Underexposed

A Trojan-infected Vietnamese language pack for the Firefox Web browser was available for download from the open-source Web browser's official add-on site for months.

Mozilla, which oversees the project, announced the problem on its security blog on Wednesday, saying people should disable the add-on pack for now.

"Everyone who downloaded the most recent Vietnamese language pack since February 18, 2008, got an infected copy," Mozilla said. "While we cannot determine the exact number of compromised downloads, there have been 16,667 total downloads of the Vietnamese language pack since November 2007, so we anticipate the impact on users to be limited."

The author of the add-on pack, who acknowledged on Thursday that his machine had been infected, isn't suspected of any intentional harm, according to the discussion of the problem. The author offered a cleaned-up version Thursday that so far appears OK.

Mozilla scans its files for viruses, Trojans, and other problems. But the file had been uploaded nearly two months before the antivirus software could detect the Trojan in question, called Xorer.

(Via SecurityFocus.)

An open-source project called CoreAVC-for-Linux is back up and running at Google Code after a copyright tangle with a company called CoreCodec.

Google removed the CoreAVC-for-Linux project after CoreCodec said the software violated its copyright in a Digital Millennium Copyright Act (DMCA) "takedown" letter dated April 30. "We have directly verified by downloading the file from the site provided by Google Inc. that the file does include CoreCodec's copyrighted software," the company said in the letter, available at the Chilling Effects Web site.

Now the project is online again, after the company sent a reinstatement letter to Google on Sunday and posted an apology to project leader Alan Nisota in a forum posting. Apparently, the misunderstanding had to do with reverse-engineering, in which the inner workings of software or hardware are deduced from its behavior.

"The DMCA does allow for reverse engineering for compatibility purposes and hence...the DMCA takedown request was wrongly sent," a company representative said in another forum post.

"Yes, we're back. CoreCodec has given their blessing to this project," a note on the CoreAVC-for-Linux project site said.

CoreCodec sells software for Windows called CoreAVC that lets computers play video encoded with the widely used H.264 standard. The CoreAVC-for-Linux project let existing open-source projects such as MPlayer or MythTV use the CoreAVC.

(Via Dana Blankenhorn.)

I picture it happening this way. The Roman alphabet is on the run, pursued by a much larger army of Arabic characters with long scimitar-like ligatures, Chinese characters that look like throwing stars, and European peasant letters bristling with umlauts, cedillas, and tildes.

Unicode now is the most common character encoding method on the Web.

(Credit: Google)

Unicode has overtaken ASCII as the most popular character encoding scheme on the World Wide Web, Mark Davis, Google's senior international software architect, said in a blog post. Also vanquished at almost exactly the same time was the Western European encoding.

Unicode is a character encoding standard that gracefully accommodates dozens of languages as well as Roman characters with diacritical marks. ASCII, a tried-and true, decades-old standard, is limited to 128 or 256 characters and has a hard time extending beyond the range of a century-old Remington typewriter.

Unicode vanquished ASCII and Western European within 10 days in December, Davis said.

"What's more impressive than simply overtaking them is the speed with which this happened," he added, pointing to a graph showing the meteoric rise of Unicode.

Google's a fan of Unicode Web sites. When it processes data from Web sites, it converts it into Unicode first if it's not already there. That improves international search abilities.

"The continued rise in use of Unicode makes it even easier to do the processing for the many languages that we cover," he said.

Google just converted to Unicode 5.1, he ... Read more

In response to a copyright complaint, Google has taken down an open-source project called CoreAVC-for-Linux it had hosted on its Web site.

Google didn't share details, but said on the project site that it removed CoreAVC-for-Linux from its Google Code site after receiving a complaint under the Digital Millennium Copyright Act (DMCA).

CoreAVC itself is proprietary software for Windows supplied by a company called CoreCodec. The software can play video encoded with the H.264 standard.

According to a cached version of the Google Code page, CoreAVC-for-Linux provides patches to open-source media player software such as MPlayer or MythTV that enable them to use the CoreAVC software on Linux. In other words, it's for programs that connect to the CoreAVC software but doesn't actually include CoreAVC itself.

It's not yet clear who filed the DMCA complaint.

The DMCA's Safe Harbor provision protects a Web site from liability for users' actions as long as the site's operator--in this case Google--fulfills requirements such as removing infringing material once notified by rights holders.

CoreCodec appears to be a company that's got some involvement with the opens-source programming philosophy. According to the CoreCodec Web site, "Our philosophy is to (use) open source when appropriate, and when we do choose to close source a product, we strive to open as much of it as possible for third-party access."

(Via Slashdot.)

Adobe Systems is discussing potential standardization of its Digital Negative (DNG) format for digital images, a company executive has said.

Most people are fine with plain-old JPEG for their images, but higher-end cameras can produce more flexible and higher-quality "raw" photos that are encoded with camera makers' proprietary formats. Because different cameras produce different formats, companies such as Adobe whose software deals with raw files face a daunting engineering challenge understanding.

DNG is designed as an alternative to the profusion--what Adobe calls a Tower of Babel--but it hasn't caught on widely. Ricoh, Casio, Pentax, and a few other camera makers sell cameras that can record DNG files, but the two heavyweights, Nikon and Canon, along with Olympus and Sony, so far have given it the cold shoulder.

Maybe that will change if Adobe can get DNG standardized. The company has submitted DNG to the International Standards Organization for it to consider, said Kevin Connor, Adobe's senior director, professional digital imaging, in an interview with Digital Photo Pro.

He wouldn't promise anything, though.

"It's sort of premature to speculate whether a formal standard will come out of that or not," Connor said. Standardization "can take a long time, with many parties involved and different viewpoints. The good thing is that there's a discussion happening."

Standards have several advantages over in-house technology, whether proprietary like most raw formats or well documented and freely shared like DNG. Having them under control of a neutral standards body can give ... Read more

Microsoft likes digital photography enthusiasts as customers, and on Thursday plans to release a free new utility designed to keep them wedded to Windows.

Pro Photo Tools is geared for photography professionals and enthusiasts, and its first notable feature is the ability to geotag photos, or add geographic information showing where the picture was taken. Geotagging is an onerous chore with today's technology, but camera makers are working to build it into cameras, and it can pay off down the road.

Microsoft's Pro Photo Tools lets photographers geotag their photos and show where they are on a map.

(Credit: Stephen Shankland/CNET Networks)

That's because geotagging, done well, enables people to find photos by searching for the word "Paris" rather than sifting through folders with obscure filenames like IMG_5829.jpg or squinting at hundreds of image thumbnails. Until the still-distant day when computers can recognize your Aunt Polly or the Grand Canyon, geotagging holds potential as a way for people to get a handle on ever-growing digital photo collections.

"People are doing a lot more geotagging, but it's still somewhat cumbersome," said Josh Weisberg, Microsoft's director of digital imaging evangelism. "We want to make it mainstream."

Geotagging is just the opening salvo, though. Pro Photo Tools can be extended with new features; Microsoft is working on some and is considering whether to allow other companies also join in, Weisberg said.

"We've talked about making it extensible to third parties, but...It's a ... Read more

It looks like Mark Hamburg, an Adobe Systems Photoshop and Lightroom programming guru, will be leading work to give Microsoft Windows a better user interface.

And given the dramatic user interface differences between earlier and later Adobe projects that Hamburg worked on, that raises some very intriguing possibilities.

Adobe Photoshop Lightroom is used to edit and catalog photos, chiefly the raw images that come from higher-end digital cameras. Compare its design, deliberately imbued with 'personality' and 'elegance,' to that of Photoshop below.

(Credit: Adobe Systems)

Microsoft and Adobe Systems confirmed Hamburg's move on Monday, but at the time, Microsoft wouldn't share details beyond saying Hamburg would work on "user experience" for the company. However, Chicago photographer and Photoshop consultant Jeff Schewe, who caught a plane to California to attend Hamburg's going-away party, shared a lot more on his blog.

"He was heavily recruited by Microsoft and given an unbeatable opportunity to work outside his normal digital imaging field," Schewe said. "Mark was invited by (Microsoft Chief Technology Officer) David Vaskevitch to come lead a team working on the future of operating system user experience at Microsoft."

Adobe Photoshop's interface has well over a decade's worth of accumulated menus, panels, and dialog boxes.

(Credit: James Martin/CNET Networks)

Schewe also quoted Hamburg about the change: "Given that I find the current Windows experience really annoying and yet I keep having to deal with it, this opportunity was a little too interesting to turn down. ... Read more

Update 12:11 p.m. PDT: I added a comment from Adobe.

Mark Hamburg worked on Adobe Systems' Photoshop and Lightroom. Lightroom 2.0, in beta now, gets local editing abilities, shown above.

(Credit: Adobe Systems)

Mark Hamburg, a programmer who worked on Photoshop since version 2.0 and helped lead development of the newer Photoshop Lightroom, has left Adobe Systems for a new job at Microsoft.

Martin Evening, a Lightroom expert and author, reported Hamburg's new job on his blog Friday, saying Hamburg will be involved in user experience work. A Microsoft representative confirmed the new hire but didn't share further details.

Adobe praised Hamburg but said there are plenty of other programmers to carry the torch.

"Adobe has reaped tremendous benefit from the leadership of Mark Hamburg and his active role on both the Photoshop and Lightroom teams," the company said. "However, we are confident that the team he leaves behind are equally as talented and innovative. It is really their hard work and effort that has brought us great success with the launch of Lightroom, and it continues with the current Lightroom 2.0 beta."

Hamburg was named inventor of the year by the Silicon Valley Intellectual Property Law Association in 1999 and entered the National Association of Photoshop Professionals' Hall of Fame in 2003.

Photobucket, is making a significant change aimed to weave the widely used photo-sharing site more tightly into the Web 2.0 fabric.

The company is releasing an application programming interface (API) for its site, said Chief Executive Alex Welch. That means that ordinary developers will be able to build more sophisticated services around the Photobucket services and content.

Photobucket CEO Alex Welch

(Credit: Photobucket)

Photobucket already made its API available to commercial partners, but now ordinary coders will be able to get access by signing up on the Web site, Welch said. The company is announcing the news in conjunction with the Web 2.0 Expo in San Francisco.

"What's happened in the developer community is that we have a ton of developers writing applications for OpenSocial and Facebook. There's a huge appetite for writing against these APIs," Welch said, and now it's time for Photobucket to take the plunge.

Ultimately, Welch believes the move will mean more Web site traffic for PhotoBucket and potentially lucrative advertising and sponsorship deals. Toyota, for example, sponsored a Photobucket partnership with an online image-editing tool, FotoFlexer.

Missing from Welch's peer-pressure list is Flickr, a Yahoo photo site that rivals Photobucket in scale. But Walsh wasn't afraid to give his competitor some props. "I think it's a fairly well done API," Welch said. "It's been interesting to watch and learn from."

The API will let developers write applications that can be used to log in to accounts, ... Read more

Correction 8 p.m. PT: I included the wrong duration for regular Ubuntu releases. It's 18 months.

Canonical plans to release Hardy Heron, its newest version of Ubuntu Linux on Thursday, and Chief Executive Mark Shuttleworth isn't being shy and retiring about it.

"This is our most significant release ever," he said in an interview.

Ordinarily I avoid publishing such marketing superlatives, but Shuttleworth is right. Hardy Heron, also called version 8.04 for its April 2008 launch date, is Canonical's proof-in-the-pudding moment that will show whether the company can grow beyond its subsidized roots into a self-sustaining business. Ubuntu has a strong following among Linux enthusiasts, but it's Red Hat and Novell that still dominate the commercial Linux market.

The reason so much weight rests on the skinny legs of Hardy Heron is because it's only the second Linux product from the company to come with long-term support. The first LTS version of Ubuntu, Dapper Drake, arrived when the company was still comparatively immature and unknown.

Long-term support means the company releases bug fixes, security patches, and other updates for five years on the server version and three years on the desktop version, time frames more palatable to businesses than the 18-month life spans of other Ubuntu versions.

On the server, the new version has support for KVM virtualization built in and comes in a stripped-down version called JEOS (Just Enough Operating System) for software "appliances" that run on KVM or VMware. The company ... Read more