The Federal Communications Commission on Friday ruled 3-2 against Comcast and declared that it overstepped its network management authority by blocking BitTorrent peer to peer traffic. This is the first official ruling on major network shaping and throttling by the FCC. While it did not fine Comcast, it clearly defines boundaries and sends the message that the FCC enforces network neutrality principles. This also paves the way for future action against ISP's by the FCC. The formal cease and desist order also forces Comcast to disclose to customers how it manages its network. I see this as a major victory for the Electronic Frontier Foundation.

Today Adobe systems made an announcement that it has provided technology and information to Google and Yahoo! to help the two search engine rivals index Shockwave Flash (SWF) file formats. According to the company, this will provide more relevant search rankings of the millions pieces of flash content. Until now, developers had to implement workarounds for exposing text content using in Flash to search engine spiders and other bots such as using XHTML data providers. While the flash content is exposed, it is not yet clear how it will be utilized by the search engines as they have not revealed their algorithms. The SWF specification is openly published here.

Microsoft has announced they are planning to have an open workshop for developers interested in their adoption of the OASIS Open Document Format (ODF). Microsoft has recently announced support for ODF in the next service pack for Office (SP2 for Office 2007, expected to be released in the first half of 2009). In conjunction with this announcement, they would like to invite all members of the OASIS OpenDocument Format TC and subcommittees to a 1-day DII workshop on how Office will support ODF. The workshop will take place on Wednesday, July 30, 2008 in Redmond, Washington.

As reported by the BBC, Microsoft has drawn the ire of the European Union who have levied a fine against the Redmond Software giant for $1.4 billion USD (originally 899m Euros). The fine is based upon Microsoft defying sanctions imposed on it for anti-competitive behavior. Microsoft must now pay after a ruling it failed to comply with a 2004 ruling that it abused its position.

As Reported by Andy Upgrove, "the Wall Street Journal and Information Week reported this morning that EU regulators have announced a third investigation into Microsoft's conduct on the desktop. This latest action demonstrates that while the EU has settled the case against Microsoft that ran for almost a decade, it remains as suspicious as ever regarding the software vendor's conduct, notwithstanding Microsoft's less combative stance in recent years. The news can be found in a story reported by Charles Forelle bylined in Brussells this morning. According to the Journal, the investigation will focus on whether Microsoft "violated antitrust laws during a struggle last year to ratify its Office software file format as an international standard." The article also says that the regulators are "stepping up scrutiny of the issue." The Journal cites the following as the type of activity it will look into."

It is official. As Jim King himself blogged today, Adobe has received word that the Ballot for approval of PDF 1.7 to become the ISO 32000 Standard (DIS) has passed by a vote of 13 yes votes and only 1 negative. The report breaks down as follows:

Countries voting positive with no comments: Australia, Bulgaria, China, Japan, Poland, South Africa, Spain, Sweden, Ukraine. (9) Countries voting positive with comments: UK (13), USA (125), Germany (11), Switzerland (19). (4) Countries voting negative with comments: France (37). (1) Countries abstaining: Italy, Russia (2)

Total votes cast 14. 2/3's majority is required to pass so it was a large margin of victory (93%). For more information on the latest developments, check on this page:

http://www.adobe.com/devnet/pdf/pdf_reference.html

I have become concerned over the last few years of the growing tendency for Wikipedia to censor or delete information they make a sole determination is irrelevant. I have always been a fan of Wikipedia in general, but feel that someone needs to stand up and state clearly that the Emperor has no clothes on. Wikipedia is a volunteer driven organization and there are lots of good editors however there seems to be a vast discrepancy towards content. Lately, there seem to be incidents where editors are acting like dictators. The reason I feel compelled to write this is the latest series of incident that has been brought to my attention, all detailed below with references. I encourage you to read these and contribute to this conversation.

(full story at http://technoracle.blogspot.com/2007/08/has-wikipedia-been-hijacked_16.html)

Adobe announced it will release the entire PDF specification (current version 1.7 at http://my.adobe.acrobat.com/pdfconversations) to the International Standards Organization (ISO) via AIIM. PDF has reached a point in it's maturity cycle where maintaining it in an open standards manner is the next logical step in evolution. Not only does this reinforce Adobe's commitment to open standards (see also my earlier blog on the release of flash runtime code to the Tamarin open source project at Sourceforge), but it demonstrates that open standards and open source strategies are really becoming a mainstream concept in the software industry.

This is a post made by David Mendels that inspired me to get this message out. I too have noticed that a few people Still perceive Flash as a proprietary technology. If you are one of those, read this then ask yourself the two questions at the end. I had a completely different view of Flash before Adobe and Macromedia merged. David writes: (Some basic points)

1. The Flash programming language (ActionScript) is 100% ECMASCript, a standard with multiple implementations and is open. You can script using ActionScript with a plain old text editor.
2. The internal Flash Player VM, "Tamarin" is an open source project run by the Mozilla foundation (donated by Adobe).
3. The Flash file format, *.SWF is a published format.
4. The Adobe Flash Player (the reference implementation) is free. So are several others like the Gnash player.
5. The Flash Player is available on Mac, Windows, Linux, Playstation, Nintendo Wii, Symbion, and many other platforms.
6. An SDK for building, compiling, debugging Flash applications is available for free on Mac, Windows and Linux
7. There are over 100 third party, free, commercial, open source and closed source products that produce, edit, generate, and otherwise manipilate Flash files, Flash Video files, etc.
8. There is a very active Open Source community around the Flash runtime. For better or worse (I do work for Adobe -;) many many people take full advantage of the Flash Player without using any commercial products from Adobe (or anyone belse). See http://www.osflash.org/ to get a good view of this.
9. Flash itself makes use of several standards such as JPG, AVI, GIF and PNG's as outlined here.

There are numerous web based services (You Tube, BrightCove, etc) that convert to, host, deliver Flash Video without requiring the purchase or use of any commercial or proprietary technology.

Now, all that said, the Flash Player as a whole is not open source. There are a number of reasons for this, at least as of today. 2 primary reasons come to mind right now, but these are not immutable:

i. The desire to avoid bifurcation. Right now one can produce a SWF from any one of many tools/servers/services from many vendors and be 100% confident it will run across platform and across browsers. We experienced the impact of multiple slightly (or largely) incompatible implementations of HTML/JS browsers and of JVMs and both had a major impact to slow innovation and usage. One of the things our customers (developers/desginers/publishers) have told is us not to screw up the compatibility and ubiquity that have been the hallmark of Flash since day 1. ii. There are technologies in the Flash Player for which we do not own the IP or the rights to open source it, for example, we have licensed our MP3 codec.

There is one more area where we are arguably not "open". This relates to our licensing strategy on non-PC devices (eg Cell Phones). On these devices, we do license the Flash Player for a royalty to device manufacturers and telco operators. It is still free from an end-user and developer perspective, but there are a lot of costs associated with these integrations.

(...)

My experience is that when people say they want "open", there are usually 3 or 4 things they really want or need:

* No lock in. They don't want adopt a technology that they may get "blackmailed" to pay money for in the future. I think we have addressed this fairly well by making the Flash Player and SDK free.

* Integration. They want the technology stack they work with to work with the rest of their stack and tool chain. This requires appropriate use of standards (eg. we support XML over HTTP, Web Services, ECMAScript, CSS, integration with multiple IDE and Source Code management systems, etc) and well crafted and well documented APIs. I think we have this area covered too, but I'd like to hear about concerns.

* Leverage existing skills. By using standards, one does not get locked into skills that can not be found generally in the market and that will be obsolete in the near term. This is why we standardized on ECMAScript. This is why we have an Eclipse based tool. This is why we enable development with a purely ASCII text format to fit into other systems. This is why we leveraged CSS in the Flex framework, etc. I think we have this covered too, but I'd love to hear your thoughts.

* Ability to fix bugs/issues without depending on a vendor. From a tool chain perspective, one can choose to work in an entirely open source toolchain for the creation of SWFs, so this is covered. From the runtime perspective, this is arguably a barrier. That said, I don't hear a lot of folks who have actual concerns about our "stewardship" of the Flash Player in this regard. I'd love to have your perspecitve.

Questions for the public:

* What does "Open Flash" actually mean to you? Have we done a good job of balancing the interests of implementers and developers without hindering innovation?

* What specific problem(s) does "Open Flash" solve that are not addressed by our current "openness"

For those of you who love a challenge, Adobe has sponsored a whopper. The Semaphore art project in San Jose is where art meets technology. Four large round glyphs rotate their position every 7.2 seconds while a simultaneous low power radio broadcast emits a coded message. Artist Ben Rubin's mind shred's message seems to follow a pattern. Each broadcast segment contains an audible analog tone, an audible analog pattern, followed by a string-integer hash. Several items vary during the broadcast including the tone of the woman's voice as she speaks the integers. The tones also change.

Here is a pattern:

Tone, dot pattern, click(ping), string, integer, ping

Here are some general observations that might help those trying to decode it. I also want to state that while I do work for Adobe, I have in no way had any internal knowledge of this project nor do I have any keys to the answer.

Background:

Semaphore is an ancient flag based signaling system. A person holds two flags and uses one rotational angle to act as a key while using a second flag to indicate a specific value. The comparison to the rotating glyphs cannot be ignored.

1. What is the significance of the glyphs changing position every 7.2 seconds? This could be a key or it could be incidental to the entire exercise. I would suspect that due to its' precise timing, it is a key.

2. Ben Rubin's education should probably be factored in. There are no details of him ever studying cryptographic techniques. Accordingly, I would presume the cypher's key to be less complex than Rinjdael's (AES) et al. I did find his master's thesis entitled "Constraint based cinematic editing" which may be a clue into his mind.

3.What possible significance does the tone of the woman's voice have? It seems to speak in two tones - one about one octave higher than the other. It this significant of some kind of logic gate?

4. What are the string-integer pairs. Here is an example:
India 02
Kilo 08
Echo 06
Delta 01
Charlie 05
Mike 03
Mike 14
Echo 06
Delta 04
Delta 04 (note repeat)
India 02
Kilo 08
Echo 06
Delta 01
Charlie 05
Mike 03
India 02
Delta 15
Delta 04
Mike 14
Alpha 10
Delta 04
Delta 04
Alpha 10
Charlie 16
Delta 15
India 02
Delta 15
Delta 04
Mike 14
Alpha 10
Delta 04
Delta 04
Alpha 10
Charlie 16
Delta 15
Delta 01
Pumpkin 02 ??
Kilo 03
November 04
Charlie 11
Charlie 16
Lima 03
Echo 06
.....

Note the pattern repeats certain characters (Delta 04's seem popular). There are alsio patterns of repetition that seem to repeat above a statistically normal basis. Based on this I would aver that the answer is a value of text. The same values suggest double letter combinations in the resulting text (example = Challenge has two "ll"'s)

While the Semaphore Flag code uses only 9 positions, note that the numeric values scale much higher. Could this be a revision of the code based on some key (7.2) to reflect the glyphs ability to provide a more precise rotational index? I did not encounter any numeric value over 16 while listening.

The Semaphore art uses the NATO phonetic alphabet.

A: Alpha
B: Bravo
C: Charlie
D: Delta
E: Echo
F: Foxtrot
G: Golf
H: Hotel
I: India
J: Juliet
K: Kilo
L: Lima
M: Mike
N: November
O: Oscar
P: Papa
Q: Quebec
R: Romeo
S: Sierra
T: Tango
U: Uniform
V: Victor
W: Whiskey
X: X-ray
Y: Yankee
Z: Zulu

Note that "Pumpkin" is not actually part of the phonetic alphabet. Perhaps I heard it wrong.

Good luck - anyone with Theories, please post them back to this blog. Maybe we can get lucky....

In a surprise move, Microsoft is bending to pressure from governments and will sponsor an open source project to build tools that enable conversion between its Open XML formats in Office 2007 and OpenDocument (ODF). The forthcoming Office suite will also support an add-in for saving directly to ODF.

A recent story on CNET discusses the US Senate proposal that "Web site operators posting sexually explicit information must slap warning labels on their pages or face prison terms of up to five years." Senator Conrad Burns goes on to declare that "This will protect children from accidentally typing in the wrong address and immediately viewing indecent material,". I find this is once again highly flawed logic. First - without a globally agreed upon consensus on what constitutes "sexually explicit information", there is no metric for such labeling. Will the labels include sites that include educational materials about how human reproductivity works? Is the goal to create a system of mandatory ignorance for the masses resulting in more unwanted pregnancies and STD's? Secondly, how in the world are warning labels going to prevent someone from making typing mistakes? Once again, the government seems to be jumping the gun. Perhaps their time may be better spent educating themselves and parents about watching what their children do on the internet?

Early rebuff to Gartner's use of the term SOA 2.0 seems to be gathering significant steam on both a grassroots and mainstream level. Several bloggers shared similar comments that the "SOA 2.0" term/buzzword was not something the tech community should just lie down and take. A resulting petition - SOA 2.0 - No Thanks! reflects the "Stop the Madness" feeling. While only 70 or so people have signed it as of today, the names on the list are notable with respect to SOA. The main complaint with the term is that other than the OASIS Reference Model for SOA, there appears to be little metric for defining SOA at all.

A new week, a new Buzzword. This time it is different - "SOA 2.0" is a version qualified buzzword that makes people finally speak out! I have observed a really cool phenomena - normally, when someone comes out with a new buzzword that doesn't really have any substance, most people merely complain quietly and go about their business. With certain components going public with their term "SOA 2.0", the collective disgust seems to have finally reached the tipping point where people can no longer keep quiet. This list is a compilation of my favorites so far.

SOA 2.0 Ignorance: http://markclittle.blogspot.com/2006/05/soa-20-ignorance.html

What are they smoking and where can I buy some: http://www.mac-kenzie.net/blog/2006/05/24/soa-20-what-are-they-smoking/

SOA 2.0 - stop the madness: http://www.mwdadvisors.com/blog/2006/05/soa-20-stop-madness.html

OH NO - SOA 2.0: http://jroller.com/page/dancres?entry=oh_no_soa_2_0

http://sw.deri.org/~juan/weblog/?p=242

http://mult.ifario.us/articles/2006/05/24/soa-2-0-mud-in-the-mud-puddle h

http://www.thedatafarm.com/blog/PermaLink.aspx?guid=cfb38e60-5c9c-4670-8c36-ae36f114e075

IT folks out of control: http://voelterblog.blogspot.com/2006/05/it-folks-out-of-control.html

http://data-entry-business.blograzor.com/52352/

I can only summarize the term "SOA 2.0" like this - "The fan just got hit big time"!

I cannot believe this is happening. I met up with Mark Little at Java One and he told me some people are actually starting to talk about "SOA 2.0". The German language has the only words for this - "einfach unglaublich". Roughly translated it means "utterly unbelievable".

Now Mark is a very smart guy - I work with him on many Web Services standards bodies where he provides great value. I have never seen him get really upset about anything before I saw this blog entry. This should be a testament to how absurd the concept of SOA 2.0 is.

As Mark correctly points out, you cannot take some half baked marketing term and milk it for another few miles by sticking a version number at the end of it. This appears to be nothing more than a scam to keep people coming back for more information. People - they are making it up!!! You are being lead down the wrong path. I can see it in my head:

Analyst: "SOA is the answer to anything. Even if you don't know the question. Too bad I can't tell you what it is exactly but if you listen to me, maybe you can do it someday."

Customer: "Actually, I think I figured it out. It is a model for software architecture."

Analyst: (Thinks silently - "Dang - they're on to me. What should I do??")

Analyst: " Very well, I think now you are ready for SOA 2.0".

Please note I am not just picking on analysts - they are just the easiest target in this case ;-)

On Mark's blog, he notes that Steve says Web 2.0 it is a mix of EDA and SOA. Bullocks! All SOA is event driven. How can you have a service that does something if there is no notion of an event (trigger) in the architecture? I suppose if you just built it and it sat there doing absolutely nothing but even then it would be event driven since doing nothing is what it should do in the absence of any events. Can anyone provide an example of SOA that is NOT event driven?

A group of people (over 200 members and observers to be precise) got together out of disgust for lack of clarity around SOA and put together a Reference Model to clarify what is meant by the term. Being largely end users, they asked all the right questions. If SOA is architecture, as the name implies, how do we express it as architecture or some architectural artifact? How is it different from other interface based designs? Does it have a right to exist as a term (*read - does it have any substance or is it pure marketing hype)?

These people wrote a Reference Model which defines an architectural paradigm for organizing and using resources under different domains. The Reference Model is not architecture per se, it merely notes the main concepts, at a completely abstract level, for the entities which consistently appear within service oriented domains.

SOA Definitions - There's enough for one per person.

Given the current Wikipedia definition and the OASIS Reference Model for SOA, it appears that SOA is something we all have probably been doing for a long time. Even Starbucks implements the OASIS Model. Service provides for their Services (they provide caffienated beverages to customers) use visibility (signs, advertising) to let others know the services are available. There is an interaction model (money for coffee) that uses a behavior model (pay first, coffee later) to provide the service. There is a service description (like WSDL for customers) and a fabric they attach to to allow service consumers to interact with the service. WS-* is the same. This really makes me wonder when I see quotes stating things like "over 60% of all companies hope to be doing SOA by 2007". Even some smart IBM'ers have been skeptical of peoples claims to be "doing SOA". Given they also have at least established a metric for SOA, they are IMO entitled to talk about it. For someone who starts this sort of a conversation without using a *useful and measure-able" definition of SOA is, cannot be held in high esteem.

The OASIS Reference Model for SOA does not purport to be the one and only true definition of SOA. It is simply a model that is a stick in the mud (or FUD in this case). Even if you do not agree with it, it represents a non-proprietary definition which you can use as a point of reference to state where your definition differs. Someone can easily state "When I say SOA, I differ from the OASIS Reference Model in the following ways..... [insert your POV here]".

Summary

Mark is a smart guy, beware of people selling anything undefined with a 2.0 extension and if your "doing SOA", be careful and don't forget to use Starbucks products.

I was recently amused by reading a blog of a group who apparently defeated PDF's DRM system by using GMail's "convert to HTML" option. I nearly fell off my chair when I read the claim " (it) works regardless of the files usage restrictions..". Yes - under certain circumstances you can gain access to text or other components of a PDF document that has policy protection on it, but *only* if the person applying the policies set the policies to allow this type of access AND does not encrypt the PDF. Keep in mind that PDF is a completely free, open and available standard that anyone can implement. There are several third party SDK's to manipulate PDF documents. Before you read the blog above, it is extremely helpful to understand how the encryption and DRM mechanisms work.

In general, if you do not want someone other than the intended recipient to view a PDF, you should encrypt it. By default, the encryption level for compatibility with Acrobat 5.0 and later is 128bit RC4. Encryptinng the contents of a PDF with a strong key results in a situation where there is no way gmail or any other application can crack it open by brute force. The PDF is turned into cipher text that is completely incomprehensible to anyone without the key to open it. I am so certain of this that I will provide $500 USD to the first person who can open this document within one year.

A person encrypting a PDF document has several options. First, you can determine the compatibility for earlier versions of Acrobat (5 , 6) or jump straight to Acrobat 7.0 and higher. If you select to encrypt it for Acrobat 7, the default level encryption method is AES, much harder (read = impossible) to crack using brute force.

You can also opt to encrypt all the document contents, or leave the metadata unencrypted. This is useful should you want to be able to have the document searchable in real time based on the metadata. Note the lower section of the screenshot above - by default, the box is checked to allow text access to the document. If you leave this selected, some PDF applications can access the text. If you don't want this, please de-select this option. After setting all of the options and pressing next, you will still be given a generic warning that certain non-Adobe products might not enforce this document's policies. Note that if you do not select "require a password to open the document", the usefulness of encrypting it is moot. Others will still not be able to copy the document by using the text copy tool or Control-C, but other means can be employed.

To summarize so far, Acrobat has DRM capabilities to limit the following interactions with documents

• 1. ability to disable printing
• 2. ability to disable cut and paste
• 3. ability to disable control printscreen
• 4. ability to disable local file saving
• 5. ability to disable local file saving
• 6. ability to disable accessibility
• 7. ability to make a document no longer exist

A person must comprehend the frame and scope of the intended use of each of these and their built in restrictions. PDF's are like music - if you can render it once, it is possible to capture it and render it again. Even if we figured out a way to prevent all third party screen scraping software from capturing what you see on a computer screen, someone who both has access to the document for a single view AND intent to distribute it further can simply take adigital photo of their computer screen to circumvent all of these. There is simply no way to stop someone who is intent on doing this using 1-6 above.

Another methodology is available to place a dynamic watermark on the page, perhaps stating the users name and address in bold gray text across the document. This too can be defeated if one took a screen shot of the document and used a great tool like ... err "Adobe Photoshop" to take care of that nasty watermark. I am guessing the magic wand tool is your best friend here ;-)

So how can you protect a PDF? If you really want to make it secure and also track the users interaction with it, you would be wise to use Adobe Policy Server. The policy server uses a model of persistent DRM that follows the document everywhere it goes. If you feel the document is out of control and you want to stop it, you can simply "destroy" the document which will cause it to fail to un-encrypt itself when someone opens it. Is there a way around that? Sure - sneak into the office of the person who made the policy, install a tiny pinhole camera near their desk and capture their authentication.

See what I am getting at, no matter what you do, there is a way around it if someone is really intent. The easier method is "social engineering" rather than brute force.

So here is a challenge. Take this document here (link to APS protected document) and try to render it with gmail (or any other method). I will pay $500 USD to the first person who can show me the un-encrypted content of this document within one year of this.

How I would do it? I would probably try to lure myself into providing a password to a site that offered me some form of membership and hope that I was rather lazy and used the same password for this document. D'oh!! Not gonna work - I typed a random phrase of about 13 characters to encrypt this using AES.

Good luck!