FOSS Week in Review
Is Netflix coming soon to a Linux near you?
Saurav Modak at Muktware was observant enough to note last week that Netflix is now offering-up programming with a choice heretofore unavailable. For the time being they’re still pretty much married to Microsoft’s dead or dying Silverlight, but they’ve taken HTML5 on as a lover. This gives users of the popular movie outlet a choice that, at the very least, should make things easier for Linux users who insist on using the Netflix service:
“Although hackers have already made a workaround to stream Netflix videos in Linux machines, performance is generally low and video playback is not hassle free. Some workarounds include running the entire browser in Wine, or running a Silverlight plugin in Wine and make it compatible with the browser. But all of them come at a cost of performance. Switching to HTML5 from Silverlight will greatly reduce all these hassles, as all you will need is a latest standard compatible browser to stream movies and TV shows. This will also allow support for mobile devices and tablets which are adopting more HTML5 standards day by day.”
Over on Reddit, a Penguinista asked the question that is probably on everybody’s mind: “Any chance that means support for Linux?” To which Netflix replied:
“We are currently running test to see if we can support Linux using the HTML5 player. So we don’t have an answer yet since we are still testing it out and has not been rolled out yet. But it is a possible chance that Linux will be compatible for sure.”
Okay, that kinda, sorta sounds good until we remember one tiny little thing. Most likely, Netflix’s HTML5 playback will be restricted by DRM. As Sam the Sham would say, “Oh, that’s bad…”
Standalone WordPress now auto-updates
The latest and greatest version of WordPress has been released, a major point upgrade, and within days after that a security/bugfix followed, bringing the version number up to 3.7.1. The most interesting thing with this release is that it autoupdates everything without requiring any prompting from the site administrator. If there’s a new version of a plugin available, WordPress updates it silently in the background. Ditto if a new minor or security release of WordPress itself is released.
This all sounds well and good except for one thing–updates sometimes break things. Now, little may be lost if a small blog goes down for a day due to a broken update. But WordPress isn’t just for bloggers anymore. Although WordPress built it’s reputation as a blogging platform, it’s now much more than that. Some of the biggest sites on the web, where a temporarily broken site might have serious financial consequences, are running atop WordPress.
Sean Michael Kerner addressed this issue, as well as related security issues, on Monday in an article on eWeek:
“Introducing automatic updates for a server-side technology like WordPress, however, could be riskier as it could potentially also impact the myriad plug-ins or underlying technology that the site is running on. Matt Bergin, security consultant at CORE Security, told eWEEK that there are two common issues he sees with automatic updates.
“‘A great old trick we used to do back in the day was to watch network traffic where we’ve created man-in-the-middle conditions and in real-time patch Windows updates with our malicious payloads,’ Bergin said. ‘The second issue is stability related. Allowing automatic updates which may in turn bork a production environment has never been and will never be a good idea.’
“WordPress developers, however, are confident the system is stable and safe for production usage.
“‘Sites already running WordPress 3.7 have attempted more than 110,000 updates without a single critical failure, thanks to a number of verification steps that have made updates that much more reliable,’ WordPress developer Andrew Nacin wrote in a blog post. ‘A background update for a minor or security release (which is all they are enabled for, by default) means downloading and copying over just a few files.’”
The good news is that auto updates at present only updates minor point security/bugfix updates. For example, the current version 3.7.1 will automatically update to 3.7.2 if there ever is one, which would be unlikely to break anything, but not to 3.8.0, which might render many plugins inoperable. Also, themes and plugins are only updated on an opt-in basis. The bad news, in their wisdom the folks at WordPress have failed to offer an easy way to disable this feature. There’s no way to turn auto updates off through the dashboard; it can only be disabled through editing configuration files and the options are not as straightforward as they should be.
In our opinion, this is not good as it takes control away from the user, especially users with limited technical skills. We’d have no problem whatsoever with this feature if it could easily be disabled through the interface. Unfortunately, the folks at WordPress don’t want to trust their users with this ability.
More information can be found on auto updates in the article The definitive guide to disabling auto updates in WordPress 3.7 on the WordPress website.
ownCloud puts you in control of the cloud
There’s a new way to use the cloud and it’s open source in ways that really matter. To begin with, ownCloud supports ODF, the truly free open document standard, something no cloud service does at this time as far as we know.
And there’s more…
For the most part, it doesn’t matter if a service running in the cloud is open source or not since users don’t have any control. Most cloud apps are effectively closed source, no matter what license the app may be released under. But as we learned this week from Muktware, this isn’t true with ownCloud. It’s open source and you host it on your own server.
“So how different would this be from other commercial solutions? One of the most important factors which differentiates the service from the rest is that it’s not owned or controlled by [a] 3rd company. You run it on your own server and you are in control. Which also means that it’s out of the prying hands of NSA and GCHQ as you can host your server in a pro-privacy country like Switzerland or Iceland.”
Lavabit goes open
Remember Lavabit, the encrypted email service that counted Edward Snowden as a user? The company’s founder, Ladar Levison, shut down the service several months back rather than give-in to pressure by U.S. federal spooks to compromise the privacy of users. Now Levison is taking that a step further; he’s opening up his code base to the public.
We received this news on Wednesday by way of a Reuters report that was published on Yahoo.
“‘They’ve effectively violated the public’s trust and as a result, we’ve decided as a community that it’s time to develop a technical solution,’ Levison said. ‘Maybe there can be 100 Lavabits if I turn over the code.’
“Levison’s Darkmail Alliance plan ranks as one of the more dramatic examples of simmering rebellion in the technology industry against government intelligence-gathering methods, especially those revealed in secret documents leaked by Snowden.”
The shut down of Lavabit, along with encrypted email services Silent Circle and CryptoSeal, has left those with email privacy issues to grapple with sometimes cumbersome solutions such as cryptography based on Pretty Good Privacy.
Although it’s uncertain at present how this opening-up of the Lavabit code will play out, the process has already attracted onetime competitor Silent Circle to be partner in the new project. Most likely, what will be developed will be code that can be implemented within other applications. For the time being, however, all we can say is that this is a good sign.
That does it for another week. Don’t forget to set you clocks back an hour if you live in the U.S. ‘Til next week, may the FOSS be with you…