| |
 |
Wednesday, November 13, 2002 |
TRADEMARKS: An electoral candidate's use of a famous
trademark in a campaign commercial as part of his political message, even though intentionally imitating the mark, is core political speech that is likely protected by the First Amendment and within the noncommercial use exception of the Federal Trademark Dilution Act, the Northern District of Ohio holds. "American Family Life Insurance Co. v. Hagan". . . . Page 35
http://ippubs.bna.com/ip/BNA/ptc.nsf/is/A0A6C7B3Z8
COPYRIGHTS: A infringer's indirect profits from
infringement may be recoverable under Section 504(b) of the Copyright Act even if no infringing items are sold, the District of Nevada holds. "Associated Residential Design LLC v. Molotky". . . . Page 36
http://ippubs.bna.com/ip/BNA/ptc.nsf/is/a0a6c5r0a1
11:05:25 PM 
|
|
BUSH SIGNS JUSTICE BILL WITH INTELLECTUAL PROPERTY REFORMS
President Bush signs a Justice Department authorization
bill (H.R. 2215; Pub. L. No. 107-273) that contains several intellectual property reforms. The legislation expands the Patent Act's reexamination procedures, amends the Copyright Act to facilitate distant learning on the Internet, and implements U.S. accession to the recently ratified Madrid Protocol trademark treaty. . . . Page 28
http://ippubs.bna.com/ip/BNA/ptc.nsf/is/a0a6c5v8c1
11:04:16 PM
|
|
If you're a lawyer, don't say an Indiana court makes its decisions in "results-oriented" way. The Hoosier Supreme Court doesn't like it.
Thanks to NYLJ
"Footnote Gets an Indiana Lawyer Suspended
The National Law Journal
A sharply worded footnote in a legal brief has cost an Indiana
attorney a one-month suspension from the practice of law. In a 3-2
decision, the Indiana Supreme Court said that Michael A. Wilkins
impugned the integrity of the Indiana Court of Appeals by
suggesting that one of its opinions was results-driven. The case
raises questions about the free speech rights of attorneys."
http://tm0.com/LAW/sbct.cgi?s=498088435&i=670267&m=1&d=3408028
11:01:29 PM
|
|
Stock Exchange Suit Over California's Arbitrator Ethics Rules
Dismissed
The Recorder
Thanks to NYLJ
A federal judge in San Francisco on Tuesday threw out a suit by the
securities industry against the California Judicial Council over
the state's new ethical rules for arbitrators. Citing states' 11th
Amendment immunity, the decision extracts the federal courts from a
legal morass pitting the New York Stock Exchange and the National
Association of Securities Dealers arbitration arm against the elite
of the California judiciary.
http://tm0.com/LAW/sbct.cgi?s=498088435&i=670267&m=1&d=3408027
11:00:57 PM
|
|
****** NATIONAL NEWS ******
GOP Targets Judicial Jam-Up
The National Law Journal
The change in control of the U.S. Senate promises to pop the cork
on judicial nominations bottled up during the last 15 months,
according to Senate staff members and experts in the judicial
nominating process. President Bush could now push through strict
timetables for judicial appointments and give two 5th U.S. Circuit
Court of Appeals nominees who were denied floor votes, including
Priscilla Owen, a new shot at the bench.
http://tm0.com/LAW/sbct.cgi?s=498088435&i=670267&m=1&d=3408026
11:00:20 PM
|
|
Thanks to Joho October 25
There's a thoughtful article by Renee Tawa about
blogging and Journalism in the LA Times. Best of
all: Not a word about "teenagers writing about what
they had for breakfast."
http://tinyurl.com/283e
----
10:45:56 PM
|
|
Thnks to JOHO October 25, 2002
----
Dan Gillmor has followed up his excellent column [1]
about ten decisions that made the Internet the good
thing that it is with a column on the three
decisions [2] that are still to be made:
Freedom to create innovate
Customer choice and competition policy
Security and liberty
Dan's assessment of the decisions we're in the
process of making in each of these areas is pretty
glum. Maybe the Happy News section of this issue of
JOHO will bring a smile to his pretty cheeks.
[1] http://tinyurl.com/283b
[2] http://www.siliconvalley.com/mld/siliconvalley/4079611.htm
10:43:01 PM
|
|
Thanks to JOH October 25, 2002
-------------------------------------------
WHY GOOGLE TOTALLY SUCKS! REALLY!
Gary Turner advises me that I'm no longer the 6th
hit on Google if you search for "david." I've been
pushed down to #25 by the new #1 (David Bowie) as
well as by David Lynch, David Gray, David Brin,
David Grisman, Harry and David, and other famous
and deserving David's.
I am crushed. Our neighbor's seven year old is
currently fanning me with a peacock feather and
intermittently holds a restorative mint julep to my
wan lips. In months, perhaps weeks, I shall have
the courage to venture out again.
----
Peter Kaminski writes to a mailing list:
Today's PR trivia: Google for "al qaeda", and
along with the results you get one of two ads:
"Saudi Arabia offers you an opportunity to
understand our fight against terrorism.
www.aboutsaudiarabia.net"
"Saudi Arabia revoked Osama bin Laden's
citizenship in 1994 and invites you to learn more.
www.aboutsaudiarabia.net"
And why is it that if you google "oil", "war on
terror," or "saddam," there are no ads, but
Homeland Security has eight?
10:39:10 PM
|
|
Thanks to JOHO
Steve Himmer has an hilarious exposition on the
meta-absurd copyright infringement case involving
two silent recordings. It's just too wonderful for
words. Of course, if I were to remain silent about
it, I could expect an angry letter from the estate
of John Cage.
http://www.onepotmeal.com/blog/archives/000887.html#000887
10:38:04 PM
|
|
Thanks to JOHO
Peter Kaminski points us to a brilliant speech
given by Thomas Macauley in 1841 to Parliament as
the question of copyright was being addressed. It's
10,000 words long, but it is witty, thorough, deep
and pithy. Man, that Macauley guy could really
write good!
http://www.baen.com/library/palaver4.htm
10:37:34 PM
|
|
Thanks to JOHO
-------------------------------------------
HOPE ON THE COPYRIGHT FRONT
Lawrence "My Hero" Lessig has argued the Eldred case
before the Supreme Court, trying to get the Sonny
Bono Copyright Extension law rescinded. It was
fascinating to me that while many knowledgeable
commentators thought Lessig did a fine job but lost,
Lessig -- The World's Most Pessimistic Person(tm)
-- thinks he may have won. The commentators
focused on the Justices' probing questions. Lessig,
in his weblog, focuses on what they didn't ask about
because that reveals (we hope) what they accepted.
http://cyberlaw.stanford.edu/lessig/blog/archives/2002_10.shtml#000531
----
The LA Times has run an article, by David
Streitfeld, about Lessig and his crusade for
reasonable copyright laws.[1] Great reading. And, as
Doc Searls has pointed out [2], this is published right
in the heart of the Copyright Cops, the Rustlers on
the Commons, the Vandals of Fair Use, i.e.,
Hollywood.
Among the good points: Lessig uses Walt Disney as
his poster boy since Disney himself took advantage
of stories that had passed into the public domain as
the basis for his early cartoon successes. And,
Lessig tells about Sony's lawyers informing an owner
of an Aibo robotic dog that he is not permitted to
reprogram it to dance to jazz.
[1]
http://www.latimes.com/business/custom/cotown/la-tm-copyright38sep220014
50.story
[2] http://doc.weblogs.com/
10:36:31 PM
|
|
***** JOHO Interval ******
**************************
October 21, 2002
**************************
Editor: David Weinberger (self@evident.com)
Web Version (Color! Fonts! Links!):
http://www.hyperorg.com/current/current.html
*********************************
To view this issue correctly, please use a
monospaced font such as Courier.
*********************************
[NOTE: This is a special issue. A routinely overdue,
overstuffed regular issue is in the works. Soon.]
SPECIAL ISSUE
NETHEADS TO FCC: FAIL FAST!
A bunch of netty women and men have sent a letter to FCC Chair Michael
"Son of" Powell. The basic message is: When the telecommunications
industry goes bankrupt, don't try to resuscitate the corpse. Let it go.
Its infrastructure and the business model based on it are obsolete. It
can't be fixed. Instead, let the market bring forth a new era of
innovation and connectivity, let a hundred flowers bloom, let the moon
enter the house of Aquarius, etc. The alternative is that we sink
billions into companies that are doing everything they can to prevent
telecommunications - the whole schmear of telephones, cable, broadband
and the stuff we haven't invented yet - from doing what it wants to do:
go digital, go IP, go everywhere.
The letter is posted at http://www.netparadox.com. The issue is
important because the existing industry is going to use every weapon it
can find, including the blunt instrument of "It's the only way we can
defeat the terrorists" in order to maintain its grip. So, wanna help
spread the word?
Here's the letter:
-----------
The Hon. Michael Powell
Chairman
Federal Communications Commission
Dear Mr. Chairman:
We thank you for your leadership in FCC efforts to
understand the causes of the current telecom
debacle, and especially for convening the FCC's
October 7, 2002, Telecom Recovery En Banc hearing.
We were dismayed that several of the En Banc
speakers confused causes with effects. We believe
that balance sheet weakness, long-haul overcapacity,
and even the recent speculative bubble, are effects,
not causes. If we attempt to treat the symptoms, we
risk missing the causes and prolonging the agony.
We hold that the primary cause of current telecom
troubles is that Internet-based end-to-end data
networking has subsumed (and will subsume) the value
that was formerly embodied in other communications
networks. This, in turn, is causing the immediate
obsolescence of the vertically integrated, circuit-
based telephony industry of 127 years vintage. CLEC,
IXC and ILEC bonds used to purchase now-obsolete
infrastructure assets have become (or inexorably are
becoming) bad debt. Weak last-mile competition
prevents the most powerful technological advances
from reaching all but a few customers; this is the
largest cause of long-haul over-capacity.
One En Banc participant, NYU Professor Larry White,
had views that seem consistent with ours. He
recommends that we let firms that are failing fail
as quickly as possible. We believe that it would be
harmful if government actions prevent, delay or
interrupt this evolution. It must proceed if the
United States is to continue to be a leading
contributor to communications progress, and if its
citizens are to benefit from the technologies that
are now available and the applications that they
enable.
The telecom debacle is not a cyclical phenomenon.
The telephone network's technological base, and the
business model under which this old technology
thrived, are obsolete. Recovery is not an option. We
can only move forward; how far and how fast will be
determined by our continued freedom to innovate. Let
the United States learn by not duplicating the
Japanese banking experience in the telecom arena.
We need to see the current situation not as a
disaster, but as a natural event; part of a
revolution in productivity and human benefit as big
as the agricultural and industrial revolutions.
Given these views, we urge the FCC to:
Resist at all costs the telephone industry's
calls for bailouts. The policy should be one of
"fast failure."
Acknowledge that non-Internet communications
equipment, while not yet extinct, is economically
obsolete and forbear from actions that would
artificially prolong its use.
Discourage attempts by incumbent telephone
companies to thwart municipal, publicly-owned and
other communications initiatives that don't fit
the telephone company business model.
Accelerate FCC exploration of innovative spectrum
use and aggressively expand unlicensed spectrum
allocation.
Mr. Chairman, we note with gratitude your impatience
with antique regulatory structures, and your
attempts to embrace new technology. Also, we
acknowledge the burden inherent in the FCC's duty to
ensure the continuity of communications, especially
basic dial-tone continuity, in the face of such
changes; we are prepared to lend assistance as the
FCC grapples with this issue. Notwithstanding, we
urge you to continue against the inevitable
onslaught of those seeking to preserve an impossible
status quo.
Sincerely,
Izumi Aizu, Asia Network Research
Jay Batson, CEO, Pingtel
Robert J. Berger, President, Internet Bandwidth
Development, LLC
Dan Berninger, pulver.com
Scott Berry, telecommunications consultant, Darien
CT
Michael Bialek, President, InfoComm Inc.
Scott Bradner, Harvard University
Richard Campbell, Worcester Polytechnic Institute
Douglass Carmichael, individual, dougcarmichael.com
Judi Clark, individual, ManyMedia.com
Anders Comstedt, Managing Director, Stokab
Gordon Cook, publisher, The Cook Report on Internet
Timothy Denton, Internet attorney, tmdenton.com
Greg Elin, independent software developer
Tom Evslin, CEO & Chairman, ITXC
David J. Farber, Moore Professor, University of
Pennsylvania
Bob Frankston, individual, frankston.com
Dewayne Hendricks, CEO, Dandin Group
Roxane Googin, editor, High Technology Observer
Charles W. K. Gritton, President, Broadsword
Technologies, Inc.
David S. Isenberg, Principal Prosultant(sm),
isen.com, LLC
Johna Till Johnson, President, Nemertes Research
Peter Kaminski, individual, peterkaminski.com
Shumpei Kumon, Executive Director, GLOCOM
Bruce Kushnick, Executive Director, New Networks
Institute
Andrew Maffei, individual, Falmouth MA
Jerry Michalski, sociate.com
David Newman, President, Network Test Inc.
Matthew Oristano, former CEO, SpeedChoice, People's
Choice TV
Mark Petrovic, individual, Pasadena CA
Jeff Pulver, founder, pulver.com
Frank R. Robles, CEO, Neopolitan Networks, Inc.
Charles Rybeck, Managing Director, Benchmarking
Partners
Paul Saffo, individual, pls@well.com
Doc Searls, Senior Editor, Linux Journal
Clay Shirky, telecommunications consultant,
shirky.com
Porter Stansberry, publisher, Agora Inc.
Ted Stout, CEO and founder, The ROI Institute
Brough Turner, CTO and co-founder, NMS
Communications
David Weinberger, JOHO editor and Cluetrain co-
author
Kevin Werbach, technology analyst, Supernova Group
LLC
Additional Signers
David P. Reed
Sky Dayton, founder, EarthLink, founder & CEO,
Boingo Wireless
Steve Stroh, Editor, Focus On Broadband Wireless
Internet Access
---------
Take that!
10:33:24 PM
|
|
Thanks to WriteNews
WEBSITES MENTIONED IN THE WRITE NEWS(TM)
THIS WEEK ( http://www.writenews.com )
--------------------------------------------------------------------
Publishing Industry Soundbytes, short industry news highlights
http://www.writenews.com/2002/092702_soundbytes.htm
Google News, searchable news service
http://news.google.com
Moreover, provider of news headlines
http://www.moreover.com
DayPop.com, searchable news and weblog database
http://www.daypop.com
Rocketinfo, searchable news database
http://www.rocketnews.com
NewsIndex.com, searchable news database
http://www.newsindex.com
Northern Light, searchable news database
http://www.northernlight.com
VU Games, game publisher
http://www.vugames.com
Marvel Enterprises, Inc., library of superheroes
http://www.marvel.com
TechWeb, information technology news network
http://www.techweb.com
NewsFactor Network, business and technology news
http://www.newsfactor.com
CRMDaily.com, news for buyers of CRM systems
http://www.crmdaily.com
The IWJ, online magazine for readers and writers
http://www.writerswrite.com/journal/
TheKnot.com, a wedding media and services company
http://www.theknot.com
Kensington Publishing, fiction and nonfiction publisher
http://www.kensingtonbooks.com
iUniverse, provider of self-publishing services
http://www.iuniverse.com
Elizabeth George Online, mystery author website
http://www.elizabethgeorgeonline.com
10:30:08 PM
|
|
Thanks to Writenews
- Blogs and Libel
Weblogs are popular and can certainly increase traffic to an
online newspaper or magazine -- but could they also bring
lawsuits? The New York Times reports that weblogs are already
creating friction between journalists and the media outlets they
work for.
Source: New York Times:
http://www.nytimes.com/2002/09/23/technology/23BLOG.html
10:28:54 PM
|
|
Thanks to WriteNews
HIGHLIGHTS FROM PUBLISHING INDUSTRY SOUNDBYTES
--------------------------------------------------------------------
- Noisebox.org ( http://www.noisebox.org ) has launched with the
purpose of amplifying the voice of the non-profit community.
Noisebox.org is a news wire to which non-profit groups can post
news releases at no cost, and through which journalists and the
public can stay informed of the tireless efforts of those serving
communities worldwide. For the media professional, the news at
Noisebox.org is searchable by location, date, and market sector.
- MetaCrawler ( http://www.metacrawler.com ) has relaunched with
an updated design. Benefits of the new design include meta-search
engine homepage and web search results pages that are cleaner
and easier-to-use. The new MetaCrawler returns results from leading
search companies and properties, including Google, FAST, Overture,
About, Ask Jeeves, FindWhat, LookSmart, Inktomi and SearchHippo.
- IListenToBooks.com ( http://www.ilistentobooks.com ), sponsored
by Brilliance Audio Inc., have announced its new audiobook sharing
website. The site suggest audiobook readers, "have some fun and
share your love of audiobooks with a stranger by leaving your audio
book anywhere someone else could pick it up ... in a coffee shop,
in the lunchroom at work, on an airplane, or on your commuter train."
The website follows a similar theme started by BookCrossing.com
( http://www.bookcrossing.com ). Members register an audiobook at
IListenToBooks.com by entering a title or ISBN number, and get a
unique tracking label to printout.
- Eighty-one percent of Americans feel they should write a book,
according to a survey of 1,006 adult Americans commissioned
by Jenkins Group, Inc. ( http://www.bookpublishing.com ), a
Michigan publishing services firm, which sponsors the annual
Independent Publisher Book Awards and issues the monthly
online magazine Independent Publisher.
10:28:03 PM
|
|
Thanks to WriteNews
GOOGLE LAUNCHES NEWS SERVICE
--------------------------------------------------------------------
Google, a popular online search engine, has launched a news
service that selects headlines from over 4,000 sources based on
computer algorithms. At the bottom of Google's news pages the
following text appears: "This page was generated entirely by
computer algorithms without human editors." Google says it
employs no editors, managing editors, or executive editors to run
the news service.
The headlines and stories are selected using computer algorithms,
which are based on how and where the stories appear elsewhere on
the web. Google News does not contain complete articles -- just
short excerpts, headlines and some news photos. When a visitor
clicks on one of the news headlines provided by Google they are
taken directly to the article on the website which published the news
story. The homepage of Google News provides some of the day's
most popular news items. Google also groups together news articles
about similar topics, so readers can see what different media outlets
are saying about it. Visitors can also search for a specific topic, such
as "west nile virus" and bring up links to news articles about the west
nile virus from hundreds of local, international and national news
outlets. These articles can then be sorted by relevance or by date.
Other search portals also have news services including AOL, Yahoo
News, Excite News and Lycos News. Unlike Google these news
services are primarily based on outsourced content and often contain
full news articles, while Google just contains headline and short
excerpts. Other news search services such as Moreover, outsource
its news headline technology. Altavista, provides a news service
which includes news headlines from Moreover. Like Moreover,
outsourcing may be one way Google can use its news algorithms to
bring in revenues. Other news search providers include DayPop.com,
NewsIndex.com and Northern Light.
VIVENDI LICENSES MARVEL SUPERHEROES
FOR ONLINE GAMES
--------------------------------------------------------------------
Vivendi Universal Publishing (VU Publishing) and Marvel Enterprises,
Inc. have announced a 10-year worldwide licensing agreement
which grants VU Publishing's Games division (VU Games) the right
to develop and publish online massively multi-player (OLMMP)
games based on Marvel's superheroes. The first OLMMP title under
the new agreement is targeted for release in 2005. The announcement
was made jointly by VU Games Chairman and CEO Ken Cron and
Marvel COO Bill Jemas.
The deal provides VU Games with access to the entire Marvel library
of over 4,700 characters. Additionally, VU Games has obtained the
rights to release titles in multiple languages across all existing and
future platforms enabling OLMMP game play, including PCs and
console-based systems.
"We believe there are only a few franchises existing today that are
compelling enough to be a leader in the massively multi-player
games market and Marvel's universe of superheroes is clearly one
of them," said Ken Cron, Chairman and CEO of Vivendi Universal
Games.
OLMMP games, which allow thousands of players to interact online
simultaneously, represent a key area of growth for the multi-billion
dollar video game industry. Marvel and VU Games will share in
revenues generated by subscription fees, product sales and in-game
advertising.
"Marvel wanted to make an aggressive move to establish a strong
presence in the burgeoning online gaming arena, and this relationship
with VU Games puts us right on the ground floor," Marvel COO Bill
Jemas said. "Marvel is perfectly suited to massively multi-player
gaming as we are a `universe' unto ourselves. Our fans like to live
and breathe their favorite characters and this gives them the
opportunity to do that 24 hours a day if they like. Our superheroes
have been extremely successful in the video game world as
evidenced by the best-selling status of our Spider-Man, X-Men and
Blade franchises. By every measure, this is by far the largest and
best electronic game deal in the history of Marvel."
This online project marks the latest partnership between Marvel and
VU Games, which is also developing next generation video games
inspired by The Hulk feature film. A leading publisher of PC, console
and online-based interactive content, VU's portfolio of development
studios includes Black Label Games, Blizzard Entertainment, NDA
Productions, Sierra Entertainment and Universal Interactive.
10:26:57 PM
|
|
CRYPTO-GRAM
October 15, 2002
by Bruce Schneier
Founder and CTO
Counterpane Internet Security, Inc.
schneier@counterpane.com
< TITLE="http://www.counterpane.com>" TARGET="_blank">http://www.counterpane.com>
A free monthly newsletter providing summaries, analyses, insights, and
commentaries on computer security and cryptography.
Back issues are available at
< TITLE="http://www.counterpane.com/crypto-gram.html>" TARGET="_blank">http://www.counterpane.com/crypto-gram.html>. To subscribe, visit
< TITLE="http://www.counterpane.com/crypto-gram.html>" TARGET="_blank">http://www.counterpane.com/crypto-gram.html> or send a blank message
to crypto-gram-subscribe@chaparraltree.com.
Copyright (c) 2002 by Counterpane Internet Security, Inc.
** *** ***** ******* *********** *************
In this issue:
National Strategy to Secure Cyberspace
More on AES Cryptanalysis
Crypto-Gram Reprints
The Doghouse: GreatEncryption
News
Counterpane News
One-Time Pads
Comments from Readers
** *** ***** ******* *********** *************
National Strategy to Secure Cyberspace
On 18 September, the White House officially released its National
Strategy to Secure Cyberspace. Well, it didn't really release it on
that date; versions had been leaking here and there for a while. And
it really isn't a national strategy; it's just a draft for
comment. But still, it's something.
No, it isn't. The week it was released I got all sorts of calls from
reporters asking me what I thought of the report, whether the
recommendations made sense, and why certain things were omitted. My
primary reaction was: "Who cares? It doesn't matter what the report says."
For some reason, Richard Clarke continues to believe that he can
increase cybersecurity in this country by asking nicely. This
government has tried this sort of thing again and again, and it never
works. This National Strategy document isn't law, and it doesn't
contain any mandates to government agencies. It has lots of
recommendations. It has all sorts of processes. It has yet another
list of suggested best practices. It's simply another document in my
increasingly tall pile of recommendations to make everything
better. (The Clinton Administration had theirs, the "National Plan for
Information Systems Protection." And both the GAO and the OMB have
published cyber-strategy documents.) But plans, no matter how detailed
and how accurate they are, don't secure anything; action does.
And consensus doesn't secure anything. Preliminary drafts of the plan
included strong words about wireless insecurity, which were removed
because the wireless industry didn't want to look bad for not doing
anything about it. Preliminary drafts included a suggestion that ISPs
provide all their users with personal firewalls; that was taken out
because ISPs didn't want to look bad for not already doing something
like that.
And so on. This is what you get with a PR document. You get lots of
varying input from all sorts of special interests, and you end up with
a document that offends no one because it demands nothing.
The worst part of it is that some of the people involved in writing the
document were high-powered, sincere security practitioners. It must
have been a hard wake-up call for them to learn how things work in
Washington. You can tell that a lot of thought and effort went into
this document, and the fact that it was gutted at the behest of special
interests is shameful...but typical.
So now everyone gets to feel good about doing his or her part for
security, and nothing changes.
Security is a commons. Like air and water and radio spectrum, any
individual's use of it affects us all. The way to prevent people from
abusing a commons is to regulate it. Companies didn't stop dumping
toxic wastes into rivers because the government asked them
nicely. Companies stopped because the government made it illegal to do so.
In his essay on the topic, Marcus Ranum pointed out that consensus
doesn't work in security design. Consensus security results in some
good decisions, but mostly bad ones. By itself consensus isn't
harmful; it is the compromises that are almost always harmful, because
the more parties you have in the discussion, the more interests there
are that conflict with security. Consensus doesn't work because the
one crucial party in these negotiations -- the attackers -- aren't
sitting around the negotiating table with everyone else. "And the
hackers don't negotiate anyhow. In other words, it doesn't matter if
you achieve consensus...; whether it works or not is subject to a
different set of rules, ones over which your wishes exercise zero control."
If the U.S. government wants something done, they should pass a
law. That's what governments do. It's like pollution; don't mandate
specific technologies, legislate results. Make companies liable for
insecurities, and you'll be surprised how quickly things get more
secure. Leave the feel-good PR activities to the various industry
trade organizations; that's what they're supposed to do.
The draft report:
< TITLE="http://www.whitehouse.gov/pcipb/>" TARGET="_blank">http://www.whitehouse.gov/pcipb/>
News articles:
< TITLE="http://www.bangkokpost.com/021002_Database/02Oct2002_dbcol10.html>" TARGET="_blank">http://www.bangkokpost.com/021002_Database/02Oct2002_dbcol10.html>
< TITLE="http://www.news.com.com/2102-1023-958545.html>" TARGET="_blank">http://www.news.com.com/2102-1023-958545.html>
Marcus Ranum's essay:
< TITLE="http://www.tisc2002.com/newsletters/414.html>" TARGET="_blank">http://www.tisc2002.com/newsletters/414.html>
Other essays:
< TITLE="http://www.infowarrior.org/articles/2002-11.html>" TARGET="_blank">http://www.infowarrior.org/articles/2002-11.html>
< TITLE="http://online.securityfocus.com/columnists/110>" TARGET="_blank">http://online.securityfocus.com/columnists/110>
< TITLE="http://online.securityfocus.com/news/677>" TARGET="_blank">http://online.securityfocus.com/news/677>
< TITLE="http://www.zdnet.com/anchordesk/stories/story/0,10738,2882094,00.html>" TARGET="_blank">http://www.zdnet.com/anchordesk/stories/story/0,10738,2882094,00.html>
< TITLE="http://www.avolio.com/columns/21-SecuringCyberspace.HTML>" TARGET="_blank">http://www.avolio.com/columns/21-SecuringCyberspace.HTML>
** *** ***** ******* *********** *************
More on AES Cryptanalysis
I can say with certainty that no one knows for certain if XLS can break
Rijndael or Serpent or anything else. Actually, I can say something
stronger: no one has produced an actual demonstration of XLS breaking
even a simplified version of Rijndael or Serpent or anything
else. This makes a lot of people skeptical.
Demonstrations are important. When differential cryptanalysis finally
broke the full 16-round DES, the authors did not demonstrate the
attack. Even though the attack was faster than brute force, it was
still too complicated to demonstrate practically. But the authors did
demonstrate the attack against reduced-round variants of DES, and
against other algorithms. The community believed that the attack
worked because the techniques had been demonstrated multiple times and
the theory behind the techniques were well understood.
The XLS techniques have not been demonstrated yet. A number of
respectable cryptographers, whose opinions I value highly, don't think
the techniques work. Don Coppersmith has published a note on the
topic. And T. Moh has a Web page about this. (To be fair, T. Moh and
Nicolas Courtois have an ongoing diagreement about another
crypto-related topic. But while that certainly affects the
motivations, it doesn't necessarily invalidate the math.)
I know that several groups are working on the techniques, and if they
work one of those groups should be able to demonstrate something, on
something, soon. I'll provide additional information when I learn of it.
Coppersmith's comment:
Sorry about the ridiculous link. The substance of the note is in the
"Letters from Readers" column below, or here's a referral link.
< TITLE="http://makeashorterlink.com/?K27C515E1>" TARGET="_blank">http://makeashorterlink.com/?K27C515E1>
Moh's site:
< TITLE="http://www.usdsi.com/aes.html>" TARGET="_blank">http://www.usdsi.com/aes.html>
My essay on XLS from last month:
< TITLE="http://www.counterpane.com/crypto-gram-0209.html#1>" TARGET="_blank">http://www.counterpane.com/crypto-gram-0209.html#1>
** *** ***** ******* *********** *************
Crypto-Gram Reprints
Crypto-Gram is currently in its fifth year of publication. Back issues
cover a variety of security-related topics, and can all be found on
< TITLE="http://www.counterpane.com/crypto-gram.html>" TARGET="_blank">http://www.counterpane.com/crypto-gram.html>. These are a selection
of articles that appeared in this calendar month in other years.
Cyberterrorism:
< TITLE="http://www.counterpane.com/crypto-gram-0110.html#1>" TARGET="_blank">http://www.counterpane.com/crypto-gram-0110.html#1>
Dangers of Port 80
< TITLE="http://www.counterpane.com/crypto-gram-0110.html#9>" TARGET="_blank">http://www.counterpane.com/crypto-gram-0110.html#9>
Semantic Attacks:
< TITLE="http://www.counterpane.com/crypto-gram-0010.html#1>" TARGET="_blank">http://www.counterpane.com/crypto-gram-0010.html#1>
NSA on Security:
< TITLE="http://www.counterpane.com/crypto-gram-0010.html#7>" TARGET="_blank">http://www.counterpane.com/crypto-gram-0010.html#7>
So, You Want to be a Cryptographer:
Key Length and Security:
< TITLE="http://www.counterpane.com/crypto-gram-9910.html#KeyLengthandSecurity>" TARGET="_blank">http://www.counterpane.com/crypto-gram-9910.html#KeyLengthandSecurity>
Steganography: Truths and Fictions:
< TITLE="http://www.counterpane.com/crypto-gram-9810.html#steganography>" TARGET="_blank">http://www.counterpane.com/crypto-gram-9810.html#steganography>
Memo to the Amateur Cipher Designer:
< TITLE="http://www.counterpane.com/crypto-gram-9810.html#cipherdesign>" TARGET="_blank">http://www.counterpane.com/crypto-gram-9810.html#cipherdesign>
** *** ***** ******* *********** *************
The Doghouse: GreatEncryption
It's got all the snake-oil warning signs: a novel encryption algorithm
that isn't discussed, an obvious ignorance of cryptography, a patent in
progress, and a bogus contest. Sample sentences from the Web site:
"Keys 2,000-4,000 characters long are recommended for key strength that
is far greater than that of other software programs now sold." And:
"Software with a key strength of 109^4000 + 109^3999 + ... 109^1." Egads.
The funniest bit is when they claim that their encryption is fast,
"encrypting about 5,000 plaintext characters/second on an average
PC." Assume the average PC is 500 MHz; that translates to about
100,000 clock cycles per byte (ASCII character) encrypted. AES
encrypts at 20 clock cycles per byte; there are stream ciphers that are
over twice as fast. That means AES is 5,000 times faster than
GreatEncryption.
The Web site says: "Permission to export Great Encryption to the rest
of the world, except for terrorist states, is being sought." If we're
lucky, they'll get permission to export it ONLY to terrorist states.
< TITLE="http://www.greatencryption.com/>" TARGET="_blank">http://www.greatencryption.com/>
** *** ***** ******* *********** *************
News
Good article on the myth of cyberterrorism:
< TITLE="http://online.securityfocus.com/columnists/111>" TARGET="_blank">http://online.securityfocus.com/columnists/111>
And more silly hype:
< TITLE="http://www.theregus.com/content/6/26414.html>" TARGET="_blank">http://www.theregus.com/content/6/26414.html>
64-bit key brute-forced:
< TITLE="http://slashdot.org/article.pl?sid=02/09/26/1449257&mode=thread&tid=93>" TARGET="_blank">http://slashdot.org/article.pl?sid=02/09/26/1449257&mode=thread&tid=93>
Interesting Q&A with Whitfield Diffie, conducted by Richard Thieme:
< TITLE="http://www.cisomagazine.com/2002/aug/qa.shtml>" TARGET="_blank">http://www.cisomagazine.com/2002/aug/qa.shtml>
Security vs. Open Society:
< TITLE="http://www.osopinion.com/perl/story/19416.html>" TARGET="_blank">http://www.osopinion.com/perl/story/19416.html>
Can Software be Certified?
< TITLE="http://www.businessweek.com/technology/content/oct2002/tc2002101_6896.htm>" TARGET="_blank">http://www.businessweek.com/technology/content/oct2002/tc2002101_6896.htm>
This is about as pathetic as you can get. The Federal Trade Commission
has decided that computer security needs a mascot, kind of like Smokey
the Bear. So we now have Dewey the Turtle, who's here to promote
secure computing for everyone. "When you see the ping of death, duck
and cover."
A Russian hacker was sentenced to three years in prison here in the
United States for breaking computer crime laws here. It's an
interesting story. He was in Russia at the time, and broke no laws in
his country. However, the U.S. prosecution broke Russian laws to
collect evidence against him. The judge agreed with the FBI's
assertion that Russian law didn't apply to them. Isn't international
jurisprudence fun?
< TITLE="http://in.tech.yahoo.com/021005/137/1w2bq.html>" TARGET="_blank">http://in.tech.yahoo.com/021005/137/1w2bq.html>
Secure software: will we ever see it?
Insiders are the biggest computer security threat:
< TITLE="http://www.pcworld.com/news/article/0,aid,105528,00.asp>" TARGET="_blank">http://www.pcworld.com/news/article/0,aid,105528,00.asp>
** *** ***** ******* *********** *************
Counterpane News
It was an excellent quarter for Counterpane. Sales up 100% over last
year, a bunch of new resellers, way more monitoring, that sort of
thing. We'll have a press release with the details real soon now.
Schneier is speaking at SMAU 2002 in Milan on 25 Oct:
< TITLE="http://www.smau.it/smau2002/english/docs/flash.html>" TARGET="_blank">http://www.smau.it/smau2002/english/docs/flash.html>
Schneier is speaking at the Symposium on Privacy & Security in Zurich
on 30 and 31 October:
< TITLE="http://www.privacy-security.ch/english/programm/default.htm>" TARGET="_blank">http://www.privacy-security.ch/english/programm/default.htm>
Schneier is speaking at Comdex in Las Vegas on 18 November:
< TITLE="http://www.comdex.com/fall/>" TARGET="_blank">http://www.comdex.com/fall/>
** *** ***** ******* *********** *************
One-Time Pads
It's a meme that never seems to go away. Every time I write about this
cryptanalytic result, or the insecurity of that system, someone starts
crowing about one-time pads. "Every other cryptographic algorithm is
based on some assumption, and one-time pads are the only provably
secure system," they say. "They're the only safe algorithm," they
say. "They're the future," they say.
Well, they're wrong. And step, by step, I will explain why. (Parts of
this essay are taken from my book "Secrets and Lies.")
One-time pads are the simplest of all algorithms, and were invented
early on in the 20th century. The basic idea is that you have a pad of
paper with a bunch of randomly chosen key letters, the same size as the
message, on it. You add one key letter to each plaintext letter, and
never repeat the key letters. (That's the "one-time" part.) For
example, assume the message is IT and the pad letters are CM. You add
I (9) to C (3) to get L (12), or T (20) to M (13) to get G (7). (20 +
13 = 7 mod 26.) Then you burn the paper afterwards. The receiver
reverses the process using his pad of paper, and then burns the key
letters when he's done. This system works with any alphabet, including
a binary one.
One-time pads are the only provably secure cryptosystem. Because the
key is the same size as the plaintext, every possible plaintext is
equally likely. With different keys, the ciphertext DKHS could decrypt
to SELL, STOP, BLUE, or WFSH. With a normal algorithm, such as DES or
AES or even RSA, you can tell which key is correct because only one key
can produce a reasonable plaintext. (Formally, the message size needed
is called the "unicity distance." It's about 19 ASCII bytes for an
English message encrypted with a cipher with a 128-bit block. With a
one-time pad, the unicity distance approaches infinity and it becomes
impossible to recognize plaintext. This is the security
proof.) Because a one-time pad's key is the same size as the message,
it's impossible to tell when you have the correct decryption.
This is the only provably secure cryptosystem we know of.
It's also pretty much useless. Because the key has to be as long as
the message, it doesn't solve the security problem. One way to look at
encryption is that it takes very long secrets -- the message -- and
turns them into very short secrets: the key. With a one-time pad, you
haven't shrunk the secret any. It's just as hard to courier the pad to
the recipient as it is to courier the message itself. Modern
cryptography encrypts large things -- Internet connections, digital
audio and video, telephone conversations, etc. -- and dealing with
one-time pads for those applications is just impracticable.
If you think you know how to do key management, but you don't have much
confidence in your ability to design good ciphers, a one-time pad might
make sense. We're in precisely the opposite situation, however: we
have a hard time getting the key management right (partly because most
applications won't really support couriers with briefcases handcuffed
to their wrists, Marines with rifles guarding the room with the
encryption equipment in it, or thermite charges available for
physically destroying storage media before the bad guys get past the
Marines with rifles guarding the encryption equipment), but we're
pretty confident in our ability to build reasonably strong
algorithms. It's just not the weak point in our systems.
What a one-time pad system does is take a difficult message security
problem -- that's why you need encryption in the first place -- and
turn it into a just-as-difficult key distribution problem. It's a
"solution" that doesn't scale well, doesn't lend itself to mass-market
distribution, is singularly ill-suited to computer networks, and just
plain doesn't work.
The exceptions to this are generally in specialized situations where
simple key management is a solvable problem and the security
requirement is timeshifting. In these situations, the problem isn't
transporting the bits securely, but transporting the bits securely at
the time the message is generated. Securing the bits beforehand is
easy. And there are historical examples of one-time pads being used
successfully, in specialized circumstances. Russian spies used pencil
and paper one-time pads to communicate. (The NSA broke the system
because the Russians reused the same one-time pads. Oops.) An early
Teletype hotline between Washington and Moscow was encrypted using a
one-time pad system. One-time pads were also used successfully in WWII
by the English; spies in locations with radios but no other encoding
equipment were given pads printed on silk, and were able to encode
messages for transmission faster and more securely than by previous
methods involving memorized poetry.
Those examples used real one-time pads. Generally, products that claim
to use a one-time pad actually don't. My guess is that the engineers
quickly realize that they can't possibly implement a one-time pad, so
they use the output of a stream cipher and call that a one-time-pad
generator, or a virtual one-time pad, or almost a one-time pad, or some
other marketing-speak. It's not a one-time pad. The security proof
completely fails when you use a stream cipher.
On the other hand, if you ever find a product that actually uses a
one-time pad, it is almost certainly unusable and/or insecure.
So, let me summarize. One-time pads are useless for all but very
specialized applications, primarily historical and non-computer. And
almost any system that uses a one-time pad is insecure. It will claim
to use a one-time pad, but actually use a two-time pad (oops). Or it
will claims to use a one-time pad, but actually use a steam cipher. Or
it will use a one-time pad, but won't deal with message
re-synchronization and re-transmission attacks. Or it will ignore
message authentication, and be susceptible to bit-flipping attacks and
the like. Or it will fall prey to keystream reuse attacks. Etc.,
etc., etc.
One-time pads may be theoretically secure, but they are not secure in a
practical sense. They replace a cryptographic problem that we know a
lot about solving -- how to design secure algorithms -- with an
implementation problem we have very little hope of solving. They're
not the future. And you should look at anyone who says otherwise with
deep and profound suspicion.
** *** ***** ******* *********** *************
Comments from Readers
From: "Christian Hampson"
Subject: Your name on Reveal's list
Regarding the reason for the inclusion of your name and Rabbi
Schneerson on the list for Reveal, the term "crypt" is considered to be
an occult word. Your name is highly associated with
cryptography. Also, Avi Schneier is associated with Tai Chi in New
York and Arthur Schneier is part of the International Center for
Religion and Diplomacy. As for Schneerson, I also noticed such words
as "Judeo," "Hasidi," and "Kaballah" as being occult. It appears that
anything other than Civil Religion is to be considered occult, as
"Allah," "Chant," "Mahayana," "Sabat," "Ritual," "Prophet," and
"Resurrection" are also included on the list. Perhaps you should feel
honored by your inclusion.
From: Douglas Davidson
Subject: Your name on Reveal's list
I just wanted to point out that this might not necessarily be
illegitimate. If this organization is using some form of statistical
filtering (something along the lines of that described for spam
filtering in <) TITLE="http://www.paulgraham.com/spam.html>)" TARGET="_blank">http://www.paulgraham.com/spam.html>), then it is quite
possible that their word list is derived entirely automatically from
the analysis of some corpus. In that case, there may not be any way
for a human to explain the presence of a particular word; it is there
simply because it occurs in the corpus -- not necessarily frequently,
either. In Graham's case, for example, the resulting word lists were a
surprise even to Graham.
Unfortunately, if AntiChildPorn is using some technique of this sort,
it becomes difficult to validate their filters. In the case of spam
filtering, every user naturally has a sufficiently large corpus of spam
and non-spam e-mail available to construct their own filters. However,
not everyone has a large corpus of pornographic, racist, or similar
material available. Unless AntiChildPorn makes their corpus available
for examination -- which they probably are not willing to do -- it
would be difficult to evaluate their techniques without assembling a
large corpus yourself and seeing what their software says about it.
If AntiChildPorn is doing what they say they are doing, then one might
make a guess that anti-Semitic writings occasionally include the names
of rabbis. If they are not doing what they say they are doing, then
perhaps they have fed Phrack or something similar into the
mix. Without further evidence there is no way to tell.
From: "Don Coppersmith"
Subject: XLS Against Rijndael
Your recent "Crypto-gram" leads people to believe that Courtois and
Pieprzyk's XLS work breaks Rijndael.
I believe that the Courtois-Pieprzyk work is flawed. They overcount
the number of linearly independent equations. The result is that they
do not in fact have enough linear equations to solve the system, and
the method does not break Rijndael.
The details: The problem is evident in the "T' method" of section 6.3
of their IACR reprint #2002/044. They generate $ T' = t' t^{P-1} * {
{S-1} choose {P-1} }$ terms that can be multiplied by x1 and still
remain in their set of $T$ monomials, and then seem to claim to have
that many new equations. But in fact, any of the $t' [ t^{P-1} -
(t-r)^{P-1} ] * { {S-1} choose {P-1} }$ equations that come from
multiplication of a basic equation by a monomial, have already been
counted among their $R$ equations, and so they can't count them again.
The method has some merit, and is worth investigating, but it does not
break Rijndael as it stands.
10:24:55 PM
|
|
Norman Koren Photography
http://www.normankoren.com/
Lovers of great outdoor and slice-of-life photography will undoubtedly enjoy browsing the collection of photos available here, although that's not what initially grabbed my attention. Norman Koren has compiled a great collection of tutorials, offering an outstanding collection of tips to help budding shutterbugs through the process of getting great digital shots. Concepts are explained in a way that anyone could feel comfortable with, taking some of the mystery out of everything that happens once you are ready to move beyond the automatic settings that are your camera's default. What to do with your photos, after you've taken them, including scanning of 35mm stuff, printing, and some editing tricks, is also covered in enough detail to make the novice feel like they've progressed into the realm of being a better photographer.
10:23:30 PM
|
|
------ Forwarded Message
From: Dave Wolkowitz
Date: Wed, 09 Oct 2002 12:07:29 -0700 (PDT)
To: dave@farber.net
Subject: The Other IP
Dave,
I recently attended the 2002 Chicago International
Intellectual Property Conference.
The conference had top-tier legal experts discussing
such issues as DMCA and WIPO, as well as industry
experts such as SONICblue CTO Andrew Wolfe speaking
about his company's recent legal battles.
I wanted to share a couple interesting ideas with you:
There was an interesting talk by Judge James Holderman
of the U.S. District Court for the Northern District
of Illinois. In his view, there is a grave need for a
patent court at the trial level because generalist
judges are not prepared to handle patent law for
numerous reasons. Additionally, Professor Julie Cohen
of Georgetown University Law Center had some
interesting ideas about protecting individuals'
privacy by allowing them to bring trespass action
against corporate computer "hackers" seeking to
"protect" their copyrighted works by accessing
individuals? in-home computers via P2P networks.
I wrote a two-part article about the conference. I
hope your readers find it interesting.
Part One:
(http://www.eprairie.com/news/viewnews.asp?newsletterID=4179)
Part Two:
(http://www.eprairie.com/news/viewnews.asp?newsletterID=4180)
Regards,
Dave Wolkowitz
MarketSting
dave@marketsting.net
10:05:00 PM
|
|
Thanks to Red Rock Eater News:
Here are some more URL's. Thanks to everyone who contributed.
RRE home page: http://dlis.gseis.ucla.edu/people/pagre/rre.html
IDEO's redesign of a hospital in the October issue of Metropolis
should be required reading in design programs of every sort.
Iraq
Analysts Discount Attack By Iraq
(as in the Reagan years, the CIA is being pressured to give the right answers)
http://www.washingtonpost.com/ac2/wp-dyn/A63775-2002Oct9?language=printer
http://www.latimes.com/templates/misc/printstory.jsp?slug=la%2Dna%2Dcia11oct11004439§ion=%2Fnews%2Fprintedition%2Fasection
http://www.guardian.co.uk/usa/story/0,12271,807286,00.html
http://www.chron.com/cs/CDA/printstory.hts/nation/1607676
http://www.nytimes.com/2002/10/10/politics/10INTE.html?pagewanted=print
http://www.philly.com/mld/inquirer/4234259.htm?template=contentModules/printstory.jsp
critique of the Bush National Security Strategy and Cincinnati speech
http://www.opendemocracy.net/forum/document_details.asp?CatID=98&DocID=1867
protests at Bush's war speech in Cincinnati
http://www.citybeat.com/2002-10-10/news.shtml
DefenseWatch issue on Iraq
http://www.sftt.org/dw10022002.html
US Has a Plan to Occupy Iraq, Officials Report
http://www.nytimes.com/2002/10/11/international/11PREX.html?pagewanted=print
Congress Must Resist the Rush to War
(we're proving again that war is the enemy of law)
http://www.nytimes.com/2002/10/10/opinion/10BYRD.html?pagewanted=print
left-wing answers to questions about Afghanistan and Iraq
http://www.zmag.org/45qairaq.htm
reports from peace activists inside Iraq
http://www.iraqjournal.org/
US Forces Ill-Equipped for Chemical and Biological Warfare
http://www.veteransforcommonsense.org/article.asp?id=46
http://www.sftt.org/dw10022002.html#5
South Africa Denies Iraqi Arms Deal Claims
http://www.mg.co.za/Content/l3.jsp?o=10272
assorted sources on Iraq war issues
http://lii.org/search?query=(Iraq+not+Babylonia);searchtype=subject
article on Saddam's "palaces"
http://www.msnbc.com/news/817665.asp
Bush Studied Israel's 1967 Preemptive Strike
http://www.msnbc.com/news/819372.asp
Operation Endless Deployment
http://www.thenation.com/docprint.mhtml?i=20021021&s=hartung
the ancient bond between war and mindlessless
(projection: make no sense by pretending that opponents make no sense)
http://www.dailyhowler.com/dh101002.shtml
"you're un-American! you hate America! you're with us or with the terrorists!"
(oh, *that* new tone)
http://www.prospect.org/webfeatures/2002/10/tapped-s-10-07.html#550pmblitzer
http://www.spinsanity.org/post.html?2002_10_06_archive.html#85541371
Democrats paying for their incoherence and collapse on the war
(my view is that the Democrats and their supporters need to grow more pundits)
http://www.washingtonpost.com/ac2/wp-dyn/A6721-2002Oct10?language=printer
war
indictment of the head of a Muslim charity
http://news.findlaw.com/hdocs/docs/terrorism/usarnaout10902ind.pdf
recently declassified information about US chemical weapons tests
http://www.deploymentlink.osd.mil/current_issues/shad/shad_intro.shtml
http://story.news.yahoo.com/news?tmpl=story&u=/ap/20021009/ap_on_go_ca_st_pe/chemical_weapons_tests_9
Mass Graves Found in Northern Afghanistan
http://www.mg.co.za/Content/l3.jsp?a=13&o=10278
FBI Memo Details Pre-9/11 Sloppiness
(might be a temporary link)
http://www.austin360.com/aas/news/ap/ap_story.html/Washington/AP.V3389.AP-Attacks-FBI-Err.html
article about DNA analysis of remains from the World Trade Center
http://www.latimes.com/templates/misc/printstory.jsp?slug=la%2Dsci%2Dremains9oct09004433§ion=%2Fnews%2Fprintedition%2Fasection
Fighting Terrorism With Democracy
http://www.thenation.com/docprint.mhtml?i=20021021&s=rorty
Navy Center for Contemporary Conflict
http://www.ccc.nps.navy.mil/index.asp
civil liberties and security
third circuit says no first amendment right of access to deportation hearings
http://news.findlaw.com/hdocs/docs/terrorism/ashnjmg10802opn.pdf
http://www.law.com/jsp/printerfriendly.jsp?c=LawArticle&t=PrinterFriendlyArticle&cid=1032128705832
http://www.philly.com/mld/inquirer/4238161.htm?template=contentModules/printstory.jsp
more on the ID card disaster in Pakistan
http://www.nytimes.com/2002/10/10/international/10STAN.html?pagewanted=print
summary of hacktivism projects
http://www.nytimes.com/2002/10/10/technology/circuits/10hack.html?pagewanted=print
"biometrics proves more difficult than feds anticipated"
http://www.fcw.com/fcw/articles/2002/1007/cov-bio-10-07-02.asp
what happened when part of the UUNet backbone failed last week
http://www.businessweek.com/print/technology/content/oct2002/tc2002108_4317.htm
Satellite Systems Hackable: GAO Study
(does someone have a URL for this?)
http://www.theregister.co.uk/content/55/27508.html
Aviation Accident Information Dating Back to 1962 Now Available Online
http://www.ntsb.gov/Pressrel/2002/021009.htm
conspiracy theory about Republicans and voting machines
(I don't find the site credible, but they explain where to look for evidence)
http://www.scoop.co.nz/mason/stories/HL0210/S00044.htm
http://www.talion.com/election-machines.html
Lobbyist Made Money From Florida Voting Machine Sales
http://www.sptimes.com/2002/10/06/news_pf/State/Lobbyist_made_money_f.shtml
corruption
Bush accused of colluding with Harvard to hide problems at Harken
http://www.people.fas.harvard.edu/~skomarov/harvardwatch/
http://www.thedailyenron.com/documents/20021009083424-82854.asp
http://www.nytimes.com/2002/10/11/opinion/11KRUG.html?pagewanted=print
http://www.boston.com/dailyglobe2/282/business/Harvard_role_in_Harken_called_deeperP.shtml
http://www.timesonline.co.uk/article/0,,5-442115,00.html
http://www.guardian.co.uk/usa/story/0,12271,808933,00.html
Documents Raise Questions About White's Senate Testimony on Energy Trades
http://www.citizen.org/pressroom/print_release.cfm?ID=1229
Enron Owes $6 Million in Taxes
http://www.chron.com/cs/CDA/printstory.hts/metropolitan/1611416
Enron Bondholders to Get $8 Million
http://story.news.yahoo.com/news?tmpl=story2&cid=509&u=/ap/20021010/ap_on_bi_ge/enron_sec_1&printer=1
Alabama retirement fund going after Enron's bankers
http://www.law.com/jsp/printerfriendly.jsp?c=LawArticle&t=PrinterFriendlyArticle&cid=1032128681489
SEC watering down the Sarbanes-Oxley rules for corporate lawyers
http://www.law.com/jsp/printerfriendly.jsp?c=LawArticle&t=PrinterFriendlyArticle&cid=1032128710966
intellectual property
Microsoft Nixes TV Copy Protection
http://news.com.com/2102-1040-961376.html
http://www.theregister.co.uk/content/4/27531.html
more on copyright extensions
http://www.law.com/jsp/printerfriendly.jsp?c=LawArticle&t=PrinterFriendlyArticle&cid=1032128711781
http://www.washingtonpost.com/ac2/wp-dyn/A3508-2002Oct9?language=printer
http://chronicle.com/free/2002/10/2002101001t.htm
hardware that deactivates unless you register software upgrades
http://staging.infoworld.com/articles/op/xml/02/10/07/021007opgripe.xml?Template=/storypages/printfriendly.html
everything else
details on the human versus machine chess match in Bahrain
(it's a fair fight this time, and we're winning)
http://www.brainsinbahrain.com/
http://www.chessbase.com/
http://www.chessbase.com/shop/index.asp?cat=Fritz+Programs
http://62.73.175.4/dynamic/articles/108193978.html
http://www.gulf-daily-news.com/Articles.asp?Article=34499&Sn=BNEW
The Problem of Slow Productivity Growth in Europe
(they accept the late-1990's productivity growth claims in the US as real)
http://www.j-bradford-delong.net/movable_type/archives/000949.html
jargon watch: study how hard they stretch to insinuate wrongdoing
(contortionists often develop serious joint problems as they grow older)
http://www.nytimes.com/2002/10/10/politics/10GIFT.html?pagewanted=print
A Concise Model of the University
(ultra nerdly satire)
http://pfaff.tcc.virginia.edu/home/MT/archives/000014.html#000014
Java site for building animated, uh, well, just try it
http://www.sodaplay.com/constructor/index.htm
Rumble of a Coming Ice Age
http://www.nationalpost.com/components/printstory/printstory.asp?id=b7052ccd-012b-43b6-965d-817642a34738
end
10:03:32 PM
|
|
Friends of Sklyarov and 2600 take note.
The Copyright Office, which administers parts of the Digital Millennium
Copyright Act, is taking comments on the "anti- circumvention" provision of
the Act, the one which tripped up Sklyarov and 2600, and which has given a
lot of other people a lot of trouble.
The Copyright Office would like comments submitted electronically, as it
explains, in intricate (http://www.copyright.gov/1201/fr2002-4.pdf) detail.
EFF will be coordinating the effort to respond.
Don Weightman
...........................
Donald Weightman
202.544.1458
10:01:03 PM
|
|
-------- Original Message --------
Date: Wed, 23 Oct 2002 11:33:58 -0400
From: Vin
> http://newsvac.newsforge.com/newsvac/02/10/23/1247236.shtml?tid=4
Washington State Congressman attempts to outlaw GPL
Wednesday October 23, 2002 - [ 12:47 PM GMT ]
Topic - Government
An anonymous reader writes: "Leaders of the New Democrat
Coalition attempt to outlaw GPL. A call to sign off on
explicit rejection of "licenses that would prevent or
discourage commercial adoption of promising cyber security
technologies developed through federal R & D." has been
issued by Adam Smith, Congressman for the Ninth District in
the State of Washington.
It's already signed off on by Rep. Tom Davis(R-Va), Chairman
of Government Reform Subcomittee on Technology, and Rep.
Jim Turner (D-TX) Ranking Member of the same committee,
with the backing of Rep. Jim Davis (D-FL), and Rep. Ron
Kind (D-WI).
It's a note to fellow New Democrats under the guise of
protecting commercial interest's right to make money from
the fruits of federal R & D, and to sign off on an attached
letter to Richard A. Clarke, Chair of the President's
Critical Infrastructure.
They are attempting to convince Clarke, Chair of the
President's that licensing terms such as "those in the GNU
or GPL" are restrictive, preclude innovation, improvement,
adoption and establishment of commercial IP rights.
Let's take a look at the highlights:
1) They use the Internet, by virtue of TCP/IP, as "proof" of
their thesis.
2) They state that you cannot improve OR adopt OR
commercialize GPL software.
3) They state that you cannot integrate GPL'd software with
proprietery software.
4) They say you should keep publicly funded code away from
the public sector, so that proprietary interests can make
money from the work.
5) They equate a lack of understanding of the GPL with valid
reasoning against it.
In essence, that non-proprietary interests should not be
allowed to use, adopt, improve, or make money from the
work. That taxpayers should pay for it twice. And that
nobody should be able to stop commercial entities from
taking publicly funded code, they will then close off.
Write or fax each of the Congressmen mentioned as supporting
this, and let them know they have been given bad
information and that categorically anti-opensource and
anti-GPL stance will be reflected at voting time:
Rep. Jim Davis
424 Cannon House Office Building
Washington, D.C. 20515
Phone: (202) 225-3376
Fax: (202) 225-5652
Webmail: http://www.house.gov/jimdavis/message.html
Rep. Tom Davis
306 Cannon House Office Building
Washington, D.C. 20515-4611
Phone: (202) 225-1492
Fax: (202) 225-3071
Rep. Ron Kind
1713 Longworth HOB
Washington, D.C. 20515
Phone: 202.225.5506
Fax: 202.225.5739
Rep. Adam Smith
116 Cannon House Office Building
Washington, D.C. 20515
Phone: 202-225-8901
Fax: 202-225-5893
E-Mail: http://www.house.gov/adamsmith/contact/contact.htm l
Rep. Jim Turner
208 Cannon HOB
Washington, DC 20515
Phone: (202) 225-2401
Fax: (202) 225-5955
For those without e-mail listed, email them at:
http://www.house.gov/writerep/
Here's the note to the New Democrats from Smith, Kind and J.
Davis:
Support Innovation in Cybersecurity -- Sign The Attached
Dear Colleague
Deadline: Friday, October 18th
Dear New Democrat Colleague:
Attached is a letter that is being sent to Dick Clarke, the
Chair of the President's Critical Infrastructure Protection
Board. As he shapes the "National Strategy"on
cybersecurity, it is important to affirm that government
R&D should be made available under intellectual property
licenses that allow for further development and
commercialization of that work. Licenses such as the
General Public License (GPL) are problematic and threaten
to undermine innovation and security. I urge you to sign
this letter.
As you know, the basis of the Internet - the TCP/IP protocol
- is a result of federal R&D efforts at DARPA. The
advancement and commercialization of this research provided
significant economic growth as well as gains in
productivity and efficiency.
Public-private partnerships have been hallmarks of
technological innovation and government has played a
positive role in fostering innovation by allowing the
private sector to develop commercial products from the
results of publicly funded research. As such it is
important that the National Strategy reject any licenses
that would prevent or discourage commercial adoption of
promising cybersecurity technologies developed through
federal R&D.
The terms of restrictive license's - such as those in the
GNU or GPL - prevent companies from adopting, improving,
commercializing and deriving profits from the software by
precluding companies from establishing commercial IP rights
in any subsequent code. Thus, if government R&D creates a
security innovation under a restrictive license, a
commercial vendor will not integrate that code into its
software. So long as government research is not released
under licensing terms that restrict commercialization,
publicly funded research provides an important resource for
the software industry.
New Democrats have long supported public-private
partnerships -- it's important that any licenses do not
compromise a company's intellectual property rights in
their own technology. I encourage you to sign the attached
letter to Mr. Clarke. If you have any questions, please
contact Mike Mullen (Rep. Jim Turner; 5-2401) or John
Mulligan (Rep. Adam Smith; 5-8901). Thank you.
Sincerely,
Adam Smith Member of Congress
Ron Kind Member of Congress
Jim Davis Member of Congress
Text of attached letter to Mr. Clarke
Congress of the United States
Washington DC 20515
October 8, 2002
Honorable Richard A. Clarke
Chair, President's Critical Infrastructure Board
The White House
Washington, DC 20500
Dear Mr. Clarke:
We are writing to submit our views on the National Strategy
to Secure Cyberspace that you circulated for comment on
September 18, 2002. We believe the National Strategy should
explicitly recognize that overall cyber security will
improve if federally funded research and development is made
available to Americans under intellectual property licenses
that allow for further development and commercialization of
that work product. This is a long-standing federal
principle that should be explicitly stated in the National
Strategy.
The leading example of this principle is DARPA's research in
the 1970s that resulted in TCP/IP - the key set of
communications standards that form the technical basis of
today's Internet. These communications standards were made
available under licensing terms allowing their integration
into commercial software, which in turn enabled a wide
range of companies to develop innovative communication and
networkingservices.
Taxpayers are still realizing a tremendous return on that
federal investment through Internet driven productivity
gains, economic growth, job creation, and individual
empowerment that could not have been predicted by the
federal, academic and private sector researchers who
developed TCP/IP. However, none of these returns would have
been possible unless the research was made available under
licensing terms that allowed the private sector to
commercialize TCP/IP. Nor would the government and industry
have enjoyed the fruits of this economic activity-- fruits
that have funded additional research and development--
unless it had been made available for commercialization.
It would be very unfortunate - indeed, counterproductive and
contrary to the public-private partnership that is at the
core of the national cyber security strategy - if companies
were reluctant to adopt promising security technologies
produced by federal research for fear that doing so may
compromise their intellectual property rights in their own
technology.
For these reasons, it is essential that the National
Strategy affirm federal tradition by explicitly rejecting
licenses that would prevent or discourage commercial
adoption of promising cyber security technologies developed
through federal R&D. We commend your hard work on an issue
of pressing importance, appreciate the opportunity to
participate in this process, and trust you'll consider our
views when you issue the final version of your report.
Sincerely,
(signed)
Tom Davis
(signed)
Jim Turner
Ranking Member, Reform Subcommittee on Technology
NOTE: Their letter is addressed to Mr. Clarke who has *not*
expressed support of this initiative."
9:54:56 PM
|
|
SuSE opens Linux desktop for Windows
Would a transition to open-source desktops be more acceptable
if your users could continue to run Microsoft Office? SuSE is
betting on it. Taking aim at small to medium-sized enterprises,
the Linux distributor is readying SuSE Linux Office Desktop,
which will package SuSE Linux 8.1 with software that allows the
distribution to process Office files and run other Windows applications.
http://cl.com.com/Click?q=8d-nbL1Q7nhvy_eOTzBbYeWXxQqLMPR
Special Report: The perfect Linux desktop http://cl.com.com/Click?q=a2-6-M7QXZeFg5AbpO1qV69DQKagonR
9:48:05 PM
|
|
Thanks to Gnome:
OmniOutliner v2.1 [2.1MB] OSX 10.1 $30
http://www.omnigroup.com/applications/omnioutliner/
Back when I was required to outline projects for English class, as part of the grading process, I failed to see the point of outlining, completing the project first, and then creating an outline to fit the project. Out in the working world, after being required to write a few applications, I came to the realization that outlines have a distinct purpose, which has saved me hours of potentially wasted time; I only wish I would have discovered OmniOutliner sooner. While it's possible to use a text editor for outlining, this application is too versatile to ignore. While you can use it with plain black text, plenty of configurable options like fonts, numbering, background colors, and checkboxes (which make good to-do lists, in addition to being useful for tracking outlined progress). Checkboxes are also intelligent, so that if all sub-level checkboxes are checked, the top-level checkbox becomes checked as well. Multiple columns are available, for descriptive information next to your outlines. Files may be saved either as OmniOutliner files, or exported as HTML, Rich Text or Plain Text, making it easy to share your outlines or to-do lists. Whether you've got a bunch of tasks to keep track of, or a big project with many layers of information; OmniOutliner will make sure you stay on track.
9:43:53 PM
|
|
Larry is the general counsel & fromer executive director of the Open
Source Initiative.
The licenses address what Larry sees as legal shortcomings to the
BSD/MIT and GPL licenses respectively.
They're currently up for consideration before the OSI.
Among the interesting features is the patent defense proposed, an
implementation of ESR's "poison pill" of several years ago.
----- Forwarded message from "Lawrence E. Rosen" -----
From: "Lawrence E. Rosen"
Subject: Approval Requested for AFL 1.2 and OSL 1.1
To:
Date: Tue, 5 Nov 2002 11:39:19 -0800
Mailing-List: contact license-discuss-help@opensource.org; run by ezmlm
Organization: ROSENLAW.COM LLP
X-Spam-Status: No, hits=-78.7 required=5.0
tests=AWL,NOSPAM_INC,SPAM_PHRASE_00_01
version=2.42
X-Spam-Level:
The draft versions of the AFL and OSL are now stable. They have been
discussed on license-discuss for quite a while now. I believe I have
incorporated all concensus changes that were requested.
Will the OSI board approve them?
Latest versions of the licenses are at:
OSL 1.1: http://www.rosenlaw.com/osl1.1.html The comparison of OSL 1.1
to OSL 1.0 is at http://www.rosenlaw.com/OSL1.1.redline.pdf
AFL 1.2: http://www.rosenlaw.com/afl1.2.html The comparison of AFL 1.2
to AFL 1.1 is at http://www.rosenlaw.com/AFL1.2.redline.pdf
Upon approval of the new versions I will withdraw the original versions.
/Larry Rosen
9:41:16 PM
|
|
---
* 1880 Census goes online
USA Today (Oct 23, 2002) reports that USA Census from 1880 is on-line.
Volunteers from the Church of Jesus Christ of Latter-day Saints, which
is renowned for its genealogical research facilities, spent 17 years ...
http://www.kdnuggets.com/news/2002/n21/6i.html
-
9:39:25 PM
|
|
~~ Software:
* BayesiaLab: a powerful laboratory for mining your data with Bayesian Networks
Bayesia, a company created by researchers specialized in Bayesian Networks
and Machine Learning, launches BayesiaLab, a powerful laboratory for
mining your data with Bayesian Networks. ...
http://www.kdnuggets.com/news/2002/n21/14i.html
---
9:38:19 PM
|
|
Date: Mon, 04 Nov 2002 10:48:56 -0500
From: "ALAWASH E-MAIL"
ALAWON: American Library Association Washington Office Newsline
Volume 11, Number 87
November 4, 2002
In This Issue: Major Copyright Bill Affecting Distance Education
Becomes Law
On November 2nd, 2002, the "Technology, Education and Copyright
Harmonization Act" (the TEACH Act), part of the larger Justice
Reauthorization legislation (H.R. 2215), was signed into law by
President Bush. TEACH redefines the terms and conditions on which
accredited, nonprofit educational institutions throughout the U.S. may
use copyright protected materials in distance education-including on
websites and by other digital means-without permission from the
copyright owner and without payment of royalties.
TEACH establishes new opportunities for educators to use copyrighted
works without permission and without payment of royalties, but those
opportunities are subject to new limits and conditions. The American
Library Association joined with numerous other associations and groups
representing educators, librarians, and academic administrators to
negotiate the language of the TEACH Act and to vigorously support its
passage. The process of drafting the TEACH Act necessarily reflected
the views of diverse interests, and some terms we would like to have
seen in the law met with strong opposition from copyright owners
concerned about protecting their creations and preventing widespread
threats to their markets. On the other hand, the ALA and many other
library and education groups were successful in adding many provisions
in the bill that can significantly enhance distance education.
To put the complexity of the issue in perspective, we need to grasp not
only the growth of distance education, but also the magnitude of the
copyright concerns at stake. Many materials that educators use in the
classroom and in distance education are protected by copyright law.
Copyright protection applies to most text, videos, music, images, motion
pictures, and computer software; protection usually applies even if the
work lacks a copyright notice and is not registered with the U.S.
Copyright Office. Unless the work is in the public domain, or you have
permission from the copyright owner, or you are acting within fair use
or one of the specific, statutory exceptions, your copying, digitizing,
uploading, transmitting, and many other uses of materials for distance
education may constitute infringement.
Previous law did include such a statutory exception for the benefit of
distance education, but it was enacted in 1976 and has failed to meet
modern needs. That statute (Section 110(2) of the Copyright Act)
generally encompassed closed-circuit television transmissions, and it
could not foster robust and innovative and digital educational programs
that might reach students at home, at work, or at any other location.
The TEACH Act repeals that statute and replaces it with a more complex,
but more beneficial, revision of Section 110(2) and related provisions.
Among the benefits of the TEACH Act for distance education are an
expansion of the scope of materials that may be used in distance
education; the ability to deliver content to students outside the
classroom; the opportunity to retain archival copies of course materials
on servers; and the authority to convert some works from analog to
digital formats. On the other hand, the TEACH Act conditions those
benefits on compliance with numerous restrictions and limitations.
Among them are the need to adopt and disseminate copyright policies and
information resources; implementation of technological restrictions on
access and copying; adherence to limits on the quantity of certain works
that may be digitized and included in distance education; and use of
copyrighted materials in the context of "mediated instructional
activities" akin in some respects to the conduct of a traditional
course.
Therefore, to secure full benefits of the law, educators and their
colleges, universities, schools, and other qualified institutions will
need to take deliberate and careful steps. Full implementation will
likely involve participation by policymaking authorities, technology
officials, and instructional faculty. Librarians will invariably be
closely involved as they make their collections and other resources
available to students at remote locations. Moreover, you will most
assuredly need to consult legal counsel at your institution to be
certain you are properly implementing the new law's provisions.
To help with this effort throughout the country, the American Library
Association is launching an initiative to provide guidance and to help
interested persons so that they may better understand the new law and
implement its requirements. Please watch for developments at this
dedicated website: http://www.ala.org/washoff/teach.html. We have
posted and will continue to update summaries and explanations of the
law, together with guidance and other information to help the community
enjoy the advantages of the new law and to strengthen innovative
educational programs through the sharing of important information
resources.
Moreover, we will take this opportunity for a fresh examination of the
more general law of "fair use" as applied to distance education. Fair
use was, and remains, a vital alternative whenever a more specific
statute-such as Section 110(2) of the Copyright Act-fails to meet your
needs. However, fair use also has limits. In the meantime, you can
find a great deal of information about fair use on numerous websites,
and in many books, including some copyright publications available from
the ALA at http://alastore.ala.org.
We welcome your comments and observations at any time about this
project. For more information, contact Carrie Russell, Copyright
Specialist at ALA's Office for Information Technology Policy,
crussell@alawash.org or (800) 941-8478.
******
ALAWON (ISSN 1069-7799) is a free, irregular publication of the
American Library Association Washington Office. All materials subject to
copyright by the American Library Association may be reprinted or
redistributed for noncommercial purposes with appropriate credits.
To subscribe to ALAWON, send the message: subscribe ala-wo
<[your_firstname]> <[your_lastname]> to listproc@ala.org or go to
http://www.ala.org/washoff/alawon. To unsubscribe to ALAWON, send
the message: unsubscribe ala-wo to listproc@ala.org. ALAWON archives at
http://www.ala.org/washoff/alawon.
ALA Washington Office, 1301 Pennsylvania Ave., N.W., Suite 403,
Washington, D.C. 20004-1701; phone: 202.628.8410 or 800.941.8478
toll-free; fax: 202.628.8419; e-mail: alawash@alawash.org; Web site:
http://www.ala.org/washoff. Executive Director: Emily Sheketoff.
Office of Government Relations: Lynne Bradley, Director; Camille Bowman,
Mary Costabile, Don Essex, Patrice McDermott and Miriam Nisbet. Office
for Information Technology Policy: Rick Weingarten, Director; Jennifer
Hendrix, Carrie Russell, Claudette Tennant. ALAWON Editor: Bernadette
Murphy.
9:34:25 PM
|
|
Exploring the Contours of the Federal Mail and Wire Fraud Statutes
New York Law Journal
The federal mail fraud and wire fraud statutes are the subject of
an almost perpetual tug of war between prosecutors seeking to
broaden the type of conduct that can be prosecuted within the
statutes' extremely elastic boundaries and defense attorneys
striving to protect their clients from an over-zealous or, at least
overly creative, prosecution.
http://tm0.com/LAW/sbct.cgi?s=498088435&i=666476&m=1&d=3356892
9:33:10 PM
|
|
KILLER DOWNLOADS: Still using index cards to organize
your research? Your computer can do a lot better. Jason's
got three downloads that help collate your notes and sources
and arrange them in an orderly fashion.
Read More:
http://cl.com.com/Click?q=75-whwtIKUlzFA5r2OSj2eWwvgpp5ZR
9:30:52 PM
|
|
AOL Must Reveal Subscriber's Identity
The National Law Journal
In a case against America Online in which an electronics company
alleged that an AOL subscriber was libeling it, the Virginia
Supreme Court ruled that AOL must reveal the member's identity.
Siding with the electronics company's claim that the posting
violated the law even if it wasn't defamatory, the court concluded
that a speaker who uses nondefamatory words in a scheme to enrich
himself at the expense of another does not enjoy First Amendment
protection.
http://tm0.com/LAW/sbct.cgi?s=498088435&i=669743&m=1&d=3399295
9:29:27 PM
|
|
2nd Circuit Revives Attempt to End Marvel Comic Copyright
New York Law Journal
The creator of Captain America can invoke the termination
provisions of the Copyright Act of 1976, the 2nd U.S. Circuit Court
of Appeals has ruled. Deciding a case of first impression, the
court found that the comic creator's settlement with Marvel
Characters Inc., in which he acknowledged he devised the character
Captain America while working for hire, doesn't prevent him from
terminating the company's copyright under the act.
http://tm0.com/LAW/sbct.cgi?s=498088435&i=669743&m=1&d=3399287
9:28:18 PM
|
|
© Copyright 2003 Noel D. Humphreys.
|
|
|
|
| November 2002 |
| Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
| |
|
|
|
|
1 |
2 |
| 3 |
4 |
5 |
6 |
7 |
8 |
9 |
| 10 |
11 |
12 |
13 |
14 |
15 |
16 |
| 17 |
18 |
19 |
20 |
21 |
22 |
23 |
| 24 |
25 |
26 |
27 |
28 |
29 |
30 |
| Oct Jan |
|
|
