Mea Culpa. I am uncharacteristically late in commenting on the XML Wars of August, 2009, which have already received so much attention in the press and in the blogs of the technology world. The wars to which I refer, of course, broke out with the announcement early in the month that Microsoft had been granted an XML-related patent. The opening of that front gave rise to contentions that patenting anything to do with XML was, in effect, an anti-community effort to carve a piece out of a public commons and claim it as one's own.
The second front opened when a small Canadian company, named i4i, won a stunning and unexpected remedy (note that I specifically said "remedy" and not "victory," on which more below) in an ongoing case before a judge in Texas, a jurisdiction beloved of patent owners for its staunch, Red State dedication to protecting property rights - including those of the intangible, intellectual kind.
So if this is war, why have I been so derelict in offering my comments, as quite a few people have emailed me to tell me they are waiting to hear? Here's why.
Cybersecurity is an increasingly frequent topic in the news, and this week brought word of the indictment of someone who must be the leading contender for the title, Master Cybercriminal of All Time (Payment Card Fraud Division): Albert Gonzalez. More recent press reports point to additional conspirators who Gonzalez's attorney contends were there real masterminds. Top honors aside, government prosecutors contend that the team are responsible for all of the most high profile data breaches publicized to date: Heartland, Hannaford, TJX, and more - gaining access to information relating to an astonishing 130 million credit and debit cards or more.
With so many breaches in the news, you might understandably be wondering how safe your own financial information is, and whether anyone is doing anything to protect you. Happily, the answer is "yes," and as it happens, the organization that has been tackling this problem is a client of mine, PCI Security Standards Council, which creates and enables a global, end to end ecosystem of standards, certifications, auditors and more to secure payment card data from the moment that your card gets swiped on a reader to the time it reaches its ultimate destination.
In 2001, I took a one month solo cross country trip, driving from Massachusetts across the Northeast, the Midwest, and then the prairie states, until I reached what we generally think of as “the West” – the land of canyons and buttes, deserts and mesas. Once there, I spent the rest of the time backpacking in the canyonlands of Utah, and then meandering North on dirt roads until I reached Glacier National Park, in the Northwest corner of Montana. After that, I zigzagged back East until I reached the Mississippi. Then, it was just a straight highway shot till I arrived back home once again. It was during that trip that I began writing in earnest, although I haven’t (yet) posted anything from that journey to the Web.
Last week, Microsoft and the European Commission each announced that Microsoft had proposed certain concessions in response to a "Statement of Objections" sent to Microsoft by the EC on January 15 of this year relating to Microsoft's bundling of Internet Explorer with Windows. If you've been reading the reams of articles that have been written since then, you may have noticed that the vast majority of the virtual ink spent on the story has been directed at the terms relating to browser choice. Typically, and as an afterthought, most of these stories have added a brief mention that Microsoft also proposed commitments relating to "another" dispute, this one relating to interoperability.
While the browser question is certainly important, in many ways it is far less important than the interoperability issue. After all - the primary benefit for consumers under the browser settlement is that they can choose their favorite browser when they first boot up their new computer, as compared to investing a few extra clicks to download it from the site of its developer - as they can already do now. Interoperability, of course, goes far deeper. There's no way that you can make one program work the way you really want it to with another unless it comes out of the box that way, or unless you have not only the ability, but also the proprietary information, to hack it yourself. And if both programs don't support the same standards, well, good luck with that.
So what exactly did Microsoft promise to the EC, regarding interoperability? Let's use ODF as a reference point and see.
I'm pleased to report this morning on the formation of a new advocacy group for the use of free and open source software in the U.S. Government. I'm also pleased to have been asked to serve on its Board of Advisors, along other proponents of free and open source software, such as Roger Burkhard, Dawn Meyerriecks, Eben Moglen, Tim O'Reilly, Simon Phipps, Mark Shuttleworth, Michael Tiemann, Bill Vass, and Jim Zemlin.
The new organization is called Open Source for America (OSA), and you can find its Web site here. Tim O'Reilly will officially announce OAS at OSCON later today, and you can find the launch press release here, as well as pasted in at the end of this blog post for archival purposes. I'm sure that you'll also see quite a few articles blossom across the Web today relating to its announcement, but having been in on the planning, here's what it's all about.
The dominance of Microsoft's Office in the marketplace would be logical (if frustrating, to those that think that competition breeds better products), if it was simply a matter of developer seats. After all, Microsoft deployed hundreds, and then thousands of engineers to develop and evolve its flagship app over the last 25 years. How could anyone expect a less well funded commercial competitor, much less an open source project, to equal Office for features, performance and interoperability with other office suites?
At the same time, people keep trying - a lot of them. Not just long-established competitors, like Corel, with the venerable and estimable WordPerfect office suite it bought from Novell, open source projects like OpenOffice and KOffice, as well as projects launched by much larger players, such as IBM (Lotus Symphony) and Google (Docs).
WordPerfect aside, most of these offerings disappoint when it comes to round tripping documents with Office users, although many provide perfectly fine alternatives for stand-alone use, particularly by those that don't need to create the most complex business document.
The funny thing is, though, that the quality of the result, and even the ability to interoperate in a world dominated by Microsoft's Office, doesn't necessarily equate to the depth of the resources of the developer. Now isn't that an interesting observation?
Why did perennial litigant Rambus, Inc. settle with the European Commission?
Certainly the most watched standards-related legal conflict of the decade involves the participation of memory technology vendor Rambus, Inc. in a working group hosted by standards developer Joint Electron Device Engineering Council (JEDEC) in the early 1990s. The fame (or notoriety) of the conflict arises in part from the importance of the conduct at issue (did Rambus set a "patent trap" for implementers of the standard that emerged from the working group?), and in part from the seemingly endless string of law suits that resulted from that conduct some fifteen years ago.
Most of these suits were brought by Rambus against vendors that refused to pay royalties when they implemented the standard, but these suits almost always resulted in vigorous counterclaims against Rambus, brought by those same implementers. And investigations into Rambus's conduct were also brought by both the Federal Trade Commission (FTC) in the United States, and by the European Commission in Europe. A separate string of cases related to alleged price fixing and other improper conduct by other vendors that participated in the same working group, which ended in record settlement amounts being paid by those vendors to the regulators.
If you haven't heard the words "smart grid" before, that's likely to change soon. That's especially so if you live in the U.S., where billions of dollars in incentive spending is pouring into making the smart grid a reality. As you might expect, since I'm talking about it here, the smart grid will rely on standards to become real. A whole lot of standards, in fact, and that's a problem
Those of you who are subscribers to my free standards eJournal Standards Today know that I've dedicated each of the last several issues to one of the many multi-billion dollar initiatives that the Obama Administration has launched that are heavily dependent on standards - which in many cases do not yet exist. Each initiative is also of great complexity, and will need to rely on a level of cooperation and collaboration that does not natively exist in the marketplace. That's certainly the case with the Smart Grid challenge, and that's what the latest issue of Standards Today is all about.
Throughout the 20th century, the U.S. electric power delivery infrastructure served our nation well,… This once state-of-the-art system brought a level of prosperity to the United States unmatched by any other nation in the world. But a 21st-century U.S. economy cannot be built on a 20th-century electric grid. A Vision for the Modern Grid, National Energy Technology Laboratory, for the DOE, March 2007
For decades utility companies and environmentalists alike have known that more dramatic and economical advances in energy policy could be achieved through energy conservation than by any other means. By utilizing techniques as simple as buying more efficient appliances and better insulating our homes we can lower our dependence on foreign oil, release fewer greenhouse gases, and savemoney as well, all at the same time. For almost as long, utilities have promoted the concept of “demand side management,” and sought to enlist the aid of consumers and businesses to shift electricity usage to low-demand times of the day, with the potential benefit of avoiding the need to build expensive new power plants.
I am an avid, lifelong, reader of newspapers in general, and of the New York Times in particular. And I'm a staunch believer in the essential role of an independent press in a modern democracy. I’m also the owner of a Web site that serves over a million page views a month, some of which display short extracts of news articles, with links back to the full text. On occasion those links lead back to stories appearing at the Web site of the Times.
So why am I trying to kill my beloved Times and its worthy brethren?
Quote of the Day
“Sometimes upholding constitutional ideas just isn't enough; sometimes you have to uphold the actual Constitution”
-Excerpt from the dedication of a new "dark email" protocol to the NSA by PGP developer Ladar Levison
New NIST Tools to Help Boost Wireless Channel Frequencies and Capacity NIST Techbeat February 27, 2015 - Smartphones and tablets are everywhere, which is great for communications but a growing burden on wireless channels. Forecasted huge increases in mobile data traffic call for exponentially more channel capacity. Boosting bandwidth and capacity could speed downloads, improve service quality, and enable new applications like the Internet of Things connecting a multitude of devices.To help solve the wireless crowding conundrum and support the next generation of mobile technology—5G cellular—researchers at the National Institute of Standards and Technology (NIST) are developing measurement tools for channels that are new for mobile communications and that could offer more than 1,000 times the bandwidth of today’s cell phone systems.... ...Full Story
HTTP/2 Will Make The Web ‘Faster And Safer’ Steve McCaskill Tech Week Europe February 27, 2015 - The Internet Engineering Steering Group (IESG) has approved the final standard for the HTTP/2 protocol, which could make browsing the Internet quicker and safer.
HTTP/2 is a major update to the Hypertext transfer protocol (HTTP), which is the foundation of data communication for the World Wide Web. The most widely used version of the standard, HTTP/1.1 was defined in 1999.
A working group has been developing HTTP/2 since 2012 and adopted Google’s SPDY protocol as an initial blueprint, with community feedback resulting in “substantial changes” to the standard, such as the compression scheme and the format of protocol.... ...Full Story
NIST Releases Update of Industrial Control Systems Security Guide for Final Public Review NIST Techbeat February 26, 2015 - The National Institute of Standards and Technology (NIST) has issued proposed updates to its Guide to Industrial Control Systems (ICS) Security (NIST Special Publication 800-82) for final public review and comment....Downloaded more than 3 million times since its initial release in 2006, the ICS security guide advises on how to reduce the vulnerability of computer-controlled industrial systems to malicious attacks, equipment failures, errors, inadequate malware protection and other threats. Industrial control systems encompass the hardware and software that control equipment and the information technologies that gather and process data. They are commonly used in factories and by public utilities and other owners and operators of major infrastructure.
Most industrial control systems began as proprietary, stand-alone collections of hardware and software that were walled off from the rest of the world and isolated from most external threats. Today, widely available software applications, Internet-enabled devices and other nonproprietary IT offerings have been integrated into most such systems. This connectivity has delivered many benefits, but it also has increased the vulnerability of these systems.... ...Full Story
Big Data, Hadoop Standards Group: Who's In, Who's Missing? Joe Panettieri Information Management February 25, 2015 - All eyes in the big data world are on the Open Data Platform -- a new association that strives to promote big data technologies and open source platforms like Hadoop. While promising and backed by big names like GE and IBM, the Open Data Platform initiative also lacks some key names....
Several industry giants and startups are driving the Open Data Platform group -- including Altiscale, Capgemini, CenturyLink, EMC, GE, Hortonworks, IBM, Infosys, Pivotal, SAS, Splunk, Teradata Verizon and VMware.
Still, some key names also are missing from effort.... ...Full Story
Security Standard Proposed for Bitcoin Exchanges and Wallets Stan Higgins Coindesk February 25, 2015 - A group composed of developers and security professionals has proposed a set of rules aimed at standardizing security protocols used by companies that handle or store digital currencies for their clients.
The proposal, created by the Cryptocurrency Certification Consortium (C4)...aims to provide an industry-level standard by which exchanges and wallet providers can operate.
The Cryptocurrency Security Standard (CCSS) draft proposal calls for 10 standardized approaches to key and seed generation, storage and usage, proof-of-reserve and security audits, among other areas. The framework consists of three levels per section, with each grade signifying a higher degree of security based on the proposed guidelines.... ...Full Story
How can you tell when the standards process isn't working? Perhaps the best indication is when a vendor decides it has to go to the time and cost (passed through to customers) of implementing two different standardized technologies in the same product. Hopefully this approach doesn't represent the future of wireless charging.
Samsung's Solution To Wireless Charging Fragmentation: Use All The Standards Lucian Armasu Giga.om February 24, 2015 - In a recent post on one of its websites, Samsung talked about the recent history of wireless charging and how the company has been working on bringing this technology to market since late 2000. It finally did it in 2011 when the company brought wireless charging support for its Droid Charge smartphone....Because we're talking about a brand new type of technology, having multiple standards can hurt adoption, so Samsung, which is a member of both consortiums, has decided that it's best to just use both technologies in its upcoming devices. This way, a device such as the Galaxy S6 could be backwards compatible with both standards and all the accessories that support them. Soon, for example, Samsung's devices could be charged wirelessly either at McDonalds restaurants, which use Qi charging, or at Starbucks stores, which use PowerMat chargers.... ...Full Story
LTE standards group targeting mission-critical push-to-talk specifications for early 2016 UrgentComm February 23, 2015 - Officials for 3GPP, the standards body for LTE technology, recently said the organization plans to establish a standard for mission-critical-voice functionality over LTE early next year. That action could have significant impact on both 4G LTE initiatives and LMR plans for public-safety and critical-communications entities.
To help ensure that this aggressive timeline can be met, 3GPP has created a new working group—called SA6—specifically to tackle the challenges associated with mission-critical applications, with an initial focus on mission-critical voice, according to 3GPP officials.... ...Full Story
Call for Papers: Conference Theme: Interoperability, Intellectual Property and Standards IEEE-SIIT.org February 23, 2015 - Interoperability has never been more important than it is today. It can be achieved by design, following the market or through standardization. How does intellectual property impact interoperability? How do these factors interact with standardization? IEEE-SIIT 2015 will explore these, and other, important questions.
IEEE-SIIT conferences aim at bringing together academia, government and industry participants engaged in standardization to foster the exchange of insights and views on all issues surrounding standards, standardization, interoperability and innovation. Contributing academic disciplines include, but are not limited to: Business Studies, Computer Science, Economics, Engineering, History, Information Systems, Law, Management Studies and Sociology....[the deadline for submissions is April 3, 2015] ...Full Story
Wireless Power Consortium Achieves Key Technology Milestones for Fast Charging and Resonant Multi-Device Charging with Spatial Freedom Press Release WPC.com February 20, 2015 - The Wireless Power Consortium (WPC), the driving force and leader in the global adoption of wireless power technology, today made two draft specifications available to its members that extend the capabilities of the Qi wireless power standard.
The first extension of the Qi specification, called "Volume II: Medium Power," enables fast charging of smartphones with up to 15 Watts delivered into the battery....The second extension of the Qi specification, called "Volume III: Shared Mode," enables multi-device charging with a single inverter, a resonant technology that reduces the cost of manufacturing multi-device chargers while providing large freedom of spatial positioning.... ...Full Story
Web standard promising faster page loads wins approval Steven Musil and Stephen Shankland CNET February 20, 2015 - A new version of the HTTP standard that promises to deliver Web pages to browsers faster has been formally approved, the Internet protocol's first revision in 16 years.
The specifications for HTTP 2.0 have been formally approved, according to a blog post by Mark Nottingham, who as chairman of the IETF HTTPBIS Working Group serves as the standard effort's leader. The specifications will go through a last formality -- the Request for Comment documenting and editorial processes -- then be published, Nottingham wrote.
HTTP, short for Hypertext Transfer Protocol, is one of the seminal standards of the Web. It governs how a browser communicates with a Web server to load a Web page. HTTP 2.0, the protocol's first major revision since HTTP 1.1 in 1999, is designed to load Web pages faster, allowing consumers to read more pages, buy more things and perform more and faster Internet searches.
The new standard is based on SPDY, a protocol Google introduced in 2009.... ...Full Story