Science Addiction

Researchers at the University of Washington and University of California, San Diego have released a free and open source software called Adeona. It tracks your stolen or lost laptop without relying on proprietary or centralized software or databases. And unlike commercial services, it preserves the privacy of the user- it uses cryptography mechanisms so that only the user has access to the laptop location information.

Adeona is designed to use the Open Source OpenDHT distributed storage service to store location updates sent by a small software client installed on an owner’s laptop. The client continually monitors the current location of the laptop, gathering information (such as IP addresses and local network topology) that can be used to identify its current location. The client then uses strong cryptographic mechanisms to not only encrypt the location data, but also ensure that the ciphertexts stored within OpenDHT are anonymous and unlinkable. At the same time, it is easy for an owner to retrieve location information.

It is licensed under GPLv2, and is available for Linux, Mac OS X and Windows. Like Lojack for cars, simply the prevalence of such software can serve as a deterrent for casual theft. A determined thief can replace the operating system before using (or selling) it, but a lot of consumer electronics theft is casual and opportunistic.

A long time ago, Chris Seibold, one of my co-writers at Apple Matters, asked if I had any ideas for a book he was writing for O’Reilly publishers called “The Big Book of Apple Hacks”. That email turned in to a little brainstorming which led to five chapters that I have in the book.

• MacFuse
• SSH Tunnels
• ImageMagick
• Tivo + Mac
• Fink & MacPorts

Of course, those chapters have much better names in the book. Unfortunately, a publishing error left my name off the acknowledgments at the end of the book (seriously!), but my name is at the end of each chapter I wrote. Hopefully the book will have many reprints in the future which will include my name!

In May 2007, that seminal work by Eric S. Raymond turned ten years old. The Cathedral and the Bazaar is a book about the simple notion that in software development given enough eyeballs, all bugs are shallow. Six years after Linux came on to the scene and 14 years after Richard Stallman gave birth to the GNU project, Eric Raymond put an intangible, untested concept in to words and has arguably had a phenomenal impact on software and geek culture.

When I wrote my 95 Theses of Geek Activism last year, I put in CatB as a required reading as thesis #12 (the order meant nothing!). It could well have been #1, because it was the book that, for me, transformed the open source model from a touchy-feely philosophy to a practical, viable and achievable ideal for software development.

When Richard Stallman introduced the GNU project, it was a philosophy. You stuck with the GNU model because you believed in truth, liberty, freedom and justice. The BSD and other licenses were less philosophically rigid and have hence been taken advantage of by companies. Apple based their operating system OS X on BSD but were not obligated to share their improvements with the BSD community. They could take, but did not have to share. The GPL aimed at changing that- sharing was a many way street.

Linux brought the truly bazaar-style development in to the (geek) mainstream- where every user was a developer and the code was released early and released often. These facets of Linux development were part accidental, part consequences of the GPL and part Linus’ genius. Of course, Raymond was the first to test and formally describe the theories behind the success of Linux and how to apply them to future projects. Raymond tested the bazaar philosophy on his own fetchmail project and the book tracks his success with it.

• CatB as a Manifesto: This book changed the geek language. Phrases such as the one above about eyeballs and bugs or the fundamental ideas about how to treat your beta testers are now treated as obvious. Indeed, even Yahoo and Google use the idea of treating their users as insider beta testers for many of their products.
• CatB and O’Reilly: The Cathedral and the Bazaar was the first book published in print (by O’Reilly) with an open source document license. This allowed the book to be copied and modified as long as the resulting work had the same license- a precursor to Creative Commons licenses.
• The Open Sourcing of Netscape: The open sourcing of the Netscape browser and the start of the Mozilla project at the end of the browser wars in the late 90s is largely attributed to this book. At the time, CTO of Netscape, Eric Nahn told Raymond, “On behalf of everyone at Netscape, I want to thank you for helping us get to this point in the first place. Your thinking and writings were fundamental inspirations to our decision.’‘

Eric Raymond first presented The Cathedral and the Bazaar at the Linux Kongress on May 22nd, 1997 in Würzburg, Germany. Ten years later, Linux is more powerful than ever, Ubuntu is ready for the desktop (says me) and the bazaar model is alive and thriving.

• Read The Cathedral and the Bazaar
• About the Netscape decision
• Raymond’s ever-growing archive of notes, comments, rebuttals and more on CatB.
• Read Linus Torvalds’ fun, light and frothy autobiography about the heady young days of Linux Just for Fun
• And of course, there is the The Circus Midget and the Fossilized Dinosaur Turd (don’t worry, it’s satire and it has a point)

First, take a look at this graphic at Washington Post sensationally titled How to Steal an Election. It compares Nevada laws regarding slot machines with state and federal laws regulating electronic voting machines. The comparison is stark and eye-opening. For example, the Nevada Gaming Commission has access to all software for gaming electronics but the voting machine code is a trade secret. Yes, and so are the inner government workings of China.

And then there is the most famous of the voting machine manufacturers, Diebold. In addition to being a closed system that even the government is not allowed to know about, it is a company that fundamentally misunderstands electronic voting in particular and security in general.

For example, this came from a Diebold spokesman [via Schneier]

“For there to be a problem here, you’re basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software,” he said. “I don’t believe these evil elections people exist.”

Ah yes, the head-in-the-sand form of security. I hear it is very popular in the real world and effective in utopian societies.

The fun and games do not end there. A major vulnerability was found in the voting machines:

This newspaper is withholding some details of the vulnerability at the request of several elections officials and scientists, partly because exploiting it is so simple and the tools for doing so are widely available.

Of course, the report appeared later on with parts redacted, and it is tremendous.

A few days ago, a Janet Meyer article on Apple Matters sparked a phenomenal discussion for and against Apple’s DRM policies. If you are not aware, Apple has a Digital Rights Management [DRM] system that “protects” the music it sells from the iTunes music store: it determines where you can play it, how you can play it, how many machines you can play it on and so on. It is proprietary, so if Apple controls the online music market, Apple also automatically controls how, where, why, when we listen to music we buy from them.

To cut a long story short, Janet was making the point that Apple may have a closed music format but as long as consumers have no trouble with it, consumers have a choice to buy CDs instead, the market will decide what is best.

Ah yes, the market. That all-knowing, all-seeing, all-singing, all-dancing market. It knows. In a perfect society with fully informed consumers who have true choices, the market knows. Elections would be marvellous with fully informed voters with true choices as well Read the rest of this entry »

Linus Torvalds is on CNN this weekend and though the interview is largely unsurprising, he is always charming and self-deprecating- taking as little credit for the “revolution” as possible.

Timings for the interview on CNN International:

You can watch the Linus Torvalds interview on Global Office on CNN International at these times:
Saturday
03:30 ET/08:30 BST/1530 HKT/1300 New Delhi
09:30 ET/14:30 BST/2130 HKT/1900 New Delhi
Sunday
07:30 ET/12:30 BST/1930 HKT/1700 New Delhi
13:30 ET/18:30 BST/0130 (Monday) HKT/2300 New Delhi

It seemed as though yesterday was an overactive April Fool’s day; maybe because it was a Saturday or because I was actively seeking pranks. And I found many.

Some of my favorite pranks for this year: Read the rest of this entry »

If you use the Netflix rating system even half as much as I do, your account has information documenting your entire movie watching life. At this point in time, I have rated 1348 films on Netflix and that number grows by about 15 per month- considering I am a movie geek and a statistics geek, that information is important- nay, vital- to me! If only there was a simple, friendly way to get at my information… Read the rest of this entry »

Many people around the world plan their charitable giving around this time of the year, for religious, tax or other similarly benevolent reasons. As a geek who spends an inordinate amount of time with around his computer, these are the entities that have made my life easier in the past year and deserve all the recognition, money and general fulfillment of all Amazon Wish List desires: Read the rest of this entry »