Friday, January 31, 2003

News: Cyberattack winner--'hacker insurance'
The computer worm that clogged Internet traffic and shut down vulnerable corporate networks this weekend also provided another boost to the emerging market for hacker insurance, experts said on Monday.

Hacker insurance, also known as "network risk insurance," has been on the market for about three years, but is expected to explode from a $100 million sideshow into a $2.5 billion behemoth by 2005, according to insurance industry projections.

This weekend's Internet attack, which virtually cut off Internet access in South Korea and toppled other networks worldwide, underlined the impossibility of total computer security, said Counterpane Internet Security Chief Technology Officer Bruce Schneier.

"I believe that within a few years hacking insurance will be ubiquitous," Schneier said. "The notion that you must rely on prevention is just as stupid as building a brick wall around your house. That notion is just wrong."
Vision Series 3: Bruce Schneier - Tech News -
What's going to be different about the state of Internet and network security three years from now?

I think we're finally past the era where people believe in magic security dust, that all they need to do is buy the right set of products and their network will be imbued with the property of "secure." Security is a process. It's a journey.

Will security breaches become fewer or more frequent?

They will increase. As more of our infrastructure moves online, as more things that someone might want to access or steal move online, there will be more security breaches. As our networking systems become more complex, there will be more security breaches. As our computers get more powerful and more useful, there will be more security breaches. Everything about computer networks points to more security breaches in the future.

Thursday, January 30, 2003

"The C.I.A. uses every dirty trick in the book to accomplish its mission overseas," said Timothy Edgar, a legislative council for the A.C.L.U. "To allow those methods to govern intelligence gathering on American soil is an invitation for disaster."

Security Officials Considering Plan to Combine Terror Forces
Representative Jane Harman of California, the ranking Democrat on the House Intelligence Committee, said it was "frustrating" that the Bush administration was proposing such a major intelligence restructuring months after the Department of Homeland Security was initiated and the F.B.I. began its own internal reforms.

"There are a lot of unanswered questions about how this new center would interact with ongoing analytic efforts of the C.I.A., F.B.I., and Department of Homeland Security," Ms. Harman said.

While Bush administration officials said the new terrorism center's role would be to analyze threats as they develop, outside national security specialists in intelligence matters said that the crucial test would be whether the new operation would guide the intelligence gathering as well.

James Bamford, a best-selling author on national security affairs, said in an interview that if the new center was merely a repository for analyzing threats, it would largely duplicate the C.I.A.'s existing counterterrorism center. "You're basically just renaming it," Mr. Bamford said. "That's what they already do."

But if the C.I.A. began influencing domestic intelligence decisions at the F.B.I., he said, "that would be a major power shift."

The line of responsibility between the agencies has become somewhat blurred in recent months, and officials at the American Civil Liberties Union said they were worried that Mr. Bush's plan could mean significant new powers for the C.I.A.

"The C.I.A. uses every dirty trick in the book to accomplish its mission overseas," said Timothy Edgar, a legislative council for the A.C.L.U. "To allow those methods to govern intelligence gathering on American soil is an invitation for disaster."

Wednesday, January 29, 2003

"That's a $7 trillion turn," Mr. Conrad said. "What bothers me is that we are in the sweet spot of the economic cycle right now…"

U.S. Deficit Could Top $300 Billion
White House officials suggested today that the federal budget deficit could surpass $300 billion this year, setting a record as President Bush pushes plans for big tax cuts and new spending for the military and homeland security.

Mitchell E. Daniels Jr., director of the White House Office of Management and Budget, told the Reuters news service that the deficit could hit 3 percent of gross domestic product, which would put the deficit above $300 billion.

That is slightly higher than what Mr. Daniels and other administration officials have been hinting in recent weeks, but many outside economists say the actual deficits could turn out to be even higher, especially if the United States goes to war with Iraq.

By any measure, the government's financial situation continues to worsen by the week. Because of slow economic growth and declining stock prices over the last year, tax revenue fell sharply from October through December.

The Congressional Budget Office, the nonpartisan agency that makes its own estimates of fiscal trends, is expected to report on Wednesday that the deficit for 2003 will be at least $175 billion — but that is without any allowance for Mr. Bush's $674 billion, 10-year tax plan or the costs of a possible war.

Democrats on the House Budget Committee, after factoring in the cost of Mr. Bush's proposals as well as the latest data on revenue, predict that the deficit this year could hit $306 billion and that the government will run up $1.7 trillion in deficits by the end of 2011.

Administration officials and Republican lawmakers insist that the deficits are still small in relation to the size of the total economy. A deficit equal to 3 percent of gross domestic product would be twice as high as last year's figure, but it would still be a much smaller share of total economic output than the deficit of 1983 under President Reagan, which was 6 percent of gross domestic product.

Democratic lawmakers have stepped up their attacks on President Bush's tax-cutting plans. Senator Kent Conrad of North Dakota, the most senior Democrat on the Senate Budget Committee, noted that the government projected a 10-year surplus of $5.6 trillion just two years ago. Today, he said, the outlook is for a 10-year deficit of $1.5 trillion.
ONLINE Magazine: January/February 2003

This magazine can really save you time, effort, and will help prevent wasted searches.

Tuesday, January 28, 2003

Downloads: Linux development tools - Nov 4, 2002
Downloads: Linux development tools
A collection of popular tools for developing software for Linux

"Companies should have been ready for (the worm)," Johannes Ullrich said. "That patch should have been applied--it's six months old now."

News: SQL worm feeds on apathy, MS flaws
In the largest such incident since the Code Red and Nimda worms swamped servers in 2001, the Sapphire worm--also known as Slammer and SQLExp--infected more than 120,000 computers and caused chaos within many corporate networks. Some Internet service providers in Asia were overwhelmed.

The small but malicious program rapidly exploited a six-month-old flaw in Microsoft SQL servers, underscoring a dirty secret in the IT industry: software bugs are common and administrators are slow to fix even widely publicized problems, said Johannes Ullrich, director of the security information site
Seven Palestinians Killed as Israelis Vote
The Israeli army killed four Palestinians, at least three of them gunmen, Tuesday as it blockaded Palestinian inhabitants in the West Bank and Gaza Strip during Israel's election day.

Three Palestinians were killed when an explosion levelled a house owned by an Islamic militant in Gaza. Palestinians said the house was hit by an Israeli helicopter missile. The Israeli army said the three were killed while making bombs.

Palestinian medics said three Palestinian gunmen were shot dead in the northern West Bank city of Jenin during an exchange of fire with Israeli troops and that a 17-year-old was killed while running to the aid of one of the gunmen.

The army said the teen-ager was also armed and took part in the firefight with troops during an operation to seize militants involved in a 28-month-old uprising for a Palestinian state.

A Palestinian photographer working for Agence France Presse was shot in the leg during the incident, the medics said.

Captain Sharon Feingold, an army spokeswoman, said the photographer may have been hit by shrapnel from the gunfight. ``He was not targeted. We do not target journalists,'' she said. (Oh really? That's new. A.I.) As Israelis began voting in their general election, 3.6 million Palestinians living in the West Bank and Gaza Strip were barred by Israel's military from traveling between Palestinian towns and villages and entering Israel.

Israeli security officials said the ban was issued due to intelligence information that Palestinian militants were planning attacks to disrupt the election. Palestinians condemned the measure as collective punishment.

Palestinian residents of the West Bank cities of Tulkarm, Qalqilya, Nablus, Bethlehem, the Israeli-ruled parts of Hebron as well as Jenin were also under strict military curfew.

Palestinians identified the three dead in Gaza City as two children of Hamas militant Mohammed Salameh, including a 15-year-old girl, and a bodyguard of a senior Hamas leader, and said they were killed in a helicopter missile strike.

Israel said they were killed when bombs being made by two of them, whom it called Hamas militants, detonated prematurely.

The large house was devastated by the explosion.

At least 1,805 Palestinians and 698 Israelis have been killed since the uprising began after peace talks deadlocked.

Sunday, January 26, 2003

Arabs in Israel Reveal a Loss of Political Faith as Election Day Nears
Just four days before this country's parliamentary elections, Burham Ghanem still could not say precisely which party would get his vote. But he could guarantee this: it would not be one of the Jewish parties.

As Mr. Ghanem, 29, sat listlessly this afternoon outside a cafe in this Israeli Arab village snug beside the boundary of the West Bank, he ticked off the reasons, tapping into a well of profound and deepening resentment.

He was unemployed, he said, because Israeli Jews discriminated against Israeli Arabs like him. He had little contact with relatives in the West Bank, he said, because Israeli Jews had made no progress toward peace with the Palestinians, and now there was a military checkpoint on the edge of the village.

"The last two years have been the worst," Mr. Ghanem said, referring to the period of the current conflict. As a result, he said, he and his friends would not make the mistake that he believed some of their parents did and put any faith in Jewish politicians. "The older generation used to go like cattle to vote, without thinking of whom," he said. "We are more aware."

Mr. Ghanem's bitterness was echoed by many of the roughly 19,000 residents of this northern village, and it outlined what seems to be a new peak in the frustration and sense of alienation among Israeli Arabs, especially younger ones, as the elections draw near.

Many Israeli Arabs, who represent about 1.2 million of the 6.6 million people in Israel, say they have never before felt so much like scorned outsiders. Their sentiments could well manifest themselves on Election Day in several ways.

If the predictions of some political experts and the stated intentions of many Israeli Arabs hold, a larger majority of them than ever will cast votes for one of four main Arab lists on the ballot that are jockeying for their favor.

Or, more of them than usual will stay home, heeding loud calls by some Israeli Arab leaders over recent months to register their disgust by boycotting the process altogether. Some polls in recent months have suggested that Israeli Arabs will do precisely that.

"It is one of the main stories of this election," said Dr. Yitzhak Reiter, a professor of Islamic and Middle Eastern Studies at the Hebrew University of Jerusalem. "The relationships between Jews and Arabs in Israel are on the brink of a clash."

Dr. Reiter cited, as both an example and catalyst of that, the killing of 13 Israeli Arabs by the Israeli police during a demonstration in support of Palestinians in October 2000, shortly after the latest conflict began.

He said the episode was "only a rehearsal of what might happen in the future," and that Israeli Jews should be concerned, for reasons including the degree to which anger among Israeli Arabs could translate into cooperation with Palestinian militants. In the past year, there have been dozens of cases of suspected terrorist activity involving Israeli Arabs.

Salah Tarif, an Israeli Arab who is a member of Parliament for the mainstream, center-left Labor party, which has only some Arab support, said in a telephone interview that the political distance between Israeli Arabs and Jews was growing.

"Things have been going from bad to worse, and we are separating," said Mr. Tarif, who is Druze. He predicted that predominantly Arab parties would pick up a few more seats than the 10 they currently hold in the 120-member Parliament.

Many said that while Arab parties in Parliament did not have enough votes to help them that much, they did not believe that predominantly Jewish parties with more power had any interest in addressing the wide economic gaps between Arab and Israeli Jews.

In Baqa, Arabs live with constant reminders of the tensions and fighting between the Israeli government and West Bank Palestinians, with whom many Israeli Arabs profess strong solidarity.

Earlier this week, in an area right along the boundary, Israeli forces demolished an entire row of corrugated tin shops run by Palestinians, whom the Israelis said had built without permits.

"When you destroy those stores, what do you think you harvest?" asked Zaki Bulbul, 45, an Arab from Baqa, as he gazed at the heaps of twisted metal where the stores had been.

"You harvest violence," Mr. Bulbul said.

Race matters strongly and segregation is a failed educational policy. Any policy framework must explicitly recognize the importance of integrated education not only as a basic education goal but also as a compelling societal interest.

A Multiracial Society with Segregated Schools: Are We Losing the Dream?
This report describes patterns of racial enrollment and segregation in American public schools at the national, regional, state, and district levels for students of all racial groups. Our analysis of the status of school desegregation in 2000 uses the NCES Common Core of Data for 2000-01, which contains data submitted by virtually all U.S. schools to the Department of Education. Additionally, this report examines trends in desegregation and, now, resegregation over the last one-third century.

Key findings of the study include:

The statistics from the 2000-2001 school year show that whites are the most segregated group in the nation’s public schools; they attend schools, on average, where eighty percent of the student body is white. The two regions where white students are more likely to attend substantially interracial schools are the South and West. Whites attending private schools are even more segregated than their public school counterparts.

Our schools are becoming steadily more nonwhite, as the minority student enrollment approaches 40% of all U.S. public school students, nearly twice the share of minority school students during the 1960s. In the West and the South, almost half of all public school students are nonwhite.

The most dramatic growth is seen in the increase of Latino and Asian students. Latino students are the most segregated minority group, with steadily rising segregation since federal data were first collected a third of a century ago. Latinos are segregated both by race and poverty, and a pattern of linguistic segregation is also developing. Latinos have by far the highest high school dropout rates.

Conversely, at the aggregate level, Asians live in the nation's most integrated communities, are the most integrated in schools and experience less linguistic segregation than Latinos.1 Asians are the nation's most highly educated racial group; the rate of college graduation for Asians is almost double the national average and four times larger than Latinos.

The data show the emergence of a substantial group of American schools that are virtually all non-white, which we call apartheid schools. These schools educate one-sixth of the nation's black students and one-fourth of black students in the Northeast and Midwest. These are often schools where enormous poverty, limited resources, and social and health problems of many types are concentrated. One ninth of Latino students attend schools where 99-100% of the student body is composed of minority students.

Paralleling housing patterns from the 2000 Census, this study shows a very rapid increase in the number of multiracial schools where at least one tenth of the students are from three different racial groups. Three-fourths of Asian students attend multiracial schools, but only 14% of white students do.

The nation's largest city school systems account for a shrinking share of the total enrollment and are, almost without exception, overwhelmingly nonwhite and increasingly segregated internally. These twenty-seven largest urban systems have lost the vast majority of their white enrollment whether or not they ever had significant desegregation plans, and today serve almost one-quarter of our black and Latino student population.

The balkanization of school districts and the difficulty of creating desegregated schools within these cities show the huge consequences of the Supreme Court's 1974 Milliken v. Bradley decision2 blocking city-suburban desegregation in metropolitan Detroit. According to one recent study, metropolitan Detroit schools were extremely segregated in 1994 and had the highest level of between-district segregation of all metro areas in the country.3

In 1967 the nation's largest suburban systems were virtually all white. Despite a huge increase in minority students in suburban school districts, serious patterns of segregation have emerged in some sectors of suburbia as this transition takes place. Many of the most rapidly resegregating school systems since the mid-1980s are suburban. Clearly segregation and desegregation are no longer merely urban concerns, but wider metropolitan issues.

The largest countywide school districts that contain both city and suburban schools are mostly concentrated in Southern states. These districts, with about half the enrollment of the big cities, had far more extensive and long-lasting desegregation and far more opportunity for minority students to cross both race and class barriers for their education.

Many of the nation's most successful plans are being dismantled by federal court decisions as the courts have been changed from being on the leading edge of desegregation activity to being its greatest obstacle. Since the Supreme Court changed desegregation law in three major decisions between 1991 and 19954, the momentum of desegregation for Black students has clearly reversed in the South, where the movement had by far its greatest success.

During the 1990s, the proportion of black students in majority white schools has decreased by 13 percentage points, to a level lower than any year since 1968.

Desegregation has been a substantial accomplishment and is linked to important gains for both minority and white students. Just as more and more convincing evidence of those gains is accumulating, school systems are actually being ordered to end successful desegregation plans they would prefer to continue. This is not driven by public opinion, which has become more supportive of desegregated schools (most of which have been achieved through choice mechanisms in the past two decades). The persisting high levels of residential segregation for Blacks and increasing levels for Latinos in the 2000 Census indicate that desegregated education will not happen without plans that make it happen. We recommend a set of policies that would slow and eventually reverse the trends reported here.

"Information architecture is a combination of art and science to organize information into a functional and usable format, allowing someone unfamiliar with the information to easily find what they're looking for."

Digital Web Magazine - The $ and Sense of IT: Making Cents from Information Architecture
When it comes to Web development, everybody has taken short cuts over the years. This holds especially true when working on low budget projects. One of the most costly short cuts is skipping the development of a sound and highly functional information architecture (IA). While this short cut may take several forms, failure to devote enough resources and to document it properly will cost the owner of the Web site more than just a few cents.

Saturday, January 25, 2003

MIT OpenCourseWare | Home
MIT and the OCW team welcome you to the pilot site of MIT OpenCourseWare. This initiative supports MIT's fundamental mission — to advance knowledge and education to best serve the nation and the world.

MIT OpenCourseWare is:

• A publication of MIT course materials.

• Free and open to the world.

MIT OpenCourseWare is not:

• A degree- or certificate-granting program.

• An MIT education.
Gilder Lehrman Center for the Study of Slavery, Resistance, and Abolition: Home
The Gilder Lehrman Center for the Study of Slavery, Resistance and Abolition, a part of the Yale Center for International and Area Studies, is dedicated to the investigation and dissemination of information concerning all aspects of the Atlantic slave system and its destruction. It seeks to foster an improved understanding of the role of slavery, slave resistance, and abolition in the founding of the modern world by promoting interaction and exchange between scholars engaged in research in each of these distinct areas, and by assisting in the translation of scholarly information into public knowledge through publications, educational outreach and other programs and events.…

…I have been concerned that this program could be used to invade the privacy of Americans by snooping around in our bank accounts, personal Internet computers, phone records…

News: Senator slams Pentagon data-mining
Sen. Chuck Grassley of Iowa said he will support legislation to curb the scope of the controversial Total Information Awareness (TIA) project and limit the FBI's involvement with it. The full Senate could vote on the proposal as early as Thursday as an amendment to a spending bill.

Grassley, who is a frequent critic of government abuses of power, did not go as far as some Democratic senators and call for a broad moratorium on TIA, which is funded by the Defense Advanced Research Projects Agency (DARPA). Instead, his proposal says TIA may not be used for "domestic intelligence or law enforcement purposes."

"Like many people, I have been concerned that this program could be used to invade the privacy of Americans by snooping around in our bank accounts, personal Internet computers, phone records and the like," Grassley said in a statement. If fully implemented, TIA would link databases from sources such as credit card companies, medical insurers and motor vehicle departments for police use toward snaring terrorists.

Support from Grassley, a senior Republican who is chairman of the Senate Finance Committee, substantially increases the chances that Congress will place at least some limits on the development and use of the TIA system.

In a letter to Attorney General John Ashcroft on Tuesday, Grassley charged that the Justice Department and FBI are closer to using TIA than the agencies previously have acknowledged. That came after a letter to Grassley from Defense Department Inspector General Joseph Schmitz, who said the FBI is considering "possible experimentation with TIA technology in the future."

As previously reported, efforts in Congress to block the TIA program began last week with a Democratic proposal championed by Sen. Russ Feingold of Wisconsin. It's a standalone bill called the Data-Mining Moratorium Act that would create a moratorium on TIA.

A third proposal is backed by Democratic senators including Ron Wyden of Oregon, Dianne Feinstein of California, and Patrick Leahy of Vermont. The Wyden-drafted amendment to the omnibus appropriations bill being debated this week goes further than Grassley's proposal, and bans TIA after two months unless Congress receives a detailed report, or President Bush certifies that halting TIA would "endanger the national security of the United States."
eWeek Research Library: Home
Search for white papers, case studies, webcasts and product information on the latest topics, products and technologies.

You'll find everything from reports and whitepapers on Linux, security, wireless, storage and much, much more.

Thursday, January 23, 2003

Bush Rescinds Health Policy
The Bush administration said today that it was rescinding a new policy that allowed managed care organizations to limit and restrict coverage of emergency services for poor people on Medicaid.

The reversal came five days after existence of the policy was publicly disclosed. On Tuesday, senior administration officials were still defending the policy in meetings with senators of both parties.

But Senate aides said it was clear that the Senate would pass legislation to block the policy if the administration did not retract it.

The policy, set forth in a Dec. 20 letter to state Medicaid directors, said states could place limits on coverage of emergency services "to facilitate more appropriate use of preventive care and primary care."

Federal officials had previously told state officials that such limits were illegal.

"They are switching over to white-collar crime because it's more lucrative and they know they will get less time."

Identity Theft Complaints Double in '02
The number of identity theft complaints nearly doubled in 2002, continuing to make it the Federal Trade Commission's most widely reported consumer crime since the agency started issuing reports three years ago.

The F.T.C. said that in the last year it had received 162,000 reports of identity theft, compared with 86,000 a year ago. They make up 43 percent of complaints. Auction fraud, an almost nonexistent crime six years ago, ranked second with 13 percent of the total. Internet-related fraud, which includes auction fraud, generated slightly more than 100,000 complaints. The rise in identity theft complaints partly reflects greater consumer awareness about reporting and does not necessarily indicate an increase in the crime.

"It's not scientific," said Betsy Broder, the assistant director at the F.T.C.'s Bureau of Consumer Protection. Also, because the statistics are self-reported, some consumers may define identity theft broadly to include fraudulent credit card charges. The statistics are compiled from state and federal sources, including the Federal Bureau of Investigation and the Secret Service.

Nonetheless, the information is helpful for companies and law enforcement agencies in spotting certain geographic trends and clustering patterns of the crime. In about one out of four reported cases, information from stolen identifies was used to open new credit card accounts. Loan and bank fraud made up another 23 percent of all identity theft. Fraudulent new cellphone accounts made up about 10 percent of cases. The places with the most victims per capita were the District of Columbia, California, Arizona, Nevada and Texas.

The trade commission recommends certain measures for consumers, such as shredding financial documents and giving out Social Security numbers judiciously. But law enforcement officials say the most serious identity theft is driven by insiders who have privileged access to the personal information — full name, date of birth and Social Security numbers — necessary to assume someone's identity.

Employees of financial institutions, insurance companies, medical offices and even health clubs have been among those charged with identity fraud. For example, in November, authorities said they broke up a three-man identity theft ring in New York City that had victimized more than 30,000 people. One of the suspects worked at a software company and could call up credit reports.

In December, computer equipment containing the personal information of about 562,000 people was stolen from the Phoenix office of TriWest, a Pentagon contractor that handles medical claims for the military. Pentagon officials say that no one has become a victim of identity theft, but those involved have been advised to alert the credit rating agencies: Equifax, Experian and TransUnion.

Former violent criminals are also using the Internet for identity theft, officers say.

"They are switching over to white-collar crime because it's more lucrative and they know they will get less time," said Lt. Tim Lee of the Michigan State Police. "Identity theft is not necessarily a sophisticated crime."

As credit and banking applications continue to move onto the Internet, fraud is becoming easier. For example, law enforcement agencies say they see rings of criminals using online mortgage applications to apply for fraudulent loans. The checks and paperwork are sent directly to lawyers' offices, leaving less of a trail for investigators to follow.

American Tax Dollars at Work

Wife of Palestinian Radical Arrested
an Israeli group that tracks Jewish settlement activity in the West Bank and Gaza Strip, released a report showing a disproportionate amount of funds from the Israeli government's budget going to settlements.

More than 200,000 Israelis live in communities dotting the hilltops of the West Bank and Gaza Strip, the lands claimed by the Palestinians for a future state.

The report by the Israeli group Peace Now says $450 million from the $50 billion state budget in 2001 went to settlements in the West Bank for housing and road construction and development of industrial areas as well as income tax benefits.

Peace Now said settlers, per capita, get $1,500 more in government spending than those living inside Israel proper.

``The policy of the Israeli government is to try to increase the number of settlers beyond the Green Line (between West Bank and Israel) and to make their life and economy better than life in Israel,'' said Peace Now spokesman Yariv Oppenheimer. ``It's a way to achieve a political goal.''

Peace now said its data on settlement spending is incomplete because the money is scattered through out the budget.
Wife of Palestinian Radical Arrested Israeli forces detained the wife of a Palestinian radical who is in prison for his alleged role in the assassination of an Israeli Cabinet minister, relatives said Thursday.

Israeli government officials refused to comment. A Palestinian human rights group and relatives of Ablah Saadat, 47, said she was arrested as she tried to cross from the West Bank to Jordan, from where she planned fly to Brazil to attend a conference on political prisoners.

Her husband, Ahmed Saadat, is the leader of the Popular Front for the Liberation of Palestine, a radical PLO faction whose gunmen assassinated ultra-nationalist Cabinet Minister Rehavam Zeevi, 75, at a Jerusalem hotel on Oct. 17, 2001.

The group said it was avenging its former leader, Mustafa Zibri, who killed in a targeted Israeli rocket attack two months before the Zeevi assassination.

Ahmed Saadat and four others accused of involvement in Zeevi's killing are being held in a Palestinian jail in Jericho, under American and British supervision, as part of a deal that helped end Israel's 34-day siege of Yasser Arafat's West Bank headquarters last spring. Saadat has not been put on trial. The four others were convicted by a makeshift Palestinian court of killing Zeevi.

Ablah Saadat, a mother of four, has no ties to her husband's group, said her mother-in-law, Fathiyah Saadat. She left for the Allenby Bridge crossing over the Jordan River early Tuesday on her way to catch a flight to Brazil, where she was to speak about her husband's imprisonment at a conference on political prisoners.

Her mother-in-law said she received a phone call from her saying she had been detained at the border by Israeli intelligence officers. She hasn't heard from her since then.

Khalida Jarrar, of the Palestinian prisoners rights group Addameer, said Israeli officials told her that Saadat was being held at the Beit El military base near Ramallah.

"Are we going to start sending in the inspector general to charge people with committing a bar mitzvah?"

Bush Plans to Let Religious Groups Get Building Aid
The Bush administration plans to allow religious groups for the first time to use federal housing money to help build centers where religious worship is held, as long as part of the building is also used for social services.

The policy shift, which was made in a rule that the Department of Housing and Urban Development proposed this month, significantly expands the administration's contentious religion-based initiative.

Current regulations generally prohibit religious groups from using federal housing and community development grants, which totaled $7.7 billion last year, to build or rehabilitate structures. The new rules, still subject to final approval by housing officials, allow the use of federal aid to acquire, rehabilitate or build centers used for religious and specifically approved nonreligious activities, so long as no federal money is used for the religious section.

A church could erect a building using federal money to create a shelter for the homeless in one part and private money to create a sanctuary in another part, officials said. A synagogue could use a grant to rehabilitate part of its building for a counseling center for AIDS patients or the poor. A Muslim group could apply for federal money to upgrade the lighting and equipment in a room in its mosque to allow it to be used as an counseling center for single parents.

Civil rights advocates, legal experts and Congressional critics attacked the change. They said it moved the government dangerously close to financing the building of houses of worship in violation of the separation of church and state.

"This is probably the most clearly unconstitutional aspect of the White House's faith-based initiative that we've seen up to this point," said Christopher Anders, legislative counsel for the American Civil Liberties Union. "What this does is take federal money that is serving the neediest of the needy in our society and diverts it to the bricks-and-mortar construction of churches and sanctuaries and other places of worship."

Opponents said the change forced the government into the difficult position of having to determine which part of a building is used for worship and which is for social services.

"You run into the nightmarish problem of having the government monitor what goes on inside churches" and sanctuaries, said Representative Barney Frank, Democrat of Massachusetts, who promised to seek hearings on the change. "Are we going to start sending in the inspector general to charge people with committing a bar mitzvah?"
Where Next for RSS?
RSS for the Uninitiated The history of RSS is fraught and complicated and I'm not going there. To summarize, RSS is a little XML language that you use to describe changes in a web site. Usually this is called an "RSS feed". Then all kinds of different programs can read the RSS feed and give you clickable news summaries that mean you don't actually have to visit all those websites unless you know there's something there you want to read.…

Saturday, January 18, 2003

Joe Millionaire for President
Mr. Bush rolls out an economic plan that he says will help address joblessness, now at an eight-year high and growing, when in fact it's mainly a payday for those who collect dividend checks. Promising to speed the cleanup of corporate corruption, he accepts the resignation of Harvey Pitt, but two months-plus later Mr. Pitt is still on the job, working his will as the S.E.C. does some of its most crucial "reform" rule-making. Mr. Bush thumps as a hallmark of his education vision the No Child Left Behind Act, but his tight budget will leave states struggling to fulfill its alleged goals. Even Marvin Olasky, the Bush sycophant who wrote the book that inspired compassionate conservatism, said last month that while he awards the president an "A" for "setting the message" he gives him an "F" for his legislative follow-through.

But Mr. Olasky may not be the only one who is waking up to the ruse. The drop in Mr. Bush's poll numbers this week reminds us that anesthesia, no matter how well administered, eventually wears off. Affirmative action, judicial nominations, Enron and the rest are passionate issues for some, but war is a wake-up call for all. As the president keeps stamping his foot about Saddam Hussein, there is a dawning sensation that America is being held hostage by the administration idée fixe that is Iraq. It's a sword of Damocles hanging over our foreign policy, economy and national security alike.

The White House wants us to believe, as Dr. Frist reassured us last weekend, that North Korea is "an entirely, entirely different situation" from Iraq. Yes it is, not least because North Korea does not produce oil. But the two situations are now inseparable. Kim Jong Il may be crazy but he's not stupid. He bet the bank that Mr. Bush, for all his promises not to respond to nuclear blackmail, would do exactly that to avoid a distraction from Iraq. And so he called the president's bluff and will soon get his ransom. Mr. Bush's retreat all but invites other rogues to push us around, or worse, in this interregnum of vulnerability that his verbal bluster and tactical blundering has created.

Iraq's hammerlock on the economy is just as tight. We increasingly realize that no matter what Mr. Bush's tax-cutting plan, or any Democratic alternative, the economic issue du jour is not so much class warfare as warfare, period. No one believes the economy is going to expand as long as war clouds dampen the business environment. If the war drags on for months, recession could well follow.
MIT Conference Takes Aim at Spam E - mails
It's going to take the best and the brightest to slam the spammers.

Hundreds of programmers gathered Friday at the Massachusetts Institute of Technology to apply their collective brainpower to a problem that has evolved from annoyance to menace: the rising flood of unsolicited e-mail.

Companies and Internet service providers put up a fight with the latest filtering programs, but spammers quickly bypass their defenses.

Organizers had expected a small gathering of 40 to 80 programmers, hackers and Internet activists, but several hundred packed an auditorium to hear the latest in spam countermeasures.

For the more clinical, spam simply poses a difficult technical challenge. Others are downright offended by it.

William S. Yerazunis, an MIT computer scientist, compared spam to petty street crime -- cheap to carry out, profitable for the offender and enormously expensive to halt.

``It's really theft,'' said Yerazunis, 46, a researcher at MIT's Mitsubishi Electric Research Laboratories. ``And the theft efficiency ratio is about the same as stealing hubcaps and car radios.''

Spam traffic has grown from 8 percent of Internet e-mail in 2001 to as much as 40 percent in 2002, according to Brightmail Inc., which provides filtering products for several major Internet service providers.

Spam is costly for everybody. It costs about $250 to send a million spams, but about $2,800 in lost wages, at the federal minimum wage, for those million spams to be deleted, Yerazunis estimates.
Two Palestinians Attack Jewish Settlement, Killing One Israeli
The violence today comes after an extensive roundup of Palestinians by the Israeli Army. Beginning Tuesday, there have been reports of 20 to 30 arrests a day, usually in raids looking for a specific suspect. Many of the arrests have been made by a special undercover unit called Duvdevan, with soldiers dressed like Arabs, others by troops from the Paratroop Brigade or other elite units that have virtually taken over the major Palestinian cities. There were nine arrests overnight in a series of operations in the West Bank, army radio reported this afternoon.

In part the arrests appear to reflect worries that Palestinian suicide bombers will strike again before the election, as they did in Tel Aviv the Sunday before last. But Israeli officials also say the increased activity reflects better intelligence — some of it gleaned from earlier arrests and closer coordination between the army, which has surrounded the Gaza Strip and reoccupied the West Bank, and the Shin Bet, Israel's domestic intelligence service.

The Israeli human rights organization B'tselem reported two weeks ago that more than 1,000 Palestinians were in custody, the most since 1991, during the earlier intifada. Some old prison camps have been reopened, but the facilities are strained and the Shin Bet does not have enough interrogators to keep up with the flow of detainees.

Take this little quiz to see whether your e-mail program is likely to be viewed as spam by its recipients. - Pass or Spam? Take the Quiz
Spam (also known as UCE, or "unsolicited commercial e-mail") is any e-mail message that an organization sends to a distribution list of recipients without their express consent. Now, this is where things become a little murky, because there's no legal definition as to what constitutes consent.

The narrowest definition of consent would permit sending e-mail only to individual recipients who have specifically given their consent by proactively "opting in," or subscribing, to that distribution list.

However, many marketers extend this definition to include all customers with whom an organization has a business relationship (for example, based on their purchase history) even though the company has not received specific permission to send unsolicited e-mail to those customers.

Some marketers go further still, assuming that anyone who has expressed an interest in a somewhat related product, service, or area of interest and has provided his or her e-mail address at an affiliated Web site is a suitable candidate for e-mail bombardment. At its most extreme are those marketers who believe that anyone with an e-mail address is fair game!

If you annoy your customers, you will not be successful in building a valuable relationship with them.

It's really as simple as that. In practice, this means that you should do everything within your power to ensure that you only send your customers (or prospects) e-mail that will be of real value to them.

As a matter of courtesy, remind the recipients, within the message itself, why they are getting this message from you. It might be because they subscribed to your weekly e-mail newsletter, or because they recently registered (and provided their e-mail address) at your Web site.

Think you've got it? Take this little quiz to see whether your e-mail program is likely to be viewed as spam by its recipients.,template=1&content=1057&nav1=1&user=4c492ace5014 - Are You Being Filtered Out?
It's a fact of the Internet: The longer we're online, the more susceptible we are to information overload. There are now experts everywhere telling us how to lighten that load — by filtering our e-mail and storing it in folders, and by using reviews, programs, and directories to help us decide which Web sites to visit.

But filtering techniques can sometimes backfire. If you have a legitimate message to send out, you need to know how to avoid being filtered out by business contacts and potential customers.,template=1&content=1432&nav1=1&user=4c492ace5014 - Avoiding the Spam Trap
by Alexandria K. Brown, 'The E-zine Queen'
Spam has not only become troublesome because we all receive too much of it, but it's now a problem for legitimate e-zine publishers such as you and me. This is because the spam overload has driven many companies and individuals to use 'anti-spam' software to help screen out the junk. Unfortunately many of these programs filter out our opt-in publications as well.

10 STEPS TO HELP ENSURE YOUR E-ZINE REACHES YOUR READERS …,template=1&content=2633&nav1=1&user=4c492ace5014

"Contrary to popular misperception, Microsoft does not have the worst track record when it comes to security vulnerabilities. Also contrary to popular wisdom, Unix- and Linux-based systems are just as vulnerable to viruses, Trojan horses, and worms."

ZDNet: Printer Friendly - Linux, Unix as risky as Windows
Turning up the heat another notch on a long-simmering debate, the Aberdeen Group has published a study comparing the security of Linux/Unix systems with that of the Microsoft Windows family of products.

"Contrary to popular misperception, Microsoft does not have the worst track record when it comes to security vulnerabilities. Also contrary to popular wisdom, Unix- and Linux-based systems are just as vulnerable to viruses, Trojan horses, and worms," Aberdeen's report states.

Based on CERT advisories for 2001 and 2002, Aberdeen reached the following conclusions:

  • "Virus and Trojan horse advisories affecting Microsoft products peaked at six in 2001, which then bottomed out at zero for the first 10 months of 2002.

  • Virus and Trojan horse advisories affecting Unix, Linux, and open source software products went from one in 2001 to two for the first 10 months of 2002.

  • Advisories affecting network equipment products jumped from two in 2001 to six for the first 10 months of 2002.

  • Firewalls and other security products were affected by just two advisories in 2001, but have been linked to seven advisories for the first 10 months of 2002."

The report also points out that Apple is becoming vulnerable, "now that it is fielding an operating system [OS X] with embedded Internet protocols and Unix utilities.",6061,2908715-92,00.html
HOWTO INSTALL Slash For Dummies
Slashcode Installation Guide

I've always loved and respected the slash database/perl program that runs the site. So when I decided to download and install the slash package on one of my Redhat/Mandrake machines, I was sure the installation wasn't too daunting. It has instructions, right?

Well, two and a half weeks later I finally figure out (most of) the Rubik's cube that is installing slash. The installation directions are nice, but a bit...rushed. I found them incomplete and the answers to my questions seemed far, far away. Why hadn't anyone written detailed instructions on this?

This document describes how to install Slash 2.2.x simply and easily using Mandrake/Redhat/Debian, utilizing kernel 2.4.x. It may work on older kernels, but as for these instructions, only 2.4.x is utilized. For instructions on installation or upgrade of previous versions of Slash, see the INSTALL document included with the slash distribution and/or see

Any and all questions, comments, updates, or fixes to this document should be directed toward

Friday, January 17, 2003

Inspectors Find Empty Warheads in an Iraqi Depot
Experts on the arms team, as well as intelligence analysts in Washington and other capitals, rushed to determine whether the warheads had been listed in the voluminous weapons declaration Baghdad presented to the United Nations in December.

The team took X-rays of one warhead and collected samples for chemical testing, he said.

Lt. Gen. Hussam Muhammad Amin, the top Iraqi liaison to the weapons teams, expressed "astonishment" over the hubbub about the warheads, saying they were short-range shells imported in the late 1980's. He insisted that they were registered in the declaration.

He said that the boxes containing the munitions were covered with dust, and that the warheads were empty.

"No chemical or biological warheads," he said at a news conference, "just empty rockets which are expired and imported in 1988."
Bush Joins Admissions Case Fight (

"Others have to defend them and others have to work for them, and have to be grateful to them for praying" for Israelis, he said. "My support is partly a revolt of the secular, liberal-minded modern Israeli against this type of ghettoization."

Israeli Gadfly Hopes to Separate Religion and State
Tommy Lapid, bare-knuckled commentator and crusader against state-subsidized Judaism, has emerged, grinning, as the biggest surprise of this most surprising campaign season — the man who would be kingmaker in Israel.

Opinion polls consistently indicate that Mr. Lapid's minor party, dedicated to cutting the government benefits of religious Jews, is poised to become the third-largest faction in the next Parliament, which could make his a pivotal voice in determining the next governing coalition.

From right, left and center, other Israeli politicians are suddenly gunning for Mr. Lapid in hopes of drawing his party's new support away. It is hard to have a conversation with Labor Party politicians without hearing Mr. Lapid compared to Archie Bunker, their calculated shorthand for an armchair reactionary.

Mr. Lapid, a 71-year-old Holocaust survivor, is enjoying that very much.

"I take it as a compliment," he said today of the comparison to the most famous, if fictional, product of Queens. "I do look like him, and I am — how do you say it — pugnacious."

The new support for Mr. Lapid's Shinui Party arises partly from voters' impatience with the major parties over the stalemate with the Palestinians, the dismal economy, scandal and a clinging malaise. But it also demonstrates that Israel's longstanding contest between secular and religious Jews is intensifying as the debate sharpens over what it means to live in a democratic state that is Jewish.

"You're looking at the rabbi?" Mr. Lapid said, noticing that a visitor's eyes had strayed to the gray-bearded, black-robed puppet on his desk in his bustling headquarters here. He scooped up the puppet, which wore boxing gloves, and, manipulating it, threw a couple of combinations.

"This rabbi — if you don't agree with him, he punches you in the nose," Mr. Lapid explained. He called the religious "a minority that has privileges and no responsibilities," citing exemptions from army service and tax breaks.

"Others have to defend them and others have to work for them, and have to be grateful to them for praying" for Israelis, he said. "My support is partly a revolt of the secular, liberal-minded modern Israeli against this type of ghettoization."
The surge behind Mr. Lapid is not just a reflection of antireligious sentiment. In a political system divided along ethnic as well as religious lines, his party appears to be drawing from Israel's elite of Ashkenazim, with roots in Eastern and Central Europe. Further, his party's name, Shinui, or Change, incorporates an inchoate revolt against the status quo.

"Against this mood, a party like that, a person who is a TV product who seems to know what he is saying, appeals to the nonpolitical white-collar professionals," said Itzhak Galnoor, a Hebrew University political scientist. He called Shinui a "destabilizing force," saying it was taking votes from the major parties and scrambling Israel's coalition politics.

Relishing that role, Mr. Lapid leaned back in a swivel chair as he ranged forcefully in an hourlong conversation from Israel's role as a haven for Jews, to what he regards as the political awakening of Israel's bourgeoisie, to his rich career as a writer of successful guides to Europe, a playwright, a radio and television commentator and a newspaper editorialist.

Opinion polls consistently suggest that in elections to be held on Jan. 28, Shinui could more than double — almost triple, some analysts have predicted — its present six seats in Parliament. This campaign has already produced its share of reversals, but at the moment Shinui looks likely to displace a religious party, Shas, as the third-biggest faction.

It may prove difficult to fit this secularizing party into a governing coalition. In Israel such coalitions traditionally have a religious component, and Mr. Lapid says his party would not join a coalition with religious conservatives.

That helps explain why Labor announced on Tuesday that it would not join a coalition led by Ariel Sharon, the current prime minister and leader of Likud. Labor wants to quash any hope of such a secular coalition, to win back defectors by making a vote for Shinui look like a vote for Mr. Sharon and presenting itself as the only true opposition voice.

This strategy does not appear to be working, for now. Few Israelis appear to take seriously Labor's pledge not to join a unity government.

It was as if the administration had filed a brief denouncing abortion without asking the court to overturn Roe v. Wade.

White House Briefs Take Cautious Stand in Race Case
As an example of political stage-management, the Bush administration's handling of its Supreme Court brief in the Michigan affirmative action case was masterly, impressive even by the standards of a White House unusually skilled at spin control.

By denouncing the University of Michigan's race-conscious admission policies in a late-afternoon live television appearance on Wednesday, President Bush was able to dominate an entire 24-hour news cycle with an image of strong opposition to affirmative action.

It was the message his core conservative supporters most wanted to hear and one calculated to put an end to the growing carping from the right that the brief would not be tough enough.

So by the time his solicitor general, Theodore B. Olson, actually submitted the administration's briefs late tonight as the clock approached a midnight filing deadline at the court, the briefs were a fading second-day story and there was hardly anyone still on duty — certainly not the television news anchors — to notice that the reality of its legal argument diverged substantially from the rhetoric of the president's prime-time statement.

True to his promise, the briefs did ask the court to declare unconstitutional the undergraduate and law school admissions programs in dispute. But it did so by means of a legal analysis that, far from insisting that any consideration of race was impermissible, did not even ask the justices to overturn the Bakke decision, the 1978 landmark ruling that by allowing race to be used as a "plus factor" ushered in a generation of affirmative action in public and private college admissions.

It was as if the administration had filed a brief denouncing abortion without asking the court to overturn Roe v. Wade.

"In the end, this case requires this court to break no new ground" in order to hold the law school's admissions policy unconstitutional, the administration said in Grutter v. Bollinger, one of the two cases. The sentiment was echoed in the brief in the second case, Gratz v. Bollinger.

After the president's television appearance on Wednesday, the Senate Democratic leader, Tom Daschle, went to the Senate floor to criticize the administration's position on affirmative action. The administration had shown an insensitivity to civil rights, Mr. Daschle said, "in virtually every single occasion when actions spoke louder than words."

But this time, it turned out, the words spoke louder than the action.

Perhaps the divergence of rhetoric from reality reflected a split-the-difference compromise between warring factions within the administration — much as the Carter administration's awkwardly compromised brief did in the Bakke case itself. On that occasion, an internal ideological struggle that had become painfully public led the Carter administration to ask the justices to send the case back to the California Supreme Court for further consideration.

Or perhaps the administration's Janus-like posture reflected a more strategic calculation that its interests were best served by looking in both directions at once. The president got the political benefit of denouncing Michigan's undergraduate admissions program as a quota system (a characterization the briefs emphasize but that the university strongly disputes) while his lawyers got to make the more nuanced arguments that have the only real chance of succeeding at the court.
White House Briefs Take Cautious Stand in Race Case
Scalable Vector Graphics (SVG) 1.1 Specification
SVG 1.1 is now a Recommendation
Scalable Vector Graphics (SVG) 1.1 Specification
W3C Recommendation 14 January 2003
Boxes and Arrows: Printing the Web
Despite predictions to the contrary, it doesn't seem that the advent of networked information sharing has reduced human consumption of paper. In fact, given the amount of printouts modern offices and homes produce, one is inclined to say that even MORE paper is generated today than ever before. A “paperless society” feels a long way off.

Designing web pages with printing in mind
For some websites the user experience already extends onto paper, like it or not. Ignoring this may result in lower overall user satisfaction.…

Thursday, January 16, 2003

Guess Who's Coming for a Mortgage? There are those who try to convince us that because Colin L. Powell and Condoleezza Rice have prominent roles in the Bush administration or because Halle Berry and Denzel Washington get leading roles in Hollywood movies, "we're getting there," in terms of race relations and equality. As I reach for the popcorn, I'm rejoicing. But when it comes to issues like the lending practices of the mortgage industry, blacks are still in the back of the bus.

After two humiliating technology failures, six major news services are disbanding VNS, a consortium formed to count votes and conduct Election Day surveys. How could the system have been overhauled before disaster struck twice?

Voter News Service: What Went Wrong?
In November 2000, a "perfect storm" of vote-counting miscues and polling problems led the major TV networks repeatedly to change their minds as to whether Al Gore or George Bush was the next president. In November 2002, a second storm whipped through the networks' election broadcasts.

Unfinished and mismanaged efforts to update the computer systems used by Voter News Service forced executives at the consortium's owners—ABC, CBS, CNN, Fox News, NBC and the Associated Press—to abandon the use of exit polling data before it even got all collected. Indeed, by mid-January the failures led to the disbanding of VNS itself. On Jan. 13, the six organizations said only that they were "collectively reviewing a number of strong options'' to avoid another fiasco in the future.,3959,826676,00.asp

"If I need to amend a return 12 months from now," says one customer in a posting on, "I am screwed unless I jump through hoops with Intuit."

Intuit's TurboTax Activation Scheme Irks Users
"One new twist to be aware of. You must activate the product on the PC you will be using to print or e-file your return; you can't load it on any other PC." For those unfamiliar with "product activation" technology, this may require a bit more explanation. In using this technology, which has become more and more prevalent with popular software packages including the Microsoft Windows operating systems, Intuit is attempting to crack down on unlicensed use of the product by binding each copy of TurboTax to a particular PC.

Although you may install TurboTax on a given machine, you won't be able to print your tax return or e-file it—file it with the IRS over the Web—unless you activate the product. To do so, you must input the product key listed on software's CD sleeve or case and obtain an activation code from Intuit either over the phone or via the Internet.

Once this is done, the software is linked to that particular PC. If someone else installs the same copy on another machine, the application will run but will not print or e-file the person's return without the purchase of another license and reactivation of the software. TurboTax licenses cost from $29.95 to $99.95.

Messages posted on Internet newsgroups and other online forums (including our own) complain about the company's use of product activation, with many users saying they've decided to switch from TurboTax to one of its competitors.…

Some comments reflect concern that upgrading a hard drive or buying a new PC will prevent use of TurboTax without the purchase of a new license. According to Intuit spokesperson Scott Gulbransen and a product activation FAQ on the company's Web site, this is not the case. If you upgrade your hardware or purchase a new machine, you can call Intuit's technical support line, obtain a new activation code, and reactivate the product without buying a new license. "Our technical support people can determine that the product has been activated by you before and that you're upgrading your equipment and [they will] go ahead and give you another activation number so you can continue using the product," says Gulbransen.

A recent story on CNET contradicted Gulbransen, quoting a licensed customer who claimed that, when he called Intuit technical support about reactivating the product on his new PC, he was told he would have to buy a new license. Gulbransen acknowledges that the customer did receive this response, but says the Intuit technical support rep was in error. "We had a rep who didn't do due diligence," he says. "The customer should have been able to reactivate without buying a new license, and we've contacted the customer to correct the problem."
The CNET story also quoted Gulbransen as saying that customers could use their old activation codes to install the software on new equipment: "In most cases, customers who need to reinstall TurboTax on a new PC or hard drive simply have to enter the original activation number they received." This is not the case, however. You must call Intuit technical support for a new activation code if you upgrade your hard drive or PC.

Some customers complain that contacting Intuit technical support for a new activation number is a hassle they'd rather do without. "If I need to amend a return 12 months from now," says one customer in a posting on, "I am screwed unless I jump through hoops with Intuit.",4149,821308,00.asp
Open Source Group Issues Top Ten Web Vulnerabilities
The list includes:

  • Invalidated Parameters: Information from web requests is not validated before being used by a web application. Attackers can use these flaws to attack backside components through a web application.

  • Broken Access Control: Restrictions on what authenticated users are allowed to do are not properly enforced. Attackers can exploit these flaws to access other users accounts, view sensitive files, or use unauthorized functions.

  • Broken Account and Session Management: Account credentials and session tokens are not properly protected. Attackers that can compromise passwords, keys, session cookies, or other tokens can defeat authentication restrictions and assume other users identities.

  • Cross-Site Scripting Flaws: The web application can be used as a mechanism to transport an attack to an end users browser. A successful attack can disclose the end users session token, attack the local machine, or spoof content to fool the user.

  • Buffer Overflows: Web application components in some languages that do not properly validate input can be crashed and, in some cases, used to take control of a process. These components can include CGI, libraries, drivers, and web application server components.

  • Command Injection Flaws: Web applications pass parameters when they access external systems or the local operating system. If an attacker can embed malicious commands in these parameters, the external system may execute those commands on behalf of the web application.

  • Error Handling Problems: Error conditions that occur during normal operation are not handled properly. If an attacker can cause errors to occur that the web application does not handle, they can gain detailed system information, deny service, cause security mechanisms to fail, or crash the server.

  • Insecure Use of Cryptography: Web applications frequently use cryptographic functions to protect information and credentials. These functions and the code to integrate them have proven difficult to code properly, frequently resulting in weak protection.

  • Remote Administration Flaws: Many web applications allow administrators to access the site using a web interface. If these administrative functions are not very carefully protected, an attacker can gain full access to all aspects of a site.

  • Web and Application Server Misconfiguration: Having a strong server configuration standard is critical to a secure web application. These servers have many configuration options that affect security and are not secure out of the box.

Wednesday, January 15, 2003

"Let's be clear," the letter reads. "We supported the gulf war. We supported our intervention in Afghanistan. We accept the logic of a just war. But Mr. President, your war on Iraq does not pass the test."

Protest Groups Using Updated Tactics to Spread Antiwar Message
A flurry of public dissent is planned over the next several weeks, tied to critical dates like Jan. 27, when Hans Blix, the chief United Nations weapons inspector, gives the latest report on his findings in Iraq, and Jan. 28, when the president gives his State of the Union address.

Some efforts are directed at people who may be skeptical about the war, but who are not comfortable attending marches and who do not want their names or money attached to catch-all activism that includes protests of Starbucks or sport utility vehicles.

Last month, Win Without War, the most mainstream of the antiwar coalitions, announced its formation with a carefully worded mission statement. "We are patriotic Americans who share the belief that Saddam Hussein cannot be allowed to possess weapons of mass destruction," the statement read. "But we believe that a pre-emptive military invasion of Iraq will harm American national interests."

Business Leaders for Sensible Priorities, a member of the coalition, was responsible for the signed letter in The Wall Street Journal.

"Let's be clear," the letter reads. "We supported the gulf war. We supported our intervention in Afghanistan. We accept the logic of a just war. But Mr. President, your war on Iraq does not pass the test."

The letter's primary backer, Edward Hamm, a retired Minnesota businessman, said he sought out the business group because of a lack of organized Republican dissent.

It did not matter, Mr. Hamm said, that the group's founder was the liberal entrepreneur Ben Cohen, co-founder of Ben & Jerry's. The group had the structure to help Mr. Hamm get his message out, and they allowed him to frame it from a Republican point of view.

"There's no one in the world more for gunboat diplomacy than me, but this administration hasn't proven its case," said Mr. Hamm, who said he gave several hundred thousand dollars a year to the Republican Party. "Insane left-wingers are not going to convince people of that. You need Republicans, business people and military people. I started casting about, and I found these guys."

Much of the efforts are taking place online, where Internet protest organizations like and are struggling to transform Web-based dissent into actual activism.

The MoveOn Web site enlists users to sign a petition opposing a pre-emptive strike against Iraq. It then instantly sorts and logs signers by state, to facilitate organizing at a local level. Users can make credit card donations to antiwar efforts.

When the organization decided last month to extend its work online to the production of antiwar newspaper and television advertisements, the site raised more than $300,000 in 48 hours. The average donation, said MoveOn directors, was about $30.

"You have to meet people where they are," said Eli Pariser, 22, international campaigns director for the online group. "You get a lot of people to chip in a little bit, and then it's our job to translate that into something bigger."
Justices Reject a Double-Jeopardy Claim
The Supreme Court ruled today that the Constitution's bar against double jeopardy does not protect a murder defendant from being sentenced to death in a new trial after the first jury had deadlocked over the sentence.

The 5-to-4 decision came in an appeal by a death-row inmate in Pennsylvania, which like many other states provides that a hung jury in the sentencing phase of a capital murder case results automatically in a life sentence.

Ordinarily, that sentence would be the final word, unless the defendant chooses to appeal the conviction, as David A. Sattazahn did in this case. He won a new trial on appeal, only to find that the state intended once again to seek a death sentence. This time, the prosecution succeeded.

The Pennsylvania Supreme Court upheld the new conviction and death sentence in a 4-to-3 opinion, rejecting Mr. Sattazahn's argument that having once faced a potential death sentence, he should be protected by the double-jeopardy principle from facing it again. The dissenters on the Pennsylvania Supreme Court objected that the result would be to deter meritorious appeals by defendants in Mr. Sattazahn's position.

Death penalty lawyers said today that the decision indeed made such appeals so risky that a defense lawyer could probably not responsibly represent an inmate like Mr. Sattazahn in an appeal of his conviction.

"There is now a class of people basically prevented from appealing their case," Christopher Adams of the National Association of Criminal Defense Lawyers, said in an interview.

Justice Antonin Scalia wrote the opinion for the court today upholding the Pennsylvania Supreme Court. Under the court's precedents, he said, "the touchstone for double-jeopardy protection in capital-sentencing proceedings is whether there has been an `acquittal.' " Consequently, a life sentence that reflects a jury's choice of that sentence and its rejection of a death sentence cannot be reconsidered in a new trial.

But a jury that has deadlocked has made no findings one way or another, Justice Scalia continued, adding: "That result — or more appropriately, that non-result — cannot fairly be called an acquittal" and so did not bar the state from seeking the death penalty in any retrial.

"It is class warfare, and they've declared it."

Tax Debate Inevitably Becomes an Argument About Class
"I understand the politics of economic stimulus. Some would like to turn this into class warfare. That's not how I think."

So said President Bush last week as he prepared to unveil his $674 billion, 10-year economic package, which his critics say favors the rich.

"It is class warfare, and they've declared it," Representative Charles B. Rangel of New York, the senior Democrat on the House Ways and Means Committee, said a few days later.

As far back as the Civil War, when the first income tax was enacted, The New York Herald hailed it for forcing W. B. Astor, Commodore Vanderbilt and other millionaires to "contribute a fair proportion of their wealth to the support of the national government."

While Representative Thaddeus Stevens, the authoritarian Republican chairman of the House Ways and Means Committee, agreed that the tax was necessary, he deplored the "vicious" and "unjust" idea that the tax system should punish "the rich man because he is rich."

But the flagrantly inequitable accumulations of wealth that characterized the Robber Baron era in the late 19th century were precisely what worried Theodore Roosevelt, who considered them a virtual incitement to class warfare.

"I do not like the social conditions," he told William Howard Taft, his secretary of war, in 1906. Roosevelt worried that "the dull, purblind folly of the very rich men" was breeding "a very unhealthy condition of excitement and irritation in the popular mind." His solution to these class resentments was to placate them. At the end of his term, he proposed an income tax, arguing that the very rich had "a peculiar obligation to the state" that should be fulfilled by higher taxes.

When the income tax became permanent in 1913, after a constitutional amendment, Senator Henry Cabot Lodge, the Massachusetts Republican, proclaimed that it represented "the pillage of a class," by which he meant his class — the very rich.

BUT the concern about singling out the rich is almost always trumped in times of real war. During the Civil War, the income tax was propelled because so many Americans were growing rich off the war. At a time when a man could pay $300 to escape the draft, Treasury Secretary Salmon P. Chase bought his daughter a $3,000 shawl for her wedding. It was not lost on the public that this was the price of 10 lives.

During World War I, Woodrow Wilson told Congress that people were willing to "bear any burden and undergo any sacrifice," including taxes. "We need not be afraid to tax them, if we lay taxes justly," he said.

That was also the philosophy of Franklin D. Roosevelt during World War II. Indeed, the Treasury Department commissioned Irving Berlin to write a song called "I Paid My Income Tax Today":

I never felt so proud before
To be right there with the millions more
Who paid their income tax today.

The patriotic spirit that surrounded taxpaying, especially when it was the rich who paid rates as high as 90 percent, continued into the cold war. President Eisenhower resisted cutting taxes because of the need to support the military and social programs.

Then in the 1960's, a new factor entered into the discussions: the Keynesian view that taxes affect the economy. John F. Kennedy advocated tax cuts to jolt the nation out of its recession. In 1980, President Reagan embraced tax cuts as a cure for recession, inflation and loss of confidence.

Charges that the Reagan cuts catered to the rich were at the center of debate in 1981. But after 1982, when the recession lifted, the tax cuts were credited with rescuing the economy. Today it is an article of faith among conservatives that the Reagan cuts ushered in two decades of prosperity.

Dissenters note, however, that the Bush tax increase of 1991 and the Clinton tax increase of 1993 — both of which raised taxes on the very wealthy and were labeled by their critics the greatest tax increases in history — were followed by job growth in the 1990's even greater than that of the 1980's.

If history is any guide, the coming debate over Mr. Bush's new plan, and the class resentments it may stir, will reprise the arguments of the past 150 years. But these arguments are certain to be intensified because of two questions: What effect will it have on the economy? What sacrifice will people expect from the richest taxpayers if young Americans start fighting in Iraq?
Tax Debate Inevitably Becomes an Argument About Class

"In the 80's, it was not so much the top moving way ahead," said Jared Bernstein, an economist at the Economic Policy Institute, a liberal research group in Washington. "It was the bottom getting smashed."

Who Are the Truly Rich?
They have become the most discussed social group in the United States. Yet few people acknowledge being a member, and there is little agreement about what qualifies one for inclusion.

They are the wealthy, and President Bush's current economic plan has thrust them to the center of attention. But whether one believes they should be soaked, or encouraged to create more wealth, even the terms of the debate are murky.

Some would include any family that makes more than $100,000 a year. Others put the cut-off much higher, noting that a six-figure income alone is not enough to buy many houses in the biggest metropolitan areas. Still others ignore salaries and point out that all of the commonly used words for the well-off — affluent, rich, wealthy — are supposed to describe people's assets rather than their incomes.

"Today, wealth is much greater in its diversity," said George Fertitta, the president of Margotes-Fertitta, an advertising agency that specializes in luxury brands. "Unlike 20 years ago, the wealthy person isn't the kind person you could paint a picture of and say, 'That's exactly who they are.''"

By any standard, wealthy Americans find themselves in an unusual position, having enjoyed one of the most prosperous 20-year periods in history. The fortunes of many families that were already rich have soared since 1980, but so did the ranks of the newly wealthy, with the number of households worth at least $1 million almost doubling to 4.8 million from the early 1980's to late 1990's, even after accounting for inflation, said Edward N. Wolff, an economist at New York University. Almost three million of the 130 million families filing tax returns in 2001 reported at least $200,000 in income, up from 1.3 million in 1995.

In the past, surges of wealth created backlashes that led to the trustbusting era in the 1890's and the New Deal of the 1930's. But since the technology bubble burst almost three years ago, the wealthy have become perhaps the chief beneficiary of government policy.

"It would be totally contrary to history to have a speculative bubble, and turn around and reward the people who benefited the most," said Kevin Phillips, whose "Wealth and Democracy" criticized the rise of inequality. "The last time this happened, the wealthy got killed by the government, with the New Deal."

This time, attacks on the rich have found little traction. The party more sympathetic to the wealthy has won control of the White House and the Senate since stocks began falling and joblessness began rising in 2000. One possible reason the class-war criticism has not yet stuck is that defining wealth is more complicated than it once was.…

The explosion in American wealth is often traced to the early 1980's, when a long bull market and a period of impressive growth began. But while the wealthy did well in the 80's, the major trend was the drop in the buying power of middle- and lower-income families, because of a stagnant minimum wage and high unemployment.

"In the 80's, it was not so much the top moving way ahead," said Jared Bernstein, an economist at the Economic Policy Institute, a liberal research group in Washington. "It was the bottom getting smashed."

In the 1990's, by contrast, inequality kept growing because the wealthy did fabulously well. Despite the decade's prosperity and the raises given to most workers, the top 20 percent of earners were the only group to increase its share of the nation's income.

"The one really conspicuous change is that it's possible to become a wealthy person just by what you earn for doing your job," said Robert Frank, an economist at Cornell University. "That wasn't very often possible 25 years ago."

From 1997 to 2001, the top five executives at the average American company split $31.6 million in profits from exercising stock options, according to "In the Company of Owners" (Basic Books, 2003), a new study of options. This sum does not include their salaries or bonuses.

AT most companies, the rewards of the stock-market bubble flowed overwhelmingly to top executives. But in technology companies, many rank-and-file workers famously made enough to be considered wealthy. Even excluding the top five executives, the average employee at a group of 100 big technology companies made $425,000 exercising options from 1994 to 2001, according to "In the Company of Owners."

Oddly, as the ranks of the well-off have grown, relatively few people identify themselves as affluent. In a 1993 New York Times/CBS News poll, 91 percent of people in families making at least $75,000 a year (about $100,000 in today's dollars) described themselves as middle class.

The issue is more than mere semantics in many places. The costs of housing, transportation, child care and tuition can quickly make a six-figure income seem middle class, even if it permits a living standard far above the national average.

The tax cut Mr. Bush proposed last week offers its own definitions of wealth. The truly wealthy are the small group of Americans who own significant amounts of stock outside of 401(k)'s and other tax-deferred retirement accounts. They would no longer have to pay taxes on many of their stock dividends, and this change would account for about half of the plan's $674 billion cost in lost taxes over 10 years. In 2010, they also won't face estate taxes, a feature of the 2001 tax cut that is set to disappear in 2011, but which Republicans want to make permanent.

Imagine a high-income family owning $10 million in stock that gives its members $200,000 in dividends every year. Before the 2001 estate tax cut and before any prospective elimination of taxes on dividends this year, they would have paid federal taxes on their dividends every year, and their heirs would have lost about half of the fortune to the estate tax. In all, the heirs would have received $5.6 million in 2010, assuming the dividends were reinvested but the stock did not increase in value.

Under the new proposal, combined with the 2001 law, they might not have to pay dividend or estate taxes and would instead inherit $12 million.

The next level is the group that makes more than $110,000. Exempt from some or all of Mr. Bush's proposed increase in the child credit, which would mainly help the middle class, this group would benefit significantly from the decline in tax rates, but would not fare as well as people who receive large amounts of unearned income from dividends.

Under current law, a provision known as the alternative minimum tax, originally intended for the very rich, will increasingly hit families making salaries in the low six figures. This tax prevents families from taking deductions for children and state and local taxes, among other things.

"Do they really think terrorists are going to stand on line for hours in the cold and turn themselves in?"

Complying, Anxiously, With an I.N.S. Roundup
Shoaib Muhammad, a 29-year-old computer engineer from Karachi, Pakistan, who has worked here for two years, says he is as far from being a terrorist as one could imagine.

But he is still afraid of being arrested when he shows up Monday at the federal building downtown to register with the Immigration and Naturalization Service under a program designed to root out terrorists. The program focuses on men from 20 countries, including Iraq, Iran, North Korea, Afghanistan, Syria, Sudan and Libya. Since it began last month, more than 500 men have been detained, most for visa violations. On Friday alone, about 125 were arrested nationwide, an immigration official said today.

"I've never been involved in a crime, but I'm still worried," said Mr. Muhammad, who holds a visa to work in the United States. "If they want me to go back, I will, but it's the way they're doing it, with handcuffs and detentions, that bothers me."

The roundup is aimed solely at men over the age of 16 who entered the United States as students, as tourists or on business before Oct. 1, 2002. But the program ran into trouble from the outset, primarily here in Los Angeles, when scores of immigrants, many of them from Iran and with relatives who are long-term residents of California, were arrested as they registered in December. Many had pending applications for visa extensions or were in the process of applying for legal residency. Officials have since acknowledged that they were overwhelmed by the number of people they had to process through fingerprinting and criminal background checks, and that some of the detentions may have been unwarranted. Most of the men have been released, with visa violators being required to appear before immigration judges soon.

In a letter to Attorney General John Ashcroft on Friday, Dr. William F. Schulz of Amnesty International U.S.A. wrote that singling out individuals on the basis of national origin "is tantamount to racial discrimination."

Officials from the Department of Justice and the immigration service, which it oversees, did not return calls seeking comment.

"The I.N.S. is trying to make it look like we're doing something about terrorism by targeting an entire community because they happen to be from a Muslim country," said Sarah Eltantani, a spokeswoman for the Muslim Public Affairs Council

In New York City, several blocks from where the World Trade Center once stood, some of the immigrants who lined up Friday to register at the I.N.S. office in Federal Plaza admitted having expired visas and said they feared being arrested or even deported.

Elyes ben Taleb, 28, said he had arrived from Tunisia five years ago "for the American dream."

"I love this country, but on a day like today, I don't feel like a part of America anymore," said Mr. ben Taleb, who lives in the Bronx and works as a marketing consultant. "Do they really think terrorists are going to stand on line for hours in the cold and turn themselves in?"

Tuesday, January 14, 2003

What is really at stake here is the preservation of an unavoidably messy but reasonable concept of merit and excellence.

The Merit Myth
Two cases involving the University of Michigan to be heard by the Supreme Court have rekindled familiar passions and resentments over affirmative action. Two white applicants, one to the undergraduate program and one to the law school, claim that they were rejected while less-deserving minority students were admitted. Merit, they argue, was subordinated to the university's desire to promote diversity.

The problem with the way this debate is yet again being framed is that defenders and opponents of affirmative action alike fail to come to grips with a reasonable definition of merit. The truth is, the qualities that make an applicant deserving of admission to a selective university cannot be reduced to a single standard of measurement — certainly not an SAT score or undergraduate grades — nor can they be judged simply on the basis of skin color.

The problem is that universities have for too long maintained a lie about how subjective and imprecise the assessment of merit actually is. Although tests and grades have been granted a dominant role in admissions decisions, they have never been considered alone. Selective universities consistently take risks, recruiting people with unimpressive test scores but brilliant achievements outside school; candidates with uneven grades but stellar skills in, say, music or sports.

Let's face it, in many cases the people who have made the most of college and professional school — as measured by their career success — have not always been those who entered with the highest test scores or the best grades. Motivation, ambition, curiosity, originality and the capacity to endure risk and think independently are essential components of merit. Grades are poor indicators because they are dependent on the whims of teachers and the divergent quality of schools. As for the SAT's, the most persistent correlation has been between high scores and high family incomes.

There are too many institutions that fail to look carefully at each applicant and are concerned only with making the numbers show that they have not been discriminatory. In the most cynical application, any minority student who meets the minimum standards to be considered worthy of protection by affirmative action is good enough. This reveals a pernicious racism under a liberal veneer.

Is it that too many defenders of affirmative action are themselves not convinced that merit is equally distributed throughout the population? One could reach this erroneous conclusion only if one believes that a numerical formula defines merit. Yet, because colleges do stick to the numbers, they are forced to make excuses when they admit minority candidates with relatively low grades or test scores. Instead of explaining the properly complex nature of judging merit, administrators argue about diversity and righting the wrongs of the past.

The defense of affirmative action should not rest on an ideology that celebrates diversity for its own sake, but on the need to protect applicants against societal prejudices that corrupt the capacity of institutions to assess each individual's potential fully.

If colleges were instead to redefine merit in all its complexity, the same expectations of quality could be applied uniformly to all applicants, and the resultant student body in competitive schools would mirror the diversity in the population.
con·cept: January 2003