Slashback: Toner, Zimmerman, Languages

A few words from HP on the Linux-based but Linux-unfriendly print server (read gently, and be thankful for small blessings); happy news from the "the NSA secretly controls PGP and its creator" front; more detail on the sordid, awful things that the MPAA used to say about VCRs, and an online Linux magazine for those who like read in 5 languages at once. (phew!)

Sheesh! All the guy ever promised was pretty good security! :) zenith744 writes: " Now available here is PGP v6.5.8, which appearently "...corrects a security-related bug with Additional Decryption Keys (ADKs) that may allow sophisticated attackers to add unauthorized ADK key IDs to the unhashed areas of PGP public keys...". This bug was previously brought to light about a week ago and reported on slashdot. A little more security, a little less stress. A happily balanced equation."

And an unnamed reader points to a story on Network Fusion about Zimmerman's response to the hubbub. Paraphrased: "It was a bug. We're embarrassed about it. Now it's fixed." In an imperfect world, you gotta admit that PGP is one of the bright spots.

It's always "wait a minute," isn't it? Tjisana M. Lewis, Product Manager, Emerging Products World-wide Business Management at Hewlett Packard (and who hopefully doesn't have many middle names to remember) wrote in response to the article on Slashdot recently about HP's new print server which runs Linux internally but does not support LDP client printing: "I've read some of the responses and (understandably) there is much speculation on WHY we did not support LPD client printing in the product's first release." She sent the following response, which strongly hints at better Linux support in the future for this product.

"The JetDirect 4000 Print Appliance can send print jobs to any LPD enabled destination whether such destination is a Linux box, JetDirect print server, or any other vendor's print server. Currently the JetDirect 4000 does not receive LPD print jobs, however in a few months, this [and other features] will be available in a free firmware upgrade.

As a vendor with a Linux based product, HP is extremely committed to supporting the Open Source community. We support developers in the Samba team including Jeremy Allison and Andrew Tridgell by contracting with both VA Linux and Linuxcare to develop features for the print appliance. These features are part of the Samba project and will be available to everyone under the GPL. An example is NT Printing functionality that will enable the use of native NT tools and features such as "point and print." Point and print enables automatic downloading of a print driver to a Windows client when the client adds a printer.

Furthermore, HP, in working with SAMBA, adds testing resources during the development process of the release thereby increasing the final quality of the release."

Care for some salt with your wound, Mr. Valenti? Master of Kode Fu writes: "The New York Times has an article quoting MPAA President Jack Valenti saying this: "[it] is to the American film producer and the American public as the Boston Strangler is to the woman alone." He wasn't talking about DeCSS, Napster, Scour, FreeNet or Gnutella -- he said it in 1982 and he was talking about VCRs. He didn't see that VCRs would eventually become as important an income stream for films as box-office sales. Will the MPAA (and similarly, the RIAA) learn from historical precedent, or is file sharing over the 'Net a completely different case with different circumstances?"

Isn't it funny how the fight to prevent consumer taping went away when the companies involved realized that what VCRs really represented was a whole new way to make money? Hmmm. Extend, project, extrapolate ... I smell money here, too. Don't they?

Contribute to the death of excuses! The excuses not to at least try Free software keep dwindling, and it's nicer than strangling dodo birds. Remember when "But there aren't any books!" was a valid complaint about Linux? How about "I can hire MSCEs and know they have at least some knowledge of the systems they purport to administrate -- but there aren't Linux equivalents!"? That one's gone too, for better or for worse. And now, if your boss (or spouse) grouses that there aren't any free, multilingual Linux journals online, not only do you know their excuse barrel is near empty, but you can point them to ... well, let Atif Ghaffar explain:

"LinuxFocus (LF) is a multilingual magazine about the operating system Linux.

LF is managed and produced by Linux volunteers, fans and developers. There is no subscription necessary to read LF, it is freely available on the web with mirrors all over the world.

Lf is published almost every two months. The master website for Linuxfocus is at http://www.linuxfocus.org

Articles this month include pieces on Rebol, a presentation application for X Window, distro reviews, a book review and more. Get it while it's Free!

You smell money in DeCSS?

[Wakko+Warner]

How, pray tell, can the MPAA make money with DeCSS? At least, with VCRs, the answer was pretty freaking obvious.

- A.P.
--

"One World, one Web, one Program" - Microsoft promotional ad

Re:You smell money in DeCSS?

[djoham]

How, pray tell, can the MPAA make money with DeCSS? At least, with VCRs, the answer was pretty freaking obvious.

Obviously, it wasn't at the time (early 80's)...

How can they make money with DeCSS? Dunno. I'm not a marketdroid. A first guess would be to increase their market penetration for legally purchased DVDs.

Besides, who says it has to be the MPAA making money off of the DeCSS source code? Why couldn't a company create a DVD add-on for the HandSpring or WinCE in the future? How about a selling and supporting DVD playback capability for less than a licence from the DVD-CCA? Hey, maybe there's a market for some T-Shirts with source code on them! The possibilites are endless.

Don't dismiss what corporate -insert country here- can think of to make money when they are forced to actually think about product development rather than sit back and milk an existing monopoly/product line.

David

Re:You smell money in DeCSS?

[toriver]

How, pray tell, can the MPAA make money with DeCSS?

Because the MPAA represents makers of movies, who will benefit because more people will be able to play DVDs and thus have an incentive for buying them. The CSS system limits what systems can be used to play a DVD, the DeCSS code circumvents this so that drivers can be written for platforms the drive vendors don't consider "lucrative" because then they have to pay lots of money to the consortium.

If they really cared about piracy they would go after the factories in China or wherever which spit out bit-for-bit copies of the DVDs, because - and this is what the recent lawsuits don't want you to think about: You don't need, and have never needed DeCSS to copy a DVD. You just need it to descramble the data for viewing. As a side-effect, you can take that stream and save it, but you could do that with any video stream, even if your descrambling driver was licensed from CSS.

Sadly, this goes unreported in the press, and you instead end up with ignorants like John Taschek voicing off after swallowing the "arguments" of the business - even if the MPAA does not benefit from CSS at all.

I don't use PGP

[Omnifarious]

I don't use it, and won't use it. Their liscensing is too restrictive. I'd much rather use the German produced GnuPG. Better liscensing, more standards compliant, and they don't put stupid features like ADK in to satisfy Big Brotherish commercial interests.

Maintain the paranoia!

[Aldis+Ozols]

If, on the other hand, you would prefer to continue to believe that the government secretly controls all security products, read this:

http://cryptome.org/nsa-sabotage.htm

If you *bought* PGP, you're screwed

[Desert+Raven]

Nice of the PGP folks to provide a fix for those using the freeware version of PGP. However, if you were one of the suckers who purchased PGP for commercial use, Network Associates requires that you *purchase* an upgrade to fix the problem. Seems to me that with a major blunder like this, they owe me a fix at no charge.

Nice to see that honesty is rewarded.

International PGP link

[mu_cow]

The link given for PGP says:

MIT distributes PGP only to US citizens located in the United States, or to Canadian citizens located in Canada. This page is for the United States.

So if that doesn't mean you (it is not I) go to the international site. The link given has versions for many platforms.

Think Twice before installing PGP 6.5.8

Date: Mon, 28 Aug 2000 22:29:56 -0400 From: Nemo Newsgroups: alt.privacy.anon-server Subject: Think Twice before installing PGP 6.5.8 If you want to install an updated PGP to fix the ADK issue, you might want to read this message thread over in comp.security.pgp.discuss Apparently, NAI's solution is to hide the problem from the user. The updated PGP won't use a forged ADK, but it also will not show you that a key has a forged ADK; a forged key will appear to be valid with no ADKs at all. Consequently, the "view->ADKs" menu option is no longer useful for detecting keys with forged ADKs. This fix is a Public Relations fix, not a bugfix. The ADK problem is a major design flaw, not a simple bug. It cannot be reliably fixed by what NAI is doing. This update show a fundamental misunderstanding of what the real problem is and makes me question whether NAI really wants to fix this. -- Nemo -:- nemo@redneck.gacracker.org "For those with more memory than 8 Mb - tough luck. I've not got it, why should you." - Linus Torvalds (from the linux kernel source code, circa 1991)

At the same time, excuses are piling up.

[Syllepsis]

Having started with *nix in '96, I remember that there were many excuses not to try open source software. I had a friend tell me, here play with this on a 2nd partition or older machine. It's fun. You can learn UNIX for free.

I got slackware 3.0 (I may be off) and played with the command line for a while, just poking at things. I didn't care that the install was hard...it was fun! I was challenged to learn how computing worked at a deeper level. I was specifically told that I would spend many hours wrestling with things, but it would feel good at the end. I remember thinking...hey cool, this comes with a c compiler by default. Then when I got X running it was fun to tweak, and pop xeyes randomly on other peoples screens (causing a few lost shell accounts).

I think people are reluctant to try OSS today because of the way the community presents it. No one says anymore "hey, install this and see if you can learn *nix". Instead it is "This is faster, more reliable, easier to install, better than windows, and totally free." Obviously, this is quite a hefty claim for a win32er to take (true or not true), and so people will quickly become disillusioned at the first couple signs of trouble, and will not wish to work for a few hours learning how to compile soundcard support into a new kernel, or activate IP-Masquerading with additional modules.

If we said instead, "Hey try this on an old P100, it is fun to play with," we could let the OS try and prove itself. Without the hype, people might get turned on quicker. When I started, there was no concept of replacing windows, it was just another OS to accomplish things on. I only went full *nix in '98 when NT4 ate my partition table, and I went back to win98 this year because I missed the games, and Netscape4.0 does have issues.

Its true that win2000 and linux are closing in on each others turf, and this is going to cause sparks, but the attitude that should be fostered is to know BOTH win2000 and *nix inside and out, and take some pride in being knowledgeable in both spheres. Granted, everyone has a preferred environment, but discussion should focus more on getting things done, not "come to our side."

The more hype escalates, the more win32 users will loathe *nix. (also, win2k hype will make *nixers hate the win32 community, works both ways). People will find excuses, especially with the "conversion" attitude. The community needs to go back to "grab that old 486 from the closet and come play". As easy as setup and install is getting, excuses will go away when win32ers stop feeling threatened.