Twitter Lights Up the Path for a Better World of Patents

Twitter has revealed its plan to introduce fairness in the world of patents and is making the first move with a draft of the “Innovator’s Patent Agreement” or the IPA. Twitter holds a bunch of patents and wants to make sure that the actual innovator who worked on the patented technology has a say in lawsuits involving the patent.


Adam Messinger, VP of Engineering Adam Messinger, VP of Engineering at Twitter writes on the official Twitter blog, saying,

The IPA is a new way to do patent assignment that keeps control in the hands of engineers and designers. It is a commitment from Twitter to our employees that patents can only be used for defensive purposes. We will not use the patents from employees’ inventions in offensive litigation without their permission.

Twitter dreams of a world where innovation is not hampered by patent trolls. It dreams of a world with proper use of patents. According to the IPA, the innovator’s rights to a patent remain even after they are sold to a third party. This ensures patents are not misused by trolls and this is a significant improvement over the current disoriented world of patents. However, one important pint to remember here, is that the ownership of the patent still lies with the patent owner, and the inventors are only a part of the decision making process, in case of disputes.

Twitter is undoubtedly being a trendsetter in this case. However, for this model to gain a respectable amount of acceptance, more companies should embrace it.

Anonymous Brings Down the Great Firewall of China with a Massive Hack

After a long inactive period, Anonymous has resurfaced with a massive hack in China. Nearly 500 websites have been hacked in this operation and these attacks have been carried out by an Anonymous group based off China. A Chinese Anonymous Twitter account was created to announce this operation involving the takedown of government websites, contractors and several trade groups. This marks the most successful hack by the Anonymous faction, because the Great Firewall of China was believed to be impenetrable until now.

Anonymous China started announcing the hack on a Twitter account, @AnonymousChina. However, the account was taken down later and all its tweet were removed. Nonetheless, Anonymous China has another Twitter account in place (WeWorkForGlobal) to spread its propaganda. Most of the hacked websites are still showing a message from Anonymous. It was reported that some of these websites came back online for a brief period, only to be DDoSed again. The complete list of hacked websites can be found on this page.

The message on all the hacked websites reads,

Hello, everyone! Message to the Chinese government: Over the years, the Chinese communist government to unfair laws and unhealthy process to control the people. Dear Chinese government, you is not never fall, and today the website is black, tomorrow is your evil regime fell. So do not think we will give up, never give up. All you have done to the people today, tomorrow will double back. Not a hint of tolerance. No one can stop us, not your anger, nor your arms. Not deter us, because you can not be intimidated by the thought. Chinese friend’s message: You have been in a do not understand you suffer under the tyranny of the government. We are with you. At this point, here with you. Tomorrow and beyond will be to ensure your freedom. We never give up. Do not give up hope, and revolution created since your heart. The silence of other countries has highlighted the fact that China’s lack of democracy and justice. This is intolerable. We are fully committed to fighting for your freedom.

Just last week, one of China’s defence contractors, China National Import & Export Corp. (CEIEC), was hacked by a hacker who likes to call himself Hardcore Charlie.

This breach of the Great Firewall of China proves the futility of having a government regulated censorship of this form. However, the matter might not end here. China itself has many pro-government hackers and they might retaliate with a counter attack or a dox of the hackers involved in this breach. We have seen Anonymous getting pwned by the ruthless Mexican drug mafia earlier. Let us just hope that this does not end up in bloodshed.

Visa and MasterCard Warn of a Massive Data Breach at Global Payments

In the latter half of last week, Visa and MasterCard sent out notices to several banks asking them to verify a security breach. The massive scale of the breach generated enough noise to come to their notice, and although they did not name any credit card processor responsible for this breach, it has been identified recently as Global Payments.

Payment Processors are used to send your credit card information to a bank in an encrypted format, so that it stays safe from prying eyes. Most of the confirmed breach in this case are believed to have happened at parking garages across New York City area. This massive security breach has resulted in 10 million stolen credit card details . However, the worrisome part is that the breach facilitated enough data to be stolen, that counterfeit credit cards can be created from those details.
Global Payments has explained its position in the matter with a statement saying,

In early March 2012, the company determined card data may have been accessed. It immediately engaged external experts in information technology forensics and contacted federal law enforcement. The company promptly notified appropriate industry parties to allow them to minimize potentialcardholder impact. The company is continuing its investigation into this matter.

Payment processors form a critical part of payment systems and are the most attacked financial institutions too. Just last year, an Indian payment gateway took a hit that resulted from an SQL Injection attack. Credit Card information are extremely critical from a privacy perspective. In the event of a breach, the company should act responsibly and proactively, and should issue fair warnings and notices immediately. This goes a long way towards building trust in financial businesses. Kudos to Brian Krebs for bringing this to everyone’s notice.

US Senators Urge Employers Asking for Facebook Passwords to be Put Under Investigation

Over the last week, Facebook has gained quite some attention and some positive karma by announcing that it will not tolerate employers asking for passwords of user accounts. This announcement has led to a mini-drama with the news world reporting that Facebook will sue any employer asking for passwords, and Facebook issuing a clarification that it does not intend to sue any employers as yet, but some legal actions can be taken nonetheless.

The recent development in this whole play has become quite the anti-climax for Facebook. US senators Chuck Schumer (D-NY) and Richard Blumenthal (D-CT) have urged the Attorney General, Eric Holder, to investigate into this brewing drama and unravel whatever truth is there in this matter.

Nathan Ingraham at The Verge reports this request by the senators, saying,


the senators want to know if this practice would violate the Stored Communications Act (SCA) or the Computer Fraud and Abuse Act (CFAA) — the SCA gives fourth amendment-type protection to online communications, while the CFAA prevents intentional access to information stored on a computer without authorization. Blumenthal appears particularly concerned about this issue: only a few days ago, he started drafting a bill that would prohibit such requests.

Not only this, a number of Government representatives have come out claiming that they were in the process of either drafting or introducing a bill that handles these issues. As it turns out, the US government is taking this growing practice by employers seriously, and the matter is already being taken care of by them.


Government of Iceland Plans a Migration to Open Source Software

The Government of Iceland has started a one-year migration plan for all its public offices. As part of this plan, all public administration will be moved to use open source software in their daily operations. This includes all the ministries, the national hospital and the capital city of Reykjavik. A popular software programmer and OSS enthusiast from Iceland named Tryggvi Björgvinsson is heading the migration project.
The statement from the Prime Minister’s Office reads,

The government of Iceland has agreed on a policy regarding free and open-source software. The policy states, among other things, that when purchasing new software, free and open-source software and proprietary software are to be considered on an equal footing, with the object of always selecting the most favorable purchase.

The document [PDF link] highlights the open source policy of the Icelandic Government mentions five important points. The most important of these decisions is that there will be no discrimination between free and open source software and proprietary software when making new software purchases. The policy also promotes the use of FOSS in education.

With this migration, Iceland will join an array of countries in the Europe, which are saving considerable government budgets spent on proprietary IT solutions. It will also boost the development of selected projects and increase their credibility. Nonetheless, the use of Open Source in Governments also bolsters existing FOSS projects and encourages a healthy and competitive ecosystem.

Facebook Discards Rumors About Suing Employers

Facebook has recently stepped up its efforts to combat organizations, which have made it a practice to ask Facebook for user-account credentials as part of their recruitment strategy. This is a direct violation of the privacy of Facebook users. Moreover, the activities of a user on Facebook should in no way decide his chances of being hired into a company.

The good news is that Facebook knows this and is willing to respect the privacy of its users. In a post titled “Protecting Your Passwords and Your Privacy”, Facebook has made it clear that it will not tolerate employers asking for user-account details anymore.

facebookThe Chief Privacy Officer at Facebook, Erin Egan, writes,

Facebook takes your privacy seriously.  We’ll take action to protect the privacy and security of our users, whether by engaging policymakers or, where appropriate, by initiating legal action, including by shutting down applications that abuse their privileges.

While we will continue to do our part, it is important that everyone on Facebook understands they have a right to keep their password to themselves, and we will do our best to protect that right.

Now, Facebook was not exactly precise on the nature of the legal action they would take, and everyone thought it was wise to assume the worst. Seeing this publicity go the absolute wrong way, Facebook has come up with a clarification. It has now issued a second statement discarding any possibility of it suing employers. Although Facebook has decided to take necessary legal actions, suing employers is not on their list of things to do.

We don’t think employers should be asking prospective employees to provide their passwords because we don’t think it’s right the thing to do. While we do not have any immediate plans to take legal action against any specific employers, we look forward to engaging with policy makers and other stakeholders, to help better safeguard the privacy of our users.

Redditor Uncovers the Mystery Behind the DuQu Trojan

Although a large part of the DuQu trojan was confirmed to have been written in C++, Kaspersky could not reach a conclusion about a particular section of the code. This section deals with the communication with the command and control servers, and is contained inside the payload.dll file. This section of code is expected to have been written in an object-oriented language and Kaspersky Lab engineer, Igor Soumenkov, says

The mysterious programming language is definitively NOT C++, Objective C, Java, Python, Ada, Lua and many other languages we have checked.

This mysterious section of code receives instructions and returns stolen data. The Kaspersky Labs turned to enthusiastic programmers and asked for help on deciphering the doubtful section of code. Reddit, being the awesome community that it is, offered some timely help, nonetheless.

It is interesting to note that the mystery man why demystified DuQu is none other than Igor Skochinsky, who reverse-engineered the Kindle in early 2008. You can always visit his blog to refresh your memory. He goes by the handle igor_sk on Reddit and his exact comment on DuQu was,

I can say with some certainty that the code in the snippets comes from the MSVC compiler, since its register allocator tends to use esi first. “pop ecx” instead of “add esp, 4″ is another MSVC trait. Have a look at this presentation for a more formalized approach to compiler detection.

When confronted with the fact that Kaspersky had debunked the possibility of the code being compiled with MSVC compiler, he boldly claimed that the guys at Kaspersky were wrong. Redditors never fail to amaze me. This vital piece of information will be useful when dealing with the DuQu trojan and stopping its communications with the command center.

Firefox 14 to Come with Built-in PDF Support

With all the recent changes in the web technology stack and the advancements in web-browsers, third-party plugins are becoming a thing of the past. A decade ago, Adobe thrived on a business, which was based around providing an extra layer on top of the web. Adobe provided us with PDF readers and flash for web. However, with HTML 5, videos do no need a flash container to run inside a browser. When it comes to PDF files, Google Chrome has already devised a way to display PDF files in a web browser and now, Firefox has deployed its own solution to display PDF files in the browser.

PDF.js is a well-known script that renders PDF files with HTML and JavaScript successfully. It can be installed as an extension. However, the good news is that the latest nightly version of Firefox 14 ships with PDF.js built in. This is a major improvement as it adds a default PDF support in Firefox. Although the PDF rendering from Pdf.js is not as smooth as Adobe Reader, it is worth the freedom.

Dr. Andreas Gal, the Director of research t Mozilla writes about the benefits of the PDF.js extension, saying,

The traditional approach to rendering PDFs in a browser is to use a native-code plugin, either Adobe’s own PDF Reader or other commercial renderers, or some open source alternative (e.g. poppler). From a security perspective, this enlarges the trusted code base, and because of that, Google’s Chrome browser goes through quite some pain to sandbox the PDF renderer to avoid code injection attacks. An HTML5-based implementation is completely immune to this class of problems.

Adobe plugin have attracted security vulnerabilities for too long, and with Flash losing ground, finally, we are moving towards a truly open web without any proprietary layers on top of it. The PDF.js project is developed openly and can be found on Github.

Shuttleworth Highlights the Growth of Ubuntu in the Enterprise Server Business

For years, the Enterprise Server business has been dominated by Linux distributions. Debian and CentOS are the most popular of these distributions with 9.8 and 9.1 percent of total market share, respectively. However, over the past year, Ubuntu has been rising in popularity to threaten Red Hat’s position as the third most popular Linux distribution for servers.

Ubuntu is preferred on the server because of its LTS releases, which are supported with updates for long years. Moreover, it has a large base of zealots who participate closely in the state of affairs. This gives Ubuntu servers excellent hardware support, security, timely updates and ease of installation.

However, Shuttleworth attributes the growth of Ubuntu Server business to the enhanced focus on quality.

The key driver of this has been that we added quality as a top-level goal across the teams that build Ubuntu – both Canonical’s and the community’s. We also have retained the focus on keeping the up-to-date tools available on Ubuntu for developers, and on delivering a great experience in the cloud, where computing is headed.

However, the data referred by Shuttleworth in his blog post cannot be taken at face value. The graph that Shuttleworth used to bolster his claims was derived from public websites as a whole and not just enterprise business. Nonetheless, Red Hat has based a billion dollar business around this business of enterprise servers, and the slightest hint that Canonical is about to overtake Red Hat with Ubuntu can shake things up in the world of Linux based server distros.

Nouveau Moves out of Staging, Releases Same-Day Driver for the First Time

The Nouveau project made two awesome announcements recently. While the first one was related to the latest Kepler chipset released by NVIDIA, the second one was about a long-term change in the project that will be appreciated by the entire FOSS and Linux community.

Recently, NVIDIA has released the GeForce GTX 680, the first NVIDIA GPU with the all-new Kepler architecture. As always, it was released with the official binary drivers.

Nouveau is a software project aiming to develop free software drivers for NVIDIA graphics cards, by reverse engineering NVIDIA’s current proprietary drivers for Linux.

Usually, work on Nouveau drivers starts once the binary drivers are out and available for update. This involves months of reverse engineering the binary drivers. However, to everyone’s surprise, Ben Skeggs from RedHat has managed to reverse engineer the binary driver and commit the reverse engineered code to the Nouveau DRM repository, hours after the launch of the official GPU. Effectively, this made Nouveau drivers available on the same day as the official GPU release.

Although the driver is a bit bland, it does the job nonetheless. This was a major breakthrough for the Nouveau project. Although NVIDIA does not officially support the Nouveau project, it allows this reverse engineering and the project has thrived on this very fact. However, this quick release has raised many questions and we cannot overlook the possibility of NVIDIA’s involvement in this release.

The second breakthrough is the state of the project. The Nouveau driver was a staging driver until now. It was considered stand-alone and was not merged with the mainline Linux kernel because of some technical reasons. Finally, the driver has moved out of staging. It has found a place in the mainline Linux kernel, and it will be available from Kernel version 3.4.