All Sourceforge.net Being Blocked by SmartFilter

An unnamed reader writes: "I just noticed that all sites. '*.sourceforge.net' are being blocked by all corporations using SmartFilter including mine. SmartFilter lists all of them as 'MP3' sites. Below is the error I get. How come they do not block Microsoft? I can download an MP3 player from there, too (Media Player does play MP3s)." Here's the error: "Access is restricted to the site (http://www.sourceforge.net/) you requested. Per the firm's Information Security & Privacy Policy, all Internet browsing is monitored and logged. Please contact the Information Security Center at ext 7114 for more information. SmartFilter Control List category MP3 Sites is restricted. " The aptly named SmartFilterWhere tool shows which sites are painted over by SmartFilter's broad brush; in this case, software development site (and Slashdot sister site) SourceForge is blocked by the latest SmartFilter versions -- 3.0, 3.0.1 and 3.1 -- but not version 2. You might also be interested in The Censorware Project's analysis of the efficacy of SmartFilter as applied to Utah schools and libraries, or Peacefire's explanation of how and how well SmartFilter works.

Kind way of asking them to be unblocked...

[sporty]

Hit their search page,

http://www.securecomputing.com/cgi-bin/filter_wh er eV301.cgi

and search for sourceforge.net. In the results, you can suggest a recomended they be removed from the list.

2600.com

[Copperhead]

SmartFilter used to list 2600 [2600.com] as "criminal skills". Now, they list is as a political/religious site.

Go here [securecomputing.com] and enter the sourceforge URL. On the right, "Suggest a Change" and tell them that it should not be on their list. Make your voice heard!

They've always blocked stuff unfairly...

[User 956]

Seth Finkelstein [sethf.com] has written some software to decrypt the software's blacklist of forbidden sites, and has analyzed what he found. The list of blocked newsgroups is fascinating: sci.archaeology as occult, and comp.org.eff.talk as criminal, for example. He's found "extreme or obscene" sites like hotrails.com [hotrails.com] ("extreme sports" rollerblading on "naked metal"), gcsextreme.com [gcsextreme.com] (custom-built computers for the "extreme gamer," unfortunately at a domain name with both "sex" and "extreme" in it) and extreme-offroad.com [extreme-offroad.com] (same deal). Their music-critic skills need work too, as they block InsaneClownPosse.com [insaneclownposse.com], Tupac.com [tupac.com], Marilyn Manson [marilynmanson.com], and even Chumbawamba's Web site [chumba.com]. Every one of these and many more are blocked as "Extreme," which puts them in the same category as photos of mutilated dead bodies, bizarre hard-core pornography and child pornography.

His discussion of the legal risks of decrypting these blacklists is fascinating too, and (as he likes to say) "a topic in itself." He would like to open up the source to his SmartFilter-decryption tool but feels the legal risk is too high. How sad is that?

Here's Secure Computing's definition of the "extreme" category [securecomputing.com], and the examples they give ("Pixman's Vault of Porn Pix", "Bizarre & Maximum Perversion").

You can confirm Seth's findings using Secure Computing's own SmartFilterWhere [securecomputing.com].
It asks for your name and phone number; you have my permission to make some up. As of December 7, at 9:45 PM EST, that CGI operates with a Control List updated on December 5 and confirms all of Seth's results that I tried. By the time you read this, they may have quickly fixed all the errors he published, loaded in an up-to-the-minute Control List, and proudly announced that their software is now perfect.

Not Blocked Here

[yelligsc]

Maybe my company is just slow to get updates... But we have smartfilter here at work and for now I have no problem hitting sourceforge.

Anyone know why this might be?

Scott.

Re:bullshit

[Anonymous Coward]

Sure. Your company probably doesn't block mp3 sites. And those who do, block sourceforge.

Gasp!

[Dalcius]

1) Make sure people are doing their jobs. You can tell this by looking at whether or not they produce what is required in the time they have to produce it.

Unfortunately, it *seems* all too common to *me* that supervisors don't know jack about the people working under them. The novel idea of making a programmer a manager of the programming department seems to escape some people.

*sigh*

Note my sig...

REQUEST REMOVAL!!

[Jucius Maximus]

Go to the smartfilterwhere [securecomputing.com] filter checker site and request that they remove it through the automated form:

1. Go to the URL and enter "http://www.sourceforge.net" into the 'URL 1' field. Hit 'check URL'

2. The next page should say "http://www.sourceforge.net MP3" if it is still listed.

3. On the dropbox on the right, select 'remove from list' and hit 'send request'

Re:bullshit

[FreeLinux]

It is certainly on the list. The fact that your company doesn't choose to restrict that category or uses an older version of the software doesn't mean that it isn't on the list.

As an after thought, your company may have that category set to log. In which case you will likely get a visit from management wanting to discuss your mp3 habits during work hours.

libel

[www.sorehands.com]

To be libel you must:

• Make false statements of fact (or opinions that imply false statements of fact).
• Make those statements with negligence, recklessness, or with malice as to the truthfulness of the statements. Negligence does not apply to public figures.
• The statements must be published to a 3rd party.
• There must be damages. Damages are implied if criminal acts are stated.

I have detailed the requirements for libel (under Mass. law) in a motion for summary judgment. [sorehands.com]

Re:Not Blocked Here

[silversurf]

Almost all of these filters work off of a rule base, just like a firewall, where rule 1 is executed first on down. Plus most filters have catagories which group URL's by, well, catagory. When you set up the rule base you choose which catagories to block, who is going to get blocked (all, certain workstations (ip's) or users (if you have user monitoring that tracks who's logged in where).

So you're company may or may not block MP3 sites, or as you say, the db could be out of date. These filters are pretty flexible rule-wise, and so depending on how it's configured, it could be really stringent or not. Maybe they are just logging activity rather than blocking (??), that's possible too.

-s

Re:Question?

[PMadavi]

Well, I work in IT, so I know first hand how damn frustrating it can be when you're trying help somebody with their PC, and they've got so much crap on there you can barely turn the thing on. Realplayer, AOL messenger, MSn and Yahoo Messengers (which don't go through defined ports anymore, they seek out any open port and use it), RealOne, blah, on and on with their Bonzai Buddies and all kinds of shit. It's just not good for the computers. At least most people have nwerwer PC's with w2k (thank god). But you'll run into the occasional 98 box with all that crap. Ech. My point being as follows: People who put crap on their PC's at work definitely eat up time and resources. All those programs tend to do a number on the fluidity of a windows machine, and cost the company. Technically, people shouldn't be downloading music and IMing during office hours, but c'mon, everybody goofs off at work. It's the American Way. HOWEVER, I do not believe that blocking these nuisance sites is the answer. I'd rather see IT departments show a little soul, and try to explain to people (install the notions into their heads) that putting crap on your work PC is bad, bad for you, bad for the company, and just a waste of everyone's time: "Important documents can crash and go bye-bye forever because of Bonzai Buddy. Take the knife that is your mouse pointer and plunge it into that awful little monkey's heart." Or some-such. Either that or they can send me around like the Gestapo to everyone's PC. I'd rather not do that. The point is: We can be responsible workers, and non of the B.S. would be necessary.

Entire site down.

[muon1183]

Well, the /.ing is complete. We have knocked their entire site offline (not just the cgi server handling removal requests). I hope their software isn't dependent on being able to contact their site, otherwise they're going to have quite a problem. Hooray for the /. effect, it ought to get their attention.

.sig, what's that?

Company selected blocks, not SCTC/SmartFilter

[Anonymous Coward]

Ok, for you dumbasses, morons, and zealots that haven't figured it out YET (and yes, that includes that moron timothy, because he apparently doesn't read the response comments after he posts his inane drivel) despite this same story being posted the third time:

a) Secure Computing/SmartFilter provide some pre-made lists. They do not enforce the lists. The administrators at your company turn on/off the list of blocked sites.

b) Some of you may think that Seth Finkelstein is cool for partially decrypting some of the lists of blacklisted sites. While what he has done is an interesting exercise and points out some miscategorizations, think about this: This product monitors activity to the entirety of the internet. Do you think that Secure Computing has some monkey locked into a cage with a terminal and a T3 looking at each and every site possible and categorizing it? I think not - it's more likely they have automated dig/search/crawl software that recognizes keywords and automatically classifies sites. Hmm, perhaps that's why they even have the URL feedback form? Yes, that is way too logical for the zealot to understand.

Dorks. Despite what the article and some of you morons imply, it's not Secure Computing that is the cause of your angst - go hunt down your local firewall admin if you are peeved about being blocked at work.

Re:2600.com

[ivan_13013]

Geez, only one person needs to submit the link to ensure that it will be reviewed again. 1000 people doing so isn't going to do much except flood the submission system with duplicates (which will probably be dequeued before they are seen by the reviewers, anyhow).

Listing SourceForge.net in the "MP3" category was almost certainly an accident. Secure Computing/Smartfilter has been very quick to resolve such issues in the past, typically providing automatic updates within a week or less.

Finally, if you want 100 percent accurate filtering software, you might as well give up right now. The nice thing about SmartFilter, if there is anything nice about any of these products, is that the links are reviewed and categorized by humans -- who are good, and trained, but not completely infallible. While processing thousands of sites, someone might hit the wrong button now and then. It's not a conspiracy, folks.

System admins who are frustrated by requests to un-block the site should simply add it to their local exemption file, at least until they recieve the next update to the control list.

-=Ivan

(disclosure: I used to work there a long time ago. There's no confidential information in this post. This message doesn't represent their official views or policies or anything. All facts stated in this message are potentially subtly incorrect.)

How *I* use SmartFilter with their 'coach' mode.

[Nonesuch]

There is one very interesting feature of SmartFilter that I find redeems many of the flaws in this particular "censorware".

SmartFilter offers four possible results for each category when a user attempts to visit a site on the filter list:

1. Permit. Access is allowed, but logged by user-IP, URL, and category (if any)
2. Deny. Block access, return a HTML page explaining what was blocked, and why. Same logging.
3. Delay.. Access is permitted, but page returns after a delay (default 30 seconds). Same logging.
   

   Here is the interesting one:
   

4. Coach.. Access is blocked, but permit the user to 'click through' to the actual page. Either way, log access.

With the 'Coach' option, nobody is actually blocked from accessing any web site. However, for each new access to any 'questionable' site (based on categories from the SmartFilter database), the user is presented with warning page, and the opportunity to choose to continue, with the knowledge that their actions are logged and may be reviewed.

The default HTML pages that SmartFilter ships with are rather boring. I've made a few changes to the 'Coach' page HTML to make it very clear what is going on -- bright icons and background, big WARNING banner at the top, and the text of our official "Internet Access Policy" (just in case the user somehow missed it when they signed their employment paperwork).

I'm hoping that 'coaching' will cut down on web access abuse and wasted time, while still allowing people to get to sites that they really need to access for their job, without getting people fired.

And best of all, the warning page breaks the never-ending cycle launched by those damn porn-site popup ads!

Re:Kind way of asking them to be unblocked...

[tijsvd]

Better even: they don't check POST/GET, so:

use this link to request sourceforge removal directly [securecomputing.com]

and

use this to list microsoft.com as hate speech site [securecomputing.com]

Marilyn's extremity

[commodoresloat]

If I was a parent I'd be thanking Zeus that they blocked that freak's site.

Marilyn is no more extreme than Alice Cooper or Lou Reed or freakin' David Bowie. Sure, he looks pretty crazy, but no crazier than the dude that works in the local video store (and he's spent a lot more on his wardrobe). I'm no fan of his music, but reading interviews with him he is hardly "freakish" or "extreme"; he votes Republican; his views are not that far out of the mainstream, and after his music was blamed for Columbine he wrote one of the most intelligent responses [rollingstone.com] to the tragedy that I came across in the media that spring (including on slashdot; my apologies JonKatz). The only reason he's so controversial is that he's intentionally giving the finger to the religious right, which is most likely his family background. So he takes a lot of his symbolism from Christianity and performs in a manner that is provocative and mocking. Of course it pisses those people off, it's meant to, but it's hardly a threat to your children unless you want to keep them closed-minded. (It's definitely not a threat to your children if you believe in Zeus, as the parent post implies!)

You got to admire how clever he is too (though admittedly he's picking on an easy target); in response to many of the criticisms of his treatment of Christianity he promised in this interview [beliefnet.com] to "balance my songs with a wholesome Bible reading" so fans can "examine the virtues of wonderful 'Christian' stories of disease, murder, adultery, suicide, and child sacrifice. Now that seems like 'entertainment' to me."

I noticed sf.net isn't blocked

[Nailer]

Thanks for the URL. As I was voting, I notice sf.net isn't blocked. OSS Developers can use sf.net in place of sourceforge while we all vote.

Re:Gasp!

[Prior Restraint]

Unfortunately, it *seems* all too common to *me* that supervisors don't know jack about the people working under them.

Tell me about it. I was hired under manager A, working for tech lead B. Manager A was discovered to have 30 people reporting to him, when the corp. average for his level is < 10. To correct this, tech lead B is promoted to manager, and I (among others) am transferred so as to report to him.

However, office politics being what they are, I am told to finish working on manager A's project (can't miss that deadline, can we?). Once that's done, I'm then told to work on manager A's next project, because it's essentially an upgrade to the last project, and I already know the system. Lather; rinse; repeat.

Fast-forward one year, and I don't even know what manager B works on anymore. I only talk to him when I need to ask for vacation time, which I do moreso out of politeness than anything else. My performance evaluation was almost comical; he basically told me what manager A had said about me (and quite frankly, manager A doesn't know anything about me except that I seem to meet deadlines more often than not).