Domain: slashdot.org
Stories and comments across the archive that link to slashdot.org.
Stories · 37,380
-
"District 9" Best Sci-fi Movie of 09?
Travis wrote in with a story that says much of what my friends have been saying to me all weekend: "Slashdot covered 'District 9' back in July. I was originally excited to see this movie for its exhibition of exoskeleton robot 'mechs' (see images and video at Hizook.com ). After watching the film this opening weekend, I can honestly say that it was an amazing science fiction movie! Everything was spot-on: the plot, the human elements, the alien elements, the technology, and the seamless blend of special effects with real camera capture. This film should vault Neill Blomkamp into sci-fi stardom, on par with George Lucas and the Wachowski Brothers (of Matrix fame). This is certainly a must-see movie — easily the best movie of the year." -
Open Source GSM Network At Dutch Hacker Convention
solevita writes "Harald Welte, who's been interviewed previously by Slashdot, has written on his blog about operating an Open Source GSM network at the recent HAR2009 conference. Photographs and a description of the setup, run under license of the Dutch regulatory authority, are provided; essentially the setup consisted of a pair of BTS' (Base Transceiver Stations) running at 100mW transmit power each and tied to a tree. In turn these provided access to the Base Station Controller (BSC), in this case a Linux server in a tent running OpenBSC. The system authenticated users with a token sent via SMS; in total 391 users subscribed to the service and were able to use their phones as if they were on any other network. Independent researchers are increasingly examining GSM networks and equipment, Welte's work proves that GSM is in the realm of the hackers now and that this realm of mobile networking could be set for a few surprises in the future." -
Arizona Judge Tells Sheriff "Reveal Password Or Face Contempt"
An anonymous reader writes "Four days ago, deputies from the Maricopa County Sheriff's Office in Arizona conducted a raid against the county government building hosting computers for a law enforcement database. After threatening to arrest county employees who would stop them, the officers proceeded to secure the room and promptly changed passwords on many of the servers. In a hearing on Friday, a Superior Court judge threatened to hold members of the Sheriff's Office in contempt if they did not reveal the passwords by next Wednesday. Following this, the Sheriff's Office claimed to be conducting an investigation against other Superior Court judges. Courts have asked for passwords before, but never under conditions like this." -
AMD Previews DirectX 11 Gaming Performance
An anonymous reader writes "AMD invited 100 people up to their private suite in the hotel that Quakecon 2009 is being hosted at for a first look at gaming on one of their upcoming DirectX 11 graphics cards. This card has not been officially named yet, but it has the internal code name of 'Evergreen,' and was first shown to the media back at Computex over in Taiwan earlier this year. The guys from Legit Reviews were shown two different systems running DX11 hardware. One system was set up running a bunch of DX11 SDKs and the other was running a demo for the upcoming shooter Wolfenstein. The video card appears to be on schedule for its launch next month." -
DoJ Defends $1.92 Million RIAA Verdict
Death Metal points out a CNet report saying that the Justice Department has come out in favor of the $1.92 million verdict awarded to the RIAA in the Jammie Thomas-Rasset case. Their support came in the form of a legal brief filed on Friday, which notes, "Congress took into account the need to deter the millions of users of new media from infringing copyrights in an environment where many violators believe that they will go unnoticed." It also says, "The Copyright Act's statutory damages provision serves both to compensate and deter. Congress established a scheme to allow copyright holders to elect to receive statutory damages for copyright infringement instead of actual damages and profits because of the difficulty of calculating and proving actual damages." -
14-Year-Old Wins International Programming Contest
marcog123 writes "The International Olympiad in Informatics was held earlier this week in Bulgaria. The IOI is a programming competition for high school learners up to 20 years of age that has a focus on problem solving and algorithms. It was won by 14-year-old Henadzi Karatkevich of Belarus (PDF, list of gold medalists), beating the world's top high school programmers, including 18- and 19-year-olds, to become the youngest winner in the IOI's 21-year history. Competition is really tough, with some countries taking months off school to concentrate only on IOI training. Henadzi first entered the IOI in 2006 when he was only 11 years old and won silver (missing gold by only six points). He won gold in 2007 and 2008. He has the opportunity to enter for the next three years; that is, unless he follows the path of Terence Tao, who won IMO gold at 12 and then went to university the following year. If he continues his current streak, he will easily surpass the current record of six IOI medals by South Africa's Bruce Merry." -
Burning Man Responds To EFF's Criticism of Policy
Briden writes "Earlier this week, we discussed the EFF's criticism of the Burning Man Photo Policy. Burning Man has now responded at length on their own blog. Here's an excerpt: 'In fact, there are but two essential reasons we maintain these increased controls on behalf of our community: to protect our participants so that images that violate their privacy are not displayed, and to prevent companies from using Burning Man to sell products. We don't remove images from pages just because they criticize us (I've never been involved in taking down an image from an editorial blog criticizing Burning Man, and it's certainly not because there haven't been any!). We're also not at all interested [in] preventing participants from sharing their personal imagery or impressions of the event on third party sharing sites in a noncommercial manner, so long as they observe the concerns about privacy and commercialism. We're delighted to see people sharing videos, stories, and pictures on our official Facebook page, and we know that it, along with Flickr, YouTube, Vimeo, etc. are representative of the way many of us share personal imagery in the digital age.'" -
Australian ISPs Soon To Become Copyright Cops
srjh writes "In the Australian Federal Government's latest assault on the internet, draft legislation has been released that allows network operators to intercept communications to ensure that their networks are being 'appropriately used.' Such legislation is particularly important given the interference of Communications Minister Stephen Conroy in a recent copyright lawsuit against iiNet, one of the largest ISPs in the country. Conroy called prominent filtering opponent iiNet's inaction over copyright infringement 'stunning,' whereas iiNet claimed that it would be illegal under current Australian law to intercept its users' downloads. While this latest legislation appears to be a concession of that point, the government is said to be watching the case closely and along with attempts to introduce a three-strikes law in Australia, it appears the law will be changed if the government dislikes the outcome of the case. The internet villain of the year just continues to earn his title." -
HP Restores Creased Photos With Flatbed Scanners
An anonymous reader writes "Scientists at HP have developed a technique to detect creases in photographs using standard, unmodified flatbed scanners. Once correctly scanned into a computer, software can determine where the photograph's defect is, and artificially correct it to remove any trace of a crease or fold. The result is a spotless JPEG scan from a creased photo, with absolutely no modified hardware and no technical know-how required on the part of the user." They're using multiple light sources to do this, in a way that reminds me of last year's description of 3D image creation using an ordinary digital camera. -
How Much Does a Reputation For Security Matter Anymore?
dasButcher writes "We often hear that businesses risk their corporate reputations if they don't have adequate security. It's been a common refrain among those selling security technologies: protect your data or suffer the reputational consequences. But, as Larry Walsh points out, the evidence is against this notion. Even companies that have suffered major security breaches — TJX, Hannaford, etc. — have suffered little lasting damage to their reputation. So, does this mean that reputational concerns are simply bunk?" -
Encryption? What Encryption?
Slashdot regular Bennett Haselton writes with his take on the news we discussed early this morning about the UK government's prosecution of two people who refused to disclose their encryption keys: "Is it possible to write a program that enables you to encrypt files without drawing suspicion upon yourself if anyone ever seizes your computer? No; a program by itself, no matter how perfectly written, couldn't do this because you'd still attract suspicion just for possessing the software. You'd need a social element driving the program's popularity until it gets to the point where people no longer look suspicious just for having the program installed. Here are some theories on how that could happen — but it would be a high bar to clear." Hit the link below for the rest of Bennett's thoughts.Police in Britain have announced that two people have successfully been prosecuted under a UK law that forces defendants to give up their encryption keys and penalizes those who don't comply. Another UK woman's case had attracted attention two years ago, when the government demanded she give up her encryption keys after the police found encryption software on her computer, but the police say she was not one of the two defendant's charged. Is there a software solution to this problem — a way that people can encrypt files on their computers, without arousing the suspicion of law enforcement if the computers are seized?
File encryption, if properly implemented, is generally considered mathematically unbreakable. But to prevent suspicion falling on people just for encrypting files in the first place, requires a human solution as well as an engineering one. One way or another, some file encryption software would have to be in widespread use that has these two properties: (1) it's deployed on a large number of people's machines — not just a large absolute number, but a significant proportion of the total population, so that suspicion does not fall on people just for possessing the software — and (2) it should not be possible to tell the difference between machines where the users use the software regularly, and machines where the software has never been run. Then, and only then, would it be possible to use the encryption software on your machine, without anyone who seizes the machine having reason to think that you had ever encrypted anything at all.
(Of course, in a relatively free society, if law enforcement has probable cause to seize your machine in the first place, then they would presumably already have some evidence against you. But this would at least prevent police officers and judges from becoming more suspicious as a result of encryption software being present on your machine.)
Note that this is similar to the kind of problem that is normally solved with steganography, but by my reasoning, I don't think that using stego would actually gain anything in this situation. Whether you're talking about encryption software or stego software, if it's a program that not a lot of people have installed, then just by virtue of having it on your machine, you'll attract suspicion if your machine is seized. On the other hand, suppose you've cleared that hurdle and the software is installed on a lot of people's computers, so that just having installed it is not by itself grounds for suspicion. If it's stego, then you can embed the hidden data inside other images or videos, so that an intruder can't tell whether you've been using the software to hide anything (assuming the stego software is good enough that the intruder can't tell the images have been tampered with). But you could achieve the same thing with straight encryption software: just have every installation of the program create a "storage volume" file, where encrypted files will be stored. As long as a storage volume file with files embedded in it, is indistinguishable from a storage volume file that has never been touched, the presence of the storage volume file won't give you away.
I'm not actually aware of any encryption program that has that property: that for a given machine with the software installed, it's impossible to tell whether the software has ever been used to encrypt data. This is probably because this would normally not be a useful feature of an encryption program. The whole point of making it impossible to tell whether someone has used the program or not, is that people who have used the program would not attract undue attention to themselves as a result. But if the encryption program is only used by one thousandth of one percent of total Internet users anyway, then just the fact that a user has the program installed, would be enough to draw suspicion to the user if their computer is seized, so there's no benefit to concealing the fact that the program has been used. On the other hand, if the encryption program is installed on a significant proportion of users' machines anyway, then simply having the program installed is no longer grounds for suspicion. And that's when it would become a valuable feature for it to be difficult to tell whether the owner of the machine actually uses the encryption program or not.
This may be hard to implement correctly, and there are some tradeoffs that will have to be decided. For example, if the program creates a default "storage volume" file when it's installed, how big should that initial volume be? The problem with creating a small storage file initially and then letting it grow as encrypted files are added, is that this now makes it easy to tell who is using the program and who isn't — anyone whose storage file has grown beyond the default size, is using it to encrypt files (and is therefore a terrorist movie-downloading child pornographer, etc.). In order to avoid suspicion falling on people who use the program, the storage file would have to be the same size on everyone's computer. If you make it 1 GB, that wastes a lot of space on people's machines who aren't using it. On the other hand, if it's only 1 GB, it also means that users will only be able to store up to 1 GB of encrypted data — any more than that, and they'll have to expand the size of the storage file, thus calling attention to themselves if the machine is ever seized. And then, what about the fact that a large file which is created all at once, is normally not fragmented very much, but if the storage file is frequently modified, it is likely to become more and more fragmented — thus giving people a way to tell if the encryption program is being used frequently. (So you'd either have to deliberately create a very fragmented storage file by default on the first install, or create an unfragmented file on first install but then make sure to read and write from the file in a way that doesn't fragment it further.) I don't want to get too bogged down in implementation details. The point is just that you'd have to block all the possible ways that an intruder would be able to tell whether the software is used frequently — forget one thing, and you've given an intruder a way to identify people who are actually using the software to encrypt files.
A program called TrueCrypt achieves something close to this — TrueCrypt allows you to encrypt a storage volume with two different passwords, so that one password provides access to "innocent-looking" data, while the other password provides access to the data that you really want to keep secure. If someone is compelled to give up their password, they could provide only the password that unlocks the "innocent-looking" data — and there's no way, from examining the encrypted file, to tell that there is a second password guarding even-more secret data. (Of course, the "innocent-looking" data can't be truly innocent-looking, because it has to look like the kind of thing that someone would believe you might want to encrypt — so it should look suspicious enough that you would genuinely want to hide it, but not bad enough to get you in real trouble if you're forced to reveal it!) The Achilles heel of this scheme is that just having TrueCrypt on your computer in the first place, would at least signal to an intruder that you're encrypting files. And even if they can't prove that you might have another "super-secret password" guarding more private data on your encrypted volume, they would certainly suspect it, if they already had grounds to be investigating you and if they knew anything about how TrueCrypt works. To provide true plausible deniability of any encryption at all, you need a program that already exists on lots of people's machines, so that an intruder doesn't suspect anything when they find it on your computer.
(The same objection also applies to many other non-solutions to the problem, like using a Linux distro that encrypts your entire file system. Even assuming this would be within the technical means of the average person who wanted to do encryption, it's still going to look suspicious as long as the vast majority of people are not doing it.)
Which leads to the other half of the problem, which is getting the software widely deployed enough that it would not look suspicious for someone to have the program installed in the first place. Best of all for the purpose of avoiding suspicion, of course, would be for the program to come installed by default with a popular operating system. Windows XP and Vista have the built-in ability to encrypt folders, but anyone who seizes the machine can still see that you encrypted a folder, so this don't have the undetectability factor. Built-in deniable encryption of the kind that I'm describing, doesn't instinctively feel like the sort of thing that Microsoft would start bundling with its operating system. (Among other things, they might say that while companies often have business reasons for encrypting files, it's harder to think of a business case where employees would need to encrypt files and hide the fact that they were encrypting anything.)
Perhaps instead it could be bundled with a popular free software program beholden to no for-profit corporate masters. (My first thought was Firefox, but I was quickly told that Firefox was created specifically to strip out many of the features that had caused bloat in the original Mozilla project, and that any bundling of unnecessary tools would go against the whole ethos of the project.) Maybe a good place to include something like this would be the Google Pack — it's installed by lots of people, and currently doesn't have a file-encryption tool in the bundle. Beholden to for-profit corporate masters, yes, but ones that frequently declare "Don't Be Evil" and often seem to do cool stuff just to see what would happen.
Another possibility would be for a next-generation P2P program to bundle this capability with their software. This provides a nice dovetailing of interests — P2P users might want a way to hide the files that they've downloaded, while at the same time, intruders who seize the computer and found the P2P application installed, wouldn't necessarily suspect the owner of anything more than a little copyrighted file trading. "Well, he's got this NiftyP2P program installed, which comes with 'plausibly deniable' encryption, but most people use just NiftyP2P to download mp3 files and movies anyway. And I can't tell if he was actually using the encrypted file storage volume, because that's how 'plausibly deniable' encryption works. Is this the same guy who uploaded those subversive anti-government documents? I dunno."
Anyway, if you actually want to give people a way to run encryption software on their PCs, while ensuring that anyone who seizes their machine cannot tell that any encryption has been going on, these are the hurdles that you'd have to clear. I'm not sure whether this is better viewed as a blueprint for how to achieve this goal, or an argument for why it will probably never happen. There are lots of almost-solutions, like TrueCrypt with its ability to encrypt different sets of data into the same storage volume. But you still can't actually hide the fact that you're doing encryption in the first place.
(If you're willing to store your encryption software away from your computer, you could keep a steganography program on a CD or USB drive hidden in your house, and then whenever you need access to the encrypted data, plug in the program and use it to extract data that has been hidden in a large number of image or video files. That would achieve the goals I've outlined in the article: the ability to encrypt files, while still ensuring that anyone who seizes your computer won't be able to tell that you've encrypted anything. The problem is that it would require enough self-discipline to always return the CD or USB stick to its hiding place when you were done with it — and still, you'd have to hope that whatever authorities seize your computer, don't also search your house and find the CD or USB stick where you keep your stego software.)
Finally, risking the wrath of my civil-libertarian allies, I'll admit it may not actually be a positive thing for every citizen to be able to hide the fact from their local law enforcement that they're encrypting files on their computer. Many times if the police in a mostly-free country like the US or the UK seize a person's computer, they're trying to prevent real harm, and not every person with an encrypted file volume is a good guy. For some of the people who have left enough of an evidence trail that their computers get seized, it would be perfectly rational to view them with suspicion because of an encrypted volume found on their computer. But if you assume it's a worthwhile goal for people to be able to encrypt files without attracting suspicion, my argument is that the prerequisites in this article are necessary for that to work. At the moment it seems a long way off. But if someone created an encryption program with "deniability" — so that it was impossible to tell whether the program had ever been used after it was installed — and someone at Google thought "Hey, that's cool" and added it to the Google Pack, everything would change very suddenly.
-
Encryption? What Encryption?
Slashdot regular Bennett Haselton writes with his take on the news we discussed early this morning about the UK government's prosecution of two people who refused to disclose their encryption keys: "Is it possible to write a program that enables you to encrypt files without drawing suspicion upon yourself if anyone ever seizes your computer? No; a program by itself, no matter how perfectly written, couldn't do this because you'd still attract suspicion just for possessing the software. You'd need a social element driving the program's popularity until it gets to the point where people no longer look suspicious just for having the program installed. Here are some theories on how that could happen — but it would be a high bar to clear." Hit the link below for the rest of Bennett's thoughts.Police in Britain have announced that two people have successfully been prosecuted under a UK law that forces defendants to give up their encryption keys and penalizes those who don't comply. Another UK woman's case had attracted attention two years ago, when the government demanded she give up her encryption keys after the police found encryption software on her computer, but the police say she was not one of the two defendant's charged. Is there a software solution to this problem — a way that people can encrypt files on their computers, without arousing the suspicion of law enforcement if the computers are seized?
File encryption, if properly implemented, is generally considered mathematically unbreakable. But to prevent suspicion falling on people just for encrypting files in the first place, requires a human solution as well as an engineering one. One way or another, some file encryption software would have to be in widespread use that has these two properties: (1) it's deployed on a large number of people's machines — not just a large absolute number, but a significant proportion of the total population, so that suspicion does not fall on people just for possessing the software — and (2) it should not be possible to tell the difference between machines where the users use the software regularly, and machines where the software has never been run. Then, and only then, would it be possible to use the encryption software on your machine, without anyone who seizes the machine having reason to think that you had ever encrypted anything at all.
(Of course, in a relatively free society, if law enforcement has probable cause to seize your machine in the first place, then they would presumably already have some evidence against you. But this would at least prevent police officers and judges from becoming more suspicious as a result of encryption software being present on your machine.)
Note that this is similar to the kind of problem that is normally solved with steganography, but by my reasoning, I don't think that using stego would actually gain anything in this situation. Whether you're talking about encryption software or stego software, if it's a program that not a lot of people have installed, then just by virtue of having it on your machine, you'll attract suspicion if your machine is seized. On the other hand, suppose you've cleared that hurdle and the software is installed on a lot of people's computers, so that just having installed it is not by itself grounds for suspicion. If it's stego, then you can embed the hidden data inside other images or videos, so that an intruder can't tell whether you've been using the software to hide anything (assuming the stego software is good enough that the intruder can't tell the images have been tampered with). But you could achieve the same thing with straight encryption software: just have every installation of the program create a "storage volume" file, where encrypted files will be stored. As long as a storage volume file with files embedded in it, is indistinguishable from a storage volume file that has never been touched, the presence of the storage volume file won't give you away.
I'm not actually aware of any encryption program that has that property: that for a given machine with the software installed, it's impossible to tell whether the software has ever been used to encrypt data. This is probably because this would normally not be a useful feature of an encryption program. The whole point of making it impossible to tell whether someone has used the program or not, is that people who have used the program would not attract undue attention to themselves as a result. But if the encryption program is only used by one thousandth of one percent of total Internet users anyway, then just the fact that a user has the program installed, would be enough to draw suspicion to the user if their computer is seized, so there's no benefit to concealing the fact that the program has been used. On the other hand, if the encryption program is installed on a significant proportion of users' machines anyway, then simply having the program installed is no longer grounds for suspicion. And that's when it would become a valuable feature for it to be difficult to tell whether the owner of the machine actually uses the encryption program or not.
This may be hard to implement correctly, and there are some tradeoffs that will have to be decided. For example, if the program creates a default "storage volume" file when it's installed, how big should that initial volume be? The problem with creating a small storage file initially and then letting it grow as encrypted files are added, is that this now makes it easy to tell who is using the program and who isn't — anyone whose storage file has grown beyond the default size, is using it to encrypt files (and is therefore a terrorist movie-downloading child pornographer, etc.). In order to avoid suspicion falling on people who use the program, the storage file would have to be the same size on everyone's computer. If you make it 1 GB, that wastes a lot of space on people's machines who aren't using it. On the other hand, if it's only 1 GB, it also means that users will only be able to store up to 1 GB of encrypted data — any more than that, and they'll have to expand the size of the storage file, thus calling attention to themselves if the machine is ever seized. And then, what about the fact that a large file which is created all at once, is normally not fragmented very much, but if the storage file is frequently modified, it is likely to become more and more fragmented — thus giving people a way to tell if the encryption program is being used frequently. (So you'd either have to deliberately create a very fragmented storage file by default on the first install, or create an unfragmented file on first install but then make sure to read and write from the file in a way that doesn't fragment it further.) I don't want to get too bogged down in implementation details. The point is just that you'd have to block all the possible ways that an intruder would be able to tell whether the software is used frequently — forget one thing, and you've given an intruder a way to identify people who are actually using the software to encrypt files.
A program called TrueCrypt achieves something close to this — TrueCrypt allows you to encrypt a storage volume with two different passwords, so that one password provides access to "innocent-looking" data, while the other password provides access to the data that you really want to keep secure. If someone is compelled to give up their password, they could provide only the password that unlocks the "innocent-looking" data — and there's no way, from examining the encrypted file, to tell that there is a second password guarding even-more secret data. (Of course, the "innocent-looking" data can't be truly innocent-looking, because it has to look like the kind of thing that someone would believe you might want to encrypt — so it should look suspicious enough that you would genuinely want to hide it, but not bad enough to get you in real trouble if you're forced to reveal it!) The Achilles heel of this scheme is that just having TrueCrypt on your computer in the first place, would at least signal to an intruder that you're encrypting files. And even if they can't prove that you might have another "super-secret password" guarding more private data on your encrypted volume, they would certainly suspect it, if they already had grounds to be investigating you and if they knew anything about how TrueCrypt works. To provide true plausible deniability of any encryption at all, you need a program that already exists on lots of people's machines, so that an intruder doesn't suspect anything when they find it on your computer.
(The same objection also applies to many other non-solutions to the problem, like using a Linux distro that encrypts your entire file system. Even assuming this would be within the technical means of the average person who wanted to do encryption, it's still going to look suspicious as long as the vast majority of people are not doing it.)
Which leads to the other half of the problem, which is getting the software widely deployed enough that it would not look suspicious for someone to have the program installed in the first place. Best of all for the purpose of avoiding suspicion, of course, would be for the program to come installed by default with a popular operating system. Windows XP and Vista have the built-in ability to encrypt folders, but anyone who seizes the machine can still see that you encrypted a folder, so this don't have the undetectability factor. Built-in deniable encryption of the kind that I'm describing, doesn't instinctively feel like the sort of thing that Microsoft would start bundling with its operating system. (Among other things, they might say that while companies often have business reasons for encrypting files, it's harder to think of a business case where employees would need to encrypt files and hide the fact that they were encrypting anything.)
Perhaps instead it could be bundled with a popular free software program beholden to no for-profit corporate masters. (My first thought was Firefox, but I was quickly told that Firefox was created specifically to strip out many of the features that had caused bloat in the original Mozilla project, and that any bundling of unnecessary tools would go against the whole ethos of the project.) Maybe a good place to include something like this would be the Google Pack — it's installed by lots of people, and currently doesn't have a file-encryption tool in the bundle. Beholden to for-profit corporate masters, yes, but ones that frequently declare "Don't Be Evil" and often seem to do cool stuff just to see what would happen.
Another possibility would be for a next-generation P2P program to bundle this capability with their software. This provides a nice dovetailing of interests — P2P users might want a way to hide the files that they've downloaded, while at the same time, intruders who seize the computer and found the P2P application installed, wouldn't necessarily suspect the owner of anything more than a little copyrighted file trading. "Well, he's got this NiftyP2P program installed, which comes with 'plausibly deniable' encryption, but most people use just NiftyP2P to download mp3 files and movies anyway. And I can't tell if he was actually using the encrypted file storage volume, because that's how 'plausibly deniable' encryption works. Is this the same guy who uploaded those subversive anti-government documents? I dunno."
Anyway, if you actually want to give people a way to run encryption software on their PCs, while ensuring that anyone who seizes their machine cannot tell that any encryption has been going on, these are the hurdles that you'd have to clear. I'm not sure whether this is better viewed as a blueprint for how to achieve this goal, or an argument for why it will probably never happen. There are lots of almost-solutions, like TrueCrypt with its ability to encrypt different sets of data into the same storage volume. But you still can't actually hide the fact that you're doing encryption in the first place.
(If you're willing to store your encryption software away from your computer, you could keep a steganography program on a CD or USB drive hidden in your house, and then whenever you need access to the encrypted data, plug in the program and use it to extract data that has been hidden in a large number of image or video files. That would achieve the goals I've outlined in the article: the ability to encrypt files, while still ensuring that anyone who seizes your computer won't be able to tell that you've encrypted anything. The problem is that it would require enough self-discipline to always return the CD or USB stick to its hiding place when you were done with it — and still, you'd have to hope that whatever authorities seize your computer, don't also search your house and find the CD or USB stick where you keep your stego software.)
Finally, risking the wrath of my civil-libertarian allies, I'll admit it may not actually be a positive thing for every citizen to be able to hide the fact from their local law enforcement that they're encrypting files on their computer. Many times if the police in a mostly-free country like the US or the UK seize a person's computer, they're trying to prevent real harm, and not every person with an encrypted file volume is a good guy. For some of the people who have left enough of an evidence trail that their computers get seized, it would be perfectly rational to view them with suspicion because of an encrypted volume found on their computer. But if you assume it's a worthwhile goal for people to be able to encrypt files without attracting suspicion, my argument is that the prerequisites in this article are necessary for that to work. At the moment it seems a long way off. But if someone created an encryption program with "deniability" — so that it was impossible to tell whether the program had ever been used after it was installed — and someone at Google thought "Hey, that's cool" and added it to the Google Pack, everything would change very suddenly.
-
US Court Tells Microsoft To Stop Selling Word
oranghutan writes "A judge in a Texas court has given Microsoft 60 days to comply with an order to stop selling Word products in their existing state as the result of a patent infringement suit filed by i4i. According to the injunction, Microsoft is forbidden from selling Word products that let people create XML documents, which both the 2003 and 2007 versions let you do. Michael Cherry, an analyst quoted in the article, said, 'It's going to take a long time for this kind of thing to get sorted out.' Few believe the injunction will actually stop Word from being sold because there are ways of working around it. In early 2009, a jury in the Texas court ordered Microsoft to pay i4i $200 million for infringing on the patent. ZDNet has a look at the patent itself, saying it 'sounds a bit generic.'" -
Supreme Court Review of Bilski Heats Up
I Don't Believe in Imaginary Property writes "The Supreme Court's review of In Re Bilski (discussed here numerous times) is heating up, having attracted no less than 44 friend-of-the-court briefs from almost everyone with a stake in the patent system. Patently-O provides a nice summary of who is arguing against Bilski. The two questions before the Supreme Court are whether or not a process must satisfy the particular machine or transformation test, and whether this test improperly excludes many business methods in spite of the wording of 35 U.S.C. 273, which specifically allows business-method patents. So far, the case has attracted legal filings from nearly every large company or group whose patents might be threatened. You can read briefs from Yahoo, IBM, Borland, Dolby Labs, the BSA, and many others, even one from some guy claiming to speak on behalf of the State of Oregon." -
Supreme Court Review of Bilski Heats Up
I Don't Believe in Imaginary Property writes "The Supreme Court's review of In Re Bilski (discussed here numerous times) is heating up, having attracted no less than 44 friend-of-the-court briefs from almost everyone with a stake in the patent system. Patently-O provides a nice summary of who is arguing against Bilski. The two questions before the Supreme Court are whether or not a process must satisfy the particular machine or transformation test, and whether this test improperly excludes many business methods in spite of the wording of 35 U.S.C. 273, which specifically allows business-method patents. So far, the case has attracted legal filings from nearly every large company or group whose patents might be threatened. You can read briefs from Yahoo, IBM, Borland, Dolby Labs, the BSA, and many others, even one from some guy claiming to speak on behalf of the State of Oregon." -
Supreme Court Review of Bilski Heats Up
I Don't Believe in Imaginary Property writes "The Supreme Court's review of In Re Bilski (discussed here numerous times) is heating up, having attracted no less than 44 friend-of-the-court briefs from almost everyone with a stake in the patent system. Patently-O provides a nice summary of who is arguing against Bilski. The two questions before the Supreme Court are whether or not a process must satisfy the particular machine or transformation test, and whether this test improperly excludes many business methods in spite of the wording of 35 U.S.C. 273, which specifically allows business-method patents. So far, the case has attracted legal filings from nearly every large company or group whose patents might be threatened. You can read briefs from Yahoo, IBM, Borland, Dolby Labs, the BSA, and many others, even one from some guy claiming to speak on behalf of the State of Oregon." -
Supreme Court Review of Bilski Heats Up
I Don't Believe in Imaginary Property writes "The Supreme Court's review of In Re Bilski (discussed here numerous times) is heating up, having attracted no less than 44 friend-of-the-court briefs from almost everyone with a stake in the patent system. Patently-O provides a nice summary of who is arguing against Bilski. The two questions before the Supreme Court are whether or not a process must satisfy the particular machine or transformation test, and whether this test improperly excludes many business methods in spite of the wording of 35 U.S.C. 273, which specifically allows business-method patents. So far, the case has attracted legal filings from nearly every large company or group whose patents might be threatened. You can read briefs from Yahoo, IBM, Borland, Dolby Labs, the BSA, and many others, even one from some guy claiming to speak on behalf of the State of Oregon." -
Reports of IE Hijacking NXDOMAINs, Routing To Bing
Jaeden Stormes writes "We just started getting word of a new browser hijack from our sales force. 'Some site called Bing?' they said. Sure enough, since the patches last night, their IE6 and IE7 installations are now routing all NXDOMAINs to Bing. Try it out — put in something like www.DoNotHijackMe.com." We've had mixed results here confirming this: one report that up-to-date IE8 behaves as described. Others tried installing all offered updates to systems running IE6 and IE7 and got no hijacking.
Update: 08/11 23:24 GMT by KD : Readers are reporting that it's not Bing that comes up for a nonexistent domain, it's the user's default search engine (noting that at least one Microsoft update in the past changed the default to Bing). There may be nothing new here. -
Adobe Flash Cookies Raising Privacy Questions Again
Nearly a year after we discussed the privacy implications of Flash cookies, they are in the news again as the US government considers revising its cookie policy. Wired covers a study out of UC Berkeley exposing questionable practices used by many of the Internet's most-visited Web sites (abstract). The most questionable activity the report exposes is known as "respawning": after a user has deleted browser tracking cookies, some sites will use information in Flash cookies to recreate them. The report names two companies, Clearspring and QuantCast, whose technologies reinstate cookies for other Web sites. "Federal websites have traditionally been banned from using tracking cookies, despite being common around the web — a situation the Obama administration is proposing to change as part of an attempt to modernize government websites. But the debate shouldn't be about allowing browser cookies or not, according Ashkan Soltani, a UC Berkeley graduate student who helped lead the study. 'If users don't want to be tracked and there is a problem with tracking, then we should regulate tracking, not regulate cookies,' Soltani said." -
Adobe Flash Cookies Raising Privacy Questions Again
Nearly a year after we discussed the privacy implications of Flash cookies, they are in the news again as the US government considers revising its cookie policy. Wired covers a study out of UC Berkeley exposing questionable practices used by many of the Internet's most-visited Web sites (abstract). The most questionable activity the report exposes is known as "respawning": after a user has deleted browser tracking cookies, some sites will use information in Flash cookies to recreate them. The report names two companies, Clearspring and QuantCast, whose technologies reinstate cookies for other Web sites. "Federal websites have traditionally been banned from using tracking cookies, despite being common around the web — a situation the Obama administration is proposing to change as part of an attempt to modernize government websites. But the debate shouldn't be about allowing browser cookies or not, according Ashkan Soltani, a UC Berkeley graduate student who helped lead the study. 'If users don't want to be tracked and there is a problem with tracking, then we should regulate tracking, not regulate cookies,' Soltani said." -
MS — Dropping IE6 Support "Not an Option"
An anonymous reader writes "Microsoft wants to see IE6 gone as much as anyone else, but the company isn't going to make the decision for its users anytime soon. The software giant has been pushing IE6 and IE7 users to move to IE8 ever since it arrived in March 2009, but it's still up to the user to make the final decision to upgrade: 'The engineering point of view on IE6 starts as an operating systems supplier. Dropping support for IE6 is not an option because we committed to supporting the IE included with Windows for the lifespan of the product. We keep our commitments. Many people expect what they originally got with their operating system to keep working whatever release cadence particular subsystems have. As engineers, we want people to upgrade to the latest version. We make it as easy as possible for them to upgrade. Ultimately, the choice to upgrade belongs to the person responsible for the PC.'" Of course some big Web sites aren't waiting for Microsoft. Reader Yamir writes, "Google's Orkut, a social networking service popular in Brazil and India, has started warning IE6 users that the browser will no longer be supported. Just last month, YouTube started showing a similar message." -
Yemenis Should Be Incensed At Websense
Slashdot regular Bennett Haselton writes "Websense, a US-based Internet-censoring software maker, claims not to sell to foreign governments that are censoring Internet access for all of their citizens. But the OpenNet Initiative reports that national ISPs in Yemen have been using Websense to filter Internet access for at least the past four years. Will Websense revoke their license? And what would happen then?" Update: 08/10 21:01 GMT by KD : Bennett adds, "After the story ran, Websense sent me this update." "Since we were informed about the potential use of our products by Yemeni ISPs based on government-imposed Internet restrictions in Yemen, we have investigated this potential non-compliance with our anti-censorship policy. Because our product operates based on a database system, we are able to block updated database downloads to locations and to end users where the use of our product would violate law or our corporate policies. We believe that we have identified the specific product subscriptions that are being used for Web filtering by ISPs in Yemen, and in accordance with our policy against government-imposed censorship, we have taken action to discontinue the database downloads to the Yemeni ISPs."The Internet censoring software maker Websense has a published policy on their website against allowing their software to be used for government-mandated censorship:
Websense does not sell to governments or Internet Service Providers (ISPs) that are engaged in any sort of government-imposed censorship. Any government-mandated censorship projects will not be engaged by Websense. If Websense does win a business and later discovers that the government is requiring all of its national ISPs to engage in censorship of the Web and Web content, we will remove our technology and capabilities from the project.
This supposedly differentiates the company from competitors such as Smartfilter (now owned by McAfee), which according to OpenNet Initiative reports, is used to censor the Internet in several African and Middle Eastern countries including Tunisia, Saudi Arabia, UAE, and Sudan. Websense once enthusiastically competed for the contract to censor Internet access in Saudi Arabia, but has now apparently ceded such markets to Smartfilter.
However, according to the ONI, the two national ISPs in the country of Yemen are using Websense to censor Internet access for all users. The researchers found that some sites are blocked in Yemen that are probably not on Websense's original filtering list, such as the Yemeni Socialist Party, as well as sites that are blocked under standard Websense categories, such as pornography, sex education materials, and "anonymizing and privacy tools" (presumably, proxy sites).
Websense declined to tell me whether they have ever revoked an ISP's license to use Websense after discovering that the ISP was using it in violation of their anti-government-censorship policy. They also declined to say whether they had any ISP customers in Middle Eastern countries, apart from Yemen. (For any Middle Eastern ISP using Websense, there's a high probability that they would be doing it as a result of a government mandated filtering policy, and hence in violation of Websense's stated rules.) But regarding the use of Websense in Yemen, Websense did reply to say simply, "We will look into the matter. If our software is being used in violation of our policy, we will take appropriate action." I think that if they were serious about preventing their software from being used for government censorship, they should have red-flagged any purchase from a national ISP in a country with one of the worst press-freedom ratings in the world, but better late than never.
There are only about 200,000 Internet users in Yemen, compared to over six million in Saudi Arabia, millions more in other censored Middle Eastern countries, and 300 million in Internet-censored China. (And even the Yemenis' Internet access is not filtered all the time, since the ONI report says that the number of concurrent licenses for Websense purchased by the Yemeni ISPs is less than the number of Yemeni Internet users, and when the number of concurrent users exceeds the number of licenses, all requests go through unfiltered!) So it would be a small step towards global liberation of the Internet, but still equivalent to de-censoring Internet access for every resident of Boise if the city had 100% broadband penetration, which is enough to justify putting the squeeze on Websense.
What exactly would happen if Websense did revoke their license for the Yemeni ISPs? They couldn't force the ISPs to uninstall the software, but they could stop allowing them to download further updates to the Websense blocked-site list. Most installations of Websense are configured to download updates to the list every day, to block the latest adult websites as well as to try and stay ahead of newly released proxy sites. Once the list updates stopped, all existing blocked websites would remain blocked, but newly created adult sites and proxy sites would be accessible, and the filtering would gradually become less and less effective. So it would be a concrete victory for Yemeni Internet users, and not just a symbolic gesture.
How would we know if Websense went through with it, anyway, if they refuse to confirm or deny that they have revoked the licenses for Yemen? The ONI declined to tell me how exactly they determined that Yemeni ISPs were using Websense. (Not that I mind; they could have obtained this information with the help of people whose jobs and freedom would be at stake if they were found out, in which case ONI would not be able to share their confidential sources.) Presumably the ONI could repeat their research in the future to determine if Websense were still being used. However, even if they can see that Websense software is still being used to censor the Internet, it may not be easy to tell whether the Yemeni ISPs are still downloading updates to the blocked-site list. My suggestion: Create a new proxy site and don't publicize it anywhere, but report it to Websense for blocking. Test a few days later to verify that it's blocked by Websense, but not by Smartfilter or other popular blocking programs. Then see if it's blocked in Yemen as well. If not, then hopefully that means that Websense cut them off.
And then what? Maybe the Yemeni ISPs will just continue using Websense with a frozen copy of the blocked site list, reasoning that most of the well-known adult sites that users are going to try to visit, are probably already on that list. Maybe they'll set up a shell company in another country, posing as an ISP requesting a legitimate copy of Websense, and buy a new list subscription that way. But it will still be worth it to press Websense into revoking their license, even if it only breaks Internet censorship in Yemen for a few months or a year. At that point, perhaps they'll just take their business to Smartfilter like almost every other Middle Eastern country that censors the Internet.
After all, we shouldn't pick on Websense too much, when Smartfilter is censoring national Internet access for about 100 times that many users in total. If Websense says they don't provide software to government censors, then we should hold them to that. But the real scandal isn't that American censorware companies provide filters to censoring governments while claiming not to, it's that American companies are doing it at all.
-
China's Response To the Internet Addiction Death
eldavojohn writes "Last week, news broke of a tragic incident that resulted in the death of a 16-year-old boy at one of China's internet addiction camps. Details were scarce except for reports that the camp remained open. New reports are now coming in from China Daily that report 13 arrested and the camp closed down on Friday with 122 participants being sent home. The vice-chief of the district has stated that the authorities are working on the case to identify and punish the criminals involved in the death. Xinhua is reporting that the camp was unlicensed. This is directly in conflict with what the Southern Metropolis Daily reporter is saying, 'When the reporter arrived outside the rear wall of the school, children on the third and fourth floors started to stick notes into aluminum cans, drink bottles, and slippers, and others folded notes into paper planes. They tried to throw them over the wall, but owing to the distance, none of them succeeded. Some children had papers bearing the messages "SOS" and "beating" which they waved out the windows. Some wrote calls for help on their clothing, which they displayed to the reporter. Some even yelled for help. They were all stopped by the instructors.' Here is that original story in Chinese. Is China handling this delicate issue appropriately or are the news reports of justice and monitoring treatments merely a facade?" -
The iPhone SMS Hack Explained
GhostX9 writes "Tom's Hardware just interviewed Charlie Miller, the man behind the iPhone remote exploit hack and winner of Pwn2Own 2009. He explains the (now patched) bug in the iPhone which allowed him to remotely exploit the iPhone in detail, explaining how the string concatenation code was flawed. The most surprising thing was that the bug could be traced back to several previous generations of the iPhone OS (he stopped testing at version 2.2). He also talks about the failures of other devices, such as crashing HTC's Touch by sending a SMS with '%n' in the text." -
What Questions Should a Prospective Employee Ask?
Mortimer.CA writes "Even though things aren't great in the economy, it's prudent to plan ahead to when things (hopefully) pick up. In light of that, I'd like to update a previously asked question in case things have changed over the last four years: What do you ask every new (prospective) employer? When you're sitting in the interview room after they've finished grilling you, there's usually an opportunity to reciprocate. There will be some niche questions for specializations (sys admin, programming, PM, QA, etc.), but there are some generic ones that come to mind, such as: what is the (official) dress code?" Similarly, what questions should you avoid? Read on for the rest of Mortimer.CA's thoughts. He continues with these suggestions:
"What about my resume caught your eye? What hardware/software am I expected to use at my desktop (e-mail, OS, editor, source control, etc.)? Are there team lunches or get-togethers? What are your goals for the next six months, one year, three years? What ticket/issue tracking system do you use? Do you have separate build/stage/QA/etc. environments? How do you keep track of documentation? What are your full names (so I can Google them)? What are the typical hours of the team members? Those are some of the ones I've thought of after some digging around. Are there the generic ones that you ask? What are some question for various niches? (e.g., for sysadmins: what config mgmt software do you use?)" -
OnLive and Gaikai — How To Stop a Gaming Revolution
happierr writes "The gaming industry has been struggling in the last few months, and it is about to struggle even more when OnLive and Gaikai launch later this year. The new services are both a step in the right direction to counter piracy and provide easily-accessible gaming to people with low-end PCs. They might even do for PC gaming what the Wii did for casual gaming; greatly expand the market and draw interest from people who would not ordinarily play games. The services are a real threat for the Big Three video game companies (Microsoft, Sony, and Nintendo). How will they combat these revolutionary services? There are a few steps that the Big Three are taking to combat the New Two, such as an increased reliance on peripherals and vision cameras, exclusivity deals, and more online multiplayer features, which OnLive and Gaikai will have a hard time matching." -
Sony Producing New PS3 Hardware, Slim Appears Likely
The Opposable Thumbs blog reports on a confluence of rumors and information leaks that suggest Sony will be unveiling a PS3 Slim sooner rather than later. Despite waning console sales, orders for PS3-related hardware have risen sharply. There's evidence to suggest that Sony is phasing out its 80GB model, which would help clear the way for a hardware revision. Some expect the official announcement to come as early as August 18th, during the gamescom expo in Germany. -
Malaysian Government Wants Internet Filtering
adewolf tips news that the government of Malaysia is looking into the development of an internet filtering program. According to a Reuters report, "A vibrant Internet culture has contributed to political challenges facing the government, which tightly controls mainstream media and has used sedition laws and imprisonment without trial to prosecute a blogger." The Malaysian government insists that such a filter would only be used to block pornography, though critics of the plan expect it would be wielded as a political tool, censoring websites that are critical of the current administration. "An industry source says the government could impose the filters late this year or in 2010, coinciding with the rollout of a high-speed broadband network run by Telekom Malaysia. Malaysia aims to increase broadband penetration to half of all homes by 2010 as part of its drive to boost economic efficiency." -
Apple's Schiller Responds To iPhone Dictionary App Fiasco
beef curtains writes "Phil Schiller, Apple senior vice president of worldwide product marketing, responded by e-mail to a blog post discussing Apple's rejection of a dictionary app. If Schiller's e-mail is to be believed, it offers an interesting perspective on this whole issue. He said, 'The issue that the App Store reviewers did find with the Ninjawords application is that it provided access to other more vulgar terms than those found in traditional and common dictionaries, words that many reasonable people might find upsetting or objectionable. ... The Ninjawords developer then decided to filter some offensive terms in the Ninjawords application and resubmit it for approval for distribution in the App Store before parental controls were implemented. Apple did not ask the developer to censor any content in Ninjawords, the developer decided to do that themselves in order to get to market faster. ... You are correct that the Ninjawords application should not have needed to be censored while also receiving a 17+ rating, but that was a result of the developers' actions, not Apple's.' PC World has an article summarizing the drama-to-date, the blog post, and Schiller's response." -
LHC To Start Back Up In November At Half Power
mcgrew writes to mention that the Large Hadron Collider, smasher of particles, will get another chance to prove itself this November. The restart will begin with tests at half power, a mere 7 trillion electron volts (TeV), and ramp up slowly to the designed goal of 14 TeV. "Measurements indicate that some of the electrical connections could not safely handle the amount of current needed to run at the full 14 TeV, so will need to be replaced before dialing up the energy that far. But even 7 TeV is much higher than physicists have ever probed in the laboratory before. The Tevatron accelerator at Fermilab in Batavia, Illinois, is the current record holder, with collisions at 2 TeV." -
Underground App Store Courts the Jailbroken
PainMeds writes "Apple's stepped-up and controversial rejections are helping to foster competition in the app store marketplace. According to an article by Wired, developers aren't taking AppStore rejection lying down, but are turning to the hacking community's repository system for the iPhone to launch an app store of their own. The 4-month-old Cydia store is yielding notably higher sales for a few application developers than Apple's AppStore, and is reportedly running on over 4 million Apple iPhone devices, with perhaps 350,000 connected at any one time. In this store, developers are distributing applications they've written that push the limits of Apple's normal AppStore policies, with software to add file downloads to Safari, trick applications into thinking they're on Wi-Fi (for VoIP), and enhance other types functionality. You'll also find the popular Google Voice application, which was recently rejected by Apple. Third party application development has been around since 2007, when the iPhone was originally introduced, and became so popular that O'Reilly Media published a book geared toward writing applications before an SDK was available. The Cydia store acts as both a free package repository and commercial storefront to third-party developers." -
Underground App Store Courts the Jailbroken
PainMeds writes "Apple's stepped-up and controversial rejections are helping to foster competition in the app store marketplace. According to an article by Wired, developers aren't taking AppStore rejection lying down, but are turning to the hacking community's repository system for the iPhone to launch an app store of their own. The 4-month-old Cydia store is yielding notably higher sales for a few application developers than Apple's AppStore, and is reportedly running on over 4 million Apple iPhone devices, with perhaps 350,000 connected at any one time. In this store, developers are distributing applications they've written that push the limits of Apple's normal AppStore policies, with software to add file downloads to Safari, trick applications into thinking they're on Wi-Fi (for VoIP), and enhance other types functionality. You'll also find the popular Google Voice application, which was recently rejected by Apple. Third party application development has been around since 2007, when the iPhone was originally introduced, and became so popular that O'Reilly Media published a book geared toward writing applications before an SDK was available. The Cydia store acts as both a free package repository and commercial storefront to third-party developers." -
Twitter, Facebook DDoS Attack Targeted One User
An anonymous reader writes "A Georgian blogger with accounts on Twitter, Facebook, LiveJournal, and Google's Blogger and YouTube was targeted in a denial of service attack that led to yesterday's site-wide outage at Twitter and problems at the other sites on, according to a Facebook executive. The blogger, who uses the account name 'Cyxymu' (the name of a town in the Republic of Georgia), had accounts on all of the different sites that were attacked at the same time, Max Kelly, chief security officer at Facebook, told CNet News." Here are user Cyxymu's LiveJournal Google cache and LiveJournal account (unreachable at this writing). Larry Magid writes on CNet that this individual blogs about independence of a breakaway region of Georgia. Macworld has some speculation in other directions on the motivations behind the DDoS attack.
Update: 08/07 19:52 GMT by KD : Cyber attacks on Cyxymu are not new. For over a year Evgeny Morozov has been calling attention to him as the first digital refugee. -
Twitter, Facebook DDoS Attack Targeted One User
An anonymous reader writes "A Georgian blogger with accounts on Twitter, Facebook, LiveJournal, and Google's Blogger and YouTube was targeted in a denial of service attack that led to yesterday's site-wide outage at Twitter and problems at the other sites on, according to a Facebook executive. The blogger, who uses the account name 'Cyxymu' (the name of a town in the Republic of Georgia), had accounts on all of the different sites that were attacked at the same time, Max Kelly, chief security officer at Facebook, told CNet News." Here are user Cyxymu's LiveJournal Google cache and LiveJournal account (unreachable at this writing). Larry Magid writes on CNet that this individual blogs about independence of a breakaway region of Georgia. Macworld has some speculation in other directions on the motivations behind the DDoS attack.
Update: 08/07 19:52 GMT by KD : Cyber attacks on Cyxymu are not new. For over a year Evgeny Morozov has been calling attention to him as the first digital refugee. -
Apple Working On Tech To Detect Purchasers' "Abuse"
Toe, The writes "Apple has submitted a patent application for technologies which would detect device-abuse by consumers. The intent presumably being to aid in determining the validity of warranty claims. 'Consumer abuse events' would be recorded by liquid and thermal sensors detecting extreme environmental exposures, a shock sensor detecting drops or other impacts, and a continuity sensor to detect jailbreaking or other tampering. The article also notes that liquid submersion detectors are already deployed in MacBook Pros, iPhones and iPods. It does seem reasonable that a corporation would wish to protect itself from fraudulent warranty claims; however the idea of sensors inside your portable devices detecting what you do with them might raise eyebrows even beyond the tinfoil-hat community." -
Will Mainstream Media Embrace Adblockers?
Blarkon writes "Slashdotters are aware of and often use Adblock Plus," and notes that "if newspapers wanted to hit the online content industry hard right now, they would be running non-stop information about how to obtain and use Adblock Plus.' That a scorched-earth approach to blocking Internet advertising through AdBlock Plus might collapse free online competitors by starving them of revenue. If more people are aware of Adblock plus, it will be more tempting for other browser manufacturers to include similar ad blocking functionality. Might Rupert Murdoch's apparent 'traffic killing' move to paywall content be a desperate gamble to avoid the impact of a future crash in the ad-supported online business model caused by everyone's browser including something like Adblock Plus?" -
Comcast the Latest ISP To Try DNS Hijacking
A semi-anonymous reader writes "In the latest blow to DNS neutrality, Comcast is starting to redirect users to an ad-laden holding page when they try to connect to nonexistent domains. I have just received an email from them to that effect, tried it, and lo and behold, indeed there is the ugly DNS hijack page. The good news is that the opt-out is a more sensible registration based on cable modem MAC, rather than the deplorable 'cookie method' we just saw from Bell Canada. All you Comcast customers and friends of Comcast customers who want to get out of this, go here to opt out. Is there anything that can be done to stop (and reverse) this DNS breakage trend that the ISPs seem to be latching onto lately? Maybe the latest net neutrality bill will help." Update: 08/05 20:03 GMT by T : Here's a page from Comcast with (scant) details on the web-jacking program, which says that yesterday marked the national rollout. -
Comcast the Latest ISP To Try DNS Hijacking
A semi-anonymous reader writes "In the latest blow to DNS neutrality, Comcast is starting to redirect users to an ad-laden holding page when they try to connect to nonexistent domains. I have just received an email from them to that effect, tried it, and lo and behold, indeed there is the ugly DNS hijack page. The good news is that the opt-out is a more sensible registration based on cable modem MAC, rather than the deplorable 'cookie method' we just saw from Bell Canada. All you Comcast customers and friends of Comcast customers who want to get out of this, go here to opt out. Is there anything that can be done to stop (and reverse) this DNS breakage trend that the ISPs seem to be latching onto lately? Maybe the latest net neutrality bill will help." Update: 08/05 20:03 GMT by T : Here's a page from Comcast with (scant) details on the web-jacking program, which says that yesterday marked the national rollout. -
Sticky Tape Found To Emit Terahertz Radiation
An anonymous reader writes with this excerpt from New Scientist "'Peeling sticky tape has already been shown to produce X-rays, so Joseph Horvat and Roger Lewis of the University of Wollongong in New South Wales, Australia, tried to see if it could create lower-frequency terahertz radiation. "We were rather pleasantly surprised to obtain a clear signal in our first attempt," says Horvat. Strongly adhesive Scotch Magic 810 tape and weakly adhesive electrical tape both yielded strong terahertz signals, ranging from 0.1 to 10 terahertz, but only about a microwatt of power, too little for practical use (Optics Letters, vol 34, p 2195). Horvat says that refinements should increase the power by orders of magnitude.' It may be old news to Slashdot that [peeling clear tape] had been proved to produce X-rays, but watching the linked video where they use tape to expose X-ray film was pretty amazing." -
Google Acquiring VP3 Developer On2 Technologies
R.Mo_Robert writes "BetaNews is reporting that Google is acquiring On2, the video codec company and original developers of the VP3 codec from which Theora is derived. The article suggests that this may mean Google is backing Ogg Theora as the HTML5 video standard, but this is likely not the case--with Theora already being open-source and On2 having disclaimed all rights and patents, there is no reason Google should have needed to do this to push Theora. You may recall from some time back that HTML5 no longer specifies which video codec(s) a browser should support due to there being, unfortunately, no suitable codec at this time. But Google (known for supporting H.264) practically owns Web video with YouTube in most people's minds, so their influence could really swing the future of HTML5 video either way. It remains to be seen whether Google's acquisition of On2 has any bearing on their plans for video on the Web." -
Mind-Blowing Interfaces On Display At SIGGRAPH 2009
An anonymous reader writes "Tech Review has a roundup of some cool, experimental new interfaces being shown at SIGGRAPH 2009, underway in New Orleans this week. They include an amazing 'touchable holograph' display, developed by a team in Japan, which uses an ultrasound device to simulate the sense of touch as the user grasps objects shown in 3D. The other ideas on display are Augmented Reality for Ordinary Toys, Hyper-Realistic Virtual Reality, 3D Teleconferencing and Scratchable Input Devices. If this is the future of computers, sign me up." The conference has also seen the release of OpenGL 3.2 by the Khronos Group. -
Wipeout HD Loading Ads Scrapped After Uproar
RobotsDinner writes "After Monday's story about intrusive, loading-screen ads being retroactively added to the PSN racing title Wipeout HD, the popular uproar has indeed succeeded in getting Sony to pull them. You can put your pitchforks down; your voice has been heard! A Sony spokesman said, 'The ad has been removed from Wipeout HD and we are investigating the situation to ensure that any in-game advertising does not affect gameplay.'" -
Teen Killed At Chinese Internet Addiction Camp
eldavojohn writes "Sixteen-year-old Deng Senshan was tragically beaten to death by three of his instructors in an internet addiction camp in the Guangxi Zhuang Autonomous Region of China. Reportedly it was for not being able to run fast enough. An article in the Wall Street Journal says that, 'China's netizens have played a key role in drawing nationwide attention to recent cases of deaths in prisons and detention centers, so it should be no surprise that they are up in arms over the fate of one of their own. Many questioned the fairly new diagnosis of "Internet addiction" as a mental disorder.' You may recall electroshock treatment being banned from use on internet addicts in China. According to Xinhua, more than 100 juveniles remain in 'treatment' at the camp, which has stayed open. Perhaps for Senshan it would have been better to let him endure his cruel affliction instead of having his parents pay over $1,000 to have him beaten to death?" -
Yahoo Filing Reveals Details of Microsoft Deal
CWmike writes "Microsoft will pay Yahoo $50 million a year for three years and will hire at least 400 Yahoo employees as part of the companies' recent search agreement, according to a filing with the US Securities and Exchange Commission. Yahoo's form 8-K, which appeared online on Tuesday, reveals a few additional details about the agreement. The deal, announced last week, will mean that Microsoft's Bing search engine will power Yahoo's search site and Yahoo will sell premium search ad services for both companies. Five years into the 10-year agreement, Microsoft can opt out of the exclusive engagement for Yahoo's ad sales services, according to the filing. If it does, Yahoo will then keep 93 percent of the search revenue generated on sites owned and operated by Yahoo, instead of 88 percent. But Yahoo can also decide to remain the exclusive premium ad sales provider, in which case it will settle for an 83 percent share of the revenue. If Microsoft doesn't end the exclusive arrangement, Yahoo's share of the revenue will go up to 90 percent." -
Large Hadron Collider Struggling
Writing in the NY Times, Dennis Overbye covers the birthing pangs and the prospects for CERN's Large Hadron Collider (which we have discussed numerous times). "The biggest, most expensive physics machine in the world is riddled with thousands of bad electrical connections. [And] many of the magnets meant to whiz high-energy subatomic particles around a 17-mile underground racetrack have mysteriously lost their ability to operate at high energies. Some physicists are deserting the European project, at least temporarily, to work at a smaller, rival machine [Fermilab's Tevatron] across the ocean. ... Technicians have spent most of the last year cleaning up and inspecting thousands of splices in the collider. About 5,000 will have to be redone... Retraining magnets is costly and time consuming, experts say, and it might not be worth the wait to get all the way to the original target energy [of 7 TeV]. Many physicists say they would be perfectly happy if the collider never got above five trillion electron volts. Dr. Myers said he thought the splices as they are could handle 4 [TeV]. 'We could be doing physics at the end of November,' he said in July, before new vacuum leaks pushed the schedule back a few additional weeks. 'It's not the design energy of the machine, but it's 4 times higher than the Tevatron,' he said." -
Large Hadron Collider Struggling
Writing in the NY Times, Dennis Overbye covers the birthing pangs and the prospects for CERN's Large Hadron Collider (which we have discussed numerous times). "The biggest, most expensive physics machine in the world is riddled with thousands of bad electrical connections. [And] many of the magnets meant to whiz high-energy subatomic particles around a 17-mile underground racetrack have mysteriously lost their ability to operate at high energies. Some physicists are deserting the European project, at least temporarily, to work at a smaller, rival machine [Fermilab's Tevatron] across the ocean. ... Technicians have spent most of the last year cleaning up and inspecting thousands of splices in the collider. About 5,000 will have to be redone... Retraining magnets is costly and time consuming, experts say, and it might not be worth the wait to get all the way to the original target energy [of 7 TeV]. Many physicists say they would be perfectly happy if the collider never got above five trillion electron volts. Dr. Myers said he thought the splices as they are could handle 4 [TeV]. 'We could be doing physics at the end of November,' he said in July, before new vacuum leaks pushed the schedule back a few additional weeks. 'It's not the design energy of the machine, but it's 4 times higher than the Tevatron,' he said." -
Large Hadron Collider Struggling
Writing in the NY Times, Dennis Overbye covers the birthing pangs and the prospects for CERN's Large Hadron Collider (which we have discussed numerous times). "The biggest, most expensive physics machine in the world is riddled with thousands of bad electrical connections. [And] many of the magnets meant to whiz high-energy subatomic particles around a 17-mile underground racetrack have mysteriously lost their ability to operate at high energies. Some physicists are deserting the European project, at least temporarily, to work at a smaller, rival machine [Fermilab's Tevatron] across the ocean. ... Technicians have spent most of the last year cleaning up and inspecting thousands of splices in the collider. About 5,000 will have to be redone... Retraining magnets is costly and time consuming, experts say, and it might not be worth the wait to get all the way to the original target energy [of 7 TeV]. Many physicists say they would be perfectly happy if the collider never got above five trillion electron volts. Dr. Myers said he thought the splices as they are could handle 4 [TeV]. 'We could be doing physics at the end of November,' he said in July, before new vacuum leaks pushed the schedule back a few additional weeks. 'It's not the design energy of the machine, but it's 4 times higher than the Tevatron,' he said." -
Even More Restriction For German Internet
tikurion writes "It's only been a few weeks since the law dubbed Zugangserschwerungsgesetz (access impediment law) was passed in the German Parliament despite over 140,000 signatures of people opposed to it. The law will go into effect in mid-October 2009. Now Minister for Family Affairs Ursula von der Leyen implied in an interview that she is planning on extending the reach of the law, claiming '...or else the great Internet is in danger of turning into a lawless range of chaos, where you're allowed to bully, insult, and deceive limitlessly.' More on golem.de via Google translate (here is the German original)." -
Microsoft Drops Windows 7 E Editions
A week after Microsoft agreed to include a browser ballot screen in Windows 7 systems sold in Europe, then announced that those systems would initially include no browser at all — specifically, no Internet Explorer — Microsoft has changed its mind again and dropped talk of a European Windows 7 E edition. Here is the official Microsoft blog announcement, which includes a screen shot of the proposed ballot screen. The browsers are listed left-to-right in order of market share, with IE therefore having pride of place. PC Pro notes that, since the ballot screen would not appear if IE were not pre-installed, Microsoft's proposal opens the door for Google to work with PC manufacturers to get Chrome on new machines. Note that the browser ballot screen has not yet been accepted by the EU, though the initial reaction to it was welcoming. -
Students Settle With TurnItIn In Copyright Case
An anonymous reader writes "With the deadline for a Supreme Court appeal rapidly approaching, the students who sued TurnItIn.com for issues surrounding copyright infringement reached a settlement with the site's company on Friday. Now the search goes out for any student who has a paper which is being held by TurnItIn that they did not upload themselves. If your teacher uploaded a paper and ran a TurnItIn report without your permission, I bet the students' attorney would like to hear from you."