Anonymous Reader writes, “Web browsers aren’t the only clients that need to talk HTTP. In this technical article at ELJonline, Alan DuBoff explains how you can get information from web servers and even load complete software updates with this tiny, easy-to-use HTTP client library which is suitable for use in embedded Linux-based applications.”

Wirelessnewsfactor.com has an article about email encryption techniques, including PGP. “There are e-mail encryption options, including a software program called PGP (Pretty Good Privacy) that is free to use and distribute. So, in this time of heightened awareness about security and privacy issues, why doesn’t everyone use it?
“

– By Grant Gross –

It’s been a challenging past few weeks for Open Source/Free Software-related issues in the courts. Two cases with implications for Free Software developers and fans have hit roadblocks, and the creator of DeCSS, which allows Linux users to decode and play DVDs, was charged with a crime in Norway.

In mid-January, DeCSS programmer Jon Johansen was charged with violating a Norwegian law originally designed to keep people from accessing others’ phone and bank records.

Later in January, Eric Corley of 2600.com filed an appeal in a ruling that prohibited his site from posting that same DeCSS code. The lower court ruled that posting the code didn’t qualify as free speech.

And just last week, Princeton Professor Edward Felten and his team of researchers decided to drop their case against the music industry and the U.S. government over threats music industry officials made as Felten’s team planned to present its research on an anti-copying technology. Felten had challenged the music industry’s attempts, with threat of prosecution under the U.S. Digital Millennium Copyright Act, to block the team’s research from being presented. What’s ironic is the music industry had challenged the scientific and programming communities to break the Security Digital Music Initiative’s anti-copying technology, but objected to the results being published.

A common thread in each of these cases is the involvement of the Electronic Frontier Foundation. The EFF has a 12-year track record of defending civil liberties related to the Internet and other technology, and the San Francisco organization has often stepped in to help on issues related to Open Source, taking on heavyweights like the U.S. music and movie industries. We asked Robin Gross, the EFF’s intellectual property lawyer, to talk about the impact on Free Software of the Felten case, the DeCSS cases, and the U.S. government’s prosecution of Russian programmer Dmitry Skylarov and now his employer under the DMCA.

NewsForge: What implications does the dropped Felten lawsuit have on scientists and programmers, especially Open Source/Free Software developers, who sometimes
attempt to reverse engineer programs in the name of research, work or simple curiosity?

Robin Gross: There is much uncertainty for these scientists and programmers. Under the language of the DMCA’s anti-circumvention provisions, anyone who makes or provides technology, including software or information, that could help
someone bypass digital locks that control access to copyrighted works would
violate the law. While the DMCA purports to have exemptions to the general
ban on circumvention, they do not reach what most scientists actually do and
don’t allow them to publish their results in any event. So there is a lot
of risk that programmers and researchers will be prosecuted.

NewsForge: What legal advice would you give to an Open Source/Free Software developer who’s attempting to reverse engineer a program, say a popular word
processor, in order to make it more compatible with Linux or one of the BSDs?

Robin Gross: They could be opening themselves up to lawsuits if they bypass controls that regulate access to works or if they write a program that can access or
copy works. They should consult an attorney before doing the work if they
want to be sure.

NewsForge: The EFF recently filed a brief in the Dmitry Sklyarov/Russian eBook case asking the court to declare the DMCA unconstitutional. During the Felten presentation last August I asked EFF legal director Cindy Cohn something like, “Why not throw the whole thing out?” and she said something to the effect of, “We’re not there yet.” Is the EFF now advocating that the whole DMCA be scrapped, or just its anti-circumvention provisions? If it’s the whole thing, why the change in focus?

Robin Gross: EFF believes the DMCA’s anti-circumvention provisions must be declared unconstitutional or else substantially reformed.

NewsForge: 2600 magazine filed for a rehearing in its case in January, and Eric Corley recently promised to keep fighting. What’s the status of the case right now?

Robin Gross: We are waiting for a decision from the 2nd Circuit Court of Appeals — no word yet.

NewsForge: Are there broader implications for news Web sites or personal Web sites that have linked to DeCSS or other potentially prohibited code? Do you think the
motion picture industry would ever come after anyone besides 2660.com?

Robin Gross: Under the court’s decision in the 2600 Magazine case, anyone who links to DeCSS intending to distribute it can be banned by the statute. Any link
can be construed as intent to disseminate the code — since that’s what a
link really is — information that tells you where you can find a particular
piece of information. Other journalists who want to provide links to the
software in question, can be found to violate this law. Its breadth is
extremely expansive.

NewsForge: What legal advice would you give to a Web site that has linked to the DeCSS code? (I know of no such sites, of course.)

Robin Gross: Watch out for the threat letter from the MPAA!

NewsForge: What’s the status of the Jon Johansen case? How is the EFF involved in
that case?

Robin Gross: Jon’s trial has been set for June 3rd and is expected to last six days before a three-judge panel of the Oslo City Court. EFF does not represent Jon, but we
have been advising his attorneys and have started a fund to help him pay
for his legal defense.

NewsForge: Why do you think did the Norwegian government is only now prosecuting Johansen for creating DeCSS in 1999?

Robin Gross: It could be because we had a victory in the California DeCSS case in November that ruled folks had a First Amendment right to publish information that they obtain in the public domain and simply want to republish on their site. Perhaps this is the MPAA’s response — to apply more pressure on Norway to criminally charge him.

NewsForge: Another subject shift: What’s going on with UCITA? Is it dead, other than in
the states that already passed it (I happen to live in one of those), or is it likely to keep on coming back?

Robin Gross: UCITA has been passed in only two states — Virginia and Maryland. Three other states have passed anti-UCITA legislation, so it’s a race throughout the country.

NewsForge: What’s the EFF’s stance/involvement on UCITA?

Robin Gross: EFF opposes UCITA because while it claims to merely apply traditional contract law in a digital environment, it *actually* dramatically expands
the copyright industry’s ability to control how information can be used. In addition to being allowed to disclaim warranties and prevent the public from being able to criticize or reverse engineer works.

The Open Source Security Testing Methodology Manual 2.0 will be released on February 26th at ideahamster.org.

The Open Source Security Testing Methodology Manual (OSSTMM) is unique in that it is the first and most widely available standard in development for the comprehensive security testing of Internet systems and networks. Created by the Ideahamster organisation, the OSSTMM is a continuously evolving document with over 150 collaborators, ensuring that as IT focus changes and new developments in Internet security occur, the OSSTMM remains current and up to date.

Before the OSSTMM, no documents existed which addressed the needs of security professionals by providing an open, publicly available standardised guide for formal Security Testing. We assume that there are other methodologies, but no commercial enterprises have ever made them public knowledge; ultimately, clients end up paying for services that they cannot really evaluate.

There are many companies that offer security testing, whether by automated tool, or by using “real world hacker experience”. Some claim to be compliant with various government sponsored certification schemes, other boast membership to various closed-shop accreditation schemes. Until now, no certification or standard existed that provided clients and end users with assurances that the security testing work they are commissioning is to an acceptable standard.

The OSSTMM changes all of this — offering participants a consistent framework and clearly quantifiable results, thereby affording a level of assurance or the output quality, accuracy and validity of the tests that end users have not yet seen in the Security Industry.

Security Testing thus becomes quantifiable, constant and repeatable, visibly thorough and compliant to a global range of individual and local laws.

From Pete´s announcement mail:
“I have been able to integrate most of the submissions, corrected flow for new procedures, new laws, and new tasks. I have integrated security metrics, risk assessments, and included SECTIONS which will better guide testing. Included is a template of a sample report which contains all the elements which MUST appear in a report to carry an OSSTMM compliancy clause, data collection templates, and a few other OSSTMM standard testing instruments. All of this document will be drill down to the web site in the appropriate places and room to grow. This is a very different manual from 1.5.”

PRNewswire: “Xi Graphics Inc., a manufacturer of
premium graphics drivers for UNIX and Linux, announced the release of an
update for their new Accelerated-X Summit v2.0 line of drivers, which now
includes 3D support for the Solaris operating system running on Intel/AMD
platforms.”

NewsFactor network writes: “Microsoft on Monday made available a software patch designed to block a set of six different security vulnerabilities in the Windows version of its flagship Internet Explorer (IE) Web browser. On its Web site, Microsoft stated that the cumulative update will eliminate “all known security vulnerabilities affecting Internet Explorer 6, as well as six new vulnerabilities, the most serious of which could allow an attacker to run code on your computer.””

Jah Shaka writes: “We are pleased to announce that we will be using OpenML for all video processing and i/o in the upcoming 1.9 alpha release of Jahshaka. After months researching video libraries, combined with valuable feedback from our alpha-testers, we realized that it would be a nightmare to support multiple OS’s any other way. OpenML’s high level of integration with OpenGL allows us to now maintain our goals of realtime interactivity while supporting multiple platforms seamlessly. Check out the Khronos website for more details at khronos.com.

NewsFactor Network writes: “The number and variety of computer worms, security vulnerabilities and attacks on the Internet continue to grow, often leaving more dangerous, targeted hack attacks that go beyond random worm infections and hacker scans overlooked, according to some experts. These targeted attacks, which typically involve a savvy perpetrator who knows where to go and what to get, can be much more dangerous than the run-of-the-mill viruses and vulnerabilities lurking on the Web. Experts say less attention is paid to targeted attacks because they affect fewer victims, but that may be changing as mass-mailing worm launches and vulnerability scans become more refined.”

From a thread on the Free Software Business mailing list, VA Software CEO Larry Augustin shares his understanding of the relationship between Free Software and Open Source, in the following brief post. (VA Software is the corporate parent of NewsForge.)”I have not been able to discern any difference between Open Source and
Free Software with regards to the end result: source code being “free”
in the sense that the FSF defines “free”. Both communities seem to have
the same goal.

“However, the Open Source community seems to believe two things which RMS
and the Free Software community do not seem to believe:

1. The word “free” is detrimental to achieving the goal because
most people seeing it applied in the context of software think “zero
cost”, not “freedom.” By using a different term, it may be easier to
achieve the end goal.

2. There may be reasons for supporting Free Software other than
a moral belief that all software should be free. The Open Source
community is willing to be flexible in the rationale behind Free
Software and is accepting of pro Free Software arguments based on
economic or other rationale. RMS and the Free Software community do not
seem to allow for these other arguments. Again, by allowing for a
different rationale, it may be easier to achieve the end goal.

“I believe that RMS and the FSF have slowed the acceptance of Free
Software by their unwillingness to compromise on these two points. I
believe that adopting the terminology and arguments presented by the OSI
would accelerate the acceptance of Free Software.”

Larry

Advogato: “Jonas Oberg announced the launch of GNU-Friends, a news site for friends of the GNU Project based on the Kuro5hin Scoop-backend. GNU-Friends is intended to provide news from and by the Free Software community, especially such news that does not generally make it to onto other news channels.”