http://lj.libraryjournal.com/2013/03/people/movers-shakers-2013/galen-charlton-movers-shakers-2013-tech-leaders/

Kudos well deserved.

My coworker reading the post came into my office today and asked “Do you know this Galen Charlton guy?” I had to laugh. Having worked together at two different companies, at that moment I was installing and reading his MARC::Record code (again) and sitting in a couple different IRC channels where he was active. More seriously, if I was going to pick one person to carry the banner in a Library Journal context for the OSS projects I care about, I’d pick Galen too. AFAIC, they got this one exactly right.

Also, bonus point to LJ for the crafty subtitle.

http://www.geekwire.com/2013/amazon-wins-patent-reselling-lending-used-digital-goods/

That would seem to include, for example, Nook-based sharing or any other process that does copy, delete, and reassignment of rights.

Thanks to Library Renewal for sounding the alarm on this one.

http://arstechnica.com/security/2013/01/critical-java-zero-day-bug-is-being-massively-exploited-in-the-wild/

Despite it still being common practice for thicker web apps, Java in browser remains a big problem for security.  Consider disabling or uninstalling your browsers’ Java if you don’t positively need it.

Post.find_by_id(params[:id]) 

It is disappointing that the default ORM in Rails cannot yet safely query by identifier, a task made trivial by pre-compiled DBI queries using placeholders, or in this case, a single placeholder!

Check the original post for workaround.

http://nj1015.com/barnes-and-noble-pin-pads-hacked-in-nine-states/

For now, B&N retail customers should watch their statements.

http://www.h-online.com/security/news/item/One-million-Apple-UDIDs-leaked-by-hacker-group-1698478.html

And thanks to one of the recent exploits of Java’s browser plug-in, the hacker group AntiSec now has them as well.  The FBI supervisor whose hardware was exploited just happens to be one of those previously known to be investigating Anonymous.

UPDATE:  An app development company called BlueToad has come forward to identify themselves as the ones hacked, rather than the FBI.  If their account is factual, the hackers do not have 12 Million UDID’s and are attempting to put blame on the particular agent to settle old scores.

http://www.nytimes.com/2012/09/11/technology/company-says-it-not-fbi-was-hacking-victim.html?_r=1&smid=tw-share

If a significantly large portion of additional IDs gets published, we can conclude their account is not factual.  Until then it seems more plausible than AntiSec’s release notes.

We believe state-sponsored attackers may be attempting to compromise your account or computer.

http://bits.blogs.nytimes.com/2012/06/05/google-issues-new-warning-for-state-sponsored-attacks

Just so you know.

I wouldn’t be surprised if this turned out to be related to previous Chinese gmail phishing attempts than Stuxnet or Flame.  Very interesting.

http://www.groklaw.net/article.php?story=20120531173633275

From the commentary:

The sky has been full of FUD about this topic, with folks, both self-styled experts and even a lawyer who has done work for Microsoft claiming that APIs have been copyrightable for years and years, throwing cases at us and examples of terms of use. Terms of use don’t make law, ladies and gents and experts and lawyers… if you continue to listen to such FUDsters after this total repudiation of everything they wrote about this case, please see your doctor right away.

This is an important decision and, barring reversal, it enables U.S. innovators to re-engineer and improve software components without exposing themselves to copyright liability.  (If you’ve been hacking on a proprietary ILS, please, continue.)  It cannot be overstated how badly Oracle lost.   This was an incredibly high profile and high stakes case, and it was expensive.  They had chances to get minor payouts and go home and they kept doubling down.  Now they haven’t just lost this one, they’ve lost an entire class of copyright protection that they imagined was the basis of the case.  As of now, it does not exist.  For anybody.

Oracle will no doubt appeal, but Judge Aslup has been so thorough, methodical and technically detailed that I regard their chances as marginal.  Entire sections of the decision were written (and indeed entire portions of the trial conducted) with the appeals court as the intended audience.  It isn’t exactly doubling down again since they’ve already eliminated all other options, but srsly Oracle, good luck with that.

Now if we could only see a similar eradication of overly broad software patents, we might really see some strategic changes in industry.

Having read direct courtroom reporting and the Court’s own documents, the headlines in some mainstream news outlets declaring Oracle the “winner” and Google “guilty” will start to look awfully remote and more than a little bizarre.  Google has moved for a new case since this jury was unable to determine whether their code constitutes a “fair use” of the Java API, so we might get to see the whole thing play out again.

More likely, the Court itself could deliver definitive resolution to the question whether APIs are copyrightable, particularly if the Court’s opinion converges its EU counterpart in a very recent case (Ars Technica via Google Cache, since the original is 404-ing for some reason).  One can hope.  The EU ruling was particularly bold because it protects reimplementation to the extent of voiding any agreements (read: EULAs) inhibiting that right.  That is a smart extra step in order to make the rights not immediately click-through disposable.

For more, follow along during the trial’s current patent phase at Groklaw.