Ad: Manage updates with the Download App
ie8 fix

codes

Demand secure code

This week, the PCI Security Standards Council announced the availability of its new Payment Application Data Security Standard (PA-DSS). PA-DSS provides a set of best practices to software vendors for developing secure payment applications that don't store sensitive or private data such as personal identification numbers, and ensure that these applications support standard Payment Card Industry Data Security Standard (PCI DSS) requirements. Once a certification process is established, retailers will be able to purchase applications with a PA-DSS "good housekeeping" seal of approval.

Hmm, what a good idea. Retail companies get the benefit of a third-party audit … Read more

Google's festering problem with the AGPL

Google apparently likes open source that lets it "borrow" open-source software while giving comparatively little back, and always on Google's terms. While I think Google has been doing better of late vis-a-vis open source, its policy of blocking projects from its Google Code forge that are licensed under the AGPL is wrong and a betrayal of the open-source principles it claims to respect and approve.

As Google's Chris DiBona says,

In fact we do not support the AGPL on code.google.com....It is also not okay to host an AGPL covered program on code.google.com by saying it is GPL, as you are telling the users of the site one thing, while meaning something else altogether. So sadly, the answer is to remove your project and host somewhere else like sf or savannah.

Well, no, Chris, AGPL is not "meaning something else altogether." It actually means precisely what the GPL was always intended to mean: Reciprocity. It is likely true that Google doesn't like that reciprocity requirement, but that's "something else altogether."

What is the AGPL? It's the Affero General Public License, and finishes the job that GPLv3 was supposed to do: Broaden the definition of "distribution" enough to keep Web freeriders like Google, Digg, etc. from using open-source code without contributing back.… Read more

Nokia gives mobile application developers their big break

Mobile applications are turning into big business, and Nokia is looking to launch a few start-ups on their way.

Nokia's developer arm, Forum Nokia, announced the results of its Mobile Rules contest Wednesday night at San Jose City Hall. Nine companies were chosen, representing four application categories, best business plan, and four winners of the best technology innovation.

The winners were judged by a panel of Nokia executives, venture capitalists, and media representatives. They'll get a chance to pitch their ideas to Nokia's higher-ups and the venture capital community. With smartphones and mobile phones growing more and … Read more

Security hole in VLC Player

Torrent-watching Web site TorrentFreak is reporting a major security hole in the popular open-source media player VideoLAN, also known as the VLC Player (download for Windows and Mac. "The reported vulnerability makes it possible for a malicious user to run arbitrary code, potentially taking remote control of the host machine," according to TorrentFreak.

The hole gets exploited from a subtitle file buffer overflow, and it's platform independent--meaning it could strike users of Mac and Linux operating systems, as well as Windows fans. VLC users who avoid subtitle files won't face any problems. Another solution is to … Read more

Will Google's Summer of Code result in (even) better Adium?

Google just announced its mentoring organizations for its 2008 Summer of Code. I was really happy to see that the open-source Mac instant messaging client, Adium, was selected as one of the mentoring organizations.

Looking at the list of ideas Adium has for its incoming student developers, however, I'm a little bummed by the lack of ambition. Or, rather, creativity.

On tap? Adding the ability to remote control a Mac through Adium (similar to Apple's iChat) and video conferencing support (similar to Apple's iChat), plus improving group chat capabilities. These are nice to haves, but they're simply replications of proprietary products. The reason I use Adium instead of iChat is for all the other things that Adium does better than iChat (customizability being the top reason).… Read more

E-mail archive program gathers Gmail account information as well

In looking for a program to back up his Gmail account, programmer Dustin Brooks found a commercial program that instead copies username and password information, according to a blog on Codinghorror.com.

Over the weekend, Brooks said in an e-mail to CodingHorrror.com that he was looking for a program that would archive his Gmail account onto his local hard drive. He signed up for a program called G-Archiver distributed by Mate Media of Miami, Fla. Brooks says that after installing the program, it didn't do all he was looking for so he decided to reverse engineer the source … Read more

Google to start accepting Summer of Code applications next week

Just as a reminder, Google is about to start accepting applications for its Summer of Code. Google will begin accepting applications from open-source mentoring organizations (i.e., open-source projects) on Monday, March 3, 2008, and will then stop accepting them on Wednesday, March 12th. Students can then start applying to participate in these projects on Monday, March 24 until Monday, March 31, 2008.

Not much time until the application process kicks off, but also not much time to submit an application.

Google's Summer of Code started with just 40 open-source projects in 2005 and jumped to 130 in 2007. … Read more

Google: The new Sourceforge?

Sourceforge boasts 169,282 registered projects. The actual number of active projects may be as low as 15,000. This is still an impressive number, but it may not be enough to stave off the Google threat.

Just two years after Google kicked off project hosting on its Google Code site, Google is reporting that it now hosts over 80,000 projects. Given how new it is (and how infrequently Sourceforge prunes its projects, if at all), it may well be that Google now has more active projects hosted on its Google Code site than Sourceforge.

The real question, of … Read more

Microsoft to issue two security bulletins next Tuesday

In preparation for its next Patch Tuesday, January 8, 2008, Microsoft said on Thursday that it will issue two bulletins.

One, deemed critical by Microsoft, will address remote code execution in Windows Vista, Windows Server 2003 service packs 1 and 2, Windows XP Service Pack 2, and Windows 2000 Service Pack 4.

The second, deemed important, will address local elevation of privilege in Windows Server 2003 service packs 1 and 2, Windows XP Service Pack 2, and Windows 2000 Service Pack 4, but not Windows Vista.

In addition to the two bulletins, Microsoft also plans to issue an updated version … Read more

Nintendo adds gift giving with this week's Virtual Console update

A new feature of the Wii Shop channel beginning this week is the ability to send a friend a Virtual Console title as a gift--just in time for the holidays. There is a catch, though; gift giving will require you to start learning and trading those 16-digit friend codes.

Pok?mon Snap (1999, Nintendo 64, 1000 Wii points)--A game that helped launch Pok?mon into mainstream American culture, Pok?mon Snap had gamers capturing Pok?mon "virtually" on film. New to the Virtual Console version of the game, players will now have the option of sharing their … Read more