Slashdot Mirror

"Amazing what Republicans not in the pockets of trial lawyers do when they run the show."

5 Republicans voted against, and 2 Democrats did.Look for youself.

House Roll Call Vote on HR 395: 418 Yea, 7 Nay (5 Republican, 2 Democrat), 9 Not Voting

Kinda funny that the woman introducing a bill to greatly restrict the power of the DMCA was named "Cyber Champion" by the BSA...three cheers for biting the hand that feeds you!

This bill has been refered to the Judiciary Committee and from there will most likely be sent to the Subcommittee on Courts, the Internet, and Intellectual Property

Everybody ought to lick the stamp and write there Rep. but if you vote in the districts of any of the following it is especially important.

Thank you,
JFMILLER

F. James Sensenbrenner, Jr. (R-WI) [Chair]
Lamar Smith (R-TX) (Sub Committee chair)
John Conyers, Jr (D-MI) * [Ranking Democrat]
Howard L. Berman (D-CA) *
Henry J Hyde (R-IL) *
Richard Boucher (D-VA) *
Elton Gallegly (R-CA) *
Robert C Scott (D-VA)
Bob Goodlatte (R-VA)*
Jerrold Nadler (D NY)
William L. Jenkins (R-TN) *
Melvin L. Watt (D-NC)
Spencer Bachus (R-AB) *
Zoe Lofgren (D-CA) * [Bill's Sponcer]
Mark Green (R-WI)*
Sheila Jackson-Lee (D-TX)
Rick Keller (R-FL)*
Maxine Waters (D-CA) *
Melissa Heart (R-PA) *
Martin T Meehan (D-MA) *
Mike Pence (R-IN) *
William Dalahunt (D-MA) *
Jeff Flake (R-AZ)
J. Randy Forbes (R-VA) *
Robert Wexler (D- FL) *
John Carter (R-TX) *
Tammy Baldwin (D-WI) *
John Hostettler (R-IN)
Anthony D. Weiner (D-NY) *
Marsha Blackburn (R-TN)
Adam B Schiff (D-CA)
Chriss Cannon (R-UT)
Linda T. Sanchez (D-CA)
Steve King (R-IA)
Howard Coble (R-NC)
Steve Cabot (R-OH)
Tom Feeney (R-FL)
Chris Cannon (R-UT)
* -- Member, Subcommittee on Courts, the Internet, and Intellectual Property

This bill has been refered to the Judiciary Committee and from there will most likely be sent to the Subcommittee on Courts, the Internet, and Intellectual Property

Everybody ought to lick the stamp and write there Rep. but if you vote in the districts of any of the following it is especially important.

Thank you,
JFMILLER

F. James Sensenbrenner, Jr. (R-WI) [Chair]
Lamar Smith (R-TX) (Sub Committee chair)
John Conyers, Jr (D-MI) * [Ranking Democrat]
Howard L. Berman (D-CA) *
Henry J Hyde (R-IL) *
Richard Boucher (D-VA) *
Elton Gallegly (R-CA) *
Robert C Scott (D-VA)
Bob Goodlatte (R-VA)*
Jerrold Nadler (D NY)
William L. Jenkins (R-TN) *
Melvin L. Watt (D-NC)
Spencer Bachus (R-AB) *
Zoe Lofgren (D-CA) * [Bill's Sponcer]
Mark Green (R-WI)*
Sheila Jackson-Lee (D-TX)
Rick Keller (R-FL)*
Maxine Waters (D-CA) *
Melissa Heart (R-PA) *
Martin T Meehan (D-MA) *
Mike Pence (R-IN) *
William Dalahunt (D-MA) *
Jeff Flake (R-AZ)
J. Randy Forbes (R-VA) *
Robert Wexler (D- FL) *
John Carter (R-TX) *
Tammy Baldwin (D-WI) *
John Hostettler (R-IN)
Anthony D. Weiner (D-NY) *
Marsha Blackburn (R-TN)
Adam B Schiff (D-CA)
Chriss Cannon (R-UT)
Linda T. Sanchez (D-CA)
Steve King (R-IA)
Howard Coble (R-NC)
Steve Cabot (R-OH)
Tom Feeney (R-FL)
Chris Cannon (R-UT)
* -- Member, Subcommittee on Courts, the Internet, and Intellectual Property

I submitted this story yesterday and the all knowing /. editors rejected it...

but besides that gripe I must say that this is an important opportunity for us. It may not be everything we have ever wanted, but it is a step in the right direction. Zeo is also supports fair use of peer to peer networks as well

Per Zoe Lofgren's own summary , yes, you pretty much got it right.

clearly a clued up congressional representative. See also her remarks on p2p here

" Illegal file-sharing is a major problem. But we should not create one problem to solve another."

She'd get my vote...

we'll, if I had one over there...

A list of US House Representatives
(remember it is always best to write snail mail to your reps. Email is trashed to easy.
http://www.house.gov or here Write your Rep

And here are the Senators

Senate Listings

A list of US House Representatives
(remember it is always best to write snail mail to your reps. Email is trashed to easy.
http://www.house.gov or here Write your Rep

And here are the Senators

Senate Listings

The two-party political system in the US.

It sure seems like the public would eventually realize that the system was supposed to elect representatives from your area that would vote for the will of their constituents.

Yet year after year we send off representatives that, by and large, dutifully follow the directions of the party whip.

Hey!!! Someone hacked the House.gov

I'd like to see a direct quote, please.

Well they said this was at Congressional Committee. Go look it up then. They have a audio record of the hearing, as well as some written statements. It only took me 2 minutes to find through Thomas.

It seems like a well-though-out review

Ipsos reported that 19% of Americans over 12 years old traded files in 2002. That is a lot of votes. If all you people would write your senators and representatives about repealing the NET Act maybe they would.

Enough of these cases and the patent office may begin to reforem itself in when and where it grants a patent.

"This process contains three phases: (1) Completing a cover sheet, and (2) Attaching documents or submitting typed comments, and (3) Receiving a Confirmation." (from ECFS user manual)

Upload expert, submitting an attached MS Word 6.0 and higher, MS Excel 4.0 and higher, Word Perfect 5.1 and higher, ASCII Text, and Adobe Acrobat Portable Document Format (PDF), as specified in the ECFS user manual. Or (maybe?) do a quick file submission under "Broadband over the traditional telephone." (I'm not sure if this files under the proper proceeding, as it provides minimal information so you may want to use expert.)

File using expert

1. Proceeding: 03-45
2. Fill in relevant information (pers info)
3. Document type: Comment
4. Attach document or just type in a quick comment

Now instead of ranting here on the issue. Make your statements on the issue available to people other then techies, law types and such. Not that I'm saying law types don't come here, or techies don't understand ... err ... shut up ... right. The rest of this comment is thrown in for reference.

Home Site ECFS (Electronic Comment Filing System)
http://www.fcc.gov/cgb/ecfs/

Documentation in regards to proper response filings in response to the petition posted by pulvar.com":
http://pulver.com/fwd/fccfwd.html
http://hraunfoss.fcc.gov/edocs_public/attachmatch/ DA-03-439A1.pdf

The CFRs referenced from time to time are Code of Federal Regulations. On the site referenced, you should come to see quickly there are different titles corresponding to various sectors of industry, Title 47 referencing Telecommuniation.

USC stands for United States Code. You can search this database or download each to view structurally.

I have just discovered all this information out in the past 15 minutes via Google and the www.fcc.gov site and www.pulvar.com. I can't give you a cut clear definition of the difference of U.S.C. and C.F.R., however there is an about page that clearly defines this on each respective home site.

In other words, I'll leave my post and allow the higher states of entropical discussion to follow ;)

P.S.I'm not really a coward, just an ignorant fool who forgot his password/email. Ohhly well. That also means to imply I am not affliated with anybody pertaining to the topic of discussion.

"This process contains three phases: (1) Completing a cover sheet, and (2) Attaching documents or submitting typed comments, and (3) Receiving a Confirmation." (from ECFS user manual)

Upload expert, submitting an attached MS Word 6.0 and higher, MS Excel 4.0 and higher, Word Perfect 5.1 and higher, ASCII Text, and Adobe Acrobat Portable Document Format (PDF), as specified in the ECFS user manual. Or (maybe?) do a quick file submission under "Broadband over the traditional telephone." (I'm not sure if this files under the proper proceeding, as it provides minimal information so you may want to use expert.)

File using expert

1. Proceeding: 03-45
2. Fill in relevant information (pers info)
3. Document type: Comment
4. Attach document or just type in a quick comment

Now instead of ranting here on the issue. Make your statements on the issue available to people other then techies, law types and such. Not that I'm saying law types don't come here, or techies don't understand ... err ... shut up ... right. The rest of this comment is thrown in for reference.

Home Site ECFS (Electronic Comment Filing System)
http://www.fcc.gov/cgb/ecfs/

Documentation in regards to proper response filings in response to the petition posted by pulvar.com":
http://pulver.com/fwd/fccfwd.html
http://hraunfoss.fcc.gov/edocs_public/attachmatch/ DA-03-439A1.pdf

The CFRs referenced from time to time are Code of Federal Regulations. On the site referenced, you should come to see quickly there are different titles corresponding to various sectors of industry, Title 47 referencing Telecommuniation.

USC stands for United States Code. You can search this database or download each to view structurally.

I have just discovered all this information out in the past 15 minutes via Google and the www.fcc.gov site and www.pulvar.com. I can't give you a cut clear definition of the difference of U.S.C. and C.F.R., however there is an about page that clearly defines this on each respective home site.

In other words, I'll leave my post and allow the higher states of entropical discussion to follow ;)

P.S.I'm not really a coward, just an ignorant fool who forgot his password/email. Ohhly well. That also means to imply I am not affliated with anybody pertaining to the topic of discussion.

"This process contains three phases: (1) Completing a cover sheet, and (2) Attaching documents or submitting typed comments, and (3) Receiving a Confirmation." (from ECFS user manual)

Upload expert, submitting an attached MS Word 6.0 and higher, MS Excel 4.0 and higher, Word Perfect 5.1 and higher, ASCII Text, and Adobe Acrobat Portable Document Format (PDF), as specified in the ECFS user manual. Or (maybe?) do a quick file submission under "Broadband over the traditional telephone." (I'm not sure if this files under the proper proceeding, as it provides minimal information so you may want to use expert.)

File using expert

1. Proceeding: 03-45
2. Fill in relevant information (pers info)
3. Document type: Comment
4. Attach document or just type in a quick comment

Now instead of ranting here on the issue. Make your statements on the issue available to people other then techies, law types and such. Not that I'm saying law types don't come here, or techies don't understand ... err ... shut up ... right. The rest of this comment is thrown in for reference.

Home Site ECFS (Electronic Comment Filing System)
http://www.fcc.gov/cgb/ecfs/

Documentation in regards to proper response filings in response to the petition posted by pulvar.com":
http://pulver.com/fwd/fccfwd.html
http://hraunfoss.fcc.gov/edocs_public/attachmatch/ DA-03-439A1.pdf

The CFRs referenced from time to time are Code of Federal Regulations. On the site referenced, you should come to see quickly there are different titles corresponding to various sectors of industry, Title 47 referencing Telecommuniation.

USC stands for United States Code. You can search this database or download each to view structurally.

I have just discovered all this information out in the past 15 minutes via Google and the www.fcc.gov site and www.pulvar.com. I can't give you a cut clear definition of the difference of U.S.C. and C.F.R., however there is an about page that clearly defines this on each respective home site.

In other words, I'll leave my post and allow the higher states of entropical discussion to follow ;)

P.S.I'm not really a coward, just an ignorant fool who forgot his password/email. Ohhly well. That also means to imply I am not affliated with anybody pertaining to the topic of discussion.

Bishop (UT)
Ryan (OH)
Terry
Flake
Strickland
Paul
Tancredo

They're one of the 7 who voted no on the bill. Better give them a piece of your mind.

source:
http://clerkweb.house.gov/cgi-bin/vote.exe?year=20 03&rollnumber=26

This is a good step!

I just got done writing 4 letters to my Congressmen about the Pariot Act 2 and war with Iraq. I know it is easier to post online about how something should be done, but it only took about an hour to go out, get stamps and envelopes, and write.

Perhaps take this as a chance to thank your Senator/Representative for voting against this (if they did!), and maybe even let them know your views on the Patriot Act 2, etc.

Find your Senator

Find your Representative

Uhm... Isn't the DCMRA already taking a stand on this front?

Rather coincidentally, just the other day, at the Borders Cafe (oh yeah, I can rhyme!), I found and read an article about the DMCRA in the current issue of 2600 magazine. The article took the opinion that the DMCRA put Fair Use back into the equation and stated that it specifically makes exemptions for the cases of scientific research and other legitimate uses.

The article went on, with minimal explanation, to state that the DMCRA reestablishes the Betamax standard with regard to the digital world. Being unfamiliar the Betamax or any related standard, myself, has anyone else an explanation just what that means?

Next year will be too late. Call/write/harass your congresscritter NOW.

If Congress doesn't declare war, we are not in a war. (Article I, section 8, clause 11, the U.S. Constitution)

From The US Constitution:

Article 1, Section 9, Clause 5: No Tax or Duty shall be laid on Articles exported from any State.

If they send it to you across state lines, it has been exported from that state. Simple concept, this Constitution.

It's hard to direct tax breaks at the low end of the economy, since hardly anybody at the low end of the income distribution actually pays income tax to begin with (incomes less than $30K pay 5.8% of all income tax - see here for more details).

The upper 10% of the income bracket pays 50% of all income taxes (same source). Maybe those who actually pay taxes might appreciate it.

Hi,

Sorry for not including a link...

US House of Representatives

Pay attention to clown boy's rhetoric about safe harbor...

Now that dalnet has been beaten into submission and compliance, I'll bet you a diet coke and a couple pack of twinkies that the attacks cease after a suitable period to make it appear as a unrelated action.

It takes deep pockets and plenty of manpower to hunt down a ddos attack and no one in US enforcement is going to expend the effort to help stop the attacks. They know which side of the bread their butter is on. Any effort to stop the activity would be frowned on by the people holding the pursestrings.

After all, why do you think a rep from California made the proposal?

NW Fusion also has some stuff.

The full text of the bill can be found here.

Here's a link to a PDF version of the bill on the HoRep's website (It's H.R. 107 in the 108th Congress): Proposed bill. Of interest is what the last two pages have (the rest is just deliniating what mislabeling of a copy-protected disk is and punishable for) -- while it goes in the right direciton for fair uses, it still leaves open the question of "significant noninfringing use" of a hardware/software product, getting us right back to the VHS case. Also, interestingly enough, note the header on the PDF file: it's based off an XML document, apparently, so I wonder how much Boucher's office has adopted to technology, or if the HoReps now has a nice XML/DocBook type of technology for building up new bills.

... and pay particular attention to Schmidt's testimony before the House Committee on Energy and Commerce... Microsoft is doing a fine job... increase penalties for cyber-crime... increase funding for law enforcement... but keep the government out of the industry.

This is going to be me, rambling. I'll be accused of being a liberal, tree-hugging, deficit-loving bitch, but it needs to be said.

Bush has, from day one, been all about, or so he says, cutting budgets. Everything but Defense, he says, is spending far too much. Education. Health and Human Services. AIDS research (his "broad" plan announced in the State of the Union address was a joke). NASA.

Time and time again, he has harped on cutting NASA's budget. He has forced the agency to abandon most all other programs, except extending the life of the shuttles.

Democrats and others have pleaded for Bush to reconsider. He hasn't.

One year ago, CNN discussed Bush's plans to dramatically reduce NASA's budget, INCLUDING safety spending, in favour of learning more about nuclear technology in space.

This PDF from the House Democrats makes Bush's cuts clear, in terms of NASA and science in general.

Worse yet, a year and a half ago, people were warning that these cuts were leading to an inevitable disaster in the shuttle program. A freaking year and a half ago.

And through all of this, the best Bush can say is "May God continue to bless America."

Oh, and Saddam is an evil, evil man.

Growl.

jrbd

Now is the time to write your elected congressmen from the House and Senate and let them know that they should not decrease funding to NASA because of this, but they should increase funding. NASA has been working financially with one hand tied behind their backs since Challenger, and cutting funding further would likely cause even more accidents to happen. Get out your pens and paper and help keep NASA alive!

Agree? Disagree? Tell someone who can do something about it.
http://www.house.gov/writerep for your US Representative.

http://www.senate.gov for your US Senators. (Senators' e-mail addresses are usually 'senator_${senator_last_name}@${senator_last_name} .senate.gov'.

For all of them - be sure to include your name and address, so they know that you live in their district. More likely to take you seriously, then.

There are a few, overshadowed by the many. This includes Texas representative Ron Paul who appears to possibly be running as a liberterian in 2004.

What about Representative Ron Paul (R-Texas)?

http://www.house.gov/paul

Here's a good example of a life'er:

A few years back, IBM was reevaluating the FAA systems for Y2K compliance and they came to a conclusion:

There is nobody left who understands the system.

Moral?

Work hard and then fuck the documentation when nobody is looking.

http://www.house.gov/writerep/ lets anyone find out who the US congressional representative is for a given area. However, in densely populated areas, you'll first need the complete Zip+4 postal code.

It's a US House of Rep report, based on IRS data. To sum it up, those that make more than $300k/yr pay 37% of all income tax collected. Those making less than $27k/yr (50% of US population) pay less than 4% of all income tax collected.

Looking at the numbers, and defining (for the sake of argument) "middle class" as the middle third, I'd say that the middle class pays less than 15% of all income taxes collected. (Numbers rounded in my post, exact numbers in link)

Thank you! So the current initiative to define a consumer "Bill of Rights" for media products is to make Federal law out of what is currently judicial precedent.

Having read 17 USC 107 but not the decisions cited above, I assume (and accept all potential consequences) that what the courts found was that people would not be guilty of infringement for copying material for time- and space-shifting and that they did not discuss encryption issues.

Do I understand correctly, then, that it would be legal (at least under established precedent) for me to make an exact duplicate of a DVD (as in a byte per byte data image) to a second piece of media or to transmit it over my home network for "performance" on another device than the one in which it is loaded, but not to decrypt the DVD for storage or transmission in a different data format because that violates DMCA? The publishers make a thing, hide it in the dark, and then sell you the flashlight. A complicit Congress makes it illegal to manufacture an alternative flashlight.

I thought I was disgusted by this subject before, but the more I understand it, the more nauseous I feel.

It remains a key feature of IT that the skills involved allow entry to such a wide range of differing industries that there's practically no reason for someone to feel they're at a dead end. The video game industry, is in many ways, a case in point: although not wonderful - the salaries are generally so bad it makes analyst programming look positively well paid - it's a great entry point for any programmer with imagination who wants to use programming skills that are normally cut off at other levels. Database management is well known, dynamic web page building is understood and there are limits to what you can do: but video game development is different - algorithms are always being bettered, and the very good can end up pushing video game development into another sphere, creating types of application previously unenvisagable.
It's ironic that this happens and yet it's considered a poor-man's profession. Programmers in this field are generally poorly treated, with poor contracts, little chance of advancement, and little cross-skillification that would allow a programmer to move into a more respected arena. This is, in part, because it's an entertainment area, and in part because for every superskilled programmer who is able to push the arena into a new paradigm, there must be a hundred who can barely put together a bunch of assembler instructions to copy memory from one place to another without it taking five times as long as it ought to, and containing bugs.

This quagmire of the more innovative area of programming being hampered by a low perception of the people involved and the skills they bring to the table will not disappear by itself. Unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.

You can help by getting off your rear and writing to your congressman or senator. Tell them you value programmers who have the imagination and skills to create entirely new technologies for the manipulation of complex graphics, and who have the cut needed to understand the essentials of good game play. Tell them that you appreciate the work being done to create wonderful new games but that if good programmers are put off by poor working conditions and salaries, you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how poor working conditions detering the best of the best harms all three. Let them know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their policies on elite computer game programmers.

You CAN make a difference. Don't treat voting as a right, treat it as a duty. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.

After all that, I asked her what brand of computer she had sitting on her desk. It was a Compaq. When I asked her if she realized that, absent Compaq's clean-room reverse-engineering of the IBM BIOS in the early 1980's (which would have been clearly illegal under the DMCA ), there would be no IBM PC compatibles, no PC market, and a vastly different (and far more meager) computer marketplace today... she said she had to go, and hung up.

It's a pity I don't live in Coble's district. On matters of IP and technology, at least, this guy is spectacularly under-informed and, as a result, wholly unfit for the responsibilities invested in him by his constituents.

After all that, I asked her what brand of computer she had sitting on her desk. It was a Compaq. When I asked her if she realized that, absent Compaq's clean-room reverse-engineering of the IBM BIOS in the early 1980's (which would have been clearly illegal under the DMCA ), there would be no IBM PC compatibles, no PC market, and a vastly different (and far more meager) computer marketplace today... she said she had to go, and hung up.

It's a pity I don't live in Coble's district. On matters of IP and technology, at least, this guy is spectacularly under-informed and, as a result, wholly unfit for the responsibilities invested in him by his constituents.

Jokes about the RIAA aside, which has indeed asked for laws to allow it to do exactly what you deem jokeworthy, the fact is that most people consider their PCs their own property but not their own responsibility. The view appears to be that it's ok for someone to leave a machine on the Internet available for anyone to take over, that the person who puts it there has no responsibility, and that anyone who complains, tries to get it fixed, etc, is in the wrong.

Friends, I know that we all consider those who crack computers to be the ultimate culprits in any situation where a computer is damaged, but that doesn't mean that people shouldn't take responsibility their own parts in allowing this to happen. Someone who quite blatently leaves his or her keys in their car and parks outside bars would not be viewed by most people as completely blameless in the event that a drunk staggers out, takes the car, and drives it into a shop window.

Leaving a machine unsecured and unmonitored on the Internet is a sure-fire way of ensuring it is hacked and used to attack other machines. We know this. Yet people continue to do it. They do not secure their machines once hacked, and they allow their own machines to attack others once hacked. This is negligence, pure and simple.

This quagmire of negligent sysadmins not securing their machines, not allowing their machines to be shut down by victims yet not willing to consider the consequences of their failure to secure their machines and to turn off machines that attack others will not disappear by itself. Unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.

You can help by getting off your rear and writing to your congressman or senator. Tell them that negligent sysadmins who are happy to keep their computers connected to the Internet all of the time but aren't willing to take basic, simple, security precautions to ensure they play with others are a danger to the security of the Internet, a menace to other 'net users, and cause billions of dollars of damage every year. Tell them that you appreciate the work being done by groups like Security Focus, BugTraq, and even the efforts made by Microsoft to secure their systems and provide easy ways of keeping their products secure, but that if those responsible for computers that are on the Internet do not make use of the tools and features made available to them, you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how incompetent system administration harms all three. Let them know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on whether or not they are willing to propose laws that provide proper deterents to poor system administratorship and allow those attacked by poorly managed machines to fight back.

You CAN make a difference. Don't treat voting as a right, treat it as a duty. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.

If you want to participate in government instead of bitching about how corporations run everything, contact your Congressman or your Senator.

I think the real reason they've agreed to agree and stop pursuing new laws is because they figured out the harder they push for new legislation to protect themselves, the harder others (eg. Rick Boucher) will push for additional laws to protect consumers' fair use.

If they stop the push to legislate for business, the push to legislate for consumers lessens and they can do whatever they want since there are no laws against it.

After all, there's a bill (HR 2511) to authorize copyright infringement blocking by copyright holders.

For info on it from two disparate sources, see
Rep. Howard Berman's site and EFF's Comments on the Berman P2P Bill.

Actually, I haven't heard anything recent about this...

The Internet's Achilie's heel is it's awesome complexity and size. The result is that it's very east for a group to appear, do damage, and then disappear, and never be traced. Worse still, the ease with which this can be done is itself an incentive - a downtime of DNS, or of a Microsoft server, or of Yahoo, is seen as unimportant, easy, and untracable, and people - for whatever reasons, be they sociopathic, vengeful, curious, or egocentric - are attracted to perform these kinds of acts.

It's difficult for any reasonable person to know where to begin solving these issues. Traditionally, nailing down machines and networks so they are more secure has been seen as the best approach, but there's little anyone can do about having bandwidth used up by unaccountable "hacked" machines, as is seemingly more and more the modus-operandi.

Attempts to trace crackers are frequently wastes of time, and stiffer penalties for hackers are compromised by the fact that it's hard to actually catch the hackers in the first place. The situation is made worse that many of the most destructive hackers do not, themselves, set up anything beyond sets of scripts distributed to and run by suckers - so-called "script kiddies".

Given that hackers usually work by taking over other machines and coopting them into damaging clusters that can cause all manner of problems, less focus than you'd expect is put onto making machines secure in the first place. The responsibility for putting a computer on the Internet is that of a system administrator, but frequently system administrators are incompetent, and will happily leave computers hooked up to the Internet without ensuring that they're "good Internet citizens". Bugs are left unpatched, if the system administrators have even taken the trouble to discover if there are any problems in the first place. This is, in some ways, the equivalent of leaving an open gun in the middle of a street - even the most pro-gun advocates would argue that such an act would be dangerously incompetent. But putting a farm of servers on the Internet, and ignoring security issues completely, has become a widespread disease.

There is a solution, and that's to make system adminstrators responsible for their own computers. An administrator should be assumed, by default, to be responsible for any damage caused by hardware under his or her control unless it can be shown that there's little the admin could reasonably have done to prevent their machine from being hijacked. Clearly, a server unpatched a few days after a bug report, or a compromise unpatched that has never been publically documented, is not the fault of an admin, but leaving a server unpatched years after a compromise has been documented and patches have been available certainly is. Unlike hackers, it is easy to discover who is responsible for a compromised computer system. So issues of accountability are not a problem here.

Couple this with suitably harsh punishments, and not only will system administrators think twice before, say, leaving IIS 4 out in the wild vulnerable to NIMDA, but hackers too - for the same reasons as they avoid attacking hospital systems, etc - will think twice about compromising someone else's system. Fines for first offenses and very minor breaches can be followed by bigger deterents. If you were going to release a DoS attack into the wild, but knew that the result would be that many, many, system administrators would be physically castrated because of your actions, would you still do it?

Of course not. But even if you were, the fact that someone has been willing to allow their system to be used to close the DNS system, or take Yahoo offline, ought to be reason enough to be willing to consider such drastic remedies. Castration may sound harsh, but compared to modern American prison conditions, it's a relatively minor penalty for the system administrator to pay, and will merely result in discomfort combined with removal from the gene-pool. At the same time, such an experience will ensure that they take better care of their systems in future, without removing someone who might have skills critical to their employer's well being from being taken out of the job market.

The assumption has always been made that incompetent system administrators deserve no blame when their systems are hijacked and used for evil. This assumption has to change, and we must be willing to force this epidemic of bad administration to be resolved. Only by securing the systems of the Internet can we achieve a secure Internet. Only by making the consequences of hacking real and brutal can we create an adequate response to the notion that hacking, per-se, is not wrong, that it causes no damage.

This quagmire of people considering system administrators the innocents in computer security when they are themselves the most responsible for problems and holes will not disappear by itself. Unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.

You can help by getting off your rear and writing to your congressman or senator. Write also to Jack Valenti [mpaa.org], the CEO and chair of the MPAA, whose address and telephone number can be found at the About the MPAA page. Write too to Bill Gates, Chief of Technologies and thus in overall charge of security systems built into operating systems like Windows NT, at Microsoft. Tell them security is an important issue, and is being compromised by a failure to make those responsible for security accountable for their failures. Tell them that only by real, brutal, justice meted out to those who are irresponsible on the Internet will hacking be dealt with. Tell them that you believe it is a reasonable response to hacking to ensure that administrators who fail time and time again are castrated, and that castration is a reasonable punishment that will ensure a minimal impact on an administrator's employer while serving as a huge deterent against hackers and against incompetence. Tell them that you appreciate the work being done to patch servers by competent administrators but that if incompetent admins are not kept accountable, you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how poor security harms all three. Let your legislators know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their policies concerning maladministration of computer systems connected to the public Internet.

You CAN make a difference. Don't treat voting as a right, treat it as a duty. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.

Slashdot is like that. Anyone can become moderator - as long as they haven't been unlucky in metamoderation (which many of us who have always tried to be fair have) and moderation ultimately favours the trolls who set up a new account every week, post karma whoring stuff to raise their karma and then moderate according to opinions rather than to whether articles are any good.

Dealing with this issue would involve an overhaul of the Slashdot moderation system, but therein lies a dialema: while moderators who abuse the system have the upper hand, those who would do a good job are modded so that they can't ever get the karma necessary to moderate. Worse, the abusers have multiple metamoderation accounts too and can get good moderators kicked out of the system altogether.

This quagmire of poor moderators destroying the opportunity for good moderators to prevail will not disappear by itself. Resources need to be devoted, and unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.

You can help by getting off your rear and writing to your congressman or senator. Tell them that Slashdot is important to you, but that good moderation is a necessity. Tell them that you appreciate the work being done to improve Slashdot's moderation system by Rob Malda and others, but that if the problem of poor moderators being out of touch and out of control is not resolved, you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how poor moderation harms all three. Let them know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their policies on Slashdot moderation.

You CAN make a difference. Don't treat voting as a right, treat it as a duty. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.

It's difficult for any reasonable person to know where to begin solving these issues. Traditionally, nailing down machines and networks so they are more secure has been seen as the best approach, but there's little anyone can do about having bandwidth used up by unaccountable "hacked" machines, as is seemingly more and more the modus-operandi.

Attempts to trace crackers are frequently wastes of time, and stiffer penalties for hackers are compromised by the fact that it's hard to actually catch the hackers in the first place. The situation is made worse that many of the most destructive hackers do not, themselves, set up anything beyond sets of scripts distributed to and run by suckers - so-called "script kiddies".

Given that hackers usually work by taking over other machines and coopting them into damaging clusters that can cause all manner of problems, less focus than you'd expect is put onto making machines secure in the first place. The responsibility for putting a computer on the Internet is that of a system administrator, but frequently system administrators are incompetent, and will happily leave computers hooked up to the Internet without ensuring that they're "good Internet citizens". Bugs are left unpatched, if the system administrators have even taken the trouble to discover if there are any problems in the first place. This is, in some ways, the equivalent of leaving an open gun in the middle of a street - even the most pro-gun advocates would argue that such an act would be dangerously incompetent. But putting a farm of servers on the Internet, and ignoring security issues completely, has become a widespread disease.

There is a solution, and that's to make system adminstrators responsible for their own computers. An administrator should be assumed, by default, to be responsible for any damage caused by hardware under his or her control unless it can be shown that there's little the admin could reasonably have done to prevent their machine from being hijacked. Clearly, a server unpatched a few days after a bug report, or a compromise unpatched that has never been publically documented, is not the fault of an admin, but leaving a server unpatched years after a compromise has been documented and patches have been available certainly is. Unlike hackers, it is easy to discover who is responsible for a compromised computer system. So issues of accountability are not a problem here.

Couple this with suitably harsh punishments, and not only will system administrators think twice before, say, leaving IIS 4 out in the wild vulnerable to NIMDA, but hackers too - for the same reasons as they avoid attacking hospital systems, etc - will think twice about compromising someone else's system. Fines for first offenses and very minor breaches can be followed by bigger deterents. If you were going to release a DoS attack into the wild, but knew that the result would be that many, many, system administrators would be physically castrated because of your actions, would you still do it?

Of course not. But even if you were, the fact that someone has been willing to allow their system to be used to close the DNS system, or take Yahoo offline, ought to be reason enough to be willing to consider such drastic remedies. Castration may sound harsh, but compared to modern American prison conditions, it's a relatively minor penalty for the system administrator to pay, and will merely result in discomfort combined with removal from the gene-pool. At the same time, such an experience will ensure that they take better care of their systems in future, without removing someone who might have skills critical to their employer's well being from being taken out of the job market.

The assumption has always been made that incompetent system administrators deserve no blame when their systems are hijacked and used for evil. This assumption has to change, and we must be willing to force this epidemic of bad administration to be resolved. Only by securing the systems of the Internet can we achieve a secure Internet. Only by making the consequences of hacking real and brutal can we create an adequate response to the notion that hacking, per-se, is not wrong, that it causes no damage.

This quagmire of people considering system administrators the innocents in computer security when they are themselves the most responsible for problems and holes will not disappear by itself. Unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.

You can help by getting off your rear and writing to your congressman or senator [senate.gov]. Write also to Jack Valenti, the CEO and chair of the MPAA, whose address and telephone number can be found at the About the MPAA page [mpaa.org]. Write too to Bill Gates [mailto], Chief of Technologies and thus in overall charge of security systems built into operating systems like Windows NT, at Microsoft. Tell them security is an important issue, and is being compromised by a failure to make those responsible for security accountable for their failures. Tell them that only by real, brutal, justice meted out to those who are irresponsible on the Internet will hacking be dealt with. Tell them that you believe it is a reasonable response to hacking to ensure that administrators who fail time and time again are castrated, and that castration is a reasonable punishment that will ensure a minimal impact on an administrator's employer while serving as a huge deterent against hackers and against incompetence. Tell them that you appreciate the work being done to patch servers by competent administrators but that if incompetent admins are not kept accountable, you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how poor security harms all three. Let your legislators know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their policies concerning maladministration of computer systems connected to the public Internet.

You CAN make a difference. Don't treat voting as a right, treat it as a duty. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.