Recently in Community Category

The OpenVAS project, a free and open source replacement for Nessus, announced its first stable release yesterday afternoon. This release includes server installation packages for OpenSUSE, Fedora, Mandrake, Gentoo, and FreeBSD. A client only package is available for Windows.

Nessus, one of the standards in vulnerability scanners, was an open source project until a couple of years ago. This project is a fork from the last open version.

From Full Disclosure:

The OpenVAS project is proud to announce the release of the first stable
version of the "Open Vulnerability Assessment System". OpenVAS is a fork of
the Nessus security scanner; while Nessus switched to a proprietary license,
OpenVAS will continue to improve the scanner and will provide all components
as Free Software.{From FullDisclosure: OpenVAS Stable Release]

Georgian President Mikheil Saakashvili will be giving an open press conference via telephone this afternoon. As far as I know, this event is unprecedented in providing access to online and community; sponsorship by a major news organization is not required to directly interact with a head of state.

From RBN:

Tbilisi, Georgia - Mikheil Saakashvili, President of Georgia, will be giving a briefing for international media via teleconference on Monday, August 11, at 11:00 CET (13:00 TBS, 10:00 UK Time, 05:00 ET).

WHEN: The call will take place on Monday, August 11, at 13:00 Tbilisi Time (11:00 Central European Time, 10:00 UK Time, 05:00 Eastern Standard Time); the call will run for approximately 30 minutes.

HOW TO JOIN THE CALL: To join the call, dial +1.706.679.3044 (internationally) or 877.810.6130 (in the USA) Provide the operator with this conference ID: 59983245 [From Russian Business Network (RBN): RBN - Georgia CyberWarfare - Conference Call]

Audio recordings from the Last HOPE conference are available online here. It's a long and diverse list of topics that really reflects the history of both the conference and 2600 magazine. I'm sure you can find something that matches your interests and skill level.

I've tossed some onto an iPod for listening this week.

The EFF announced today a new project to shelter developers from legal threats while working on new and emerging technologies.

From LWN:

The Electronic Frontier Foundation (EFF) today launches its Coders' Rights Project -- a new initiative to protect programmers and developers from legal threats hampering their cutting-edge research.

* * *

"Coders who explore technology through innovation and research play a vital role in developing and securing the software and hardware we use everyday. Yet this important work can be stymied by bogus legal threats," said EFF Civil Liberties Director Jennifer Granick, who is heading up the project. "EFF's Coders' Rights Project will provide a front-line defense for coders facing legal challenges for legitimate research activities." [From EFF's Coders' Rights Project [LWN.net]]

Today at OSCON, hell froze over.

According to The Register, Microsoft has decided to embrace (some) free/open source software and has joined the Apache software foundation to the tune of $100k a year.

From The Register:

After years of hostility towards Free Software Foundation (FSF) licensing (here and here) Microsoft has announced the first in a series of PHP patches - and it's using an FSF license.

Microsoft told The Reg it's submitted a patch to the community for the ADOdb database abstraction library for PHP to add support for the PHP SQL Driver developed with PHP shop Zend Technologies. The patch is under the FSF's Lesser GPL (LGPL).

And, in a further move towards greater support of open source, Microsoft is becoming a platinum member of the Apache Software Foundation (ASF), paying $100,000 annual membership. The move follows work between the two to support the Office Open XML file formats in Apache's POI project. [From Microsoft pledges love and money to open source | The Register]

This is a smart move on Microsoft's part. There is an enormous amount of innovation going on in the open software communities, and rather than fighting that innovation, Microsoft can now leverage it. This move will make the Windows platform more compatible for open source projects and open a new marketplace for the core operating environments such as Windows Server and SQL server.

More importantly, though, it makes it much easier for many developers to jump back and forth between platforms, coding in whichever environment makes the most sense for a project.

One has to wonder if this is Ray Ozzie's first major change as the new Chief Software Architect at Microsoft. If so, he's started out on the right foot

Today at OSCON, David Recordon of Six Apart (which produces Movable Type, the software that drives this blog) announced the formation of the Open Web Foundation.

From O'Reilly Radar:

To make sure that we working towards the same goal foundations (like OpenID) and specs (like OAuth) are created. Each time some of the same mistakes are made. The Open Web Foundation's goal it to provide a home for community created specs. with mentorship, resources and infrastructure. Hopefully this will help teams spend time on making the spec. [From Announcing the Open Web Foundation - O'Reilly Radar]

This is a very good thing -- standardized, community-driven specifications can be written at the speed of innovation instead of waiting for one format or another to win out (or waiting for Steve Balmer to giveth).

Here are the slides from the announcement:

Information Security Magazine's online portal, points to a study released today by Fortify Software software about the security of open source projects.

From Search Security:

Enterprises often rely on open source software to save development time and money, but they should rely on open source for good security, according to a study released today. The review of 11 popular projects revealed numerous vulnerabilities and a general absence of sound security practices.

* * *

The study discovered thousands of vulnerabilities, including nearly 23,000 cross-site scripting flaws and more than 15,000 SQL injection flaws. Of more concern, perhaps, is that there's little evidence open source projects have made finding and remediating security issues a priority. The number of flaws stayed about the same or even increased through each of three new versions of six of the packages tested. (CRM/groupware Hipergate had by far the most issues, more than 14,000.) [From Open source projects fall short on security]

Linus Torvalds doesn't think that security issues are any more important than other bugs. I think that attitude is reflected in results like these. The vulnerabilities in the study were located via an automated scanner then verified by hand. These are the types of bugs that an attacker can find with minimal effort.

With proprietary software, massive vulnerability such as this would express its urgency in the stock price, forcing management to expedite patching. At Microsoft, the security team has the power to stop software from shipping if there are significant vulnerabilities that put their customers at risk.

In open source software, bug fixes are prioritized according to the interests of charismatic leaders instead of being driven be the needs of the end user. Linus is, in effect, making Steve Balmer's case for him.

The full text of the study can be found here.

Another video, this time from a new electronics-hacking series called Citizen Engineer. The first installment premiered at HOPE over the weekend.

Here's the description of the first installment from the series site:

Learn how a SIM card works (the small card inside GSM cell phones) make a SIM card reader, view deleted messages, phone book entries and clone/crack a SIM card.

Modify a "retired" payphone so it can be used as a home telephone and for VoIP (Skype). Then learn how to modify the hacked payphone so it accepts quarters - and lastly, use a Redbox to make "free phone" calls from the modified coin-accepting payphone. [From citizen engineer]

And here's the video:

Citizen Engineer from citizen engineer on Vimeo.

The United States was ranked 48th in press freedom by Reporters Without Borders 2007 index. Countries with greater freedoms include Estonia, Boznia, Ghana, and Taiwan.

From the announcement:

There were slightly fewer press freedom violations in the United States (48th) and blogger Josh Wolf was freed after 224 days in prison. But the detention of Al-Jazeera's Sudanese cameraman, Sami Al-Haj, since 13 June 2002 at the military base of Guantanamo and the murder of Chauncey Bailey in Oakland in August mean the United States is still unable to join the lead group. [From Reporters sans frontières - Annual Worldwide Press Freedom Index - 2007]

Here's a link to the index itself, and its methodology.

Christopher Hitchens writes about a need for English-language technical (and other) books at the American University of Iraq in Slate.com:

I recently received a progress report from Sulaymaniya from Thomas Cushman, who is a professor in the sociology department at Wellesley College and the founding editor of the Journal of Human Rights. He tells me that the American University attaches very special importance to the establishment of a library in English. An initiative has been set up to furnish the campus with the most up-to-date books that can be provided.

As Cushman writes:

What I did was ask colleagues to donate books, which they did in good numbers. We sent thirty cartons of first-rate books, especially on global affairs, history and literature and they are housed in the new library. ... The university is especially in need of technical books, social science books, software even. ... Nathan Musselman, the Prefect of the University who is teaching a class, wrote to me thrilled to tell me that the students were now writing their term papers in English and using many of these books as their main sources for research. He is greatly desirous of receiving more, now that the initial library is set up. ... So the idea is to get people to donate in a more micro way; to send one or two new, current and important books (perhaps they have review copies, extra copies, etc) to the new library of the University. All of these small polyps could yield a substantial coral reef of knowledge for the new generation of students there.

So here's what to do. Have a look at the university's Web site. Get some decent volumes together, pass the word to your friends and co-workers to do the same, and send them off to:

Nathan Musselman
Building No. 7, Street 10
Quarter 410 Ablakh Area
Sulaimani, Iraq
(+964) (0)770-461-5099

It's important to include the number at the end. [From Send a book, build democracy. - By Christopher Hitchens - Slate Magazine]

This is an amazing opportunity to help shape a nation's technology. Students can only read books that are available to them, so if you're of a particular religious persuasion, start sending them those Ruby or C# or Cobol (if that's your thing) texts. In addition to looking through my library for relevant books I don't use any more, I'm ordering Restful Web Services, Secure Coding: Principals and Practices, and a couple of others.

It's a sad day -- the Star Trek-themed section of the Las Vegas Hilton is closing. I've never been -- I've always visited Vegas with non-Trek types and assumed that I'd have another opportunity. I had been leaning against going to Defcon this year (mostly due to the cost of an urgent and unplanned home improvement), but this may push me over to the line.

From Wil Wheaton's blog:

It was bound to happen sooner or later, and though I've known this was coming for a few months now, I was still really sad to read confirmation that Star Trek: The Experience is closing September first. [From WWdN: In Exile: Star Trek: The Experience is closing]

Make sure to follow the link to Wil Wheaton's blog -- he has a more personal experience posted, excerpted from his excellent book, Dancing Barefoot.

In an article published Wednesday by BBC News, Richard Stallman, founder of the Free Software Foundation, blasts Bill Gates on the occasion of his retirement. Not only does he go after Microsoft, but he swings at the Bill and Melinda Gates Foundation, which does an enormous amount of good around the world:

Gates' philanthropy for health care for poor countries has won some people's good opinion. The LA Times reported that his foundation spends five to 10% of its money annually and invests the rest, sometimes in companies it suggests cause environmental degradation and illness in the same poor countries. [From BBC NEWS | Technology | It's not the Gates, it's the bars]

Stallman clearly has an irrational obsession with vilifying Gates, evening bringing up the infamous Gates letter to computer hobbyists from 1976:

The letter is 32 years old and dates to a completely different era of computing. It's an interesting historical footnote, yes, but isn't it time to give it a rest as a serious argument against proprietary software? Shouldn't the argument be about the success and advantages of open source?

Gates' villainy -- real or imagined -- has clearly become an idee fix for Stallman, who even goes as far as to insinuate that Gates is a Bush crony:

Microsoft persistently engages in anti-competitive behaviour, and has been convicted three times. George W Bush, who let Microsoft off the hook for the second US conviction, was invited to Microsoft headquarters to solicit funds for the 2000 election. [From BBC NEWS | Technology | It's not the Gates, it's the bars]

I am a supporter of free and open software, but Stallman's behavior makes it more difficult to whole-heartedly support the Free Software Foundation. When he pens polemics this vitriolic, he seriously hurts the GNU cause in the court of public opinion.

Have I mentioned how much I love TED? I can't think of a better way to spend a spare five to twenty minutes than listening to important thinkers talk about interesting ideas.

This evening I listened to a couple of recent posts that together paint a dystopian picture of the future. If you extrapolate from one talk to the other, we may quickly have Cylons/Terminator/insert favorite scifi disaster here.

First, a 2003 talk by George Dyson on the birth of the computer. While he entire talk is fascinating and entertaining, you'll need to pay close attention to the section on Nils Aal Barricelli and his universe at the end.

Susan Blackmore is a memeticist, and the first portion of her talk is an introduction to memetics. After this she proposes a new type of meme, a techno-meme (or teme as she calls it), that is self replicating independent of human activity.

From AlleyInsider:

A mobile company is porting Second Life to your phone. More precisely, some phones: Vollee, which helps game companies with the move to mobile, says it has figured out how to take Linden Lab's graphics-heavy game and put it on 40 3G and WiFi enabled handsets (no iPhone or BlackBerries, yet). It's free to anyone with an account in the virtual world.

The list of currently supported devices is disappointing, and even though I'm  a little bit skeptical, the video looks promising:

Part two of Howard Rheinghold's Smart Mobs, Collective Action, Media, and Democracy has been posted on his vlog. I mentioned the first part about a week ago.

On to the video: