With the desktop Linux adoption rate steady in the statistics and flamewars (and sometimes discussions) about the reasons, the real rate passes nearly unnoticed. What am I writing about? Embedded devices. A high percentage (of not the majority) of consumer-range DVD players run Linux. And what about small routers connected to the cable modems (or ones including the cable modem functionality)? They're also running Linux. It's not that rare to have two or more Linux devices at home. With or without knowing.
How does it affect the Linux desktop market? It seems that it doesn't. Directly, that's probably true. Indirectly, however, desktop Linux machines often use the same elements embedded Linux devices do. It can mean drivers available. Or, at least, specifications. I have already noticed that there have been less and less driver-related Linux problems. A newbie usually can find all drivers for his/her hardware. If it's not included by default, of course. There are other reasons of the faster avalibility of different drivers, but the rate of 'hidden' Linux devices plays its' role here.
The Economist has a balanced editorial on why DRM doesn't workfrom (mostly) consumer's point of view.
But, more or less at the same time we also have the IP Criminal Measures directive. What has IP infringement with terrorism? Hard to tell. In the meantime it makes 'commercial scale infringements' of IP rights a criminal offence. FFII reports that many things are not clear at all.
Etch is now Debian stable. One of the most important additions is an official AMD64 support. The webpage is not up-to-data in certain parts, however, like the port descriptions, for instance ARM portwhich is still about plans for Etch...
Still, normal users (not server administrators) should rather choose lenny/sid.
It's not a secret that if you're an researcher, you can get ISP traffic for your research. It is (or at least should be) anonymized, however.
It has been revealed recently that data about user traffic is also sold(check also here). It looks it was about US market. Is it the same in EU? I guess the answer is yes.
Suprise? Rather not. What's more, the thing is rather not regulated in most countries, there's also nothing about that when you subscribe for your Net access. It seems logical. Website-based tools do not give very acurate results, because you can deal with them using Adblock and such things. The request that come from your machine... That's another source for analysis and a very good one.
Then we come to EU data retention, which does look like a distant subject, but it is not. What is the data to be stored under the retention law? The same thing that I think is sold (probably in slightly more aggregated form). That rises an concern about the use of the stored data. Having it on the disks will make it much easier to sell in huge volumes and also run certain data mining techniques and then sell the results. With or without notifying the users. Legally or not. With such amount of data (in Poland the project has 5 years of mandatory data storage, when EU max is 2 years) it's easy to imagine that the data will leak. What we currently have may be just a start of that.
Should the users be notified that their habbits, even websites they visit are (or will be) monitored? I think they should. Clearly notified.
The defence is encryption. Unfortunately not so many sites support it (banks and financial institutions are exceptions here). Also, there are sites where passwords fly unencrypted, sometimes even clearly in the URL line. Trying not to use sites without even basic security is quite hard. Every unencrypted action (most of web browsing, many IM messages, emails etc) just travel the Net in plaintext. Are you aware of that?
I trace the change of atmosphere around DRM(and I don't write about FLOSS-related websites here, they have unchanged opinionsince the appearance of the whole thing). Not more than a year ago I thought that DRM-like solutions will be finally implemented and the user would have no choice different from not buying the equipment at all.
And now? Jobs writes against DRM, in fact. That caused criticismfrom the media industry, of course. The question, about the costs and benefits of DRM and if it makes sense to implement it at all, has appeared in the places I have not expected. That's definitely positive.
The context of the media-related discussion is the ease to crack HD DVD and Blu-Ray. That issue is a clear example of one major vulnerability the systems have: key distribution. The ones leaked can be, theoretically, blocked, but what if it happens in a case of popular hardware? Imagine hardware sold in milions of copies (quite possible, in fact). Will the producer risk unhappiness of the clients and the need to change at least a part of firmware for all of them? It's also interesting to compare the costs of development of those solutions and the time it took to break them. The question is, was there a better way to spend all that money?
Another news is that there's now an OS with heavy DRM build-in. It will show how much it affects usability. First reviews seem to be rather negative...
On the other hand, the market of non-DRM books and music is quite well if you only search for it. See, for instance Baensand Jamendo.
So why the title 'DRM: a few years earlier'? The DRM issue is not yet solved and it's flowing. I think that from the perspective of the next 10 years we will consider current times as the moment when the whole thing was decided. Ans what will the decision be? I'm quite optimistic. I think that some kind of DRM will survive, but only for limited uses, not the popular market.
Wired reports another clock skew-based attack. In fact, it's just an addition to another attack presented in 2005. This time clock akew is affected by the system load (and temperature change).
I don't find this attack usable against servers with average (and higher) load or those running more services, as it'd be very hard to be sure what has changed the clock skew. On the other hand, as one of the methods, with more different tests, it may be fine.
It should be noted that there are more and more attack agains cryptographic systems (anonymity systems like Tor use cryptography heavily) that are indirect, like all timing or cache attacks. It's quite an interesting thing and it has a number of reasons: such attacks are easy to deploy, but hard to defend against. And, probably the most importat thing: they use features which are not taken into account when creating a cryptographic protocol.
I think there are more such attacks comming. Who knows which one, and using which feature, will be the easiest to use in practice.
One of the main news of the last week was about 30 serious bugs found in Firefox. Comments posted just after that are very interesting and show some important thing: about people reactions, the way such thing can cause FF vs IE flame-wars and so on.
Finally, it looks that it was just a joke. It's still worth it to think about an emergency plan when something like that happens to your most important application. Or if it's worth acting at all.
I have thought that data retention is suse in the EU. It seems that it's not the case. Heise.de is writing about an reportfor German parliment about the changes needed to implement data retention directive. It concludes that it may be impossible without getting into conflict with constitution-backed rights.
It's quite interesting as I have not seen many opinions stating that storing detailed connection data breaks the right to privacy.
I'm not very optimist about this. I guess the directive will be finally passed (with anonymous networks growing and new solutions beeing introduced), but it's worth watching how the situation progresses.
After the recent London eventsI expect new privacy-related initiatives.
Biometric passports are (at least here in Europe) nearly certain. With open questions about the data stored, methods of accessing the data and so on.
In Poland, for example, biometric passports will be released from August 28, this year. The regulations are so general, that all you can learn about the way the data is written is that 'it's on the chip'. There's no single wordabout data security. I'd like to know, at least, if the data is encrypted and how is it protected from unauthorized access. Also, there's nothing about the way the data is stored in the databases (it's a good guess that there's one) and who has access to it. And, well... what's exactly stored? Ironically, the Ministry's site is stating that biometrics is used to protect against identity theft.
I have also read a number of discussions about the recent events and earlier, about privacy concerns. There's a very visible contrast in attitues. Many people are ready to give up much of their freedem to have (an illusion of?) security. What's more, it's not uncommon to read something that has similar meaning to 'if you're not an terrorist, why are you against police reading your emails?'.
with new Nanoblogger (previous got deleted at some point), spam removed...Just back to work.
Update 06.08: Move seems to be done. A number of things has changed between the versions.