I've been looking into podcasts recently (yes, I know I'm well behind the cutting edge here). This was triggered by two things - the first is LUGRadio, and the second is upgrading to Ubuntu on my desktop, which made installing iPodder really quite simple. Actually, the apt-based installation is the only simple thing about it, but I'll save the UI rant about iPodder for another time.
But what has really struck me is: who listens to this stuff? Adam Curry, the "Podfather", podcasts The Daily Source Code for up to 45 minutes, daily. Who uses three quarters of an hour of their life every day to listen to him? Or anyone, for that matter? An hour a month I can understand, but an hour a day? It's like soap operas - people spend so long living other people's lives that they don't have any time to live their own.
Hmm. I spend maybe around that long listening to the Today programme on Radio 4 in the morning before I get up, so I suppose it's not impossible. But that at least tells me reasonably useful information about what's going on in the world. And there are thousands of these things! Audio overload!
A recent Daily Source Code (324) had a segment about a guy and his show called "the podcast reviewer". So this was a podcast about a podcast about podcasts. Incestuous or what?
Podcasting isn't like most radio. Radio happens in the background (that's why advertisers like it); podcasts, which tend to be speech-heavy, demand your attention. And I've heard very little yet which really deserves it. Well, with the possible exception of LUGRadio, which is good except they feel the need to swear all the time.
My latest Times Online article, "XSSively Dangerous" talks about the future dangers from XSS (Cross-Site Scripting) attacks.
Thumps with a cluestick welcome, as always.
Jeremiah Grossman recently wrote up a very interesting attack (now fixed) on Gmail, which is worth looking at. The problem was that the Gmail client-side interface got your contact list by doing an XMLHttpRequest to a known URL which was the same for all accounts. The permission checks were, presumably, based entirely on your login cookies. The data arrived in the form of a JavaScript array which the client side then eval()ed. So the attack went like this:
Morals:
Hmm. Would it break much of the web if we failed to send cookies on <script> src requests which were cross-domain?
I've just had the pleasure of posting the following message to n.p.m.l10n:
The Mozilla Foundation is pleased to announce that there will be a localisers meeting at the Free and Open Source Developers European Meeting (FOSDEM) 2006 in Brussels, Belgium on the 25th and 26th of February.All Mozilla Project localisers are warmly invited to attend.
The primary aim of this meeting is for localisers to meet one another and discuss matters of mutual interest and concern. On the second day of the conference (Sunday), the Mozilla developer room speaking track will have a particular focus on localisation. However, attendees will also be able to take advantage of the many other attractions FOSDEM has to offer. FOSDEM is a donation-supported event; there is no charge to register.
While all localisers are invited, the meeting has a European focus. The Foundation would like as many people to attend as possible, and so are offering to pay the primary transport costs[2] of all localisation owners and peers[3] in the following geographical regions[4]:
- All the areas coloured green on this map excluding Belgium, Holland, France, Germany and Luxembourg
- Turkey, Israel and Syria
You should consider this a "thank you" from the Mozilla Foundation for all your hard work. If there is anyone who does not fit the criteria but believes they have a good case (such as financial hardship, being mistakenly left off the master list, or localising a project it does not cover) for being offered travel support, they should get in touch.
People who are eligible for travel support should start the process of obtaining visas, if necessary, and looking for flights or other transport. Please do not make travel reservations yet - you will need to book through the Foundation's travel agency. We will send out more information soon about how to make travel arrangements.
The Foundation has a limited budget and wishes to make the meeting accessible to as many people as possible. Therefore, you are asked not to apply for travel support if you have alternative sources of funds to pay for your trip. Also note that if travel costs exceed our initial estimates we reserve the right to restrict the number of people whose travel we pay for; for example, we may sponsor only the owner for a particular localization, not peers. Of course, we hope this will not be necessary.
We regret we are unable to help with accommodation costs; however, Brussels should have accommodation to suit most budgets. Please make your own hotel reservations. :-)
Please email me if you have any queries.
Gerv
[2] "Primary transport costs" usually means the cost of the plane fare. But if you find that an alternative mode of transport is significantly cheaper or more convenient, please get in touch.
[3] "Localisation owners and peers" is defined as anyone who is on the master lists as of 2005-01-26. The master lists are here and here.
[4] The choice of this area was made with the help of the Frappr localisers map. The Foundation may consider similar meetings in other areas of the world in the future.
I've been wanting to do this for a while and I'm very glad it's now possible. I hope to see you all there! :-)
A quick Times article on Microsoft's offer to release SMB/CIFS source code. This isn't part of the Our Man From Mozilla fortnightly series; it's a separate comment piece.
As always, thumps with a cluestick are welcome. :-)
I never thought I'd say this, but I want to write an extension to implement <bgsound>. The idea is that, once the extension is installed, it works just like in IE (as close as possible, at any rate) - including being correctly manipulated by script. What's the best way to do it? Having it only work in Firefox 1.5 and above would be OK.
My initial idea is to use the new 1.5 interface for adding content CSS stylesheets to bind an XBL behaviour to the <bgsound> tag, which then implements the function using the nsISound interface to get simple playback capability. Is this reasonable? Am I going to run into security problems?
You are all welcome to speculate as to exactly why I would want to do this; I am neither going to confirm or deny any suggestions. :-)
brandchannel.com visitors have placed Firefox eighth in their list of "brands which had the most impact in 2005" - bigger than Sony, bigger than Coke. SpreadFirefox crew, give yourselves a pat on the back. You did that.
(And now you know why we have fairly strict trademark policies :-)
The new newsgroups move is complete*! Wahey! Thanks very much to Giganews for hosting the new groups, and Dave Miller and his team for doing all the hard migration work. Hopefully now we can stop worrying about the newsgroups and start using them as a communication tool! I would encourage developers to join the appropriate groups, and be vocal about anything (off-topic conversation, spam...) which prevents them from being a useful communication channel within that part of the community.
Dave is now off on a well-earned break until the end of the month. Any issues with the new groups should be filed in Bugzilla in the normal way (product: mozilla.org, component: Server Operations).
* (OK, there are a couple of loose ends. netscape.public.mozilla.announce hasn't migrated yet, as we want to do it silently with minimal disturbance, so the thousands of subscribers to the mailing list half don't get unnecessary admin notices. And we've taken down the web-developer groups for the moment, pending discussion with the MDC crew about how exactly they want to do discussion in their new world.)
Update: OK, that loose end might be looser than I imagined. More feedback on the new hierarchy is still coming in, from people who couldn't quite believe it was actually happening and so didn't say anything earlier. There may be a few more changes still to make. Watch this space.
Joe Hewitt, of DOM Inspector fame, has developed a new Firefox extension called FireBug, which is sort of a combination of the DOM Inspector and the JavaScript console, in a frame at the bottom of each browser window. He only released it a couple of days ago; I happened across it when browsing addons.mozilla.org yesterday. It also allows you to spy on XMLHttpRequest calls, and offers per-page logging.
He says:
FireBug is just a few days old as of this writing. Consider this a pre-pre-pre-alpha release.
so be warned, but it seems to work pretty well to me :-)
The GPL v3 is now available to read and comment upon. Even if you have no interest in the new licence or the process, head over there and check out the extremely cool webtool (called "Stet") which has been built by Orion Montoya for the Software Freedom Law Center to manage the commenting process. It really rocks. The GPL itself is an XML file with a custom DTD, and they use XSL to transform it into XHTML and present it to you. Then, Stet kicks in to enable the commenting system.
A comment in the source says:
/* stet will be released under the GPLv3 as soon as the license is finalized -- so its development may be seen as a sort of meta-licensing bootstrap operation: a program whose sole purpose is to develop the terms for its own distribution. */
I've just changed some text on our download page relating to Mac OS 9 users. The old text recommended Mozilla 1.2.1; the new text says:
Due to the lack of developer interest, build machines, compilers and testing resources, the last mozilla.org software built for Mac OS 9 was Mozilla 1.2.1, released in December 2002. However, versions of our software that old are not recommended for security reasons. Therefore, for Mac OS 9 users, mozilla.org recommends iCab - which is, as far as we know, the only graphical browser currently maintained for Mac OS 9.
After a quick discussion, the security group concluded that this was the best thing to do for Mac OS 9 users. My suggestion to them was prompted by a newsgroup message or forum post somewhere, although I've forgotten where it was. So if it was you who came up with the idea, thanks :-)
At 10am Eastern (3pm GMT) tomorrow, The Free Software Foundation is going to unveil the first draft of version 3 of the GPL. I thought it would be profitable to have a think about version 2, while my mind was still unbiased by knowing their suggested improvements.
Section 2 a) ("You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change") is the most widely-ignored piece of the GPL, and for good reason - such notices would be a pain in the rear to maintain, and having changelogs inside files messes up your source control. What was the original purpose of this clause? Is it necessary any longer?
Section 2 c) (that the program must print a licence banner on startup if its an interactive command-line program) is anachronistic. One merely needs to say that users of the program must be made aware of their rights.
With regard to the two above, licences should require results rather than specify methods to achieve them. That will make them much better suited to withstanding the progress of time.
The last paragraph of section 3), which says that 'equivalent access to copy' is sufficient to fulfil the requirement to distribute source, should also allow a similar scheme when distributing via other methods than download. I.e. you should be able to buy GPLed binaries on CD, and optionally request the source CDs at no extra charge if you also want them. Potentially, in this world of cheap bandwidth and cheap CD-Rs, the principle of equivalent access could replace the "written offer" provisions.
Some have argued that source distribution should be required for GPLed applications one uses with a web browser and a network, as well as those one uses by downloading and installing them. If this ties into the already-existing legal concept of public performance of a work, and merely states that source code need be made available in an equivalent manner to if you had distributed the binaries to the user, this would be OK. If it forces particular abilities on the software, like the Affero GPL does (download over HTTP), this would be bad and non-free, as the software would then have an "invariant section".
Some have suggested a form of mutual defence clause, where suing someone for patent infringement in GPLed software terminates your right to distribute all GPLed software. I personally would like to see that, but I suspect it might split the community. Companies like Sun and IBM would be faced with either giving up their rights to sue authors of GPLed works for patent violations, or giving up their right to distribute GPLed code. One would hope they'd choose the former... There are more mild forms of anti-patent clause which might cause less friction. I don't know what the FSF will go for.
Some embedded GPLed software can't be modified in practice because the binaries need to be signed, and the hardware checks the signature. Section 3) needs beefing up to make it more clear that you need copies of everything which allows you to use a modified binary in place of the original binary. And that means Trusted Computing or DRM encryption keys.
Various Debian people have also put forward their views.
The Open Rights Group is now able to take my money (in contrast to a few weeks ago). UK hackers, please do sign up to support them.
A mysterious person known only as "Talin" posted recently in the newsgroups saying he had started an extension to allow Open Document Format (ODF) files to be viewed natively in Firefox without the need for a plugin. Apparently, the ODF XML format together with its CSS-like style information is reasonably easy for Firefox to render, given some help.
I think this is a really cool demonstration of the power of free software and open standards, and would, practically speaking, be a really useful addon. In fact, if the code wasn't too complex and large, why couldn't we include it in Firefox by default? That would certainly accelerate the adoption of ODF.
He didn't have time to develop it further, and neither do I. He was kind enough to send me the code, so if anyone else thinks this is a cool idea and would like to take it further, get in touch and I'll pass it on :-)
My latest Times Online article, about the GPL version 3 process and its possible effects on the community, is now available.
Again, corrections welcome.
If you are lying in bed at night, with the room lights off, how many different lights on how many different pieces of electronic or electric equipment can you see?
Here's my list:
Total: 11 devices, 19 lights. I guess it helps that my computer lives in my bedroom, and that it's the communications hub of the house. Can you beat that?
The BBC has released 80 news clips under their not-quite-free UK-only licence as the Open News Archive (from Slashdot). The three formats available are Windows Media Player, Quicktime and MPEG-1.
Are any of these three formats playable on my Ubuntu system without breaking UK law (either patent or copyright)? Totem, by default, doesn't seem to be able to play the Quicktime or the MPEG files.
Maybe Dirac isn't ready for prime time yet, but the Theora bitstream format has been frozen since alpha 3, so they could have provided it in that...
I've written a long-overdue answer to a question I occasionally get asked, either by email or in blog comments - why is this blog called "Hacking for Christ"? It might be useful reading for anyone who is bemused, intrigued or confused by any part of the title (even the word "for").
Finally something useful I can contribute to Wikipedia... I've used it in the CT scan article, as it didn't seem to have an example scan.
