The MPAA has finally proved to the world what they really are: a criminal cartel that does not stop short of illegal means to advance their interest. CNET reports that TorrentSpy has filed a complaint against the MPAA, accusing them of hiring a professional data thief and anarchist (a.k.a. hacker) to steal private communication and trade secrets from TorrentSpy.

Protecting intellectual property and prespecting copyrights? Yeah, sure...

Today, our OpenID provider finaly went into production. As some may have noticed, http://openid.sun.com/ has been live for some time now, and the team has been playing around with it. As of last night, we (or more precisely: Hubert) flipped the switch and we are officially live.

tag: OpenID, identity, opensource, sunopenid

No, this post is entirely unrelated to LAMP or even technology. This is only about a bird nest in the lamp over our main entry door at home. The are two chicks in that nest that really make a lot of noise ...

And here is a closeup:

Anyone an idea what birds these are?

tag: Nature, Birds

This is quite astonishing: I am sitting in a public elementary school in Massachusetts, happily booting my laptop to finish reading some PDF document. After logging in I suddenly notice that my wireless adapter picks up a network: 'linksys'. Amazed that some neighboring home reached into the school building with their WiFi access point, I only quickly check the nameserver to see which ISP that access point is connected to: (name of town).mec.edu. What??? I am in the school network? No WAP/WEP, firewalls, proxy or anything.

Given the fact that the calendar shows the year 2007, I am now really astonished and shocked, that the IT environment of an entire school system is exposed to the world through an unprotected WiFi AP.

The security, privacy, and potential ID theft implications are huge: I assume (though I cannot speak for certain, since I did not even try to touch any of the systems) that some of the systems in this infrastructure contain personally identifyable information about the school staff, teacher and even students. Even a well patched and maintained system that is monitored by advanced intrusion detection software can not necessarily replace a firewall that blocks in-coming traffic. I just hope that - going forward - things like this will never happen again.

tag: security, schools

In order to go through some exercise here, I recently needed to create a few Java classes from XSD schema. "Well," I thought, "JAXB with its integrated XJC is your friend!" And so it is, but you might have to dig a little deeper.

The problem I was facing was a schema that had references to WS-Security, XML Encryption and XML Signature. As such, it imported all these schemas from the web using <xsd:import namespace="..." schemaLocation="http://..." />. Since xjc is pretty flexible, accessing these schemas on the web was a charm, even through the firewall. After all, this is much better than downloading all the referenced schemas (and all schemas they reference) and edit the imports to point to the right location in the file system.

Well, not so quick. In their infinite wisdom and foresight, the schema developers at OASIS and W3C decided to use different schema locations for XML Dsig. They reference the same schema (with identical namespace, obviously), but import through different schemaLocation URIs. That confuses xjc to no end, since it detects a re-definition of the same object and gives up.

In order to resolve this problem, you can create an XML Catalog, that allows you to rewrite (or redefine) URLs referenced in you schema. Here is an example:

<?xml version="1.0"?>
<catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog">
  <system
      systemId="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"
      uri="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd" />
</catalog>

This simple catalog redefines the URI used by the XML encryption schema to point to the one used by OASIS. The XML Catalog specification provides many more options, and it is good to know that xjc supports this.

While this is quite simple, I found it relatively hard to find concrete examples on how to use this mechanism.

tag: XML Catalog, XML Schema, XSD, JAXB, XJC, Data Binding

... software, that is here the question.

There have been quite a few comments for the leadership of my employer lately (GregP, JonathanS), and now Mark Shuttleworth of Ubuntu chimes in.

His argument goes as follows: Microsoft (and in extension most, if not all major corporate software player) really do not have an interest in software patents. Why? Simply because they are obviously the most juicy target a patent troll can hope for: deep pockets, big software products that cover vast areas of intellectual property. Examples of this can be found at Mike Dillon's blog.

In the light of these developments, Non-assertion covenants such as Sun's for OpenID are of crucial interest to the developer community and the public as a whole. These initiatives truly create a "patent cold war" in a good sense, at least within the software industry.

What remains is the patent-troll industry, and here is where regulatory bodies are required to evolve the current patent and copyright legislation ^[1] to a model where inventors and practitioners (like developers or artists) are rewarded, while parasites (like patent trolls and ...) have their air supply cut for good.

I am wondering one thing (and maybe there is a legal expert/lawyer out there who could clarify this): Can I license e.g. software in a way that would revoke license rights from potential patent plaintiffs?  So that any software license has a 'nuclear' provision, that renders the entire license provision null and void, if the licensee (i.e. user of the software) uses software patents for the sole purpose of suing without practicing such patents in a meaningful way. Note that this provision should not be directional, but cover any suit based on horded patents.

If the open source community and the commercial software community adopted a model like this, the patent trolls would at least be relegated to using paper and pen for all of their fillings.

tag: patents, IPR, intellectual property, NAC

[1] absolutely including the completely brainless DMCA and its WIPO relatives

UPDATE: After talking to a few folks (that are quite cynical at times ), I guess my license idea would not work: It would be quite easy for a troll to setup a front and 'outsource' business activities ...

You can find some information on this at the "On The Record" blog, including a link to the official text of the NAC. Now let's hope that more folks issue a similar covenant.

This time, Eve was faster than me ...

tag: Identity, OpenID, Open Source, iiw2007, sunopenid

Drummond blogged about semantically meaningful identifiers - really interesting. I particularly like his example ... and Drummond: I am perfectly happy for you to use my identifier in this example

tag: identity, XRI, OpenID

Wow, sensible ideas *do* seem to spread by themselves ... I just read in eWeek that more and more companies are using desktop virtualization. No kidding. I have been using desktop virtualization for more than 4 years now, with my production machine (Email, Blog reading, OpenOffice, etc.) virtualized now for almost a year. Anything else would be totally insane for me, especially since I use a lot of beta (or alpha) software that has a tendency to break certain OSes.

tag: Virtualization

Mike Jones has blogged about Microsoft's latest OSP covered specification. Large chunks of the InfoCard protocols that appeared on Kim's blog over time are now in this refatored version of the spec. I did not have the time yet to go through this in detail, but I am quite interested to figure out if I can build a managed card provider and consumer based solely on this spec. Mike assures me that this works, so I hope to report back about this soon ...

BTW: Thanks for all your work, Mike (and Kim, of course).

tag: Identity, Microsoft, InfoCard