Slashdot Mirror
Slashback: Cookies, Germans, Art
Buried in the fine print is where you will find Jimmy Hoffa and mitigation. Sarcasmo writes "I'm hoping you'll post this story, since it's partly a correction/update of a previous story on Slashdot. While Senator Edwards' bill, S. 197, does come down on spyware in a very good way, it doesn't as the previous article suggested, "require commercial web sites to ask permission from the user before a cookie can be set or personal information collected." To quote the bill itself:
"(B) The term does not include a text file, or cookie, placed on a person's computer system by an Internet service provider, interactive computer service, or commercial Internet website to return information to the Internet service provider, interactive computer service, commercial Internet website, or third party if the person subsequently uses the Internet service provider or interactive computer service, or accesses the commercial Internet website."Though I did come across this bill introduced to the house by Representative Green of Texas -- and it seems to come down just as hard on cookie use specifically."
Oh, baby, I love your photo-realism -- it's so ... real-seeming. After wryly noting that the last few times it's been featured in this forum it's been while he was on a plane, or in the middle of bug-fixing, or while being boiled alive by cannibals, etc, Paul Nolan says of his Photogenics graphics software:
"Well, it was a long hard slog, but it's finally out, the press release is here.
There's a pretty good chance there will be a local power outage today, on the off chance that would increase my chances ;)"
Nicht wahr, nicht wahr. sconeu writes "According to Wired, a German Defense Ministry official has denied the original report in Der Speigel about the Microsoft ban ... Oh well..."
Suddenly there's a flurry of press activity because someone notices that the second key in Microsoft's Crypto API in Windows NT Service Pack 5 is called "NSAKEY" in the code. Ah ha! The NSA can sign crypto suites. They can use this ability to drop a Trojaned crypto suite into your computers. Or so the conspiracy theory goes.
[...snip...]
I see two possibilities. One, that the backup key is just as Microsoft says, a backup key. It's called "NSAKEY" for some dumb reason, and that's that.
Two, that it is actually an NSA key. If the NSA is going to use Microsoft products for classified traffic, they're going to install their own cryptography. They're not going to want to show it to anyone, not even Microsoft. They are going to want to sign their own modules. So the backup key could also be an NSA internal key, so that they could install strong cryptography on Microsoft products for their own internal use.
So there you have it. A single string called NSAKEY, which Microsoft denies has anything to do with the NSA governmental agency, which just happens to be in a cryptography API. One person sees NSAKEY, it gets reported as "The NSA Key," and then your miniscule powers of comprehension turns that into "The NSA has put a key into every copy of Windows!" (Not so, only in Win NT service pack 5)
Who knows what would happen if someone found the string JEW mixed in amongst the code in some DLL. I guess that would be proof that Gates answers to the Elders of Zion.
From virtually all of the images on the photogenics estore webpage: "Created with The GIMP", so either he uses the gimp for most of his images, or his software has stolen it's file-save code from the gimp.. Neither sounds good...
Wow. What a simple explaination. Who would have guessed that panic and allegations were not needed in this case?
"Doubt your doubts and believe your beliefs." -- Switchfoot, Ode to Chin
See this hilarious article at the onion for guidance on why the world has no need for photogenics.
"Tension is the great integrity" -- R. Buckminster Fuller
My project attempts to evolve these effects using genetic algorithms, but you could use the code without the genetic algorithm. Project page at http://www.cs.brown.edu/people/morgan/evolver/inde x.html.
-m
The name of the magazine is Der Spiegel (not Speigel). It would have been nice if the official's statement would have gotten a bit more space in the Wired article. A name would have been nice, as well. BTW, it was also doubted in the article that the statements reflect the real position of the government towards MS products.
I still don't understand why any closed-source products are used in sensitive areas, be it in Germany or elsewhere. To create a somewhat secure environment, good admins are required anyway. They don't need any funky GUIs, so why not pick one of the free Unices?
Oh and a member of what was once a notorious cracker outfit should be automatically believed when he makes such statements? According to the Article Mueller Maghun is also an occasional adviser to government figures, the CCC is nowadays quite frank about it's motivations and what he said is, while carefully expressed, quite reasonable. It also fits with what the Ministry Defense Official said. His wording is also quite careful: "I can confirm that the Ministry signed a general licensing contract with Microsoft [...] and we intend to continue to use such systems." quite a lot of words to say very little. Also he didn't deny that serious concerns remained. Then he explicitly states that "[...] additional security measures are independent of Microsoft software.". Also Mueller-Maguhn never said anything like it MUST BE TRUE and his arguing isn't along the line they can't prove it to be false, but more along the line of "they choose their wording carefully so as not to hurt international relationships, so you'll have to read between the lines for the true meaning".
Had you read the first article you'd also know that Linux was not considered the alternative, but some OS from a german corporation. Also i don't find it weird that a military organisation can have a consistent policy wich OS to use. They have rules for everything there, to the point at which depth of water you have to start swimming.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
Okay, read the article first. It includes comments from Andy Mueller-Maguhn, a leader of Berlin's Chaos Computer Club and also Europe's representative on the board of the Internet Corporation for Assigned Names and Numbers (ICANN), about the political sensitivities that might be offended by a German move away from Microsoft for all security-sensitive stuff (in other words, the US Government might be offended by "US Software is Insecure" being bandied about by the German government). The article suggests that the original report may, indeed, be accurate.
Beyond that, why announce to the world that your sensitive systems are or are not running any given OS or group of OSen? I mean, "Our sensitive systems will no longer run NT" (if an accurate statement) lets crackers know that (a) NT-only exploits won't work and (b) if they do, the box is uninteresting. Of course, that is assuming the statement is accurate ("Hey, Hans, how about if we disuguise the DoD C&C codes as marketing data and put zem on one of zose NT servers?" "Ah, excellent, Frans. Zee stupid Americans vill never realize.")
After playing all day yesterday with browsers, I've come up with a way to handle cookies that I'm happy with.
Opera 5.02 has a great feature called "throw away new cookies on exit". It will accept all cookies, but when you exit it tosses them. So, you set up cookies for all the sites you want them for (like slashdot), exit opera (it only saves cookies on exit), check them using Opera File Explorer (see below), then start it back up and check off the "throw away new cookies on exit" option under File|Preferences|Security.
Now, doubleclick and everyone else can throw all the cookies at you they want, and they will be erased when you exit Opera. But, you also still have your stored cookies for the sites you want. Works great! No other browser can do this as gracefully. Opera 5 seems very cool (although I've only played with it for a couple days...).
Links:
Opera: http://www.opera.com
Opera File Explorer (you will need this to view your cookies and decide which to keep): http://www.westelcom.com/users/jsegur/
- Twid
- "When you want something with all your heart, the entire universe conspires to give it to you" -Paulo Coelho
Does Junkbuster have an easy interface that allows you to add a site to your allow cookie list briefly? Most sites with a shopping cart won't work if they can't set a cookie.
_____________
I don't want free as in beer. I just want free beer.
I know a lot of linux fans hate the idea of a government running Windows on thier machines. However, if for some reason the software was to fail and seriously screw something up, you guys would be able to sit back and laugh as Bill Gates is being prosecuted for international war crimes.
A rabbit in the hand is worth 4 in the cage
Ban the them, and 'if you like cookie files, turn them on, damnit.'
If you did that, sites would stop using cookies, even for good uses. Why? Because many people don't know how to turn on cookies, and won't bother if told. If the majority of people have cookies disabled, web sites won't use them. So, essentially, having cookies default to off would pretty much eliminate their use for any purpose. I don't like that idea.
You appear to have ignored my suggestion of simply disallowing cookies from any site other than the one you are visiting. It seems to me that that would prevent anyone from developing any sort of useful profile on you. They would have to actually install tracking software on every site you visit, which is not likely to happen.
And how can you call it paranoia when you know what they're used for?
The question is, do I care? Personally, I don't care if some companies know where I go on the net. Ads tailored for me specifically? Hey, all the better! But then, that's just me, and I am not going to try to convince you to agree with that one.
The law in question looks reasonable, but I would worry about it being interpreted too broadly, and thus causing some innocent sites to be sued by crazed zealots. Next, other innocent sites would downgrade themselves by not using cookies, and soon the feture is gone.
------
Cookies are used for both good and evil. They are just a tool. When used for good, they can be extremely convenient, like here on Slashdot. However, if users had to give permission for them to be used, I would expect that many internet sites would stop using them altogether rather than go through the hassle. Meanwhile, the evil people would find some other way to track you, like by IP -- lots of people are going static these days.
Personally, I think browsers should either:
That would eliminate the ads.
If you don't like cookies, turn them off, damnit. Don't make the rest of us suffer for your paranoia. Personally, I like it when I go to Amazon and it immediately gives me a list of new, highly-rated graphics programming books.
------
Think of it like this - if you're developing a package that does a lot of internal data manipulation then displays the result, wouldn't you make an effort to separate the internals from the display? If after doing that you determined that the internal code that made up the bulk of your package was pretty much platform-independent would you consider building frontends for multiple platforms? Finally, when deciding on platforms what would you choose? The dominant desktop OS and the up-and-comer seem like reasonable choices to me.
-- fencepost
fencepost
just a little off
"If you're using Windows NT in a nuclear missile command-and-control center, yes, you should be concerned." - Andrew Fernandes
Giving the term "Blue Screen of Death" a whole new meaning, eh?
People shape laws. Not the other way around.
It was an interesting idea while it lasted, and a very good one for most governments, even if it was a bit overzealous requiring German-only software.
Open Source in the service of national security... *that's* what should be on the line here. Saves development effort, yet ensures that in time of war or other crisis you don't become dependent on someone in another country. I was hoping they were thinking SuSE Linux myself, but oh well...
/Brian
Hey, Ken Thompson did it with Unix, and Unix was Open Source (mostly) in those days.
(Mind you, the full hack never made it out the door (there was a hacked compiler required to do the job), but parts of it did, and rumor has it that it may actually have been used once or twice...)
/Brian
Nothing overzealous about what you're talking about -- that's precisely what I meant.
/Brian
Those effects look great, I wonder how long it will be before they appear in a Microsoft ad.
sig's not here
Yup. Darn. Pass my anti-FUD stick that I planned to beat people with when this was over.
- I don't care if they globalize against free speech. All my best free thoughts are done in my head.
Minor correction: what you are proposing would not eliminate the ads (which is good, since some sites would not survieve without them). Instead it would make it harder to plant so called "web bugs", including those that masquerade as ads.
IIRC, Photogenics was originally a piece of commercial software for the Amiga. And rather good it was too. So good in fact, I started writing a free alternative. And therein lies our problem...
Rep. Green's bill sounds pretty reasonable. Contrary to what Timothy implied, it doesn't affect ordinary persistent cookies, like the one that seems to be storing my /. login overnight, or Amazon's user-profiling "one-click" cookie. It's OK for a web site to collect a user profile for their own use, but a web-site can't pass you a third-party user-profiling cookie unless you opt-in. No hidden Double-Click cookies.
Furthermore, it forbids the web site from selling the user profiles they have gathered unless the the users give permission. It specifically says the rules don't change in a bankruptcy. (You know, the site with a good strong privacy policy that went bankrupt and wanted to auction their customer list.) And, IANAL, but I think the way it's worded, you would have to specifically give them permission (opt-in). Just putting it in the privacy policy link at the side won't do. Good enough?
You self-contradict. Why is abandonware "perfectly fine" if it doesn't come with source code? Abandonware that doesn't come with source code is pretty worthless; at least with commercial closed-source software you have some hope of support.
If all this should have a reason, we would be the last to know.
From what I've seen of Photogenics, I'd love have it. But, I'd like to be able to actually understand what's making the program tick and maybe even mess around with the code a bit. The real problem is that despite all the great minds working on free software (or open source, if you prefer) there isn't a free software distribution model that allows the author to charge for the beer and the user get the free speech.