Archive for the 'Tech' Category

Page 2 of 9

MPEG LA confirms H.264 license needed for free software and end users

Published on 1 February, 2010 in FOSS and Tech. 1 Comment Tags: , , , , , , , , , , , , , , .

Currently, there is no default video format for use with the HTML5 video tag. The patent and royalty free Theora format was planned to be the default, but this was opposed by corporations like Apple and Nokia. The most popular video format at the moment is the heavily patent encumbered H.264, which is often encapsulated in Flash. As the move to HTML5 gathers steam, the battle for a video format rages on.

The issue of which format becomes prevalent is very important for the future of open web (and especially Linux). Youtube is one of the biggest providers of H.264 encoded media (currently encapsulated in Flash, but there is an HTML5 beta program) and Google will pay hefty royalties for the privilege.

The question of royalties over use of H.264 has become a popular talking point of late, because while Safari and Chrome support it, Chromium (the free software version of Chrome browser) Opera and Firefox don’t.

Now, a discussion on the Linux Weekly News site has answered the question as to whether the MPEG LA will require and enforce free software projects (and developers) to cough up for a license.

The question asked of MPEG LA via email exchange:

I read through the FAQ and can’t find out if Free and Open Source developers and products need to license the MPEG LA patents for MPEG-4 Visual. It was alleged in a comment that royalties are only necessary for products sold, not for free products. Is this correct? Could you please comment on the licensing options for Free (e.g. GPL) and open source implementations of MPEG-4 Visual, specifically h.264? What about downstream users/developers/distributors of Free and open source software?

The answer is a resounding “Yes” and even end users are liable:

In response to your specific question, under the Licenses royalties are paid on all MPEG-4 Visual/AVC products of like functionality, and the Licenses do not make any distinction for products offered for free (whether open source or otherwise)…

I would also like to mention that while our Licenses are not concluded by End Users, anyone in the product chain has liability if an end product is unlicensed. Therefore, a royalty paid for an end product by the end product supplier would render the product licensed in the hands of the End User, but where a royalty has not been paid, such a product remains unlicensed and any downstream users/distributors would have liability.

As an article over at OSNews states, we must ensure that H.264 does NOT become the de-facto standard for video on the web:

“In other words, h264 is simply not an option for Free and open source software. It is not compatible with “Free”, and the licensing costs are prohibitive for most Free and open source software projects. This means that if the web were to standardise on this encumbered codec, we’d be falling into the same trap as we did with Flash, GIF, and Internet Explorer 6.”

I guess it’s up to web developers and corporations to make the smart choice. If Google can purchase On2 Technologies, they might release later generation versions of VP (on which Theora is based) to surpass the quality of H.264.

Another Internet Explorer vulnerability grants full access to hard drive

Published on 1 February, 2010 in Tech. 1 Comment Tags: , , , .

The Register has an article on another vulnerability in Internet Explorer and Windows which allows the attacker complete access to the hard drive.

If you use any version of Internet Explorer to surf Twitter or other Web 2.0 sites, Jorge Luis Alvarez Medina can probably read the entire contents of your primary hard drive.

The security consultant at Core Security said his attack works by clicking on a single link that exploits a chain of weaknesses in IE and Windows. Once an IE user visits the booby-trapped site, the webmaster has complete access to the machine’s C drive, including files, authentication cookies – even empty hashes of passwords.

This is not the first time these vulnerabilities have surfaced (and it won’t be the last), but Microsoft cannot completely fix the issues because they use core functions of Windows.

The hole is difficult to close because the attack exploits an array of features IE users have come to rely on to make web application work seamlessly. Simply removing the features could neuter functions such as online file sharing and active scripting, underscoring the age-old tradeoff between a system’s functionality and its security.

Yahoo! pays Canonical to switch Firefox away from Google

Published on 27 January, 2010 in FOSS and Tech. 0 Comments Tags: , , , , , , , .

While I’m not convinced that Google is our friend, this latest move from Canonical is interesting.

Microsoft has been paying companies to move their sites from Google to Bing and the Mozilla’s director of community development, Aza Dotzler, recommends that users switch Firefox’s default search engine from Google to Bing.

Now, Canonical has struck a revenue deal with Yahoo! and will change the default search engine away from Google (for new installs).

Canonical has negotiated a revenue sharing deal with Yahoo! and this revenue will help Canonical to provide developers and resources to continue the open development of Ubuntu and the Ubuntu Platform.

Yes, Google currently has the largest share of web marketing, but if more and more companies start switching to alternatives like Yahoo! and Bing, then things could change dramatically.

Christopher Blizzard: HTML5 video and H.264 – what history tells us and why we’re standing with the web

Published on 27 January, 2010 in Tech. 0 Comments Tags: , , , , , , , , .

Christopher Blizzard has a great article about H.264 and what it might mean if it becomes the de-facto standard for video on the web.

Remember, this is still very early in H.264’s history so the licensing is very friendly, just like it used to be for MP3. The companies who own the IP in these large patent pools aren’t in this for the fun of it – this is what they do. They patent and they enforce and then enjoy the royalties. If they are in a position to charge more, they will. We can expect that if we allow H.264 to become a fundamental web technology that we’ll see license requirements get more onerous and more expensive over time, with little recourse.

Are all browsers equally vulnerable?

Published on 25 January, 2010 in Tech. 0 Comments Tags: .

With all these Internet Explorer insecurity issues coming to light, a common argument is:

“All browsers are insecure, just practice safer browsing by not clicking on links in unsolicited mail.”

Sure, that’s a important part of being safe on the net, but it’s only half of the picture. Of course all browsers will have security holes at particular points in time, no software is perfect.

However, what we should be looking at is a vendor’s response to security vulnerabilities. It’s how quickly a vendor can patch a hole and distribute the fix which is most important. (Of course, security by design and underlying operating system are also important factors.)

To which end, I came across an entry in Wikipedia which provides a comparison of unpatched publicly known vulnerabilities in the latest stable versions of major browsers. It is based on vulnerabilities reports by SecurityFocus and Secunia.

From the list, you can see that all version of Internet Explorer have dozens of unpatched security holes, while most other browsers have none (Safari and Chrome have only one unpatched vulnerability, which is classified as “less critical”).

According to the latest information, security research firm SecurityFocus reports that IE6 has 396 known unpatched vulnerabilities, IE7 has 15, and IE8 has 32. The oldest known unpatched vulnerabilities for IE6, IE7, and IE8 date from November 20, 2000, May 17, 2007, and April 11, 2009 respectively.

How many does Firefox have? Zero. That’s right. NONE.

So yes, you should practise safe surfing, but the browser you choose will have a MAJOR impact on overall security of your system (so does the operating system). Anyone who claims that Internet Explorer is just as secure as the other major browsers is either insane or stupid.

I think I found my new phone…

Published on 22 January, 2010 in FOSS and Tech. 0 Comments Tags: , .

…the Android “GSmart” from Gigabyte. Haha..

YouTube HTML5 beta program launched, but without Theora support

Published on 22 January, 2010 in FOSS and Tech. 2 Comments Tags: , , , , , .

Google has created an opt-in beta program for anyone wanting to test YouTube with the HTML5 tag rather than using Flash. There are a few caveats however, with the number one being that it’s still all H.264 video. No Theora to speak of, yet, but it’s possibly a step in the right direction!

Bye Bye, SysReq

Published on 15 January, 2010 in Tech. 0 Comments Tags: , , , , , .

IBM/Lenovo laptops always seemed to have great Linux support. Shortly however, Lenovo products will ship without the SysReq key.

New Lenovo keyboard

Luckily, with Ext4 issues sorted out, there’s no need to use Magic Keys, right?

Windows based Internet cafés “illegal”

Published on 15 January, 2010 in Tech. 0 Comments Tags: , , , , , .

I never realised before, but Windows based Internet cafés violate Microsoft’s license terms, because:

Windows desktop operating system and Microsoft Office system licenses do not permit renting, leasing, or outsourcing the software to a third party.

Interesting.

Now however, by paying an extra licensing fee to Microsoft café owners can become legit.

Seems to me that a Linux based kiosk with OpenOffice.org is just going to become even more attractive..

Microsoft screencast shows Linux easier than Windows

Published on 14 January, 2010 in FOSS and Tech. 5 Comments Tags: , , , , , , , , .

In their attack on free software, Microsoft has launched a website which compares various aspects of Windows to its counterpart on Linux.

One of the latest videocasts compares getting Perl and PHP running on a webserver.

In the Windows screencast the author (who happens to be an Australian) says:

“In the past it was kinda difficult to set up Perl on Internet Information Services, now I’d actually argue it’s probably easier to set up Perl on IIS than it is to actually set it up on Linux.”

OK then, let’s watch both of his screencasts and see whether that is indeed true!

Excluding the tasks of installing Linux and Windows, installing the respective webserver, creating the Perl and PHP scripts themselves (which just print “$LANG is working”) and downloading the PHP/Perl install files (which you only have to do on Windows of course) here is the number of tasks required for each. As an aside, he is using Ubuntu Feisty Fawn, that’s SIX releases of Ubuntu ago.

Ubuntu – install and configure Perl
Total tasks = 7

Open terminal
    Open "Terminal"
Install Apache Perl module
    sudo apt-get install libapache2-mod-perl2
    Type "y" to proceed
Restart Apache
    sudo /etc/init.d/apache2 force-reload
Copy Perl script to cgi-bin directory
    sudo cp testperl.pl /usr/lib/cgi-bin/
Make Perl script executable
    sudo chmod a+x /usr/lib/cgi-bin/testperl.pl
Use Firefox to test
    http://localhost/cgi-bin/testperl.pl

Windows – install and configure Perl
Total tasks = 34

Run Perl installer
    Click "Run"
    Click "Next"
Accept license agreement
    Click "Next"
    Click "Next"
    Click "Next"
    Click "Install"
    Click "Finish
Open Command Prompt
    Click "Start Menu"
    Click "Command Prompt"
Make cgi-gin directory
    mkdir C:\Inetpub\cgi-bin
Copy the script
    cd Desktop
    copy *.pl C:\Inetpub\cgi-bin
    exit
Open IIS Manager
    Click "Start Menu"
    Click "Administrative Tools"
    Click "Internet Information Services (IIS) Manager"
Configure Perl
    Select "Perl CGI Extension" from "Web Service Extensions"
    Click "Allow"
Create Virtual Directory for cgi-bin
    Expand "Web Sites"
    Right Click "Default Web Site"
    Click "New -> Virtual Directory"
    Click "Next"
    Type name "cgi-bin"
    Click "Next"
    Set path "C:\Inetpub\cgi-bin"
    Click "OK"
    Click "Next"
    Tick "Run"
    Tick "Execute"
    Click "Next"
    Click "Finish"
    Click "Close"
Use Internet Explorer to test
    http://localhost/cgi-bin/testperl.pl

Perl Conclusion
If you live on planet Microsoft, then I guess you might deduce that Windows is indeed easier than Linux. Of course in reality that’s complete bunkum.

Now, let’s have a look at PHP, where our presenter says the following:

It’s as easy to install these particular services and languages on IIS as it is, or even easier to install them on Windows than is it on Linux.

Ubuntu – install and configure PHP
Total tasks = 5

Open terminal
    Open "Terminal"
Install PHP mod for Apache
    sudo apt-get install libapache2-mod-php5
    Enter "y" to continue
Copy the php file
    sudo cp testphp.php /var/www/
Use Firefox to test
    http://localhost/testphp.php

Windows – install and configure Perl
Total tasks = 23 (or 42 if configuring cgi-bin)

Run PHP installer
    Click "Run"
    Click "Next"
Accept license agreement
    Click "Next"
    Modify path to "C:\PHP"
    Click "Next"
    Select "IIS CGI"
    Click "Next"
    Click "Next"
    Click "Finish
Copy the script
    Right click on php file
    Select "Copy"
    Click "Start Menu"
    Open "My Computer"
    Browse to "C:\"
    Open "Inetpub" folder
    Right click
    Click "Paste"
Open IIS Manager
    Click "Start Menu"
    Click "Administrative Tools"
    Click "Internet Information Services (IIS) Manager"
Confirm PHP is active
    Select "Web Service Extensions"
    Ensure "PHP: Hypertext Processor" set to "Allow"
Use Internet Explorer to test
    http://localhost/cgi-bin/testphp.php

PHP Conclusion
Of course, he had already set up the cgi-bin virtual directory when he did Perl, so he’s getting that configuration for free. If you were configuring just PHP (or PHP first) this would take a total of 42 steps, instead of 23.

Conclusion, Conclusion
Either way, this guy sure has a funny idea of what “easy” means. I think it’s easy for him to make money from Microsoft by spreading lies about Linux.