buchner.johannes - Slashdot User

Submission + - WebM license made GPL and Apache compatible (blogspot.com)

Submitted by buchner.johannes on Friday June 04, 2010 @10:34PM

buchner.johannes writes: Google updated its licensing terms for WebM, which is now a pure BSD license, with a standalone patent grant.
Using patent language borrowed from both the Apache and GPLv3 patent clauses, in this new iteration of the patent clause we've decoupled patents from copyright, thus preserving the pure BSD nature of the copyright license. This means we are no longer creating a new open source copyright license, and the patent grant can exist on its own.

Here is the WebM license FAQ. Time to make a GPLv3 fork?

Submission + - Ethics of producing Non-malicious Malware 2

Submitted by buchner.johannes on Monday November 30, 2009 @06:50PM

buchner.johannes writes: I was fed up with the general consent that Linux is oh-so-secure and has no malware. After a week of work, I finished a package of malware for Unix/Linux. Its whole purpose is to help whitehat hackers point out that the system can be turned into a botnet client, by simply downloading BOINC and attaching it to my user account, helping scientific projects. It does not exploit any security holes, but loose security configurations and mindless execution of unverified downloads: I tested it to be injected by a PHP script (even circumventing safemode), so that the web server runs it, hell I even got a proxy server that injects it into shell scripts and Makefiles in tarballs on the fly, and adds onto windows executable for execution in wine (Z: is /). If executed by the user, it can persist itself in cron, bashrc and other files. The aim of the exercise was to provide a payload so security people can 'pwn' systems to show security holes, without doing harm (such as deleting files or disrupting normal operation).
But now I have a problem: I am unsure of whether it is ethically ok to release this toolkit, which, by ripping out the BOINC payload and putting in something really evil, can be turned into proper Linux malware. On the one hand, the way it persists itself in autostart is really nasty, and that is not really a security hole that can be fixed. On the other hand, such a script can be written by anyone else too, and it would be useful to show people why you need SELinux on a server, and why verifying the source of downloads (checksums through trusted channels) is necessary.
Technically, it is a nice piece, but should I release it? I don't want to turn the Linux desktop into Windows, hence I'm slightly leaning towards not releasing it. What does your ethics say about releasing such grayware?

Submission + - Common charger for mobile phones coming in the EU (europa.eu)

Submitted by

buchner.johannes

on Monday June 29, 2009 @09:09AM

buchner.johannes writes: "The EU Commission and companies agreed on common charger for mobile phones:

Incompatibility of chargers for mobile phones is a major inconvenience for users and also leads to unnecessary waste. Therefore, the Commission has requested industry to come forward with a voluntary commitment to solve this problem so as to avoid legislation. As a result major producers of mobile phones have agreed to harmonise chargers in the EU.
Discussed before here and here. The text continues:
Industry commits to provide chargers compatibility on the basis of the Micro-USB connector. Once the commitment becomes effective, it will be possible to charge data-enabled mobile phones from any charger compatible with the common specifications.
"

Submission + - Your average disturbance timescale? (jakeapp.com)

Submitted by buchner.johannes on Monday June 29, 2009 @05:52AM

buchner.johannes writes: In your office, your work is disturbed or interrupted on average after (e.g. people walking in, calls, etc.)

— less than 5 minutes
— less than 15 minutes
— less than 30 minutes
— less than 2 hours
— more than 2 hours
— depends on how fast slashdot throws out stories

Submission + - Jake looking for developers (jakeapp.com)

Submitted by

buchner.johannes

on Saturday June 06, 2009 @04:55PM

buchner.johannes writes: "Jake is the new kid on the block for team collaboration. Developed by students in Vienna, this serverless, open-source, cross-platform versioning tool is aimed for non-developers. What makes Jake unique is that the communication is done over XMPP, and that the look-and-feel is very native (unlike most Java apps).
We turn to Slashdot as we look for developers interested in picking up the work, forking it, contributing or reusing concepts in other projects. Slashdot already discussed the need for a painless, easy-to-use tool once. About Jake shows a small comparison to other tools."

Submission + - FSF announces High Priority Free Software Projects

Submitted by buchner.johannes on Monday October 06, 2008 @07:23PM

buchner.johannes writes: FSF announced a list of eleven "High Priority Free Software Projects", which they think are important to the acceptance of free software.

Submission + - Bittorrent reverse hash database (tuwien.ac.at)

Submitted by

buchner.johannes

on Wednesday September 12, 2007 @10:45AM

buchner.johannes writes: "Story at: http://twoday.tuwien.ac.at/jo/stories/305252/
This is probably the first reverse hash database for torrent files.

When watching torrent traffic as an network administrator, you might want to know if the data is legal and complies to your policies.
On the other hand, if you see a torrent loading in your network as a user, if you know what it is, it might be _very_ interesting to join it, as the speed can be expected to be very high.
Database at: http://stud4.tuwien.ac.at/~e0625457/bittorrent/hostedsummary.html"

Slashdot Top Deals