- VoIP attacks in Australia lead to huge bills for victims, Slashdot
- Malware forces Firefox to save passwords, The Register
- HTML5 draws concerns over risks to privacy, Slashdot
- Using location tracking to help fight identity theft, ReadWriteWeb
- Another study revealing poor password practices, Slashdot
- Microsoft patches a record 49 security vulnerabilities, Krebs on Security
- Facebook rolls out security changes, ReadWriteWeb
- Java update closes 29 security holes, Krebs on Security
- Vulnerabilities in Xpdf affect several open source products, The H
- Microsoft looks to courts for botnet takedowns, Slashdot
- Home WiFi network security failings exposed, Slashdot
- New site aims to be iTunes for exploit info, code, Slashdot
- Google rolls out phishing URL alerts for admins, The Register
- Google Chrome apparently removing privacy feature
Lauren Weinstein describes his experience just trying to exercise the sort of oversight and control over cookies that he had become used to. Despite this unexplained change in the latest release of Chrome, I suspect incompetence rather than malicious intent. Maybe he can dig through the Chromium sources for an explanation, assuming they are up to date and that commit histories are available as is the case with Mozilla’s sources.
- Canonical adds streaming music to Ubuntu One, Ars Technica
- Google opens source to new, more compact image format
Cade Metz at The Register is one of many with details of WebP, pronounced weppy, which is based on the VP-8 video codec. I understand the search giant’s motivation, this move fits well with their recent emphasize on speeding up the web. I only have one thought, in three letter form: P-N-G. The challenge of popularizing a new media format, especially in an entrenched space such as images, cannot be overstated.
- Blackberry’s encryption cracked, backups now at risk, Slashdot
- Microsoft sues Motorola, citing Android patent infringement, Ars Technica
- Xerox PARC turns 40, The Register
- Scribd quietly moves users docs behind a paywall
Mike Masnick at Techdirt shares the realization by law professor Eric Goldman of this little publicized change. This action by the document sharing service defies reason. Goldman articulates how undoubtedly most of the users caught by this change must feel, used and trapped. Once again, this isn’t an issue with open or closed but moving from one to the other after a bargain was offered and a promise made. Even a much more clear shift would have been more tenable, if almost as unpalatable.
- Is Facebook turning on online activists it used to support?, ReadWriteWeb
- An open source, low bandwidth voice codec
Slashdot points to a project whose main developer also worked on the Speex codec, another effort tailored to efficient coding of just voice. Mainly Codec2 looks to be focused on replacing a current, proprietary codec used in amateur radio but its capabilities are compelling, almost 4 seconds of clear speech in just over 1 kilobyte. It would be nice of some of the unencumbered ideas might find application in high quality voice encoding, too, perhaps to help fuel an open alternative to Skype with similar sound quality. Of course, that’s just the podcaster in me thinking out loud.
- Mozilla joins Open Invention Network as licensee
- Wendy Seltzer discusses new IP enforcement bill
In this post on the Freedom to Tinker blog, Seltzer places the bill firmly in the context of piracy as a legal pretext for censorship. I didn’t touch on the issue of potential abuses but the point dovetails with what I explained yesterday about lowering friction. It simply becomes too easy to press a claim of infringement, legitimate or not, for the correct purpose or some lateral one such as suppressing dissenting speech.
- EP votes on controversial anti-piracy report, TorrentFreak
- Bill Tracker launched for legislation in the UK, BoingBoing
Yesterday’s post about cyborgs has not surprisingly brought all things cybernetic top of mind. This post by Cory at BoingBoing about an open source library for programming a proprietary but arguably affordable EEG headset neatly fits the filter. If I’m lucky, maybe I can find a story a day for the reminder of the month to honor September’s theme as noted on Slashdot yesterday.
From the developer’s github site:
I’ve been interested in the Emotiv EPOC headset for a while; a $300 14-sensor EEG. It’s intended for gaming, but it’s quite high quality. There’s a research SDK available for $750, but it’s Windows-only and totally proprietary. I decided to hack it, and open the consumer headset up to development. Thanks to donations I got some hardware in hand this weekend.
That announcement page also has a good overview of where development is at and where help is needed. The license is essentially a public domain dedication with an exception for some code borrowed from elsewhere. Emokit is written in Python which may turn off style snobs but does make the library accessible and portable. A C library is planned which will undoubtedly broaden the project’s appeal.
H+ also has an in-depth interview with the person responsible, Cody Brocious. It provides some good context, explaining that while there are other options for open source EEG hacking, Emokit plus the EPOC headset lowers the cost and makes it more accessible.
- Google expands license options for its code hosting service
- Clarification on anti-piracy’s supposed DoS attacks against infringers
TorrentFreak has some excellent quotes from the firm in question and one of its targets. The picture painted is only a little different from how the initial story break. AiPlex reserves the attacks as a measure to use only after escalating the complaints and as far as I can parse the quote, in cooperation with law enforcers. The targeted site mentioned in the article confirms they were attacked repeatedly but that the efforts ultimately failed, the implication being AiPlex wasn’t very good at denial of service, consistent with it also not issue clear and correct takedown notices to begin with.
- Russia uses piracy as an excuse to suppress dissent
From the New York Times, via Boing Boing. This is probably the biggest reach yet for using intellectual property law for censorship. Microsoft, whose software was used as the excuse for raids nominally cracking down on pirated copies, hasn’t acted to intervene in any way, even where some targeted have shown their software to have legitimate licenses. The fact that this is taking place where it is, in Russia, undoubtedly complicates the question of how to push back on a free speech basis. To me, this practice makes the normalization of enforcement, such as currently be negotiated under ACTA and incrementally ratcheted in a series of past trade agreements, all that much more fraught.
- Swiss court rules IP address tracing software broke data protection law, The Register
- App store for jail broken iPhones acquires competing store, The Register
- Anti-censorship tool, Haystack, halts operation to address security criticisms, Washington Post
- Project to produce free classical recordings secures funding, Ars Technica
- Gamers make faster, more accurate decisions than non-gamers, Ars Technica
Today, the blogging has definitely slowed as I anticipated yesterday. I haven’t started packing for my trip in earnest but later on tonight I will.
- Open source, renewably powered cell network at Burning Man, Slashdot
- Chrome 7 shows off hardware accelerated effects, Ars Technica
- iFixit adds repair guides for video game consoles, Ars Technica
- Google launches priority inbox for Gmail, ReadWriteWeb
- Historical cell phone location data is ruled to be an intrusion by NY judge, Boing Boing
A nice bit of software archeology by Simon Phipps. Not just digging up the history of this old Sun code that was up until this month still under a restrictive license, but the challenges and Phipps’ own part in correcting that situation after a few attempts.
This may come as a shock, but all GNU/Linux distributions to date have been built with essential software under a licence that clearly meets neither the Open Source Definition nor the Free Software Foundations’ requirements for a Free software licence. The tenacity of a Red Hat hacker has finally solved this problem for everyone, however, and I’m proud to have played a part too.
The code in question is the original SUN RPC code, buried in the guts of Linux’s, and other OSes’, networking code. The most fascinating aspect is how the original, informal licensing terms purely as a function of time evolved from seeming liberal to quite conservative. As Phipps notes, this code well predates the GPL so didn’t benefit from the kind of legal theorizing and scrutiny that came to software licensing later on.
GNU/Linux – finally it’s free software, Computer World UK
- Distributed computing project spots astronomical oddity
I’ve always found the idea of harnessing spare CPU cycles from home computers and applying it to really big, data intensive projects fascinating. My own computers have been enrolled in such efforts on and off over the years. John Timmer at Ars Technica has news of the discovery of a rare pulsar as part of a side project at Einstein@Home, one of the many distributed efforts using the BOINC platform.
- DuckDuckGo now operates a Tor exit enclave
- Recommendations for making online petitions more ethical, honest, perhaps effecting
- Company that had largest ever credit card data breach is breached again
- Open source givers and takers
I think Mike Loukides’ analysis at O’Reilly Radar of some recent stats on open source usage vs. contribution is spot on. The bargain isn’t that all people gaining from open source give back, it isn’t even necessary for projects to thrive. Recent studies around Wikipedia illustrate how the same asymmetry can still yield incredibly worthwhile results from a much small core of contributors within a larger community of more passive users or lower volume contributors.
- Challenges to scaling chips below 32nm
Day two of my trip and the main event, the Cassandra Summit, was excellent. Jet lag and tromping around San Francisco on foot this evening have wiped me out. The hotel WiFi has also decided not to cooperate, slowing down and acting generally very flakey.
Tomorrow I’ll be in training all day and then catching the red eye home. Not sure if or when I’ll be able to blog, so if you don’t even seen a list of links, you’ll know why and I’ll be back Thursday.
- Linux Foundation launches new open source license compliance program
- Google secret privacy document leaked
- KDE 4.5 released
- Senate approves bill with placeholder name
- Changing graphene’s conductance with a magnetic field
- VideoLAN announces library to potentially play back encrypted Bluray
The Register shares some news from the search giant around a baby step towards being a bit more open with its mobile platform and rationale for holding back some development, keeping it private. The part of the platform that will be more open to contribution will be the native development kit (NDK). Incoming code, at some yet to be set date, will flow into the public source tree rather than into Google’s private tree as it does now.
The announcement was part of remarks by Android open-source and compatibility program manager Dan Morrill at OSCON, the open source conference sponsored by O’Reilly that has been going on this week. Morrill went on to explain that the delay of source releases to the community is undertaken for reasons of risk management.
Google wants to retain competitive advantage and prevent a scenario where OEMs ship unfinished source code on phones with disastrous consequences for developers and end users as their code breaks or applications downloaded from the Android Market fail to work.
According to Google, this has nearly happened before when one unnamed OEM wanted to start shipping pre-release the Android 1.5 – codenamed Cupcake – on its phones.
It is unlikely that Google will change its stance on this approach, despite criticism form the broader open source community. It is an odd balance to maintain given how inclusive Google has been otherwise with its mobile development platform.
Not surprisingly, The Register has further news from OSCON of some of the friction between Android and the open source community. In this instance, the Linux kernel maintainers have proposed three options Google could pursue with its kernel modifications to have them accepted back into the fold of main kernel development. In this instance, there is evidence of goodwill on both sides, the stumbling block may simply be coordination of kernel releases and code updates. Hopefully some good will come of it yet.