Please note: the viewport design is copied from Steve Den Beste's excellent blog, USS Clueless. Used with permission.


Saturday, August 09, 2003  

via dervala.net

Your Finger, Idiot


Far below, the Urubamba river wound through the valleys. Behind was a snowy, jagged peak. We asked Leo the name of the mountain.

'Veronica.'

'Veronica? How can a mountain be called 'Veronica'? What's the one next to it called, Susan?'

'A European lady called Veronica was the first person to climb it, about forty years ago. So they named it after her. All the placenames around here are fairly arbitrary. For example, when Hiram Bingham discovered this area in 1911, he asked the locals what the ruins were called. They told him 'macchu pichu'—Quechua for 'the old ruins'. Of course he thought it was some mystical Inca name, gringo fool. Half the placenames in Peru mean things like 'A mountain' or 'Your finger, idiot', when the foreign archaeologists asked 'What's that?' They wrote 'em all down.'

posted by Gary Williams at 11:48 PM | link |
 

via Quark Soup

Quote of the Day

I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone."

-- Bjarne Stroustrup, computer science professor,
designer of the C++ programming language (1950- )

posted by Gary Williams at 8:47 PM | link |
 

Aimee Deep
Aimee Deep

via MusicPundit

Aimee, Where Are You...

Run with a ruminant
RIAA spokesgoat
Aimee Deep on MusicPundit.com (sometimes called The Aimster) used to post fairly regularly. But there was some news-babble about the federal courts maybe upholding the pigopolists dingbats. Anybody know?

Aimee, come back, please. Let us know what's happening...

(Last post I can find was July 5...)

posted by Gary Williams at 7:04 PM | link |
 

via Joanna Jacobs.com

To Be Alive Or To Be Dead...

"No Fear Shakespeare" translates the Bard into modern, middle-class English.

"The question is: is it better to be alive or dead? Is it nobler to put up with all the nasty things that luck throws your way, or to fight against all those troubles by simply putting an end to them once and for all? Dying, sleeping -- that's all dying is -- a sleep that ends all the heartache and shocks that life on earth gives us -- that's an achievement to wish for. To die, to sleep--to sleep, maybe to dream. Ah, but there's the catch: in death's sleep who knows what kind of dreams might come, after we've shaken off the flesh from our souls. That's certainly something to worry about . . ."


Bowman points out that "nasty things" is not the same as "slings and arrows," nor is "earth gives us" an equivalent of "flesh is heir to." "Consummation" doesn't mean "achievement" and "coil" doesn't mean "flesh."

On the other hand, it's quite true that the Wife of Bath's husband wasn't named Bath.

posted by Gary Williams at 6:01 PM | link |
 

via WIL WHEATON DOT NET

zing!

Arnold Schwarzenegger: Finally, a public official who can explain the administration's social policies in the original German.
--Bill Maher

posted by Gary Williams at 5:47 PM | link |
 

via In The Pipeline

Viva In Vivo?

Yesterday's post about the possible end of target-based drug discovery brought in some interesting mail. The feedback was more about the possible return of in vivo screening, actually. As it turns out, there are already some small companies out there taking a crack at this idea. I'm going to look them over and report back in more detail.

Whatever form it takes, it won't be a rerun of the old days. We have a lot more compounds to test, for one thing, and the standard dose-a-bunch-of-mice protocol from the 1960s just isn't going to be able to handle them. And we have so many more readouts now. At the very least, if you get into serious in vivo screening, there's going to be a heavy use of gene-chip assays in an attempt to see what's going on at a molecular level. They're already being used on a lot of fishing expeditions, from what I can see.

One (more targeted, and perhaps more interpretable) use of the expression assays would be the 'tox-chip' kind, where you look at a lot of enzymes that get upregulated in an animal when it has to deal with something really poisonous. To that end, I've heard a colleague say 'Wouldn't it be nice if we could just dose every compound we have, in a few mice per compound, and get rid of all the stuff that's just too toxic to use as a lead?'
[more]

posted by Gary Williams at 1:57 AM | link |
 

via abuddhas memes - miscellaneous
When the voices of children are heard on the green
And laughing is heard on the hill,
My heart is at rest within my breast
And everything else is still.
-Blake-

posted by Gary Williams at 1:07 AM | link |
 

via whiskey river

Taking Life Seriously

"I think that taking life seriously means something such as this: that whatever man does on this planet has to be done in the lived truth of the terror of creation, of the grotesque, of the rumble of panic underneath everything. Otherwise it is false. Whatever is achieved must be achieved with the full exercise of passion, of vision, of pain, of fear, and of sorrow."
- Ernest Becker

posted by Gary Williams at 1:03 AM | link |


Friday, August 08, 2003  


GRACE gravity map
Click for
58K image


GRACE gravity map
Click for
972K image



GRACE gravity map
Click for
1.58mb image


via NASA Astronomy Picture Of The Day http://antwrp.gsfc.nasa.gov/apod/ap030723.html

GRACE Maps the Gravity of Earth


Credit: GeoForschungsZentrum Potsdam, CSR U. Texas, JPL, NASA

Explanation: Why do some places on Earth have higher gravity than others? Sometimes the reason is unknown. To help better understand the Earth's surface, slight distance changes between a pair of identically orbiting satellites named GRACE have been used to create the best ever map of Earth's gravitational field. High points on this map, also colored red, indicate areas where gravity is slightly stronger than usual, while in blue areas gravity is slightly weaker. Many bumps and valleys on the map can be attributed to surface features, such as the North Mid-Atlantic Ridge and the Himalayan Mountains, but others cannot, and so might relate to unusually high or low sub-surface densities. Maps like this also help calibrate changes in the Earth's surface including variable ocean currents and the melting of glaciers.
Note: for links not shown here, click here.

posted by Gary Williams at 10:13 PM | link |
 

Goat for runningvia The Atlanta Journal-Constitution

Running with a ruminant

By TUCKER McQUEEN
The Atlanta Journal-Constitution

Vinny Matassa has got his goat -- literally. He jogs three to four times a week in Kennesaw Mountain National Battlefield Park with his pet goat, Libby.

The pair are head-turners as the stocky Matassa and the lean Libby sprint through the woods.

On a run last week, several joggers stopped after seeing them, laughed and kept going. One couple thought the goat was a dog until they saw horns.
[more]

posted by Gary Williams at 4:28 PM | link |
 

RPC DCOM Worms In The Wild?

From: Richards, Jeremy B.
Date: Friday, August 08, 2003 1:26:36 PM
To: 'intrusions@incidents.org'
Subject: Re: RPC DCOM worm in the wild?

We will not see a worm for the RPC (tcp/135) DCOM exploit for a little while... at least not from the publicly released code for a few reasons:

1.) The released code uses hard coded return addresses. Meaning unless you know the exact OS and SP level of the remote system you are simply going to crash the box and (hopefully) the machine will just reboot. There are alternatives to this messy code of course (described in a paper written by, you guessed it, LSD, in 2002)

2.) The exploit is noisy... it causes RPC to fail when the console is closed... this also causes a reboot... a quick look at the exploit code suggests this is avoidable however, again, a REAL coder would have to get down-n-dirty.

YES.. the exploit works.. it's hit and miss but it's gonna be a while before we see any worms 0wning machines... now.. a massive DoS attack is possible.. thats a scary notion just on its own...

While we are talking scary... how about if someone gets the sploit working over UDP (Yes, RPC listens on 135/udp as well) ... if that happens we'll see IP/Ports getting spoofed... and tricks like source port 53 could be used to trick firewalls into thinking its a DNS responce... we'd be looking at 1 packet infections and a VERY quickly spreading worm.

Of course.. these are just my opinions... anyone else care to share?

-----Original Message-----
From: whitehats@sympatico.ca
Sent: 08/08/2003 12:12:05 PM
To: intrusions@incidents.org
Subject: RPC DCOM worm in the wild?

Greetings folks,

An aquaintance sent me an update and some analysis of this exploit. They had it working and returning a shell.

Publicized on the Internet are some warnings of a worm. The exploit code is public and has been for a little while. Check out the following URI's for more info:

http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

http://www.cert.org/advisories/CA-2003-16.html

http://www.hackerboard.de/thread.php?threadid=5462&sid=

http://lists.insecure.org/lists/fulldisclosure/2003/Aug/0307.html

If you have not patched already or at least blocked Windows SMB and NetBIOS ports now is the time to do so...

I'm already seeing examples of 0wn3d hosts being used for nefarious activity that I suspect were taken over with this exploit.

Regards,
Jamie French


Update: Andrew Simmons Replies To Jeremy Richards


From: Andrew Simmons
Date: Friday, August 08, 2003 1:45:08 PM
To: Richards, Jeremy B.
Cc: intrusions@incidents.org
Subject: Re: RPC DCOM worm in the wild?


Richards, Jeremy B. wrote:

>
> We will not see a worm for the RPC (tcp/135) DCOM exploit for a little
> while... at least not from the publicly released code for a few reasons:
>
> 1.) The released code uses hard coded return addresses. Meaning unless
> you
> know the exact OS and SP level of the remote system you are simply going
> to
> crash the box and (hopefully) the machine will just reboot. There are
> alternatives to this messy code of course (described in a paper written
> by, you guessed it, LSD, in 2002)
>


The 'universal offsets' (actually one each for W2K and XP) have been
public for quite some time now... the oc192-dcom exploit works very nicely
and, as advertised, doesn't crash the RPC service.

I have no idea when a worm might appear, and I'm loathe to join in the
prediction game in this case.


\a


Further Update: Exploits Hit 2400 Machines At Stanford And Other Stories



From: Carles Fragoso i Mariscal
Date: Friday, August 08, 2003 2:18:34 PM
To: Richards, Jeremy B.
Cc: intrusions@incidents.org
Subject: RE: RPC DCOM worm in the wild?


Hello Jeremy,

I would like to add to point 2, that two days ago a 'non-noisy' exploit
was posted at PacketStorm Security site:

http://packetstorm.linuxsecurity.com/0308-exploits/oc192-dcom.c

It is said that this new shellcode prevents the RPC service from crashing
though I haven't tried it yet. Maybe someone on the list could confirm that.

I do really agree with you about the fact that the release of a worm
would be difficult because of the different OS's and SP's. Maybe we will
see some language-focused worms (it is only a personal thought).

About using a source UDP port such as 53 or other well-known UDP ones,
it shouldn't be a problem because usually client responses go from
any port to an ephemeral port (greather than 1024) with a few exceptions
(DNS is one of them, src 53 and dst 53)

Regards,

-- Carlos

From: James C. Slora, Jr.
Date: Friday, August 08, 2003 2:19:22 PM
To: Richards, Jeremy B.; intrusions@incidents.org
Subject: RE: RPC DCOM worm in the wild?


Richards, Jeremy B. wrote Friday, August 08, 2003 1:23 PM

> We will not see a worm for the RPC (tcp/135) DCOM exploit for a little
> while... at least not from the publicly released code for a
> few reasons:

I look at it a little differently.

IRC bot RPC autorooter Cirebot http://www.sarc.com/avcenter/venc/data/backdoor.irc.cirebot.html has been out for a week. There is about zero difference between an autorooter and a worm. Cirebot initially was distributed with the autorooter set for manual startup. Change one flag and you pretty much have a worm. It is also set to target specific IP address ranges, but that is easily changeable too.

> 1.) The released code uses hard coded return addresses. Meaning unless you
> know the exact OS and SP level of the remote system you are simply going to
> crash the box and (hopefully) the machine will just reboot. There are
> alternatives to this messy code of course (described in a paper written by,
> you guessed it, LSD, in 2002)

Solved in current public exploits.

> 2.) The exploit is noisy... it causes RPC to fail when the console is
> closed... this also causes a reboot... a quick look at the exploit code
> suggests this is avoidable however, again, a REAL coder would have to get
> down-n-dirty.

Solved in current public exploits.

> YES.. the exploit works.. it's hit and miss but it's gonna be a while before
> we see any worms 0wning machines... now.. a massive DoS attack is
> possible.. thats a scary notion just on its own...
>
> While we are talking scary... how about if someone gets the sploit working
> over UDP (Yes, RPC listens on 135/udp as well) ... if that
> happens we'll see IP/Ports getting spoofed... and tricks like source port 53
> could be used to
> trick firewalls into thinking its a DNS responce... we'd be looking at 1
> packet infections and a VERY quickly spreading worm.
>
> Of course.. these are just my opinions... anyone else care to share?

Yes, I agree there is a potential for a worm that is much worse than we have previously seen.

.

From: Tina Bird
Date: Friday, August 08, 2003 2:51:59 PM
To: Richards, Jeremy B.
Cc: 'intrusions@incidents.org'
Subject: Re: RPC DCOM worm in the wild?


On Fri, 8 Aug 2003, Richards, Jeremy B. wrote:

> We will not see a worm for the RPC (tcp/135) DCOM exploit for a little
> while... at least not from the publicly released code for a few reasons:

yeah, bad news, jeremy, but stanford's got 2400 machines, the vast
majority of which have been hit by an auto-propagating worm. here are my
reports:

http://securecomputing.stanford.edu/alerts/windows-rpc-update-7aug2003.html

http://securecomputing.stanford.edu/alerts/windows-rpc-update-5aug2003.html

http://securecomputing.stanford.edu/alerts/windows-rpc-16jul2003.html

ugh.

tbird

--
A computer lets you make more mistakes faster than any invention in human
history - with the possible exception of handguns and tequila.

-- Mitch Ratliff

http://www.precision-guesswork.com
Log Analysis http://www.loganalysis.org
VPN http://vpn.shmoo.com
tbird's Security Alerts http://securecomputing.stanford.edu/alert.html


.

From: Tina Bird
Date: Friday, August 08, 2003 3:08:31 PM
To: Richards, Jeremy B.
Cc: 'intrusions@incidents.org'
Subject: Re: RPC DCOM worm in the wild?


this is a bit unclear (not enough sleep). we have a hell of a lot more
machines than that :-)

we have at least 2400 machines which have been compromised via the RPC
DCOM vulnerability.

*whew*

posted by Gary Williams at 1:46 PM | link |
 

via The New York Times (registration required)

Neighborly Vultures

There is really nothing adorable about vultures, adorable in human terms, that is. Most of the other animals that have learned to cohabit with humans — to cause trouble in the suburbs, that is — look comparatively warm and fuzzy, endearing enough if they are not eating your roses or your garbage. But a vulture has only the beauty of adaptation, of pure function, and its function — feeding on animal remains — is not a glamorous one. Even the chicks look like skinheads with switchblade beaks.

Some places, especially in the South, have gotten way more exposure to vultures than they want in recent years. Sooner or later, nearly every wild animal that tolerates the presence of humans reaches the limits of human tolerance. It just takes a little longer for the cute ones. Most Americans like nature, but they like it to stay in its place, especially if it means a roosting colony of vultures that smell like what they eat. Yet vultures who choose to live near humans do so because that is where the food is. They create the ultimate not-in-my-backyard problem. Because they scavenge animal remains, including roadkill, they play a critical role in the regenerative cycle of nature.

But no one wants to wake up and find a colony of roosting vultures doing their regenerating just over the fence.

Reducing the attractions, like the improper disposal of dead animals, is the critical first step to controlling the problem. Pablo Neruda once called the vulture "God's spy." That wouldn't make one any more welcome as a neighbor, would it?

posted by Gary Williams at 11:05 AM | link |
 

via In the pipeline

Targeting Targets

The latest issue of Nature Reviews: Drug Discovery has a wonderful article by Hugo Kubinyi, titled 'Drug research: myths, hype and reality.' The text isn't free on Nature's site, but fortunately you can download a PDF of the article from the author's site.

He takes on several concepts that you can't walk through a drug company without tripping over. They each deserve discussion at length, and I'll try to give them their due over the next few days. One that I've heard people discuss - very quietly, because it's nearly heretical to challenge it - is the dominance of target-based drug discovery.
[more]

posted by Gary Williams at 2:59 AM | link |
 

via Uncertain Principles
They really nailed it with my horoscope for this week, though:
Your plans to find love, fortune, and happiness utterly ignore the Second Law Of Thermodynamics.

Ain't that always the way?

posted by Gary Williams at 2:51 AM | link |
 

via Abuddhas memes: physics

Tesla On Spirituality

How Cosmic Forces Shape Our Destinies is a remarkable essay by Nicholas Tesla that demonstrates his polymathic spirit-uality; and his retrospective age.

'Every living being is an engine geared to the wheelwork of the universe. Though seemingly affected only by its immediate surrounding, the sphere of external influence extends to infinite distance. There is no constellation or nebula, no sun or planet, in all the depths of limitless space, no passing wanderer of the starry heaven, that does not exercise some control over its destiny -- not in the vague and delusive sense of astrology, but in the rigid and positive meaning of physical science.'

posted by Gary Williams at 2:24 AM | link |
 

via ikastikos

bon voyage

Yesterday it rained. Only for 20 minutes but it was the first rain we've had in four months. It was exciting. I opened all the windows and laughed.

This will be my last post until the end of the month because tomorrow we're leaving for Corsica. We'll be there for a couple of weeks and then off t0 Sardegna. I can't wait to walk on the sand!

Buone Vacanze to all my friends out there!

posted by Gary Williams at 2:18 AM | link |
 

via whiskey river

What We Want Art To Do For Us...

"What we want art to do for us is to say what is fleeting, and to enlighten what is incomprehensible, to incorporate the things that have no measure, and immortalize the things that have no duration."
- John Ruskin

posted by Gary Williams at 2:01 AM | link |


Thursday, August 07, 2003  

Cockbanboo via William Gibson

THINGS TO DO IN TOKYO

Re the recent thread, here, in no particular order, are the things that I'd be sad if I hadn't managed to do all of on a given visit:

Go to Shinjuku and hang out in the streets. Do this by day, but also, most particularly, and preferably at great length, at night. Eat things from street stalls. Shinjuku at night is one of the human world's greatest wonders.

Shinjuku Watch Kan, a multi-floor watch depato, for esoteric Japan-only Casio, and, often, clearance prices on discontinued Japan-only Seiko. (The Japanese won't export their coolest watches, for some reason.) I like watches. I also like crazed, in-depth retail operations offering thousands of different varieties of the same object -- something the Japanese to with great vigor.

Go to Tokyu (not Tokyo) Hands, a sort of hobbyist department store (and much, much more). if you like the retail experience, and like any of the sorts of things I like, an initial visit to Tokyu Hands is good for about four hours of in-depth browsing and a solid denting of wallet-plastic.

Go to whatever branch of Parco, probably more to marvel than to spend. If you haven't already done so at Tokyu Hands, buy an all-synthetic wallet or shoulder-bag by either Porter or Luggage Label (both brands of Yoshida & Co.). They last forever.Programmer-wallaby

The Akihabara experience. Try to give equal time to the areas that sell last year's stuff that nobody wanted, Soviet-made vacuum tubes, etc.

Kiddyland, near Harajuku. Multi-floor toys. Beyond Hello Kitty. Way beyond.

Harajuku -- preferably when the kids are out in force, as this is more a people-watching than a shopping experience (for me, anyway).

Eat. Lots. Okonomiaki, the pizza-looking stuff, which actually seems to be griddle-fried cole slaw (or something that looks like it) is, as one of our posters indicates, not be missed. (If you're in Vancouver and want to try okomomiaki, find a place called The Modern Club on Dunbar.)


Oh, yeah, go see the Giants play the Patriots -- I'm watching the NFL preseason game as I wrote/copied this... Oops! The TV just said they're not in Japan, they're in Foxboro, Mass... Earlier there was some comments about sushi and I had thoughts about football giants and Japan's smaller population...

posted by Gary Williams at 9:29 PM | link |
 

via abuddhas memes

Physics


...from page 249 of The Anthropic Cosmological Principle by John Barrow and Frank Tipler:

"In a randomly infinite Universe, any event occurring here and now with finite probability must be occurring simultaneously at an infinite number of other sites in the Universe. It is hard to evaluate this idea any further, but one thing is certain: if it is true then it is certainly not original!"

posted by Gary Williams at 2:37 AM | link |
 

via ::: wood s lot ::: "the fitful tracing of a portal"
from
in the dark that turns upon itself
Dave Pollard
there is no comfort in the dark
nor in the glare of streetlamps,
reading lights, television screens,
distractions from the emptiness
that will not go away:
at least in darkness there's
the seratonin drip, the dim flicker
of awareness -- we say, please, not again,
so tired of not being able to say
no more

posted by Gary Williams at 2:31 AM | link |
 

via whiskey river
"And if we found you, standing transfixed, would that be the beginning of the poem? Would you begin to write right then?"
- Mary Oliver

° ° °


"A writer's inner life matters: it is hard to imagine that anything matters more. Nor is this inner life something that anyone else is privy to, unless and until the writer wants to share it. It is a private, secret hotbed of activity, an unruly, unquiet, unholy cauldron bubbling with the best and the worst thoughts a person can think."
- Eric Maisel

° ° °


"What is this thing that has us chewing at our own selves, grating ourselves against our own sharp sieve? It is the act of stepping back. It is the act of separating, and judging. It takes only one because the one becomes two.
The self separates from the self. It points a finger and declares, "You are good" or "You are bad." Either one, it doesn't matter. The first statement usually flips over to become the second. And vice versa. Either way, the separated self is not doing the writing. Envious, the self is thinking about the writing, thinking about the self, rocking in its dark corner."
- Bonnie Friedman

posted by Gary Williams at 2:23 AM | link |


Wednesday, August 06, 2003  

via James Dunnigan on StrategyPage

No one wants to set up a business in a country where the people hate each other in 34 different languages

To stop the fighting, you have to intimidate the teenage gunmen into giving up their weapons and force them to go back to subsistence farming, because that's all that's left. Billions of dollars in infrastructure has been destroyed, and donors are not lining up to replace it. Firestone is gradually leaving and other foreign firms only want to come in quickly and take diamonds or lumber. No one wants to set up a business in a country where the people hate each other in 34 different languages. There are no easy answers to the problems in Liberia, there aren't many hard answers either. Africa's last colony wants someone to come in and put the pieces back together. But no one is eager to do the job. Neighboring African countries, who have a direct interest in maintaining peace in the region, want the United States to help subsidize the peacekeeping. Even the neighbors don't want to get lost in Liberia.
[more]

posted by Gary Williams at 9:53 PM | link |
 

Communist Party condemns nanotechnology, capitalism, profits

From Declan McCullagh's Politech


From: declan@well.com
Date: Wednesday, August 06, 2003 12:53:09 AM
To: politech@politechbot.com
Subject: FC: Communist Party condemns nanotechnology, capitalism, profits


Howard's blog links to this, which apparently is a Marxist/Communist Party
article:
http://pd.cpim.org/2003/0803/08032003_snd.htm

-Declan

---------- Forwarded message ----------
Date: Mon, 4 Aug 2003 15:09:24 -0400
From: Howard Lovy <howardlovy@smalltimes.com>
To: declan@well.com
Subject: Grey Goo will bury you

Workers of the world, unite. You have nothing to lose but your pants
stains.
http://nanobot.blogspot.com/2003_08_03_nanobot_archive.html#106001713098
939637


Howard Lovy
News Editor
Small Times Media
734.528.6289
howardlovy@smalltimes.com
---------------------------------------------------------------
* Visit http://www.smalltimes.com
for daily news and information about the small tech industry
including nanotechnology, MEMS and microsystems.
---------------------------------------------------------------

-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------



posted by Gary Williams at 2:39 AM | link |
 

Dave Touretzky on court order censoring Scientology parody film

From Declan McCullagh's Politech

From: declan@well.com
Date: Wednesday, August 06, 2003 12:35:16 AM
To: politech@politechbot.com
Subject: FC: Dave Touretzky on court order censoring Scientology parody film



---------- Forwarded message ----------
Date: Fri, 01 Aug 2003 02:13:31 -0400
From: Dave_Touretzky@cs.cmu.edu
To: declan@well.com, jya@pipeline.com
Subject: injunction against The Profit

Here's a new web site with information about The Profit, the independent film Scientology doesn't want anyone to be allowed to see:

http://www-2.cs.cmu.edu/~dst/TheProfit/

The site contains a scan of the actual 3-page injunction issued by Senior Circuit Judge Robert E. Beach; this document has never before been available online. Judge Beach crossed out the proposed language limiting the scope of the injunction to the geographical jurisdiction of his court, so the injunction he issued in April 2002 applied worldwide, and continues to this day. It has completely prevented release of the film.

This type of denial of First Amendment rights is unprecedented in the history of US cinema.

The Profit's web site is http://www.theprofit.org

-- Dave Touretzky


-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------


posted by Gary Williams at 2:35 AM | link |
 

Annalee Newitz on copyright violations: "Why I Infringe"

From Declan McCullagh's Politech


From: declan@well.com
Date: Wednesday, August 06, 2003 12:18:24 AM
To: politech@politechbot.com
Subject: FC: Annalee Newitz on copyright violations: "Why I Infringe"

---------- Forwarded message ----------
Date: Thu, 31 Jul 2003 18:18:24 -0700 (PDT)
From: Annalee Newitz
To: declan@well.com
Subject: why I infringe

Hey Declan, thought this piece might amuse the politechnicals, especially during Black Hat/Defcon week. It's an opinion piece about why I love to violate copyright . . .

It's called "Why I Infringe."

http://www.alternet.org/story.html?StoryID=16511
=====
Annalee Newitz
tech * pop * sex
415.487.2559 - cell: 415.378.4498
www.techsploitation.com


-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------


Replies to Annalee Newitz's copyright article "Why I Infringe"



From: declan@well.com
Date: Wednesday, August 06, 2003 11:15:45 AM
To: politech@politechbot.com
Subject: FC: Replies to Annalee Newitz's copyright article "Why I Infringe"

---

Date: Tue, 5 Aug 2003 21:33:29 -0700
From: Ray Everett-Church <ray@everett.org>
To: declan@well.com
Cc: 'David Lawrence' <david@onlinetonight.net>
Subject: RE: Annalee Newitz on copyright violations: "Why I Infringe"

> Hey Declan, thought this piece might amuse the
> politechnicals, especially during Black Hat/Defcon
> week. It's an opinion piece about why I love to
> violate copyright . . .
>
> It's called "Why I Infringe."
> http://www.alternet.org/story.html?StoryID=16511

And when you pass around the full text of her article and repost it to your own website, make sure to include the legend "C 2003 Independent Media Institute. All rights reserved. Reproduction by Syndication Service only." for maximum ironic effect.

-Ray

---

Date: Wed, 6 Aug 2003 00:24:23 -0500
From: Thomas A Giovanetti <tomg@ipi.org>
To: declan@well.com
Cc: Bartlet Cleland <Bartlet_Cleland%org@org>, policyguy1 <mmatthews@ipi.org>
Subject: Re: FC: Annalee Newitz on copyright violations: "Why I Infringe"

At least she's intellectually honest. She understands that attacks on IP are anti-capitalist and socialist.

It's those who attack strong IP protection but who consider themselves supporters of the free market who are intellectually dishonest.
_____
Tom Giovanetti
President
Institute for Policy Innovation (IPI)
http://www.ipi.org
tomg@ipi.org

---

Date: Wed, 6 Aug 2003 01:37:23 -0400
From: Philo <philo@radix.net>
To: Declan McCullagh <declan@well.com>
Subject: Re: [newsletter] FC: Annalee Newitz on copyright violations: "Why
I Infringe"

Hey Declan, you might be interested in something I just wrote called "Why I infringe"
You can see it at http://www.saintchad.org/blog/scrawlings.html

Basically, I don't understand why the so-called "professional writers" should get all the credit for publishing stuff...

Now if you'll excuse me, I've just found a neat website belonging to some columnist in San Francisco I think I'm going to copy wholesale and put my name on.

Sincerely,
Philo

---

Date: Wed, 6 Aug 2003 00:07:05 -0700
From: "Jenal, Jim" <JJenal@OMM.com>
To: 'Declan McCullagh ' <declan@well.com>
Subject: RE: Annalee Newitz on copyright violations: "Why I Infringe"

Declan --

It is always entertaining to see self-interest masquerade as principle; but Ms. Newitz' self-justification -- e.g., she purchases multiple CDs when she can be sure the money goes to the artist -- does not bear scrutiny. Regardless of the deal the artist struck with the record label/studio that distributed her music (or produced her film, etc.,) that does not for an instant change the fact that Newitz' infringing actions are nothing more
than theft against those who paid for the right to sell that product.

Ray Bradbury's sobering novel was not a screed against capitalism, it was a protest against censorship. A copyright owner's pricing structure/business model is not the equivalent of state-decreed destruction of art. To suggest otherwise simply reveals Ms. Newitz for what she is -- a petty thief and a third-rate intellect.

Regards,

Jim Jenal
Adjunct Professor of Law
Loyola Law School, Los Angeles

---


-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------


posted by Gary Williams at 2:30 AM | link |
 

Your Cell Phone Is Probably A GPS Tracker

From Declan McCullagh's Politech


From: declan@well.com
Date: Tuesday, August 05, 2003 11:52:27 PM
To: politech@politechbot.com
Subject: FC: Your cell phone is probably a GPS tracking device


[Read on for Brendan Koerner's left-leaning, anti-corporate opinion piece. It makes some valid points, such as the unclear rules governing wireless companies sharing your GPS location with police. But Koerner fails to recognize that it was Congress that mandated tracking technology and place the blame appropriately, and fails to note that it is the FCC's regulatory apparatus (again, thanks to Congress) that prevents companies from offering more flexible, privacy-sensitive services. He also fails to recognize that wireless competition is alive and well, with half a dozen large providers in the U.S. -- and if one company is too intrusive with GPS-enabled ads, others will be happy to seize that opportunity to offer better alternatives. --Declan]


---------- Forwarded message ----------
Date: Sun, 3 Aug 2003 10:16:10 -0400
From: Monty Solomon
Subject: Your Cellphone is a Homing Device

Your Cellphone is a Homing Device

Don't want the government to know where you are? Throw away your cell, stop taking the subway, and pay the toll in cash.

By Brendan I. Koerner

IF YOU PURCHASED A NEW CELLPHONE over the past 18 months or so, odds are that one of the features listed in small print on the side of the box was "E911 capable." Or, as in the case of my latest Motorola, "Location technology for piece [sic] of mind." Perhaps you asked the salesman to explain the feature, and he replied that it means that cops can home in on your phone in case of an emergency, a potentially important perk should you ever find your hand pinned beneath an immovable boulder in rural Utah, as Aron Ralston did recently. Assuming he could have gotten a signal, an E911-capable phone might
have saved the young backpacker the pain of having to amputate his own arm.

What your salesman probably failed to tell you-and may not even realize-is that an E911-capable phone can give your wireless carrier continual updates on your location. The phone is embedded with a Global Positioning System chip, which can calculate your coordinates to within a few yards by receiving signals from satellites. GPS technology gave U.S. military commanders a vital edge during Gulf War II, and sailors and pilots depend on it as well. In the E911-capable phone, the GPS chip does not wait until it senses danger, springing to life when catastrophe strikes; it's switched on whenever your handset is powered up and is always ready to transmit your location data back to a wireless carrier's computers. Verizon or T-Mobile can figure out which manicurist you visit just as easily as they can pinpoint a stranded motorist on Highway 59.

.....

http://www.legalaffairs.org/issues/July-August-2003/feature_koerner_julaug03.html

-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------


Replies to "Your cell phone is probably a GPS tracking device"



From: declan@well.com
Date: Wednesday, August 06, 2003 10:43:12 AM
To: politech@politechbot.com
Subject: FC: Replies to "Your cell phone is probably a GPS tracking device"

---

Date: 06 Aug 2003 16:22:55 +1200
From: Steve Withers <swithers@mmp.org.nz>
To: Declan McCullagh <declan@well.com>
Subject: Re: FC: Your cell phone is probably a GPS tracking device

Who wants to carry a homing beacon for the Department of Homeland Security?

--
Steve Withers <swithers@mmp.org.nz>

---

Date: Wed, 6 Aug 2003 06:12:59 +0200 (CEST)
From: Thomas Shaddack <shaddack@ns.arachne.cz>
To: Declan McCullagh <declan@well.com>
Subject: Re: FC: Your cell phone is probably a GPS tracking device

If the phone tracking is only for 911 service, as declared, there is no reason why the carriers should be updated about its position at all times.

Why not make the phone firmware to keep its position to itself, and disclose it only when 9-1-1 is dialed? Then only the 911 service will get the location data, and privacy (within the limit of cell density of the network, which is unpleasantly accurate but still orders of magnitude less precise than GPS) is maintained for all other operations.

That so simple solution wasn't selected suggests possible "side intentions" with the realtime location data, being it profiling of people by law enforcement agencies, or just "mere" annoying with advertising.

However, self-help could still be possible. You may take the risk and give up on the 911 getting your position and physically damage the telephone; you may remove or disable the chip, or if it'd be too tightly integrated with the rest of the phone maybe adversely affecting the antenna gain in the GPS band could help as well (eg, a bandpass filter?). Or you may be more selective, and make a tiny GPS jammer with very low output power, that would feed its output directly into the phone's receiving antenna, or to its immediate vicinity; that way you will jam only your own phone without adversely affecting anything more than a foot away. As a beneficial side effect, the lower output power you use, the less it eats the batteries. Possibly a low-power variety of the one published in Phrack
60. The GPS coverage, especially in buildings and tunnels, is so bad that the telcos can't link their service to active GPS positional reporting.

The easiest way, if the phone construction allows it, is a modification with a small switch on the phone case, connected to some circuit inside the phone that disables the GPS signal reception. May be as simple as disabling the chip's clock, flipping the GPS_RECEPTION_ENABLE signal (if available on the chip's pins) or connecting a filter to the antenna. Then you have both: the telco gets your location data only when you need it.
Caveat: GPS needs sometimes up to couple minutes to acquire its position. That's good to keep in mind for case you'd need to supply the position.

The hope looks quite like a soldering iron tip.

---

Date: Wed, 6 Aug 2003 06:30:03 +0200 (CEST)
From: Thomas Shaddack <shaddack@ns.arachne.cz>
To: Declan McCullagh <declan@well.com>
Subject: Re: FC: Your cell phone is probably a GPS tracking device


One more comment to the article:

At the end of the article, the author states:

Trouble is, this doesn't really shut off the GPS chip*the satellites still know where you are. They just won't remind you of that fact.

That's not true. The satellites are transmitters-only; there is no way how the receiver on the ground can relay its position to the GPS satellites. For telling the position to somewhere else, a transmitter or transceiver of some kind is necessary. The GPS chipset itself is receive-only.

Of course, one then would like some assurance that the phone's firmware really keeps the data for itself when the I-Am-Here button isn't pressed. But that is something only someone equipped with cellular protocol analyzer (or someone reverse-engineering the phone's firmware) can answer reliably...

---

Date: Tue, 5 Aug 2003 23:10:52 -0600
From: Trammell Hudson <hudson@swcp.com>
To: Declan McCullagh <declan@well.com>
Cc: monty@roscom.com
Subject: Re: FC: Your cell phone is probably a GPS tracking device

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[ Warning: Technical digression ]

Monty Solomon <monty@roscom.com> wrote:
> [...] What your salesman probably failed to tell you-and may not even > realize-is that an E911-capable phone can give your wireless carrier > continual updates on your location. The phone is embedded with a > Global Positioning System chip, which can calculate your coordinates > to within a few yards by receiving signals from satellites. [...]

E911 does require that the mobile phone carrier be able to pinpoint the location of the phone to within a 50 meters for 67% of 911 calls and within 150 meters for 95% of calls. Logging position data and making it available to LEO is not covered in the E911 mandate.

There are several techniques for computing the position, such as Cell of Origin, Time Difference of Arrival, Angle of Arrival, Enhanced Observed Time Difference, GPS and Network Assisted GPS (AGPS).

COO accuracy depends on the cell configuration and ranges from 100 m for a low power city cell to 30 km for an analog cell out in the country side.

TDOA is reasonably accurate, but requires synchronized clocks in all towers. This is not cost effective for most applications.

AOA is also fairly accurate, but does require extra equipment in each tower. However, it does not require an accurate clock, so it costs less than TDOA.

Full GPS receivers in each phone are very expensive, require lots of power and only work with a good view of the sky. 50 m accuracy requires at least 3 good SVs in view. While many customers would really like this feature, I do not know of any phones in which it
has been implemented.

AGPS uses a reference GPS receiver in each tower that sends SV data to the mobile handset. The handset does not have a full GPS installed; instead it uses the SV data to receive the time pulses from a single SV and sends the time delta to the tower. The tower is
then able to compute the position of the phone via a differential calculation and log it for E991 compliance. It is typically accurate to 100 m indoors and 15 m outdoors.

Most new phones that are E911 capable or offer "Location Based Services" are built with AGPS. So they don't have a real GPS receiver that you could use, but the network can determine your position. It is a shame that this data is not made available to the phone or the end user -- I would love to be able to write applications for my Treo that know
where it is without having to add a clusmy external GPS.

Trammell
- --
-----|----- hudson@osresearch.net W 240-283-1700
*>=====[]L\ hudson@rotomotion.com M 505-463-1896
' -'-`- http://www.swcp.com/~hudson/ KC5RNF

-----BEGIN PGP SIGNATURE-----

iD8DBQE/MI3bMXvNuse+YRoRArBgAJ9tyJQp34/0m+5YKMYHF9I8nvQ6uQCfULFM
XO+IutqNjhYB/wYy9j3Ezrs=
=xMcD
-----END PGP SIGNATURE-----

---

Date: Wed, 6 Aug 2003 01:36:30 -0400 (EDT)
From: Timothy M. Lyons <lyons@digitalvoodoo.org>
To: Declan McCullagh <declan@well.com>
Subject: Re: [politech] FC: Your cell phone is probably a GPS tracking
device

Declan,

In regards to Brendan's piece, he makes some interesting and valid points. However there are phones that permit the owner to select either a GPS mode of E911 only or continuous. As always it's up to the consumer to understand the feature set of their mobile device and make purchase decisions based on their personal requirements. If enough consumers decide to only purchase phones with that functionality then I think you would see manufacturers scrambling to add that "feature."

I know my Verizon/LG VX4400 allows one to select the GPS (Location) mode by accessing the Location menu (option 8 off the main menu) and setting accordingly.

Regards,
--Tim

---

Date: Wed, 6 Aug 2003 01:50:48 -0400
From: Monty Solomon <monty@roscom.com>
To: Trammell Hudson <hudson@swcp.com>
Cc: Declan McCullagh <declan@well.com>
Subject: Re: FC: Your cell phone is probably a GPS tracking device

At 11:10 PM -0600 8/5/03, Trammell Hudson wrote:
>Full GPS receivers in each phone are very expensive, require lots >of power and only work with a good view of the sky. 50 m accuracy >requires at least 3 good SVs in view. While many customers would >really like this feature, I do not know of any phones in which it >has been implemented.

The Motorola T-720 apparently has GPS

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&selm=telecom22.597.14%40telecom-digest.org

---

Date: Wed, 06 Aug 2003 03:17:20 -0400
From: Joanna Lane <jo-uk@rcn.com>
To: declan@well.com
Subject: RE: Your cell phone is probably a GPS tracking device

Declan,
I know you don't post personal comments on politech, but the other side to this story is that GPS saves lives. No self respecting teenager would be seen without a cell phone with a GPS tracking device, it's this year's must have accessory. Mothers will gladly trade information about where they get their nails done if that's what it takes for our children to be found quickly in 911 situation. When glow in the dark GPS wristbands for pre-teens
appeared, encumbered by a separate service contract, predictably they crashed and burned. Not cool. Harnessing new cell phone technology as an aid to self preservation for the most vulnerable in society is a good reason to buy into it, notwithstanding that Verizon and T-mobile ought to be offering an opt-out for everything other than the 911 function, so that you can never know where I have my nails done, unless I tell you.

Joanna Lane

---

Date: Wed, 6 Aug 2003 03:20:54 -0700
From: Thomas Leavitt <thomasleavitt@hotmail.com>
To: declan@well.com
Subject: Re: Your cell phone is probably a GPS tracking device

http://www.wirelessweek.com/index.asp?layout=article&articleid=CA91014

Apparently, Korean women can track their husband's movements via their cellphones. I also vaguely recall hearing something about wives being able to follow their husband's movements via some type of commonly carried wireless device in Japan causing quite a bit of trouble.

Regards,
Thomas Leavitt

---

Date: Wed, 6 Aug 2003 09:21:31 -0400
From: Richard M. Smith <rms@computerbytesman.com>
To: declan@well.com, Richard M. Smith <rms@computerbytesman.com>
Subject: RE: Your cell phone is probably a GPS tracking device

Hi Declan,

My wife recently got a new Kyocera 7135 Smartphone with a GPS receiver in it. According to the Kyocera manual, the default for the phone is to only send out location information on 911 calls. However, when I was setting up the phone for my wife, I noticed that the location setting was changed to send out location position on all calls. My guess is
that this change was made by Verizon Wireless before we ever picked up the phone.

I'm not sure what Verizon's thinking is here, but I find it pretty annoying that we now have to do privacy audits on our cellphones to make sure companies are doing what they say.

Other 7135 owners can check the GPS setting themselves by clicking on "Phone Prefs" from the Palm home page, selecting "Phone Service" from the drop down menu, and making sure that "Position Location" is set to "911 Only".

On the flip side of things, the 7135 is the perfect location tracking device. Because it is a Palm PDA as well as a cellphone, it shouldn't be too difficult for a company to write a small application that logs the GPS position once a minute. A log file can uploaded later to a PC and viewed in a mapping program. Maybe this a new product idea for the
spousal spyware companies like SpectorSoft. ;-)

Richard M. Smith
http://www.ComputerBytesMan.com


[I recently bought a Nokia 3650 with GPS. At least the Kyocera phone lets you disable it; if such a menu exists on the Nokia, I haven't found it. --Declan]

-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------


posted by Gary Williams at 2:10 AM | link |


Tuesday, August 05, 2003  

Defcon Has Gotten Boring, Says maelstrom

From Declan McCullagh's Politech


From: declan@well.com
Date: Tuesday, August 05, 2003 11:24:32 PM
To: politech@politechbot.com
Subject: FC: A review of Defcon hacker convention, from maelstrom


[I enjoyed Defcon this year and am not as critical of it as maelstrom is.
--Declan]

---

Date: Sat, 02 Aug 2003 14:41:57 -0400
From: deleted
To: declan@well.com
Subject: An old fart's view of Defcon

Declan,
attached is my view of Defcon... it's not a pretty one. It has really changed for the worse in recent years.

If you publish this or quote from it, please use my alias: maelstrom (maelstrom@pobox.com). A lot of people would be really embarrassed if you use my real name as the source!

Regards,
deleted


The Hackers Have Gotten Boring
By maelstrom

It’s August in Las Vegas and the weather is acting decidedly strange – there’s a strong cool breeze, the skies are overcast, and it’s been spitting rain all day. It’s the 11th annual Defcon Hacker Conference at the Alexis Park Resort, and I’m amazed to see that the hackers are actually queuing up and standing in orderly lines to get into the registration area and the conference rooms. The Goths, the punks, the longhairs, and the hacker babes in scanty clothing are all here, but something is terribly wrong. The hackers have gotten predictable and <gasp> even boring.

I am one of the ancients of Defcon – I’ve been attending these conventions for eight years now. I’ve been coming to Defcon for a chance to meet people I’ve met via email, connect with friends, and to absorb the latest information on computer vulnerabilities. Of course the games and the parties were always fun, too: Spot the Fed, Hack the Flag, and Hacker Jeopardy. I’ve been grateful for the opportunity to learn, share, and engage in intellectually challenging conversations. But much of that has melted like sugar in the rain. The only thing good about Defcon this year are the t-shirts.

The first Defcon I attended was a small, intimate gathering of about 500 people. This year the rough count appears to be in the neighborhood of 7500. Where my first “Con” had an atmosphere of a grass roots organization and people were anxious to share their knowledge and form bonds of friendship, Defcon 11 is full of vacuous hangers-on and tired clichés of green hair, improbble body piercings, black clothing, and lots of chains. I had a difficult time even finding a hacker who was willing to share some of his skill with the son of a friend of mine. My request for assistance was met by jeers and snubs. This was not the attitude I expected from comrades.

And where are the famous hackers who helped create Defcon? They scuttle through the hotel using side doors and the protection of their bodyguard “goons” to avoid coming in contact with the scores of fans. You can’t talk to them. They won’t even acknowledge you in a crowd if you are not one of their “elite” members. They have taken on large egos normally associated with histrionic movie stars and I’m not even certain they still engage in hacking. They have become celebrities – roll out the red carpet but no pictures, please. But, bring out the boom mikes and TV cameras and they magically reappear.

The lectures and training sessions are recycled versions of the same old stuff. I haven’t heard a truly new idea at Defcon for about three years now. I kept coming in the hope that it would get better, but the material is too entry-level and mainstream to be of any interest to us old farts. Apparently the plethora of automatic, “you-don’t-have-to-know-what-you’re-doing” type of hacker tools has stifled the creativity of hackers to find new and interesting methods of cracking network systems. Instead of challenging conversations, all I hear is advice on how to chuck twelve beers and not barf.

I won’t stand in another line. I refuse to pay $5 for a bottle of water. I have no respect for the posers and even less for the celebrity hackers who snub young boys who want to learn at the hands of the masters. Maybe I’ll start my own hacker conference and tell everyone to leave their egos and automated hacking tools at the door.

-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------


posted by Gary Williams at 11:49 PM | link |
 

RIAA's "new spam"

From Declan McCullagh's Politech


From: declan@well.com
Date: Tuesday, August 05, 2003 4:47:33 PM
To: politech@politechbot.com
Subject: FC: Peter Swire's op-ed in Boston Globe: RIAA's "new spam"


[I'm back from Defcon, Black Hat, and a quick trip to Death Valley. I'm catching up on Politech now. --Declan]


---------- Forwarded message ----------
Date: Tue, 5 Aug 2003 14:18:10 -0400
From: Peter Swire <peter@peterswire.net>
To: declan@well.com
Subject: Boston Globe op ed on RIAA and the "new spam"

Declan:

The Boston Globe ran the following op ed last week while I was out of the country and you (I believe) were having fun at Defcon. Under the copyright agreement, you are welcome to distribute it in full if you like, and it will be posted shortly to www.peterswire.net.

Cheers,

Peter

Protecting Privacy from the "New Spam"

Peter P. Swire

Boston Globe, July 27, 2003, p. E11 (Op-ed)

The battle is heating up between the recording industry and those who download copies of their favorite music. The Recording Industry Association of America is bringing hundreds of lawsuits nationwide against home users of peer-to-peer (P2P) software, including students at Boston College and Massachusetts Institute of Technology.

Republican Senator Orrin Hatch of Utah recently used a Senate hearing to suggest that copyright owners should be able to warn home users once or twice, and then actually destroy the computers if the apparently infringing songs were not removed.

Overlooked in the heated rhetoric has been a victim of the RIAA's campaign - the privacy of all those who surf the Internet or send e-mail. On the RIAA view, your sensitive personal information on the Web would be available to anyone who can fill out a one-page form. Congress can and should step in to fix this problem immediately.

The problem began in late 2002, when the RIAA demanded that Verizon Online, an Internet service provider, identify one of its customers based on an accusation that the person may have violated copyright laws by swapping files.

Verizon declined, citing the threats to customer privacy, due process, and the First Amendment. Was Verizon overreacting? No.

The new process starts when any website operator, recipient of an e-mail, or participant in a P2P network learns the Internet Protocol address of the home user. These IP addresses are automatically communicated by the nature of the Net, but until now only the ISP could
usually match an IP address with a user's identity.

When a copyright holder fills out a one-page form, however, a federal court clerk must now immediately issue a subpoena. That subpoena orders the ISP to turn over the name, home address, and phone number that matches the IP address.

This procedure violates due process. There is no judicial oversight and only the flimsiest showing of cause. Furthermore, Internet service providers risk large penalties if they even question the validity of a subpoena.

Privacy is destroyed because it becomes so easy to reveal the identity of Internet users. The First Amendment is undermined because of the chilling effect if every e-mail and every post to a Web page can be quickly tracked back to a home address and phone number.

The early use of these subpoenas has shown startling mistakes by copyright holders. One recording industry subpoena this spring - based on a patently incorrect allegation - nearly closed down a college astronomy department's Web server in the middle of exam week. A major studio has sought a subpoena based on the careless assertion that a tiny
computer file was a copy of a Harry Potter movie. (It was a child's book report instead.)

An even greater risk is putting this subpoena power in the hands of anyone willing to pretend to have a copyright claim. These fraudulent requests will be impossible to distinguish from legitimate ones.

This flood of legally sanctioned harassment will quickly become the "new spam," with the kinds of abuses as limitless as the Internet itself:

* The most common use may be that of website operators who want to identify their visitors for marketing purposes or for more nefarious reasons, including identity theft, fraud, or stalking.
* Porn sites and gambling sites could track down visitors and demand payment not to reveal the user's identity, all under the pretext of enforcing the site's "copyright."
* Private investigators will gain an unstoppable way to turn an e-mail address into a person's name and physical address.

Fortunately, a better alternative is clear. Courts have already used "John Doe" procedures where one party tries to learn the name of an anonymous Internet user. In these cases, users can object (anonymously) to having their identity revealed. The judge looks at the facts. If the person is engaged in illegal piracy, then the judge reveals the name and
orders effective sanctions. If the copyright holder or scam artist does not have a winning case, then the user names remain private.

John Doe legislation of this sort is being considered now in California and should become a priority in Congress as well. The RIAA lawsuits against users are beginning now, long before the appeal of the Verizon proceeding will be decided.

Before the "new spam" proliferates, we should have fair procedures in place that will protect intellectual property while protecting privacy, free speech, and due process as well.

Peter P. Swire is Professor at the Moritz College of Law of the Ohio State University, and served as the Clinton Administration's Chief Counselor for Privacy.

------------

Prof. Peter P. Swire
Moritz College of Law of the Ohio State University
Consultant, Morrison & Foerster LLP
Formerly, Chief Counselor for Privacy in the U.S.
Office of Management and Budget
(240) 994-4142, www.peterswire.net

-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------


posted by Gary Williams at 9:17 PM | link |
 

The New York Times (registration required)

Everything Is Political

By PAUL KRUGMAN

The agency's analysts find that they are no longer helping to formulate policy; instead, their job is to rationalize decisions that have already been made. And more and more, they find that they are expected to play up evidence, however weak, that seems to support the administration's case, while suppressing evidence that doesn't.

Am I describing the C.I.A.? The E.P.A.? The National Institutes of Health? Actually, I'm talking about the Treasury Department, but the ambiguity is no coincidence. Across the board, the Bush administration has politicized policy analysis. Whether the subject is stem cells or global warming, budget deficits or weapons of mass destruction, government agencies are under intense pressure to say what the White House wants to hear. And the long-term consequences are likely to be dire.

Traditionally the Treasury, like the C.I.A., stands somewhat above the political fray. Externally, it is supposed to provide objective data that Congress and the public can use to evaluate administration proposals. Internally, long-serving Treasury analysts traditionally ride herd on political appointees, warning them when their proposals are ill conceived or irresponsible.

But under the Bush administration the Treasury takes its marching orders from White House political operatives. As The New Republic points out, when John Snow meets with Karl Rove, the meetings take place in Mr. Rove's office.

posted by Gary Williams at 11:42 AM | link |
 

The New York Times (registration required)

Nascar's Swinging Voters


If you've got to have a gimmick in politics, Senator Bob Graham may have found the next big thing. Mr. Graham, one of a slew of Democrats running for president this year, has spent as much as $500,000 to help underwrite a souped-up Jack Roush pickup truck that has been screaming around some of Nascar's racetracks. After the Bob Graham Ford won a race in Kansas City, his campaign got thousands of dollars in free publicity as TV cameras followed the machine for a full victory lap.

Politicians nowadays are setting their sights on "Nascar dads," as opposed to the oh-so-yesterday "soccer moms." Political consultants have no end of ways to slice and dice the always desirable uncommitted voter. Last time, she was a waitress. This year, he's rooting for Jeff Gordon.

While the emergence of the "Nascar dad" might suggest that women have given up their position as queens of the gender gap, in fact the enormous Nascar audience itself has grown more female in recent years, as well as more middle class and less rural. The fans have a reputation for being fiercely independent, and there is nothing presidential candidates yearn for more fiercely than genuinely independent American voters — ready to swing one way or the other at the drop of an argument, or perhaps a well-timed political pitch. Democrats are speculating that stock car aficionados are the very people whose jobs are in jeopardy in the sluggish Bush economy and whose families have been placed at risk by the administration's military pursuits overseas.

So far, Mr. Graham has been working the Nascar crowd harder than other politicians. Right now, he's doing better at the speedway than in the polls.

posted by Gary Williams at 11:36 AM | link |


Monday, August 04, 2003  

via textz.gnutenberg.net

Infobahn Blues

By Robert Adrian

In reality the Superhighway simply projects existing aspects of western social
and cultural behaviour onto the new electronic communications systems. Its
attraction as a metaphor is that it suggests that everything will be just like
now but much much better; more convenient, more comfortable - more home
entertainment, easier shopping, less commuting. The ubiquitous TV screens
scattered about the average middle-class home will become windows into
"Cyberspace" which has been paved over for convenient data-cruising. Office
workers can download their daily tasks at the breakfast table and upload their
day's work into the corporation mainframe at the end of 8 hours on the Infobahn
- then flip into infotainment mode and surf 400 channels of consumdata. The
network behind the flickering screen is there, like the labour-saving
peripherals and hi-tech household appliances, for the sole purpose of making
life more comfortable for post-industrial suburban mankind - and more profitable
for the corporations. No notice is taken of the fact that, even now, most of the
bandwidth of the new networks is being used by computers communicating with each
other, completely independent of human "users", programmers or controllers - and
the tendency is rising. The huge volume of data traffic between computers is
already clogging the telephone system and the growth of computer communications
- the Internet and other networks, on-line data banks, e-mail etc. - is clogging
it more every day. Already in 1992 it was estimated that 50% of all telephone
calls in the U.S.A. were made by computers exchanging data. A broadband high-
speed network for communication between computers has become a neccessity, and
the "Infobahn" is just a handy name for that network - a network of fiber-optic
cable carrying large volumes of digital data at high speed between computers,
using a standard protocol.

But Mr. Gore's linear Superhighway metaphor gets into trouble here too. A two-
dimensional data flow-plan can look like a road map and road-like routes and
junctions can be interpreted even in three-dimensional renderings of data
hierarchies and search-paths, but it is clear that a "network" of connections,
comprised of enormous quantities of data interacting simultaneously and at the
speed of light, has little in common with a Superhighway - no matter how many
lanes and levels and interchanges it has. The data network predicted by the
introduction of broadband transmission systems is much better described by the
non-linear notion of "Cyberspace" - an image of a multi-dimensional matrix of
interwoven data, materialising and de-materialising almost randomly. It is hard
to imagine being a "user" in such an environment, but it might be possible to be
a participant or to be simply present.

The assumption imbedded in the Superhighway metaphor is that, in spite of the
way so many aspects of our society and culture have been revolutionized by these
new digital and communications technologies, nothing has really changed - and
that the program of machine development is entirely for the benefit and
convenience of the human "user". So not only does it fail to address the
cultural ramifications of the new technologies, the Superhighway uncritically
and opportunistically supports the master-servant relationship of man-machine.
By treating the monitor/TV screen as the datamobile windshield and putting the
human "user" in the driver's seat at the focal point of the network, the
branching pathways of that specific user's interaction with the data-flow can be
made to appear highway-like. But one is seldom alone online and each user has
his or her own data-highway which, taken together, combine and recombine at
every instant, creating an incalculable tangle of paths which cause data-space
to be reconstructed, nano-second by nano-second, in response to "user" activity
at the keyboard. If we locate the "user" in the center of the network and make
the network a creation and servant of the "user" it implies that, should no
"user" be active, the network is idling, doing maintenance-like things, waiting
for someone to press a key, like an arcade game waiting for a coin in the slot.
Which is, of course, absurd, because we also know that the computer networks
control, with or without human presence, electric supplies, water supplies,
transportations systems, inventories and accounting, telephone and
communications networks, and the whole infrastructure of world finance - stock
markets, insurance, and banking, not to mention government, corporate and
military surveillance and control programs.
[more]

posted by Gary Williams at 10:31 PM | link |
 

via cryptome.org

A Wonderful Source For ASCII Texts



I haven't read the intro pages, since cryptome just supplied the table of contents page:
http://textz.gnutenberg.net/index.php3?enhanced_version=http://textz.com/index.php3 and I got hung up reading Douglas Adams Dirk Gently's Holistic Detective Agency and I don't want to lose my place...

But it's certainly worth a look...

posted by Gary Williams at 2:26 PM | link |
 

via intrusions@incidents.org

Notes On Counter Scanning For Intrusion Detection



From: whitehats@sympatico.ca
Date: Monday, August 04, 2003 2:09:53 PM
To: intrusions@incidents.org
Subject: RE: LOGS: GIAC GCIA Version 3.3 Practical Detect: 1


Greetings Intrusions List Participants,

This email is for clarification on the topic of acceptability in probing or
actively scanning other hosts without permission for the purposes of fulfilling
the GCIA Practical Assignment requirements.

While scanning and/or probing other hosts actively may not be illegal in certain
countries it is certainly considered objectionable by most people and not
condoned by SANS/GIAC. This is mostly an etiquette issue right now, as laws do
not exist in most countries to prohibit this kind of activity.

Look at it this way. If someone started probing your addresses because they
suspected your addresses had probed theirs, we'd have an infinite loop develop
in certain situation. At least we'd be increasing traffic and what's to say
that the original stimuli really originated from the IP's in question. If
you're working on a compromise or high impact incident you'll first contact the
proper registered offender and seek their cooperation. Outside of this your
ethics could be called into question.

For the purposes of the GCIA Practical assignment if you submit work that
actively probes other hosts for vulnerabilities and you do not include specific
authorization obtained to do so from the other party your paper will not receive
a passing grade. This is hard to adjudicate so I'll set the ground rules.

Acceptable Recon:
If you banner grab a publicly advertised service this is considered acceptable.
For example a service known or highly probable to be running such as when logs
indicate the host is a web server running on port 80 and the DNS resolution
resolves to www.somedomain.com then doing a head of the index to get the server
version isn't considered a bad thing as long as it is pertinent to your analysis
and the server is advertising the service.

Unacceptable Recon:
If on the other hand you perform a scan for services outside of this scope
without permission you're stepping beyond the boundaries of acceptable behavior.
Depending upon the circumstances you may or may not be given the opportunity to
correct this portion of your paper and resubmit. An example would be an NMAP
scan of a host. This is not acceptable without consent from the other party.
Put yourself in the other organizations shoes too. If someone advertised a
vulnerability found in your organizations services without even contacting you
to try and coordinate a fix you'd be pretty mad about it whether the probe was
legal or not. Not only would you be doing the organization who likely was an
unwilling party in something a disservice but you'd be doing the first part of a
real attackers dirty work for them and leaving your fingerprints in the process.

Please keep this in mind while conducting your analysis and respect the assets
of other organizations. If you suspect something is drastically wrong at
another org, contact them and coordinate with them to try and get to the bottom
of the problem. 95% of the time you'll find someone receptive to your request
and you'll get some valuable insight and proactively work towards a solution.

If you have further questions please send them to certify@giac.org.

Regards,
Jamie French
GCIA Lead Grader
SANS Institute

<snip -- log file detect analysis removed>

posted by Gary Williams at 2:20 PM | link |
 

via cryptome.org

Department Of Agriculture Cancels Bioagents And Toxins Meetings

In a document published in the Federal
Register on July 24, 2003 (68 FR 43660-43661, Docket No. 03-070-1), we
gave notice that we would be holding a series of public meetings in
August 2003 to provide a forum for discussion of the criteria used to
determine whether an agent has the potential to pose a severe threat to
plant health or products. We are canceling the meetings that had been
scheduled to be held on August 12, 2003 in Charlotte, NC; on August 19,
2003, in Riverdale, MD; and on August 21, 2003, in Sacramento, CA. We
will explore alternative methods to consult with appropriate Federal
departments and agencies and with scientific experts representing
appropriate professional groups. We regret any inconvenience caused by
this cancellation.

posted by Gary Williams at 12:01 PM | link |
 

via IN THE PIPELINE: drug discovery

Per Fits and Starts, Ad Astra


By Derek Lowe

Last summer I was working on an interesting chemistry idea. I posted about it on and off, in what was likely an irritating fashion - irritating because I could never quite go into just what the idea was. There were two reasons behind that: for one, my employer gets the rights to chemistry ideas that I work on in my employer's labs, and quite right. (The contracts that you sign when you join any research-based industrial organization are very, very clear on that point.) The second consideration is scientific priority, and scientific pride.

Now, what I'm doing isn't going to win me a Nobel prize, but it is a very nice idea, and one of the better ones I've ever had. So it would be more pleasing to me if I could get it to work with my own hands before letting everyone else take a crack at it. One problem is that I tend to work on things like this in jerky bursts of activity, and those don't come nearly as often as they should. Someone with more discipline would have made more progress, no doubt. A scientist who combined periods of free-association idea generation with stretches of well-structured lab work to follow them up would be the person to have around. I haven't met too many of those people, but they certainly exist. I'm not one of them.

I comfort myself by thinking that the folks with the most disciplined work schedules tend not to have ideas as off-the-rails as this one. It's a common complaint in the drug industry that the work is so ceaseless as to leave people with no time to think. And as I've written before, if you don't have some staring-out-the-window time, you don't have that many ideas. I know that when I've run a project myself, I don't as many good ones. There's no mental overhead left for them; I'm too busy making sure that everything's going the way it should. It's exciting, being at the head of a drug project, but it does wear you out.

Even when you're not running a project, there's always enough work to keep you busy. Keeping busy isn't the problem. The problem is remembering that "busy" doesn't always mean "productive," although they can be mistaken for each other in dim light.

I bring all this up because, as I mentioned a few weeks ago, I'm taking another crack at this stuff. I've been messing around with the idea(s) on and off over the intervening months, but a very good opportunity now presents itself. It's the same core concept that I've worked on before, but (for once) it matches up very well with the project that my lab is officially working on. If I can continue to keep on the tasks at hand, this coming week will see most of the groundwork laid, and the week after that should see the first runs of the real thing.

Here's hoping that I ignore all distractions, and have the nerve to put my favorite ideas on trial. That's the real problem with working on ideas of your own, ideas that you think have the potential to be really good. They don't all work. Most of them don't work. It can be more psychologically comforting to keep them in the "untried but promising" category, rather than find out if they're real.

posted by Gary Williams at 3:14 AM | link |
 

via Belona Times

What's The Cosmopolitan Audience Difference Between Apology And 'Making Excuses'

Our favorite eudaemonist cut to the democratic quick:

I'm not especially cosmopolitan, but I would suggest the last half of "Oedipus at Colonus" (particularly the rhetoric of Polyneices and Cleon) is a good example of "the inability to distinguish either 'apologizing' or 'taking responsibility' from 'making excuses'." How that fits in with Athens' own shirking of responsibilities after the Persian war (or the strange popularity of Alcibiades) is anyone's guess - but Sophocles' tragedy hints that it is (however unfortunately) human to confuse a rhetorical gesture with the action it supplants.


To reword, since the action being supplanted is also a rhetorical gesture, it's human to confuse all rhetorical tokens which share a social context. The Californian driver understands that a signal is needed before turning left, and so a signal is given -- but whether it's a right-turn signal or a left-turn signal matters little: "signalling" was appropriate to the occasion and "signalling" was expressed. Similarly, I've said "Thank you" when giving change to a beggar.

But it may be that citizens of imperialist democracies, with our individualism, selfishness, litigiousness, smugness, backbiting, and naked fear, our divine rights and capital punishments, feel particularly compelled to thrash narratives of reponsibility into absolutely opaque muck.

posted by Gary Williams at 12:08 AM | link |

Support Bloggers' Rights!
Support Bloggers' Rights!

 

Free JavaScripts provided by
The JavaScript Source


Free Guestmap from Bravenet.com Free Guestmap from Bravenet.com
 


The WeatherPixie
Google

Search WWW TFS Reluctant

Googlism


Who What Where When
counter
homepage, email
and store
Blogs
Defunct Blogs
Toons
News, science
and stuff
Politics, government
and stuff
Cory
Doctorow's
Writing
Web and
Webhack stuff
archives