- Security problems inherent in the smart grid, Scientific American
- Analyzing CAPTCHAs, Schneier on Security
- MySQL update addresses DoS vulnerability, The H
- Security updates for PostgreSQL, The H
- Reader, acrobat patches plug 23 security holes, Krebs on Security
- Facebook, Twitter used in stock fraud schemes, ReadWriteWeb
- FCC may confront ISPs over botnets, malware, Krebs on Security
- Schneier on Stuxnet, Schneier on Security
- EU agency report on Stuxnet, The Register
- Foxit patches PDF software flaws, Zero Day
- Spammers use soft hyphen to hide malicious URLs, Slashdot
- Oracle update delivers 81 database security fixes, Zero Day
- Cooperation law for a sharing economy, yes! Magazine, HT @tbeckett
- 2 out of 3 Android apps use private data without permission
Dan Goodin at The Register explains a joint study between Pennsylvania State, Duke and Intel labs that looked into 30 apps selected random from the most popular ones. I’d be very curious to see a similar study of iOS apps, to better understand if it is mobile computing in general or Android specifically. The sample size here also seems pretty small but Goodin points out that the researchers targeted Android because it is open source and easier to study. Now, if we could only get a more constructive response from Google or some third party solutions to fill the gap.
- Cloud orient fork of MySQL, Drizzle, goes beta, The H
- Virgin Media to start throttling all P2P traffic
Chris Williams at The Register clarifies that this is an incremental step from the ISP’s current policy of throttling based on high volume. It also seems like this practice is already pretty common in the UK, at least among DSL providers.
- Release candidate out for next Ubuntu release, Maverick Meerkat, Ubunty, via Hacker News
- New version of OpenSocial reference implementation, Shindig, released, The H
- The Open Hardware Summit, Ars Technica
Slashdot links to a post from former MySQL contributor, Brian Akers, that is part conference report from SCALE and part retrospective on MySQL’s effect on how business people viewed the GPL. For one, Akers lays the prevalence of the questionable dual licensing practice in open source at the feet of MySQL. He charts it as part of a trend where investors and potential investors viewed MySQL as a sort of abbreviated map, an executive summary, of the rest of the FLOSS world.
The silver lining is that Akers seems to think this chapter of MySQL’s not always constructive influence on the GPL is over, with the Oracle acquisition of Sun. It stands to reason that the swallowing of the project by a company not known for its open source enlightenment would break this sometimes vicious cycle with investors looking elsewhere for a quick read on what to expect with open source focused businesses.
I have withheld remarking on the current debate over the fate of MySQL at the hands of Oracle. While I tend to agree with critics of the database giant for its less than stellar track record with open source and free software, I am generally inclined to afford the benefit of the doubt.
First, I don’t see the commitment to open source and/or free software as a binary decision. And second, other companies with just as bad, if not worse, reputations have worked hard to make good. Not all of them, mind you; Microsoft has drawn my irritation for paying marginal lip service to open source with some really not very credible follow through (or lack thereof).
Jolie O’Dell at ReadWriteWeb shares the thoughts of the man most appropriate to comment on the future of MySQL, one of its co-creators, Monty Widenius. I think he stated the core issue quite succinctly, with evidence to back it up. It is hard to argue that Oracle has not left itself room to suffocate the open source database slowly. Whether it makes sense for them to do so or not is immaterial as I think Monty’s point is fair that they could do so. Further, all he asks is that they either address the key omissions he lists or otherwise relinquish stewardship of the project.
Oracle already has a response, according to Slashdot. Just glancing over it quickly, it looks good to me but if critics are concerned as much about what Oracle doesn’t say as what it does, I doubt it will satisfy everyone. I really think at this point Oracle should cut its losses and help spin up a charity, not-for-profit foundation with the explicit mandate to ensure MySQL continues to be released and developed under the GPL.
- MySQL developer responds to Stallman’s plea to free MySQL from Oracle
The basis of Brian Akers’ response seems to be taking issue with RMS’ apparent support for dual licensing. His argument makes a certain amount of sense but I don’t think this risk of dual licensing is unique to the GPL, I think concerns around copyright assignment and ownership persist regardless and require more discussion and thought.
- Mozilla’s answer to aggregating social conversation?
My biggest disappointment with Wave is that I don’t see it ever addressing the need to aggregate distributed conversations across multiple social networks. Raindrop, a new project from Mozilla, however, appears to be aiming squarely at this need. I am cautiously excited at the potential in this project.
- AT&T urges employees to speak against FCC’s net neutrality plan
Via the Net Neutrality Squad, a correct link to the original email text. The link some sites used is in many cases apparently broken. Looking this over, it seems to be carefully worded enough to remain legal but I think it is still pretty sleazy if not outright immoral.
- EFF steps in to defend culture jammers, Yes Men
At Ars Matthew Lasar explains what has the Us Chamber of Commerce peeved to the point where they issued a DMCA takedown against the pranksters. The EFF is working to defend them on a fair use basis, as the site in question is clearly intended as satire and social commentary. I am guessing the USCoC is stinging more over a Yes Men member infiltrating a meeting.
- Data entry errors result in improper sentences
This story is horrifying, really, and I would think a very strong case for usability expertise for any sort of system where such a human error could have dire consequences.
- Foundation opens the source to Symbian’s kernel
As Ryan Paul explains at Ars, this is the latest step in responding to competitive pressure from other, newer mobile platforms that started their lives as open source. Paul also spoke with the executive director of the Symbian Foundation about the relative advantages the more mature and widely adopted OS brings with both the opening of its sources and the delivery of a supporting SDK.
- First release from open source voting system project
According to Wired, this project has already been in the works for several years, not sure how I missed prior mention of it. This release is essentially very early prototype code but hopefully will get the academic community analyzing and providing necessary feedback, as they have been doing to the less receptive commercial vendors.
- Opening of ACTA is hardly any opening at all
Sherwin Siy of Public Knowledge was one of the folks who saw one section of one draft of the agreement under NDA. Without violating that NDA, he describes his experience and concludes that at most the USTR made this move to blunt criticism of its continued secrecy. Sherwin is skeptical, though, that the USTR is even acknowledging complaints about the secrecy enough to make this argument.
- Mozilla backs another downloadable font standard
Wired’s WebMonkey has the details, that support for WOFF will be coming in 3.6 planned for release at the end of the year. They even include the very first thing I though of when reading this news, the potential minefield of licensing as exemplified by the font fiasco with Boing Boing’s recent site re-design (to which WebMonkey links).
- Counter-intuitions about GPL, forking and MySQL
Matt Asay takes a look at another angle to consider with the fate of MySQL post an Oracle acquisition of its corporate master, Sun. He cites Stallman’s letter to the EC as evidence that the GPL prevents forking, hence preventing the community from routing around Oracle’s control of the database’s code base. To be clear, RMS’ arguments are around dual licensing, the right to offer a commercial version. A fork is still possible, that is orthogonal. What RMS and Asay are focused on is the commercial licensability as an incentive to driving future development.
- Real time, 3D rendering in the cloud
I will give NVidia props for a novel application of distributed computing but I remain to be convinced that this makes a lot of sense. The higher end mobile devices can do a good enough, if not photorealistic, job of rendering for 3D games. Is the potential network latency and hiccups worth any sort of incremental or drastic leap in quality this might provide?
- PayPal opening its platform to developers
I guess I understand the vision outlined in this NYT Bits piece. I think there are considerably more hurdles to overcome than PayPal is letting on, though. Think about the higher need for trust and security when you talk about payments versus other kinds of mash ups. I am curious to see some deeper analysis once the platform is opened for outside scrutiny.
- Contemplating AI and its definitions
Ed Lerner at Tor.com has a nice, quick consideration of artificial intelligence. He calls to task some of the very definitions of the term, rightly so I think, especially where the goals or end states are demoted on achievement. He even ties it into SF literature, juxtaposing the Turing test with our conceptions about aliens, true ones vs. men in rubber suits.
- The effect on range of quality by online publishing
At Techdirt, Mike Masnick points us to a thoughtful piece by Umair Haque. In a nutshell, the contention is that the worst of online media is really no worse than traditional media but the de-coupling of production from traditional drivers frees online creatives to produce astonishingly better quality.
- Preview build of Mozilla’s CSP available
This is excellent news, direct from Mozilla’s Security Blog. The work isn’t complete but it is far enough along for testing by security folks. I hope this makes it into Firefox 3.7, its good stuff.
- Cyber bullying bill not well received
I am very glad to read at Wired that Rep. Sanchez’s bill was not enthusiastically embraced in sub-committee review. Even if this goes forward despite this early stumble, I hope it founders on serious free speech consideration. Bullying is lamentable, yes, but do we really need to impose a limit on speech comparable to defamation for it?
- Fourth Public Knowledge video in “We Are Creators Too” series
This time, looks like a slightly different but just as valuable perspective. PK describes Francesca Coppa as an English professor, author and feminist. She is also a videographer, which would be the common thread of the series.
- Oracle’s ownership of MySQL is about Microsoft
A plausible theory by Matt Asay. Oracle certainly doesn’t have the same sort of relationship with open source as say Sun or even IBM. Unfortunately, Asay doesn’t consider what the recent developer exodus and dilution of MySQL’s mark might mean for this idea.
- Bill proposes to require publicly funded books to be open source
I am strongly biased towards this sort of idea, it seems like a logical extension of our civic contract. If the public ultimately funds the work, they should get unfettered access to the result. I am less concerned with the impact on the market as I doubt this will eliminate the need for privately developed titles and Flat World is already demonstrating how open source can even be compatible with for profit business models.
- P2P bill goes into markup
As Nate Anderson explains at Ars, the bill seeks to require some simple rules around files that software may be sharing to help reduce inadvertent. This seems like a reasonable experiment in regulating P2P. The article mentions other regulation in development, though, that is far more aggressive.
- Experimental mesh for cell phones
For the stated purpose, to help provide emergency service, this seems like an excellent idea. I wonder how well it would scale and operate in a sustained mode in as an alternate to traditional cells? I suspect not entirely well and attempting it would undoubtedly draw the ire of the mobile operators.