mccarthy.org · Domains · Slashdot Mirror

Non-Decision On Toysmart.com

Yro · Privacy · 2000-08-17 11:30 · posted by jamie · from the throw-the-fish-back dept. · 8 comments

A bankruptcy judge has refused to prohibit Toysmart.com's customer information from being sold as an asset against its debts. See the New York Times or the AP wire (CNET) version. Judge Kenner notes that objections may be raised later, and believes that in the absence of a buyer, any decision now would be premature. This case is key because, if the web's privacy policies are not guaranteed after a company goes belly-up, they're mostly toilet paper. But the lawyer for the now-bankrupt company argued that the privacy contract between TRUSTe and Toysmart, allegedly guaranteeing visitors' privacy, "like others in a bankruptcy proceeding, may have to be broken in order to realize the highest value for creditors in a sale."

That lawyer went on to say that the "adverse publicity" raised about the auctioning-off of your privacy made it hard to find a buyer for your personal information. A shame. "Now we're back where we started."

Why is he so worried about not finding a buyer? Because information about customers is valuable. Don't let corporations pretend otherwise. Selling who you are and what you buy can be a substantial source of revenue; as far as these companies are concerned, that's just one of their assets, like their cash in the bank or their real estate. Toysmart will continue to try to auction off those databases, probably after media attention dies down and it becomes easier to make the sale quietly.

And sadly, even if privacy prevails this time, it may not be important enough to set precedent, since the presence of childrens' information makes the Toysmart case "unique."

Update: 08/18 04:09 AM by J : For background info on the dot-com going-out-of-business process, check out this PlanetIT article. Note in particular that it can be hard for many dot-coms to find any tangible assets to sell, thus, customer data becomes more important.

Slashback: Spookiness, France, Reds

Slashback · 2000-07-25 12:30 · posted by ryuzaki0 · from the swm-seeks-sf,-must-own-frisbee dept. · 154 comments

Imagine a novelist, trapped in a nightmarish world of credit cards and micropayments, facing devilish odds and the belligerent stares of publishers everywhere ... picture a team of hackers brazen enough to break into dozens of secure government sites without incurring a single lawsuit ... scream in terror at the thought of mutant penguin-kangaroo hybrids swimming deviously onto our shores ...

Revenge of the naysayers' naysayers: Just yesterday, jamie sallied forth with the theory that Stephen King was setting himself up for disappointment by expecting enough paying customers for his new online book to justify the experiment.

jheinen writes, though, "According to MSNBC, of the 41,000 downloads for the first installment so far, 32,000 (~78%) have already paid via credit card. Kinda shoots to hell the theory that people won't pay."

[Jamie adds: I stand by my prediction that "Stephen King is never going to have to publish the end of his novel." I'd love to see him succeed, but I just don't think so this time around. We'll see in September!]

Red Five, I'm going in. You may recall the story a little while ago about a distributed anti-cracking bot at Sandia National Laboratory. Rest assured, those clever folks don't confine themselves to practicing only one side of the ol' thrust-and-feint.

In fact, leb writes: "Over the past two years, a group at Sandia National Laboratories known informally as the Red Team has, at customer invitation, either successfully invaded or devised successful mock attacks on 35 out of 35 information systems at various sites, along with their associated security technologies. Their work - challenged only by a new style of defense, also developed at Sandia, called an "intelligent agent" - demonstrates that competent outsiders can hack into almost all networked computers as presently conformed no matter how well guarded, say spokespeople for the group, formally known as the Information Design Assurance Red Team or IDART. Check out their site here."

Stir, leave plot overnight to thicken. vjlen writes: "Now it sounds like corinthians.com is just another cybersquatting case. From an article in USA Today: 'But the case is not as black-and-white as it seems, says Dave Fogelson, a spokesman for the team, which recently put up its own site in Brazil. Fogelson says the arbitrator had to consider several factors, including the fact that Sallen did not use the site for Bible quotes until after he contacted the team to talk about selling the name, which suggests his main motive was profit.'"

Or ... or ... or ... we'll strike! stattouk writes "The BBC has a story on a court case currently happening in France over whether Yahoo France can be held responsible for people being able to access auctions of Nazi memorabilia. The courts say that even though fr.yahoo.com has blocked access, the fact that www.yahoo.com can still be used to get them amounts to no action by Yahoo." Asking Yahoo! to block Internet auctions in the first place seemed rather stretchy; now it seems that Yahoo! is supposed to police the entire world.

Penguins do come from that hemisphere, after all ... Tsujigiri writes "To follow up a previous story on Slashdot about the Australian InstallFest 2000, Fairfax IT is running this story about the recently held (well, July the 15th) Adelaide InstallFest 2000 and its "unexpected surge in interest". Quite successfull all round. Congratulations to all involved, and good luck to the rest of the Australian Install Season. (For anyone who'd like to see some pictures, go here)"

If there's an "install season" down there, one questions leaps to mind: Is there a limit on those things?

Interview With Mike Sklut

Features · Censorship · 2000-07-15 05:45 · posted by jamie · from the kids-these-days dept. · 113 comments

"AOL wants your children to be safe online," using their Parental Controls. There's just one problem with their censorware. You can see any site you want by appending a "." to the hostname - and this has been true since at least 1997, when Mike Sklut of newriot.com discovered the simple exploit. At the time, he was 11 years old. Despite his having told a few thousand of his closest friends, AOL didn't wise up to the fact until yesterday morning. Mike's out of town at a baseball tournament, but we managed to trade e-mail with him about his early hacking years. Update: 07/17 02:59 PM by J : Other censorware suffers from the same vulnerability. Sheesh.

Slashdot:

What does Parental Controls do?

Mike Sklut:

Parental controls block certain Web sites that AOL lists on their system. When you type in a URL, tokens are sent through your client to the AOL proxy requesting a site. The screen name is verified, and if you are on any three of four settings, the proxy may or may not send you the information.

These settings not only block certain Web sites that AOL lists, but also certain features of AOL. For example: kids only can't access most main features of AOL such as instant messages, and many e-mails are blocked unless the controls are set further.

Also note that if you are not set on 18+ (the very highest setting), then no sockets applications are allowed to connect to anything. It does not give your computer any connection to the Internet except through the AOL client.

Can you describe the hole?

This hole affects all AOL users who are set on mature teen (16-17). This exploit (or trick if you will) is simply done by adding a "." at the end of the second level domain extension. For example: if you're trying to get into 'newriot.com' and it gives you the classic "Web restricted error," just type in 'newriot.com.'

How'd you learn about it?

Just over three years ago (I must have been in fifth grade at the time), a friend and I were trying to get into altavista.com to do research for a project. I was set on young teens at the time, and I believe he was on mature teens. (Note: this trick used to work on young teens as well as mature, but it now seems to only work on mature).

Anyway, we couln't get in, each of us, because altavista was believed by AOL to have adult ads or something, so it was blocked by AOL. We were just messing around with the URL, adding characters here, port numbers there, and all of a sudden I got into it. It happened unknowingly and it took me a minute to figure out how I actually did it.

A small thing, but it proved to be a popular trick for a time with my friends.

Is this useful for anything besides looking at porn?

I knew this question would come along. =] Research projects? Well, seriously, if you needed something that AOL didn't like (other than porn); warez, pages with cussing or swear words on them.

I never used it much at all; soon after that research project, I got into Web design and my parents had to change me to 18+ to use sockets applications for publishing to my site. It worked great for me though; I told all my friends (and more) who tried to take credit for it, and that really made me mad.

If you just needed to do research, why didn't you just talk to your parents about turning the controls off?

They had already gotten mad at me before. I had gone on my dad's screen name and changed my controls (back and forth multiple times) to do other stuff that required an Internet connection that was external from the AOL client. Once or twice he caught me and got mad, and he had refused to change them before because I had done it without his permission; he really didn't care if I had other stuff that I wanted to do (IRC, FTP, and I think that was all I did that required a connection at the time).

How many kids did you tell about this?

In the last three years I would guess I would have told at least 5000 people about it. Since I learned about the trick I have lived in three different states (IL, MA, and MI). I usually told a ton of my friends.

And, you have to add me publicly talking about it on my old Web site (emall2.com, which I am currently battling out with the owners of emall.com over trademark infringments). I posted it on there on a sub site (some AOL tricks thing) just about a month before it was taken down; I got about 500 "THANK YOU SO MUCH" e-mails about it, and my hit counters showed thousands of hits to that one page.

Did you know when you posted it on your site what would happen? (Are you sorry you tipped off the media, or are your friends ticked off at you for revealing the secret?)

I rushed into getting the site up, and I needed pretty quick publicity. The site is not 1/4 done yet, and the our first major staff meeting isn't until next Monday. I had to post about some big news that someone might be interested in and come to the site to look at, and this seemed to be the thing. It was horrible timing, and I wish I would have done this in two weeks from today, when most of the site is up. I got a ton of e-mail telling me about how good the site will be, and wondering where all the content was. I absolutely knew this would happen, and I'm very glad that I did it (but the timing was off, as you can see), and I'm very glad of the results.

I'm very happy I tipped off the media. I hate America Online, as I have for years (various reasons), and this just makes them look bad (bad in some people's eyes, horrible in others).

My friends (about 15 so far) e-mailed me screaming about how happy they were to see me on news.com, yet very mad at me for this is their only source for getting out of AOL's controls. Next week I'll post how to use proxies, so they can get around it once again.

I'm also working on getting a new NPH wrapper (if you can help I'd love it because I can't figure out how to do this) for the server so it can understand some of the commands in my cgi-based proxy app.

Has AOL patched it up yet?

Last night [Thursday, July 13] I called them (as a very concerned parent) asking them if my son (who I said was set on mature teen) was at risk.

The man I spoke with "absolutely assured" me that he was safe and AOLs parental control system was "100% fullproof". I told him about newriot.com and news.com's articles on it, and he tried it out. He was very suprised to see that he could get into a restricted site with the account he had made set on mature teens. He told me this was the first he had seen of this, and that he would tell his supervisor of the incident. He then told me that he was very sorry about the problem and he was sure something would happen fast. I thanked him.

Today [Friday], around 10:38 AM EDT, I tried it, and was suprised to see that it was fixed. I never knew AOL was quick with anything these days.

Your site mentions "several other methods" but doesn't give details yet. Can you give us a hint?

Yea sure. =P

1 - proxies

2 - using staff tools to force certain tokens through the proxy. This gives you access to any Web site (and many staff areas on AOL that aren't on stratus)

3 - once again using staff tools to create hybrid forms that will go through other proxies that can be searched for

Proxies will always work and always be around for the rest of history; AOL won't get a work around these for many years. Even when they do get something to decode pictures and sites through proxies, there will still be encryption. Staff tools will let us get through easily on the 'younger' settings, but the kids that use them would be breaking the law by using the tools themselves (I think), and might not be technical enough to use them.

Your site also says you're going to put up a tutorial on forging e-mail. Do you like poking around computer security, do you think you'll keep doing it?

The tutorial for forging e-mail was already put up on the old design for newriot.com. I recently gave her a facelift, and deleted all the old stuff to put into the new template for the site. I have had it all ready to go for a while, I just can't upload it until I get to my house and out of this baseball tournament.

I've been messing with AOL's security for a while now, and about a year ago I got a little out of AOL and more into the main Internet thing. The first hackers conference I went to was this summer (rubi-con) and I hope to get to go to some others (the problem is my parents and transportion).

Poking around at online security is a blast. It just infuriates me all of the Internet users that think of themselves as "elite" just because they can scam a password from some staff AOL account, or the people that go around causing havok online and think they are the best. These are the idiots that ruin it for the all of us, and I'm also very sorry to see all the newbies looking to them, who will one day become one of them.

Anything you'd like to say to parents who have trusted Parental Controls to keep their teens safe on the Internet?

If your kid is half-way smart and is a quarter computer literate -- he'll get around it. There are plenty of sites that will show you how to use proxies that are very easy to understand.

What's the best (and only) way to make sure your teen (or kid) isn't looking at stuff online you wouldn't want him/her to be looking at? -- Don't have kids. In today's world many kids have external access to the Web; off-home surfing. Their friends have it, their school has it, their public library has it. So much access to this. If any or all of these are using filtering there are always ways around it.

Are your parents going to get mad when they see this interview?

My parents wouldn't ever see it without me telling them about it, and even if they did they wouldn't read it. And even if they read it, they wouldn't get mad. So all in all; no, they'll be fine. Thanks.

An Overview Of PNG; Mozilla M17 (Updated)

Tech · Mozilla · 2000-06-26 20:30 · posted by jamie · from the mille-bornes dept. · 221 comments

Mozilla's latest milestone, M17, arrived today(ish); early adopters, go thou and download. And while you're waiting, check out this summary of the state of the art of PNG written by Greg Roelofs. PNG is ready for prime time in its Mozilla incarnation (though there are a few outstanding issues). Imminent takeover of the net predicted. Film at 11. Update later by J: OK, so M17 isn't available yet. Mea culpa; Greg and I misread a planning page. Here are Greg's comments/corrections to clear up the matter.

PNG, MNG, JNG and Mozilla M17
26 June 2000
by Greg Roelofs

PNG support in Mozilla has improved greatly over the last few releases ("milestones"), and with each milestone comes a corresponding Slashdot posting and a lot of discussion. Unfortunately, not all of the discussion is entirely accurate, so here's a preemptive posting that attempts to update folks on the status of PNG support in Mozilla and other apps and to clear up some of the more common misconceptions. (This seems to be an annual event...)

Home Page

First of all, the PNG home page got booted off of cdrom.com in early March, and in early May it settled into what should be its absolutely final home:

This is currently hosted on freesoftware.com, Walnut Creek CD-ROM's new site for free software (quel surprise!), but if something should ever happen to Walnut Creek, libpng.org will be redirected appropriately. (On a related note, the new zlib URL is http://www.info-zip.org/pub/infozip/zlib/, which is also currently hosted on freesoftware.com.)

PNG Features for the Web

Insofar as this is ostensibly a Mozilla posting, let's have a brief rundown of the PNG features that are most useful to Web designers:

alpha transparency - This is geek jargon for partial or variable transparency, and it lets you do nice effects that are independent of the background color(s), such as antialiased (non-jaggy) text, drop shadows, gradient fades, and translucency. PNG not only supports a full 8-bit alpha channel in grayscale and RGB images but also what amounts to an "RGBA palette" in colormapped images. The latter lets you do nice transparency without a huge hit in file size. For example, all but one of the transparent images on my PNG alpha-transparency test page are 8-bit or less; the lone exception (one of the toucans) is a 32-bit RGBA image, virtually indistinguishable from its 8-bit cousins. Note that PNG supports only unassociated (non-premultiplied) alpha, since the alternative is not lossless.
gamma correction - Gamma allows you to display the same image on different platforms without looking too dark on some and too light on others. For best results it does require that both the designer's display system and the user's be calibrated, but even educated guessing is better than nothing in a viewing program (which is what Mozilla does). Warning! Watch out for Adobe Photoshop; version 5.0 had a serious factor-of-two bug in its PNG gamma support, and 4.0 also had some problems. (Things seem to be fixed in 5.5, however.)
color correction - Where gamma has to do with image "brightness," color correction has to do with rendering shades of color precisely. PNG supports it, but not many applications do; it's pretty tricky to get right. Note that Photoshop 5.5 writes incorrect PNG "iCCP" chunks, and this will crash applications based on libpng 1.0.6. (Older versions of libpng ignore the chunk, and the soon-to-be-released libpng 1.0.7 will work around it.) Also note that feeding a valid iCCP chunk to PS 5.5 will hang it.
compression - A lot of people have some seriously crazy ideas about PNG's compression. Here's the straight dope:
- PNGs tend to be 15% to 20% smaller than equivalent GIFs on average. There are some GIFs, particularly 32- or 64-color ones, that are smaller than the best PNGs, but usually by only a couple of percent. There are also many that are more than twice as large as the corresponding PNGs, but these tend to be tiny images. (One exception is this image, which is dimensionally rather large yet only 1/3 the file size of the GIF version.)
- PNGs tend to be much larger than standard JPEGs. JPEGs are lossy, while PNGs are lossless; for natural (photographic) material, no lossless format can compete with JPEG--PNGs will typically be 5 or 10 times as large. On the other hand, for simple graphics or text-filled images with relatively few colors and sharp edges, JPEG is much worse, both in quality and in file size. (This means you, Slackware guys!) Use the proper tool for the job--no single image format is best in all cases.
- PNG is roughly comparable to JPEG-LS, the new lossless JPEG standard. On the Waterloo BragZone test suite, JPEG-LS beat PNG by 5% to 10% on natural images, but PNG beat JPEG-LS by 35% to 270% on "artistic" images. YMMV.
- PNG's compression method can be implemented in such a way that it is completely free of all known patents, but it can also be implemented in such a way that it infringes on patents held by PKWARE, Stac and others. You can guess which way zlib was written. Folks who are neither rich nor expert in patent law should probably stick to zlib- and libpng-based implementations.
- Unlike (LZW-based) GIF, in which the compression is basically deterministic--that is, you end up with pretty much the same data regardless of who does the compression--PNG's scheme leaves a lot of room for optimization. Some programs do a good job, some don't. The GIMP happens to be one of the good ones, as is pngcrush. Photoshop traditionally has been one of the not-so-good ones, although version 5.5 includes a "Save for Web" option that presumably invokes ImageReady. ImageReady 1.0 was mediocre and reportedly isn't much better in its current release (i.e., pngcrush beats it by 15% to 25%), but it is better than Photoshop's normal "Save as" option.
- The compression engine can't help clueless users who perform apples-and-oranges comparisons. If you start with a truecolor image and save it as both GIF and PNG, chances are the PNG will be 24-bit while the GIF will be 8-bit. Guess what? It's pretty tough to overcome that initial 3:1 deficit, no matter how good your compression engine is. (If you're not sure what kind of PNGs you have, check!) Also don't add a lot of text annotations to the PNG--unless you do the same to the GIF--and especially don't add a useless alpha channel to opaque images! (That last is directed at the Burn All GIFs folks...) Recompressing an image after it's been through JPEG compression is also a bad idea; JPEG leaves a lot of nasty little artifacts (often invisible to the naked eye) that screw up non-JPEG compressors.
interlacing - PNG's interlacing scheme is two-dimensional, much like progressive JPEG, but unlike GIF--which uses a one-dimensional, line-based scheme. The upshot is that an interlaced PNG with text in it will be readable roughly twice as soon as the corresponding interlaced GIF.
animation - Nope. But see MNG, below.
MIME type - image/png. If PNG images on your server show up as broken images within Web pages and as gobbledygook text when referenced directly (i.e., as standalone URLs), you probably don't have the MIME type set up correctly. On the other hand, if they show up correctly for MSIE and some versions of Netscape but not others, you're probably running Microsoft's IIS server. Technically it's a bug in older versions of Netscape (versions 4.04 through 4.5), but consider switching to Apache anyway...
browser compatibility - We'll get to that in a moment.

PNG Extensions and the Future

PNG is extensible. PNG is lossless. PNG is a single-image, raster (bitmap) format. One of its overriding design goals was backward compatibility. As a result, don't expect to see any sort of lossy compression methods (JPEG is doing a fine job of that, with the exception of transparency--but see JNG, below). Also don't expect to see any vector-based extensions--SVG with gzip content-encoding has that covered. Indeed, don't expect to see any new, incompatible compression methods for quite a while. Until there are lossless methods that can, on average, halve the size of PNG images, the cost in software compatibility is far too great. (Keep in mind that there still browsers that don't support progressive JPEG, and that was a relatively trivial change! And let's not even talk about JPEG 2000...)

PNG is also not going to become an animated format. Leaving multiple-image support out of PNG was a conscious design decision by the PNG development group, and it's still the right decision. Overloading a still image format with animation or video features merely confuses users and Web browsers, which have no way to distinguish still images from animations without prying into the data streams (which usually means downloading them first). Developers who prefer to program monolithically can always program for MNG instead; it's architecturally identical to PNG, and PNG is a pure subset of MNG.

Related Formats

MNG: As the previous paragraph suggests, the animated version of PNG is called MNG, for Multiple-image Network Graphics. It supports looping (including nested loops), clipping, deltas, and other features, plus everything PNG supports--including alpha transparency, of course. The home page is here:

Since this spring, a free reference library, libmng, has been under development by Gerard Juyn; its home page is at:

http://www.libmng.com/

Note that the MIME type is video/x-mng; it has not yet been registered with the IETF. Undoubtedly there will be many misconfigured Web servers in coming years...

JNG: JNG is short for JPEG Network Graphics and is a proper subset of MNG, just as PNG is, but it's worth a separate mention. The idea is to combine the best of both worlds: JPEG's excellent compression and PNG's incredibly spiffy alpha transparency and color correction. JNG is almost identical to PNG, but in addition to standard IDAT chunks (which in JNG contain the alpha channel), there are also JDAT chunks that contain a standard JPEG/JFIF stream (suitable for handing off to libjpeg). From a developer's standpoint, if you've got support for both PNG alpha and ordinary JPEG/JFIF, adding JNG is a breeze. Of course, JNG is also supported by recent libmng betas. Its MIME type is image/x-jng.

Browser Status

Most browsers have supported PNG since at least late 1997 (when Netscape Navigator and Microsoft Internet Explorer finally did), but almost without exception, their support for alpha transparency has been abominable. Amazingly enough, it seems that 2000 may be the year that browsers finally support it, more or less ubiquitously. In April alone there were three newcomers, with another in May; so far this year, the total has more than doubled. Here's the current list of browsers that at least attempt to do alpha transparency correctly, with their supported platforms indicated in italics. If screen shots of the PNG alpha-transparency test page are available, they're linked to the browser name:

Arena (Unix/X) - this was the first browser with good alpha support (at least for Unix, and I think anywhere). It died in 1998, however, and the final release tends to core-dump on PNG images. It always used its own "sandy" background pattern rather than that specified in the HTML. (Very old screen shot.)
Browse (RISC OS) - Acorn's browser was the first to fully support PNG transparency and gamma correction, including background images, but it died along with Acorn itself in June 1999. The browser may or may not eventually show up in Pace Micro's digital set-top boxes. (Very old screen shot.)
iCab (Macintosh) - this was the first Macintosh browser to support alpha transparency (since the 1.8 beta), but it doesn't do gamma correction yet.
ICE Browser (Java) - ICEsoft's commercial browser for Java reportedly has full alpha support, but I haven't verified that.
Internet Explorer (Macintosh) - version 5.0 added superb PNG support, including alpha, gamma and color correction. This is probably the best PNG-supporting browser available today. Unfortunately, the Windows and Unix versions seem to be a completely separate code base, so there's no telling when (or if) they'll have equally good support. (See the browsers page for details.)
Konqueror (Unix/KDE) - I just heard that KDE's file-manager-cum-browser has full alpha support, but I haven't had a chance to check it myself. I'll try to get some screen shots added soon, however.
Mozilla (Macintosh, Unix/X, Windows) - alpha was enabled in April, though there are a few gotchas: the Windows code is currently broken (bug 36694 and 19283, to be fixed by beta3), and the X code is a slightly nasty hack--it looks beautiful on 24-bit displays, but it's slow when scrolling, and the quality for users of 8- and 16-bit displays will be relatively poor. Nevertheless, it's a vast improvement over the previous code, and it's basically the only game in town for Unix users. Note that the infamous PNG interlacing bug (3195) was fixed in May, and Tim Rowley checked in initial MNG and JNG support on 12June.
NetPositive (BeOS) - version 2.2, released in April, added support for alpha transparency; but like iCab, it doesn't yet do gamma correction. (It also doesn't display interlaced PNGs progressively.)
Netscape - see Mozilla (which is basically what Navigator 6.0 will be).
Sega Dreamcast Web Browser (Dreamcast) - version 2.0 of Planetweb's browser for the Sega Dreamcast game console, released in May, fully supports alpha transparency, but I don't have any screen shots yet.
Webster XL (RISC OS) - R-Comp's RISC OS browser is claimed to have full alpha support, but I don't have verification, and it doesn't appear to be under development anymore.
WebTV (WebTV) - surprisingly enough, WebTV has decent support for 32-bit RGBA PNGs, but its support for palette transparency is broken. In principle it should be easy to fix, but then again, it's a strange platform. (Note that the fonts look considerably better on a television screen.)

Honorable Mention goes to Siegel & Gale's PNG Live plug-in for Netscape, which was the only plug-in ever to manage alpha transparency (in Windows only). It died before ever getting out of beta, though, and plug-ins in general are useless for PNG. So is the HTML 4.0 OBJECT tag, but don't get me started...

Other Apps, Libs, etc.

I currently list some 500 distinct PNG-supporting packages (more if you break things like Microsoft Office into their constituent parts) in 8 categories (soon to be 9 or 10), not to mention a dozen pieces of hardware. PNG has now reached the point where even freeware authors generally don't bother to tell me when they've added support; it's largely taken for granted. (I do occasional Freshmeat sweeps, but I usually don't have time, and many entries don't mention PNG even if it's supported.) Quite a number of the apps include full source code, by the way--which is the way it should be, of course. ;-)

Within the libraries-and-toolkits category, there are a surprising number of independent PNG implementations (either encoders or decoders or both), including ones in C, C++, Java, JavaScript, Pascal, and even Ada95. PNG is now a standard part of Java 2 SE 1.3 and Tcl/Tk, and it is the main image format in the popular gd library and all of its Perl-based derivatives. In turn, this has led to its online use in areas as diverse as server statistics, chemical diagrams, computer-generated mazes, and weather maps.

Even better, PNG is the native, internal image format for a number of major applications (including Macromedia Fireworks and Microsoft Office), and it's becoming a popular icon format for advanced GUIs. It also ships as a standard part of BeOS, via the Translation Kit, and it's supported natively in the Windows Me shell (and possibly in Windows 2000 Professional).

Conclusion?

Ordinarily I'd mumble something about how PNG has finally achieved massive studliness and will soon be taking over the world, but what the hell--it has, it is, and if it's not obvious from what I've already written, another couple of lines won't make any difference. Go forth, visit the web site, write code, make lots of PNGs, etc., etc.

And Microsoft, pleeeeease get on the ball with Internet Explorer for Windows and Unix...

EBay Pulls MS Auctions, Neutralizes Complaints

Microsoft · 2000-05-29 04:15 · posted by ryuzaki0 · from the I-would-like-to-neutrally-despise-you-please dept. · 338 comments

melaniemad writes: "I haven't seen this story anywhere else but kuro5hin. Microsoft has set up a user account on eBay: msoft@buddy.ebay.com. They apparently use this account to shut down auctions of Microsoft software. This has resulted in a lot of negative feedback, which has been changed to 'neutral' by eBay. This does not coincide with their policy about removing feedback. But then, do the rules ever apply to Microsoft?" (read more...)

(Boy, a ten-day-old story. I need to start reading kuro5hin more often.)

Anyway, I know from experience that my chances of getting through to a real eBay person are approximately nil, especially on Memorial Day, so I'm not even going to try. Here are the questions I'd like to ask, and if some eBay staffer would like to answer them, feel free.

1. Regarding "VeRO," the Verified Rights Owner Program. Comments from sellers who have had their auctions yanked include:

"I own this software. It is mine to sell."
"Ended my perfectly legit sale."
"I was forced to buy it from Dell, I should be able to sell it. www.linux.org"
"I have the right to sell the Windows 98 I BOUGHT.. this is BULL SHIT....."
"ended 2 of my legit auctions. won't respond to emails."
"Legit auction canceled."
"MS & Ebay Cancelled my perfectly legit auction."
"copyright violation - on unopened retail box!"

These are not spurious complaints; they come from over a hundred eBay sellers with positive feedback ratings like 40, 253, even 476! Clearly these people are not scammers, they are legitimate and frequent eBay sellers who know the rules and who feel angry that they've been ripped off.

It is already apparent that eBay is ending perfectly legal auctions of E-Meters based on illogical and unfounded claims of copyright violation from the Church of Scientology. So "Verified Rights" doesn't mean much.

Can anyone at eBay confirm that each and every software auction terminated by Microsoft was illegal? And if not, shouldn't VeRO be renamed the "Unverified Rights Owner Program"?

2. EBay claims that, upon receiving VeRO complaints, it "reviews the reported items and, unless there is an obvious error, ends the auction." Were any of Microsoft's reports so reviewed, or were the auctions just immediately terminated?

3. Where on Questionable Items: Software is it indicated that software, unopened in the box, purchased at retail, cannot be resold?

4. Has Microsoft invoked a particular law - UCITA would be an obvious guess - in terminating these auctions? Or has it pointed to its license agreements (which for many of these auctions, apparently, would not apply)?

5. EBay's page about removing feedback doesn't mention cancelling rating of feedback, which is obviously a very important part. Isn't that misleading?

6. What did Microsoft do to get this special favor done for them - neutralization of their negative feedback? Does eBay do this for all their VeRO program members, or just Microsoft?

Update, 25 minutes later: gehrehmee pointed out Microsoft's internet piracy webpage (the URL got chopped, but deserves to be seen). Scroll to the bottom to read (emphasis added):

Microsoft and eBay have initiated an aggressive program to stop auction sites that Microsoft believes may be distributing infringing product. Microsoft monitors all auction sites and conducts daily searches to identify auctions suspected of offering counterfeit or infringing software. The company notifies eBay of suspect auctions and asks them to terminate the auctions within 24 hours.

Phrases like "due process" and "guilty until proven innocent" are coming to mind.

Arrest In The ILOVEYOU Case

It · Bug · 2000-05-08 03:38 · posted by CmdrTaco · from the make-macro-virus-and-do-time dept. · 340 comments

jacobm writes "All the news sources- CNN, ABC News, Security Focus, CNET news, and everyone else on the planet- are reporting that a man in the Phillipines has been arrested in the ILOVEYOU virus case. It appears that the virus had identifying information all over it, which makes me a bit suspicious that this could be a set-up, but on the other hand, you should never attribute to malice what can be explained by stupidity." Update: 05/08 12:50 by J : Because you haven't yet read enough about ILOVEYOU, read this (Gates opines that breaking up MS will lead to more viruses).

Solving Chess?

Ask · Technology · 2000-04-30 00:05 · posted by Cliff · from the that-would-be-hell-to-brute-force dept. · 269 comments

R. Jason Valentine asks: "One of the more complex problems that computing has tackled has been the game of Chess. The rules are simple, the strategy complex. We now have computers, based upon current technology, that can play as good as or better than the best humans. However, the current computing power is still far from answering the age old question: Is there such a thing as a perfect game of chess?" Anyone have spare processor time on a Beowulf Cluster? Or maybe this could be another project for distributed.net? Update: 04/30 10:38 by J : Remy de Ruysscher writes to say he's still working on distributed chess; to join his mailing list, email him.

"For those who don't know, it is theorized Chess may be a solveable game -- i.e. one that if played perfectly, yields a predictable outcome -- be it a victory for white, black, or a draw. There are two new computing technologies that *may* be able to answer this question -- DNA computing and quantum computing. DNA computing is advancing fairly rapidly, and recently the largest quantum computer was devised -- a mere 7 qubits.

I am admittedly completely ignorant in algorithms used by computers to calculate moves, but I was wondering if anyone had any ideas on which technology would be more likely to solve the game of chess, and how one would devise a method to do so."

eBay E-Meter Auctions Yanked

Yro · Censorship · 2000-04-27 21:35 · posted by jamie · from the bake-him-away-toys dept. · 203 comments

Does the Digital Millennium Copyright Act cover electrical religious artifacts? Apparently the Church of Scientology thinks so. eBay has been yanking auctions of e-meters because of complaints by the CoS. In response to queries by a collector, eBay said "the Church of Scientology is giving us Notices of Infringement, which we are legally required to honor. These items are being ended for that reason." Does the DMCA really prohibit the sale of these boxes? (more)

The short answer is: "No" -- as far as I can tell -- I'm not a lawyer. But this is just one more data point in the disturbing trend of the DMCA being used as an all-purpose club to remove material from the Internet.

On hearing of this, my first thought was that perhaps the devices in question are actually licensed somehow, instead of being sold outright. But I spoke to two former members and the spouse of a current member of the CoS, each of whom assured me categorically that the devices were purchased outright, with no license required to be signed. A staffer at the Lisa McPherson Trust found a catalog where anyone can buy an e-meter; the "public price" is a little higher than the price to CoS members, but there are no apparent limitations to the purchase. A credit card is all you'll need.

The device itself is just an electrical mechanism, somewhat like a fancy multimeter or oscilloscope. It's patented, but of course thousands of patented items are sold on eBay every day.

To members of the Church of Scientology, however, it's more than just an electrical device. It's used in "auditing," which apparently helps new members advance in the program. Members of the CoS who have become experienced in this process are licensed by the CoS to audit others (but, again, the purchase of the items themselves is not under license).

Some e-meters apparently have Intel Inside (an 8-bit microprocessor which performs some rudimentary functions). But ever since a 1963 raid in which the FDA took exception to the marketing of the device as medically beneficial, e-meters have carried a disclaimer which begins: "By itself, this meter does nothing. It is solely for the guide of Ministers of the Church in Confessionals and pastoral counselling."

I'd hard-pressed to think of why copyright could apply to a piece of electronic gadgetry which "does nothing." So why is eBay refusing to allow its sale?

Because DMCA is such an effective club.

Rod Keller, a Scientology critic, noticed that e-meter auctions were being taken down, and wrote eBay to ask why. The response was:

Hello,
These items are not prohibited due to their nature, but the Church of Scientology is giving us Notices of Infringement, which we are legally required to honor. These items are being ended for that reason.
Regards,
[...]
eBay Community Watch Supervisor

(Emphasis added.) That explanation, by the way, is a little facile: eBay is "legally required to honor" such notices if it wants to remain lawsuit-proof about the item. They would be well within their legal rights to leave the auctions up. More on this later.

When Mr. Keller expressed surprise at this, the next message went into a little more detail:

Hello,
There is a procedure under the Digital Millennium Copyright Act whereby someone who claims to be an owner of Intellectual property can send a notice sworn under penalty of perjury that an item is infringing. The internet provider must then remove the item. The seller of the item (not a third party) can request and fill out a counter notice. If he/she does so, the complaining party who filled out the original notice has a limited period of time to file suit, or the provider can go ahead and relist the item.
This is set up under the statute so that the interested parties will be the ones doing any litigating.
Regards,
eBay Customer Support

In response to my requests for more detail on exactly how the DMCA was being invoked by the CoS, an eBay representative promised that someone would get in touch with me. Unfortunately, I haven't heard from them by press time.

Here's what I think happened, based on the above -- feel free to follow along in the full text of the DMCA if you like.

The DMCA is an unusual regulation in that it principally protects service providers from litigation and then rigidly defines the steps they must follow to stay under its umbrella. It puts eBay in a position a little bit like Bart Simpson's, when Sideshow Bob announces:

"The following people will not be killed by me: Homer Simpson, Marge Simpson, Lisa Simpson, that little baby Simpson.... That is all."

Title II of the DMCA, otherwise known as the "Online Copyright Infringement Liability Limitation Act," is what seems to be relevant. It describes under what conditions a service provider is not liable "for infringement of copyright." My guess is that eBay is looking at section 202(c): "Information Residing On Systems Or Networks At Direction Of Users." The system is ebay.com; the users are the sellers; presumably the information is, in this case, the item being auctioned. Or the text and graphics used to describe the auction? I'm not sure.

Section 202(c)(1)(C) indicates that eBay will not be subject to liability as long as it, "upon notification of claimed infringement as described in paragraph (3), responds expeditiously to remove, or disable access to, the material that is claimed to be infringing or to be the subject of infringing activity."

Paragraph (3) describes the elements which must be present in a notification, including: "A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed."

Based on eBay's statements, the Church of Scientology has sworn under penalty of perjury that it has an "exclusive right" to copyright on the material that was posted in the auction.

To me, that seems obviously wrong. An e-meter is an electrical device, or a religious artifact, depending on how you look at it. Either way, it's sold to customers who may or may not be members of the Church. Once they've bought the items, they should be able to do with them what they wish, including reselling them to whoever they wish.

But to enjoy the protections of the DMCA, service providers must remove any material as soon as they're told it infringes on copyright. Once material has been challenged, the service provider must act "expeditiously" to remove it. Only when the material is gone can the accused user make a case to defend it.

The carrot for service providers becomes a stick for users.

Meanwhile, I'd like to see the statement that the Church of Scientology made, under penalty of perjury, that an auction of an e-meter infringes on their copyright in some way. Any spokespeople for the CoS reading this are welcome to contact me to discuss it.

But, as Declan McCullagh wrote in an unrelated DMCA story yesterday, we are moving toward a two-tier copyright system on the internet -- at least in this country. If you don't host your own content, the DMCA's censor-first, ask-questions-later mandate effectively strips you of your rights.

Where Is The Wiretap Archive?

Ask · Internet · 2000-04-25 02:06 · posted by Cliff · from the vanished-into-thin-air? dept. · 95 comments

cfusion asks: "Veterans of the Internet should remember the Wiretap Electronic Text Archive, at one point hosted by wiretap.spies.com and later by wiretap.area.com. It was a gopher/Web site that covered EVERYTHING under the sun, a digital library of sorts, with incredibly rich content. (A quick search of Yahoo for "Wiretap" will reveal the breadth and depth of their archives - everything from U.S. historical documents to texts about UFOs) Anyway, I recently went back to ">wiretap.area.com and found a message saying "No, we don't know where it went." It's gone. My question is really threefold: Where did it go and why? Are there any other Internet-based libraries that host as large a wealth of textual content? Couldn't someone write to the former curator of the site and offer to host it on their own site? Then turn it into a collaborative effort that maintains the sharpest digital library online. Perhaps my question is not so much about Wiretap, but about digital libraries in general. Although I do want to know where Wiretap went, and why someone else can't host it." This is a cool concept. Hopefully it, or something like it, will turn up again on the Net. Update: 04/25 8:45 by J : "It's back up for good," says its maintainer. Hooray! http://wiretap.area.com/

Unisys Cracks The Whip

Tech · Graphics · 2000-04-18 17:51 · posted by jamie · from the saw-it-coming dept. · 280 comments

Their GIF patent expires in 2003, so Unisys is getting while the getting's good, according to CNET. They're not commenting on the record, but it seems they'll be kicking up their licensing fees. According to one source, they asked Accuweather for US$3.8million. Instead, AccuWeather forecasts switching to PNG next month (insert sound effect of burning GIFs.)

Update: 04/19 09:44 by J : I just checked the bug log for Mozilla's lack of PNG alpha transparency (which has been registered and debated for over a year, and which I gather is the major factor standing between Mozilla and PNG compliance).

Three days ago, after a little tweaking, Greg Roelofs reported significant progress on the latest build:

http://www.cdrom.com/pub/png/pngs-img-moz.html
It's gorgeous! Aside from the interlacing bug (bug 3195), it's the equal of MacIE 5.0. Well done, Tim and Pam! It's truly a lovely thing to behold. I look forward to seeing this bug closed out at last.

UK Censorship: Demonic Consequences

Yro · Censorship · 2000-04-16 21:05 · posted by jamie · from the knuckling-under-in-advance dept. · 196 comments

"I got into the Internet because I believed in the promise of freedom for all; I never imagined it would be the most easily censored medium there is." These are the words of a director of the Campaign Against Censorship of the Internet in Britain - which has now been moved to the good old U.S.A. because its British ISP is too afraid of libel suits to continue hosting it. Why? Because Demon Internet settled the libel suit brought by Laurence Godfrey. British ISPs are now (rightly) terrified, and are (unfortunately) censoring Web sites like Outcast merely because of the possibility of future libels that might be published. (more)

The problem is with the British legal system, which makes defending against libel suits difficult. Essentially, the defendant has to prove his or her innocence, typically by proving the truth of every challenged statement (and there are other systemic flaws as well). In such a system, putting up a defense is such a hassle - and so expensive - that settling out of court is almost always easier.

The Laurence Godfrey case was settled out of court, setting not a precedent but a bad example. Most libel cases do settle. After Godfrey's victory, now even more will.

One of the better-known cases which went all the way to the verdict was the McLibel trial, in which everyone's favorite multinational food chain sued two unemployed activists for handing out a pamphlet. Attempting to prove the truth of every single statement in the brief factsheet took the vegetarians two years. They could not afford to pay legal counsel or even to buy the transcripts of their own trial's proceedings. They lost, but the negative publicity was a Pyrrhic victory for McDonald's.

And in very recent news, the big story has been one in which a Holocaust-denier brought suit for a book which (essentially) called him a Holocaust-denier. This time, the good guys won, but only because the author and publisher were willing to spend two million pounds to illustrate that the facts were on their side. The bookstores that were sued had settled quickly out of court and agreed to the plaintiff's terms. (If you follow this case, some excellent and very detailed legal analysis can be found at a site I happen to Webmaster, in the essays Irving'sWar.)

Even if a libel suit is only hinted-at, as in the Outcast and CACIB cases, pre-emptively removing the material is the publisher's safest move. Don't like what someone says? Afraid of what they might say? Gag'em!

The U.K. needs to wise up and bring its libel law into the 20th century, or its citizens will quickly find themselves inhabiting a Bland Speech Zone. An island on the Internet, if you will, where nobody dares say anything about anyone else - or if they do, they prudently take their speech (and their money) offshore.

As a Demon settlement news report predicted two weeks ago:

"If the ISPs become more cautious over what material they allow to be published - by screening submissions or suspending Web sites - they could inflame the debate over freedom of expression or damage internet-based businesses."

Neither of which, surely, will benefit the people of the U.K.

Update: 04/18 03:21 by J : Two good commentaries today from lawyers relating to the Holocaust-denier's lawsuit. The legal team defending against the Holocaust-denier's lawsuit has an interesting contrary view in today's Independent. They argue that British libel law works, and is getting better in response to criticism. But when they write:

"...libel actions and the associated costs are part of the process of publishing. They are to the publishing industry what construction disputes are to the building industry. If the litigation is expensive that is a criticism of the price of litigation - not of libel litigation specifically."

they obscure an important point. We are all publishers in the internet age. If publishing is to be restricted to those who can afford "industry" insurance policies against million-pound legal fees, put a fork in the U.K.'s internet - it's done.

And, see also a legal viewpoint from the defending publisher's lawyers.

Backdoor In Microsoft Web Software?

Microsoft · 2000-04-13 22:30 · posted by ryuzaki0 · from the joshua dept. · 445 comments

There's a backdoor in Microsoft Webserver software. The Wall Street Journal article isn't very technical, so we don't know yet exactly which software is affected: IIS, FrontPage, or both. It apparently doesn't affect Windows 2000 or FrontPage 2000. The workaround Microsoft "urges" is to delete dvwssr.dll. And just to make your Friday a little more surreal, the secret backdoor password apparently has something to do with Netscape engineers being "weenies." Update: 04/14 09:02 by J : It's been a busy day for some programmers at Microsoft and elsewhere. The word as of 3:30 EDT, according to Russ Cooper, is that "there is NO VULNERABILITY IN DVWSSR.DLL. Yup, that's right, different again from what I said earlier, and even more different than what I said yesterday to WSJ." (more)

Here are the basic details from the article (expensive reg. req.), because I can't find this story anywhere else. Strange that the WSJ should have the scoop on a security issue.

Microsoft Acknowledges Its Engineers Placed Security Flaw in Some Software
By TED BRIDIS
Staff Reporter of THE WALL STREET JOURNAL
Microsoft Corp. acknowledged Thursday that its engineers included in some of its Internet software a secret password -- a phrase deriding their rivals at Netscape as "weenies" -- that could be used to gain illicit access to hundreds of thousands of Internet sites world-wide. [...]
The company planned to warn customers as soon as possible with an e-mail bulletin and an advisory published on its corporate Web site. Microsoft urged customers to delete the computer file-called "dvwssr.dll"-containing the offending code. The file is installed on the company's Internet-server software with Frontpage 98 extensions.
While there are no reports that the alleged security flaw has been exploited, the affected software is believed to be used by many Web sites. By using the so-called back door, a hacker may be able to gain access to key Web-site management files [...]
Russ Cooper, who runs the popular NT Bugtraq discussion forum on the Internet, estimated that the problem threatened "almost every Web-hosting provider." [...]

And, Black Parrot passed along this link to a CBS Marketwatch story, which is free but short on detail.

Quickielanche

Quickies · 2000-03-30 14:07 · posted by ryuzaki0 · from the duck-and-cover dept. · 130 comments

Let's start this off with bio2's link to "the tube": an unrollable laptop:super crazy hardware. seizer sent us the most amusing firewall circumventer: a TCP/IP Email Tunnel. While on the subject of bizarre technology, John Petz sent us a webserver running on an Atari 800. Still not in shock? hool sent us a hack over at x42.com which uses the hostname as input to a calculator. tdunn linked us to a place that lists odd things found inside PC cases. It includes a *shudder* severed finger tip. For more wierd tech support, yeahbensteres submitted iamanidiot.com which has some tales that you may or may not believe. Pike sent us 94 Uses for Old Altoids Tins: Who eats 94 tins of altoids? Oh... wait. OwenF sent us linkage to the latest robotic pet craze. Look out AIBO, here comes Robotic Fish! Slashdot's own jamiemccarthy points us to TimeCube.com for all your wierd-science needs. You econ majors might be interested in Yhetti's link to the fortune-cookie market index. Bradley noted a story about a man who changed his name to 'Oxford University' to avoid domain squatting charges from Oxford University. If you have a mission:impossible scheduled next week, Dr. Manhattan sent us a link to a Swiss company that is developing self-destructing CDs. The CIA has some on back order. An anonymous reader pointed us to EarthKam, which has several really beautiful pictures of earth from space. Check out their top 10 ... if only they were bigger they'd make great background art. And finally for those of you who are sick of all the naughty language on TV, deepak saxena sent us a machine that claims it will filter all the damn swearing from TV and video. I'm waiting for a version that filters out Regis.

German Censorware Targets Music

Yro · Music · 2000-03-16 09:25 · posted by jamie · from the musik-nonstop-technopop dept. · 334 comments

Blocking software can work on any category of material. Here in the States we try to block sex. But in Germany, they're going to use censorware to go after MP3s. Its "Rights Protection System" is rumored to already be in testing - and the rights that get protected are those of Mariah Carey and her label, needless to say, not yours or mine. What does this mean for our German readers, and others? More thoughts below...

If you only read one link, read Fitug's fact sheet (in English). It summarizes the situation pretty well. See Declan McCullagh's Politech for some more links.

Basically, the German recording industry is selling the idea that they should have carte blanche to block any incoming packets they see fit, at the router. As Lawrence Lessig and others have warned, the large ISPs are the weak link, subject to easy regulation. And as Fitug's paper says, only the large service providers need be forced to use this system: small providers get their feeds from the large ones, auto-censored for their pleasure.

Think for a moment about how this system will work in practice. Pirate websites, by definition, operate under the radar: they are hard to find. They are often up only briefly, or require a password to access. They aren't linked to search engines. Sharing copyrighted material is illegal is every major Western country, so these sites aren't going to list themselves on Yahoo.

But it's already been shown that censorware can't even block what's on Yahoo. That's not an exaggeration. I work with the Censorware Project, and we did a report on Bess in 1999. The software didn't just fail to block a lot of hardcore sex. It failed to block hardcoresex.com - and hundreds of other porn sites listed on Yahoo.

This new "Rights Protection System" is going to use the same technologies as existing censorware and have about the same results:

"Im Prinzip funktioniert das 'Right Protection System' also ähnlich wie das Programm Cyberpatrol..."
"So in principle, the 'Rights Protection System' will work like the program Cyber Patrol..."

Someone has to maintain this "Rights Protection System," just like someone has to maintain Cyber Patrol. What chance does it have to find even a fraction of the napster servers, hotline servers, IRC channels, and, yes, even websites where pirate MP3s are being traded?

And when a pirate site is found, the rock'n'roll will be blocked the same way existing censorware blocks sex or drugs. Let's say a directory full of copyrighted MP3s is at

http://BigUniversity.edu/users/joepirate/secret/

The RPS staffers have no way of knowing whether "joepirate" is going to have friends who share MP3s, is going to change user IDs, or is going to put his songs into some other directory. The block will be made not on the /secret/ directory. If the university is lucky, there will be a block on the /users/ directory.

But since the "filtering" takes place at the router, it is much more likely that the entire webserver will be blocked. Big University probably won't be getting many exchange students from Germany next year.

And on what basis is the country going to ask its service providers to put this extra software on their routers? According to a spokesperson for the German branch of the International Federation of the Phonographic Industry (IFPI):

"The packet forwarding process in the router is not a passive forwarding of the incoming signals. The packet is processed and manipulated by the router before it is transmitted onwards. So the [service providers] that purchase and install these routers have a heavy participatory role in the operation of the Internet."

In other words, since the hardware is already routing ("manipulating") packets from one network to another, it's really no different to add a blacklist that forbids certain URLs or IP numbers.

The executives speaking in favor of this proposal make it sound like it's going to benefit the little musician, the one struggling to make it. The IFPI points out magnanimously that it invests some of its profits in unknown artists (duh):

"Jede dritte Mark, die mit den Hits der Megastars erwirtschaftet wird, fließt heute in die Förderung junger Künstler."
"Today, every third Mark made by the megastars' hits goes toward the promotion of young artists."

Isn't that nice. But what about the "young artists" who haven't been signed with a label yet?

If I'm trying to make a name for myself by giving away my own music, and the RPS staffers spot a directory full of my MP3s, are they really going to compare each of my files' titles against their libraries? Are they going to listen to each MP3 they find? More likely, they will assume that files named "my_heart_will_go_on.mp3" and "song-001.mp3" are songs copyrighted by someone else, and not my own original work.

Simple solution: block my whole directory. Or my whole server. If there's a little collateral damage - well, less competition for their own artists.

And they won't bother to tell me about it, of course; so my music is now blocked from eighty million potential listeners - customers - and I will never know.

This doesn't help "young artists" - unless you think enslaving them to the existing labels is helping them. The IFPI chooses to ignore that giving away MP3s can help a struggling artist, not hurt.

Meanwhile, executives for the German Authors' Rights Society (GEMA) redefine arrogance. My German is rusty and Babelfish is almost no help, so bear with me. First, they count their money:

"Erfolgreiche Jahresbilanz. Zunächst aber habe ich die Ehre, Ihnen den Geschäftsbericht 1998 vorzulegen. Er dokumentiert mit seinem Gesamtertrag von DM 1,465 Mrd. und einer Verteilsumme von DM 1,263 Mrd. die wirtschaftliche Ertragskraft unserer musikalischen Verwertungsgesellschaft..."
"Successful Annual Balance. But first I have the honor to submit the business report for 1998. It documents total proceeds of 1.465 billion Marks and a distribution total of 1.263 billion Marks for our commercial music corporation..."

(Incidentally, Babelfish translates "unserer musikalischen Verwertungsgesellschaft" as "our musical exploitation corporation" - which may be accurate but probably isn't what was intended.)

Then, two sentences later:

"...auch die den kreativen Schöpfer bedrohenden Kräfte, die sich hinter Schlagworten wie 'arbeitsplatzschaffende Kommunikationsgesellschaft' oder 'Digitalisierung der Welt' verstecken, nicht aus den Augen verloren werden dürfen. Hier drohen uns - allerdings zu bewältigende - Gefahren. Und in der Tat, sie werden auch nicht eine Sekunde aus den Augen verloren, diese Gefahren. So wird denn die GEMA nicht müde, die globalisierungssüchtigen Verfechter absoluter Kommunikationsfreiheit und damit Verächter von Kultur und geistigem Eigentum immer wieder in die Schranken zu verweisen."
"...and we should not lose track of those powers who threaten creative people*, who hide themselves behind slogans like 'job-creating communications company' or 'digitalization of the world.' We are threatened by these dangers - which nevertheless can be overcome. Indeed, these dangers will not for one second be lost from our eyes. GEMA will never, ever tire of putting these globalization-addicted advocates of absolute freedom of communication - the depisers of culture and intellectual property - in their place."

Boy. How serious are these guys?

But of course they're serious. After all, negative billions are at stake.

Finally, consider what will happen once the German music industry, or any other, manages to install content-based blocking at the routers of the entire country.

Pirated music isn't the only illegal content in Germany. And once the software's in place, no politician will be able to resist adding one more type of content to block.

What will be the next category they enable on their nationwide blacklist? You might think sex. I'm betting it's Holocaust-denial. The denial of the Holocaust is something I've been working against for eight years (wearing one of my other "activist hats"). And for eight years I've been repeating that the most effective way to repudiate this dishonest political ideology is to expose it to the light of day.

Let people read the junk. And let them read refutations of the junk. That's the best way for people to recognize that deniers are liars: give them access to what everyone says, and let them make up their own minds.

But the German government disagrees. Unfortunately, they don't realize that the best way to convince a confused citizen that Holocaust-deniers are saying something valuable is to have the government ban it. "After all," goes the logic, "they wouldn't ban it if it weren't dangerous - and what could be more dangerous than the truth?"

Then, finally, after they make free-speech martyrs out of neo-Nazis, will come the effort to block sexual content. All of these blocking efforts - music, Holocaust-denial, sex - will work approximately as well as censorware has worked anywhere else. And will do approximately as much collateral damage.

This approach to censoring an entire country - block content at the incoming routers - has not yet been tried on a large scale in any Western country. Many Asian countries (notably excepting Japan) and most if not all fundamentalist Islam countries have adopted nationwide blocking. We'll see if this is the first step toward bringing the technology to the West.

If anyone has information about who will be creating and maintaining the blacklists used by the "Rights Protection System," please post a comment here or email me.

Mattel Dislikes Being Embarrassed (UPDATED)

Yro · News · 2000-03-15 17:29 · posted by michael · from the DMCA-in-action dept. · 416 comments

A few weeks ago we ran Keep It Legal to Embarrass Big Companies , detailing Peacefire's decryption of X-Stop's blacklist. Then just a few days ago, we noted that CyberPatrol's encrypted list had also been cracked. Well, Mattel, the maker of CyberPatrol and a Big Company, decided it didn't like to be embarrassed -- so it's filing suit against the coders in Canada and Sweden. In addition to demanding the removal of the decryption utility, Mattel is also seeking the logfiles of the Swedish ISP that hosts the decryption utility, to identify everyone who has downloaded it to date. Update: 03/16 6:50 PM EDT by J : Today's news was filled with Mattel's PR lies about their suit. Analysis follows.

Update: 03/16 6:50 PM EDT by J : The problems started with the AP story (cited above). The decryption software posted by the activists was described as "a method for kids to deduce their parents' password and access [pornographic] Web sites."

This was the spin that Mattel's PR people put on the story. They surely didn't want the news media reporting that activists had posted software that exposes their secret, hidden blacklist to the light of day. That wouldn't sound so good - it might get people to ask "why are these blacklists encrypted at all?"

Instead, Mattel's PR decided to say that the decryption software allows kids to view pornography. Predictable - this is the same smear that's always dragged out - but the media swallowed it uncritically. (The AP story was repeated on cnet, and everywhere else that uses the AP feed.)

Even the normally-critical Declan McCullagh wrote a story for Wired whose opening sentence was corporate propaganda. "Toy-maker Mattel has sued two programmers who revealed how to circumvent its CyberPatrol blocking software." Thankfully, the rest of his article gave the full story.

Mattel is not upset about CPHack's minor feature of circumventing the program when installed. Peacefire has been distributing their own instructions to disable Cyber Patrol for months now, and hasn't been sued. (They're pretty simple instructions, too.)

Mattel is upset that people can see the flaws in their software which were previously hidden by encryption. They want to continue selling bad software and will use the full force of law to prevent you from learning how bad it is. Legal papers have already been served and the proceedings will presumably begin shortly. Stay tuned - and don't trust press releases.