Articles Of Interest

By Ted Samson | InfoWorld
July 03, 2013

Germany's top security official adds to the chorus of European lawmakers and privacy advocates warning overseas customers to steer clear of U.S.-based service providers

Germany's Interior Minister Hans-Peter Friedrich, the country's top security official, cautioned privacy-conscious residents and organizations to steer clear of U.S.-based service companies, according to the Associated Press. Friedrich is by no means the first E.U. politician to issue this type of warning, and as details continue to emerge about the U.S. government's widespread surveillance programs, such warnings are certain to garner greater attention.

That can't be good news for companies like Microsoft, Google, Facebook, Amazon, or any other major tech company with a global presence that's struggling to gain and maintain footholds in the growing cloud-services market. These companies already have to contend with salvaging their reputations here at home in the wake of the leaks about the PRISM program; now they'll have to redouble their PR efforts overseas to assuage the privacy concerns of current and potential customers.

According to the AP, Friedrich told reporters on Wednesday that "whoever fears their communication is being intercepted in any way should use services that don't go through American servers."

Monday, July 8, 2013 - 12:24 - Link to this entry - Tagged: privacy, cloud computing, Patriot Act

By Frank Rich, New York Magazine
Published Jun 30, 2013

Note to Edward Snowden and his worrywarts in the press: Spying is only spying when the subject doesn’t want to be watched.

Here’s one dirty little secret about the revelations of domestic spying at the National Security Agency: Had Edward Snowden not embarked on a madcap escape that mashed up plot elements from Catch Me If You Can, The Fugitive, the O.J. Bronco chase, and “Where in the World Is Matt Lauer?,” the story would be over. The leaker’s flight path, with the Feds and the press in farcical flat-footed pursuit, captured far more of the public’s attention than the ­substance of his leaks. That’s not his fault. The public was not much interested in the leaks in the first place. It was already moving on to Paula Deen.

At first blush, the NSA story seemed like a bigger deal. The early June scoops in the Guardian and the Washington Post were hailed universally as “bombshells” and “blockbusters” by the networks. America’s right and left flanks were unified in hyperventilating about their significance: Rand Paul and The Nation, Glenn Beck and Michael Moore, Rush Limbaugh and the Times editorial page all agreed that President Obama had presided over an extra­ordinary abuse of executive power. But even as Daniel Ellsberg hailed the second coming of the Pentagon Papers, the public was not marching behind him or anyone else. The NSA scandal didn’t even burn bright enough to earn the distinction of a “-gate” suffix. Though Americans were being told in no uncertain terms that their government was spying on them, it quickly became evident that, for all the tumult in the media-political Establishment, many just didn’t give a damn.

Monday, July 1, 2013 - 11:40 - Link to this entry - Tagged: privacy

By Jordan Robertson, Bloomberg
2013-06-25T16:01:38Z

Electronic health records are supposed to improve medical care by providing physicians quick and easy access to a patient’s history, prescriptions, lab results and other vital data. While the new computerized systems have decreased some kinds of errors, such as those caused by doctors’ illegible prescriptions, the shift away from paper has also created new problems, with sometimes dire consequences.

Dangerous doses of drugs have been given because of confusing drop-down menus; patients have undergone unnecessary surgeries because their electronic records displayed incorrect information; and computer-network delays in sending medical images have resulted in serious injury or death, according to a study published in 2011 based on reports submitted to the U.S. Food and Drug Administration.

According to a study published in December by the Pennsylvania Patient Safety Authority, the number of reports about medical errors associated with electronic records is growing. Of 3,099 incidents reported over an eight-year period, 1,142 were filed in 2011, more than double the number in 2010.

Unlike U.S. medical-device makers, which must report all malfunctions, serious injuries and deaths involving their products to the FDA, software companies that make electronic medical records are under no such requirement.

As a result, little is known about the risks of their systems, since there is no central database of error reports and makers of electronic records often prohibit customers from discussing unsafe processes. That practice creates “unacceptable risks to safety,” according to a 2011 report from the Institute of Medicine of the National Academies.

Wednesday, June 26, 2013 - 20:58 - Link to this entry - Tagged: medical records, accountability

By Ted Samson | InfoWorld
June 25, 2013

Lawmakers have become increasingly focused on bitcoins as the virtual currency has gained popularity and value in recent months. But judging by a recent cease-and-desist notice sent to the Bitcoin Foundation, some government types may be taking the "shoot first, ask questions later" approach to dealing with the non-traditional currency. California's Department of Financial Institutions (CFI) has warned the nonprofit it "may be engaged in the business of money transmission" without a license or proper authorization.

The trouble with the accusation is that the Bitcoin Foundation doesn't buy or sell bitcoins at all -- which may explain why the accusation is prefaced with "may be." Even if the foundation manages to convince lawmakers that it's doing nothing illegal, organizations that do engage in buying and selling may need to brace for some legal battles.

The Bitcoin Foundation touts itself as a non-profit organization focused on standardizing and promoting the open source Bitcoin protocol. "One activity that the foundation does not engage in is the owning, controlling, or conducting of money transmission business," according to Jon Matonis, who serves on the Bitcoin Foundation board of directors.

Tuesday, June 25, 2013 - 16:47 - Link to this entry - Tagged: privacy, security, digital currency, bitcoin

By Scott Gilbertson, The Register
8th May 2013

Debian, the daddy to many a Linux distro including Ubuntu and Mint, has been updated for the first time in more than two years.

Codenamed Wheezy, Debian 7 actually brings the GPL operating system up to speed with some of its more famous offspring, though, true to its roots, Debian's stable release continues to focus on just that - stability.

If you're looking for a stable, rock solid Linux distro the new Debian will not disappoint. If you prefer to have the latest and greatest software on your machine you're better off sticking with more popular Debian offspring, such as the Ubuntu or Mint distributions.

Both Ubuntu and Mint start from Debian's unstable release channel and then add their own software on top. Mint offers a more direct Debian descendant that pulls from the somewhat stabler Debian testing, also the source of Ubuntu's LTS releases. While both add quite a bit to Debian's base offering, it's important to remember that without Debian there'd be no Ubuntu and no Mint.

For those who prefer the stable core of Debian without the cruft of Unity, Cinnamon or other downstream add-ons, Debian 7 is an important release.

Thursday, May 9, 2013 - 05:54 - Link to this entry - Tagged: unix, debian, ubuntu

By Lars Kurth
April 15, 2013

Almost a year ago, I floated the idea within Citrix of finding a non-profit home for the Xen Project. At this point, I had worked for and with the Xen community for just over a year. We only just implemented community-led Governance and it was clear that at some point Xen would need to become a truly vendor neutral project. You cannot imagine how pleased I was, when almost immediately I got full support from Citrix management to pursue the idea of finding a vendor-neutral home for Xen. We looked at various options and it quickly became clear that The Linux Foundation was the most natural fit for the Xen Project. And then the hard work to pull everything together started … but this is a story for some other time. The good news is that as of today, The Xen Project is a Linux Foundation Collaborative Project with an impressive Advisory Board consisting of companies that will contribute to, fund and guide the non-technical aspects of the Xen Project.

What is going to change?

If you are a Xen User or Developer pretty much nothing initially. Everything will continue to run as it always has. In the longer run, I am confident that the Xen Collaborative Project will lead to more code contributions, better integration with Linux distributions, increased adoption of Xen, more integration with other projects, better marketing and a lot more. All the changes should be positive.

There will be some short-term changes though that will affect you: xen.org will move to xenproject.org, the Xen Logo is changing and we have a new Xen Community website at xenproject.org (which means the old site will be archived). More information can be found at this FAQ.

Wednesday, April 24, 2013 - 06:31 - Link to this entry - Tagged: xen, hypervisor, virtualization, linux

RAPHAEL SATTER
The Associated Press
Published Wednesday, Apr. 17 2013, 2:38 PM EDT

One of the leading U.S. civil-rights organizations is taking on an unusual cause: spotty smartphone updates.

The American Civil Liberties Union is asking the U.S. Federal Trade Commission to investigate what it considers a failure by U.S. wireless carriers to properly update the Google-built operating system used on Android phones. The ACLU says that sluggish fixes have been saddling many smartphone users with software that is out of date and therefore dangerous.

“At its core, it’s not all that different from any other defective product issue,” said the ACLU’s Chris Soghoian, who drew the analogy between a vulnerable smartphone and “a toaster that blows up.”

Experts and government officials have long warned that failing to fix known security flaws – whether on phones or computers – gives hackers opportunities to steal data or use the devices to launch larger attacks.

The ACLU’s 17-page complaint, filed Tuesday, accused carriers AT&T Inc., Sprint Nextel Corp., T-Mobile USA and Verizon Wireless of ignoring those warnings. It cited figures showing that only 2 per cent of Android devices worldwide had the latest version of Google’s operating system installed. The complaint said that as many as 40 per cent of all Android users are still using versions of software released more than two years ago.

Wednesday, April 17, 2013 - 15:23 - Link to this entry - Tagged: security, android

By Janet Davison, CBC News
Posted: Apr 9, 2013 5:08 AM ET

Calgary food truck owner Cosmo Spina used to watch potential customers walk away hungry because he couldn't accept their credit cards and they didn't have any cash.

Late last year, Spina signed up for Square, the tiny credit card reader that attaches to a smartphone and was the brainchild of Twitter co-founder Jack Dorsey and his vision of making commerce "easy for everyone."

Square joins other companies like Interac and Rogers, all trying to eke out a position in the highly competitive — but still nascent — mobile payment marketplace.

Interac recently announced the first NFC (near-field communication) debit transaction via a smartphone in Canada, and hopes to roll out the service for consumers later this year.

Rogers says it is expanding its "suretap" service for mobile payment to more smartphones.

For all the action taking place in the mobile payment market, however, widespread adoption and usage of phones for payment is still sometime down the road.

"The path to one wallet, one application on your phone that holds all of your receipts and keeps track of your spending and helps you make payment from whatever card you want, is still going to be a couple of iterations away."

Wednesday, April 17, 2013 - 15:19 - Link to this entry - Tagged: smartphones, online payments
Washington State court privacy cases similar to Canadian Supreme Court's

The Washington State Supreme Court will be reviewing two cases in which cellphone text messages were being read by police on a cellphone seized during a drug investigation. The police then used that cellphone to arrange a drug sale and arrested the men who showed up to purchase the drugs.

After they were convicted, the two men claimed on appeal that warrantless search of text messages had violated their Fourth Amendment rights.

This resembles a recent Canadian Supreme Court case in which the court ruled that police need special wiretap orders — not just ordinary search warrants — to intercept cellphone text messages as part of criminal investigations. The decision emphasizes that text messaging is essentially another form of conversation and should receive the same protection to which private communications are entitled under the Criminal Code.

Let's hope that our American neighbours take the hint...

Text Message Privacy Faces Important Appeal

by June Williams
Courthouse News Service

Defenders of digital rights urged the Washington State Supreme Court to prevent the erosion of privacy when it hears two cases next month on text messages seized by police without a warrant.

Both cases involve men who were arrested after police intercepted text messages meant for an alleged heroin dealer, according to a pair of amicus briefs that the Electronic Frontier Foundation filed Monday.

Police had arrested Daniel Lee on drug charges and seized his cellphone, the group says. Impersonating Lee, the police then arranged drug sales with Shawn Hinton and Jonathan Rodin, both of whom had sent text messages to Lee's phone. The police then arrested and charged these men with attempting to possess heroin.

Can Police Read Text Messages Without a Warrant?

Electronic Frontier Foundation

San Francisco - The Electronic Frontier Foundation (EFF) urged the Washington State Supreme Court Monday to recognize that text messages are "the 21st Century phone call" and require that law enforcement officers obtain a warrant before reading texts on someone's phone.

"Text messages are a ubiquitous form of communication, and their context can be as private as any telephone conversation," said EFF Staff Attorney Hanni Fakhoury. "We use texts to talk to our wives and husbands, our kids, our co-workers, and more. Police should not be able to sift through these personal exchanges on a whim – they must show probable cause and get a warrant before accessing this information."

In this case, police seized a cell phone during a drug investigation and monitored incoming messages. Officers responded to several texts, setting up meetings that resulted in two arrests, without first getting a warrant. Prosecutors have argued that no warrant was required because there should be no expectation of privacy in text messages, as anyone can pick up someone else's phone and read what's stored there. But in two related amicus briefs filed Monday, EFF argues that searching the phone for the texts without a warrant clearly violates the Constitution.

"The state argues that just because someone can intercept a communication, you should reasonably expect that communication to be intercepted. That's a dangerous way to interpret the Fourth Amendment," said Fakhoury. "The prosecutors' theory would eviscerate any privacy protections in the digital age. We're asking the Washington State Supreme Court here to recognize what's at stake and to require a warrant before allowing officers to read text messages on a cell phone."

Venkat Balasubramani of FOCAL PLLC in Seattle, Washington, served as EFF's local counsel in the cases.

For the full amicus briefs:
https://www.eff.org/cases/washington-state-text-message-privacy-cases

Wiretap laws apply to text messages, court rules

By Emily Chung,
CBC News
Posted: Mar 27, 2013 10:00 AM ET

Canadians' digital communications should get the same privacy protection as voice conversations during police investigations, following a new ruling from Canada's top court.

The Supreme Court ruled Thursday that police need a wiretap order to seize your text messages from your wireless provider as they are sent and received.

In her reasons for judgment, Justice Rosalie Silberman Abella, supported by two other judges, wrote that the only practical difference between text messaging and traditional voice communications is the transmission process.

"This distinction should not take text messages outside the protection to which private communications are entitled," she said.

The decision overturns a lower court ruling against Telus Communications that required the company to hand over copies of all the text messages sent and received by two of its customers each day over a two-week period after it was served with a general warrant by police in Owen Sound, Ont.

Friday, April 12, 2013 - 11:49 - Link to this entry - Tagged: privacy, courts, cellphone, texting

By Melissa Riofrio
PC World
April 08, 2013

The nature of online activity compounds the privacy problems we already experience in the material world. Every move we make on our PCs, smartphones, and tablets turns into a data point that trackers can easily collect and share. And you effectively agree to such collecting and sharing whenever you sign up for an online service and accept its privacy policy.

"There's a pretty big disparity between what folks think their privacy rights are online and what they actually are online," says legislative counsel Chris Calabrese of the American Civil Liberties Union. "They mistake a privacy policy for meaning that they have privacy. That policy is frequently a way to describe the rights you don't have."

#1: Cookie proliferation

Cookies have been proliferating at a rate that would impress epidemiologists. "Five to 10 years ago, if you opened NYT.com in your browser, you'd get a cookie from the New York Times, maybe a couple, and that would basically be it," says staff technologist Dan Auerbach of the Electronic Frontier Foundation. "Today you get probably on the order of 50 cookies from all sorts of third parties: ad servers, data brokers, trackers. They can build up this big profile about your browsing history."

#2: Seizing cloud data

You love how easy it is to grab data from the cloud -- and so do law enforcement agencies. ...whether you use a Web-based email service, keep files in Google Drive, or upload photos to Shutterfly, everything you write, upload, or post gets stored in a server that belongs to the online service, not to you. And because of outdated rules enumerated in the ECPA, this cloud-based data is vulnerable to a privacy loophole so big that a Google self-driving car could roll through it.

#3: Location data betrayal

Call it the end of the easy alibi: Location data will make it increasingly difficult for you to wander around the world without someone knowing exactly where you are at any given time. Your cell phone is the primary tattletale, but the location data you post to social networking sites are revealing sources, too. Pinpointing your whereabouts will get easier still as other location-beaming devices come online, from smarter cars to smarter watches to Google Glass.

"When you leave your house and go to a friend's house, run errands, go to work, visit a lover -- whatever it is you do -- if your geolocation is tracked and recorded, that's a lot of information about you," says senior policy analyst Jay Stanley, of ACLU's Speech, Privacy and Technology Program.

#4: Data never forgets a face

Posting and tagging photos online may feel like innocent fun, but behind the scenes it helps build a facial recognition database that makes escaping notice increasingly difficult for anyone.

"Most consumers are already in the largest facial recognition database in the world, and that's Facebook," says EFF's Lynch.

Lynch's 2012 Senate testimony also noted that the government has reviewed or requested Facebook data for purposes as varied as citizenship applications, criminal cases, and security checks. "We know that law enforcement asks for this information from Facebook," Lynch said recently. "They don't just ask for your post, but all photos you've been tagged in."

#5: Scanning in the name of cybersecurity

You may not be a malicious hacker, but that doesn't mean your online activity won't be scanned for telltale signs of cybercrime. The federal government has made cybersecurity a high priority, as concerns grow about over the vulnerability of the nation's infrastructure to a computer-based attack.

"The definition is still in flux, so there's a question about what 'critical infrastructure' will ultimately encompass," says EPIC's national security fellow, Jeramie Scott. A recent article by Reuters indicates that the government plans to expand its scanning of Internet traffic from three defined sectors: financial institutions, utilities, and transportation companies. Collectively, that covers a lot of consumer activity.

Wednesday, April 10, 2013 - 12:11 - Link to this entry - Tagged: No Tags

by Peter Bright
ars technica
Apr 8, 2013 4:00 pm UTC

Now that Google is going its own way and developing its rendering engine independently of the WebKit project, both sides of the split are starting the work of removing all the things they don't actually need.

This is already causing some tensions among WebKit users and Web developers, as it could lead to the removal of technology that they use or technology that is in the process of being standardized. This is leading some to question whether Apple is willing or able to fill in the gaps that Google has left.

Since Google first released Chrome in 2008, WebCore, the part of WebKit that does the actual CSS and HTML processing, has had to serve two masters. The major contributors to the project, and the contributors with the most widely used browsers, were Apple and Google.

While both used WebCore, the two companies did a lot of things very differently. They used different JavaScript engines (JavaScriptCore [JSC] for Apple, V8 for Google). They adopted different approaches to handling multiple processes and sandboxing. They used different options when compiling the software, too, so their browsers actually had different HTML and CSS features.

Google developed code to provide preliminary support for CSS Custom Properties (formerly known as CSS Variables). It was integrated into WebKit but only enabled in Chromium. That code now has nobody to maintain it, so Apple wants to remove it.

This move was immediately criticized by Web developer Jon Rimmer, who pointed out that the standard was being actively developed by the World Wide Web Consortium (W3C), was being implemented by Mozilla, and was fundamentally useful.

If Apple doesn't address Rimmer's concerns, and if Blink appears to have stronger corporate backing and more development investment, one could see a future in which more projects switch to using Blink rather than WebKit. Similarly, Web developers could switch to Blink—with a substantial share of desktop usage and a growing share of mobile usage—and leave WebKit as second-best.

Related: Google going its own way, forking WebKit rendering engine

Google announced today that it is forking the WebKit rendering engine on which its Chrome browser is based. The company is naming its new engine "Blink."

The WebKit project was started by Apple in 2001, itself a fork of a rendering engine called KHTML. The project includes a core rendering engine for handling HTML and CSS (WebCore), a JavaScript engine (JavaScriptCore), and a high-level API for embedding it into browsers (WebKit).

Though known widely as "WebKit," Google Chrome has used only WebCore since its launch in late 2008.

Tuesday, April 9, 2013 - 14:01 - Link to this entry - Tagged: Apple, Google, webkit, browser

By Olivier Lambert
March 28, 2013

Maybe you heard few years ago, a project called Xen Orchesta. It was designed to provide a web interface for Xen hypervisor with Xend backend. The project started in 2009, but paused one year later, due to lack of time from the original designer. As you can read on the project website, XO is now re-developed from scratch.

Other interesting projects are now dead (like OpenXenManager, a clone of XenCenter). To avoid this kind of scenario, a clear intention for XO team is to provide a living project: “release often” policy, listening to the community, and deliver commercial support to getting resources needed for the project life. The original team behind XO have created their own company to sustain this durability to XO. Furthermore, XO license is AGPL.

Technical choices

We have chosen proven components to build XO on it to guarantee its robustness and is evolutivity.

PHP 5.3 is the main language used as much for XO-Server as XO-Web. We do not use any PHP frameworks but we try to keep our code as modular as possible thanks to the wonderful tool which is Composer.

The design of XO-Web is built using the Bootstrap framework which permits XO to be almost as easy to use on smartphones/tablets as it is on desktop computers.

We also use Backbone.js to provide a dynamic interface which stays always up to date. In later versions we will probably extends its usage to make the interface as responsive as possible in limiting round-trips to the web server.

In the future, we will look into using Processing.js to provide advanced visualizations of your Xen infrastructure.

Saturday, April 6, 2013 - 07:59 - Link to this entry - Tagged: Xen Cloud Platform, php, javascript

By Heather Kelly, CNN
April 5, 2013

Facebook Home is an Android app that acts like a skin, updating the standard Android mobile operating system with a more modern, Facebooky decor.

Facebook Home is a more convenient way for heavy Facebook users to use the social network's services. It is also a more powerful tool for Facebook to potentially collect information about a person, and it gives the company more ways and places to serve up ads.

Om Malik of the site GigaOm says, "this application erodes any idea of privacy. If you install this, then it is very likely that Facebook is going to be able to track your every move, and every little action."

Facebook Home, which launches on April 12, isn't being forced on anyone. Downloading the app is entirely optional, as is buying a new HTC phone with Home preinstalled. Much of the outrage over past Facebook privacy issues has been because they were mandatory and affected everyone.

Many of the Facebook faithful may have resigned themselves to the idea that what they do on the site is tracked -- a fair enough exchange for a free service that keeps them in contact with friends, family and people they sort of knew in middle school.

Friday, April 5, 2013 - 11:14 - Link to this entry - Tagged: privacy, Facebook
Independence, again

My eight-year stint at Black Press is now over. I enjoyed the work I did for the company, which publishes over 100 newspapers in British Columbia, Alberta and Washington state, and exponentially increased my knowledge of application development and Unix systems administration. During that time, I developed public- and internal-facing web applications and was responsible for the administration of a bank of Unix servers, using both command line and GUI tools to manage users, OpenLDAP directories, mail, web service, file sharing, DNS (BIND9), MySQL configuration, backup services and network configuration.

I am now available to assist other companies with programming and system administration. I am available on a project-by-project basis, for short- or long-term contracts, or for full-time employment in a challenging position with a dynamic and exciting company.

Thursday, April 4, 2013 - 08:07 - Link to this entry - Tagged: ccs

Lori Hinnant
PARIS — The Associated Press
Last updated Tuesday, Apr. 02 2013, 3:30 PM EDT

Google Inc.’s new privacy policy is under legal attack from regulators in its largest European markets, who want the company to overhaul practices they say let it create a gold mine of data at the expense of unwitting users.

Led by the French, organizations in Britain, the Netherlands, Germany, Spain and Italy agreed Tuesday on the joint action, with the ultimate possibility of imposing fines or restrictions on operations across the entire 27-country European Union.

Last year, the company merged 60 separate privacy policies from around the world into one universal procedure. The European organizations complain that the new policy doesn’t allow users to figure out which information is kept, how it is combined by Google services, or how long the company retains it.

Two weeks ago, a European Parliament committee signed off on continent-wide legislation that would include a “right to be forgotten,” requiring companies that operate online to show Internet users the personal information collected and, if requested, delete it. It’s no simple request when information is gathered from countless computers and mobile devices and stored on servers all around the world.

In the meantime, it’s unclear how far beyond fines the regulators are willing to go to impose their will on Google.

Monday, April 1, 2013 - 08:51 - Link to this entry - Tagged: privacy, Google