Talking or writing about what you chose to do with your X-Box is the right that's supposed to be protected by the First Amendment.
Doing what you want with your purchase is a long established practice under the doctrine of first sale.
It should only be a problem if you use your purchased item in the commission of a crime against another person or their property.
Posessing knowledge, or the dissemination of knowledge should never be a crime. If the information is that important, safeguard the information in the first place.
Stock in Pfizer, manufacturer of Viagra, took a significant jump shortly after Intel's news about holding off their new chip. Market analyists attribute the stock jump to a mass fear about difficulties in getting 'wood.
Um, Matt? There's a small problem... You forgot to put a cover sheet on your last TSP report, I'm afraid we're going to have to kick you off the development team.
The music cartel has been providing me ongoing disincentives to buy their products for well over two decades now. For the most part, I listen to what I've already bought, and I amuse myself less and less with what's coming out of the old school entertainment industries, and more and more with what I can do on my own.
If they consolidate any more, or continue to come up with new ways to drive away customers, they'll pretty much remain the same industry I have come to hate and loath.
*looks around* And the difference will be? Anyone? Anyone? Bueller?
Really. Why should I care what happens to them? Until they radically change their way of doing business, my money can be best spent on other things.
Don't feel too badly. I only moderate comments upwards, not downwards, and the other day I was moderating a single comment upwards for +1 interesting, but the completion screen showed me moderating not only my own comment upwards, but another comment downwards for flamebait.
At first I thought I'd accidentally done someone's comment an injustice with a slipped click of the mouse or something, so I copied the comment number, browsed at -1, and was surprised to find out that the comment number DIDN'T EXIST. Note: I was still down to 3 out of 5 moderation points.
I would have happily expended the rest of my moderator comments to repair inadvertant damage I'd caused, but this situation was just bizarre.
Bottom line: I think the moderation code may be what's on crack.
If I remember correctly, Intel just released its 3.0 GHz chips. If I were AMD, and I wanted Intel to slow down a bit, I'd want them comfortable and happy in their current position so they didn't have quite the same sense of urgency about developing newer, better, faster technology.
In fact, I might just start off with such a press release. I might continue by quietly starting up subsidiary firms, owned by the AMD corporate head office, and moving people and tech over to those companies, while making a big show about how the AMD CPU processor focus is being back-burnered, production factories are being retooled for different things, the corporate vision is changing (frequently), etc... All the signs of a firm that is visionary, bold, courageous - in other words, about to show up at fuckedcompany.com.;)
And when Intel was sitting pretty, regaining market dominance and feeling pretty good about its position vs. "former competitor" AMD, AND the market is starting to boom and demand is increasing, AMD could release something that blows Intel's doors right off.
Yes, it's risky. Long term profit in the face of a short/medium bear market usually is.
The SecurityResponse article mentions that for SuSE distributions, the following are affected:
Apache 1.3.12, 1.3.17, 1.3.19, 1.3.20, 1.3.23
I just checked my version of Apache for SuSE 7.3, and it's 1.3.20-60.
I know that distributions tend to release their own versions of things with important patches included, but other than digging into the release notes for apache for a while till I can find the answer I need, is there any way to know whether the "-60" addresses this problem?
Or, as another option, might there be anything that accurately TESTS for this weakness and provides a result?
Keeping up with patches is good! Being able to accurately TEST the security of the compromised code after those patches are applied is better.
> Still, I'm surprised at this... I never thought > I'd see this coming HERE in canada.
If you go back and look at how many foreign and domestic policies/laws/regulations in Canada follow closely on the heels of the same in the United States, it'll cease being such a surprise.
Doing so is an eye-opening experience. Note, I don't guarantee that it'll be a pleasant one.
Not having lived in Canada for the past seven years, I was a little surprised to read that they even considered such a plan (but only a little, since I remember the Federal and Provincial governments just loving to be intrusive into people's personal lives).
> Do you expect to get everything for free at McDonalds just because > you paid the bus to get you there?
No, but I also don't expect to be accosted in line by annoying salespersons jumping up and down and yelling in my face trying to sell me their products because they happen to be "associated" with McDonalds.
I want to read the menu, choose my products, pay for them, and consume them IN PEACE, or perhaps look at the menu, decide I really didn't want anything, and depart without having more salespeople tackling me in the parking lot yelling, "Before you go, look at this other completely unrelated product we have to sell!"
There is a certain ambience, atmosphere, or "purchasing experience" that customers of a product expect in conjunction with their purchase. If a merchant drives the consumer away by annoying them, they shouldn't complain when their customer base shrinks and revenue drops.
Another analogy is the persons hired by certain department stores to spritz potential customers with perfume as they walk in. I used to hear of this practice a lot, now I hardly hear of it being done. I suspect that customers made it VERY clear through their actions that they would happily go elsewhere to make their purchases rather than be assaulted with scented liquid.
Successful sales has to do with many things, but one that must not be ignored is "creating a favorable environment", which encourages the customer to want to:
a) spend time in the environment b) part with their money and walk out with product.
Some lessons don't translate well from the brick and mortar world to the online world, but this one translates very very well:
The merchant annoys the customer at their peril - they are the merchant's lifeblood.
Mr. Edelmen has responded to me via email. He's travelling abroad right now and is fighting with limited email access through an accoustic couple (!) dial up connection that is very unreliable. He's going to look for a Cybercafe or the like in order to get better access.
He included the following, and requested that I forward it on to everyone:
- - - BEGIN Ben Edelman's Comment - - -
My apologies not to post this myself -- I have bad 'net access at the moment, effectively email only, as I connect with an acoustic coupler at a pay phone.
It seems to me that the core question here is why we might hope that this case succeeds even where others have failed. Now, as I recall, there has only been one appellate case that has upheld the DMCA, so in fact the DMCA is still new & untested in important respects.
In addition, the Librarian of Congress already recognized the problem here and provided an exemption that goes part of the way (though, as the complaint and FAQ try to describe, not all the way!) towards addressing the needs of those who seek to study filtering software. The problem the Librarian saw here is, it seems to me, a real one -- that the public has quite a substantial interest in knowing what filtering programs block, whether they work as advertised, etc. These public interests in disclosure of the block list are made all the stronger by the government's role as purchaser of such software (in libraries, public schools, etc.).
So notwithstanding the failures of multiple DMCA challenges to date, I'm cautiously optimistic here.
Mr. Edelman: We've seen a pattern emerging of cases where legal action is threatened under the DMCA, but when push comes to shove, the entity making the threats backs off, and thus the law remains.
What set of criteria do you feel must be present in a challenge to the DMCA that will give us our best hope of it being overturned, and do you feel your challenge meets these criteria?
And for the current knowledge space, Gardner's "Fads and Fallacies" may well show how silly we've been to date with respect to anti-gravity research.
Generally speaking, though, research into whether something might yet be possible is not a bad thing if the potential positive payoffs are large to huge.
At one point we believed we couldn't fly.
At one point we believed we couldn't set foot on the moon.
Even further back than that, look at how many tries it took to get just the right combination of metals in the right proportions for a working element in a light bulb.
Admittedly, a lot of this research will end up at dead ends - such is the nature of research, but it is still valuable, since it lets us know what options don't work and thus eliminates unknowns. We learn.
Yes, there will also be a percentage of research that is poorly planned, poorly executed, or is simply snake oil designed to rake in budged dollars. The solution is to ensure processes are in place to critically analyze and audit the scientific process itself, any experiments, and results. This is a good idea anyway to ensure that all methods and procedures are within the parameters of the law where the research is being carried out.
1. Three patent numbers are mentioned. Okay, fine... I'll look those up later, it's enough (for now) to know that Secure Computing claims they exist.
2. Non-Assertion section. "Subject to the limitations described in this Statement of Assurance, Secure Computing will not assert the Subject Patent Rights with respect to any use, modification or distribution of SELinux software that is permitted by, and is in compliance with, the terms and conditions of Version 2 of the GNU Public License (the "GPL")."
This is a catch-22. If they're already not in compliance with the GPL due to patent restrictions simply existing on their code, then according to this statement, they may very WELL assert the Subject Patent Rights. This whole clause is a sneakily worded contradiction of realities.
3. SELinux Limitation section.
"... However, Secure Computing does not extend the Assurance to software that merely interoperates with SELinux, or is merely included with a distribution of SELinux."
Translation: Unless they specifically _say_ your code may use their patented methods, forget it. The very nature of distributions is that the kernel is married with a distro's specific patches, custom scripts, custom installer, and a whole bunch of applications are "merely included".
4. Subject Patent Rights Limitation section.
"... Secure Computing does not waive, modify or release any of the Subject Patent Rights, or any other right in the Subject Patents, except as expressly provided in this statement of Assurance...."
(Which we're already seeing is "effectively nothing") This section goes on to say that Secure Computing reserves the right to assert their Subject Patent Rights with respect to anything remotely useful regarding security applications that you might want to use their patented software for!
5. No Third Party Restrictions section.
Just go read it. If we sell it, you're screwed.
6. Other Patents section. Again, go read it. We may have other Patent landmines related to SELinux. Here's your blindfold, now go play hopscotch in that legal minefield over there.
7. No Licence section.
"No license is granted in this Statement of Assurance with respect to the Subject Patents, or any other patent or intellectual property right, or software or other product."
Then what exactly am I assured of, other than "We have Patents, we have rights, and they remain ours" ?
8. Limited Assurance section.
More legal handwaving and Covering of asses.
This whole document ranks right up there with "The check is in the mail", "I'm here from the government to help you", and other infamous promises made just before you get screwed over.
> and you don't have to make annoying backups everytime because of this fact.
This assumes that only one drive in the array will fail at a time, and between complete verified drive rebuilds. The Raid 5 drive arrays I've seen put together are usually built from a group of new drives, all the same drive model all purchased at the same time. I've seen enough bad production runs for various hard drives to know that it is _too_ easy to get stuck with a group of lemons.
Now imagine a lemon fails. You slap in the replacement, and think all is well, you order another hot-swappable replacement. While it's on the way, two more drives fail. To use a quote in backdraft, that little blinking light in the corner of your vision is your career dissipation light, and it just went into overdrive.;-)
The following additional situations make me think offsite, up-to-date backups are still a VERY good thing:
- Lightning strike or massive power surge - Water damage (pipe breaking?) - Drop-damage (well, actually it's the sudden stop) - Fire (I'm sure SOME companies have a Milton working for them) - Earthquake - Tornado - Hurricane - People unexpectedly parking their vehicles in your building, violently. - Pissed off employees with physical or electronic access to the data - Theft/burglary
And let's not forget good old human nature. "Oops, I didn't mean to delete that..."
"He who laughs last usually had a VERIFIED backup."
Lego French Knights
on
Lego Trebuchet
·
· Score: 5, Funny
All we need now is the castle and Lego French Knights to taunt the English King and his men below...
It may not be all about speed for him. From the second paragraph of the article:
> I used to feel a numbness of the backs of my hands after a long day with QWERTY, > but I don't with Dvorak.
I type at over 100 WPM on a QWERTY keyboard, and I had much the same thought as you ("I'm fast enough, why bother?") However, when I read his statement implying that QWERTY may cause tendon/muscle fatigue more than DVORAK, I saw for the first time why I _might_ want to make the effort to teach my brain another key-mapping.
Something to balance it all out though: the frustration of trying to break nearly two decades of learned experience as to where those keys are might just kill me, and I doubt I'd see much benefit to a different key-mapping then.;-)
Sometimes it isn't the content that gives you away, it's the fact that you're sending traffic between point A and point B, and B talks to C, D, and E.
That can be enough to tip off the wrong someone.
Likewise, if you start sending graphic files back and forth where you USED to be sending other types of traffic, whatever entity might be watching those transmissions is likely to catch on. Let's not even go INTO how you're sending MORE data rather than less. Me, I'd be shooting for a method that breaks the communication up, sends it in with a bunch of other garbage to multi-pointed destinations at random times, strongly encrypted en-route so sender and receiver are masked...
Oh wait, that sounds a lot like a mixmaster remailer.
And yes, I know, mixmaster and PGP are not an option for environments where the very use of same is enough to get you drawn and quartered.
If Worldcom's failure were to bring a heightened sense of overall awareness about why you really DON'T want to put all your eggs in one basket, this may end up being a good thing.
If enough key (read: rich) players and businesses are seriously inconvenienced (read: lose a lot of revenue) because a key point of potential failure actually failed, then certain monopolies that have predatory practices might be trusted a lot less by default, with people seeking out alternatives "just in case".
Anyone who runs SuSE Linux from version 6.4 through version 8.0 inclusive may be interested in this.
SuSE's "SuSE-Security-Announce" mailing list released this post today regarding their response to the OpenSSH vulnerability. It contains a ton of information, and FTP links to update your OpenSSH packages for the aforementioned versions of SuSE's distribution.
Slashdot Mirror
Talking or writing about what you chose to do with your X-Box is the right that's supposed to be protected by the First Amendment.
Doing what you want with your purchase is a long established practice under the doctrine of first sale.
It should only be a problem if you use your purchased item in the commission of a crime against another person or their property.
Posessing knowledge, or the dissemination of knowledge should never be a crime. If the information is that important, safeguard the information in the first place.
Stock in Pfizer, manufacturer of Viagra, took a significant jump shortly after Intel's news about holding off their new chip. Market analyists attribute the stock jump to a mass fear about difficulties in getting 'wood.
Um, Matt? There's a small problem... You forgot to put a cover sheet on your last TSP report, I'm afraid we're going to have to kick you off the development team.
The music cartel has been providing me ongoing disincentives to buy their products for well over two decades now. For the most part, I listen to what I've already bought, and I amuse myself less and less with what's coming out of the old school entertainment industries, and more and more with what I can do on my own.
If they consolidate any more, or continue to come up with new ways to drive away customers, they'll pretty much remain the same industry I have come to hate and loath.
*looks around* And the difference will be? Anyone? Anyone? Bueller?
Really. Why should I care what happens to them? Until they radically change their way of doing business, my money can be best spent on other things.
Don't feel too badly. I only moderate comments upwards, not downwards, and the other day I was moderating a single comment upwards for +1 interesting, but the completion screen showed me moderating not only my own comment upwards, but another comment downwards for flamebait.
At first I thought I'd accidentally done someone's comment an injustice with a slipped click of the mouse or something, so I copied the comment number, browsed at -1, and was surprised to find out that the comment number DIDN'T EXIST. Note: I was still down to 3 out of 5 moderation points.
I would have happily expended the rest of my moderator comments to repair inadvertant damage I'd caused, but this situation was just bizarre.
Bottom line: I think the moderation code may be what's on crack.
Maybe this is another form of Slashdot advertising? I wonder if the WSJ pays them to link to the occasional story. ;-)
If I remember correctly, Intel just released its 3.0 GHz chips. If I were AMD, and I wanted Intel to slow down a bit, I'd want them comfortable and happy in their current position so they didn't have quite the same sense of urgency about developing newer, better, faster technology.
;)
In fact, I might just start off with such a press release. I might continue by quietly starting up subsidiary firms, owned by the AMD corporate head office, and moving people and tech over to those companies, while making a big show about how the AMD CPU processor focus is being back-burnered, production factories are being retooled for different things, the corporate vision is changing (frequently), etc... All the signs of a firm that is visionary, bold, courageous - in other words, about to show up at fuckedcompany.com.
And when Intel was sitting pretty, regaining market dominance and feeling pretty good about its position vs. "former competitor" AMD, AND the market is starting to boom and demand is increasing, AMD could release something that blows Intel's doors right off.
Yes, it's risky. Long term profit in the face of a short/medium bear market usually is.
Great. So a beowulf cluster of these would effectively be a committee.
Stupid, unable to make reasonable decisions, but thousands of times faster.
My life feels improved already.
The SecurityResponse article mentions that for SuSE distributions, the following are affected:
Apache 1.3.12, 1.3.17, 1.3.19, 1.3.20, 1.3.23
I just checked my version of Apache for SuSE 7.3, and it's 1.3.20-60.
I know that distributions tend to release their own versions of things with important patches included, but other than digging into the release notes for apache for a while till I can find the answer I need, is there any way to know whether the "-60" addresses this problem?
Or, as another option, might there be anything that accurately TESTS for this weakness and provides a result?
Keeping up with patches is good! Being able to accurately TEST the security of the compromised code after those patches are applied is better.
> Still, I'm surprised at this... I never thought
> I'd see this coming HERE in canada.
If you go back and look at how many foreign and domestic policies/laws/regulations in Canada follow closely on the heels of the same in the United States, it'll cease being such a surprise.
Doing so is an eye-opening experience. Note, I don't guarantee that it'll be a pleasant one.
Not having lived in Canada for the past seven years, I was a little surprised to read that they even considered such a plan (but only a little, since I remember the Federal and Provincial governments just loving to be intrusive into people's personal lives).
I looked up information on this issue, and found "CRTC WONT REGULATE THE INTERNET" at the CRTC website.
Seems someone, somewhere, had a flash of insight about the magnitude of even attemping such regulation (thank goodness).
So now someone's telephone can be slashdotted?
> Do you expect to get everything for free at McDonalds just because
> you paid the bus to get you there?
No, but I also don't expect to be accosted in line by annoying salespersons jumping up and down and yelling in my face trying to sell me their products because they happen to be "associated" with McDonalds.
I want to read the menu, choose my products, pay for them, and consume them IN PEACE, or perhaps look at the menu, decide I really didn't want anything, and depart without having more salespeople tackling me in the parking lot yelling, "Before you go, look at this other completely unrelated product we have to sell!"
There is a certain ambience, atmosphere, or "purchasing experience" that customers of a product expect in conjunction with their purchase. If a merchant drives the consumer away by annoying them, they shouldn't complain when their customer base shrinks and revenue drops.
Another analogy is the persons hired by certain department stores to spritz potential customers with perfume as they walk in. I used to hear of this practice a lot, now I hardly hear of it being done. I suspect that customers made it VERY clear through their actions that they would happily go elsewhere to make their purchases rather than be assaulted with scented liquid.
Successful sales has to do with many things, but one that must not be ignored is "creating a favorable environment", which encourages the customer to want to:
a) spend time in the environment
b) part with their money and walk out with product.
Some lessons don't translate well from the brick and mortar world to the online world, but this one translates very very well:
The merchant annoys the customer at their peril - they are the merchant's lifeblood.
Mr. Edelmen has responded to me via email. He's travelling abroad right now and is fighting with limited email access through an accoustic couple (!) dial up connection that is very unreliable. He's going to look for a Cybercafe or the like in order to get better access.
He included the following, and requested that I forward it on to everyone:
- - - BEGIN Ben Edelman's Comment - - -
My apologies not to post this myself -- I have bad 'net access at the moment, effectively email only, as I connect with an acoustic coupler at a pay phone.
It seems to me that the core question here is why we might hope that this case succeeds even where others have failed. Now, as I recall, there has only been one appellate case that has upheld the DMCA, so in fact the DMCA is still new & untested in important respects.
In addition, the Librarian of Congress already recognized the problem here and provided an exemption that goes part of the way (though, as the complaint and FAQ try to describe, not all the way!) towards addressing the needs of those who seek to study filtering software. The problem the Librarian saw here is, it seems to me, a real one -- that the public has quite a substantial interest in knowing what filtering programs block, whether they work as advertised, etc. These public interests in disclosure of the block list are made all the stronger by the government's role as purchaser of such software (in libraries, public schools, etc.).
So notwithstanding the failures of multiple DMCA challenges to date, I'm cautiously optimistic here.
Ben Edelman
http://cyber.law.harvard.edu/edelman
- - - END Ben Edelman's Comment - - -
Yes, I do. I also emailed Mr. Edelmen, and politely invited him to participate in our discussion.
Mr. Edelman: We've seen a pattern emerging of cases where legal action is threatened under the DMCA, but when push comes to shove, the entity making the threats backs off, and thus the law remains.
What set of criteria do you feel must be present in a challenge to the DMCA that will give us our best hope of it being overturned, and do you feel your challenge meets these criteria?
And for the current knowledge space, Gardner's "Fads and Fallacies" may well show how silly we've been to date with respect to anti-gravity research.
Generally speaking, though, research into whether something might yet be possible is not a bad thing if the potential positive payoffs are large to huge.
At one point we believed we couldn't fly.
At one point we believed we couldn't set foot on the moon.
Even further back than that, look at how many tries it took to get just the right combination of metals in the right proportions for a working element in a light bulb.
Admittedly, a lot of this research will end up at dead ends - such is the nature of research, but it is still valuable, since it lets us know what options don't work and thus eliminates unknowns. We learn.
Yes, there will also be a percentage of research that is poorly planned, poorly executed, or is simply snake oil designed to rake in budged dollars. The solution is to ensure processes are in place to critically analyze and audit the scientific process itself, any experiments, and results. This is a good idea anyway to ensure that all methods and procedures are within the parameters of the law where the research is being carried out.
1. Three patent numbers are mentioned. Okay, fine... I'll look those up later, it's enough (for now) to know that Secure Computing claims they exist.
..."
2. Non-Assertion section. "Subject to the limitations described in this Statement of Assurance, Secure Computing will not assert the Subject Patent Rights with respect to any use, modification or distribution of SELinux software that is permitted by, and is in compliance with, the terms and conditions of Version 2 of the GNU Public License (the "GPL")."
This is a catch-22. If they're already not in compliance with the GPL due to patent restrictions simply existing on their code, then according to this statement, they may very WELL assert the Subject Patent Rights. This whole clause is a sneakily worded contradiction of realities.
3. SELinux Limitation section.
"... However, Secure Computing does not extend the Assurance to software that merely interoperates with SELinux, or is merely included with a distribution of SELinux."
Translation: Unless they specifically _say_ your code may use their patented methods, forget it. The very nature of distributions is that the kernel is married with a distro's specific patches, custom scripts, custom installer, and a whole bunch of applications are "merely included".
4. Subject Patent Rights Limitation section.
"... Secure Computing does not waive, modify or release any of the Subject Patent Rights, or any other right in the Subject Patents, except as expressly provided in this statement of Assurance.
(Which we're already seeing is "effectively nothing") This section goes on to say that Secure Computing reserves the right to assert their Subject Patent Rights with respect to anything remotely useful regarding security applications that you might want to use their patented software for!
5. No Third Party Restrictions section.
Just go read it. If we sell it, you're screwed.
6. Other Patents section. Again, go read it. We may have other Patent landmines related to SELinux. Here's your blindfold, now go play hopscotch in that legal minefield over there.
7. No Licence section.
"No license is granted in this Statement of Assurance with respect to the Subject Patents, or any other patent or intellectual property right, or software or other product."
Then what exactly am I assured of, other than "We have Patents, we have rights, and they remain ours" ?
8. Limited Assurance section.
More legal handwaving and Covering of asses.
This whole document ranks right up there with "The check is in the mail", "I'm here from the government to help you", and other infamous promises made just before you get screwed over.
> and you don't have to make annoying backups everytime because of this fact.
;-)
This assumes that only one drive in the array will fail at a time, and between complete verified drive rebuilds. The Raid 5 drive arrays I've seen put together are usually built from a group of new drives, all the same drive model all purchased at the same time. I've seen enough bad production runs for various hard drives to know that it is _too_ easy to get stuck with a group of lemons.
Now imagine a lemon fails. You slap in the replacement, and think all is well, you order another hot-swappable replacement. While it's on the way, two more drives fail. To use a quote in backdraft, that little blinking light in the corner of your vision is your career dissipation light, and it just went into overdrive.
The following additional situations make me think offsite, up-to-date backups are still a VERY good thing:
- Lightning strike or massive power surge
- Water damage (pipe breaking?)
- Drop-damage (well, actually it's the sudden stop)
- Fire (I'm sure SOME companies have a Milton working for them)
- Earthquake
- Tornado
- Hurricane
- People unexpectedly parking their vehicles in your building, violently.
- Pissed off employees with physical or electronic access to the data
- Theft/burglary
And let's not forget good old human nature. "Oops, I didn't mean to delete that..."
"He who laughs last usually had a VERIFIED backup."
All we need now is the castle and Lego French Knights to taunt the English King and his men below...
And a Lego Cow.
RUN AWAY!!
It may not be all about speed for him. From the second paragraph of the article:
;-)
> I used to feel a numbness of the backs of my hands after a long day with QWERTY,
> but I don't with Dvorak.
I type at over 100 WPM on a QWERTY keyboard, and I had much the same thought as you ("I'm fast enough, why bother?") However, when I read his statement implying that QWERTY may cause tendon/muscle fatigue more than DVORAK, I saw for the first time why I _might_ want to make the effort to teach my brain another key-mapping.
Something to balance it all out though: the frustration of trying to break nearly two decades of learned experience as to where those keys are might just kill me, and I doubt I'd see much benefit to a different key-mapping then.
> but isn't there a point where users have got to share some of the blame?
;-)
Wouldn't that be ALL of the time? Delete their files, erase their account, and lock them in the tape safe.
"Bastard Operator from Hell" articles here... Enjoy.
Sometimes it isn't the content that gives you away, it's the fact that you're sending traffic between point A and point B, and B talks to C, D, and E.
That can be enough to tip off the wrong someone.
Likewise, if you start sending graphic files back and forth where you USED to be sending other types of traffic, whatever entity might be watching those transmissions is likely to catch on. Let's not even go INTO how you're sending MORE data rather than less. Me, I'd be shooting for a method that breaks the communication up, sends it in with a bunch of other garbage to multi-pointed destinations at random times, strongly encrypted en-route so sender and receiver are masked...
Oh wait, that sounds a lot like a mixmaster remailer.
And yes, I know, mixmaster and PGP are not an option for environments where the very use of same is enough to get you drawn and quartered.
If Worldcom's failure were to bring a heightened sense of overall awareness about why you really DON'T want to put all your eggs in one basket, this may end up being a good thing.
If enough key (read: rich) players and businesses are seriously inconvenienced (read: lose a lot of revenue) because a key point of potential failure actually failed, then certain monopolies that have predatory practices might be trusted a lot less by default, with people seeking out alternatives "just in case".
Anyone who runs SuSE Linux from version 6.4 through version 8.0 inclusive may be interested in this.
SuSE's "SuSE-Security-Announce" mailing list released this post today regarding their response to the OpenSSH vulnerability. It contains a ton of information, and FTP links to update your OpenSSH packages for the aforementioned versions of SuSE's distribution.