Zocalo writes: Over the last several months Mozilla has been investigating a large number of breaches of what Mozilla deems to be acceptable CA protocols by the Chinese root CA WoSign and their perhaps better known subsidiary StartCom, whose acquisition by WoSign is one of the issues in question. Mozilla has now published their proposed solution (GoogleDocs link), and it's not looking good for WoSign and Startcom. Mozilla's position is that they have lost trust in WoSign and, by association StartCom, with a proposed action to give WoSign and StartCom a "timeout" by distrusting any certificates issued after a date to be determined in the near future for a period of one year, essentially preventing them issuing any certificates that will be trusted by Mozilla. Attempts to circumvent this by back-dating the valid-from date will result in an immediate and permanent revocation of trust, and there are some major actions required to re-establish that trust at the end of the time out as well.
This seems like a rather elegant, if somewhat draconian, solution to the issue of what to do when a CA steps out of line. Revoking trust for certificates issued after a given date does not invalidate existing certificates and thereby inconvenience their owners, but it does put a severe — and potentially business ending — penalty on the CA in question. Basically, WoSign and StartCom will have a year where they cannot issue any new certificates that Mozilla will trust, and will also have to inform any existing customers that have certificate renewals due within that period they cannot do so and they will need to go else where — hardly good PR!
What does Slashdot think? Is Mozilla going too far here, or is their proposal justified and reasonable given WoSign's actions, making a good template for potential future breaches of trust by root CAs, particularly in the wake of other CA trust breaches by the likes of CNNIC, DigiNotar, and Symantec?
Zocalo writes: Star Citizen, Chris Robert's attempt to reboot the Space Sim genre, hit a major funding milestone earlier today, exceeding the previous record of $4,163,208 secured by the game Project Eternity and more than doubling the initial funding target set by the producer of the Wing Commander series. With Stretch Goals now being passed every few hours bringing new features to the planned game, and David Brabham annoucing a new installment of the classic Elite using a similar funding model at Kickstarter could this be a wake up call for the big game publishers to take another look at the genre?
There's still two days left of Star Citizen funding as well, so if you feel like being a part you can chip in either at the main RSI site or on Kickstarter.
Zocalo writes: The BBC has a fascinating look into the music download habits of the UK population based on stats compiled by Musicmetric. The stats, gathered through the monitoring of BitTorrent swarms and geo-locating the IPs, shows the hotspots for music copyright infringement across the UK and regional preferences for certain types of music. Some of the outliers are somewhat unusual though, suggesting some problems with the methodology or sample size, unless people on the Isle of Wight really do prefer trumpet-playing crooner Louis Armstrong to the likes of Rihanna and Ed Sheeran who top the lists nationwide.
Not in the UK? There are some global stats on the "Most pirated near you?" tab of the story. Better yet, if you want to crunch the numbers for yourself all of the data has been made available at the Musicmatch website under a Creative Commons license and a RESTful API to access the data (free for non-commercial use!) is also available.
Zocalo writes: In a post to the Nmap Hackers list Nmap author, Fyodor, accuses C|Net / download.com of wrapping a trojan installer (as detected by various AV applications when submitted to VirusTotal) around software including Nmap and VLC Media Player. The C|Net installer bundles a toolbar, changes browser settings and, potentially, performs other shenanigans — all under the logo of the application the user thought they might have been downloading. Apparently, this isn't the first time they have done this, either.
Fyodor's on the lookout for a good copyright lawyer, if anyone has one to spare.
Zocalo writes: For those of you keeping score, ICANN just allocated another four/8 IPv4 blocks; 23/8 and 100/8 to ARIN, 5/8 and 37/8 to RIPE, leaving just seven/8s unassigned. In effect however, this means that there are now just two/8s available before the entire pool will be assigned due to an arrangement whereby the five Regional Internet Registries would each automatically receive one of the final five/8s once that threshold was met. The IPv4 Address Report counter at Potaroo.net is pending an update and still saying 96 days, but it's now starting to look doubtful that we're going to even make it to January.
Zocalo writes: Ars Technica visits CERN and takes an in-depth look at the LHC, providing details on the extensive array of supporting technologies and science that don't get the same level of media attention as the main ring. The article details the various stages and sub-accelerators that protons go through in their roughly 6 million kilometer journey from CERN's proton sources, through to their entry into the LHC's main 26km ring and then onwards to an eventual high energy collision at one of the four detectors. Unsurprisingly, there is no mention of any of Dan Brown's outlandish super-jets and paragliding facilities, but there are plenty of fascinating bits of information about the accelerator and the high degrees of precision involved in its construction and operation.
Zocalo writes: Version 4.5.0 of the KDE Development Platform, the Plasma Desktop and Netbook workspaces, and many applications are released today. The KDE team focused on the usability, performance and stability of many previously introduced new features and technologies — click on the relevant links for the full announcements. Ars Technica has already posted a quick look at the new release of the Plasma Desktop here.
Zocalo writes: Slashdot recently discussed Mark Cuban's plan to kill Google which was later revealled to be just a thought experiment, but has Microsoft been taking the idea seriously? According to Matthew Garrahan and Richard Waters of the Financial Times, discussions to achieve just that may already be in the early stages with News Corp., and probably with other providers too. Could getting search engine providers to pay for the "privilege" of indexing their sites be a means for old media companies to survive in the Internet era or does Matt Brittin's (Google's UK director) statement that "economically it's not a big part of how we generate revenue" indicate that Microsoft (and News Corp.) are grasping at straws?