Slashdot Mirror

An anonymous reader writes: A few days ago, privacy-oriented webmail service ProtonMail was hit by a massive DDoS attack, which was accompanied by extortion. It turns out they're not the only ones. FastMail has warned that similar attacks could lead to service disruptions this week. They have refused extortion demands, and have been hit with a couple brief attacks already. This follows attacks over the last week on Runbox, Zoho, and Hushmail. Each service has been working with data centers and network providers to mitigate the attacks as well as possible, but they're still struggling with intermittent service disruptions.

Dr Caleb writes "According to the Globe and Mail, 'The Internet surveillance legislation sponsored by Public Safety Minister Vic Toews has disappeared down a dark legislative hole. For all intents and purposes, the bill is dead. If the Harper government still wants to pass a law that would make it easier for police to track people who use the web to commit crimes, it will have to start from scratch.' The bill has been sent to a public safety committee for extensive revision, but it must be debated for five hours on the House floor first, and that won't happen before summer recess. This is a followup to the story we discussed in February titled 'Against Online Surveillance? You Must Be "For" Child Porn.'"

Hugh Pickens writes "The Baltimore Sun reports that in a rare legal action against a government employee accused of leaking secrets, a grand jury has indicted Thomas A. Drake, a former senior National Security Agency official, on charges of providing classified information to a newspaper reporter in hundreds of e-mail messages in 2006 and 2007. Federal law prohibits government employees from disclosing classified information which could be 'expected to cause damage to national security.' The indictment (PDF) does not name either the reporter or the newspaper that received the information, but the description applies to articles written by Siobhan Gorman, then a reporter for The Baltimore Sun, that examined in detail the failings of several major NSA programs, costing billions of dollars, that were plagued with technical flaws and cost overruns. Gorman's stories did not focus on the substance of the electronic intelligence information the agency gathers and analyzes but exposed management and programmatic troubles within the agency." Adds reader metrometro: "Of note: the government says the alleged NSA mole uses Hushmail, which is all the endorsement I need for a security system." Perhaps Mr. Drake was unaware of Hushmail's past cooperation with the US government?

Ringo Kamens writes to ask if the use of Hushmail can still be considered a secure method of communication: "For a long time, Hushmail was considered a very secure email provider until an affidavit (PDF) from a DEA agent in 2007 showed that they had handed over 12 CDs of possibly decrypted data to law enforcement. Now, Cryptome has posted that the Hushmail encryption program is no longer the same program for which Hushmail releases their source. Is Hushmail even safe to use anymore?"

souls writes "The folks at Wikileaks are calling for a boycott against eNom, Inc., one of the top internet domain registrars, which WikiLeaks claims is involved in systematic domain censoring. On Feb 28th eNom shut down wikileaks.info, one of the many Wikileaks mirrors held by a volunteer as a side-effect of the court proceedings around wikileaks.org. In addition, eNom was the registrar that shut off access to a Spanish travel agent who showed up on a US Treasury watch list. Wikileaks calls for a 'global boycott of eNom and its parent Demand Media, its owners, executives and their affiliated companies, interests and holdings, to make clear such behavior can and will not be tolerated within the boundaries of the Internet and its global community.'"

souls writes "Seems like the forces to protect freedom-of-speech in the groundsetting Wikileaks.org case have spoken: Henry Weinstein at LA Times reports that a coalition of media and public interest organizations today urged judge Jeffrey White to rescind the shutdown of Wikileaks.org, which presents 'restraint on free speech that violated the First Amendment,' and is generally considered to become a representative case for free online speech. The dirty dozen organizations fighting for your voice and mine include the EFF, the ACLU, The Times, AP, Gannett, Hearst, the Reporters Committee for Freedom of the Press, and the Society of Professional Journalists. Lets hope that is enough muscle to stop a judge running wild in favor of a bunch of offshore bankers! Meanwhile wikileaks is still going strong via all available other domains, and is currently organizing support and donations."

imipak writes "The Cassini Saturn probe has captured the previously unseen northern polar region of Saturn's moon Hyperion. Its weirdly eroded surface looks like nothing else in the solar system seen so far, demonstrating once again that when it comes to planetary exploration, "expect the unexpected" is more than just glib advice from the Hitch-hiker's Guide!"

David Crumpton writes "Star Trek Producers have finally agreed that Star Trek fans are oversaturated with the show, and are planning to provide a break. This does not mean they wont bring something new to the screen; they will just wait a few years. They are convinced the ratings dropped due to the show competing against other Trek re-runs."

Peter Clark writes "Disk storage has increased tremendously in the past 5 years and the blatant insecurities in the antiquated LM hashing technique have not gone away; though functionality has been added to disable LM hashes, this is not set by default. With some help from Elcomsoft, simple flat files have been created that hold every combination of LM hash for letters only passwords. Jesko has coded a server application which allows you to access this database. Simply telnet to: beginningtoseethelight.no-ip.org on port 2501 and paste in a LM hash. So how does this differ from Rainbow tables? Well this will return a password 100% of the time, using minimal processor power, in approximately less than 0.2 seconds."

browncoat1 writes "A Firefly Mod for Neverwinter Nights is available, based on the cancelled FOX Television show Firefly (by Joss Whedon, of Buffy, Angel, and Titan A.E. fame). The guy who wrote the mod just posted some secret behind-the-scenes photos from the set of the upcoming movie Serenity, based on the show and starring the actors and actresses from the show. It should be a must-see for fans of Firefly or sci-fi TV in general."

heymarcel writes "After a negative review of the Diebold voting machines by the State Gaming Control Board, it looks like Nevada has gone with a competitor for the upcoming election. And Secretary of State Dean Heller is requiring paper receipts. According to the Associated Press story, Nevada is the first state to do so." There's another story about Nevada voting machines as well. zapf writes "It appears that the major e-Voting machine vendors have banded together to form the 'Election Technology Council.'" Reader SemperUbi writes: "Demand for a voter-verified audit trail is really gaining momentum these days. The Voter Verification Act, introduced yesterday by Senator Bob Graham (D-Florida), would require a voter-verified paper audit trail, ban the use of 'undisclosed' software and wireless communications for voting machines, and require mandatory surprise recounts -- all in time for the November 2004 election. Rep. Holt's HR2239 in the House requires much the same thing. Resistance to both bills may focus on the aggressive timetable, but the effort is worth it -- as Warren Slocum once said, democracy ain't cheap. Take that, Diebold!" And finally, a Maryland newspaper dredges up an internal Diebold email that recommends gouging Maryland if the state wants paper printouts for its Diebold voting system.

dss902 writes "We (Department of Computer Science, Rice University) present a new class of low-bandwidth denial of service attacks that exploit algorithmic deficiencies in many common applications' data structures... Using bandwidth less than a typical dialup modem, we can bring a dedicated Bro server to its knees; after six minutes of carefully chosen packets, our Bro server was dropping as much as 71% of its traffic and consuming all of its CPU. We show how modern universal hashing techniques can yield performance comparable to commonplace hash functions while being provably secure against these attacks."

Rainier Wolfecastle asks: "I am looking for information on any webmail providers that support PGP/GnuPG encryption. Up until now I have been using Lok Technology's excellent service, but it appears that they have gone out of business, since their site has been unreachable for over two weeks now. I am aware of Hushmail, but that doesn't work well under Linux. I am considering using Name.Space's LokMail service (based on Lok Technology's..er...technology) but I was wondering if anyone out there has any other suggestions. Free email is coming to an end, and if I'm going to pay for it (which I don't mind at all) then I want a decent product."

rask22 writes "FiringSquad has a interesting new article up discussing the changes at Quantum3D since the demise of 3dfx along with the current military applications of NVidia chipsets. Interesting to see how the US Gov is using all this technology coming out of the gaming sector."

technodummy writes: "Wired is reporting how CERN is driving the Linux-based, EU funded, DataGRID project. And no, they say, it's nothing like Seti@Home. The description on the site of the project is: ' The objective is to enable next generation scientific exploration which requires intensive computation and analysis of shared large-scale databases, from hundreds of TeraBytes to PetaBytes, across widely distributed scientific communities.'" If you're interested in this, check out the Fermi Lab work with LinuxNetworkX data as well as the all-powerful Google search on the Fermi Collider Linux project. As jamie points out, "Colliders produce *amazing* amounts of data in *amazingly* short time periods... on the order of "here's a gigabyte, you have 10 milliseconds to pull whatever's valuable out of it before the next gigabyte arrives".

Hush Communications sent us a press release, which I'll spare you from reading. Normally press crap gets deleted with prejudice, but Hush says they've made their encrypted web-based email compatible with OpenPGP, which would be great news. Does anyone use Hush? Good experiences, bad experiences? (Note that a UK civil liberties group also has a Hush-based site at cyber-rights.net, nice domain name for your email.)

Hush Communications sent us a press release, which I'll spare you from reading. Normally press crap gets deleted with prejudice, but Hush says they've made their encrypted web-based email compatible with OpenPGP, which would be great news. Does anyone use Hush? Good experiences, bad experiences? (Note that a UK civil liberties group also has a Hush-based site at cyber-rights.net, nice domain name for your email.)

Welcome to Slashback for the evening: Yes, another big security problem with the world's second-most popular web server, a slight revision of the plight of Silicon Valley's homeless, and good news from the Indymedia front.

Remember, Free Software Sinks Ships curtS was one of the many to point out that "MSNBC has an article about a security hole you could throw a cat through." This might be more exciting if it was the first time, but jamie posted about a very similar-sounding flaw a few months ago.

Calling off the dogs of war. An anonymous reader writes: "Slashdot reported that Indymedia had received a court order to hand over the logs and other records pertaining to the IMC's coverage of anti-globalization protests in Quebec City. Now FBI has dropped the case. Here is the press release."

phunhippy points to coverage at Wired as well.

This Old House - gr8dane writes "I was just checking out the Sunday posting on /. about .commers in homeless shelters and Salon is running an update to the same story. The previous post prompted quite a bit of feedback on /. and this update article seems to support those who felt the Sunday article wasn't indicative of the industry as a whole. 'John Sacrosante says he went from six figures to a shelter. His friends say there's something fishy in San Jose.' Quite interesting ... "

DoctorZ writes: "In response to reading the recent article about Zero-Knowledge's withdrawal from Linux development for Freedom. I emailed them discussing my concerns along with everyone else's. Here was their response:

'Hello,

We know....

We understand your disappointment. It is not a easy decision. We are not giving up on Linux. Our entire Freedom Network is Linux based!This decision was taken in response to the number of people purchasing the Linux version as compared to the number purchasing the Windows version. While many of us at Zero-Knowledge are Linux enthusiasts, the number of interested Linux users downloading Freedom simply didn't warrant continued development efforts, and we have chosen instead to apply our development resources in a way that will maximize value to our customers.

Once again, thank you for expressing your concerns.

Regards,

Alan"

A reader asks: "I've been tentatively researching existing solutions to enter text without a full (QWERTY) keyboard, and besides touchpads, morse code, and the system used in mobile phones (added with dictionary-powered predictive methods) and some wild gesture-based ideas I've come with the following systems: chording, as exemplified in some of the keyboards in this gallery, and Thumbscript (which is patented). Does anybody know any other good methods to enter text on a limited keypad? This issue is likely to become more important as new, smaller devices of all types enter the market." Interesting question. Devices that are already in the market (and those soon to hit the market) which are designed to be portable in size (but not in functionality), this will be a huge issue. Try editing song titles on today's portable MP3 player or writing a paper on your Palm. It's doable but not very pleasant. Such alternative methods would be a welcome addition to such devices.

rtos asks: "Here is simple question for the Slashdot crew: What is the easiest way to begin encrypting all of my email communications? It's not that I send anything even remotely interesting or secretive... I'm simply tired of government snoops reading my stuff. So it doesn't have to be the worlds best encryption (although ROT-13 might be a little light)... just something to stall prying eyes and foil automatic keyword checking. But for that to work, I would need an system that everyone will use. And even I stopped using PGP because most other people aren't using it. Chicken. Egg. Repeat." If we want encryption to become a part of our everyday lives, encryption systems should be as easy to use as breathing. Once everyone is using it, we can hope to get those silly US encryption restrictions overturned.

"The problem is that in order to use public key encyrption, both parties (sender and receiver) must be using something like PGP. Most of the people I correspond with consider encryption either too complicated or too bothersom to use... with its key generation, signing, encrypting, decrypting, exchanging keys and such. There are always non-public-key systems, but that usually requires both parties to use the exact same software at each end. And then there is the issue of everyone using different operating systems (Windows, Solaris, Linux, etc.). And then there is cost involved for any commerical packages. Of course, there is always HushMail and its ilk, but I don't want to be tied to a web-based system.

For people like me and you, encryption is easy. But that's not the case for everyone else in the world. Why is it still difficult? And what is the best solution to date?"

Hopeful Author writes "I've written a book, totally unrelated to tech, and I'm at the point where I'm going to look for an agent. My book is a 400-page fantasy novel, what will be book one of three or four (or more), in the style of Lord of The Rings, though with my own elements and twists. I have no idea if it's publishable, though I've had good feedback from those who have read the draft." My take on the situation is that self-publishing would be the best bet, but maybe there's a better way.

"I'm perfectly willing to go through the usual submit-and-get-rejected-endlessly process, and I know I need editorial guidance. My question comes in with the assumption that I eventually get through the publishing process. Then what? Fact is, I don't much like the major book publishing companies. Look at how Time Warner is cracking down on Harry Potter fan sites. I think that's terrible. I would be thrilled to someday have fan sites for my own characters -- I would actively encourage it, in fact. And I'm less-than-thrilled about the idea of signing away some of my rights, say electronic rights to my stories and the like. Yes, I may be able to negotiate the contracts, but as a first-time author I wouldn't have much clout.

"So I could publish on the web somehow, but the fact is I like the distribution efforts the book publishers provide. I wrote my book because I want people to read it (yes, money is not my objective, though it would be nice), and to be able to talk with those who enjoy it. If my book languishes on an ignored web site, I'll feel bad. My question then comes down to this:

"What does an idealistic, /.-reading, not-too-thrilled-about-corporatism author do to maximize the quality and distribution of a book? Are there good open-source type solutions to this problem, ones that will reach an audience? Or are the greedy book corps. the best bet, because of their distrubtion methods, even if their other habits make me sick and I'll lose control over my characters in the process? Or am I overreacting cuz I read /. too much? Any suggestions and advice welcome!"

deran9ed writes: "The German foreign office and Bundeswehr are pulling the plugs on Microsoft software, citing security concerns, according to the German news magazine Der Spiegel. Spiegel claims that German security authorities suspect that the US National Security Agency (NSA) has 'back door' access to Microsoft source code, and can therefore easily read the Federal Republic's deepest secrets. Article in German, English article"

deran9ed writes: "Silicon Graphics plans to introduce a version of its Origin 3000 series computer built around Intel's 64-bit IA-64 Itanium processor running Linux, according to SGI Chairman and CEO Robert Bishop. The current Origin 3000 computers from SGI are built around processors from MIPS Technologies and run SGI's proprietary Irix operating system. SGI has not decided as yet on the name for the new product line. Infoworld article."

deran9ed writes "Swedish surgeons have for the first time successfully transplanted a lung from a dead donor with no heart beat, using a new technique that could ease the worldwide shortage of donor organs. Organs used in transplants are normally removed after the donor has been declared dead but while the heart is still beating. The lung is cooled and preserved inside the donor's body so that it can be removed 12-24 hours after the heart has stopped beating."

deran9ed writes ""People can get quite emotional about Python, in a way they rarely get about software," says van Rossum, who is now director of Python Labs at Digital Creations. In this question and answer interview, he explains why Python deserves such loyalty, when it is better to use Python than Perl, and why increasing numbers of business applications developers will be using Python for years to come. THe full article is on SearchEnterpriseLinux"

deran9ed writes "The Department of Energy's Los Alamos National Laboratory present their latest findings from NASA's Lunar Prospector mission at the Lunar and Planetary Science Conference in Houston, Texas. The Los Alamos studies include data on Moonquake activity, further confirmation of the presence of water-ice on the moon, and mapping of iron and titanium using gamma-rays emitted when cosmic rays slam into the lunar surface. Here's the story on spacer.com."

deran9ed writes: "Interesting outlook from an article on IDG detailing the use of encryption, and the negative campaigns against it. "When the Feds -- be they CIA, FBI, NSA, or Treasury Department -- discuss crypto, they make it sound as if anyone using it must be a child pornographer, drug smuggler, or terrorist." I wonder if the government feels the same about corporations encrypting their business plans in order to avoid having them stolen. Here's the article." The author has a point. SSL and SSH (or whatever it's called now) are widely used. But how many people routinely encrypt their email?

deran9ed writes "Folks over at IBM have an article explaining the intricacies regarding the NSA's SE Linux distribution. Included in the article, are the inner workings of the operating system. its features, design architecture. Definitely a nice article for Linux users (especially SE Linux users). Full The review is in IBM DeveloperWorks."

deran9ed writes "After reading an article at Guardian Unlimited, I wondered what was Slashdot's viewers' thoughts on "Hacktivism", the act of hacking for a so called cause, according to a Guardian Unlimited article: Once hacking was regarded as the pastime of attention-grabbing nerds. But a meeting at the Institute of Contemporary Arts in London will be told how credible an activity it has become in the era of direct action. Old-fashioned hacking, the meeting will hear, has given way to hacktivism: a highly politicised underground movement using direct action in cyberspace to attack globalisation and corporate domination of the internet. Either way you cut the cake its still illegal, but is it along the realms of say the Vietnam Era protests, or are hacktivist using this term to promote themselves." The vast majority of so called "Hactivism" just isn't. I think that in most cases the intentions are good, but the folks capable of, say, defacing a website, usually aren't the same folks able to intelligently communicate a message. Instead of looking like political activists staging a sit-in, they look like angry teens spraying graffiti obscenities on a wall which does far more damage then good.

Enoch Root writes: "Nowadays, it seems like the gaming industry is bogged down by an obsession for technological innovation at the price of true creativity in gaming. Ernest Adams of Gamasutra proposes game designers remedy this by pledging to a sort of designer's Vow of Chastity, in the spirit of Von Trier and Vinterberg's DOGME 95. Down with 3D acceleration, it's time for innovation!" I've seen a couple of the movies that the DOGME crowd produced -- both were really good. But the medium of movies is a little different than gaming, so I wonder how will this can carry over.

zakath writes "EETimes.com has an article on Motorola's successful presentation of 256-kilobit MRAM at ISSCC this week (Instant-on PCs anyone?). While they're still far from commercial production (2004 is their target) its nice to see some progress being made. Please tell me RAMBUS has no patents for this tech..."

RFL asks: "SFGate (site of the San Francisco Chronicle) has this feature article describing the unexpected deaths of local Internet Service Providers after they are taken over by large telecommunication companies, leaving the customers totally forgotten. Only after giving it a moment of thought did I realize that a lot of those small ISP's, the ones with those cool cool domain names, were in fact gone. These were the mom and pop services of the Internet, and they provided excellent customer support. I even remember being able to talk to my ISP's administrators on IRC. So is it now fair to say that we have lost yet another battle against those evil corporations?" As it is with most companies that get swallowed up by larger entities, the increase in customer base usually means a decrease in customer support and personal-touch that made earlier ISPs so successful. Is there still room for the small-time ISP in today's market or has dial-up Internet become solely the realm of big-time providers?

RainMan writes "An article on an interesting combination of some existing technology pieces. Take your basic privacy web proxy portal and then wrap all the return traffic in SSL encryption. You get Safeweb." This is another contender in a somewhat crowded marketplace. I used it briefly but didn't find it to be anything special. Does anyone use this service?

sConner writes: "I know the CNN 2001 articles were mentioned, but I believe this one deserves special mention. It's a little piece about the role of AI on one of NASA's unmanned spacecraft currently in operation. Not much detail, but Deep Space 1 seems like a nifty fellow!" I'm not sure this merits the title "artificial intelligence", but it is impressive nonetheless.

mhhelle asks: "I live in a co-op with non-profit status. We are looking at starting a website to distribute information for current and prospective residents. I'm wondering if there are any ISPs that provide discounted or free service to non-profit organizations. We have few requirements-- enough capacity for some nice graphics, possibility of database access (using MS Access (I know...)), posting PDF files for download, cgi-bin, and the ability to use our own domain name. I'd estimate less than 500 hits per day, so I don't imagine that we would require a lot of bandwidth. Does anyone have any suggestions?"

The Alpha noted this, but several others have told us as well that ebay is hosting auctions for several playstation 2's... some of which have broken a grand. Nice little profit margin there ;) Conspiracy theorists propose that many folks (Jon Doe, Retailers, or Sony!) are raking in huge profits on the things. Hope the system is worth it. [Updated 27 Oct. 2:15 GMT by timothy:] the3dmaniac writes: "I was just looking at the auctions for PS 2 systems at ebay and found this very disturbing sight. The craze has gone overboard, time to make some cash while it is still hot." Whoah -- check that price. Errr, so this would be the "premium" gasoline, sir?

dschl writes "There is a draft article linked from NanoTechnology Magazine about Open Sourcing Nanotechnology Research and Development. It is written by a sociologist, and covers some interesting issues including patent pooling, open source licensing for intelluctual property in Nanotech, and increased safety by using an open source model. "

zakath writes "This story on Techweb is telling us that Rambus' legal dept. is still working overtime - going after Transmeta and AMD this time." Well, its trickier then that. They're trying to reach out of court deals, but the article has a lot more info about Rambus and assorted acronyms that they're trying to get money for.

Spasemunki writes: "The NYTimes has a piece today on an agreement reached among I.B.M., Compaq, Hewlett-Packard, Sun Microsystems and several other developers to create the Gnome Foundation, a developer consortium that will undertake, among other things, the creation of a standardized desktop interface for Linux, and a suite of productivity programs designed to compete with MS office. As the name might imply, their efforts will center around the Gnome desktop manager, with Sun moving to adopt Gnome as the GUI for Solaris. Looks like some big names are getting interested in putting Linux on the desktop."

morton2002 writes: "I read an awesome interview of Amiga head honchos by IBM's developerWorks folks. (Linked to from a cool microprocessor news site, www.jc-news.com/pc.) They discuss Amiga's new technology and marketing tactics, suitably referred to as the 'new Amiga.' Instead of developing new Amiga hardware, they're using a code-morphing virtual-machine to run on existing platforms ... but most notably it will translate their 'VP' code into native instead of interpreting it, running blindingly fast! Not only that, they'll be bringing awesome hardware acceleration to OSes like Linux when they port their VP translators to various videocard processors, allowing the 'new Amiga' to run directly on graphics-intensive hardware ... just like it used to!"

Reader Upsilon points to the same interview, saying "I have to admit, some of the stuff sounds very interesting, but it is hard not to be skeptical." (Anyone holding your breath, please raise your right hand so you can be counted before you keel over.)

Spasemunki writes: "ZDNet is carrying a story today on the new partnership between Lloyd's of London and Counterpane to offer 'hacking insurance' to businesses with big, expensive net presence. Is this a good-for-business acknowledgement that even the best security framework has flaws, or companies stepping back from protecting their customers in favor of covering themselves? According to the CTO of Counterpane, e-commerce businesses 'don't have to prevent hacking; they have to manage their risks.' Interesting perspective from a security wonk." Of course, I'd rather have cracker insurance.

Spasemunki writes: "This link showed up on Ars Technica the other day. It's an article on Brill's Content on the sociological impact of a society where the younger generation has all the technical know-how, and parents are left to seek the advice of their kids on how to keep things running. It discusses patterns in computer use and knowledge, and the rising economic and social power of the young and computer saavy. Includes some words from Shawn Fanning of Napster fame."

Paranoid Diatribe asks: "I'm a Unix admin for a scientific computing environment at a large public university. In the past few weeks, I've had the (dis)pleasure of dealing with several vendors to get their applications re-licensed to run on various machines. These are vendors of scientific applications like MOLGEN, apps from MSI, and S-PLUS. There are many others. The majority use the most evil of license managers, Flex-LM. I spend more time messing with Flex, license key files, and calling the damned vendors than I do actually administering the boxes they run on. As such, I am becoming very disenchanted with these commercial vendors. Is there a compilation of alternative scientific computing apps (GPL, BSD, or other open license would be preferable) and how they match up to their commercial counterparts? I'm aware of Freshmeat.net and a small list at the OpenGL site (though many of these are commercial as well), but I was wondering if there was a better list of such apps."

jareth780 asks: "One of the wonderful things about MODs/S3Ms is that they can be taken apart and the various pieces used to make a new song (much like source code). With the advent of software such as FruityLoops, it's now possible to make high-quality music on your desktop PC, with exporting directly to MP3. I'm wondering, if someone started an open project where all developed music (in FruityLoops, it's .flp files) and samples were published and freely modifiable, would anyone take to the idea of adding to the project?"

Eupolis writes "Reuters reports that Linuxcare has withdrawn its IPO filings, and is now cutting staff to try to keep from running out of money. " As well as the report from Reuters, News.com has an analysis of the situation as well.

KnobDicker writes "Wired News reports Symantec is pressuring the ISP that hosts the Peacefire anti-censorware organization." Peacefire's founder, Bennett Haselton, wrote a decryptor for Symantec's software's blacklist and posted just that. His tests found that 76% of its .edu blocks were incorrect and that the software violates its privacy policy. Symantec's response? Threaten a lawsuit. But Peacefire isn't backing down. More below...

Let's first get the facts straight. Peacefire has not posted copyrighted material. It has posted code to decrypt I-Gear's encrypted blacklist. This is exactly like the DeCSS case, except the goal is criticizing a product instead of space-shifting movies.

The criticism here is that 76% of the .edu-domain blocks are wrong. This is a huge number. This suggests that, for every time the product blocks you from offensive material at an .edu Web site, there are three other times it blocked you from perfectly ordinary material.

While there are some people (like Bruce Taylor of the National Law Center for Children and Families) who would like to deny it, nobody's making this stuff up. Censorware really does suck. In fact, Peacefire did the same thing to X-Stop, another blocking package, two weeks earlier, and found a 68% .edu error rate. (But its maker hasn't threatened to sue. Yet.)

So what did Peacefire learn about I-Gear? A description of a milking machine system written in Spanish - blocked. Tricks for a flight sim game - blocked. A page entirely in Latin - blocked. Volumes 4 and 6 of "Decline and Fall of the Roman Empire" - blocked (but you can still read Volumes 1, 2, 3, and 5, go figure).

Furthermore, Peacefire revealed that Symantec is apparently violating its privacy policy by sending information to its servers without telling the user. Your Windows-registered "real name" and "company name" secretly get sent back to Symantec.

You may recall Haselton's Slashdot story "Keep it Legal to Embarrass Big Companies," from two weeks ago. He wondered if these kinds of pressure tactics would be the response to his efforts. It's already started.

The legal issue appears to be whether Symantec's End-User License Agreement (EULA) can contain a clause prohibiting reverse-engineering - and whether that clause can be enforced. UCITA will be the thousand-pound gorilla here, providing real legal muscle behind onerous EULAs. Fortunately, the current legal situation is more iffy, and cnet's story talks about that a little.

Symantec wants to distribute I-Gear only on the condition that nobody looks under the hood or says anything bad about it. And UCITA would back that up - by sending people like Haselton to jail for revealing products' flaws.

And then there's the question of why Symantec is using lousy crypto in the first place. As KnobDicker concludes: "Rather than being thankful that Haselton has conducted testing and work that they should have done themselves in the first place (for *free*), Symantec is crying in their beer and threatening to break out the lawyers to quash the bad press. Chalk up another one for the Open Source model's system of thorough peer review instead of development in a proprietary vacuum."

BillG writes "So people can do more that one job at the same time. And if this report is to be believed, we can do it much more efficiently. After all human brain is THE most powerful computer. " So that explains how I can do e-mail and post at the same time.

Cal Godot writes "I've come across this interesting company, HUSMAIL.COM, that provides secure, encrypted, web-based email. They're pretty new, still working out a few kinks, and want people to take a look. (Bug reports should be sent to bugs@hushmail.com, by the way.) The URL is https://www.hushmail.com The whole thing works via a Java applet, and requires the latest-greatest web browsers. Source code is also availible. It's all built around public/private key encryption, using a 1024-bit Diffie-Helman scheme. "