2008-11-09 Show Notes
Offset
Topic
00:17
Intro
Job search update
In short, I am still searching
I have an interview, tomorrow
Overall response rate is slow
Not hearing back from as many applications as I would have hoped
Still have two developed leads, this new one, and a solid recruiter on
two more
Signal to noise ratio and slowness means I haven't gotten any good
cold hits
02:42
Security Alerts
03:01
Severe G1 bug passing keystrokes to the root shell
http://blogs.zdnet.com/Burnette/?p=680
Based on simple evidence
Report of a user trying to send a message starting "reboot"
Phone then rebooted
Independently confirmed
Effects versions up through and including RC29
Fixed in RC30, pushing out now but may not be on all phones, yet
Problem seems to stem from some lines in init.rc
A Linux power user could probably fix it themselves
A simple workaround is to type "cat" right after boot
Prevents the phantom root shell from listening
05:05
Researchers to share initial WPA crack
http://www.itworld.com/security/57285/once-thought-safe-wpa-wi-fi-
encryption-cracked
Erik Tews, Marin Beck
Tews to present at PacSec in Tokyo
Only managed to crack TKIP
Not the actual session key encrypting the data
Were able to do so in 12 to 15 minutes
Didn't say what class of machine
A dictionary attack has been theoretical possible on TKIP before now
This research demonstrates it is practical
Does not affect WPA2, but that needs RADIUS
This partial crack may elevate interest, accelerate research
Clarification on WPA crack
http://arstechnica.com/articles/paedia/wpa-cracked.ars
Doesn't recover the TKIP keys
Offset
Topic
02:42
Security Alerts
05:05
Researchers to share initial WPA crack
Clarification on WPA crack
Allows for decrypting individual, short packets
Sounds like it also allows injecting arbitrary data in short packets
Could potentially open up ARP and DNS attacks
Rest of the Ars piece discusses the history of attacks on wireless
encryption
07:56
News
08:09
Wikipedia allowed to relicense from GNU FDL to CC license
http://lessig.org/blog/2008/11/
enormously_important_news_from.html
FSF has release v. 1.3 of GNU Free Document License
Section eleven allows for re-licensing under CC BY-SA 3.0
With a limit, must be re-licensed by August 1, 2009
Section 11 also apparently only applies to wikis
FDL is apparently not compatible with CC, other open content
licenses
Has prevented Wikipedia's use with projects under other licenses
FDL was crafted for software documentation
Not intended for the same kinds of re-use, remix as CC licenses
Lessig credits Stallman
FDL could have remained incompatible
Motivation would be for FSF to lay claim to Wikipedia in perpetuity
FSF, FDL should continue to be credited for making Wikipedia
possible
CC on change to FDL that allows Wikipedia to re-license
http://creativecommons.org/weblog/entry/10443
Wikimeda Foundation requested the change from FSF
CC has been working to support massive collaborations
Version 2.5 started to address attribution for such projects
Linksvayer says future versions will address further
Remember that licenses are updated much more slowly than
software
Will also be working on how SA applies to use of images
Sounds like CC is attempting to better align with FSF's goals
Debian project identified some issues with GFDL
http://www.debian.org/vote/2006/vote_001
GFDL's language on invariance seems to be part of the problem
Means derivative works must be distributed with the original
Like the copyleft aspect of the GPL
Might disincent those looking to cite, re-use Wikipedia material
Transparency, anti-DRM measures also remarked on
13:46
Suit claims Diebold violated GPL
Offset
Topic
07:56
News
13:46
Suit claims Diebold violated GPL
http://feeds.arstechnica.com/~r/arstechnica/BAaf/~3/Z9qUC3p87as/
20081104-diebold-faces-gpl-infringement-lawsuit-over-voting-
machines.html
Suit filed by Artifex Software, company behind Ghostscript
Open source software for processing postscript
Ghostscript is dual licensed, GPL and commercial
Free use requires satisfying copyleft nature of GPL
Commercial allows use without copyleft for a fee
Use of Ghostscript first arose during Jim March's investigation in
Pima County
Corroborated by developers on Ghostscript mailing list and at Artifex
Ghostscript developer Ralph Giles referred to the company
Artifex considers integration into Diebold's system a GPL violation
Not clear if Diebold directly modified code or minimally to integrate
Regardless, they are not publishing their use of the software
Seems to indicate a naive usage, thought process of free without
condition rather than getting copyleft
Seeking $150K in damages, injunction on use
Noteworthy as this is an other test of GPL
Like most cases, will probably settle
Also says much about the vendor
Didn't do due diligence on license obligations
Many high profile commercial users, no reason they could have
gone that route
Is consistent with other problems in their technology
Indicates problems are not isolated, systemic through the company
Hopefully this will sway more jurisdictions to stop using, buying
these machines
Wonder if other vendors will take more care as a consequence
18:16
Android based G1 has been jail broken
http://feeds.arstechnica.com/~r/arstechnica/BAaf/~3/sbRdaBPSomk/
20081105-android-liberation-t-mobile-g1-jailbroken.html
Open SDK only grants vendors freedom
The software is still closed in some ways to the consumer
File system access and expansion seems to be the driver
As delivered, cannot add storage to a G1 to run apps
Breaking also allows user to set up own daemons, not just visible
apps
Carriers, vendors no doubt think this is necessary
Probably some similar thinking to Apple about bandwidth hogs
Google already revealed Android has a remote kill switch for similar
reasons
Hackers have figured out how to open up to owner
Offset
Topic
07:56
News
18:16
Android based G1 has been jail broken
Can log in via a terminal app available in the marketplace
This is a preliminary step
Already listing files, re-mounting file system with full privileges
Opens the way for further owner customization
Process for G1 pretty simple, just used standard terminal, commands
A result of Android's more open nature
iPhone required all custom software, reverse engineer Apple's
management mechanisms
Ars doesn't think Open Handset Alliance will work to prevent break
And the G1 has been patched to stop the jail break
http://feedproxy.google.com/~r/weblogsinc/engadget/~3/
ivcPzV_vfZI/
Pushed by Google, not necessarily OHA
Are updating the source code, SDK
The fact that they are obliged to do so may make policing harder
Those who wish to break the phone have more information than
iPhone hackers
Even though Google moved to crack down, still interesting to see
how this will play out compare to iPhone
22:05
Research disputing the long tail economic theory
http://www.theregister.co.uk/2008/11/07/long_tail_debunked/
Study based on tens of millions of transactions
From an unnamed music provider
Researchers William Page, Gary Eggleton, and Mblox founder
Andrew Bud
Mblox is mobile music provider
Page works for collecting societies in the UK
Not hard to speculate data came from Mblox
Graphed out 1.5MM rows in a spreadsheet
Found the curve followed a log-normal distribution rather than power
law
Most of the sales in the top 14 titles
80 percent of the music in their data didn't sell at all
Seems to be some admission by Bud of places where the long tail is
in evidence
Simply thinks it doesn't apply to music
Researchers are critical of Anderson for using just Rhapsody data
Don't reveal their own sources, don't attempt to quantify other
variables
Register accuses Anderson of confirmation bias
Seeking out data that supports his theory
Also accuse him of anecdotal thinking, lacking rigor
Bud's father is a traditional economist, hinting at his own bias
Offset
Topic
07:56
News
22:05
Research disputing the long tail economic theory
Rattle on about division of labor under labels
If you read the IBSG, still room for specialists
The difference is contracting them directly versus signing your rights
away
Also seem to think their research backs collecting societies
Could accuse Page of confirmation bias, propagandizing
Talking with indie musicians, it is not an either or world any more
Page also "debunked" KK's 1000 true fans
Some of the criticism of both is merited, sure
Excludes the possibility of other options
KK's, Anderson's ideas may not apply as broadly as they suggest
But they still apply, may work better for some creators than other
models
Setting aside questions of cultish following, do enrich the field
Anderson's thoughts on Page's research on the long tail
http://feeds.feedburner.com/~r/TheLongTail/~3/446920810/more-
long-tail.html
Three thoughts on the matter
Page doesn't reveal anything about his data
What period does it cover?
What source?
If mobile music, as seems reasonable, Anderson has
considered that and defined why it is an exception
Lack of good filters, namely search and recommendation
If their source is iTunes UK, could mean pay per track
discourages long tail
All you can eat of Rhapsody reduces risk, encourages
Could be difference in filters in iTunes
Could also be geographic difference
An admission, in his book, that other models still apply
Reinforces that long tail hinges on certain preconditions
Discoverability of goods seems to be key
Not just infinite storage
Can't formulate a more specific response
Page didn't share any further details of his research
Admits Page is a good economist, that he may have found
something broad
No way to verify his findings
Gives some positive data on space where long tail is operating,
search
29:09
tail -f
29:28
FCC approves use of white spaces
http://www.publicknowledge.org/node/1850
Offset
Topic
29:09
tail -f
29:28
FCC approves use of white spaces
A checkered history
Device tests burdened with failure
Much FUD from broadcasters, concerns about interference
Voted on by the FCC on Tuesday
Agreed to open up spectrum between the channels for unlicensed
use
Unclear if this will be like WiFi
A few conditions around safety, such as transmission power
Doesn't sound like it will be auctioned
This spectrum carries far and propagates well
Think of how well over the air broadcast works
Also unclear on whether a software controlled radio approach will be
used
Listen in on spectrum, use if nothing is there
Or a central database
By geography, which channels are in use and where in the spectrum
Regardless, a huge win for potential wireless broadband
Wouldn't be beholden to cell operators
Could potentially work better than Wimax has
Will be interesting to see if incumbents act to block or participate
31:53
WIPO broadcast treaty is back
http://feeds.publicknowledge.org/~r/publicknowledge-fulltext/
~3/446153537/1862
Broadcast treaty one of three under consideration
Audiovisual performance, limits on copyright
Audiovisual performance, broadcast have been in limbo
That appears to remain the case with broadcast treaty
Points out that a hold on the treaty had previously been announced
Despite lack of progress, it is now being worked on again
Past versions would have expand broadcaster rights
Controversial measure would have given them rights on works just
for transmitting them
Split in consensus over broad or narrow rights
Developed nations generally favor broad, developing narrow
Makes sense as developing nations want fewer limits on their growth
US was primary pusher of webcaster rights n the past
Had agreed to split that consideration off
Apparently now bringing it back to the table
Many think this will bog the treaty further
Several countries just want further study or time for issues to settle
NGOs seemed more lively
Offset
Topic
29:09
tail -f
31:53
WIPO broadcast treaty is back
Similar divide with broadcasters wanting broader rights, public
interest groups narrower
Treaty will continue into the next session
34:50
Outro
Contact me
Email to feedback@thecommandline.net
Web site at http://thecommandline.net/
IM to command.line@skype
Listener comment line is 240-949-2638
del.icio.us tag is "for:cmdln"
http://twitter.com/cmdln
I'd like to thank libsyn.com for AAC hosting and Wouter de Bie for MP3
hosting
These notes and the show audio and music are covered by a Creative
Commons license
http://creativecommons.org/licenses/by-nc-sa/3.0/us/
Attribution, non-commercial, share alike