Slashback: Discipline, License, Name-calling

Slashback tonight brings you a boatload of updates and amplification to previous Slashdot stories, including: the outcome of the RIAA-driven administrative crackdown on file trading at the U.S. Naval Academy, the legal status of ambiguously labeled Microsoft "gimme" software, more information on the insecurities of Blackboard's card-based payment system, and more. Read on for the details!

Every day, in every way, I am becoming a better and better Lt. Junior Grade. alanjstr writes "The Baltimore Sun reports 'The Naval Academy has disciplined 85 students who used a military Internet connection to illegally swap copyrighted music and movies, but it stopped short of carrying out its threat to impose the maximum penalties of expulsion or court-martial, an academy document shows.' It goes on to say that the raid was spurred less by the RIAA and more by the threat of losing the internet connection due to the enormous amount of bandwidth consumed. The academy had given students several warnings before raiding the dorm rooms. Some of the hard drives seized last November were found to contain one or two copyrighted files, while others ran into the hundreds or thousands."

I bet they could make a better agreement with Xiph.org Magnetic Confinement writes "In an effort to make life more difficult for civic-minded Mac users, NPR has decided to drop Quicktime from its available streams. Nothing specific on their webpage addresses it, just some suspicious vacancies remain. Their helpdesk response is officially:

'NPR.org had been offering some of its audio in the Apple QuickTime format under an arrangement with Apple QuickTime. We regret that we were unable to reach mutually acceptable terms for a new arrangement with Apple QuickTime. As a result, NPR is unable to continue offering its content in this format.

You can also contact Apple QuickTime directly at: quicktime@apple.com

Weston
NPR Online'"

A note that got lost in the bin for too long ... JulesVD writes "Microsoft has agreed to tweak its Windows XP operating system in response to recent feedback from the Justice Department over its antitrust settlement with the federal government. (See news on Yahoo!) Microsoft will give more prominent display to a button in Windows that allows computer users to remove the company's Internet Explorer browser, company spokesman Jim Desler said. The Justice Department is overseeing Microsoft's compliance with the settlement. Placement of the button in a hard-to-reach spot in Windows was one of several complaints Microsoft's rivals made to the department last year."

Proportionality isn't just for the personals. You may still be boggling (I am) at the recently announced RIAA suits alleging that colleges and college students are liable for billions of dollars in damages to the music industry for facilitating online file trading. Reader Derek Lomas writes in with another editorial indicating "growing support at Yale for legal alternatives".

Even biggerness. The Gathering is billed by some as the the world's largest computer party. MC68040, though, writes "I'd like to remind everyone to have a look at dreamhack, that 'also' is the largest LAN in Sweden twice a year ... Which had over 5000 participants in 2001 and even more in 2002.. *arhem* Biggest you say?"

If you want to fight about "LAN party" vs. "Computer party," leave me out of it!

How about calling it "900t"? An anonymous reader writes "As previously reported, mozilla.org's Phoenix browser has been renamed to Firebird. This hasn't pleased supporters of the Firebird relational database project. In an Australian LinuxWorld article, one of their administrators calls the name change "one of the dirtiest deeds I've seen in open source so far." In a MozillaZine article, the same person accused mozilla.org of "theft" and "corporate bullying". They don't explain how it was different when they picked a name that was already used by a BBS, financial software manufacturer, Fenix IDE and games company. Meanwhile, IBPhoenix, an organisation that supports the development of the Firebird database, has put up a protest page, encouraging people to spam the MozillaZine forums (even though MozillaZine had nothing to do with the decision) and send masses of email to many Mozilla developers (most of whom were not involved in selecting the new name). I find it rather hypocritical that the Firebird database people are accusing Mozilla of "the filthiest of dirty tricks" while at the same time advocating the harassment of many Mozilla developers."

Point of clarification. batkid writes "In response to the article 'Microsoft pirating their own software,' Seems like MS is taking it pretty seriously. I got the following response from Microsoft (I am a faculty member, but the response should be the same to students).

April 9, 2003

RE: Visual Studio .NET Professional Edition and Windows XP Professional software distributed during the Microsoft Faculty Seminars

Dear Faculty Member, Thank you for attending the recent Microsoft Faculty Seminar. The purpose of this letter is to clarify questions concerning the legal use of the Visual Studio .NET Professional and Windows XP Professional software distributed to faculty who attended the Seminar. The software received is governed by the electronic license embedded in the product set up that appears prior to installation and no additional documentation is required.

Notwithstanding language on the CD label for the copies of Visual Studio .NET Professional Edition and Windows XP Professional Edition that you received during your attendance at the Seminar, which appeared to indicate that a separate license document was required in order for you to legally use the software, this letter will confirm that use by you of the software received is governed by the electronic license embedded in the product setup that appears prior to installation.

You are required to agree to accept the terms and conditions of this license prior to proceeding with the products' installation. Acceptance by you of these "Click to Accept" licenses is the only license required for your use of the copies of Visual Studio.NET Professional Edition and Windows XP Professional Edition received. We recommend that you keep a copy of this letter in your personal files for future reference."

Thanks for passing that along.

What if Masterlock security was assured this way? Monday, you read that security researchers Billy Hoffman and Virgil Griffith (known as Vergil and Acidus) were were prevented from speaking at a security conference by means of a Cease and Desist order from Blackboard, Inc.. The two planned to talk about security flaws found in Blackboard's Transaction System.

In a mail posted at Declan McCullagh's Politech mailing list, David Yaskin of Blackboard responds to the criticism that the company's legal action has drawn. John R. Hall has posted a FAQ explaining some particulars of the Blackboard Transaction System which Virgil and Acidus aren't at liberty to discuss, as well as contradicting some claims that Yaskin makes in the posted email.

The Blackboard Presentation

[Jeremiah Cornelius]

The whole Blackboard presentation - including a .PPT attachment with photos of GT's physical security problems - is available at Cryptome [cryptome.org].

Don't worry. It opens in Open Office Impress just fine!

Comment removed

[account_deleted]

Comment removed based on user account deletion

Oh, please

[jesterzog]

I guess most people have come to expect this from slashdot, but it should be pointed out all the same. It's too bad everyone (me included) puts up with it.

From the slashdot writeup:

"Meanwhile, IBPhoenix, an organisation that supports the development of the Firebird database, has put up a protest page, encouraging people to spam the MozillaZine forums (even though MozillaZine had nothing to do with the decision) and send masses of email to many Mozilla developers (most of whom were not involved in selecting the new name). I find it rather hypocritical [--snip--]"

From the linked article [ibphoenix.com] (slightly summarised):

Let the Mozilla forums know how you feel. They've already taken some heat in forums on their website. To join that fray, you must register. Check http://www.mozillazine.org/forums/index.php [mozillazine.org] and http://www.mozillazine.org/talkback.html?article=3 075 [mozillazine.org] for the discussion.

You might also send mail to the following people and groups:

Asa Dotzler - he made the announcement [..]

drivers@mozilla.org - drivers are the project managers of Mozilla [..]

These people are the technical project leaders of Mozilla. They too should be aware that the possibility for confusion exists. [--snip eight addresses--]

Listing the eight technical project leaders at the end might have been a tad excessive, but I'd hardly call that "encouraging people to spam the mozillazine forums" or harrassing mozilla developers in the way that slashdot makes out to be. It looks like an ordinary informational page to tell people how they can contact the people who are able to make a decision.

Masterlock

[Vidar Leathershod]

Actually, IIRC, Masterlock did threaten lawsuit over the dissemination of info that would allow someone to find out a combination to a MasterLock combo lock in a few easy steps.

This is not new.

Vidar

Available NPR stream

[Theaetetus]

Pssst... check out the Boston NPR affiliate, WBUR at wbur.org - they (all right, we) have a quicktime streaming format available from the 'listen live' link on the front page.

We carry BBC, Morning Edition, The Connection, Here & Now, Fresh Air, All Things Considered, Talk of the Nation, On Point, Wait Wait Don't Tell Me, Car Talk, et al...
And we originate most of those. :)

-T

Re:Remove IE? I think not.

[TheAwfulTruth]

That is true, it uninstalls nothing, just makes in brain dead easy to reassociate html links to a different broswer.

Note that "IE" is a fairly small program, almost nothing more than a GUI wrapper around the MSHTML rendering engine that is used within Windows in several places as well as many third party apps and even an app that I've written myself.

You probably could remove iexplore.exe with no real harm to the rest of your windows use, but you would not beding yourself a favor by uninstalling the MSHTML com object(s) from your system.

MS just dumping WMP

[SuperBanana]

We regret that we were unable to reach mutually acceptable terms for a new arrangement with Apple QuickTime.

Well, at least they answered someone- I tried asking PBS why they dropped quicktime(also quite recently) for their TV episodes, and didn't get ea reply. I even offered to help implement open-source, free alternatives...since I live quite close to WGBH, one of the biggest PBS stations in the country.

In any case, this is bull- the software to stream quicktime is FREE, and you can use any codec you want- it doesn't have to be proprietary sorenson, for example.

Further, if cost was an issue, then they could stream ogg-vorbis, since there are no royalties, period. Sure, users would have to install a plugin, but that doesn't stop thousands upon thousands of sites forcing me to install Flash. It could certainly be offered as a choice.

I suspect what happened was MS either coerced them into switching(that's what they did in my old company- they said they'd look the other way on license violations if they went 100% MS. Sure enough, new policy came out right after the audit saying "solaris and linux will be dropped, MS win2k will be used everywhere") or MS gave them everything, maybe even gave them free hardware and server licenses.

It is positively disgusting that our public radio and TV companies are switching to just ONE, PROPRIETARY format.

Adware in Qicktime?

[ragingmime]

Adware? I have Quicktime, and I don't remember getting any adware with it... but maybe I missed something. But yeah, an open source alternative would be really nice... go Theora [theora.org]! (I'm assuming that someone will work out a way to stream it after it comes out, the way Icecast [icecast.org] does for Ogg [oggvorbis.org].)

blackboard scares me...

[edrugtrader]

this is so simple to fix...

current implementation:
reader to NP: this guy says he wants a coke
NP to reader: give him a coke

how it is hacked:
intercept the NP to reader command and resend "give him a coke" to the reader. free coke.

fixed implementation:
reader to NP: this guy says he wants a coke
NP to reader: give him a coke, lets call it UNIQUE_KEY
reader to NP: can i give this guy a coke and call it UNIQUE_KEY?
NP to reader: if this challenge already occured respond "no, you already did", otherwise, respond "yes, give him a coke" and log the UNIQUE_KEY

problem is the current hardware can not be upgraded to do handshaking or challenges like that. if you have programmed for paypal's IPN, it works as correctly described above and seems like the obvious solution... i can't figure out what these guys were thinking **for 19 years**!

Re:Oh my

[madmaxx]

From Canada, of course. And that's $15 Canadian, which is abou $11USD. Two national chains here (A&B, FutureShop) have stuck it to the recording industry by ignoring fixed pricing (for several years now).

Re:Why blame NPR?

[afidel]

No you are not up on how quicktime or most other streaming serve liscensing works. If you are a big broadcaster you pay for capabilities per simultaneous stream at a specific bitrate. Apple probably wouldn't come down to the cost per stream that NPR thought they could afford.

Re:Blackboard

[Anonymous Coward]

Here is a list [naccu.org] of coporate members of the National Association of Campus Card Users (NACCU).

Re:Masterlock

[SuperBanana]

Having had a coworker who was a professional locksmith, I can say that absolutely everything you said is wrong. Point by point:

tumbler locks only have 10 height levels at most

Wrong. They have many, many possible height levels. They are completely analog devices. Any locksmith should be able to make pins that are whatever height he wants, completely analog. Its not just like they have a box of pins, only available in 10 different lengths.

Less secure tumbler locks will allow each individual tumbler to move independantly of the rest.

Wrong. All(that I know of) tumbler locks allow individual tumblers to move independently, otherwise you wouldn't be able to insert or remove the key(duuuh.)

oh and most locks also have a master key that will work on every lock of that type, not just the specific tumbler combination given to your door specifically.

Again, WRONG. Only if the key is set up with several separate pins in each tumbler. Otherwise, there is only ONE position where all the pins will clear.

It is simply amazing how such a simple, very plain and ordinary device is completely misunderstood and given an almost magical status. Locks are VERY simple devices. Even picking them isn't rocket science, just methodical and you need a ton of practice. Most of the tricks used by lock-pickers are very obvious once you see how a lock works.

Re:Dishonest statistics

[Anonymous Coward]

An accountant working for one of these students could probably come up with a equally legit figure of 1% what RIAA says, it would probably be equally inaccurate since his job is to minimise the liability of his client. Of course RIAA uses a figure manipulated to suit them, the only numbers trustable are from objective observers, and theyre probably not interested enough to come up with them properly.

If someone steals from a store, accounting practise forces the owner to write it off at cost price, actually at "the lower of cost and net realisable value [price you could actually sell it at]", the music companies experienced no additional production cost from the pirated music so cost is nil. Thus the music companies are actually worse off by, well, some number anywhere between what the RIAA says and nil.

Another factor to consider is how much of the lost sales are really due to CD price fixing, and how much is price fixing artificially inflating the various "costs of piracy". Their cartel behaviour has pushed up prices of CD's, so pushed up the inflated "lost revenue" figure; at the same time it is the excessively priced CD's making people pirate more anyway.

Comment removed

[account_deleted]

Comment removed based on user account deletion

"Analog"

[yerricde]

They have many, many possible height levels. They are completely analog devices.

Analog devices have noise. Therefore, analog devices are built with tolerances, and on a given brand of lock, these tolerances may allow for only about ten distinct height levels per pin.

QSS not only for OS X Server

[extra88]

Even though Apple's site says QuickTime Streaming Server requires OS X Server, it really doesn't. You can install it on a regular OS X system.

Blackboard has put an official response on the web

[geddes]

http://www.blackboard.com/docs/Statement_on_System _Security.pdf [blackboard.com]

Re:Why blame NPR?

[ryochiji]

> If you are a big broadcaster you pay for capabilities per simultaneous stream at a specific bitrate

Where did you get that from? According to the QTSS FAQ [apple.com]:

Both QuickTime Streaming Server 4 and Darwin Streaming Server 4 are free, with no per-stream license fees.

So, no, it doesn't seem like licensing fees were the issue.

Re:License issues with QT?

[Pathwalker]

At 20K, almost everything is going to sound like ass. MP3, Vorbis, and AAC all sound pretty bad (with AAC sounding best of a bad set)

At that rate, for a mix of music and voice I feel that it's a close race between WMA, and Qdesign Music 2 Pro; with Qdesign edging out WMA for stereo audio at that rate (WMA has less high range - it sounds like the encoder filters out higher pitches to reduce noise before it encodes).

For a mix of music and voice, both Speex and Qualcomm Pure Voice are out, as while they would do a good job on voices they would not do well with the non-voice audio.

They don't carry what I want to listen to.

[bninja_penguin]

If I join one of those clubs, I could get the quantity of the discs you say, but they don't carry the bands I like, nor do they carry cd's that are by bands no longer around, and never made a big hit. This is something that everyone on both sides of this copyright shit need to realize. Especially the RIAA and other corporate entities. I don't want Brittney Spears, or Metallica , or whatever bullshit is lining the shelves of Walmart. If they really want to stop piracy, then I should be able to walk into anyplace that sells cds, and pick up a copy of Haunted Garage, or LawnmowerDeath, or anything else I decide. No, special orders do not cut it. The biggest music store here never even heard of these bands, and they don't find them on their little order sheets, so I must search all over to find my kind of music. Gee, the internet has sure made it easy to find my music. I buy from band pages when I find bands worth buying from, but when the band is dead and gone, and the RIAA decides to discontinue the cds, well, what then? P2P fills this bill. If they would think ahead just a bit, they could setup the motherlode of all napsters, and charge a reasonable fee for access, and then they would, at the very least, quadruple their income and reduce costs. This will never happen though, because Corporate thinking corrupts all that it touches, and the RIAA is certainly corrupt. But hey, what do I know? I work for a living.

Turn off the nagware

[ouija147]

Open date and time and set the year to something like 2024. Then save this time. Launch Quicktime and click on later to register sometime in the future.

Now reset the year.

Re-launch quicktime...no nag to upgrade to Quicktime Pro.

This has worked for years, and is pretty widely known...I saw it on a Mac forum and have forgotten who the poster was so I cannot give credit to the original poster.