Well, it’s been a busy week in Lake Wobegon, hasn’t it? First, the Wall Street Journal broke the story that Microsoft had unwittingly sold 22 patents, not to the Allied Security Trust (which might have resold them to patent trolls), but to the Open Inventions Network. A few days later, perhaps sooner than planned, Microsoft announced the formation of a new non-profit organization, the CodePlex Foundation, with the mission of “enabling the exchange of code and understanding among software companies and open source communities.”
Not surprisingly, more articles were written about the apparent snookering of Microsoft by AST and OIN than about the new Foundation. But while the tale of the 22 patents is now largely over, the CodePlex story is just beginning. Microsoft says that its goal for the new Foundation is to create an open and neutral environment, and that the formation documents posted and governance structure described at the CodePlex Foundation site can provide a foundation for such an organization. The CodePlex site also makes clear that the Bylaws you can find there are just a starter set, stating, “Our governance documents are deliberately sparse, because we expect them to change.”
That’s good to hear, because I’ve reviewed all of the material at the CodePlex site, and I think that quite a bit of the governance structure will need to change before CodePlex can expect to attract broad participation.
Steve Jobs is a genius of design and marketing, but his track record on calling the right balance between utilizing proprietary arts and public resources (like open source and open standards) is more questionable. Two news items caught my eye today that illustrate the delicacy of making choices involving openness for the iPhone platform - both geopolitically as well as technically.
The first item can be found in today's issue of the London Sunday Times, and the second appears at the MacNewsWorld.com Web site. The intersecting points of the two articles are the iPhone and, less obviously, openness. But the types of openness at issue in the two articles are at once both different, and strangely similar.
The Sunday Times piece recounts the (unsuccessful) efforts of Andre Torrez, the chief technology officer at Federated Media in San Francisco, to switch from the iPhone to an Android-based G1 handset, because he objects to the closed environment that the iPhone represents. But after just a week, Torrez reverts to the better app-provisioned iPhone. The Sunday Times author concludes in part as follows:
Modern society harbors many bad habits. One is its penchant for enthusiastically embracing the benefits of new technologies before considering their less desirable side effects. Whether we look at the development of automobiles (first) and safety features (much later), or industrialization (first) and environmental protection (much, much later), the story is always much the same: we reach for the candy before we grasp the reality of the cavities. Only after the problems become too great to ignore do we investigate the unintended consequences, realize how difficult and expensive they are to address, and grudgingly start to rein in our appetites and exercise a bit of prudent self-discipline.
Perhaps we should not be surprised, then, that the U.S. government is only now becoming alarmed over the vulnerability to which we have become exposed as a result of our whole-hearted embrace of the Internet. With the operations of government, defense, finance, commerce, power distribution, communications, transportation, and just about everything else now dependent on the healthy operation of the Internet, that alarm is well-justified. And with the creation and storage now of virtually all data in digital, rather than physical form, exposure of our financial as well as our most intimate personal and health information is only a hack away as well.
Man's ability to affect the land is all too evident in these times of climate change, pollution and habitat destruction. Happily, the landscape can change man as well.
The weather finally broke last night, dropping 30 degrees by dawn, and thanks be for that. The night before I had camped in the Sheyenne National Grasslands, heavy with heat and humidity. But the next day it was pleasantly cool (upper 60s), albeit overcast rather than sunny.
Nor was this the only change. It took over 2400 driving miles to finally leave the Eastern, and then Midwestern terrain behind, but today I reached the beginnings of what I think of as the West. More than anything else, in my mind that means “dry.” For the last 800 miles, the landscape had been primarily flat, lush - and transitionally post-glacial. That last factor means an area where the great ice sheets completed their periodic southward pulses, dumping rich, black earth born of thousands of miles of ice grinding down stone, some deposited by glacial steams, and other as windblown “loess” – very fine mineral particles.
Mea Culpa. I am uncharacteristically late in commenting on the XML Wars of August, 2009, which have already received so much attention in the press and in the blogs of the technology world. The wars to which I refer, of course, broke out with the announcement early in the month that Microsoft had been granted an XML-related patent. The opening of that front gave rise to contentions that patenting anything to do with XML was, in effect, an anti-community effort to carve a piece out of a public commons and claim it as one's own.
The second front opened when a small Canadian company, named i4i, won a stunning and unexpected remedy (note that I specifically said "remedy" and not "victory," on which more below) in an ongoing case before a judge in Texas, a jurisdiction beloved of patent owners for its staunch, Red State dedication to protecting property rights - including those of the intangible, intellectual kind.
So if this is war, why have I been so derelict in offering my comments, as quite a few people have emailed me to tell me they are waiting to hear? Here's why.
Cybersecurity is an increasingly frequent topic in the news, and this week brought word of the indictment of someone who must be the leading contender for the title, Master Cybercriminal of All Time (Payment Card Fraud Division): Albert Gonzalez. More recent press reports point to additional conspirators who Gonzalez's attorney contends were there real masterminds. Top honors aside, government prosecutors contend that the team are responsible for all of the most high profile data breaches publicized to date: Heartland, Hannaford, TJX, and more - gaining access to information relating to an astonishing 130 million credit and debit cards or more.
With so many breaches in the news, you might understandably be wondering how safe your own financial information is, and whether anyone is doing anything to protect you. Happily, the answer is "yes," and as it happens, the organization that has been tackling this problem is a client of mine, PCI Security Standards Council, which creates and enables a global, end to end ecosystem of standards, certifications, auditors and more to secure payment card data from the moment that your card gets swiped on a reader to the time it reaches its ultimate destination.
In 2001, I took a one month solo cross country trip, driving from Massachusetts across the Northeast, the Midwest, and then the prairie states, until I reached what we generally think of as “the West” – the land of canyons and buttes, deserts and mesas. Once there, I spent the rest of the time backpacking in the canyonlands of Utah, and then meandering North on dirt roads until I reached Glacier National Park, in the Northwest corner of Montana. After that, I zigzagged back East until I reached the Mississippi. Then, it was just a straight highway shot till I arrived back home once again. It was during that trip that I began writing in earnest, although I haven’t (yet) posted anything from that journey to the Web.
Last week, Microsoft and the European Commission each announced that Microsoft had proposed certain concessions in response to a "Statement of Objections" sent to Microsoft by the EC on January 15 of this year relating to Microsoft's bundling of Internet Explorer with Windows. If you've been reading the reams of articles that have been written since then, you may have noticed that the vast majority of the virtual ink spent on the story has been directed at the terms relating to browser choice. Typically, and as an afterthought, most of these stories have added a brief mention that Microsoft also proposed commitments relating to "another" dispute, this one relating to interoperability.
While the browser question is certainly important, in many ways it is far less important than the interoperability issue. After all - the primary benefit for consumers under the browser settlement is that they can choose their favorite browser when they first boot up their new computer, as compared to investing a few extra clicks to download it from the site of its developer - as they can already do now. Interoperability, of course, goes far deeper. There's no way that you can make one program work the way you really want it to with another unless it comes out of the box that way, or unless you have not only the ability, but also the proprietary information, to hack it yourself. And if both programs don't support the same standards, well, good luck with that.
So what exactly did Microsoft promise to the EC, regarding interoperability? Let's use ODF as a reference point and see.
I'm pleased to report this morning on the formation of a new advocacy group for the use of free and open source software in the U.S. Government. I'm also pleased to have been asked to serve on its Board of Advisors, along other proponents of free and open source software, such as Roger Burkhard, Dawn Meyerriecks, Eben Moglen, Tim O'Reilly, Simon Phipps, Mark Shuttleworth, Michael Tiemann, Bill Vass, and Jim Zemlin.
The new organization is called Open Source for America (OSA), and you can find its Web site here. Tim O'Reilly will officially announce OAS at OSCON later today, and you can find the launch press release here, as well as pasted in at the end of this blog post for archival purposes. I'm sure that you'll also see quite a few articles blossom across the Web today relating to its announcement, but having been in on the planning, here's what it's all about.
The dominance of Microsoft's Office in the marketplace would be logical (if frustrating, to those that think that competition breeds better products), if it was simply a matter of developer seats. After all, Microsoft deployed hundreds, and then thousands of engineers to develop and evolve its flagship app over the last 25 years. How could anyone expect a less well funded commercial competitor, much less an open source project, to equal Office for features, performance and interoperability with other office suites?
At the same time, people keep trying - a lot of them. Not just long-established competitors, like Corel, with the venerable and estimable WordPerfect office suite it bought from Novell, open source projects like OpenOffice and KOffice, as well as projects launched by much larger players, such as IBM (Lotus Symphony) and Google (Docs).
WordPerfect aside, most of these offerings disappoint when it comes to round tripping documents with Office users, although many provide perfectly fine alternatives for stand-alone use, particularly by those that don't need to create the most complex business document.
The funny thing is, though, that the quality of the result, and even the ability to interoperate in a world dominated by Microsoft's Office, doesn't necessarily equate to the depth of the resources of the developer. Now isn't that an interesting observation?
Quote of the Day
“Patents can promote innovation, but a patent is not a license to engage in deception”
-FTC director of Bureau of Consumer Protection Jessica L. Rich, commenting on the first settlement with a patent "troll"
VA Cybersecurity Woes Continue, 16 Consecutive Audit Fails Elizabeth Snell HealthIT Security November 24, 2014 - For the 16th consecutive year, the Department of Veterans Affairs failed its annual cybersecurity audit. The investigation sought to find out if the agency was in compliance with the Federal Information Security Management Act, (FISMA)....[the] auditors did tell VA leaders that noticeable progress had been made from the year before. In 2013, the IG found 6,000 specific cybersecurity vulnerabilities and made 35 separate recommendations to close weaknesses. This year, the IG said the list of vulnerabilities had been cut by 21 percent.... ...Full Story
Too many IoT standards, or too few? Richard Quinnell EDN Network November 20, 2014 - Interoperability and the easy exchange of data is a major concern in the buildup of the Internet of Things (IoT). To ensure those attributes, a set of commonly accepted standards will be needed. So, do we need to create those standards, or do we already have enough standards and simply need to pick and choose?...it may...be that there are enough standards already out there and what is needed is agreement on which set of standards are to be followed for the IoT. It is equally likely that a different set of standards will be in play for different use cases of the IoT, with applications such as industrial machinery using one set while telemedicine uses a different set. After all, if different types of applications have no need to share their data, then there is no reason to saddle them both with the same set of standards.... ...Full Story
State Council Pledges Support for Development of Cloud Computing USITO.org Weekly November 20, 2014 - On November 15, China's State Council pledged to accelerate efforts to develop cloud computing innovation as a means of stimulating development of China's information industry.
According to an official State Council statement...China will actively support the integrated development of cloud computing, the Internet of Things and mobile internet. China will also promote online research and design in the education and health care sectors, stimulate innovation in intelligent manufacturing based on cloud computing, and deploy pilot applications to enhance disease prevention, disaster mitigation, social security and e-government.
The statement also indicated that China would support core technological R&D necessary to enable these innovations, and allow the market to play a greater role in pricing information technology products and services. ...Full Story
Interview with OpenStand Advocate Tim Berners-Lee: The Internet Turns 25 OpenStand November 19, 2014 - From the beginning, the Internet was built on a set of open development principles, that are now recognized as the OpenStand Principles. As the Internet turns 25 this year, Tim Berners-Lee, inventor of the World Wide Web, sat down to reflect back on the first days of its existence. In the below video, he discusses how far web information has come, and how much more ground there is left to cover.... ...Full Story
Launching in 2015: A Certificate Authority to Encrypt the Entire Web Electronic Frontier Foundation November 18, 2014 - Today EFF is pleased to announce Let’s Encrypt, a new certificate authority (CA) initiative that we have put together with Mozilla, Cisco, Akamai, Identrust, and researchers at the University of Michigan that aims to clear the remaining roadblocks to transition the Web from HTTP to HTTPS.
Although the HTTP protocol has been hugely successful, it is inherently insecure. Whenever you use an HTTP website, you are always vulnerable to problems, including account hijacking and identity theft; surveillance and tracking by governments, companies, and both in concert; injection of malicious scripts into pages; and censorship that targets specific keywords or specific pages on sites. The HTTPS protocol, though it is not yet flawless, is a vast improvement on all of these fronts, and we need to move to a future where every website is HTTPS by default.With a launch scheduled for summer 2015, the Let’s Encrypt CA will automatically issue and manage free certificates for any website that needs them. Switching a webserver from HTTP to HTTPS with this CA will be as easy as issuing one command, or clicking one button....The Let’s Encrypt CA will be operated by a new non-profit organization called the Internet Security Research Group (ISRG). EFF helped to put together this initiative with Mozilla and the University of Michigan, and it has been joined for launch by partners including Cisco, Akamai, and Identrust. ...Full Story
Experts Predict Major Cyber Attack by 2025, According to Pew The Open Standard November 18, 2014 - The Pew Research Internet Project asked, and cyber security experts answered.
The iconic think tank has collected and parsed experts’ thoughts on the possibility of a “major cyber attack” by 2025 — and 61 percent of the 1,642 professionals interviewed said one would occur.
“By 2025, will a major cyber attack have caused widespread harm to a nation’s security and capacity to defend itself and its people?”
Pew asked: “By 2025, will a major cyber attack have caused widespread harm to a nation’s security and capacity to defend itself and its people?” The think tank defined “widespread harm” as “significant loss of life or property losses/damage/theft at the levels of tens of billions of dollars.”... ...Full Story
German e-health working group reasserts focus on interoperability Gijs Hillenius EU Joinup November 18, 2014 - Interoperability of e-health solutions is getting renewed attention from Germany’s health care organisations. Trouble with exchanging information between medical systems is hindering e-health reaching its full potential, says the Federal Ministry of Health. The ministry made interoperability a key topic at the e-health working group meeting, part of an IT Summit in Hamburg in October.
The ministry estimates that there are around 200 different healthcare IT systems in use in the country, creating interoperability barriers. In Hamburg, the e-health working group discussed the results of an e-health interoperability study. The results include a 2013 report, describing international and national interoperability e-health initiatives and good practices.... ...Full Story
Kalorama: New Consortium Will Improve miRNA Development Press Release Kalorama November 17, 2014 - Kalorama Information believes that a new consortium will greatly enhance the use of miRNA (or microRNA). A data management organization, the RNAcentral Consortium, now offers the website RNAcentral (http://rnacentral.org) to serve as a unified resource for all types of noncoding RNA data. Kalorama says the consortium was developed by pooling information from a variety of sources, including databases and tools for browsing, contains approximately 8 million sequences and can assist companies entering the marketplace....
miRNAs (MicroRNAs) are short, single stranded RNAs that regulate mRNA expression at the post-transcriptional level. These small bits of RNA, members of a class of non-translated molecules that do not produce protein, shut off gene transcription by base pairing with the target molecules. They are now recognized as pivotal regulators of gene expression; including development, proliferation, differentiation, and apoptosis and serving widespread functions as regulatory molecules in post-transcriptional gene silencing....there is great interest currently in the use of miRNAs as biomarkers for cancer and other diseases, given their involvement in cancer initiation, progression, migration, invasion and metastasis. Large data bases offer the opportunity to search out and evaluate large numbers of sequences. The detection of these sequences in plasma of breast cancer patients may provide new biomarkers for a number of different cancers, with the potential to develop and introduce novel and non-invasive screening tests.... ...Full Story
HDcctv Alliance Announces New HDCVI 2.0 Global Standard Based On Dahua HDCVI Technology SourceSecurity.com November 17, 2014 - The HDcctv Alliance is announcing a new global standard of HD analog — HDCVI 2.0. HDCVI 2.0 is based on Dahua’s HDCVI technology. The standard aims to provide a stringent level of certification among manufacturers. Certification will ensure that all HDCVI products with certification label are completely compatible with each other. This gives users complete freedom of choice for security equipment using different brands.... ...Full Story
New OASIS Standard to Build Biometric Security Wonderwall FindBiometrics.com November 14, 2014 - Non-profit IT consortium OASIS is developing a server-based biometric authentication standard. Industry professionals, government officials, and academics have been invited to help develop the standard as part of the Identity-Based Attestation and Open Exchange Protocol Specification – or IBOPS – Technical Committee.
The basic idea of the system they’re working on is to organize data storage by a server-based index system which, when accessed, would link to biometric identities that are not on the server. In other words, the data itself is not stored on the server, just indexed; and that index tells you where you can get the data, but that source is protected by biometric security measures. With this method, hackers could not access sensitive data by merely breaching the server.... ...Full Story