Slashdot Mirror

The October NPD numbers are out, and (now that we know we'll keep getting the information) it's time once again for analysis and reaction from media and businesses alike. GameDaily has a one year later look at the fight that began last holiday season. As for the numbers themselves, with Halo 3 now a known quantity in the market the 360 is down to 366,000 from 527,800 in September. Microsoft is still quite happy with software sales, though. The PS3 only saw 121,000 units sold last month, but early news from November has Sony very excited. And all the while, somehow, the Wii manages to sell even more units. The system is up to 519,000 from 501,000 in September, with the DS slight down to 458,000 from 495,800. As the GameDaily analysis article concludes: "the race for console dominance is still anyone's to win. The 2007 holiday buying season will be crucial to setting all three players' market positions going into next year. Which is all nice to know, of course, but not that important to actually enjoying your system of choice well into the future."

We have another essay from Bennett Haselton for you to peruse. "Last week's coverage of AT&T's newly announced "anti-piracy initiative" mostly downplayed the key part of AT&T's proposal, which is filtering what their end users can access in the first place, not finding pirates or suing them after the fact. Friday's Associated Press article, which was reprinted on many news sites with headlines like "AT&T to Help Hollywood Track Down Internet Pirates" and "AT&T to ID Offshore Web Pirates", actually said only that "the effort is primarily aimed at pirates who set up operations in other countries" -- and since you can't really "aim" at pirates in Russia and China with anything except missiles, the statement suggests not identifying pirates or tracking them down, but pre-emptively blocking people from connecting to their servers. Only the Red Herring nailed it with their article title, "AT&T to Block Pirated Content"." Follow the magical URL to read the rest of Bennett's words on the matter.

I think this is a crucial distinction, because efforts to filter end users' connections (as opposed to making them pay consequences for their actions after the fact) have always been controversial, even when the content is illegal. The Center for Democracy and Technology successfully overturned a Pennsylvania law that required ISPs to block overseas child pornography sites, partly on the grounds that the filtering included many third-party Web sites as collateral damage. I've argued that a similar private-sector initiative called Canada Cleanfeed, where Canadian ISPs attempt to block child pornography Web sites, would do more harm than good. On the other hand, nobody's fighting very hard for the cause of child pornography downloaders who were caught and arrested. Web sites get sued and shut down all the time, but it was bigger news when Canadian ISP Telus blocked the Web site of a Telus labor union for three days. So it's a big deal whether we're talking about "pre-emptive" filtering, or fighting piracy "reactively" by going after violators.

AT&T Senior VP James Cicconi said in e-mail that "discussion about what the technology will or won't do is premature until we can invent it", but most of the hints so far have been that the anti-piracy technology will be "pre-emptive", i.e. filtering users' connections. Cicconi said on a conference panel that AT&T has to spend billions on network maintenance to carry illegal pirated traffic -- which they probably couldn't recoup by suing people, so the only way to prevent that would be to block it. And Cicconi has referred to the technology several times as a "network-based solution" -- but what else could that mean, except filtering?

So let's assume that's what's on the horizon. Interestingly, Cicconi said that AT&T did not plan to block actual Web sites. However, he said in e-mail, "If one could, with a high degree of certainty, spot and isolate illegal traffic from an offshore site, would you not think the copyright holders would have a reasonable argument for a court order to block that traffic (as opposed to the site itself)?" Presumably this could refer to a Web page with an index of links to BitTorrent files -- so they'd be willing to block the BitTorrent links, but not the Web page? But from that point of view, why not just block Web sites too? If an overseas webpage has a list of links to pirated content, and that content is served over http from the same Web server, wouldn't they want to block it?

But I doubt this would stem much piracy in the long run, because connection filtering to fight piracy became more commonplace, then the next generation of p2p file-trading programs would all just have circumvention capabilities built into them, that let you route your connection through a friend at an unfiltered ISP. You're on AT&T, you upload a file to your friend on Verizon which earns you some "credits" with his node in the p2p network, and instead of redeeming those credits to download a file from him, you use his node as a proxy to download a file indirectly from a site in Russia that AT&T is blocking you from accessing. Advanced users can do this already with tools like Virtual Private Networks and Tor, and some tweaks in a p2p program would just bring it within the range of the casual user.

On the other hand, if AT&T starts filtering traffic, it could set a bad precedent that any time a party in a legal proceeding wants a site declared "illegal", they can demand that AT&T (or other ISPs) block the site. It could be a site libeling a person, or a site hosting a decryption tool that breaks some company's poorly-designed code, or pretty much anything that some powerful person wanted to go away. Meanwhile, if an AT&T customer did get accused of downloading pirated content, now they could invoke the "AT&T didn't stop me" defense -- they thought that AT&T was filtering illegal content, and if they could get to it, then that meant it was legal! In both cases the problem comes from someone using the argument that once AT&T started doing any filtering at all, they should have gone further.

So I would watch the situation closely, even if you're not an AT&T user, and don't assume the situation will take care of itself. Cicconi said, "If a company like ours does dumb things and upsets our customers, we will lose them to someone else," which is something I'm skeptical of whenever I hear it used to defend various draconian anti-spam measures, but in this case I think it's even less applicable. When you're talking about spam filters, at least they always bring some benefit to the user (less spam), and the question is whether the free market weighs those benefits properly against the costs (more lost mail). On the other hand, if an ISP filters the user's connection, that brings no benefit to the user, and in a truly efficient market, all customers of such an ISP would just switch to an unfiltered one -- if that doesn't happen, it simply means the market in that case is not efficient. Is your ISP filtering your connection right now? Probably not, but how could you tell if they were? Right now we assume that ISPs don't filter connections because generally it's "just not done" (except when it is). In a few years we might not be so sure.

Frequent Slashdot Contributor Bennett Haselton's latest story is ready for your consumption. He starts "Recently, as an experiment, I wrote from my Hotmail account to ten different hosting companies that were each hosting some of my Web sites, asking for logins to change the domain settings. Even though I never provided any proof that the messages from the Hotmail account were really coming from me (the address they all had on file for me was a different one), half of them replied back and gave me the logins that I needed."

I figured that if I wrote to them saying "I forgot my password, please mail it to me," that would be too obvious. Instead, at the time I had set up shop with these hosting companies, I entered a domain name at the time of creating my account, and asked them to register it on my behalf (long before I had this experiment in mind). Then when I wrote to them recently from my Hotmail address, I sent each of them a message saying: I need to transfer this domain somewhere else, can you give me the login at the registrar where you registered the domain, so I can change the domain settings. Five of the ten companies either (a) gave me the registrar login, (b) transferred the domain to my registrar account on request (even though I never provided any proof that the owner of that registrar account was really me, either), or (c) changed the domain to point to a new IP address that I specified -- all of which, of course, would allow an attacker to take over a site temporarily or even permanently, if it hadn't really been me writing from the Hotmail address.

But slow down before you go off to try this out on Yahoo, eBay or Google hoping to get the same 50% success rate. First, these were all low-budget hosting companies, so the people handling my queries were likely not highly trained professionals who would have developed all the right habits about when to get suspicious. Second, this ruse only worked because the hosting companies registered the domains on my behalf. Most sites that are really worth taking over, are hosted on dedicated servers, and this trick wouldn't work on a dedicated hosting company because they usually don't register domains on behalf of customers; they assume that anybody buying an expensive dedicated server, knows enough to buy the domain and point it at the server that the company gives them.

But even for small-time hosting, a 50% success rate for a trick like this is uncomfortably high. So what can we do about it? Well, every problem has a non-solution that requires changing human nature ("People should just stop buying from spammers and they'd go out of business!") and a non-solution that ignores the economics of the situation ("ISPs should devote more resources to stopping spammers on their own network!"). In this case, the corresponding non-solutions would be (a) "People who work for hosting companies should be less gullible" and (b) "ISPs should hire smarter people, without charging more to their hosting customers".

The solution that doesn't require any cheating, though, is to have procedures in place for anything remotely security-related, and drum into employees' heads that they have to follow those procedures. Here's some good news: Of the five companies that fell for the ruse asking for my registrar login information, when I followed up with them saying "Hey, I forgot my account password, can you mail it to me", only two of them actually sent my password to the Hotmail account. To those two, I replied with some terse words about having a six-inch-thick steel door while leaving the window wide open. But at least it was only two out of ten that fell for that ruse, compared to five out of ten that fell for the registrar trick. The difference is that hosting companies have procedures in place to deal with password resets -- a script that sends the existing password, or sends a reset-password link, only to the customer's e-mail address on file.

Similarly, any hosting company that registers domains on behalf of users, should have procedures in place for transferring the domains to users or letting them change domain settings. In fact, of the five companies that didn't fall for the ruse, most of them said "Go to the customer control panel here and log in" -- it wasn't that their guard went up because I was writing from a Hotmail account, it was that they already had procedures in place for a customer wanting to change domain settings, and what's what the idiot-proof book told them to do. Kevin Mitnick always said that the weakest link in any security chain was people. Sometimes the way for ISPs to tighten security is to make the people in the chain act more like machines.

Until then, there are probably many sites out there that are this easy to "hack", using a method that could charitably be called low-tech. After seeing which hosting companies fell for the trick, I pointed out that they had sent the login information to an unverified address and admonished them to be more careful in the future, but I didn't storm out vowing to take all of my business elsewhere -- after all, if 50% of all low-budget hosting companies out there fall for this, what would be the point?

An anonymous reader writes "News.com is carrying an article on a 'mini-conference' held at Yahoo's HQ this past Wednesday. The get-together put representatives from Google, Microsoft, Yahoo!, and HP together to talk about their experiments with predictive networks. The 'wisdom of the crowds' allows these companies to make use of the collective knowledge their employees hold to answer important questions for the company." From the article: "David Pennock, a principal research scientist at Yahoo Research, said the company has created a currency called a Yootle. It's described as a 'scorekeeping system for favors owed.' Pennock offered as an example a programmer offering to write a piece of code for a few Yootles. Or, when organizing a dinner outing, one employee could use an internal SMS tool to bid 2 Yootles for Italian and 4 Yootles for Mexican. 'If you don't get to go to the restaurant you want to, you get compensation' in Yootles, he said. Related to Yootles is Yahoo Research's experiment with a fantasy prediction market for technology called the Tech Buzz Game. It's a modified version of software licensed from NewsFutures in conjunction with O'Reilly Media and features topics like Atlantic hurricanes and portable media devices. Winners are those who predict how popular a topic will be on Yahoo Search. "

An anonymous reader writes "A teen in Massachusetts has created a device that he hopes will help prevent traffic fatalities among teenagers. The unit plugs into a car and uses GPS to track and report on speeding — but only while the car exceeds a limit set by parents, so as to minimize invasion of the teen's privacy."

SDenmark writes "Ever wondered what happened to UserLinux, and how it's faring now that Ubuntu has stolen the spotlight? Linux Format has an interview with Bruce Perens, founder of UserLinux, the Open Source Initiative and Linux Standard Base. Perens discusses the impact of Ubuntu, how industry bodies are helping open source and why figureheads are important for the Free Software community."

Anonymous Coward writes "PBS has an interesting look at the emerging commercialized P2P networks brought to light by Cringely. With the news of Sky's default bundling of commercial P2P applications in its broadband software, many users seemed to be against the idea of getting nothing from providing Sky with their upstream bandwidth for free. Meanwhile, PeerImpact, seems to be rewarding users for their P2P system through PeerCash, and GridNetworks is building an system called PeerReward."

cphilo wrote to mention an article in the AP about the world of competitive gaming. From the article: "Welcome to the basement lair of the 24-year-old Wendel, the man known and feared by aficionados of multiplayer games across the globe as 'Fatal1ty.' If you deign to think of video games as simply a childish pastime, consider this professional game player. He collects a six-figure salary, has his own brand of gaming merchandise and travels the world to compete - regarded by those in the know as one of the most gifted players of his kind."

hapwned writes "In yet another interesting article from the Escapist, Allen Varney has a piece on the ludicrous amount of money you can make from small, downloadable flash-type games that most Americans play. From the article: 'Which American designer personally made the most money last year from computer games he or she designed? Not the most money for a company, mind you, nor for a studio or licensor, but individual, take-home, taxable income. Was it a famous game god? John Carmack, Will Wright, Sid Meier, Warren Spector? Probably not. It was probably some guy you never heard of who wrote some little shareware game you never heard of. Those "casual games" - the puzzles and Mahjongg tilesets and card games and Breakout clones and match-three Bejeweled-type things - are downloaded, and sell, in numbers some game gods only dream about. Over the lengthy life of a successful casual game, the independent ("indie") designer can make serious, serious money - high six-figures and low sevens. Personally.'"

FleaPlus writes "NASA's Centennial Challenges program has announced its latest prize contest, the Astronaut Glove Challenge. The competition, a collaboration between NASA and the non-profit Volanz Aerospace, will be held in late 2006 and will award $250K to the team which produces the best-performing glove within contest parameters. The basic idea was originally proposed last year on Rand Simberg's Transterrestrial Musings blog to improve on current gloves, which have difficulties with remaining flexible while maintaining constant internal pressure in the vacuum of space. Previously-announced competitions include prizes for superstrong tethers, beaming power, and extracting oxygen from lunar regolith. These prizes are intended to lay the groundwork for larger competitions to further NASA's Vision for Space Exploration, possibly including 'an eight-figure prize for the first privately developed robotic moon lander.'"

gustgr writes "The American Go Association is reporting that Go for the 5x5 board has been solved by the computer program MIGOS, reports the program's creator, Erik Van Der Werk, a professor at the University of Maastricht in Holland. At about a quarter of the full-board version, 5x5 go is miniscule, similar in scale to "solving" 2X2 chess. The fact that a programmer would even consider this a noteworthy challenge is itself a remarkable testament to the game's complexity. Van Der Werk's approach is described in detail in an article at the Netherlands Organization for Scientific Research (NOSR)."

avi33 writes "Wired has an article on the short list of photographers seeking to capture a shot of the analemma - the sun's figure-eight-shaped declination in the sky over the course of a year. Only a handful of people are known to have done this, and of course the obstacles are many: maintaining the equipment and its positioning, the finicky nature of film, the weather, and the photographer's persistence. Is it just me, or is this crying out for digital automation? Mount a cam to a hardpoint, have it snap a shot every x hours, and overlay them? Why I bet some of you could do this with a perl script in an afternoon. There's a shortage of photos from outside the northern hemisphere, so get busy."

Kickassthegreat writes "As reported here by Reuters, broadband usage in the U.S. jumped 42 percent in 2003 as compared to 2002. As more people sign on to high-speed access, how long will it be before we start seeing the cable companies (such as Comcast) start dropping their prices to levels which compete directly with dial-up?"

Thanks to the San Francisco Business Times for its article discussing Electronic Arts' increasing use of product placement in its videogames. The article explains: "In EA's games, basketball players wear Adidas or Nike and run past a McDonald's banner on the court; Old Spice deodorant highlights football college players of the game; a snowboarder swooshes past Honda Motor Co.'s newest vehicle, the Element." It's also pointed out that "a six-figure deal with an advertiser defrays some of the costs of game development, which can run up to $10 million in the industry", but it's claimed: "Video-game makers said they try to take care when incorporating products in games, not wanting to overwhelm game players with product spots."

Joe Clark writes "Nearly a year after an interview with this correspondent highlighted a few problems with Slashdot's HTML, Daniel M. Frommelt and his posse have recoded a prototype of Slashdot that uses valid, semantic HTML and stylesheets. Frommelt projects four-figure bandwidth savings in the candidate redesign, were it adopted, not to mention better appearance in a wide range of browsers and improved accessibility. Next he needs volunteers to retool the Slashdot engine. And yes, he did it all with CmdrTaco's blessing." Slashdot has kept its HTML 3.2 design for a long time ("because it works"), but perhaps this effort will be a catalyst for change...

There are always going to be oddities with any big online service, but this one seems to be persisting. Join the discussion in trying to figure out a pattern. For maybe a week, Google has been returning zero results or "1-1 of about xxx,000" for common searches. One-word searches seem unaffected, but there are certain two-word combinations of common words like candle truck or speaker bracelet. Reversing the order can affect searches too: motorcycle candles vs. candles motorcycle. The strange thing is that usually the 1 or 2 results found are to commerce sites. Read the Search Basics, compare your notes to GoogleWhack's, have fun looking for patterns, but remember that Google always returns slightly different results for different IP numbers.

(Update: 13:56 GMT by J : When I first posted this story it said the problems have been occurring "for several weeks at least" -- but it seems to be more like one week.)

stere0 writes "An article (in German) published on the German IT news site Heise includes two pictures (1, 2) of the "stolen" source code SCO claims to be theirs. Part of the first screenshot has been scrambled, the font has probably just been changed to Symbol; can anybody decipher it? I searched for the code snippets on Google. The code does indeed come from the kernel; the photographs show what seems to be lines 88-102 and 109-123 of /arch/ia64/sn/io/ate_utils.c from the 2.4 kernel tree. " Update: 08/19 16:39 GMT by M : LWN has a nice piece tracing the origins of the disputed code, and showing that SCO is simply lying.

ignipotentis asks: "I have recently been looking into getting a Sony 50" Grand Wega. However, the one thing that deters me is the lack of obvious PC support. I would like to use the TV as a monitor for a living room PC as well as a TV. So I set off to do some investigation. I came across the ATI Component Adapters and then came across the reviews stating their overscan problems. Next I decided to check out the details on DVI (DVI & HDCP) and I've become rather confused. From what I gather, HDTV-DVI is nothing but DVI-D + HDCP. Now, being DVI-D, it can accept a signal from any DVI-I video card as long as a DVI-D male to male cable is used. Where I become confused is in the HDCP protocol. The way I read it, the Host (my computer) in this case, initiates the authenticity check whenever it wants. If it doesn't receive a valid reply, it can stop the stream. However, nothing is stated (that I can see) as to what would happen if no check was ever performed. If the Client (the TV) just continues to display what it receives, then all is good. If it does not, then I guess I'm back to the drawing board looking for other TVs. My question to Slashdot regards that of the protocol. I've emailed info@digital-cp.com only to getan automated response as a reply and I'm hoping that someone a bit more technically savvy than myself can interpret the HDCP protocol better than I have been able to."

drox writes "USA Today reports that protons are ovoid rather than spherical, as most of us learned in school." In related news, thousands of high school science labs have thrown out a bunch of little plastic balls.

John Deere asks: "Just went live with a libertarian web-based discussion site a few days ago and today one of our members posted that our news and political discussion site has been listed as a 'Hate Speech' site by SurfControl ("details) Needless to say, some of our slacker members are now unable to access the site, due to blocks at their places of employment. Now, I don't mind our site being blocked by employers who want to keep their employees working instead of arguing objectivism vs. utilitarianism. It does concern me, however, that it appears to be quite easy to be listed as a 'Hate Speech' site, and not have much recourse. My questions are, has anyone been successful in changing the categorization of their site by one of these filtering services, from negative to neutral or positive? How much pressure was required and how long did it take?" It would be interesting to note how many GOP and Democratic sites are also listed under the same tag at SurfControl. I have a hard time seeing political discourse being listed as hate speech, but maybe this is a case of a single comment or post getting the entire site banned. Has anyone been able to negotiate a change of status with the various filtering services out there? If not, is there any legal way such changes can be forced by some form of arbitration or legal action?