The Digital Millennium Copyright Act, passed in 1998 at the behest of the music and movie industries, has done little to benefit anyone except a select group of companies who have used its provisions to establish, maintain and expand a virtual stranglehold on the entertainment industry. The cartel which has arisen after this act does not benefit consumers at all; rather, it gouges them for as much money as they can possibly suck out, corrupts modern technology, and sets back the state of the art.

The remainder of this message is encrypted using an algorithm which provides virtually no security, but which (if I were so inclined) would open you up to lawsuits if you decrypted it without my permission.

Va 2001, gur pnegry vagebqhprq UQPC, be Uvtu-onaqjvqgu Qvtvgny Pbagrag Cebgrpgvba, n frphevgl zrnfher vagraqrq gb cebgrpg qvtvgny pbagrag nf vg’f genafzvggrq orgjrra UQ-pncnoyr qvtvgny qrivprf, fhpu nf arjre UQGI naq UQ-QIQ be Oyh-Enl cynlref. Gur ceboyrz vf gung vg vfa’g irel frpher ng nyy, naq va snpg vf snveyl rnfl gb oernx. Va snpg, vg jnfa’g vagraqrq nf erny frphevgl va gur svefg cynpr; vg jnf qrfvtarq gb nyybj gur zhfvp naq zbivr vaqhfgevrf gb svyr zber ynjfhvgf.

Rq Srygra bs Serrqbz gb Gvaxre unf na rkpryyrag sbhe-cneg frevrf cbfgrq guvf jrrx nobhg UQPC. (1, 2, 3, 4)

Gur synjf va UQPC frphevgl jrer npghnyyl qrfvtarq va gb gur flfgrz sebz gur fgneg. Gung’f evtug, Ubyyljbbq jnagrq gur flfgrz gb or vafrpher. Gurl jrer arire vagrerfgrq va cebivqvat erny cebgrpgvba sbe qvtvgny pbagrag, ohg vafgrnq gb cebgrpg gurve pnegry.

Haqre gur flfgrz nf qrfvtarq, nalobql jub jnagf gb ohvyq n gryrivfvba frg, QIQ cynlre, be nalguvat ryfr gung qbrf cerggl zhpu nalguvat jvgu qvtvgny ivqrb unf gb trg n yvprafr sbe UQPC. Vs gurl ohvyq na hayvprafrq qrivpr, gurl pna or fhrq haqre gur QZPN.

Gur boivbhf vzcyvpngvba bs guvf vf gung pbafhzre pubvpr vf yvzvgrq. Grpuabybtl juvpu jbhyq bgurejvfr rkvfg vf arire qrirybcrq orpnhfr bs gur yvprafvat erdhverq. Srjre cebqhpgf pbzr gb znexrg, naq gubfr gung qb pbzr gb znexrg ner zber rkcrafvir. UQPC nqqf nf zhpu nf $100 gb gur pbfg bs rnpu UQGI frg, sbe vafgnapr. Yrff vaabingvba gnxrf cynpr. Rira Zvpebfbsg zhfg obj, xvff gur evat, naq cnl hc, vs gurl jnag gb pbagvahr gb vapyhqr QIQ cynlonpx pncnovyvgl va Jvaqbjf.

Va gur zrnagvzr, UQPC vf rkcrpgrq gb or oebxra jvguva gur arkg lrne be gjb. Nyy gung’f arrqrq ner 40 qrivprf jvgu UQPC ohvyg va gb gurz naq n yvggyr ovg bs gvzr. Bapr gung unccraf, rirel UQPC rdhvccrq qrivpr vf creznaragyl pbzcebzvfrq. Fbzr frphevgl.

Ivn Ryrpgebavp Sebagvre Sbhaqngvba.

P.S. If you’re successful in decrypting the message, post the plaintext below.

I want to take a moment to give a warm welcome to our newest readers, the Open Source Center of the Central Intelligence Agency. Welcome to Homeland Stupidity!

Actually, they aren’t the newest readers; they’ve been around reading here for several months now. But now I can finally tell you who they are, what they do and why they’re reading this site.

The OSC is responsible for gathering intelligence from the Internet, newspapers, magazines, and other unclassified sources of information worldwide. Its analyses are disseminated to intelligence customers ranging all the way from the President to local police departments.

Among other sources, the OSC is aggressively reading and monitoring weblogs. So now, the things you and I say online could ultimately wind up in the Oval Office and influence Presidential decision making.

Well, ideally. In practice, the White House is almost never going to read your individual posts for themselves (though it could happen; it’s happened here before). What generally happens in practice is an intelligence analyst at the OSC will read several sources of information on a given topic, write a report, and that report will be shared with the appropriate government agencies. It may even be shared with the White House in the President’s daily intelligence briefing.

Eliot A. Jardines, assistant deputy director of national intelligence for open source, said the amount of unclassified intelligence reaching Mr. Bush and senior policy-makers has increased as a result of the center’s creation in November.

“We’re certainly scoring a number of wins with our ultimate customer,” said Mr. Jardines, who became the first high-level official in charge of the government’s nonsecret intelligence in December.

“I can’t get into detail of what, but I’ll just say the amount of open source reporting that goes into the president’s daily brief has gone up rather significantly,” Mr. Jardines said. “There has been a real interest at the highest levels of our government, and we’ve been able to consistently deliver products that are on par with the rest of the intelligence community.”

[OSC Director Douglas J.] Naquin said recent OSC successes have included the discovery of a technology advance in a foreign country. Also, most data on avian flu outbreaks come from open sources, he said.

“Have we got coups out of it? Close to it,” Mr. Naquin said. “But certainly we’ve had more insight than we’ve ever had before.” — Washington Times

Unfortunately, I’m fresh out of insights today, but hopefully I’ll get some in tomorrow’s shipment.

Thanks to Matt Parker for the news tip.

These updates to stories previously covered at Homeland Stupidity focus exclusively on election and voting issues, a major issue with the 2004 elections still in doubt and the 2006 elections fast approaching.

• The Federal Election Commission really didn’t want to regulate political campaign speech on the Internet, but the courts forced them to. So they did as little as possible, regulating only paid advertisements on Web sites. This will likely kill the Online Freedom of Speech Act.
• If you’re in Washington this Thursday or Friday, consider lobbying Congress to pass H.R. 550, which would require voter-verified paper records among other voting reforms. The lobbying, sponsored by the Electronic Frontier Foundation, follows a similar effort last summer.
• Burlington, Vermont, has figured out how to run free election software on old Diebold equipment. While the software is only free as in beer right now, the company plans to fully open source it and make a Linux version.
• And finally, Ohio secretary of state Ken Blackwell, who was proud to have delivered the 2004 election to Bush and mandated that the state use Diebold equipment in 2006, actually owns Diebold stock. Way back when, I was among the first to break the story of his gubernatorial bid.

Government bureaucrats are the same everywhere. That is, they’re stupid. And today’s stupid bureaucrat is Jerry Taylor, city manager for Tuttle, Oklahoma.

Last Wednesday afternoon, Taylor noticed that the city’s web site was not accessible anymore. Instead of the web site, it was displaying the CentOS Test Page, the page shown after the CentOS Linux operating system is installed, but before a web site has been set up.

But instead of contacting the city’s Web hosting company, Taylor contacted CentOS directly.

CentOS is an all-volunteer effort to create, distribute and maintain an enterprise-grade distribution of Linux. Its product bears a very close resemblance to Red Hat Enterprise Linux, but does not include technical support or the hefty price tag.

So Taylor’s first message was something of a surprise: “Who gave you permission to invade my website and block me and anyone else from accessing it??? Please remove your software immediately before I report it to government officials!! I am the City Manager of Tuttle, Oklahoma.”

CentOS developer Johnny Hughes jumped in and tried to help Taylor sort out the problem, but as can be seen from the email exchange, Taylor was hostile and uncooperative. He even threatened to call the Federal Bureau of Investigation! Fat lot of good that would have done.

A full day later, Taylor finally gave up the Web site address having the problem, and Hughes was able to locate the hosting provider who had caused the problem. It turns out that they had reinstalled the operating system after a hardware failure.

But, and this is where it gets really stupid, Taylor wasn’t at all grateful that anyone at CentOS had helped him track down the problem. Instead, he blamed them for the problem, when they had nothing to do with it. “I am sorry that we had to go through the process and accusations to get the problem resolved. It could have been resolved a lot quicker if the initial correspondence with you provided the helpful information that was transmitted in the last messages.”

Sure it would have. But it’s your fault, Jerry Taylor, for not cooperating in the first place.

The Register notes that Taylor was probably having a bad day because another city website had been hacked recently, and as of today, still hasn’t been repaired.

Disclaimer: Homeland Stupidity uses the CentOS Linux operating system for its Web server, e-mail server and telecommunications equipment.

Was the 2004 presidential election stolen? Well, as it turns out, it’s easier to rig an election than to rig a Las Vegas slot machine.

University of Pennsylvania visiting professor Steve Freeman compares slot machines to ballot boxes in his new book, Was the 2004 Presidential Election Stolen? Exit Polls, Election Fraud, and the Official Count, due out this summer.

TheWashington Post mentioned Thursday that Freeman gave a presentation of data from his book in October at the Philadephia chapter of the American Statistical Association. Among the problems he found in elections, none of which come as a surprise to my long time readers, were:

• Election software is kept secret, while gambling software is required to be kept on file with the state.
• State inspectors spot check gambling machines to ensure their software and computer chips haven’t been tampered with. Nobody knows what software or chips are in election machines, or whether they’re the right ones, and the vendors don’t care.
• Software programmers for gambling software must undergo background checks, while programmers for election software could be anybody, even convicted felons.
• Gambling equipment is tested and certified by disinterested third parties, while election equipment is tested and certified by companies in bed with the election equipment vendors.
• And finally, if someone thinks a Las Vegas slot machine cheated them, there’s a 24 hour hotline they can call and someone will be out to check that machine. If you think the ballot box cheated you, there’s nothing you can do.

Again, none of these were very surprising if you’ve been following the fallout from the 2004 election closely. But if you haven’t, prepare to be shocked. And by the way, there’s a lot more money to be made rigging an election than by rigging a slot machine.

Last week President George W. Bush toured the National Security Agency to offer his support to NSA employees. A photo accompanying a Washington Post article about the visit showed some sort of global threat display in the background, and Boing Boing, among others, have been going crazy over the fact that this photo contains completely unclassified information that anybody can display right on their own computers. Today I’m going to tell you what that display was, where the information came from, why people are overreacting, and what NSA is really doing.

First off, the display in the background of that photo is the Talisker Computer Defence Operational Picture, which you too can display right on your own computer. It displays the latest computer security news, vulnerabilities, virus information, links to security tool versions, and a graph of network port scan activity. It’s a pretty useful tool if you’re monitoring threats on the Internet.

Which NSA does indeed do every day, but I’ll get into that later.

The reason that that’s on display in the first place is not because the President showed up, but because he had the press with him. NSA, like other government agencies which deal with classified information, must “sanitize,” or remove all classified information from, any area in which people not cleared to see it will visit. In this case, that means the press. So, regardless of what’s on that particular display on any given day, it’s either going to have to be blank, or show unclassified information, when the press — or anybody without a security clearance — shows up. This only makes sense.

Now, one thing a lot of people don’t know is that NSA does indeed monitor computer and Internet security threats. It does so through its National Computer Security Center, right on site at Fort Meade, which largely works with unclassified information. NCSC is also responsible for evaluating computer technology for use by the Department of Defense and other government agencies for its ability to securely process classified information. They’re also responsible for the rainbow books.

So what’s the big deal?

UPDATE: Want an account with wordpress.com? Just start up Flock, click on “blog” on the start page, then click WordPress. You’ll get the special Flock users only signup page.

Just moments ago I got an email from Flock advising that a Developer Preview was available. So I decided to try it out. It’s most definitely changed quite a bit from version 0.1, the last version I reviewed.

And this time, I took a few screenshots.

I started up Flock, and it looks a whole lot like a certain Mozilla product. But a little deeper in, I found the blogging tool, which I’m using to compose this post.

Very nice. I just dragged a couple of pictures from Flickr into the post, and there they are.

Unfortunately, when I clicked Save Draft, it did indeed save the draft, and then I couldn’t figure out how to get it back again, to continue editing. Oh well, back to WordPress.

You can click the screenshots and see them full-size at Flickr.

Flock also allows you to share your del.icio.us bookmarks with other users, and has a couple of interesting features which will get a lot more interesting, once more people are using it. Flock uses del.icio.us as a backend to keep your “Favorites” in sync across computers, and if you make them public, your Favorites may appear in other users’ Flock menus.

Oh yes, it’s shaped up quite a bit, but still has a ways to go. For instance, I found a needless <br/> at the end of every paragraph that Flock wrote in this post, which I had to remove. I finally figured out how to edit a draft post, but Flock didn’t pick up on the fact that I’d edited it later in WordPress.

Overall I’m fairly impressed. Flock is making progress, and looks like it will be an incredibly useful piece of software.

I found one important bug you should be aware of: If you are in the Western Hemisphere, your blog post will not appear after you publish it in Flock. To work around this, edit the post in WordPress, check the “Edit timestamp” box, and click Save. Your post will then appear.

Oh, and if you do find a bug, drop a note to feedback@flock.com.

It’s been a while since I’ve done one of these, mainly because of the blasted weather. So, here’s another short collection of bits of government gone awry.

• Wal-Mart called the police, who called the Secret Service on a high school student doing a class project on the Bill of Rights. The problem? He took an unflattering photo of George W. Bush.
• FEMA, after telling the Phoenix Fire Department’s urban search and rescue team to bring U.S. marshals with them into New Orleans, threw them out after they did just that.
• A man was indicted in San Francisco for writing key logger software. The indictment potentially threatens all software writers.

Are we having fun yet?

In an obscure policy decision published last Friday, the FCC decided that the FBI would have veto power over what software Americans can run on their computers.

The Federal Communications Commission thinks you have the right to use software on your computer only if the FBI approves.

No, really. In an obscure “policy” document (PDF) released around 9 p.m. ET last Friday, the FCC announced this remarkable decision.

According to the three-page document, to preserve the openness that characterizes today’s Internet, “consumers are entitled to run applications and use services of their choice, subject to the needs of law enforcement.” Read the last seven words again. — VoIP Blog

This is truly dangerous territory we’re getting into here. This sort of ruling could, for instance, cripple open source software, which isn’t likely to contain the sort of accommodations that American law enforcement agencies will ask for.

In particular, the FCC wants VoIP computer software to contain backdoors so that the FBI or other agencies can listen in to your phone calls whenever they want. That’s today. Who’s to say what they will ask for tomorrow?

Declan McCullagh continues: “But where federal law states that it is the policy of the United States to preserve a free market for Internet services ‘unfettered by federal or state regulation,’ the bureaucrats have adroitly interpreted that to mean precisely the opposite of [what] Congress said. Ain’t that clever?”

That’s what federal bureaucrats do: grab power. It’s about time we got the FCC out of the Internet.

Software Australia Buy software online in Australia

Are you a Google AdSense publisher? Do you worry about accidentally clicking on your own ads and being thrown out of the program? I have a solution for you.

Today I’ve released a Greasemonkey script for Firefox which prevents you from clicking on your own Google AdSense ads. The script prevents clicks on both ad units and link units. You can still click on others’ AdSense ads, however.

The script requires that you be running Firefox as well as the Greasemonkey extension. Note that it has only been tested with Greasemonkey 0.5 and I cannot guarantee that it will work on previous versions. If not, the script will warn you that your version of Greasemonkey is too old, and will not prevent any clicks.

Shortly after you install it, it will ask you to enter your AdSense publisher ID. This is the pub-**************** number from your AdSense code and is used to determine which ads to prevent accidental clicks from.

Once you have Firefox and Greasemonkey, download the script.

Forbes magazine has named WordPress Best of the Web in its Blog Tools category, saying that version 1.5 puts it squarely ahead of Movable Type.

Forbes was impressed with the wide variety of plugins and themes available, but reserved special praise for the WordPress community. “If you have a question, either check the documentation wiki (to which anyone can contribute) or ask at the support message board. We had an obscure question answered within an hour.”

Read more: Forbes Best of the Web: WordPress

Received via Piece of Shep

The debate rages over whether Windows and proprietary applications or Linux and open source applications are more secure, but is it the right question to ask?

Hardly a day goes by that Microsoft doesn’t announce another security patch for Windows or its associated components, or some other package. But hardly a day goes by that security patches don’t come out for Linux or applications that run on Linux, either.

Counting the number of patches that come out will not give you a complete picture.

So some people look at how early the patches come out. With Microsoft, patches are generally released long after the vulnerability is discovered, and long after viruses and hackers are already taking advantage of it. With Linux and open source, patches are generally released very quickly, and normally before anyone has had the chance to exploit them.

It would seem that the open source development process is more responsive to security vulnerabilities such as this, but there’s still something missing.

People use these computers. And users cause the vast majority of actual security incidents, by choosing poor passwords, giving their passwords out to anyone who asks, installing (usually pirated) software of unknown provenance, buying from spam, and generally being ignorant about security.

If you’re ignorant about security, visit our friends over at Security Awareness for Ma, Pa and the Corporate Clueless who brought you this article today. And stay tuned here; more security articles are planned.

Notice: The plugin has been updated since this posting.

The latest release of the WordPress SpamAssassin Plugin includes the #1 most requested feature (and in fact, so far the only requested feature). Is it actually working?

I’m pleased to announce version 0.4 of the WordPress SpamAssassin Plugin. This plugin filters all of your blog comments through SpamAssassin, recognized as the Internet’s best spam killer. It is so good at sorting spam from non-spam that adapting it to blogs seemed like a natural thing to do, especially since I ran into trouble with every other solution out there.

New in this release: The plugin now writes logging data to the server error log whenever a comment is screened. (You may need to request the error logs from your web host.) An example log entry looks like this. This represents a legitimate comment. A log entry for spam looks similar, but shows Spam: True. Thanks to thoellri for the idea.

[client 207.177.45.61] PHP Notice: SpamAssassin: screened comment from 207.177.45.61 by IO ERROR at error%40ioerror.us. Spam: False -2.8 / 5.0 in /var/www/example.com/htdocs/wp-content/plugins/wp-spamassassin.php on line 105, referer: http://www.example.com/2005/01/16/alive-and-kicking/

To use the SpamAssassin plugin, you will need a SpamAssassin server. Many web hosts already have one for their incoming email; ask them for the address and edit the wp-spamassassin.php file to include it. If you are self-hosted, you will need to install SpamAssassin on your computer, if it isn’t already installed.

You can also customize the threshold at which suspicious messages are sent to the moderation queue. Suspicious messages are those that SpamAssassin thinks might be spam, but isn’t entirely certain. Messages identified as definitely spam are discarded. To use this feature, copy the tag in wp-spamassassin.php into your spam keywords list. (I don’t do this automatically in order to avoid corrupting your list or introducing blank lines.)

Update 22 Jan: I have updated the plugin to version 0.5. This new version fixes a problem with false positives on WordPress 1.2, and works around a common PHP server misconfiguration which causes some users to receive “Headers already sent” messages. View or download it from the new permanent page.

Notice: The plugin has been updated since this posting.

I’m pleased to announce version 0.3 of the WordPress SpamAssassin Plugin. Based on reports that it actually works, I’ve changed its status from “pre-alpha” to “alpha.” In addition, the following improvements are in this new version:

• Improved message format passed to SA prevents the wrong rules firing. This was causing some messages to be marked as not spam when they should have been marked as spam. (Patch contributed by Anonymous Coward)
• The plugin can now speak to SA via the UNIX domain socket, if SA is running on the same machine as WordPress. Set the name of SA’s UNIX domain socket in the plugin source. (Patch contributed by the same Anonymous Coward)
• Suspicious messages, those whose score is above 0 but below the SA spam threshold, are now tagged for moderation. You can configure the suspicious threshold. To make this work, configure the spam tag in the plugin, and add the spam tag to your moderation keywords. (I don’t do this automatically.) If a non-spam comment is moderated, edit the comment, removing the moderation tag, and then approve it.
• Comcast users will find that they can actually post comments to my blog now. SA does tag most of them as suspicious, though.

For more information be sure to see the original announcement. Also if you are placing this page in your linkroll please link instead to http://www.homelandstupidity.us/software/wp-spamassassin/ as this is a permalink which always points to the latest entry.

Please note that this plugin requires WordPress version 1.2 or later, and a version of PHP with sockets enabled. Since this is enabled at most installations, it shouldn’t be a problem, but if you find the plugin isn’t connecting to SpamAssassin, check phpinfo() to ensure your version of PHP has sockets support.

Update 22 Jan: Please see the new permanent page to download or view the plugin.

Notice: The plugin has been updated since this posting.

I hate spam. I really hate spam. And I hate comment spam on my site. A few of you noticed about 764 of them yesterday morning when you visited here. I thought I was fairly well protected against comment spam, but the spammers are getting smarter. So I decided to raise the stakes a bit. Introducing the WordPress SpamAssassin plugin.

But wait, why bother with yet another anti-spam plugin when there are so many wonderful ones to choose from? And what’s SpamAssassin anyway?

SpamAssassin is a nice program designed for ISP mail servers that immediately rejects incoming spam before it ever gets anywhere near your inbox. However, it also has its own wire protocol, so you can write custom programs to speak to it. And that’s exactly what I did. It’s far from perfect, I’m sure, but I’m also sure it’ll improve given time and feedback.

Your web hosting provider may already be running SpamAssassin for their mail; contact them to find out the hostname for the SpamAssassin server and fill this in to the plugin. It’ll probably be the same as your SMTP server. If you’re self-hosted, you know where your SpamAssassin server is already.

Update 8 Jan 2005: Please download the latest version here.

Update 2 Jan 2005: Fixed issues with PHP on Windows. Also, the plugin now feeds full headers to SpamAssassin.

Known issues (Updated 2 Jan 2005): None at this time.