg News story, the FBI warned that E*Trade and AmeriTrade users were vulnerable to spyware installed by criminals in hotels and cybercafes to capture accounts and run pump-and-dump stock spams; no mention of the fact that all AmeriTrade e-mail addresses were apparently already in the hands of spammers anyway (although no one knows if usernames and passwords were leaked to the spammers as well).

This doesn't bode well for anyone who uses any type of online service and wants that service to keep their personal information secure. If AmeriTrade got skewered in the media for leaking customers' personal information to spammers, other companies would see that and learn the lesson. On the other hand, if AmeriTrade gets away with it with barely a whisper in the mainstream news, other companies are going to take note of that, too. Besides, spam and identity theft hurt everyone, not just the victims, because the costs are passed on to all of us in terms of higher ISP charges, higher payment processing fees, and more mail lost due to stringent spam filters.

AmeriTrade disclosed in April 2005 that a tape containing some customer information might have been stolen in February of that year, and many spam victims who blogged about their AmeriTrade addresses being stolen, referenced that incident as the likely cause. But after Bill Katz's blog post became a clearinghouse of sorts for complaints about stolen AmeriTrade addresses (probably as a result of being the first match on Google for "ameritrade spam"), several users posted that they had received spam at accounts that were only created with AmeriTrade in summer 2006. And then my e-mail address got leaked between April 14 and May 15, 2007. So it's pretty clear that some attacker has access to the AmeriTrade customer database on an ongoing basis, and the February 2005 tape theft probably had nothing to do with it.

AmeriTrade says that California law required them to notify their California customers of a potential security breach after the tapes were stolen, and that they went further and notified all of their customers anyway. Since there is now proof that their database is more or less perpetually open to some outside attacker, will they send out another notification letter to customers?

An accidental security breach can happen to any responsible company, especially if they are compromised from the inside. But the trail of blogosphere and UseNet posts indicates that several times AmeriTrade has concealed the full extent of the problem from customers who asked them about it, or has given out information that they already knew was wrong. In one thread in October 2005, a user reported that they wrote to AmeriTrade asking why their AmeriTrade-only e-mail address was getting spammed, and AmeriTrade replied that the spammer might have guessed the address using a dictionary attack, adding:

We have no reason to believe that any of our systems have been compromised. Ameritrade deploys state of the art firewalls, intrusion detection, anti-virus software as well as employs a full time staff of employee's dedicated strictly to Information Security and protecting Ameritrade's systems from unauthorized access.

But that was long after February 2005, when AmeriTrade said that tapes containing customer data were stolen. (Even if that turned out not to be the cause of the spam after all, by that point AmeriTrade knew that their customers' addresses had been leaked somehow.)

Then when my friend Art Medlar complained to AmeriTrade this year about the same thing happening, he got a response saying that even if he was getting spammed by an address that he only gave to AmeriTrade, that could be the result of hackers "implanting 'bots' that have the ability to extract e-mail addresses from your computer, even when you have protective spy software engaged". But of course this makes no sense -- if this were the source of the problem, it would affect everyone's e-mail addresses equally, and would not explain why a disproportionate number of complaints were coming from people who created addresses that they gave to AmeriTrade specifically.

When I sent AmeriTrade my own inquiry, I got a response that was identical to a forwarded message that someone else posted to news.admin.net-abuse.email in April. (To their credit, in this version of the message, AmeriTrade is acknowledging responsibility for the problem instead of attributing it to dictionary attacks or botnets. But the e-mail contains the curious piece of advice: "Please be sure to delete any spam you might receive, then empty your e-mail's trash so that it's no longer kept there, either." Huh? As one reader replied to the UseNet thread: "Cynical Translation: Please don't retain any independent evidence.") At first I didn't realize this was a boilerplate response, so I sent back some more questions, asking, for example, whether they would notify their California customers of the data security breach as required by that state's laws. The second response I got was a copy of the old boilerplate that they were sending out two years ago, blaming "dictionary attacks".

Now, compared to the 1,000 spams I already get every day (pre-filtering), the AmeriTrade spams were just a drop in the bucket, and many of their customers are probably in the same boat. And unlike most AmeriTrade customers, at least I can stop all AmeriTrade spam just by de-activating those addresses, since they aren't used for anything else. (Right now I'm keeping them open just to see what else comes in.) But AmeriTrade's database also contains much more valuable information such as names, PIN numbers (do you use the same PIN number everywhere that you sign up?), and Social Security Numbers. When I signed up for my account, informed by dire warnings that federal law required accurate information "to help the government fight the funding of terrorism and money laundering activities", I gave AmeriTrade my real SSN, address, and other personal data, figuring that if I gave them false information, I might get in more trouble than the experiment was worth. But now that the attacker has my e-mail, they might have all of my other information as well. In the coming months I'll probably start checking my credit report more often than I used to.

Probably someone inside AmeriTrade is selling customer data to an outside spammer. (It seems less likely that an attacker would keep breaking into AmeriTrade repeatedly to get updated copies of the customer list. Once you've broken in and gotten the customer database from 2006, why bother breaking in a year later, taking the risk all over again of getting caught and going to jail, just to get the updated 2007 database? Surely the 2006 list would be enough to run any pump-and-dump stock scam that you want!) Two suggestions to AmeriTrade to tighten their security: First, the number of people within the company who can access the customer database, is probably a lot larger than the number who actually need to access the customer database. Limit access to the e-mail database to people who actually need it. Second, in any cases where different employees really need to have access to the list, try giving them different versions of it, where each version is "seeded" with spamtrap addresses at Hotmail and Yahoo Mail. If the spamtrap addresses that start receiving spam are all ones that were used to seed one particular employee's copy of the list, then you've found the source of the leak. That won't stop the spam being sent to addresses that have already been stolen, but it could prevent further leaks from happening.

The SEC recently announced that they would suspend trading of companies whose stocks had been the target of spam campaigns to manipulate the price. Perhaps AmeriTrade could do something similar -- once a stock is identified as being promoted in spams sent to AmeriTrade customers, any customer attempting to buy that stock would be presented with a message saying that AmeriTrade was blocking the transaction for security reasons. (If this runs afoul of some SEC regulation that a brokerage has to let you buy any stock you want any time you want, then at least display a big warning when AmeriTrade users try to buy it through their system, saying that the stock has been the subject of a fraudulent promotion scheme and is an extremely high-risk buy.) However, while this would remove the incentive for stock spammers to target AmeriTrade customers, it's also really just covering up a symptom of the problem, rather than addressing the problem itself, which is that a spammer was able to steal the customer information from AmeriTrade's database in the first place.

But whatever they do, AmeriTrade should stop blowing off the people who complain about the spam, with messages about "dictionary attacks" and "botnets". When customers create specialized spamtrap addresses to detect if their e-mails ever get leaked, those are the tech-savvy customers who (a) know what they're doing, and (b) hate spam more than most people, and giving them misleading information is just poking a stick in their eye. Not a smart move when AmeriTrade has been leaking private customer information and is based, as their name indicates, in the most litigious country in the history of the world.

FishWithAHammer writes "As part of my Google Summer of Code project, I'm working with WinLibre to develop a Debian-like software download system for free/open source software on the Windows platform. My reasoning is that open source software suffers from poor presentation. Most computer laymen, even those aware of open source software, often don't have any idea how to go about looking for it, but would use it if it were easier to access. What I have proposed is both a Debian-style packaging mechanism (capable of using Windows Installer MSIs or not, as the user wishes) and a software 'catalog' that takes the best aspects of Synaptic and Linspire's Click-N-Run system. Seamless, simple installation and removal of programs in as straightforward a way as apt-get (there will be a command-line tool as well). I'm posting to Slashdot to get the ideas of you lot who, while you may not be the target audience, can certainly provide insights that can be of value." Read on for more of this reader's ideas and questions.

There are areas that I'm personally not familiar with, and while I have done some research I would like the opinions of Slashdotters on some others. While at first I intend to set it up so that WinLibre (and I) run only one repository, I am curious as to how this sort of tool could be most useful to network administrators. Customizable repositories will be available; the code will be under the GPL, after all, so it'd be a little hard for them not to be available.

I'm also interested in the ideas of those who might be in a position to roll together packages. I intend to package a number of open-source language interpreters with the core software to allow special pre- and post-install scripts, as well as removal scripts. C#Script, Perl, and Python are definites, as is a Cygwin sh interpreter. We will have some program requirements — chief among them that no registry changes may be made by the program — but some of them, I fear, will require some flexibility; some programs really do require a way to edit the registry, for example, and I am considering offering some sort of tracked way to make registry changes so they can be rolled back on uninstallation of the program.

I'd love to hear what Slashdotters think of this. Think of it as a wishlist, but you don't get any damn ponies.

Ed Ropple (FishWithAHammer)"

An anonymous reader writes "A decision in Tokyo District Court could have implications in Japan for online services that let users store files, if any music files are involved. The court case pitted JASRAC, the Japanese organization that collects fees for public music performances, against Image City, whose MYUTA service lets users employ a central server to store songs from their own CDs, to play on their own phones. The Tokyo District Court handed down a ruling declaring Image City guilty of copyright infringement (Google translation). Despite the music being stored strictly for personal use, the ruling reasoned that the act of uploading music to a central server owned by a company is the equivalent of distributing music to that company. This has implications for other services such as Yahoo! Briefcase and Apple's .Mac, which could mean these companies are guilty of copyright infringement if any of their users in Japan store music in their accounts for personal use. Here are some additional details on JASRAC's activities and methods." Neither article talks about possible appeals, or about how strong a precedent this case sets in the Japanese legal system.

Frequent Slashdot contributor Bennett Haselton gives the full-disclosure treatment to the widely known and surprisingly simple technique for finding treasure-troves of credit card numbers online. He points out how the credit-card companies could plug this hole at trivial expense, saving themselves untold millions in losses from bogus transactions, and saving their customers some serious hassles. Read on for Bennet's article.
Some "script kiddie" tricks still work after all: Take the first 8 digits of a standard 16-digit credit card number. Search for them on Google in "nnnn nnnn" form. Since the 8-digit prefix of a given card number is often shared with many other cards, about 1/4 of credit card numbers in my random test, turned up pages that included other credit card numbers, and about 1 in 10 turned up a "treasure trove" of card numbers that were exposed through someone's sloppily written Web app. If the numbers were displayed along with people's names and phone numbers, sometimes I would call the users to tell them that I'd found their cards on the Internet, and many of them said that the cards were still active and that this was the first they'd heard that the numbers had been compromised.

Now, before this gets a lot of people mad, let me say that at first I was planning on holding off writing about this for months if necessary, to give the credit card companies time to do something about it. In other words, I actually had the presumptuousness to think that I had been the first one to discover it, but only because the credit card numbers that I found were still active. (If the trick had been widely known, I reasoned, surely the credit card companies would have found any credit card numbers listed in Google before I did, and gotten them cancelled.) Then I found that the trick had been publicized about three years earlier in a C-Net article by Robert Lemos and was probably widely known even before that. (The article stops just short of describing the actual technique, but one reader posted the full details in a follow-up comment.) Another article from that year in CRM Daily describes an even more efficient trick: Googling for number ranges like 4060000000000000..4060999999999999 to find Visa card numbers beginning with "4060". Google has now blocked that trick, so that trying that as a Google search leads to an error page. But the basic technique of Googling for working credit card numbers, apparently still works. In other words, credit card companies have apparently known about this technique for at least three years, probably longer, and presumably have hoped it would continue being swept under the rug.

At this point, I think the right thing to do is to shine a light on the problem and insist that they fix it as soon as possible. It may result in a short-term spike in people using this technique, but if it results in the problem being fixed, then the total number of fraud incidents will probably be less in the long run.

It would be simple for companies like Visa, MasterCard, and Discover to take a list of the most common 8-digit prefixes, query for them every day on Google, and de-activate any new credit card numbers that were found that way. (American Express cards are apparently not vulnerable to this trick, because when their 15-digit card numbers are written with spaces, they are usually written in the format "3xxx xxxxxx xxxxx", and Googling for the first 10 digits as "3xxx xxxxxx" didn't yield anything in my random test of ten AmEx numbers. But this is still their problem too, since the searches that turn up "treasure troves" of card numbers usually include AmEx numbers as well.) A Perl programmer could write a script in one afternoon that could run through all the known 8-digit prefixes, parse the search results, and pick out any URLs that weren't listed as matches the day before. From there, the search results would have to be reviewed by a human, in order to spot any situations where one credit card number was exposed at one URL, and a slight variation on the same URL (such as varying an order ID number) would expose other credit card numbers as well, which was the case with several of the hits that I found. Simple, but time-consuming with so many different 8-digit prefixes -- but every minute of effort expended on tracking down and canceling leaked credit card numbers, would save time and grief later by preventing the numbers from being used by criminals. If it would save them time in the long run and help prevent fraud, then why don't they do this?

It's considered good etiquette among security researchers, when finding a new security hole, to give the affected companies a chance to fix the issue before publicizing it. When I first contacted the credit card companies and described exactly how the exploit worked and how to block it, after getting a polite "We can't comment" from each one, I figured I'd give them a few months to get a system in place that could find leaked cards on a daily basis and de-activate them before they could be used. But then I found the C-Net article from 2004, and figured that if the card companies hadn't taken action in three years, it was fair game to publicize the trick in order to increase the pressure on them to plug the gap. Of course, it's not the card companies' fault that these card numbers are leaked onto the Web; it's the fault of the merchants that allowed them to get leaked. But the credit card companies are the only ones who are in a position to do something about it.

I did try the "Good Samaritan" approach, calling the credit card companies when I found one of their customers' card numbers on the Web. For each of the four major card companies, I called their security departments and reported two of the cards that I had found compromised, and then a week later, called the cardholders themselves to see if the card companies had notified them. Surprisingly, of the four companies, American Express was the only one whose customers in this experiment, when I called them a week later, said that AmEx had contacted them and told them to change their numbers. But even if all four credit card companies were more proactive about acting on reports of leaked numbers, the problems with scaling this approach are that (a) I usually had to wait on hold for a few minutes with each company and then spell out each card number that I'd found, which doesn't scale for a large number of stolen card numbers, and (b) if lots of people started doing this, then the credit card companies would be inundated with duplicate reports about the "low-hanging fruit", card numbers with common prefixes that appear near the top of some Google search result. Both problems could be avoided if the card companies simply ran their own script that queried Google and brought up a list of any indexed card numbers, whereupon an employee could copy and paste the numbers into an interface that would flag the cards instantly.

Google does have a feature where you can request the removal of pages that contain credit card numbers and other personal data such as Social Security Numbers. Any pages that I found containing credit card data, I submitted for removal, and Google did handle each removal request within two days. But this doesn't guard against the possibility that someone might have found the credit card information before it was removed, and of course it doesn't mean that other search engines like Alta Vista (remember Alta Vista?) might not have indexed the same pages. Running a sample of 8-digit prefix searches on Alta Vista, I found about as many credit cards as I found through Google, including some pages that were not in the Google index (maybe Google never indexed them, or maybe they had removed them already). So removing a page from any engine's search results is more like covering up a symptom of a problem than fixing the problem itself, which is the fact that the card number was leaked to the Web in the first place.

If nothing else, this is another reminder of how terrible the security model is for credit card numbers as a token of payment -- one universal piece of information shared with every merchant, that can be used for unlimited unauthorized charges if it gets compromised, until someone notices. About the only desirable property of credit card numbers from a security point of view is that they can be changed, and most of your existing recurring billing relationships will carry over, but even that is a hassle. Several credit card companies do provide the ability to generate single-use credit card numbers, each one authorized only for a limited purchase amount. The problem with that is that as any security analyst will tell you, if it takes even one extra step, most people won't bother -- as long as all-purpose credit card numbers are the default, that's what most people will use. Perhaps incidents like this will push people towards more 21st-century-aware styles of payment (like PayPal, but without all the horror stories), where you can pay a bill through a system that debits your card or your bank account, without sharing all your information with the merchant.

But in the short term, as long as credit card numbers are still with us, the card companies should make more proactive efforts to find and deactivate the ones that have been leaked on the Internet. If the card numbers are found to be leaked by a clumsy Web interface on one company's site, then that company should be chastised by the card companies that issued them a merchant account. If the numbers are found together in a list posted on some third-party forum, then the companies can cross-reference the charge history against each card in the list, to narrow down which merchant may have been responsible for the leak. I'm sure the card companies do something like this already when they find a list of leaked cards; what they don't seem to be doing is acting aggressively enough to find the leaked numbers in the first place.

Maybe the real moral is not the insecurity of credit card numbers, but the value of transparency and online community relations. If MasterCard had been a hip company like Wikia, some volunteer probably would have discovered this attack very early, and another volunteer would have written an open-source tool to find and deactivate leaked MasterCard numbers automatically, and the problem would have been solved ten years ago. In fact many tech companies, if you report a security problem to them, will thank you and fix it immediately, and some of them will even offer you cash if you find any more, like Netscape used to do with their $1,000 Bugs Bounty program. We get so used to big companies having obvious holes in their security practices and answering every question about security with a flat "No comment", that we forget it doesn't have to be that way -- transparency is not just trendy, it works. After years of having bug hunters poke at the Netscape browser, the security may not have been perfect, but it didn't have any security holes that were as simple and obvious as to be analogous to finding credit card numbers on Google.

Frequent Slashdot contributor Bennett Haselton gives the full-disclosure treatment to the widely known and surprisingly simple technique for finding treasure-troves of credit card numbers online. He points out how the credit-card companies could plug this hole at trivial expense, saving themselves untold millions in losses from bogus transactions, and saving their customers some serious hassles. Read on for Bennet's article.
Some "script kiddie" tricks still work after all: Take the first 8 digits of a standard 16-digit credit card number. Search for them on Google in "nnnn nnnn" form. Since the 8-digit prefix of a given card number is often shared with many other cards, about 1/4 of credit card numbers in my random test, turned up pages that included other credit card numbers, and about 1 in 10 turned up a "treasure trove" of card numbers that were exposed through someone's sloppily written Web app. If the numbers were displayed along with people's names and phone numbers, sometimes I would call the users to tell them that I'd found their cards on the Internet, and many of them said that the cards were still active and that this was the first they'd heard that the numbers had been compromised.

Now, before this gets a lot of people mad, let me say that at first I was planning on holding off writing about this for months if necessary, to give the credit card companies time to do something about it. In other words, I actually had the presumptuousness to think that I had been the first one to discover it, but only because the credit card numbers that I found were still active. (If the trick had been widely known, I reasoned, surely the credit card companies would have found any credit card numbers listed in Google before I did, and gotten them cancelled.) Then I found that the trick had been publicized about three years earlier in a C-Net article by Robert Lemos and was probably widely known even before that. (The article stops just short of describing the actual technique, but one reader posted the full details in a follow-up comment.) Another article from that year in CRM Daily describes an even more efficient trick: Googling for number ranges like 4060000000000000..4060999999999999 to find Visa card numbers beginning with "4060". Google has now blocked that trick, so that trying that as a Google search leads to an error page. But the basic technique of Googling for working credit card numbers, apparently still works. In other words, credit card companies have apparently known about this technique for at least three years, probably longer, and presumably have hoped it would continue being swept under the rug.

At this point, I think the right thing to do is to shine a light on the problem and insist that they fix it as soon as possible. It may result in a short-term spike in people using this technique, but if it results in the problem being fixed, then the total number of fraud incidents will probably be less in the long run.

It would be simple for companies like Visa, MasterCard, and Discover to take a list of the most common 8-digit prefixes, query for them every day on Google, and de-activate any new credit card numbers that were found that way. (American Express cards are apparently not vulnerable to this trick, because when their 15-digit card numbers are written with spaces, they are usually written in the format "3xxx xxxxxx xxxxx", and Googling for the first 10 digits as "3xxx xxxxxx" didn't yield anything in my random test of ten AmEx numbers. But this is still their problem too, since the searches that turn up "treasure troves" of card numbers usually include AmEx numbers as well.) A Perl programmer could write a script in one afternoon that could run through all the known 8-digit prefixes, parse the search results, and pick out any URLs that weren't listed as matches the day before. From there, the search results would have to be reviewed by a human, in order to spot any situations where one credit card number was exposed at one URL, and a slight variation on the same URL (such as varying an order ID number) would expose other credit card numbers as well, which was the case with several of the hits that I found. Simple, but time-consuming with so many different 8-digit prefixes -- but every minute of effort expended on tracking down and canceling leaked credit card numbers, would save time and grief later by preventing the numbers from being used by criminals. If it would save them time in the long run and help prevent fraud, then why don't they do this?

It's considered good etiquette among security researchers, when finding a new security hole, to give the affected companies a chance to fix the issue before publicizing it. When I first contacted the credit card companies and described exactly how the exploit worked and how to block it, after getting a polite "We can't comment" from each one, I figured I'd give them a few months to get a system in place that could find leaked cards on a daily basis and de-activate them before they could be used. But then I found the C-Net article from 2004, and figured that if the card companies hadn't taken action in three years, it was fair game to publicize the trick in order to increase the pressure on them to plug the gap. Of course, it's not the card companies' fault that these card numbers are leaked onto the Web; it's the fault of the merchants that allowed them to get leaked. But the credit card companies are the only ones who are in a position to do something about it.

I did try the "Good Samaritan" approach, calling the credit card companies when I found one of their customers' card numbers on the Web. For each of the four major card companies, I called their security departments and reported two of the cards that I had found compromised, and then a week later, called the cardholders themselves to see if the card companies had notified them. Surprisingly, of the four companies, American Express was the only one whose customers in this experiment, when I called them a week later, said that AmEx had contacted them and told them to change their numbers. But even if all four credit card companies were more proactive about acting on reports of leaked numbers, the problems with scaling this approach are that (a) I usually had to wait on hold for a few minutes with each company and then spell out each card number that I'd found, which doesn't scale for a large number of stolen card numbers, and (b) if lots of people started doing this, then the credit card companies would be inundated with duplicate reports about the "low-hanging fruit", card numbers with common prefixes that appear near the top of some Google search result. Both problems could be avoided if the card companies simply ran their own script that queried Google and brought up a list of any indexed card numbers, whereupon an employee could copy and paste the numbers into an interface that would flag the cards instantly.

Google does have a feature where you can request the removal of pages that contain credit card numbers and other personal data such as Social Security Numbers. Any pages that I found containing credit card data, I submitted for removal, and Google did handle each removal request within two days. But this doesn't guard against the possibility that someone might have found the credit card information before it was removed, and of course it doesn't mean that other search engines like Alta Vista (remember Alta Vista?) might not have indexed the same pages. Running a sample of 8-digit prefix searches on Alta Vista, I found about as many credit cards as I found through Google, including some pages that were not in the Google index (maybe Google never indexed them, or maybe they had removed them already). So removing a page from any engine's search results is more like covering up a symptom of a problem than fixing the problem itself, which is the fact that the card number was leaked to the Web in the first place.

If nothing else, this is another reminder of how terrible the security model is for credit card numbers as a token of payment -- one universal piece of information shared with every merchant, that can be used for unlimited unauthorized charges if it gets compromised, until someone notices. About the only desirable property of credit card numbers from a security point of view is that they can be changed, and most of your existing recurring billing relationships will carry over, but even that is a hassle. Several credit card companies do provide the ability to generate single-use credit card numbers, each one authorized only for a limited purchase amount. The problem with that is that as any security analyst will tell you, if it takes even one extra step, most people won't bother -- as long as all-purpose credit card numbers are the default, that's what most people will use. Perhaps incidents like this will push people towards more 21st-century-aware styles of payment (like PayPal, but without all the horror stories), where you can pay a bill through a system that debits your card or your bank account, without sharing all your information with the merchant.

But in the short term, as long as credit card numbers are still with us, the card companies should make more proactive efforts to find and deactivate the ones that have been leaked on the Internet. If the card numbers are found to be leaked by a clumsy Web interface on one company's site, then that company should be chastised by the card companies that issued them a merchant account. If the numbers are found together in a list posted on some third-party forum, then the companies can cross-reference the charge history against each card in the list, to narrow down which merchant may have been responsible for the leak. I'm sure the card companies do something like this already when they find a list of leaked cards; what they don't seem to be doing is acting aggressively enough to find the leaked numbers in the first place.

Maybe the real moral is not the insecurity of credit card numbers, but the value of transparency and online community relations. If MasterCard had been a hip company like Wikia, some volunteer probably would have discovered this attack very early, and another volunteer would have written an open-source tool to find and deactivate leaked MasterCard numbers automatically, and the problem would have been solved ten years ago. In fact many tech companies, if you report a security problem to them, will thank you and fix it immediately, and some of them will even offer you cash if you find any more, like Netscape used to do with their $1,000 Bugs Bounty program. We get so used to big companies having obvious holes in their security practices and answering every question about security with a flat "No comment", that we forget it doesn't have to be that way -- transparency is not just trendy, it works. After years of having bug hunters poke at the Netscape browser, the security may not have been perfect, but it didn't have any security holes that were as simple and obvious as to be analogous to finding credit card numbers on Google.

PrescriptionWarning writes "With the latest Media Center Edition update from Microsoft, I and many others are finding that content available on television is now completely unwatchable from Media Center. The message states: 'Restricted Content: Restrictions set by the broadcaster and/or originator of the content prohibit playback of the program on this computer.' A simple search on the subject reveals that HBO programming and, in my case, Braveheart on AMC are among the many selections now restricted for playback or recording by Windows Media Center Edition. What's next, restricting every piece of programming on television?"

em8chel writes "LinuxTag, Germany's major fair for Linux and Free Software, is facing a massive boycott from open source enthusiasts in the country this year. Although the event doesn't open for a week, the community is voicing their anger and disappointment on various forums about this year's LinuxTag running under the auspices of Wolfgang Schaeuble, the conservative Minister of Interior, whose positions on issues of interest to the community are controversial to say the very least. Due to online protests and calls for a boycott, the organizer of LinuxTag has released a statement (German version, serviceable Google translation), holding that the politician's policies and political views have nothing to do with supporting free software, adding that if the community boycotts LinuxTag, it's the open source software that will be hit the hardest, and that Schaeuble probably won't even notice."

theodp writes "Forget the Summer of Code. If you've got a hot idea for a start-up, Newsweek says Y-Combinator, the boot camp where Silicon Valley meets 'American Idol', is the place you should be. 'Some critics scoff that Y Combinator's investment is peanuts for that amount of equity. But the opportunity is unparalleled -- total immersion into Silicon Valley start-up culture, advice from Graham and a fast track to the top angel investors and venture-capital funds. When Graham calls the winners, the founders have only five minutes to accept. "If people turn us down," he says, "as far as we're concerned they've failed an IQ test."'" We've previously discussed the program on the site, just over a year ago.

Thwomp writes "I love using my Wii to catch up on my Google Reader feeds and now that activity is officially supported by Google. It's really great to see that the Google Reader team has created an improved user interface optimized for the Wii's Opera browser and Wiimote. You can also try out the Google Reader for Wii in your browser. Google account is mandatory, of course."

Van Jacobson gave a Google Tech Talk on some of his ideas of how a modern, global network could work more effectively, and with more trust in the data which changes many hands on its journey to its final destination. Watch the talk on Google's site The man is very smart and his ideas are fascinating. He has the experience and knowledge to see the big picture and what can be done to solve some of the new problems we have. He starts with the beginning of the phone networks and then goes on to briefly explain the origins of the ARPAnet and its evolution into the Internet we use today. He explains the problems that were faced while using the phone networks for data, and how they were solved by realizing that a new problem had risen and needed a new, different solution. He then goes to explain how the Internet has changed significantly from the time it started off in research centres, schools, and government offices into what it is today (lots of identical bytes being redundantly pushed to many consumers, where broadcast would be more appropriate and efficient).

Van Jacobson gave a Google Tech Talk on some of his ideas of how a modern, global network could work more effectively, and with more trust in the data which changes many hands on its journey to its final destination. Watch the talk on Google's site The man is very smart and his ideas are fascinating. He has the experience and knowledge to see the big picture and what can be done to solve some of the new problems we have. He starts with the beginning of the phone networks and then goes on to briefly explain the origins of the ARPAnet and its evolution into the Internet we use today. He explains the problems that were faced while using the phone networks for data, and how they were solved by realizing that a new problem had risen and needed a new, different solution. He then goes to explain how the Internet has changed significantly from the time it started off in research centres, schools, and government offices into what it is today (lots of identical bytes being redundantly pushed to many consumers, where broadcast would be more appropriate and efficient).

CoolVibe writes "From the abstract in the talk: "World-renowned Science Fiction writer and futurist Bruce Sterling will outline his ideas for SPIMES, a form of ubiquitous computing that gives smarts and 'searchabiliity' to even the most mundane of physical products. Imagine losing your car keys and being able to search for them with Google Earth." It's a very interesting lecture given by Bruce Sterling about something we might see in the near future. The lecture can be viewed here on Google Video."

fieryprophet writes "An astonishing number of stories related to HD-DVD encryption keys have gone missing in action from digg.com, in many cases along with the account of the diggers who submitted them. Diggers are in open revolt against the moderators and are retaliating in clever and inventive ways. At one point, the entire front page comprised only stories that in one way or another were related to the hex number. Digg users quickly pointed to the HD DVD sponsorship of Diggnation, the Digg podcast show. Search digg for HD-DVD song lyrics, coffee mugs, shirts, and more for a small taste of the rebellion." Search Google for a broader picture; at this writing, about 283,000 pages contain the number with hyphens, and just under 10,000 without hyphens. There's a song. Several domain names including variations of the number have been reserved. Update: 05/02 05:44 GMT by J : New blog post from Kevin Rose of Digg to its users: "We hear you."

An anonymous reader writes "The Google Librarian Central site has up a piece by Mark Aubin, a Software Engineer who works on Google Earth. Aubin explains some of the process behind capturing satellite imagery for use with the product. 'Most people are surprised to learn that we have more than one source for our imagery. We collect it via airplane and satellite, but also just about any way you can imagine getting a camera above the Earth's surface: hot air balloons, model airplanes - even kites. The traditional aerial survey involves mounting a special gyroscopic, stabilized camera in the belly of an airplane and flying it at an elevation of between 15,000 feet and 30,000 feet, depending on the resolution of imagery you're interested in. As the plane takes a predefined route over the desired area, it forms a series of parallel lines with about 40 percent overlap between lines and 60 percent overlap in the direction of flight. This overlap of images is what provides us with enough detail to remove distortions caused by the varying shape of the Earth's surface.'

magnamous asks: "Ever since Senator Ted Stevens used the phrase 'series of tubes' to describe his understanding of the Internet, I've noticed several stories and comments referencing how silly that is. Although I agree that that description is rather silly, each time I've found myself trying to come up with a -succinct layman's definition- of what the Internet is, and I come up short. Wikipedia has a gargantuan page describing the Internet, and Google's definitions offer pretty good descriptions of what the Internet is in a functional sense (with some throwing in terms that the layman wouldn't understand, or take the time to understand), but not really a good description of what it -is- in the physical sense that I think Sen. Stevens was trying to get at. What are your suggestions for a succinct layman's definition of the Internet?" I know some would say that laypeople should take the time to learn the technical, more accurate meaning of what the Internet is. The problem is that they won't. We all know laypeople. I live with two of them. When you start talking about 'TCP/IP' or 'DNS', or if you get far enough to start describing those terms, their eyes glaze over. That's what makes them laypeople — they don't care about the subject enough to learn about it in-depth; if they did, they'd be computer enthusiasts. So please keep in mind that, in order for this discussion to be useful, 'succinct' and 'layman' are essential parts to any definition of the Internet given here. Also keep in mind that 'succinct' doesn't necessarily mean one sentence; a relatively short paragraph would be fine, too — the main goal is to come up with something that physically describes the Internet in a way which laypeople can actually understand."

lotusleaf writes "According to an article at PCWorld, "Google Inc. has bought video conferencing software from Marratech AB", "The client software runs on Windows 2000 or XP, Mac OS X 10.4, or versions of Linux". Could this provide a cross-platform video conferencing boost to gTalk?"