- Firesheep, a day later
On Hacker News, I saw this follow up post from Eric Butler, the author of Firesheep. It confirms my read on his motivations and shares the reaction so far. He also gives some good background material on the problem Firesheep is meant to highlight and confirms many of the suggested remediations. He debunks a few possible defenses, too, clearly explaining why they are not advised or less effective.
- Vintage TV spot on hacking fears in the wake of “WarGames” movie, Lauren Weinstein
- Court lets Amazon protect customer purchase info in North Carolina, Techdirt
- Speeding up self assembling of chips with microwaves, Slashdot
- Amazon to allow lending of Kindle books
Groklaw pointed to this ABC News piece over the weekend. Details are scant, other than while a user has lent a book out, they will not be able to read it themselves. Books can be lent for two weeks at a time. Slashdot has one more tidbit, namely that books can only be lent out once. Superficially attempts to emulate the scarce nature of physical books but utterly fails on the one time limit and that lending is enabled or disabled by the publisher, a right of action current unencumbered for print editions.
- MIT Media Lab’s 25th anniversary
I clearly didn’t read closely enough the BBC article on the Lab to which I linked last week. Several other sites since then have posted reminiscences about the various interesting projects to come out of the Media Lab. John Timmer at Ars Technica posted this one over the weekend, which is a bit more whimsical but I think very much in the spirit of play that animates much of what the Lab has done over the past two and a half decades.
- Ubuntu switching to Unity for future desktop
Ryan Paul at Ars Technica was one of several people to mention this in my feeds today. Unity is the alternate shell for Gnome developed by Canonical specifically to improve the experience of users on netbooks. Reactions to the announcement so far are mixed, with some even thinking this signals a split between Canonical and Gnome, which I think is far from the case. Bear in mind that Linux has a long traditional of experimenting with desktops and undoubtedly if you dislike Unity, replacing it with the ordinary Gnome shell, or anything else for that matter, will remain trivial.
- Carl Malamud’s ignite talk on why building codes should be open, BoingBoing
- Mozilla pre-alpha demonstrates new way to customize its browser, The H
- What you need to know about link shorteners, O’Reilly Radar
- Bees beat machines at traveling salesman problem, Slashdot
- HTC is wilfully violating the GPL with its G2 anti-root measures, Freedom to Tinker
- More on the G2’s anti-rooting measures, Ars Technica
- Professors bring white-spaces broadband to working-class Houston, Ars Technica
- Problems remaining with ACTA draft, in particular turning non-commercial sharing into commercial piracy, Techdirt
- Where ACTA disagrees with US law, Techdirt
- US Senator seeks legal review of ACTA, Michael Geist
- Labels fail to force three strikes on Ireland, Techdirt
- American P2P law firms are now threatening each other, Ars Technica
- School settles laptop spying case, Ars Technica
- USPTO’s peer-to-patent program may be coming back, Techdirt
- EFF asks appeals court to review troubling first-sale decision, EFF
- Oracle pledges to support OpenOffice.org, PC World, via Groklaw
- Holding Nokia responsible for surveilling dissidents in Iran, EFF
- Amazon wins one-click patent fight–in Canada, The Globe and Mail
- Would US officials really decide not to sign ACTA?, Techdirt
- Final day of appeals for The Pirate Bay, TorrentFreak
Andrew Savikas at O’Reilly Radar has the details, including an update indicating that the terms and conditions for developers have been leaked. This is far from a total confirmation but lends the notion credibility.
Unlike the iOs App Store, the terms of sale for the Android Market have always been non-exclusive — meaning developers are free to sell their Android apps in other places (we’ve taken advantage of that by including Android apps in many of our ebook bundles on oreilly.com, sold alongside access to PDF, EPUB, Mobipocket, and DAISY formats). Initially I wasn’t clear what Google’s intent was by taking that route, especially since parallel markets of any scale would mean developers needed to agree to terms with multiple marketplaces. But Amazon’s entrance actually makes sense for Google as well as for Amazon and likely for many app sellers.
That non-exclusivity enables this sort of competition, at the level of alternate distribution channels as well as at the individual apps and developers. Savikas suggests Amazon will curate their store more closely but as long as developers can sell their own wares directly or via other markets, I think there is more room for customers to indicate which model they find preferable with how they spend across the different offerings.
If Apple had embraced a similarly non-exclusive arrangement, even without opening up beyond that, I’d be considerably more tolerant of this shenanigans. Sara Perez at ReadWriteWeb has some further details that might give pause and take some of the shine of the idea of Amazon offering a more palatable alternative in this space.
In particular, Amazon will retain the right to add DRM to apps. Granted, anyone who has a problem with that has perfectly legal and viable alternatives, as I’ve noted. This indicates that the new store is as likely to be like the retail giant’s video download service, riddled with restrictions, as it is their MP3 store which is refreshingly enlightened.
Amazon building its own Android App Market? O’Reilly Radar
- Hacker find iOS 4.1 bootrom vulnerability that enables jailbreak of all current hardware
Via Hacker News. Hardly surprising that such a flaw exists, though a little bit so that it is so comprehensively exploitable. As geek.com explains, the vulnerability doesn’t look to be software fixable so owner override rules the day until the next generation of hardware emerges.
- Amazon acquires Amie Street
As The Register explains it, this is actually sad news. The music retailer that experimented with sliding prices based on popularity is shifting over to exclusively streaming music, winding down its download option. The silver lining is that Amazon pretty much only acquired the name, not the business model or any customer records.
- Big content turning to DDoS for stubborn infringers
As Slashdot points out, the big content players in question are mostly based in India though the firm performing the attacks admits to doing so on behalf of Hollywood. Regardless of legalities, especially with the thorny questions raised by international jurisdictions, this sort of attack strikes me as highly immoral.
- Clarification on warez raid, Pirate Bay and others not affected
Ernesto at TorrentFreak has a further follow up to the story of multiple, coordinated police raids against European ISPs the other day. Despite reporting elsewhere, the target wasn’t the Pirate Bay, nor was another BitTorrent site, both of whom TF contacted for confirmation.
- Swiss supreme court rules against anti-piracy firm, TorrentFreak
- Robots taught to deceive, Slashdot
- Open source VLC submitted to Apple for approval on iPad
Slashdot has the details, the outcome of which I am skeptical. I don’t think this is the first time someone has tried to tweak and compile the wonderfully capable media player for Apple’s mobile platform. That past effort never amounted to much. If this attempt fails, maybe the next one will only include those codecs, like Ogg and Flac, that Apple has no interest in supporting.
Sorry for the brevity of comments on these stories from yesterday. I am trying to quickly catch up. Most of my reading and blogging time was preempted by the June CopyNight event with Cory Doctorow last night. More on that shortly.
- Another distributed, secure social network
A brief post at the P2P Foundation about Peerbook that is frustratingly scant on details. What is clear is that from a coding standpoint, this is further along than Diaspora. Otherwise, all that is clear is it makes heavy use of encryption, though no specifics on what algorithms and how exactly they are applied. I’d be very curious to know if this is purely point-to-point or if it is using multiple keys to enable broader but still encrypted sharing. Also, while the blurb says it will be made available for free in the near future, there are no details, not even a mention, of under what license.
- DVD Jon critical of Google’s curation of the Android Market
Via Hacker News. His views seem pretty reasonable, not calling for the same sort of ridiculous micro-management Apple exercises over its store. Smoothing out infrastructural issues like simple world-wide transactions to purchase apps seems like it should be a top priority. Tackling the obvious infringement is, I think, a bit more legally fraught in terms of whether Google is trying to keep the Market well within DMCA safe harbors but not actively policing. The Viacom ruling should make it clear that knowledge isn’t enough to trigger secondary liability and the intent of the channel is clearly not to induce infringement.
- Bill to highlight conflict materials in computers
Curt Hopkins has the details at RWW which seem pretty straightforward though what the additional cost incurred by this reporting is unclear to me. It also occurs to me that this might provide an incentive, if only a small one, to recycling more materials, as much as possible, as those should be exempt.
- Amazon patents predicting computing resource usage
Mike Masnick at Techdirt has some good preliminary analysis. Mostly he is incredulous at how these patents cleared the test for non-obviousness. He even managed to dig out some prior art from CACM, dated 1968. Hopefully someone will issue a challenge.
- Creative Commons response to ASCAP plea for help fighting it, EFF and PK
- ASCAP members pissed off at its actions towards CC, EFF and PK
- Government 1.0 famous quotes in binary
- Interview with Steven Levy on Hackers 25th anniversary edition
- Improving parallel programming using data flow languages
I first saw this news on Groklaw.
[PJ: The USPTO and Amazon strike again. Amazon has gotten a patent, No. 7,739,139, on “Social networking system”. Dear US Supreme Court, Please do something before nothing new and innovative can be done by anyone except large companies, because if you don’t help, pretty soon every inch of the Internet will have somebody’s flag on it, and software will only be written by large, well-funded companies. And that blocks a person like Linus Torvalds from being able to create the next Linux, and it harms the one we have. Thank you if you are willing to help. In Re Bilski gives you a wonderful opportunity.]
Mike Masnick expands on the story a bit more, relating it to the initial concern over Friendster acquiring a similar patent. What he explains is that what was granted was a continuation patent for which Amazon applied in 2008. The date of concern, however, stretches back to the late nineties, potentially putting just about all of the networks we know and use at risk.
I am with PJ, I think this is a strong signal to the SCOTUS to step in and at least uphold the machine or transformation test. Give my non-lawyerly ways, it seems to me that would open the way to invalidating this patent. Or at least give purchase to those contesting it by allowing consideration for the question of exactly what this patent transforms and how.
The other question I have is whether Amazon had a choice here. What I mean is, they applied for this patent over a decade ago. Was there some point, and I know this would not have been their thinking, where someone with a clue could have abandoned the patent? Or was it fire and forget, whether they thought better of it later? It is hard to see how Amazon could do anything with this patent without once again uncorking the backlash their notorious 1-click patent did. Maybe for that reason, if someone thought better of it, could they have undone the damage before the continuation was granted?
- Palm Web OS hacked with text messages
- Network Solutions being attacked again
- MSIE8’s XSS filter exposes sites to XSS attacks
- Microsoft plans a June patch to fix XSS filter
- Google Voice phishing attack
- Attackers snagged (dated) code to Google’s SSO system
- Mozilla disables non-secure Java plugin
- Amazon closes XSS hole
- Spam potential of Facebook’s broadened like function
- Security, privacy analysis of new Facebook features, APIs
- Blippy leaks credit card numbers through Google
Slashdot links to a CNet article by Declan McCullagh demonstrating Amazon’s willingness to defend customer privacy. I’d be a bit more impressed if, like Google and Yahoo, the retail giant was defending its customers from a law enforcement demand but that is not the case.
Amazon filed a suit against the state of North Carolina in response to the state’s tax service requesting personal information on purchases shipped into the state. Amazon had already provided anonymized data but balked at the further reach. There is strong legacy precedent for the protection of book purchases and video rentals, Amazon’s suit should hopefully prove well founded. A favorable ruling could do much to shore up online privacy protections.
McCullagh implies that the suit may be tinged by a slight vindictive streak. Amazon made the news last year for ending its affiliate program in the state when a new law was enacted that would have forced the company to start collecting sales tax there.
- China warns Google partners as censored results leak through
- Appeal date set for TPB
- Judge approves massive award against FB in Beacon suit
- EU wants ACTA to include tertiary liability for aiding, abetting,inducing
- Official ACTA reponses
- The new institution ACTA may create
- Latest ACTA leak bodes ill for developing nations
- More on latest ACTA leak
- One vendor directly responds to EFF’s ebook checklist
- Amazon’s ebook battles continue
- Google ready to leave China by April 10
- EFF appeals dismissal of warrantless wiretapping case