Domain: mit.edu
Stories and comments across the archive that link to mit.edu.
Comments · 7,673
-
linksHere are those links in link format:
-
Unfortunately, "Bob" is already taken...
... by the Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure which chooses to refer to itself as "Bob" rather than "TACDFIPSFKMI". See here if you don't believe me. As they both have something to do with Federal crypto standards, it would be too confusing to have them both named "Bob".
-
Greed Season
I'm very surprised by what I read here. With 70% of the threads on Slashdot being related to the creeping loss of our freedoms, everyone is still swept up by Greed Season. Do those of you who have visions of Playstations dancing in your heads know that Sony is a huge player in both the RIAA and the MPAA?
Christmas presents may be gifts, but everything has a cost. We all need to think about the consequences of our actions, direct or indirect. Don't just accept commercial gift giving because it's the status quo. How about spending time with the people you care about, and enjoying the time off, instead of working at being a diligent consumer? Or, better yet, as CmdrTaco hinted at, why not ask for a donation to be made in your name to a worthwhile charity, such as the EFF or the Leauge for Programming Freedom?
Personally, I don't expect to recieve any gifts for Christmas, or my December birthday, save for a plane ticket to visit my parents in Alberta.
- -
Lego Mindstorms
Lego Mindstorms Robotics Invention System 1.5
about $200 -- info @ http://mindstorms.lego.comDeveloped from work by the MIT AI Lab, the programmable brick is the ultimate synthesis of two great techie toys: LEGO, and computers. The Mindstorms RIS appeals to the hacker mindset, too. By exposing the internals, LEGO makes it easy to ignore the included software and program the brick using a wide range of tools and environments, including Linux.
Definitely gets my vote for the "cheaper than a Playstation" entry.
-- -
Gale Secure Messaging Service gale.org
The Gale secure messaging service is in version 0.99a. FAQ. The name is a takeoff on MIT Zephyr. Goals include scalability as well as security. The Gale documentation has a page comparing Other secure instant messaging systems.
-
Re:Cracking slashdot
there is a version for linux, its called 'fsv' file system viewer.
http://fox.mit.edu/skunk/soft/fsv/
Check it, its cool.
-
Euthyphro
annotated http://socrates.clarke.edu/aplg0150.htm
lynx friendly http://www.knuten.liu.se/~bjoch509/works/plato/eut hyphro.txt
down, drive failure http://classics.mit.edu/ -
better information
That HOWTO is good, but severely out of date. To quote Cha pte r 10 - Encrypting files and drives in Linux, BSD, and other Unices"
Chapter 10 - Encrypting files and drives in Linux, BSD, and other UnicesBy: Kurt Seifried, seifried@securityportal.com, for http://www.securityportal.com/
; OverviewDo you have files on your computer that you wouldn't want your spouse to read, or perhaps your main competitor. Chances are if you use your computer for work or general usage the answer is yes. Also what happens if you want to send a file to someone, or let them download it from you, but you only have access to a public site (like a free web hosting company). The answer is to encrypt the file, and fire it off. For UNIX you have several choices, PGP, and GnuPG, as well as Guardbot for web based file transfers. If you work with files that are sensitive (such as spreadsheets containing sensitive financial data) the constant hassle of encrypting and decrypting the file (as well as the fact a decrypted copy will be stored on the filesystem, leaving a window of opportunity for an attacker) can get tedious. If this is the case you will want to use software such as, BestCrypt (commercially licensed but free for Linux with source code), or PPDD (Private and Top Secret, GPL licensed) which are both very similar in execution and general usage.
Encrypting files and drives PGPPretty Good Privacy is available as a command line driven program for most UNIX platforms, and there are a variety of front end GUI programs for it. I would not recommend using PGP on a UNIX platform since a completely OpenSource, and compatible replacement is now available, in the form of GnuPG.
GnuPGGnuPG is a GPL licensed (a.k.a. completely free in every respect), written in Germany (a very pro-crypto and pro-privacy country). Since it is available in full source code chances are it has been ported to your UNIX platform (and if not try compiling it, it might work). You can download GnuPG as a compressed tarball of source code, and there are links to a number of source and binary packages for various UNIX platforms. Once installed GnuPG behaves very similarly to PGP. The first thing you'll probably want to do is generate a new keypair, simply use the command "gpg --gen-key", it will create a ".gnupg" directory in which to store your keys, option files and so on and exit, you then run it again and it will lead you through the key creation process. Choosing the defaults during key generation is a pretty safe bet, although you may want to use a 2048 bit keysize (realistically if someone manages to crack 1024 bit keys, chances are they can get at your 2048 bit key, however if they are only trying to brute force it a longer key is a good way to reduce the chances of that). For personal keys the expiry is typically set to "0" (that is to say they do not expire), however if these keys are for corporate use, or for really sensitive information it is a good idea to expire keys and rotate them (every month, year, decade, whatever your security policy dictates). The most important thing when generating a key (in my opinion) is the passphrase. This is a string of characters which should consist of letters (upper and lower case) numbers and punctuation marks, the longer the better (I'd say the bare minimum is 10 characters). This controls access to the private key, which is used to sign items (and if compromised means an attacker could easily impersonate you), and to decrypt data (meaning an attacker could access all your data). Keep your private key secure! If an attacker gains access to this key they only have to brute force the passphrase, which is typically a lot weaker then a random 1024 bit (or longer) key. Worse yet they may steal your passphrase, with a keyboard sniffer or similar attack, resulting in a compromise of your key. If the attacker does not have access to your private key they will be forced to guess it, which takes a brutally long time (on average however, there is a chance they may guess the key correctly on their first try).
Signing files is useful if you want to distribute a file to someone, and be able to prove that you sent it, and it was not tampered with. Internally GnuPG takes a hash sum (such as MD5 or SHA1) of the file (basically it reduces the file to a shorter, unique string of data) which it then encrypts with your private key, generating a signature. This signature can then be decrypted with your public key, resulting in possession of the hash sum of the file, simply take the hash sum of the file in question, and if the they match, then obviously the file is what it claims to be. This signature file can be a binary file, or converted into text (for example signing email, or distributing file signatures via email). To sign a file with gpg simply use
$ gpg -b file :which will create a detached signature of the file.
To verify the signature use "gpg --verify file.sig file". If all is well you should see something like:
$ gpg --verify file.sig file gpg: Signature made Sat 15 Jan 2000 05:23:31 AM MST using DSA key ID 47D0D9A8 gpg: Good signature from "Kurt Seifried <seifried@securityportal.com>"If someone has fiddled with the file or signature you will see something like:
$ gpg --verify file.sig file gpg: Signature made Sat 15 Jan 2000 05:23:31 AM MST using DSA key ID 47D0D9A8 gpg: BAD signature from "Kurt Seifried <seifried@securityportal.com>"Encrypting files is also relatively simple, a person uses your public key to run the data through a one way algorithm which results in a seemingly random mishmash of data, you can then use your private key to recover what the original data was, thus decrypting it. To encrypt a file to someone you first need their public key, you can download it from their homepage (if they have it online of course), or you can go to a public key server, of which there are many:
http://pgp.ai.mit.edu/ - PGP key server
http://www.keyserver.net/ - OpenPGP key serverOnce you have their key it is simply a matter of signing and encrypting the file (just encrypting the file is rare as there is no proof of who the data is from, unless you use some other method, like physically handing them a floppy disk with the encrypted file). The following is an example of me signing a file and encrypting it with my public key:
$ gpg -s -e file You need a passphrase to unlock the secret key for user: "Kurt Seifried <seifried@securityportal.com>" 1024-bit DSA key, ID 47D0D9A8, created 2000-01-15 You did not specify a user ID. (you may use "-r") Enter the user ID: seifried@securityportal.comThe user ID can either be the key ID (such as: 47D0D9A8), the email address associated with the key (seifried@securityportal.com)or the name (not recommended as these are not unique, there are many John Smith's). You will end up with a "file.gpg" that is binary, if you wish to send the file via email it is advisable to use the "-a" ("--armor") option which will result in "file.asc" and is ASCII text, so you can read it straight into an email, or print it out, mail it, and let them OCR and decrypt it at their end. To decrypt a file sent to you simply:
$ gpg --decrypt file.asc You need a passphrase to unlock the secret key for user: "Kurt Seifried <seifried@securityportal.com>" 1024-bit ELG-E key, ID 47D0D9A8, created 2000-01-15 (main key ID 39B0D9A8)and it will display the file (hopefully a text file) to your screen, followed by the veracity of the signature (if you have the persons public key):
gpg: Signature made Sat 15 Jan 2000 06:06:19 AM MST using DSA key ID 47D0D9A8 gpg: Good signature from "Kurt Seifried <seifried@securityportal.com>"if you want to save the decrypted file simply use "--output filename" and it will dump the content to "filename". You can also use shell commands such as "|" or ">" to further mangle the output (this is useful if you have automated systems such as a reporting mechanism which sends encrypted emails to a central repository).
BestCrypt
BestCrypt is a disk encryption program available for Windows and Linux. The nice thing is you can create an encrypted container (a file that is then mounted as a filesystem), and use it in Windows or in Linux (as long as it resides on a partition accessible to both, so putting it on your Windows partition is fine since Linux reads almost all Windows partition types). BestCrypt consists of some kernel modules (so your kernel will need to support loadable kernel modules obviously, and it helps if you are using tools like depmod, modprobe and the kernel module loader), and a userspace utility called "bctool". This program is however officially in "beta testing" for Linux, and probably should not be used for critical data (if it is, make sure you have backups). After testing BestCrypt for Linux I am satisfied that even though the software is officially beta, it is probably stable enough for most users, however your mileage may vary, all sales final, and don't blame me for any lost data. The only real problem with BestCrypt is a severe lack of documentation, while there is a man page that explains basic options, there is not a single example of how to create and mount a container (I suspect the release will have documentation, their Windows version documentation is quite good, a half meg helpfile). You need to download the software first, available as a source tarball, and source rpm (very easy to install on an RPM based system). Simply download either one, I would recommend the source rpm if you can.
# rpm -Uvh BestCrypt-0.3b-1.src.rpm BestCrypt ################################################## # cd /usr/src/redhat/SPECS # rpm -ba bcrypt.specfollowed by a lot of text while it unpacks, compiles and assembles the source RPM and binary RPM. You should then have a:
/usr/src/redhat/RPMS/i386/BestCrypt-0.3b-1.i386.rp m /usr/src/redhat/SRPMS/BestCrypt-0.3b-1.src.rpmSimply install the binary RPM with a:
#rpm -Uvh /usr/src/redhat/RPMS/i386/BestCrypt-0.3b-1.i386.rp m BestCrypt ################################################## If you do not have an RPM based system, or the source RPM doesn't work for you, compiling the source code directly from it's tarball should be possible. Simply download the file, unpack it to an appropriate place (such as
#make #make install /usr/local/src) and issue the commands:And you should be up and running. The first step is to create a container (a file that is encrypted and mounted as a partition):
# bctool new -a blowfish -s 10M file Enter password: Verify password:You can of course use the "gost" or "des" algorithms, I would not recommend them as gost is less tested then the "twofish" and "blowfish" algorithms that BestCrypt supports, and single des is to easy to brute force. The next step is to format the container, you'll probably want to use msdos if sharing with Windows (i.e. a dualboot Linux and Windows machine), or if just Linux then ext2 is a good bet. You can also specify the size, if you make it so small this can be a problem, but because it is a file and not a true partition you can easily create a new, larger file, move all the data to it and use it instead of the older smaller one.
# bctool format -t ext2 file Enter password: mke2fs 1.15, 18-Jul-1999 for EXT2 FS 0.5b, 95/08/09 Filesystem label= OS type: Linux Block size=1024 (log=0) Fragment size=1024 (log=0) 2560 inodes, 10238 blocks 511 blocks (4.99%) reserved for the super user First data block=1 2 block groups 8192 blocks per group, 8192 fragments per group 1280 inodes per group Superblock backups stored on blocks: 8193 Writing inode tables: done Writing superblocks and filesystem accounting information: doneOnce the file is formatted you should be able to mount it:
# bctool mount file /root/crypt/ Enter password: # df Filesystem 1k-blocks Used Available Use% Mounted on /dev/hda1 3122956 70596 2893720 2% / /dev/hda2 2917360 24224 2744940 1% /crypto /root/file 9909 13 9385 0% /root/cryptAs you can see it is mounted as a part of the filesystem, just like a floppy disk would be for example. Remember to control access to the directory hosting the encrypted files carefully, no matter how good the encryption, if you have it set world readable you won't have gained any security. Also remember that as a user, root owns the / and can take ownership of any file or directory and see what's in it. Alternatively if an attacker gains root access they can log your keystrokes (or terminal traffic) and gain your password (and access to your files). As always your security is only as good as the weakest link.
PPDDPPDD is similar to BestCrypt, but instead of creating a file, encrypting that and mounting it, it actually uses a partition which is encrypted and mounted using the PPDD driver, because of this it can do a few additional things BestCrypt can't. If you only want to encrypt a few directories then I advise compiling PPDD as a kernel module, but if you want to encrypt the entire file system (including what you boot from) you will need to compile PPDD directly into the kernel (although as of 1.0 it's not to hard). Unless you have a GPL only policy I would recommend using BestCrypt if you are new to this (it is easier to install and use, and you can buy support). PPDD does have one enormous advantage over BestCrypt however, you can encrypt all of the system, including the boot drive and swap partition, making it ideal for situations such as laptops with sensitive data and minimizing the risk (to zero if need be) of accidentally leaving sensitive data in an unencrypted location (such as the swap file,
/tmp, and so on) so if you need a higher security level I would recommend PPDD over BestCrypt (simply because you can encrypt everything). Another advantage of PPDD is that is uses two passwords instead of just one for each encrypted filesystem, so you can give one administrator one password, and another administrator the other password, meaning no single person can gain access to the data. Unfortunately as of the writing of this chapter PPDD is not available for kernel 2.2.13 or 2.2.14, so you will have to run the older 2.2.12 kernel (which is the stock kernel on many distributions in any case).Download PPDD, and unpack it in a suitable location, such as
#make check_linux #make trial_patch #make apply_patch #make devices /usr/local/src/, there are several files you should read, most notable the README file, and once done install I would recommend reading the PPDDHow.txt file. Installation is rather simply with:This will first test the kernel source to make sure it's the right version and so on, then it will test the patches, then apply the patches proper, and then create the devices needed (similar to what BestCrypt does). At this point you need to recompile your kernel, first make sure you go into the configuration (via make config or make menuconfig or make xconfig), and enable the PPDD driver (in the Block devices section). Then save the config file and recompile the kernel as your normally would. Once that is done you will have to install the new kernel (copy it to
#make #make install /boot typically, edit lilo.conf and rerun lilo). Once you have rebooted you will want to build the tools for PPDD and install them with:At this point you should be ready to use it, however I would recommend running the tests with:
#make testThey take a while to run, but it will save frustration later on if something is broken. Using PPDD is relatively simple, there are a number of utilities for creating, managing, encrypting file systems, and so on. You will also want to set the permissions and ownership on the
#chown root:root /dev/xxxx that contains your encrypted data so that only root has access to it, PPDD will complain otherwise /dev/hda3 #chmod ugo-a /dev/hda3 #ppddinit /dev/ppdd0 /dev/hda3 #ppddsetup -s /dev/ppdd0 /dev/hda3 #mke2fs -b 1024 /dev/ppdd0 #mount /dev/ppdd0 /cryptAt this point you should have a directory called
Guardbot /crypt which is /dev/hda3 (although on df and the like it will show up as /dev/ppddx). I will cover how to encrypt you entire filesystem with PPDD, at a later date however (it is extensively documented though).Another new possibility is Guardbot, which password protects www pages. Essentially there are two components, an applet that encrypts the data, using DES (56 bit keyspace), and an applet that will decrypt the data with the password you provide. The advantage of this over traditional server based methods of control (such as htaccess in Apache) is that the user manages it fully, and can protect each file individually without much setup. To fully take advantage of the keyspace available your password must contain upper and lower case letters, numbers (and punctuation marks, but this can confuse users) of around 10 letters, however since people tend to choose less then random passwords a longer password then this is advisable. This program would be useful for getting files to other people cheaply (simply sign up for some free web space, post the file up, and get the password to the other person securely).
Hiding files and data on your computerIt is no longer enough in some countries to encrypt your data to prevent access to it. Recently in Britain a law was created making it a criminal offence to refuse to give up encryption keys or plain text versions of encrypted data.
StegHideStegHide hides data in files such as sound and picture files where not all of the bits in a byte are used. Since the data is encrypted it will appear random, and proving that the data is actually there is difficult. The only downside is to store a one megabyte file you need a sound/picture file of several megabytes, which can be cumbersome (but hard drives and high speed access are becoming cheap so it's a moot point). You can get StegHide at: http://www.stego.com/.
StegFSSteganographic File System actually hides data on your harddrive, making it difficult to prove that it even exists. This can be very useful as the attacker first has to find the data, let alone break the strong encryption used to protect it. You can get StegFS from: http://ban.joh.cam.ac.uk/~adm36/StegFS/& lt;/a>
OutGuess .OutGuess hides data in image files, meaning you can send files in a way that won't attract to much attention (and can't really be prooved either). You can get it from: http://www.outguess.org/.
-
Grad Student's Guide to Automatic Weapons
Quoted from Olin Shivers' page at http://www.ai.mit.edu/people/ shivers/autoweapons.html
It's common knowledge that whenever you get two or more CS grad students together, the conversation will inevitably drift to the same topic: automatic weapons. Lately, we've noticed that whenever we attend a CS party, picnic, or bullsession, we always hear the same questions and discussions, usually from the younger grad students:
When I switched from guncotton to standard ball powder on my .223 loads, the gas ports on my M16 would clog like you wouldn't believe. Steer clear of that stuff.
You haven't cleared an ejection port jam until you've cleared one in the Hill district at 4:00 AM on a Saturday morning.
I want to mount an M60 in front of the sun roof of my Tercel, but the mounting bracket wasn't drilled for import cars. How did Josh Bloch do his?
What exactly are those special 'conference rounds' that Newell hand loads before AAAI every year?
Some of my friends at the MIT AI Lab don't like M203's because the grenade launcher adds too much weight, but I wouldn't have gotten out of IJCAI-85 in one piece if it hadn't been for those 40mm flechette rounds. What do you think?
Do you have to be a god-damned tenured professor to get teflon rounds at this place?
Does the 'reasonable person principle' cover hosing down a member of the Soar project after he's used the phrase 'cognitively plausible' for the fifteenth time in a 20 minute conference talk?
Where did Prof. Vrsalovic get that Kalashnikov AK-47?
I used to use Dri-Slide to lube my M16. How come my advisor says Dri-Slide is for momma's boys and Stanford profs?
Does the way Jon Webb keeps flicking the safety of his Mac-10 on and off at thesis defenses make you nervous, too?
In short, there is a lot of concern in this department for the proper care, handling and etiquette of automatic weapons. So as a service to the department, we are starting a two week daily series on "The Care and Handling of Your M16A1." Every day for the next two weeks, we will post on the wall outside our office the day's helpful hint on care and maintenance of that good old departmental standby: the M16A1. Our thanks to the US Army, whose training manuals we have shamelessly cribbed for material.
We would like to encourage other knowledgeable members of the CS community to share their expertise in a similar fashion. There is a real need for this kind of dialogue in the department. The new students come in here every fall, and are totally unequipped to handle the realities of graduate student life at CMU. Computability theory and lexical scoping are fine things to know about, but they just don't cut the mustard when somebody from the Psych department opens up on you with an Ingram set to full auto.
-the friendly automatic weapons enthusiasts of SkyCave1, Olin, Derek, and Allan
-
Re:.tar.F file? (nuts && ISO MIRROR)
D'oh! Guess the ISO is the way to go, then
:-)
Tucows doesn't seem to be running slow at all, but if others disagree, here's a little something that should help:
File: qnxrtp.iso
Size: 95911936
MD5 sum: 75c8dc3a42f80a85ef8c733a317d8ebd -
.tar.F file?
Anyone know what (duuuh heck) this is?
skunk:~$ file qnxrtp.tar.F
qnxrtp.tar.F: frozen file 2.1
skunk:~$
Anyway, for the sake of Tucow's bandwidth, I'm mirroring the file here. MD5 sum = 316236554639edf717a94026ee940812. -
What you always wanted to know about Hemos:
Jeff Bates is a co-founder of Slashdot.org, and executive editor of Slashdot.com
No, really! Right here! In related news, Battleship Potemkin will be screened tomorrow in 10-250 (I be damned if I know what that means, a hall number?). A classic movie, must see, no copyright, DVD, DeCSS, you get the picture.
-- -
Doug's coming too............
Douglas Adams will be there too.....Later date, though.
-
MapsOf course you'll want maps...:
CmrdTaco at 26-100
Hemos at Bartos Theater
--
-
MapsOf course you'll want maps...:
CmrdTaco at 26-100
Hemos at Bartos Theater
--
-
Subsumption architecture
Rodney Brooks has been working on his Cog project for the last several years, but before that he worked on a very similar idea to yours, called the subsumption architecture. A good quick overview can be gotten from one of Brooks's early papers, Elephants Don't Play Chess.
-
Subsumption architecture
Rodney Brooks has been working on his Cog project for the last several years, but before that he worked on a very similar idea to yours, called the subsumption architecture. A good quick overview can be gotten from one of Brooks's early papers, Elephants Don't Play Chess.
-
Subsumption architecture
Rodney Brooks has been working on his Cog project for the last several years, but before that he worked on a very similar idea to yours, called the subsumption architecture. A good quick overview can be gotten from one of Brooks's early papers, Elephants Don't Play Chess.
-
Constructing a G(R)EEK House
Have you ever been to a MIT Frathouse? Even "chicks" dig em.
-
Will this create havoc for maintainance?As a Mac and Linux user, I'm quite interested indeed in OS X. I haven't yet had the chance to look at the public beta release, but I look forward to doing so.
Making something that's derived from a unix-like OS easy to use certainly seems no easy task. Apple seems to be addressing this issue by trying to completely hide the BSD layer from the user. From a user-interface standpoint, I can understand this, but I wonder if it's going to create lots of problems with system maintainance. Wilfredo Sanchez's USENIX paper gives a few examples of problematic differences between the Mac and BSD systems. For example, since the pathname delimiter is a colon in MacOS and a slash in BSD, filenames have to be translated, and different programs will see the same file in different ways; likewise, Mac programs will often expect a file to have a resource fork, and BSD programs won't normally be aware of the resource fork. Apple seems to have addressed these issues, but their solutions still strike me as somewhat ugly hacks to intertwine two drastically different systems; it seems like this could cause problems in certain cases.
Sanchez also writes, "although we use BSD as the core system software, we do not want to require our users to understand how BSD works. Ideally, the typical Macintosh user does not even know that BSD is there. The very presence of such folders as 'usr' and 'etc' on disk is therefore awkward, and we hide those directories and their contents at the application level". I understand the reasoning for this, and I agree that having cryptically named folders floating around wouldn't help ease of use. At the same time, it's disturbing to me because the 'usr' and 'etc' directories do exist and presumably are critical to the operation of the system, and hiding them from the users is bound to cause problems if for some reason it's necessary to access them. Apple claims that it'll never be necessary to see these directories, but I'm skeptical; perhaps you won't encounter them in normal use, but what if something in them gets corrupted, or something? Hiding parts of the system from users sounds like it'll lead to a maintainability nightmare.
Another point, less significant but still non-trivial: the internals of OS X are massively different from those of any previous OS. This presumably means that expert users are going to have to learn anew how the system works in order to maintain it.
-
Database Updates in RAMIf you've got something like a DBM file that you're going to be doing absolutely massive numbers of updates on, it would be a slick idea to store that file on a RAMdisk so that updates wouldn't get forced out to disk on a regular basis.
Obviously this will be vulnerable to failure, but for something that collects massive quantities of statistics, such as Ifile, it can be worthwhile.
With Ifile, an early edition stored stats in DBM files, and would do simply massive numbers of increments to entries. On disk, this meant that for a relatively small mail spool, the analysis would take hours.
-
Who needs OpenGL?
Here is a black hole simulation at MIT in JAVA even!
-
Formal Specs
Some parts of such a metadata standard are easy: language, compiler, platform, architecture, etc. But once you start trying to document the actual functionality of your code, you get into some sticky territory that is still the domain of researchers at a number of universities. The problem first is to devise a language powerful enough to facilitate formal methods. The next problem is actually convincing people that it's worth all the effort to formalize their specs (I think it is, but there are many who disagree). The last problem is coming up with a search algorithm that is able to match specs. For this part, you can't just use a string match or unification algorithm... there's some deeper semantic and structural analysis that needs to be done to determine that a certain fragment of code meets the constraints you want. To make the whole problem even worse, we don't even know if such an algorithm is computable! So, a full-blown metadata standard seems a bit out of the question now, but if you're willing to lower your standards a bit, I bet you can whip up a more practical implementation (with some natural language thrown in).
-
Re:Reminiscent of 1995 MIT Case
In 1995, an MIT student named David LaMacchia was prosecuted for allegedly distributing copyrighted software via and FTP server he set up on MIT's Athena workstations.
He was prosecuted by the federal government under federal wire fraud statutes, but the case was dismissed because the judge found that copyright infringement cannot be prosecuted under the wire fraud statute.
I wonder if the DMCA has superseded this precedent (though the Massachusetts case may not apply in Oklahoma), which seemed to make FTP sites into "common carriers" in the eyes of the law. More information here.
I believe the reason they were prosecuting under the wire fraud statutes in the first place is that, at that time, they could not prosecute for copyright infringement unless the person was doing it for commercial or financial gain. That was changed, not by the DMCA, but by the No Electronic Theft Act, which allowed prosecution regardless, as long as the total amount of copyrighted material distributed exceeded a specific dollar value (IIRC, a few thousand dollars).
-
Reminiscent of 1995 MIT CaseIn 1995, an MIT student named David LaMacchia was prosecuted for allegedly distributing copyrighted software via and FTP server he set up on MIT's Athena workstations.
He was prosecuted by the federal government under federal wire fraud statutes, but the case was dismissed because the judge found that copyright infringement cannot be prosecuted under the wire fraud statute.
I wonder if the DMCA has superseded this precedent (though the Massachusetts case may not apply in Oklahoma), which seemed to make FTP sites into "common carriers" in the eyes of the law. More information here.
-
Here's one of the basic articles on the subject
Against Software Patents, by the League for Programming Freedom (founded mostly by RMS):
http://www-swiss.ai.mit.edu/6805/articles/int-prop /lpf-against-software-patents.html.
The article is a little bit out of date, but it does a good job of explaining the problems of software patents and has many specific examples. It's still a good introduction to the subject. -
Re:What is unauthorized use?
how I became a triple-felon while doing my job
Randal, was it your job to secure the systems whose password files you ran Crack against? Was it your job to audit the security of those systems? Were all of the systems whose password files you ran Crack against a threat to the security of the systems you were responsible for? What Intel and the State of Oregon did to you is outrageous, but you weren't just "doing your job". (If anyone is interested, here's another view of the story.) -
Re:Americans are Hypocrites
To a great extent, we are the corporate power. Never before in American history has so much money been invested in the stock market by so many people. We own our oppressor.
This is a common fallacy. Have a look at the numbers. As of 1989, nearly 90% of stocks, bonds, trusts, and business equity were owned by the richest 10% of the population -- more than 50% by the richest 1%. Since then that share has continued to rise. Don't believe the hype. -
Cross-platform support and standard compilers.C compilers are available on any platform you care to mention. More, the capabilities of the C compilers have become so standardised that many people mistake them for language features. This has created such a wide base that C has an unstoppable momentum.
In some ways Pascal is a superior language (YMMV) which may people find easier to learn. Borland created an excellent compiler and language implementation. The smart-linking was much superior to the everything-linked-in-statically model of Microsoft's DOS C compiler. So why didn't it win on the DOS platform? It was a one-platform product, there being no cross-platform equivalents of Borland Pascal and the advantages of Borland's product on the DOS platform were irrelevant to other architectures/OS's. So it couldn't compete with the momentum of C and all the C-coded apps being ported to DOS (and mangled in the process).
A solution doesn't have to be the best to win, it only has to be just good enough. There's a great article by Richard P. Gabriel on this point, The Rise of Worse-is-better. It's actually part of a bigger article about the failures and successes of Lisp, Lisp: Good News, Bad News, How to Win Big which is all very relevant to your question.
-
Fractal compression didn't really work well.
Simply put, fractal compression was a neat idea that never really worked well. For some quick information the comp.compression FAQ part 1, search for "Subject: [17]". For a long history of fractal compression, check the comp.compression FAQ, part 2, search for "Subject: [77]".
-
Fractal compression didn't really work well.
Simply put, fractal compression was a neat idea that never really worked well. For some quick information the comp.compression FAQ part 1, search for "Subject: [17]". For a long history of fractal compression, check the comp.compression FAQ, part 2, search for "Subject: [77]".
-
Lotus won the battle...
...but lost the war on appeal.
<O
( \
XGNOME vs. KDE: the game! -
What happened to Lotus
other companies said "woah, good idea" lotus tried to sue them for incorperating "lotus-like menus". Fortunatly Lotus lost, or the suit was dropped or something. (I forget which)
Lotus won, but it was overturned.
<O
( \
XGNOME vs. KDE: the game! -
Wasn't it reversed on appeal?
Wasn't the Lotus v. Borland case reversed on appeal? See also Tetris Under Fire.
<O
( \
XGNOME vs. KDE: the game! -
That's not the problemNetscape's problems with maintaining a stable and secure codebase are not to do with a haphazard software design methodology. Their problems are more fundamental than that. In my opinion, Netscape's problems stem from the fact that they coded Navigator/Communicator in the wrong language.
There have been several recent articles in some of the major software engineering journals, which question the feasibilty of using C or C++ for large projects. C/C++ have been demonstrated to be unsuitable for todays huge software projects, and all other software companies who persevere with C/C++ will eventually run into the same problems as Netscape.
So what is the solution? The academic community's research advocates the use of a new programming language, Logo, in order to solve the problem of scalability. The amazing levels of abstraction provided by Logo mean that Logo is certain to become the major programming language of the future.
-
That's not the problemNetscape's problems with maintaining a stable and secure codebase are not to do with a haphazard software design methodology. Their problems are more fundamental than that. In my opinion, Netscape's problems stem from the fact that they coded Navigator/Communicator in the wrong language.
There have been several recent articles in some of the major software engineering journals, which question the feasibilty of using C or C++ for large projects. C/C++ have been demonstrated to be unsuitable for todays huge software projects, and all other software companies who persevere with C/C++ will eventually run into the same problems as Netscape.
So what is the solution? The academic community's research advocates the use of a new programming language, Logo, in order to solve the problem of scalability. The amazing levels of abstraction provided by Logo mean that Logo is certain to become the major programming language of the future.
-
That's not the problemNetscape's problems with maintaining a stable and secure codebase are not to do with a haphazard software design methodology. Their problems are more fundamental than that. In my opinion, Netscape's problems stem from the fact that they coded Navigator/Communicator in the wrong language.
There have been several recent articles in some of the major software engineering journals, which question the feasibilty of using C or C++ for large projects. C/C++ have been demonstrated to be unsuitable for todays huge software projects, and all other software companies who persevere with C/C++ will eventually run into the same problems as Netscape.
So what is the solution? The academic community's research advocates the use of a new programming language, Logo, in order to solve the problem of scalability. The amazing levels of abstraction provided by Logo mean that Logo is certain to become the major programming language of the future.
-
Re:Why not GPL?
In all fairness, this latest incident may have never happened to begin with if the code was GPL'd from the start.
How? The code is not GPL'd for sure, but it sure as hell is open for us to see. Just because it uses the MITPGP License not the GPL does not make it any less secure.
...it would have likely been an option that could easially be left out...
It is an option that is easially left out. Just dissable it. Or, for that matter, don't complile it in, just as you would have the option of doing so with GPL'd code.
I really don't see what the big deal is that this doesn't use GPL. For security purposes, one Open Source License is just as good as the next. -
Re:Why not GPL?
In all fairness, this latest incident may have never happened to begin with if the code was GPL'd from the start.
How? The code is not GPL'd for sure, but it sure as hell is open for us to see. Just because it uses the MITPGP License not the GPL does not make it any less secure.
...it would have likely been an option that could easially be left out...
It is an option that is easially left out. Just dissable it. Or, for that matter, don't complile it in, just as you would have the option of doing so with GPL'd code.
I really don't see what the big deal is that this doesn't use GPL. For security purposes, one Open Source License is just as good as the next. -
MIT Flea
Those who are interested in the MIT event should probably check out the flyer.
It's a relatively well-attended event, although the hardware (and software) available ranges from antique (vacuum tubes and all) to the relatively new (PII-range tech). Decent prices, however, and you can generally get whatever you're looking for.
-
Re:The networked visionIt always seems to be Sony that brings about a revolution in electronics, be it the Walkman, or the DVD.
I don't think its fair to credit Sony alone for the revolutionary developments in electronics of the last 25 years. Both the CD and DVD formats were developed in collaborations with others (primarily Phillips if my memory serves correctly). And when one thinks of a "revolution" spawned by Sony its hard not to think immediately of Betamax and its ultimate failure.
I think the important question to ask as Sony enters the PDA business is what new ideas are they going to bring to the product? The CNET story states "Analysts expect Sony to eventually release a family of devices that will feature stronger multimedia and wireless capabilities than the Clie." Wireless capabilities? Can you say Palm VII? Multimedia? Thank you, marketing! To consider a development in the PDA world revolutionary, I would look to some major change in the way that we interact with the device rather than just additional bells and whistles. (I'm thinking something along the lines of wearables.
-
join " !Link Club " - distribute without linkingthe article states:
There are two ways to stop this. One is for everyone to comply. The other is for DeCSS to show up EVERYWHERE - on a much more massive scale than ever before. The MPAA would be spending so much in the way of time and resources that they might even have to stop judging movies.
Actually, we can do BOTH. The solution is to distribute deCSS widely, but not link to it - but make it understood how to acquire it easily.
Everyone with a domain should put deCSS in webroot. Don't link to it, but make it standard - you should be able to go to any website you want and type in http://www.domainname.com/deCSS.zip and bingo! you download the file. But nary an <a href=""> anywhere!
Every webmaster on every site, commercial, private, personal, educational - should put deCSS in webroot. Imagine:
webmasters, unite! Civil Obedience on a grand scale! !Link !
let's show the MPAA it isn't linking per se they should fear, but the power of people to resist in an organized way when their rights are taken away for corporate gain. or, more colloquially...
The First Rule of Link Club is: you don't talk about !Link Club
The Second Rule of !Link Club is: YOU DON'T TALK ABOUT !LINK CLUB.
The Third Rule of !Link Club is: if this is your first night, you WILL put deCSS in webroot!
JOIN !LINK CLUB! spread the word...
JOIN !LINK CLUB! -
Re:Not yet...
- http://xgov.net/dvd/DeCSS.zip and http://xgov.net/dvd/decss.tar.gz
- http://www.2600.com/news/1999/11 12-files/DeCSS.zip/ and http://www.2600.com/news/1 999/1112-files/css-auth.tar.gz
- http://douglas.min.net/~drw/css-auth/
- http://www.devzero.org/freecss.html
- http://www.chello.nl/~f
.vanwaveren/css-auth/css-auth.tar.gz - http://www.geociti es.com/ResearchTriangle/Campus/8877/index.html
- http://www.angelfire.com/mt/popefelix/
- http://www.vexed.net/CSS
- http://members.brabant.chello.nl/~j.vr eeken/
- http://www.dvd.eavy.de/css-auth.tar.gz and http://www.dvd.eavy.de/DeCSS.zip
- http://www.eavy.net/stuff/dvd/css-aut h.tar.gz and http://www.eavy.net/stuff/dvd/DeCSS.zip
- http://frozenlinux.com/local/decss/in dex.html
- http://www.unitycode.org/
- http://dirtass.beyatch.net/decss.zip
- http://decss.tripod.com/index.html
- http://www.free-dvd.org.lu/
- http://www.angelfire.com/in2/mirror/
- http://batman.jytol.fi/~vuori/dvd/
- http://www.zpok.demon.co.uk/deCSS/CSS.ht ml
- http://plato.nebulanet.net:88/css/
- http://www.logorrhea.com/main.html
- http://people.delphi.com/salfter/LiVi d.tar.gz
- ftp://193.219.56.32/pub/dvd/LiVi d.CVS-11.06.tar.gz and ftp://193.219.56. 32/pub/dvd/LiVid.CVS-11.06.css-stuff-only.tar.gz
- http://merlin.keble.ox.ac.uk/~a drian/css/index.html
- http://www.dvd-copy.com/
- http://www.zip.com.au/~cs/dvd/css
/css-auth.tar.gz and http://www.zip.com.au/~cs/dvd/css/DeCSS .zip - http://www.sent.freeserve.co.uk/css -auth.tar.gz and http://www.sent.freeserve.co.uk/DeCSS.zip
- http://www.lemuria.org/DeCSS/
- http://members.theglobe.com/avoiderm an/dvd.htm
- http://humpin.org/decss/
- http://www.twistedlogic.com/htm l/tl_archive_map.htm
- http:/
/munitions.polkaroo.net/software/algorithms/stream ciphers/decss.tar.gz - http://muni tions.dyn.org/software/algorithms/streamciphers/d
e css.tar.gz - http://uk1. munitions.net/software/algorithms/streamciphers/d
e css.tar.gz - http://muni tions.firenze.linux.it/algorithms/streamciphers/d
e css.tar.gz - http://www.irgendeinedomain.de/decs s/index.html
- http://therapy.endorphin.org/DVD/
- http://killer.discordia.ch
/Politics/Copyprotection.phtml - http://linuxvideo.org/
- http://www.geocities.com/SiliconV alley/Port/3224/
- ftp://ftp.one.net/pub/user s/dmahurin/files/software/dvd/
- ftp://ftp.charm.net/pub/usr/home/dutch/ or http://www.charm.net/~dutch/
- http://dsl129.drizzle.com:2001/downlo ads/DVD/
- http://perso.libertysurf. fr/ortal98/dvd_rip/decss_12b.zip
- http://users.drak.net/bem ann/software/css/css-auth.tar.gz and http://users.drak.net/bemann/so ftware/css/DeCSS.zip
- http://www.angelfire.com/movies/decss
- http://www.angelfire.com/myband/decss/
- http://josefine.ben.tuwien.ac.at/~davi d/dvd/
- http://www.c0ke.com/DVD/
- http://rockme.virtualave.net/
- http://amor.rz.hu-berlin.de/~h0444t2v/
- http://www.quintessenz.at/q/index.html
- http://www.dvdlinks.co.uk/css/
- http://www.fortunecit y.com/tinpan/tylerbridge/679/dvdcss.html
- http://www.crosswinds.net/~valo/DeCSS/
- http://members.home.com/christopherlee/ dvd/
- http://members.xoom.com/freedecss/
- http://63.225.181.97/decss/
- ftp://alma.dhs.org/pub/DVD/
- http://www.dynamsol.com/satanix/DeCSS.zip and http://www.dynamsol.com/satanix/css -auth.tar.gz
- http://mun itions.cifs.org/software/algorithms/streamciphers
/ decss.tar.gz - http://www.able-towers.com/~flow/
- http://www.cgocable.net/~jdionne/css/
- http://people.mn.mediaone.net/bojay/s lashdot/
- http://www.capital.net/~mazzic
- http://24.108.23.121/DeCSS/
- http://ananke.hack.pl/
- http://www.geocities.com/donotsueme/
- http://members.tripod.com/donotsueme/
- http://donotsueme.homepage.com
- http://www.homestead.com/donotsueme/ index.html
- http://donotsueme.freeservers.com/
- http://www.angelfire.com/punk/donotsueme/
- http://www.rz.uni-frankfurt.de/~marsie/
- http://209.178.22.9/protest/
- http://www.bard.org.il/~marc/dvd
- http://www.geocities.com/RainFor est/4360/decss.zip
- http://www.altern.com/tfagart/decss.zip
- http://www.itouch.net/~jm/dvd.html
- http://ils.unc.edu/inls183/resources
.shtml#DVD - http://avdira.cc.duth.gr/~kkonstan/css/
- http://www.multimania.com/sxpert/decss/
- http://www.posexperts.com.pl/peopl e/wrobell/css/
- http://www.koek.net/dvd/
- http://www.cyberchrist.org/freecss.html
- http://www.ozemail.com.au/~cybe rchrist/freecss.html
- http://www.planet.net.au/~coram/
- http://www.geek.co.il/css/
- http://www.datacomm.ch/adrien/decss/ index.html
- http://home.rmci.net/bert/fuckthelawyers/
- http://unimatrix.dyndns.org/fucklawyers/
- http://www.isn.net/~dsimeone/DeCSS.zip
- http://logical-solutions.com.au/DeCSS.zip
- http://www.sarahandcasey.com/decss/
- http://www.fsp.com/
- http://www.warren-wilson.edu/~echerry/dvd
- http://www.mafkees.com/dvd
- http://dB.org/dvd/
- http://dcwi.com/~wench/decss
- http://dvdcss.newmail.ru
- http://www.subcor.com
- http://www.frankw.net/decss
- http://danger-island.com/~dav/any.lawyer.who/quot
e s.this.url/gives.permission/for .his.residence.to.be.searched/any.bootleg.audio/vi deo/tape.found/nullifies.legal.and.moral .standing/ - http://www.fortunecity.com/vi ctorian/parkwood/95/DVD/
- http://www.asleep.net/dvd
- http://members.xoom.com/NiKeX
- http://www.geocit ies.com/ResearchTriangle/Station/2819/index.html
- http://www.execpc.com/~unicorn/dvdmirr or.htm
- http://members.xoom.com/chapter3/Mamma No.htm
- http://wiw.org/~drz/css/
- http://merlinjim.freeservers.com/dvd/
- http://www.visi.com/~adept/liberty
- http://mikedotd.penguinpowered.com/deccs
- http://www.ct2600.org/2600-DVD.html
- http://magic.hurrah.com/~fireball/dvd/
- http://www.jonhanson.com/dvd
- ftp://ftp.foon.net/pub/decss
- http://osiris.978.org/~brianr/css/
- http://earnestdesigns.com/dvd
- http://www.satl.com/~satlpop6/
- http://xempt.darpa.org:81/decss/
- ftp://cm-d0415.resnet.ucsc.edu/p ub/css-auth.tar.gz
- http://www.mit.edu/afs/sipb/user
/mycroft/css-auth/ - http://www.eyrie.demon.co.uk/derek/dvd/c ss
- http://ananke.hack.pl
- http://budice.ancients.net/www.free -dvd.org.lu/
- http://defiance.darktech.org/decss/
- http://kesagatame.tripod.com
- http://www.angelfire.com/pokemon/decss
- http://www.gnosis.cx/download/DeCSS.zip
- http://bone.powersurfr.com/DeCSS/
- http://wakeupthe.net/dvd/
- http://everest.yooniks.org/dvd
- http://cubicmetercrystal.com/decss/
- http://analyzethis.acmecity.com/triboro
/90/ - http://homepages.together.net/~ib nzahid/DeCSS.zip
- http://www.save2600.8m.com
- http://people.ne.mediaone.net/dantepsn/
- http://members.xoom.com/mxpxguy/dvd/
- http://decss.fall0ut.com
- http://vedaa.tripod.com/decss.html
- http://members.xoom.com/iox
- http://www.hackunlimited.com/dvd/
- http://hem.fyristorg.com/police/css.htm
- http://elknews.netpedia.net/dvd/
- http://www.idrive.com/decss/web
- http://quintessenz.at/q
- http://www.clug.com/~vodak/dvd/
- http://www.nacs.net/~vodak/dvd/
- http://ny2600.iwarp.com
- http://www.wpi.edu/~nassar/dvd/
- http://www.glue.umd.edu/~castongj
- http://www.geocities.com/cold_dvd/
- http://www.projectgamma.com/deccs/
- http://members.xoom.com/mogreen/decss/
- http://thrash.webjump.com/decss.zip
- http://www.angelfire.com/de2/decss/dec ss.htm
- http://www.krackdown.com/decss
- http://www.ithink.org/dvd/
- http://www.fortunecit y.com/skyscraper/motorola/1415/decss.htm
- http://chaz.fsgs.com/misc/DvD/
- http://www.linuxstart.com/~kv ance/projects/decss.html
- http://www.darkkingz.com/DeCSS.zip
- http://come.to/intelex
- http://ebmedia.net/dvd/
- http://www.geocities.com/decss_forever/
- http://revolution.3-cities.com/~spack/dv d/
- http://www.geocities.com/Sili conValley/Software/8762/
- http://members.xoom.com/s_o_sam/help.html
- http://smokering.org
- http://www.sent.freeserve.co.uk/css -auth.tar.gz
- http://dlsf.org
- http://home.rmci.net/bert/dvd
- http://thrash.webjump.com/decss.zip
- http://linux.uci.agh.edu.pl/~outlaw/ decss.html
- http://debian.mps.krakow.pl/mirror/css/
- http://www.fission.org/~mangino
- http://212.187.12.197/decss/
- http://www.clarkson.edu/~andrixjr
/decss/DeCSS.zip - http://www.geocities.com/Capitol Hill/1583/dvd.html
- http://members.xoom.com/freedecss/
- http://www.csd.net/~cgadd/dvd.htm
- http://www.members.home.net/normanlorrai n/
- http://home.swipnet.se/~w-18931/decss/
- http://home.soneraplaza.nl/qn/prive/v alhalla/
- http://www.robotslave.net
- http://www.angelfire.com/punk/freedom/
- http://www.corova.com/dvd/
- http://2600.dk/mirrors/css/
- http://dvdcrack.homepage.com
- http://www.copkiller.org
- http://www.worldcity.nl/~frank/dvd
- http://members.xoom.com/iamkeenan/master/
- http://www.adulation.net/css/
- http://homepage.interacces s.com/~mycroft/decss/DeCSS.zip
- http://underground.pl/dvd/
- http://members.xoom.com/nyc2600
- http://zerosoft.hypermart.net/warez/ DVDcrK.txt
- http://www.deforest.org/CSS
- http://nickd.org/decss
- http://www.xenoclast.demon.co.uk/main.ht ml
- http://www.ctol.net/~ross/css-auth.tar.gz
- http://www.xenoclast.demon.co.uk/main.ht ml
- http://www.ctol.net/~ross/css-auth.tar.gz
- http://www.geocities.com/SiliconV alley/File/3635/
- http://members.xoom.com/a1010_2000/
- http://decss.globalservice.hu/
- http://xgov.net/dvd/DeCSS.zip and http://xgov.net/dvd/decss.tar.gz
-
Re:I don't know if it qualifies, but...I thought of this also. I started as a freshman at MIT in 1991, and Zephyr was already very widespread. As far as database use, it used both Hesiod and Kerberos.
Hesiod, according to this, is: The Hesiod name service allows an application to retrieve associations between a name, a particular type of service, and information about that named service. Some examples of this are course locker names and system libraries, other RVD or NFS lockers, usernames and passwd entries as found in
/etc/passwd, printer information, such as might be found in /etc/printcap, service and mailbox locations, and service-to-port mappings, such as are found in /etc/services. -
I don't know if it qualifies, but...I was thinking the Zehpyr message system might apply.
It was created at MIT around 1990, or at least the document about it has Feb. 1990 as its first revision date.
It's an instant messaging system, and as such, has some clients (some X clients, some tty, etc.), a distributed network, and servers which keep track of users, messages, and other stuff. Users can/could "subscribe" to certain classes of messages, which in effect causes the server to apply different filters to the messages that get percolated over the network to each user.
Try the above URL for some documentation, here's more of the old docs (postscript format).
I can't really help you with contact information, but I'm sure there are a couple emails listed in the documentation somewhere.
-
I don't know if it qualifies, but...I was thinking the Zehpyr message system might apply.
It was created at MIT around 1990, or at least the document about it has Feb. 1990 as its first revision date.
It's an instant messaging system, and as such, has some clients (some X clients, some tty, etc.), a distributed network, and servers which keep track of users, messages, and other stuff. Users can/could "subscribe" to certain classes of messages, which in effect causes the server to apply different filters to the messages that get percolated over the network to each user.
Try the above URL for some documentation, here's more of the old docs (postscript format).
I can't really help you with contact information, but I'm sure there are a couple emails listed in the documentation somewhere.
-
xrn
xrn is the X-windows front end to NNTP news.
I don't know when it was created, but xrn has been around a while. It's on version 9.02 by now.
I guess it's not really a "relational" database, though, but it certainly is a 3-tier database with X-windows front end. -
Other early (ARPA|UUCP)net archives
Here's an interesting archive of early 80's TELECOM-Digest. Remeber, at the time, ARPAnet and Usenet were not connected. UUCPnet users had to use a bangpath (...!ucbvax!telecom), while ARPAnet could use the now-familiar CSVAX.telecom-link@Berkeley (note the lack of
.edu).This list later became fa.telecom on Usenet. fa. groups were newsgoups ported from ARPAnet. In 1985, the group became comp.dcom.telecom when Usenet was reorganized.
---
In a hundred-mile march, -
Re:Random Street Corner
Forget about ad potential, can you imagine standing at a street corner and hearing, "THIS IS THE VOICE OF GOD!
Actually the article states that " frequency response, depending on size, extends down to a few hundred Hertz."
I think people will be more surprised than alarmed to discover that the 'voice of god' is a soprano .
- Derwen -
Fix is out
Tell your Windows friends that the MIT non-free freeware Win32 version has already been updated to fix this.
http://web.mit.edu/network/pgp.html
Tell your Linux friends that they should be using GPG anyway.