Slashback: Petdom, Denial, Confusion

Slashback tonight features updates (below) on Aibo hacking (a rare bit of good news on the technical freedom front), some not-great information for excite@home users concerned about the looming darkness, a strange update in the FBI/Magic Lantern story, and more. Only Carnivore operators will know the truth. elem writes "McAfee has now come on the record and has denied contact with the FBI about the 'Magic Lantern' Project.

In an e-mail to Declan McCullagh which has also been posted on his PoliTech mailing list McAfee said the following:

"Dear Sir/Madam:

1. Network Associates/McAfee.com Corporation has not contacted the FBI, nor has the FBI contacted NAI/McAfee.com Corp., regarding Magic Lantern.
2. We do not expect the FBI to contact Network Associates/McAfee.com Corporation regarding Magic Lantern.
3. Network Associates/McAfee.com Corp. is not going to speculate on Magic Lantern as its existence has not even been confirmed by the FBI or any government agency.
4. Network Associates/McAfee.com Corporation does and will continue
   to comply with any and all U.S. laws and legislation.

Regards,
Marisa Lewis
Investor Relations Manager
McAfee.com Corporation
NASDAQ: MCAF
535 Oakmead Parkway
Sunnyvale, CA 94085
408-992-8100 phone
408-720-8450 fax
www.mcafee.com"

In a subsquent post AP reporter Ted Bridis responed by saying: "I stand by my reporting for the AP. This information came from a senior company officer. I won't identify this person in this post because I've been unable to reach this person by phone or e-mail since the flap erupted."

He also noted that McAfee never specificly denied that they might write such allowances (for Magic Lantern) into their software, it just says that they have yet to have been asked to.

Original story on slashdot and Politech with follow ups

McAfee's Response and Ted Bridis' response"

Rethinking is always a good idea. javester writes: "Sony has come to its senses and has struck a deal with AIBOPET, after the fan site was shut down when Sony's lawyers came calling last week of October.

Way to go Sony and AIBOPET!!!! More power to both of you for finding a compromise where everybody wins! Hopefully, other parties having DMCA tussles follow Sony's and AIBOPET's example, and have more constructive discussions instead of legal suits galore."

Penguin cause pollution. x136 writes "I saw this on my local Fox affiliate, but found a link on LinuxWorld. IBM has been fined again for spraypainting their blue "Peace, Love & Linux" logo, this time on the streets of San Francisco. The bill? $120,000. First Chicago, then San Francisco ... Who thought this was a good idea in the first place?"

Well, I thought the giant murals in NYC were great, but the sidewalk idea strikes me as IBM playing Brewster's Millions with the billion dollars they pledged to spend on Linux.

Out of the freezer and into the blizzard ... An Anonymous Coward writes "Comcast has decided to offer a backup plan in case their cable modem's die due to Excite@Home's bankruptcy. Good thought but the backup is NetZero. Gee thanks Comcast. Here is a link to their Service Interruption FAQ. http://www.comcastonline.com/info.htm"

Make it obfuscated, but make it snappy. Rosco P. Coltrane writes "If you haven't submitted your program(s) to the International Obfuscated C Code Contest, now is the time : the deadline is December 1st, 2001, there is only two days left !"

Magic Lantern: Big effing deal.

[Tackhead]

I don't get all the objections to the FBI spyware thingy. Nor do I get the notion that it's somehow as intrusive as even the sneak-and-peek thing they did against that mobster a few months ago.

In the case of Scarfo (the mob guy), the Fedz had to break into the guy's home and h4x0r his b0x3n with a hardware device. Obvious case of the Fedz breaching the mobster's right to be secure in his home and property.

In the case of Magic Lantern, they'll do it from their office. It'll be up to the target to do the st00pid thing and run the executable. I can see an argument that by voluntarily running trojanned code, he gives up his right to security.

That is, it's not the Feds breaking into the guy's home, it's the Feds sending the user an email. If the user doesn't run it, the user remains safe. If the user chooses to run it, he violates his own security *on behalf of* the Feds. This may be the crucial legal distinction that makes this work in court, where the Scarfo keylogger didn't.

(And besides, isn't this what half the /. crowd says when the latest Microsoft worm-du-jour shows up? "Well, they were running Windoze, they shouldn't expect to be secure!" ;-)

Finally, I don't see what the worry is about virus scanners not detecting it.

This is *not* a worm, nor is it a virus. That is, it doesn't try to spread to other computers over a network, nor through infecting files (remember, its goal is to *avoid* changing anything on the target system, to preserve the integrity of the evidence), so there's no risk of collateral damage.

So you have a data collector that doesn't damage data, and doesn't replicate. Since it doesn't replicate, it doesn't leave the infected system. Since it never leaves the infected system, the number of copies of Magic Lantern "in the wild" will always be a small number - likely, "one per suspect".

Since it doesn't exist in the wild, doesn't propagate, and since each instance of it may be unique, there's really no way for a virus scanning company to add its signature to a database, even if they needed or wanted to.

And on that "one copy per suspect" note, because it doesn't need to propagate beyond the infected system, I would guess that it's likely to be an executable tailored to the target machine - which may imply different checksums/signatures, and very probably, different "bait" email messages, tailored to the suspect.

Suppose we decide to use a 'sploit based on Javashit embedded in PDFs. We'd send a PDF of plans for a meth lab to our suspect drug kingpin, and PDFs of the You-Know-Who's "Jihad-HOWTO on CD-ROM" to our suspect terrorists.

OK, so we probably have come up with a totally different infection vector when Adobe calls up and contracts us to perform a hit on m0st-ph33r3d c0pywr1t3 t3rr0r1st Dmitry Sklyarov, but for most dirtbags, it'll work...

Re:Magic Lantern: Big effing deal.

[Matthew+Weigel]

The big deal, really, is that the FBI shouldn't be writing virii. Either they politely ask, 'can we violate your security,' or they politely ask, 'can we break into your home.' "Cloak and dagger" should not be their MO, "implicit permission" is unacceptable.

Re:Magic Lantern: Big effing deal.

[Tackhead]

> The big deal, really, is that the FBI shouldn't be writing virii. Either they politely ask, 'can we violate your security,' or they politely ask, 'can we break into your home.' "Cloak and dagger" should not be their MO, "implicit permission" is unacceptable.

"Hello! We send you this file in order to have your PGP passphrase!".

C'mon, what could be more polite than that? ;-)

Re:Magic Lantern: Big effing deal.

[AgTiger]

> In the case of Magic Lantern, they'll do it from their office.
> It'll be up to the target to do the st00pid thing and run the executable.

Or... perhaps it's just delivered to his machine as an application or operating system upgrade. All it takes is a verified IP in the right upgrade engine, and a 'different' upgrade is sent than most get, or perhaps even see.

You usually even click to agree to allow the upgrade to happen, thus, consent. Admittedly, not very informed consent, but... consent none the less.

Re:Magic Lantern: Big effing deal.

[Silver222]

Of course "implicit permission" is enough. After all, we are fighting terroists here. They use the internet to communicate. Those filthy bastards are even using porno to communicate, and we can't see it! Every red blooded American should be proud of the FBI.

There, I've just taken care of the stupid argument. Can everyone else please refrain from saying, "If you've got nothing to hide, what are you worried about?" This system will be abused by the FBI. It's just a matter of time.

Re:Magic Lantern: Big effing deal.

[Zero__Kelvin]

"In the case of Magic Lantern, they'll do it from their office. It'll be up to the target to do the st00pid thing and run the executable. I can see an argument that by voluntarily running trojanned code, he gives up his right to security. "

You state earlier in the post that you don't see. I'm glad you understand that much. Now, by logical inference, I don't see why people think Osama bin Laden did anything wrong. After all, he just had his people enter the plane and hijacked them. I mean, we were the ones stupid enough to have the lapse security that allowed it, right?

Furthermore, do you think the government should cease prosecuting people who distribute trojan horses? What about rapists who enter unlocked dwellings to have their way with innocent woman? Aren't we all just asking for it?

"This is *not* a worm, nor is it a virus. That is, it doesn't try to spread to other computers over a network, nor through infecting files (remember, its goal is to *avoid* changing anything on the target system, to preserve the integrity of the evidence), so there's no risk of collateral damage."

Nope. It's a trojan horse, and the collateral damage done is to the US constitution. They clearly do want to change something on the target system, or else how would the program exist on it. The very act of installing the software changes the target system, and who is to say it won't also act as an agent for evidence planting? All of your arguments assume that the government is a benevolent system always out for the good of the people. This is a very dangerous minset in which to be. It is a danger not just to yourself, but to US all!

Comcast should know better.

[thesolo]

Although I recently posted about the fact that Comcast has been ready for the switch for some time now, they of all people should know better than to try to force their users onto NetZero.

The worst part of the whole deal is that you STILL only have 10 free hours of usage, despite NetZero being their backup. You would think that Comcast would at least have struck a deal so you would get more than 10 hours of time. If their network goes down, I doubt it will be back up in 10 hours. They have had individual outages that lasted longer. On top of that, many @Home users don't have standard modems in their computer--why should they? They never needed them with their nifty cable service!

I'm still hoping that Comcast will be up and running tomorrow (they have been trying to run the show on their own for some time), but who knows? At this point, I'll just hope for the best. If I'm posting tomorrow, all is well in Comcast Cable Land. :)

Re:Comcast should know better.

[IRNI]

Netzero is Windows Only. Thats the part that really bugs me.

Who is the real author of Magic Lantern?

[Ryu2]

Usually, the US government itself doesn't produce its tools, it uses commercial subcontractors to design/make them. For example, the Air Force itself doesn't build its own fighter jets, Boeing or some other company does.

IIRC, FBI's Carnivore is just commerical off the shelf packet sniffer (forgot the company), modified at the request of the FBI to look at SMTP, etc traffic.

So, does anyknow know which company or individual is the author of the Magic Latern program under such a government contract? Or did the FBI itself write it?

Re:Who is the real author of Magic Lantern?

[number11]

According to Declan McCullagh's Politech mailing list, Magic Lantern was produced by Codex Data Systems.

A *real* ISP

[theantix]

Here is why my ISP is doing about the situation.

Excite @Home is the corporation that supports @home.com e-mail. It is operating in bankruptcy and it is unknown how long it will continue to support the @home.com e-mail. Over the last year Shaw has been building its own Data Centre to support e-mail, provisioning web space, etc. and given, the circumstances with Excite @Home, we are accelerating the migration of our customers over to our Shaw infrastructure which includes transitioning email addresses to @shaw.ca. We are asking our customers to complete an Email Quickstep process and then begin using their new @shaw.ca email address to ensure that impact is minimized in the event that the Excite@Home corporation is unable to continue supporting their @home email service.

Not only will there be no service downtime, but they took preventative measures to avoid this in advance of any problem. Don't you wish you live in Canada?

Re:A *real* ISP

[rho]

Don't you wish you live in Canada?

No, all you Canucks eat is back bacon and beer.

P.S. Please stop sending all those cold air masses across our border.

The exodus...

[sterno]

This makes me wonder a couple things:

1) Will there be a mass exodus of cable modem users to DSL? Could this be the shot in the arm Covad needs?

2) Will the NetZero service be able to handle the influx of customers from Comcast? I'm sure all the NetZero customers will be real happy when they get endless busy signals.

3) Will ComCast pay for a user's modem so that they can use this "backup" if they don't already have a modem?

I'm guessing they through this situation at the PR department and that it was the best they could come up with.

Re:The exodus...

[david+duncan+scott]

Actually, given that each new customer costs Covad some ungodly amount of cash, such that they need a year or more to start seeing a return, a whole bunch of new customers could kill them dead.

Carefully worded denial?

[Ldir]

Network Associates/McAfee.com Corporation has not contacted the FBI, nor has the FBI contacted NAI/McAfee.com Corp., regarding Magic Lantern.

Note that this doesn't deny that another US agency has contacted Network Associates, nor does it deny that the FBI has contacted them about software named something other than "Magic Lantern" (a bug by any other name would still capture your keystrokes, or something like that). NAI may be telling the truth, strictly speaking. One can only speculate whether they're telling the whole truth.

----

I didn't used to be so cynical, but then I learned to read, and to watch the news. The US government has earned our distrust through years of deception and denial. The sad part is that the good, honest, hard-working law enforcement people (which is most of them) are tainted by the abuses of the few.

It IS a big deal. Because...

[hillct]

First McAffee and now Symantec are willing to ignore the presence of this virus. This article describes Symantec's position on the issue:

Eric Chien, chief researcher at Symantec's antivirus research lab, said that provided a hypothetical keystroke logging tool was used only by the FBI, then Symantec would avoid updating its antivirus tools to detect such a Trojan.

Symantec is yet to hear back from the FBI on its enquiries about Magic Lantern.

"If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it - we wouldn't detect it," said Chien. "However we would detect modified versions that might be used by hackers."

The bigger problem here, though is that these antivirus vendors are violating the public trust and esentially providing faulty products (nothing new in the software industry) intentionally (which is a new prescident).

Furthermore, if antivirus vendors can be currupted this ay in the name of national security, does this mean that OS vendors will do the same, to accomodate the delivery methods chosen by the FBI? Will there be un-closed security holes intentionally left open as delivery vectors (like buffer overflow problems etc.) for 'Magic Lantern'? And regardless of the position of Stmantec that they will try to detect variants of Magic Lantern, what happens when a virus writer succeeds in writing a piece of code with a signature sufficiently similar to the FBI code as to be indestinguishable? the risk introduced here is too great to justify through the promise of improved crime fighting capabilities.

--CTH

McAffee or PGP or BlackICE?

[RobertGraham]

It would be pointless for the FBI to contact anti-virus vendors: anti-virus programs cannot detect Magic Lantern, they can only detect widespread viruses.

On the other hand, the FBI would be interested in contacting the PGP division. PGP 6.0.2 (and above) defeats keyloggers. E.g. if you were infected with the BadTrans.B virus/worm and you used PGP to encrypt your files, the h4x0r would not discover your passwords. (And yes, I've tried it.). [BTW, this is why 6.0.2 didn't work well on Win2k, PGP installs a keybaord sniffing driver to accomplish this trick, and it wasn't compatible with Win2k power management].

Host-based IDS (e.g. BlackICE) will likely detect Magic Lantern. The next version of BlackICE will detect the keyloggers like that in BadTrans or trojans like SubSeven. Unless Magic Lantern is a complete departure from today's technology, such an IDS will likely pick it up. I've already got a keylogger detection system up and running on my machine (now I need to test the darn thing on all versions of Windows).

An interesting sidenote, BadTrans is exactly what Magic Lantern wants to be. It could be a worm created by the FBI in order to hopefully catch some info about the 9/11 terrorists. Maybe it's an evil corporation out to find info on competitors.

More information on the @Home status

[VP]

This story on Wired sheds some light on what is going on with the @Home service. Seems like the debt holders are the ones who want the service shut down, while @Home has drawn plans (according to their chapter 11 filing) showing that they can pay all their debts and be profitable by 2010. It also seems that all cable companies which are currently providing the @Home service are on the debt holders side, since none of them are explaining this part. So make sure your cable companies hear from the @Home users who stand to lose their service - almost all of the cable companies are regulated local monopolies, which have to answer to a city/municipality board.

Re:AT&T's backup plan(s)?

[Rick+the+Red]

According to this Reuters story, "AT&T Corp. (NYSE:T - news) is expected by Monday to receive offers from Cox Communications Inc., Comcast Corp., and AOL Time Warner Inc. to take over its broadband cable television unit, as well as a proposal by Microsoft Corp. for an investment of up to $3 billion to $5 billion, sources familiar with the situation said."

So it looks like we'll either be forced onto iComcast, Scientology.net^H^H^H^H^H^HEarthLink, AOL, or MSN.

I'm rooting for Comcast as the least objectionable option. Oh, well, back to 24,000bps dialup for me!

Re:$120,000 ??

[captin+nod]

Just recently, m$ got fined A$300 per X-Box logo they sprayed on the streets of various Australian state capitals.

Full story here.

Its a 'cheap' marketing technique thats turning out to be qute expensive :) hehe :)

@home conspiracy theory

[Sadfsdaf]

Why do the creditors want @home out of business?

Considering that one of the major shareholders is AT&T (broadband or parent company it doesn't matter), they MUST keep the service running anyway.

AT&T WILL obtain the hardware and maybe the people who keep the cable internet system running.AT&T WANTS @HOME TO FILE FOR CHAPTER 7 (liquidation, bubye). Why? If they kept @home, they would still have less control over the system and if they obtained @home's hardware when they make the new system it'd be cheaper (not to mention the same people to run the familiar system).

Then why don't they BUY OUT @home? Simple! @home has something like SIX BILLION DOLLARS IN DEBT. If AT&T bought them out, they would have to deal with that debt and do you really think the shareholders would be happy about a sudden 6 billion in debt? HELL NO! AT&T will let @home liquidate and pick up everything (people and hardware) dirt cheap (because no one else will set up a cable system in that area, they CAN'T AT&T controls it, thus they're the only buyer).

AT&T is playing a smart move here, and they probably have @HOME executives in on this too and have other cable providers notified (that's why they're all making "backup" plans, because if they really weren't going out of business, then why would @home tell them, that would make the CO's trust @home less!)

Sigh... just a stupid ploy for AT&T to get full administration to the cable internet system dirt cheap w/o paying any debts.

Smart move AT&T.

If they decide to do anything different, AT&T execs are stupid for not doing this. ;-]

The Cox contingency plan.

[jabber]

Click HERE

In case that gets swamped, here's a reprint:

Cox Communications @Home Service Update:

Following you will find some information to address questions you might have about the email communication that you recently received from us.

Q1. What should I do today?
A1. Cox recommends that you use the following precautionary backup procedures.

Check your @Home email daily. Opened messages will be saved automatically to your hard drive.

Download software from a free dial-up Internet service provider. We recommend that you do not install the software unless service is interrupted.

Back up your personal web page.

Watch for more information from Cox on the transition of your service to Cox High Speed Internetsm. At such time that you can make the transition to our new service, Cox will be providing you with all of the information you need so that your transition is as smooth as possible.

In the unlikely event that there is a disruption in service, keep your cable modem connected to your PC until service is restored.

Q2. I need my e-mail; what am I going to do?
A2. Cox is doing everything that we can to ensure that you are never without your email. If our plans are successful, your service will not be interrupted and you will have a comfortable transition period in which you can convert your service to a new Cox-managed network.

Q3. What about my modem?
A3. In the unlikely event that there is a service interruption, you should leave your modem connected to your PC until service is restored.

Q4. What is this dial-up, temporary service?
A4. In the unlikely event that your service is temporarily interrupted, we recommend that you set up Internet access via one of the free dial-up Internet services that are available. We have arranged for temporary, dial-up access to the Internet via NetZero. You may download this software by clicking here. This dial-up access is meant to be a temporary alternative to provide email and connectivity. The free service offers ten hours per month, which should be sufficient to get you through any short-term outages. This service does not currently support MAC, Windows 2000 or XP. If you are a Roanoke or Hampton Roads resident and a NetZero local access number is not available, please visit www.juno.com as a potential alternative.
We do not recommend that you install the software at this time, just download the software and save it so that it may be installed should you have an interruption in service. This is a precautionary measure that would give you access to the Internet via a phone line plugged into your computer.

Q5. What will I get with this service and is it Cox supported?
A5. Unfortunately, Cox cannot speak to the features and benefits of the free dial-up Internet services that are available, nor can we guarantee or support it. We recommend that you explore this temporary backup plan simply as a precautionary measure. We are taking all necessary steps to ensure that your service is uninterrupted, but we thought that you might be interested in a temporary, although not ideal, solution for Internet access in the unlikely event that your service is shut down.

Q6. Will you credit my bill? When will I see a credit?
A6. Cox will credit you for any time that you are without service. This includes reimbursement for equipment leasing fees if you are leasing your cable modem from Cox. Should your service be interrupted, you would see an appropriate credit on the next statement that you next receive from Cox.

Q7. How do I get updates quickly?
A7. You have two ways of getting the latest accurate information quickly.

We've established a special number (1-877-832-4751). When you call this number, you will hear a recording that provides the latest information.
You can also get updated information by visiting www.cox.com/info.
These are the most accurate and up-to-date sources for information on your Cox Internet service.
Q8. How will you communicate with me if my service is down?
A8. Cox will contact you via mail or courier to provide important status updates and service information concerning the new Cox-managed high speed Internet service that will replace your @Home service. You can also call 1-877-832-4751 to hear a recorded message with the latest, accurate and up-to-date information.

Q9. What will happen to my personal Web page?
A9. As a safety precaution, you should always backup your personal Web page to a CD or hard drive. To Transfer Files from WebSpace to your hard drive using the File Manager:

Download the files from WebSpace to your computer by logging in to the WebSpace login page at http://home-members.excite.com/m_webspace/ and clicking File Manager, located at the top-right corner of the screen.
Select Transfer from the File Manager navigation bar. In the window that appears, select the files you want to transfer from your WebSpace account to your computer, and the location to which you want them transferred, then click Transfer.
A window appears telling you when your file has been downloaded.
Click OK to return to the File Manager page.
Once you are finished with File Manager, log out by clicking Logout on the navigation bar. If you do not log out, and you share a computer with other people in your household, they may have access to your files.

An email I got from mediacom@home

[cpritchett]

I sent an email to mediacom@home asking them what was going to happen if @home went down tomorrow, and got this:

" Dear Valued Customer, We know that having reliable high-speed cable Internet service is important to you, and Mediacom always strives to provide you with the quality high-speed cable Internet service and customer care that you expect. As you may have heard, our service provider, Excite@Home, recently filed for Chapter 11 bankruptcy protection. The creditors of Excite@Home have secured a hearing in bankruptcy court this Friday, November 30, which could result in service interruptions or shutdown of the Excite@Home service. Mediacom and other cable operators, including AT&T Broadband, Comcast and Cox Communications, are fighting to prevent this from happening and remain hopeful that no service interruptions or shutdown will occur. To ensure minimal disruption to your service, we request that you check your email account(s) on a daily basis. Doing this will automatically save your email to your hard drive as well as ensure timely receipt of important future communications from Mediacom. Also, backup your personal web page(s) by copying them to a diskette, CD or to your computer hard drive. Mediacom is working hard to avoid any disruption of your high-speed cable Internet service and to seek alternate service providers in the event that Excite@Home discontinues service. Please check your email, U.S. Mail and our company website (www.mediacomcc.com) for important information about any potential changes to your service. Thank you for your patience as we strive to provide you with the best high-speed cable Internet service possible.

Sincerely,
John G. Pascarelli
Senior Vice President
Marketing and Consumer Services "

Valued Customer? yea, right.. I'm sure they didn't plan on telling anybody unless they asked about it.

Obsfucated deadline

[nytes]

If you haven't submitted your program(s) to the International Obfuscated C Code Contest, now is the time : the deadline is December 1st, 2001, there is only two days left

You mean there's only 'Z' ^ 'J' ^ 18 days left?

Re:Excite@Home Customer Communication

[/dev/trash]

I am not happy about the current situtation since a fast (or somewhat fast) internet connection is now a necessary part of life.

Wow I wonder how my life is going on since I have a measly 56k.

Oh fer Pete's sake!!!

[jabber]

@home went and changed the server names, and never updated the website..

Mail server is no longer just 'mail',
it's now 'mail...home.com'

Would have been nice if they'd made this a bit more clear, somewhere..

Same change applies to the newsgroup servers.. No longer 'news', but as above.

From the AiboPet FAQ. . .

[SMN]

From the AiboPet FAQ:

Q: How can I be part of the Legit-i-Mutt©TM program?
A: Well you can't. Legit-i-Mutt©TM is just a bogus name I came up with to explain the situation. Heck, it isn't trademarked, copyrighted, patented or with any legally clout what-so-ever. The real legally binding part is the Sony EULA, and standard copyright law. The EULA stays with the software in its original form or in experimental enhanced form found on this site.

Does anyone else think it's not very smart for a site that just received a threatening letter from hihhly paid lawyers for a multi-billion dollar corporation to be sticking little copyright and trademark indicators everywhere as a joke?

Silly DNS stuff

[Platinum+Dragon]

Apparently, Rogers' DNS is supposed to magically resolve "pop" properly. Didn't work here... fortunately, I was able to pull the relevant info from a dslreports.com thread.

The proper names for the POP and SMTP servers are:

pop.bloor.is.net.cable.rogers.com
ssmtp.bloor.is.net.cable.rogers.com (note: that's not a typo. Seriously.)

To make things a bit less obfuscated, aliases exist:

pop.broadband.rogers.com
smtp.broadband.rogers.com

Those should work beautifully. I kind of wish Rogers had just listed those in the first place, instead of relying on m4d DNS m4gik. It screws up in certain cases, as you and I both discovered.

Replying to myself. . .

[SMN]

Hate to reply to my own post, but I saw one more thing that I just had to add.

From the Wired Article:

Carlson resolved the fate of another ExciteAtHome asset Wednesday by approving InfoSpace Inc.'s $10 million purchase of the Web portal Excite.com. ExciteAtHome paid $7.8 billion for the Web portal two years ago.

There you have it. $7,800,000,000 ---> $10,000,000. Excite.com is now worth 0.00128 PERCENT of what it was worth two years ago!

As I said, these companies simply can't predict what the market will do. Do you trust the prediction of profitabilty in 10 years from a company that couldn't forsee one of its primary assets devalue 780 times in 2 years?

Even worse, let's say they have managed to draw up a plan to be profitable. Why didn't they have this plan a year ago, so they wouldn't be in the dilemma they face today? Oops, they can make those numbers move when they're forced to!

Believe me, I really don't want to see @Home go. My Internet connection this weekend will be Comcast@Home, and they don't even have a contingency plan (oooh, they say to use NetZero for 10 free hours! What a joke!). But this is absurd, and they simply cannot be allowed to continue on this joke of a profitablity plan of theirs.

Freedom dies a little at a time.

[Chasing+Amy]

The point is, NO YOU DON"T HAVE TO CLICK ON WHATEVER THE FBI SENDS YOU. Why don't you READ the bloody USA/PATRIOT stuff and what has been released so far of the FBI's "evil plans" before you waste our time?

The FBI is given carte-blanche to install spyware on your machine in any way they wish, without needing a search warrant (which takes a relatively high measure of cause to get) from a Court in your jurisdiction, but rather by getting a wiretap order (much lower showing of cause) from Any Court ANYWHERE. They don't even need to go to your jurisdiction to a real Court--they can go to any Court whatsoever, like for example a Mickey Mouse Court right down the street from FBI HQ where there's a judge who hands out orders like they're Tick-Tacs.

That in itself is troubling. They can pick any judge anywhere to ask for permission to hack anyone's box. I'm sure they already have a good working relationship with judges who'd give them anything. Jurisdiction is there to protect you from judges like that. But not any more.

And the FBI can get their spyware onto your machine by any electronic means, including by exploiting any security vulnerability there is to get the conde on your box. Remember the bad root exploit that was revealed a few days ago for Linux? You can bet the FBI is subscribing to every bug track list and logging exploits they can use as they come up, so that they'll know how to break into your computer before you even know what the security flaw is and how to patch it. So, it isn't just stupid people who run foreign executables who are hackable. It's everyone.

Now, combine all that with what the FBI has done in the recent past, like getting a warrant and a gag order against the Independent Media Center to seize all their logs so that they could trace users who reported on the Canadian police report on how to deal with WTO protestors that someone had lifted from an unattended car in Canada, and interrogate them for the Mounties to try to find the guy who did it. Oh, and the IMC would have been unable to inform anyone of the order, and that visitors to the site were being logged and monitored by the FBI.

Now, that order was reversed the very next day by a real judge who actually knew what the Bill of Rights means. But with these new laws and regs, the FBI doesn't even have to tell anyone that an order ever existed in the first place. There's no real oversight, and no chance for an order to be overturned or deemed fraudulent or unconstitutionally vague or overbroad or just plains wrong. Today, the FBI would simply handle the above IMC freedom of press/speech "problem" like this: they'd go to the chambers of Judge Unconstitutional next door, get an order to install spyware on the IMC web server so that they can retrieve the logs they want and monitor any connections which might be from the user they want, and then go down a list of known exploits--some of which probably won't have been announced yet and won't have patches at all--until they get their software onto the IMC's server. Then they get their logs, and monitor connections--and of course if anyone talks about any protest plans that may be questionable to the FBI while the spyware is installed, then hey, it's in plain sight during an investigation which required them to view server logs. And even if it isn't, who cares--the FBI isn't known for their oppenness and honesty; they'll use the information to find or manufacture a legally more acceptable excuse for going after their new suspect. Their new suspect who was just exercising his right to free speech and his right to peaceably assemble to ask the government for redress, BTW.

As you can see, the potential for this legislation goes far beyond just logging keystrokes to get PGP passwords of terrorist suspects. Right now, that's what the FBI has publicly disclosed about Magic Lantern. What they haven't disclosed could well be the cababilities to remotely access the whole system to do things like what I outlined above. Remember that when the Carnivore documents were initially released, the parts about Magic Lantern were blacked out. What makes you therefore think the FBI has told us everything about Magic Lantern now that its existence is no longer blacked out?

At any rate, if you read the new laws, they give the FBI the chance to do far more than sniff PGP keys. Knowing what we all know about the FBI, they are planning to exploit the law to its fullest. If Magic Lantern really is only a key logger, then you can bet they have another piece of software that's still classified to do the rest. And isn't a key logger bad enough as it is, since they now have the ability to get secret installation orders from any judge they choose at any kangaroo Court? That in itself can be used to access a lot more than your PGP keys, which is already an invasion. Every word you ever write on your computer could be theirs, and you'd never know it if they disguise their program well enough--have it replace your networking layer, let's say, so that for all intents and purposes it's indistinguisable from the processes that run whenever you're net-connected. What might any of us be suspect for? Going to the IMC website and posting our opinions or protest experiences? Running a site like the IMC, which might itself get bugged and logged thanks to a sympathetic judge? Again, the orders can be secret, so there's no real oversight.

We're on dangerous ground. I visit forums where people sometimes talk about illegal things, like borderline protest activities, or illicit datastreams, though I never do so and never do any illegal things (except maybe smoke cigars in public--what a country) myself. Does that mean my PC should be tagged, bagged, and monitored? The FBI probably thinks so. Anyone who'd even think of protesting must be a communist--if only we could tap 'em all like we did with the civil rights leaders in the 60s. Oh wait, now we can! Who needs J. Edgar Hoover, when you have thousands of FBI agents who are trained according to the methods he set up himself?

Re: 24000 dialup

[No+Such+Agency]

I dial up at 28.8 and it's not so bad. Granted, you have to do without seeing the latest movie trailers/Flash vids/pr0n clips, and _no_ Counterstrike, but overall it's remarkably tolerable. Still entirely possible to check web mail, telnet, surf the web with little frustration. You tend to be a little more picky about which web sites you visit: simple clean site design and minimal/no Flash or Javascript become definite merits. You _do_ end up watching a bit more TV, and even reading books. It's not so bad. Repeat after me, "fast internet access is not oxygen, I can do without it"... :-)

Re:IBM deserves it

[NeMon'ess]

I don't know or care what the article says, because it wasn't spraypaint, it was spray-chalk! The idea was that the spray chalk would just wear off after a couple of weeks from foot traffic then rains would finish it off. The spray-chalk turned out to be much tougher than expected, and the municipalites got pissed off long before it was expected to wear away anyway.