I attended a meeting of the Hartford, CT, chapter of OWASP yesterday - James McGovern was so nice of inviting me there. OWASP is a group focusing on web application security, with a heavy emphasis on "application" (in contrast to "infrastructure"). Most of the attendees were either directly working in the financial industry or closely working with them - at the end of the day, it was Hartford.

To me it was a very interesting event - especially since I have mostly been thinking about platform and infrastrastructure security and not so much about the applications. Some of the emerging standards (like PCI DSS) were rather new to me, but seem interesting enough for me to take a look at.

Some more interesting tools and tidbits:

• WebGoat is a "deliberately insecure JEE application", designed to teach developers how to *not* code a web application. This should be fun to take a look at.
  
• WebScarab is an intercepting HTTP(S) proxy.
  
• The OWASP Top Ten also has some interesting reading.
  

Overall, I am looking forward to staying in touch with this group.

There are quite a few indications that the hopes for an industry backed, ad-supported music exchange were - at the least - too early. Maybe it's a scam, maybe it is just a test-balloon, but in a world of iTunes hating music companies, this scheme did make some sense...

tag: qtrax, iPod, music

Maybe, maybe: there are signs on the horizon that the content industry will finally come to grips with the harsh reality that their old models just do not work anymore the way they used to: enter Qtrax, a free, ad-supported P2P network that claims to have the blessings from a bunch of major labels, including Sony/BMG and EMI. Qtrax will lauch tonight, so soon we will know more.

Overall, this might be a sign that the RIAA monopoly is finally understanding that suing their customers is not a good way of advertising your goods. And while MP3s are not exactly the encoding that HiFi fans' dreams are made out of, it is still an interesting start into a hopefully much brighter future.

There are a few things that really interest me:

• They are using the Mozilla rendering engine. That is a good thing. Period.

• They promise iPod compatibility. Hmm.. this sounds odd, since the iPod is quite capable of playing back MP3s. Now - assuming for the moment that they are using MP3s - why would you need to make the iPod compatible? Unless there is some sort of DRM or platform lock-in included ... we will see in about 3.5 hours

• Who will be the ad source, ie. which advertising seller will get the opportunity to get access to a potentially gigantic market. While I have absolutely no idea, I'd be surprised if the name of that company started with a 'G'.

• How will Apple and the market react? At the end of the day, this whole thing is a thinly-veiled attack against Apples extremely strong position with the iPod and iTunes. If Qtrax can offer a similar level of ease-of-use, Mr. Jobs will have to do some very creative thinking.

• What is their Linux story? Or - to rephrase the question in a more interesting way: What is their open source/open specification story? I can see that they are not particularly interested in opening up their platform, as this would directly undercut their ad-based business model. But will they allow ports or make the engine at least reasonably portable to other OSes, including Linux, but also Symbian or other cell-phone OSes (and - of course - OpenSolaris)?

We will see ... soon.

tag: iPod, apple, audio, music, qtrax

For years I have been playing around with all kinds of computer based TV and multi-media solutions and toys: Windows MCE in its various editions from 2004 to Vista, early versions of MythTV and proprietary stuff. Until now none of these where really at a point where they were actually useful for a family room:

While Windows did have a reasonable UI from the start, the fact that it recorded to a highly proprietary format with nasty DRM implication was a deal-killer right from the start. Some of the tuner-cards (like ATI) attempted to mitigate this by bundling plugins for MPEG-2 conversion, but these were implemented rather clumsily and had frequent failures.

MythTV was - until recently - also more of a geek toy: nice for my lab or office, but nothing I could really throw at my family. Now, with the 0.20 config found in the Gutsy release of Mythbuntu, MythTV takes a rather large leap towards usability. 

• The UI is basically usable and driver support (especially for the tuner cards) is becoming acceptable. I am using an WinTV HVR-950 USB stick now with my digital-over-the-air setup and there is not a lot more I could ask for in terms of device support.

• The proprietary NVidia drivers are good enough and support the motion extensions that are needed to offload motion processing to the GPU.

• For audio, I require at the very least S/PDIF support (mostly for lossy Dolby Digital, but there is no other format like e.g. MLP being used for digital TV at this time), which has been quite painful, but ultimately doable.

• There seems to be decent remote support, but I am right now still fighting with my old ATI Remote Wonder (I think that I will cave in here at some point in time though).

The by far most important factor for family room usability for me is RTC wakeup: I could not near having a computer with its nasty fans running all the time. Enter ACPI controlled RTC wakeup: using a couple of scripts^[1], I was able to make the MythTV box boot up in time for any show that I wanted to record. Very cool.

One thing that I was fighting with in the end was a problem with the way MythTV could be shut down automatically after an unattended recording session. For this, MythTV provides mythwelcome(1) which is a helper program to start the MythTV frontend^[2]. The trick that made is work for me was to instruct^[3] mythwelcome(1) to not start mythfrontend(1) automatically: This overcomes a problem with session management in Ubuntu and mythwelcome, and allows the box to shutdown automatically after it completed recording.

Bottom line is that I am quite happy with my MythTV box for now.

tag: Ubuntu, MythTV, mythwelcome, Audio

[1] There are quite a few of tutorials on ACPI wakup out there, many using nvram-wakeup. Discard all these, and only use those centered on /proc/acpi/alarm, instead (if you can).

[2]  Mythbuntu Gutsy is actually quite smart about using mythwelcome(1): You only need to go into /etc/mythtv/session-settings and enable the welcome shell. No need to change the mythstartup.sh script.

[3] Press the 'i' key while in mythwelcome(1) to configure this.

This is so brain-dead, it is actually quite funny: In a move to make sure that he will be seen - once again - as a brave contrarian, John Dvorak thinks that Oracle paid Sun to kill MySQL. After reading this article, I had to verify that this was not The Onion, but actually MarketWatch.

His argument is fairly simple: Sun has a bad track-record of M&A, so Larry Ellison forces his old buddy Scott  ... ahmm, no wait, it's Jonathan now ... to buy MySQL and ruin it. To prove his point, Dvorak links to a list of recent Sun aquisitions that - allegedly - went bad.

Let's take a look at that list of "failures" again:

• SavaJe - JavaFX Mobile

• SeeBeyond - JavaCAPS

• Tarantella - Secure Desktop

• Waveset - Identity Manager

• StarDivision - OpenOffice (my addition to the list)

Last time I checked, pretty much all of these above technologies were thriving, some of them actually driving at the leading edge of their respective markets and/or standards regimen. Have there been failures or less successful aquisitions? You bet - that happens practically everywhere. There were also some aquisitions that were mildly successful, and others that came to pay off in rather unexpected ways or much later (Cobalt and the Sun x86 story come to mind).

The MySQL acquisition was and still is nothing short of brilliant. Sun has a major league RDBMS now that is being used by virtually everyone in the (your favorite technology moniker here) 2.0 market. And while most of these organizations and individuals are happy with an unsupported open source model, there are still a lot of big companies that use MySQL who are in need of support and other services. This business model fits perfectly into the entire Sun software portfolio and long-term strategy.

It is probably a sign of the time that tech pundits and columnists are now far behind of what is happening in the industry - especially when it comes to business models. On the other hand, Dvorak has been a commentator with a particularly bad track record of making predictions: think about his dismissal of the Macintosh mouse in 1984, his prediction of the iBook failure, his expectation that the iPhone will be a miserable failure, or even his prediction on Microsoft closing down, since the software market is supposedly dead.

The thing that is really sad is that there are even today people who read the name and the headline and assume that he has got a point. He doesn't.

tag: MySQL, Sun

Dare wrote an interesting piece on why RESTful service are much better off without an interface definition language. He is especially picking up on teve Vinoski’s IDLs vs. Human Documentation post, which emphasizes human readable documentation over IDLs.

I am sure that Marc has a somewhat different opinion on this ...

tag: development, REST, WADL

This makes total sense - and finally Sun gets a real database. I can think of at least 10 different major software products from Sun that would benefits enomously from switching from their respective current database platform to a single data store. I am really looking forward to having a single API and place to store structured data in Solaris and Java. Cool.

It reminds me also of the phrase someone coined: "LAMP is for boys, MARS^[1] is for men."

tag: Sun, Solaris, MySQL

[1] MySQL, Apache, Ruby, Solaris

A nasty experience, that I would like everybody to avoid if you can: A few months ago, my bank (NetBank) was acquired by a - by then to me - unknown bank called ING Direct. Having gone through this cycle a couple of time, I did not think a lot of it and trusted that this acquisition process would go as smoothly as the many I have experienced before. Boy, was I wrong.

During the acquisition process, we had our grand family vacation, and shortly after I had a couple of trips to California scheduled. During the vacation, my father-in-law passed away, and we had to arrange for travel and some fund transfers to Germany. The travel was quickly arranged, only the - otherwise perfectly simple - international wire transfer was suddenly impossible with this new bank. Over the course of a few weeks (during which I was not able to sit down at home and sort things out), the quality of service degraded steadily from good (prior to the acquisition), through horrible (prior to the complete conversion) to street robber courtesy (after the conversion to ING Direct).

Here is an example: with NetBank, I had a checking account and a money market account. Simple, nothing fancy. After the ING conversion, I ended up with two savings accounts, no ATM cards, and no checks. Transferring money from either of my "Orange" accounts to an external checking account was - essentially - impossible. Now, ING offers account linking of their savings accounts to an external checking account. I tried that, and it turned out that they had an incorrect social security number registered for both accounts. Ouch! After this was resolved (another 5 ING banking business days, i.e. 12 calendar days pass), they presented me with an online quiz about prior credits (the one you have to fill out to get your credit report online). Fine, unfortunately the credits/data presented had nothing to do with me, so they blocked the option to link accounts online.

And so on, and so on. Bottomline is that ING Direct and their representatives I talked to never even pretended that they were appreciating my business. In that category, they get big kudos for being honest. Everything else, including the online login, which could easily be inadvertently misused to get information about other customers, was an outright disaster.

So here is my verdict: even though they offer pretty decent interest, you will pay for this by having to deal with a customer service department that is only rivaled by United Healthcare for customer non-appreciation. Stay away.

... since I joined Sun. Actually 10 years almost to the date, so Bill presented my 10 year recognition certificate to me today.

It has been a very interesting 10 years: I started out as a pre-sales systems engineer in Frankfurt, Germany, moved to the U.S. in 2000 to work with the Sun Legal team (mostly) and then joined the Business Alliances group in 2005.

From this point a big "Thank you" to everyone who I worked with on this journey.

tag: Sun

Not only that a lot of people have been complaining about my funky ports, but by Internet provider also decided to start blocking the 8080 port. That's somewhat of a problem, since without this port my blog will not work. Sigh!

I therefore decided to bite the bullet and start using a professional ASP.NET hoster. So please update your links and feed readers to my new blog address:

HTML: http://blog.beuchelt.org/
Feed: http://feeds.feedburner.com/WebServicesContraptions

Thank you for your understanding.

tag: blogging

UPDATE: My ISP allows inbound connections on 8080 again, so now I was able to put a redirection in ... Hope that helps. The only thing bugging me right now is that Technorati does not allow me to claim this blog on the new address ... sigh.

So, the long family vacation has been on for over 2 weeks, and it really feels good to unwind a little. We started on Big Island, went on to Kauai (where I got - after 28 years of planning on doing this - my diving certification with KAS^[1]), and are now on O'ahu. The differences between these islands never cease to amaze me. Here are a few pictures that we have put up so far:


Snow and Telescopes on Mauna Kea


The evening view from our balcony on Hawai'i


Me after hiking to the top of the dormant Pu'u Huluhulu


Sunset on Kaua'i on Turkey Day


Waimea River Canyon

[1] My experience with KAS was really superb. I had Damion McGinley as my instructor - he was fun and relaxed, but still made me go through alll the drills over and over again. One of the best things was that he knew the area and the aquatic wildlife quite well, so I got to see many critters and turtles.

Over the next few weeks blogging will be light, since I am traveling. I hope to be back to here for IIW...

Paul found an "periodic" table of data visualizations, which is quite nice in its own right (Paul: I think I have seen a knowledge map of the identity landscape some time ago). But I certainly prefer this "periodic" table of ... beers (hmmm).

tag: humor, beer

Sorry, due to a recent surge in Trackbacks, I have deactivated this feature for the time being. Spammers are really an annoying bunch ...

What made it now just unbearable is that my blog was being misused to advertise the services of the worst health insurance that I ever had: United HealthCare. My conscience does not allow me to help this highly incompetent and - at times - immoral company in any way. It says a lot about a company (especially in HEALTH care) when they or their agents employ SPAM tactics to get people interested in their offer.

tag: blogging, spam, trackback

Ok - I just upgraded my blog engine to the 2.0 release of dasBlog. A big "Thank you!"
to the team for keeping up the great work.

One thing that does seem to work again is comments - so please giv it a try, if you like.

UPDATE: I just saw that the publishing times have been changed during the upgrade (or something else went wrong between the new version and Feedburner), so you will see a lot of new articles, that are not that new. Apologies.

Electronic health record are a very touchy subject, since these affect some of the most personal data. While a usable and reliable system for such electronic records would certainly save a lot of money and also prevent even more health-care related mistakes, the Microsoft HealthVault solution is probably the very worst way of trying to solve these problems.

Do not get me wrong - I do applaud Microsoft for trying to push this effort ahead, so that we (as a society) can make progress towards a reasonable solution. But a centralized (one is tempted to say: totalitarian), Passport-like data sink for my most personal data does not even sound bad to me^[1]. Here are a couple of questions that came to my mind immediately after reading the announcement:

• Why would I trust an unrelated and (health records wise) completely unexperienced company trust with my health records?

• What happens in case of a data breach?

• Why should I consent to having my data shipped to *any* other country?

• Why is Microsoft only worried about third party "Program" provider satisfying *their* Privacy Policy needs and not mine.

• What happens if health related surfing habits are harvested not through the HealthVault web site, but through the *required* Microsoft Passport account?

The list could go on and on after reading the boiler plate privacy policy. I just cannot understand why Microsoft is pressing forward into this area without taking much more caution to prevent security breaches (ha: they are using SSL and strong passwords!!) and limit liability. In this area (particularly when dealing with super personal data like real-time live sign data) there is no "get it right the third time".

Paul Madsen made a very good point of this area of application being ideally suited for Liberty technologies. I think that data as sensitive as medical records should be regulated to only be kept in federations: without my explicit consent data should not move from one silo (doctor A) to any other (doctor B or insurance). In fact, the way the (ineffective, but privacy preserving) way health care works today is a federation model.

tag: healthvault

[1] I am really in a Pauli mood today.

I just ran across this song (from 2006) called "Download this Song" by MC Lars. You can certainly debate the quality of the song itself (although I still very much like "The Passenger"), but the point he is trying to make is probably quite right: 10 years from now, CDs will probably be considered either audiophile, totally redundant, or both. Popular music will at that time be produced, promoted, distributed, and listened to online.

However, I doubt that the small, but dedicated group of people interested in classical, contemporary, or Jazz music will be that easily converted - at least not without CD equivalent (or better) download offers.

Anyway, here is the video:

tag: humor, music, audio

Just some Friday humor:

tag: facebook, identity, humor

I usually try not to act as a sound board for marketing, but this seems quite interesting:

"IBM and Sun announced that IBM will distribute the Solaris operating system (OS) and Solaris Subscriptions for select x86-based IBM System x servers and Blade Center servers."

Cool... the power of Open.

tag: Sun, IBM, Solaris

... don't try this at home:

And here is what should happen to all mediocre audio equipment:

tag: humor, apple, iPhone, iPod

This is the taping of the full lecture - highly recommended:

tag: science, evolution

Totally unrelated to the usual topics, but still interesting (IMO): I have been really into multi-channel high-definition music for some time now and really enjoy SACDs and DVD-Audio discs. Chances are that you haven't eve heard about these formats yet, since the content mafia music industry decided to introduce these very exciting formats with no marketing at all. Both have been around in force since about 2001 and they deliver (sometimes) excellent 5.1 surround music in extremely high definition: 

• DVD-Audio (PCM)
  
• Stereo: up to 192 kHz/24 bit = about 4.3 times the frequency resolution of the Audio CD and 144 dB theoretical sound to noise vs. 96 dB with the Redbook CD (that's 256 time better).
  
• Surround (5.1 discrete channels): up to 96 kHz/24 bit - still more than double the frequency resolution than Redbook Audio CDs and 28000 Hz above the best human perception.
  
• These high-resolution formats are contained in the DVD-Audio section of the disc that CANNOT be read by a "normal" DVD-Player. You will need a special DVD-Audio or Universal player for this.
  
• DVD-Audio discs most often also have a DVD-Video section that typically contains the stereo track in standard 48 kHz/16 bit PCM stereo and sometime a DTS or Dolby Digital version of the surround mix. This section is playable in any standard DVD player.
  
• DualDisc DVD-Audios have two sides - one containing the DVD-Audio side, the other containing a CD Audio side.
  
• SACD (DSD)
  
• Instead of the usual PCM encoding, the SACD uses DSD encoding which is significantly different from PCM by using a single bit quantization at a relatively high sampling rate (2.8 MHz - yes, MEGA Hertz). The claim of the DSD fans is that the demodulated signal is closer to an analog signal when compared to PCM encoding. Opponents complain about the more limited S/N ratio at high frequencies, artifacts of the (necessary) noise shaping and - in general - about a too low sampling rate in the SACD specification.
  
• SACDs must have a stereo DSD track and most often also have a 5.1 surround DSD track. These tracks can only be read by SACD players (or universal players). Most times, the signal is only available as an analog signal, although there are some players (Denon 3910, Oppo, PS3) that convert the DSD signal into high resolution PCM and send it over HDMI to the DAC or receiver.
  

While DVD-Audio is most common in popular music (e.g. Talking Heads re-release on DualDisc), SACD is most common with Classic titles. Since the have had such a slow start from 2001 through 2006, many early adopting labels have either stopped DVD-A and SACD production completely right now, or are only releasing obscure titles or only a very limited selection. Notable exceptions to this are (in the Classical world): Tacet, MDG (DVD-Audio); Pentatone, Channel Classics, BIS, Alia Vox (SACD). Please check my del.icio.us links for online retailers.

Going forward, I expect that SACD will get a lot of attention, especially from the labels (see e.g. the Genesis re-releases on SACD). The reason for this is quite simple IMO: SACD the the *ONLY* format that has not been hacked so far - all others (including BluRay and HD-DVD) are copyable. And I think that this will stay like this for quite a while for the following reasons:

• There is no SACD drive for computers - that makes hacking infinitively more difficult.
• The copy protection mechanisms are not very well understood.
• There is no known way to create a SACD at home that can be played on a stock SACD player.
• Even if the SACD was hacked, there is virtually no mainstream hardware and almost no software support for DSD, making the digital data very mainstream unfriendly.

You might argue that you could sample the analog out at 96 kHz or better or capture the converted PCM from some hacked HDMI conversion player. All this would require a lot of expertise and probably some fairly expensive hardware, again making this approach not attractive to the mainstream user.

No even if you overcame all these hurdles, you'd need to play the 5.1 96KHz track somewhere. The only easy-to-use solution today is the creation of a DVD-Audio disc (which is not trivial or expensive). Alternatively, you would need a decent PC with a 6 analog out and some knowledge to configure the soundcard(s) properly ... not mainstream user, again.

Instead, they would simply copy the RedBook data from Hybrid discs and be happy. Therefore, I think that at least the SACD will survive the HD wars.

tag: DVD-Audio, SACD, High-Definition, Audio

I recently decided to join facebook (to be precise, right after reading Lauren's blog). So far it seems like an interesting little social tool, that benefits hugely from it wide support in the academic community.
What make facebook really interesting (in my mind) is that it is actually an application platform or - to use a now unfashionable term - a programmable portal.
THis feature really enable facebook to mash-up all kinds of services (Amazon, Dopplr, Google Maps, del.icio.us, to name a few) and present them in a fairly simple UI to users.
A downside (at least right now) in my mind is the insane default privacy settings: If you do not change your default privacy settings: If you do not change your defaults, your data is pretty much exposed to anyone, anywhere (especially since joining a regional network is rather uncomplicated). While this might have some appeal for college students, it is the single biggest issue that I have with facebook - and probably one of the most important reasons why facebook (and MySpace and other social networking tools) got a fairly bad reputation. Sharing personal information by default without EXPLICITLY opting-in is a bad thing.

Interestingly enough, you can extrapolate from facebook et al. to legal standards in general: While the U.S. has largely an opt-out approach to sharing personal information, the E.U. take a much more restricitve opt-in approach^[1].

tag: facebook, privacy, policy

[1] Except when dealing with the various governments - in that case there is pretty much no opt-out at all available for European citizens (e.g. the German GEZ will be able to get all kinds of very personal address history data from town halls and central agencies).

Germany recently changed their copyright and intellectual property laws, with a devastating effect on science and research: Going forward, libraries will only under very limited circumstances have the right to send out digital copies of a scientific article. There are many other new and significant changes - most of the times to the benefit of the "Content Community" (aka content mafia).

Maybe you are directly impacted, or maybe only tangentially. But ultimately, this kind of advantage for the content creator will continue is nibbling away from our rights to private copies, fair use, and - eventually - free speech. And since we do live in a fairly globalized world (at least as far as lobbying by the content mafia goes), this will effect all of us. Therefore, I ask you to consider signing the "Göttingen Declaration", asking for a reform of the latest changes in one of the biggest economies in the world.

tag: Copyright, FairUse

Here is a short little article by the German news magazine DER SPIEGEL on green datacenters. Interestingly enough, one of the biggest German hosting companies (1&1) has decided to go with the SunFire systems with the Niagara processor (8 core SPARC). Econony and ecology go hand in had into the mainstream...

The MPAA has finally proved to the world what they really are: a criminal cartel that does not stop short of illegal means to advance their interest. CNET reports that TorrentSpy has filed a complaint against the MPAA, accusing them of hiring a professional data thief and anarchist (a.k.a. hacker) to steal private communication and trade secrets from TorrentSpy.

Protecting intellectual property and prespecting copyrights? Yeah, sure...

No, this post is entirely unrelated to LAMP or even technology. This is only about a bird nest in the lamp over our main entry door at home. The are two chicks in that nest that really make a lot of noise ...

And here is a closeup:

Anyone an idea what birds these are?

tag: Nature, Birds

This is quite astonishing: I am sitting in a public elementary school in Massachusetts, happily booting my laptop to finish reading some PDF document. After logging in I suddenly notice that my wireless adapter picks up a network: 'linksys'. Amazed that some neighboring home reached into the school building with their WiFi access point, I only quickly check the nameserver to see which ISP that access point is connected to: (name of town).mec.edu. What??? I am in the school network? No WAP/WEP, firewalls, proxy or anything.

Given the fact that the calendar shows the year 2007, I am now really astonished and shocked, that the IT environment of an entire school system is exposed to the world through an unprotected WiFi AP.

The security, privacy, and potential ID theft implications are huge: I assume (though I cannot speak for certain, since I did not even try to touch any of the systems) that some of the systems in this infrastructure contain personally identifyable information about the school staff, teacher and even students. Even a well patched and maintained system that is monitored by advanced intrusion detection software can not necessarily replace a firewall that blocks in-coming traffic. I just hope that - going forward - things like this will never happen again.

tag: security, schools

... software, that is here the question.

There have been quite a few comments for the leadership of my employer lately (GregP, JonathanS), and now Mark Shuttleworth of Ubuntu chimes in.

His argument goes as follows: Microsoft (and in extension most, if not all major corporate software player) really do not have an interest in software patents. Why? Simply because they are obviously the most juicy target a patent troll can hope for: deep pockets, big software products that cover vast areas of intellectual property. Examples of this can be found at Mike Dillon's blog.

In the light of these developments, Non-assertion covenants such as Sun's for OpenID are of crucial interest to the developer community and the public as a whole. These initiatives truly create a "patent cold war" in a good sense, at least within the software industry.

What remains is the patent-troll industry, and here is where regulatory bodies are required to evolve the current patent and copyright legislation ^[1] to a model where inventors and practitioners (like developers or artists) are rewarded, while parasites (like patent trolls and ...) have their air supply cut for good.

I am wondering one thing (and maybe there is a legal expert/lawyer out there who could clarify this): Can I license e.g. software in a way that would revoke license rights from potential patent plaintiffs?  So that any software license has a 'nuclear' provision, that renders the entire license provision null and void, if the licensee (i.e. user of the software) uses software patents for the sole purpose of suing without practicing such patents in a meaningful way. Note that this provision should not be directional, but cover any suit based on horded patents.

If the open source community and the commercial software community adopted a model like this, the patent trolls would at least be relegated to using paper and pen for all of their fillings.

tag: patents, IPR, intellectual property, NAC

[1] absolutely including the completely brainless DMCA and its WIPO relatives

UPDATE: After talking to a few folks (that are quite cynical at times ), I guess my license idea would not work: It would be quite easy for a troll to setup a front and 'outsource' business activities ...

Wow, sensible ideas *do* seem to spread by themselves ... I just read in eWeek that more and more companies are using desktop virtualization. No kidding. I have been using desktop virtualization for more than 4 years now, with my production machine (Email, Blog reading, OpenOffice, etc.) virtualized now for almost a year. Anything else would be totally insane for me, especially since I use a lot of beta (or alpha) software that has a tendency to break certain OSes.

tag: Virtualization

Last night's untalend show was - as usual - quite interesting. Here is the lyrics of some of Eve's andmy song (snippets):

Twinkle, twinkle WS-Star
How I wonder what you are

Architecture in the sky
Now in part in WS-I

Twinkle, twinkle WS-Star
How I wonder what you are
(traditional)

and

Bye, Bye, Mr. InfoCard guy
May be managed some day later
Now he's self-certified

When he left Dot Net
And kissed Kim Cameron goodbye
Saying "Soon I'm gonna be a profile,
soon I'm gonna be a profile."
(after Wierd Al - The Saga Begins, after Don McLean - American Pie)

tag: IIW2007, un-talent

Paul has a wonderful letter to Hubert on his blog ... Sorry Paul, 5 CDN will not do - but here is a web site that might help

tag: identity, OpenID, opensource, sunopenid

I just picked this up from Phil Windley(he also found the lyrics):

Gee, I haven't laughed like this in a long time

tag: humor, mathematics

As most of you have heard by now, a certain number is the focal point of a major controversy between the a small an mostly insignificant, but loud portion of a minor industry segment on the one side and the majority of people living on this planet on the other. Somewhere in the middle are folks like Wikipedia, Google, and as of yesterday digg.com.

The root cause for all this nonsense is - of course - the DMCA, which states that even parts of a DRM "circumvention device" are illegal.

I find it completely intolerable that such a very small group has the audacity to claim protection rights for a simple sequence of 32 hexadecimal numbers that are on equal basis with the protection rights for intellectual property. This is - by all due respect for *actual* intellectual property - completely ridiculous. In fact, I think that this claim undermines the value of intellectual property per se, since  - if this would hold in a courtroom - literally anything could now be claimed to be protected by the DMCA:

Consider the following situation: I am using the number 20 07 as my secret key to unlock 'protected work'. As such, any reference to this number that is even remotely associated with DRM or content protection is a violation of my DMCA guaranteed right. So, if you, or your company should happen to work in the DRM field, be sure to not write down years in any of your communications. While this example is a little over the top, it still illustrates the extremes that are possible in this legislation.

Another interesting question would be: What happens to a person getting a tattoo of a part of a circumvention device? Can he/she be ordered to get skinned? Or terminated?

tag: FreedomOfSpeech