How does it affect the Linux desktop market? It seems that it doesn't. Directly, that's probably true. Indirectly, however, desktop Linux machines often use the same elements embedded Linux devices do. It can mean drivers available. Or, at least, specifications. I have already noticed that there have been less and less driver-related Linux problems. A newbie usually can find all drivers for his/her hardware. If it's not included by default, of course. There are other reasons of the faster avalibility of different drivers, but the rate of 'hidden' Linux devices plays its' role here.

But, more or less at the same time we also have the IP Criminal Measures directive. What has IP infringement with terrorism? Hard to tell. In the meantime it makes 'commercial scale infringements' of IP rights a criminal offence. FFII reports that many things are not clear at all.

Still, normal users (not server administrators) should rather choose lenny/sid.

It has been revealed recently that data about user traffic is also sold (check also here). It looks it was about US market. Is it the same in EU? I guess the answer is yes.

Suprise? Rather not. What's more, the thing is rather not regulated in most countries, there's also nothing about that when you subscribe for your Net access. It seems logical. Website-based tools do not give very acurate results, because you can deal with them using Adblock and such things. The request that come from your machine... That's another source for analysis and a very good one.

Then we come to EU data retention, which does look like a distant subject, but it is not. What is the data to be stored under the retention law? The same thing that I think is sold (probably in slightly more aggregated form). That rises an concern about the use of the stored data. Having it on the disks will make it much easier to sell in huge volumes and also run certain data mining techniques and then sell the results. With or without notifying the users. Legally or not. With such amount of data (in Poland the project has 5 years of mandatory data storage, when EU max is 2 years) it's easy to imagine that the data will leak. What we currently have may be just a start of that.

Should the users be notified that their habbits, even websites they visit are (or will be) monitored? I think they should. Clearly notified.

The defence is encryption. Unfortunately not so many sites support it (banks and financial institutions are exceptions here). Also, there are sites where passwords fly unencrypted, sometimes even clearly in the URL line. Trying not to use sites without even basic security is quite hard. Every unencrypted action (most of web browsing, many IM messages, emails etc) just travel the Net in plaintext. Are you aware of that?

And now? Jobs writes against DRM, in fact. That caused criticism from the media industry, of course. The question, about the costs and benefits of DRM and if it makes sense to implement it at all, has appeared in the places I have not expected. That's definitely positive.

The context of the media-related discussion is the ease to crack HD DVD and Blu-Ray. That issue is a clear example of one major vulnerability the systems have: key distribution. The ones leaked can be, theoretically, blocked, but what if it happens in a case of popular hardware? Imagine hardware sold in milions of copies (quite possible, in fact). Will the producer risk unhappiness of the clients and the need to change at least a part of firmware for all of them? It's also interesting to compare the costs of development of those solutions and the time it took to break them. The question is, was there a better way to spend all that money?

Another news is that there's now an OS with heavy DRM build-in. It will show how much it affects usability. First reviews seem to be rather negative...

On the other hand, the market of non-DRM books and music is quite well if you only search for it. See, for instance Baens and Jamendo.

So why the title 'DRM: a few years earlier'? The DRM issue is not yet solved and it's flowing. I think that from the perspective of the next 10 years we will consider current times as the moment when the whole thing was decided. Ans what will the decision be? I'm quite optimistic. I think that some kind of DRM will survive, but only for limited uses, not the popular market.

I don't find this attack usable against servers with average (and higher) load or those running more services, as it'd be very hard to be sure what has changed the clock skew. On the other hand, as one of the methods, with more different tests, it may be fine.

It should be noted that there are more and more attack agains cryptographic systems (anonymity systems like Tor use cryptography heavily) that are indirect, like all timing or cache attacks. It's quite an interesting thing and it has a number of reasons: such attacks are easy to deploy, but hard to defend against. And, probably the most importat thing: they use features which are not taken into account when creating a cryptographic protocol.

I think there are more such attacks comming. Who knows which one, and using which feature, will be the easiest to use in practice.

Finally, it looks that it was just a joke. It's still worth it to think about an emergency plan when something like that happens to your most important application. Or if it's worth acting at all.

It's quite interesting as I have not seen many opinions stating that storing detailed connection data breaks the right to privacy.

I'm not very optimist about this. I guess the directive will be finally passed (with anonymous networks growing and new solutions beeing introduced), but it's worth watching how the situation progresses.

Biometric passports are (at least here in Europe) nearly certain. With open questions about the data stored, methods of accessing the data and so on.

In Poland, for example, biometric passports will be released from August 28, this year. The regulations are so general, that all you can learn about the way the data is written is that 'it's on the chip'. There's no single word about data security. I'd like to know, at least, if the data is encrypted and how is it protected from unauthorized access. Also, there's nothing about the way the data is stored in the databases (it's a good guess that there's one) and who has access to it. And, well... what's exactly stored? Ironically, the Ministry's site is stating that biometrics is used to protect against identity theft.

I have also read a number of discussions about the recent events and earlier, about privacy concerns. There's a very visible contrast in attitues. Many people are ready to give up much of their freedem to have (an illusion of?) security. What's more, it's not uncommon to read something that has similar meaning to 'if you're not an terrorist, why are you against police reading your emails?'.

Update 06.08: Move seems to be done. A number of things has changed between the versions.