Slashback: Python, Giveaway, Collection

Slashback tonight with more on poseable Python figures (sorry Guido, the other Python -- your turn will come), Brian K. West (sigh), preserving transient websites for historical purposes, and giving away Free software. Bulk order from CheapBytes, perhaps? GigsVT writes: "From FreeLinuxCD.org: CD reserves getting very low: If you have been thinking about contributing CDs, it is the best time to do so. We are running dangerously low on our reserves. With the best of luck we will only be able to go one more week after which we will have to pause until the next batch of contributions comes in. Please consider giving back to the Linux, Open Source and Free Software communities that has helped you in many ways in the past so that we can keep taking Linux, BSD and other Free Operating Systems to people who will have their lives changed by them."

Let's make this a closed collection, please. gmr2048 writes "In the WashTech section of the Washington Post there is a story about organizations (working with the Library of Congress) trying to catalogue and store web pages from the attacks of Sept 11, 2001. Towards the end of the article is this request for help: "...are developing a cataloguing system to help navigate the terrorist attack archives, and they are seeking the public's help in identifying Web pages that should be included. Their Web site is at www.webarchivist.org.

I thought slashdot'ers could lend a hand. I know I got most of my info the day of the attacks from /."

Hopefully, they will include Robert Liedlein's site. Lieblein writes: "Quick backstory, 4 or 5 years ago I shot footage for an IBM commercial down in the World Trade Center area. It was actually one of my favorite days that I ever spent in New York, just me and a camera. I kept thinking about that day after the tragic event. 5 years in New York city and only once was I right directly in the area that is ground zero, and I happened to have a camera and an objective of the day was to film the people, the energy, the life. A few days ago I finally found an old VHS tape that had about an hour of transfers of the footage. I knew I had that tape somewhere. I wanted to watch just for the reason of being able to go back there, to understand what it was like and what had happened. I realized that I had footage that was refreshing from the devastation we are all viewing and cut it into a 4 1/2 minute video. I hope the memory of the WTC alive and breathing life gives hope to a new day when that energy and vitality can thrive again."

Outliving the presumption of innocence. Keefe writes "I am sure that we all remeber the name Brian K. West. He is 24 year old sales and support employee for an internet service provider in SE Oklahoma. Mr. West alerted a local business to a serious security flaw in their website. The business had him investigated by the Justice Department for helping them fix a website security hole. The online community cried out to help him because of his innocence. It turns out that he actually was intending to modify the newspaper's Web applications -- written in the Perl language -- and modify them and market his own versions."

Patsy! Patsy! Patsy! (It's only a model.) Shere Ermilio wrote to point out that if you're interested in the Monty Python action figures hemos posted about not long ago, this could be your lucky month -- here's the link to Sideshow Toys' Monty Python giveaway for October. Those with spare cash and less hope can buy them the usual way. (And No, I'm not getting any free dolls ;))

Re:government waste

[hetfield]

Isn't that kind of like saying "stealing a Playstation 2 from Toys R Us shouldn't be a misdemeanor. Toys R Us should just sue every shoplifter."

It is just as easy to protect against "real world" theft as it is "virtual" theft. Security cameras, secret shoppers, employee training, and theft tags: the "real world" equivalent of firewalls, IDS, honeypots...

Shoplifting these days is a lot harder than it used to be. Just like with computer security, though, any system can be cracked, real or vitual. Theft is theft, and companies have relied on the law to help when their own systems fail. The same should apply in cases like this.

West didn't "intend" as in pre-meditated, but when the opportunity magically presented itself, he went for it. If you see that the owner of a store accidentally forgot to lock the deadbolt on the front door, does that mean it's ok to go inside a take a few things, hide them, and then call the police? Sure, the owner was a dolt, but that doesn't excuse stealing.

Then again, maybe all that Catholic school education has gotten to me :)

Re:government waste

[dillon_rinker]

True. HOWEVER...in the REAL WORLD, if you steal a dime-store necklace, you're charged with petty theft. If you steal a diamond necklace, you're charged with grand theft. The difference is a misdemeanor and a felony conviction.

In this case, Mr. West got away with a misdemeanor charge, but what if the prosecutor had decided the damages were $50,000? $100,000? What's the value of a PERL script? What's the value of a closed security hole? Dunno...but I can see how easy it would be to twist a small breakin into looking like a large one. This is scary stuff.

pled guilty to lesser charge != guilty

[nels_tomlinson]

West pled guilty to a misdemeanor, rather than risk getting a felony conviction. For poor folks without a lawyer (or without the money to keep the lawyer on the case month after month after month), this is the normal thing to do when one is innocent and wrongly accused of a felony. It is also the normal course of action for crooks who are rightly accused. He pled guilty, but we still haven't a clue whether this is a case of a crooked DA trying to avoid looking bad, or a crooked cracker getting off easy.

The biggest problem here is that we really don't know who to believe. Given the choice between believing a U.S. district attorney and some slightly scummy small-time crook, we really don't know which to take. The U.S. government has a long history of bad behavior. (Think about the secret experiments (also here and here) in the '50s, in which people were exposed to radiation ... the ones for which the government began making restitution recently, when reports began to emerge. Think about J. Edgar Hoover's FBI. Think about the entire Justice Department over the last eight years. Think abou the IRS since its inception.) There just isn't any room to automatically assume that a responsible government employee isn't trying to cover up a mistake at West's expense, just because he can.

The good scenario here is that West is a petty crook who's getting a break because it's his first offence. The bad scenario is that the DA realised that if he dropped this, he'd look like an idiot, so he's threatened a poor innocent guy into pleading guilty to a crime he didn't commit, just to save the DA some embarassment. And it looks as if we'll never be sure.

Re:WTC Life : Pul-leeze !

[fizban]

Do you live in New York? Did you used to walk through the Trade Center every day? Or see it from your office window? Or work on one of it's floors? Do you have any connection to it at all? If you did, you might understand that even "shitty" videography and "sappy" music can really have an impact, especially on those of us who had a close connection with a place that is now totally gone.

Have some respect.

In defense of Brian K. West

[teambpsi]

The government frequently coerces individuals into plea bargains for actual crimes not committed.

I suspect, and we have not hear from Brian in this case since the legalese, but it certainly could have stemmed from a converstation such as:

FEDS: "Did you download the PERL code?"

BKW: "yes, by clicking on the link i was able to view the code and save it to disk as proof of the security hole"

FEDS: "could you have modified that code?"

BKW: "yes, anyone could have?

FEDS: "the plaintiff contends that the PERL code in question is worth at least $5000. Could you have modfied that code and profited from such modfications?"

BKW: "i could have, but my intention was to notify the newspaper and let them know of the security breach"

FEDS: "no further questions"

How easily this crowd is swayed from one side to the other. For once, think about your own actions. The concept of "downloading" and "accessing" a password file and then "logging into unauthorized areas" of a website -- give me a break. "Authorization" is based on who as the password, however it may have been obtained. If you have a hole in your security, fix it. "proper access" is another matter, but even there, it is amorphous. A trusted employee one day can become a "non-trusted" ex-employee the next. There are no "tangible trust tokens" to speak of. Its all a matter of perspective.

Did Brian actually *MODIFY* or DEFACE the site? Does it really matter what his *INTENTIONS* or *CAPABILITIES* were?

In this country our rule of law is based on evidence, not "possible evidence" -- I think about setting off fireworks in the state of Minnesota every Fourth of July -- i have access to "illegal" fireworks over the border in Wisonsin year-round. I have "intention" to set them off -- but I don't actually do it. Am I guilty?

When I contacted the Poteau Daily News after this story broke, they categorically denied that Mr. Burchett contacted the FBI, but rather stated that the hosting ISP had initiated the prosecution, a copy of that letter follows:

My point? If you're going to light the torches and burn someone to the stake, at least make sure you're not a pyromaniac.

-d

Date: Sun, 19 Aug 2001 09:27:26 -0500
From: Poteau Daily News & Sun <pdns@pdns.com>
To: Team BPSI <team@backpack.net>
Subject: Re: Confirmation please

[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]

The Poteau Daily News does not own or manage the web server that is in
question and did not contact any authorities in this case. The sever is
located, owned, and managed by the local ISP.

At the time of this incident there was some propieritary software being used
in conjuction with this site (the software is NOT the property of the Poteau
Daily News). What the story posted by Brian West, does not talk about is
that the propiertary software was downloaded from the server and at the time
of the FBI investigation, it was found in the possesion of Mr. West.

Mr Burchett did not contact any authorities, they were contacted by the
local ISP. And at this time Mr. Burchett is no longer at the Poteau Daily
News, not for any thing concerning this matter.

The Poteau Daily News is not involved in this case at all.

----- Original Message -----
From: "Team BackPack" <team@backpack.net>
To: <pdns@pdns.com>; <publisher@pdns.com>
Sent: Saturday, August 18, 2001 11:03 PM
Subject: Confirmation please

http://www.linuxfreak.org/post.php/08/17/2001/13 4. html

please confirm/comment on the validity of this story

Re:government waste

[Hard_Code]

Yeah, I hate when corporations complain to government that profits have been *STOLEN* from then. When the fsck did profit become a *right*?? Oh no, technology is outmoding your business - run to government and cry. Oh no, every person in America is depriving you of profit - get Congress to call them "criminals". And now we're giving how many millions or billions just to "bail out" airlines?? Just as a gift? (ok, in that case it could be argued that airlines provide a greater public infrastructure good, but it's not like we don't bail all sorts of other things). Corporate profit is now becoming a right in this country, and new laws are being invented (*cough* Anti-Terrorism Act *cough*) to criminalize and harshly penalize any behavior which seems to go against the "American Way". Granted that this guy was probably some freeloading fool, but what's next? If I circumvent television ads am I now depriving corporations of their right to mindshare?