Slashdot Mirror

http://www.rahul.net/flash/spu...
http://forums.delphiforums.com...

Too bad that for US, the great firewall is like the one in this joke. Most of internet is in, or you access it thru US, and even for things that are outside have enough power in a way or another to show down them remotely, how they did i.e. with megaupload or a lot of torrent sites overseas.

First, a little history. The X window system escaped from Project Athena at MIT where it was being held in isolation. When notified, MIT stated publically that "MIT assumes no resonsibility...". This is a very disturbing statement. It then infiltrated Digital Equipment Corporation, where it has since corrupted the technical judgement of this organization.

After sabotaging Digital Equipment Corporation, a sinister X consortium was created to find a way to use X as part of a plan to dominate and control interactive window systems. X windows is sometimes distributed by this secret consortium free of charge to unsuspecting victims. The destructive cost of X cannot even be guessed.

Don't be fooled! Just say no to X.

There was a classic article from back in 1984 comparing the relative benefits and costs of getting a Macintosh or a Cairn Terrier. A cairn terrier is a dog like Toto. Costs less than the Mac, probably has less memory, can't do astrophysics, does a much better job of playing fetch, good with kids.

ask this guy. He knows everything about the X Window System.

Yes, but most mid-level and top-level network providers refuse to do anything about their misbehaving clients, citing concerns such as "common carrier status" and "we have no policy for that" and "contact the registering entity" and "contact abuse@spamserver.com". This has been going on for years in various ways, especially for the 'legal' bulk advertisers as opposed to fraudulent spammers, and 'legal' spam for pyramid schemes, spam that is in complete compliance with the the USA's 'CAN-SPAM' laws but is nevertheless unwanted, excessive, and damaging to recipients.

While their peer or upstream providers will be targets for shutdown requests, they've been historically extremely reluctant to act. Look into the history of agis.net and Cyberpromo to see how a spamming domain can remain active for months and even years, continuing to gather civil and criminal lawsuits, while their upstream provider refuses to act. A list of domains who eventually disconnected Cyberpromo is at http://www.rahul.net/falk/Cp/, and the amazing thing is the length of time that each of them permitted the activity to go on. The final trigger that stopped their last haven, agis.net, from serving Cyberpromo was the series of DOS attacks that hindered agis.net from serving any of their more legitimate customers.

How would we go about replacing X-windows? It seems to be one of those API's that if you tried to replace it with something "simpler and more modern", by the time the developers added the features that everyone else wanted, we would be back to what we had already. The wikipedia entry for the X-Window System"> explains why the designers made the decisions that they made.

Just by looking at all the research papers and articles that have been published relating to X-windows: X-windows, there seems to be plenty that needs to be changed/added/optimized/enhanced.

I wonder how relevant is the paper: "Why X Is Not Our Ideal Window System" today, considering it was written just over 18 years ago.

The admin in question is Reynolds' right-hand-man, Bradley Allison. And yes, he really is that stupid. In court, he testified [p.138] under oath that he didn't know what port 25 was, or whether or not you could use telnet to connect to a mail server.

*Looks like the guy on this site is a co-defendant with David Ritz, so maybe not the most reliable source.

I kid you not. The Judge ruled that "In all intended uses of a zone transfer, the secondary server is operated by the same party that operates the primary server." The original complaint is here.

Ritz was a thorn in Reynolds' side during the years when Ritz was trying to get the Netzilla/Sexzilla porn spam operation to stop spamming. Reynolds has been quite aggressive in trying to get his past erased from the net (including forged cancel posts). The North Dakota Judge also awarded attorneys fee which could theoretically make the total bill over $500k for doing a domain zone transfer. (I believe they had claimed $250k in attorney fees in their failed suit against Ed Falk) Reynolds also filed a criminal complaint against Ritz which was on hold pending resolution of this trial.

Here is a literal worst-case scenario of what can happen when a court fails miserably to understand technology. The judge ruled:

The scary sounding port scanning/hijacking computers is posting a test message through one of Verizon's machines to prove to Verizon they had an open relay --i.e. posting to 0.verizon.security via the relay a note to Verizon's security saying "What's it going to take to get you to secure this gaping hole in what you call your network," or words to that effect. Verizon apparently had no problem with the demo post and closed the relay.

Take note, for those anti-spammers out there, this Judge is ruling that if you post the whois record for a spammer's domain your are doing a malicious, tortious act. If you telnet to a spammer's mail server and type HELO or VRFY you're illegally impersonating a mail server.

It seems clear that the Judge for whatever reason really, really, really didn't like the Defendant Ritz. But the Judge seems to want no sunshine on her trial because she ordered the entire affair sealed, except of course for her judgments of "facts."

There is a legal defense fund that was set up for his case. I believe he does not have the resources to appeal and this would be a very bad precedent to stand.

Here's the code the _civil_ lawsuit is based on:

2. A person commits computer crime by intentionally and either in excess of authorization given or without authorization gaining or attempting to gain access to, altering, damaging, modifying, copying, disclosing, taking possession of, introducing a computer contaminant into, destroying, or preventing the authorized use of any computer, computer system, or computer network, or any computer software, program, or data contained in the computer, computer system, or computer network. A person who commits computer crime is guilty of a class A misdemeanor.

I kid you not. The Judge ruled that "In all intended uses of a zone transfer, the secondary server is operated by the same party that operates the primary server." The original complaint is here.

Ritz was a thorn in Reynolds' side during the years when Ritz was trying to get the Netzilla/Sexzilla porn spam operation to stop spamming. Reynolds has been quite aggressive in trying to get his past erased from the net (including forged cancel posts). The North Dakota Judge also awarded attorneys fee which could theoretically make the total bill over $500k for doing a domain zone transfer. (I believe they had claimed $250k in attorney fees in their failed suit against Ed Falk) Reynolds also filed a criminal complaint against Ritz which was on hold pending resolution of this trial.

Here is a literal worst-case scenario of what can happen when a court fails miserably to understand technology. The judge ruled:

The scary sounding port scanning/hijacking computers is posting a test message through one of Verizon's machines to prove to Verizon they had an open relay --i.e. posting to 0.verizon.security via the relay a note to Verizon's security saying "What's it going to take to get you to secure this gaping hole in what you call your network," or words to that effect. Verizon apparently had no problem with the demo post and closed the relay.

Take note, for those anti-spammers out there, this Judge is ruling that if you post the whois record for a spammer's domain your are doing a malicious, tortious act. If you telnet to a spammer's mail server and type HELO or VRFY you're illegally impersonating a mail server.

It seems clear that the Judge for whatever reason really, really, really didn't like the Defendant Ritz. But the Judge seems to want no sunshine on her trial because she ordered the entire affair sealed, except of course for her judgments of "facts."

There is a legal defense fund that was set up for his case. I believe he does not have the resources to appeal and this would be a very bad precedent to stand.

Here's the code the _civil_ lawsuit is based on:

2. A person commits computer crime by intentionally and either in excess of authorization given or without authorization gaining or attempting to gain access to, altering, damaging, modifying, copying, disclosing, taking possession of, introducing a computer contaminant into, destroying, or preventing the authorized use of any computer, computer system, or computer network, or any computer software, program, or data contained in the computer, computer system, or computer network. A person who commits computer crime is guilty of a class A misdemeanor.

I kid you not. The Judge ruled that "In all intended uses of a zone transfer, the secondary server is operated by the same party that operates the primary server." The original complaint is here.

Ritz was a thorn in Reynolds' side during the years when Ritz was trying to get the Netzilla/Sexzilla porn spam operation to stop spamming. Reynolds has been quite aggressive in trying to get his past erased from the net (including forged cancel posts). The North Dakota Judge also awarded attorneys fee which could theoretically make the total bill over $500k for doing a domain zone transfer. (I believe they had claimed $250k in attorney fees in their failed suit against Ed Falk) Reynolds also filed a criminal complaint against Ritz which was on hold pending resolution of this trial.

Here is a literal worst-case scenario of what can happen when a court fails miserably to understand technology. The judge ruled:

The scary sounding port scanning/hijacking computers is posting a test message through one of Verizon's machines to prove to Verizon they had an open relay --i.e. posting to 0.verizon.security via the relay a note to Verizon's security saying "What's it going to take to get you to secure this gaping hole in what you call your network," or words to that effect. Verizon apparently had no problem with the demo post and closed the relay.

Take note, for those anti-spammers out there, this Judge is ruling that if you post the whois record for a spammer's domain your are doing a malicious, tortious act. If you telnet to a spammer's mail server and type HELO or VRFY you're illegally impersonating a mail server.

It seems clear that the Judge for whatever reason really, really, really didn't like the Defendant Ritz. But the Judge seems to want no sunshine on her trial because she ordered the entire affair sealed, except of course for her judgments of "facts."

There is a legal defense fund that was set up for his case. I believe he does not have the resources to appeal and this would be a very bad precedent to stand.

Here's the code the _civil_ lawsuit is based on:

2. A person commits computer crime by intentionally and either in excess of authorization given or without authorization gaining or attempting to gain access to, altering, damaging, modifying, copying, disclosing, taking possession of, introducing a computer contaminant into, destroying, or preventing the authorized use of any computer, computer system, or computer network, or any computer software, program, or data contained in the computer, computer system, or computer network. A person who commits computer crime is guilty of a class A misdemeanor.

Use of X is not safe:

http://www.rahul.net/kenton/xvirus.html

Don't be so sure about that "modifying parameters" part. I sure see a lot of pink stuff with "Subject:" lines of "%SUBJECT" and so forth. Certainly doesn't lead you to doubt Rule #3 of the Rules of Spam.

Lynx and if you download the source code version it's 3.1 megabytes... plus you need cygwin which is another 160 MB... The actual binary file itself is probablly a lot smaller, but if you've still got DOS lying around http://www.rahul.net/dkaufman/ that site has the dos version which is only 2.4 megabytes.

IMO the latter vendor dependent death march is the the major outside factors for the failure of large software projects. In most cases, in house development teams just cannot keep up with the vendor brand-new-innovative-reason-to-upgrade "features" of each release.

Larger in-house projects take around one to three years to mature, and need around a seven year window to recover the ROI. Porting existing software to the vendors new system often takes more effort than the development of the original software ( pity the Visual Basic coders who have to upgrade millions of lines of VB to VB.NET ).

One solution to the Vendor Dependent Death March is to build upon stable vendor independent foundations, augmented with open sourced software.

Over the two decades one api set has remained relatively constistantly implemented by all OS vendors : POSIX . Linux and all of the Unix based systems implement native APIs that follow the POSIX standard closely, and some offer fully compliant libraries as an add on. The Linux standard basealso offer a cross vendor foundation.

The above solid foundation can be safely augmented using open source licensed software, by being rebuilt in house so that it runs from subdirectories of the project ( /opt/[organization]/[project]/[package] ). The distribution/OS Vendor can then ship conflicting versions of dependent packages without it breaking the project code. The in house developers can then test and port to the new version at their leisure.

Vendor dependent user interface systems are fickle and often are the braking point for many failed in house projects. The solution is to build client/server code that uses a standard browser interface or use a standard GUI networked interface that has remained backwardly compatable to application written back in 1986: The X[11] Protocol. You can have a X based application running on a server sitting behind an internal firewall and it will run productively for over a decade. Every OS platform has multiple vendors who supply X11 client side servers, this is one interface that is futureproof.

When interfacing with any changeable or vendor specific system , build a connecting system that runs as standalone binary ( or plugin DDL ) that sits between the project code and the application/library. Future developers can quickly hack the independent module without touching the base project source code. This strategy has saved my sanity a number of times.

If at all possible ( subject to NDAs ) develop as much of the code as possible as an open source project. Even if only a couple of other individuals or organizations end up deploying software from the same base, it will give your developer and managers feedback from outside developers who often more free of the inside office politics to give a more honest opinion on the quality of the source code.

Repost

Or you can still use a Windows version:

http://www.rahul.net/dkaufman/

and see how many of your favorite websites are usable with Lynx. I remember the good 'ol days when designing websites for text-based browsers was still the number one priority. After all, those Digital VT-200's could only do so much!

IMO the latter vendor dependent death march is the the major outside factors for the failure of large software projects. In most cases, in house development teams just cannot keep up with the vendor brand-new-innovative-reason-to-upgrade "features" of each release.

Larger in-house projects take around one to three years to mature, and need around a seven year window to recover the ROI. Porting existing software to the vendors new system often takes more effort than the development of the original software ( pity the Visual Basic coders who have to upgrade millions of lines of VB to VB.NET ).

One solution to the Vendor Dependent Death March is to build upon stable vendor independent foundations, augmented with open sourced software.

Over the two decades one api set has remained relatively constistantly implemented by all OS vendors : POSIX. Linux and all of the Unix based systems implement native APIs that follow the POSIX standard closely, and some offer fully compliant libraries as an add on. The Linux standard base also offer a cross vendor foundation.

The above solid foundation can be safely augmented using open source licensed software, by being rebuilt in house so that it runs from subdirectories of the project ( /opt/[organization]/[project]/[package] ). The distribution/OS Vendor can then ship conflicting versions of dependent packages without it breaking the project code. The in house developers can then test and port to the new version at their leisure.

Vendor dependent user interface systems are fickle and often are the braking point for many failed in house projects. The solution is to build client/server code that uses a standard browser interface or use a standard GUI networked interface that has remained backwardly compatable to application written back in 1986: The X[11] Protocol. You can have a X based application running on a server sitting behind an internal firewall and it will run productively for over a decade. Every OS platform has multiple vendors who supply X11 client side servers, this is one interface that is futureproof.

When interfacing with any changeable or vendor specific system , build a connecting system that runs as standalone binary ( or plugin DDL ) that sits between the project code and the application/library. Future developers can quickly hack the independent module without touching the base project source code. This strategy has saved my sanity a number of times.

If at all possible ( subject to NDAs ) develop as much of the code as possible as an open source project. Even if only a couple of other individuals or organizations end up deploying software from the same base, it will give your developer and managers feedback from outside developers who often more free of the inside office politics to give a more honest opinion on the quality of the source code.

Sure you can.

But who wants tens of megabytes of general-purpose Java cruft sitting around just for a glorified biff(1)?

Doesn't Windows start slow enough already?

A normal bicycle rolling on the Earth is a wheel with the same shape as the surface.

That'd be true if the Earth were a Ringworld...

It's available from GNU, it can be used with C programs, Perl scripts, PHP, Python, etc. It's databasing at its simplest. I use it myself. It works well.

"L. Ron Ron"
Copyright 1990
Lynn Gold


He keeps on writing novels though his life is through
It's L. Ron, Ron, Ron; it's L. Ron, Ron!
Some folks say it shows what Dianetics do
It's L. Ron, Ron, Ron; it's L. Ron, Ron!


Yeah, his life is through
Yeah, what Dianetics do
Yeah, when I saw the name
It's L. Ron, Ron, Ron; it's L. Ron, Ron!



He wrote before he founded Scientology
It's L. Ron, Ron, Ron; it's L. Ron, Ron!
But soon he found religion makes bucks easily
It's L. Ron, Ron, Ron; it's L. Ron, Ron!



Scientology
Makes bucks easily
Yeah, Dianetics pays
For L. Ron, Ron, Ron; for L. Ron, Ron!



Oooo... Oooo...
It's L. Ron, Ron, Ron; it's L. Ron, Ron!
Oooo... Oooo...
It's L. Ron, Ron, Ron; it's L. Ron, Ron!



Twenty-two best sellers and there's more to come
It's L. Ron, Ron, Ron; it's L. Ron, Ron!
Heaven only knows where they're a-comin' from
It's L. Ron, Ron, Ron; it's L. Ron, Ron!


Yeah, more books to come
Yeah, who knows where from
Yeah, this I've gotta see
From L. Ron, Ron, Ron; from L. Ron, Ron!

"Pink" contracts for spammers, routinely binning/ignoring/denying spam complaints, even supplying spammers with tools to bypass spam filters - The Death Star does it all if you want to spam.

If I remember correctly, X is the successor to W, so Y as the successor to X is perfectly in keeping with tradition.

See the original announcement a little down the page at this link.

.cn 554 Access denied. China's a spammer paradise.

.cn 554 Access denied. China's a spammer paradise.

Variable sword

shadow square wire

The spam might have an AOL address in the From: header, but that has absolutely nothing to do with the actual sender.

The first problem with a Ringworld movie is the Ringworld itself. Any big-ticket Hollywood producer is going to want the Ringworld to look cool, right? After all, it's a big space ring, better make it look like a big space ring!

From space, the Ringworld would look like an astronomical object until you got close enough, at which point it would look like an infinite black wall, or like an infinite flat plain, depending on your orientation to it. From the surface, it would look just like a planet, only with an almost-invisible arch over it. It wouldn't even look cool from altitude above it; it's just too big. (There is a series of 3D renderings of the Ringworld available here. They're interesting, but they're definitely not gripping movie material.)

So any attempt to make a Ringworld movie is going to be crippled by the fact that they either have to make special effects that aren't that cool, or they have to make ones that aren't that accurate.

But-- as if that weren't enough-- the biggest problem is that the plot would pretty much have to be gutted. There's a ton of back-story in Ringworld: the Puppeteers, the Kzinti, the Man-Kzin wars, lucky Teela, invulnerable spaceship hulls, sunflowers, stasis fields, hyperdrive... it's a great book, but as a movie it would either be incomprehensible to most of the world, or include five minutes of exposition for every ten minutes of action. I mean, there's more intricate background in Ringworld than there is in The Lord of the Rings! LOTR got away with, "Once upon a time there was a bad man who made a magical ring." Ringworld would need to go into detail on-- or at least mention-- a dozen or more key ideas that are basically unrelated to each other. It would be a tough screenplay to write.

The alternative, of course, is to get rid of Niven's characters and back-story. Just get the main characters-- just humans, none of those pesky and expensive aliens-- to the Ringworld, have 'em crash, and have 'em find a way off. But that's not a particularly interesting story. It'd be difficult to make it interesting without going into some discussion of who built the Ringworld and why, and Niven's own explanation is unacceptable unless they make a Protector movie first and release it as a prequel.

I hate to say it, but I suppose I'd rather not see Ringworld on the big screen.

It began prosaicly enough.
Randal Schwartz, who I knew from Usenet and his
very successful books on the Perl language,
was on business in Silicon Valley and agreed to meet me at
Frankie, Johnnie & Luigi Too,
an Italian restaurant in
Mountain View CA, to offer me advice for a program I was
writing.

It might seem surprising
that Randal would agree to take time
from a hectic schedule two weeks before going on trial to give
what amounted to free consulting to a stranger.

However, those who
have been interested in the Perl language for a while
know that Randal
is a legend for his generosity.

Actually, I didn't know Randal was going on trial in two weeks.
I had heard rumors that he had some sort of legal difficulties
(a civil suit I assumed) which involved Intel.
I'd known many people with matters before the
courts, some close personal friends,
and few liked to discuss them.
Therefore it was not until
Randal had fielded my Perl questions, the talk
turned to minor chit chat and Randal unexpectedly proved
willing to discuss the matter that

I discovered the person I was drinking beer with
was looking at fifteen years in a few days, and, if convicted,
would have the biggest legitimate reputation by far of
any computer criminal.

I didn't necessarily credit the story he told me -- every
accused felon tells you it was all a misunderstanding, and
they are almost always just plain guilty.
Neither, I must confess, do I have unquestioning faith in
all the conclusions D.A.'s draw.

Days later, an Oregon Jury convicted Randal of
three felonies.
Randal Schwartz was, in the eyes of the law, a
Geek Kahuna Gone Bad,
the first.

Especially eerie about the Schwartz matter
was the silence surrounding it.

This clearly was a very significant case, far more so than
some which have drawn a lot of attention.
Randal Schwartz was either
the most dangerous computer criminal ever,
or something was terribly amiss, I had to know which.
That night I put the project I had discussed with Randal
on a shelf, where it remains.

"Feel free to stop dancing around the issue
any time you like and
tell me what this is all about."

On July 25, 1995, a Washington County jury in Hillsboro, Oregon
convicted Randal Schwartz of three felony counts:

Count 1: Randal did
between November 1, 1992 and November 1, 1993,
"unlawfully, knowingly and without authorization alter a computer and
computer network consisting of Intel computers Mink and Brillig".

Count 2:
Randal did between August 1, 1993 and November 1, 1993,
"unlawfully, and knowingly access and use a computer
and computer network for the purpose of committing theft of the Intel SSD's
password file".

Count 3: Randal did,
between October 21, 1993 and October 25, 1993,
"unlawfully, knowingly
access and use a computer and computer system for the purpose of committing
theft of the Intel SSD individual user's passwords."

"Look, son, Randal may be a what you call a Geek Kahuna,
but the law is the same for him as everyone else."

Actually, Randal was not tried under the usual criminal
laws, but Oregon's Computer Crime law.
Uses of this law are rare.
I can discover only two convictions under it since 1991,
and in one there was no trial.
The purpose for a separate Computer Crime Law
was to avoid having bad guys escape on technicalities,
something its drafters felt that
even an extensive revision of traditional criminal law would allow.
This they accomplished by making it a felony
to knowingly do anything
"unauthorized" on a computer.
Unusually for a law with severe penalties,
there is no requirement to show the defendant caused or intended
any harm.
All that is necessary is to show
that the proper authority did
not like whatever was done.

The first count is that, pure and simple --
Randal putting a
program on an Intel computer which Intel did not like.
The "stolen" property of the second and third counts
was never removed from Intel's premises, Intel was never
deprived of any of the economic benefit of the
property, and no evidence was presented
Randal intended to do either of these things.
These "thefts" consist entirely, again, of doing things
which Intel decided afterwards
it did not like and which it claims that Randal
was not allowed to do -- this time with
password files involved.

Criminal laws with wide applicability and severe
penalties are a feature of totalitarian states, and
may be a necessary evil in free ones.
In Randal's case, where he was trying to be helpful
and caused no harm,
the potential evil in applying such a law
is far more apparent than its necessity.

At the least,
a free society asks that a serious crime
genuinely reflect one of its serious concerns,
and not simply be a tool the powerful can use
against the powerless whom they find obnoxious.

A good test of this can be made when a powerful
individual breaks the law.
But for computer crime, which is complex and
technical, such tests are
available only as a matter of luck, since
the powerful decide who gets investigated.

However, we have such a stroke of luck in this case.
An Intel VP confessed on the stand to a more serious
infraction of Oregon's computer crime law.
And the Washington County D.A.'s office,
which so eagerly talked tough when facing the
powerless Randal,
has observed a demure silence on this topic.

The defects in the law should easily have
been enough to prevent
this case ever coming to trial, and made discussion of the rest
of this matter moot.
But at each step of the way, as one person or another faced
the prospect of telling Intel "no", they chose instead to
praise the Emperor's fine new suit.

Some Highlights from the Ongoing Farce

• 
  No evidence that Intel disapproved of Randal's behavior
  exists, except as remembered after the decision
  was made to prosecute him.
  Not so much as a hand-written note indicates anyone had a
  problem with Randal beforehand.
  
• 
  Lest those testifying for the prosecution,
  all of whom had financial interests in the good will of Intel,
  forget Intel's concern in this matter,
  an Intel Security person sitting at table next to the prosecutor
  served as a convenient reminder.
  
• 
  Intel was heavy-handed in making its presence felt throughout.
  The police prepared the search warrant at Intel premises,
  three Intel employees helped search Randal's house,
  and one helped police interrogate Randal.
  
• 
  This interrogation produced the prosecution's "best" evidence:
  police statements that put the words of a full confession
  in Randal's mouth.
  Indeed they claim Randal confessed to a history of hacking
  everyone he had done business with.
  (All these other "victims" provided witnesses for the defense,
  and Randal was charged with none of this activity.)
  
• 
  The police claim to have memorized Randal's highly technical
  statements with the aid of a few "cryptic" notes,
  and reproduced them accurately later at the station.
  It is hard to overstate what an incredible
  feat of memory this is.
  Det. Lilley, who produced the more complete statement,
  didn't know what the word "directory" means in computer lingo.
  Mere mortals with similar backgrounds would have found it
  impossible to follow the discussion,
  much less memorize it verbatim.
  
• 
  In other contexts, Intel had previously
  authorized Randal to commit both the acts
  allegedly unauthorized in this instance:
  cracking passwords and building a gateway to the Internet.
  
• 
  Randal was well aware of the steps a computer criminal usually takes
  to avoid detection of his activities and took none of them.
  

As I go through the records in this matter, more and more
startling and troubling material continues to come out.
It is as if this case was an entry in a contest to see
how much misbehavior could be squeezed into a case where nobody
was shot or beaten.
I document my progress into this shambles in the
Letters from Cybersalem.




The Letters From Cybersalem

CS0: Announcement.
Obviously, the letter which announced the series.

CS1: Disclosures and Disclaimers.
My connections
to Intel and Randal, and various other things which need to
be said. Nothing stunning IMHO, but you have a right to know and
to judge that for yourself.

CS2: Wizard Prosecutions: Then and Now.
A comparison of the quality of
the prosecution in the Salem, Massachusetts of 1692 and
the Hillsboro, Oregon of 1995.
Witchcraft prosecutions have declined sadly in the last
300 years.

CS3: The Unindicted: Ed Masi.
It is so easy to make a case for the crime of which
Randal was convicted,
an Intel VP testifying against Randal made a
full confession under oath on the stand.
It's all here.

CS4: Shocked, Shocked.
Randal's "crime" caused no harm, which is perplexing
since harm is basic to both the legal theory and lay
intuition of what "crime" means.
The policy infraction to which Ed Masi confessed
is shown to have quite likely caused real and serious harm to Intel.

CS5: Leadfinger.
This imbecility is not without its literary appeal.
A nicely Kafkaesque touch is added by the reluctance of the
Intel nabob who ordered Randal nailed to identify himself.
Of course, nobody forced him to come forward.

CS6: Unlearn Perl in 41 days!
Rich Cower of Intel security, adds to the list of
remarkable intellectual feats performed on behalf of the
prosecution. On June 13, 1995, he answers most questions about
Randal's Perl scripts with assurance, but passes on others
until he can look at the code.
41 days later he testifies under oath he does not know Perl.

CS7: The Essential Cower.
As Network Security Expert at Intel,
Cower played quite a role in the case.
He was present at the search,
participated in Randal's interrogation,
was an expert witness and
as State's Expert sat next to the prosecutor
for the whole trial.

CS8: What Does Familiar Mean?
However, this Intel "expert", when shown the seminal
work in modern network security, Cheswick and Bellovin,
does not recognize the cover.

CS9: Shortcut to Expertise.
An examination of Cower's background and qualifications,
as revealed in his testimony.

CS10: Too Stupid for Their Own Good?
Randal's local paper was
The Oregonian,
already notorious for ignoring the Packwood scandal.
It heaped abuse on Randal and the whole
"computer programming subculture"
during the trial.
I recommend anyone planning to work as a programmer
in Oregon read this one.

CS11: Oregon Employees have No First Amendment Rights
Unbelievable?
That is Judge Nachtigal's ruling.
Read it.

CS12:
Oops! There Goes Another Personal Right
Judge Nachtigal also discovered that the law
allowed "silly" (her word) prosecutions,
which in the D.A.'s words
show his "office must have an awful lot of time on their hands".
These are forbidden by the due process protections of the
14th Amendment,
but Nachtigal finds that
"we may want that authority there with computers",
and the charges against Randal stand.

CS13: The Confidence of the Public
This one is entirely uncommented quotes.
Here are some snippets.
The prosecutor: "I don't represent Intel."
The judge: "Not yet."
The detective: "We could probably use two or three more people".
The Associated Press:
"Intel Corp. is handing the local police $100,000 to have two
detectives concentrate their computer theft efforts
at the company."

CS14: Moore's Lawlessness
It would be surprising if Intel's heavy-handed contempt for the law
were unique to this case.
As Tim Jackson's new book shows, it is not.

An Open Letter to Intel

We wish to express our strong objection to the prosecution of
Randal Schwartz and Intel's role in it. We believe it necessary
that Intel repudiate the criminal charges made against Randal in
Oregon v. Schwartz, refund any "restitution" paid based on those
charges and offset the costs of Randal's defense against them.
This is the minimum that fairness requires since what happened
was at worst a policy breach and since Randal also suffered loss
of income, loss of reputation and a good deal of anguish.

The full list of signers

The current signature count, with subtotals by country

Signers whose names you might recognize

Comments made by the Signers

The Open Letter closed to new signatures on October 4,
1999. Thanks to all the over 2000 signers!

To get an auto-reply giving Randal's own statement, and
discussing how you can contribute to his Legal Defense Fund, send
an empty message to

Randal's Defense Fund mail daemon
.

Steve Pacenka maintains

the Friends of Randal Schwartz website
,
which is dedicated to archiving all relevant materials from
all sides of this issue.

There is also
Randal's award-winning website
.
How come he gets an award and I don't? :-)

You can subscribe to

the fors-discuss mailing list,
by sending a empty message to
join-fors-discuss@telelists.com.

There is also
fors-announce,
a moderated announcement list for Randal's case.
This can be subscribed to by
sending a empty message to join-fors-announce@telelists.com.

Press Coverage

I want to thank this site's host ISP
A2I (rahul.net).
for its steadfastness and generosity.

• X for the disabled (scroll down a little bit)
• University of Wisconin Trace Center
• Sun's Accessibility Program (including GNOME)

Foreigner's can be held with secret evidence:

Washington Report
----------------
Burning books & destroying CD's.

Libraries destroying information
----------------
The FBI can tap your communications without a warrant(carnivore). See the ATA for other violations of the constitution.
----------------
Dimitri? Held for how long for allowing Russians to exercise their fair use rights. Suppose Iran would arrest an american for creating a porn-program and posting it on the Internet (forcing their laws on you). Would you be angry?
----------------
DMCA. Take away your fair use rights, who wants to view DVD's on linux anyway? Copy media for your own use, thou shall not. 'Quoting' something (for a review or such), not allowed. Viewing an e-book in a non-approved browser: no, the traditional reverse engineering for interoperability is forbidden. Who needs competition anyway?
----------------
Mandatory censorship in libraries. Who needs freedom of speech? A good thing your daughter can't find info on birth control, the US would risk losing it's nr. 1 position in teenage pregnancies.
----------------
Randal Schwartz? A security advisor at Intel who forgot to inform his boss of running a password-auditing program. Even without hostile intent he was convicted. The same law can get you 15 years in Oregon if you run Napster on your computer or change the color of your screen without informing your boss (the judge gave that last example, I didn't make it up). They don't have to tell you it's wrong in advance.

Oregon vs our favorite Perl programmer
----------------
'But, but...other countries are far worse'

That's what I expect someone to say now.

• X for the disabled (scroll down a little bit)
  
• University of Wisconin Trace Center
  
• Sun's Accessibility Program (including GNOME)
  

To support your post, werdna, I call everyone's attention once again to Randal Schwartz' felony conviction.

Under this act, he could have gotten life in jail for this, had they decided to go after him for federal violations instead of Oregon state.

Is that really the kind of power we want to hand to Ashcroft right now? Do we want some kid with brown skin and Muslim parents to get life in jail because he defaces a web page in protest of some government excess?

Or would we rather he get the kind of punishment he'd get if he'd defaced a meatspace billboard instead of a computer one?

Could you define fraudulently? Without consent? Forged? Guessed? How do you fraudulently use an e-mail address?

What I'm saying is that ideas like this -- a crude incremental search, name by name, or a more clever search that sticks to just dictionary words, with at most minor variations (3733T haXXorspeak, doodz!), is profitable and therefore will be attempted, and indeed is attempted and, to a limited extent, used.

Much as you'd like to out-pedant me here, we're basically talking about a password cracking scheme, and password cracking schemes are not as computationally complex as the travelling salesman problem. Sorry, but you just made that up -- admit it. Indeed, these things get used pretty regularly -- just ask Randal Schwartz.

The fact of the matter is, you guys are belittling this strategy for the list generation aspect of it, when in fact that could be done once and the result can be dumped into a file for future usage. Is there some work involved in getting that? Of course there is -- just look at the everyicon project. But you can take steps that control the complexity of the work involved, and cause the total execution time to be Not That Bad. Once you've done it once and dumped the result to disc somewhere, you never have to do it again. Then just start sending out the spam as per usual and Mr Marketer is happy.

Is this hard? Is this complex? Yes and yes. But keep in mind that how hard it is to legitimately harvest a large pool of targets^H^H^H^H^H^H^Haddresses. It is also hard and complex, and arguably its a lot more expensive. (Anything that costs a lot is more expensive than something that possibly cannot be done, or at least not completely...). Given the choice, I don't see why it's such a mystery to you guys why a lot of people would want to try this, and indeed, why a lot of people do try it.

DOn't turn your vitriol against me, turn it to the boneheaded managers & marketers that are having people do this stuff. Question the theory if you want to, but it's being done, and I'm just reporting that fact. Back off.

Here's the website you're probably thinking of. I like the bit about single precision floats not being sufficient (yep, this is one of my bookmarks, not a 10 second rummage on Google for karma).

Agreed "spam" is a loaded, derogatory word that has devolved from it's original meaning of "multiple excessive USENET postings" into "unsolicited commercial email".

(See the spam glossary.)

Regardless, the RBL focuses on open relays

No, but Randal Schwartz is a convicted felon.

Fortunately, Guido van Rossum has no criminal background, although this may be due to the fact that there are no "age of consent" laws in Holland.

He was convicted of three felony counts of computer crimes against his employers a few years back. Here's a page with details.

To put it mildly, many hackers thought Randal was the victim in the whole affair... but read, and decide for yourself.

But those protocols would seem to require reverse engineering, ala Samba..

The best solution you'll likely find (interum) is either VNC from AT&T (free, semi-opensource), or one of the commercial ones listed on this X resource site.

Citrix has a download site with some multi-platform clients for their servers, but nothing for Linux (although there is a Java one).

I'm afraid that's the closest you'll get. Even then, they're not the best solution as Win32 API (and 99.99999999999, yadda, % apps) really were not designed with anything other than the assumption that 1) they'd be on the local machine, and 2) there's only one user ever on the machine. This is why VNC is a bit slow, and things like Winframe and NT:TSE don't scale well.
---

But those protocols would seem to require reverse engineering, ala Samba..

The best solution you'll likely find (interum) is either VNC from AT&T (free, semi-opensource), or one of the commercial ones listed on this X resource site.

Citrix has a download site with some multi-platform clients for their servers, but nothing for Linux (although there is a Java one).

I'm afraid that's the closest you'll get. Even then, they're not the best solution as Win32 API (and 99.99999999999, yadda, % apps) really were not designed with anything other than the assumption that 1) they'd be on the local machine, and 2) there's only one user ever on the machine. This is why VNC is a bit slow, and things like Winframe and NT:TSE don't scale well.
---

This story is sending lots of bad feelings all around.

'X wasn't designed with these in mind'

Xlib Programming Manual by Adrian Nye
Chapter 10 - Internationalization
Chapter 11 - Internationalized Text Input

I can say nothing that hasn't already been said many times before by Kenton Lee or by Christopher Browne.

Ah, finally we hear the voice of the Cult of $cientology, as filtered through one of their loyal members. At least it's better than all the 'Natalie Portman' sporgery that's been going on.

Well, duh! The Catholic Church and the German State are, of course, quite innocent of such motives; the Inquisition and the NAZI (most regrettable) excesses didn't really happen.

Well, duh! yourself. Please remember that those happened years (at least 50) ago and aren't really relevant to the issue at hand. Then again, if your policy is "allways attack / never defend", I guess it's more important to you to hit back than to make your arguement relevant. If relevance is an issue, the Cult of $cientology has been busy much more recently with such things as Operation China Shop, Operation Orange Juice, Operation Funny Bone, Operation Freakout, Operation Snow White, the murder of Lisa McPherson (as well as many others), and far too many other acts of pure evil to mention here (but that you can find here). And while were on the subject of $cientology and the Nazi-ism (you brought it up), don't forget to look here.

At least the Scientologists put out a good product

Matter of opinion. I've used both Diskeeper and Norton Utilities. It's my opinion that Norton Utilities is a much better product. I think it's pretty clear where your opinion comes from.

waged their war for the planet by reason and by legal means

Haha. Yeah, right. 'Reason'? From the people who brought you Xenu (Galactic Overlord of Distinction). And 'legal'? It sure doesn't look that way from where I'm sitting. Once again, what about Operation Snow White etc.?

for the real betterment of humanity

I think these people would disagree. Too bad they can't in person because they're dead.

Every organization screws up from time to time.

Thank god the Cult of $cientology screws up from time to time. Think of the evil they could accomplish if they weren't so incompetent.

But Scientology's screw-ups have been strategic rather than morally flawed.

Um. No. Maybe by the Cult of $Scientology's own special definition of ethics, but not in the real world. Once again, look at Operation Snow White etc.

Whatever you may think of proprietary religion, it is certainly no worse than proprietary software

It is when it kills people. And no, we don't like proprietary software around here either. Choose your arguements more carefully in future.

Scientology is not a threat to democracy.

Not while the Cult of $cientology can use the tools of democracy to press it's own totalitarian agenda. Once they do get control, though, watch out! The Germans have special experience with totalitarianism, and they know it when they see it.

Although Scientology admits to a plan for world domination, so does a certain cabal of OS programmers

But when we say it, it's a joke. When the Cult of $cientology says it, they mean it. Personally, I'd much rather have Linus in charge if I had to choose. And judging from how it treats its own members I'd have to say the Cult of $cientology is my last choice.

"Battlefield Earth"? I loved it. So did my 12 yr old son.

Really? I thought it kind of sucked. Well, actually I though it really sucked. I would think the average 12 year old would have better taste. At 12 years old, I was reading (and enjoying) Heinlein.

Oh, and before you start branding me as some anti-religious bigot or pawn of the anti-$cientology movement, don't. I like most religions. Comparative theology is one of my hobbies. $cientology is just one of the many religions I've studied, and not even the most evil one at that. It's just currently on topic.

Who has any statistics or relevant experience with the Washington State laws that were passed to protect citizens from unwanted emails? I moved away from Washington State just before they enacted such legislation, and I've heard only a couple anecdotes of the aftermath.

A San Jose ISP (a2i)'s approach to "aiding" spammers figure out if recipient is a Washington citizen or not. Upshot: make it possible, make it consensual to the account holder, make it entirely too cumbersome for the spammer.

The same ISP gave a link to one service/sig on the issue: www.wa-state-resident.com

Guessing passwords to enter a password protected
area is not illegally breaking into a computer system and stealing private data? Tell that to Randal Schwartz, "just another Perl hacker and convicted felon".

Rahul.net on Randal, Friends of Randal Schwartz, Randal's Homepage, Tim O'Reilly on the prosecution of Randal.

I'd say, sue CMU and see what comes from it.
© Copyright 1999 Kristian Köhntopp