Slashback: Activism, VOIP, Ivies

Slashback tonight brings you a response to Declan McCullagh's approach to political activism (and tangentially related, evidence of Bruce Perens' very different way of doing things), a link to a few more VOIP Blasters, tantalizing news from the Blender front, and more -- all below.

Until we know how to get to Stallman's Gulch ... sbrown writes: "Public Knowledge responds to Declan McCullagh's call for less activism, more code. Don't fool yourself geeks, political participation is absolutely necessary to maintain the freedom to write code. Public Knowledge has a plan to make geek political participation easy and effective."

Speaking of activism, Roblimo reported yesterday that Bruce Perens might be leaving HP. Today, IDG reporter Matt Berger confirms the break, writing that "Perens says he is leaving HP to pursue political activism. His protests against the DMCA and other legislation that Perens says threatens the open source community, apparently, were too much for HP to handle. So he is becoming an independent consultant and will work with HP as a consultant. He also plans to follow through with a presentation of a DVD player cracking software that he says is in violation of the DMCA. HP stopped him from doing the demonstration at the O'Reilly Open Source Convention last month."

Might these be the basis of a long-distance relationship? AndersBrownworth writes "After Creative nixed their VoIP Blaster, ($20 USB to "plain old telephone line" converter with free software available) ebay prices eclipsed the $200 mark. Now, it seems Creative has found some VoIP Blasters still hanging around and is selling them as refurbished units for $29.99. Ebay prices have reflected the move in Internet time."

Much more fun than a PBS pledge drive. Kodi writes "In case you haven't been watching, Blender's campaign to become open source by raising 100,000 is almost complete, with about 85,000 raised. If you were holding back, perhaps a little doubtful that they would make it, now's the time to chip in and push it over the top."

If your donation happens to be The Last Straw (and the Blender folks can verify it), I will provide you with your choice of ThinkGeek T-shirt ;)

And such pretty campuses, too. guttentag writes "Several weeks ago, Slashdot ran a story about the Princeton admissions dean who used applicant information to hack into a Yale Web site. Today Princeton announced it will remove the official from his position; however, it will offer him another, undisclosed job. It also revealed that Princeton and other Ivy League schools were aware of the break-ins as early as May 15.

MIT's The Tech adds Princeton officials previously said they were unaware of the incident prior to July 24 when Yale's president informed Princeton's, and that Yale notified the FBI the next day (President Bush's niece was among those students whose privacy was violated). It was not until that point that Princeton placed the official on administrative leave.

Apparently, misusing applicant information to commit identity fraud is not a serious offense at Princeton unless the public learns of it (or a member of the president's family is among the victims), and even then it's not serious enough to warrant dismissal. Princeton's president also said other school officials will be disciplined, but declined to provide details, presumably to protect the privacy of those officials or the university."

Hacking = terrorism

Princeton admissions dean who used applicant information to hack into a Yale Web site.

If hacking is now considered terrorism, why isn't the government all over this one?

Easy

Because only the poor can be criminals.

Re:Easy

Stepping out of the terrorism context, what about the recent wave of corporate fraud investigations? Are all those guys poor?

Are they in jail? We live in a country where kids with no prior record are being jailed for years at a time for having, not selling, drugs at rock concerts. A car thief can expect to spend years in jail, but George W. Bush violated securities laws multiple times [public-i.org] and he's in the White House.

Re:Easy

So he filed a bunch of forms late. Big whoop-de-doo.

You missed the key point. G.W. Bush filed the forms late so as to hide the fact that he was engaging in insider trading:

The tardiest --34 weeks late--was his Form 4 report disclosing that he had sold $848,560 of Harken stock on June 22, 1990, just weeks before the company filed a quarterly report revealing that it had hemorrhaged $23 million during that period. Bush had sold his stock for $4 a share. By the end of the year it was trading not much above $1.

Re:The stock price was up higher shortly thereafte

It's amazing how many people don't realize that stocks go up, stocks go down, especially small companies.

And stocks tank after a company announces that it has lost a huge sum of money. Bush, an insider in the company, sold right before such an announcement and the stock tanked. That it later recovered is irrelevent.

The same group of right-wing nut-cases that get so morally indignant because Clinton lied about a blowjob think it's fine for Bush to violate securities laws and engage in insider trading. You probably thought the Whitewater investigation into a 20 year old land deal in which the Clintons lost money was $50million well spent, but you all want us to look the other way when Bush violates securities laws. As you said, "it's amazing."

Re:Hacking = terrorism

Because it's a dilemma for Bush:

Breaking into computer system = bad
Erosion of personal privacy = good

Linux and OSS grows up

The NewsForge article had a very interesting comment about the LinuxWorld Expo:

There are not a lot of hippie hackers hanging out, and hardly anyone is wearing funny costumes. The combination Trekkie convention and Renaissance Faire feel a lot of early Linux get-togethers had is gone. This is a business gathering.

The author apparantly meets this with dismay. I would like to argue instead that it's about time.

I hate doing things in stuffy, overly-businesslike ways. I much prefer the more freewheeling, hacker style, and I am sure that many /. readers do also. But these are also the same people that want Linux and OSS in general taken seriously. Well, as unfortunate as it may be, to be taken seriously by business-type people, you have to act like business-type people, or at least hire people to do it.

Like it or not, movements that have gatherings of people in "funny costumes" or that have a "trekkie convention" atmosphere are going to be trivialized. Columnists will report these events in the "for your amusement" part of the newspaper, sandwhiched between Dear Abby and the horoscopes. By adopting a more serious attitude at events like this, now you start to get recognition where it counts, like in the Wall Street Journal.

As much as it galls most hacker types (myself included), appearance is everything. But the OSS community needs to remember that it has something more than just appearance, something that many proprietary vendors are missing: substance. OSS code actually works and delivers on what it claims in most cases.

So OSS hackers should keep coding and wearing funny costumes, or whatever floats your boat. But also let the business people and marketers loose. Let them promote what you're doing (think of it this way: it gives you even more time to code).

Re:Linux and OSS grows up

By adopting a more serious attitude at events like this, now you start to get recognition where it counts, like in the Wall Street Journal.

You shouldn't buy into Wall Street Journal's bullshit. They claim relevency for themselves, for their economic order, for their definition of achievement, for their suits and their lingo. But the free software we have was written by individuals, and they didn't wear those suits, they haven't been doing it for that model of success, and they don't use that lingo. They have been and continue to be relevant because of their actions and their creations.

Linux has survived all the dot-com bullshit because it was always by the people and for the people. The companies that have come and gone never effected the sole of the movement. They've helped at times, they've hurt at times, but they never were essential. If they all went away, free software would continue. If all the hackers went away, free software would die -- even if its licenses lived on and were used, even if its code continued to be extended by hired hands, its sole would be gone. It would just be another business efficiency, cast aside at some future date when the suit's whimsy changed.

We didn't get here by asking suits what was important or trying to get their approval. We didn't need them then, and we need them even less now. We might be able to use them -- but they aren't us and never will be. We should not forget that.

Creative's HTTPS server is more crushed than Wil

(Tough break about the cut. Perhaps you can post the scene script when the movie it out...)

But enough about CleverNickName... It seems that Creative's HTTPS order transaction server is also /.'ed into the stone age. I'm trying to order a couple of VOIP Blasters, and while I can do the non-secure part of the system great, all I get when I try to proceed to checkout is "Server timed out".

Hmmmm. Just like a brick and mortar - Plenty of stuff in the store, but not enough damn cashiers....

The pendulum is swinging back

First Napster rules
Then RIAA/MPAA/Politician cartel throws down
Now the pendulum is swinging back... ... as developers get a little pissed!

We need to assault the politicians on all fronts:
- with code
- with law
- with awareness-campaigns
- with boycotts of companies who support politicians

Remember when people ask us to have faith in the law system and that everything will work out we should not trust them. As bleak as it sounds we cannot have faith in many things and should trust only ourselves and that is why WE need to be actively doing all the above bulleted items.

"activism"

The tough thing about activism in the 21st century, is, how the HELL do you choose? There's too much- impossibly too much that needs to be addressed.

Do you fight against the DMCA and people's right to exchange information with each other?

Do you fight for clean air? I live in VERMONT and today we have worse smog than fucking LA, which I learned courtesy of online EPA ground level ozone reporting information. I would not have believed that possible. Today southern Vermont is at smog danger levels for children, elderly or those with asthma. I have asthma...

Do you fight against water privatization? The global fresh-water situation is getting desperate at a horrifying rate. Part of the problem is overuse, and part of the problem is- get this- corporations forcing entire countries into privatization because the World Bank demands it as a condition of doing business with the country. Once privatized, in the spirit of 'free trade' the corporation (such as Vivendi out of France) can export the country's water elsewhere- like America, if it wants- and refuse water to those in the original country who can't pay for it.

Or you could fight against corporations polluting, like in Anniston, Alabama. When Monsanto dumps so much poison into the creek that fish fucking explode and fall apart within minutes after being put in the water, you HAVE to buy water that Vivendi exported from some African nation where people die of thirst unable to afford water, because if you dig a well for water and drink it, you die!

Or you could google for 'Operation Northwoods', learn that in the 60s, McNamara repeatedly vetoed proposals from our own military to attack US citizens in order to basically create martyrs, blame it on Cuba and stir up enthusiasm for a war they felt desperately necessary... and ask whether any of that seems familiar, try to see if you can do better than 40 years of silence on what's going on today.

These are either great or horrible times to be an activist. The situation is so bad it forces any sane person to question. But there's too much to be done!

You have to pick a thing and work on that, or you just get ulcers and die early... mind you who can tell with the amount of poison and pollution in our air, our water, our food...

Re:"activism"

Naively, it seems the real solution is to fix the problem. In otherwords, if politics worked the way its supposed to--none of them things you list would not be on the way towards being solved. Fix the system, and the rest comes after.

It seems to me the problem is the corruption of money in politics and business. If only there is a way of causing money to loose its political power, then we'd be on the way towards a more perfect union.

Nepitism?

(President Bush's niece was among those students whose privacy was violated).

Maybe she can get C's at Yale too...

Stupidity is not a crime.

...misusing applicant information to commit identity fraud is not a serious offense at Princeton unless the public learns of it

How about being completely clueless about security? I guess it's a good thing society doesn't incarcerate people for committing stupidity (I'd be the first to take a drink). But seriously, this is like violating the DMCA by uncoding someone's ROT13 email signature.

Thanks Bruce

I'm glad you're on our side.

In another note, here's [gnu.org] an interesting rebuttal to the Declan article.

Also, know the Digital Speech Project [digitalspeech.org]. Best not reinventing any wheels.

Princeton vs. Yale: editorialization and omission

I should be shocked, shocked! that the Slashback blurb on the Princeton-Yale fiasco is heavily editorialized, and don't even bother linking to the primary source [princeton.edu]. (ObDisclosure: I'm an undergrad there, and I know LeMenager) But I'll let that slide.

I'm still curious as to three things:

1. Why did the editors post this blurb without indicating that independent investigators concluded that admissions director LeMenager intended only to check the security of Yale's website? The implication that he intended to spy on innocent applicants who entrusted him with their personal information is irresponsible.

   Quoth the press release [princeton.edu].

   Mr. LeMenager entered the Yale site by using the name, birth date and social security number of a Princeton applicant who he thought might also have applied to Yale, fully expecting that he would then be asked for a password or an ID number. He was surprised to learn that there was no security beyond name, birth date and social security number.

   If LeMenager was actually committing "identity fraud" for fun and profit, why on earth would he tell Yale exactly what he did at an admissions conference in May? Read the source [princeton.edu]. LeMenager made the mistake of repeating the entry to demonstrate how it was done. That hardly qualifies him for dismissal. Quoth the press release [princeton.edu].

   While we do not in any way condone these actions, there is no evidence that there was any intention on Mr. LeMenager's part to do anything other than test, and then demonstrate, the site's security or that he used confidential information for any other purpose.

   Lest we forget, Yale sat on this story for two months before releasing it. I've no idea why.

2. Given the sheer quantity of Slashdot wailing and chest-beating about the tragic propensity for computer-security whistleblowers to get reprimanded, sacked, or prosecuted, the sarcasm of the last paragraph of the blurb is unexpected, if not downright hypocritical.

3. I can understand why the mainstream news calls this a 'hack'. But Slashdot should know better. I'm not referring to the ESR/RMS "Editor, when you say hacker, you really mean cracker" lexicographic crusade -- I'm referring to the fact that using a name/SSN pair obtained legitimately (i.e., from an applicant who mailed it to you) to access a website is not "hacking" by even the most tortured definition of the term. It is social engineering, maybe. It is illegitimate, if done with malice, sure. But it is not "hacking."

I can understand why the mainstream press screws up. Six years ago, how often could you find an article about the Internet that didn't contain enough glaring errors to qualify it for a good MST3King? How much better are they today? Not much [nytimes.com].

I expected better from Slashdot.

Joe

Stop saying "Hacked!"

Damn, since when has entering a name, dob and SSN been elevated to "hacking". How about firing the moron who approved such a system, instead of the slightly more secure "mail them a PIN" or some such.

I'm sorry, that isn't a hack.

Unfortunately, I didn't see the web site, so maybe someone who did can say. Where was the "do not enter name other than yourself" disclaimer? In big letters on the login, or buried on the "privacy policy" page?

What a joke.

Well done, Bruce!

I'm really glad to see you're one of the few people who have principles and will follow them.

Strange incentive

If your donation happens to be The Last Straw (and the Blender folks can verify it), I will provide you with your choice of ThinkGeek T-shirt ;)

Doesn't this encourage people to wait longer to make a contribution?

No wonder InnoMedia wasn't making money

I have a VoIP blaster and after testing the quality (on PC2PC conversations) I decided to pay for the PC2Phone service. However, InnoMedia decided that they don't want my money. The reason? They didn't like my email address, saying that they don't accept an email address in your own domain.

Well, screw that. I wonder how they managed to keep the product alive so long with such crappy service.

Write more code for sure

Over the next few months, we are going to launch technology to organize and consolidate grassroots activity on policy issues affecting copyright and technology.

They are doing this by writing more code; this is what they mean by "launching new technology".

Code is the key to solving many problems. Like the problem of the RIAA and its inordinately and disproportionately strong political influence.

For example, by writing code, and creating an alternative copyright adminsitration system and organization to gather together the some 80% of copyrights that are not RIAA controlled, the writing of code will have a direct political impact on the issues surrounding compulsory DRM and RIAA / MPAA paid for legislation.

We need to have code written that organizes the scattered power in the world and focuses it to do our collective bidding. Either way, in the end, more code has to be written; Declan is right, and Public Knowledge are acknowledging this by writing code to solve a problem of political imbalance.

Blender paranoia!

I just took a wwwalk over to the Blender [blender3d.com] site. I'd like for everyone to realize that this campaign will make Blender open source -- but it may NOT make it FREE.

The deal [blender3d.com] is to make Blender "'free software' or 'open source' forever". Please note the "or". The term "free software" isn't mentioned elsewhere.

While it would be nice to have an open-source 3D environment, please note that open-source does NOT mean GPL'd or completely free. You might be donating your money for the purpose of creating more commercial software.

Stop exaggerating this hacking nonsense...

While I do agree that what LeMenger and others does warrant disciplinary action, I think that if you read the full findings of the investigation, you might realize that what took place was not nearly as bad as you make it out to be, and I daresay even understandable. The full story can be found in President Tilghman's statement [princeton.edu]. Here's a better summary that I posted somewhere else yesterday:

The statement explains each of the accesses, which basically comes down to LeMenager testing Yale's security and getting in, then showing how he did it to others three times, then 8 accesses by "junior" members who then thought it was OK and were interested in whether certain students were accepted, and one more access they're not clear on (actually, they mention a total of 14 accesses from the admissions office, but I only count them explaining 13?). As expected, all of the accesses were _after_ the decisions letters were dropped off at the post office. More interestingly, LeMenager isn't being fired (on account of his 20 years of experience, it seems), but he is being moved out of the admissions office. For now, he's being moved to the Communications Office, and according to a local paper (this isn't in Tilghman's statement) his salary will remain the same as it was before.

According to the full findings, LeMenager first entered the information because he wanted to see what he expected was a step 2 of the sign-in process, which would likely be a PIN number or password - wound up it wasn't there. Three more accesses were LeMenager showing his superior, Dean Hargadon, and others how it worked. The some junior staff members, seeing this, though it was ok to check the site themselves, thus leading to a total of 14 accesses - all of which are justifiable, even if they still deserve punishment.

Furthermore, there was a very interesting take on the fiasco published on Slate yesterday; go ahead and read the full story there [msn.com]. The independent author makes a strong case saying that the only reason Yale bothered to accuse Princeton of wrongdoing was that the Yale Daily Herald had discovered what was happened, and was about to make the report public; Yale wanted to distract attention away from their inadequate security, and did so by blaming Princeton.

It takes all, and there are all, types

I hold Mr. Perens in high regard and take pleasure in reading his perspectives. However, I am out of my depth in a parking lot puddle of parsing people's prerogatives. That's enough alliteration for one night. Anyway, I realize Mr. Perens' relationship with HP and how it evolves is one that is mature beyond a few paragraphs of my positing.

As HP may take, deservedly or not, a black eye over such antics, I would want to relate that there are many types of people who work for a company, and to put one face on a moniker may be an oversight of the people that make up that stock quote.

I purchased a used HP-branded laptop with no supporting documentation or installation disks. I had no luck in finding out much information about the unit on HP's web site, as the model does not apparently exist, according to all of their mechanisms available. I think the unit may have been a very short production run or a contract build for a government agency or private corporation.

My thorough efforts resulted only a few tentative results for BIOS and driver information. I called HP support expecting to pay a per-incident fee. To my suprise, I spoke with an incredibly helpful and interested tech support rep who realized that with what detective work I had done that I do have a rather rare laptop with no online support documentation. Together we found the appropriate most current bios and identified the major system components. With that information and a little more effort I now find myself writing this post on said same laptop just a few hours later, repartitioned for booting my favorite linux distro and all the hardware questions satisfactorily resolved.

This is just a perspective a satisfied person who in this case was not even a customer of HP's yet got what information I needed to accomplish my task with enthusiastic official support. I hope that his attitude holds sway.

Good for BP...

Bravo to Bruce Perens for not being HP's bitch on this one, and standing up for himself.

i agree that the princeton-yale thing was not evil

i agree with the above posts: merely typing in someone's name and data is not hacking. furthermore, this was done with good intentions, not to misuse anything. We should (and i do) support the guy who did it.

Artificial Blender3d Numbers

Just so you know, I just looked at the blender3d fund page and it had this to say:

Paid: 68985
Pending: 15200
Intent: 3470
Total: 87655

So the real value is, in fact, 68985. My employer had "intent" to pay me "pending" money too. Nothing's yours unless it's in the bank. Isn't there a time limit this 100,000 has to be raised by?

You go, Bruce!!

If this is true, and you're really leaving HP on your principles, I greatly admire your conviction. If you run for something, I'll vote for you. Best of luck.

voip blaster

damn, I've had 2 voip blasters sitting around for over a year not being used since i was using NAT. why didn't anyone tell me there was new software for it and a $200 price tag! damnit!

It was a typo, honest!

Princeton admissions dean who used applicant information to hack into a Yale Web site.

It was all a simple typing mistake. He was looking for replicant information, and you know have sneaky they can be -- he need information about their mothers.

Only on /.

'acquire the cake'

Re:VOIP Blaster

the whole point is that the VoIP Blaster doesn't need any of the software it comes with. check out fobbit.com [fobbit.com]: free, open source, Linux, FreeBSD and Windows drivers.

Re:VOIP Blaster

Is it different from other VoIP Blasters, or did you miss this link [fobbit.com]?

I just ordered two, so I'll be sad if they aren't refurbished VoIP Blasters.

I didn't know you hated Nintendo that much

This runs against my prime directive - never to connect to the internet under the influence of Redmond binaries.

I didn't know you hated Nintendo that much. Nintendo's USA headquarters is located in Redmond, WA, not too far from One Microsoft Way. For a while, back in the Windows 3.1 days, they were working together on a legit emulator called (get this) "Wintendo".