Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Last Chance - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Comment Not without privacy laws, open standards... (Score 3, Interesting) 98

I'll open with a (perhaps the only) positive - Good on Apple for releasing the ResearchKit as open source. That said, there are still a LOT of barriers here.

First of all, while ResearchKit is open source, it is still predicated on iPhone sensors and the like, so in this way it is proprietary. Now, perhaps with time and effort it can be expanded to allow the same sort of thing to be done on Android devices, but as of right now it is effectively proprietary. However, this leads into a bigger issue: Standardization AND privacy for health data and metrics.

Right now we have a horrible platform when it comes to medical data and privacy. Despite HIPAA and the mandate to move to electronic medical records, these were horrible half measures that in many ways did more harm than good by not being specific enough. For instance, the idea between EMRs was that any doctor, hospital, pharmacy etc.. should be able to transfer and use data from any other. HA! Fat chance. Why? Because of our old friend that has fouled up accessible quality medical care for years - the unregulated profit motive, and its friend: proprietary lockdown!

EMR systems, even for a small office based practice, cost hundreds of thousands of dollars. We're talking millions for hospitals or other larger centers or networks. And yet, they're all horribly modular and insular. Each EMR has their own proprietary data formats which are incompatible with modules from most other EMRs...or at best, require an expensive format-shifting module. For many physicians, EMRs are more trouble, not less - as they have to deal with tons of incompatible formats and halfassed implementations. I don't even want to get into the ICD-9 > ICD-10 > ICD-11 shift... All these systems do for now is leech money from providers and create a cottage industry of training, upgrades, and modules to sell. It does not improve patient care; at times it can be a threat to it.

The only proper solution will take an act of Congress, sadly. To require a single, completely open, unencumbered, universal, extensible, privacy respecting/encrypted, format for electronic medical records (and all facets thereof, from scheduling, to patient information, notes, etc..) - and then stipulate that all public insurance programs (ie Medicare etc..) will ONLY accept said format. Thus, you can use any EMR provider that you want, but they will all support the universal OpenEMR format. This is the only way to bring the original impetus behind switching to EMRs to fruition. I'd love to see the government mandate that the formats of GNU Health ( https://health.gnu.org/ ), the Free Software EMR would be used as a baseline for required standardization, as well as using a solution used GnuPG to help encrypt said records (patients have public and private keys as do physicians/practitioners, allowing complete control and traceability who has access to protected health info, who's making changes, and when). Until then, we shouldn't expect Apple or anyone else to have a myriad of applications that monitor and ostensibly involve themselves in the patient's health, yet report unknown and unknowable amounts of data in random forms to all sorts of individuals and somehow consider them to be in the best interest of the patient.

The other half of this equation is privacy; sadly something it seems we're losing more and more each day. Patient health data is already hugely mined and monetized; your pharmacy is selling your data to insurance companies and pharmaceutical companies. These same industries are buying your browsing habits and what you search, to try to figure who has X condition that will cost them money. The amount of privacy that a user can give up more or less unknowingly (or cryptically hidden behind innocuous seeming requests and permissions) simply by installing an application for iOS/Android is enormous - expanding this to health any further is a nauseating prospect in my mind. Lets not forget that even when some big name medical center puts their name on an app, they're using all sorts of middleware and third parties (including Apple themselves) to pass that data along, or even to write and manage the updating of the app for them, all of which must be "trusted" not do to the more profitable thing. Some will say "but HIPAA protections...!" Well, consider how many health-monitoring apps today get around those - they are not considered to generate "protected health information".

Simply put, we have bigger problems to deal with first, when it comes to technological healthcare intervention and failure to do so is at the peril of one's privacy and healthcare efficiency and effectiveness. The idea behind ResearchKit, if it wasn't so Apple focused, is good - but the current climate in which it operates is a dangerous swamp. We need a properly reformed healthful environment, conducive to best practices for patient care and privacy. Convenience is important, but it cannot take precedent over the aforementioned.

Comment AMD more FLOSS friendly than most (Score 5, Interesting) 88

Perhaps you're an AC trolling, but in case someone is actually interested in a reply, it doesn't seem that you're giving AMD nearly enough credit.

Now, I grant that Intel has a great policy when it comes to providing driver components, being open sourced For those who aren't going to use their GPU for anything more intensive than watching media, an Intel integrated GPU is probably sufficient. However, given that Intel's GPUs are orders of magnitude weaker than discrete modern GPUs, those who wish to use graphically intensive creative software, use GPU-preferred workflows for certain tasks (ie crypto-currency mining, video encoding, anything with OpenCL etc..), or just plain wish to play modern 3D games, Intel's hardware is likely insufficient.

Thus, users have the choice between AMD and Nvidia, and of the two AMD is MUCH more free software / open source friendly, as well as overall more ethically aligned than its competitor. To answer your question, especially if you're not gaming, you do not need a binary blob to have a working AMD GPU on Linux. The open source "ati" driver has been honed over the last few years to the point that for many it provides not only great 2D performance and support for video acceleration, but a bit of 3D as well. Yes, they offer the binary "Catalyst" driver as an option (which supports pretty much all the high end 3D acceleration that someone purchases a discrete GPU to use) so if you're going to be gaming and doing intense 3D work it is a better choice, but - aforementioned open source driver is always available.

AMD has actually gone out of their way to embrace open source and the Linux community. . Much of the bias against AMD is left over from ATI's disastrous drivers (even proprietary) back in the day. They knew they had a lot of ground to make up in Linux performance (not necessarily openess...) when they acquired ATI, and its pretty impressive how they've managed to catch up to Nvidia. Subsequently, they put lots of emphasis on contributing to the FOSS driver projects. They aren't keeping Catalyst proprietary so far simply because they're evil, but because of patents and other tech licensed to third parties that go back years. In their overall business plan, they clearly favor openness compared to Nvidia. Where NV creates proprietary implementations and engines like their G-Sync monitors and the frustrating presence of PhysX in gaming, AMD champions open standards and projects such as FreeSync, OpenCL, and Vulkan.

In fact, the release of AMDGPU and in fact their entire unified driver plan leads to more openness. As the article notes, this will mean that the vast majority of AMD's GPU driver components will be completely free software.! Where Catalyst used to be a completely different animal in every way, now it will only be just an additional binary component that can be added. This is one reason why it is being written with the next generation of hardware in mind (though it may be partially compatible with some current cards); they need to have some entirely new hardware etc....that doesn't require certain patented/licensed tech. This is a great advance for openness as well as driver quality. While it would be great if they were able to instantly fully open the entire Catalyst driver stack, one would be remiss to not see the current path as progress.

  While I can only speak from personal experience (and I've owned both Nvidia and AMD GPUs. At current, I'm using an AMD 290x), running an AMD GPU under Linux is viable. Sure, there are issues that can arise same as dealing with any other non-kernel-included Linux driver. If you want to stay entirely Free Software, there is a FLOSS driver that will likely work well unless you plan to use a lot of 3D or OpenCL etc. If you want 3D acceleration and you're willing to go binary, Catalyst is an option. In the future, the openness, compatibility, performance, and ease of use will likely increase with AMD's unified driver plan we're reading about here. AMD is far from perfect, but they do seem to be interested in making FLOSS a part of their future, along with a whole slew of open technologies.

Comment Re:Groupware? (Score 3, Interesting) 15

Though some consider it an antiquated term in the days of social media, "groupware" typically refers to integrative software for enabling / scheduling communication and collaboration, typically client/server based and often in business settings. Email and instant messaging, calendar and task assignment/scheduling/reminders, PIM / address book, file sharing, sync etc... that all work together are typically involved in groupware solutions. Novell GroupWise, Outlook / Exchange, Zimbra, Google Mail / Apps for business etc... are some of the big names people recognize and offer different levels of support and solutions.

There are also several FLOSS a projects that fall into this category, with Kolab being one that is well integrated and supported.

Comment MEGA vs SpiderOak? MEGA targeted b/c of history! (Score 1) 136

Everyone wanting to comment on this decision should read the TorrentFreak article - https://torrentfreak.com/under... - as it seems to have the most information. Many typical sites and blogspam make it act as though PayPal did this through its own volition, when it is really the case of the US Gov't and financial services (banks, payment processors) who put pressure on PayPal - in this case, the US Gov't is acting as the enforcer for the Entertainment industry (MPAA/RIAA etc.) , further evidence of governments being little more than tools for wealthy private interests. . This is much the same thing that happened to donations to WikiLeaks and a large amount of other advocacy and privacy related groups; despicable though it is. Its a horrid, unjust practice that shows yet that many governments, and the corporate and financial cartels that pull their puppet strings, are completely in opposition to the public good.

That said, I think it is an interesting quandary that MEGA's encryption seems to be the focal point here; I'm not sure this is the issue. After all, there are other services that are not on the end of this rebuke that offer "zero knowledge" encryption, where the user's keys are not held by the "cloud" business. For instance, SpiderOak - isn't its encryption protocol very similar to MEGAs? Both services are cloud storage providers that are homed in US and/or Five Eyes nations (so it isn't like they're being targeted for being in a non-compliant jurisdiction like Switzerland, the Seychelles, Hong Kong etc.), have client-side exclusive encryption/decryption purportedly, so any encrypted files server side should in theory not be accessible, while neither of them are completely Free Software, both offer some open source (it seems that SpiderOak has been more transparent than MEGA from my inspection). ? If anyone knows of detailed technical reasons why one would be more secure/private than the other, I'd be interested to know, but they both seem to have similar status.

So why go after MEGA and leave SpiderOak alone? I think the reason here is purely political, not encryption related. For instance, if you look at the document that prompted this, it is regarding "evil, evil piracy cyber-locker" services. You won't see Dropbox, Google Drive, Microsoft, Box, or SpiderOak listed. Why? because these are the "good guys", made for individual back up and syncing. Sure, they may have some sharing features, affiliates, and may or may not offer anonymity/guest services but this isn't their focus. On the other hand there are the "sleasy file locker types", RapidShare, FileGator, Netload, and hundreds of others...including Kim Dotcom's now defunct MegaUpload - one of the largest of its type during its reign. These services are, rightly and wrongly depending on particular services, characterized as for facilitating piracy and having monetization strategies that are often sleazy, such as pay-per-download/upload, reselling of premium accounts, click through, spam, and even porn and malware ad networks set up as gateways. This is probably the crux of the issue.

  As the Torrent Freak article notes, MEGA is listed next to a bunch of these file-locker services. This is likely not because of its encryption or other technical features, but because of its name/marketing/history of" Mega Upload" that came before, regardless of how different the current MEGA site may be. This is even more likely because the one who comprised the report that caused the gov't to act - "Digital Citizens Alliance and Netnames" - are already heavily biased towards anything that in their eyes, enables piracy and/or any of the other behaviors online that threaten the hegemony of their masters. Thus, those "legit" appearing "cloud sites" are the good guys, where the "evil piracy producing file lockers" are the bad guys, and because of MEGA's links, no matter how tenuous, they've been improperly dropped into the second category.

Comment Hopefully will be FLOSS, Oculus compatible (Score 3, Insightful) 48

It is exciting to see Valve putting effort into VR, but I hope that their implementation does not contribute to fragmentation of this nascent technology.

Ever since the early stages of Oculus awakened the tech community's interest in VR again, suggesting that the economic and technological necessities have converged to provide "good enough, cheap enough" consumer VR, there have been many "also-rans" putting forth their own, similar plans. From Sony's Playstation visor project to tons of indie developers, there are tons of interested parties trying to make their VR product into a market leader. Considering that overall many of these projects are proprietary in nature, it could ultimately lead to fragmentation - a major threat as the consumer VR landscape unfolds. Tons of different, often incompatible hardware and software offerings each trying to lock down their little niche could ultimately threaten the widespread adoption of the technology.

With this in mind, I hope Valve is going forward as not just another (admittedly, well heeled) company making their own paradigm, but are planning an open, compatible implementation. I'll certainly give them the chance to prove it, as I think many others will - Valve has been willing to strike a blow for openness and long term growth in ways that others in the industry wouldn't dream of (ie SteamOS, Steam for Linux etc...), so it certainly seems to be a step in the right direction for Valve to a SteamVR platform in an open manner. Allowing developers who want to integrate with or launch products on Steam to be able to freely implement seamless VR support sounds like a great benefit.

  However, there are still questions of licensing and how SteamVR hardware and software will fit in the larger picture. For instance, Valve is launching a SteamVR dev kit that includes hardware. That's great. However, we don't yet know if the SDK will play nice with third party hardware, such as the Oculus Rift itself. Likewise, on the software side, will the majority of it be FLOSS licensed and platform independent? The best case scenario comes to Valve joining with those like OSVR (www.osvr.com), for instance, who have already seen the threat of fragmentation and are acting against it.. Logically, joining with this sort of industry group would seem to be a win for Valve, as it would mean SteamVR being poised for adoption well beyond its own sphere. However, Valve could certainly have reasons for wanting to go it alone, worrisome as they may be from an outside perspective.

We're on the cusp of bringing affordable, enjoyable VR tech to developers and consumers alike, but this adoption could be threatened without enough openness. This is not a development that is going to give way into a clear market leader who then gets the entire ecosystem to themselves and we should not put up with those who try to make it so. Users and developers should ideally be able to use any hardware of sufficient specs with compatible, FLOSS drivers and software. Hopefully Valve is aware of this and will make SteamVR as open as possible.

Comment Better ideas - RISUG aka "VasalGel" (Score 1) 369

While it is nice to see continued research along these avenues, I feel that methodology that require us to alter internal, chemical bodily functions via some sort are going to have pretty considerable side effects. Even after more than a half-century of research, we've still not been able to create female chemical/hormonal birth control that doesn't have significant side effects and trade offs. While many women put up with the side effects, which can range from lack of libido, depression, weight gain, acne, mood swings, to rarely more serious cardiovascular issues and other dangers, it is far from a simple choice. Best outcomes often require a knowledgeable and caring physician to tweak and find out what particular product works best for a given woman's individual chemistry.

  Keep in mind that all of these issues come from more or less, attempting to safely replicate a very natural part of a woman's reproductive cycle: pregnancy. Men have no such natural state of post-pubescent infertility, which makes it even more difficult to find a solution for for male birth control that comes in a pill. Thus, lot of attempts that seem promising end up failing thanks to the domino effect of messing with hormones that do more than one thing. As we become more technologically advanced the possibility of compiling a "custom" compound with less interaction outside the desired sphere is more likely, but as the article mentions this is still a long, long way from being deemed safe and effective in humans, especially over the long term. However, there is a much better male birth control solution that is going through trials in the US and Europe: VasalGel

VasalGel is a trade name for a well known process that has gone through more than 20 years of human trials in India: RISUG. RISUG is basically a significantly upgraded, reversible vasectomy. The process begins by injecting an inexpensive, safe polymer into the vas deferens (the same tubes cut/blocked in the case of male sterilization) . This polymer occludes, but does not totally block the flow of sperm, which is a major improvement as it avoids the side effects found in both "open" (ie sperm dripping into surrounding tissues, causing sperm granulomas and training the immune system to attack said sperm, a possible cause of failed vasectomy reversal) and "closed" (ie epididimitis, "blowout", reduced overall production and more) vasectomies. As the sperm pass through they touch the polymer which in essence denatures them, robbing them of the chemical charge they need for viability. Those that aren't immediately destroyed still lose their viability to penetrate the ovum and fertilize, breaking down long before All sperm fragments are reabsorbed by the body and it doesn't seem to limit quality or quantity of future sperm production. There are long human trials in India, where men had the same RISUG polymer placed for in excess of a decade without any issues and with continued effectiveness! Furthermore, the process is safely reversible over 98% of the time. Another injection, this time of a a complimentary safe agent, dissolves the polymer and returns the vas deferns to pristine condition, allowing reproduction.

This method allows men to take control of their reproduction in a safe, long term, convenient way that I think will be very alluring to many. By putting effort into such a localized effect, it means there is unlikely to be the sort of side effects that can happen when you're trying to mess with hormones, attach things to certain receptors and more. The Indian trials have been successful indeed and similar methods have been investigated in other nations. So why don't we have this procedure available to us now? Well, the answer as you might expect: Money. It isn't exactly profitable to provide a man one injection that will prevent pregnancy every 10 years. Consider that in the US, female IUDs that are much more comfortable, newer, and have lesser side effects aren't available for a similar reason: despite their existence in Europe, they don't wish to spend the funds for FDA approval for something likely non-patented. Drug companies haven't been enthralled to bring a competitor to market for all their hormonal daily/weekly/monthly devices, and a product like I describe here if proves viable, could mean the ability for many women to give up their current means of birth control. Even more so, in that there is investigation into a female formulation that does the same thing to the ovum in the fallopian tubes as RISUG does for men.

However, there is hope! A non profit called the Parsemus Foundation intends to bring the RISUG process to the US and get it FDA approved! They will be reformulating the polymer itself when possible, for maximum safety and easy of progressing through the varying trial stages, and giving it the trade name VasalGel They've already had several major animal studies (rabbit, baboon) and are making considerable progress for their shoestring budget. If you're like to learn more about VasalGel, feel free to check out their website; they're also working on a handful of other novel reproductive projects. Oh, and it is important to note that some of their developments haven't been updated on the website proper, but were conveyed via social media (ie links to the rabbit/baboon studies to be journal published) and email lists; this reminds me to write them again to ask about updating the site with some newer developments.


Signing up for their mailing list gets you an occasional email discussing their progress and more. While they do ask for donations (I personally have donated as I find it a worthy cause) they certainly don't spam you. Small scale human trials are scheduled for this very year and many have already expressed interest, but you can do so as well if you are so inclined. VasalGel is a potentially groundbreaking addition to contraception and I hope to see human trials begin here in the US soon.

Comment Bad idea - All negatives for Valve, for users. (Score 1) 216

I think this is a significant misstep for Valve. There is zero realistic expectation it will provide any benefit and it has a huge potential for negative effects. Valve has built Steam into the 800lb gorilla of the digital distribution of games (and now, some software as well), making generally good decisions. However, this is one of their rare blunders that cannot help anyone involved.

Steam thrives due to a multifaceted system of technical and logistical policies that one could consider "open handed" in terms of accessibility. For instance, on the pricing side, Steam's legendary sales were a great component of its success. When developers and publishers alike generally were restrictive with pricing, Steam demonstrated the success when you allow your product to go for a lower price and more than make it up in the volume of sales. Steam also doesn't force any DRM (though they will not oppose if someone else wants to make that bad decision, but at least list it on the game's page), and when they created Steamworks, those who opt to use it for all the multitude of benefits (such as basically not having to code in a separate multiplayer server, account, comm system) find themselves without many restrictions. These kinds of successes have allowed Valve (along with admittedly, a very important third factor: the fact the company is privately owned, so no stockholders and venture capitalists demanding quarterly ROI damn the consequences) to branch out even further technically, such as all their investment in Linux gaming: the Steam for Linux client, SteamOS etc... as well as items like Big Picture Mode. Valve also built the community aspect of Steam in thoughtful ways - a unified account system with sane defaults, loads of community features, and features like achievements,trading cards, unlockable account items (emotes etc.), and the Player Marketplaces. The vast majority of what Steam has become is predicated on open-handed accessibility for all involved.

The decision to censor chat, especially without even noting that anything has been removed, is a significant step backwards and out of character for Valve and Steam. They had to know that when discovered, users would take umbridge at this behavior and much like this very post- becomes negative PR. Valve spent time creating Steam's community system and encouraging people to use it - for chat, video etc... censoring their conversations is antithetical to this end. While there are the usual prohibitions one expects on the public-facing community elements like forums (including warez, porn etc..), when it came to private user-to-user messages or chat rooms, Valve didn't interfere. While some behavior was able to be flagged for report (ie phishing attempts etc) it required action on the part of of those involved in the private message/chat and certainly was not automated. This new development however, is troublesome for doing just that - private user conversations being edited by an algorithm and to the recipient there is no trace the message even existed. Of course, the senders must be instantly aware that a certain block of text did not send as it should.. unless it is even more egregious and similar to "shadowbanning" where the sender sees everything normal, but the recipient doesn't see anything sent at all!

Regardless of personal experience with the policy, many of Steam's users are going to object on philosophical grounds; as well they should! There is no good that comes from this change. We now have a system in place that through automatic filtering eliminates one piece of "problem speech" so there is every indication that others will follow if this is somehow deemed as "success". It seems strange to me to choose to censor mentions of a torrent website, considering that Steam has basically been a major success story in the face of piracy. Steam, HumbleBundle etc... and others who choose a more even, open handed respect for the player and their finances, have been rewarded compared to the other parts of the industry that demand maximum charges and lockdown. Sure, there will always be some piracy, but there are plenty of people who a given title on Steam (especially on sale, or if it is an inexpensive title overall) even when they could pirate it. I personally go out of my way to purchase games that support Linux, which have grown exponentially in recent years thanks in part to Steam having a Linux client/support. Furthermore, not to rehash the entire discussion on piracy, but the vast majority of the time cracked titles don't make use of Steam's servers/assets; even if the game had Steamworks or whatnot, the crackers would replace the Steam calls to a dummy library, so it isn't like cracked players are playing next to purchased ones online.

This is a reason such a change in policy is so puzzling - why summon all sorts of negative PR by intruding into private chats and censoring, when it will have zero positive and likely non-zero negative returns for Valve in terms of piracy. ? I can't expect them to be naive enough to think "Well gee, if kids can't type The Pirate Bay, then they won't know where to pirate and will just turn around and buy whatever they were discussing!" That's asinine. If anything, those users capable/interested in piracy (who, statistics have shown are also the greatest legal consumers of media) may choose to purchase less from Steam as a form of editorial comment on this policy. I hope Steam retracts these changes. While it is understandable to have some community standards for public posting, encouraging people to use your messenger service for private exchanges and moderating/filtering the content thereof , especially in this manner, is not constructive.

Comment Great idea, but some concerns... (Score 1) 108

It seems like OpenBazaar is off to a good start, but there is still a long way to go before users can use it with confidence. Some issues I can think of that the current implementation doesn't yet solve

Privacy/viewability of content between "open" nodes and "darknet" nodes. If OpenBazaar is to be equally for people selling homemade handicrafts and those who want to sell or trade in substances their governments find illicit, its going to be a big issue to have both of them displayed side by side. How do you browse for sellers of what you want and what sort of search algorithm do they have? After all, if "Etsy Jane" goes online and says "Show me all current sellers", and a percentage of what comes up includes the illicit, she's not going to be likely to want to transact on the same site. Likewise, "Silk Road Sam" opens up the marketplace and sees a whole bunch of people who are not there looking for his illicit wares, he's not going to be comfortable selling knowing that any busybody or "do-gooder" could see, call attention to, and otherwise make trouble for him. Unless they go with the very restrictive "You have to know the specific identity of the user or group of users in order to see their sales/buy from them etc.", a la say..RetroShare etc.. this will be a problem. The other option for them to have specific "groups" so to speak - connect to Node X for Y Goods etc.. but this could be a point of failure as well, as whomever manages/monitors "Node X", could be in control and thus vulnerable. Maybe there's something I've not seen yet that deals with these issues, but it is important to facilitate good usage. In a related discussion, there's a big difference between "Accessible optionally to those using TOR" and "Only accessible to TOR or other darknet users". If connecting is only optional, then its possible that clearnet connections could be leveraged to gain more information about obfuscated traders and the like. Ultimately, figuring out who sees WHAT buyers and sellers will be important and what qualifications are deemed necessary, who deems them so, and who manages them. This goes double for the transactions of funds via Bitcoin. If there is not an in-built coin-scrambler, that means its going to be a lot easier to track some transactions than others. I''m not sure that it is good enough to give the people the "option" of better security and privacy - it needs to be mandatory. If this means you HAVE to log in via i2p and/or TOR. So be it. ALL transactions all over the network have to go into a coin-scrambler of some sort etc.. yet it has to be built into real-time transactions, so that it isn't as though there's a big Bitcoin account owned by "the network" where the jumbling takes place, thereby creating a point of failure (who manages this bitcoin account? If it is compromised, everyone loses their coins etc... the same issues with many current darknets etc)

Lets not forget that this platform is going to be targeted - by scammers, by governments and corporate stooges etc. How are you going to deal with bad actors, if this becomes an "ebay" level scale for "normal" users. Darknet users dealing exclusively in illicit goods or those that are unlikely to be sold elsewhere for whatever reason may put up with the chance of scams because its much better than the alternative, but standard users will say "Why should I use this when I can get Buyer Protection from Ebay, Amazon etc.." Yes, "reputation" systems can be built up over time, but Bitcoin doesn't have any sort of "chargeback" system. Imagine the amount of people who could scam, create a new node/identity, scam etc... all without much repercussion if there isn't any authority to provide chargebacks, bannings and the like. Some may say "then only buy from high reputation sellers and vice versa", but that limits the growth of the marketplace because nobody is going to want to transact with newcomers. Either that or scammers will work with their friends/networks and build up "just enough" rep to look legit, before scamming. The other option is to restrict accounts/nodes somehow, and that is incompatible with the privacy issue. The system has to have enough built in security and privacy to withstand the assault of government and corporate stooges as well. There will be undercover operatives, honeypots, and many others out there trying to rend its secrets open.

I'm just not sure how they plan to make something accessible enough for "normal commerce" while also having darknet-level protections for transactions deemed illicit. They absolutely need to have very best security practices in order go up against the threats of scammers, governments and corporate weasels, but I really don't see a way to balance this with ease of use so that anyone can safely go onto OpenBazaar , regardless if they want to buy and sell yarn, videogames, or drugs etc.. and be able to find transactions of interest to them and undertake them with confidence .

Comment A few FOSS, security, usability apps for Android (Score 5, Informative) 167

I tend to gravitate towards FOSS when possible to be used on a rooted, custom Android ROM. Here are a few useful ones I've found...

Note: Most of the following can be found on GooglePlay, in addition to other locations. They may also be on other app marketplaces, but these are those I've confirmed. Sometimes, there is a difference in version number or whatnot between F-Droid, GooglePlay, and an .apk downloaded from a homepage, so be aware.

F-Droid (www.f-droid.org) - a FOSS app marketplace. Not the only place to find FOSS apps, but a great option for any interested uses.

RomToolbox Pro (Google Play) - If you like to tweak, mess around with rooting and custom ROMs, RomToolbox has a great selection of utilities. Not entirely
FOSS, but it is basically a wrapper for a ton of utilities, some of which have source available. The Pro version opens a few new features and supports the platform; generally worthwhile!

Firefox for Android (Google Play) - Mozilla's privacy focused, FOSS browser. Has many of the same great features (add-ons etc..) as on desktop.

GuardianProject apps (www.guardianproject.info) - Lots of great utilities here, including Orbot (TOR for Android) and Orweb (TOR browser bundle for Android so to speak, based on Orbot and Firefox Mobile), ChatSecure (OTR-enabled XMPP client), and more. They also support Ostel.co, a SIP provider with privacy in mind.

Antox (www.tox.im) - Android version of the FOSS "Skype alternative, but secure" TOX project

OpenWhisperSystems apps (www.whispersystems.org) - TextSecure and RedPhone are FOSS, encrypted SMS (and other text messaging) and mobile dialing apps respectively. If talking to a fellow user of the program, it automatically negotiates a secure connection, yet they still both work to send common texts and calls. Using them as your main apps still have some benefits (ie such as TextSecure taking both text and pictures you receive and storing them in an encrypted form on arrival). Note - TextSecure is new and up to par, RedPhone is a bit sparse and is being completely redone. They also offer Flock (very newly developed), a CardDAV/CalDAV FOSS app that allows you to sync contacts, calendars and more. Pay a couple a bucks and user their servers, or host your own.

FreeOTP (Google Play) - With Google Authenticator no longer FOSS, this is your new best friend in Android 2-factor Authentication. You can generate and pair lots of different codes; if I remember correctly a RedHat dev wrote/maintains it. Works with all major 2FA standards and has lots of options!

CSipSimple (https://code.google.com/p/csipsimple/) - A ZRTP/OTR supporting SIP client for Android. LinPhone (found on F-Droid) is a good alternative as well.

K9 Mail (F-Droid) - This is a great, full featured Android mail client, that just happens to be FOSS. Plugin system too.

MediaCrush (https://mediacru.sh) - Not really an app per se, but one of my favorite image/media hosting sites around. Works with just about every media format, has an API, clients, and plug-ins for various browsers and platforms. FOSS, if you want to host your own MediaCrush site. Privacy focused too.

KeePass2Android (https://keepass2android.codeplex.com/ and GooglePlay) - A FOSS, full-featured, modern form of the KeePass database software for Android. Works with the newest KeePass 2.x database (.kdbx) styles. There's even an offline-only version if you prefer! Note, this is different from "KeePassDroid", which has less features and limited compatibility with the 2.x database format.

Plumble (F-Droid) - A quality Android client for connecting to Mumble servers (Mumble being the gaming-focused, FOSS VOIP system)

OwnCloud (www.owncloud.org, GooglePlay ) - One of the best FOSS cloud storage options, OwnCloud has an official client for Android. You can compile it yourself, but the pre-compiled version on GooglePlay is $0.99. You will need an OwnCloud server to connect to somewhere, of course. Consider this an alternative to something like Dropbox, Box.net and the like.

OsmAnd (F-Droid) - Maps and navigation using the OpenStreetMap data, for times when you don't want to use Google Maps!

Clover, RedReader (F-Droid) - Ever browse 4chan or other image boards, or read Reddit? Clover (4chan style imageboards) and RedReader (Reddit) are comprehensive FOSS clients for these sites that have extensive features and mobile formatting.

These are just a few general-use, FOSS/privacy focused alternative applications that some may find interesting. Don't be afraid to browse around F-Droid's repository, go to www.prism-break.org, or check around for other applications that could serve you well. If you have a specific interest, you'll likely find an app that relates to it, but especially in these days its important to ensure that the latest shiny doesn't require giving up one's personal information or privacy. At least, it is an important consideration in my eyes.

Comment Major improvements w/ newer OwnCloud versions (Score 2) 275

I don't know how long ago you used OwnCloud, but it may be worth another look. OwnCloud has come onto the scene relatively recently and there have been major quality improvements as the version number increased. What may have been lacking a given feature or feeling kludgy in 4.x, could be replaced by a smooth implementation when 5.x rolls around. The latest OwnCloud 7.x highlights many of its most recent improvements here, for instance - https://owncloud.org/seven/ , some of which seem like they may be beneficial to you use cases. Likewise, improvements to the client apps seem to come almost as swiftly.

It may also be worthwhile to consider using other means to connect aside from the official clients - there are many applications that have integrated support for OwnCloud, and if the clients aren't working out to your liking, enabling say.. WebDAV/CardDAV/CalDAV etc.. and then connecting to these services with whatever best suits your users, can also be a worthwhile endeavor.

For enterprise production use, it doesn't seem like you should be reliant on community forums and documentation, as they have what appears to be subscription enterprise variants and support services, similar to many other high-end FOSS projects.

Now admittedly I've never worked with OwnCloud in a business environment as you describe and it may not be for your needs, but these are just a few things to consider as the software matures.

Comment Only viable if privacy upheld... (Score 1) 142

While I generally support Mozilla's endeavors, as one of the last bastion of noob-to-guru accessible, Free/open source, secure and most important privacy respecting software around, this has me worried. The statement about "Publishers will then be able to collect and use this content for other forms of storytelling and spark ongoing discussions by providing readers with targeted content and notifications." could mean yet another data mining and targeted advertising opportunity, for instance.

The only way I could see any value in this for users is if it adheres to privacy-respecting principles. We've seen a handful of alternatives on the net, such as Disqus, but ultimately these tend to centralize personal information, not much different than 'log in via Facebook, Google etc.." . We don't need any more of this; I give up convenience all the time and create a variety individual site accounts specifically to avoid someone being able to see and profile all the sites upon which I comment.

Now, giving Mozilla the benefit of the doubt, it is possible that this endeavour is built out of their "Persona" project ( https://www.mozilla.org/en-US/... ) , which seems to be the best SSO type option I've seen on the web, at least in theory. It requires only an email address, doesn't disseminate personal information all around the web or allow for site-owners / third parties to mine your data, and what little information that passes through Mozilla is under their privacy policy which is very reasonable. Mozilla has shown in the past, especially with Sync, that there are ways to provide convenience to users while protecting their privacy, so I'd like to think that Persona could very well do the same. However, I am worried that this project, funded by third party grants and media giants, may have other interests in mind. If this is the case, I'd prefer that Mozilla not sully themselves by getting involved.

I suppose time will tell. I can only hope Mozilla has the fortitude to make the decisions that put user intent and privacy before the whinging financial desires of data miners and trackers.

Comment Firefox / Mozilla support privacy, support them! (Score 2) 195

This is yet another reason that I'm a great fan of Firefox and Mozilla as a whole. Firefox (and Mozilla) remains the only major browser that has the user's privacy, functions, and security in mind; not to mention a great example of FOSS that is equally viable and usable to the neophyte as the guru. I'm glad that they backed off their latest endeavor in response to user worries, but we users need to figure out a palatable way to support Mozilla monetization soon!

Now personally, I didn't have a problem with the sponsored starting "quickslots" as I understood them. They only existed on a completely new install, were visibly marked as being sponsored, didn't send back any sort of user data or have other privacy issue, and vanished as soon as the user visited 9 web pages to take up all the "quick dial" slots with their own content! People being worried that it could bleed into something more is understandable, but we need to avoid lashing out at ANY monetization system, because we'll end up in a much worse state.

Like it or not, Mozilla needs funds to do what they do; acting the paragon of web virtue and privacy, having full time developers etc... isn't cheap. Especially in a market where the "bad guys' are offering "FREE SHINY SUPER CONVENIENCE FEATURE HEY LOOK AT THIS" at every turn, while simultaneously selling the user's data to the highest bidder (see: Google) , it is hard to offer a competing level of service and features with a better ethical bend; its even worse when the "bad guys" offer the biggest bucks (ie the reason that porn, faux antivirus sites, other dataminers and outright malware ads pay the most per click. On the other side, those like American health insurance companies, people search slime etc.. are willing to pay top dollar for your data if Google or whomever gathers it. Atop all of this, Google has to compete with "Joe User's" preferences. Though they do an excellent job bringing their support of an open web and privacy to light, Joe User still may like Chrome Widget A or Feature B, which is part of the reason that Firefox is trying to provide "Chrome UI styles" to those that want them in recent variants.

Ultimately, I want Mozilla to continue with its FOSS, openness, and privacy-focused mission and I am willing (and do) donate to the foundation in the hopes to help them do so. However, I know I am a minority - most people aren't going to donate and/or pay for a browser. If it is true that Firefox is going to lose a huge chunk of its revenue from including Google as one of its Search Bar default engines, they are going to have to make that up somehow. Honest and innocuous attempts to do so like the previous "quickdial sponsored starting pages" idea should likely be supported. Especially the tech and FOSS geek community shouldn't be rebuking any attempt for monetization, lest we end up with Mozilla either falling further and further behind as they don't have the money to keep up, or worse abandoning their principles to pay the bills. Instead, we need to be supporting Mozilla's attempts to make money that is still in line with their mission and our desires for openness, privacy, security and the like.

P.S. Despite being one of my favorite pieces of software, recently Thunderbird really needs some support too (especially, being able to detect the new Gmail Categories etc... that's something that the clout of Mozilla should be able to sit down with Google and work out a way to handle it) . Its sad that Mozilla hasn't the resources to invest in continuous improvements and have put the project on the back burner. We don't want to see this happen to Firefox too!

Comment With a few changes, could be great! (Score 3, Insightful) 134

I was an original Kickstarter backer of the Ouya. I have my "chocolate metallic" version sitting right next to my bedroom TV at the moment. Overall, I've been happy with the little box. For $99, it is probably the best "network media player" out there, with XBMC for Android installed. The fact that it plays games is simply a plus. The hardware was sufficiently powerful and of good quality at the time it launched (aside from the snafu with the first controllers). However, there are only a handful of things that keep it from being the magic device everyone spoke of, and most of them are only semi-technical decisions that could easily be reversed.

First of all, one of the biggest failings in my mind is that while it is very close to an Android device, it isn't exactly compatible with every Android app. Now most of them can be sideloaded by a technically proficient user, but I think they'd do much better of instead of having an Ouya OS that is essentially designed to disguise the "androidness" of the whole thing, it should highlight it. Offer a core AOSP experience, frequently updated (last I checked the OuyaOS is based on Android 4.1), and offer a custom, FOSS UI that is made to be navigated with the controller instead. Make it easy for people to update and use Android apps! Put installers for other app stores in the Ouya marketplace when possible, even! Let people load up Netflix for Android etc... They are paying the price in terms of content and developers coming to the platform because it is seen as an additional platform, not simply as hardware that can be tapped by those already developing on Android! They had a great idea with it being an "open" console, but it would be even more 'open' if it was completely Android compliant!

Next, they should have provided users a better installed experience from the very start. While I've gotten tons of use out of my Ouya with XBMC, I had to find the correct Android alpha build that had all the proper flags and sideload it, then launch it from the "Make" entry on the Ouya menu (because all sideloaded stuff basically requires developer-are access - not hard to acquire of course, but it does present a barrier. They could have made a separate menu for sideloaded content that was more accessible). Why wasn't it installed by default, and automatically updated? Way back in the beginning, the company stated they were working with XBMC for compatibility etc.. why wasn't it installed on every Ouya? Or at least, available in the Ouya Store to be installed with a few button presses? This was a simple change that really could have made it a much better out of the box experience for a ton of people. An Ouya with XMBC alone is a better media streamer that is more powerful and flexible than competing "WDTV" style boxes, for the same or a much lower price!

Ouya should take a page from Valve! They seems to be doing the right thing with regards to SteamOS / Steam Machines, by basing it on a fully open and compliant Linux distro, thereby making it easy for anyone who wanted to add any other repo or download any other Linux program. Ouya should react the same with with regards to Android. Make a great experience for their game/app repository, but bring in the entire Android community through compatibility. The current and future Ouya hardware could come to be known as the premiere device in its price range, in a sea of Android gumsticks and other devices, but only if they fully embrace the inclusiveness of the Android community, give users options, as well as a fantastic out of the box experience.

Comment Embrace the PC, Mobile, and Peripheral market! (Score 1) 559

I think the smartest thing that Nintendo can do right now is to give up on the idea of a "console". This will be difficult for a number of reasons (ie Japanese tradition), but I think if they can be the first to do so, it can be incredibly lucrative.

There was a time when a Console, mobile or not, was the only affordable way for many people (especially kids) to play games - you needed purpose built hardware. That is no longer the case. Modern consoles are simply proprietary, locked down PCs that limit users and developers for reasons of control and monetization. This is incredibly evident in the latest generation of the PS4 and XboxOne, but also to some degree touches on the Wii U as well. There is no technical reason that every single game on modern consoles couldn't instead be on open, PC platforms. There have been tons of success stories for indies and big developers alike who bring a version of their game to PC (often, via Steam) and make a greater profit while selling the item at a lower cost, than what they used to do on consoles! In my opinion, it is time for "consoles" to die off, in favor of gaming on whichever open platforms a user may choose instead; better for users, better for developers, better for everyone save those middlemen who want locked down, proprietary hardware they can control and charge for the pleasure of using!

Nintendo is in a great position to be the first of the "big 3" to realize this. They have a beloved stable of 1st party content, a ton of partner developers (ie GameFreak), and a huge back catalog of great game from the past. However, there have been many a time that I've thought "You know, why can't I play Fire Emblem and Legend of Zelda on my existing Android devices, instead of a 3DS. Why can't I play Xenosaga, LoS: Skyward Sword, and the new Smash Bros WiiU on PC instead of a Wii or Wii U?" If Nintendo could stop thinking in the hardware platform mindset, they'd have a chance to rocket to the top. They don't even have to give up developing hardware, entirely - just switch to peripherals. Make peripherals for the PC market - controllers and the like! You have a great idea for motion control - great! Don't limit it to a single platform, use some open technologies and write some drivers for them. Hell, this is a reason that Microsoft's Xbox360 controllers are used so frequently on PC! Atop that, create games exclusively for the PC market (not just Windows either, but Linux too!), and then put that Nintendo marketing genius to work. For instance, what about a Pokemon MMO? Super Smash Bros Kerfuffle for the PC, sold via Steam? Hell, partner with Valve and not only sell Mario PC on Steam, but make it a pack-in download code for every Steam Box purchased! On the mobile side, develop for Android, FirefoxOS and the most open mobile platforms around! Of course, the huge Nintendo back catalog could be made available for sale on mobile and PC alike, introducing them to a whole new audience. Some of the "iPad kids" have never played various SNES titles - make them available for $1.99 and watch their quality soar above average "app store" drivel!

I can see a new world for Nintendo that is better for the consumer, better for developers, and overall fantastic - but only if Nintendo can look beyond seeing consoles as their primary venture.

Comment Another proprietary mess - a pity. (Score 2) 111

Much like MEGA, the other projects of BitTorrent labs (most notably - Snyc), and a whole host of pseudo-security minded programs and services popping up recently, this is sadly proprietary bullshit. Much like BitTorrent Inc absorbing uTorrent as the main client etc... they've repeatedly demonstrated that they view their greatest success - the Bit Torrent protocol itself, as a mistake to be avoided. Why did BitTorrent itself grow to be so prevalent? Exactly the thing they seem to hate - its openness. BitTorrent protocol and most of its extensions (ie DHT, uTP, PEX and more) are all free and open source, to be implemented in a variety of clients. This is its greatest strength, from the slashdot-reading hacktivist running Deluge/Transmission/rTorrent, to World of Warcraft's client updater/patcher, BitTorrent is not just a great protocol for both tracker-based and trackerless sharing, but its implementations are as wide as can be and interoperable.

I am not sure why BitTorrent Inc has decided to treat this as a weakness, and develop yet another proprietary software-as-a-service, centrally managed debacle. While there seems to be some casual lip service paid to FOSS and promises of openness, I haven't seen any examples that they're actually interested in such things. For instance, the javascript Torque API which is supposed to bring BitTorrent to the web browser, doesn't seem to be compatible with any clients aside from the official BitTorrent/uTorrent clients themselves! Other "labs" projects like Live, Surf, and Sync are similar in this regard, being designed only for approved first-party clients.

So long as this ideal reigns, I won't be using these projects. Especially when it comes to privacy and security it is simply too important than to trust a proprietary, unverifiable item of this sort. There are already a variety of projects that offer better privacy and more secure messaging - RetroShare for instance. If you're interested in some of the best, check out www.prism-break.org for a directory of privacy and security respecting, mostly FOSS, programs for many uses. Until those like BitTorrent Inc wake up and realize that openness is one of their greatest strengths, I don't see any reason to consider what they provide.

Some programming languages manage to absorb change, but withstand progress. -- Epigrams in Programming, ACM SIGPLAN Sept. 1982