Thursday May 28, 2009 Random ramblings
Thursday May 28, 2009 One thing I very much hope, is that the Sun software group (Sun here on) and the general free-software world (which these days is equivalent to the general Unix eco-system) will continue to converge.
I hope Sun continues to engage the wider free-software using community and embrace it more fully, as it is doing with OpenSolaris (the distro) and the work to build up a wide body of packages. Specifically I think Sun should:
- Consider an X.org-like splitting of large consolidations into many small, loosely-coupled projects. This would be far more inviting to "scratch an itch" participation than the current GB+ sized consolidations, and I think it would also have a beneficial decoupling effect on processes within Sun.
- Get over the GPL. Re-examine the value in having the underlying, core OS be technically free-software, yet licence-incompatible with most of the rest of the free software world.
Simply put: It's a divisive measure, by design - especially when Sun is seen to be happy with the GPL for other projects. It sets OpenSolaris aside from other communities. It greatly hinders code re-use. The costs of this are definitely high, the benefits uncertain.
- Contingent on resolving the said incompatibility: Don't re-invent things without need. If possible, where multi-vendor projects/frameworks to common Unix problems already exist, favour working with those projects to extend them to OpenSolaris. Divergence costs end-users time (in having to learn different technologies/UIs) and it costs Sun resources (because Sun will not benefit from multi-platform/vendor development and maintenance).
I hope the greater free-software using world also considers more carefully the importance of Sun to it. Sun has long contributed both code and technologies to the Unix eco-system and to free software. Further, the Unix eco-system has always been distinguished (e.g. from Wintel) by its healthy competition. Regardless of which Unix (inc Linux) you favour, the presence of strong, competing Unixes benefits you - even if don't like everything about them. It may be useful to keep that in mind.
I really believe that the best future for OpenSolaris demands much greater co-operation and inter-mingling with other free software projects. I hope Sun does too, and I hope the greater community will encourage and welcome them.
(See you at my new blog).
( May 28 2009, 07:25:06 PM IST ) Permalink Comments [3]
Sunday April 26, 2009 The UK is projected to borrow £175bn over the next 2 years. The UK is projected to spend approximately £16bn in total, through to 2010 on the Afghanistan and Iraqi wars. Precise figures seem hard to find, but some £7bn approx had been spent through to 2007, so a figure of around £6bn seems a reasonable, rough projection for 2009-2010 spending (winding down in Iraq has been matched by escalation in Afghanistan). These figures are, it seems, by and large supplementary to the main UK DoD budget of circa £36bn/annum.
So something like 3% of that massive 175Bn of borrowing is simply going toward that remaining, failed project of Blair in Afghanistan. That's a huge burden. Will UK tax-payers accept cuts in public-services, while paying for continuing, futile, death and destruction in Afghanistan?
( Apr 26 2009, 03:53:06 PM IST ) Permalink Comments [0]
Tuesday December 09, 2008 Why the Great-British-Pædowall is a dumb idea
It seems all my HTTP traffic to various sites, including wikipedia, blogger and blogspot, is being transparently rerouted through a Squid proxy by my ISP. This proxy checks the URIs against a block-list provided by the Internet Watch Foundation, and returns 403s for any URIs deemed to contain potentially illegal material - particularly any material of pædohilic interest.
Now, don't get me wrong, I'll stand in line with everyone else to condemn those depraved and sick people who would participate in the abuse of children. However it seems, in all the calls of "Won't someone think of the children?", that we've managed to throw the important principle of proportionality out the window by filtering everyone's internet. This is just a fantastically dumb idea, given the low efficacy of this system relative to the impact and risks imposed on law-abiding society generally.
It's still trivial to share illicit images via HTTP, as there's just no way the IWF can stay ahead of all the new images posted to all the various image and file sharing sites across the internet. Even if they could make a dent on HTTP file-sharing, there are various other protocols - some even designed specifically for encrypted sharing of files.
The impact of this filtering system on generally, law-abiding users:
- Adversely affects latency and throughput of internet traffic, HTTP particularly, but all other traffic too
- Adds complexity and so can not avoid decreasing forwarding reliability of all internet traffic, and even more so for HTTP traffic
- Increases costs, particularly for smaller ISPs:
- The IWL charge £5000/annum for their block-list
- More expensive routers may be required, capable of matching and rerouting certain HTTP traffic based on their IP address
- Additional servers are required, to run the URI matching proxy
- Requires traffic be backhauled to the virtual-ISP (rather than opt to have BT manage the IP layer)
- Decreased reliability incurs indirects costs on customers when there are outages.
- The cost of collateral-damage: E.g. many british wikipedians found themselves unable to edit wikipedia because of bans on their ISPs proxy address[1]. This is just a high-profile example, most will go unreported.
- I know what you're browsing
The filtering proxies must maintain state on all active HTTP requests, which becomes easily available (at a minimum) to employees of the ISP. Further, poor security practices and/or configuration mistakes can allow this information to be viewed by others (e.g. all customers of the ISP, as was the case for quite a while with at least one UK ISP). Obviously, historical logging of requests is trivial to enable.
- Mission-creep
Systems deployed today to filter out child-abuse images may tomorrow be appropriated for less universally welcomed purposes. E.g. why stop at child-abuse, why not track copyright infringers (another horseman of the internet apocalypse)? This infrastructure could very quickly be appropriated for more sinister purposes.
Basically:
- Efficacy: 0.
- Impact: high.
- Apparatus ready to be abused by next unscrupulous PM: Installed.
1. Even funnier/tragic is that the IWF blacklisted an article URI, rather than the URI of the offensive image - so the latter is still viewable (e.g. use google cache to view the article). Basically, the UK have made people who seem ignorant of how the internet works the gatekeepers to it.
Update: There's a really interesting thread at UKCrypto about this - posts by Clive Feather and Peter Sommer are particularly interesting (thanks to murb).
There's another aspect to all of this: As the IWF, though governmentally-recognised, are a private organisation they are not covered by the Freedom of Information Act. So this system is completely out of the reach of the powers of oversight available to the general public, despite it having been put in the place at the behest of the government, by the threat of regulation.
Also, its worth noting that one possible argument for the efficacy of this system is that it protects ordinary people from accidentally being exposed to this material. However this argument appears to be struck down by, apparently learned, commentators in the above discussion who point out that is extremely rare (to the point of being almost unheard of) to accidently stumble on child abuse images.
Certainly, in my experience of using the internet for 14 odd years, I don't recall ever seeing anything approaching such. At least, not until the IWF managed to publicise a certain image on Wikipedia...
( Dec 09 2008, 03:16:24 PM GMT ) Permalink Comments [1]
Wednesday July 02, 2008 When is a Sunni fundamentalist terrorist not a terrorist?
.... Why, when they're Baluchistani 'dissidents' agitating against the Iranian regime, of course! One could perhaps predict that in 20 odd years time Baluchistanis will be identified as being behind some terrible terrorist attrocity committed in the west, but then one would need a basic sense of history!
In other news, Nelson Mandela and other ANC members have been taken off the US terrorist watch lists. ANC terrorism of course was not terrorism, but instead the noble, indiscriminate maiming and killing of people who would have gladly volunteered to have died for freedom had they been offered a chance (and those who wouldn't have must have been apartheid lovers). Anyway, it seems the only way off the terrorist watch-list (besides being a US Senator or buddies with the head of the US DHS) is to be a successful terrorist..
In other news, scientists have discovered a new shade. Said to be neither white, nor black, it has tentatively been named 'grey' and even may possibly form a continuum. It is speculated the world may in fact be full of it...
( Jul 02 2008, 04:55:55 PM IST ) Permalink Comments [0]
Saturday May 31, 2008 Howto share your web-browsing experience...
- Get an account at a bookmark-aggregation site, e.g. ma.gnolia (del.icio.us if you prefer, but their HTTP RPC API seems to be unreliable).
- Add their "bookmark a site" smart-booklet to your browser's toolbar, and/or install their browser extension (GNOME's epiphany browser already supports ma.gnolia and del.iciou.us - install the epiphany-extensions stuff). Ma.gnolia have a nifty, web-2.0, AJAX bookmarklet thing that's quite cool.
- Link to your bookmark-aggregation account's feed from your site, so that those who are interested may subscribe to it.
- Consult the documentation of your bookmark-aggregation site to see if they have some handy javascript you can stick in the template of your blog that auto-includes your latest bookmarks in a side-bar (e.g. ma.gnolia do - see my blogs web site).
- If you have a social-network profile, check if a plugin is available to connect your bookmark-aggregation account together with it.
- Don't enable your bookmark-aggregation site's "post linkroll to blog" feature, especially not if you already know your blog is syndicated by blog aggregators (if you don't know, it probably is).
Really, despite what your ego says, your web-browsing habits are unlikely to be more interesting than the various mechanisms that your bookmark/tag aggregator already supplies for finding interesting links, which other people already use, cause link-rolls are tedious..
This was originally a comment on another blog, but either I forgot to hit "submit" or it got deleted.
( May 31 2008, 12:34:19 AM IST ) Permalink Comments [1]
Thursday May 22, 2008 The Security-Industrial Complex
This piece in the Rolling Stone magazine on China's surveillance state is well-worth a read.
This piece finally gives me a sense that perhaps I can understand the economic (i.e. corporate) motivations behind the ever-increasing dominance of security in civil life, something that has puzzled me for a while. For example, the military-industrial complex clearly is a factor* in the USA's use** of military-intervention as a foreign policy tool. However, I could never understand the bias that many western-governments have shown against freedom, in favour of encumbering us with, sometimes absurd, security measures. In my naivety, I thought it had something to do with some kind of "psychology of fear"-as-political-tool - not thinking of the security industry itself as being a significant driver.
This piece though puts it into perspective. Just as there are large industrial interests driving military spending, via a revolving door between the military, the government and the industry, so that piece makes it clear there are similarly large industrial interests, and a similar revolving door (except perhaps substitute police for military+) around security. This security-industrial complex is helping to drive the security policies of our western governments, and so cause growing amounts of public (or governmentally-mandated) spending to be sent their way. Given this encompasses spending on data-retention (private spending, by EU directive), national identity databases (UK), and so on, the amounts are not quite insignificant.
It's important to realise that security-service++ spending is at best of indeterminable utility+++. At worst, it may largely be wasted, other than to a small number of people who manage to make a lot of money for little work. Further, even if there is some utility to this security spending, that money may have achieved more had it been spent elsewhere, e.g. education, research, health-care, etc. Given the dubious utility of such security spending, the opportunity costs may well be far more significant than the amount of that spending itself.
Sadly I've little confidence anything is going to change in the near future. I'm vaguely hopeful though that eventually some nations will gain a competitive, economic advantage from foregoing massive-spending on security-theatrics and so influence other states. At least now, I think, I have slightly less naive understanding of it..
* In the sense that there is clearly a strong feedback loop in the USA of high military-spending sustaining significant military-industrial interests in the USA, which lobby to have the USA sustain its high level of military spending. The end-result is a state heavily invested in military power.
** Not that I claim that other nations are more enlightened. Just that most don't have anywhere near the same military dominance***.
*** I.e. I'm uncomfortable with militarism, not nations.
+ There's also a revolving door between the military and the police forces. Many coppers seem to be ex-armed-forces in the UK at least, though I don't have hard data.
++ Note that I say "service". Money spent on research, e.g. face-recognition, low-energy, x-ray tomography of passengers, might find other applications. An X-ray scanner operator though is not contributing as much to society, in that capacity, as they might otherwise. Also, I'm thinking mostly of the kind of additional spending on indiscriminate surveillance, data-mining and check-points prevalent since 9/11, rather than spending on more traditional security, policing and civilian intelligence.
+++ Exactly how dubious, no-one knows. There is this, though it talks of the opportunity costs of terrorism rather than just of security spending - related, but not quite the same (i.e. implicit in my opinion above is that the current security theatrics are essentially useless in terms of preventing any future terrorism). I don't know of the studies into this, would be interested to hear of more.
( May 22 2008, 06:59:05 PM IST ) Permalink Comments [0]
Sunday January 27, 2008 Copyright in a digital era, how does that work?
If I see a programme in the EPG of my TV, on a "Freeview" channel (UK DVB-T digital telly channels), that I'd like to watch but can't at that time and if I then later instruct my computer to download that broadcasted programme via P2P, am I violating the copyrights of the rightsholders of that work?
(Imagine I am in a jurisdiction which recognises time-shifting as "fair-dealing" or "fair-use", as is the case in both the UK and Ireland. Imagine also that the downloaded programme will not be of appreciably better quality than the DVB-T MPEG stream my TV would have received. Does the answer change if I can not be certain the downloaded copy was made from the broadcast (e.g. if it was a film say, rather than a programme specific to the Freeview channel)?).
( Jan 27 2008, 01:00:01 PM GMT ) Permalink Comments [0]
Friday November 30, 2007 Gone in a Flash: The Disappearing Web
Is it just me or is web content (ignoring video) disappearing from the web, slowly transforming into opaque blobs of a proprietary format? Things that once were described in some flavour of text, now are engulfed in a form so inscrutable that even the clever folks at Google do not seem able to index it (at present). E.g. the Nokia Products comparison page , which was till recently HTML/Javascript, has been reimplemented in Flash. The functionality is the exact same, except that the UI widgets now no longer conform to the look/feel of my platform, and it no doubt takes more CPU time.We might wake one day to find we've handed a good chunk of the web to a single source (particularly with respect to content-creation tools). But, meh, who cares - it doesn't matter, now does it?
( Nov 30 2007, 03:06:08 PM GMT ) Permalink Comments [1]
Saturday September 29, 2007 About Me Howto, aka Insecurity Questions
My place of birth is a matter of public record, not too hard to find - if you know even a little about me, you'll likely know to start looking in the Netherlands. If you find that record, you'll know my mother's maiden name too (it's a good Wexford name).
Details of various places I've lived in or near, and all the schools I've gone to, may be on-file with various companies, through my CV. You can probably figure out a good deal of it with a mild googling.
My dog's name is known to a good few friends, all neighbours and many people in my family's town - just go to the green by Woodside and wait for my mother to walk him, and you'll hear her call him "Buddy". Oops, let that cat out of the bag! Speaking of cats, my family's long-dead cat was called "Cuddles", and my mother's been minding a stray we call "Bonnie" for years now.
I don't really follow football (it was far more fun playing it..), so I don't really have a favourite team now, but I did have a big poster of Johan Cruyff in my bedroom as a boy (you'll take a guess that that must have been early 80s, from your visit to NLs radio city).
Don't really have any favourite colour, but if you've seen me around, you'll know my clothes tend to be a certain colour (a darker shade of it, often).
My favourite food is, is... Well, that's too difficult to answer! (As someone pointed out, you'd have to never eat anything new again to answer that one and have a hope of recalling your answer later).
On a different subject, what's with those really dumb sites which let you change your password based on very unsecret personal details? For what it's worth, I will try avoid doing business with you, if possible.. It's not worth the hassle of remembering invented answers (National-Lottery.co.uk lost potential £6 today cause of such dumb questions).
End the madness 
Thursday March 23, 2006 HEAnet benchmarks their Try/Buy T2000
Colm MacCarthaigh, of world's busiest webserver (probably) fame, has posted his Niagara T2000 benchmark results, comparing T2000 against Dell Xeon and Itanium (see also his earlier first results looking at single-thread I/O and scheduler latency).
The summary is that the T2000 gets more than twice the peak requests/sec (5718 req/s Vs 2712 req/s), with significantly better latency under load, for just shy of half the power consumption and at less than half the price of the Itanium . Also cheaper than the Xeon, which the T2000 completely demolishes on concurrent performance.
Corrections: Fix name of HEAnet, spelling of Colm's surname and change 'fastest' to 'busiest'
( Mar 23 2006, 02:15:43 PM GMT ) Permalink
Monday December 05, 2005 "Report on the Use of Safety Cameras"
The Department of Justice recently released the working group on speed cameras' Report on the Use of Safety Cameras. The report examines "safety cameras" (nice bit of double-speak there) in the context of the proposed move to 'out-source' their operation from the Garda Síochána to the private sector (it's silly to have trained police operating cameras).
More paranoid motorists have long been cynical of some of the motivations behind speed limit enforcement. This report, in plain english, confirms the views of the cynics. Some initial highlights:
- Goals:
Firstly, it sets out the goals of "safety cameras" in terms of reducing speed and increasing compliance of drivers to posted limits - a completely self-serving goal.
There is scant mention of the real point of "safety" in the objectives, namely to reduce death and injury on the roads. It is accepted as fact, in a supporting section immediately following the objectives, that speed == increased risk, even though actual facts presented later in the report utterly contradict this naive view (the safest roads in the country are also the ones with the highest speeds, i.e. motorways and dual-carriageways). There is no examination at all of the actual effect of safety cameras on road safety, as you might think appropriate for a report that took 2 years to produce, just bald, naive assumption that they're a good thing.
We could probably let this slide given general examination of road safety was not in the remit of this working group, but then the group shouldn't have tried to state objectives for speed cameras in these terms.
- Metrics:
The metrics by which the success of "safety" cameras are to be judged are again self-serving, how many vehicles are checked, how many offences are detected, the rate of issue of fixed charge notices.
Measuring the effect on accident rates, and qualifying success by this metric is not mentioned at all. The cynic of course would think this is because such a metric would interfere with the more important metric of issuing fixed charge notices (and the cynic's view is further confirmed, as we shall see).
- Funding:
The report examines how private sector out-sourcing would be funded. It expects that initially the revenues will be "considerable", but will fall dramatically as more and more cameras come into operation and eventually motorists become generally compliant, though remaining high enough to cover the costs of the operator (and presumably their expected ROI). Initial revenue to the exchequer is projected at €70 million.
Here are the interesting, nay, nonsensical parts. The report recomends:
- Disproportionate enforcement on the safest roads.
For motorways, which carry 3% of traffic volume but have %0.7 of fatal accidents (%0.5 of "speed related" accidents), and dual carriageways, carrying 4.4% of volume but %1.8 of fatal accidents (%1.0 "speed related"), the report recommends that each have about 2% of speed-camera-hours.
So 4% of camera-hours are to be spent on the safest 7.4% of traffic volume, on roads accounting for just 1.5% of fatal "speed related" accidents. The cynic would point out that these roads are the "juiciest" targets because of their volumes.
- Revising speed limits on roads where people do not transgress.
The absolute gem in the report though is the following direct quote on page 14, regarding the selection of camera sites with respect to the posted limit:
1. The private operator will carry out a speed survey over a specific time period at the site. If the 85th percentile speed is above the actual speed limit (ie. 15% of drivers exceed the speed limit) the site will be considered for enforcement. If the 85th percentile speed is below the actual speed limit, the Gardaí will propose to the local authority that it consider reviewing the actual speed limit;
Quote astounding; set the limits to ensure there will always be about 15% of people breaking the limit (the cynic would say to make sure the camera is paid for, but he's busy having convulsions). The only defence here is if this is done only for roads with high rate of accidents, which the appendix recommends, but it's difficult not to be cynical about this when revenue will become a consideration as compliance increases, as the report anticipates. Further, if the road has a very low accident rate, do you think they'll raise the limit?[1]
What a joke. You have to wonder if there's anyone with half a clue in the DoT. There must be clever and studied people there, yet no one appears capable of realising that formulating road safety policy mostly along the accepted "politically correct" dogma of "Speed baaad" has gotten us relatively nowhere (the other dogma, the more Irish problem of drink-driving, on the other hand has had an effect).
1. Setting speed limits according to the 85th percentile is common practice around the world. It has some serious problems. E.g. the 15% percentile is rather arbitrary. The bulk of the 15% of drivers above the limit are not per se the ones who cause accidents, particularly those in the 85th to 90th percentiles, who are likely quite competent. Further speed limits and accident rates do not strongly correlate. The main goal of 85th percentile limits are simply to allow majority of motorists to be in compliance (or maybe, to still leave a significant number out of compliance).
PS: FWEIW, I actually think speed limits are too high in many cases, particularly in suburban settings (50km/h here in Ireland). 20% of fatalities occur on local roads, according to this very report. It is in these settings where lower speeds could have the most dramatic effects on RTA fatality rates. Limits in suburban/local settings should be 30km/h IMHO, as on the continent.
Limits on safe roads like the motorway should, IMHO, be increased - significantly. To 160km/h at a minimum, preferably 200km/h. Remember, it's a limit, not a mandatory speed, the vast bulk of drivers will settle on what they consider to be a safe speed according to the 85th percentile rule. Only training and road awareness can affect safety after this. Penalising competent drivers for exceeding an arbitrarily low limit on quite safe roads is insane. Even worse, the absolutism of our system mean that you can face a greater penalty for exceeding a limit on a motorway than a proportionally greater infringement on a local road (the latter class being where excess speed is proportionally the more dangerous), e.g exceeding the 120km/h motorway limit by 65km/h (55%) versus exceeding the local road 50km/h limit by 30km/h (60%). The former can land you in court IIRC.
Enough ranting though.
( Dec 05 2005, 11:29:22 AM GMT ) Permalink Comments [2]
Saturday May 14, 2005 Yesterday's security research today!
Must be a slow week in security research land. First "news" that IPSec could be configured insecurely! which IPSec implementors have known about for ages and had already taken steps to ensure the user was warned if AH was not configured. Then a shock announcement that HyperThreading is harmful because it could allow a timing attack against OpenSSL RSA, an attack which has been known about for years and which has had a defence implemented in OpenSSL for only, oh over two years now.
Anyway, I'm off to browse the wayback machine now, to see if I can predict next week's shock security news...
[Update: Turns out the previous SSL RSA attack was different, so this is a new attack. A very difficult one though]
( May 14 2005, 12:37:35 AM IST ) Permalink Comments [0]
Monday May 09, 2005 Rde has an excellent little rant on creationism.
(warning: Link unsafe for those unable to comprehend that the book of Genesis was not meant to be taken literally, or an authorative work on how the universe came to be, but at best a metaphor, if not just simple supposition on how we might have been created, as imagined by Aramaic man a millenia or three ago. And damnit, but aren't Christians supposed to focus on the second half of that book? The bit with the "blessed are the meek" and "let he is who without sin cast the first stone" type stuff?). ( May 09 2005, 01:43:58 AM IST ) Permalink Comments [1]
Friday May 06, 2005 Sigh.. all too often I see the following in my RSS reader (liferea):
There were errors while parsing this feed. The following error occurred:Entity: line 61: parser error : EntityRef: expecting ';'Microsoft Peddles Unused R&D To Eager Startups ^ You may want to validate the feed using FeedValidator.
If you're writing an RSS generator (no matter which kind): Encapsulate user-supplied data in CDATA. The title, the description, the author's name, everything, and most especially the actual item entry.
That's worth saying again: USE CDATA!!!
It's amazing how many badly broken RSS generators there are out there. Then there are the aggregators that try to aggregrate all these god-awful broken RSS XML feeds into a single feed, often re-escaping possibly already escaped HTML entitities rather than just USING CDATA LIKE THEY SHOULD. It's not even like outputting good robust RSS/XML is that difficult, if you just blinking USE CDATA TO ESCAPE USER SUPPLIED CONTENT.
There's a lot more to rant about wrt RSS generators and aggregators, eg the damn annoying tendencies of some generators and many aggregators to keep changing the 'pubDate' attribute (no no no, change lastUpdated), but hopefully Atom will fix that.
end-rant
( May 06 2005, 03:18:28 AM IST ) Permalink Comments [0]
Friday April 01, 2005 Jason Salkeld blogged about how to find the package a file belongs to and included this command:
grep /usr/sbin/fuser /var/sadm/install/contents | awk '$2 ~ /^f$/ {print $NF}'
Two problems:
- as someone else already noted, grep piped to awk is redundant.
- Using a regex for an absolute match on a field is overkill
The following would be more efficient (well, notionally at least... ;) ):
awk '$1 == "/usr/sbin/fuser" && $2 == "f" { print $NF }' /var/sadm/install/contents
Note that the above assumes that awk is either a shell alias for or that the executable is a symlink to either GNU Awk or nawk. (GNU Awk appears to be the more efficient of the two, for this command at least).
( Apr 01 2005, 07:00:35 PM IST ) Permalink Comments [0]
