Google’s use of Java APIs ruled “fair use”

I’ve been following the Ars coverage of the Oracle v Google trial regarding whether Google’s use of Java APIs is “fair use”. I didn’t think Google would win, but was pleasantly surprised when the jury decided in their favor. Hurrah!

However, just because Google won, doesn’t mean that companies can indiscriminately copy APIs and have it fall within “fair use”. It seems safest to me to make use of APIs that fall under an open source license. That way, the code individuals and companies write can more easily be run against competitive API implementations without being held hostage by the owners of the original API.

URL shorteners can compromise security

It’s useful to shorten long URLs, especially when sending them in tweets and in text messages. An LWN.net article helped me learn that they can be a security risk:

URL shorteners such as bit.ly and goo.gl perform a straightforward task: they turn long URLs into short ones, consisting of a domain name followed by a 5-, 6-, or 7-character token. This simple convenience feature turns out to have an unintended consequence. The tokens are so short that the entire set of URLs can be scanned by brute force. The actual, long URLs are thus effectively public and can be discovered by anyone with a little patience and a few machines at her disposal.

Around 7% of the OneDrive folders discovered in this fashion allow writing. This means that anyone who randomly scans bit.ly URLs will find thousands of unlocked OneDrive folders and can modify existing files in them or upload arbitrary content

— VITALY SHMATIKOV