The Associated Press reports that Dell “has touched off a brutal price-cutting war, it
has eliminated more than 5,000 jobs, and its stock price tumbled 66 percent last year.

So it came as a surprise to founder Michael Dell when he learned that fellow chief executives had
chosen him as Chief Executive magazine’s CEO of the Year. The award will be presented
Thursday night in New York.”

In response the news from Microsoft yesterday that they will not
include Java Virtual Machine (JVM) with Windows XP, Clay Shirky has
written in an open letter to Dell, Compaq, Hewlett-Packard, Gateway,
IBM, Toshiba, SONY, and all original equipment manufacturers of the
Intel-compatible personal computing world: a plea to preserve diversity
in the computing ecosystem by including JVM on every personal computer
manufactured. To see this open letter, and to add your voice to it, go to:
http://www.oreilly.com/news/jvm_0701.html.

It’s posted at LWN.net: “Paul Nasrat has discovered a bug in squid’s httpd_accel mode that
allows users to use squid as a portscanner similar to ftp bounce
scanning because squid does not properly use ACLs in the config file.
Paul conjectures it may be possible to pass data through the squid
proxy to communicate in a meaningful fashion, possibly bypassing
network security settings.”

ZDNet’s Anchor Desk maintains that’s the case. The column blames Sun’s lawsuit against Microsoft as the reason Microsoft is dropping Java support from Windows XP.

Monica Ortiz tells us about this press release: The USENIX Association today confirmed the inclusion of a controversial research paper to its Security Symposium to be held in Washington, DC next month. The paper reveals inherent security risks with the recording industry’s digital music access-control technologies. Dr. Edward Felten, the Princeton University scientist who was a key member of the research team, will also participate in a panel discussion about the paper’s recent legal wrangles.
The paper first came under fire from the recording industry in April 2001, when Felten and other scientists from Princeton and Rice Universities were prevented from presenting the paper at the 4th International Information Hiding Workshop. By June 2001, the research team, USENIX, and the Electronic Frontier Foundation (EFF) jointly asked a federal court for First Amendment protections for the researchers and the paper. Although, RIAA, SDMI, and Verance have since filed motions to dismiss and claim there was never a real threat of litigation, the EFF continues to seek protection for all private defendants and their ability to produce and publish future work based on their research.

The paper, “Reading Between the Lines: Lessons from the SDMI Challenge,” is now scheduled to be presented on the evening of August 15, 2001. Dr. Felten, EFF Legal Director Cindy Cohn, and Peter Jaszi of the American University will be analyzing the paper’s progress through the legal system in a panel discussion immediately following the paper presentation.

Controversial topics are not new to this symposium but an inevitable product when security, cryptology, and computer protection scientists and gurus gather. This conference features some of the leading computer security professionals in the world, including Keynote Speaker Richard M. Smith, CTO of the Privacy Foundation, who will discuss whether the public should trust the security measures of Web-enabled gadgets.

“The USENIX Security Symposium is a venue to meet the people who are at the cutting edge of computer security technology and be a part of a the community working toward solving the security problems we face today and that are coming down the road,” said Dan Wallach, Symposium Program Chair. USENIX Security is about in-depth discussion of advanced topics. The technical track focuses on providing the most current research and inviting the speakers on every security professionals top ten list. This is where people working at the heart of computer security come to meet their peers and discuss their concerns, new solutions to critical issues, and how their work is going to push the industry forward.”

The symposium, now in its 10th year, begins with two days of intensive, highly technical tutorials followed by three days of research presentations and invited speakers by industry luminaries. Speakers include Steven Bellovin, creator of Netnews, AT&T Fellow, and a pioneer in the security space, who chairs presentations on Denial of Service. Matt Blaze, AT&T Labs Researcher, explores the tricky relationship between science and public policy now the computer security and cryptology research and technology have gained national attention. Mudge, VP of Research and Development for @Stake, and his associate Kingpin dissect Palm OS protections against malicious code threats from the hacker’s perspective. And Kevin Fu’s “The Do’s and Don’ts of Client Authentication on the Web” reveals the often humorous ways real Web sites handicap their own security systems.

Along with the Felten paper and panel, the symposium’s evening events offer attendees opportunities to delve into their topics of choice. The ever-popular Birds-of-a-Feather sessions and Works-in-Progress reports provide insight on current trends and openly compare project progress with peers and experts. As with every USENIX conference, it is the lively post-session discussions that occur in the tongue-in-cheek named “Hallway Track” that bring attendees back each year.

“This event really offers every perspective on computing security plus the advantage of hobnobbing with the top people in the field,” said Avi Rubin, a USENIX Director and Symposium Program Committee member. “This is the only symposium that delves deeply into technical issues and incorporates research. Other events scratch the surface and are intended more as professional training. The USENIX Security Symposium pushes the envelope on the state of the art.”

The USENIX Security Symposium takes place August 13 – 17, 2001 at the JW Marriott Hotel in Washington, DC. Detailed tutorial and technical program information can be found online at www.usenix.org/events/sec01. Complimentary press badges are also available by prior arrangement. Contact Monica Ortiz, USENIX Press Liaison, at monica@usenix.org for more information about press badge registration.

10th USENIX Security Symposium
August 13 – 17, 2001
JW Marriott Hotel
Washington, DC USA
www.usenix.org/events/sec01

About the USENIX Association
USENIX is the Advanced Computing Systems Association. For over 25 years, it has been the leading community for engineers, system administrators, scientists, and technician working on the cutting edge of the computing world. USENIX conferences are the essential meeting grounds for the presentation and discussion of technical advances in all aspects of computing systems. For more information about the USENIX Association, visit http://www.usenix.org.

For more information contact:
Monica Ortiz, monica@usenix.org, 415-990-5513

From LWN.net: “zen-parse reported [1][2] that the ‘tcl’ and ‘expect’ programs were
looking for dynamic libraries in unsafe directories.
“expect” searches for dynamic libraries under the world writable
/var/tmp directory. An attacker could place fake libraries in that
directory and thus have expect (and progams using it, as mkpasswd)
execute arbitrary code. A similar problem exists with ‘tcl’. This
program searches for dynamic libraries in directories under the
current directory, which is also an unsafe behaviour.
Conectiva Linux 6.0 is vulnerable to both problems, while the 7.0
version is only affected by the last one.”

The Register follows up on the Empower Technologies Linux PDA distribution that runs on Palm IIIx and IIIxe organizers.

– By John Leyden –
–The Register –

Protestors, angry about the arrest of a Russian programmer who made a speech the shortcomings of encryption methods used by Adobe, have set up a site calling for a boycott of the software firm.The Boycott Adobe site highlights the case of Dmitry Sklyarov, who was arrested by the FBI and charged with distributing software that violates the 1998 Digital Millennium Copyright Act.

Sklyarov, of Russian software firm ElcomSoft, is the author of a $99 program called Advanced eBook Processor, which removes restrictions on reading and printing from encrypted PDF files. He was arrested on Monday after making a presentation entitled “eBook Security: Theory and Practice” at Defcon, the annual hacker’s convention in Las Vegas.

The people behind the Boycott Adobe site, which is backed by the Electronic Frontier Foundation, say that Sklyarov’s only crime was to “point out major security flaws in Adobe PDF and eBook software”.

Adobe has resorted “to criminal prosecution rather than fixing broken security that hurts Adobe’s customers, who have paid good money only to find out their intellectual property is protected by fourth rate security”.

They are calling on people to sell shares in Adobe, to rate protest notes to its and their congressman about the handling of the affair and to defer planned upgrades to Adobe software.

Sklyarov’s case has aroused particular interest because it is one of the first United States criminal prosecutions under the controversial Digital Millennium Copyright Act (DMCA).

The affidavit in the case states that Advanced eBook Processor would allow anyone to read an eBook on any computer without paying the fee to the bookseller. ElcomSoft denies it is involved in facilitating copyright piracy and said its program only increases a purchaser’s control of legitimately purchased eBooks.

The Advanced eBook Processor software may make it easier to infringe copyrights, since eBooks, once translated into open formats like PDF, may be distributed in illegitimate ways. On the other hand the program allows people to print, back up, and store electronic books which when used non-commercially may constitute fair use under US copyright law, and Sklyarov’s defence rests on this point.

Robin Gross, attorney with the Electronic Frontier Foundation (EFF), explained, “The U.S. government for the first time is prosecuting a programmer for building a tool that may be used for many purposes, including those that legitimate purchasers need in order to exercise their fair use rights.”

Behind this academic argument lies Sklyarov himself who is languishing in a foreign jail awaiting trial on a charges which carry a maximum sentence of five years in prison or a fine of up to $500,000.

All Content copyright 2001 The Register

On July 13, Lineo laid off 13 percent of its worldwide staff, or 42 people Full story at LinuxDevices.com.

Posted at LWN.net: “The WorldForge project would like to announce the release of Acorn 0.4.

Acorn is the second in a series of games created as part of the WorldForge
bootstrapping endeavour, aimed at creating an engine for massively
multiplayer online games.”