Slashback: Cookies, Germans, Art 75
Buried in the fine print is where you will find Jimmy Hoffa and mitigation. Sarcasmo writes "I'm hoping you'll post this story, since it's partly a correction/update of a previous story on Slashdot. While Senator Edwards' bill, S. 197, does come down on spyware in a very good way, it doesn't as the previous article suggested, "require commercial web sites to ask permission from the user before a cookie can be set or personal information collected." To quote the bill itself:
Though I did come across this bill introduced to the house by Representative Green of Texas -- and it seems to come down just as hard on cookie use specifically.""(B) The term does not include a text file, or cookie, placed on a person's computer system by an Internet service provider, interactive computer service, or commercial Internet website to return information to the Internet service provider, interactive computer service, commercial Internet website, or third party if the person subsequently uses the Internet service provider or interactive computer service, or accesses the commercial Internet website."
Oh, baby, I love your photo-realism -- it's so ... real-seeming. After wryly noting that the last few times it's been featured in this forum it's been while he was on a plane, or in the middle of bug-fixing, or while being boiled alive by cannibals, etc, Paul Nolan says of his Photogenics graphics software:
"Well, it was a long hard slog, but it's finally out, the press release is here.
There's a pretty good chance there will be a local power outage today, on the off chance that would increase my chances ;)"
Nicht wahr, nicht wahr. sconeu writes "According to Wired, a German Defense Ministry official has denied the original report in Der Speigel about the Microsoft ban ... Oh well..."
Re:Denial of Reports (Score:1)
Having said that, I wouldn't be surprised at all if there's an obscure but deliberate backdoor elsewhere in Windows, either for the US govt's use or Microsoft's.
Re:Er ... (Score:1)
Sure, commercial software is a Good Thing--if it's also capital-F Free. You're saying it's good because it will "open up the market"? I don't care if Free Software doesn't get even one more user, if they're just going to besmirch it with proprietary crap. They've released a Linux version to look hip and to spare lusers the effort of a petition to get it on their obscure little platform, and not because they give even one half of a shit about the community. I refuse to buy commercial software "out of ethics." They only want $99 for it, which I'd be happy to pay if I could share it and modify it. It might be "profitable" to them because there are plenty of people using Windows and Amiga who aren't uppity like my idealized GNU/Linux user, but fuck 'em and keep them off of my hard drive.
Re:Er ... (Score:1)
But why would you need a backdoor? (Score:1)
Re:Denial of Reports (Score:1)
Yeah, actually before I left I set it up on the production machine at Microsoft headquarters. Don't worry, though: They just compiled a new version of their compiler and replaced the old one, so no problem. No problem, right? riiight?
Re:Denial of Reports (Score:2)
Suddenly there's a flurry of press activity because someone notices that the second key in Microsoft's Crypto API in Windows NT Service Pack 5 is called "NSAKEY" in the code. Ah ha! The NSA can sign crypto suites. They can use this ability to drop a Trojaned crypto suite into your computers. Or so the conspiracy theory goes.
[...snip...]
I see two possibilities. One, that the backup key is just as Microsoft says, a backup key. It's called "NSAKEY" for some dumb reason, and that's that.
Two, that it is actually an NSA key. If the NSA is going to use Microsoft products for classified traffic, they're going to install their own cryptography. They're not going to want to show it to anyone, not even Microsoft. They are going to want to sign their own modules. So the backup key could also be an NSA internal key, so that they could install strong cryptography on Microsoft products for their own internal use.
So there you have it. A single string called NSAKEY, which Microsoft denies has anything to do with the NSA governmental agency, which just happens to be in a cryptography API. One person sees NSAKEY, it gets reported as "The NSA Key," and then your miniscule powers of comprehension turns that into "The NSA has put a key into every copy of Windows!" (Not so, only in Win NT service pack 5)
Who knows what would happen if someone found the string JEW mixed in amongst the code in some DLL. I guess that would be proof that Gates answers to the Elders of Zion.
Photogenics author mainly uses gimp? (Score:3)
Netscape / Mozilla (Score:1)
Mozilla also has cookie management in the GUI, as I recall. Of course, since it's so slow, I find it easier just to edit the cookie file by hand.
Or ... (Score:2)
Wow. What a simple explaination. Who would have guessed that panic and allegations were not needed in this case?
Who are you to speek for the Majority? (Score:1)
Re:Linux Fans Should actually be in favor of this (Score:1)
Re:Photogenics author mainly uses gimp? (Score:1)
--
Re:Er ... (Score:1)
Re:Good cookie management (Score:1)
Gives a whole new meaning to "tossing your cookies", doesn't it?
Oh boy! more filters! (Score:2)
Photogenics looks like my class project (Score:4)
My project attempts to evolve these effects using genetic algorithms, but you could use the code without the genetic algorithm. Project page at http://www.cs.brown.edu/people/morgan/evolver/inde x.html [brown.edu].
-m
Germany, security (Score:4)
I still don't understand why any closed-source products are used in sensitive areas, be it in Germany or elsewhere. To create a somewhat secure environment, good admins are required anyway. They don't need any funky GUIs, so why not pick one of the free Unices?
Re:Apparently Speech and Beer run together (Score:1)
Re:German Microsoft non-ban (Score:2)
Had you read the first article you'd also know that Linux was not considered the alternative, but some OS from a german corporation. Also i don't find it weird that a military organisation can have a consistent policy wich OS to use. They have rules for everything there, to the point at which depth of water you have to start swimming.
German Microsoft non-ban (Score:5)
Okay, read the article first. It includes comments from Andy Mueller-Maguhn, a leader of Berlin's Chaos Computer Club and also Europe's representative on the board of the Internet Corporation for Assigned Names and Numbers (ICANN), about the political sensitivities that might be offended by a German move away from Microsoft for all security-sensitive stuff (in other words, the US Government might be offended by "US Software is Insecure" being bandied about by the German government). The article suggests that the original report may, indeed, be accurate.
Beyond that, why announce to the world that your sensitive systems are or are not running any given OS or group of OSen? I mean, "Our sensitive systems will no longer run NT" (if an accurate statement) lets crackers know that (a) NT-only exploits won't work and (b) if they do, the box is uninteresting. Of course, that is assuming the statement is accurate ("Hey, Hans, how about if we disuguise the DoD C&C codes as marketing data and put zem on one of zose NT servers?" "Ah, excellent, Frans. Zee stupid Americans vill never realize.")
Re:Question (Score:1)
Re:Good cookie management (Score:1)
So, for the record, my post generated:
- One useful suggestion for Netscape
- One useful suggestion for junkbuster
- One useful suggestion for Konqueror
- Two flames accusing me work working/pimping for Opera
- One joke
I was hoping for a bit more, maybe:
- One "all your base" joke
- A classing "hot grits" troll
- A script to block cookies better using PERL
- A flamewar over whether PERL or Python was the right tool for the job.
But I'll take it as is. Always fun!
- Twid
Good cookie management (Score:4)
Opera 5.02 has a great feature called "throw away new cookies on exit". It will accept all cookies, but when you exit it tosses them. So, you set up cookies for all the sites you want them for (like slashdot), exit opera (it only saves cookies on exit), check them using Opera File Explorer (see below), then start it back up and check off the "throw away new cookies on exit" option under File|Preferences|Security.
Now, doubleclick and everyone else can throw all the cookies at you they want, and they will be erased when you exit Opera. But, you also still have your stored cookies for the sites you want. Works great! No other browser can do this as gracefully. Opera 5 seems very cool (although I've only played with it for a couple days...).
Links:
Opera: http://www.opera.com [opera.com]
Opera File Explorer (you will need this to view your cookies and decide which to keep): http://www.westelcom.com/users/jsegur/ [westelcom.com]
- Twid
Re:Good cookie management (Score:2)
_____________
Re:You can do the same thing with junkbuster. (Score:2)
_____________
Re:Germany, security (Score:3)
Good admins working for the US government more often than not quit civil service for higher paying jobs in the private sector. This leaves the not-so-good admins outnumbering the good ones. Combine that with a management that lacks technical knowledge and you have a recipe for disaster.
The agency I work for plans to go all Microsoft NT in fours years. Web servers, mail hubs, clients, everything.
I'm scared.
Linux Fans Should actually be in favor of this (Score:2)
Re:Ban Cookies!? What!? (Score:1)
------
Re:Ban Cookies!? What!? (Score:1)
------
Re:Ban Cookies!? What!? (Score:1)
------
Re:Ban Cookies!? What!? (Score:2)
Ban the them, and 'if you like cookie files, turn them on, damnit.'
If you did that, sites would stop using cookies, even for good uses. Why? Because many people don't know how to turn on cookies, and won't bother if told. If the majority of people have cookies disabled, web sites won't use them. So, essentially, having cookies default to off would pretty much eliminate their use for any purpose. I don't like that idea.
You appear to have ignored my suggestion of simply disallowing cookies from any site other than the one you are visiting. It seems to me that that would prevent anyone from developing any sort of useful profile on you. They would have to actually install tracking software on every site you visit, which is not likely to happen.
And how can you call it paranoia when you know what they're used for?
The question is, do I care? Personally, I don't care if some companies know where I go on the net. Ads tailored for me specifically? Hey, all the better! But then, that's just me, and I am not going to try to convince you to agree with that one.
The law in question looks reasonable, but I would worry about it being interpreted too broadly, and thus causing some innocent sites to be sued by crazed zealots. Next, other innocent sites would downgrade themselves by not using cookies, and soon the feture is gone.
------
Ban Cookies!? What!? (Score:4)
Cookies are used for both good and evil. They are just a tool. When used for good, they can be extremely convenient, like here on Slashdot. However, if users had to give permission for them to be used, I would expect that many internet sites would stop using them altogether rather than go through the hassle. Meanwhile, the evil people would find some other way to track you, like by IP -- lots of people are going static these days.
Personally, I think browsers should either:
That would eliminate the ads.
If you don't like cookies, turn them off, damnit. Don't make the rest of us suffer for your paranoia. Personally, I like it when I go to Amazon and it immediately gives me a list of new, highly-rated graphics programming books.
------
Re:Germany, security (Score:1)
Mine (private sector) plans to go Win2K all the way; the global email informing us of the decision was apparently a cut-&-paste job of MS's press release: "This strategic initiative is aimed at improving the reliability, stability and usability of the computing environment while reducing the desktop 'total cost of ownership.'"
Yep, I can hardly wait. Get that TCO down.
-Legion (waiting for those "Win2K classes" flyers to be distributed for all 100,000 or so employees)
Re:Good cookie management (Score:1)
Re:Good cookie management (Score:1)
You can do the same thing with junkbuster. (Score:1)
cookiefile scookie.ini
Then in your scookie.ini file enter in web sites that you will accept cookies from like so:
www.nytimes.com
www.slashdot.org
www.dialpad.com
slashdot.org
www.altavista.com
hotmail.msn.com
freedrive.com
And you are all hooked up. Those sites can access the cookies, but others never touch your system. Hotmail bitches at you a little because it cant set a doubleclick cookie but it works fine.
contract (Score:1)
Almost as if someone called over to Germany to "remind" them of their "contractual obligations".
Because... (Score:3)
Think of it like this - if you're developing a package that does a lot of internal data manipulation then displays the result, wouldn't you make an effort to separate the internals from the display? If after doing that you determined that the internal code that made up the bulk of your package was pretty much platform-independent would you consider building frontends for multiple platforms? Finally, when deciding on platforms what would you choose? The dominant desktop OS and the up-and-comer seem like reasonable choices to me.
-- fencepost
Er ... (Score:1)
The majority of linux-users at this point refuse to buy commercial software out of ethics, laziness, unwillingness to spend money; until the market opens up to include more of those who would actually purchase commercial software instead of using the excellent free(Free) alternatives available, I don't see this being profitable. Of course, I wish this new graphics suite luck. :p
--
Microsoft and Back Doors (Score:1)
Notice that he didn't say "We don't put backdoors in any products". He just said that we don't leave them there.
From the Wired article: (Score:4)
"If you're using Windows NT in a nuclear missile command-and-control center, yes, you should be concerned." - Andrew Fernandes
Giving the term "Blue Screen of Death" a whole new meaning, eh?
the non-ban on MS stuff (Score:2)
Open Source in the service of national security... *that's* what should be on the line here. Saves development effort, yet ensures that in time of war or other crisis you don't become dependent on someone in another country. I was hoping they were thinking SuSE Linux myself, but oh well...
/Brian
Re:Denial of Reports (Score:2)
(Mind you, the full hack never made it out the door (there was a hacked compiler required to do the job), but parts of it did, and rumor has it that it may actually have been used once or twice...)
/Brian
Re:Overzealous? (Score:2)
/Brian
Photogenics (Score:2)
Re:From the Wired article: (Score:2)
"And of course, Solaris is stable enough to be run in hospitals and operating theatres - where 'Blue Screen of Death' takes on a whole new meaning."
It took a solid minute for the room (about 500 PHBs & techos) to stop gut-laughing.
Speigel?? (Score:1)
Re:German Microsoft non-ban (Score:1)
Perhaps to reassure the public if there is public concern. Perhaps to convince the public that you are taking computer security seriously. Perhaps to send a message to Microsoft that Microsoft's private decision not to fulfill certain requests made by Germany was not a wise one. Who knows?
z
Closed source support? (Score:1)
How many ways do I not love thee [propietary closed source software, protocols, file formats etc.], let me count the ways
Those who do not know history are condemned to repeat the mistakes of the past [supply your own favorite quotable source]. Many (or most) of the people behind the Open Source movement do remember.
Yup (Score:2)
Yup. Darn. Pass my anti-FUD stick that I planned to beat people with when this was over.
Privacy Laws (Score:1)
I would also like to see something related to unauthorized installs / ambigous authorization install of applications (e.g. gohip, mycomet, etc). Those apps suck and even if they were cool, I would want to authorize install on my PC.
American invasion (Score:1)
I think that one of the causes it that many many multinational companies have their origin in the United States and that of course the board of directors are Americans and have American views on "how things should be". You know a buzzword of some years ago was "globalization", I think Europe is victim of "globalized marketing".
As a small example: Halloween... Now, as a kid I didn't know it at all. Pumkins? That's good to make soup. Last autumn however (and slightly less the year before that) the shops displayed pumpkins, skeletons, witches and the like. Halloween parties were all over the place. Luckly we don't have the trick 'n treaters yet. (Actually in my country they do something alike on the 2nd february.)
To me this halloween crap sound exactly like the commercial pushing of Chrismas and Valentine's Day....nothing more nothing less.
I tell you, the day they introduce Thanksgiving around here, I'll be glad to volonteer as the turkey....
Moderators, this has become (Offtopic,-1) moderate as such.
Possibly (Score:1)
Actually I don't even know what day of the year it is. Even worse, as far as I can recall the exact day is different according to the country. I'm a Belgian living in Luxembourg and I can assure you that fathers day is not on the same day in those two countries. I think in Belgium it is on St. Joseph and in Luxembourg it is not (or inversely).
Oh, and if you didn't know, consider Labour Day. It is different according to the country you live...here it is 1st May, while in the US it is not. (Forgot the actual date).
Really, you need some better argumentation to convince me....but then you're an AC, so why do I care (...yes, I'm bored right now, that's probably the cause)
Re:Ban Cookies!? What!? (Score:2)
Photogenics on the Amiga (Score:2)
Re:Er ... (Score:1)
More of them are unix-based than you might think (irix!), and they're almost all migrating to Linux. (Which has saved their collective arses from having to migrate to NT, shell scripts and all.)
A well-done commercial 2D paint program for Linux makes more sense at this stage of the game than, say, Office-like software.
A.
Re:Good cookie management (Score:1)
A.
Moderators, crack. Crack, moderators. Shake hands, please.
Re:Ban Cookies!? What!? (Score:1)
One user goes to CuteFuzzyBunnies.com, while the next goes to GayMidgetKiddiePorn.com
That's an insult to some of my friends. Gay = KiddiePorn??? Come on.
What's complicated about typing: (Score:1)
chmod -w $HOME/.netscape/cookies
Re:German Microsoft non-ban (Score:1)
If Germany was moving away from US software it would not escape the NSA so why pretend?
The idea that any beuracracy would have a consistent and coherent policy on the point is a little weird. Any organization monolithic enough to enforce a choice of a single operating system is not going to choose Linux. I mean lets get real here.
They are going to choose a big monolithic operating system that looks like their organization. Most likely something real stinky like VM/MVS or if it was UNIX it would be one of the real obnoxious military hardened efforts.
What the comments from Andy M-M come down to is 'although the report is denied they can't prove it to be false therefore it MUST BE TRUE.'
Re:Ban Cookies!? What!? (Score:1)
Re:Ban Cookies!? What!? (Score:1)
I ignored the suggestion because, while the bill has it's flaws, that suggestion has more. What's to keep that site from abusing it's use anyway? If you're dealing with a network of sites, they could all access that cookie, and people would continue to be profiled without their permission. In the same way advertisers like doubleclick can track users to any site where they serve ads, that site could track you to any other site on it's network. Once it profiles you, it can sell the information to anyone, and then you have the same situation we're dealing with now. I agree that there are some negative possibilities, but in the end there's a lot of laws that exist despite the fact that it'd be more convenient for some if they didn't. It doesn't change the facts of what's happening.
Cookie regulations (Score:2)
Furthermore, it forbids the web site from selling the user profiles they have gathered unless the the users give permission. It specifically says the rules don't change in a bankruptcy. (You know, the site with a good strong privacy policy that went bankrupt and wanted to auction their customer list.) And, IANAL, but I think the way it's worded, you would have to specifically give them permission (opt-in). Just putting it in the privacy policy link at the side won't do. Good enough?
Re:Closed source support? (Score:1)
I agree completely. AC was saying that for this reason (it's closed/proprietary) he will not buy Photogenics, but rather will wait until they go out of business and then he'll pick it up as "abandonware." My point was that if he didn't like closed/proprietary commercial software why would he want closed/proprietary abandonware? Either way it's still closed/proprietary.
Re:Why is this photogenics thing mentioned? (Score:2)
You self-contradict. Why is abandonware "perfectly fine" if it doesn't come with source code? Abandonware that doesn't come with source code is pretty worthless; at least with commercial closed-source software you have some hope of support.
Patriotic paranoia (Score:1)
"The existence of the network has become a hot issue in Europe, where it has helped engender anti-American sentiment".
Bullshit. No matter how much American media like to sell that impression, the vast majority of Europeans does not have anything against the US at all. And why the hell should they. I'm sorry America. We don't hate you.
Re:Why is this photogenics thing mentioned? (Score:1)
Re:Good cookie management (Score:3)
Also, as if that wasn't good enough, Konqueror has a great GUI cookie manager built-in, allowing you to set the acceptance policy for any site, view all the policies you have, and it even allows you to view every single cookie on your computer - indexed by site and showing the cookie's content and expiration date. You can delete any individual cookie, and see just exactly what site XYZ wants to store in it's cookie.
This, combined with Konqueror's other great features (Full netscape plugin support, standards compatibility, javascript, amazing file manager, address bar searching, SMB browsing, CD ripping, icon image and text previews, terminal emulator, kitchen sink, etc etc) make Konqueror my browser and filemanager of choice.
___________________
Re:Er ... (Score:1)
If noone wants to pay money for it, then in true market-forces style the product won't get used, and the author won't make any money.
The more applications which are available at equal or lower price on Linux than on Windows, the better the platform becomes. However, as the Linux market has become accustomed to so much high quality software (vast range of development tools, gimp, several window managers etc.) for free, it probably frightens off commercial companies from trying to enter the market, as they know it will be hard to get rich quick in such an environment.
I am always prepared to pay what I think software is worth. Most stuff on my Linux boxes at home is worth a fair bit to me, I consider it good fortune that noone actually wants money for it!
It's a dynamic system, 'evolution' will show us where the balance is.
THL
--
Re:From the Wired article: (Score:1)
=========================
Re:Ban Cookies!? What!? (Score:1)
Re:From the Wired article: (Score:2)
Re:Linux Fans Should actually be in favor of this (Score:2)
Re:Patriotic paranoia (Score:1)
Apparently Speech and Beer run together (Score:3)