Blackmoor Vituperative

Attached hereto as Exhibit D is a true and correct copy of a still image taken from Stanley Kubrick’s 1968 film “2001: A Space Odyssey.” In a clip from that film lasting about one minute, two astronauts are eating and at the same time using personal tablet computers. The clip can be downloaded online at http://www.youtube.com/watch?v=JQ8pQVDyaLo. As with the design claimed by the D’889 Patent, the tablet disclosed in the clip has an overall rectangular shape with a dominant display screen, narrow borders, a predominately flat front surface, a flat back surface (which is evident because the tablets are lying flat on the table’s surface), and a thin form factor.

(from Samsung cites Stanley Kubrick’s ‘2001: A Space Odyssey’ movie as prior art against iPad design patent, FOSS Patents)

Let’s hope that the judge tells Apple to stop bullying people and stop pretending they invented everything.

I have been saying for years that passwords, as a concept, need to go away. As implemented, passwords don’t work, and the ludicrous “complexity” requirements imposed my many companies are little more than a guarantee that the user will write their password down, which is one of the easiest ways for a system to be compromised.

Here’s a cartoon from xkcd that illustrates why ridiculous password policies don’t even make sense from a security perspective.

The gist of it is this: long passwords (passphrases, actually) are more secure than short ones.

Controversy continues to rage over the San Francisco Bay Area Rapid Transit (BART) District’s unilateral decision to follow in the footsteps of Egypt’s now fallen dictator Hosni Mubarak, by cutting off cell phone services in an attempt to quell protests (in BART’s case, a protest that didn’t actually occur).

The “Anonymous” group has today already hacked BART’s external Web sites in response, and more protests triggered by BART’s actions may be forthcoming.

Is comparing Mubarak and BART unfair? Over the top? After all, various U.S. observers have been supporting BART’s decision, saying that riders really didn’t need cell service at those locations, didn’t have it in those locales a relatively few years ago, and have suggested that pretty much anything was acceptable in the name of proactively preserving “public safety” — even in the face of nonexistent protesters.

And since luckily it appears that no critical phone calls (“Sorry, I can’t reach the doctor’s cell phone!”) were blocked as a result of BART’s action, it’s no harm, no foul, right?

Wrong. Dead wrong.

[…]

(from BART, Cell Phones, Lenin, and a Steel Cage, Lauren Weinstein’s Blog)

Here is how to remove the Facebook tab from Skype 5:

Stop Skype from running on your computer (Quit). Go to Windows Start. In the search box type %appdata%\skype and press Enter. In the Skype user folder, that will open, locate the folder with your Skype user name. Open this folder and find file with name config.xml. Open this file in any text editor, e.g. Notepad++ or similar. Scroll down until you find section starting with the key . In this section you should see following items

<FlamingoDisconnected>1</FlamingoDisconnected>
<FlamingoLastRead>0</FlamingoLastRead>
<FlamingoLastUpdate>0</FlamingoLastUpdate>

The first item is the one controlling whether the Facebook tab is present or not. If the value is 1, the tab is disconnected, 0 means the tab is connected. If the mentioned item is missing, then you should just add it in front of the two other items. Save the config.xml file and restart Skype. The Facebook tab will no longer be there.

(with thanks to ruwim)

I ran across a set of tutorials and cheat sheets for a few of the more common security vulnerabilities this morning. I thought other people might find them useful. They’re from a company called Veracode. The guides are free, and they point to other free resources if you want to learn more, so they seem to be a pretty good starting point if you are interested in this sort of thing.

• SQL Injection
• Cross Site Scripting
• Cross Site Request Forgery
• LDAP Injection
• Mobile Code Security

Oracle announced a proposal this week to transfer the OpenOffice.org (OOo) project to the Apache Software Foundation (ASF). The move would put OOo under the umbrella of the Apache Incubator program and involve transitioning the project’s source code to the permissive Apache License. The proposal is currently under review by the Apache Incubator Project Management Committee, which has not yet issued a decision.

[…]

Dumping the largely abandoned husk of OOo into the Apache Incubator so that it can continue to be developed parallel to LibreOffice is not a particularly constructive maneuver. If Oracle had opted to take this route last year before its friction with the community necessitated the LibreOffice fork, it would likely have been welcomed by all parties. But handing the project to the ASF at this point, when a significant portion of the OOo community has already chosen to back TDF, is just petty and distasteful.

[…]

This parting shot from Oracle punctuates the company’s legacy of bad stewardship and mishandling of OpenOffice.org. It’s not clear yet whether the proposed Apache OOo will find its footing, but it seems likely that LibreOffice will continue to flourish as OOo’s successor despite this move by Oracle and IBM to fragment the community.

I have believed for a long while now that passwords need to go away. Further support for that position is provided by a PC Pro article called How a cheap graphics card could crack your password in under a second:

Now, I cannot imagine anyone managing to mandate a nine-character, mixed-case, random-character password on an organisation. But if you did, and you weren’t hanging from a tree by the end of the first working day, the CPU would take 43 years versus 48 days for the GPU.

He then went on to add in mixed symbols to create “F6&B is” (there is a space in there). CPU will take 75 days, GPU will take 7 hours.

What does this tell us? well, the stark reality is that even long and complex passwords are now toast. If you think you were being wise by forcing users to have randomisation in their passwords, then think again. It is utterly futile.

[…]

A GPU of the type used by this chap is not unusual or high end. It is standard-issue stuff. Indeed, I have just sat through the AMD presentation here at Computex in Taiwan, and they made a big deal about putting GPU power into netbooks offering 500Gflops, without denting its 12-hour battery life. And that’s shipping within months.

All I can say is this: you have been warned. It is time to think long and hard about password security, and how you do your authentication. This has crept up on us in the background, and we really haven’t been paying attention.

Some of us have been paying attention.

In response to pressure from the U.S. Department of Justice and Germany’s Federal Cartel Office (Das Bundeskartellamt), Microsoft and its CPTN Holding Partners — Apple, EMC, and Oracle — have revised their agreements so that the Novell patents will be under both GPLv2 and Open Innovation Network protection.

So what does it all mean? Andrew “Andy” Updegrove, founding partner of Gesmer Updegrove, a top technology law firm, said, “This is a rather breath-taking announcement from a number of perspectives. Among others, the granularity of the restrictions imposed demonstrates a level of understanding of open source software in general, and Linux in particular, that has not been demonstrated by regulators in the past. It also demonstrates a very different attitude on the part of both the U.S. and German regulators, on the one hand, and Microsoft, on the other, from what we saw the last time that Microsoft was under the microscope. In the past, Microsoft was more disposed to fight than negotiate, and the U.S. and the European Commission were far apart in their attitudes. This announcement conclusively places open-source software on the U.S. regulatory map.”

(from Microsoft gets Novell’s Patents rights but must share them with Open-Source Software, ZDNet)

I think this is a really interesting development. Interesting in the sense that it’s not antagonistic to consumers and developers, and that it’s not what I predicted, or even guessed might happen.

In a statement issued on Friday, Oracle announced that it intends to discontinue commercial development of the OpenOffice.org (OOo) office suite. The move comes several months after key members of the OOo community and a number of major corporate contributors forked OOo to create a vendor-neutral alternative.

OOo is one of many open source software projects that Oracle obtained in its acquisition of Sun. OOo has long been plagued by governance issues and friction between its corporate stakeholders. Sun’s copyright assignment policies and bureaucratic code review process significantly hindered community participation in the project. Oracle declined to address these issues after its acquisition of Sun and exacerbated the friction by failing to engage with the OOo community in a transparent and open way.

A group of prominent OOo contributors eventually decided to fork the project, creating an alternative called LibreOffice. They founded a nonprofit organization called The Document Foundation (TDF) in order to create a truly vendor-neutral governance body for the software. LibreOffice is based on the OOo source code, but it also incorporates a large number of other improvements driven by its own developer community. […]

The community defections eventually made OOo financially untenable for Oracle, which is why the company has finally thrown in the towel. Oracle says that it is ready to hand over control of the project to the community, but doing so at this point would be little more than a symbolic gesture; the community has already moved on of its own accord. […]

The LibreOffice escape from Oracle is a powerful demonstration of how open source forking can be used to protect community autonomy and lock out exploitative stakeholders.

(from Oracle gives up on OpenOffice after community forks the project, ArsTechnica)

You might be tempted to applaud. You shouldn’t. We would all be better off if Oracle had participated in the OpenOffice project in a transparent and open way. Users would be better off, because Oracle brings a lot to the table, and Oracle would be better off, because they would have a foundation for their commercial Cloud Office project (which appears to have been terminated along with their participation in OpenOffice). So, we all lose here, in the short term.

However, in the long term, the project continues, under better conditions that Oracle permitted, and we all benefit from that. It’s just a shame that Oracle was so short-sighted.

Hexographer and Dungeonographer received major updates a week or two ago. If you’ve used either tool since then, you’ve probably noticed the changes.

Both tools received layout changes which reduced the number of menu items by placing buttons for many of those features in panels dedicated to those features. For example, the ability to add custom map items is now a button on the map items tab/toolbox.

There were a great many other changes, as well. You can read more about it at the Inkwell Ideas web site.