Slashdot Mirror

downset writes: "Back in the courts again, and Microsoft are on the receiving end of another guilty verdict. Using the old tactics that we are all used to by now, Microsoft have been found guilty of using 'bait and switch' tactics in promises to divulge Windows technologies to continue developing Windows to Unix conversions. The courts announced that Unix has Microsoft running scared ... anyone surprised?"

brennan73 writes "Last week, Tom's Hardware wrote a very critical review of the Pentium3 1.13GHz, specifically mentioning serious stability issues. Today, HardOCP wrote an article of their own backing Tom up and describing their own experiences; they even got Anand in on it. Probably the most interesting thing to me is that none of the tested sample CPUs was able to run Tom's Linux kernel compilation test. After Rambus, this is the last thing Intel needs. Are they shooting themselves in the foot AGAIN?". Update by: HeUnique : Tom has updated the story, so I recommend to read the update.Update: 08/28 06:44 PM by H :Check out the latest burst from ZDNet - it appears that Intel will be recalling the Pentium3 1.13 Ghz. Thanks Evan.

Stephen Beale of MacWeek writes: "Some key Linux developers, encouraged by the emergence of GNOME as the standard desktop environment for Linux and Unix, believe that Linux is poised to overtake the Macintosh as the primary challenger to Microsoft Windows. One, open source advocate Eric S. Raymond told MacWEEK that the Mac platform is 'a noble but doomed cause.' MacWEEK reporter David Read also spoke with Andy Hertzfeld of Eazel, a member of the original Mac development team, who agrees with Raymond that Linux is having a more profound influence on the industry than Apple. But he's more sanguine about Apple's prospects and told MacWEEK that his G4 Cube has just arrived. Mac users may not appreciate what amounts to anti-Mac 'trash talk' from a leading Linux advocate, but Raymond and Hertzfeld raise interesting issues about the competitive relationship between two alternatives to Microsoft Windows."

This distinction seems thinner to me than this article makes it out to be, but it's interesting to note the possibility of machines running Linux outnumbering Apples running Mac OS, and what that could mean for everyone behind the keyboards. With more and more ease-of-install- and UI-obsessed folks like Hertzfeld jumping into the Free software world, it probably means happier users at least. Place yer bets now on relative percentages for 2001, 2003 and 2007 ...

David Huff writes: "Stephan Somogyi of ZDNews has written an article with an excellent take on the GNOME Foundation announcement entitled GNOME on the range " It's nice to a read a story that's focusing on the important part of the future of Linux UI (end user experience, consistency) and not the semi-annual GNOME/KDE resurging rash.

dwlt writes "I'm sure lots of people have sent this already, but take a look at the story on videogames.com for the full scoop on Nintendo's Game Cube (gotta catch 'em all!), and Game Boy Advance. The controller is kind of crazy, though..." Let me tell ya about the countless hours spent in the geek houses drinking and playing Mario Kart 64: Kurt The Pope is a wildman under the influence of alcohol, and the new one looks cool.(thanks to those of you who wasted no time in submitting a new Slashdot icon too ;)

dwlt writes "I'm sure lots of people have sent this already, but take a look at the story on videogames.com for the full scoop on Nintendo's Game Cube (gotta catch 'em all!), and Game Boy Advance. The controller is kind of crazy, though..." Let me tell ya about the countless hours spent in the geek houses drinking and playing Mario Kart 64: Kurt The Pope is a wildman under the influence of alcohol, and the new one looks cool.(thanks to those of you who wasted no time in submitting a new Slashdot icon too ;)

gwernol writes: "David Every has an interesting article over at MacWeek that asks the question: is UNIX an OS? Before you jump off the deep end, read the article. It's actually a pretty good discussion of what components a modern OS needs beyond a kernel and a shell. It also discusses Mac OS X, the forthcoming 'UNIX++' from Apple." At the very least, it should inspire some decent conversation.

gwernol writes: "David Every has an interesting article over at MacWeek that asks the question: is UNIX an OS? Before you jump off the deep end, read the article. It's actually a pretty good discussion of what components a modern OS needs beyond a kernel and a shell. It also discusses Mac OS X, the forthcoming 'UNIX++' from Apple." At the very least, it should inspire some decent conversation.

Do you remember the Piranha debacle back in April? Welcome to Part II. Last Tuesday, it was revealed that Microsoft SQL Server 7.0 is shipped with a default password - just like Red Hat's piranha module. Unlike Piranha, SQL Server is very common software for large e-business websites. Unlike Piranha, the vulnerable software has been shipping for months. Unlike Red Hat, Microsoft refuses to take responsibility for their mistake, which, unlike Red Hat's, has resulted in actual documented break-ins, some at high-profile websites. So why haven't you read about it?

Because unlike Red Hat, Microsoft is getting a pass by the media.

Piranha is web clustering/failover software that was released in April by Red Hat without much QA. It somehow went out the door with a default password ("Q") and without docs explaining in big bold caps that it must be changed. If you installed the Piranha RPM without reading the docs carefully, you had a security hole on your site.

The hole allowed an attacker to come in over port 80 and execute arbitrary commands as the Piranha user, which would have been the web user. Typically that's a nonprivileged "nobody" account. While this is never good, let's just note for the record that this is a read-only exploit unless the webserver is very poorly configured.

The media flipped, in a word, out.

Piranha: A Case Study

On April 25, Computerworld announced that the "backdoor password ... could allow an attacker to compromise a Web server and deface and destroy a Web site." Informationweek and Internetweek both warned about "a back-door security flaw that carries ISS's highest danger rating." MSNBC/ZDNET ran the story as "Red Hat Linux open to backdoor password" and explained "there's a backdoor account in Red Hat's Linux that would let a computer intruder access and alter files." The Standard's early report on April 25 wasn't too bad but attacked -- as all reports did to some degree -- the strawman myth that open source is inherently secure. At least it didn't use the word "backdoor." Newsbytes was pretty much the same.

"Backdoor" implies that the flaw was deliberately inserted, by a thoughtless or even malicious programmer. Why did most stories incorrectly use that word? Mostly because that was how it was described in the press release. A security firm called Internet Security Systems found the flaw on April 24 and sent out a security advisory that used the term four times by the end of the first paragraph.

ISS also made some interesting statements when speaking to the press about the vulnerability. Oft-quoted was a line about open-source being both a blessing and a curse (the media loves "on the one hand, on the other hand"). I also liked this comment from their research director:

"There's limited quality assurance in the open-source environment," says Rouland, "because open-source software is basically a bunch of peoples' hobby."

Of the early stories about Piranha, the best one I found was Henry Kingman's ZDNet piece on April 24 (both early and accurate: amazing). CNET's on April 25 wasn't bad either, though they let ISS lay down the anti-open-source and pro-Microsoft propaganda a little thick.

In the days to come, the story didn't change much except to note that Red Hat -- correctly, as it turned out -- denied the seriousness of the vulnerability and tried to explain that it wasn't really a backdoor. Inter@ctive Week's Charles Babcock did such a piece on May 1.

Computer Reseller News still called it a backdoor on April 27. And NetworkWorldFusion's report and Informationweek's followup both came out on May 1, both got the important facts right, but both still called it a backdoor.

ClieNT Server News ran an article in their May issue explaining "Red Hat Red-Faced." I'm not about to pay to read the whole thing. The free synopsis that's available smirks at how "embarrassed" the company must be, and ends: "It seems that Red Hat left a back door in," dot, dot, dot.

The Standard had a second, fair piece that eschewed the term and even, after quoting the line about open-source being a "hobby," gently suggested otherwise.

But the gold stars go to just two good reports. SecurityFocus' Elias Levy, on May 1, turned the spotlight on ISS by pointing out how they "...can make headlines by using the right jargon, even when it's wrong." And Linux World News' Liz Coolbaugh, who had weighed in a few days earlier, questioning the media's coverage in her story "Red Hat Security Hole Not a 'Backdoor'."

If you find any more stories about Piranha, post them below. The Red Hat-bashing pretty much came to a halt a week later, when a little Microsoft-specific email virus named "ILOVEYOU" did a few billion dollars' worth of damage.

(Breaking news: all charges dropped; to quote 10,000 Maniacs, "who ya wanna blame?")

Microsoft SQL Server 7.0

You've heard about the SQL Server vulnerability, right? The one found on Tuesday, six days ago?

Well, no, you probably haven't, unless you read NTBugtraq. Even the maintainer of SecurityPortal's Microsoft Security Digest missed it this week (don't worry: I dropped him a note, he added it).

As the cracker Herbless describes it:

"It has come to light that it is now common knowledge that MS-SQL has a blank 'sa' password by default. This seems to affect a _lot_ of servers on the internet."

A default password vulnerability? Sounds familiar, doesn't it?

Here's Herbless's description and exploit code, posted to BugTraq last Tuesday. And here's Microsoft's acknowledgement, posted on Thursday.

Herbless wasn't kidding when he said it affected a lot of servers. If you're running SQL Server 7.0, with a firewall that doesn't block its port, and you haven't changed the sysadmin password, you're vulnerable.

As he described it to me, unlike Piranha's vulnerability which gave read-only access as an unprivileged user, this one typically gives access as "BUILTIN\System." I don't speak NT, so he had to describe to me what this is: "god-like powers ... greater that those of even the 'Administrator' user."

In other words, you have been 0wn3d.

You may be thinking that this is a vulnerability. Go back and read Microsoft's acknowledgement again. They say quite clearly, "The code does not exploit a vulnerability."

Does it confuse you that what was previously a "backdoor" is now not even a "vulnerability"? That threw me for a loop too -- as well as some of Microsoft's other disclaimers, which only make sense when you realize you're reading non-sequiturs about the newer version SQL Server 2000 (the vulnerability only affects SQL Server 7.0).

All will become clear, though, once you read this story from vnunet.com -- the only media story I've seen, by the way. The fault lies with the website administrators:

"Hacked websites 'didn't read the manual'

"Microsoft has blamed administrator error, rather than a bug in its software, for leaving hundreds of websites running SQL server open to attack this week."

Did they say hundreds? Yes, hundreds, at the very least. And did they say "hacked websites"? Yes -- this is not a theoretical vulnerability with no known attacks, like Piranha was.

All this month, Herbless has been cracking into websites like the National Transportation Safety Board and leaving edgy political messages (while backing up the original files and telling the admins how to close the holes). He confirmed to me that all his attacks, including the Fish and Wildlife Service, the UK's Adult Learning Inspectorate, and the Commonwealth Telecommunications Organisation, were done by exploiting Microsoft SQL Server.

Just to make the story that much better, according to Herbless, the default configuration of SQL Server 7.0 also has logging turned off -- in which case a successful attack would leave few if any tracks.

Sites are lucky if their webpages are hijacked; that way they know to fix the problem, format and reinstall. But some of those "hundreds" of websites running the vulnerable installation have surely been cracked by black hats who quietly installed Back Orifice or a similar remote-exploit program. They can set an SQL Server password, but it won't help them: they'll still be 0wn3d.

The proper fix would be to force the password to be changed before the software can be used, as piranha now does. Wayne Sowery of MIS Corporate Defence Solutions confirmed for me that "versions up to SQL Server 2000 do not ask for the SA password during installation ... we also tried various install options such as 'typical' and 'custom,' neither prompted for a new SA password." Incidentally, he too questions whether this is properly described as a "vulnerability," but I'm not sure what else it could be called.

The lesson here is that the media doesn't treat security reports very fairly. Some organizations have their own selfish reasons to push one agenda or another. (Like Slashdot? You bet. But you know where we stand.)

The motive doesn't have to be that devious, though sometimes, of course, it is. If a reporter gets to write a story that questions a core belief of Linux zealots -- whether or not it's actually a core belief, and whether or not they're actually zealots -- that will be much more attractive than simply reporting security news. The nitty-gritty of security news, after all, is rather dry.

So next time you see a biased polemic about system security, or even a small media feeding frenzy about the latest exploit, take a moment to ask why it's being reported outside of the admins' mailing lists. Open source software is still a new idea to many in the traditional news media, and that means that it's a hook for them to hang any kind of story on -- good or bad.

Do you remember the Piranha debacle back in April? Welcome to Part II. Last Tuesday, it was revealed that Microsoft SQL Server 7.0 is shipped with a default password - just like Red Hat's piranha module. Unlike Piranha, SQL Server is very common software for large e-business websites. Unlike Piranha, the vulnerable software has been shipping for months. Unlike Red Hat, Microsoft refuses to take responsibility for their mistake, which, unlike Red Hat's, has resulted in actual documented break-ins, some at high-profile websites. So why haven't you read about it?

Because unlike Red Hat, Microsoft is getting a pass by the media.

Piranha is web clustering/failover software that was released in April by Red Hat without much QA. It somehow went out the door with a default password ("Q") and without docs explaining in big bold caps that it must be changed. If you installed the Piranha RPM without reading the docs carefully, you had a security hole on your site.

The hole allowed an attacker to come in over port 80 and execute arbitrary commands as the Piranha user, which would have been the web user. Typically that's a nonprivileged "nobody" account. While this is never good, let's just note for the record that this is a read-only exploit unless the webserver is very poorly configured.

The media flipped, in a word, out.

Piranha: A Case Study

On April 25, Computerworld announced that the "backdoor password ... could allow an attacker to compromise a Web server and deface and destroy a Web site." Informationweek and Internetweek both warned about "a back-door security flaw that carries ISS's highest danger rating." MSNBC/ZDNET ran the story as "Red Hat Linux open to backdoor password" and explained "there's a backdoor account in Red Hat's Linux that would let a computer intruder access and alter files." The Standard's early report on April 25 wasn't too bad but attacked -- as all reports did to some degree -- the strawman myth that open source is inherently secure. At least it didn't use the word "backdoor." Newsbytes was pretty much the same.

"Backdoor" implies that the flaw was deliberately inserted, by a thoughtless or even malicious programmer. Why did most stories incorrectly use that word? Mostly because that was how it was described in the press release. A security firm called Internet Security Systems found the flaw on April 24 and sent out a security advisory that used the term four times by the end of the first paragraph.

ISS also made some interesting statements when speaking to the press about the vulnerability. Oft-quoted was a line about open-source being both a blessing and a curse (the media loves "on the one hand, on the other hand"). I also liked this comment from their research director:

"There's limited quality assurance in the open-source environment," says Rouland, "because open-source software is basically a bunch of peoples' hobby."

Of the early stories about Piranha, the best one I found was Henry Kingman's ZDNet piece on April 24 (both early and accurate: amazing). CNET's on April 25 wasn't bad either, though they let ISS lay down the anti-open-source and pro-Microsoft propaganda a little thick.

In the days to come, the story didn't change much except to note that Red Hat -- correctly, as it turned out -- denied the seriousness of the vulnerability and tried to explain that it wasn't really a backdoor. Inter@ctive Week's Charles Babcock did such a piece on May 1.

Computer Reseller News still called it a backdoor on April 27. And NetworkWorldFusion's report and Informationweek's followup both came out on May 1, both got the important facts right, but both still called it a backdoor.

ClieNT Server News ran an article in their May issue explaining "Red Hat Red-Faced." I'm not about to pay to read the whole thing. The free synopsis that's available smirks at how "embarrassed" the company must be, and ends: "It seems that Red Hat left a back door in," dot, dot, dot.

The Standard had a second, fair piece that eschewed the term and even, after quoting the line about open-source being a "hobby," gently suggested otherwise.

But the gold stars go to just two good reports. SecurityFocus' Elias Levy, on May 1, turned the spotlight on ISS by pointing out how they "...can make headlines by using the right jargon, even when it's wrong." And Linux World News' Liz Coolbaugh, who had weighed in a few days earlier, questioning the media's coverage in her story "Red Hat Security Hole Not a 'Backdoor'."

If you find any more stories about Piranha, post them below. The Red Hat-bashing pretty much came to a halt a week later, when a little Microsoft-specific email virus named "ILOVEYOU" did a few billion dollars' worth of damage.

(Breaking news: all charges dropped; to quote 10,000 Maniacs, "who ya wanna blame?")

Microsoft SQL Server 7.0

You've heard about the SQL Server vulnerability, right? The one found on Tuesday, six days ago?

Well, no, you probably haven't, unless you read NTBugtraq. Even the maintainer of SecurityPortal's Microsoft Security Digest missed it this week (don't worry: I dropped him a note, he added it).

As the cracker Herbless describes it:

"It has come to light that it is now common knowledge that MS-SQL has a blank 'sa' password by default. This seems to affect a _lot_ of servers on the internet."

A default password vulnerability? Sounds familiar, doesn't it?

Here's Herbless's description and exploit code, posted to BugTraq last Tuesday. And here's Microsoft's acknowledgement, posted on Thursday.

Herbless wasn't kidding when he said it affected a lot of servers. If you're running SQL Server 7.0, with a firewall that doesn't block its port, and you haven't changed the sysadmin password, you're vulnerable.

As he described it to me, unlike Piranha's vulnerability which gave read-only access as an unprivileged user, this one typically gives access as "BUILTIN\System." I don't speak NT, so he had to describe to me what this is: "god-like powers ... greater that those of even the 'Administrator' user."

In other words, you have been 0wn3d.

You may be thinking that this is a vulnerability. Go back and read Microsoft's acknowledgement again. They say quite clearly, "The code does not exploit a vulnerability."

Does it confuse you that what was previously a "backdoor" is now not even a "vulnerability"? That threw me for a loop too -- as well as some of Microsoft's other disclaimers, which only make sense when you realize you're reading non-sequiturs about the newer version SQL Server 2000 (the vulnerability only affects SQL Server 7.0).

All will become clear, though, once you read this story from vnunet.com -- the only media story I've seen, by the way. The fault lies with the website administrators:

"Hacked websites 'didn't read the manual'

"Microsoft has blamed administrator error, rather than a bug in its software, for leaving hundreds of websites running SQL server open to attack this week."

Did they say hundreds? Yes, hundreds, at the very least. And did they say "hacked websites"? Yes -- this is not a theoretical vulnerability with no known attacks, like Piranha was.

All this month, Herbless has been cracking into websites like the National Transportation Safety Board and leaving edgy political messages (while backing up the original files and telling the admins how to close the holes). He confirmed to me that all his attacks, including the Fish and Wildlife Service, the UK's Adult Learning Inspectorate, and the Commonwealth Telecommunications Organisation, were done by exploiting Microsoft SQL Server.

Just to make the story that much better, according to Herbless, the default configuration of SQL Server 7.0 also has logging turned off -- in which case a successful attack would leave few if any tracks.

Sites are lucky if their webpages are hijacked; that way they know to fix the problem, format and reinstall. But some of those "hundreds" of websites running the vulnerable installation have surely been cracked by black hats who quietly installed Back Orifice or a similar remote-exploit program. They can set an SQL Server password, but it won't help them: they'll still be 0wn3d.

The proper fix would be to force the password to be changed before the software can be used, as piranha now does. Wayne Sowery of MIS Corporate Defence Solutions confirmed for me that "versions up to SQL Server 2000 do not ask for the SA password during installation ... we also tried various install options such as 'typical' and 'custom,' neither prompted for a new SA password." Incidentally, he too questions whether this is properly described as a "vulnerability," but I'm not sure what else it could be called.

The lesson here is that the media doesn't treat security reports very fairly. Some organizations have their own selfish reasons to push one agenda or another. (Like Slashdot? You bet. But you know where we stand.)

The motive doesn't have to be that devious, though sometimes, of course, it is. If a reporter gets to write a story that questions a core belief of Linux zealots -- whether or not it's actually a core belief, and whether or not they're actually zealots -- that will be much more attractive than simply reporting security news. The nitty-gritty of security news, after all, is rather dry.

So next time you see a biased polemic about system security, or even a small media feeding frenzy about the latest exploit, take a moment to ask why it's being reported outside of the admins' mailing lists. Open source software is still a new idea to many in the traditional news media, and that means that it's a hook for them to hang any kind of story on -- good or bad.

Do you remember the Piranha debacle back in April? Welcome to Part II. Last Tuesday, it was revealed that Microsoft SQL Server 7.0 is shipped with a default password - just like Red Hat's piranha module. Unlike Piranha, SQL Server is very common software for large e-business websites. Unlike Piranha, the vulnerable software has been shipping for months. Unlike Red Hat, Microsoft refuses to take responsibility for their mistake, which, unlike Red Hat's, has resulted in actual documented break-ins, some at high-profile websites. So why haven't you read about it?

Because unlike Red Hat, Microsoft is getting a pass by the media.

Piranha is web clustering/failover software that was released in April by Red Hat without much QA. It somehow went out the door with a default password ("Q") and without docs explaining in big bold caps that it must be changed. If you installed the Piranha RPM without reading the docs carefully, you had a security hole on your site.

The hole allowed an attacker to come in over port 80 and execute arbitrary commands as the Piranha user, which would have been the web user. Typically that's a nonprivileged "nobody" account. While this is never good, let's just note for the record that this is a read-only exploit unless the webserver is very poorly configured.

The media flipped, in a word, out.

Piranha: A Case Study

On April 25, Computerworld announced that the "backdoor password ... could allow an attacker to compromise a Web server and deface and destroy a Web site." Informationweek and Internetweek both warned about "a back-door security flaw that carries ISS's highest danger rating." MSNBC/ZDNET ran the story as "Red Hat Linux open to backdoor password" and explained "there's a backdoor account in Red Hat's Linux that would let a computer intruder access and alter files." The Standard's early report on April 25 wasn't too bad but attacked -- as all reports did to some degree -- the strawman myth that open source is inherently secure. At least it didn't use the word "backdoor." Newsbytes was pretty much the same.

"Backdoor" implies that the flaw was deliberately inserted, by a thoughtless or even malicious programmer. Why did most stories incorrectly use that word? Mostly because that was how it was described in the press release. A security firm called Internet Security Systems found the flaw on April 24 and sent out a security advisory that used the term four times by the end of the first paragraph.

ISS also made some interesting statements when speaking to the press about the vulnerability. Oft-quoted was a line about open-source being both a blessing and a curse (the media loves "on the one hand, on the other hand"). I also liked this comment from their research director:

"There's limited quality assurance in the open-source environment," says Rouland, "because open-source software is basically a bunch of peoples' hobby."

Of the early stories about Piranha, the best one I found was Henry Kingman's ZDNet piece on April 24 (both early and accurate: amazing). CNET's on April 25 wasn't bad either, though they let ISS lay down the anti-open-source and pro-Microsoft propaganda a little thick.

In the days to come, the story didn't change much except to note that Red Hat -- correctly, as it turned out -- denied the seriousness of the vulnerability and tried to explain that it wasn't really a backdoor. Inter@ctive Week's Charles Babcock did such a piece on May 1.

Computer Reseller News still called it a backdoor on April 27. And NetworkWorldFusion's report and Informationweek's followup both came out on May 1, both got the important facts right, but both still called it a backdoor.

ClieNT Server News ran an article in their May issue explaining "Red Hat Red-Faced." I'm not about to pay to read the whole thing. The free synopsis that's available smirks at how "embarrassed" the company must be, and ends: "It seems that Red Hat left a back door in," dot, dot, dot.

The Standard had a second, fair piece that eschewed the term and even, after quoting the line about open-source being a "hobby," gently suggested otherwise.

But the gold stars go to just two good reports. SecurityFocus' Elias Levy, on May 1, turned the spotlight on ISS by pointing out how they "...can make headlines by using the right jargon, even when it's wrong." And Linux World News' Liz Coolbaugh, who had weighed in a few days earlier, questioning the media's coverage in her story "Red Hat Security Hole Not a 'Backdoor'."

If you find any more stories about Piranha, post them below. The Red Hat-bashing pretty much came to a halt a week later, when a little Microsoft-specific email virus named "ILOVEYOU" did a few billion dollars' worth of damage.

(Breaking news: all charges dropped; to quote 10,000 Maniacs, "who ya wanna blame?")

Microsoft SQL Server 7.0

You've heard about the SQL Server vulnerability, right? The one found on Tuesday, six days ago?

Well, no, you probably haven't, unless you read NTBugtraq. Even the maintainer of SecurityPortal's Microsoft Security Digest missed it this week (don't worry: I dropped him a note, he added it).

As the cracker Herbless describes it:

"It has come to light that it is now common knowledge that MS-SQL has a blank 'sa' password by default. This seems to affect a _lot_ of servers on the internet."

A default password vulnerability? Sounds familiar, doesn't it?

Here's Herbless's description and exploit code, posted to BugTraq last Tuesday. And here's Microsoft's acknowledgement, posted on Thursday.

Herbless wasn't kidding when he said it affected a lot of servers. If you're running SQL Server 7.0, with a firewall that doesn't block its port, and you haven't changed the sysadmin password, you're vulnerable.

As he described it to me, unlike Piranha's vulnerability which gave read-only access as an unprivileged user, this one typically gives access as "BUILTIN\System." I don't speak NT, so he had to describe to me what this is: "god-like powers ... greater that those of even the 'Administrator' user."

In other words, you have been 0wn3d.

You may be thinking that this is a vulnerability. Go back and read Microsoft's acknowledgement again. They say quite clearly, "The code does not exploit a vulnerability."

Does it confuse you that what was previously a "backdoor" is now not even a "vulnerability"? That threw me for a loop too -- as well as some of Microsoft's other disclaimers, which only make sense when you realize you're reading non-sequiturs about the newer version SQL Server 2000 (the vulnerability only affects SQL Server 7.0).

All will become clear, though, once you read this story from vnunet.com -- the only media story I've seen, by the way. The fault lies with the website administrators:

"Hacked websites 'didn't read the manual'

"Microsoft has blamed administrator error, rather than a bug in its software, for leaving hundreds of websites running SQL server open to attack this week."

Did they say hundreds? Yes, hundreds, at the very least. And did they say "hacked websites"? Yes -- this is not a theoretical vulnerability with no known attacks, like Piranha was.

All this month, Herbless has been cracking into websites like the National Transportation Safety Board and leaving edgy political messages (while backing up the original files and telling the admins how to close the holes). He confirmed to me that all his attacks, including the Fish and Wildlife Service, the UK's Adult Learning Inspectorate, and the Commonwealth Telecommunications Organisation, were done by exploiting Microsoft SQL Server.

Just to make the story that much better, according to Herbless, the default configuration of SQL Server 7.0 also has logging turned off -- in which case a successful attack would leave few if any tracks.

Sites are lucky if their webpages are hijacked; that way they know to fix the problem, format and reinstall. But some of those "hundreds" of websites running the vulnerable installation have surely been cracked by black hats who quietly installed Back Orifice or a similar remote-exploit program. They can set an SQL Server password, but it won't help them: they'll still be 0wn3d.

The proper fix would be to force the password to be changed before the software can be used, as piranha now does. Wayne Sowery of MIS Corporate Defence Solutions confirmed for me that "versions up to SQL Server 2000 do not ask for the SA password during installation ... we also tried various install options such as 'typical' and 'custom,' neither prompted for a new SA password." Incidentally, he too questions whether this is properly described as a "vulnerability," but I'm not sure what else it could be called.

The lesson here is that the media doesn't treat security reports very fairly. Some organizations have their own selfish reasons to push one agenda or another. (Like Slashdot? You bet. But you know where we stand.)

The motive doesn't have to be that devious, though sometimes, of course, it is. If a reporter gets to write a story that questions a core belief of Linux zealots -- whether or not it's actually a core belief, and whether or not they're actually zealots -- that will be much more attractive than simply reporting security news. The nitty-gritty of security news, after all, is rather dry.

So next time you see a biased polemic about system security, or even a small media feeding frenzy about the latest exploit, take a moment to ask why it's being reported outside of the admins' mailing lists. Open source software is still a new idea to many in the traditional news media, and that means that it's a hook for them to hang any kind of story on -- good or bad.

I just got this news - IBM is killing project Monterey. Full story can be found on this page at ZDNET (Smart Partner). This is a bit surprising (if I may call it like this).

StoryMan asks: "Here's one that stumps me. Maybe someone can explain the logic. Yesterday, I bought a TiVO -- the personal video recorder. An amazing gadget. Absolutely first-rate. (I bought it based on the recent Slashdot story and the NY Times aricle.) But there's a problem. It's a got a modem. I've got a DSL connection, got a LinkSys DSL router, and have 4 computers on my home LAN. So as I'm setting up the TiVo, and waiting for it do dial in, I start to think: man, why doesn't thing just have an ethernet card?" I'm still waiting for an "internet" appliance that gets it right and at least offer an add-on for a network card. Is it really that hard to do?

"I read a press release about the new IPaq information appliance. I think: well, I may get one of these for my kitchen. It'd be neat to have a good-looking appliance sitting somewhere on the counter so I could check e-mail, check CNN.com, have my daily moreover.com newsfeed, etc. But again: no ethernet -- just a crappy 56K modem. (And a $599 price tag! WTF is up with that? But again, I digress...)

Then, I start to think about the I-Opener. A modem. No ethernet.

So I start to wonder: why aren't there cheap internet appliances that simply have an ethernet card? Let me worry about the connection -- you sell me the hardware. The sort of appliance I might put in mykitchen for e-mail and casual surfing. I mean, I've got the home network up and running, got the firewall all configured, so everything is all set.

What's up with all these appliances and their built-in modems? I suspect it's because they're selling the service -- i.e. the 9.95 a month TIVO subscription or the 19.95 MSN service -- and so have no desire to support someone who already has the service.

So I gotta wonder: is the "true" internet appliance is still a long ways off? That what all these so-called 'internet appliances' -- TIVO included -- are simply companies risking losses on hardware in order to sell monthly services? Are there business models in place for internet appliance that *don't* rely on a modem and the monthly service? (I mean, I don't even mind the monthly service! I'd still pay 9.95 a month for TiVO -- but just ditch the modem and let me use my DSL!!)"

ICANN's elections are now underway. (We've covered this before.) ICANN's Nominating Committee has picked several candidates for each of the five open seats in a closed primary process; now there is a "member nomination" process underway where several more candidates will be selected to run for each seat. Civil liberties groups are actively attempting to promote democratic involvement in ICANN, such as the Civil Society Democracy Project being spearheaded by CPSR. We've asked each of the people seeking to be candidates for the North American region board seat to answer one question; here are the responses we've received. Update: 08/17 14:04 by michael : Two more responses added.

This is equivalent to a "primary" election - it is selecting the people who will run for the election. We are concentrating only on the election for the North American region, since the majority of Slashdot's readership is from this region. ICANN's nominating committee picked four candidates to run for the seat:

• Lyman Chapin
• Donald Langenberg
• Lawrence Lessig
• Harris Miller

and at the last ICANN meeting, it was decided to limit the total candidates for any one seat to seven, so this primary process will pick three additional candidates to run for the seat. A large number of people have thrown their hats in the ring for this process -- here's ICANN's list of candidates seeking member-nomination -- and we asked them all this question:

The Internet Democracy Project (www.internetdemocracyproject.org) and the Civil Society Internet Forum (www.civilsocietyinternetforum.org) have been involved in attempting to promote democracy and representation of individual Internet users at ICANN. The Civil Society Statement on ICANN Elections -

http://www.cpsr.org/internetdemocracy/Statement_July-13.html

- is an attempt to spell out what attributes are desirable in ICANN from such a perspective.

Distinguishing between 50+ possible candidates, with only one endorsement to cast, is likely to be difficult for ICANN's registered voters. Slashdot has talked with Hans Klein of CPSR (www.cpsr.org) and we feel that a reasonable way to allow the candidates to distinguish between themselves is to ask them an open-ended question:

-- What is your response to the Civil Society Statement on ICANN Elections?

What follows are the responses we received, edited only for HTML formatting. If you, as an ICANN registered voter, decide that you'd like to see one of these candidates run for the seat, you can endorse them on the ICANN Web site. Whichever three candidates receive the most endorsements (and are endorsed by more than 2% of the voter pool, and from at least two countries) will be on the ballot for the real election, which begins Sept. 1. You may change your endorsement before Sept. 1 by simply endorsing a different candidate. The candidate listing displays a running total of endorsements.

Clear enough? On to the candidates! These responses are listed in the order they were received.

Teri Powell

[Editor's note: Teri Powell informs me she has withdrawn from the ICANN election. --michael]

I have participated heavily and strongly re: ICANN issues on the Public Forums.

I have read and fully understand the position paper you reference. This has been evidenced in my opinions already expressed via any route I can. With this in mind, I have to admit the following: I can Not say it any better than as the Actual Statement linked below.

This will be short and sweet. I will reference (as a link) the Statement which I Totally Agree with.
http://www.cpsr.org/internetdemocracy/Statement_July-13.html

My web site can be found at:
http://www.brittany-technologies.com

The Prime Objective is to get Proper Representation onto the ICANN Board which Will Reflect ALL Internet Users.

My Very Best to the Other Candidates! I Believe the At Large Members Will Choose Wisely. I Will Support Whoever is chosen since this will, at least, be a Start in Representation for Us. Liz Bartlett

My candidate page can be found at http://www.khyri.com/icann/ and contains the information on my ICANN page, together with expanded sections on my qualification, background and viewpoints. I intend to add relevent content and links to it at intervals, so feel free to bookmark and return.

1. I strongly believe that ICANN must represent all. I feel I can represent many interests, being female and having lived in England, France and (currently) the U.S.A. I am heavily involved in web accessibility issues, making sure that web content is available to everyone regardless of physical disability, method of accessing the Internet, or level of technology.

2. I have had indirect experience of organizations whose leadership have resisted such transparency, and I know that this mentality is a fast road to destruction. I have always held the view that information must be shared with all interested parties, unless there are very good reasons to withhold it.

3. One of the strongest bases for an organization such as ICANN is the strength of its core membership. I believe the board should be drawn from the membership, that the board should then exercise the proper oversight of the staff, and that the ICANN staff should not be employed from the ranks of board members in order to maintain a proper employee-employer relationship.

4. I believe that only in the clearest cases of intentional misleading or profit motivation should the "first come, first served" domain name policy be overturned.

5. I do not have strong views on the organizational split of IP address and DNS root server management. I feel this issues are best solved on a "what is technically best" basis.

6. I do not believe governmental control over domain name space can be a practical solution, given the global nature of the internet, the increasing abuse of the two-letter country codes, and the absence of a global government.

7. I am strongly against artifical scarcity of names. However, I am ambivalent on the decentralizing of some functions, as I realize that the independent operation of many registration/name lookup/routing functions can cause technical chaos. However I feel, (maybe naively) that it must be possible to retain a single, core central registry without giving any individual, organization or company the temptation of "abuse of power". I see no great problem with the current system.

8. Privacy policies as generally adopted by organizations that hold elections should apply to all ICANN operations.

9. The costs of participating in ICANN activities, and the costs that ICANN itself incurs in its operations should be kept as economically low as possible. Expenses should be looked at with a view to "does this further the ICANN objective" before approval. Adam L. Beberg

I believe the first 3 values aim at something deeper which is that the membership base needs to be informed and educated about the issues they will vote on. Any issue that the members must decide needs to include the technical details, as well as a pro and con argument, all translated into multiple languages. The membership also needs to remain vigilant of the things happening in ICANN that have a public effect, and this can only be done with complete information.

One problem I have seen emerging due to ICANN's relatively few issues to deal with, but of high complexity and with extended impact, is that of "if I can get 50 non-technical friends to sign up, I can tell them all how to vote because they cannot understand the geekspeak". This is just as dangerous as the commercial makeup of the DNSOs, but far more insidious. Unfortunately this will probably be the operating mode for the At Large membership base.

Trademark laws as a social convention are an important thing if people are to know who they are dealing with, and that others with be prevented from pretending to be someone they are not. That said, I don't see how domain names or IP numbers affect free expression or privacy, other then the help privacy by limiting pretenders. Governments do not need ICANN's help to limit freedoms.

The scarcity of domains of any kind is completely artificial, and should be reduced or removed. Any TLD should be allowed, and is technically possible, but should be subject to some critical mass (N people want TLD .xyz) to avoid all domains turning into TLDs. Since other TLD's are not scarce, ccTLD's being a pain to get, if not scarce, doesn't seem to be a large problem. The ccTLD registrars must compete next to the generic registrars, and the market will eliminate the inefficient and unresponsive registrars. ICANN does need to take a role to insure that domain owners can easily change registrars, without hassle or loss/theft of their domains, which several registrars now prevent. Emerson Tiller

I will address each of the guiding principles put forth by the Civil Society.

1. ICANN must be representative.

I agree. In fact, I propose that:

• the majority (not just 9), if not all, of the board members should be elected by the at-large membership.
• Email, fax, and regular mail member registrations should be accepted. Registration should be 1-step.
• ICANN members should enjoy the protections of being members under California's non-profit laws.

Note that, for months, I have engaged in a public information campaign to increase and broaden the ICANN membership (http://www.icannvote.com).

2. ICANN must be transparent.

Absolutely.

3. ICANN must use bottom-up processes.

I agree. I suggest that petition processes be allowed to bring issues up for a membership wide vote. The membership should also vote on whether the Uniform Dispute Resolution Policy (UDRP) passed in 1999 should be reauthorized.

4. Intellectual property rights should not be privileged over other rights.

Political, religious, anonymous, and other forms of free speech, as they reveal themselves in domain names or other web content, should be accorded equal standing with intellectual property rights.

5. ICANN should strive at all times to minimize or avoid policy-making on non-technical topics.

I agree. However, we should recognize the in an electronic age, technical decisions produce policy results, and thus in some sense the technical decisions are often policy decisions (much like decisions on process often determine the policy). Rather than ignoring this critical relationship, we would be better off to acknowledge the connection, and then be specific about which technology-driven policy areas ICANN should and should not involve itself. Any expansion of policy making should be authorized by both broad membership voting and broader international representation on the board.

6. The domain name space is a globally-shared public good with public and private functions.

I agree. And the more we can open the TLD space, the more effectively these multiple uses can be met.

7. Artificial scarcity and centralization should be avoided.

I believe that the expansion of the domain name space through the creation of new TLD registries should be one of ICANN's highest priorities. To the extent centralization occurs, or is necessary, it should be legitimized by broad public approval and international representation.

8. ICANN must respect privacy.

I agree. ICANN should avoid technical/policy decisions that compromise anonymity and the security of personal information.

9. Costs should be minimal and equitable.

And shared fairly among all countries, on condition that they have a fair chance at representation on the ICANN board and enjoy the services that ICANN performs.

Final Comments: ICANN is not beyond repair. There are a lot of good people who have worked to make it a forum that responds to the new demands of the Internet society. But ICANN is in need of restructuring, both in terms of process (election procedures, for example) and substance (the UDRP, for example). My platform: http://64.82.55.205/tiller.html. Barbara Simons

I state on my election web page http://barbara.simons.org/:

"I support the values enunciated by the Civil Society Internet Forum. These include 'democratic participation in decision-making, open processes, the right to communicate, and a fair balance between rights of privacy, speech, consumers, and property in Internet governance'. I shall work to defend privacy, speech, and the needs and rights of the smaller players; I sincerely hope that the other candidates will demonstrate their support for these important principles."

I also signed the Civil Society Internet Forum Mission Statement in Yokohama. (See http://www.cpsr.org/internetdemocracy/csif/signatories.html).

I am very pleased that you are asking this question of all the candidates. I hope that people will honestly state whether or not they will support the Civil Society principles. My support is public and long standing.

On my web page I also pledge to:

• be accessible and responsive to the members of the at-large community,
• create an advisory group of experts in technological, policy, economics, and the law,
• work to build a decision-making process that is open and inclusive.

The decisions made by the ICANN Board during the next few years will have a major impact on the speech and freedom on the Internet. I have a history of fighting for speech, privacy, and open access. My web page contains links to several policy articles I have written on these topics. Among other actions, I have:

• testified before a Senate subcommittee in favor of the legislation that would significantly reduce export controls on encryption,
• worked to defeat the Digital Millennium Copyright Act (DMCA),
• spoken out and written letters in opposition to UCITA,
• opposed attempts to censor the Internet,
• submitted a supporting declaration for the defense in the New York DVD trial (See http://eon.law.harvard.edu/openlaw/DVD/filings/NY/0503-reply.html#Simons),
• fought efforts to establish wide-spread monitoring by law enforcement of the Internet,
• worked to support privacy.

My support for the right to anonymity on the Internet is reflected in my membership on the Advisory Board of ZeroKnowledge Systems Inc.

I hope that the readers of Slashdot will read my statement on the ICANN web page and the material I have posted on my web site. If anyone has comments or suggestions, he or she can reach me at simons@acm.org. Karl Auerbach

I helped write it - I think its a darn fine statement. ;-)

(One can compare it to my rather long set of views as expressed on my election web page at http://www.cavebear.com/ialc/ )

ICANN as it is now constructed and operated seems to be premised on the notion that the Internet is there for the benefit of commercial interests and that ICANN ought to treat those who "merely" use the Internet as babes in the woods who can't be trusted to make decisions and who need paternalistic protection.

The Civil Society Statement is, to my mind, a roadmap of how ICANN can return to a more balanced state - so that the users of the Internet will be respected as people who can make their own decisions about their own interests.

Governance is hard. And ICANN is undertaking something new and difficult. ICANN cripples itself by creating a body of people who feel that they have been disenfranchised. The Civil Society Statement is a reminder to ICANN that it has forgotten to be inclusive of all those who believe they have role in these matters.

If you compare the Civil Society Statement with my own platform, you will see that I have gone rather further in certain areas - particularly with regard to procedures and ICANN structure. It is very much my belief that inclusive processes - even if they appear somewhat more chaotic than today's ICANN staff choreographed dictates - are at least as important as any substantive policy decision.

As a practical matter, whoever wins the election for a board seat is going to be but one person out of 19. So any single candidate's platform is probably not going to become fact, at least not immediately. ICANN's staff has become so entrenched and has taken control of the corporation so completely, that reform of ICANN is going to be a major effort. The Civil Society Statement serves as something we can always look to to see whether ICANN is improving.

Tom Lowenhaupt

Guiding Value 1. ICANN must be representative.

The ICANN needs to represent all of the Internet's current users - not just business interests.

But more than this, the ICANN needs to acknowledge the immense impact the Internet has on all people, and it needs to reserve representation space for those not yet on the net. When America was young it excluded women, workers, and African salves from its representation system. Let's learn from the 150 year struggle to remedy that stupidity. Let's set aside representation space now.

But representation on the ICANN is not a simple matter. How do you represent 5 billion people? I don't have all the answers to this question, but I began my search by asking the following. Who runs the military? Who sets water and air pollution standards? Who determines the direction and usage rules for our roadways? It's not the army or the air and highway bureaucrats. It's civil society - you and me. (Or at least it should be!)

Business might own the net, but it's you and me that pump in the cash that allows them to operate. Let's take control and make sure the net's something that's good for our families and good for our communities.

Guiding Value 2. ICANN must be transparent.
Guiding Value 3. ICANN must use bottom-up processes.

The ICANN's operation and its decision making process must be transparent and inviting to the public. Issues should be framed and brought to the public within a context and with comprehendible background information. Everyone should have the opportunity to comment on upcoming decisions using online forums, listservers, and polling systems.

Guiding Value 4. Intellectual property rights should not be privileged over other rights.
Guiding Value 8. ICANN must respect privacy.

First and foremost the net should be about communication that empowers the individual. It shouldn't be turned into TV 2. When intellectual property rights are treated with undue importance, our access to information and our privacy rights are reduced.

Guiding Value 5. ICANN should strive at all times to minimize or avoid policy-making on non-technical topics.

Rapid growth and technologic change guarantees a tumultuous future for the net. Unsettling developments will be thrown into the ICANN's waiting lap on a regular basis. And human nature will have the organization's employees accreting power.

So I support an open governance system with separation of powers and independent review mechanisms.

Guiding Value 6. The domain name space is a globally-shared public good with public and private functions.
Guiding Value 7. Artificial scarcity and centralization should be avoided.

There needn't be any shortage in the domain name space. Look at Karl Auerbach's page for a discussion this. (Karl's also an At Large candidate, see his page at http://www.cavebear.com/ialc/).

An acknowledged expert in the field, Karl's proposed adding 10,000 new names - per year. He says the net should be able to support somewhere between 1,000,000 - 7,000,000 new TLDs.

IP numbers need to the distributed equitably, with set asides for future net users.

Guiding Value 9. Costs should be minimal and equitable.

I agree that we should keep costs to a minimum - who wouldn't? But good governance doesn't come cheep. If you want an open decision making process, you need qualified and well paid employees to create and present balanced presentations. You need good systems to keep the communication channels opened. And you need checks and balances to prevent centralization of power and undue influences by a moneyed class.

The money to pay for the net's operation is coming out of our pockets - ain' t no two ways about it. Let's invest our pennies in a governance system that empowers its users and respects their privacy.

I'll conclude by saying, "Vote for me and I'll do my best to see that the net works for us all." Ted Phipps

The CIVIL SOCIETY STATEMENT ON ICANN ELECTIONS addresses 7 guiding values.
I will discuss each in turn.

1. Representation.

ICANN should mirror the people it represents. There needs to be a better balance between technical/non-technical capabilities. I've been involved with advanced IT aviation systems. However, it's my capabilities in understanding and handling international issues that ICANN is most short of.

2. Transparency.

We demand this from 'public for-profit' companies, why would we expect anything less from a 'non-profit?'

3. Bottom-up processes.

ICANN must be of the members, by the members and for the members. Directors must be diligent in protecting your interests. If they don't, then not only should they be removed; but 'you' have an obligation to remove them. This is your global village, not theirs!

4. Intellectual property rights.

Throughout history, property issues have been at the forefront of any new frontier. Interestingly, this virtual property issue was dealt with in 1776. It's roots evolved out of Englishman John Locke's Treatise on Civil Government. Locke identified three rights: life, liberty and property. Jefferson took property a step further. He replaced the word property with "the right to pursuit of happiness." Jefferson wanted to make certain that the rights were not limited to land. In effect, Jefferson made a momentous step toward recognizing virtual rights. James Madison cemented the concept when he said we must "equally respect the rights of property and the property in rights." [Madison went on to list some virtual property examples in a 1792 essay].

For speculators, there are rights in property. For the trademark holder there's property in rights. ICANN must balance these rights. Fortunately, there is a solution- release more gTLD's under different classifications.

5. Policy-making.

The 'White Paper' identifies 4 guiding principles: stability, competition, bottom-up coordination and representation. The directors should follow this course.

6. Domain-space.

I agree that, multiple, parallel and overlapping TLDs registries for various stakeholders should not be excluded from the root. This is not only the basis of a vibrant society, but an empowered one.

7. Artificial scarcity and centralization.

We don't need a DeBeers of the Internet. Holding gTLD's back is like building trade barriers - no one wins! Releasing new gTLDs is good for trademark holders, good for ebusiness, and good for the global village as a whole.

8. Privacy.

Information must flow freely across borders. This goes without saying for private users. For commercial users, ICANN's policies and procedures should adhere to Fair Information Practices. A good starting point is the OECD Privacy Guidelines. This policy actually makes life easier since companies' wouldn't have to guess whether they're violating a 'human rights' law.

9. Costs.

ICANN's operations should be transparent. If fees are charged they should be limited to commercial users. I polled the board members of ColorMeHome.com. They agree, as I believe most companies do: that it is better for businesses to contribute, than limit any individuals' access. Eric Grimm

Thank you for this chance to introduce myself and my candidacy to /. In response to your question, the Civil Society Statement reinforces and corroborates my opinion that the ICANN at-large elections, while certainly a welcome development, still are too little, too late. They only represent the first step toward reintroducing ideals of open and equitable decision-making -- including broad-based and fair representation of all interests, transparency, democracy, and freedom - into Internet governance generally and ICANN in particular.

I fully support the ideals of transparency, freedom and democracy not only in this context, but in other trans-national contexts, such as trade regulation, which should serve the long-term interests of the world's population as a whole, including future generations, and not the narrow interests of a tiny minority residing principally in industrial countries.

Following the ICANN vote, representatives of corporate power still will command super-majorities both on the ICANN Board and on every ICANN subcommittee. Therefore, the first at-large representatives will have to shoulder tremendous responsibility to keep things moving in the right direction. The costs of the status quo are already too evident. For example, the dispute resolution process that ICANN has established *COULD* have been designed to be fair and to promote impartiality, and should have included the following simple and obvious safeguards of fairness:

• Respondents should have the right to exercise a peremptory "strike" against the complainant's initial choice of forum. At present, the multiple Fora (WIPO, NAF) have every economic incentive to cater solely to the interests of trademark complainants, because they realize that complainants alone have the choice as to where the arbitration business will go. Respondents, at present, have no choice whatsoever in the process. Complainants naturally will select among fora based on their perception that, with respect to the issues in their particular case, one forum or another happens to be the most biased and unfair in complainants' favor. I have even had counsel for complainants admit this to me directly in particular cases that I have defended.
• Both complainants and respondents should have the right to exercise a limited number of peremptory "strikes" against individual arbitrators, whose track record demonstrates that they disregard the law and clearly fail to measure up to the standard of objectivity and impartiality. Yet, the people in control of ICANN omitted this important and obvious procedural safeguard.
• Complainants should be required, as a condition of invoking the ICANN dispute resolution process, to post a monetary bond, in case the complaint turns out to represent a bad-faith effort to engage in extortion, theft, and "reverse domain name piracy." Defending such a case is expensive, and the process was intended only to be invoked in "clear-cut" cases. In cases where the complainant has initiated arbitration in bad faith or for extortionate purposes, the arbitral panel should have broad discretion to compensate the respondent for the financial burden of defending a frivolous case.
• Each of the arbitration providers - like judges and courts in most forward-thinking jurisdictions - should be forbidden from commenting outside the arbitral process (i.e., to the press) on the merits of pending cases. They certainly should be prohibited from issuing press releases for the evident purpose of trying to drum up more business from new complainants by obliquely promising to "evict" respondents as often as can be managed. Specific press releases issued by more than one of the current arbitration service providers create a clear appearance of impropriety, and arguably constitute conclusive evidence of actual impropriety.
• The process should have a more robust mechanism for appeal from, and correction of, erroneous decisions. Also necessary is a mechanism for removing individual arbitrators who demonstrate a persistent inability to apply the rules fairly, and as those rules were written and intended to be applied. Even the most cursory examination of the output of the two most popular tribunals shows that their decisions are all over the map. Most decisions are mutually irreconcilable with one another. The ICANN process, as it is currently working, more resembles a random "domain name lottery" than a legitimate and balanced effort to administer fair rules in a consistent manner.

The problems with the status quo are also evident from both (1) the unnecessary and counterproductive delay in introducing new Top Level Domains, and (2) the proposed - arbitrary and unnecessary - barrier to entry of a $50,000 payment in order even to apply to establish a new Top Level Domain.

This is not to say that I believe that commerce is "bad," or that I am opposed to trademark law, or that I have any desire to banish commerce from the Internet. Quite the contrary, I strongly favor the application of TRADITIONAL principles of trademark law, within appropriate contexts. I firmly oppose the unnecessary EXPANSION of IP rights, however, and will fight to roll back the special rights that trademark owners have demanded. I also strongly favor commerce on the Internet -- both by small business as well as by big business. However, commerce is not entitled to a special place among the pantheon of Internet constituencies, and should assume its proper place among all constituencies of the Internet community as a whole.

In short, after reviewing the Civil Society Statement, I wholeheartedly agree with it and promise, if elected, to uphold every single principle listed in the document. I also pledge to work continuously to ensure that the process of democratization and open governance continues to move forward, rather than stagnating or moving in counterproductive directions.

A short biography is probably in order. I am an attorney who specializes in Internet law (including privacy, First Amendment, trademark, encryption, online commerce, and other issues). I represent clients from many different countries, with multiple perspectives on many of these issues (but never any clients in whose causes I do not believe). I live in Ann Arbor, Michigan, and practice in courtrooms all over the United States. I have experience working for the United States government, as well as for a state Supreme Court, for a large law firm that represents multinational corporations, and for a federal trial court judge. At present, however, I work in a small firm setting by choice principally because of the autonomy it gives me to choose to take positions because I believe in them, and not because a large client representation requires me to subordinate my principles to "the firm's" financial interests.

I have both the time and desire to contribute constructively to improving ICANN and Internet governance, and I thank all of you who choose to give me the opportunity to serve your interests as your ICANN at-large representative. John Alexander

At the outset, I should note that I strongly support the efforts of the CPSR, and the Internet Democracy Project, to keep our civil rights in the forefront at this formative stage of international internet governance. Bodies such as ICANN have a natural tendency to be driven by the most substantive financial interests in a controversy more strongly than by such notions as free speech and diversity.

I wholeheartedly agree with the Yokohama Statement's preamble. Indeed, ICANN must consider how its actions impact the global exercise of free speech and association, as well as the ability of those in the minority to take their places at the internet table.

In fact, this notion not only describes my own deeply-held beliefs, but also my very rationale for volunteering my most valuable asset - time and expertise - to the task of internet domain governance.

My online ICANN candidate statement and web page - http://www.netgaincc.com/icann - give more detail on my professional background and training. I have a great deal of experience as a journalist, attorney and, for the past four years, web designer. Throughout, I have donated my time to the assistance and representation of those whose civil rights have been threatened - in the arenas of federal and state court, and the internet. My company, Net Gain Communications Consultants, designed and hosted the website for a leading affirmative action organization founded by Martin Luther King III, as one example.

Most of the nine issues articulated in the Yokohama Statement describe values over which I suspect there may little debate, if just as little current compliance, by ICANN.

For example, ICANN President Mike Roberts likely would not argue with the second proposition, that ICANN must operate transparent to public scrutiny. Yet the group is woefully deficient in communicating the substance of ongoing issues and proposed resolutions to the impacted internet public with sufficient time to secure meaningful response from all factions.

That is why the first "plank" of my "platform" is Communication: I pledge a commitment of my own time and expertise to ensuring ICANN communicates in a more complete and timely fashion, using with some degree of sophistication the very technology it seeks to regulate. I feel well suited to do this, given my background in journalism, law and the web.

I cannot claim complete consonance with the Yokohama Statement, however. Some of the language is so vague as to be nothing more than the start of a conversation about the topic, while other particulars are simply off-course. For example, within principal number five, the proposition regarding separation of IP address and DNS root server management would simply complicate an otherwise complex process with more bureaucracy serving no reasonable purpose. The stated goal of "decentralizing authority" really does not articulate a valid reason for this move.

While I could take issue with several specifics of this sort, I think what is important is that I generally support the goals of the Yokohama Statement, and of the CPSR. If elected an at-large director, I will listen carefully to the CPSR's views on all issues before ICANN. Robin Bandy

While I certainly think that the CPSR Statement points in the correct direction, I also think that it ignores a few fundamental issues and, on the important issues it does address, it does not go far enough. The focus of most of the Statement can be grouped under the broad heading of "Democratic Representation", and as such they miss a few important considerations.

First and most important, is that ICANN (as a company incorporated under American, and Californian, law) cannot actually be representative of a global usership. ICANN's freedom to structure itself is proscribed by American and Californian laws governing the organization and operation of non-profit corporations and its actual existence is dependant upon the sufferance of these two governments, either of which could revoke its corporate existence at will. An organization so dependant on one country cannot, and should not be expected to, represent the users from or residing in other countries. By ICANN's control of the default DNS root it also illegitimately extends the jurisdiction of American and Californian law to governing interactions between Americans in other states and between citizens or residents of other countries.

While transparency and openness are obvious necessities of a democratic structure, CPSR also does not extend their call for a more democratic ICANN to including procedures for member initiative and referendum nor for member initiated recall of elected Board members, all features of any truly democratic system.

Additionally, a truly democratic ICANN should have no representation of government or corporate interests. Governments and corporations are already representative organizations, the first represent their citizens and the second represent their owners; these interests are already represented by the voting members who are also constituents of governments and corporations. To allow the U.S. government, for example, a representative in ICANN is to multiply the votes of the U.S. ICANN members by giving them two Board members (one shared with Canada and one of their own) while devaluing the votes of all non-American members. To allow NSI or CORE, to take another example, representation is to grant the owners of the corporation, as individuals, vastly greater influence than all other individual members. These are clearly not democratic scenarios, as they are basically the same as if R.J. Reynolds or any other special-interest lobbying group were given a direct seat in the U.S. Congress, but they are the essence of how ICANN now functions.

That CPSR calls for opening the current monolithic DNS root to a collaborative root shared between the ICANN and alternative namespaces is marvelous. In my capacity as a root server maintainer with the OpenNIC, I have been involved in discussing exactly that with several of the existing alternates and obviously am fully in support of that scenario. Though we have already begun discussions with several Linux and BSD distributions about the possibility of their installers supporting the alternative roots, we would obviously much prefer that the current root also support them.

That they also call for an end to the artificial domain name scarcity is also good, but I think they don't consider exactly how it needs to be managed. Simply adding new generic Top-Level Domains (TLDs) would not help solve another of their concerns, that of the over-focus on "Intellectual Property" (i.e. trademark) concerns. By implementing new TLDs with well defined charters, such as the .parody TLD served by OpenNIC, the trademark concerns can be properly confined to appropriately chartered TLDs, leaving space available for parody, criticism and personal sites which would be free from the current ever- present threat of trademark lawsuits. By chartering a geographic series of TLDs, trademark concerns could also be confined to their appropriate geographical regions rather than, as the current system does, allowing conflicts between properly registered trademarks in various countries and regions.

Since Slashdot asked us to keep these down to around 500 words, and I've already gone over that, here are a few additional informational links:

• My Candidacy page
• The OpenNIC, an alternative namespace which, I think, provides a good model

Sondlo Leonard Mhlaba

Response to Civil Society Statement on ICANN Elections
by Sondlo Leonard Mhlaba, PhD

I appreciate the opportunity to respond to the Civil Society Statement of July 13, 2000.

I have followed the work of CPSR for several years and, more recently, have benefited from the work of the Democracy Project. It should, therefore, come as no surprise to many that I support the nine Guiding Values of the Civil Society Statement. I do have some reservations about some details in Values 1, 7, and 8.

Value #1: Representativeness. The basis of my questions and my perspective on this item can best be appreciated through the mission of The New Franchise Institute at http://www.NewFranchise.Org which I am currently building . I see development of the internet as a momentous event in the history of the world. In 500 Years of Eurocentric Diplomacy: Prospects for the 21st Century (1999), I dared to suggest that the internet may become as integral to human life as the heavy coat is to the polar bear. Looked at in this light, the internet has the potential to separate "internet haves" from the "internet have-nots" so far apart as to constitute separate species. I am a naturalized American citizen and Zimbabwe native, having come to the US in the mid-60s. From where I sit, therefore, the work of ICANN and all the parties to internet development, is epoch-making.

In light of the above perspective, I believe that, at some point, ICANN needs to re-examine how the world is divided for purposes of representation. Should, for example, representatives be assigned in proportion to the at-large members, or in proportion to the population of the region (irrespective of the level of internet participation)? Readers may know that of the 58,000 at-large registrants for the purposes of this up-coming election, only 1,000 came from the Continent of Africa. How should language and the attendant worldview be factored in? A year ago, according to a study cited in my book, about 58% of internet communication was in English and 83% was in European languages. In the long term, I believe that a Eurocentric, and North-American dominated internet is not in our (North America's) political, civic, or economic interest. The North American representative must provide a more globalist, and future-oriented perspective, as he or she endevors to be responsive to his or her North American internet constituency.

Value #7. I believe that some domain name categories ought to be reserved for civic and governmental entities, while other categories are left to the market. Cyber-squatting and the after-market ought to be disallowed in the governmental and civic categories. However, I believe that cyber-squatting and related market techniques should be allowed in the market category. In order for this distinction to work in the interest of the general public, a great deal of care would, of course, need to go into defining the two categories.

Value #8: I support respect for privacy, but I also realize that there are differences among cultures as to what level of privacy is necessary or adequate. I believe that some of the OECD prescriptions, if they become a world standard, could dampen critical debate in the civic arena and complicate normal international market activity.

My major problem with Value # 8 is in the area of member voting. I strongly believe that ICANN board member voting must be open, and not through secret ballot. I think at-large members must be able to hold board members accountable for their votes, and a secret ballot process is inimical to the concept of transparency (Value # 2). Marty Freeman

As far as the Cival Society sataement, I agree completly. I think they sould have included some links or examples, however, to information sugsting that ICANN is not working in the manner it should. www.WIPO.org.uk (World Intelectual Piracy Orginization) has some more info. and examples.

Reading the statement did help me realize the depth of the problem though. The internet is so interseting and usefull because of the content provided by its users. If it becomes too dificult for someone to set up a server and give it an easy to find address, then the internet will loose the very thing everyone loves it for -- ridiculous ammounts of usefull, useless, interesting and funny information. It will become a homogonized channel for the distribution of U.S. corporate propaganda. That sucks. I don't want surfing the internet to be like watching TV. I am really glad to have a chance to change things and hope for at least a chance to be on the final ballot. I would like to note that the ICANN has put the 158,000 people who actually managed to sign up in a tight position. They have only two weeks to decide among the candidates for their area. Plus, the first few people to gain enough support in a area are the only ones to make it. That seams sort of unfair. On one hand you have to study info on 50 people and decide who is best for the job, on the other, you have to decide quickly which candidate to vote for, or all the slots may already be full. This is one of the first things I would change. It makes more sense for the top supported few to make it than the first few to get 2% of the total support. Anyway, thanks for giving me a chance to voice my oppenion. I hope you will all make an informed and responsible decision. Chris Stewart

The Civil Society's "Statement On ICANN Elections" addresses a number of issues that are quite popular amongst candidates seeking member-nomination. The paper focuses on a need for transparency, proportionate representation, fundamental rights, and the "bottom-up" process of administration. However, I am extremely disappointed that, once again consumer rights issues are not mentioned in the context of purchasing, owning, selling, or the security of a domain name.

As well, the paper does not address the need for ICANN to review its accreditation process, or the continued technical and administrative negligence of registrars. It is also disconcerting to conclude that the Civil Society opposes the current practice of selling, renting, or leasing a domain name in excess of its original registration cost incurred by the registrant. The following point taken from the paper's "Guiding Values" supports this conclusion,

Section 7. Artificial Scarcity and Centralization Should Be Avoided

"The use of domain names as a marketing device to index content creates excessive value in domain names and creates disincentives to innovation."

The Civil Society also argues that a "scarcity in domain names creates opportunities for control". However, the solution to this "artificial" scarcity should not be, as suggested by the paper, an unconstrained expansion of the Internet domain name space.

It can be agreed that a greater number of new gTLDs would benefit consumers by potentially reducing registration costs and allowing an increased selection of domains and registrars. However, it is irresponsible to ignore the incidents of technical and administrative negligence that currently hounds registrars and the domain registration/ownership process. These are the issues that need to be addressed prior to any consideration of an "unconstrained" expansion. I refer to two examples of registrar negligence and the lack of accountability on their behalf in the following two articles.

http://www.wired.com/news/business/0,1367,32974,00.html

http://www.zdnet.com/intweek/stories/news/0,4164,2615087,00.html

Consumers want a system that will allow them to purchase a domain, maintain its security via an accredited registrar, use the domain in any context they wish without restrictions that impede upon their civil liberties, and the right to profit from the use or sale of that domain. This paper does not address these fundamental concerns with any conviction.

The Civil Society does however appeal to the interests of the Internet community in many aspects of the statement. The need for proportionate representation rather than "democracy deficit", and the minimization or avoidance of ICANN policy-making on non-technical topics are extremely favourable arguments. The latter of the two directly refers to policies such as the UDRP, which has attempted to handcuff the abuse of trademark infringement in the domain registration environment.

However, the paper does not comment on the use of the arbitration system (such as the WIPO) in order to settle disputes. This system has been fraught with negative response from domain name owners and the media alike. The absence of support for or against this system of dispute resolution is unsettling. Decisions from this arbitration panel have been inconsistent, extremely unfair, and unjust in many of the cases, suggesting that the scope of the UDRP has been abused and sometimes ignored altogether. I offer the following site, which addresses some of the specific cases. http://www.domainshame.com/

To view the issues I feel need to be addressed in this election, please visit http://www.iknowicann.com

Sincerely, Christopher Stewart Lee Fulmer

I fully endorse and support the intent of the Civil Society's statement on the ICANN elections.

It seems that since its inception, the internet has been driven by government and corporate interests. I think that ICANN needs to be fully transparent in its operation and accountable to the entire internet community. One of the most important tasks ICANN faces is to deal with the current problems of "scarcity" of domain space by clamping down on speculators and creating new gTLDs. It is equally important the ICANN is representative of the internet community and should include equal representation from all regions as well as from all interest groups (business, government, academia and individuals).

As an individual who has lived and worked in North America, Europe and Australasia across all the interest groups, I feel I have a unique perspective I can contribute to the process. The domain space should be more distributed among the registrars to help keep costs (including ICANN's) down. I certainly don't expect to paid for my work and I would strive to ensure that a balance between public, private, and personal interests is taken.

Please read my candidacy statement on the ICANN site at http://members.icann.org/nom/cp/47.html and visit my site at http://www.fulmer.com/ before you case your vote! Patrick D'Acre

The issues raised by the Internet Democracy white paper have significant merit. As such, they would need to be included in a larger conversation, involving activated participants, with the intention of finding the middle ground. The 'revisionist' approach to providing a 'FREE Internet' for every person, hints at some policies of the past (e.g. Commerce Secretary Hoover in the 20's).

For the Internet to progress, and be made available to the largest population, business practices are mandatory. And attempt to revert to the origins of the Internet would be woefully out of place and inadvertantly restrict access to the most deserving.

I can appreaciate some of the points in the white paper, yet look for more 'centrist' approaches to implementing those same objectives.

For information on my interests see http://www.letsdobizradio.bizland.com/personal/resume.htm. Laurie Williams

1. ICANN must be representative--Agree. Further, consideration should be given to not only developing countries, but also to developing areas within developed countries. For example, interests of those in rural Oklahoma, North Dakota, or in the furthest reaches of Canada, may be more aligned with those of a remote island or developing country, than with the metropolitan areas of the USA or Canada.

2. ICANN must be transparent--Agree.

3. ICANN must use bottom-up process--Agree

4. Intellectual property rights should not be privileged over other rights--ICANN should foster collaboration and cooperation instead of creating antagonism and divisiveness. Domains are not synonymous with trademarks--otherwise the system would have been called the TNS (Trademark Name Service) and not the DNS (Domain Name Service).

5. ICANN should strive at all times to minimize or avoid policy-making on non-technical topics--Agree.

6. The domain space is a globally-shared public good with public and private functions--Agree.

7. Artificial scarcity and centralization should be avoided--Agree, with the caveat that the technical efficacy of the internet should be guaranteed before expansion and diffusion is promoted. Further, registrars should continue to enhance their processes to streamline the needs of clients. In addition, registrars, portals, and search engines should expand to include more effective searches for domain names.

8. ICANN must respect privacy--Agree.

9. Costs should be minimal and equitable--Agree. In addition, the Berkman Center does an excellent job in providing remote participation of ICANN meetings. Emphasis should be placed on enhanced technology to make ICANN webcasts even better in the future so that individuals without the resources of large companies, can participate more effectively.

-->

-->

-->

-->

MotyaKatz writes: "ZDnet has an article from Evan Leibovitch which he calls The Unix Phoenix. As he states, 'I come not to bury Unix, but to praise it'. He mostly deals with the aspects of Unix surviving during Linux growth."

MotyaKatz writes: "ZDnet has an article from Evan Leibovitch which he calls The Unix Phoenix. As he states, 'I come not to bury Unix, but to praise it'. He mostly deals with the aspects of Unix surviving during Linux growth."

hypo writes "According to a recent ZDNet article, IBM is developing a technique called "V-Groove", that allows the channel lengths of transistors on chips to be 10 nanometers (0.01 micron) and below. Currently, most companies use a 0.18 micron or 180 nanometer process. This is certainly a giant leap. The only caveat is that IBM is not planning to use this in large chips (i.e., processors) for 10 to 15 years. However, this is still quite revolutionary because most people thought that a 0.02 process would be the fundamental minimum. This all shows that Moore's law can perhaps hold true in the future. This article also discusses Carbon Nanotubes, which might research market faster than experts had previously thought."

Interested in a free domain for your open-source project? Huh, are ya? "Too bad, sucker," says the .cx registrar. On the other hand, you can drink beer (or sarsparilla) and talk tech with folks smarter than your average bear, create poetry using such fine poetic-sounding things as "Python" and "Java," and even let other people know the names of those who you would call Spammers. Read on, if the gist is really not enough.

See, what we really meant was ... From the inimitable jamie: In February we reported that the .cx registrar was offering free domains to open-source projects. Now, their Board of Directors claims this is "inconsistent with the basic principals [sic] of fairness...this policy has been cancelled." Their FAQ has been changed from this to this accordingly. The board meeting promises "existing registrants will be 'grandfathered-in' and a new second level registry for the oss community will be established." Presumably that means new applicants will get YourOpenSourceProject.free.cx or something. Props to jmason and TBTF for the above links.

LinuxBierwanderungenrundeninkreisen, oder? One of the cool things about Free software is that there's an attitude of joviality and conviviality among its users and developers -- as evidenced by the recurring Linuxbierwangerungen, as reported in Slashdot last week. Even the WSJ notices, evidently: alanw writes "This article is fairly accurate, although we were mostly drinking real ale, not lager."

The article also mentions the oh-so-intriguing idea of simultaneous, net-linked Bierwanderungen on different continents. I vote for the mountains of Maine, New Hampshire or Tennessee as good trial U.S. locations -- if you know any organizers, make sure they leave comments below about a U.S. Bierwanderung!

Opting in, Sir? Opting out? Headphones, Sir? Red Wine? White wine? discHead writes "The Mail Abuse Prevention System has announced that a temporary restraining order filed to prevent them from listing Harris Interactive in the Realtime Blackhole List has been denied."

So long as no one is required to abide by the list that MAPS creates of mail abusers, would a restraining order preventing them from listing a spammer (by their definition) ever work? I rather hope not.

No, not the envelope with "those" pictures, the envelope with the winners! Tim McNerney writes: "The second round winners in the Software Carpentry competition have been announ ced. Though the test harness category got dropped in the process, the config, build and track categories all have winners along with judge's commentary. Next step is to choosing developers to implement the winners." And speaking of lucky winners (you may not already be a winner, in this case), at0m writes "The Haiku Generator Challenge has been completed, and the results have been posted. For those who are not familiar with the contest, the goal was to create a program that used a user-inputted RDF file and created three lines with 5, 7, and 5 syllables respectively. To see the winning entries, visit the challenge page. dotcomma has also announced a new, less difficult challenge, which can be found here."

beebware writes: "The BBC is running this story about the European Union opening an antitrust case against Microsoft. It seems legal action has already started (a warning has been issued) - place your bets now on the outcome...." You can also check out the ZDNN story. The warning comes from a complaint registered by Sun Microsystems.

Wordman writes "A story on Yahoo indicates that Apple (working with Wacom) has plans to provide pen-based computing in place of/in addition to keyboard input on future power books. The story quotes an unnamed source saying "The idea is to do away with the keyboard." The scheme would include the handwriting recognition system from Newton OS 2.x (which, contrary to popular rumors, is excellent). The "erase" abiliy of Wacom tablets would also be supported." I dunno - I really do find a keyboard a wonderful way to get things done - better than my handwriting, that's for sure. Thanks to Matthew for pointing out the original article at ZD-Net.

tealover noted thatMSNBC has headline saying that Napster has been shut down by the judge. As of this writing, its still up, and the Napster MOTD is telling us to expect an announcement in a couple of hours. More when we got it. here is a zdnet story. I've attached the MOTD below. Update: 07/27 12:40 AM by CT : this washington post story reports that the injunction will go in effect PM friday. Boycotts against the RIAA are being discussed. This is the motd you get when you connect to napster as of 8:02 eastern:

You have probably heard in the news about the recording industry's lawsuit against Napster. The RIAA has asked a federal judge to shut Napster down, and an important hearing will be held at 2:00 p.m. PDT Wednesday, July 26 at the U.S. District Court in San Francisco.

Wednesday at 7:00 p.m. PDT we will give the Napster community a brief update of what happened in the courtroom via a live webcast that you can view at www.napster.com.

Spittoon pointed out this ZDNet article claiming that development proceeds apace on G4 portables for Apple's PowerBook line, and that if all goes well, they'll be shown off at Macworld Expo in January. I could live with ads claiming that "The new PowerBook is a supercomputer" in exchange for knocking a couple notes off the price of a G3 PowerBook ;) Slot-loaded CD / DVD drives are long overdue in notebooks, anyhow, so I hope at least that part of the story pans out.

I get a steady trickle of e-mail from Microsoft employees who dislike many of their employer's actions, and I know many good, concerned reporters who work at ZDNet, the Washington Post, USA Today, and other media outlets who do not follow any secret "editorial agenda." There are plenty of real conspiracies out there. We shouldn't waste our time making up fake ones, and we should never assume that all employees or associates of a company or government agency are part of a faceless, marching mass that always does exactly what its leaders want.

Let's start with Microsoft. Remember when they asked us to pull some reader posts? That was the work of a few people in an obscure legal department, not a case of a leering, drooling Bill Gates calling a cowering subordinate and screaming, "Slashdot sucks! Kill Slashdot, kill, kill, kill!" And obviously not everyone at Microsoft agreed that it was a good idea to keep the matter alive, because it has since been allowed to die quietly. (We haven't written anything further on the subject because there has been nothing to say. No news is good news.)

There is no giant, singleminded conspiracy at Microsoft, just thousands of people trying to get through the day. This is how things really work at any large company. Good decisions get made and so do bad ones. Projects get started. Some of them work out and some of them don't. Orders issued from the top sometimes get carried out effectively and efficiently, and sometimes they don't. I often suspect that some of the worst software (and the worst Web sites) I see are so crappy because the workers actually putting them together are unenthusiastic about management's plans and are either consciously or subconsciously dragging their feet -- or, in this case, their coding fingers. I'm not implying any employee conspiracy, either; these tend to be individual decisions that, collectively, may look like a consipracy to an outsider (or a boss) when there really isn't one.

Now let's take a look at one of Slashdot readers' favorits media whipping boys: ZDNet, which is now part of CNET. If you look closely, you'll see that ZD is no more organized than rush hour traffic in Paris. There are dozens of publications listed on the ZD main page. Some of them deal with Linux all day long, some are pure Windows, others concern themselves with consumer electronics and are only interested in things like camcorders or stereo gear. Jesse Berst is often treated as if he is the boss of this whole thing. He's not. He is the front man for one little piece of it called AnchorDesk . Berst has nothing to do with PC Magazine or Yahoo! Internet Life or GameSpot , all of which are also part of ZDNet.

The people who write for all these separate publications never meet. Most of them don't even know each other. They have no idea what ads are going to run where, so even if they wanted to pander to a particular advertiser they'd have trouble doing it effectively. The guiding rule at a big media mill like ZD or CNET is to have usable copy to fill all the pages every day, and they have a lot of pages to fill. Editors at these places are help-short and constantly looking for new freelance and staff writers. They don't have time to sit there and say, "Oh my, we need more stories today that make Microsoft look good and Linux look bad."

Offline media workers are similarly rushed. In many publishing companies (including Andover.net) close contact between editorial-side employees and and business-side employees is discouraged. There are journalistic organizations that act as watchdogs to help keep editorial content free from business or outside influence. These groups avidly publish instances of improper behavior. Now and then, their work gets direct results, but more often the influence is subtle; a media outlet that gains a reputation among journalists for altering stories or trying to taint them to satisfy advertisers has trouble recruiting and retaining high-end writers, and almost always sets itself on a downward quality spiral.

Remember, the shortage of competent writers and editors, especially in tech-oriented fields, is almost as acute as the shortage of competent programmers. This has not always been so, and may not always be so, but right now there is no excuse for a tech media writer to accept conspiracy-level censoring from a publisher.

Now we'll talk about the biggest and most perfidious influence I believe does exist throughout media everywhere, even though it is not a conspiracy per se: denial of access.

Imagine a celebrity besieged by reporters. Imagine that you're the press agent for that celebrity. Your client has one interview time slot open this week. You have a dozen writers begging for that interview, all of whom have audiences of approximately equal size. One of those writers has always been "nice" to your client, six of them have been (in your opinion) fair but not necessarily nice, and five of them have written primarily negative stories about him or her.

Which writer gets the interview?

Twenty years ago there were hardly any celebrities in the computer industry. Even Steve Jobs and Bill Gates were thrilled to speak openly, off the cuff, to reporters from magazines that had only a few thousand or even a few hundred subscribers. Now the people at the top of the computer business tend to be as infected with celeb-itis as movie stars and top-end politicians, and as cautious about interviews as any other group of celebrities. It has gotten to the point where interviews with computer industry honchos are about as informative as Jay Leno's interviews with actors and acresses pushing their upcoming movies.

Worse, in many cases the hardware or software itself is the celebrity in question. A tech-news writer, like a political writer, is under a certain amount of pressure to break news ahead of his or her competitors. Getting pre-release access to new products can make or break careers in this field. And who gets the most "sneak peeks" at new stuff coming out of Redmond or Cupertino or wherever? Writers who are A) generally negative; B) generally fair and unbiased; C) usually full of "Golly! Gee Whiz!" praise for any new piece of hardware or software that falls into their hands?

Pretend, for a moment, that you're a PR person for Apple. You have only 20 demo/review units of the new G21, equipped with GNU/Hurd-based MacOS 40.2 and a 3.6 GHz Intelorola available. Of the 100+ reasonably well-known computer journalists who have requested pre-release units to review, which ones will you choose? If you don't select the Mac-boostingest people in that whole crowd, then you're not a good PR person.

Computer trade journalists know that this is how the game is played. I used Apple as an example, on purpose, because they have the worst reputation among computer journalists for playing the "If you want to see our latest stuff you'd better be nice to us" game. According to posts to some of the private online journalists' e-mail lists I'm on, Microsoft is evenhanded compared to Apple, and other companies vary widely in the level of journalistic favoritism they expect to have shown toward them in return for easy access to their latest products -- and easy interview access to their key people.

But none of this is a conspiracy. It's quite Randian, really, in that a whole lot of individuals are performing in ways they perceive to be in accordance with their own (or corporate) best interests. No one can plausibly argue that computer manufacturers or distributors have any legal obligation to hand out review products in an evenhanded manner. It's a fact of life that Tuxtops or Corel are going to send Slashdot editors their products before they throw demo units at Windows Magazine , just as Microsoft is going to display the exact opposite bias.

I have questioned the whole idea of using free, manufacturer-supplied review units more than once, even those that are short-term loaners instead of "keepers." I believe there's temptation on the corporate side to make sure review units are just a little better-tested than those sold to the general public. But while reviewers who stick to buying products anonymously through normal channels may give slightly more honest reviews than those who rely on company-supplied units, they will never get anything to review before it is released, so an ethically pure reviewer will often be left far behind those who are a little more (shall we say) flexible. This is especially true of magazine writers whose deadlines may be weeks or months before publication date. I have come to accept the incestuous relationship between computer product reviewers and the people who supply those products as a fact of life. I don't necessarily like this way of doing business (even when *I* do it), but I don't think it's part of any grand conspiracy to dupe the public.

Bigger companies also have a tendency to enclose "reviewer guides" with demo products to make sure reporters know all of the product's good points so that they can (hopefully) cover them in their articles. Indeed, you can just about write a credible-looking, if uncritical, "review" from most of these guides without ever actually testing the product yourself. I regard this as the worst thing that can happen, the equivalent of writing a "news" story about a politician directly from his or her press kit. And stories that are nothing but rewritten PR pieces appear every day in all kinds of media, about all kinds of topics. The sad secret of PR-rewriting is that it can be a bonanza for a free-lancer. Take (for example) a press release about a potential new cure for [insert disease here] from researchers at [insert university here]. A hungry freelancer can easily reword the statements in that press release to produce at least three or four stories for different media, ranging from the medical trade press to regional general-interest publications. Even at low-end freelance rates, a rapid typist who does this can crank out $1000 worth of stories in a single morning. Do this six or eight days a month, and you have a nice little income to support you, and still have most of your time free to work on your (inevitable) novel, go sailing or whatever else strikes your fancy. Again, no conspiracy, just individual greed. Editors are supposed to detect and prevent this sort of thing, but they are generally overworked and have "news holes" to fill, so lazy journalism often slips by their eyes -- and not only from freelancers. In-house writers, especially on small and understaffed publications, face the same temptation to cut corners -- and often yield to it.

And now, on to the great (gasp!) Slashdot editorial conspiracy. Real life around here is that this site is run, day to day, by about six people, all of whom are independent to the point of uncontrollability. We share many common biases, and CmdrTaco sets the overall tone of the site, but that's it. One editor might post a story another wouldn't. Jon Katz writes what Jon Katz feels like writing. Hemos is ... Hemos, and also determines which books whould be reviewed, and by whom. Timothy picks stories and SlashBack material on his own, Cliff chooses "Ask Slashdot" material, and Emmett decides what stories he should cover, all by himself. Sure, we kick stuff around and ask each other for advice, and CmdrTaco will sometimes issue general directives about kinds of stories he'd like to see more often and other kinds he'd like to see less often, and these directives get followed to a certain extent, but when you come right down to it the ruling principle around here is "Chaos is Better Than Order."

No human-run organization operates with Borg-like singlemindedness. People are incapable of that kind of groupthink. Not even the old Soviet Union achieved it. This is why I am leery of so many of the conspiracy theories touted here and elsewhere. Face it: once you get behind their public masks, Microsoft, "the mainstream media," the U.S. Department of Justice, and many of our other favorite alleged conspirators are no more organized than Slashdot, and are no more capable than we are of sustaining any kind of secret agenda for any length of time -- at least not without getting caught.

I get a steady trickle of e-mail from Microsoft employees who dislike many of their employer's actions, and I know many good, concerned reporters who work at ZDNet, the Washington Post, USA Today, and other media outlets who do not follow any secret "editorial agenda." There are plenty of real conspiracies out there. We shouldn't waste our time making up fake ones, and we should never assume that all employees or associates of a company or government agency are part of a faceless, marching mass that always does exactly what its leaders want.

Let's start with Microsoft. Remember when they asked us to pull some reader posts? That was the work of a few people in an obscure legal department, not a case of a leering, drooling Bill Gates calling a cowering subordinate and screaming, "Slashdot sucks! Kill Slashdot, kill, kill, kill!" And obviously not everyone at Microsoft agreed that it was a good idea to keep the matter alive, because it has since been allowed to die quietly. (We haven't written anything further on the subject because there has been nothing to say. No news is good news.)

There is no giant, singleminded conspiracy at Microsoft, just thousands of people trying to get through the day. This is how things really work at any large company. Good decisions get made and so do bad ones. Projects get started. Some of them work out and some of them don't. Orders issued from the top sometimes get carried out effectively and efficiently, and sometimes they don't. I often suspect that some of the worst software (and the worst Web sites) I see are so crappy because the workers actually putting them together are unenthusiastic about management's plans and are either consciously or subconsciously dragging their feet -- or, in this case, their coding fingers. I'm not implying any employee conspiracy, either; these tend to be individual decisions that, collectively, may look like a consipracy to an outsider (or a boss) when there really isn't one.

Now let's take a look at one of Slashdot readers' favorits media whipping boys: ZDNet, which is now part of CNET. If you look closely, you'll see that ZD is no more organized than rush hour traffic in Paris. There are dozens of publications listed on the ZD main page. Some of them deal with Linux all day long, some are pure Windows, others concern themselves with consumer electronics and are only interested in things like camcorders or stereo gear. Jesse Berst is often treated as if he is the boss of this whole thing. He's not. He is the front man for one little piece of it called AnchorDesk . Berst has nothing to do with PC Magazine or Yahoo! Internet Life or GameSpot , all of which are also part of ZDNet.

The people who write for all these separate publications never meet. Most of them don't even know each other. They have no idea what ads are going to run where, so even if they wanted to pander to a particular advertiser they'd have trouble doing it effectively. The guiding rule at a big media mill like ZD or CNET is to have usable copy to fill all the pages every day, and they have a lot of pages to fill. Editors at these places are help-short and constantly looking for new freelance and staff writers. They don't have time to sit there and say, "Oh my, we need more stories today that make Microsoft look good and Linux look bad."

Offline media workers are similarly rushed. In many publishing companies (including Andover.net) close contact between editorial-side employees and and business-side employees is discouraged. There are journalistic organizations that act as watchdogs to help keep editorial content free from business or outside influence. These groups avidly publish instances of improper behavior. Now and then, their work gets direct results, but more often the influence is subtle; a media outlet that gains a reputation among journalists for altering stories or trying to taint them to satisfy advertisers has trouble recruiting and retaining high-end writers, and almost always sets itself on a downward quality spiral.

Remember, the shortage of competent writers and editors, especially in tech-oriented fields, is almost as acute as the shortage of competent programmers. This has not always been so, and may not always be so, but right now there is no excuse for a tech media writer to accept conspiracy-level censoring from a publisher.

Now we'll talk about the biggest and most perfidious influence I believe does exist throughout media everywhere, even though it is not a conspiracy per se: denial of access.

Imagine a celebrity besieged by reporters. Imagine that you're the press agent for that celebrity. Your client has one interview time slot open this week. You have a dozen writers begging for that interview, all of whom have audiences of approximately equal size. One of those writers has always been "nice" to your client, six of them have been (in your opinion) fair but not necessarily nice, and five of them have written primarily negative stories about him or her.

Which writer gets the interview?

Twenty years ago there were hardly any celebrities in the computer industry. Even Steve Jobs and Bill Gates were thrilled to speak openly, off the cuff, to reporters from magazines that had only a few thousand or even a few hundred subscribers. Now the people at the top of the computer business tend to be as infected with celeb-itis as movie stars and top-end politicians, and as cautious about interviews as any other group of celebrities. It has gotten to the point where interviews with computer industry honchos are about as informative as Jay Leno's interviews with actors and acresses pushing their upcoming movies.

Worse, in many cases the hardware or software itself is the celebrity in question. A tech-news writer, like a political writer, is under a certain amount of pressure to break news ahead of his or her competitors. Getting pre-release access to new products can make or break careers in this field. And who gets the most "sneak peeks" at new stuff coming out of Redmond or Cupertino or wherever? Writers who are A) generally negative; B) generally fair and unbiased; C) usually full of "Golly! Gee Whiz!" praise for any new piece of hardware or software that falls into their hands?

Pretend, for a moment, that you're a PR person for Apple. You have only 20 demo/review units of the new G21, equipped with GNU/Hurd-based MacOS 40.2 and a 3.6 GHz Intelorola available. Of the 100+ reasonably well-known computer journalists who have requested pre-release units to review, which ones will you choose? If you don't select the Mac-boostingest people in that whole crowd, then you're not a good PR person.

Computer trade journalists know that this is how the game is played. I used Apple as an example, on purpose, because they have the worst reputation among computer journalists for playing the "If you want to see our latest stuff you'd better be nice to us" game. According to posts to some of the private online journalists' e-mail lists I'm on, Microsoft is evenhanded compared to Apple, and other companies vary widely in the level of journalistic favoritism they expect to have shown toward them in return for easy access to their latest products -- and easy interview access to their key people.

But none of this is a conspiracy. It's quite Randian, really, in that a whole lot of individuals are performing in ways they perceive to be in accordance with their own (or corporate) best interests. No one can plausibly argue that computer manufacturers or distributors have any legal obligation to hand out review products in an evenhanded manner. It's a fact of life that Tuxtops or Corel are going to send Slashdot editors their products before they throw demo units at Windows Magazine , just as Microsoft is going to display the exact opposite bias.

I have questioned the whole idea of using free, manufacturer-supplied review units more than once, even those that are short-term loaners instead of "keepers." I believe there's temptation on the corporate side to make sure review units are just a little better-tested than those sold to the general public. But while reviewers who stick to buying products anonymously through normal channels may give slightly more honest reviews than those who rely on company-supplied units, they will never get anything to review before it is released, so an ethically pure reviewer will often be left far behind those who are a little more (shall we say) flexible. This is especially true of magazine writers whose deadlines may be weeks or months before publication date. I have come to accept the incestuous relationship between computer product reviewers and the people who supply those products as a fact of life. I don't necessarily like this way of doing business (even when *I* do it), but I don't think it's part of any grand conspiracy to dupe the public.

Bigger companies also have a tendency to enclose "reviewer guides" with demo products to make sure reporters know all of the product's good points so that they can (hopefully) cover them in their articles. Indeed, you can just about write a credible-looking, if uncritical, "review" from most of these guides without ever actually testing the product yourself. I regard this as the worst thing that can happen, the equivalent of writing a "news" story about a politician directly from his or her press kit. And stories that are nothing but rewritten PR pieces appear every day in all kinds of media, about all kinds of topics. The sad secret of PR-rewriting is that it can be a bonanza for a free-lancer. Take (for example) a press release about a potential new cure for [insert disease here] from researchers at [insert university here]. A hungry freelancer can easily reword the statements in that press release to produce at least three or four stories for different media, ranging from the medical trade press to regional general-interest publications. Even at low-end freelance rates, a rapid typist who does this can crank out $1000 worth of stories in a single morning. Do this six or eight days a month, and you have a nice little income to support you, and still have most of your time free to work on your (inevitable) novel, go sailing or whatever else strikes your fancy. Again, no conspiracy, just individual greed. Editors are supposed to detect and prevent this sort of thing, but they are generally overworked and have "news holes" to fill, so lazy journalism often slips by their eyes -- and not only from freelancers. In-house writers, especially on small and understaffed publications, face the same temptation to cut corners -- and often yield to it.

And now, on to the great (gasp!) Slashdot editorial conspiracy. Real life around here is that this site is run, day to day, by about six people, all of whom are independent to the point of uncontrollability. We share many common biases, and CmdrTaco sets the overall tone of the site, but that's it. One editor might post a story another wouldn't. Jon Katz writes what Jon Katz feels like writing. Hemos is ... Hemos, and also determines which books whould be reviewed, and by whom. Timothy picks stories and SlashBack material on his own, Cliff chooses "Ask Slashdot" material, and Emmett decides what stories he should cover, all by himself. Sure, we kick stuff around and ask each other for advice, and CmdrTaco will sometimes issue general directives about kinds of stories he'd like to see more often and other kinds he'd like to see less often, and these directives get followed to a certain extent, but when you come right down to it the ruling principle around here is "Chaos is Better Than Order."

No human-run organization operates with Borg-like singlemindedness. People are incapable of that kind of groupthink. Not even the old Soviet Union achieved it. This is why I am leery of so many of the conspiracy theories touted here and elsewhere. Face it: once you get behind their public masks, Microsoft, "the mainstream media," the U.S. Department of Justice, and many of our other favorite alleged conspirators are no more organized than Slashdot, and are no more capable than we are of sustaining any kind of secret agenda for any length of time -- at least not without getting caught.

I get a steady trickle of e-mail from Microsoft employees who dislike many of their employer's actions, and I know many good, concerned reporters who work at ZDNet, the Washington Post, USA Today, and other media outlets who do not follow any secret "editorial agenda." There are plenty of real conspiracies out there. We shouldn't waste our time making up fake ones, and we should never assume that all employees or associates of a company or government agency are part of a faceless, marching mass that always does exactly what its leaders want.

Let's start with Microsoft. Remember when they asked us to pull some reader posts? That was the work of a few people in an obscure legal department, not a case of a leering, drooling Bill Gates calling a cowering subordinate and screaming, "Slashdot sucks! Kill Slashdot, kill, kill, kill!" And obviously not everyone at Microsoft agreed that it was a good idea to keep the matter alive, because it has since been allowed to die quietly. (We haven't written anything further on the subject because there has been nothing to say. No news is good news.)

There is no giant, singleminded conspiracy at Microsoft, just thousands of people trying to get through the day. This is how things really work at any large company. Good decisions get made and so do bad ones. Projects get started. Some of them work out and some of them don't. Orders issued from the top sometimes get carried out effectively and efficiently, and sometimes they don't. I often suspect that some of the worst software (and the worst Web sites) I see are so crappy because the workers actually putting them together are unenthusiastic about management's plans and are either consciously or subconsciously dragging their feet -- or, in this case, their coding fingers. I'm not implying any employee conspiracy, either; these tend to be individual decisions that, collectively, may look like a consipracy to an outsider (or a boss) when there really isn't one.

Now let's take a look at one of Slashdot readers' favorits media whipping boys: ZDNet, which is now part of CNET. If you look closely, you'll see that ZD is no more organized than rush hour traffic in Paris. There are dozens of publications listed on the ZD main page. Some of them deal with Linux all day long, some are pure Windows, others concern themselves with consumer electronics and are only interested in things like camcorders or stereo gear. Jesse Berst is often treated as if he is the boss of this whole thing. He's not. He is the front man for one little piece of it called AnchorDesk . Berst has nothing to do with PC Magazine or Yahoo! Internet Life or GameSpot , all of which are also part of ZDNet.

The people who write for all these separate publications never meet. Most of them don't even know each other. They have no idea what ads are going to run where, so even if they wanted to pander to a particular advertiser they'd have trouble doing it effectively. The guiding rule at a big media mill like ZD or CNET is to have usable copy to fill all the pages every day, and they have a lot of pages to fill. Editors at these places are help-short and constantly looking for new freelance and staff writers. They don't have time to sit there and say, "Oh my, we need more stories today that make Microsoft look good and Linux look bad."

Offline media workers are similarly rushed. In many publishing companies (including Andover.net) close contact between editorial-side employees and and business-side employees is discouraged. There are journalistic organizations that act as watchdogs to help keep editorial content free from business or outside influence. These groups avidly publish instances of improper behavior. Now and then, their work gets direct results, but more often the influence is subtle; a media outlet that gains a reputation among journalists for altering stories or trying to taint them to satisfy advertisers has trouble recruiting and retaining high-end writers, and almost always sets itself on a downward quality spiral.

Remember, the shortage of competent writers and editors, especially in tech-oriented fields, is almost as acute as the shortage of competent programmers. This has not always been so, and may not always be so, but right now there is no excuse for a tech media writer to accept conspiracy-level censoring from a publisher.

Now we'll talk about the biggest and most perfidious influence I believe does exist throughout media everywhere, even though it is not a conspiracy per se: denial of access.

Imagine a celebrity besieged by reporters. Imagine that you're the press agent for that celebrity. Your client has one interview time slot open this week. You have a dozen writers begging for that interview, all of whom have audiences of approximately equal size. One of those writers has always been "nice" to your client, six of them have been (in your opinion) fair but not necessarily nice, and five of them have written primarily negative stories about him or her.

Which writer gets the interview?

Twenty years ago there were hardly any celebrities in the computer industry. Even Steve Jobs and Bill Gates were thrilled to speak openly, off the cuff, to reporters from magazines that had only a few thousand or even a few hundred subscribers. Now the people at the top of the computer business tend to be as infected with celeb-itis as movie stars and top-end politicians, and as cautious about interviews as any other group of celebrities. It has gotten to the point where interviews with computer industry honchos are about as informative as Jay Leno's interviews with actors and acresses pushing their upcoming movies.

Worse, in many cases the hardware or software itself is the celebrity in question. A tech-news writer, like a political writer, is under a certain amount of pressure to break news ahead of his or her competitors. Getting pre-release access to new products can make or break careers in this field. And who gets the most "sneak peeks" at new stuff coming out of Redmond or Cupertino or wherever? Writers who are A) generally negative; B) generally fair and unbiased; C) usually full of "Golly! Gee Whiz!" praise for any new piece of hardware or software that falls into their hands?

Pretend, for a moment, that you're a PR person for Apple. You have only 20 demo/review units of the new G21, equipped with GNU/Hurd-based MacOS 40.2 and a 3.6 GHz Intelorola available. Of the 100+ reasonably well-known computer journalists who have requested pre-release units to review, which ones will you choose? If you don't select the Mac-boostingest people in that whole crowd, then you're not a good PR person.

Computer trade journalists know that this is how the game is played. I used Apple as an example, on purpose, because they have the worst reputation among computer journalists for playing the "If you want to see our latest stuff you'd better be nice to us" game. According to posts to some of the private online journalists' e-mail lists I'm on, Microsoft is evenhanded compared to Apple, and other companies vary widely in the level of journalistic favoritism they expect to have shown toward them in return for easy access to their latest products -- and easy interview access to their key people.

But none of this is a conspiracy. It's quite Randian, really, in that a whole lot of individuals are performing in ways they perceive to be in accordance with their own (or corporate) best interests. No one can plausibly argue that computer manufacturers or distributors have any legal obligation to hand out review products in an evenhanded manner. It's a fact of life that Tuxtops or Corel are going to send Slashdot editors their products before they throw demo units at Windows Magazine , just as Microsoft is going to display the exact opposite bias.

I have questioned the whole idea of using free, manufacturer-supplied review units more than once, even those that are short-term loaners instead of "keepers." I believe there's temptation on the corporate side to make sure review units are just a little better-tested than those sold to the general public. But while reviewers who stick to buying products anonymously through normal channels may give slightly more honest reviews than those who rely on company-supplied units, they will never get anything to review before it is released, so an ethically pure reviewer will often be left far behind those who are a little more (shall we say) flexible. This is especially true of magazine writers whose deadlines may be weeks or months before publication date. I have come to accept the incestuous relationship between computer product reviewers and the people who supply those products as a fact of life. I don't necessarily like this way of doing business (even when *I* do it), but I don't think it's part of any grand conspiracy to dupe the public.

Bigger companies also have a tendency to enclose "reviewer guides" with demo products to make sure reporters know all of the product's good points so that they can (hopefully) cover them in their articles. Indeed, you can just about write a credible-looking, if uncritical, "review" from most of these guides without ever actually testing the product yourself. I regard this as the worst thing that can happen, the equivalent of writing a "news" story about a politician directly from his or her press kit. And stories that are nothing but rewritten PR pieces appear every day in all kinds of media, about all kinds of topics. The sad secret of PR-rewriting is that it can be a bonanza for a free-lancer. Take (for example) a press release about a potential new cure for [insert disease here] from researchers at [insert university here]. A hungry freelancer can easily reword the statements in that press release to produce at least three or four stories for different media, ranging from the medical trade press to regional general-interest publications. Even at low-end freelance rates, a rapid typist who does this can crank out $1000 worth of stories in a single morning. Do this six or eight days a month, and you have a nice little income to support you, and still have most of your time free to work on your (inevitable) novel, go sailing or whatever else strikes your fancy. Again, no conspiracy, just individual greed. Editors are supposed to detect and prevent this sort of thing, but they are generally overworked and have "news holes" to fill, so lazy journalism often slips by their eyes -- and not only from freelancers. In-house writers, especially on small and understaffed publications, face the same temptation to cut corners -- and often yield to it.

And now, on to the great (gasp!) Slashdot editorial conspiracy. Real life around here is that this site is run, day to day, by about six people, all of whom are independent to the point of uncontrollability. We share many common biases, and CmdrTaco sets the overall tone of the site, but that's it. One editor might post a story another wouldn't. Jon Katz writes what Jon Katz feels like writing. Hemos is ... Hemos, and also determines which books whould be reviewed, and by whom. Timothy picks stories and SlashBack material on his own, Cliff chooses "Ask Slashdot" material, and Emmett decides what stories he should cover, all by himself. Sure, we kick stuff around and ask each other for advice, and CmdrTaco will sometimes issue general directives about kinds of stories he'd like to see more often and other kinds he'd like to see less often, and these directives get followed to a certain extent, but when you come right down to it the ruling principle around here is "Chaos is Better Than Order."

No human-run organization operates with Borg-like singlemindedness. People are incapable of that kind of groupthink. Not even the old Soviet Union achieved it. This is why I am leery of so many of the conspiracy theories touted here and elsewhere. Face it: once you get behind their public masks, Microsoft, "the mainstream media," the U.S. Department of Justice, and many of our other favorite alleged conspirators are no more organized than Slashdot, and are no more capable than we are of sustaining any kind of secret agenda for any length of time -- at least not without getting caught.

I get a steady trickle of e-mail from Microsoft employees who dislike many of their employer's actions, and I know many good, concerned reporters who work at ZDNet, the Washington Post, USA Today, and other media outlets who do not follow any secret "editorial agenda." There are plenty of real conspiracies out there. We shouldn't waste our time making up fake ones, and we should never assume that all employees or associates of a company or government agency are part of a faceless, marching mass that always does exactly what its leaders want.

Let's start with Microsoft. Remember when they asked us to pull some reader posts? That was the work of a few people in an obscure legal department, not a case of a leering, drooling Bill Gates calling a cowering subordinate and screaming, "Slashdot sucks! Kill Slashdot, kill, kill, kill!" And obviously not everyone at Microsoft agreed that it was a good idea to keep the matter alive, because it has since been allowed to die quietly. (We haven't written anything further on the subject because there has been nothing to say. No news is good news.)

There is no giant, singleminded conspiracy at Microsoft, just thousands of people trying to get through the day. This is how things really work at any large company. Good decisions get made and so do bad ones. Projects get started. Some of them work out and some of them don't. Orders issued from the top sometimes get carried out effectively and efficiently, and sometimes they don't. I often suspect that some of the worst software (and the worst Web sites) I see are so crappy because the workers actually putting them together are unenthusiastic about management's plans and are either consciously or subconsciously dragging their feet -- or, in this case, their coding fingers. I'm not implying any employee conspiracy, either; these tend to be individual decisions that, collectively, may look like a consipracy to an outsider (or a boss) when there really isn't one.

Now let's take a look at one of Slashdot readers' favorits media whipping boys: ZDNet, which is now part of CNET. If you look closely, you'll see that ZD is no more organized than rush hour traffic in Paris. There are dozens of publications listed on the ZD main page. Some of them deal with Linux all day long, some are pure Windows, others concern themselves with consumer electronics and are only interested in things like camcorders or stereo gear. Jesse Berst is often treated as if he is the boss of this whole thing. He's not. He is the front man for one little piece of it called AnchorDesk . Berst has nothing to do with PC Magazine or Yahoo! Internet Life or GameSpot , all of which are also part of ZDNet.

The people who write for all these separate publications never meet. Most of them don't even know each other. They have no idea what ads are going to run where, so even if they wanted to pander to a particular advertiser they'd have trouble doing it effectively. The guiding rule at a big media mill like ZD or CNET is to have usable copy to fill all the pages every day, and they have a lot of pages to fill. Editors at these places are help-short and constantly looking for new freelance and staff writers. They don't have time to sit there and say, "Oh my, we need more stories today that make Microsoft look good and Linux look bad."

Offline media workers are similarly rushed. In many publishing companies (including Andover.net) close contact between editorial-side employees and and business-side employees is discouraged. There are journalistic organizations that act as watchdogs to help keep editorial content free from business or outside influence. These groups avidly publish instances of improper behavior. Now and then, their work gets direct results, but more often the influence is subtle; a media outlet that gains a reputation among journalists for altering stories or trying to taint them to satisfy advertisers has trouble recruiting and retaining high-end writers, and almost always sets itself on a downward quality spiral.

Remember, the shortage of competent writers and editors, especially in tech-oriented fields, is almost as acute as the shortage of competent programmers. This has not always been so, and may not always be so, but right now there is no excuse for a tech media writer to accept conspiracy-level censoring from a publisher.

Now we'll talk about the biggest and most perfidious influence I believe does exist throughout media everywhere, even though it is not a conspiracy per se: denial of access.

Imagine a celebrity besieged by reporters. Imagine that you're the press agent for that celebrity. Your client has one interview time slot open this week. You have a dozen writers begging for that interview, all of whom have audiences of approximately equal size. One of those writers has always been "nice" to your client, six of them have been (in your opinion) fair but not necessarily nice, and five of them have written primarily negative stories about him or her.

Which writer gets the interview?

Twenty years ago there were hardly any celebrities in the computer industry. Even Steve Jobs and Bill Gates were thrilled to speak openly, off the cuff, to reporters from magazines that had only a few thousand or even a few hundred subscribers. Now the people at the top of the computer business tend to be as infected with celeb-itis as movie stars and top-end politicians, and as cautious about interviews as any other group of celebrities. It has gotten to the point where interviews with computer industry honchos are about as informative as Jay Leno's interviews with actors and acresses pushing their upcoming movies.

Worse, in many cases the hardware or software itself is the celebrity in question. A tech-news writer, like a political writer, is under a certain amount of pressure to break news ahead of his or her competitors. Getting pre-release access to new products can make or break careers in this field. And who gets the most "sneak peeks" at new stuff coming out of Redmond or Cupertino or wherever? Writers who are A) generally negative; B) generally fair and unbiased; C) usually full of "Golly! Gee Whiz!" praise for any new piece of hardware or software that falls into their hands?

Pretend, for a moment, that you're a PR person for Apple. You have only 20 demo/review units of the new G21, equipped with GNU/Hurd-based MacOS 40.2 and a 3.6 GHz Intelorola available. Of the 100+ reasonably well-known computer journalists who have requested pre-release units to review, which ones will you choose? If you don't select the Mac-boostingest people in that whole crowd, then you're not a good PR person.

Computer trade journalists know that this is how the game is played. I used Apple as an example, on purpose, because they have the worst reputation among computer journalists for playing the "If you want to see our latest stuff you'd better be nice to us" game. According to posts to some of the private online journalists' e-mail lists I'm on, Microsoft is evenhanded compared to Apple, and other companies vary widely in the level of journalistic favoritism they expect to have shown toward them in return for easy access to their latest products -- and easy interview access to their key people.

But none of this is a conspiracy. It's quite Randian, really, in that a whole lot of individuals are performing in ways they perceive to be in accordance with their own (or corporate) best interests. No one can plausibly argue that computer manufacturers or distributors have any legal obligation to hand out review products in an evenhanded manner. It's a fact of life that Tuxtops or Corel are going to send Slashdot editors their products before they throw demo units at Windows Magazine , just as Microsoft is going to display the exact opposite bias.

I have questioned the whole idea of using free, manufacturer-supplied review units more than once, even those that are short-term loaners instead of "keepers." I believe there's temptation on the corporate side to make sure review units are just a little better-tested than those sold to the general public. But while reviewers who stick to buying products anonymously through normal channels may give slightly more honest reviews than those who rely on company-supplied units, they will never get anything to review before it is released, so an ethically pure reviewer will often be left far behind those who are a little more (shall we say) flexible. This is especially true of magazine writers whose deadlines may be weeks or months before publication date. I have come to accept the incestuous relationship between computer product reviewers and the people who supply those products as a fact of life. I don't necessarily like this way of doing business (even when *I* do it), but I don't think it's part of any grand conspiracy to dupe the public.

Bigger companies also have a tendency to enclose "reviewer guides" with demo products to make sure reporters know all of the product's good points so that they can (hopefully) cover them in their articles. Indeed, you can just about write a credible-looking, if uncritical, "review" from most of these guides without ever actually testing the product yourself. I regard this as the worst thing that can happen, the equivalent of writing a "news" story about a politician directly from his or her press kit. And stories that are nothing but rewritten PR pieces appear every day in all kinds of media, about all kinds of topics. The sad secret of PR-rewriting is that it can be a bonanza for a free-lancer. Take (for example) a press release about a potential new cure for [insert disease here] from researchers at [insert university here]. A hungry freelancer can easily reword the statements in that press release to produce at least three or four stories for different media, ranging from the medical trade press to regional general-interest publications. Even at low-end freelance rates, a rapid typist who does this can crank out $1000 worth of stories in a single morning. Do this six or eight days a month, and you have a nice little income to support you, and still have most of your time free to work on your (inevitable) novel, go sailing or whatever else strikes your fancy. Again, no conspiracy, just individual greed. Editors are supposed to detect and prevent this sort of thing, but they are generally overworked and have "news holes" to fill, so lazy journalism often slips by their eyes -- and not only from freelancers. In-house writers, especially on small and understaffed publications, face the same temptation to cut corners -- and often yield to it.

And now, on to the great (gasp!) Slashdot editorial conspiracy. Real life around here is that this site is run, day to day, by about six people, all of whom are independent to the point of uncontrollability. We share many common biases, and CmdrTaco sets the overall tone of the site, but that's it. One editor might post a story another wouldn't. Jon Katz writes what Jon Katz feels like writing. Hemos is ... Hemos, and also determines which books whould be reviewed, and by whom. Timothy picks stories and SlashBack material on his own, Cliff chooses "Ask Slashdot" material, and Emmett decides what stories he should cover, all by himself. Sure, we kick stuff around and ask each other for advice, and CmdrTaco will sometimes issue general directives about kinds of stories he'd like to see more often and other kinds he'd like to see less often, and these directives get followed to a certain extent, but when you come right down to it the ruling principle around here is "Chaos is Better Than Order."

No human-run organization operates with Borg-like singlemindedness. People are incapable of that kind of groupthink. Not even the old Soviet Union achieved it. This is why I am leery of so many of the conspiracy theories touted here and elsewhere. Face it: once you get behind their public masks, Microsoft, "the mainstream media," the U.S. Department of Justice, and many of our other favorite alleged conspirators are no more organized than Slashdot, and are no more capable than we are of sustaining any kind of secret agenda for any length of time -- at least not without getting caught.

jmozena writes "Disney's failed Toysmart.com has gotten the go-ahead from the Federal Trade Commission to sell its customer database as part of a bankruptcy sale, as long as the buyer agrees to abide by Toysmart's privacy policy. The FTC also found that Toysmart violated the Child Online Privacy & Protection Act (COPPA) of 1998 by collecting information from children under 13 without their parents' consent, and is filing a complaint in federal court to get Toysmart to destroy that information before any sale. This is the first time the FTC has filed a complaint under COPPA. The FTC press release is here."

EasyKill adds: "[here] is a link to the zdnet story about the FTC allowing Toysmart to sell some of their customer database, albeit under limited circumstances. I don't think this is a good thing, but it could be worse."grahamwest also points out this CNNfn story on the decision.

You may also be interested in the story emmett posted when the plan to sell this data first came to light, and the followup hemos posted about the involvement of the FTC. For once, I think I (mostly) agree with the FTC.

jyuter writes "According to this ZDNET article, congress is considering a bill which requires companies to disclose their practices regarding reading employees' e-mails. What puzzles me is this quote from Charles Schumer D-NY, "We would never stand for it if an employer steamed open an employee's mail, read it and put it back. It is the same thing with an employee's e-mail." So it's ok then for employers to steam open employees's mail and give it back to them, provided they tell the employees of this policy beforehand." This would be a very modest proposal indeed - one tiny step for privacy, one giant leap for, well, nothing. Maybe I should be less cynical. Nah.

Jason Prini writes: "Take a look at ZDNET for pics of the new Palm pilots." They talk about the wireless models, as well as the new entry level models to compete more with Visor (which feature 25% smaller screens, but only a $150 price). I find it amusing that they offer changable color face plates (ala those Nokia phones).

So much happened yesterday that this story sorta slipped through the cracks: Is Caldera Buying SCO? I don't know which company I consider less relevant (Don't flame me! I simply don't know anyone who runs either SCO or Caldera! No that isn't an invitation for both of you to e-mail me and complain!) but it is a pretty strange pairing.

Lennie writes: "To my surprise I read here: 'Sun Microsystems is expected to announce this week that it will make StarOffice available as open source. Sun plans to release the suite under the GNU General Public License, which is promoted by the Free Software Foundation and is considered by many to be the purest of the open source licenses.'" Despite its reputation as bloatware, semi-free software and as the tack that Sun sets out for Microsoft, StarOffice is probably the suite that has done the most to allow migration from various MS applications, and free is a nice prelude to Free. If Star Office is GPL'd, it could have great trickle-down effects on AbiWord and other Linux office software.

dilip writes: "An Associated Press story mentions that new TLD's have been given the green light. It also mentions that there is no decision on how they will be doled out, what they will be or how trademarks will be handled. Please note however that ICANN's own website doesn't have any mention of this yet (The story is dated the 16th, which is a Sunday, no doubt that the ICANN site will be updated on the Monday)" [timothy butts in:] John Jorsett points to this ZDNet article which says the domains include .shop, .tel and .news.

David Hume writes: "Following up on a Tucows article asserting Linux Reviews Are Bought Rather Than Earned, ZDNET asserts writers fire off glowing reviews for free software and asks Are Linux Reviews Fixed? Is this a real problem? Are reviewers induced to write good reviews by the implied promise of future free software? If so, what do we do about it? Who do we trust? Do we trust Slashdot? :)" I don't think my family even trusts me. Course the only software I've bought in the last 6 months was Diablo2 (Which I beat thank you ;).

mib writes: "ZDNet has an article about the history of OpenSSH that not only says that telnet sucks (duh!) but that that bad licenses are good for the the open source community because they cause some people to develop unrestricted versions of restricted software." This is a theme that develops more and more often when 'work-alike' apps are being created in order to migrate people from one OS to another.

Spasemunki writes: "ZDNet is carrying a story today on the new partnership between Lloyd's of London and Counterpane to offer 'hacking insurance' to businesses with big, expensive net presence. Is this a good-for-business acknowledgement that even the best security framework has flaws, or companies stepping back from protecting their customers in favor of covering themselves? According to the CTO of Counterpane, e-commerce businesses 'don't have to prevent hacking; they have to manage their risks.' Interesting perspective from a security wonk." Of course, I'd rather have cracker insurance.

Spasemunki writes: "ZDNet is carrying a story today on the new partnership between Lloyd's of London and Counterpane to offer 'hacking insurance' to businesses with big, expensive net presence. Is this a good-for-business acknowledgement that even the best security framework has flaws, or companies stepping back from protecting their customers in favor of covering themselves? According to the CTO of Counterpane, e-commerce businesses 'don't have to prevent hacking; they have to manage their risks.' Interesting perspective from a security wonk." Of course, I'd rather have cracker insurance.

ibjhb writes: "Sprint and WorldCom are itching to launch the IPv6. This will provided us with the 'zillions' of extra addresses not provided by the current IPv4. There's other capabilities, including increased sercurity. ZDNet carries the story ..." Seems like we've been talking about IPv6 for as long as I've been using IPv4.

nodvin asks: "Is there an Open Source alternative to PDF files? In the late 80's and early 90's I was building and distributing documents in a competing format called DigitaPaper by a company called Common Ground. DigitalPaper was a nice format and more cost effective than Adobe Acrobat. Common Ground seems to have lost out to Adobe (marketing muscle can be more important than the capabilities or qualities of competing products) and the company, or at least the product and format, seems to have been acquired by Hummingbird. Hummingbird is no longer providing any support for the product but is still providing the DigitalPaper viewer and there is a free Common Ground Internet Edition. Perhaps Hummingbird could be convinced to Open Source the code to Common Ground as well as the format of DigitalPaper?"

Danborg writes "There's a great article over at ZDNet about annoying web sites that lock surfers inside a web site once they arrive. This practice, started by porno site operators, appears to have gone mainstream. Formerly respectable corporate sites like Home Depot now lock you in, disabling the use of the "Back" button. Fortunately, Top9.Com has generated a list of the offending sites. Is it a legitimate marketing technique? Or a highly annoying example of poor web site design?" I run into this dozens of times a day while reading story submissions. It never ceases to amaze me (but then again, old versions of Slashdot did the same thing, so who am I to judge?)

notacracker asks: "A friend and I are trying to learn about network security. I figure it would be more fun if we set up a two machine local area network, and practiced breaking in and detecting break-ins. But where to start ? It's easy enough to find a cookbook (eg O'Reilly) on security, but where is the equivalent to an O'Reilly book on cracking and actively defending a system? It sounds like someone has been toying with this idea over at ZDNet as well. You might want to check out their free-for-all hackfest on OpenHack.com (thanks to Tarsi for the link).

jedi_jeffrey writes: "Check out the Sony 1.3 Gig High Density CD/CDRW -- They say it can't be copied :-)" Higher-capacity CDs might be nice, but many comments in the attached Talkback forum (like this one) gripe with reason about incompatibility, particularly given Sony's track record with closed-standard storage devices, and the much larger capacity of DVD.

jedi_jeffrey writes: "Check out the Sony 1.3 Gig High Density CD/CDRW -- They say it can't be copied :-)" Higher-capacity CDs might be nice, but many comments in the attached Talkback forum (like this one) gripe with reason about incompatibility, particularly given Sony's track record with closed-standard storage devices, and the much larger capacity of DVD.

FullClip asks: "In the July issue of PC Magazine, Red Hat Professional is compared to Windows NT/2000 on basis of ServerBench, which tests the maximum Transactions Per Second (TPS) for a given number of clients. Red Hat 6.1 (when tweaked) matched the performance of Windows, but showed a terrible decrease in performance at about 24 clients to a weeping 20 % of the level that Windows was able to maintain. Somehow this disturbs me. Doesn't Linux perform better than that bad in client-server environments? If someone can point me to an non-FUD benchmark site, it would be appreciated..." Is this yet another case where benchmarks have been skewed severely to show a deficiency that doesn't exist? Or is this another area where Linux needs improvement? [Updated 6 July 2000 2:15 GMT by timothy] You may want to compare this with the far different results reported by SpecWeb.

Chris Buskirk asks: "I have been working with Macs most of my life. I have since expanded my view to Unix, and Linix. I also do NT for Pain and Profit. I have been a part of the Slashdot community for the past year now, and I have become convinced that open source is the best way to produce software. This week open-source software advocate Eric S. Raymond kicked off the 15th annual MacHack conference. Mac Week is covering the keynote address , and almost all of the responce to the article is negative. Surprisingly this is a departure from the recent mood among the Mac community which has been changing with the advent of OSX. So the question becomes, How do I convince a Mac geek to become an Open Source Mac geek?" I hope that OSX is the spark to ignite the fires of Open Source on the Mac. Or at least bring it the visibility it deserves.

" Most people view Mac users as idiots. There has always been a constant myth that there are no programs for the Mac. However I dispute that claim as I have always been able to get any type of program I have wanted for the Mac, and usually for free. The Mac has always had a large and talented freeware/shareware communtiy, and I would think that this community would be very prone to embrace the open source movement. Once this base of programmers is secured, I would think larger companies would start to follow suit to one degree or another."

Frymaster asks: "Eric S. Raymond gave a *five hour* keynote at this years MacHack. No surprise, he spent most of the time on the open-source soapbox and told the MacHack-ers that "service and support" is where the money is. I've been neck-deep in the Mac community for 10+ years and the most noticable thing about Mac developers is their commitment to making their software easy and obvious. The unspoken theory is that if the user has to look at the manual, the developer has to improve the interface. Even my dad can use a Mac without asking for help... not very good for "support" revenue. This raises the question: Does having a business plan that relies on support for revenue act as a disincentive for implementing ease-of-use features?"

Wister285 writes: "The Federal Trade Commission is going after buy.com, Value America, and Office Depot for running 'misleading' free PC offers. The FTC is claiming that the advertisements don't disclose the true restrictions and costs of the PCs, which can be up to $1000. When will people learn that Big Brother is always watching? Catch the story over at ZDNet." This goes way beyond "monitor not included," too.

Kill Switch writes: "There's this ZDNet article about AMD's announcement that they plan to introduce a 64-bit 'Sledgehammer' chip for the desktop (that's right, DEKSTOP); they also announced that they will be releasing new chips based on the new Mustang core and it looks like there will be way too many versions of this (various desktop, and server versions); and they announced mobile versions of the Duron and Athlon, based on the Mustang core." This could just be crazy enough to work! Updated 11:20GMT by timothy: wwelch contributed a link to a pretty good overview of the current 64-bit field, which of course excludes this just-announced AMD, but which helps put it all in perspective.

Boone^ writes "Yahoo! has an article from ZDNet News that details how Compaq and Dell are shying away from Crusoe notebooks 'for now.' " Basically it says that the performance isn't so hot, and consumers are gonna be burned by the hype of the first generation of Transmeta based laptops. But then again ... the battery life sure ain't a bad thing. Mentions that Hitachi notebooks might be shipping as early as October. Update: 06/28 09:37 by CT : here's some pictures of transmeta laptops.

alannon writes: "Most of this article, posted on MacWeek's site concerns an 'open source sermon' that ESR recently gave to a group of Mac hackers at the annual MacHack convention. Most of his speech was taken with a grain of salt, though he left a gem of an annoucement: He's been invited to join the the U.S. Patent and Trademark Office as a member of its citizen's advisory committee! I'm sure he'll make lots and lots of friends there. "

alannon writes: "Most of this article, posted on MacWeek's site concerns an 'open source sermon' that ESR recently gave to a group of Mac hackers at the annual MacHack convention. Most of his speech was taken with a grain of salt, though he left a gem of an annoucement: He's been invited to join the the U.S. Patent and Trademark Office as a member of its citizen's advisory committee! I'm sure he'll make lots and lots of friends there. "