Slashdot Mirror

pixie writes: "A new press release from Zero Knowledge announces a new service that offers protection against invasive tracking and other security threats called WebSecure. The basic difference between this service and the Freedom Network is, that instead of bouncing the request to a number of different servers to obfuscate the original request, WebSecure makes a single pass through servers at Zero-Knowledge." This Internet Explorer-only, not-really-private-at-all service is a big step down from the services they used to provide.

texchanchan writes: "From a Yahoo! science article, 'SYDNEY (Reuters) - Scientists met in Australia on Wednesday to launch the next wave in a global climate-alert system by seeding the southern seas with thousands of floating hi-tech robots.' There are already '347 5-feet-tall robotic profilers' mostly in the northern hemisphere. Future releases will 'fully cover the world's oceans by 2006'."

pcs305 writes " According to a news article at Yahoo, Compuware is accusing IBM of stealing code and copying Compuware manuals. They also accuse IBM of being a monopoly in the mainframe market and of anti-competitive behaviour. "

James writes: "The New Scientist, Reuters, and the San Jose Mercury News, are all carrying stories on a U.K. Royal Society report which confirms that depleted uranium shells, used widely in the Gulf War and the Balkan conflicts, are in fact deadly to bystanders. Moreover, it seems that U.S. servicepeople have been most at risk, and civilians remain at risk years after the use of such shells. The Royal Society report is being described as portraying the situation in the most favorable light, and critics say the truth is far worse."

idiotnot writes: "This editorial from the New York Times, by Jonathan L. Zittrain, a professor at Harvard Law School, urges legislators to exercise caution in regulating the PC. Eisner, et. al. want to limit the PC's capability, which will limit what PC users are allowed to do. See this earlier story about Eisner's testimony to Congress. '[W]e should beware the haste with which some would sacrifice flexibility for control.'" Other readers submitted a story in Hardware Central and an AP article. Seems like the ruckus over the SSSCA is finally reaching the mainstream press.

Guinnessy writes "A pulsar that has been viewed by the Very Large Array in New Mexico for the past ten years, is only 65,000 years old not 107,000 years as astronomers previously thought. The new results suggest that the main techniques that astronomers use for measuring the age of pulsars is completely wrong. There's a press release about it the NRAO's web site."

thing12 writes "On Thursday Paolo Molaro announced that he had managed to build the MCS C# compiler using MCS. This is a big step forward for Mono, as it means that Mono is almost a self hosting environment."

Mustin writes: "'Project Majestic Mix: A Tribute to Nobuo Uematsu' is the combined effort a group of musicians from around the world, connected only through the Internet. Together, they have created the first legal, fan-made, fan-financed game music album to be released in America. Perhaps the most famous game composer, Nobuo Uematsu is hailed for his work in the 'Final Fantasy' series of RPGs. Nevertheless, the tunes are not kiddy stuff, with a full 74 minutes of arrangements in styles varying from orchestral to rock and techno to jazz. The Silver Edition is currently available for preorder exclusively through AnimeNation.com with a release date of March 31st, and the Unlimited Edition will be obtainable via most online music retailers. To preview mp3 clips of the music and access more detailed information, visit the project's site at www.MajesticMix.com"

RedCard writes "Wired has an article up about congressman Rick Boucher wanting to introduce legislation to prevent or regulate anti-copying/ripping technology being introduced on CDs."

Guinnessy writes: "The Financial Times has a short story on a global copyright treaty that comes into force today, despite controversy over whether it will help or hinder creativity on the internet. You can find an actual copy of the treaty at the World Intellectual Property Organisation."

elfdump writes: "In an article (pdf) soon to be published in ACM Transactions on Information and Systems Security, security researchers have discovered that data transmitted through modems and routers can be remotely reconstructed from the equipment's LED status indicators. According to experiments, their light-to-information retrieval method is successful even when the light is captured 'at a considerable distance' from the source. If you want to prevent people from spying on your data, you may want to tape up those blinking LEDs!"

Dr_LHA writes: "This story on Yahoo! reports that the federal judge on Monday dismissed a lawsuit that claimed the influence of video games and movies where what caused the Columbine High School massacre. Obvious to those of us who play GTA3 regularly but still manage to overcome the urge to plough over pedestrains on the way to work in the morning, but good to see someone high up showing some sense."

Sinistar2k writes: "Showing remarkable restraint and an unwillingness to shout 'Give it up for me!', Steve Ballmer comes across as a poor, beat down soul in the video deposition (Windows Media or RealPlayer required) released today by US District Judge Colleen Kollar-Kotelly. Also available are text depositions of Ballmer and Allchin." gouldtj adds: "Here is a timeline on the Microsoft trial. It is pretty complete, and it goes back to 1990. It is nice to see all of this in one place, I'd almost forgotten about the old stuff. It just reminds you how long this stuff can take." Finally, ackthpt writes: "The nine non-settling states have modified their requirements, rather than Microsoft having to sell various versions of Windows, they would have Microsoft Windows sold as a modular platform, where the user could opt for different vendors software for different uses. Just days ago the nine settling states were rattled by Microsoft's end-around, challenging state attorneys' general participation in anti-trust procedings." And if your own computing (or career) depends on a Microsoft operating system, Roblimo suggests that you stop using it, because Steve Ballmer says Microsoft may take it away.

Sinistar2k writes: "Showing remarkable restraint and an unwillingness to shout 'Give it up for me!', Steve Ballmer comes across as a poor, beat down soul in the video deposition (Windows Media or RealPlayer required) released today by US District Judge Colleen Kollar-Kotelly. Also available are text depositions of Ballmer and Allchin." gouldtj adds: "Here is a timeline on the Microsoft trial. It is pretty complete, and it goes back to 1990. It is nice to see all of this in one place, I'd almost forgotten about the old stuff. It just reminds you how long this stuff can take." Finally, ackthpt writes: "The nine non-settling states have modified their requirements, rather than Microsoft having to sell various versions of Windows, they would have Microsoft Windows sold as a modular platform, where the user could opt for different vendors software for different uses. Just days ago the nine settling states were rattled by Microsoft's end-around, challenging state attorneys' general participation in anti-trust procedings." And if your own computing (or career) depends on a Microsoft operating system, Roblimo suggests that you stop using it, because Steve Ballmer says Microsoft may take it away.

Slashback tonight with an mini-avalanche of updates and corrections on Pioneer 10 (it's not a Star Trek series), Canadian copyright hearings, Intel's stance on SSSCA and similar laws, and -- Oh Yes, whether 640K really is enough for anyone. Read on for the details. Update: 03/05 00:19 GMT by T : "Pioneer," not "Voyager." Asleep at the keyboard.

Kudos to the guys behind Pioneer 10! Soft writes: "As a follow-up to yesterday's story, Pioneer 10 was successfully contacted for its 30th birthday, as announced in sci.space.news. The commands that were sent yesterday have been executed by the spacecraft, and more data has been collected by the Geiger Tube Telescope." lostchicken adds a link to Associated Press wire story on Yahoo!', writing "Not bad for a 30 year-old spacecraft. Perhaps those making time capsules could learn something from this?" Several readers also pointed out the SpaceDaily version of the goings on.

What, in the middle of Canadian winter?! schon writes: "An update to this /. story - The Canadian Copyright Board has announced the details of the public hearings on Canadian Digital Copyrights, at http://strategis.ic.gc.ca/SSG/rp00838e.html. Interested parties should register before attending (details available on the page.)"

Sent to you in compliance with the current Federal legislation An Anonymous Coward writes: "Back in June of 2000 Slashdot.org reported a story called ' Taking On A Spammer' about a spammer being hacked by a pissed sys-admin. The Behind Enemy Lines web page talked about a pump-and-dump spam done by Premier Services and Mark Rice."

(See this page for more information on that scam.)

"Well on February 25, 2002 the SEC filed charges against Mark Rice!"

Death of a legend? Jean-Luc writes "The New York Review of Books has published an article that contains an e-mail from Bill Gates denying he ever said the infamous "640K should be enough for anyone" quote. He foists the blame on IBM and claims he tried to convince them to include more address space from the get go. Very technical and fairly convincing, showing that for all his might Bill is still basically a geek's geek."

They hadn't even gotten to the bowlderizing chip yet ... Dan Gilmor pointed out Intel's strong statement Thursday on copy protection front, "much stronger than the letter sent yesterday. Surprising given their history..." Maybe Intel believes they can do a better job of what deciding what goes into Silicon than a committee of bureaucrats steered by the entertainment moguls can.

nakhla writes: "This article at News.com details how Macromedia is expanding its Flash product to be more of an all-in-one web solution. Rather than relying on HTML codes to design web pages and embedding Flash as one component, Macromedia wants Flash to be used to design the entirety of a site. Pre-built components, such as scrollbars and buttons, are included to allow designers to write everything using the new Flash product. With websites becoming more and more complex, and the trend to move towards providing web services rather than application software, could something like this be the answer? The article also mentions how Macromedia is on a campaign to have its Flash plugin included in all Internet-compatible devices. How long before we see a Qt based plugin for the Qtopia handheld project?"

Red Leader writes: "This article covers a new portable radiation detector. A serious problem with conventional Geiger counters is that they don't indicate the type of radiation they're picking up. Thus, fissile material can be disguised as medical stuffs. This device uses a 'low-power cryogenic cooling mechanism originally designed for the aerospace industry' to cool a germainum detector rather than a really big thick-walled steel tank of liquid nitrogen."

evil_one writes: "Shortly after the article on ReplayTV mods, comes this story about TiVo cost increases." A 30% increase in the cost of TiVo service will probably affect a lot of readers -- and might just make the hassle of a homebrewed PVR a little more attractive. Of course, TiVo service is what makes a TiVo more attractive than a plain recorder anyhow.

Some Guy writes: "Javaworld has another article (the second in a series of three) on Aspect-Oriented Programming. Grady Booch wrote last year that AOP is one of three signs of a disruptive software technology in the horizon: a technology that could take us to the next level beyond object-oriented programming."

larsoncc writes: "According to this article on CNET, a Senate Bill will likely force the issue of adding copy protection to hardware. They are giving the industry 12 to 18 months to come up with a voluntary solution to the "problem" of copies, and if not... Well, you just have to read the article. Insane." Wired also has a story. The IP list published two interesting documents: an account of the hearing by an attendee, and a letter from Intel published immediately after the hearing. Read the letter carefully - note that the disagreement between the tech industry and Hollywood is not over whether or not copy protection will be implemented into every electronic device, but only whether or not this should be written into law. If the SSSCA isn't passed, Intel (and others) get a lot of leverage over Hollywood. If it is, Intel's leverage disappears. But since both sides want to build copy protection into everything, they only differ over the process, we're in trouble either way.

Slashback brings you updates and amplifications on the SSSCA, the future of RAMBUS and Intel, fragmentation of filesystems, a book reviewer who's been publishing online longer than some slashdot readers have walked erect, and more. Read on for the details.

A screenplay written by Jack Valenti? cc_pirate writes: "Apparently Sen. Fritz Hollings (D - Disney, er - SC) completed his hearings today on how the media needs to have content protection included in computers. Intel and other high tech companies resist and are chastized by Hollings."

Penguins are the new Turtles. Gerein writes "After many months of extreme lobbying, personal attacks, public petitions and surveys, the war over the future OS of the Bundestag (German parliament) is finally over (previous /. stories). As heise reports (in german, use the fish) Linux won't make it to the desktops (they're going with XP) but will take over the 150 servers. The last critical question over the directory service has finally been decided in favor to OpenLDAP instead of Active Directory. It's not the complete victory for Linux, many had hoped for, but it's a start for more Open Source in the German government."

Full disclosure seems like a nice idea. Merlynnus writes: "Yahoo! is running a story, Copy-protected CD makers lose battle, in which Music City Records, Fahrenheit Entertainment and digital rights management company Sunncomm have 'agreed' to stop collecting personal info, and to label copy-protected CDs as defective, er, play-challenged in certain devices. The agreement came as the result of court action by a Cali resident, Karen DeLise, over the Charlie Pride CD, 'Charley Pride: A Tribute to Jim Reeves.' Did that CD really need copy-protecting?"

This should have been transparent. Metrollica writes: "It turns out the transparent aluminium article at Spiegel was misunderstood. Sci-fighter published a correction. The transparent substance was not aluminium but alumina, shorthand for aluminium oxide. Slashdot reported on transparent aluminium here."

Odds are, somebody's written a thesis on it ... and here one is. Whether in response to this Ask Slashdot question or just a lucky guesser, Cine writes: "The standard filesystem benchmarking tools such as Bonnie++, Postmark , Mongo and others all test the optimum case for the block layouting algorithm. But in practice one also is interested to know how a filesystem performs when it is or was heavily used over a longer period (e.g. months and years).So Constantin Loizides has written a Master Thesis about the performance of filesystems under the influence of fragmentation."

Intel-Rambus break not as simple as portrayed. Controlio writes: "Tom's Hardware Guide has posted a clarification regarding the EBN story with the sensational headline, 'Intel to drop support of Rambus in new CPU products'. The article was also posted on Slashdot. Tom reports:

EBN had the sensational headline Intel to drop support of Rambus in new CPU products, but the story goes on to say, "Intel will continue using Direct Rambus memory with its network processors. Also, although not new products, the next iterations of its 850 and 860 chipsets, supporting a 533MHz front-side, will support RDRAM when they arrive, probably in the second half of this year." A little misleading, wouldn't you say? Hard to tell, but you read it for yourself, and make your own call.

Great. More sensational journalism. Maybe someone should submit Jack Robertson's resume to Fox News."

Finally, some congratulations are in order. danny writes (does he ever): "February 28th marks the 10th anniversary of my first book review; there are now over six hundred. I have written an account of ten years writing book reviews, which illustrates something of how online publication has changed over the years."

Slashback brings you updates and amplifications on the SSSCA, the future of RAMBUS and Intel, fragmentation of filesystems, a book reviewer who's been publishing online longer than some slashdot readers have walked erect, and more. Read on for the details.

A screenplay written by Jack Valenti? cc_pirate writes: "Apparently Sen. Fritz Hollings (D - Disney, er - SC) completed his hearings today on how the media needs to have content protection included in computers. Intel and other high tech companies resist and are chastized by Hollings."

Penguins are the new Turtles. Gerein writes "After many months of extreme lobbying, personal attacks, public petitions and surveys, the war over the future OS of the Bundestag (German parliament) is finally over (previous /. stories). As heise reports (in german, use the fish) Linux won't make it to the desktops (they're going with XP) but will take over the 150 servers. The last critical question over the directory service has finally been decided in favor to OpenLDAP instead of Active Directory. It's not the complete victory for Linux, many had hoped for, but it's a start for more Open Source in the German government."

Full disclosure seems like a nice idea. Merlynnus writes: "Yahoo! is running a story, Copy-protected CD makers lose battle, in which Music City Records, Fahrenheit Entertainment and digital rights management company Sunncomm have 'agreed' to stop collecting personal info, and to label copy-protected CDs as defective, er, play-challenged in certain devices. The agreement came as the result of court action by a Cali resident, Karen DeLise, over the Charlie Pride CD, 'Charley Pride: A Tribute to Jim Reeves.' Did that CD really need copy-protecting?"

This should have been transparent. Metrollica writes: "It turns out the transparent aluminium article at Spiegel was misunderstood. Sci-fighter published a correction. The transparent substance was not aluminium but alumina, shorthand for aluminium oxide. Slashdot reported on transparent aluminium here."

Odds are, somebody's written a thesis on it ... and here one is. Whether in response to this Ask Slashdot question or just a lucky guesser, Cine writes: "The standard filesystem benchmarking tools such as Bonnie++, Postmark , Mongo and others all test the optimum case for the block layouting algorithm. But in practice one also is interested to know how a filesystem performs when it is or was heavily used over a longer period (e.g. months and years).So Constantin Loizides has written a Master Thesis about the performance of filesystems under the influence of fragmentation."

Intel-Rambus break not as simple as portrayed. Controlio writes: "Tom's Hardware Guide has posted a clarification regarding the EBN story with the sensational headline, 'Intel to drop support of Rambus in new CPU products'. The article was also posted on Slashdot. Tom reports:

EBN had the sensational headline Intel to drop support of Rambus in new CPU products, but the story goes on to say, "Intel will continue using Direct Rambus memory with its network processors. Also, although not new products, the next iterations of its 850 and 860 chipsets, supporting a 533MHz front-side, will support RDRAM when they arrive, probably in the second half of this year." A little misleading, wouldn't you say? Hard to tell, but you read it for yourself, and make your own call.

Great. More sensational journalism. Maybe someone should submit Jack Robertson's resume to Fox News."

Finally, some congratulations are in order. danny writes (does he ever): "February 28th marks the 10th anniversary of my first book review; there are now over six hundred. I have written an account of ten years writing book reviews, which illustrates something of how online publication has changed over the years."

Nathan Kennedy writes: "Mihajlo A. Jovanovic did his Master's project at the University of Cincinnati on modelling P2P networks with Gnutella as a case study. You view his project along with source code, stunningly pretty pictures, an applet and a paper on scalability."

Therlin writes "For the first time the first technical Grammy given to a PC Company, and that company is Apple. From the original Macintosh with its built in recording capabilities to iTunes and iPod, Apple has stayed ahead of the game." See Apple's Press Release for the official spin.

Dejected @Work writes "If wireless technology ever kicks off you may be getting spam phone calls - "hot deals 10 feet away". If so you will have to use techniques like RMI, BrightMail, and latest e-mail filters to keep phone spam free. This article examines some of these tools and programming concepts."

Kourino writes: "Marcelo announced the release of 2.4.18 a couple hours ago after 4 release candidates, but the tree marked 2.4.18 on kernel.org is missing the -rc4 patch that finally made the kernel releasable. Basically, what's marked as 2.4.18 is really -rc3, and what's marked as -rc4 is what should have become 2.4.18. According to Marcelo on #kernelnewbies, most users won't be affected, but people on SPARC systems should definitely grab 2.4.18-rc4. Your best bet is probably just to get 2.4.17 and patch to 2.4.18-rc4. Seems 2.4 is destined to be an "interesting" release branch ^_^; For the new release, head over to your favorite kernel.org mirror. (Marcelo will set things straight in 2.4.19-pre1.)"

keytoe writes: "Well, just when we thought everyone's favorite Privacy Snoop was starting to mellow out a bit, we discover this little tidbit. DoubleClick is now branching out from the ad serving business into the SPAM business due to the fact that direct email marketing 'is one of the few forms of Internet advertising that is thriving.' Using DARTmail, you can now target your bulk mailings 'based on profile data.' I wonder which profiling data they're talking about. Perhaps, say, all the data they've been collecting for years?"

albino eatpod writes: "According to this CNN article, the first week of March will see a major overhaul on the Hubble Space Telescope. Given that the telescope is 12 years old, it's looking like it will well outlive the projected 15 year lifespan originally slated." And Andrew Robertson writes: "After a lot of hoopla about NASA projects getting shelved, the crew return vehicle for the space station met another milestone. The propulsion stage for deorbiting the first one (prototype) has been delivered :). The only remaining test flight before they put one is orbit (for orbital tests) is a supersonic flight. ATA BOY to all Aerojet engineers."

Brian Weatherhead writes "I wrote an article, detailing the MPAA's control over your HDTV. Their new standards will make any HDTV bought before 2002 obsolete! Consumers will be upset to say the least." Talks about the different formats for video signals, and copy protection methods for those signals. And yes, if this goes down, anyone with an HDTV without DVI input could very well be watching 480p signals when HDTV standardizes. Fortunately at the rate this stuff has been happening, those TVs will long since have died. But one thing is for sure- with the DMCA, and these new video formats, PVRs could become a thing of the past.

ablair writes: "MacSurfer is linking to a truly excellent article by Stanford Law's Lawrence Lessig, on the copyright balance between Control & Creativity. A must-read for those interested in everything from the RIAA-mp3 battles to the way GPL & BSD Licenses should be."

the hollow room writes: "How about skiing on a never ending slope? A story at New Scientist suggests that some fool is going to try to build one of these. Built like a huge tilted record player, it can spin at up to 30 km/h. Any takers?"

thepooleboy writes "Looks like N'Sync member Lance Bass is NOT going to be shot into space! Yahoo News reports that Rosaviakosmos has not begun talks with Bass or MirCorp. "[Bass' flight] is just an advertising stunt, I can promise you," Spokesman Sergei Gorbunov said. "This is better advertising than he could ever pay for." Good! I'm glad that no cheezy teen pop videos will be staged on the ISS. At least not in the near future..."

Tosta Dojen writes: "I haven't seen this posted yet, but the Council of Europe is proposing a ban on Internet 'Hate Speech'. Fortunately it looks like some intelligent comments are already being made." This is a continuation of the Cybercrime treaty, which we've mentioned before. Wired had a story about this a few days ago.

efedora writes: "The End of Free keeps a list of the various transitions to paid services from free net sites. The list is getting longer. When I think of an individual site that's really worthwhile I say to myself, "Sure, that site is worth $4.95 a month". The problem is there are going to be lots of sites at $$$ a month and it sure adds up." Of course even Slashdot is planning on rolling out subscriptions-for-no-banner-ads sometime soon, so I suppose we're not entirely immune to the subscription bug either.

Kris_J asks: "My InoculateIT Personal Edition anti-virus scanner will no longer be updated from around mid-March. I've really enjoyed this package, particularly the price (it's free for personal use). The company is complaining that so many new ways are being found for virii/worms/trojans to spread that they can't afford to keep the personal edition updated. Whatever. Does anyone have a recommendation for either a particular anti-virus package/bundle, or a good place for trusted, independant, reviews of anti-virus software, or even products to avoid. (If Zonealarm Pro was bundled with an anti-virus option I'd just get that.)" For those of you who have to deal with operating systems where viruses are a problem, what software do you use to detect them and weed them out? How about software that will scan your entire network?

G-shock asks: "I've worked for the government (NASA), large public companies, and small startups as a software engineer. They all have something in common. It seems like management at this company is just winging it. I find myself putting all my energy, both mental and emotional, into a project only to be disappointed by decisions made by management. I really feel like management at my current employer is disconnected from what is actually going on. They manage a project, but not the people. They also seem to lack any real vision. Direction is constantly changing and proper time is not given to engineer these changes correctly. This leads to mandated quick and dirty solutions that end up being maintained with great pain for long periods of time. All this leads to me feeling cynical about the work I'm doing. What I want to know is, how can I feel good about the work I'm doing if I don't have confidence in my management? How many of you are happy with your management? Why? Why not? What can I do about this? Thanks in advance for your insight." Considering that this seems to be a common problem in technology companies, and seeing as we have been producing software for basically half a century, do you think that managing software projects is a different beast than the management of anything else? How many of you have had this problem in your career and what did you do to adjust?

Patrick Fitzgerald writes: "The Supreme Court agreed Tuesday to intervene in a fight over copyrights, deciding whether Congress has sided too heavily with writers and other inventors. The outcome will determine when hundreds of thousands of books, songs and movies will be freely available on the Internet or in digital libraries." Openlaw's Eldred v. Ashcroft page has more information about the case, which seeks to challenge the most recent retroactive extension of copyright terms.

Isaac-Lew writes: "Several teams are trying to build a working replica of the first Wright Brothers' airplane." As the article says, "The catch is: Each team wants its plane to fly more or less as the Wrights' did." The only problem with that is that as Orville Wright put it, their plane was "exceedingly erratic," so the recreators have made some slight concessions to safety.

The Night Watchman writes: "Ian Pearson, a British futurist, has produced a sort of timeline of the future, which provides a simultaneously hopeful and bleak look into the coming decades. Mr. Pearson has evidently had a fairly high success rate; a timeline he produced in 1991 was about 85% accurate. An article on Yahoo news has a summary." Reader ricst lists some of Pearson's predictions: "People have some virtual friends, but don't know which ones (2007), leisure activities for intelligent software entities released (2015), electronic lifeform given basic rights (2020)." Brought to you by a division of British Telecom, but no date is set for when they win their hyperlink patent suit.

The Night Watchman writes: "Ian Pearson, a British futurist, has produced a sort of timeline of the future, which provides a simultaneously hopeful and bleak look into the coming decades. Mr. Pearson has evidently had a fairly high success rate; a timeline he produced in 1991 was about 85% accurate. An article on Yahoo news has a summary." Reader ricst lists some of Pearson's predictions: "People have some virtual friends, but don't know which ones (2007), leisure activities for intelligent software entities released (2015), electronic lifeform given basic rights (2020)." Brought to you by a division of British Telecom, but no date is set for when they win their hyperlink patent suit.

Mud Husky asks: " I've held out getting high speed access because Comcast had been the only option in my area. Now, Knology is about to start offering cable internet access in my area. Comcast has been the subjects of many Slashdot stories like this and this and so on... I'd like to know if Slashdot users would be willing to share their experiences with Knology (good and bad) and other smaller ISPs. "

yota writes: "The guys at mozilla.org just published an updated development roadmap with some interesting thoughts about what will happen after Mozilla 1.0 will be released. Enjoy!" This is worth reading even if you skim toward the bottom and jump to the Intertwingle link. The Mozilla project isn't slapped together -- this kind of forethought and explanation is proof.

Red Roo writes: "This online article addresses the recent criticism of Gnutella network scalability by pointing out that it is a Cayley tree. As a viable candidate for massively scalable P2P bandwidth, all trees are dead! But by going to higher dimensional virtual networks (aka "hypernets") e.g., hypercubes or hypertori, near linear scalability can be achieved for P2P populations on the order of several million peers each with only 20 open connections. This concept seems to have been entirely overlooked by critics and developers alike."

murphro (along with many others) writes, "Reuters is posting a story describing how the Judge has ordered the release of Windows code to the states seeking antitrust sanctions. I doubt it will actually happen (because MS will fight it this to the end). But if it did, do you think we commoners would ever see it? And if you did get your hands on the code, what would you do with it?" Here's the Yahoo link. (The same Reuters story is on dozens of other sites, too.)

kevcol writes: "Great article on the SF Chronicle's website on a school bus driver in Contra Costa County California who heads a Tandy model 100 computer user group. The model 100 was the portable version of the beloved TRS-80 (jokingly known as the 'Trash 80') which was the first computer I ever laid fingers on in high school back in the day..."

Dare Obasanjo contributed this followup to an article entitled The Myth of Open Source Security Revisited that appeared on the website kuro5hin. He writes: "The original article tackled the common misconception amongst users of Open Source Software(OSS) that OSS is a panacea when it comes to creating secure software. The article presented anecdotal evidence taken from an article written by John Viega, the original author of GNU Mailman, to illustrate its point. This article follows up the anecdotal evidence presented in the original paper by providing an analysis of similar software applications, their development methodology and the frequency of the discovery of security vulnerabilities." Read on below for his detailed analysis, especially relevant with the currency of security initiatives in the worlds of both open- and closed-source software.

The Myth of Open Source Security Revisited v2.0 The purpose of this article is to expose the fallacy of the belief in the "inherent security" of Open Source software and instead point to a truer means of ensuring the quality of the security of a piece software is high.

Apples, Oranges, Penguins and Daemons

When performing experiments to confirm a hypothesis on the effect of a particular variable on an event or observable occurence, it is common practice to utilize control groups. In an attempt to establish cause and effect in such experiments, one tries to hold all variables that may affect the outcome constant except for the variable that the experiment is interested in. Comparisons of the security of software created by Open Source processes and software produced in a proprietary manner have typically involved several variables besides development methodology.

A number of articles have been written that compare the security of Open Source development to proprietary development by comparing security vulnerabilities in Microsoft products to those in Open Source products. Noted Open Source pundit, Eric Raymond wrote an article on NewsForge where he compares Microsoft Windows and IIS to Linux, BSD and Apache. In the article, Eric Raymond states that Open Source development implies that "security holes will be infrequent, the compromises they cause will be relatively minor, and fixes will be rapidly developed and deployed." However, upon investigation it is disputable that Linux distributions have less frequent or more minor security vulnerabilities when compared to recent versions of Windows. In fact the belief in the inherent security of Open Source software over proprietary software seems to be the product of a single comparison, Apache versus Microsoft IIS.

There are a number of variables involved when one compares the security of software such as Microsoft Windows operating systems to Open Source UNIX-like operating systems including the disparity in their market share, the requirements and dispensations of their user base, and the differences in system design. To better compare the impact of source code licensing on the security of the software, it is wise to reduce the number of variables that will skew the conclusion. To this effect it is best to compare software with similar system design and user base than comparing software applications that are significantly distinct. The following section analyzes the frequency of the discovery of security vulnerabilities in UNIX-like operating systems including HP-UX, FreeBSD, RedHat Linux, OpenBSD, Solaris, Mandrake Linux, AIX and Debian GNU/Linux.

Security Vulnerability Face-Off

Below is a listing of UNIX and UNIX-like operating systems with the number of security vulnerabilities that were discovered in them in 2001 according to the Security Focus Vulnerability Archive. AIX 10 vulnerabilities[6 remote, 3 local, 1 both] Debian GNU/Linux 13 vulnerabilities[1 remote, 12 local] + 1 Linux kernel vulnerability[1 local] FreeBSD 24 vulnerabilities[12 remote, 9 local, 3 both] HP-UX 25 vulnerabilities[12 remote, 12 local, 1 both] Mandrake Linux 17 vulnerabilities[5 remote, 12 local] + 12 Linux kernel vulnerabilities[5 remote, 7 local] OpenBSD 13 vulnerabilities[7 remote, 5 local, 1 both] Red Hat Linux 28 vulnerabilities[5 remote, 22 local, 1 unknown] + 12 Linux kernel vulnerabilities[6 remote, 6 local] Solaris 38 vulnerabilities[14 remote, 22 local, 2 both] From the above listing one can infer that source licensing is not a primary factor in determining how prone to security flaws a software application will be. Specifically proprietary and Open Source UNIX family operating systems are represented on both the high and low ends of the frequency distribution.

Factors that have been known to influence the security and quality of a software application are practices such as code auditing (peer review), security-minded architecture design, strict software development practices that restrict certain dangerous programming constructs (e.g. using the str* or scanf* family of functions in C) and validation & verification of the design and implementation of the software. Also reducing the focus on deadlines and only shipping when the system the system is in a satisfactory state is important.

Both the Debian and OpenBSD projects exhibit many of the aforementioned characteristics which help explain why they are the Open Source UNIX operating systems with the best security record. Debian's track record is particularly impressive when one realizes that the Debian Potato consists of over 55 million lines of code (compared to RedHat's 30,000,000 lines of code).

The Road To Secure Software

Exploitable security vulnerabilities in a software application are typically evidence of bugs in the design or implementation of the application. Thus the process of writing secure software is an extension of the process behind writing robust, high quality software. Over the years a number of methodolgies have been developed to tackle the problem of producing high quality software in a repeatable manner within time and budgetary constraints. The most successful methodologies have typically involved using the following software quality assurance, validation and verification techniques; formal methods, code audits, design reviews, extensive testing and codified best practices.

1. Formal Methods: One can use formal proofs based on mathematical methods and rigor to verify the correctness of software algorithms. Tools for specifying software using formal techniques exist such as VDM and Z. Z (pronounced 'zed') is a formal specification notation based on set theory and first order predicate logic. VDM stands for "The Vienna Development Method" which consists of a specification language called VDM-SL, rules for data and operation refinement which allow one to establish links between abstract requirements specifications and detailed design specifications down to the level of code, and a proof theory in which rigorous arguments can be conducted about the properties of specified systems and the correctness of design decisions.The previous descriptions were taken from the Z FAQ and the VDM FAQ respectively. A comparison of both specification languages is available in the paper, Understanding the differences between VDM and Z by I.J. Hayes et al.
   
   
2. Code Audits: Reviews of source code by developers other than the author of the code are good ways to catch errors that may have been overlooked by the original developer. Source code audits can vary from informal reviews with little structure to formal code inspections or walkthroughs. Informal reviews typically involve the developer sending the reviewers source code or descriptions of the software for feedback on any bugs or design issues. A walkthrough involves the detailed examination of the source code of the software in question by one or more reviewers. An inspection is a formal process where a detailed examination of the source code is directed by reviewers who act in certain roles. A code inspection is directed by a "moderator", the source code is read by a "reader" and issues are documented by a "scribe".
   
   
3. Testing: The purpose of testing is to find failures. Unfortunately, no known software testing method can discover all possible failures that may occur in a faulty application and metrics to establish such details have not been forthcoming. Thus a correlation between the quality of a software application and the amount of testing it has endured is practically non-existent.
   
   There are various categories of tests including unit, component, system, integration, regression, black-box, and white-box tests. There is some overlap in the aforementioned mentioned testing categories.
   
   Unit testing involves testing small pieces of functionality of the application such as methods, functions or subroutines. In unit testing it is usual for other components that the software unit interacts with to be replaced with stubs or dummy methods. Component tests are similar to unit tests with the exception that dummmy and stub methods are replaced with the actual working versions. Integration testing involves testing related components that communicate with each other while system tests involve testing the entire system after it has been built. System testing is necessary even if extensive unit or component testing has occured because it is possible for seperate subroutines to work individually but fail when invoked sequentialy due to side effects or some error in programmer logic. Regression testing involves the process of ensuring that modifications to a software module, component or system have not introduced errors into the software. A lack of sufficient regression testing is one of the reasons why certain software patches break components that worked prior to installation of the patch.
   
   Black-box testing also called functional testing or specification testing test the behavior of the component or system without requiring knowledge of the internal structure of the software. Black-box testing is typically used to test that software meets its functional requirements. White-box testing also called structural or clear-box testing involves tests that utilize knowledge of the internal structure of the software. White-box testing is useful in ensuring that certain statements in the program are excercised and errors discovered. The existence of code coverage tools aid in discovering what percentages of a system are being excercised by the tests.
   
   More information on testing can be found at the comp.software.testing FAQ .
   
   
4. Design Reviews: The architecture of a software application can be reviewed in a formal process called a design review. In design reviews the developers, domain experts and users examine that the design of the system meets the requirements and that it contains no significant flaws of omission or commission before implementation occurs.
   
   
5. Codified Best Practices: Some programming languages have libraries or language features that are prone to abuse and are thus prohibited in certain disciplined software projects. Functions like strcpy, gets, and scanf in C are examples of library functions that are poorly designed and allow malicious individuals to use buffer overflows or format string attacks to exploit the security vulnerabilities exposed by using these functions. A number of platforms explicitly disallow gets especially since alternatives exist. Programming guidelines for such as those written by Peter Galvin in a Unix Insider article on designing secure software are used by development teams to reduce the likelihood of security vulnerabilities in software applications.

Projects such as the OpenBSD project that utilize most of the aforementioned techniques in developing software typically have a low incidence of security vulnerabilities.

Issues Preventing Development of Secure Open Source Software

One of the assumptions that is typically made about Open Source software is that the availability of source code translates to "peer review" of the software application. However, the anecdotal experience of a number of Open Source developers including John Viega belies this assumption.

The term "peer review" implies an extensive review of the source code of an application by competent parties. Many Open Source projects do not get peer reviewed for a number of reasons including

• complexity of code in addition to a lack of documentation makes it difficult for casual users to understand the code enough to give a proper review
  
  
• developers making improvements to the application typically focus only on the parts of the application that will affect the feature to be added instead of the whole system.
  
  
• ignorance of developers to security concerns.
  
  
• complacency in the belief that since the source is available that it is being reviewed by others.
  
  

Also the lack of interest in unglamorous tasks like documentation and testing amongst Open Source contributors adversely affects quality of the software. However, all of these issues can and are solved in projects with a disciplined software development process, clearly defined roles for the contributers and a semi-structured leadership hierarchy.

Benefits of Open Source to Security-Conscious Users

Despite the fact that source licensing and source code availability are not indicators of the security of a software application, there is still a significant benefit of Open Source to some users concerned about security. Open Source allows experts to audit their software options before making a choice and also in some cases to make improvements without waiting for fixes from the vendor or source code maintainer.

One should note that there are constraints on the feasibility of users auditing the software based on the complexity and size of the code base. For instance, it is unlikely that a user who wants to make a choice of using Linux as a web server for a personal homepage will scrutinize the TCP/IP stack code.

References

1. Frankl, Phylis et al. Choosing a Testing Method to Deliver Reliability. Proceedings of the 19th International Conference on Software Engineering, pp. 68--78, ACM Press, May 1997. < http://citeseer.nj.nec.com/frankl97choosing.html >
   
   
2. Hamlet, Dick. Software Quality, Software Process, and Software Testing. 1994. < http://citeseer.nj.nec.com/hamlet94software.html >
   
   
3. Hayes, I.J., C.B. Jones and J.E. Nicholls. Understanding the differences between VDM and Z. Technical Report UMCS-93-8-1, University of Manchester, Computer Science Dept., 1993. < http://citeseer.nj.nec.com/hayes93understanding.ht ml >
   
   
4. Miller, Todd C. and Theo De Raadt. strlcpy and strlcat - consistent, safe, string copy and concatenation. Proceedings of the 1999 USENIX Annual Technical Conference, FREENIX Track, June 1999. < http://www.usenix.org/events/usenix99/full_papers/ millert/millert_html/ >
   
   
5. Viega, John. The Myth of Open Source Security. Earthweb.com. < http://www.earthweb.com/article/0,,10455_626641,00 .html >
   
   
6. Gonzalez-Barona, Jesus M. et al. Counting Potatoes: The Size of Debian 2.2. < http://people.debian.org/~jgb/debian-counting/coun ting-potatoes/ >
   
   
7. Wheeler, David A. More Than A Gigabuck: Estimating GNU/Linux's Size. < http://www.counterpane.com/crypto-gram-0003.html >
   
   

Acknowledgements

The following people helped in proofreading this article and/or offering suggestions about content: Jon Beckham, Graham Keith Coleman, Chris Bradfield, and David Dagon. © 2002 Dare Obasanjo

ibirman writes: "According to Yahoo, the FCC has approved limited use of Ultrawideband (UWB) technology above 3.1 gigahertz. The article states that Sprint PCS among others has been campaigning to keep the minimum above 6 gigahertz claiming "interference". From what I have read, interference is not an issue, so I wonder what their real agenda is? Funny that the article does not mention that UWB could revolutinize high speed wireless networking." There's a Newsbytes story that decribes an upcoming ruling on DSL providers, which would exempt DSL carriers from the open-access requirements in place for most telephone services. There are a few links to statements on the front page of fcc.gov, but I don't see the actual orders for either of these yet.

texchanchan writes: "'Copying' is not limited to other people's proprietary files. Soon you'll be able to 'share' their prize Siamese. From Yahoo news: "A domestic cat was cloned late last year in a Texas A&M University research program called CopyCat....Cloning research at the university has been funded with more than $3.5 million in investments from John Sperling, an 81-year-old financier who formed Genetic Savings & Clone Inc." (These Texans know how to name things, too.)"

klaun writes: "Yahoo has an article about the FTC launching a crackdown on deceptive unsolicited email. Basically they are after scammers offering easy money quick, not the average 'get porn here' type of spam. There is more info at the in a press release at the FTC's website." TheGreatGraySkwid amplifies, saying that this story "tells of an FTC crackdown on Spammers, that had resulted in charges (settled) against 7 chain-letter ring spammers, and several pending cases. I know I could use some Spam relief..." The settlement, unfortunately, isn't exactly stern stuff: the seven spammers "agreed to refrain from participating in deceptive schemes in the future, or lying about the legality or potential earnings from any such schemes."

PatSmarty was among the onslaught of people who noted that the Oscar Nominations have been announced and that FotR has 13 of them. Beautiful Mind and Moulin Rouge also in there too.