web technologies, open source, and security
Just a few days after Firefox issued a major security fix, along comes another update. Should this breed confidence or suspicion? I’m leaning toward suspicion.
Mozilla Firefox 2.0.0.11 Release Notes:
What’s New in Firefox 2.0.0.11
Release Date: November 30, 2007
Stability Update: This release corrects a problem that was found in the previous release, Firefox 2.0.0.10.
Forgive me, I know this isn’t tech-related. But it’s great news. Food Network is canceling Emeril Live. More Giada De Laurentiis, please.
It’s out. Your browser should check for the update itself, but you can always speed up the process and select Help and check for updates.
France set to cut Web access for music, film pirates:
Under the agreement–drawn up by a commission headed by the chief executive of FNAC, one of France’s biggest music and film retailers–service providers will issue warning messages to customers downloading files illegally. If users ignore those messages, their accounts could be suspended or closed altogether.
The French get this one right and other countries should — and probably eventually will — follow suit.
President Sarkozy: “The Internet must not become a high-tech Far West, a lawless zone where outlaws can pillage works with abandon or, worse, trade in them in total impunity. And on whose backs? On artists’ backs.“
Exactly. Support creativity and productivity. Fight piracy.
Latest QuickTime bug leaves XP, Vista vulnerable:
…[T]he latest QuickTime bug “can be exploited by malicious people to compromise a user’s system.” A working exploit is public and the vulnerability has been confirmed for version 7.3. Secunia calls the bug “extremely critical.”
Remember that next time you see one of their stupid Mac-PC ads or when one of the Apple fanboys tries to tell you how much more secure Apple is than Microsoft.
How the BSA nets piracy suspects:
The BSA generally begins investigating businesses after a tip from an employee. Software vendors can also initiate or lend credence to a complaint if they tell the BSA that an organization has, for example, bought suspiciously fewer software licenses than it has employees. Next, a law firm representing the alliance will send a company a letter informing its management that it is suspected of violating software copyrights, a crime that carries penalties of up to $150,000 per infringed work. The letters will then state that the BSA is willing to avoid court and settle amicably — if the company audits its computers to see whether they contain unlicensed copies of software made by the group’s members.
Also, “Attorneys who represent companies in BSA claims say the self-audit request is misleading.” I’ve pissed off a lot of people with my support of DRM and conventional copyright law, so let me try to piss off even more. The defense lawyers are wrong – the BSA request isn’t misleading. As true as it is that companies (or individuals) aren’t obligated to perform audits or even reach settlements out of court, it’s equally true that companies (and individuals) who are in violation will be better off settling out of court than going to court.
Your license or copy of a recording doesn’t give you carte blanche to make copies and redistribute it unless the license expressly allows it. When BSA or RIAA comes knocking and looking for justice, you’re responsible for knowing your licenses and whether you’ve been in compliance. If you’re not willing to work with them, you’ll probably be working with judges, lawyers, and court mediators.
Open source doesn’t clear up these kinds of situations. See the post I made last week about the FSF going after two more companies for alleged GPL violations even though one makes code downloads available on their website or by CDROM. I didn’t think FSF really wanted to put the GPL to the test of the courts, but they’re probably going to end up biting off more than they can chew and that’s when we’ll all learn how judges view software copyrights (hint: the case law is already established and the FSF position is like pissing in the wind). They’re better off without anything going to trial than they will be if the courts get to determine if the FSF view will overrule hundreds of years of law.
If FSF and other open source advocates really want to attract more people to their movement, maybe they should try tactics that don’t reek of the same thing they complain about when others do it. That’s called hypocrisy in my neighborhood. Then again, in my neighborhood we call a spade a spade — and the FSF isn’t about freedom, they’re about restriction.
There’s a major drawback to anti-virus software: it can be more vulnerable to exploits than the rest of the system it’s supposed to protect. Fortunately, there’s enough exploitable code for cyber criminals to choose from so they don’t usually exploit holes in AV software.
Is Security Software Becoming a Security Risk?
Between 2002 and 2005, nearly half of the vulnerabilities that were discovered in antivirus software were remotely exploitable, meaning that attackers could launch their attacks from anywhere on the Internet. Nowadays, that percentage is close to 80 percent, he said.
Mobile Web: So Close Yet So Far:
“People talk about the mobile Web, and it’s just assumed that it’ll be a replica of the desktop experience,” Mr. Eagle said. “But they’re fundamentally different devices.” He says he thinks that the basic Web experience for most of the world’s three billion cellphones will never involve trying to thumb-type Web addresses or squint at e-mail messages. Instead, he says, it will be voice-driven. “People want to use their phone as a phone,” he says.
The author seems to presume that technological change and adoption of standards is smooth and linear. It isn’t. There are bumps on the way and many fads to overcome.
The Free Software Foundation’s Software Freedom Law Center has struck again, suing two more companies on behalf of Busybox. The SFLC reached a settlement with Monsoon Multimedia at the end of last month in which Monsoon paid an undisclosed sum to Busybox developers (and, presumably, their lawyers at the SFLC/FSF).
Free Software Group Files Copyright Lawsuits:
Richard Bruckner, CEO of High-Gain Antennas, said the SFLC is mistaken about the GPL violation. The company, which makes wireless broadband antennas and related products, uses firmware from a company called Edimax, not BusyBox, and makes the source code available, at the request of customers, he said.Bruckner said he tried to explain the situation in a conference call with SFLC officials but was hung up on. During that first conversation SFLC was “already asking for money,” he said. “What they need to do is get their act together and read the source code.” If the SFLC doesn’t end its threats, High-Gain Antennas may file a countersuit, Bruckner added.
Here’s a screenshot showing that High-Gain Antennas offers source both as a download as well as on CD-ROM for those with connections that forbid them from downloading 100 MB.
