Friday FOSS Week in Review
We may be paranoid but they are out to get us
In week three (or is it week four?) of the Spy vs. Spy scandal, the Obama folks keep saying things like “what’s the big deal?” while trying to convince us that the secret oversight court called FISA (we prefer “the Star Chamber”) has nothing but our constitutional rights in mind when it rubber stamps requests to secretly steal our privacy. Obama likes to talk about transparency. Indeed, he becomes more transparent by the moment; we’re beginning to see right through him. The 22nd amendment should now be seen as a face saver for Mr. Obama–as we would think no self respecting liberal or progressive would vote again for this man who once represented our best hope. Pity.
The FBI admitted this week that they, too, have been spying on the American people and, on occasion, using drones. FBI director Robert Mueller was kind of vague. They didn’t use them much, he said. Only for surveillance and only under special circumstances. What constitutes a special circumstance for using drones? More vagueness. Something about when only drones can Git-R-Done! We’re expecting Larry the Cable Guy to file a DMCA takedown notice against the FBI in the upcoming week.
This was the week for PRISM related true confessions. Google, Yahoo, Apple, Facebook–everybody who is anybody on the Internet couldn’t wait to get in line to tell us how many times the mean old people at the NSA made them give-up our info, and how hard they had to twist their arms to get them to do it.
Don’t listen to how hard your favorite sites worked to protect your rights. From what we’ve been hearing, Yahoo is the only site that did the right thing and tried to appeal a FISA order. In fairness to other sites, however, it appears their appetite to fight might have been curbed by Yahoo’s courtroom experience.
According to Reuters:
“Only one company, Yahoo, is known to have taken the highly unusual step of appealing an order from the Foreign Intelligence Surveillance Court. The company argued in 2008 that the order violated the Fourth Amendment protection against unreasonable searches and seizures.
“But U.S. District Judge Bruce Selya, who headed the FISA court’s Court of Review, ruled the data collection program did not run afoul of the Bill of Rights.
“Selya’s ruling was published in redacted form, only the second time such a decision had ever been made public. A Justice Department spokesman said it was published at the court’s behest, but the executive branch would have had to approve the waiving of secrecy rules.
“Two days after that, according to the leaked NSA slides, Google joined the Prism data-collection effort.”
Last Saturday we learned from CNET that the NSA can listen to domestic phone calls with the flick of a switch and no warrant required:
“Rep. Jerrold Nadler, a New York Democrat, disclosed on Thursday that during a secret briefing to members of Congress, he was told that the contents of a phone call could be accessed ‘simply based on an analyst deciding that.’
“If the NSA wants ‘to listen to the phone,’ an analyst’s decision is sufficient, without any other legal authorization required, Nadler said he learned. ‘I was rather startled,’ said Nadler, an attorney and congressman who serves on the House Judiciary committee.”
Meanwhile, across the ocean in what we used to call the “old world,” the European cloud server folks are getting ready to take advantage of the situation and put a new face on an old idea. It’ll be the cloud version of the old free-from-prying-eyes numbered Swiss bank account. This may or may not work for them, according to Reuters:
“European firms believe revelations that the U.S. National Security Agency (NSA) has secretly gathered user data from nine big U.S. Internet companies, including Microsoft and Google, will hand them a competitive advantage as they play catch-up with the dominant American players in ‘cloud computing’.
“Yet companies and individuals may have to accept that while storing and processing their most sensitive information on servers owned by Europeans and located in Europe could keep it from the NSA’s eyes, intelligence agencies closer to home may be looking anyway.”
Indeed, PCWorld reported on Monday that the European data protection supervisor has expressed concern’s over how the U.S. spy scandal should shape future relationships with the EU:
“Cybersecurity is not an excuse for the unlimited monitoring and analysis of the personal information of individuals, said Peter Hustinx, the European data protection supervisor.
“‘If the E.U. wants to cooperate with other countries, including the U.S.A., on cyber security, it must necessarily be on the basis of mutual trust and respect for fundamental rights, a foundation which currently appears compromised,’ said Hustinx in a statement, released along with his formal Opinion on the Cyber Security Strategy. His formal opinion must be considered by the European Commission in drawing up legislation.”
There seems to be no end to revelations regarding the depths of U.S. cyberspying in sight. At this point, all we can say is…stay tuned…
Thomas Penfield Jackson dies at 76
The U.S. District court judge Thomas Penfield Jackson who presided over the DOJ’s antitrust case against Microsoft during the waning days of the Clinton administration died Saturday. He was 76.
In 2000, Mr. Jackson ruled that Microsoft was a monopoly that couldn’t be trusted and ordered the company broken up into two companies, one to sell software such as MS Office and Internet Explorer and the other to sell other products, most notably Windows.
In his findings of fact on the case, he said in part:
“Most harmful of all is the message that Microsoft’s actions have conveyed to every enterprise with the potential to innovate in the computer industry. Through its conduct toward Netscape, IBM, Compaq, Intel, and others, Microsoft has demonstrated that it will use its prodigious market power and immense profits to harm any firm that insists on pursuing initiatives that could intensify competition against one of Microsoft’s core products. Microsoft’s past success in hurting such companies and stifling innovation deters investment in technologies and businesses that exhibit the potential to threaten Microsoft. The ultimate result is that some innovations that would truly benefit consumers never occur for the sole reason that they do not coincide with Microsoft’s self-interest.”
Eventually, the U.S. Court of Appeals for the D.C. Circuit removed Mr. Jackson from the case. Mr. Jackson’s decision to divide Microsoft was also overruled by the appeals court and the case was finally settled in 2001.
During the time the case was before Judge Jackson, we considered him to be something of a hero and we still think that true today. As we’ve relived our memories of the case since the announcement of his death, we realize that we followed this case without benefit of Pamela Jones or Groklaw to help us understand the proceedings. We can’t help but wonder how our understanding of the case would’ve been enhanced with her handling the play by play.
SCO/IBM war resumes
Speaking of Groklaw, it was déjà vu all over again this week, with PJ once again reporting on the case of SCO v. IBM. Yup, they’re back in court. We’re reminded of the early days of Saturday Night Live when week after week Chevy Chase on “Weekend Update” would reassure the audience that Spain’s late dictator Francisco Franco remained dead.
Except in this case, SCO refuses to die. Even without the players we all learned to love, folks like the old CEO Darl McBride and Information Minister Blake Stowell, the company keeps rising from the dead zombie-like.
If we understand PJ correctly, the gist of SCO’s case right now is confusion:
You know what? I lived this history in excrutiating detail all through the decade when it was playing out, day after gruesome day, and *I* can’t remember everything, even though I wrote articles about every twist and turn. I still have to look it up and try to refresh my recollection. And even then, I worry about whether I got it all right, but those are the motions that are still red on our SCO v. IBM Timeline page, meaning they are still pending. We need to bring that page up to date, I notice. Groan. Who can believe this is still going on?
If I can’t remember it all clearly, how in the world can a newly assigned judge be expected to have all the details at his fingertips without briefing? Maybe that’s why SCO hoped he’d rule without it. It’s not really possible to look closely at SCO’s machinations and wish them God speed. That’s the one true and reliable statement in this saga, that the closer you look, the less you like what you see.
Hopefully, this new judge will have the good sense to see that SCO is a dead horse flogging a dead horse and that will be the end of it. SCO was entertaining for a while back in the early days of the 21st century, but those days are long gone.
Oracle fixes 40 Java security issues
For over a year now we’ve been recommending users to disable their Java browser plugins and to forget about ever turning them back on. That advise still stands.
A month or so back, if you’ll remember, Oracle fixed a slew of security holes in browser-side Java and deemed it safe for users to activate their plugins again. We didn’t believe it then and now, as far as we’re concerned, we have proof we were right.
On Wednesday PCWorld reported that Oracle had just patched 40 security issues in Java:
“Many of the client-only vulnerabilities received the maximum score on the vulnerability severity scale used by Oracle. These flaws can be exploited by attackers to take control of computers by hosting malicious Java applets—Java Web applications—on remote servers and tricking users to load them in their browsers.”
Let’s see, a couple of months ago they finally got it all cleaned up and safe to use and now they’re fixing 40 security holes, most of which can be quite dangerous to the health of a user’s data and computer.
Again, unless you’re working for a company that has some browser-based Java applets you absolutely have to use to get your work done, have nothing to do with Java. Drink coffee instead.
Samsung tablet runs both Android and Windows
We’re thinking this might be more great news for Linux. Samsung has come out with a tablet, the Ativ Q, that runs both Android and Windows. What could be a better way to convince users that Linux is the superior OS?
We haven’t played with Windows mobile and probably never will. However, if we know Windows, it’s going to be a resource hog compared to Android. It’s going to freeze and need rebooting. In the process, work will be lost. In the meantime, Linux and Android will do what we’ve learned to expect of them, which is work flawlessly.
Samsung isn’t the only company with a tablet that runs the little green ‘droid next to Redmond’s finest, as the BBC reports:
“It [the Ativ Q] comes just over a fortnight after Asus unveiled its own laptop-tablet hybrid which also runs both Microsoft and Google’s systems.
“One analyst said he expected this to be a trend that other firms would follow.
“‘It’s a very cost-effective way for manufacturers to offer extra value to consumers at a time when it’s very hard to differentiate benefits from one device to another,’ said Chris Green, principal technology analyst at Davies Murphy Group.”
We’re sure that Microsoft hasn’t realized it yet, but we’re pretty certain that these hybrid devices that will give users a side-by-side comparison of Windows and Android might be the absolute worst way for Redmond to gain the traction they so desperately need in the mobile market.
Microsoft helps U.S. take advantage of Windows security holes
Another piece of news came out this week that might hurt Windows in markets outside the United States.
Remember how the Chinese used to be scared as all get-out that Windows was designed with some secret back doors to help the United States government spy on them? Well, how about this? Evidently Microsoft has been telling U.S. Government agencies, such as the military, about vulnerabilities in Windows before a patch is available. The U.S. has then turned around and used this information to take advantage of the exploit against our “enemies”–which might mean anyone who has information we need.
Here’s how Bloomberg put it:
Microsoft Corp. (MSFT), the world’s largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. That information can be used to protect government computers and to access the computers of terrorists or military foes.
Redmond, Washington-based Microsoft (MSFT) and other software or Internet security companies have been aware that this type of early alert allowed the U.S. to exploit vulnerabilities in software sold to foreign governments, according to two U.S. officials. Microsoft doesn’t ask and can’t be told how the government uses such tip-offs, said the officials, who asked not to be identified because the matter is confidential.
Now that this news is out, we figure maybe a lot of foreign governments might be seriously considering finally making the move all the way over to Linux or BSD, or anything with a code base that can be read.
Not only should governments be concerned. Companies, too, might be vulnerable to exploitation, since it’s in our government’s interest to give our economy an edge over foreign competition. Airbus, for instance, might have legitimate cause for concern.
Well, that does it for this week. Until next Friday’s review, may the FOSS be with you…