02 July 2006

Carnival of the Bioinformaticians

A little while back I wrote about the blog-form of carnivals. At the time, Pedro Beltrão said he was about to start a new one, devoted to bioinformatics, and here it is, Bio::Blogs, with its very own Web sit. I really must write something for the next one.

The Economics of Security

In his lastest Wired column, Bruce S. is writing about a subject particularly dear to my heart: the economics of security. He was lucky enough to go up to the fifth Workshop on the Economics of Information Security at Cambridge: I had hoped to go, but a sudden influx of work prevented me.

My own interest in this area was sparked by a talk that Ross Anderson, now a professor at Cambridge, gave down in London. I vaguely knew Ross at university, when both of us had rather more hair than we do now. Since this was 30 years ago, it's not suprising that he didn't remember me when I introduced myself at the London talk, pointing out that the last time I had seen him was in Whewell's Court: he stared at me as if I was completely bonkers. Ah well.

Schneier gives a good summary of what this whole area is about, and why it is so important:

We generally think of computer security as a problem of technology, but often systems fail because of misplaced economic incentives: The people who could protect a system are not the ones who suffer the costs of failure.

When you start looking, economic considerations are everywhere in computer security. Hospitals' medical-records systems provide comprehensive billing-management features for the administrators who specify them, but are not so good at protecting patients' privacy. Automated teller machines suffered from fraud in countries like the United Kingdom and the Netherlands, where poor regulation left banks without sufficient incentive to secure their systems, and allowed them to pass the cost of fraud along to their customers. And one reason the internet is insecure is that liability for attacks is so diffuse.

Read the whole column, and then, if you are feeling strong, try Ross's seminal essay on the subject: "Why Information Security Is Hard -- An Economic Perspective".

Will RFID Go Phut?

Many people have expressed concerns about the privacy implications of Radio Frequency Identification (RFID) technology. But until now, RFID proponents have tended to ignore these issues, claiming that benefits outweigh the risks. However, now that the US Government seems to be worried too, the RFID community may find selling those benefits rather harder. (Via Openspectrum.info.)

30 June 2006

Eclipse Advances by Backing Up

Eclipse began life as a Java development platform at IBM that was meant to, er, eclipse Sun's NetBeans tools. Today, it is turning into a kind of total development environment for everything. The latest proof of this is Aperi, an open source project for managing storage devices and the networks on which they reside.

Update: The Reg has some good detailed analysis here.

The Monster Arrives

Bruce - the other Bruce - says: "We've warned you for a decade". More precisely:

Now the monster has finally arrived: attacks against Open Source developers by patent holders, big and small. One is a lawsuit against Red Hat for the use of the principle of Object Relational Mapping used in Hibernate, a popular component of enterprise Java applications everywhere. The other attack is on an individual Open Source developer for his model railroad software.

Bruce has been known to annoy people both within and without the open source community, but there's no doubting his credentials. Read the rest of his article for the full details of what's happening and what the larger threats are.

Haugland on ODF and Tube Tops

With postings like this, how can Microsoft Office ever hope to prevail?

SCOing, SCOing, SCOne

IANAL, but it seems to me that this judgement, lovingly typed in by Pamela Jones at Groklaw, is a pretty serious blow to SCO's case against IBM. And it wasn't looking very healthy before.

The real killer seems to me to be the following passage, brilliant and witty at the same time:

SCO’s arguments are akin to SCO telling IBM sorry we are not going to tell you what you did wrong because you already know. SCO received substantial code from IBM pursuant to the court’s orders as mentioned supra. Further, SCO brought this action against IBM and under the Federal Rules, and the court’s orders, SCO was required to disclose in detail what it feels IBM misappropriated. Given the amount of code that SCO has received in discovery the court finds it inexcusable that SCO is in essence still not placing all the details on the table. Certainly if an individual was stopped and accused of shoplifting after walking out of Neiman Marcus they would expect to be eventually told what they allegedly stole. It would be absurd for an officer to tell the accused that “you know what you stole I’m not telling.” Or, to simply hand the accused individual a catalog of Neiman Marcus’ entire inventory and say “its in there somewhere, you figure it out.”

Hard to believe that people were seriously talking about the SCO lawsuit as the end of Openness As We Know It.

29 June 2006

UK Gets Open Access Brownie Points

Stevan Harnad, the OA Archivangelist himself, has given the UK a Bravo! for the Research Council UK's decision to let individual funding councils decide for themselves whether or not to mandate OA self-archiving. As he says:

Although we had rather hoped for a more concerted consensus from Research Councils UK (RCUK), nevertheless, with three out of the eight councils mandating Open Access Self-Archiving, one strongly encouraging it, and four not yet decided, that is still enough to restore the UK's commanding lead in worldwide OA Policy today.

(Via Open Access News.)

Pootling Away

As I've pointed out before, one of free software's great strengths is that it can serve smaller markets that proprietary systems can't be bothered with. So it's good to find that there is some free software specifically designed to help with the process of translating the wordy bits of programs into new languages.

The overall project is known by the dull moniker of translate.sourceforge.net, but is redeemed by the splendidly-named Pootle portal to facilitate the process. More about Pootle and related projects at Wordforge can be found here.

LiMux Läuft

The City of Munich's decision to migrate to free software was one of the banner victories of the open source world. For this reason, a lot of people - no names, no packdrill, Steve - have a vested interest in seeing it fail, preferably dramatically.

And certainly, things have not gone entirely smoothly for the LiMux project: for example, there was the business about European software patents that slowed things down. But things are still moving: as the deputy Lady Mayor of Munich put it: "LiMux läuft" - LiMux is running (in all senses).

Now, there's more sniping, this time in the Senate administration of Berlin (a little inter-city rivalry, or something more?). Anyway, Munich is resolute in its defence of the project, and Heise Online has a good summary of the current state of play there.

Checking Out Google Checkout

I've not used Google Checkout, launched today, in anger yet, but I've no reason to think that it won't do what it says on the tin. There are, however, a couple of things that strike me.

The first is pretty obvious: by adding this facility to let signed-up Googlers - people who probably already use Gmail and Google a lot - pay by using this system, the company is going to know even more about what you are doing, potentially at least.

Even if the company never joins the dots together, we've already seen that the US Government wants to get its mitts on all that yummy data for its own nefarious purposes. Similarly, lawyers are bound to try to gain access to all kinds of incriminating evidence this cross-linked data will provide.

Secondly, and less obviously, perhaps, is he fact that Google is entering even further into Microsoft territory here. As the press release puts it:

Google Checkout helps merchants streamline the checkout process and also works with Google's advertising program, AdWords, so merchants can attract more customers and increase sales. The Google Checkout icon on AdWords advertisements makes it easier for shoppers to find Google Checkout stores when they search. Once shoppers buy with Google Checkout, AdWords advertisers can also process all or a portion of their sales for free. For every $1 merchants spend on AdWords, they can process $10 in sales through Google Checkout at no charge.

In other words, Google is using the power that it has gained through the success of AdWords to help cross-promote the acceptance of Google Checkout. When Microsoft does this kind of thing, the world squawks: perhaps it's time to do the same with Google.

Update: Om Malik has some interesting thoughts on what this all means.

28 June 2006

Use, Re-use and Abuse

A PLoS blog post provides some examples of the Creative Commons' Attribution Licence being used in anger. The idea here, of course, is that you are free to re-use material licensed in this way - if you give proper attribution. The blog lists a few examples of saints who do - and one sinner who doesn't.

Naming and shaming is an important way to police this kind of (ab)use, and should be a routine part of the way the Attribution Licence is used.

Why Open WiFi Security Isn't a Problem

In a study of almost 2,500 access points in Indianapolis, presented at the Workshop on the Economics of Information Security at the University of Cambridge on Monday, researchers found that 46 percent were not running any form of encryption.

But the article this comes from goes on to quote several sensible comments on this fact, including one from the ever-dependable Bruce:

security expert Bruce Schneier argued that as long as people's devices were secure, having a secured network was unnecessary.

"I have a completely open Wi-Fi network," Schneier told ZDNet UK. "Firstly, I don't care if my neighbors are using my network. Secondly, I've protected my computers. Thirdly, it's polite. When people come over they can use it."

There are also wise words from Microsoft's chief privacy adviser for Europe, Caspar Bowden:

"If you do want to secure your network, look at end-to-end solutions rather than some of the dodgy crypto around like WEP," Bowden said. "There's only one thing worse than no security, and that's a false sense of security," he added.

Amen to that.

More Kudos to Auntie

Another sign that at least some people at the BBC get it.

There's a good post by Paul Mason about user-generated versions of sporting events (I gather there's something of the kind going on somewhere at the moment). He points out that all sorts of content are starting to turn up on YouTube. I was particularly struck by this paragraph:

Other spin-off coverage is the rise of the montage-to-music genre of football imagery to make a point. This excellent lament by a S Korea fan of their trouncing by Switzerland is a case in point....though because it is composed of copyright images you will have to click thru to it rather than running it on this site...

This treads a fine line: it doesn't directly take on the copyright thugs, but it certainly doesn't condemn what's going on either. Obviously, a high-profile institution like the BBC has to be careful, but this sensible, moderate approach augurs well for the future. (Via TechDirt.)

27 June 2006

Welcome to the CodePlex

Talking of chasing tail-lights, I see that Microsoft has followed up shared source, its not-quite-open-source initiative with the CodePlex, a kind of milk-and-water SourceForge. (Via Matthew Aslett.)

Horror vs. Horror: A Study in Contrasts

As TechDirt notes, it's rather curious that not one but two articles about Nathan Myhrvold's Intellectual Ventures should appear almost simultaneously. One is in BusinessWeek Online, and the other in Fortune.

Both tell the frightening story of Intellectual Ventures (IV) that I've commented on before. What's interesting here is the study in contrasts that the two features offer. It's worth reading both, just to make your flesh creep.

The Fortune piece is better, because it has a real nugget:

Microsoft confirms to FORTUNE that it is putting $76 million into IV: $36 million as an equity investment and $40 million for the right to use IV's inventions, with an option to invest an additional $40 million later.

This is an important fact, because it shows why Intellectual Ventures is likely to become the twofold bane of the open source world - because patents are problematic in general, and because it will be convenient for Myhrvold's ex-boss.

Any Port in a Hurricane

Microsoft has a guilty secret: Windows runs on very hardware platforms. GNU/Linux, by contrast, is a port monster: if it's digital, someone, somewhere, has probably done a port. But even I was impressed to find that GNU/Linux has been ported to a hurricane simulator....

26 June 2006

SuSE on a Stick

Computer Weekly (disclaimer: in a parallel universe, I used to write for this a lot) reports on a SUSE Linux Enterprise training course contained on a portable USB drive.

What's most interesting about this is that it presages a future when everything is on a stick - Knoppix DVDs, the complete works of Telemann, everything that we now buy on CDs and transfer to a hard disc. In fact, one day, people will laugh at the idea of putting valuable data on thin discs coated in magnetic powder spinning at high speeds - rather as we do at the idea of mercury delay lines. (via LWN.net.)

Taiwan Gets Ready

Here's an interesting twist on government requirements:

The Central Trust of China, Taiwan's government procurement agency, has commissioned the Taipei Computer Association (TCA) to ensure that bids from PC vendors include equipment that are compatible with Linux.

Now, at the moment this only requires hardware to be certified as compatible; but there's little point mandating this particular kind of hardware if you're never going to use it....

Ain't That the Trout

A lovely story told by Solveig Haugland that provides insight into the real reason people don't all switch from Microsoft Office to OpenOffice.org, and how to overcome it. (Fab artwork, too.)

RMS on DRM

Groklaw has a short interview with RMS. Nothing really new, but the following is well put:


this is an interesting example of the difference between Free Software and Open Source. Some people promote what they call "Open Source DRM". Now, recall the difference in fundamental values between Free Software and Open Source. In Free Software, our values are freedom and community. We want to be part of a community of free people. Whereas, in Open Source, they talk about making powerful, reliable software and they promote a development model. Now, for us, the question of how a program is developed is a secondary issue. I mean, if some models work better than others, fine -- use them. But that's not what's really important to Free Software, to people who value -- who support the Free Software movement and value freedom.

So, there are people who say that they could apply that development model to developing software designed to restrict us. And maybe it's true; maybe if people study and share and collaborate in developing software designed to take away our freedom, it might become more powerful and reliable in taking away our freedom. But that's a bad thing. That's evil. It's -- in spirit, it's similar to collaborative development of a virus. If something is evil, we don't want it to be done well. We want it to be done as badly as possible.

(Via Slashdot.)

25 June 2006

Microsoft's WinFS: Not Pining for the Fjords

"Chasing tail-lights": that's all free software ever does, according to Microsoftie Jim Allchin. Open source never innovates, you see, it only copies. Unlike Microsoft, the paradigmatic Great Innovator.

Take WinFS. A truly interesting idea, for reasons this Microsoft introduction makes plain (no, really). It was announced as part of the great, innovative vision for Longhorn/Vista, but as the note at the top of the page in the previous link warns:

UPDATE: In spite of what may be stated in this content, "WinFS" is not a feature that will come with the Longhorn operating system. However, "WinFS" will be available on the Windows platform at some future date, which is why this article continues to be provided for your information.

Ah, well, never mind. At least that innovative feature will be available on the Windows platform at some future date.

Or maybe not. This blog posting by the WinFS team essentially says WinFS is not deceased, it is merely pining for the fjords. Most of those commenting are unimpressed by this innovative way of looking at things.

This one is representative:

Wow. Talk about spin.

I'm normally a pretty strong supporter of MS, but I don't hesitate to lay into them when they deserves it. This blog posting is pure spin. WinFS is dead.

Or to put it another way:

This WinFS is no more! It has ceased to be! It's expired and gone to meet its maker! This is a late WinFS. It's a stiff. Bereft of life, it rests in peace, if you hadn't nailed it to the perch it would be pushing up the daisies! It's rung down the curtain and joined the choir invisible! This is an ex-WinFS!

Maybe Microsoft could chase open source's tail-lights instead - if it bought some binoculars....

Update: Jack Schofield has written a good history of the rise and fall of WinFS.

Not With a Bang But a Whimper

Could Paul Maritz be the emblematic man of early 21st century computing? I know, I know, it seems unlikely at first sight, but remember that Maritz was one of the archetypal Mr Microsofts during the latter's heyday. He was also part of a vast wave of defections as it became clear which way the wind was blowing.

Which is what makes his new company, PI Corporation, particularly interesting. Its premise?


The PC and the "GUI" interface of the 1980’s and 1990’s made it possible for tens of millions of people to author and manage documents. But with the spread of the Internet, the number of items of information users need to deal with has increased dramatically. The established metaphors and tools for dealing with this mass of information are starting to creak and groan. Just look at the average persons “inbox”.

We're routinely dealing with thousands of items of personal information - documents, email messages, web pages, calendar items, contacts, pictures, etc. The folder, desktop and drag-and-drop metaphors are no longer up to the task.

and

we believe that users should have their PI always available to them, wherever they are and whatever device they are using.

PI accomplishes this allowing information to be replicated across machines and devices, freeing the user from being dependent on a single device.

Sounds to me like Paul has rather gone off Windows and PCs. Instead, he seems to like Net-based distributed architectures. Note, too, how Windows and GNU/Linux are mentioned in the same breath, as are IE and Firefox - because the end-user platform doesn't really matter anymore.

Maybe he's on to something.

24 June 2006

Publishing in the Age of Openness

OpenBusiness has an interesting interview with one of the Economist's technology corresponents. He has some sensible things to say, for example on copyright:

What is needed is balance, and clearly we need to redraw the scales in favor of encouraging the new creativity that technology enables — with an open-business approach in mind. Only a fool would stand against the crashing tides. It’s hard to see the protections granted to incumbent content industries as anything other than anachronistic privileges and economic protectionism. It certainly doesn’t help matters that they’re suing everyone and lobbying legislatures to strengthen their rights, even though it holds back incredible public creativity.

and on peer production:

Online, with no physical space constraints, entries can expand indefinitely. Take that, and add to it that peer-production tends to be cumulative, and the result is there is a tendency for things to grow, but little editing function to condense it into a more useful form. There is a great value not just in completeness but being concise — maps are drawn at scale rather than actual size for a reason.

Self, note: be concise.

Openness and Randomness

A wonderful dotty Tory story.

The Conservatives in the European Parliament are worried about the INSPIRE directive. As you may recall, this will allow public access to geospatical data.

Good thing, you might say. Not according to the Euro-Tory Geoffrey Van Orden:

I am very concerned that, in spite of Conservative opposition (not supported by the wider EPP-ED Group), the Parliament has passed amendments that allow for unlimited public access to certain spatial data including oceanographic survey data.

From this it would be possible to identify trends in sea areas that are being surveyed and the timescales involved. Analysis of such information over time could lead to conclusions about naval patrol routes. This has clear implications for the safety of Royal Navy vessels, including the nuclear deterrent force.

So from this we may deduce that naval patrol routes are completely predictable - if they were random, they'd be no problem. But since there are plenty of people who already have access to geospatial mapping data - the Americans,the Russians, the Chinese (presumably) - this also means that they know exactly where Her Majesty's Ships are (including the nuclear deterrent force.)

So, Geoff, rather than complaining about the openness of this geospatial data, wouldn't it be better to campaign for the Royal Navy to introduce a little randomness into its routes?