Three groups of stories in this long-in-coming DLTJ Thursday Threads. First, we look at the pent-up risks of running Windows XP systems given that support for that operating system is scheduled to end in April 2014. Second, a pair of articles that look at the ups and downs of open source software governance as it relates to the Apache Foundation. And lastly, look out for that garbage can -- it may be watching your every move.
DLTJ Thursday Threads has been on a long hiatus since its last issue was published in spring 2012. With so much happening in the world of technology today -- both in general and related to libraries -- I've felt this growing need to revive it. I hope this is the first of a new long streak of weekly article summaries.
Feel free to send this to others you think might be interested in the topics. If you find these threads interesting and useful, you might want to add the Thursday Threads RSS Feed to your feed reader or subscribe to e-mail delivery using the form to the right. If you would like a more raw and immediate version of these types of stories, watch my Pinboard bookmarks (or subscribe to its feed in your feed reader). Items posted to are also sent out as tweets; you can follow me on Twitter. Comments and tips, as always, are welcome.
Still Running Windows XP? Its Days Are Numbered
After April 8, 2014, Microsoft has said it will retire Windows XP and stop serving security updates. The only exceptions: Companies and other organizations, such as government agencies, that pay exorbitant fees for custom support, which provides critical security updates for an operating system that's officially been declared dead.
Because Microsoft will stop patching XP, hackers will hold zero-days they uncover between now and April, then sell them to criminals or loose them themselves on unprotected PCs after the deadline.
"When someone discovers a very reliable, remotely executable XP vulnerability, and publishes it today, Microsoft will patch it in a few weeks," said [SANS security training Jason] Fossen. "But if they sit on a vulnerability, the price for it could very well double."
Remember what you were doing in 2001? That was the year that Microsoft's Windows XP operating system was released. Long vaunted as among the most stable and supported Windows operating systems, final support will be retired on April 8, 2014. Do you have systems using Windows XP? It might not be on your desktop, but could be in your libraries self-check machines or building management systems? It is certainly in airport arrival/departure display systems and is a big concern in the medical community. This article speculates that when Microsoft stops creating security patches for Windows XP that those systems will be ripe for takeover for botnets and other nefarious purposes. If you have any Windows XP systems in any way connected to any network, now is the time to think about how you will transition away from them or protect them.
The Maturing of Open Source Models
But tensions within the ASF and grumbling throughout the open source community have called into question whether the Apache Way is well suited to sponsoring the development of open source projects in today's software world. Changing attitudes toward open source licensing, conflicts with the GPL, concerns about technical innovation under the Way, fallout from the foundation's handling of specific projects in recent years -- the ASF may soon find itself passed over by the kinds of projects that have helped make it such a central fixture in open source, thanks in some measure to the way the new wave of bootstrapped, decentralized projects on GitHub don't require a foundationlike atmosphere to keep them vibrant or relevant.
Much of the time the Apache system works. You have interested people who start a project, get some code working, then propose it to Apache. One of these meritorious members shepherds it into the organization and helps build a community of developers. The "committers" on the project do their own stunts -- the bulk of the marketing and evangelizing.
In the 15 years we've lived with the term "open source" ((The History of the Open Source Initiative page on opensource.org says that "the “open source” label was created at a strategy session held on February 3rd, 1998 in Palo Alto, California, shortly after the announcement of the release of the Netscape source code.")) we've seen the rise and fall of many open source projects and community platforms, and one of the stalwart constants has been the influence of the Apache Software Foundation (ASF). Starting with the HTTP server project (the most used web server software on the internet) and now encompassing over 100 top-level projects, the influence of the Apache Way on the internet as we know it today is undeniable. So it should be no surprise that the ASF has had its own series of growing pains. These article explore some of those pains and have insights on governance for projects big and small.
Passed This Way Before? The Trash Can and the Store Shelf Know
Renew ... installed 100 recycling [caption id="attachment_4152" align="alignright" width="300"]Image from Renew’s marketing materials, via qz.com[/caption] bins with digital screens around London before the 2012 Olympics. Advertisers can buy space on the internet-connected bins, and the city gets 5% of the airtime to display public information. More recently, though, Renew outfitted a dozen of the bins with gadgets that track smartphones.
The idea is to bring internet tracking cookies to the real world. The bins record a unique identification number, known as a MAC address, for any nearby phones and other devices that have Wi-Fi turned on. That allows Renew to identify if the person walking by is the same one from yesterday, even her specific route down the street and how fast she is walking.
[Apple's] iBeacons is a Bluetooth-based micro-locations system (think very accurate GPS that can be used indoors). But instead of being used by people to determine their own locations, it's used by retailers, museums and businesses of all kinds to find out exactly where people are, so they can automatically serve up highly relevant interactions to customers' phones.
Apple has not publicly revealed technical details about iBeacons, but it did tell developers what the technology is for and generally how it works. According to Apple, iBeacons is used for the following:
This one is just spooky. Many of the electronic devices we carry are constantly searching for things to connect with via WiFi and Bluetooth. As they do so, the broadcast their unique device identifiers. This raises locational privacy concerns. With tracking devices becoming smaller and cheaper (described as three for $99 in the second article), it is conceivable that every door knob and street corner may have one in a few years time. (Unlock your hotel room door by walking up to it with your smartphone? Probably possible in the not too distant future.) Do we want to bring this technology into libraries?