Forgot your password?
typodupeerror
Google

Google to Open Source the VP8 Codec 501

Posted by kdawson
from the floor-wax-and-dessert-topping dept.
Several readers noted Google's reported intention to open source the VP8 codec it acquired with On2 last February — as the FSF had urged. "HTML5 has the potential to capture the online video market from Flash by providing an open standard for web video — but only if everyone can agree on a codec. So far Adobe and Microsoft support H.264 because of the video quality, while Mozilla has been backing Ogg Theora because it's open source. Now it looks like Google might be able to end the squabble by making the VP8 codec it bought from On2 Technologies open source and giving everyone what they want: high-quality encoding that also happens to be open. Sure, Chrome and Firefox will support it. But can Google get Safari and IE on board?"
Mozilla

Mozilla Accepts Chinese CNNIC Root CA Certificate 256

Posted by kdawson
from the who-do-you-trust dept.
Josh Triplett writes "Last October, Mozilla accepted the China Internet Network Information Center as a trusted CA root (Bugzilla entry). This affects Firefox, Thunderbird, and other products built on Mozilla technologies. The standard period for discussion passed without comment, and Mozilla accepted CNNIC based on the results of a formal audit. Commenters in the bug report and the associated discussion have presented evidence that the Chinese government controls CNNIC, and surfaced claims of malware production and distribution and previous man-in-the-middle attacks in China via their secondary CA root from Entrust. As usual, please refrain from blindly chiming into the discussion without supporting evidence. Since Mozilla has already accepted CNNIC as a trusted root CA, the burden rests with those who argue for its removal."

Comment: subverts PGP security model (Score 1) 234

by hephro (#11048319) Attached to: New Global Directory of OpenPGP Keys
After verifying an email address I got this:
After downloading, import the Verification Key into your PGP software. Then, sign the key with your key and mark it as Trusted. Please see the documentation for your PGP software for specific instructions on trusting a key.
In other words: they expect you to trust them based on the X.509 certificate they present... I hope people realize that with the inclusion of dozens of CAs in common browsers etc. this totally subverts the idea of a web of trust. -Hein

The disks are getting full; purge a file today.

Working...