Slashback: Petdom, Denial, Confusion

Slashback tonight features updates (below) on Aibo hacking (a rare bit of good news on the technical freedom front), some not-great information for excite@home users concerned about the looming darkness, a strange update in the FBI/Magic Lantern story, and more. Only Carnivore operators will know the truth. elem writes "McAfee has now come on the record and has denied contact with the FBI about the 'Magic Lantern' Project.

In an e-mail to Declan McCullagh which has also been posted on his PoliTech mailing list McAfee said the following:

"Dear Sir/Madam:

1. Network Associates/McAfee.com Corporation has not contacted the FBI, nor has the FBI contacted NAI/McAfee.com Corp., regarding Magic Lantern.
2. We do not expect the FBI to contact Network Associates/McAfee.com Corporation regarding Magic Lantern.
3. Network Associates/McAfee.com Corp. is not going to speculate on Magic Lantern as its existence has not even been confirmed by the FBI or any government agency.
4. Network Associates/McAfee.com Corporation does and will continue
   to comply with any and all U.S. laws and legislation.

Regards,
Marisa Lewis
Investor Relations Manager
McAfee.com Corporation
NASDAQ: MCAF
535 Oakmead Parkway
Sunnyvale, CA 94085
408-992-8100 phone
408-720-8450 fax
www.mcafee.com"

In a subsquent post AP reporter Ted Bridis responed by saying: "I stand by my reporting for the AP. This information came from a senior company officer. I won't identify this person in this post because I've been unable to reach this person by phone or e-mail since the flap erupted."

He also noted that McAfee never specificly denied that they might write such allowances (for Magic Lantern) into their software, it just says that they have yet to have been asked to.

Original story on slashdot and Politech with follow ups

McAfee's Response and Ted Bridis' response"

Rethinking is always a good idea. javester writes: "Sony has come to its senses and has struck a deal with AIBOPET, after the fan site was shut down when Sony's lawyers came calling last week of October.

Way to go Sony and AIBOPET!!!! More power to both of you for finding a compromise where everybody wins! Hopefully, other parties having DMCA tussles follow Sony's and AIBOPET's example, and have more constructive discussions instead of legal suits galore."

Penguin cause pollution. x136 writes "I saw this on my local Fox affiliate, but found a link on LinuxWorld. IBM has been fined again for spraypainting their blue "Peace, Love & Linux" logo, this time on the streets of San Francisco. The bill? $120,000. First Chicago, then San Francisco ... Who thought this was a good idea in the first place?"

Well, I thought the giant murals in NYC were great, but the sidewalk idea strikes me as IBM playing Brewster's Millions with the billion dollars they pledged to spend on Linux.

Out of the freezer and into the blizzard ... An Anonymous Coward writes "Comcast has decided to offer a backup plan in case their cable modem's die due to Excite@Home's bankruptcy. Good thought but the backup is NetZero. Gee thanks Comcast. Here is a link to their Service Interruption FAQ. http://www.comcastonline.com/info.htm"

Make it obfuscated, but make it snappy. Rosco P. Coltrane writes "If you haven't submitted your program(s) to the International Obfuscated C Code Contest, now is the time : the deadline is December 1st, 2001, there is only two days left !"

netzero?

[quinto2000]

sheesh, glad i'm not using comcast. I like my DSL...

Re:netzero?

what a useless post. this however is not.

Re:netzero?

[plague3106]

My company has Comcast as a client. It doesn't sound to me like Comcast@home people will be left out in the dark. Comcast plans to take over the management of the network...thats all that excite@home did anyway.

Magic Lantern: Big effing deal.

[Tackhead]

I don't get all the objections to the FBI spyware thingy. Nor do I get the notion that it's somehow as intrusive as even the sneak-and-peek thing they did against that mobster a few months ago.

In the case of Scarfo (the mob guy), the Fedz had to break into the guy's home and h4x0r his b0x3n with a hardware device. Obvious case of the Fedz breaching the mobster's right to be secure in his home and property.

In the case of Magic Lantern, they'll do it from their office. It'll be up to the target to do the st00pid thing and run the executable. I can see an argument that by voluntarily running trojanned code, he gives up his right to security.

That is, it's not the Feds breaking into the guy's home, it's the Feds sending the user an email. If the user doesn't run it, the user remains safe. If the user chooses to run it, he violates his own security *on behalf of* the Feds. This may be the crucial legal distinction that makes this work in court, where the Scarfo keylogger didn't.

(And besides, isn't this what half the /. crowd says when the latest Microsoft worm-du-jour shows up? "Well, they were running Windoze, they shouldn't expect to be secure!" ;-)

Finally, I don't see what the worry is about virus scanners not detecting it.

This is *not* a worm, nor is it a virus. That is, it doesn't try to spread to other computers over a network, nor through infecting files (remember, its goal is to *avoid* changing anything on the target system, to preserve the integrity of the evidence), so there's no risk of collateral damage.

So you have a data collector that doesn't damage data, and doesn't replicate. Since it doesn't replicate, it doesn't leave the infected system. Since it never leaves the infected system, the number of copies of Magic Lantern "in the wild" will always be a small number - likely, "one per suspect".

Since it doesn't exist in the wild, doesn't propagate, and since each instance of it may be unique, there's really no way for a virus scanning company to add its signature to a database, even if they needed or wanted to.

And on that "one copy per suspect" note, because it doesn't need to propagate beyond the infected system, I would guess that it's likely to be an executable tailored to the target machine - which may imply different checksums/signatures, and very probably, different "bait" email messages, tailored to the suspect.

Suppose we decide to use a 'sploit based on Javashit embedded in PDFs. We'd send a PDF of plans for a meth lab to our suspect drug kingpin, and PDFs of the You-Know-Who's "Jihad-HOWTO on CD-ROM" to our suspect terrorists.

OK, so we probably have come up with a totally different infection vector when Adobe calls up and contracts us to perform a hit on m0st-ph33r3d c0pywr1t3 t3rr0r1st Dmitry Sklyarov, but for most dirtbags, it'll work...

Re:Magic Lantern: Big effing deal.

[Matthew+Weigel]

The big deal, really, is that the FBI shouldn't be writing virii. Either they politely ask, 'can we violate your security,' or they politely ask, 'can we break into your home.' "Cloak and dagger" should not be their MO, "implicit permission" is unacceptable.

Re:Magic Lantern: Big effing deal.

[Tackhead]

> The big deal, really, is that the FBI shouldn't be writing virii. Either they politely ask, 'can we violate your security,' or they politely ask, 'can we break into your home.' "Cloak and dagger" should not be their MO, "implicit permission" is unacceptable.

"Hello! We send you this file in order to have your PGP passphrase!".

C'mon, what could be more polite than that? ;-)

Re:Magic Lantern: Big effing deal.

[imrdkl]

but for most dirtbags, it'll work...

Yea, maybe. But as I understand it, it's a key harvester, too. Discretionary deployment for court approved surveillance is one thing, but arbitrary PGP key harvesting, and keyboard logs mailed to the feds... well, that might get me upset.

In any case, the first bad guy who spots it using tripwire or some other checksumming tool with half a brain will publish it immedietly. It's just not a good time for keystone cops right now. Not when were delivering justice across the world.

Re:Magic Lantern: Big effing deal.

[AgTiger]

> In the case of Magic Lantern, they'll do it from their office.
> It'll be up to the target to do the st00pid thing and run the executable.

Or... perhaps it's just delivered to his machine as an application or operating system upgrade. All it takes is a verified IP in the right upgrade engine, and a 'different' upgrade is sent than most get, or perhaps even see.

You usually even click to agree to allow the upgrade to happen, thus, consent. Admittedly, not very informed consent, but... consent none the less.

Re:Magic Lantern: Big effing deal.

[Silver222]

Of course "implicit permission" is enough. After all, we are fighting terroists here. They use the internet to communicate. Those filthy bastards are even using porno to communicate, and we can't see it! Every red blooded American should be proud of the FBI.

There, I've just taken care of the stupid argument. Can everyone else please refrain from saying, "If you've got nothing to hide, what are you worried about?" This system will be abused by the FBI. It's just a matter of time.

Re:Magic Lantern: Big effing deal.

[Tackhead]

> Or... perhaps it's just delivered to his machine as an application or operating system upgrade. All it takes is a verified IP in the right upgrade engine, and a 'different' upgrade is sent than most get, or perhaps even see.
> You usually even click to agree to allow the upgrade to happen, thus, consent. Admittedly, not very informed consent, but... consent none the less.

Moral of the story. Read that EULA carefully. *evil grin*

Actually, infiltrating an ISP or Micros~1 Windows Update and having them deliver ML to certain IP address ranges upon the presence/absence of certain GUIDs, MAC addresses, WinXP registration data, or other methods of identification, would be a seriously cool hack, almost on a par with the Hughes "GAMEOVER" hack against satellite card h4x0rz.

(Remember, even if you disapprove of ML, you don't have to like a technique to admire it ;-)

Wild-ass speculation: The FBI has no such warez yet, but issued a press release to the effect that they did, in order to get ideas from d00dz like us on what sorts of things would, or wouldn't work. If that's the case (and I suppose we'll know in 50 years when it's all declassified), I'd also have to add "social engineering hack par excellence" to whatever technical solution they devise.

Re:Magic Lantern: Big effing deal.

[clockwork18]

I disagree. The user doesn't necessarily have to run the executable. Many modern virii, such as Nimda, can be run as an embedded script in a html document. Anybody running IE on a Microsoft platform (many, many, MANY people) is vulnerable, and it is quite undetectable. Also, since the FBI has virtually unlimited money and human-resources, it is not unfeasible that they will write a virus that will be significantly more difficult to detect. This is why people should be worried.

Re:Magic Lantern: Big effing deal.

It's not a big deal becuase the smart response to detecting it, or anything like it from the feds would be to take their code, incorporate into a virus, and release it so that the anti-virus corps would be forced to release updates that detect it.

Re:Magic Lantern: Big effing deal.

[cpt+kangarooski]

I thought that it was actually rather more like the Unix backdoor password hack of yore. There's some info about it on the Jargon File.

Re:Magic Lantern: Big effing deal.

[plague3106]

I can see an argument that by voluntarily running trojanned code, he gives up his right to security.


Hey, i've got a cool screen saver you should see. I'll email it to you.

Yes its stupid to run software you get in your email, but saying thats stupidity equals giving up a right? WTF? Thats some pretty odd logic. I just don't buy it.

And i also have a problem with law enforcement breaking laws (or even have exemptions written for them). There's something really screwy with that idea as well. Police are meant to enforce the law, but not be above it.

Re:Magic Lantern: Big effing deal.

[Kwil]

That is, it's not the Feds breaking into the guy's home, it's the Feds sending the user an email. If the user doesn't run it, the user remains safe. If the user chooses to run it, he violates his own security *on behalf of* the Feds. This may be the crucial legal distinction that makes this work in court, where the Scarfo keylogger didn't.

Serious problems with this. If I send you a gift, such as a doll, and you choose to keep the doll, is it YOUR fault the doll has a camera in it and I can now spy on your bedroom?

Re:Magic Lantern: Big effing deal.

[dollargonzo]

finally someone pointed out it is NOT a virus. plus, the fbi needs to do what it needs to do; programs of this kind have existed for a very long time, but only now have they come up with some generalized form: however, it is STILL individualized as mentioned in the parent to this post. SHOULD the fbi be writing this stuff? SURE! if its the only way that they can catch some criminal, or whatever, im willing to sacrifice my security( although in this case there is nothing to sacrifice... )

there is a fine line between privacy rights and good government tracking. the problem arises when a criminal goes into hiding, and the only way to reach him is to compromise his privacy, and sometimes inadvertantly compromising someone else's privacy too. again, this program is NOT meant to spread: it is meant to gather info. the gov't has been gathering info for a LONG time!!...

i mean, would yuo all rather have to register every object yuo own or rent: like in europe: if i rent a house, i need to register; do yuo want the law to be that not carrying an ID is a criminal offense. i think americans are spoiled on privacy, because we dont know the practical limits of what we want. the fbi is NOT trying to tighten up, it is ust trying to get by with its duties and not break any rules...

QED

Re:Magic Lantern: Big effing deal.

[plague3106]

Um, i don't think that consent thing flies. Both sides have to uphold the contract.

Re:Magic Lantern: Big effing deal.

http://cgi.fark.com/cgi/fark/comments.pl?IDLink=76 780

Re:Magic Lantern: Big effing deal.

Didn't I play you in SSX Tricky?

Re:Magic Lantern: Big effing deal.

[dougmc]

In any case, the first bad guy who spots it using tripwire or some other checksumming tool with half a brain will publish it immedietly. It's just not a good time for keystone cops right now. Not when were delivering justice across the world.

Hopefully those smart enough to use something like Tripwire will also be smart enough not to run random .exe's sent to them :)

In fact, I'd hope that most people smart enough to actually use encryption are also smart enough not to run random .exe's sent to them. The only way the FBI could actually make this work more than a tiny percentage of the time would be to have the various popular mail readers know FBI sent emails when it receives them and to run the .exe automatically.

Either that, or they'd have some secret way of tricking mailers to run it -- some new bug would do, at least until it's fixed.

Re:Magic Lantern: Big effing deal.

when a gov turns on the very people who support it...

who falls? it may be 5 it may be 10 it may be 30. I just hope my children are not here to reap the actions of our misguided fbi cia nsa lsd ...

Re:Magic Lantern: Big effing deal.

[Glytch]

Computers are only compared to homes when it's beneficial for someone who is powerful.

Re:Magic Lantern: Big effing deal.

[Baldrson]

You know, for a federal agent, you're not very good at feigning r0dentia. Then, again, neither am I so, I guess, I can sympathize.

Re:Magic Lantern: Big effing deal.

This is a big deal. Publish the code and expect to be charged with some kind of wack law like interfering with an investigation or obstructing justice. The same could be said for Macafee. Say the FBI sends them the code and says, this is what we use to enforce the law, don't include it in your signatures. I think they would have to comply or be guilty of some form of obstructing justice. Be scared.

Re:Magic Lantern: Big effing deal.

[jcoy42]

It'll be up to the target to do the st00pid thing and run the executable. I can see an argument that by voluntarily running trojanned code, he gives up his right to security.

Where did you get this idea? Have you ever heard of a exploiting buffer overflows in daemons/services? stack smashing?

I would think that after the recent code red episode it would be fairly obvious that a user doesn't have to do anything to have thier system compromised.

According to the original story at http://www.msnbc.com/news/660096.asp

The FBI is developing software capable of inserting a computer virus onto a suspect's machine

I see nothing there about the target having to run the executable.

Or was this just flamebait?

Re:Magic Lantern: Big effing deal.

[Kymermosst]

Yeah, and there aren't many copies of netbus or back orifice in the wild, either.

Seriously, wait until someone gets a copy, disassembles it, and modifies it to suit them, instead.

Re:Magic Lantern: Big effing deal.

I don't get all the objections to the FBI spyware thingy. Nor do I get the notion that it's somehow as intrusive as even the sneak-and-peek thing they did against that mobster a few months ago.

In the case of Magic Lantern, they'll do it from their office.

How is looking at anyone's files from a remote location not intrusive?

It'll be up to the target to do the st00pid thing and run the executable. I can see an argument that by voluntarily running trojanned code, he gives up his right to security.

The "voluntarily running trojanned code" agument is anti-privacy: If one has a home security system, does that individual give up the right to their passcode if the FBI hardwires a passcode capture device to the keypad? Would the argument then be, "by voluntarily typing the passcode into a compromised box, the suspect gave up the right to privacy in his household..." Would the FBI then say, "Well, he typed in the code voluntarily, so he, in effect invited us into the house."

That is, it's not the Feds breaking into the guy's home, it's the Feds sending the user an email. If the user doesn't run it, the user remains safe. If the user chooses to run it, he violates his own security *on behalf of* the Feds.

Although individuals should take steps to guard their privacy, is it not the protection of individual privacy that is the primary responsibility of the US government? When the FBI violates privacy without a warrant, for any reason, is the FBI not as dangerous as any criminal?

(And besides, isn't this what half the /. crowd says when the latest Microsoft worm-du-jour shows up? "Well, they were running Windoze, they shouldn't expect to be secure!" ;-)

Good point.

This is *not* a worm, nor is it a virus. That is, it doesn't try to spread to other computers over a network, nor through infecting files (remember, its goal is to *avoid* changing anything on the target system, to preserve the integrity of the evidence), so there's no risk of collateral damage.

Good point and bad point. MagicLantern may not be a virus or a worm, and it may not be intrusive, but intrusiveness of searches is not and has never been the issue. The issue is privacy. Period.

So you have a data collector that doesn't damage data, and doesn't replicate. Since it doesn't replicate, it doesn't leave the infected system. Since it never leaves the infected system, the number of copies of Magic Lantern "in the wild" will always be a small number - likely, "one per suspect".

The number of copies "in the wild" should be "zero per suspect".

Since it doesn't exist in the wild, doesn't propagate, and since each instance of it may be unique, there's really no way for a virus scanning company to add its signature to a database, even if they needed or wanted to.

Good point.

Finally, "dirtbags" or whatever you may call them are supposed to be guaranteed constitutional protections, as well. I would rather have a few criminals go free than live in a world where the terrorist was government. I do not have a big brother, and I do not intend to obtain one...

Re:Magic Lantern: Big effing deal.

[RockyJSquirel]

I don't get all the objections to the FBI spyware thingy.

Consider this. If the virus/trojan scanner software refuses to report a certain password logger because it might be used by the FBI, then that logger is basically undetectable. An undetectable logger would be a terrible weapon in hands of criminals or terrorists.

But we don't have to worry about it falling into the hands of criminals or terrorists because the FBI only plans to send it to criminals and terrorists. Uhm, er there's no problem there right?

People at the FBI and the scanner companies aren't thinking this through.

Rocky J. Squirrel

Re:Magic Lantern: Big effing deal.

[elem]

Surely your semi-inteligent mobster is going to have some computer people as a part of his staff... well if so and if they are running a proper fire-wall on their computer they will surely notice a strange port open and sending data and will surely packet-sniff it and realise that the feds are catching their key presses... woopss.. feds fail.

Re:Magic Lantern: Big effing deal.

[budgenator]

I guess the big deal is what is an agent, The guy from the FBI with a badge, sworn to uphold the laws ... protect and defend the constitution of the US is definatly an agent, when he kicks in my door its a big deal. Its big for me and its big for him. There are real people that are accountable, can testify in court and describe their actions and motivations.

Is an agent limited to a physical person acting in behalf of the FBI, or does it include a software entity acting in the behalf of the FBI also an agent? With Magic Latern there is no warm body to cross examine in court, ML isn't going to be able to testify if it was me or my spouse it'll just suck up some keystrokes when PGP is fired up. And speaking of spouses, I personaly consider the confidence between Me and my computer to be the same as the confidence between me and my spouse, clergy, accountant, and legal consellor.

I can tell just by your comment that you're guilty of to much thinking Inside the box your punishment is to watch The Matrix three times and actualy think about where Magic Lantern might take us 100 or a 1000 years from now.

Re:Magic Lantern: Big effing deal.

[Zero__Kelvin]

"In the case of Magic Lantern, they'll do it from their office. It'll be up to the target to do the st00pid thing and run the executable. I can see an argument that by voluntarily running trojanned code, he gives up his right to security. "

You state earlier in the post that you don't see. I'm glad you understand that much. Now, by logical inference, I don't see why people think Osama bin Laden did anything wrong. After all, he just had his people enter the plane and hijacked them. I mean, we were the ones stupid enough to have the lapse security that allowed it, right?

Furthermore, do you think the government should cease prosecuting people who distribute trojan horses? What about rapists who enter unlocked dwellings to have their way with innocent woman? Aren't we all just asking for it?

"This is *not* a worm, nor is it a virus. That is, it doesn't try to spread to other computers over a network, nor through infecting files (remember, its goal is to *avoid* changing anything on the target system, to preserve the integrity of the evidence), so there's no risk of collateral damage."

Nope. It's a trojan horse, and the collateral damage done is to the US constitution. They clearly do want to change something on the target system, or else how would the program exist on it. The very act of installing the software changes the target system, and who is to say it won't also act as an agent for evidence planting? All of your arguments assume that the government is a benevolent system always out for the good of the people. This is a very dangerous minset in which to be. It is a danger not just to yourself, but to US all!

Re:Magic Lantern: Big effing deal.

I don't live in the United States. A foreign government has no right to install software on my pc. I do not wish the american government to have any access to my pc.

That's the big deal.

Now I'll have to stop buying american software, or perhaps I might sue my favourite ant-virus vendor for fraud.

Re:Magic Lantern: Big effing deal.

Huh? What are you? Some kind of effing nut?

Re:Magic Lantern: Big effing deal.

[Deadplant]

" I don't get all the objections to the FBI spyware thingy."

I would guess that you are an american right? that's fine, but what about all us foreigners? You think the FBI/CIA give a rats ass about my rights? hell no. You think the CIA would pass-up the chance to use magic lantern for foreign spying?

Once there's a trojan that isn't detected by virus scanners you can bet it'll be put to use, and there are no US laws to stop the fbi/cia installing this keylogger on systems all over the world and doing whatever the hell they want with the info they steal.

Have you ever heard of Echelon? it's not a conspiracy theory, it's a fact. I don't see how they could pass up using magic lantern for the same sort of things.

Re:Magic Lantern: Big effing deal.

[Nullsmack]

This is *not* a worm, nor is it a virus. That is, it doesn't try to spread to other computers over a network, nor through infecting files (remember, its goal is to *avoid* changing anything on the target system, to preserve the integrity of the evidence), so there's no risk of collateral damage.

Ahh, that's where you're wrong. This is virii. Common knowledge defines ANY trojan horses as virii.

On top of that, how do we know that Microsoft hasn't been leaving intentional backdoors in their OS code of late.. for FED use, of course.

I will leave my own interests out of the discussion. I don't doubt someone will come up with their own 'virus scanner'. Though, the elusive nature of this might make that hard.

Re:Magic Lantern: Big effing deal.

I'm not even going to read your entire post. The very first sentance shows that you should wait until you're older before trying to understand this kind of thing. Until then, keep reading.

Re:Magic Lantern: Big effing deal.

[bobKali]

So I'm just wondering, will Magic Lantern display the traditional FBI copyright warning prior to logging your keystrokes?

Re:Magic Lantern: Big effing deal.

[Tackhead]

> Have you ever heard of Echelon? it's not a conspiracy theory, it's a fact. I don't see how they could pass up using magic lantern for the same sort of things.

You just made some spook's day -- somewhere at NSA headquarters, there's a guy cutting-and-pasting that and mailing it to his friends on an NSA-internal humor mailing list.

And if that didn't elicit a guffaw or two, maybe this will:

NSA geeks have probably already used Echelon to obtain 0-day copies of Magic Lantern, insert the string "seineew era sreenigne i3f" into the executable, and shoved it back onto FBI's network, all without the feebz ever knowing they've been 0wned.

(Score: +1, FunNO CARRIER)

Re:Magic Lantern: Big effing deal.

the definition of a virus requires self-replication for computer programs. If there is no replication, it is not a virus.

Re:Magic Lantern: Big effing deal.

[mr100percent]

"Finally, I don't see what the worry is about virus scanners not detecting it."

Well, I paid good money for the program that will find ALL viruses, not just ones that they feel are bad. I still think search warrants are a better idea that the Framers wanted.

Also. "Quisos ipsos custiodes" == "Who will guard the guards?"
What's to stop an FBI agent from tapping his divorced wife's computer? Will this lead to a Watergate 2.0?

Who will oversight the FBI?

I don't care if he's a mobster, he gets a FAIR trial.

Re:Magic Lantern: Big effing deal.

[benb]

> After all, we are fighting terroists here

Suuure.

Apart from that you are wrong (terrorism is by far not the only offence qualifiying for bugging):
If all breaks, we just declare everybody being terrorists. After all, computer criminals are declared (in the U.S.) terrorists already, since sometime after Sept 11. I wonder, if they'd have the nerve to call me a terrorist for getting around some JavaScript of a webpage. I guess so, if they think they have to.

Are you all brainwashed now?

Comcast should know better.

[thesolo]

Although I recently posted about the fact that Comcast has been ready for the switch for some time now, they of all people should know better than to try to force their users onto NetZero.

The worst part of the whole deal is that you STILL only have 10 free hours of usage, despite NetZero being their backup. You would think that Comcast would at least have struck a deal so you would get more than 10 hours of time. If their network goes down, I doubt it will be back up in 10 hours. They have had individual outages that lasted longer. On top of that, many @Home users don't have standard modems in their computer--why should they? They never needed them with their nifty cable service!

I'm still hoping that Comcast will be up and running tomorrow (they have been trying to run the show on their own for some time), but who knows? At this point, I'll just hope for the best. If I'm posting tomorrow, all is well in Comcast Cable Land. :)

Re:Comcast should know better.

[IRNI]

Netzero is Windows Only. Thats the part that really bugs me.

Re:Comcast should know better.

[nEoN+nOoDlE]

well, so it comcast, supposedly

Re:Comcast should know better.

[foobar104]

Netzero is Windows Only. Thats the part that really bugs me.

It's much worse than you think.

The free service offers ten hours per month, which should be sufficient to get you through any short-term outages. This service does not currently support MAC, Windows 2000 or XP.

Not only do they not support other operating systems, they don't even support all the different varieties of Windows. Hmmph.

"We're cross-platform! NT and '95!"

(This from the FAQ.)

$120,000 ??

[Axe]

That's probably cheaper then they paid to the consultants who came up with this graffity idea. Plus all the free publicity of being in the news: now all the country saw this graffity in prime time. I am afraid this is clever enough that we see this marketing done again and again. Not that I like it..

Re:$120,000 ??

[joe52]

Not to mention the communities that didn't chase them for money. I can still see traces of that graffiti on the steps to the subway station by my apartment here in Cambridge, MA. As far as I know local authorities never did anything about IBM's graffiti here, but most of it was done on MBTA property, and IBM had tons of paid billboards up in the subways at that point. Not sure if that helped them or if people here just didn't care.

-Joe

Re:$120,000 ??

[captin+nod]

Just recently, m$ got fined A$300 per X-Box logo they sprayed on the streets of various Australian state capitals.

Full story here.

Its a 'cheap' marketing technique thats turning out to be qute expensive :) hehe :)

Re:$120,000 ??

[Axe]

$300 per logo is probably a fraction of the cost for this compain..

What will it cost you to get your logo in all the prime time news? Hundreds $K's to start with?

Re:$120,000 ??

[captin+nod]

Here in aus, m$ is in bed with the govt.; only bad things can happen, and they get away with a lot. Example:

CSIRO, the govt. research organisation, a critical and important group as far as R&D is concerned, is migrating its email systems so that ALL users have to use M$ Outlook.

The result has meant that everyone who has switched over to Outlook shares an addressbook which lists EVERYONE in the organisation (1000's of people).

This means that when the latest worm does the rounds, havoc ensues, as it gets mailed out to 1000's of people at a time.

I'm scared. R u?

Re:$120,000 ??

[Computer+suck!]

quick, go out and spary more of 'em....

Hmm, wonder how many you would have to spary to bankrupt MS? ;)

Re:$120,000 ??

No, I M not... I'm in another Aus company with numerous addressbooks all with similar numbers of folk, and pretty much all systems using M$ windows and Outlook.

We do pretty well virus (etc) wise - thanks to having protection programs installed on the network/machines and a well-administered network (not that the computer helpdesk folk are very good, but that's another matter). It's not hard. Our only real problem is that it seems the American branches of the company didn't think of doing the same thing, and we sometimes get a little fallout from their incompetence.

Really it's up to the government what software they want to use in their own facilities. Should they not have good computer staff, that's their own problem when things go kaput. And if a worm slips past M$, it's up to the staff and M$'s support to stop it ASAP.

Re:$120,000 ??

Hey - that's nothing. Wait until the Global Address Book replication bug hits. My company, including 100k+ users, ground to a halt for a week. Can you survive your government shutting down for a week?

OK, I take that back - the Microsoft Exchange parts of the company shut down. Those of us still on Unix mail were unaffected. Unfortunately, that's no longer me... :(

Re:$120,000 ??

[Lemmy+Caution]

That's the trouble with fines as punishment. They punish the poor inordinately, and the rich almost not at all.

Re:$120,000 ??

[TinWeasle]

I guess I'm kind of shocked that whatever agency (Olgivy, I think??) IBM used to do this didn't cover it by using bio-degradable dyes instead of toxic paints. That and a wink and nudge (and campaign contribution or two) from Big Blue to SF comissioners could have made it all a non-issue. I know that it isn't terribly tough to figure out that San Fran's gotta have some stringent eco-laws.

Re:$120,000 ??

[superflex]

The result has meant that everyone who has switched over to Outlook shares an addressbook which lists EVERYONE in the organisation (1000's of people).

This is not at all uncommon. In one of my previous co-op placements, I worked for an Ontario provincial government ministry. The entire provincial government here runs on Outlook/Exchange. Everybody uses the master provincial gov. address book, with 20,000+ users listed. I was working there when LoveBug.vbs was making the rounds. Our email was down for 2 1/2 days. I'm not joking.

Right now I'm on another co-op workterm, and our email is on Lotus Notes. Distributed over four different address books I currently have access to over 197,000 internal email addresses. How about them apples? Even if we assume that 40-50% of those are inactive/invalid address which haven't been removed for some reason, that's still over 100,000 email addresses. Any spammers out there want some fresh meat?

Re:$120,000 ??

And again and again...

Keep in mind this is not the first time San Francisco was hit. At the 2001 Java One conference earlier this year, I saw the remnants of IBM's first spraypaint spree. I don't get why everyone seems to think that this is something new...

Rogers@Home,

[kawaichan]

@hell has done it again, they are trying to convert their emails from @home.com to @rogers.com. but for TONS of people, the new address just won't work. For example, we used to have "mail" as our pop3 and smtp address. now they change it to "pop" and "smtp" but it won't even freaking ping.

Now there is a TV show on Rogers' channel everyday to help people to trasnfer their EMails. Almost everyone are compalining about the same error (won't connect to mail server) but the "technican" keeps insisting that it's their fault when it was clearly not the case.

Re:Rogers@Home,

[theJavaMan]

relax, I did it and you can:

set your ip configuration to DHCP
if you have a Firewall or a router ( I luv linksys)
use your domain to use the pop and smtp:
ex: pop.ktchnr.phub.net.cable.rogers.com
that's for kitchener ON
figure out your own

Re:Rogers@Home,

[thesolo]

For example, we used to have "mail" as our pop3 and smtp address. now they change it to "pop" and "smtp" but it won't even freaking ping.

"Mail" is just the WINS alias for the actual server. They use it for simplicity's sake. After all, its easier for a customer to type in "mail" than mail.area.state.home.com, which is the nomenclature down here.
Go to a command prompt, and do a ping of it, and it will resolve to the actual server. A lot of times, entering in the actual server address works when WINS doesn't.

Re:Rogers@Home,

[Karl+Cocknozzle]

For example, we used to have "mail" as our pop3 and smtp address. now they change it to "pop" and "smtp" but it won't even freaking ping.

What I did here was find the mail-server name that my messages come through and point directly to that IP. This is how I got around losing email during the hundreds of @Home DNS failures I've sufferred through since installing the service here.

Re:Rogers@Home,

Your new domain seems to be pop/smtp.xxxx.phub.net.cable.rogers.com, where xxxx is the same as your old domain's value in that spot except it is missing the last number. e.g. my old domain was mail.mtwh1.on.wave.home.com and my new ones are pop or smtp.mtwh.phub.net.cable.rogers.com.

Who is the real author of Magic Lantern?

[Ryu2]

Usually, the US government itself doesn't produce its tools, it uses commercial subcontractors to design/make them. For example, the Air Force itself doesn't build its own fighter jets, Boeing or some other company does.

IIRC, FBI's Carnivore is just commerical off the shelf packet sniffer (forgot the company), modified at the request of the FBI to look at SMTP, etc traffic.

So, does anyknow know which company or individual is the author of the Magic Latern program under such a government contract? Or did the FBI itself write it?

Re:Who is the real author of Magic Lantern?

[HorsePunchKid]

Despite much reporting, the FBI has yet to actual confirm that Magic Lantern exists. Good luck finding out who the contractor is when they won't even 'fess up :(. Still it's possible to find a lot of information about the FBI's IT policies. There's an FBI congressional statement (in the context of Y2k) and a Presidential Directive that gives some starting points. Some quotes:

Information Sharing and Analysis Centers (ISACs) are encouraged to be
set up by the private sector in cooperation with the Federal
government and modeled on the Centers for Disease Control and
Prevention;

A National Infrastructure Assurance Council drawn from private sector
leaders and state/local officials to provide guidance to the policy
formulation of a National Plan;

The Critical Infrastructure Assurance Office will provide support to
the National Coordinator's work with government agencies and the
private sector in developing a national plan. The office will also
help coordinate a national education and awareness program, and
legislative and public affairs.

Re:Who is the real author of Magic Lantern?

[EccentricAnomaly]

I don't know who wrote it, but I found the source -- it's an old winner of the obfuscated C code contest.

Re:Who is the real author of Magic Lantern?

[eggz128]

So, does anyknow know which company or individual is the author of the Magic Latern program under such a government contract?

*Shrug*, anyone asked Cult of the Dead Cow if they've had a nice cheque recently?

Re:Who is the real author of Magic Lantern?

[number11]

According to Declan McCullagh's Politech mailing list, Magic Lantern was produced by Codex Data Systems.

Re:Who is the real author of Magic Lantern?

[WasterDave]

Probably McAfee, or Symantec, or both. Be a pretty cool way of solving both the delivery and virus scanner problems in one fell swoop.

Dave

Re:Who is the real author of Magic Lantern?

Easy, that would be Elcomsoft. hehe.

Magic Lantern isn't the way to go.

[Henry+V+.009]

If the FBI wanted to get really snazzy they would go to your ISP and start monkeying with your internet connection. It should be a snap to take over windows on one of the automatic updates, without the user ever being the wiser. Or even do the same with one of McAffee's automatic updates. Could even be possible to do similar things with a Linux box. And in the case where the user does not update his machine, well, there are plenty of holes to exploit then, anyway. So, anyway, I want my FBI to work smarter, not harder.

Re:Magic Lantern isn't the way to go.

[autopr0n]

It should be a snap to take over windows on one of the automatic updates, without the user ever being the wiser.

Actually, it would be impossible, as the FBI would need Microsoft's private signing key.

Besides, you'd need to have a lot more people 'in' on it, M$, the ISP, etc. OTOH, ML already tunnels through various security holes if they're there.

Re:Magic Lantern isn't the way to go.

[Henry+V+.009]

Hardly. All the verification code for the update system is on the user side of the box. Fifteen minutes and a beer, and I'll reverse engineer it for you.

Re:Magic Lantern isn't the way to go.

[leeward]

Umm... what makes you think they don't already have it, with Microsoft's cooperation, of course.

A *real* ISP

[theantix]

Here is why my ISP is doing about the situation.

Excite @Home is the corporation that supports @home.com e-mail. It is operating in bankruptcy and it is unknown how long it will continue to support the @home.com e-mail. Over the last year Shaw has been building its own Data Centre to support e-mail, provisioning web space, etc. and given, the circumstances with Excite @Home, we are accelerating the migration of our customers over to our Shaw infrastructure which includes transitioning email addresses to @shaw.ca. We are asking our customers to complete an Email Quickstep process and then begin using their new @shaw.ca email address to ensure that impact is minimized in the event that the Excite@Home corporation is unable to continue supporting their @home email service.

Not only will there be no service downtime, but they took preventative measures to avoid this in advance of any problem. Don't you wish you live in Canada?

Re:A *real* ISP

[CptnKirk]

AT&T is also taking similar measures. But it does bring up a quality of service issue. If the lights do go out at Excite@home and an ISP can't provide service to it's users for a week or so until they get their backup networks online (if they have them), should they expect their users to pay for that month. I wouldn't, but I expect that most will. There will probably be more /. stories about this aftermath.

Re:A *real* ISP

[rho]

Don't you wish you live in Canada?

No, all you Canucks eat is back bacon and beer.

P.S. Please stop sending all those cold air masses across our border.

Re:A *real* ISP

[DickPhallus]

Actually, Molson has just announced the newest addition to their line-up: Molson Back Bacon Beer. Now you can your bacon, and drink it too!

Re:A *real* ISP

[skt]

Here is a message I received from a US provider Insight@Home. It's somewhat reassuring.. hopefully my connection is still working when I get back from work tomorrow...

Firstly, you should know we do not believe the system will go dark. We are working on a number of fronts to prevent this from happening, including direct motions in the Court, as well as working with the Federal Communications Commission to protect customers with, at minimum, a 30-day notification before service can be terminated. We're working not only with AT&T, but also with other ISPs, including Road Runner and AOL Broadband, to bring alternative networks, and indeed choice, for our high-speed data customers. We believe those services will be available within a very short period.

While we do not believe that the service will go dark, we do urge you to take the following precautionary measures with your data:

- Check your Insight@Home email account(s) on a daily basis. Doing this will automatically save your email to your hard drive as well as ensure timely receipt of important future communications from Insight Communications.

- Backup your personal web page(s) by copying them to a diskette, CD or to your computer hard drive.

We have opened up our call centers beyond normal weekend capacity so that we will be available to answer any questions you may have.

We have also created a special web page where we will post announcements regarding any updates to this situation and how it may impact you. The web page will be available beginning Friday afternoon, following the Court's ruling, and can be accessed at: http://www.insight-com.com/net/UPDATES

Re:A *real* ISP

[sudasana]

Rogers cable is providing the same quick response and service for the changeover. I don't use their email anyway, but good to see that they're being proactive.

Re:A *real* ISP

[stefanlasiewski]

Since most people pay automatically via their credit card , many people may forget to demand the refund...

Re:A *real* ISP

[Shagg]

Actually, several of the @home resellers are doing this, including Comcast. In addition, both Cox and Comcast (and probably many more) have already stated that you will be automatically credited for any downtime.

AT&T's backup plan(s)?

[badvilbel]

Has anyone heard any further about AT&T's plan to either: a) purchase Excite@Home or b) launch their own fantabulous network ? The latter option thus far has been very sparsely elucidated and very unclear. It's also interesting to me that, here in the Seattle area, AT&T broadband seems to be sending out a different "special" offer each week with a different pricing scheme. Perhaps they're trying to be proactive about the potential customer loss due to the impending craziness.

Re:AT&T's backup plan(s)?

I can't tell you about Seattle, but here in St. Louis, AT&T is pulling out completely from the @home venture. My company is picking up the pieces, but AT&T/@home are making it about as difficult as they possibly could for us to convert our users. I fear that many users who are switched will be negatively affected and blame us.

Re:AT&T's backup plan(s)?

[thesolo]

Perhaps I'm wrong, but aren't most of AT&T's networks on Roadrunner and not @Home?

Re:AT&T's backup plan(s)?

[badvilbel]

Everything I've read from AT&T (again, at least in Seattle) seems to indicate that they are solely using @home. Like, you, I'm unsure of this, so don't quote and/or flame me!

Re:AT&T's backup plan(s)?

[Rick+the+Red]

According to this Reuters story, "AT&T Corp. (NYSE:T - news) is expected by Monday to receive offers from Cox Communications Inc., Comcast Corp., and AOL Time Warner Inc. to take over its broadband cable television unit, as well as a proposal by Microsoft Corp. for an investment of up to $3 billion to $5 billion, sources familiar with the situation said."

So it looks like we'll either be forced onto iComcast, Scientology.net^H^H^H^H^H^HEarthLink, AOL, or MSN.

I'm rooting for Comcast as the least objectionable option. Oh, well, back to 24,000bps dialup for me!

Re:AT&T's backup plan(s)?

[tnlratofwa]

hey man! I noticed the same offers too....umm maybe their hedging their losses or bets? I'm on their 'access' & to think I gave up my dialup 'scientology account' ROFLMAO!

Excite@Home Customer Communication

[slugfro]

As an excite@home customer I am not happy about the current situtation since a fast (or somewhat fast) internet connection is now a necessary part of life. However I am less happy with the lack of communication from excite to their customers. A few weeks ago I recieved one email stating that connections and features could be affected in the future and that they would be in steady contact with further updates. I haven't heard back since! Hopefully DSL is available in my area now.

Re:Excite@Home Customer Communication

[/dev/trash]

I am not happy about the current situtation since a fast (or somewhat fast) internet connection is now a necessary part of life.

Wow I wonder how my life is going on since I have a measly 56k.

Re:Excite@Home Customer Communication

[tnlratofwa]

i can not refuse to comment...how do you spell s*c*i*e*n*t*o*l*o*g*y net? hehehehe they have a linux dialup here in seattle. sorry guys...was being tAcKy!

Re:Excite@Home Customer Communication

Wow I wonder how my life is going on since I have a measly 56k.

You get 56k? Wow! My phone lines top out at 40Kbps - anything faster (I got 42k once) can't stay connected. Of course, being 47,000 ft. form my C.O. probably doesn't help. It's pretty much tin cans and string form where I'm at.

Puh-lease

[Exmet+Paff+Daxx]

Anyone who thinks "Magic Lantern", the FBI's Grandiose excuse for a keystroke logger, should have a virus template is not familiar with what a computer virus actually is. For the faint of wit, I'll break out the definition:

A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.

Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.


First of all, Magic Lantern does not replicate. Second of all, it is not malicious. Magic Lantern is not designed to break the law but to enforce it. If McAfee made a "Law Enforcement Tool Scanner", then we could attack them for not doing their job. Since they make a virus scanner, and we're not talking about a virus, the whole conversation is silly.

Why don't people bother looking up the definition of a word before posting a story about it??!?

Re:Puh-lease

[Itrebax]

Trojans are usually considered viruses, even though it might not be the "technical definition". BO is technically a Remote Administration Tool, but come on now. And also, what happens if some hacker gets hold of this magic lantern software and has some fun pretending to be the FBI?

Re:Puh-lease

[Tackhead]

> And also, what happens if some hacker gets hold of this magic lantern software and has some fun pretending to be the FBI?

If the FBI's sending it out, I doubt they'll be sending it out to hackers. Skr1pt k1ddi3z, maybe, but not hackers. The last thing they'd want is for someone to reverse-engineer it.

Remember, the perp has to be dumb enough to run it or otherwise get himself 0wned in order for it to be effective. If deployed, it'll be against soft targets, not hard targets.

Re:Puh-lease

Probably already said but;here, have a clue.

This type of program is called a "trojan horse", it is installed on a user's computer without their consent or knowledge. Since I do not believe there is a seperate catagory of "trojan horse scanner" software I think it reasonable to expect the existing "virus Scanner" type software to detect "trojan horses".

Now as to whether it's OK for the FBI to do this in the first place or not - don't know, don't care - anyone with half a pint of knowledge about security would already be using techniques (Smartcard+password, duh) that would prevent such a trojan from working. The only people they will nab this way are dumbasses running PGP.

Re:Puh-lease

Are you saying that the FBI would only use this keylogging 'law enforcement tool' to tag individuals committing real crimes? (hacking and crime are almost interchangable these days. shame really... it should not be confused with technological terrorism/identity theft... hacking is as much a crime as skateboarding).

Re:Puh-lease

[puck71]

"Viruses can also replicate themselves."

That doesn't mean they HAVE TO in order to be a virus, just that some do or can.

"Second of all, it is not malicious."

The word malicious wasn't even in the definition you cited.

The definition I see that applies to all viruses is "A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. All computer viruses are manmade." I'd say this applies to Magic Lantern pretty well.

Re:Puh-lease

Keylogging is not enforcing the law, it only enables others to.

Re:Puh-lease

Hacking into a server you don't own is a crime. Even if you just look around and don't do anything malicious, you still tresspassed into someone else's property without their permission. That type of hacking is far, far different than simply hacking your Iopener to run linux. The former is what most people refer to as hacking, and is in fact illegal.

Re:Puh-lease

No, he's saying that the FBI would only use it against criminals who, assuming they found it, wouldn't know what it is or how to reverse-engineer it. Script kiddies, basically. A skilled hacker/cracker would just find it and delete it, or modify it for their own illegal purposes and distribute it to other criminals.

Re:Puh-lease

A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes = MAGIC LANTERN = VIRUS, ya dumbass

I bet you work for the FBI....

Re:Puh-lease

You might want to read your definition again.

A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes.

If Magic Lantern is loaded onto my computer without my knowledge and runs against my wishes, it is a virus. It may be a good crime fighting wiretap virus, but it's still a virus. A virus means a security vulnerability. Therefore using any virus-scanning software that ignores ML can mean having a security hole, which could be exploited by a malicious hacker.

Having unknown security holes was bad enough; now we're giving them known targets to attack. Eventually someone will figure out how to masquerade a virus as ML, and then any computer that has or will allow ML to be installed will be in danger. I shouldn't have to tell you that that would be a bad thing.

Re:Puh-lease

What you're missing, Ace, is that whatever I may be doing and whatever my reasons for doing it may be I have the right to choose what runs on my box and what does not. Anyone who, against my wishes, inserts code that can harm me even indirectly has attacked me. I may choose to purchase a product that prevents me from being attacked. McAfee and Symantec products that, by design, allow attacks are not useful products and should not be purchased.

I will not now , or ever, willingly run an OS or apps that are backdoored for the purposes of law enforcement which, contrary to popular opinion, is not always in the right.

Furthermore, I reserve the right to employ any countermeasures I see fit to preserve the integrity of my boxen.

So take yer law and order crap and shove it in where yer head already is.

Re:Puh-lease

[Shimmer]

No shit, Sherlock. Magic Lantern is the payload, not the virus itself.

The point is that the FBI will probably try to hitch ML to some sort of exploit or virus in order to install it on a target machine. Otherwise, they'd need to physically sneak into your house, which is obviously more of a hassle (for them and for us).

-- Brian

Re:Puh-lease

[Kymermosst]

Let me adjust the placement of your head real quick, by asking, by your same logic, what ANY trojan horse program is doing with a virus signature... like netbus, back orifice, and the like? All of those have virus signatures in the popular virus scanners.

You say "Magic Lantern does not replicate"... well, neither do netbus and back orifice. You also say that "Magic Lantern is not designed to break the law[,] but to enforce it"... well, ANY tool that has legitimate uses (like remote administration tools) also has illegitimate uses. Are you saying that the FBI will NEVER abuse its power?

Don't be such a naive idiot. There is even question about whether or not Magic Lanter is even constitutional. Since when has intrusion without a warrant or wiretapping without a warrant EVER been legal in the U.S. before?

I guarantee you that if the major virus scanners don't look for it, you'll find someone else puts out a program that does.

Re:Puh-lease

[juliao]

Let me break the news to you:

If software runs in my computer without my knowledge and for any purpose other than serving my needs, I don't want it.

"Virus" scanners have been know to detect things like Back Orifice for ages, and nobody seems to complain. What is the difference between BO and any other FBI-or-not-sanctioned spyware? None.

It may strike you as odd, but from a user's perspective, getting shot in the head by a robber isn't any different from getting shot in the head by a policeman.

Re:Puh-lease

[markmoss]

Magic Lantern is a program that installs itself on your system without your knowledge or consent. A virus is a program that installs itself on your system without your knowledge or consent, then uses your system to spread itself.

If Magic Lantern can get in, then viruses can enter through the same security hole.

The exodus...

[sterno]

This makes me wonder a couple things:

1) Will there be a mass exodus of cable modem users to DSL? Could this be the shot in the arm Covad needs?

2) Will the NetZero service be able to handle the influx of customers from Comcast? I'm sure all the NetZero customers will be real happy when they get endless busy signals.

3) Will ComCast pay for a user's modem so that they can use this "backup" if they don't already have a modem?

I'm guessing they through this situation at the PR department and that it was the best they could come up with.

Re:The exodus...

IMHO the shot in the arm that Covad (and every other DSL company) needs is more COs. I'm using cable right now because that's the only thing I can get at this distance. I suspect that's why a lot of broadband users are on cable and not DSL. DSL's great, if you can get it. Most people in my area can't.

Re:The exodus...

[david+duncan+scott]

Actually, given that each new customer costs Covad some ungodly amount of cash, such that they need a year or more to start seeing a return, a whole bunch of new customers could kill them dead.

Re:The exodus...

[ethereal]

...a whole bunch of new customers could kill them dead.

Please don't, he said, over a Covad line :)

Mac Comcast users in the cold

Checking the NetZero site to see if I can get one of the "temporary" accounts, I see that there is no Mac version, which means if Comcast goes dark, none of us subscribers who use Macs (all 5 of us) will be able to take advantage of the "temporary" solution.

I'm so damn happy I could spit.

Re:Mac Comcast users in the cold

Just as an FYI, this is snipped from the info page...

Comcast's Connection Backup Program is meant to be a temporary alternative to provide email and connectivity. The free service offers ten hours per month, which should be sufficient to get you through any short-term outages. This service does not currently support MAC, Windows 2000 or XP. Please remember Comcast is currently working with Excite@Home to avoid any service interruption. If your area is not listed as having a free local access number, please visit http://dl.www.juno.com/get/juno_comcast as a potential alternative

Just gotta love it, eh?

Carefully worded denial?

[Ldir]

Network Associates/McAfee.com Corporation has not contacted the FBI, nor has the FBI contacted NAI/McAfee.com Corp., regarding Magic Lantern.

Note that this doesn't deny that another US agency has contacted Network Associates, nor does it deny that the FBI has contacted them about software named something other than "Magic Lantern" (a bug by any other name would still capture your keystrokes, or something like that). NAI may be telling the truth, strictly speaking. One can only speculate whether they're telling the whole truth.

----

I didn't used to be so cynical, but then I learned to read, and to watch the news. The US government has earned our distrust through years of deception and denial. The sad part is that the good, honest, hard-working law enforcement people (which is most of them) are tainted by the abuses of the few.

Re:Carefully worded denial?

[ragtimesf]

Boy, is McAfee the FBI's bitch or what? Clearly this press release was the direct result of communications between the FBI and McAfee. Someone at the FBI is not happy with the way McAfee is shooting their mouth off. I wonder why McAfee is going so far out of their way to appease the FBI?

Re:Carefully worded denial?

No kidding. Did anyone actually expect McAffee to say anything else but "Ooops, we really aren't doing that and telling the public. I mean we really aren't doing that at all." Carefully worded my @$$. This was the puppetmaster's hand making the mouth say hello and jump up and down to get them noticed.

Errata...

[sterno]

s/through/threw/

*sigh* I hate when I do that

McAfee forgot # 5

[bstadil]

5. McAfee as a corporation has only lied to the public three times. Including this one.

Re:McAfee forgot # 5

[WasterDave]

OK, I'll bite. What were the first two? And why does this thing insist that I take more than twenty seconds to make a posting? Sheesh, it's only a few words...

Re:McAfee forgot # 5

Nothing deep. Just using an Old self-referencing joke about someone claiming they only lied 3 times in their life, then includes that very statement in the list. I don't think McAfee is necessarily telling the truth or at least they are being parsimonious with the Truth.

Re:Puh-lease (get your facts correct)

[jschmerge]

Actually, Mc Affee and other AV products detect things other than viruses... I.E. the Code Red Worm. Please make sure you understand what the difference between a worm, virus, and trojan horse are before you post a bogus definition in the future.

Oh, and by the way, I believe this magic latern horseshit is actually a trojan horse, not a virus or a worm.

I guess this is what you get when a bunch of web monkeys try to be encyclopedists...

McAfee doesn't work well anyway

[vscjoe]

I used to use it on my Windows machines and finally gave up on it--technical support was horrible and it caused all sorts of problems.

WAHOO!!!!

56,000,000$ per month evidently wasnt enough for @home....and you know the not providing service to its customers most of the time....that must of cost them money....

it just makes me feel great inside that if my comcast is cut, NETZERO will fly into to the resuce!!!!!!!!!!!!!!

Re:WAHOO!!!!

[tnlratofwa]

...hallo...scientology net, kin i kum homez? woowoo!

No, that's the cheap part

[HerrNewton]

[B]ut the sidewalk idea strikes me as IBM playing Brewster's Millions with the billion dollars they pledged to spend on Linux.

Ummm... shopping list:

1. Stencils, easy enough to diecut on a press
2. Chalk paint
   
3. Motivated guerilla marketers to spray chalk paint over stencils.

All of that---including any fines levied---is very, very cheap relative to a more traditional campaign. Extremely cost effective strategy, especially when you take into account the freepress afforded by media coverage of the pissed city governments.

Re:No, that's the cheap part

[thesolo]

All of that---including any fines levied---is very, very cheap relative to a more traditional campaign.

Not really, considering the fact that they hired ad agencies in each city to do the painting. I wonder what the price tag was for that.

Re:No, that's the cheap part

[HerrNewton]

Almost certainly less than putting up a billboard when you factor in the cost of rental and printing.

Re:No, that's the cheap part

[TheAwfulTruth]

Not really when the whole thing turns into a debacle and IBM and Linux get a black eye over it. It was a childish and irresponsible thing to do. It can only have hurt the cause. So I don't agree that it was cost effective to spend money making IBM and Linux look like a graphiti gang.

Similarly the defacing of the Windows XP billboards, funny though it may be, is not in any way helping the Linux image as a hackers OS.

the big deal is

[vscjoe]

This is a slippery slope. The problem isn't that the government is using a virus, the problem is that they may be seeking accomodation from commercial software. If that thinking prevails, you may eventually not be permitted to run other security software, or you may be required to run an operating system with a back door.

So, the FBI can hack all they want. It is at specifially accomodating that hacking where we need to draw the line.

Re:the big deal is

[MousePotato]

Wasn't there something about an NSA key/door discovered in WinNT4.x not so long ago?

Re:the big deal is

[psamuels]

Wasn't there something about an NSA key/door discovered in WinNT4.x not so long ago?

Allegedly. I guess some bonehead at Microsoft accidentally shipped a service pack without stripping the symbols (meaning: all the names of global variables and functions that aren't usually exported were visible). And someone was looking through the symbols and found a variable in the crypto module called NSAKEY, whose value turned out to be a valid key (distinct from the usual Microsoft key) for things like code signing for upgrades. The immediate peanut gallery theory emerged that this key was held in escrow by the NSA in case they ever needed to send anyone a spyware trojan.

Microsoft came up with an alternate explanation, of course, which I don't remember off hand, but it sounded at least semi-plausible. I imagine we'll never know.

Re:the big deal is

>This is a slippery slope.

Has anyone else noticed that this phrase is used in almost all slashdot posts? First it was just in the YRO section, but now it seems to pop up as a comment in every story.

"Using these new PDA's is a slippery slope, if we're not careful, then the world will be dominated by them..."
or
"The way linux keeps switching VM subsystems is a slippery slope, in 20 years will we have to choose between 40 differnet VM subsystems? Choice is good, but I mean we shouldn't have that much right? BTW: KDE is the best, gnome should just die and go away!!!"

Various things like that.

I wonder if slashdot isn't really just 10 or 20 twelve year olds with all the spare time in the world who just keep posting to each other as different users.

Re: WINS alias?

[jerdenn]

Um, not WINS alias. Try DNS alias. Two different technologies.

-jerdenn

It IS a big deal. Because...

[hillct]

First McAffee and now Symantec are willing to ignore the presence of this virus. This article describes Symantec's position on the issue:

Eric Chien, chief researcher at Symantec's antivirus research lab, said that provided a hypothetical keystroke logging tool was used only by the FBI, then Symantec would avoid updating its antivirus tools to detect such a Trojan.

Symantec is yet to hear back from the FBI on its enquiries about Magic Lantern.

"If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it - we wouldn't detect it," said Chien. "However we would detect modified versions that might be used by hackers."

The bigger problem here, though is that these antivirus vendors are violating the public trust and esentially providing faulty products (nothing new in the software industry) intentionally (which is a new prescident).

Furthermore, if antivirus vendors can be currupted this ay in the name of national security, does this mean that OS vendors will do the same, to accomodate the delivery methods chosen by the FBI? Will there be un-closed security holes intentionally left open as delivery vectors (like buffer overflow problems etc.) for 'Magic Lantern'? And regardless of the position of Stmantec that they will try to detect variants of Magic Lantern, what happens when a virus writer succeeds in writing a piece of code with a signature sufficiently similar to the FBI code as to be indestinguishable? the risk introduced here is too great to justify through the promise of improved crime fighting capabilities.

--CTH

Re:It IS a big deal. Because...

[jemagid]

The whole question of security bugs included intentionally in software reminds me of the Inslaw case, in which the federal government took a piece of software which they pirated from a contractor (who they put out of business), and hacked it up to include a back door. This software was written to track the complicated web of relationships between the sort of people intelligence agencies work with/against (depending on the phase of the moon and the particular situation). They sold this software to friendly (And probably not so friendly) intelligence agencies world-wide, using the back door to suck out information from their customers databases.

Pretty cool hack. (a technical judgement independent on the morality of the entire affair).

So the government has dealt in intentionally insecure software in the past, and they will probably do so in the future.

Personally, I think with a real warrant (none of this no-burden-of-proof "judicial certification" which the PATRIOT act institutes") this is a fine tactic. It's essentially the same as a wiretap.

Obviously, mass distribution of weakened software to the public or to anyone whom there is no probable cause to suspect is completely unacceptable.

Re: WINS alias?

[thesolo]

No, in this case, it is resolving a NetBIOS name to an IP address. That's WINS.

Cogeco

[Kenshin]

Cogeco did the same thing too. Everyone's been given @cogeco.ca addresses, and the whole network has been switched over to their own system.
This was a month ago.
It's all working just fine. It's fast, and pretty reliable. I think my pings have been lowered as well, since we're not plugged into that awful @Home backbone anymore.

McAffee or PGP or BlackICE?

[RobertGraham]

It would be pointless for the FBI to contact anti-virus vendors: anti-virus programs cannot detect Magic Lantern, they can only detect widespread viruses.

On the other hand, the FBI would be interested in contacting the PGP division. PGP 6.0.2 (and above) defeats keyloggers. E.g. if you were infected with the BadTrans.B virus/worm and you used PGP to encrypt your files, the h4x0r would not discover your passwords. (And yes, I've tried it.). [BTW, this is why 6.0.2 didn't work well on Win2k, PGP installs a keybaord sniffing driver to accomplish this trick, and it wasn't compatible with Win2k power management].

Host-based IDS (e.g. BlackICE) will likely detect Magic Lantern. The next version of BlackICE will detect the keyloggers like that in BadTrans or trojans like SubSeven. Unless Magic Lantern is a complete departure from today's technology, such an IDS will likely pick it up. I've already got a keylogger detection system up and running on my machine (now I need to test the darn thing on all versions of Windows).

An interesting sidenote, BadTrans is exactly what Magic Lantern wants to be. It could be a worm created by the FBI in order to hopefully catch some info about the 9/11 terrorists. Maybe it's an evil corporation out to find info on competitors.

Re:McAffee or PGP or BlackICE?

[czardonic]

It would be pointless for the FBI to contact anti-virus vendors: anti-virus programs cannot detect Magic Lantern, they can only detect widespread viruses.

How do you figure that!? Anti-virus programs can detect anything that can be identified by a signature.

Re:McAffee or PGP or BlackICE?

[Fencepost]

Anti-virus programs can detect anything that can be identified by a signature.

And if you don't believe him, just go read this about Symantec being polite enough to warn everyone that a competitor's product was infected with "W32.Nimda.enc(dr)" even though it wasn't.

"Symantec's Antivirus software, Norton Antivirus, has been reporting F-Prot Antivirus for Windows as being infected with W32.Nimda.enc(dr) following the November 9th release of Symantec's virus definitions. This is a false positive due to what appears to be a lack of quality assurance on their part."

Re:McAffee or PGP or BlackICE?

[czardonic]

How sad that Symantec does not meet the standards of absolute perfection that have been achieved by other software vendors. tsk, tsk.

Re:McAffee or PGP or BlackICE?

More likely a lame attempt at slashing a competitor.

More information on the @Home status

[VP]

This story on Wired sheds some light on what is going on with the @Home service. Seems like the debt holders are the ones who want the service shut down, while @Home has drawn plans (according to their chapter 11 filing) showing that they can pay all their debts and be profitable by 2010. It also seems that all cable companies which are currently providing the @Home service are on the debt holders side, since none of them are explaining this part. So make sure your cable companies hear from the @Home users who stand to lose their service - almost all of the cable companies are regulated local monopolies, which have to answer to a city/municipality board.

Re:More information on the @Home status

[SMN]

@Home has drawn plans (according to their chapter 11 filing) showing that they can pay all their debts and be profitable by 2010.

Yes, just like Amazon.com and all those other dot-coms, some 4 or 5 years ago, drawing plans showing that they could be profitable by now. The vast majority of those sites are no longer in business, and some of the most prominent among them are no better off now than they were then.

Let's face it, markets change. And in the Internet, still a very new and rapidly evolving medium, the market is bound to change. Any estimate by @Home or any other internet company making any promises about their marketability ten years from now should not be trusted. That's simply absurd.

There were, at one point, hundreds of companies predicting that ads alone would support them. What happened? As we all know, a few years ago, the bottom dropped out on the online ad market. Most of those companies are gone now - Inside.com is one of the many prominent sites among them. Others have been forced to overhaul their business models - Salon and others, including Slashdot, are moving to subscriber services (and last I saw, Salon still ain't close to profit).

And it's not just ads. The first site that comes to mind is Amazon.com -- everyone predicted that they'd hit a gold mine. People like buying books online, and by ditching brick-and-mortar stores and keeping all inventory in warehouses, they can streamline everything and save a bundle. Well, it's sure not working -- they're far from profitability as well.

I really hope people aren't as gullible as these companies seem to believe. Making predictions about Internet companies 10 years from now is rampant speculation at best. In fact, it's probably just total bullshit.

@Home can make whatever claims they want, but face the truth -- this is a desperate final attempt to keep in business. It's a blatant lie, and anyone who believes it is in for a surprise.

Re:More information on the @Home status

[VP]

Based on the Wired story, it is a quite simple calculation: $15 per @home subscriber per month. 4.6 mil. subscribers: 828 million per year. Their maintenance cost for the existing network should be known, since they are a publicly traded company. The only assumption is that their subscribers will increase to 50 mil. by 2010. With a lower per subscriber fee ($12.5 per month) this would come to 7.5 billion/year. I think this is sufuccient data to make an educated guess whether and when @Home can pay off their 1 billion debt and be profitable. As noted, they already got rid of Excite, so the bleeding has stopped there.

I still think the creditors are the "villains" here. I also do not trust the cable companies, and would rather have them use a third party to provide broadband (just recall the DSL hell that Verizon and PacBell customers seem to experience).

Re:More information on the @Home status

[SMN]

The only assumption is that their subscribers will increase to 50 mil. by 2010.

That's a HUGE assumption, and I have no faith in it whatsoever. The problem is that for every one of those new users, the speed of other users' connections will slow down. At the same time, other options - DSL et al. - are going to become much more widely available, and won't suffer from this congestion.

I wouldn't even be count on cable modems being around much at all 10 years from now. Think about what the Internet was 10 years ago - or, rather, don't, since that name didn't come around until 1993 (on a certain piece of legislation sponsored by a certain Al Gore, hence his responsiblity in creating the Internet as we know it). Anyone prediction the Internet and broadband then would be considered a raving lunatic. Would you be surprised if we're all using some new tech for net access in 2010?

And there's another key question you're not asking: if these calculations are so simple, why didn't @Home make them years ago and realize it couldn't borrow so much go into so heavy debt so soon? Because years ago, they were predicting many, many users -- many more than we have now. They've predicted wrong in the past, and they can certainly do it again.

Re:More information on the @Home status

[DarkProphet]

The only assumption is that their subscribers will increase to 50 mil. by 2010.

That's a HUGE assumption, and I have no faith in it whatsoever. The problem is that for every one of those new users, the speed of other users' connections will slow down. At the same time, other options - DSL et al. - are going to become much more widely available, and won't suffer from this congestion.

It is a very huge assumption! Strictly speaking in the U.S, there are around 300 Million people. Giving the benefit of the doubt, lets say that EVERY person has thier own internet access accounts in 2010. Thats 300 million accounts. For excite@home to assume that they will control 1/6 market share of all internet connections in the US is simply ridiculous. A good deal of the populous of this country lives outside the possible reach of DSL/Cable/Hardline solutions. The only way someone living outside of town can get access is either via phone line/modem (which is very antiquated even today), or some sort of wireless setup (which is fairly expensive by common Joe terms). I work as a marketing executive for a large global total internet solutions company which shall remain nameless (not excite@home or ATT), and I can tell you thier assumptions are wild beyond belief!

The most likely scenario is that ATT (who I believe is a shareholder) has paid off the excite@home execs to file bankruptcy, so ATT can pick up the pieces at a nominal cost (and not have to pay excite@home's debts), and grow thier market-share in broadband internet access.

If this is the case, its a wise short-term strategy for ATT, but at the price of sacrificing long-term longevity. Cable and DSL are not the media that people will be using to connect to the internet in 5-10 years. Any company looking to turn a profit in internet service solutions knows that you can't throw millions of dollars in infrastructure to gain 5% of the possible market, when by doing so you totally elmininate your ability to tap the other 95%. ISPs should be (and some are) developing infrastructures that are not only able to potentially reach and service 100% of the market, but also do so reliably and cheaply (for the lowest common denominator), while still being able to turn a profit after all expenses/further R&D.

The reason that more ISPs aren't doing just that is that there are of course quite a few variables there. Its also the reason why companies like excite@home are filing for bankruptcy. They had a good idea, (piggybacking on the existing cable infrastructure), but failed to realize how the initial cost savings (vs. laying thier own lines/towers/whatever)comes at the price of being extremely limited as to who they could and couldn't service. Basically they wagered everything that they had a winning hand, instead of taking many more smaller bets. Bad Idea(TM).

Its discouraging that the only real losers in this scenario are the customers.

On a positive note though, this will force consumers to demand a higher level of stability in their service providers, and will usher in the next level of faster/cheaper/better net connections. Plus, it creates the perfect scenario for my company to take advantage of, which is a win/win situation for us, and consumers alike.

AOL 1000 Hours for Free No Credit Card

[bstadil]

Get it Here,, plus if your are concerned about Windows only get a copy of VmWare trial license its good for 30days. Last you can get a Window 30days trial at CompUSA etc so you should be all set until Xmas.

sure they do

[vscjoe]

Both the military and the civilian parts of the US government design and implement lots of special-purpose gadgets and software, and they spend billions doing it. Often, the work is done by government employees, not contractors. That is entirely justified when there is no commercial vendor around. The decision is no different from whether any other big company outsources or does something in-house. If the FBI wants Magic Lantern, they can develop it in house; they don't need a vendor.

Re:sure they do

what? It's quite funny hearing about their "senior software expert" experiencing network problems because he tried to plug an ethernet cable into a modem jack. The FBI, like any other Federal agency (esp. dod), is, and always has been 10 years in the past, playing catch-up with technology. I can attest to that from personal experience. The idea that an agency like the FBI can actually come up with "hi-tech software" is simply fantasy in my opinion. Most internal software development is either done by 1) third-party vendors, or 2) civil sector (non-FBI, but federally employed). Field agents -- definitely *not*. It wouldn't surprise me if the feds just copied sub7, and maybe some of CDC's software and call it their own by renaming it "magic lantern" because it dazzles and confuses their computer "experts".

Re:sure they do

[ezfur]

Yea but if they write it in house it wont work worth a damn just like for big companies who write in house software. They need consultants on something like this.

Re:sure they do

It's quite funny hearing about their "senior software expert" experiencing network problems because he tried to plug an ethernet cable into a modem jack.

Network cables and modem jacks are not compatible. Network cables and some business phone jacks, however, are physically compatible and can be indistiguishable. I have made that mistake, and you would as well. Blame industry for it: choosing a phone cable standard for Ethernet was NOT a smart move.

The idea that an agency like the FBI can actually come up with "hi-tech software" is simply fantasy in my opinion.

Well, having worked with industry, consultants, and the US government, I can tell you that all three of them have similar distributions of incompetence. Besides, there is nothing "hi-tech", challenging, or complicated about a computer virus.

Re:sure they do

[smcv]

Network cables and some business phone jacks, however, are physically compatible and can be indistiguishable. I have made that mistake, and you would as well. Blame industry for it: choosing a phone cable standard for Ethernet was NOT a smart move.

I can agree with that. Each student room in the college I'm at has a double socket on the wall - one RJ45 network connection, and one physically identical phone socket (which you need an adaptor to plug a normal phone into). All we were told was that the network connection was *usually* the one on the left :-)

cold air masses

[theantix]

No, all you Canucks eat is back bacon and beer.

Beer is the giver of life. And a day without bacon is a day without joy! Really, these are positives, not negatives... there must be some confusion.

P.S. Please stop sending all those cold air masses across our border.

In fact, it is me that is sending them to you... but they keep bouncing back up for some reason. I don't want 'em, so I send them down south. You can keep 'em!

Re:cold air masses

[Ed+Avis]

Cold air masses across the border from Canada... I would have expected _warm_ air masses. But then, my only knowledge of these things is from watching South Park.

You just let the Unabomber off the hook. Good one

[Rares+Marian]

So if I send you anthrax, I can get away wih murder?

Play Again (Y/N)? _

Virus scanners check for trojans too.

[Rares+Marian]

What if someone dismembers McAffee ViruScan, and copies the trojan's signature?

Magic Lantern is a trojan

...and AV programs have been detecting trojans for years.

peace, love and spray paint

[seeded]

here's the link for the peace, love and linux thing from ibm:
http://www-1.ibm.com/servers/eserver/linux/passp or t.swf

So If Somebody Sends You A Letter Bomb...

...and you open it and are killed, it's YOUR FAULT?! What are you, an idiot? If somebody sends me money I'm not entitled to, if I spend it I'm guilty of theft. It's not only a legal definition, it''s a moral and ethical one too. I'm not a thief.

@home conspiracy theory

[Sadfsdaf]

Why do the creditors want @home out of business?

Considering that one of the major shareholders is AT&T (broadband or parent company it doesn't matter), they MUST keep the service running anyway.

AT&T WILL obtain the hardware and maybe the people who keep the cable internet system running.AT&T WANTS @HOME TO FILE FOR CHAPTER 7 (liquidation, bubye). Why? If they kept @home, they would still have less control over the system and if they obtained @home's hardware when they make the new system it'd be cheaper (not to mention the same people to run the familiar system).

Then why don't they BUY OUT @home? Simple! @home has something like SIX BILLION DOLLARS IN DEBT. If AT&T bought them out, they would have to deal with that debt and do you really think the shareholders would be happy about a sudden 6 billion in debt? HELL NO! AT&T will let @home liquidate and pick up everything (people and hardware) dirt cheap (because no one else will set up a cable system in that area, they CAN'T AT&T controls it, thus they're the only buyer).

AT&T is playing a smart move here, and they probably have @HOME executives in on this too and have other cable providers notified (that's why they're all making "backup" plans, because if they really weren't going out of business, then why would @home tell them, that would make the CO's trust @home less!)

Sigh... just a stupid ploy for AT&T to get full administration to the cable internet system dirt cheap w/o paying any debts.

Smart move AT&T.

If they decide to do anything different, AT&T execs are stupid for not doing this. ;-]

Re:@home conspiracy theory

Six Billion?
Get informed before posting, it's more on the order of 1 billion in debt. Goto dotcomscoop for a more informed opinion.

Re:@home conspiracy theory

[kawaichan]

That was the whole theroy when the filed for Ch 11 a while back. But couldn't AOL or MS try to get @home the same thing AT&T is doing right now? I think AOL really want the pipes badly, and so does MS.

Re:@home conspiracy theory

[Sadfsdaf]

Suuuure... http://biz.yahoo.com/p/a/athmq.ob.html

there ya go. I don't see 1 billion, but i do see 6-7 billion in the red. I find a company's financial report more accurate than dotcomscoop, no?

Re:@home conspiracy theory

[Proteus+Child]

Why do the creditors want @home out of business?

Because their service sucked (at least in Western PA)?

Mail servers that dropped messages on the floor 24/7.. POP servers that never responded to requests.. DNS so flaky that a few of us set up our own.. their terms of service (okay, so I'm being selfish on that point.. high-bandwidth and they expect me to NOT use it for something constructive?)... tech support with marginally less of a clue than a flatworm ("My cable modem is dead.." "Reinstall Windows." "No, I mean it's really dead - the power supply lost its magic smoke..")...

It wouldn't surprise me if a few of their investors decided to cut their losses.

Call this a troll if you like, but I'm bitter over @home. Good fsck(1)ing riddance.

magic lantern

One can't help but wonder if a new breed of virii might show up, who's purpose is to remove magic lantern. Though they may be caught, if distributed correctly, their payload would do a lot of good. I mean there is no reason why the fbi needs to see which porn threads I follow.

Re:magic lantern

[Philbert+Desenex]

i don't know what we're getting all bent out of shape about magic lantern for. any fbi technology that's even being talked about in the press is already old hat. they've moved way past that by now, i'm sure.

I wouldn't be too sure about that. The FBI has been notoriously backwards technologically. For example, the FBI website was hosted by NASA for the first few years. FBI was a *major* consumer of IBM Big Iron, running crap OSes like MVS well into the 90s. The public information on DCS-1000 makes it look really amateurish (runs on NT, captures way too much information, etc etc). The FBI's "National Infrastructure Protection Center" has come under a lot of criticism. The Feds have pushed for stuff like CALEA for years because the FBI can't keep up with the hackers and phreakers.

Re:magic lantern

[mikeee]

MVS is Not My Favorite OS, but it isn't crap either.

You're complaining that a steam locomotive is not a jeep.

Re:magic lantern

[Philbert+Desenex]

MVS is Not My Favorite OS, but it isn't crap either.

You're complaining that a steam locomotive is not a jeep.

No, I showed you an example of why the FBI qualifies as technologically backwards in terms of The Internet, and threats to The Internet.

It's certainly possible that the FBI has throngs of RACF hackers who can bust into your average script kiddie's S390 by running a job with strangely malformed JCL, but so what? To use your idiom, the evidence says that the FBI has plenty of steam engine mechanics, while the fellow I responded to was claiming they had really, really good internal combustion technicians.

Re: WINS alias?

Actually it's not a NETBIOS name it's the DNS resolver appending the local search domain to "mail"

About 1/2 of AT&T customers use @Home Network

[mr.crutch]

According to this article, about 50% of AT&T customers use the @Home Network. Of those 1/2, 20% can be transitioned to a new network "quickly"

The remainder of AT&T customers use the RoadRunner network and use @Home only for broadband content. If @Home goes dark tomorrow they won't be able to view their excite homepages but their network access will be unaffected.

The Cox contingency plan.

[jabber]

Click HERE

In case that gets swamped, here's a reprint:

Cox Communications @Home Service Update:

Following you will find some information to address questions you might have about the email communication that you recently received from us.

Q1. What should I do today?
A1. Cox recommends that you use the following precautionary backup procedures.

Check your @Home email daily. Opened messages will be saved automatically to your hard drive.

Download software from a free dial-up Internet service provider. We recommend that you do not install the software unless service is interrupted.

Back up your personal web page.

Watch for more information from Cox on the transition of your service to Cox High Speed Internetsm. At such time that you can make the transition to our new service, Cox will be providing you with all of the information you need so that your transition is as smooth as possible.

In the unlikely event that there is a disruption in service, keep your cable modem connected to your PC until service is restored.

Q2. I need my e-mail; what am I going to do?
A2. Cox is doing everything that we can to ensure that you are never without your email. If our plans are successful, your service will not be interrupted and you will have a comfortable transition period in which you can convert your service to a new Cox-managed network.

Q3. What about my modem?
A3. In the unlikely event that there is a service interruption, you should leave your modem connected to your PC until service is restored.

Q4. What is this dial-up, temporary service?
A4. In the unlikely event that your service is temporarily interrupted, we recommend that you set up Internet access via one of the free dial-up Internet services that are available. We have arranged for temporary, dial-up access to the Internet via NetZero. You may download this software by clicking here. This dial-up access is meant to be a temporary alternative to provide email and connectivity. The free service offers ten hours per month, which should be sufficient to get you through any short-term outages. This service does not currently support MAC, Windows 2000 or XP. If you are a Roanoke or Hampton Roads resident and a NetZero local access number is not available, please visit www.juno.com as a potential alternative.
We do not recommend that you install the software at this time, just download the software and save it so that it may be installed should you have an interruption in service. This is a precautionary measure that would give you access to the Internet via a phone line plugged into your computer.

Q5. What will I get with this service and is it Cox supported?
A5. Unfortunately, Cox cannot speak to the features and benefits of the free dial-up Internet services that are available, nor can we guarantee or support it. We recommend that you explore this temporary backup plan simply as a precautionary measure. We are taking all necessary steps to ensure that your service is uninterrupted, but we thought that you might be interested in a temporary, although not ideal, solution for Internet access in the unlikely event that your service is shut down.

Q6. Will you credit my bill? When will I see a credit?
A6. Cox will credit you for any time that you are without service. This includes reimbursement for equipment leasing fees if you are leasing your cable modem from Cox. Should your service be interrupted, you would see an appropriate credit on the next statement that you next receive from Cox.

Q7. How do I get updates quickly?
A7. You have two ways of getting the latest accurate information quickly.

We've established a special number (1-877-832-4751). When you call this number, you will hear a recording that provides the latest information.
You can also get updated information by visiting www.cox.com/info.
These are the most accurate and up-to-date sources for information on your Cox Internet service.
Q8. How will you communicate with me if my service is down?
A8. Cox will contact you via mail or courier to provide important status updates and service information concerning the new Cox-managed high speed Internet service that will replace your @Home service. You can also call 1-877-832-4751 to hear a recorded message with the latest, accurate and up-to-date information.

Q9. What will happen to my personal Web page?
A9. As a safety precaution, you should always backup your personal Web page to a CD or hard drive. To Transfer Files from WebSpace to your hard drive using the File Manager:

Download the files from WebSpace to your computer by logging in to the WebSpace login page at http://home-members.excite.com/m_webspace/ and clicking File Manager, located at the top-right corner of the screen.
Select Transfer from the File Manager navigation bar. In the window that appears, select the files you want to transfer from your WebSpace account to your computer, and the location to which you want them transferred, then click Transfer.
A window appears telling you when your file has been downloaded.
Click OK to return to the File Manager page.
Once you are finished with File Manager, log out by clicking Logout on the navigation bar. If you do not log out, and you share a computer with other people in your household, they may have access to your files.

Re:The Cox contingency plan.

[jdavidb]

The free service offers ten hours per month, which should be sufficient to get you through any short-term outages.

Unless the outage lasts more than a day; how much do you think we use the Internet, anyway? :)

This service does not currently support MAC, Windows 2000 or XP.

Doesn't support MAC, huh? Are you trying to tell me it won't support Medium Access Control? That makes sense; ethernet isn't needed, since it's dialup. At least my Mac will be supported. :)

McAfee MAY Be Detecting It

[Sonicated]

1. Network Associates/McAfee.com Corporation has not contacted the FBI, nor has the FBI contacted NAI/McAfee.com Corp., regarding Magic Lantern.

2. We do not expect the FBI to contact Network Associates/McAfee.com Corporation regarding Magic Lantern.

So McAfee do not expect/want any communication with the FBI on this matter at all. So maybe they will detect it unless a law is passed forcing them to. Has anyone actually thought about that?

Unless you're the FBI...

...and the target is sub-human^H^H^H^H^H^H^H^H^Hnot an American citizen.

"We hold these truths to be self-evident, that all men are created equal, but that those created in the United States of America are more equal than others."

Oh, that's changing, though, isn't it? The land of the free - a term which we can now only use sarcastically.

It's a HUGE deal

Let's not forget that this is essentially aimed at quelling dissent. I don't care where your sympathies are, or whose politics you favor. The recent spate of surveillance legislation and spyware is directly aimed at eradicating dissent.

Have we forgotten that this country was founded by political dissidents? That so many of the freedoms that we claim to be fighting for are based on the idea that government should not be legally allowed to squash dissenting views?

People have a right to hold views contrary to the government, and expect that their privacy and property is legally beyond the reach of a government that's interested in presevering itself.

magic lantern

i don't know what we're getting all bent out of shape about magic lantern for. any fbi technology that's even being talked about in the press is already old hat. they've moved way past that by now, i'm sure. and if mcafee and symantec did update their virus checking software to detect it, the fbi would just make a new keylogger that they couldn't detect and use it until they caught another mafia thug. then it'd get publicized again, and the cycle would repeat.

there's no way around it, they're always gonna be able to listen. for every carnivore that yuou hear about, there are a bunch of others you don't. i work for a telecom software firm. trust me on this...

Think

[DaoudaW]

"Peace, Love and Linux", hmmm...

And I assumed that their motto was still "THINK". Maybe they overlooked that this time!

Re:Think

[Proteus+Child]

"Peace, Love and Linux", hmmm...

Am I the only one who mistakes this for an InSoc reference whenever stories like this come up?

o/~ Peace and Love, Incorporated! o/~

Re:Think

[ethereal]

So, is there really anyone out there willing to change their browser window size, desktop resolution, number of colors, and even install a new frickin' font just to view that guy's page? Seems a little arrogant to me...

Netzero

For those individuals who have @home, and have been sent the e-mail suggesting that you DL Netzero, beware that it is not supported in windows XP and may cause you to reformat your HD to be able to boot. Just a word of warning...

Aibo hacking

[greymond]

a while back i wrote somewhat of a humor article about aibo using alice's features on its responce, and seeing that done with "brainbo" on the aibohack site just makes me want to laugh at all the people who made fun of my suggestion and said that would be a waste of time. (now i feel better)

What about domain names?

[pclinger]

What happens to my domain names? I have many registered through netsol which is a pain in the arse to update, especially if I won't be able to send email from my @home address! Recently I started registering using GoDaddy because it is cheaper, and I believe I can change my email address in their database with a click of a button, but what about my other domains?

Patrick Clinger

Re:What about domain names?

Meh: http://www.netsol.com/en_US/makechanges/fax/contac t.html

Question

[vbrtrmn]

How many of us actually own one of those Aibo dogs?

Re:Question

Make sure you walk them regularly. I frequently come home to wonderful little puddles of battery acid on my carpet. Luckily it only stack dumps on the tile.

An email I got from mediacom@home

[cpritchett]

I sent an email to mediacom@home asking them what was going to happen if @home went down tomorrow, and got this:

" Dear Valued Customer, We know that having reliable high-speed cable Internet service is important to you, and Mediacom always strives to provide you with the quality high-speed cable Internet service and customer care that you expect. As you may have heard, our service provider, Excite@Home, recently filed for Chapter 11 bankruptcy protection. The creditors of Excite@Home have secured a hearing in bankruptcy court this Friday, November 30, which could result in service interruptions or shutdown of the Excite@Home service. Mediacom and other cable operators, including AT&T Broadband, Comcast and Cox Communications, are fighting to prevent this from happening and remain hopeful that no service interruptions or shutdown will occur. To ensure minimal disruption to your service, we request that you check your email account(s) on a daily basis. Doing this will automatically save your email to your hard drive as well as ensure timely receipt of important future communications from Mediacom. Also, backup your personal web page(s) by copying them to a diskette, CD or to your computer hard drive. Mediacom is working hard to avoid any disruption of your high-speed cable Internet service and to seek alternate service providers in the event that Excite@Home discontinues service. Please check your email, U.S. Mail and our company website (www.mediacomcc.com) for important information about any potential changes to your service. Thank you for your patience as we strive to provide you with the best high-speed cable Internet service possible.

Sincerely,
John G. Pascarelli
Senior Vice President
Marketing and Consumer Services "

Valued Customer? yea, right.. I'm sure they didn't plan on telling anybody unless they asked about it.

Re:An email I got from mediacom@home

[chadm1967]

I received the same type of email from Comcast. What pisses me off the most is the fact that I received it yesterday (11/28). Just two days before the service may be interrupted.

Personally, I'm not that worried. I don't think there are going to be any service interruptions (I'm crossing my fingers, anyway).

Re:An email I got from mediacom@home

[uslinux.net]

Please check your email, U.S. Mail and our company website (www.mediacomcc.com) for important information about any potential changes to your service.

Heh. When we shut off our service, please use your nonfunctioning cable modem to check our nonfunctioning web page for updates.

-@Home

Obsfucated deadline

[nytes]

If you haven't submitted your program(s) to the International Obfuscated C Code Contest, now is the time : the deadline is December 1st, 2001, there is only two days left

You mean there's only 'Z' ^ 'J' ^ 18 days left?

Re: Big effing deal: Howabout the EULA

What if the FBI just stuck a tiny little clause in the middle of the EULA for some software that says "By installing this product, you agree to let the FBI monitor your keystrokes."

Let's face it, no-one EVER reads the EULA. So the sucker just clicks "Agree" and Poof! the whole thing is legit again.

Answer

I do ...a 210 model.

Talk about a cool device ...you ain't seen nothin' till you've owned one of these things ...it's a laptop with legs and a personality :)

Re: WINS alias?

[Fuzion]

No, it's actually a DNS suffix, that gets appended to the address, it's not WINS. In fact, I'm pretty sure their instructions tell you to disable NetBIOS.

AIBO

[Technosteve!]

sorry but does any one under stand the AIBO commercials during a gamespot live stream? i had no idea what they were selling...or am i just uneducated troll that just doesn't understand highclass commercials.

*sigh*

[Jucius+Maximus]

I tried to submit it ...

* 2001-11-27 03:35:00 McAfee Ignoring Magic Lantern Is Bogus? (articles,news) (rejected)

Alas, I could only get it published here.

Re:*sigh*

It's still Cmdr Taco...

Re:About 1/2 of AT&T customers use @Home Netwo

[skriefal]

The situation is even stranger for me. I'm in an area that was originally served by Mediaone.net, which transitioned to Road Runner, and then was purchased by AT&T and converted to @Home. However, all of our servers (NNTP, POP, SMTP, etc) still reside in the old mediaone.net domain, with the exception of the home page server (home.excite.com). I've no idea what'll happen to our connectivity or email access if @Home goes dark...

Whoa Buddy...

[Kansas1024]

That would require me to actually install AOL software on my machine. Do you realize the implications of that? Your machine would never be stable again. And even if you did sign up for an account you would just get busy signials for hours...

Trouble with Charter@Home

[Digitalia]

Charter is switching its customers over to Charter Pipeline, their own service. The transition should be pretty painless, but I've been encountering many problems with the CD they sent out. After giving up on the CD, I tried calling up Charter to get the few bits of info I needed to set things up myself. I sat on hold for 2 hours 35 minutes and finally hung up. This was after an hour of redialing, trying to get through the busy signals.

Re:Trouble with Charter@Home

[erotus]

I also have charter@home, however, I never received the CD which you mentioned. What type of software is on the CD? Also, how different are the settings for the servers and whatnot? My charter@home domain is ftwrth1.tx.home.com. If you have any info could you please post it? TIA!

Re:Trouble with Charter@Home

[Digitalia]

I couldn't tell you about the differences because I still haven't got the bloody thing working. essentially, the disk installs IE6, some broadjump software, and then tries to edit your network settings. Mine fails at this point, as it refuses to acquire an IP via DHCP.

Re:Trouble with Charter@Home

[rayd75]

Good luck. Pipeline is another re-packaged service... At least in my area. Pipeline here comes by way of High Speed Access corp. A whopping 512K/128k connection and a mere 350ms ping time to my neighbors. I was really impressed that most traceroutes only showed a dozen or so private addresses between me and my chosen Internet destination.

Your mileage may vary. Lets hope that it does.

Re:About 1/2 of AT&T customers use @Home Netwo

Your packets will be transferred via carrier pigeon.

Cushy Contract

[_Sprocket_]

I'm sure I'm not the only one to think the following:

When I first heard of "Magic Lantern", I thought "wow... what a cushy development contract." Audit BO2K code. Add some stern boilerplate text and a FBI logo or two. Package it up and ship it out. Voila - Magic Lantern.

Now - this might sound a bit dishonest. But whoever had the chance to do this would be providing an important service.

It has been my experience with a couple of US gov't agencies that often (but not always, of course) senior IT officials have a strong suspicion of "freeware". And, of course, anything "open source" is "freeware" in their eyes. Nevertheless, if open source projects make it in to the IT environment under a contract or commercial product, these same managers do not bat an eyelash.

So the valuable service I mentioned is, in effect, converting BO2K Open Source / "freeware" to "commercial" status.

What a cushy contract.

@Home email?? HOW-TO??

[jabber]

I've never used my @Home email account in the 6 months that I've had the service through Cox.

Now I've been trying for hours to get it to work, via Netscape, Outlook and Outlook Express. Express hangs on load (I've never bothered to run it before, no loss), Outlook hangs whan I try to access the account. Netscape seems to refuse to see the servers altogether. What gives?

The @Home site provides instructions for setting up Outlook Express as the mail client, and for migrating old email from Netscape. Nothing else.. What gives again?

@Home is a plain old POP3 system, right?

What if I want to use Netscape? What am I missing here?

Oh fer Pete's sake!!!

[jabber]

@home went and changed the server names, and never updated the website..

Mail server is no longer just 'mail',
it's now 'mail...home.com'

Would have been nice if they'd made this a bit more clear, somewhere..

Same change applies to the newsgroup servers.. No longer 'news', but as above.

Re:Oh fer Pete's sake!!!

[Phrogz]

Mail server is no longer just 'mail', it's now 'mail...home.com'

It was always mail. ... .home.com!

When you put in "mail" or "www" or "news" it resolves to the correct address ONLY if your computer is set to supply the assumed domain of ...home.com (for example, *.wlgrv1.pa.home.com).

Maybe at some point in the near past, but NOT near the beginning of their service, they pulled some DNS tricks to map "mail" to the full name or IP, but at the beginning you had to supply this information in your local TCP/IP configuration.

(I know this because I set up my parent's computer years and years ago with comcast@home, and had to pull out their annoying assumed domain name from the TCP/IP control panel of their macs because with it typing in "google" into the address bar of IE attempted to contact "google.wlgrv1.pa.home.com" rather than the standard mac/IE behaviour of resolving to "www.google.com". Then I had to hunt down all the "mail" and "news" and "www" and such settings the installer had placed in various applications and expand it to the real name.)

I think you perhaps have screwed up your computer settings (but as above, perhaps there were automagic DNS tricks on their DNS servers which have broken).

We got this with Shaw too.

[mrseigen]

Those of you in shaw-land, make sure it's shawmail.(two-letter abbrev for city).shawcable.net - it's hidden damn well on their site.

Re:The Cocks contingency plan.

I'm wondering what these people will do for their Internet porn when their cable no longer works... ;-)

$120,000 down the drain.

[rice_burners_suck]

From the article on IBM spraypainting Peace, Love and Linux:

IBM has already said it will spend $1 billion to help support the growth of Linux, but the company will have to add at least $120,000 to that total as part of its penance for the advertising campaign, Newsome said. The vendor will pay $10,000 in clean-up costs, close to $10,000 in city attorney's fees and then $100,000 to San Francisco's Clean Streets program for removing graffiti and trash.

I hope the $120,000 aren't being subtracted from the $1B that's supposed to help the growth of Linux. IBM could be using that money to finance the development of technical superiority in this wonderful system. In conjunction with all the other companies and individuals supporting Linux, this would result in a system like no other, with unprecedented power, flexibility and quality.

Besides, $120,000 could have gone into a very helpful advertising campaign. Instead, IBM is being made to look very unprofessional, despite everything else they do.

Oh well.

Re:$120,000 down the drain.

[cb921]

yeah ain't it cool? :)

Cox in court

[rackrent]

Here's my recent email that I got from Cox:

--
As you know, Excite@Home has filed for Chapter 11 bankruptcy protection,
and it is currently in the midst of bankruptcy court proceedings. On
Friday, the bankruptcy judge is expected to rule on a motion to
determine whether Excite@Home has the right to shut down service to its
customers. We are actively negotiating with all parties involved to
come to an agreement before Friday. We are hopeful that we can reach an
agreement before the court ruling, which would mean that this ruling is
a non-issue.

In the event that we do not reach an agreement before Friday, then we
will look to the judge for a ruling on if Excite@Home has the right to
shut down service. If the judge rules that Excite@Home does have this
right, we will take all possible legal actions, such as filing an appeal
and asking for a stay, which is essentially a hold on any action.

In addition, we have service contingency plans to address all possible
outcomes, and we will keep you informed on developments as we have more
information. Please know that your satisfaction is our first priority,
and we are taking all necessary steps to ensure ongoing, reliable
high-speed Internet service for our customers now and in the future.
--

I don't know all of this legal jibber-jabber, but could Cox actually force @home to stay alive until they can get their own service running?

From the AiboPet FAQ. . .

[SMN]

From the AiboPet FAQ:

Q: How can I be part of the Legit-i-Mutt©TM program?
A: Well you can't. Legit-i-Mutt©TM is just a bogus name I came up with to explain the situation. Heck, it isn't trademarked, copyrighted, patented or with any legally clout what-so-ever. The real legally binding part is the Sony EULA, and standard copyright law. The EULA stays with the software in its original form or in experimental enhanced form found on this site.

Does anyone else think it's not very smart for a site that just received a threatening letter from hihhly paid lawyers for a multi-billion dollar corporation to be sticking little copyright and trademark indicators everywhere as a joke?

Re:From the AiboPet FAQ. . .

[swordgeek]

It's entirely irrelevant. I mean, ENTIRELY irrelevant, which means, 'who cares?'

Or alternatively, it might mean, "fuck 'em all."

Re:From the AiboPet FAQ. . .

[cb921]

Very dumb move. Ohhhhh goodness he's *really* going to get it now.

Silly DNS stuff

[Platinum+Dragon]

Apparently, Rogers' DNS is supposed to magically resolve "pop" properly. Didn't work here... fortunately, I was able to pull the relevant info from a dslreports.com thread.

The proper names for the POP and SMTP servers are:

pop.bloor.is.net.cable.rogers.com
ssmtp.bloor.is.net.cable.rogers.com (note: that's not a typo. Seriously.)

To make things a bit less obfuscated, aliases exist:

pop.broadband.rogers.com
smtp.broadband.rogers.com

Those should work beautifully. I kind of wish Rogers had just listed those in the first place, instead of relying on m4d DNS m4gik. It screws up in certain cases, as you and I both discovered.

Replying to myself. . .

[SMN]

Hate to reply to my own post, but I saw one more thing that I just had to add.

From the Wired Article:

Carlson resolved the fate of another ExciteAtHome asset Wednesday by approving InfoSpace Inc.'s $10 million purchase of the Web portal Excite.com. ExciteAtHome paid $7.8 billion for the Web portal two years ago.

There you have it. $7,800,000,000 ---> $10,000,000. Excite.com is now worth 0.00128 PERCENT of what it was worth two years ago!

As I said, these companies simply can't predict what the market will do. Do you trust the prediction of profitabilty in 10 years from a company that couldn't forsee one of its primary assets devalue 780 times in 2 years?

Even worse, let's say they have managed to draw up a plan to be profitable. Why didn't they have this plan a year ago, so they wouldn't be in the dilemma they face today? Oops, they can make those numbers move when they're forced to!

Believe me, I really don't want to see @Home go. My Internet connection this weekend will be Comcast@Home, and they don't even have a contingency plan (oooh, they say to use NetZero for 10 free hours! What a joke!). But this is absurd, and they simply cannot be allowed to continue on this joke of a profitablity plan of theirs.

Re:Replying to myself. . .

[Ymerej]

There you have it. $7,800,000,000 ---> $10,000,000. Excite.com is now worth 0.00128 PERCENT of what it was worth two years ago!

I get 0.128 percent.

I dunno, I have come to expect grammatical errors here in slashdot, but I should hope to find percentages calculated correctly, especially when the word is in ALL CAPS.

Freedom dies a little at a time.

[Chasing+Amy]

The point is, NO YOU DON"T HAVE TO CLICK ON WHATEVER THE FBI SENDS YOU. Why don't you READ the bloody USA/PATRIOT stuff and what has been released so far of the FBI's "evil plans" before you waste our time?

The FBI is given carte-blanche to install spyware on your machine in any way they wish, without needing a search warrant (which takes a relatively high measure of cause to get) from a Court in your jurisdiction, but rather by getting a wiretap order (much lower showing of cause) from Any Court ANYWHERE. They don't even need to go to your jurisdiction to a real Court--they can go to any Court whatsoever, like for example a Mickey Mouse Court right down the street from FBI HQ where there's a judge who hands out orders like they're Tick-Tacs.

That in itself is troubling. They can pick any judge anywhere to ask for permission to hack anyone's box. I'm sure they already have a good working relationship with judges who'd give them anything. Jurisdiction is there to protect you from judges like that. But not any more.

And the FBI can get their spyware onto your machine by any electronic means, including by exploiting any security vulnerability there is to get the conde on your box. Remember the bad root exploit that was revealed a few days ago for Linux? You can bet the FBI is subscribing to every bug track list and logging exploits they can use as they come up, so that they'll know how to break into your computer before you even know what the security flaw is and how to patch it. So, it isn't just stupid people who run foreign executables who are hackable. It's everyone.

Now, combine all that with what the FBI has done in the recent past, like getting a warrant and a gag order against the Independent Media Center to seize all their logs so that they could trace users who reported on the Canadian police report on how to deal with WTO protestors that someone had lifted from an unattended car in Canada, and interrogate them for the Mounties to try to find the guy who did it. Oh, and the IMC would have been unable to inform anyone of the order, and that visitors to the site were being logged and monitored by the FBI.

Now, that order was reversed the very next day by a real judge who actually knew what the Bill of Rights means. But with these new laws and regs, the FBI doesn't even have to tell anyone that an order ever existed in the first place. There's no real oversight, and no chance for an order to be overturned or deemed fraudulent or unconstitutionally vague or overbroad or just plains wrong. Today, the FBI would simply handle the above IMC freedom of press/speech "problem" like this: they'd go to the chambers of Judge Unconstitutional next door, get an order to install spyware on the IMC web server so that they can retrieve the logs they want and monitor any connections which might be from the user they want, and then go down a list of known exploits--some of which probably won't have been announced yet and won't have patches at all--until they get their software onto the IMC's server. Then they get their logs, and monitor connections--and of course if anyone talks about any protest plans that may be questionable to the FBI while the spyware is installed, then hey, it's in plain sight during an investigation which required them to view server logs. And even if it isn't, who cares--the FBI isn't known for their oppenness and honesty; they'll use the information to find or manufacture a legally more acceptable excuse for going after their new suspect. Their new suspect who was just exercising his right to free speech and his right to peaceably assemble to ask the government for redress, BTW.

As you can see, the potential for this legislation goes far beyond just logging keystrokes to get PGP passwords of terrorist suspects. Right now, that's what the FBI has publicly disclosed about Magic Lantern. What they haven't disclosed could well be the cababilities to remotely access the whole system to do things like what I outlined above. Remember that when the Carnivore documents were initially released, the parts about Magic Lantern were blacked out. What makes you therefore think the FBI has told us everything about Magic Lantern now that its existence is no longer blacked out?

At any rate, if you read the new laws, they give the FBI the chance to do far more than sniff PGP keys. Knowing what we all know about the FBI, they are planning to exploit the law to its fullest. If Magic Lantern really is only a key logger, then you can bet they have another piece of software that's still classified to do the rest. And isn't a key logger bad enough as it is, since they now have the ability to get secret installation orders from any judge they choose at any kangaroo Court? That in itself can be used to access a lot more than your PGP keys, which is already an invasion. Every word you ever write on your computer could be theirs, and you'd never know it if they disguise their program well enough--have it replace your networking layer, let's say, so that for all intents and purposes it's indistinguisable from the processes that run whenever you're net-connected. What might any of us be suspect for? Going to the IMC website and posting our opinions or protest experiences? Running a site like the IMC, which might itself get bugged and logged thanks to a sympathetic judge? Again, the orders can be secret, so there's no real oversight.

We're on dangerous ground. I visit forums where people sometimes talk about illegal things, like borderline protest activities, or illicit datastreams, though I never do so and never do any illegal things (except maybe smoke cigars in public--what a country) myself. Does that mean my PC should be tagged, bagged, and monitored? The FBI probably thinks so. Anyone who'd even think of protesting must be a communist--if only we could tap 'em all like we did with the civil rights leaders in the 60s. Oh wait, now we can! Who needs J. Edgar Hoover, when you have thousands of FBI agents who are trained according to the methods he set up himself?

Re:Freedom dies a little at a time.

You post to alt.binaries.pictures.erotica.pre-teens.

You shouldn't be bugged. That's wrong.

You should be shot in the crotch with a 12-gauge.

Missy

Re:Freedom dies a little at a time.

[Chasing+Amy]

Hmm. Your logic is severely lacking. Martin Luther King, Jr., never committed a crime, and yet he FBI was on his ass like white on rice. Err, maybe that isn't an appropriate metaphor to use with a great Black leader...

Point being, anyone who does anything the people in power don't like are targets. That would be why when the FBI caught MLK in an extramarital affair thanks to their illegal bugging, they mailed him an anonymous note telling him to back down or commit suicide or else they'll release their audiotape of him with another woman.

The FBI (and sister agency ATF) does evil things like that all the time. For example, in Ruby Ridge they murdered the wife and son of an innocent gun owner for the "crime" of legally exercising his 2nd Amendment rights--all because the administration in power didn't like guns and wanted to subvert the 2nd Amendment. And no wonder, because "An armed man is a citizen. An unarmed man is a subject."--Robert Heinlein And of course at Waco, David Koresh's only crime was selling one sawed-off shotgun (the barrel had only been shortened a little, and by a third-party--Koresh was in business with a registered gun dealer). Yet for that small infraction the FBI and ATF killed dozens of people including many innocent little children. And afterwards, they accused Koresh of child abuse--which the sherriff in the town they lived in disproved, since Koresh's wives were above the age of consent for marriage in Texas. And if the ATF hadn't botched the operation and fired first, prompting a justified return of fire from the twitchy Texans (c'mon--everyone owns a gun in Texas!), then the surviving Branch Davidians who were charged with murder would not have been acquitted on the grounds of self defense--which they were, though it wasn't much publicized. And if they hadn't fired first then the 300 lb. steel front doors which they fired through wouldn't have been "lost" by the FBI along with the rolls of film taken the day of the storming by the Texas Rangers which the FBI took from them. How can you lose 3oo lb. steel doors, especially when they were the only part of the building left after you burnt it down by accidently igniting the CS gas you were pumping into the building through the nozzle of a Bradley Fighting Vehicle? In the end, Waco was about the ATF/FBI storming a religious community instead of just showing up with a warrant like they should have, because they didn't agree with the religion of the commune's members, even though the only thing illegal that any of them had done was that the leader, a licensed gun dealer, sold a shotgun whose previous owner had cut a couple inches off the barrel. There's a wonderful HBO-sponsored documentary about it, among others.

Face it: no one whose political views are anything like Thomas Jefferson's or George Washington's is safe from the Department of Justice in this country. This legislation basically frees the FBI to initiate a campaign of monitoring exactly like their campaign against the civil rights leaders and student demonstrators of the 1960s. Only now, it will be against hackers, WTO protesters, anti-corporatists, anyone who violates the DMCA by enforcing his Fair Use rights, and anyone who pisses off a big corporate benefactor like the RIAA or MPAA--and anyone else they just don't like. Read Declan's Politech list for a good sampling of who that is.

Al Quaida isn't the biggest terrorist organization operating in this country. The FBI is.

Re:Freedom dies a little at a time.

[HiThere]

That's bad. In fact that's quite bad. But we're talking about a citizenry that accepts the Microsoft XP license as nothing to get upset about.

Now it's true, the FBI can do more to you than Microsoft (legally) can, but the Microsoft license seems to make it a contractual agreement that they have the right to wipe your hard disk (or modify it in such other way as they choose) just because they choose to. No othe reason needed.

I am going to require a signed order from upper management for each time I am requested to install this system. And I'm going to ask the company lawyer to click the agree button. (But I'm near enough to retirement that I can get away with that, too. If they try to push, I'll just retire.) The problem is, nobody else in the company takes these things seriously. The lawyer says "No court would enforce this." He doesn't seem to understand that MS would just *DO* it, and a court wouldn't enter into the picture. Not until you tried to figure out how to make them stop doing it. And then they'd have the contract on their side. (It might be ruled invalid, eventually, but the penalties would certainly be trivial, and they could tie things up for years! So NOBODY is going to challenge it. At least not after any significant fraction of their computers are using XP.)

.

Re:Freedom dies a little at a time.

[benb]

> No crime = No FBI spy software on your machine.

What a bullshit. If you understood anything what he wrote above, or had a tiny bit of common sense, you'd know that you are dead wrong.

Probably, you're just a troll.

rats!

This Magic Lantern thing sounds terrific, but i anticipate a few problems may crop up. First of all, will legislation will be considered to outlaw dyslexia, so as to avoid wasting valuable Agent time when deciphering the eventual keyboard logs? Or will dyslexic persons be afforded the protection of their condition regardless of criminal intentions?

Also, isn't this whole thing merely a knee-jerk counter in the race for mo' betta communistic tools of oppression? I'll bet a goodly sum that the Russians are still way ahead of all things American in this regard, so don't congratulate yourselves yet..

When taken in the proper context, it becomes clear that the only real advantage that you Yanks have is that your FBI and CIA are clearly uncorruptable and would never abuse this 'advanced' key logging technology (if indeed such ever existed ;)

Looks like those pesky nazis are getting a lesson in police state operation from you obliging Yankees!
well who am i kidding anyway.. we'll have a DMCA Act of our own here in Canada soon enough, and we've already got the gun control part down pat (see 'Popular Hitlerian Tactics to Subvert Your Country's Ideals in An Age of Unchecked Freedoms' @ http://strategis.ic.gc.ca/SSG/rp01100e.html) so i guess i'll see y'all in prison when the shit goes down

Insight@Home

[adamjone]

I received this message from Insight@Home yesterday. They are planning on posting updates tomorrow as soon as they get work about the court's decision. Insight is the cable provider for the various areas throughout Indiana, Illinois, and Kentucky. They also suggest that they will support a portion of the network locally until a better resolution is found.

Re: 'Z' ^ 'J' ^ 18 ?

[ahaning]

Sorry, perhaps I'm taking you too literally. However, seeing as how your post has been moderated "funny" and I'm failing to find it funny just staring at it, would some one mind explaining what's so funny about it? Do 'Z' and 'J' refer to certain numbers or something? (Their decimal numbers with the "A=1 B=2 C=3" code would be too high. As would their int values in a computer.) If so, I'm not seeing how raising them to powers would at all be equal to 2. Especially with that 18 in there.

However, I could just be trying too hard to make sense out of it.

Undeniable plausibility

[DaoudaW]

One might expect McAfee to be working under a plausible deniability agreement. But I for one grant Ted Bridis undeniable plausibility!

Re: 'Z' ^ 'J' ^ 18 ?

[Rosco+P.+Coltrane]

In ascii, Z=90, J=74, so Z^J=16, and 16^18=2. Mixing ascii chars, integers with logical and binary operators is a classic trick to obfuscate C.

@Home idiocy

[Dudio]

It's funny, but I got an email from @Home Monday or Tuesday saying the network was going down at midnight for hardware upgrades. I can just picture the meeting:

Lawyer: I have some bad news. We may be forced to take our network offline Friday.
PHB: Uh oh. We'd better deploy that new hardware tonight instead of next week then.
Lawyer: Ummmmm...
PHB: You see, this way we show our customers that we're commited to serving them.
Lawyer: Errrrmmmmmm...
PHB: You have to take public opinion into consideration. If we upgrade the network, maybe our customers won't ditch us for DSL.
Lawyer: But...
PHB: It's settled then. I'll have my secretary send out a memo.

Re:second post

Mark Knopfler was not in Lynyrd Skynyrd, you silly boy! He did do the music for "The Princess Bride", though.

Who's next? (re: Trend Micro)

[Bob_Robertson]

Hopefully Trend Micro http://www.antivirus.com/ won't also fall prey to the "war fever" patriotism in the US.

Their Housecall product, at least, is used all over the world, I'm sure that people will not trust something with a known built in weakness.

My employer just changed to Trend Micro from Semantic/Norton. Good riddence.

It's easy enough to just reverse engineer these things, if you know what you're looking for. And certainly the people who do fear the FBI's being able to scan them will pay some hungry cracker for such information, and to release a hostile virus under the umbrella of the FBI's requested/required "weakness".

Having to develope/deploy a new trojan every week to cover the fact that the last one was hacked and released is going to make the FBI efforts completely useless and wasteful.

Bob-

Re: 'Z' ^ 'J' ^ 18 ?

[ahaning]

That's what I thought. However, I rejected this possibility, as, according to calc.exe, 90^74 = 4.110983167056966365830008693908e+144. And then 16^18 = 4722366482869645213696. However, I'm looking at this again and seeing that 90-74 = 16. And 18-16 = 2.

Hrm. The carat isn't 'modulus', though. Erm, what does the carat mean in C, again?

Re: 24000 dialup

[No+Such+Agency]

I dial up at 28.8 and it's not so bad. Granted, you have to do without seeing the latest movie trailers/Flash vids/pr0n clips, and _no_ Counterstrike, but overall it's remarkably tolerable. Still entirely possible to check web mail, telnet, surf the web with little frustration. You tend to be a little more picky about which web sites you visit: simple clean site design and minimal/no Flash or Javascript become definite merits. You _do_ end up watching a bit more TV, and even reading books. It's not so bad. Repeat after me, "fast internet access is not oxygen, I can do without it"... :-)

Re: 'Z' ^ 'J' ^ 18 ?

[eblake]

^ stands for xor (bitwise exclusive or). What do they teach in CS classes these days?

'Z' == 0x01011010 == 90
'J' == 0x01001010 == 74
0x00010010 == 18
result == 0x00000010 == 2

Re: WINS alias?

[Tassach]

POP and SMTP are RFC standards for email delivery. They use vanilla TCP/IP, and rely on DNS for name resolution. NetBIOS names are completely irrelevant to the process, WINS is not used.

NetBIOS is a M$ hack that lets you use SMB file sharing over a TCP/IP network. It has nothing to do whatsoever with any standards-based email delivery system.

Re: 'Z' ^ 'J' ^ 18 ?

[Rosco+P.+Coltrane]

'Z' == 0x01011010 == 90

Ahem ...

0x01011010=16846864
01011010b=90

What do they teach in touch-typing classes these days ;-)

Re: 'Z' ^ 'J' ^ 18 ?

[ahaning]

Well, I'm not technically a CS student, though CS is looking more tempting (currently in Elec./Comp. Engineering). And I don't really do much coding, so I've rather forgotten the C/C++ that I do know. (The software I need is either already coded, or the work it would need is beyond my ability.)

Thank you, eblake, for the explanation. I guess I really did know what it was, I had just forgotten. And I had always learned it as "modulus" and not "bitwise xor".

Correction

[VP]

... $15 per @home subscriber per month. 4.6 mil. subscribers: 828 million per year.

This should read 4.16 million subscribers: $748 million per year.

IBM deserves it

[swordgeek]

Spraypainting sidewalks? Spraypainting

This is simple vandalism. What's the question?

Re:IBM deserves it

[NeMon'ess]

I don't know or care what the article says, because it wasn't spraypaint, it was spray-chalk! The idea was that the spray chalk would just wear off after a couple of weeks from foot traffic then rains would finish it off. The spray-chalk turned out to be much tougher than expected, and the municipalites got pissed off long before it was expected to wear away anyway.

NY Times Article on @Home Problems

[instinctdesign]

The New York Times (free reg, etc) is an article about the latest @Home issues. Its an interesting read.

I wonder which broadbamd providers will be left... Verizon DSL is looking pretty good at this point. What a sad result of the times.

Re:NY Times Article on @Home Problems

[eclectric]

I've yet to say anyone make any substatial proof that dollar-for-dollar, DSL is better than Cable. Perhaps if someone could point me to a decent comparison (not done by cable or telephone companies) I might be inclined to fork over the money for DSL.

@home customers deserve it too

[swordgeek]

Seriously folks, who hasn't seen the writing on the wall for at least the last 18 months about the dire straits of @home? Let's be generous, and say only since the "economic meltdown" (actual quote!); who didn't see this coming?
@home was a bad company with a bad business plan, hoping to get rich on a bunch of early high-speed subscribers. When that proved to be a disaster, they naturally dealt with it in the standard way--by lying until they could bail.
Why this is news, I'll never understand.

Re: 'Z' ^ 'J' ^ 18 ?

[The+Panther!]

Modulus is the % operator. Stick to EE/CE. They need you more than we do. ;-)

Uh

[autopr0n]

But if you already have control of the users machine, what the hell would the point be of hijacking windows update? remember, the whole point of the operation? to get control of the users machine?

Way to go IBM!!!

[CProgrammer98]

It's good to see old Big Blue changing its image from boring, staid men in suits and serious scientists with no sense of humour to "teenage rebel". I'm sure even the $1billion is they're spending on promoting God's own OS is mere small change, and they'll just consider the paultry fines as marketing costs. As the article says, the target audience for this campaign will be giving shouts to IBM for doing this. It's a way cool publicity stunt!

???

Has anyone found a link to the picture? I just want to have it on my desktop?

Correction:

[Chasing+Amy]

Correction: I post TEXT to alt.binaries.pictures.erotica.pre-teen , which is more or less a discussion group these days despite its location in the binaries hierarchy. People who look for illicit material usually go elsewhere these days, like alt.binaries.pictures.underage-admirers or alt.binaries.pictures.erotica.mclt . I'm sorry if you think posting text messages to a discussion forum, not unlike the messages we're posting now to this discussion forum, should be a shooting offence.

Since you seem intent on mentioning to everyone my text posting habits at that forum, you could also mention that I arrived in my capacity as a writer conducting research on pedophiles online, observed the text postings to get an understanding of the subject, and then started talking to the regs over there because dspite their odd habit of collecting images of nude 12 year old girls, they're largely intelligent guys with a very twisted and enjoyable sense of humour. Imagine John Cleese portraying a paedophile in a sketch, and that's what some of the regs are like. And what geek doesn't like John Cleese? :-)

See, it's folks like yourself we should all be worried about, because it's people with your attitude who usually work for the FBI. I have little doubt I will be unfairly and unconstitutionally monitored online by some law enforcement agency or another thanks to the legislation like this which makes it far too easy to monitor people for any reason, even if it only be because of the opinions they hold or the company they keep. Fortunately for me I only hang out with people who collect illegal binary 1s and 0s, rather than doing anything illicit myself. And I'll also note, lest anyone think the company I sometimes keep is truly bad company, that I'm informed that almost all of the images they trade in are scans of magazines from the 1970s when such magazines were legal and sold in normal porn shops, and that the new images are soft Playboy-esque photographs shot in art studios in Russia where it isn't illegal to possess a picture merely because a minor is nude in it in a nonsexual way. Minors are even occasionally seen nude in mainstram movies in Europe--like the Oscar-winning German film *The Tin Drum* which was declared by hillbilly Courts in Oklahoma to be child porn yet which has been shown on Cinemax and HBO. So, the notion of such things is usually very distorted--the idea of hardcore porn involving minors even offends the regulars at alt.binaries.pictures.erotica.pre-teen , and most of what is termed such by the FBI for publicity purposes is usually from what I hear soft and artistic like the famous Robert Mapplethorpe photograph which was unsuccessfully prosecuted in Cincinatti as depicted in the recent Showtime movie *Dirty Pictures*.

Getting back on-topic, add the Internet wiretapping provisions in Magic Lantern mentioned here, to the FBI plan discussed befor on /. to concentrate Net traffic through a few Carnivore-equipped nodes on the backbones, to the fact that the new laws allow the FBI to monitor and log all header data even with no warrant and even on a broad basis, and you have a framework under which the FBI will really be watching anyone it doesn't like without warrant and without oversight. And with dicks like the AC above permeating the FBI, I won't be the only one watched--everyone who goes anywhere online that the FBI dislikes, like the IMC abnd other alternative news outlets or hacker hangouts, will be monitored. They'll be able to look at all your headers with no warrants or orders, and for going somewhere "subversive" or alternative or progressive and talking to the wrong people they'll be able to use that to get an order from their favorite judge to install monitoring or keylogging software on your PC. Before you think it's far-fetched, remember what they tried to do with monitoring the IMC website just recently, and what they did all the time to people like Martin Luther King Jr. in the not-so-distant past. And remember what FBI Director Freeh said: "The American people must be willing to give up a degree of personal
privacy in exchange for safety and security." And that was years before 9/11, the day the FBI got carte blanche to do anything it wants as long as it claims to be fighting terrorists and other baddies.

Penguin cause pollution?

[DarklordJonnyDigital]

x136 asked, "IBM has been fined again for spraypainting their blue "Peace, Love & Linux" logo, this time on the streets of San Francisco. The bill? $120,000... Who thought this was a good idea in the first place?"

Rumours abound that it was a Microsoft idea, in the first place. While we can't be sure if Microsoft thought up the idea before anyone else - I believe EasyJet tried a similar thing in Belfast, Northern Ireland with chalk drawings on the pavement, and were sued accordingly - it's been rumoured that Microsoft was forced to get their checkbook out after hiring spraypaint artists to advertise the X-Box in a number of cities.

So, if it makes you feel any better... it's not just the Penguins who are causing all that pollution. :)

your webpage sucks beyond redemption

oh and taco is spelled with two ff's.

Re: WINS alias?

[psamuels]

NetBIOS is a M$ hack that lets you use SMB file sharing over a TCP/IP network.

<lie>I hate to be pedantic</lie>, but NetBIOS is SMB file sharing (and printing, and MSRPC). The M$ hack you are thinking of is NBT, or NetBIOS-over-TCP/IP. NBT includes NBNS, the NetBIOS name service, which Microsoft calls WINS. The other confusing bit is that Microsoft sometimes uses "WINS" to refer to "NBT name resolution by any mechanism", and sometimes to mean "NBT name resolution by consulting an NBNS server".

And ... while ordinarily WINS has nothing to do with email delivery, in Microsoft land this is not always true - the TCP/IP stack will use NetBIOS to look up what should be DNS names - sometimes, at least - before falling back to DNS. I'm not sure whether to consider this a bug or a feature, because it would help in a case where you run an internal web server ("intranet" in LRMT, the Lexicon of Redundant and Misleading Terms) but are too clueless to run your own DNS.

(Whether such people should be encouraged to manage a web server at all is an open question.)

Hacked !?

[mattr]

Nice lookin' page there.. Guess the public has nothing to fear from Magic Lantern if these are the security experts responsible for it.

Re:Hacked !?

[mattr]

Or is that the way the page is supposed to be??? I give up.

Re: 24000 dialup

[tb3]

No, fast internet access is like crack, once you're hooked, the withdrawl pains are brutal.

Comcast's Free Backup Plan

[Phrogz]

This part from their FAQ just kills me:

The free service offers ten hours per month, which should be sufficient to get you through any short-term outages.

Are they insane?! 10 hours per month? "Sure, after having always-on internet, after realizing that it's easier and faster to just visit dictionary.com rather than break out the deadtree version, after discovering the wonderful mix of interactivity but on-your-own-schedule that trading emails with a friend throughout the day is...sure, 20 minutes a day out to be plenty, right?"

Incredible. 100% false statements like these framed as happy truths in a company's public communication just make me want to scream. They should say "We know this sucks for you; understand that it sucks for us, too. We're really trying hard to minimize the effects on you, and have come up with a plan where you at least can have a LITTLE bit of access to the internet for free."

Phah!

Re: 24000 dialup

[Phrogz]

Repeat after me, "fast internet access is not oxygen, I can do without it"

How am I ... *halp* ... supposed to speak when ... *hulp* ... I can't ... *help* ... breathe?

One virus; two or more *viruses*

[yerricde]

The big deal, really, is that the FBI shouldn't be writing virii.

They're not going to be writing "virii," because "virii" is not the plural of "virus." It would be the plural of a hypothetical Latin term *virius. How hard is it to say "viruses" fellas?

Re:One virus; two or more *viruses*

[HiThere]

Would you prefer "virae" for a plural?
Or one could be obscure, and just use "virus". (I don't believe that there is a regular for for the 5th declension.)

Languages aren't all that regular. Even computer languages aren't totally regular. So there's nothing inherently wrong with assuming that there is a Latin word "virus" whose plural form is "virii"

Re:One virus; two or more *viruses*

[GTRacer]

That, and most languages are considered living languages because their words and usage changes over time.

Hands up who remembers complaining about "ain't"? Now that it's in many dictionaries, even as a colloquialism, what's the diff?

Virus pl. -es, virii (col)
n. ... ...

Find something else to bitch about, please. Like "Pr0n" or "b0xen".

GTRacer
- Protecting my pr0n b0xen from virii with my l33t n3kk1d 5k1llz!

Until the FBI strikes a deal with M$

[gosand]

If they can legally do this, what is to stop them from striking a deal with M$ to include something like this with the latest version of their Monoperating System? With XP and Passport, I suppose they could just force all users to "upgrade".

Do you think M$ wouldn't jump at the chance to get these anti-trust issues taken care of?

Sounds a little like a conspiracy theory, yes. But ask yourself if it could happen. You betcha it could.

D.I.R.T appears to be a fake

[ehackathorn]

I'm not sure if this has anything to do with Magic Lantern...

More from Politechbot

Re:D.I.R.T appears to be a fake

[number11]

Plenty there to suggest that the owner of Codex is a slimeball, and lies about the capabilities of his product. But D.I.R.T. does appear to be a real Trojan with surveillance capabilities (as well as the ability to plant evidence on the suspect's hard drive), really being sold to government(s) by this creep.

That Magic Lantern is a custom version of D.I.R.T. was suggested here.

Re:D.I.R.T appears to be a fake

[ehackathorn]

Not to be a disbeliever, but you wouldn't have any idea who his "realiable sources" are would you?

Eric

Re:D.I.R.T appears to be a fake

[number11]

Not a clue. The source claims to be an editor of Internet Security Review and, if that's true, probably has a lot of contacts. But what do I know? I don't really care who wrote it, so long as it becomes common knowledge how to defeat it. It will be amusing when someone with a hex editor edits it to send its keystrokes elsewhere, and starts mailing it to fbi.gov addresses, though.

Re: 24000 dialup

[No+Such+Agency]

Good question. And tell me, Mr. Anderson, what good is a phone call when you are unable to speak?

Re:Magic Lantern: An exercise in misdirection

Hmm... magic lantern 'released' and then the "BADTRANS.E" virus comes out, which, by coincedence installs a keylogger on everyone's machine... CNN runs the story, people install the patch, and voila, simple misdirection and lots of people have Magic Lantern voluntarily installed on their machine... call me paranoid...
but M$ + DOJ + The George Dubya I'm a goddamn fucking texan with nukes for testicles = conspiracy...

Re: WINS alias?

[Tassach]

You are, of course, correct regarding the NetBIOS vs NBT distinction. That'll teach me to post after midnight.

I wasn't aware of M$ using WINS in preference to DNS, but then I don't do windows if I can possibly avoid it. However, this sounds like a bug to me, because a machine's NetBIOS name doesn't have to be the same as it's DNS name. I don't see where someone would be clueful enough to set up a WINS server but not a DNS server; the only place I can see this being useful would be in a small peer-to-peer workgroup setting, and that's pretty marginal.

DeCSS suggestion

[merigold77]

In the brief this portion was clarified:

1. Posting

The initial issue is whether the posting prohibition is content-neutral, since, as we have explained, this classification determines the applicable
constitutional standard. The Appellants contend that the anti-trafficking provisions of the DMCA and their application by means of the posting
prohibition of the injunction are content-based. They argue that the provisions "specifically target . . . scientific expression based on the particular topic
addressed by that expression--namely, techniques for circumventing CSS." Supplemental Brief for Appellants at 1. We disagree. The Appellants'
argument fails to recognize that the target of the posting provisions of the injunction- -DeCSS--has both a nonspeech and a speech component, and
that the DMCA, as applied to the Appellants, and the posting prohibition of the injunction target only the nonspeech component. Neither the DMCA
nor the posting prohibition is concerned with whatever capacity DeCSS might have for conveying information to a human being, and that capacity, as
previously explained, is what arguably creates a speech component of the decryption code. The DMCA and the posting prohibition are applied to
DeCSS solely because of its capacity to instruct a computer to decrypt CSS. That functional capability is not speech within the meaning of the First
Amendment. The Government seeks to "justif[y]," Hill, 530 U.S. at 720, both the application of the DMCA and the posting prohibition to the
Appellants solely on the basis of the functional capability of DeCSS to instruct a computer to decrypt CSS, i.e., "without reference to the content of
the regulated speech," id. This type of regulation is therefore content- neutral, just as would be a restriction on trafficking in skeleton keys identified
because of their capacity to unlock jail cells, even though some of the keys happened to bear a slogan or other legend that qualified as a speech
component.

Content neutral as to the speech component of the code! What this means is that it would be legal to post a "version" of DeCSS that would be non-functional. For example, if a bug were purposely inserted into the code and it would no longer run. If the code is not functional, it is not banned - the speech component of it is not what is being prohibited.

Ok, I suggest this to 2600 or anyone else who wants to post DeCSS or other decryption programs - add typo/bug's to it. Don't actually state where the bugs are, leave it as an excercise for the reader. Since the code is speech, I imagine most readers who can comprehend the speech can also mentally fix the typos - but computers cannot (typically) and, therefore, you've removed the objectionable portion of the code...

Re: WINS alias?

[psamuels]

However, this sounds like a bug to me, because a machine's NetBIOS name doesn't have to be the same as it's DNS name.

Not only that, but NetBIOS names are not even analogous to DNS names. A DNS name is presumed to be for a single server (in practice, of course, it is often round-robin, but that's the theory anyway) whereas a NetBIOS name is per-service on a given server.

Sure, on an average Win95 box or NT workstation you don't see much difference, but do a NetBIOS name status query ('nbtstat -a' on Windows, 'nmblookup -S' on Unix with Samba) on a domain controller, Exchange server and/or IIS server some time. All three add funky names to the namespace advertising their services.

Which isn't to say DNS-lookup-via-NetBIOS-names doesn't work (it does) but it's conceptually wrong.

I don't see where someone would be clueful enough to set up a WINS server but not a DNS server;

No doubt you are right, but by WINS lookup I meant NetBIOS name lookup (you know, the "other" Microsoft definition of WINS), not necessarily via a WINS server. NetBIOS names are more or less plug-n-play on a simple network topology.

Re:Magic Lantern: An exercise in misdirection

[Tackhead]

> Hmm... magic lantern 'released' and then the "BADTRANS.E" virus comes out, which, by coincedence installs a keylogger on everyone's machine... CNN runs the story, people install the patch, and voila, simple misdirection and lots of people have Magic Lantern voluntarily installed on their machine... call me paranoid...

Funny, I never thought of that, but I did think the original SirCam was an attempt by some d00d to get people in the financial industry to unwittingly leak insider information.

Two kinds of sysadmins. Paranoids and losers.

Maybe I'm just paranoid here...

[cyphergirl]

I think the thing that pisses me off the most about Comcast offering me NetZero service (that doesn't run on my Linux workstation) is that they're doing it with a REFERAL ID. WTF? Are they trying to make a few bucks off of my misfortune or what?

Re: 'Z' ^ 'J' ^ 18 ?

[ahaning]

Funny. They seem to do the same thing (to me).

Are there cases where bitwise xor and modulus give different answers for the same number?

Re: 'Z' ^ 'J' ^ 18 ?

Yes. For example, 5 ^ 2 == 7, 5 % 2 == 1

My response to McAfee's Press release

[Hawat]

Mr. Mosqueda,

I very much appreciate your prompt reply and it will teach me once again not
to trust the Washington Post. My apologies. This takes care of your point
1.

Points 2 through 4, however, are not as reassuring.

2-Your expectation that the FBI will not contact you is nice, but
irrelevant. Possibly naive. Best of luck.

3-Um, I would not expect them (or, necessarily, you - and this is the point)
to confirm it.

4-The question of compliance with US laws and regulations is not in
question.

_Carnivore_ is public knowledge. The principle the FBI may wish to apply is
not in dispute.

So, the issue at hand is whether there may be a secret "law or regulation"
requiring you to let "Magic Lantern" pass your protection. Or, if you would
do so voluntarily (despite the scurrilous history of The Post).

If there is such a "regulation", and it is a secret, the public might well
have the expectation that McAfee would not acknowledge compliance.

If you can be demonstrated to have offered ... well...

Therefore, a stronger statement would be more reassuring. Something on the
order of: "We are a provider of personal and corporate security products.
Leaving such a hole in our protection software is not only demonstrably
ineffective, but also dangerous to our customers and the security of
critical data in the United States. Unless required by the EXPLICIT laws or
regulations of the United States, we cannot, in conscience, comply with any
such request. Since it would be discovered in any case, it would be
corporate suicide to offer this unasked. If any government agency asks for
such a consideration we will insist that a warning label (similar to that on
a cigarette package) be required by Federal law on all such products."

This would be neither unpatriotic nor unreasonable. However, I will be
looking for the inevitable freeware products which will supplement my virus
protection anyway.

Since we have the Internet (and if we didn't this would be moot) the FBI
cannot accomplish its goal (assuming it has this goal) by forcing your
compliance with a secret regulation. If it should try, you should be
leading the charge to make that attempt public. It cannot work for long,
and it jeopardizes your stockholders' investments and your employees' jobs.

Finally, I sympathize with the position in which your company has been
placed by this erroneous reportage. Probably there is nothing you (and by
simple extension, any other company in your marketplace) can do to squelch
this.

I am sorry that I can presently provide no better advice as to how this
problem may be resolved. Perhaps suing The Post for libel? Maybe asking
slashdot????

Duane Hershberger