The feature this week is part three of a round table discussion of some of the issues that were prominent this year. I was joined by Kevin Crosby, Vaskin Kissoyan, and Eric Christensen. The topic of this part is the future of computing and we got into a fun, far ranging discussion of cloud computing and some of the technical and non-technical issues it raises.

Grab the detailed show notes with time offsets and additional links either as PDF or OPML.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

I clicked through for more information and it turns out that the extension has been updated, without fanfare, to spot SSL certificates that use an MD5 based fingerprint. The info shown when clicking More Info on the warning references the research I mentioned in my last podcast.

From the Márton Anka’s (the author of the extension) site:

Update 12/31/2008

SSL Blacklist now detects and warns about certificate chains that use the MD5 algorithm for RSA signatures.

An attack has been demonstrated yesterday that highlights the practicality of the well-publicizedpdf weaknesses of the MD5 algorithm. Essentially, any certificate signed with the MD5 algorithm may be counterfeit.

The demonstrated attack has two notable prerequisites: the ability to predict information in the prefix blocks of the data, and the present existence of CAs that use MD5-RSA to sign CSRs.

I was just thinking that an extension that simply warned about sites using MD5 based certificates should be well doable and a decent measure to help put pressure on sites and CA’s. Looks like I was a week or so late in that thought. Huge thanks to Márton for the original extension and now this valuable update.

On a related note, Verisign has announced they are no longer issuing MD5 based certificates. They are one of the biggies, hopefully the rest of the CA’s will soon follow suit.

DJ Spooky is headlining but it looks like they have some great additional talent lined up, more details at the link. For a bit more you can also purchase a ticket to a VIP pre-party where DJ Spooky will be reading from his book, “Sound Unbound”. It looks like a great chance to meet EFF board members and other luminaries, too. I am so jealous of anyone who gets to go to the party, let alone the VIP pre-party.

If you make it to either or both events and are a listener of the show, please call the voice mail with a report or email me to schedule some time to chat. I’d love to snag a bit of first hand reporting for the podcast.

The biggest news, of course, is that the iTunes store is going DRM-free for its music catalog. I checked after I saw this story and while not all my purchased music has the upgrade option, yet, I was surprised that about six more albums had been freed up. I have seen some complaints of the cost but I think it is worth it to secure the freedom of my media. It also means I’ll once again consider buying new music from iTunes, including over WiFi with my iPod Touch.

There is no news on any of the other media in the iTunes store. That means it is pretty much a certainty that this deal is only for music. Audiobooks are all provided by Audible, now owned by Amazon, who has not made good on any promises to free up their offerings. Video across the board has been lagging the music industry in abandoning DRM regardless of the outlet.

I am not sure the dynamics overall are anywhere close, that the draw for the iPod as a TV and movie player is strong enough to encourage competitors onto the device via unrestricted formats. Add in the traction streaming services, like Hulu, have gained and I am not sure this same scenario will ever play out. Still, I think it is worth continuing to push on iTunes and Amazon on DRM for other media. Every day that they continue to profit from DRM-free music is a day’s more data of convincing them that the type of content is irrelevant to the question of digital locks.

You asked about the band whose CD we had brought to the party. The band was Fite House and their music can be found at www.fitehouse.com

SoundSprout.com is currently being revitalized; however, when we’re back up and running in the near future, fitehouse will be releasing a new CC album on our site.

The CD Mark brought was excellent and the artists, as I mentioned in the podcast where I talked about the party, are very much open content and free culture advocates. Glad tidings that this band has a new release in the works.

In the intro, just a quick round up of events for this month and the coming year including Farpoint, Balticon 43 and Shmoocon. I’ll also be attending Wiki White House at Google’s DC office this week and a luncheon discussion of the Jacobsen case put together by the DC bar. The former appears to be full up and the latter does involve a fee.

If you want to help me get to Penguicon and/or Dragon*Con this year, please make a donation.

This week’s security alert is just a lengthy discussion of an attack on the public key infrastructure based on the well researched possibility of collisions with the MD5 algorithm.

In this week’s news the web comic User Friendly calls attention to the end of the VHS, a new project exploring molecular computing, a book and project bring design patterns to social activism much like they were adopted for software development (you can purchase the book on Amazon), and a paper testing how well the four common browsers handle private data, the problem of Flash cookies being the most disturbing finding.

Following up this week Flickr’s The Commons project put into question with a Yahoo layoff and an unconfirmed report that the RIAA may be firing MediaSentry.

Grab the detailed show notes with time offsets and additional links either as PDF or OPML.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

• Latest Linux kernel release
  The two biggest changes are a new memory manager for the GPU, GEM, and the ext4 file system. The article also mentions moving new driver development to a more visible location in the mainline which may help prompt contribution. The article has links to more detail on the other changes.
• FBI code cracking challenge
  This is their second such challenge in as many years. Contests like this are common, just not coming from law enforcement agencies. I’d be willing to bet it is a recruiting tactic of some sort.
• Swedish Pirate Party rises about the margin
  The party is apparently experiencing solid growth and surprisingly positive results in voting polls. The article speculates that progress made by copyright maximalists may be encouraging voters to consider the alternative.
• CCC hackers demo critical crack of telephony security
  The standard in question, DECT, has been cracked before but required an expensive set up. This research shows eavesdropping accomplished with a cheap PC-card meant for wireless VoIP. Not surprisingly, encryption and authentication are often weakly implemented, if at all. Apparently, even when encryption is enabled, the researchers are able to spoof a base station and disabled it after the fact.
• Python on the G1
  Good news for early adopters who want another option beyond Java. It builds already on existing work and I have to imagine as it attracts interest, we’ll see the setup become easier for the average user or casual script hacking.
• AMD releases more code for open source ATI drivers
  This was apparently done by a couple of motivated employees and should boost driver development and cascade on through to a better end user experience.
• Interview with creator of online tools for civic life
  More good hacktivism, using tech to make data more available regardless of progress on government transparency.
• Google dropping support for IE6
  They are pushing both Chrome and Firefox 3, instead, and some features of Gmail no longer work in the aging browser. IE7 is still supported, as will IE8, no doubt. Not that surprising just on how old IE6 is, though it also supports the theory that Google is trying to become an independent channel through Chrome.
• Silicon that emulates stem cell growth, differentiation
  Not a lot of detail but it makes me think of a story I covered a while ago. A computing substrate that self assembled. The problem with that system was the unevenness of the quality of elements in the resulting computer. The trick to that project was software that mapped out the resulting system to route around unusable elements. No idea if this is the same thing.
• Interview with RMS on 25 years of free software
  This is a good history of GNU but also covers free software and the GPL more generally. It even discusses the popularization of Linux and the problems getting contributions up stream, not just from individuals but also from distro makers, in particular,Canonical.

Quick Security Alerts

• Microsoft denies media player bug

Quick Follow Up Links

• Martin drops porn filter from free wireless plan
• FCC denies SOC petition

Edge cases are hard to test by definition. In retrospect, a leap year seems easy enough to check but think about all of the core cases QA has to cover with a media device. Playback, media synchronization, all the UI bits, battery handling, and many more besides. In thinking about the full test suite for a media player, would it occur to you to permute the system clock through each day of a standard year, let alone a leap year?

It turns out that in the Zune case, the bug apparently originates in a lower level chip driver. So even if Microsoft had tested their own software stack fully, that doesn’t guarantee they would have flushed out this integration issue.

The difficulty of testing the unanticipated is why techniques like fuzzing were developed. This is a permutation of a security axiom, though. An engineer can easily build a system that they cannot manage to break, this doesn’t mean the system lacks faults. It says more about the biases and perceptions of the engineer. At least fuzzing illustrates a bit of creativity in trying to get past an engineering team’s built-in limitations.

The open source development model, in contrast to Microsoft’s secretive methods, would be easy to advance as an anodyne. It has its advantages in terms of transparency, that many more engineering eyes would be combing through the code increasing the odds of spotting a problem like this. There is also such a rich tradition of re-use that allows any given project to build on the momentum of core libraries benefit from external achievements in quality and functionality. For popular libraries and tools, many other users have tackled the integration scenarios a new project is likely to encounter. Using an open source library means higher level projects can feed fixes back into lower level components, fixing their own issues as they encounter them.

Unfortunately, testing is one of the areas where open source projects are constantly short handed. Everyone wants to write new features, finding bugs and submitting patches just seem less glamorous. Many projects require a certain level of patches submitted by a potential contributor before granting them full commit rights to the code repository. I am sure that helps, to a degree, but I think it may as often chill interest in contributing code.

My only real takeaway from this little debacle is to be reminded that hacking on code is only one element of a successful project. I read many excellent thinkers on the subject of incorporating security and usability alongside core development on projects. Quality testing may not even have the appeal of these other not strictly coding aspects of projects but it needs its own top notch advocates who bring the same creativity and zeal to reduce the odds of an embarrassing but easy to commit defect like this own escaping into the wild.

In the intro, I share my review of Ed Piskor’s “Wizzywig Volume 1: Phreak”.

The feature this week is part two of a round table discussion of some of the issues that were prominent this year. I was joined by Kevin Crosby, Vaskin Kissoyan, and Eric Christensen. The topic of this part is where we are at with copyright infringement and enforcement. Most recently the RIAA has announced it is stopping its individual law suits. However, they are pressing an unusual criminal case against an individual. The risk of the urge to perfect enforcement is the increasing irrelevance of copyright to the average person.

Grab the detailed show notes with time offsets and additional links either as PDF or OPML.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

My pile of books to read is, not surprisingly, quite tall. I am hardly alone in this respect. My wishlist, though, has crept north of three digits. I don’t put most of those books on my public wishlist since it is a bit overwhelming and I tend to buy them on my own on a regular basis.

I put Knuth’s “The Art of Computer Programming” on my public list since it is a bit pricey and not of immediate use to my day job. I didn’t expect anyone to purchase it for me. At most, I thought I might receive a gift card some day that would make enough of a dent for me to splurge on the remainder.

Imagine my surprise when I opened a package from my mother to find the hardcover, boxed set nestled inside. My delighted squeal was followed by an attempt to explain my exuberance to the wife who is not acquainted with the works of Knuth.

I have many books on my technical book shelf. More than a few the quality of which are best measured by the width of their spine. A few, like Design Patterns, The Progamatic Programmers, and Effective Java are much loved and well thumbed. The Knuth set is now the crown jewel of my technical library and I look forward to making my best effort to reading them cover to cover. I fear doing so may take me almost as long as the author has been working on them.

Two of the volumes in the boxed set I received are of the third edition. The original copyright on the first volume is as old as I am. In the preface, Knuth still describes these as works in progress. And the series is not yet complete. I think there is something like six or eight volumes in total planned. Knuth clearly means to cover all the worthwhile fundamentals of computer science and he is well qualified to do so.

I think likening it to Newton’s Principa is a fair comparison in terms of the breadth, depth and importance of the work. And Knuth is still with us and working in the field.

Flipping through the first few pages of Volume 1 reveals a tidy flow chart, a procedure for reading the first book. I am relieved to see a box marked, “Relax”. I am very much going to enjoying disappearing into these books as my time and other pursuits allow.

Thanks, Mom.

Gwibber is to micro blogs and life streams what Pidgin is to IM. Thankfully, some of the micro blog services have died off but my own social network is currently split across two. My fellow tech geeks and free software advocates all like to hang out on Identi.ca. It has considerably more hacker cred and is free software in all of and the best senses of the word. All the rest of my friends are on Twitter, since it was one of the first and still one of the most popular.

I have cobbled together my own scripts for posting to both services. Consuming messages from both has been a challenge. On the Mac, there really is only Twhirl for multiple services. I know many people who like it, I personally cannot stand it. I don’t know how much of the crummy UI is the fault of Adobe’s AIR platform or the application developers. In either case, I find it ugly and largely unusable. Your mileage may vary. I end up using Twitterific, which I still like for its IM-like and email-like features and I have to compromise and use XMPP for Identi.ca. XMPP, a form of instance messaging, is workable but not ideal since it is separate from Twitterific and doesn’t give me some of the niceties of a dedicated client.

On Linux, however, Gwibber works exactly how I want a micro blog client to work. It is even smart enough to coalesce duplicate messages from the small overlap in my subscriptions between the two services. It lacks a few things, like direct support in the UI for direct messaging on either service, but you can still use “d username msg” just like you can in XMPP and Twitterific.

What I desperately want now that I have been using Gwibber daily for just a bit over a month is to be able to run it natively on my Macs. I had been playing around with MacPorts to set up some other software and was curious if it would be possible to supply Gwibber enough of its dependencies to get it to run.

The short answer is no, at this time, it is not possible. I got close, mostly by trying to run the main Python script and installing each module it needs in turn. Actually, first I had to change the bang path to the MacPorts version of Python, in /opt/local, since using the env trick in the stock script just plain didn’t work under OS X.

I managed to get all the way up to webkit, seemingly the last dependency. Ironically, given how webkit is used so heavily by Apple and contains some of their code contributions, I could not get the MacPorts port of webkit to build successfully. I am also not certain that that would have been sufficient as I believe I would also need GTK bindings, Python bindings, or possibly both to make Gwibber happy.

The silver lining is I think I may have solved some issues I was having with the MacPorts port of GNUCash incidentally. I had to install Quartz to satisfy an X dependency in GTK. I think this may have made it possible to compile other GTK applications, though I have not yet tested that theory.

To be perfectly honest, what I want is the Python guts of Gwibber with a nice Cocoa front end. With PyObjC and XCode 3, this should be possible. I set out a while ago to try to accomplish just such a piece of software until I conceded defeat in the face of Cocoa. Too many years doing lower level, web application and systems development may have spoiled me for desktop application hacking. I welcome anyone else who wants to try and actually would be happy to pitch in, with testing, documentation or even coding the non-Cocoa bits.

I subscribed to Ed’s RSS feed after completing the first volume and placing my order for the second. I noticed that in his writing, he is concerned with getting hacker culture and history right. I don’t think he needs to worry, even if some the details may be off, and I don’t think they were, he clearly gets the hacker spirit.

The book is short, just over a hundred pages, but part of a four part series. The first two are available now. The page layout is a simple, four-panel square and Piskor’s drawings are somehow at once spare and richly textured. I likened the online samples I saw to Maus and I think that comparison holds up well after reading the first volume. The narrative construction is similar though Piskor favors a more detailed, almost caricatured approach to his characters.

The book itself lacks an ISBN and looks like a high end print-on-demand. My copy had a hand drawn picture of the main character and a few words from the author. If he is printing these himself through a small press or on-demand, it is no detraction whatsoever. The personal touch goes a long way to cementing its charm. I wonder if he does that for each copy he sends out?

The protagonist, Kevin “Boingthump” Phenicle, is clearly an amalgam of several notable hackers but is also a distillation of the intense curiosity that motivates those persons on whom he is based. I was captivated by the seamless progression of his interests from one to the next. Piskor contrasts this nicely with his sole cohort, Winston, who is much more clearly based on 2600’s Emmanuel Goldstein. Winston is always interested in the political angle while Kevin is only interested in a puzzle as long as it takes for him to solve it.

Phenicle is also plagued with the crushing social awkwardness that seems to bedevil many genius techies. Piskor works in the pathos of dealing with that particular flaw quite deftly. While the volume closes with the necessary set up for the second installment, Hacker, the high point for me was Kevin’s fight-or-flight moment just a few pages prior.

In short, the first volume lived up to its promise. I think this is an excellent book to provide to anyone, technically literate or not, you think needs a better grasp of what it means to be a hacker. I am pleased that the book is also appropriate for a younger audience. My two sons take a lot of technology for granted, I intend to share Piskor’s series with them to provide a launching off point to discuss in a bit more depth some of these technologies and the more interesting questions they beg.

In either case, I will investigate further on my testing instance and post an update as appropriate.

Updated: Well, in the course of publishing this very post, I have ruled out Ecto.  And it looks like the error may not even be WordPress related, per se.  Apparently, I cannot reach Identi.ca from my VM at SliceHost.  I’ll keep checking and try again once I’ve sorted the connectivity to make sure the plugin is alright or make fixes as needed.

Conclusion: I tested Laconica Tools successfully with WordPress 2.7.  It does in fact work and the glitch I saw with curl was just an intermittent disconnect between my host and Identi.ca.

• Open source tool adopted in Colorado for e-voting audit
  First PyVote, now this. I guess if there is too much money involved in the systems themselves, this is a reasonable and effective role for open source software to play.
• Mozilla chief admits Chrome complicates Google relationship
  I’ve wondered why Google didn’t partner more closely with Mozilla rather than release Chrome. I guess the fact that despite the substantial revenue Mozilla receives from them they remain independent would limit Google’s ability to set direction for the browser. By maintaining the relationship, I’m guessing Google still gets to claim some credibility for supporting Mozilla.
• Lori Drew case inspiring updated laws, new cases but at what harm?
  The only charge mentioned in the article is a misdemeanor. I would suggest condemning the new law should wait to see if it is merely consistent with offline harassment or whether, like cyber crime laws, it is unbalanced and levies much stiffer charges andpenalties.
• Comparison of slot machines to e-voting systems, vua USACM
  It is easy to be cynical about the better investment in sin. I’d rather look at this as proof and a model that security, accuracy and accountability can be achieved. Assuming you are willing to overlook a slightly flawed analogy in terms of where vested interests lie in gaming.
• Vint Cerf weighs in on national CTO role
  Not surprisingly, Cerf has a broad view of the role. He makes a good point, though, that thought leadership and infrastructure investment may be easier than ensuring smooth operation of government IT as there are agency level IT officers already that represent a bit of a political minefield.
• Psystar denies rumors of conspiracy against Apple
  What else would they say? Really, though, it is much simpler to suggest that they figure they have little to lose by fighting Apple and have simply drawn the caliber of help they have because of the stature of their target.
• Secret censorship list in Denmark
  This is the UK and IWF all over again. The exact same problems, prior to the leak, no one knew the contents of the list, its formulation was private. And there is no clear avenue fordispute.
• Lessig thinks the FCC has outlived its usefulness
  He points out the commission as being held almost entirely by captive interests, a prime example of the corruption he is now focusing in on. He proposes an alternative model aimed at fostering network innovation, not entirely a bad idea.
• Generated paper accepted by tech conference
  Reading the abstract, it is clear to me this story is not about how sophisticated the generator code for the paper was. Looks like a 3-order Markov chain with a reasonable set of input papers. One of the commenters suggests a likely theory, that the review used automation, as well, closing a metaphorical, maybe even literal, loop.
• Haskell, Python make one programmer worse
  I’ve read this before, Tim O’Reilly re-tweeted it this week. I have a certain amount of sympathy, I suppose, but I think the author needs to get over it. A true urge to being a polyglot would find a way to either compartmentalize or abstract away the values of different languages to keep them distinct for the purpose of coding for pay.
• Underestimating benefits, overestimating danger of openness
  I think this is the most reasonable response to the claims that closed systems are so attractive the public will favor them over open ones. Openness is pervasive and unlikely to be out-competed. It also assumes more of a zero sum aspect, which I don’t entirely agree with, either. We’ve had open and closed systems co-existing for some time without one eliminating the other entirely.
• Are operating systems fated for irrelevance?
  Really this is more a question of automated update and user space installation making enterprise OS and network level policy management irrelevant. I doubt the typical home user cares and that is clearly who his example, Chrome, is targeting. I am uncertain of his conclusion, that these types of apps in the enterprise will keep sailing past IT’s efforts to manage them since they can always resort to draconian measures to simply block them outright.
• Domain specific language for cryptography
  Fascinating though I really want to see some independent researchers put it through its paces. If it bears out, this could make the next NIST competition much more lively.
• Objective-C to get anonymous functions
  Looks like this makes closures and similar constructs, like list comprehension, much more tractable. It also cements this trend among language development more broadly, a move to hybridize functional programming with existing paradigms.
• Cygnus patents desktop icons, starts suing
  This is not the outfit that gave us Cygwin, thankfully, but just a run of the mill troll. The earliest filing date is in the 1990’s so prior art will no doubt limit the traction their complaints will be able to gain.
• UK culture minister wants web sites ratings, censorship
  This is the same person pushing for term extensions for music copyrights in the UK, again, on moral rights grounds. This shows how out of touch Burnham really is with how the networked world works and the marginal effects of this sort of regulation.
• AGPL approved by Debian
  Excellent, one less barrier to access as this means that packages of AGPL’ed software will be available in the core repositories rather than in supplemental, non-free ones.
• OOo developer thinks the project is stagnating
  This is based on analysis of code commits, so is hard to interpret as anything other than depressing.

Quick Security Alerts

• Evidence that slow, brute force botnets may be adapting
• Demonstration of an undetectable man-in-the-middle attack

Quick Follow Up Links

• Australia considers expanding filtering to file sharing, BitTorrent
• ISP wants to be paid to act as copyright cop
• Boson finally in talks with students over transit card flaws
• MD files a claim against Diebold
• RIAA appeal in Thomas case denied

The feature this week is part one of a round table discussion of some of the issues that were prominent this year. I was joined by Kevin Crosby, Vaskin Kissoyan, and Eric Christensen. The topic of this part is the state of copyright, taking into consideration this year’s petitions for exemptions to the DMCA and the defeated Canadian DMCA. We quickly veered into a discussion of generation gaps and norms, however.

Grab the detailed show notes with time offsets and additional links either as PDF or OPML.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

This week’s security alerts are disappointing security test results for browsers’ password handling and Microsoft announces and delivers a critical patch to the IE flaw I discussed last week.

In this week’s news the Wall Street Journal confuses Google’s efforts to spread caching with backing down on net neutrality thankfully Lessig and Google have responded directly, a new tool to make access tor’s hidden services easier, a very clever use of existing DNS queries for dead drop messaging, and Neuros announces software development bounties for their latest offering, the Link.

Following up this week the Open Rights Group has some good analysis of the IWF/Wikipedia fiasco and McAllister digs out some more details about Google’s native client.

Grab the detailed show notes with time offsets and additional links either as PDF or OPML.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

• FCC scraps plans on free wireless internet plan
  This was to be based on their conditions of certain chunks of wireless spectrum. Apparently the opposition was too stiff so they cancelled a vote and appear to be scrapping the plans altogether.
• A good rebuttal of misinterpreting CDNs as violating neutrality
  Tim Lee had a pretty well considered paper, recently, exploring possible unintended consequences of regulating for neutrality. Also clarified some definitions and uses that basis to rebut the WSJ piece, that they misunderstand the difference between lower level routing concerns and content caching.
• Samba’s Jeremy Allison on future of Linux
  Not as far ranging as I had hoped, given some of his much more thought provoking writing. Still, it should carry some weight when such a high profile Linux developer says there should be more cohesion across distros.
• Google Friend Connect now compatible with Twitter
  This is a pretty high profile deployment. If anything is going to prove out whether Friend Connect is worthwhile or not, it is going to be a massively popular service like Twitter.
• Appeals court limits NSL gag orders
  The court actually overturned a lower court ruling that might have struck down a portion of the Patriot Act. The ruling is a bit of a compromise, though, as it raises a First Amendment burden on NSLs higher than what is required by the law.
• Netbooks increasingly tethered by data plans
  I guess the idea is to couple the cheap device with more ubiquitous data service than wifi alone. However, the article points out this raises the total cost of ownership to approaching a traditional notebook, erasing much of the appeal of these cheaper devices.
• Professor argues IP law can be tweaked to support open standards
  The core of his idea seems to be to encourage competition in standards to foster open ones. The goal is laudable but I think naive given that not all market actors are rational and that market failures are more common that he seems to give credit.
• If programming languages were religions
  Just a little bit of humor, taking equal swipes at all of the languages on the list, including some less common ones like Lua and Haskell.
• Possibility of tech workers unions and opposition to the idea
  I am not sure I understand the real issues at play, here. It seems to me that tech workers have far more individual bargaining power and the possibility of unintended consequences of collective action may be more far ranging.
• CDT calls for do not track list
  This seems like another key consumer protection that will face stiff opposition as it strikes at a core aspect of online advertising. Similar things could have been said about the do not call list which has managed some partial success so who knows.
• Novel comparison of hackers to musicians
  This is a bit more detailed and better considered than the first impression from the headline. It is not the usual comparison of hackers to creatives.
• RIAA moves on from file sharing to 3 strikes rule
  This is going to be discussed on the upcoming year in review episode. In short, this is hardly surprising and doesn’t mean the industry is relenting and coming to terms with the facts of digital copying.
• Should Wikileaks have a better standard for whistle blowing?
  Whistle blowing does imply a moral direction of some sort. As such, I do think this question bears more consideration than the site operators seem to have given.
• Free high availability load balancer
  Not sure of the license but this at least appears to be free as in cost. It also goes a bit beyond what could be done with say mod_proxy_balancer with very little increase in relative complexity.
• Arkansas court protects identity of users editing Wikipedia
  The rationale appears to be safety rather than free speech. It is possible the law on the books in that state about using state resources for political speech legitimately trumps free speech, hence a rejection on another basis.

Quick Security Alerts

• Recession could increase criminal activity online
• OS X update brings 21 security fixes
• Mozilla disputes research claiming FF is most vulnerable software

Quick Follow Up Links

• Gowers slams Burnham over renewed copyright term extension push
• Clarifying types of net neutrality
• ACTA negotiations to continue, at least a bit longer
• Update on Wikipedia moving to a CC license

My first impulse when I examined the form source was to expand the curl calls to try to handle the token. The recommended approach, however, is to use the Twitter compatible API. This approach will remain more simple and consistent over time whereas the form may go through further evolution to keep browser access safe.

So here is the current script that I use for anyone else who may have run afoul of this change:

#!/bin/bash

new_message=${1}

curl \
--basic \
--user user:password \
--data "status=${new_message}" \
--output /dev/null \
http://identi.ca/api/statuses/update.xml

In the intro, a quick wrap up on the Creative Commons 6th birthday part hosted by Public Knowledge and the DC CopyNight crew. The first set of pictures are already up. The other pictures don’t appear to be up yet, I’ll post separately with the link once I have it. I could not find the band the SoundSprout guys brought, if anyone else remembers and sends it to me, I’ll also post that link.

Listener feedback this week is from Jed who had some thoughts on the recent discussion of MVC, unity and PHP.

The hacker word of the week this week is dot file.

The feature this week is a rant inspired by this article about Dell’s race to the bottom.

Grab the detailed show notes with time offsets and additional links either as PDF or OPML.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

If you are in the DC area, come to the Creative Commons 6th Birthday Party being coordinated by the DC CopyNight crew and generously hosted by Public Knowledge.

This week’s security alerts are a massive distributed attack on SSH servers and a zero day exploit in Microsoft’s WordPad and Internet Explorer the latter apparently affecting all versions of the browser.

In this week’s news British ISPs catch Wikipedia in their censorship net then relent, Google introduces a way to run native code in browsers, Ed Piskor releases a graphic novel covering the history of hackers and phreakers, a self destructing poem from Agrippa, an art book launched in the early nineties, has been recovered and run under emulation.

Following up this week RedBox continues to fight for survival and the UK and the EU again consider term extensions for music copyrights.

Grab the detailed show notes with time offsets and additional links either as PDF or OPML.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

• Risks of automatically scaling in the cloud
  George Reese distinguishes between the ability for an informed operator to add capacity in the cloud and the idea of having a system do it automatically. Really his criticisms of the latter are also an exhortation to understand proper capacity planning, first and foremost.
• FF extension to bypass British censorship of Wikipedia
  Using SSL apparently bypasses the filters. This extension is a compiled Greasemonkey script that seamlessly switches between plain text for browsing and encrypted for editing.
• Re-framing privacy on social networks
  The idea behind the paper makes sense and I look forward to reading it. It occurs to me that this re-framing may also be useful when considering the existing case of privacy in public spaces.
• Unlimited licensing model for universities
  This has support from both sides so may come to pass. I am most interested in seeing how it operates as a model in the small for more broad application. I am not sure how you would account for the difference in norms, that college students have less money but more time, a fact cited for their favoring of file sharing over existing legitimate offerings.
• Critique of Warner’s licensing plan for universities
  Techdirt’s Masnick is critical because he doesn’t think the plan can be effectively administered, which I think is fair to a degree. I am more concerned by the fact he calls out about the details more generally, that the labels just aren’t being open about any of the specifics.
• OpenCL 1.0 spec released
  The spec was originally part of Apple’s plan for Snow Leopard but has rapidly moved to a final form and a good number of backers.
• The mouse turns forty
  Amazing to think how long ago this peripheral was first demonstrated and how pervasive it has come since. The original demo included the select, copy and paste operations with which we are so familiar and rely on in multi-tasking, multi-window environments.
• OIN, SFLC and Linux Foundation launch a grass roots patent defense tool
  This is what I was hoping RPX would be, which really seems to be just another form of troll. Linux Defenders is centered on defensive publication and genuinely seems like it would benefit everyone, not just companies that can afford a membership fee.
• MD court weighs online anonymity
  Defamation is definitely about harm and one of the more widely accepted limits on free speech. If the plaintiff can prove harm, I don’t think it is entirely unreasonable to press for the speaker’s identity. I also don’t see how it could be applied more broadly as an erosion of anonymous free speech as a whole.
• BitTorrent to favor local peers to ease burden on ISPs
  This bolsters the more charitable interpretations of their move to switch to UDP by default, that they are as interested as the ISPs in making torrent traffic more manageable. It makes a certain amount of sense, that fighting with ISPs slows adoption of BitTorrent’s technology.
• MacFUSE 2.0 released
  Most of the changes seem targeted at making development easier and to improve support for 64-bit hardware and newer versions of OS X. Hopefully it will encourage more experimentation and contribution as a result.
• Stroustrup on educating software developers
  The core of the interview seems to focus on the gap between computer science and practical programming. Most of what he seems to be lamenting is lack of design, good style and other skills more applicable in the work place than academia.
• Adoption of DNSSEC and its alternative
  Maybe this is a bit of fallout from the bug Kaminsky uncovered. Certainly many were calling for a more secure alternative to the aging DNS. One, Bernstein, thinks he has a better alternative, DNSCurve, than DNSSEC which has received criticism of its own.
• McCartney releases album as DRM download
  Its an experimental project, not McCartney’s own next album, but noteworthy that such a high profile musician is involved. It seems very, very similar to Reznor’s experiment, minus the pay what you think it is worth aspect and the CC-license. Still, 9USD for highest quality MP3 and a higher cost option that includes CD and vinyl is certainly very attractive. You can listen before you buy, too, so much to like here.
• iPhone Doom with video out
  This is an update to a previous port of the game. The article points out what is really most exciting, sources demonstrating how others can hack on the TV out capabilities of the iPhone.
• Browser security handbook from Google
  This is more of a reference than a guide which is good news for application developers. The handbook is presented as a wiki with invitation to provide feedback so hopefully it will track as browsers continue to evolve.
• Teacher confiscates Linux CD’s, claims no such thing as free software
  This is initially horrified but prompted an excellent outcome. An advocate, from Helios itself, contacted the teacher and helped explain to her how wrong she had been. She was apparently very apologetic and awed.
• Mozilla security chief is leaving at year’s end
  No details yet but it sounds like Snyder isn’t leaving Mozilla so much as going towards something else. Many capable people at Mozilla will take over.
• Criminal hackers help illegal timber loggers
  This is a reminder that when mass attacks, like spam and botnets, are more common that when there is sufficient money incentive, targeted, expert attacks still occur. This is all the worse because of the ecological impact.
• Apps can silently switch on roaming on G1 phones
  As the article points out, Apple received a very visible black eye for this exact issue. Worse, users cannot disable roaming to prevent applications from using it unbeknownst to them.
• Open source program reveals Diebold bug
  In the absence of open source in the systems themselves, it is encouraging to not only see open source used to audit voting systems but also to see a volunteer effort to improve transparency and hopefully accountability.

Quick Security Alerts

• Audio CAPTCHA cracked
• Mega-D botnet thrives despite other takedowns
• Facebook left a vulnerability unaddressed for four months

Quick Follow Up Links

• Australian filter trials won’t be live ones after all
• Serious Diebold software error loses votes in CA

The format will be a multimedia pot luck. We’ll provide the projector and speakers. You bring your favorite Creative Commons licensed music and video. Bring a link and/or bring some info about the creators.

Here are the details. Food and drink will be provided and while tickets are not required, purchasing one will help cover the costs.

If you can’t make the party, consider donating to the Creative Commons. They are still running their year end fund raising campaign and I’m sure would appreciate your contribution.

Listener feedback this week is from Vaskin continuing the discussion of git.

The hacker word of the week this week is dongle.

The feature this week is a review of the book, “The Hacker Ethic”, by Pekka Himanen. Here’s the synthetic biology debate that I mention in the piece in relation to Castells tie-in of bio-science with informationalism.

Grab the detailed show notes with time offsets and additional links either as PDF or OPML.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

This week’s security alerts are confusion around Apple’s recommendation of AV software then their retraction and a Firefox trojan that identifies itself as the popular Greasemonkey extenions.

In this week’s news worry over a change for one BitTorrent client to favor UDP traffic along with a clarification of their intentions about network congestion management, Facebook rolls out their latest data sharing effort though it is far from a true data portability play, the EFF and others file their petitions for DMCA exemptions, and Python 3.0 has been released amidst criticism of its breaking backwards compatibility though some are offering very well reasoned defenses.

Following up this week the judicial oversight amendment to the EU telecoms package has been stripped and Spore is the most pirated game of the year despite EA’s insistence of draconian DRM.

Grab the detailed show notes with time offsets and additional links either as PDF or OPML.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

• Reality mining and the privacy debate
  This is an incremental step beyond the existing privacy threats, driven by the same concerns, largely the tension between convenience and the desire to use this data, these tools to improve revenue.
• Potential effect of the Drew verdict
  The problematic verdict conflates violation of terms of service with the Computer Fraud and Abuse Act, itself a tricky bit of legislation that has been misused repeatedly already. It sets a precedent, a bad one, where others could make similar arguments, effectively turning ToS into private laws.
• Busting the myth of the inevitable PC upgrade
  Linux users have know this for some time, getting more use out of older systems for longer than PC makers want us to believe. This is kind of an interesting silver lining to Vista’s woes, at least for consumers tired of the upgrade treadmill.
• change.gov switches to CC license
  Probably more valuable for the example it sets and the signal it sends than out of any necessity. Lessig points out that much government works, like sites, is already exempt.
• MySQL 5.1 released with mixed success
  Most of the problems seem to be in the new features, though MySQL’s original creator urges extensive testing even for those considering 5.1 just an upgrade to existing features. Monty blames the quality issues on changes in process and goals around releases.
• OpEd on what still needs fixing in Linux
  This list is a real mixed bag, some of it seems to reveal the author’s ignorance. I’ll concede a few like the kernel ABI’s and audio, but the rest seem overstated, in my opinion, or just flat out wrong.
• ReadWriteWeb details Facebook Connect vs. OpenID
  They have a good graphic laying out the differences between the too. They like both but are slightly favoring OpenID since it is an open standard.
• Google launches Friend Connect
  This is a direct response to Facebook Connect but has a couple of drawbacks. Data is not truly exchanged, staying locked up in Google’s widgets and there is no central point for managing privacy. Otherwise it is standards based, using OpenID and OAuth.
• Publishing info on law enforcers to carry stiff penalty in the UK
  This is a proposed amendment to the pretty hideous Terrorism Act in the UK. It isn’t passed yet but would make the battle between advocates for transparency and accountability and the authorities that much worse.
• 20 year anniversary of seminal Dijkstra paper
  I think his contention about radical novelty still holds water. I am tempted to say that several decades of coping with computing has better acclimated us but he does a good job of ruling that out by drawing the notion into a deeper historical context. Online innovation also makes the novelty of standalone or personal computing look tame by comparison.
• Low cost of netbooks gives them hack appeal
  I think this is actually fairly obvious but glad someone is discussing it. I think this also goes to explain the appeal of the OLPC, arguable the prod that created the netbook category, amongst first world buyers.
• Valve condemns DRM in games, Microsoft endorses it
  Encouraging to hear such condemnation for a popular game maker. Too bad that most of the distribution channels override their stance and add DRM anyway. Seems silly when it is pretty trivial to roll your own channel, like Penny Arcade did for their games.
• UK regulators no fans of Hulu work alike
  Regulators cite diminishing competition as their primary concern. If the new service would be inclusive, which it seems to me when they talk about working with third parties, then I am not sure how that follows.
• Apple believes someone is behind Psystar
  They are amending their DMCA complaint to add ten Does. This based on “information or belief”, we won’t know any more until they’ve completed their discovery. It could explain the legal firepower Psystar has been able to muster but otherwise seems a bit crazy
• Free ebook on Vim
  vim is my favorite editor so I love seeing such a work in and of itself. That it is being built collaboratively as a wiki and released under a liberal license just seems like icing.
• Examining Psystar’s EULA
  This analysis is hardly surprising. I want to say that the suggestion that Psystar’s case could be used to break the back of EULAs came from observers and pundits, not from them. Even if it is central to their case, it doesn’t mean they are clueful enough to avoid their own EULA or make it more consumer friendly.
• Moving to functional programming for parallelism
  I am not sure functional programming is the only answer but will concede that a new model is needed and it has to come from computer science, not from chip makers. Intel, in particular, has been involved with compilers to this point, though, so would be surprised to see that go away entirely just because of the shift to many cores.
• This year’s CCC to feature an experimental, RFID panopticon
  This is actually a successor project to the one run at the Last HOPE. It looks like it adds some cool new features. As with the one at Last HOPE, it is all open and imminently hackable.

Quick Security Alerts

• WPA still resistant to distributed crack with good passwords
• Java update includes security fixes
• Questioning the wisdom of plugins
• Koobface virus spreading through Facebook
• New trojan pull off mass DNS hijack

Quick Follow Up Links

• Bandwidth crunch still not in sight
• Another editorial on MVC
• EFF’s most recent court battle over telco immunity
• MPAA boggles over opposition to SOC

Listener feedback this week is from Walker Hale continuing the discussion of git.

The hacker word of the week this week is dogpile.

The feature this week is an Inner Chapter on mastery.

Grab the detailed show notes with time offsets and additional links either as PDF or OPML.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

In the intro, a correction on the authorship and history of git from Randal Schwartz.

This week’s security alerts are WordPress fixes a critical XSS flaw and a rootkit found in some network security software.

In this week’s news the final SCO judgement, Sealand’s data haven goes dark, a triple engine web browser, and tackling the erosion of MVC based designs by the adoption of AJAX.

Following up this week the EU rebuffs the French three strikes rule and a Quicktime update relaxes HDCP for standard defintion video.

Grab the detailed show notes with time offsets and additional links either as PDF or OPML.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

• Legal guide for security researchers
  Another invaluable resources from the EFF. Hopefully the guidance through computer crime laws and digital copyright will encourage more researchers to publish what they can to improve network security.
• Google’s SearchWiki drawing privacy criticism
  The privacy issues seem to center around how comments are shared across all users with the original user’s name. More critically, the feature lacks a way for users to opt out altogether.