Category Archives: Software

Patents, MPEG-LA and Not-So-Professional Video Cameras

Posted on by

So you’ve bought a nice new professional video camera and you want to shoot a video of a friends band so they can sell a couple of copies to buy a new guitar, simple eh ? Well not quite, you’ll probably want to check the license for the camera according to this article by Eugenia Loli-Queru:

You see, there is something very important, that the vast majority of both consumers and video professionals don’t know: ALL modern video cameras and camcorders that shoot in h.264 or mpeg2, come with a license agreement that says that you can only use that camera to shoot video for “personal use and non-commercial” purposes (go on, read your manuals).

Now, you may ask, this can’t be right, can it ? Surely a “professional” video camera should be able to be used for professional purposes ? Well yes, it should, but it can’t. The reason is (of course) software patents, according to Eugenia:

Apparently, MPEG-LA makes it difficult for camera manufacturers, or video editor software houses, to obtain a cheap-enough license that allows their users to use their codec any way they want!

So the camera manufacturers pass that onto the purchaser, if you buy one and want to use it professionally then you will have to get your own license from MPEG-LA and then pay them a royalty on every copy sold. Sadly you can’t even get away from this by transcoding your MPEG2 or H.264 video into a free format for two reasons, firstly the camera most likely uses it internally first (and that’s apparently enough) and secondly the MPEG-LA claim their patent portfolio is so broad that you cannot create a video codec these days without infringing one of their patents. So theoretically you’d need to pay no matter what you did.

Eugenia does offer one possible way out, the ancient MJPEG format:

Let me make one thing clear. MJPEG **sucks** as a codec. It’s very old and inefficient. OGV Theora looks like alien technology compared to it. But (all, if not most of) its patents have expired. And JPEG is old enough to predate MPEG-LA. Thankfully, there are still some MJPEG HD cameras in the market, although they are getting fewer and fewer: Nikon’s dSLRs, Pentax’s new dSLRs, and the previous generation of Panasonic’s HD digicams. Other cameras that might be more acceptable to use codec-wise are the Panasonic HVX-200 (DVCPro HD codec, $6000), the SILICON IMAGING SI-2K (using the intermediate format Cineform to record, costs $12,000), and the RED One (using the R3D intermediate format, costs $16,000+). Almost every other HD camera in the market is unsuitable, if you want to be in the clear 100%

Yet another reason why software patents need to be defeated, they stifle what we can do with the technology we have paid for.

Why Open Source is Good

Posted on by

If you’re ever in the situation where people try to convince you that a commercial application is better than an open source one because “you never know what is going to happen to the open source one” (rather than technical merits) then this little story might be handy to keep in mind.

Sun Microsystems had their own “Single Sign On” product called Access Manager, which they open sourced back in 2008. Now when Oracle took over they decided it wasn’t really their thing, and so shut it down, for reasons best known to themselves. Now had this still been a proprietary application that would have been that, dead, finito, it is an ex-parrot, it has ceased to be. But not with this one, as in the best (worst?) zombie movies it has risen from the dead again (or to keep the Python sketch going, it muscled up to the bars of the cage and ‘Voom!’):

But here it comes the awesomeness of the open source community: A Norwegian company called ForgeRock has stepped up to give OpenSSO a new home and continue developing OpenSSO under a new name: OpenAM (because of trademark issues with the name). They claim they will continue with Sun’s original roadmap for the product, and they have started to make available again all of the express builds, including agents, that were removed from OpenSSO’s site, and a new wiki with all the content that once was available at dev.java.net.

So the real power of Open Source isn’t that people will magically keep things going (they are just human after all) but that if *you* need to keep something going then you can, despite what any company says..

Microsoft Tried to get Patent Royalties for OpenOffice.org from Sun

Posted on by

In an interesting blog on patents, copying and litigation former Sun CEO Jonathan Schwartz discloses that Bill Gates and Steve Balmer tried to put the frighteners on Sun over OpenOffice.org to try and protect their office application monopoly. Their attack went like this:

“Microsoft owns the office productivity market, and our patents read all over OpenOffice.” […] “We’re happy to get you under license.”

Of course (as ever) they do not identify any patents, as that would let us fix any problems (if there are actually any), they would much rather weave their usual web of FUD on the matter than come clean. Jonathan’s response turned the issue on them on a different tact:

“We’ve looked at .NET, and you’re trampling all over a huge number of Java patents. So what will you pay us for every copy of Windows?”

That killed that angle of attack off.. 🙂

WordPress “Worst Offenders” Plugin Works in WP 2.9.x!

Posted on by

I’ve just spent a bit of time fixing up a fairly simple bug that was preventing Rich Boakes’sWorst Offenders” plugin (( This plugin classifies your Akismet spam queue by various criteria to let you do bulk deletes for comments matching various criteria )) from working in current WordPress versions (basically it was assuming it had created a submenu somewhere it wasn’t) and merged my branch back into trunk to check the content of comments for a list of bad words. No release yet, this is just in trunk, but if you are feeling adventurous you can go into your WordPress’s wp-content/plugins directory and do:

svn co http://plugins.svn.wordpress.org/worst-offenders/trunk/ worst-offenders

Of course make sure you’ve nuked any earlier version of Worst Offenders first!

UK Academic Network JANET to Close Usenet News Service (Updated)

Posted on by

This is a great shame, though probably not that surprising these days, but the UK Joint Academic Network (JANET) is going to pull its Usenet News service on the 31st July 2010. Basically I suspect the ever declining SNR has put people off, and these days everyone knows the web and the closest they get to knowing what Usenet is (or maybe was) Google Groups. JANET says:

There are now few active registered News Feed users and News Read users and the current infrastructure is nearing its end of life. JANET(UK) have therefore decided that it is no longer economically viable to run the service, especially in the current financial climate. We therefore will cease to offer the service when the existing contract expires on July 31st 2010.

Especially sad for me as I cut part of my first real sysadmin job at the University of Wales, Aberystwyth, was working on the Usenet news system that had been set up originally by Alec Muffett and I was for quite a while the maintainer of the UK.telecom newsgroup FAQ and the alt.config guidelines.

Update: I’ve been digging through some old email – here’s one from 4th August 1993 giving an idea of what we had to struggle with:

OK, I deleted all binaries under alt.binaries, all of junk and all of control. That, coupled with the AEM_TIDY got us about 27 meg back. I then ran a doexpire, whch took a long while but we’re now up to about 53 Meg free, or about 85% of the 400 Meg partition.

Yup, the entire university news spool at that time was a whopping great 400MB. 😉 We were using nntplink with CNews for the time (this was before we knew about INN).

SpamAssassin Y2K10 Bug

Posted on by

Update: removed the link to the SpamAssassin announcement as the link isn’t permanent! 🙁

In case you’ve not noticed – SpamAssassin had a nasty Y2K10 bug which had been fixed months ago but the fix never got pushed out into a release or updates. 🙁

Those of you using SpamAssassin to filter your mail may want to watch things a bit more closely than usual; it seems that current versions still include the rule known as FH_DATE_PAST_20XX, which adds 2-3 points to any message with a 2010 date in the headers. Surprisingly enough, such dates have suddenly become common, with the result that SpamAssassin may be generating more false positives than usual.

The fix is now included in the updates pushed out by sa-update, run it with -D to get debug output and check you’ve picked up 895075 or later. You’ll see it say:

[4096] dbg: dns: 5.2.3.updates.spamassassin.org => 895075, parsed as 895075

If you’re running Zimbra then you’ll need to fix this manually, in the VPAC install (5.0.x) I changed a line in /opt/zimbra/conf/spamassassin/72_active.cf from:

header FH_DATE_PAST_20XX Date =~ /20[1-9][0-9]/ [if-unset: 2006]

to:

header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/ [if-unset: 2006]

The other alternative is to set the score of the rule to 0 in your local.cf file:

score FH_DATE_PAST_20XX 0.0

Then go hunting for legitimate email in your spam folder (I’m lucky enough that none got picked up).

Serious SSL Renegotiation Problem

Posted on by

This just in from Ben Lawrie:

For the last 6 weeks or so, a bunch of us have been working on a really serious issue in SSL. In short, a man-in-the-middle can use SSL renegotiation to inject an arbitrary prefix into any SSL session, undetected by either end.

But wait, there’s more..

To make matters even worse, through a piece of (in retrospect) incredibly bad design, HTTP servers will, under some circumstances, replay that arbitrary prefix in a new authentication context. For example, this is what happens if you configure Apache to require client certificates for one directory but not another. Once it emerges that your request is for a protected directory, a renegotiation will occur to obtain the appropriate client certificate, and then the original request (i.e. the stuff from the bad guy) gets replayed as if it had been authenticated by the client certificate. But it hasn’t.

Ben has a patch against the current development head of OpenSSL to ban renegotiation, but for most people it’ll need backporting to their current OpenSSL versions..

MPI-3 Forum Seeks Feedback from Fortran MPI Developers

Posted on by

In a posting to the Open-MPI development list Jeff Squyres has requested feedback from Fortran MPI developers on proposed changes to the bindings of MPI functions in MPI-3. He writes:

In the MPI-3 Forum, we’re working on revamping the Fortran bindings to be “better” (for a variety of definitions of “better”). There’s at least one question that we really need some feedback from the MPI Fortran developer community before proceeding. Craig Rasmussen from Los Alamos National Laboratory, chair of the MPI-3 Fortran Working Group, asked me to post a “request for information” to my blog and pass on the URL to every Fortran MPI programmer that I know

The URL of Jeff’s blog is http://blogs.cisco.com/ciscotalk/performance/comments/mpi-3_fortran_community_feedback_needed/. Please pass this on if you do know other Fortran MPI developers.

WordPress 2.8.5 released – security fix and hardening work

Posted on by

WordPress 2.8.5 has just been released:

As you know over the past couple of months we have been working on the new features for WordPress 2.9. We have also been working on trying to make WordPress as secure as possible and during this process we have identified a number of security hardening changes that we thought were worth back-porting to the 2.8 branch so as to get these improvements out there and make all your sites as secure as possible.

It includes a fix for a trackback DoS attack that’s apparently going on at the moment. I’ve updated the 3 blogs I look after with a quick svn switch http://svn.automattic.com/wordpress/tags/2.8.5.