Bespin, Mozilla’s Cloud-Based Editor, Gets a Reboot

As Ryan Paul at Ars explains the reboot isn’t too terribly surprising. The project had already seen some dialing in of its focus, introducing the ability to embed the editor on web pages, a feature improved in this 0.6 release. Most of the other changes are behind the scenes, the sort of necessary house keeping projects of this size will naturally go through so that they can actually be maintained rather than spinning out of control.

Having recently used Wave for some deeper online collaboration, I think this class of applications is growing on me. It certainly could be used for faster sharing of code and distributed hacking even than the recent crop of lighter weight, distributed version control systems. Combine it with the increasingly easy task of embedding dynamic script languages into server-side platforms and some interesting possibilities for truly open ended, rich web applications starts to look very interesting indeed.

Scheme for Encrypting Personal Data in the Cloud

Cory at Boing Boing links to an open source project for encrypting your data in the cloud in a way that a service cannot access it. The user’s password is used as the decryption key which would work better than you’d imagine. Most legitimate services don’t actually store your password, rather they store a digest with which they can confirm your correct password with a high degree of confidence without having to know the password. This is web application security 101 since it not only helps protect in the event of a data leak but also helps reduce the operators liability.

The system seems to be based on OpenPGP so builds on known, proven technology. In digging through the project sources quickly, it actually uses Bouncy Castle, a set of libraries with which I have some experience and can say they are pretty good.

When the user is logged out, the explicit removal of their password re-encrypts the data. There is also apparently some consideration given to shared secrets, conceding that much data you put online is for the express purpose of sharing.

If you are curious, the code is available on github and is made available under a generous MIT license.

O’Reilly’s Thoughts on the Nexus One

I have been doing my best to ignore the live blogging of the Google event surrounding their latest smart phone. Don’t get me wrong, I am a big fan of super portable internet devices that complement proper personal computers. I dearly love my iPod Touch (even though it is riddled with closed, encumbered, and proprietary technologies). I tend to glaze over when phones are discussed because I almost universally loathe the wireless carriers.

Tim O’Reilly has managed to capture my interest, however, with a few interesting thoughts around the Nexus One. He casts it as a key strategic move in one of the fronts in his sustained consideration of the war for the web, a trend he has discussed previously and continues to flesh out.

I think Tim makes a compelling case about the power of the Nexus One not lying with the device itself or any of specifications or widgets but rather in how well it integrates with what is really Google’s strength, online services. He gives a pretty good litany of pluses and minuses to bolster this hypothesis.

I do wonder, too, wether this is yet another savvy play by Google, like Chrome OS, to try to force the evolution of wireless broadband. While the Nexus One may advance the power and ease of network services, it would still seem to suffer from the frankly abysmal bandwidth available from any of the carriers. Perhaps Google is trying to drive demand for wireless bandwidth harder and faster to break that particular log jam.

Otherwise, my only other thought is towards openness. I think there is an even greater need if you heed Tim’s ideas for an open mobile device that can interact with Google’s services as well as open source equivalents. I still don’t have any better ideas of how this could be accomplished in the wake of so many failures but the need seems even greater. Google’s recent paean to openness and their own Data Liberation Front project would seem to be opportunities just waiting to be exploited in this regard.

Fingerprinting RFIDs, Google Commits to All Open Source in Its Cloud, and More

  • Fingerprinting RFIDs to foil cloning
    The research apparently identifies physical characteristics of the tag that are not copied by the cloning. Seems like a logical step for now but how long before attackers figure out how to mimic these, for instance finding some way to alter the threshold power that can be programmed along side the actual data?
  • Explaining the one way expansion of copyright
    Glyn Moody links to and quotes from a Copycense article that does an excellent job of explaining how harmonization of copyright terms and enforcement has resulted in only expansion. This is a trend those of us following copyright law have noticed for some time. This article is useful for pointing the trend out so clearly as well as providing additional resources to understand it.
  • Digital Economy Bill lacks chilling sanctions but reserves powers to create them
    Nate Anderson explains at Ars that the bill as table has no three strikes disconnection nor any other sanctions we were afraid of from the Digital Britain report. It does, however, still give power to the Secretary of State to instate such sanctions, and more, without parliamentary approval.
  • Google commits to all open source in its cloud
    Dana Blankenhorn’s theory is sound, suggesting the advantages that many open source advocates have expounded about competition and consumer advantage. I wonder if it is simpler than that, though, that it starts with the engineering culture at Google and the realization that if management tried to reduce the amount of open source, their would be internal rebellion.

First Programmable Quantum Computer, Droid Bug Turns Out Mostly Harmless, and More

  • Facebook set to enact its new privacy policy
    Jolie O’Dell has the story at RWW. This is the same draft they published after objections. Apparently not enough users commented to the point where it needed further amendment. Facebook is also claiming much of the feedback was positive.
  • Microsoft official launches Azure
    It won’t be available for general use until early next year according to Ars, but RWW describes the launch event at the Redmond giant’s annual developer gathering. I was surprised to read that Mullenweg of Auttomatic participated though if his claims that Azure runs PHP and MySQL are true, why not?
  • Spain institutes right to broadband
    This will be support apparently through he carrier with the universal service contract. The right would be to a minimum speed service at a regulated price. Spain follows Finland who released announced a similar, though more ambitious, proposal.
  • Rollover bug mistaken for remote control of Droid phones
    I’ve actually professionally encountered this sort of bug in a device, before, similar to what Wired uncovered. I am surprised that this made it into the Droid give its provenance. To counter Gruber’s comments about how the press and public would react differently if this was the iPhone, I’d offer that for quite a bit of the Droid’s software stack, the sources are open for skeptics to audit for themselves.
  • Issues with verifying data
    This post from the Sunlight Foundation is a good basis for tempering enthusiasm for raw or, as Lessig recently put it, naked transparency though for different reasons. Here Hanlon’s Law, the one about incompetence before malice, seems to be in full effect. It does beg the question of how we can improve or establish the checks and audits that would have caught this.
  • First programmable quantum computer
    I hadn’t realized that the prototypes I’ve been reading about for the last few years were so task specific. Casey Johnston has the story at Ars of a new NIST design that is much more directly comparable to the classical, general purpose computers with which most of us are familiar.
  • FCC takes on cable, satellite operators over broadband access
    Cecilia Kang at the Post shares a write up of an FCC presentation taking issue with the lack of innovation and choice with the current cable and satellite operators. My only concern is the focus on television as a network access device, I hope we see this same zeal applied to the lack of choices for traditional broadband, as well.
  • New incubator to help bring technologists, government together
    RWW has an excellent write up of Anil Dash’s newly announced venture. They especially do an excellent job of contrasting Expert Labs to Tim O’Reilly’s similar and perhaps complementary efforts in this space. My only question–Anil, are you hiring?

TCLP 2009-11-08 News

This is news cast 196.

This week’s security alerts are the latest issues arising from Windows autorun and using cloud computing to brute force crypto.

In this week’s news more on the FCC’s power to regulate the internet, first general election to test some novel election crypto, using better investigative techniques to help preserve online privacy, and a weekend hackathon for open government.

Following up this week the latest info and analysis on ACTA.


Grab the detailed show notes with time offsets and additional links either as PDF or OPML. You can also grab the flac encoded audio from the Internet Archive.

Creative Commons License

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Fiber Speed Networks without the Fiber, Considering an Open Cloud, and More

  • New version of O’Reilly’s joint, online bookshelf, Safari
    Tim makes a good point about Safari challenging very early on how people, especially programmers and techies, read books. He also shares quite a bit on what O’Reilly as a publisher has learned from running the service these past few years. I’ve tried the service at various times but the need to be online has also been the limiter as I must want to curl up with a heavy tech book when I am completely offline, like out on the deck or on the Metro. That’s just my personal complaint, otherwise well worth checkingout.
  • Muni fiber prompts telco to roll out 50Mbps fiber
    This Ars story by Nate Anderson is the exasperating end of a long story that begin with Monticello passing a referendum to roll out its own fiber in the absence of a private offering. The infuriating aspect is the info that Anderson got from TDS, that they claim they would have rolled out the fiber sooner had they realized the demand.
  • Remote trojan kill switches in military tech
    This is concerning, if true, which seems at least somewhat credible. Sort of a worse case scenario of tethered appliances. Also reminds me of the panel I was on with Vernor Vinge at Penguicon a couple of years ago.
  • Searching for similar images graduates out of Google Labs
    Jolie O’Dell has the details at RWW. This does seem intensely useful to end users but I can’t help but think about the impact on the debate around filtering for copyright infringing material. If this proves to have a high degree of accuracy, it will considerably change the balance of the argument around whether automated filtering is feasible and cost effective.
  • USAF announces wireless fiber
    Some good, simple details at The Register. They main challenge to using a laser without the fiber are the distortions introduced by the atmosphere. This research borrows from astronomy to combine adaptive optics with otherwise problematic lasers. Line of sight will probably still limit how this is ultimately used, it won’t be a replacement for Wimax and white space devices.
  • A case for an open cloud
    I don’t disagree with Matt Asay’s thoughts on consumer choice and openness in the cloude, especially since he cites Glyn Moody who I think generally had a better grasp of software freedom which Asay usually dismisses. He does so again, here, and the only part of his point I might agree with is an over fixation of device freedom could obscure issues of freedom in the network. Ultimately, why can’t we focus on and improve both as independent and complementary values?

DMCA Hall of Shame, Direct Retinal Displays, and More

  • Defining reasonable network management
    In this Freedom to Tinker post, Professor Felten identifies why the reasonable network management exception in the FCC’s rules are problematic as they depend on a circular definition. He reminds us, though, that the FCC is still seeking comment to improve the definition and promises to evaluate the standard on a case by case basis.
  • Direct retinal displays coming as soon as next year
    I have more questions than there are available details around the announcements from a couple of vendors. First, the resolution seems smallish so I am curious for the first hands on tests. Second, I am curious whether the display could not only be used to add a more reasonable display to a portable media player but also could be adapted for the sort of augmented and virtual reality displays made popular by cyberpunk fiction.
  • Amazon adds MySQL support to its cloud
    This move makes a great deal of sense of applications built to use existing RDBMSes rather than requiring re-tooling for Amazon’s older persistent offering. Many questions are already being bandied about, though, like why not PostgreSQL which is arguably a much more mature and scalable system and how will continually running a MySQL instance affect the metered charges of AWS.
  • GAO concerned over bandwidth demand induced by ill teleworkers
    Cecilia Kang at Post Tech discusses a report from the GAO looking at a possible consequence of the Fed urging H1N1 infected works to work from home. This smells like the Internet meltdown meme we’ve seen recur year after year though there are some more credible details to consider especially if a large portion of agencies require teleworkers to use VPNs during the entire work day.
  • Jon Stewart explains net neutrality
    Via Alex at Public Knowledge, done in The Daily Show’s usual humorous and acerbic fashion. Well worth a watch if you are drowning in the rhetoric from both sides of the debate.
  • EFF announces its DMCA Hall of Shame
    This seems like a brilliant idea, one aimed at using shame to hopefully adjust norms as well as humor to help educate. It appears to be part of a larger free speech project, as well, and quite distinct in its goals and execution from the Chilling Effects site.
  • Another critique of computer science curricula
    Spolsky’s core contention is nothing new and really a fact of life for managers and leaders hiring CS grads straight out of school. I think most of us understand there will be a cost in “seasoning” such new hires. I think he misses something larger that an academic course will never impart by its very nature, time management when development is your full-time daily activity. He’s not wrong with the night before cram theory but setting finer deadlines won’t help something that is a function of splitting student’s focus over multiple courses per term and the inevitable distractions of collegiate life. It’s apples to oranges with a full time job.

More Analysis of ACTA under NDA, Possible Counter-Intuitions about the GPL, and More

  • Opening of ACTA is hardly any opening at all
    Sherwin Siy of Public Knowledge was one of the folks who saw one section of one draft of the agreement under NDA. Without violating that NDA, he describes his experience and concludes that at most the USTR made this move to blunt criticism of its continued secrecy. Sherwin is skeptical, though, that the USTR is even acknowledging complaints about the secrecy enough to make this argument.
  • Mozilla backs another downloadable font standard
    Wired’s WebMonkey has the details, that support for WOFF will be coming in 3.6 planned for release at the end of the year. They even include the very first thing I though of when reading this news, the potential minefield of licensing as exemplified by the font fiasco with Boing Boing’s recent site re-design (to which WebMonkey links).
  • Counter-intuitions about GPL, forking and MySQL
    Matt Asay takes a look at another angle to consider with the fate of MySQL post an Oracle acquisition of its corporate master, Sun. He cites Stallman’s letter to the EC as evidence that the GPL prevents forking, hence preventing the community from routing around Oracle’s control of the database’s code base. To be clear, RMS’ arguments are around dual licensing, the right to offer a commercial version. A fork is still possible, that is orthogonal. What RMS and Asay are focused on is the commercial licensability as an incentive to driving future development.
  • Real time, 3D rendering in the cloud
    I will give NVidia props for a novel application of distributed computing but I remain to be convinced that this makes a lot of sense. The higher end mobile devices can do a good enough, if not photorealistic, job of rendering for 3D games. Is the potential network latency and hiccups worth any sort of incremental or drastic leap in quality this might provide?
  • PayPal opening its platform to developers
    I guess I understand the vision outlined in this NYT Bits piece. I think there are considerably more hurdles to overcome than PayPal is letting on, though. Think about the higher need for trust and security when you talk about payments versus other kinds of mash ups. I am curious to see some deeper analysis once the platform is opened for outside scrutiny.
  • Contemplating AI and its definitions
    Ed Lerner at has a nice, quick consideration of artificial intelligence. He calls to task some of the very definitions of the term, rightly so I think, especially where the goals or end states are demoted on achievement. He even ties it into SF literature, juxtaposing the Turing test with our conceptions about aliens, true ones vs. men in rubber suits.
  • The effect on range of quality by online publishing
    At Techdirt, Mike Masnick points us to a thoughtful piece by Umair Haque. In a nutshell, the contention is that the worst of online media is really no worse than traditional media but the de-coupling of production from traditional drivers frees online creatives to produce astonishingly better quality.