Slashback: Discipline, License, Name-calling

Slashback tonight brings you a boatload of updates and amplification to previous Slashdot stories, including: the outcome of the RIAA-driven administrative crackdown on file trading at the U.S. Naval Academy, the legal status of ambiguously labeled Microsoft "gimme" software, more information on the insecurities of Blackboard's card-based payment system, and more. Read on for the details!

Every day, in every way, I am becoming a better and better Lt. Junior Grade. alanjstr writes "The Baltimore Sun reports 'The Naval Academy has disciplined 85 students who used a military Internet connection to illegally swap copyrighted music and movies, but it stopped short of carrying out its threat to impose the maximum penalties of expulsion or court-martial, an academy document shows.' It goes on to say that the raid was spurred less by the RIAA and more by the threat of losing the internet connection due to the enormous amount of bandwidth consumed. The academy had given students several warnings before raiding the dorm rooms. Some of the hard drives seized last November were found to contain one or two copyrighted files, while others ran into the hundreds or thousands."

I bet they could make a better agreement with Xiph.org Magnetic Confinement writes "In an effort to make life more difficult for civic-minded Mac users, NPR has decided to drop Quicktime from its available streams. Nothing specific on their webpage addresses it, just some suspicious vacancies remain. Their helpdesk response is officially:

'NPR.org had been offering some of its audio in the Apple QuickTime format under an arrangement with Apple QuickTime. We regret that we were unable to reach mutually acceptable terms for a new arrangement with Apple QuickTime. As a result, NPR is unable to continue offering its content in this format.

You can also contact Apple QuickTime directly at: quicktime@apple.com

Weston
NPR Online'"

A note that got lost in the bin for too long ... JulesVD writes "Microsoft has agreed to tweak its Windows XP operating system in response to recent feedback from the Justice Department over its antitrust settlement with the federal government. (See news on Yahoo!) Microsoft will give more prominent display to a button in Windows that allows computer users to remove the company's Internet Explorer browser, company spokesman Jim Desler said. The Justice Department is overseeing Microsoft's compliance with the settlement. Placement of the button in a hard-to-reach spot in Windows was one of several complaints Microsoft's rivals made to the department last year."

Proportionality isn't just for the personals. You may still be boggling (I am) at the recently announced RIAA suits alleging that colleges and college students are liable for billions of dollars in damages to the music industry for facilitating online file trading. Reader Derek Lomas writes in with another editorial indicating "growing support at Yale for legal alternatives".

Even biggerness. The Gathering is billed by some as the the world's largest computer party. MC68040, though, writes "I'd like to remind everyone to have a look at dreamhack, that 'also' is the largest LAN in Sweden twice a year ... Which had over 5000 participants in 2001 and even more in 2002.. *arhem* Biggest you say?"

If you want to fight about "LAN party" vs. "Computer party," leave me out of it!

How about calling it "900t"? An anonymous reader writes "As previously reported, mozilla.org's Phoenix browser has been renamed to Firebird. This hasn't pleased supporters of the Firebird relational database project. In an Australian LinuxWorld article, one of their administrators calls the name change "one of the dirtiest deeds I've seen in open source so far." In a MozillaZine article, the same person accused mozilla.org of "theft" and "corporate bullying". They don't explain how it was different when they picked a name that was already used by a BBS, financial software manufacturer, Fenix IDE and games company. Meanwhile, IBPhoenix, an organisation that supports the development of the Firebird database, has put up a protest page, encouraging people to spam the MozillaZine forums (even though MozillaZine had nothing to do with the decision) and send masses of email to many Mozilla developers (most of whom were not involved in selecting the new name). I find it rather hypocritical that the Firebird database people are accusing Mozilla of "the filthiest of dirty tricks" while at the same time advocating the harassment of many Mozilla developers."

Point of clarification. batkid writes "In response to the article 'Microsoft pirating their own software,' Seems like MS is taking it pretty seriously. I got the following response from Microsoft (I am a faculty member, but the response should be the same to students).

April 9, 2003

RE: Visual Studio .NET Professional Edition and Windows XP Professional software distributed during the Microsoft Faculty Seminars

Dear Faculty Member, Thank you for attending the recent Microsoft Faculty Seminar. The purpose of this letter is to clarify questions concerning the legal use of the Visual Studio .NET Professional and Windows XP Professional software distributed to faculty who attended the Seminar. The software received is governed by the electronic license embedded in the product set up that appears prior to installation and no additional documentation is required.

Notwithstanding language on the CD label for the copies of Visual Studio .NET Professional Edition and Windows XP Professional Edition that you received during your attendance at the Seminar, which appeared to indicate that a separate license document was required in order for you to legally use the software, this letter will confirm that use by you of the software received is governed by the electronic license embedded in the product setup that appears prior to installation.

You are required to agree to accept the terms and conditions of this license prior to proceeding with the products' installation. Acceptance by you of these "Click to Accept" licenses is the only license required for your use of the copies of Visual Studio.NET Professional Edition and Windows XP Professional Edition received. We recommend that you keep a copy of this letter in your personal files for future reference."

Thanks for passing that along.

What if Masterlock security was assured this way? Monday, you read that security researchers Billy Hoffman and Virgil Griffith (known as Vergil and Acidus) were were prevented from speaking at a security conference by means of a Cease and Desist order from Blackboard, Inc.. The two planned to talk about security flaws found in Blackboard's Transaction System.

In a mail posted at Declan McCullagh's Politech mailing list, David Yaskin of Blackboard responds to the criticism that the company's legal action has drawn. John R. Hall has posted a FAQ explaining some particulars of the Blackboard Transaction System which Virgil and Acidus aren't at liberty to discuss, as well as contradicting some claims that Yaskin makes in the posted email.

Why blame NPR?

[Anonymous Coward]

In an effort to make life more difficult for civic-minded Mac users, NPR has decided to drop Quicktime from its available streams.

How do we know Apple wasn't being unreasonable in the terms they wanted?

BTW, those Phoenix database people sound really mature.

Dishonest statistics

[Elpacoloco]

Remember that joke about the kid who prooves that he has no time to attend school, since he must spend x days sleeping and x days eating and x days are weekends.....

The kid in this joke arrives at the figure that he does because the way he does it counts a good portion of time twice. (IE: Sleep and weekends overlaps...)
The RIAA I think is counting things twice when it obtains these "Billion Dollar" figures. I think that it counts the number of P2P transactions and multiplies it by the cost of an album. This dispite people downloading songs that they would never buy. In fact, one could further inflate the figures by including incompleted transactions as a full one.

Billions of Dollars? Baloney.

Oh my

[Raul654]

The fact is that most students at Yale are very familiar with breaking copyright law, because they are not willing to give up learning about music just because they can't afford the $15 cost of each CD.

Does anyone else find that laughable?

Re:Dishonest statistics

[menasius]

I agree, it doesn't fit logically.

The Music Industry is a big thing. However, my arguement to the exageration of these figures is that the music industry has supposedly taken "billions in losses". Even a behemoth like that would feel billions in losses and it would be visible. The airlines are having rough times and its obvious, it's not that they are trying to screw anyone it just seriously looks like they are in a great hurry to fix things and are making mistakes.

All the music industry has done is file suit, but the state of the industry doesnt say "we are fighting a loosing battle". If they lost billions where are the record labels that are dropping production or cutting wages to try to save the ship.

Thats just my 2 billion cents.

-bort

Skepticism Abounds

[yoink!]

I don't believe that Microsoft intends to allow users to actually remove much software with any of these "new" features. Even if a user edits his/her sysoc.inf (you can find it in "%systemroot%\inf" if you so will) file and removes the word "hide" from applications which are not appearing under the "add/remove windows components" manager, most of the applications remain on the hard disk even after they are supposedly "uninstalled." I have found this to be true with Outlook Express and Media Player. Frankly who cares about Internet Explorer at this point. Most people I know use it on their windows machines anyway, regardless of how buggy and insecure it may. At this point, Microsoft being forced to alter XP so much that Internet Explorer is "uninstalled" is nothing more that a friendly pat on the ass compared to the original goals of the anti-trust case(s). The justice department should be absolutely ashamed.

Why is it so hard to pick an original name?

[interactive_civilian]

About the Mozilla naming thing...you can't pick a much less original name than Thunderbird...

Is it really that hard to pick an original name and then run a few searches to make sure there are no similar products with that name?

For example, why not pick something from another language that fits the product well? Something like 'gaiyuu' (Japanese: foreign travel) or 'michiyuki' (Japanese: going down the road)...

Seriously...it seems ridiculous the amount of trouble these people have coming up with original names...

IMHO.

1000s of copyrighted files

[poppen_fresh]

It say that the Navy found some hard drives with 100s and 1000s of copyrighted files on them. It never says if the students had a right to have those files... I have 1000s of "copyrighted" files on my hdd in the form of mp3s, which I obtained by buying the CDs and then ripping them...

RIAA Statistics

[)v(agnus]

We all know that statistics can be manipulated to show anything one wants. Here's how to fix the problem: * Dismantle the RIAA and scatter the fragments to the four corners * Let Artists decide how to advertise and distribute their creations

Re:Why is it so hard to pick an original name?

[stubear]

With your two examples for names you still question why it's so hard to come up with a good name? Harley-Davidson took about two years to come up with the V-ROD motorcycle to commemorate the 100th year H-D has been in existence. As a member of OpenBeOS involved with the renaming process I can personally atest to the excruciating difficulty in sifting through names to come up with something original AND describes the thing you are naming. Don't be so quick to dismiss the complexity and difficulty simply because it's a single word.

Re:The Blackboard Presentation

[BitHive]

I looked through these things yesterday, and while they were interesting, there was little information of substance in them. All of the supposed vulnerabilities are theoretical, and the author himself does not claim to have tried any of them. Yes, a replay attack would work if the system works as he claims it does. Has he taken the first step of patching into one of the RS-485 drops that he claims are so very insecure? No. Does he know what kind of encryption is used on the IP converter? No. He merely speculates that it is "DES on the high end; XOR on the low end". How informative! The same could be said for any system that uses encryption.

I am following this closely because my college has installed the Blackboard system to provide all-hours card access to dorms and after-hours access to academic buildings. All of the readers are bolted into concrete or brick, or are installed on steel posts. You would have to do more physical damage to the building or the post to gain access to the supposedly insecure RS-485 drops than you would to simply force the door open. My school, however, has not extended this system to anything using real money, perhaps because they are aware of the flaws and want to limit the risks, or perhaps because the damn thing is so motherfucking expensive.

One thing that really detracts from the credibility of this "security analysis" is that in the PowerPoint presentation, someone is circled using paintbrush, identified by name, and labelled "piece of shit" or something like that. Apparently this is one of the guys that insists the system is secure. It may not be, but you can't expect anyone to take you seriously if you put crap like that into your presentation.

I thinks the button should be hard to find

[rsilvergun]

If your smart enough to deal with not having I.E. then finding the button to remove it shouldn't be that hard. Imagine being on the phone doing tech support for some bozo who's deleted I.E. because Microsoft is Evil, and dealing with the complications thereof.

Oh, and is it just me, or is this pathetic? Microsoft used illegle tactics to destroy several companies, and dominated the industry with those tactics to the point where the only way an even potential competitor could make it was by circumventing the market entirely (Linux). And the most done to them is making them put a button to remove I.E. from the start menu?

Re:Oh, please

[Anonymous Coward]

I guess most people have come to expect this from slashdot, but it should be pointed out all the same. It's too bad everyone (me included) puts up with it.

What? You mean your so-called informed diatribe? Read on, bucko.

From the slashdot writeup:

"Meanwhile, IBPhoenix, an organisation that supports the development of the Firebird database, has put up a protest page, encouraging people to spam the MozillaZine forums (even though MozillaZine had nothing to do with the decision) and send masses of email to many Mozilla developers (most of whom were not involved in selecting the new name). I find it rather hypocritical [--snip--]"

From the linked article [ibphoenix.com] (slightly summarised):

Let the Mozilla forums know how you feel. They've already taken some heat in forums on their website. To join that fray, you must register. Check http://www.mozillazine.org/forums/index.php [mozillazine.org] and http://www.mozillazine.org/talkback.html?article=3 075 [mozillazine.org] for the discussion.

You might also send mail to the following people and groups:

Asa Dotzler - he made the announcement [..]

drivers@mozilla.org - drivers are the project managers of Mozilla [..]

These people are the technical project leaders of Mozilla. They too should be aware that the possibility for confusion exists. [--snip eight addresses--]

Listing the eight technical project leaders at the end might have been a tad excessive, but I'd hardly call that "encouraging people to spam the mozillazine forums" or harrassing mozilla developers in the way that slashdot makes out to be. It looks like an ordinary informational page to tell people how they can contact the people who are able to make a decision.

I heartily disagree. As was said in the /. writeup (which was done by the submitter, and *not* the editor (so don't blame /.), the people at MozillaZine had nothing to do with the namechange. The tone I derive from his posting is "The war has already begun over there, so (and I quote) join the fray."

As for Asa Dotzler, providing his contact information for feedback and reprisal fits the *very definition* of "Shoot the messenger". That's just plain retarded.

Re:RIAA is grasping for headlines

[hubble29]

The RIAA is actually going about this in a winnable fashion and they don't even have to win to win. First they are taking on a person who does not have the deep pockets to defend himself against the 2,000Lb. gorilla that the RIAA is. If the student does not defend himself, the RIAA wins by default. The RIAA would then have a judgement placed against the student which would not be avoidable by bankruptcy and probably even have rights to his estate after his death. His credit is ruined and he would never have any hope of keeping any assets (cash or property), any earnings he is able to earn would probably be garinsheed also. The RIAA will also probably continue to keep the student in court until he dies of old age, demanding that he prove that he has no assets at each summons which would require several appearances. If the student fights the court case, the RIAA will keep him in court for years, one day at a time until he is broke and has to quit. At this point the RIAA wins be default again. This whole game is in the RIAA's favor since they have the bucks, resources, and the time (corporations can live a lot longer than people). Basically the poor guy's life is ruined unless some White Knight steps up and can give the RIAA a run for the money. In order to beat the RIAA at this game the student must somehow out spend the RIAA, tough to do. If the RIAA wins or settles out of court, they win. I f the student is able to win the case and the appeals that surely will follows, the RIAA has only lost one of an indefinite number of battles. Bottom line is this poor sucker is going to be made an example of to frighten the masses into submission. This war is a matter of life and death for the RIAA and they are going to pursue winning it as such.

Re:The Blackboard Presentation

[Apuleius]

Well then, why the restraining order?

MS Software

[danb35]

From the MS letter:

The software received is governed by the electronic license embedded in the product set up that appears prior to installation and no additional documentation is required.

Now, as any of us knows who's ever installed a piece of MS software, every such piece of software claims to be governed by the EULA that displays during installation. Now, if the statement quoted above is true of the software on those CDs, is it also true of the identically-marked CDs I've seen sold at computer shows?

Let's even carry it one step further: If clicking "I Agree" gives me a license to use the software, why wouldn't that apply to what would otherwise be illegal copies? It sounds pretty bizarre, but it also seems pretty consistent with what that letter said. And whatever happened to that whole "is it authentic" campaign?

Re:Heheheheh.... Another hax0rish post...

[yerricde]

Now, seriously, how many people have reverse engineered the installer _BEFORE_ actually installing and set it up so that it installs even if you say you Disagree?

If performed in the United States, such an act could possibly violate the DMCA. The installer may qualify as an "access control mechanism" under 17 USC 1201 [cornell.edu], and telling it to install even on Disagree may count as "circumventing" the license screen.

Nothing you see on Slashdot is legal advice. Even if a user is a lawyer, you're not his client.

Re:BECAUSE IT'S FREE

[tbase]

I don't know who you use for streaming, but if you can stream the kind of traffic NPR gets for free, tell me where. I did a little research (logged into the real stream, got the base, looked up the domain owner) and found that NPR has apparently just signed on with a new streaming provider to save money and provide more service. That smells is fanatical Mac users accusing NPR of all people of being bought by Microsoft. When was the last time you supported public radio, by the way? http://www.speedera.com/newsroom/pressreleases/npr .html

My point is this...

[Apuleius]

If they just want Acidus and Virgil nailed, they can let the two speak and then file criminal complaints. If the vulnerability is not a big deal, that is. Their system is shown to be robust, and they get their dose of spite by seeing Acidus &Co in cuffs. But if it is a big deal, then they have some explaining to do on why they didn't tell the colleges. Anyway, you're right that the devices are boxed in well, But it doesn't take much effort to trace the conduits and find a place top patch in.

Re:The Military And Masterlock

[Laplace]

Meanwhile, rapists at the academy go completely unpunished (although the victims do if they speak out). The military is the coolest.

On going entertainment...

[Anonymous Coward]

Phoenix browser has been renamed to Firebird. This hasn't pleased supporters of the Firebird relational database project.

If they change it again, I figure in a couple of months they will settle on a new name, and that will promply be contested, and then in another couple of months it will happen all over again, and so on. How many variations of "Phoenix" and the names of other mythological creatures are NOT already used by some one for a product? Of course, they probably won't bother changing it this time. At least Phoenix was actually already a browser.