Redon Buckeye writes "Google's Android software development kit is using several outdated and vulnerable open-source image processing libraries, some of which can be exploited to take complete control of mobile devices running the Android platform. From the article: 'Several vulnerabilities have been found in Android's core libraries for processing graphic content in some of the most used image formats (PNG, GIF, and BMP). While some of these vulnerabilities stem from the use of outdated and vulnerable open source image-processing libraries, other were introduced by native Android code that uses them or that implements new functionality.'"

Read more of this story at Slashdot.

Redon Buckeye writes "Google's Android software development kit is using several outdated and vulnerable open-source image processing libraries, some of which can be exploited to take complete control of mobile devices running the Android platform. From the article: 'Several vulnerabilities have been found in Android's core libraries for processing graphic content in some of the most used image formats (PNG, GIF an BMP). While some of these vulnerabilities stem from the use of outdated and vulnerable open-source image processing libraries other were introduced by native Android code that use them or that implements new functionality.'"

Read more of this story at Slashdot.

Kevin Kelly's just posted "1000 True Fans," a business plan for all kinds of creators in the twenty first century:

A True Fan is defined as someone who will purchase anything and everything you produce. They will drive 200 miles to see you sing. They will buy the super deluxe re-issued hi-res box set of your stuff even though they have the low-res version. They have a Google Alert set for your name. They bookmark the eBay page where your out-of-print editions show up. They come to your openings. They have you sign their copies. They buy the t-shirt, and the mug, and the hat. They can't wait till you issue your next work. They are true fans...

Assume conservatively that your True Fans will each spend one day's wages per year in support of what you do. That "one-day-wage" is an average, because of course your truest fans will spend a lot more than that. Let's peg that per diem each True Fan spends at $100 per year. If you have 1,000 fans that sums up to $100,000 per year, which minus some modest expenses, is a living for most folks.

One thousand is a feasible number. You could count to 1,000. If you added one fan a day, it would take only three years. True Fanship is doable. Pleasing a True Fan is pleasurable, and invigorating. It rewards the artist to remain true, to focus on the unique aspects of their work, the qualities that True Fans appreciate.

Link (via Waxy)

Ironic, isn’t it? Giving away a physical item to promote a digital product? Welcome to this strange new world the internet’s creating.

#

The company that made "Airborne," -- a supposed remedy for colds -- have settled a lawsuit brought by customers who were upset to learn that the "clinical trials" that proved that it worked were faked. If you bought any of this snake-oil, you can get some money back:

Under the agreement, a special Web site was created here to accept claims from customers, who have spent far more than $23.3 million on the range of Airborne products, from Airborne On-the-Go and Airborne Nighttime to Airborne Gummi and Airborne Power Pixies, which is sweetened for children...

GNG is actually a two-man operation started up just to do the Airborne study. There was no clinic, no scientists and no doctors. The man who ran things said he had lots of clinical trial experience. He added that he had a degree from Indiana University, but the school says he never graduated.

Link (Thanks, Barry!)

We noted recently that a judge was so fed up with a pair of well-known patent attorneys that he not only overturned the verdict, but he made the attorneys pay the opposing side's medical bills. Now, in a totally separate patent battle, yet another judge has done the same exact thing. And, in what may (or may not) be a coincidence, both sets of lawyers were representing Medtronic. In both cases, they ignored the earlier parameters set on how the patent claims could be portrayed in court. It's good to see judges pushing back, though it really does say something that patent attorneys felt they could get away with this.

Permalink | Comments | Email This Story

s1d writes "An almost-anonymous British psychologist named Gavin Potter has suddenly risen to the top of the Netflix prize charts. With his very first attempt, he got a score which took the BellKor team seven months to reach. Currently at a score of 8.07, he has only five teams ahead of him now in the race for the ultimate Netflix algorithm. 'Potter says his anonymity is mostly accidental. He started that way and didn't come out into the open until after Wired found him. "I guess I didn't think it was worth putting up a link until I had got somewhere," he says, adding that he'd been seriously posting under the name of his venture capital and consulting firm, Mathematical Capital, for two months before launching "Just a guy." When he started competing, he posted to his blog: "Decided to take the Netflix Prize seriously. Looks kind of fun. Not sure where I will get to as I am not an academic or a mathematician. However, being an unemployed psychologist I do have a bit of time."'"

Read more of this story at Slashdot.

McCain loves him some baggage.

More than a year after Windows Vista was introduced, hackers have finally developed a clean crack of Windows Vista. There have been a variety of workarounds for Vista's copy protection before now, but this is the first time someone has figured out a way to install a cracked version that would pass all of Microsoft's various anti-piracy checks. It seems that certain OEMs found the activation process too burdensome and persuaded Microsoft to provide them with a way to bypass it in order to save their own customers the hassle. Hackers figured out how to activate this special "no activation" mode on cracked copies of Vista. I think this is one of the biggest reasons copy protection schemes fail: they almost always creates serious inconveniences for customers, and irritating customers hurts the bottom line. Companies may talk a tough line about fighting piracy, but when push comes to shove, they're not willing to cut off their own nose to spite their face by insisting on enforcing a copy protection scheme that would put their product at a disadvantage in the marketplace.

Of course, the obvious question is why companies implement copy protection schemes in the first place if they invariably wind up compromising them. The reason, I think, is that these trade-offs are almost never made explicit to corporate decision makers ahead of time. When the copy protection plan is being pitched to management, its developers only talk about how great it will work. Only later, once it's actually being implemented, do people start noticing that it will also cause a lot of problems. But by that time, the copy protection system is too far along the development process to be canned, so instead exceptions are added. These exceptions prevent the copy protection system from crippling the product, but they also undermine its effectiveness as an anti-piracy measure. So customers have to deal with annoying restrictions and the product still gets pirated.

Timothy Lee is an expert at the Techdirt Insight Community. To get insight and analysis from Timothy Lee and other experts on challenges your company faces, click here.

Permalink | Comments | Email This Story

I started a chatroom for tonight's primaries.

irc://irc.freenode.net/#ohioTexas

5PM Pacific: Vermont declared for Obama, the rest are closed or too close to call.

At our company-wide get together last December we decided that 2008 was going to be a year of workplace experiments. Among other things, we discussed how we could make 37signals one of the best places in the world to work, learn, and generally be happy.

Here’s are a few of the things we’ve implemented so far:

Shorter work weeks

Last summer we experimented with 4-day work weeks. People should enjoy the weather in the summer. We found that just about the same amount of work gets done in four days vs. five days.

So if that’s the case we could either push everyone to work harder during those five days or we could just skip one of those days. We decided to skip one of those days.

So recently we’ve instituted a four-day work week as standard. We take Fridays off. We’re around for emergencies, and we still do customer service/support on Fridays, and but other than that work is not required on Fridays.

Three-day weekends mean people come back extra refreshed on Monday. Three-day weekends mean people come back happier on Monday. Three-day weekends mean people actually work harder and more efficiently during the four-day work week.

Funding people’s passions

We decided that 37signals would help people pay for their passions, interests, or other curiosities. We want our people to experience new things, discover new hobbies, and generally be interesting people.

For example, Mark has recently taken up flight lessons. 37signals is helping him pay for those. If someone wants to take cooking lessons, we’ll help pay for those. If someone wants to take a woodworking class, we’ll help pay for that.

Part of the deal is that if 37signals helps you pay, you have to share what you’ve learned with everyone. Not just everyone at 37signals, but everyone who reads our blog. So expect to see some blog posts about these experiences.

Discretionary spending accounts

We’re in the process of giving everyone at 37signals a credit card. If you want a book or some software or you want to go to a conference, it’s on us. We just ask people to be reasonable with their spending.

If there’s a problem, we’ll let the person know. We’d rather trust people to make reasonable spending decisions than assume people will abuse the privilege by default.

We’ll post updates if we have them

The ideas above are active experiments. We’ll report back if we learn anything – good or bad – about what we’re doing and how it’s working.

Stony Stevenson writes "The security firm Fortify Software has warned against a series of attacks against Facebook and MySpace. Buffer overflows that enabled hackers to exploit the Aurigma ActiveX image uploading software used by social networking sites were at the heart of the assault. 'Criminal hackers now view social networking sites as their best target for attacks ... [partially because] such sites are designed to be usable by "unsophisticated" consumers, meaning that the barrier to entry for attacks is potentially lower as users are more likely to click on a link that leads to malware.'"

Read more of this story at Slashdot.

Yesterday we wrote about Trent Reznor launching his new Nine Inch Nails album online with a variety of interesting options that people could choose to buy. The top of the list, for $300, was a "Ultra-Deluxe Limited Edition Package" that included all the high quality downloads, two CDs, a data DVD, a Blu-ray high def DVD and assorted extras, all in a nice package signed by Reznor. This was only limited to the first 2,500 people. While some scoffed at the price of this package, it was clearly designed for NIN's biggest fans -- and they ate it up. Mike Linksvayer points out that this option is now sold out, meaning that Reznor grossed $750,000 in just a couple of days on that package alone, not taking into account any of the other packages that many more people likely bought into.

Now, before some people start complaining that this will only work for big name bands, there's an easy response to that: these days, the way to become a big band is to get your music out there. Newer bands can easily give away music as a promotion to get attention, build up a following, and throw in these types of options as they get bigger. Besides, smaller, less-well-known acts still have plenty of other offerings they can use to make money, even as a smaller band.

Permalink | Comments | Email This Story

yuna49 writes "Adam Liptak of the New York Times reports today about the plight of a Spanish tour operator whose domain names have been embargoed by his domain name registrar (eNom). They pulled his domains after they discovered the tour operator's name on a US Treasury blacklist. It turns out he packages tours to Cuba largely for European tourists who can legally travel there, unlike Americans. The article cites 'a press release issued in December 2004, almost three years before eNom acted. It said Mr. Marshall's company had helped Americans evade restrictions on travel to Cuba and was 'a generator of resources that the Cuban regime uses to oppress its people.' It added that American companies must not only stop doing business with the company but also freeze its assets, meaning that eNom did exactly what it was legally required to do.' The only part of the operator's business in the United States is his domain name registration; all other aspects of his business lie outside the United States."

Read more of this story at Slashdot.

One of the biggest signs that a business has trouble ahead is when it seems to be focusing on everything except the quality of its products. Back in the dot-com boom it was common to see a bunch of MBAs get together and draw up plans for a technology company, raise a bunch of funding, throw a lavish launch party, buy a Super Bowl ad, and then hire some programmers to implement the product almost as an afterthought. Most of them aren't around any more. If I were a Microsoft shareholder, I think I would be worried about the rumors going around that "an aggressive acceleration of the company's investment in its data center network" will be "one of the cornerstones" of Microsoft's online strategy. Obviously, Microsoft is going to need more and better data centers to compete effectively with Google. But ultimately, success in the online marketplace is the result of having great products, not great data centers. If you've got such a great product that demand is outstripping your server capacity, it's not that hard to buy additional infrastructure. But if your core products suck, a lot of servers and disk space isn't going to do you any good. Indeed, I suspect that it doesn't even make sense to build "data centers" in the abstract. It's hard to know exactly what mix of hardware will be needed and how it should be set up without a specific suite of applications in mind. So it seems like it would make sense for Microsoft to focus its resources on developing and marketing great products (like this one, perhaps) and upgrade their data centers as demand warrants. Treating data centers as a "cornerstone" of their strategy seems like they're putting the cart before the horse.

Techcrunch points us to an even more egregious example of focusing on the wrong things: AOL has been touting the number of new sites it plans to launch in the coming year. It's hard to think of a more meaningless statistic than the number of websites your company owns. AOL says it plans to roll out 30 websites by the end of 2008, but one good website will generate more traffic than 30 bad ones. Google, for example launches new sites all the time, but you don't see them bragging about the number of new sites they're launching. They understand that what their customers care about is what their sites can do, not how many there are. Of course, this is probably an outgrowth of AOL's misguided idea that it's in the advertising business rather than the online content business. When your company focus is on advertisers, then websites probably seem like interchangeable places to sell ads. The problem is that if the content isn't any good, you'll have fewer and fewer eyeballs to sell to those advertisers—even if the number of websites you own keeps going up.

Timothy Lee is an expert at the Techdirt Insight Community. To get insight and analysis from Timothy Lee and other experts on challenges your company faces, click here.

Permalink | Comments | Email This Story

mdekato writes "MSNBC reports that NASA's Mars Reconnaissance Orbiter has captured an avalanche on Mars' surface as it happened. Very good still images show what must have been an awesome sight. 'The full image reveals features as small as a desk in a strip of terrain 3.7 miles (6 kilometers) wide and more than 10 times that long, at 84 degrees north latitude. Reddish layers known to be rich in water ice make up the face of a steep slope more than 2,300 feet (700 meters) tall, running the length of the image. Mars' north pole is covered by a cap of ice, and it even snows there. The scientists suspect that more ice than dust probably makes up the material that fell from the upper portion of the scarp.'"

Read more of this story at Slashdot.