Slashdot Mirror

km790816 writes: "I was just reading an article in the EETimes about the possible war over the technology to replace the PCI bus. Intel has their 3GIO. (Can't find any info on Intel's site.) AMD has their HyperTransport. There has been some talk about HyperTransport going into the XBox. I hope they can agree on a bus. I don't want another bus standard war. So when can I get a fully optical bus on my PC?" Now that's what I'd like: cheap transceivers on every card and device, and short lengths of fiber connecting them up. Bye bye to SCSI, IDE, USB, Firewire ...

buss_error writes: "In today's world of "The server is acting funky, reboot it!" comes this little gem from Techweb." I can totally imagine how it happened as well. Let's hope the dry wall didn't do anything to decrease the life of the machine. *grin*

buss_error writes: "In today's world of "The server is acting funky, reboot it!" comes this little gem from Techweb." I can totally imagine how it happened as well. Let's hope the dry wall didn't do anything to decrease the life of the machine. *grin*

We've been at LinuxWorld for the last couple days, and some interesting stuff has been going on: The SAMBA folks won the $25,000 IDG/Linus Torvalds award, and SGI announced the availability of RH7-based distro using XFS ^[?] . In other news, our BOF went well with many questions about Slashcode - and the Perl Monks booth has been doing great in donations. Update: 02/01 05:18 PM by CT : The highlight for me so far was judging the "Coveted" Golden Penguin Awards w/ Don. Actually, I seriously did covet the award, beautiful hand blown glass penguin made me wish I was a contestant. We judged that Linus got the definition of BogoMIPS wrong. Fortunately his still won, but it was truly joyous seeing the surprise on his face.

Sowbug writes: "Perl programmers rejoice! Mason 1.0 was released today, though prerelease versions have been in operation for years at websites like TechWeb, Salon.com, and AvantGo. Congratulations, Jonathan Swartz (principal author of Mason)!" I don't know much about Mason, but it seems like another cool addition to the Cold Fusion/PHP world of embeddable code in Web pages.

Cynical Yorkshireman writes "I sold my soul to investment banking a long time ago ... It's nice to know that some of the Wall Street money machines are actually quite forward thinking about IT! Dresdner Kleinwort Wasserstein will announce today that (with Collab.net's help) that they are open-sourcing their internal systems integration toolkit. The official launch is today. Until recently I actually worked at DrKW, and have used this stuff a heck of a lot over the years. Basically, this is a toolkit that allows disparate systems to be connected (Sybase->RV->JMS->IIOP->ETX->MQ->UDB is a snap) in a very, very easy way. Without doubt one of the best pieces of software I have ever seen, and far and away the most useful! Go get it (when the site opens), and never worry about system interfacing again ..." There's also a Reuters story with more information. Note that openadaptor.org is still password-protected as I write this.

halbritt writes: "An article over at TechWeb asks the question, 'Is Linus Killing Linux?' The story outlines an interesting perspective with regard to Linus having complete control over the kernel and how that may not be in the best interests of the $2 billion industry looking to exploit Linux for fun and profit. It goes on to describe how a non-profit, industry funded organization should take control of kernel development so that kernel development would better suit the interests of said $2 billion industry." Actually this story amused me, since its essentially the same story that some genius journalist writes every few months. Linus is killing Linux just as horribly as I'm killing Slashdot.

quakeaddict wrote to us with the news that Open Source Development Lab has gotten two (initial) new projects approved. The first is dedicated to increasing Linux TCP/IP concurrent support from 20,000 to more than 40,000 connections, while the second is focused on scaling Linux to support applications running on 16- and 64-way systems. The wire story is out now with more details.

hmckee points to this Reuters story on TechWeb indicating that French computer buyers may soon face extra fees to compensate artists for illegal copying, levied on hard drives as well as more conventional recording media like magnetic tape. Computer-based recordable media like CD-Rs and mini-disks will be taxed starting later this month as well. hmckee writes: "Although it's not definite for France, I didn't know Germany started at the beginning of the year."

ncc74656 writes: "In this TechWeb article, AMD may have achieved one of its longtime goals of getting the Athlon into the server market. Sun's Cobalt division is set to unveil a single-processor Internet-appliance server next week that will use the Athlon. Since there's still no 760MP chipset, there won't be any MP Cobalt boxen for a while ... but not everybody needs MP, and this is still a step in the right direction."

Greyfox writes: "According to Techweb, Steve Ballmer now claims that Linux is one of the top threats to Microsoft going in to 2001. This up from his previous accounts of Linux as being nothing more than a toy etc. Expect to really see the FUD start flying now. As IBM found with OS/2, once MS percieves you as a threat, they attack like a rabid pit bull. I expect we'll see a lot more negative Linux press on zdnet, reporters paid to laud Windows and slam UNIX, fake grass roots movements, and all the other favorite MS tricks." Well, I'm not that quite that paranoid, but I'll be keping my eyes open

bstadil writes: "In the early days of Linux' entry into the mainstream (late 1998) Slashdot covered interesting wins for the OS like Burlington Coat Factory. Maybe its time to do it again. Within 48 hours Linux has made two HUGE inroads that merits mentioning. The first is the announcement of Home Depot plannig 90.000 Cash Registers running linux and Telia in Scandinavia replacing 70 Sun servers + Solaris with one IBM mainframe running Linux. One machine serving 800,000 internet accounts." ZDNet has a few more details.

Nailer asks: "With kernel 2.4 in the final stages of bug hunting, and on track for a December release, I thought it might be pertinent to discuss the future of Linux. What now? ReiserFS will apparently be in 2.4.1, but there's very little information about the mid to long term available. Where do you think Linux [the OS, as well as the kernel] will head in the future? Personally, I'd really like to see POSIX ACLs as the default permission system [allowing the fine grained access control that many apps try and implement themselves]. What do you think?"

kupolu writes: "According to this article at Techweb, AMD announced last Friday that it is dropping its plans for the Mustang processor in favor of the new AMD-760 DDR-Enabled chipset. The Mustang was going to be AMD's entry into the server market, with it's amazing up-to 2MB L2 Cache." (Actually, from this article it's hard to tell if even AMD knows what's going on; tweezing apart the code names from the capabilities of particular products to be offered is complicated.) But on the coming-out instead of dropping-off front, proxima writes: "This story on Yahoo describes that Intel is releasing two new Celeron chips on Monday. One, a 733 Mhz model, will cost $112 per chip in bulk. A 766 Mhz model will cost $170 per chip."

Lothsahn was the first to write to us about the latest statement from Linus regarding the Linux 2.4 Kernel release date. His statement says that he knows of no major showstoppers, and that he's asking the major devel houses to deploy the test kernels internally and start bug testing. Early December, hopefully, for a release.

bemis writes: "Techweb has an article about Acer's plans to bring PC and PSX gaming to DVD players in China next year (and hopefully domestically here in the U.S.) ..they are also ramping up a chipset for 266MHz DDR SDRAM for Athlon systems to bring the bus speed up from a paltry 200MHz." Not much detail is given about the hinted-at game / video boxes, but the project sounds pretty ambitious. At this rate, DVD players will pass the $100 mark soon.

bemis writes: "Techweb has an article about Acer's plans to bring PC and PSX gaming to DVD players in China next year (and hopefully domestically here in the U.S.) ..they are also ramping up a chipset for 266MHz DDR SDRAM for Athlon systems to bring the bus speed up from a paltry 200MHz." Not much detail is given about the hinted-at game / video boxes, but the project sounds pretty ambitious. At this rate, DVD players will pass the $100 mark soon.

zakath writes "This story on Techweb is telling us that Rambus' legal dept. is still working overtime - going after Transmeta and AMD this time." Well, its trickier then that. They're trying to reach out of court deals, but the article has a lot more info about Rambus and assorted acronyms that they're trying to get money for.

zakath writes "This story on Techweb is telling us that Rambus' legal dept. is still working overtime - going after Transmeta and AMD this time." Well, its trickier then that. They're trying to reach out of court deals, but the article has a lot more info about Rambus and assorted acronyms that they're trying to get money for.

Zarquon writes: "NEC has agreed to pay licensing fees and royalties to Rambus for production of SDRAM, according to this TechWeb article. They're the fourth company to give in to Rambus; Hitachi, Toshiba, and Oki have already been signed to similar agreements. If you're unfamiliar with the Rambus patent fiasco, LostCircuits has a good synopsis of the situation." Ah, yes -- beat them in the courtroom, not the marketplace.

ottotto writes: "Techweb has a story about Intel's High Speed Graphics Initiative. After discussing another doubling of the AGP, VP Pat Gelsinger said "The next part of that road map is AGP8x, an evolutionary step from AGP4x, to be followed by a future serial graphics bus." ANOTHER serial graphics bus? Is not the upgrade path to IEEE 1394B (800 Mbps Fire Wire) and beyond sufficent? Is this, along with the USB 2.0 spec another way around giving any credit or royalties to Apple?" I suppose companies have to make their plans somehow, and new products are better than living in the 1960s forever. But sometimes these "roadmaps" (which often turn out to be more like directions scribbled on the backs of napkins) seem to smack of planned obsolesence. Do you ever skip the current latest/greatest because you know what's around the corner?

Do you remember the Piranha debacle back in April? Welcome to Part II. Last Tuesday, it was revealed that Microsoft SQL Server 7.0 is shipped with a default password - just like Red Hat's piranha module. Unlike Piranha, SQL Server is very common software for large e-business websites. Unlike Piranha, the vulnerable software has been shipping for months. Unlike Red Hat, Microsoft refuses to take responsibility for their mistake, which, unlike Red Hat's, has resulted in actual documented break-ins, some at high-profile websites. So why haven't you read about it?

Because unlike Red Hat, Microsoft is getting a pass by the media.

Piranha is web clustering/failover software that was released in April by Red Hat without much QA. It somehow went out the door with a default password ("Q") and without docs explaining in big bold caps that it must be changed. If you installed the Piranha RPM without reading the docs carefully, you had a security hole on your site.

The hole allowed an attacker to come in over port 80 and execute arbitrary commands as the Piranha user, which would have been the web user. Typically that's a nonprivileged "nobody" account. While this is never good, let's just note for the record that this is a read-only exploit unless the webserver is very poorly configured.

The media flipped, in a word, out.

Piranha: A Case Study

On April 25, Computerworld announced that the "backdoor password ... could allow an attacker to compromise a Web server and deface and destroy a Web site." Informationweek and Internetweek both warned about "a back-door security flaw that carries ISS's highest danger rating." MSNBC/ZDNET ran the story as "Red Hat Linux open to backdoor password" and explained "there's a backdoor account in Red Hat's Linux that would let a computer intruder access and alter files." The Standard's early report on April 25 wasn't too bad but attacked -- as all reports did to some degree -- the strawman myth that open source is inherently secure. At least it didn't use the word "backdoor." Newsbytes was pretty much the same.

"Backdoor" implies that the flaw was deliberately inserted, by a thoughtless or even malicious programmer. Why did most stories incorrectly use that word? Mostly because that was how it was described in the press release. A security firm called Internet Security Systems found the flaw on April 24 and sent out a security advisory that used the term four times by the end of the first paragraph.

ISS also made some interesting statements when speaking to the press about the vulnerability. Oft-quoted was a line about open-source being both a blessing and a curse (the media loves "on the one hand, on the other hand"). I also liked this comment from their research director:

"There's limited quality assurance in the open-source environment," says Rouland, "because open-source software is basically a bunch of peoples' hobby."

Of the early stories about Piranha, the best one I found was Henry Kingman's ZDNet piece on April 24 (both early and accurate: amazing). CNET's on April 25 wasn't bad either, though they let ISS lay down the anti-open-source and pro-Microsoft propaganda a little thick.

In the days to come, the story didn't change much except to note that Red Hat -- correctly, as it turned out -- denied the seriousness of the vulnerability and tried to explain that it wasn't really a backdoor. Inter@ctive Week's Charles Babcock did such a piece on May 1.

Computer Reseller News still called it a backdoor on April 27. And NetworkWorldFusion's report and Informationweek's followup both came out on May 1, both got the important facts right, but both still called it a backdoor.

ClieNT Server News ran an article in their May issue explaining "Red Hat Red-Faced." I'm not about to pay to read the whole thing. The free synopsis that's available smirks at how "embarrassed" the company must be, and ends: "It seems that Red Hat left a back door in," dot, dot, dot.

The Standard had a second, fair piece that eschewed the term and even, after quoting the line about open-source being a "hobby," gently suggested otherwise.

But the gold stars go to just two good reports. SecurityFocus' Elias Levy, on May 1, turned the spotlight on ISS by pointing out how they "...can make headlines by using the right jargon, even when it's wrong." And Linux World News' Liz Coolbaugh, who had weighed in a few days earlier, questioning the media's coverage in her story "Red Hat Security Hole Not a 'Backdoor'."

If you find any more stories about Piranha, post them below. The Red Hat-bashing pretty much came to a halt a week later, when a little Microsoft-specific email virus named "ILOVEYOU" did a few billion dollars' worth of damage.

(Breaking news: all charges dropped; to quote 10,000 Maniacs, "who ya wanna blame?")

Microsoft SQL Server 7.0

You've heard about the SQL Server vulnerability, right? The one found on Tuesday, six days ago?

Well, no, you probably haven't, unless you read NTBugtraq. Even the maintainer of SecurityPortal's Microsoft Security Digest missed it this week (don't worry: I dropped him a note, he added it).

As the cracker Herbless describes it:

"It has come to light that it is now common knowledge that MS-SQL has a blank 'sa' password by default. This seems to affect a _lot_ of servers on the internet."

A default password vulnerability? Sounds familiar, doesn't it?

Here's Herbless's description and exploit code, posted to BugTraq last Tuesday. And here's Microsoft's acknowledgement, posted on Thursday.

Herbless wasn't kidding when he said it affected a lot of servers. If you're running SQL Server 7.0, with a firewall that doesn't block its port, and you haven't changed the sysadmin password, you're vulnerable.

As he described it to me, unlike Piranha's vulnerability which gave read-only access as an unprivileged user, this one typically gives access as "BUILTIN\System." I don't speak NT, so he had to describe to me what this is: "god-like powers ... greater that those of even the 'Administrator' user."

In other words, you have been 0wn3d.

You may be thinking that this is a vulnerability. Go back and read Microsoft's acknowledgement again. They say quite clearly, "The code does not exploit a vulnerability."

Does it confuse you that what was previously a "backdoor" is now not even a "vulnerability"? That threw me for a loop too -- as well as some of Microsoft's other disclaimers, which only make sense when you realize you're reading non-sequiturs about the newer version SQL Server 2000 (the vulnerability only affects SQL Server 7.0).

All will become clear, though, once you read this story from vnunet.com -- the only media story I've seen, by the way. The fault lies with the website administrators:

"Hacked websites 'didn't read the manual'

"Microsoft has blamed administrator error, rather than a bug in its software, for leaving hundreds of websites running SQL server open to attack this week."

Did they say hundreds? Yes, hundreds, at the very least. And did they say "hacked websites"? Yes -- this is not a theoretical vulnerability with no known attacks, like Piranha was.

All this month, Herbless has been cracking into websites like the National Transportation Safety Board and leaving edgy political messages (while backing up the original files and telling the admins how to close the holes). He confirmed to me that all his attacks, including the Fish and Wildlife Service, the UK's Adult Learning Inspectorate, and the Commonwealth Telecommunications Organisation, were done by exploiting Microsoft SQL Server.

Just to make the story that much better, according to Herbless, the default configuration of SQL Server 7.0 also has logging turned off -- in which case a successful attack would leave few if any tracks.

Sites are lucky if their webpages are hijacked; that way they know to fix the problem, format and reinstall. But some of those "hundreds" of websites running the vulnerable installation have surely been cracked by black hats who quietly installed Back Orifice or a similar remote-exploit program. They can set an SQL Server password, but it won't help them: they'll still be 0wn3d.

The proper fix would be to force the password to be changed before the software can be used, as piranha now does. Wayne Sowery of MIS Corporate Defence Solutions confirmed for me that "versions up to SQL Server 2000 do not ask for the SA password during installation ... we also tried various install options such as 'typical' and 'custom,' neither prompted for a new SA password." Incidentally, he too questions whether this is properly described as a "vulnerability," but I'm not sure what else it could be called.

The lesson here is that the media doesn't treat security reports very fairly. Some organizations have their own selfish reasons to push one agenda or another. (Like Slashdot? You bet. But you know where we stand.)

The motive doesn't have to be that devious, though sometimes, of course, it is. If a reporter gets to write a story that questions a core belief of Linux zealots -- whether or not it's actually a core belief, and whether or not they're actually zealots -- that will be much more attractive than simply reporting security news. The nitty-gritty of security news, after all, is rather dry.

So next time you see a biased polemic about system security, or even a small media feeding frenzy about the latest exploit, take a moment to ask why it's being reported outside of the admins' mailing lists. Open source software is still a new idea to many in the traditional news media, and that means that it's a hook for them to hang any kind of story on -- good or bad.

Bahumat asks: "I remember hearing about a year back about credit-card size solid-state hard drives that were to revolutionize the storage industry, with the capacity for 2300 gigabytes stored, and the cost of manufacture to be less than $50. The old news release [ C : dated 8/99] is posted here. Does anybody know of any updates or press releases about this technology?"

NoWhere Man writes "According to TechWeb, Intel officials have said that they plan to ship a 1.13-GHz Pentium III in limited production quantities on July 31 >(which also happens to be the anniversary of AMDZone). Interestingly enough, at the same time, the schedule for the Itanium, the companys first 64bit processor, seems to have slipped from the 3rd quarter of next year to the 4th quarter."

jjr writes "An article over at TechWeb states the date for the release of the source code Star Office 6.0 is on Oct. 13 and it will be released at openoffice.org." We've been hearing rumors of this for some time now, but I'm still looking for confirmation of the license, but the rumor is that it will be Open Source compliant, and hopefully GPL (especially considering the (well deserved) heat they took over their previous license). Rumors about the license in German. I've also heard that the among the major goals is a GTK port of the suite. Update: 07/19 01:31 PM by CT : It's apparently official: Finally a story in English proclaiming that it will be released under the GPL!

jjr writes "An article over at TechWeb states the date for the release of the source code Star Office 6.0 is on Oct. 13 and it will be released at openoffice.org." We've been hearing rumors of this for some time now, but I'm still looking for confirmation of the license, but the rumor is that it will be Open Source compliant, and hopefully GPL (especially considering the (well deserved) heat they took over their previous license). Rumors about the license in German. I've also heard that the among the major goals is a GTK port of the suite. Update: 07/19 01:31 PM by CT : It's apparently official: Finally a story in English proclaiming that it will be released under the GPL!

Greyfox writes: "The DRAM manufacturers are considering filing an anti-trust complaint against RAMBUS in an attempt to get their SDRAM patents declared unenforceable. "

kaphka writes "Sony will be freely licensing its Playstation 2 platform, as well as opening its architecture, according to this TechWeb article. I guess that's one way to deal with the emulators."

Check out the Red Hat press release running at LWN, or the news article at techweb about Google's 4000 Node Linux Box. Both articles are basically Red Hat commercials, but there's some interesting bits like the fact that they have a terebyte index of 300 million Web pages, and that they might expand their cluster to 6000 nodes in the future.

Greyfox writes "This techweb story informs us that the Cable Industry has thrown their chips in with Mpeg4 and will probably want to tweak the codec for streaming video. I'm all for it, I'm sick of QuickTime movies I can't view in Linux and RealVideo movies I'd prefer not to download the player for. "

bangpath writes "In this somewhat dumbed down and somewhat whiny article, TechWeb reintroduces BSD to the fashionable world. Perhaps more non-conformist Windows haters will be spurned into action instead of more kvetching. Or maybe not." It's interesting to note that lack of a bundled JVM is seen as a negative. Whatever happened to shipping systems relatively lean, and making it easy to add additional packages post-install, eh?

bangpath writes "In this somewhat dumbed down and somewhat whiny article, TechWeb reintroduces BSD to the fashionable world. Perhaps more non-conformist Windows haters will be spurned into action instead of more kvetching. Or maybe not." It's interesting to note that lack of a bundled JVM is seen as a negative. Whatever happened to shipping systems relatively lean, and making it easy to add additional packages post-install, eh?

Brian McLaughlin writes "This article in TechWeb describes a Visual Perception Processor (costing $6) that can automatically detect objects and track their movement in real time, according to Buereau d'Etudes Vision (BEV). They claim that a full-blown vision processing system/application could be built for less than $50 that rivals current state-of-the-art $10,000 systems. Sounds pretty cool. " Heck, with my vision, I could tear my eyeballs out and simply use these, at a fraction of the cost of new glasses.

Brian McLaughlin writes "This article in TechWeb describes a Visual Perception Processor (costing $6) that can automatically detect objects and track their movement in real time, according to Buereau d'Etudes Vision (BEV). They claim that a full-blown vision processing system/application could be built for less than $50 that rivals current state-of-the-art $10,000 systems. Sounds pretty cool. " Heck, with my vision, I could tear my eyeballs out and simply use these, at a fraction of the cost of new glasses.

Structured Audio writes "Kenwood America (the speaker maker) has moved from Pick to Linux for its enterprise resource planning apps. This Techweb article explains why Kenwood chose Linux over NT or a commercial Unix." ERP and financials are among the most important areas for Linux and open source to shine if they are to be accepted by the corporate world.

Slashdot's received a lot of submissions about RIAA actions recently, and the actions of colleges taken after the RIAA sent them nasty letters. One of the interesting things about this is that the RIAA is apparently not listing any specific offenders, just sending general warnings to any and all colleges with computer networks. Under the Digital Millenium Copyright Act, copyright holders acquired several new rights, with the promise they wouldn't abuse them. They're abusing them. (More...)

A good example is a demand letter to a Swiss university, ETH Zurich, which demands that the school immediately terminate all web pages with illegal MP3 files (illegal is of course a judicial decision; the letter presumes that all MP3s are illegal); that the school provide names and home addresses of all students with MP3 files hosted on the school's servers; that the school provide the date that those MP3 files were first hosted (for every MP3 on every server); and that the school provide the IP address for every machine anywhere on the internet which downloaded a MP3 file from the school's servers.

The letter closes with a carrot: we'll adjust our monetary demands based on how well you comply with this letter. Better hope your IP address doesn't appear too many times in those web server logs.

We can probably assume that the demands to U.S. schools are much the same - far-reaching, extortionate letters which are not specific about any particular infringement alleged to be occurring, but which are intended nonetheless to scare the universities into cracking down on their students. The terms of the compromise of the Digital Millenium Copyright Act were that the RIAA and related groups would do the policing of their copyrights - if they found a specific file that they alleged was unlawfully infringing, they have a procedure to follow, specific information to provide about the specific infringing file, and the ISP (college or whatever) is supposed to "do their part" by deleting/removing said file if the paperwork is correct. ISPs and colleges are not supposed to do the grunt work themselves - that results in the kind of overbroad crackdowns that we've seen. This was the subject of specific negotiations during the process of creating this law.

But the RIAA, of course, would prefer that schools and ISPs do their cracking down for them. So they send these general scare letters, hoping to trigger a reaction.

Scare tactics work. Universities scan through student computers, trying passwords on protected directories. The new Rio players will incorporate all of the RIAA's desired protections against copying of MP3 files - the price of settling the RIAA's lawsuit. The next target is Napster.

RIAA will now be filing suit against Napster, an application which effectively functions like a single purpose IRC server, connecting people who want to share MP3 files, whether legally or not. (There's a linux port of Napster; better download it quick.) Some schools, like Oregon State University, are so scared they're blocking all access to Napster servers from school systems. In the ideal world, Napster should probably win - the RIAA could monitor their servers and demand that infringing users be eliminated, but the service equally provides people with an avenue to share legal MP3 files, and this significant non-infringing use is all that is needed under copyright law. The article I just linked to and a nice Wired story both show Napster feebly trying to insist on their duties under the DMCA, saying that the RIAA needs to tell them in writing about specific instances of infringement - but the RIAA doesn't care about the law.

Napster, of course, has no money to fight a lawsuit. This is exactly what happened to the Rio: they won in court, but since the RIAA planned to appeal the suit and drain more money out of Diamond Multimedia, they settled by promising that future Rio's would include the RIAA's copyright protections. Like the Dentist's extortion tactics in Cryptonomicon[1], RIAA lawsuits are equally powerful whether they are on solid legal grounds or not - Napster will lose this suit, whether they win or lose, because the RIAA can afford the money to fight it and Napster cannot. So presumably Napster and RIAA will come to some agreement, settle the lawsuit, and Napster's next generation will incorporate the RIAA's demanded copyright protection system.

Just remember, RIAA CEO Hilary Rosen says she loves the idea of Napster to build communities, "but not on the backs of huge mega-corporations with billions of dollars of revenue quarterly."[2]

The RIAA is hardly the only abuser. The Business Software Alliance, essentially a front group for protecting Microsoft's copyrights, does similar things with regard to "pirated" software. (What a PR genius it was who thought of describing all copying of software as piracy! Probably the same person behind the "cyber-squatter" label for anyone who owns a domain that a company covets.) The BSA is now raiding homes of people accused of copying software.

The idea behind copyright is to expand the amount of information available to the public by creating a government-mandated monopoly on reproducing it - for a limited time (28 years maximum, at the beginning - today the maximum copyright term could be over 150 years). Copyright has always has the inherent give-back to society - the work would pass out of protection, and then anyone could copy it and use it as they saw fit. But copyright is now essentially unlimited - over the last twenty years, the length of the copyright period has increased by forty years, so that essentially no materials produced since World War I have entered the public domain. In about 15-18 years, copyright holders will again be petitioning Congress to extend the copyright term, so that entities like Mickey Mouse never enter the public domain. The extension is now being challenged as unconstitutional, but the challengers lost in District Court and it's far from certain that this suit can succeed.

In today's world, it's customary to speak of copyright as some sort of innate right. It isn't. It's there for the betterment of society, but its functioning, today, contributes nothing to society - all it is is a government-sanctioned monopoly transferring money from your pocket to others, with nothing ever given back - and no possibility of give-backs until 2019, under current law.

We need to rethink copyright. It's not a fundamental right of corporations to receive a 95-year government monopoly. Businesses plan on a five-year cycle - if something isn't forecast to make a return on investment in five years, it doesn't get done. A five-year grant of copyright to corporate authors would serve just as well in promoting the development of new material, and would bring a tremendous amount of material into the public domain, which is copyright's true intent. With a much smaller amount of material actually under copyright, enforcement of it would be far simpler and more straightforward.

But naturally this would cost certain companies a lot of money - they're used to wallowing in their government-granted monopoly. Disney has made back their costs for creating Mickey Mouse billions of times over, but they're used to the cash flow now and would be willing to buy an entire Congress to protect it. The Digital Millenium Copyright Act was passed with the aid of a great deal of subterfuge, but most importantly, a great deal of campaign contributions. Now you can be a criminal not just for actually copying anything, but for making a "device" (hardware or software) which facilitates copying - we're talking five years in Federal prison. Imagine doing five years in Federal prison so that Congress can protect their campaign donations, errr, I mean, Disney's cash flow.

We're extremely close to the day when debuggers are illegal. Through threats, strategic campaign donations, and outright extortion practiced on upstart companies, copyright-holders like the RIAA are building copyright protection into the very infrastructure of computing.

Making changes in this system requires a fundamental commitment from the U.S. populace that it be changed. The commitment doesn't exist yet, but as more and more people experience the power of copyright to affect what they can and cannot publish online, and the abuses of the companies dedicated to protecting copyright beyond the terms of the increasingly-protective law, perhaps it will in the future.

Some slashdot readers will no doubt say, "Open source, you idiot!" Open source is a reaction to these problems, not a solution to them. Despite the open source phenomenon, the trend is toward more and more works being locked up, and locked up permanently, behind laws and cryptographic protocols. It shouldn't have to be a war between words, pictures and code that is always free to use and words, pictures and code that is locked up for all eternity - we should demand that the social contract envisioned in the Constitution be fulfilled by forcing copyright holders to give back to society, whether they want to or not.

-- Michael Sims

[1] Gratuitous Cryptonomicon reference provided free of charge.

[2] Quote may not reflect Rosen's exact words, but does reflect her intent.

aculeus writes "TechWeb reports that Judge Lee Benson has dismissed all eight of Microsoft's motions for summary judgment on antitrust grounds, clearing the path for a trial to begin in Utah on Jan. 17. " Yes, the other court battle, the one that doesn't get talked about as much. The judge's decision to go with a jury means that he thinks that Caldera has basis for their legal complaints - a good sign, I suppose. The case itself is based upon Caldera's ownership of DR-DOS and fighting with Microsoft over that.

coaxial writes "According to Techweb, STMicroelectronics and Telia Research AB demonstrated VDSL (Very-High-Bit-Rate DSL). Supposedly it will allow 60Mbps and be available by 2001. " I've heard rumours of demonstrations to be down at Comdex in couple weeks. Need to keep my eyes open for that.

coaxial writes "According to Techweb, STMicroelectronics and Telia Research AB demonstrated VDSL (Very-High-Bit-Rate DSL). Supposedly it will allow 60Mbps and be available by 2001. " I've heard rumours of demonstrations to be down at Comdex in couple weeks. Need to keep my eyes open for that.

Tim Behrendsen writes "TechWeb is running an article claiming that Hotmail is not filtering all known viruses. Microsoft claims in return that the problem lies with running under FreeBSD. Bad publicity for Free Software? IMO, it's a bit unfair to call it a MS security problem, since normal ISP e-mail servers don't filter viruses, either."

Meta-comment: For what it's worth, this is exactly the sort of story the BSD section is for. It mentions a BSD (in this case, FreeBSD, although it could have been any of them) in passing, and isn't really sufficiently technically detailed or newsworthy for the front page. But it's still of passing interest.

Tim Behrendsen writes "TechWeb is running an article claiming that Hotmail is not filtering all known viruses. Microsoft claims in return that the problem lies with running under FreeBSD. Bad publicity for Free Software? IMO, it's a bit unfair to call it a MS security problem, since normal ISP e-mail servers don't filter viruses, either."

Meta-comment: For what it's worth, this is exactly the sort of story the BSD section is for. It mentions a BSD (in this case, FreeBSD, although it could have been any of them) in passing, and isn't really sufficiently technically detailed or newsworthy for the front page. But it's still of passing interest.

In the CPU market, both IBM and HP have new offerings. The first chip is IBM's 500-MHz PPC 440 for embedded systems, etched at .18 microns, and the second is the HP PA-RISC 8600, which uses the same core as the 8500. The IBM chip is for embedded applications, while the second is for workstations. The HP debuts at 500 MHz, and will soon be followed by the 8800.

SyntheticTruth writes "It seems the specs for the IPv6 standard use the 48-bit NIC address as part of the unique IP address, which can be used to trace packets back to the user's computer. " The story is asking why people don't seem to care about something which is gonna certainly raise privacy concerns.

Magorak writes "There's an interesting article I found here about Linus Torvalds' take on the future of the software and hardware industry. There's tidbits about Linux's future itself, the competition with Microsoft, and about customized software becoming more important. It also gives us an interesting view on how Linus sees the future of computers and technology. "

Baraka writes "As if reading the e-mails of their employees wasn't enough, some corporations have gone as far as to install hidden software on their client boxes. The software secretly monitors all keyboard and app activity. At the end of the day, the gathered information is e-mailed to the "offending" employee's boss. Read it and weep, folks. Looks like Big Brother is alive and well in the officeplace. "

Floydian Slip wrote to us with the updated story about a company called Axeon that is aiming to use the concept of artificial neural networks in a processor called the "Learning Processor." It's an array of 256 8-bit [RISC] chips in parallel. The company is aiming in a lot of places - mobile communications, inertial navigation and image analysis. The article also gives some of the background of the "neural chips".

Tekmage writes "Intel has just announced that they'll be shipping their ethernet encryption co-processor in their fourth quarter. Definitely a must (IMHO) for anyone considering wireless networking. "

Tekmage writes "Sun has just announced the release of it's SPARC IP core under their Community Source License. " The dialogue over whether or not the SCSL is a good license continues, but it's better nothing, IMHO. Interesting move on their part, especially given IBM's recent moves with the PowerPC designs.

ansible writes " Saw this story on Techweb.com: Compaq has announced thin client hardware, including one that runs Linux. " The most interesting thing is the fact that the thin clients have a PCMCIA port and 2 USB ports. USB? Wouldn't it be swell if Compaq had some code for us? (he says eyeing the unusable USB port on his desktop and laptop)

SEWilco writes "As Slashdot readers know, today's date abbreviated as 9999 may cause problems in some older computers. So far only one report of a Tandy problem. 9s-day no problem in New Zealand and Hong Kong, Guam OK and USA still has electric power on 9/9/99. But seriously, folks, today is a big day for numerologists, pagans, and Nostradamus. So far today the NASA Near-Earth Object Program has not seen a comet coming to hit us. But what is so special about the Era of Alexandria 7491 anyway?"