New Application of Old Technology
on
Sensors Gone Wild
·
· Score: 5, Interesting
The world's navies have been identifying ships using magnetic signatures for decades; sophisticated mines exist which can not only distinguish friendly ships from those of the enemy from their magnetic signature, but use a combination of of the acoustic and magnetic signatures of a vessel to identify a particular ship (e.g. to distinguish one Ticonderoga class ship from another). This enables the laying of a minefield that will ignore the signatures of low value units such as minesweepers, frigates and destroyers, and only explode when a particular enemy carrier passes overhead.
One imagines that an intelligence agency wishing to assassinate a foreign president/dictator could achieve similar success using the sensors described in the Forbe's article - they need merely tune the sensors to the signature of the target's limo, and lay them on a public road on the way to his residence.
The UK Campaign for Digital Rights was established last year specifically to campaign against the European Copyright Directive's implementation in the UK. It has held a couple of mini-conferences on the topic already.
We are completing our analysis of the implementation paper at present. Those wishing to see significant change in the draft before enactment face two problems:
1. The EUCD will be implemented by statutory instrument, which means there will be no debate in the Houses of Parliament. Forcing a debate to be held requires the co-operation of a number of members of parliament.
2. The UK is permitted little lee-way in enacting the EUCD. Whilst the Directive itself allows for a certain degree of flexibility in some areas, the UK cannot stray from the path set for it by the EU without risking punishment from Brussels. To a significant extent, our hands are tied, therefore.
That said, the UK Campaign for Digital Rights aims to ensure that we apply sufficient pressure during the consultation period to obtain the least damaging legislation possible.
Any and all assistance (particularly from lawyers) is welcomed.
Did you read the directive at all? I followed the provided
link, and look what I found:
[...snip...] Which shows that neither teachers copying
for students, nor Braille copies, nor encryption research will become
illegal.
Indeed we (members of the UK Campaign for Digital Rights) have, in some
depth. Unfortunately, all the exclusions you refer to are optional, and
need not be implemented by the various member states. It is to be
expected that the EU governments will come under the same lobbying
pressure from the Recording and publishing industries that the US
Government did with the DMCA (which also contains what look like
exclusions for academic research, etc, which are rendered almost entirely
ineffective in practise by means of some cunning legal tricks).
There is evidence for the same legal trickery already in the EU directive
- the exemptions allow you to make use of a circumvention mechanism for
the non-infringing purposes you'd expect, but do not exempt anyone from
prosecution/lawsuits should they create one.
Alan Cox is indeed extremely concerned about the EUCD, and you
should not be at all surprised if you find him, in the not too
distance future, speaking about the EUCD in terms far from glowing, at
conferences aimed at the European software industry. I would recommend
you read some of the resources at: www.eurorights.org (our parent
site) before leaping to your own conclusions about how inoffensive the
EUCD might be.
(See the
summary of one of our recent IRC meetings - unexpurgated transcripts
are linked therefrom - for further evidence that Alan Cox is taking the
threat of the EUCD very seriously indeed).
See also the articles linked from the CDR's EUCD links page
(apologies for getting this link wrong in my earlier post to this thread).
Expect also to see a lot more from the Foundation for Information
Policy Research (www.fipr.org) on
European Copyright Legislation over the next month or two.
If implemented with some revisions, and all the exemptions in full
force, the EUCD would be considerably less threatening to musicians, the
Free Software Movement, academics, and others than the DMCA. However, at
present, we could very easily find ourselves (in Europe) faced with cases
similar to Sklyarov's, Felten's, and the DeCSS case if the EUCD is allowed
to be pushed through without substantial lobbying to counter that of the
Recording and Publishing Industries. I see no evidence whatever (DMCA,
SSSCA, FTAA's DMCA-alike - see www.eff.org) that the recording and
publishing industries are to be trusted not to seek to turn the EUCD into
a carbon-copy of the DMCA when it comes before the legislature of the EU
member states.
Julian T. J. Midgley
Campaign Co-ordinator
UK Campaign for Digital Rights
The UK Campaign for Digital
Rights was established back in August to bring the small matter of
2001/29/EU (or the European Copyright Directive(EUCD))to the
attention of the general public, after people started discussing it at
"Free Sklyarov" protests in London.
Our mailing lists (archives available from contain the meat of the
discussion to date. We are currently part way through a campaign against copy
protected CDs, designed to get the public thinking about the
copy-protection mechanisms and legislation before we hit them with the
full details of the EUCD.
Unfortunately, if the Hague Conference gets its way, laws passed in the US (and conversely, laws passed in other signatories to the proposed treaty (read the Western World, much of Asia, including Japan, China)) will be enforceable in all nations signing up to the treaty. Ie. if I do something in the UK that contravenes a US law, (but no law in the UK), I will face extradition to the USA for prosecution and consequent fines and/or imprisonment.
So TUX is about 3 times faster than Apache?
Woohoo! Zeus is about 3 times faster than Apache as well, but doesn't compromise security by running in the kernel.
Apache's process model sucks badly (having a single process (or even a single thread) per connection is utterly wasteful of CPU resources when you can use non-blocking IO (like Squid) to handle tens of thousands of simultaneous connections from a single single-threaded process). You can get 95%+ of the performance benefits of TUX by writing a userspace web server with a sensible process model. There's absolutely no need to start delving around inside the kernel.
This is the principal reason that Zeus has dominated the SpecWEB benchmarks for the last 5 years; if you're after a fast web server, Zeus is a sensible alternative to TUX.
On the Stroke of Midnight 1 January 2000, astonished onlookers gasped as the World dramatically didn't end.
Rumour has it that one of the Four Horsemen had to go back to check that he hadn't left the kitchen light on. Others say that there was a Y2K bug in their alarm clock.
They'll be back, mark my words.
Now, where's my sandwich board?
The END is NIGH!
It is, really! Look, everyone can make a mistake, OK? We forgot to account for parallax when we were doing the entrail thing.
Fortunately, if Microsoft try to buy a Russian company, the Russian Mafia will be nosing in for a share of the profits faster than Win 95 can crash.
Their marketing people might well be able to sell a square wheel to dolphins, but good luck to them if they try to do it when the killer whales are circling.
A small point, but one which I feel is significant:
The DMCA is a US Law (and undoubtedly a poor one), and it has absolutely no effect outside the US.
As I understand it, the original reverse-engineering of the DVD encryption algorithm was done in Norway, and many of the mirror sites were also outside the US.
Somewhat amusingly, the lawyers attempted to file this suit against people who were not US citizens, nor resident in the US, nor had their servers in the US. IANAL and I would be very grateful if someone could explain to me precisely what they thought they were going to achieve by this, since so far as I can tell, they have absolutely no jurisdiction in Norway, France, Denmark, the UK, or any of the other foreign countries mentioned in the suit.
Given that reverse-engineering is explicitly allowed by Norwegian Law, I find it hard to believe that they would have got very far attempting to pursue their suit in Norway, and since, so far as I am aware, the DVD hack doesn't infringe any International Law, I assume that the letters sent to citizens of countries other than the US were nothing more than scare tactics; suitable for framing as an example of Laughable American Arrogance.
If this is not the case, and there is some way in which the DVD crowd could prosecute citizens of other countries, it would be appreciated if someone would explain how and why?
Just a quick caution: sticking apt-update; apt-get upgrade in a cron job is not necessarily a good idea for several reasons:
1. For some packages, apt-get upgrade will expect some user feedback (whether to overwrite your config files with the package maintainer's versions, for example, or various prompts necessary to configure a new version of a package). Obviously cron-jobs deal poorly with interaction of this sort. You can minimise the amount necessary with a -y switch (which will answer "yes" to all Y/N questions), but if apt-get is then faced with a question which doesn't expect a Y/N answer, (eg, it asks you for the hostname of your ldap server), or if the maintainer has decided that allowing automatic answering of this particular question is too risky, then the update will just abort).
2. I also like to keep at least a casual eye on what's been updated, just in case (this is also sensible if you are running off the unstable version, since it might give you a clue as to why the system isn't behaving as expected when a buggy package is uploaded (a rare enough event, admittedly, but it always seems to coincide with the moment when you absolutely need that package to work in order to meet some deadline or other).
It's the little things that count- things like the fact the Debian developers decided that having your "delete" key alternate between your backspace and actual delete key depending on whether you were in an xterm, using emacs, using vi, typing in a form in netscape, etc, etc, sucked, and deciding to do something about it. Ok, so they had to create a new termtype to solve the problem, but it saves a lot of hassle in the long term.
More care seems to have been taken with Debian to ensure consistency and quality throughout than with Red Hat- this is part of the reason for the time taken to freeze potato; another one worth noting is that the Debian maintainers are all volunteers; there's no-one being paid a salary to work on the Debian distribution.
The biggest problem with Red Hat is that whilst their install procedure is smooth, their package management is only average compared to apt; you generally only install once, but manage packages all the time- I know which one is more important to me.
I have been running several machines on Potato for the last six months or so. Some of these machines are workstations, and some servers, and apart from a couple of minor problems (caused by a temporarily broken package being uploaded to the mirrors, almost always corrected in 24 hours), they have performed extremely well. My own workstation was up for 40 days until a recent office move, with apt-get updates being performed every 2-3 days or so; during this time I never once suffered any form of bug or error which prevented me carrying on with my work.
For me at least, Debian's unstable is plenty stable enough.
Debian's primary advantage over Red Hat is its package management system- the combination of dpkg and apt-get makes keeping your system up to date and installing new packages ridiculously easy.
To install a new package, from a remote Debian mirror, for example, just type:
apt-get install
To get the latest list of available packages:
apt-get update
To update all the packages you have installed for which a new version is available on the mirror:
apt-get dist-upgrade
Once you've done you're first "apt-get update; apt-get dist-upgrade" and watched the system update 40 packages with minimal user interaction, you'll never want to switch back.
The Debian developers are also somewhat more careful to produce a system that is consistent throughout (you'll never have the backspace/delete key transposition problem again). They aim to produce a distribution that is as technically sound as they can make it, and from my experience, they are certainly closer to achieving this goal than any of the other distro maintainers.
There are more packages available for Debian than for any other distribution, and if you are concerned about using only Free Software, or work for a business and wish to be certain that you are aware of any non-free software you're using that requires a licence fee to be paid for commercial use, Debian is very careful about separating the non-free packages from the free ones, so you can easily tell whether or not you should bother to read the licence file.
I can see these sensors being useful for short periods (perhaps in combination with small hand-held devices such as the palm pilot), but I don't see that they stand much chance of replacing the keyboard.
Firstly, one of the most important things when buying a keyboard is the feel of the keys- people's preferences vary here- personally, I like a "clicky" keyboard (like the Cherry range) rather than the membrane types.
Having no feedback at all would be very disconcerting. I don't quite understand how anyone but a perfect touch typist would know precisely where the keys were without any form of real keyboard, either. The bumps and ridges of the keys are essential to me in finding the right keys- typing on a desk would bound to be a little random.
And how long would it take to apply the sensors and calibrate them each time? It would be best if they were permanently fitted in such a way that they didn't interfere with other things we might want to do with our hands- about the only sensible location is under the fingernails, but unless there is a significant change in fashion, this eliminates at least 50% of the market.
I would have thought that sensors such as these might have a more useful application as part of a virtual reality "glove" or suchlike.
Slashdot Mirror
The world's navies have been identifying ships using magnetic signatures for decades; sophisticated mines exist which can not only distinguish friendly ships from those of the enemy from their magnetic signature, but use a combination of of the acoustic and magnetic signatures of a vessel to identify a particular ship (e.g. to distinguish one Ticonderoga class ship from another). This enables the laying of a minefield that will ignore the signatures of low value units such as minesweepers, frigates and destroyers, and only explode when a particular enemy carrier passes overhead.
One imagines that an intelligence agency wishing to assassinate a foreign president/dictator could achieve similar success using the sensors described in the Forbe's article - they need merely tune the sensors to the signature of the target's limo, and lay them on a public road on the way to his residence.
The UK Campaign for Digital Rights was established last year specifically to campaign against the European Copyright Directive's implementation in the UK. It has held a couple of mini-conferences on the topic already.
We are completing our analysis of the implementation paper at present. Those wishing to see significant change in the draft before enactment face two problems:
1. The EUCD will be implemented by statutory instrument, which means there will be no debate in the Houses of Parliament. Forcing a debate to be held requires the co-operation of a number of members of parliament.
2. The UK is permitted little lee-way in enacting the EUCD. Whilst the Directive itself allows for a certain degree of flexibility in some areas, the UK cannot stray from the path set for it by the EU without risking punishment from Brussels. To a significant extent, our hands are tied, therefore.
That said, the UK Campaign for Digital Rights aims to ensure that we apply sufficient pressure during the consultation period to obtain the least damaging legislation possible.
Any and all assistance (particularly from lawyers) is welcomed.
Julian Midgley
[...snip...]
Which shows that neither teachers copying for students, nor Braille copies, nor encryption research will become illegal.
Indeed we (members of the UK Campaign for Digital Rights) have, in some depth. Unfortunately, all the exclusions you refer to are optional, and need not be implemented by the various member states. It is to be expected that the EU governments will come under the same lobbying pressure from the Recording and publishing industries that the US Government did with the DMCA (which also contains what look like exclusions for academic research, etc, which are rendered almost entirely ineffective in practise by means of some cunning legal tricks).
There is evidence for the same legal trickery already in the EU directive - the exemptions allow you to make use of a circumvention mechanism for the non-infringing purposes you'd expect, but do not exempt anyone from prosecution/lawsuits should they create one.
Alan Cox is indeed extremely concerned about the EUCD, and you should not be at all surprised if you find him, in the not too distance future, speaking about the EUCD in terms far from glowing, at conferences aimed at the European software industry. I would recommend you read some of the resources at: www.eurorights.org (our parent site) before leaping to your own conclusions about how inoffensive the EUCD might be.
(See the summary of one of our recent IRC meetings - unexpurgated transcripts are linked therefrom - for further evidence that Alan Cox is taking the threat of the EUCD very seriously indeed).
See also the articles linked from the CDR's EUCD links page (apologies for getting this link wrong in my earlier post to this thread).
Expect also to see a lot more from the Foundation for Information Policy Research (www.fipr.org) on European Copyright Legislation over the next month or two.
If implemented with some revisions, and all the exemptions in full force, the EUCD would be considerably less threatening to musicians, the Free Software Movement, academics, and others than the DMCA. However, at present, we could very easily find ourselves (in Europe) faced with cases similar to Sklyarov's, Felten's, and the DeCSS case if the EUCD is allowed to be pushed through without substantial lobbying to counter that of the Recording and Publishing Industries. I see no evidence whatever (DMCA, SSSCA, FTAA's DMCA-alike - see www.eff.org) that the recording and publishing industries are to be trusted not to seek to turn the EUCD into a carbon-copy of the DMCA when it comes before the legislature of the EU member states.
Julian T. J. Midgley
Campaign Co-ordinator
UK Campaign for Digital Rights
The UK Campaign for Digital Rights was established back in August to bring the small matter of 2001/29/EU (or the European Copyright Directive(EUCD))to the attention of the general public, after people started discussing it at "Free Sklyarov" protests in London.
Our mailing lists (archives available from contain the meat of the discussion to date. We are currently part way through a campaign against copy protected CDs, designed to get the public thinking about the copy-protection mechanisms and legislation before we hit them with the full details of the EUCD.
For more information about 2001/29/EU, see our EUCD issues pages.
Come and join the party... ;-)
Julian Midgley
Campaign Co-ordinator
UK Campaign for Digital Rights
Unfortunately, if the Hague Conference gets its way, laws passed in the US (and conversely, laws passed in other signatories to the proposed treaty (read the Western World, much of Asia, including Japan, China)) will be enforceable in all nations signing up to the treaty. Ie. if I do something in the UK that contravenes a US law, (but no law in the UK), I will face extradition to the USA for prosecution and consequent fines and/or imprisonment.
See Hague Conference on Private International Law for details.
So TUX is about 3 times faster than Apache?
Woohoo! Zeus is about 3 times faster than Apache as well, but doesn't compromise security by running in the kernel.
Apache's process model sucks badly (having a single process (or even a single thread) per connection is utterly wasteful of CPU resources when you can use non-blocking IO (like Squid) to handle tens of thousands of simultaneous connections from a single single-threaded process). You can get 95%+ of the performance benefits of TUX by writing a userspace web server with a sensible process model. There's absolutely no need to start delving around inside the kernel.
This is the principal reason that Zeus has dominated the SpecWEB benchmarks for the last 5 years; if you're after a fast web server, Zeus is a sensible alternative to TUX.
On the Stroke of Midnight 1 January 2000, astonished onlookers gasped as the
World dramatically didn't end.
Rumour has it that one of the Four Horsemen had to go back to check that he hadn't left the kitchen light on. Others say that there was a Y2K bug in their alarm clock.
They'll be back, mark my words.
Now, where's my sandwich board?
The END is NIGH!
It is, really! Look, everyone can make a mistake, OK? We forgot to account for parallax when we were doing the entrail thing.
Why won't you believe me! It's true I tell you!
The END is NIGH!
Oi! Stop walking off when I'm talking to you...
Fortunately, if Microsoft try to buy a Russian company, the Russian Mafia will be nosing in for a share of the profits faster than Win 95 can crash.
Their marketing people might well be able to sell a square wheel to dolphins, but good luck to them if they try to do it when the killer whales are circling.
--
jtjm
http://www.xenoclast.demon.co.uk/main.ht ml jtjm
A small point, but one which I feel is significant:
The DMCA is a US Law (and undoubtedly a poor one), and it has absolutely no effect outside the US.
As I understand it, the original reverse-engineering of the DVD encryption algorithm was done in Norway, and many of the mirror sites were also outside the US.
Somewhat amusingly, the lawyers attempted to file this suit against people who were not US citizens, nor resident in the US, nor had their servers in the US. IANAL and I would be very grateful if someone could explain to me precisely what they thought they were going to achieve by this, since so far as I can tell, they have absolutely no jurisdiction in Norway, France, Denmark, the UK, or any of the other foreign countries mentioned in the suit.
Given that reverse-engineering is explicitly allowed by Norwegian Law, I find it hard to believe that they would have got very far attempting to pursue their suit in Norway, and since, so far as I am aware, the DVD hack doesn't infringe any International Law, I assume that the letters sent to citizens of countries other than the US were nothing more than scare tactics; suitable for framing as an example of Laughable American Arrogance.
If this is not the case, and there is some way in which the DVD crowd could prosecute citizens of other countries, it would be appreciated if someone would explain how and why?
jtjm
Just a quick caution:
sticking apt-update; apt-get upgrade in a cron job is not necessarily a good idea for several reasons:
1. For some packages, apt-get upgrade will expect some user feedback (whether to overwrite your config files with the package maintainer's versions, for example, or various prompts necessary to configure a new version of a package). Obviously cron-jobs deal poorly with interaction of this sort. You can minimise the amount necessary with a -y switch (which will answer "yes" to all Y/N questions), but if apt-get is then faced with a question which doesn't expect a Y/N answer, (eg, it asks you for the hostname of your ldap server), or if the maintainer has decided that allowing automatic answering of this particular question is too risky, then the update will just abort).
2. I also like to keep at least a casual eye on what's been updated, just in case (this is also sensible if you are running off the unstable version, since it might give you a clue as to why the system isn't behaving as expected when a buggy package is uploaded (a rare enough event, admittedly, but it always seems to coincide with the moment when you absolutely need that package to work in order to meet some deadline or other).
jtjm
It's the little things that count- things like the fact the Debian developers decided that having your "delete" key alternate between your backspace and actual delete key depending on whether you were in an xterm, using emacs, using vi, typing in a form in netscape, etc, etc, sucked, and deciding to do something about it. Ok, so they had to create a new termtype to solve the problem, but it saves a lot of hassle in the long term.
More care seems to have been taken with Debian to ensure consistency and quality throughout than with Red Hat- this is part of the reason for the time taken to freeze potato; another one worth noting is that the Debian maintainers are all volunteers; there's no-one being paid a salary to work on the Debian distribution.
The biggest problem with Red Hat is that whilst their install procedure is smooth, their package management is only average compared to apt; you generally only install once, but manage packages all the time- I know which one is more important to me.
jtjm
I have been running several machines on Potato for the last six months or so. Some of these machines are workstations, and some servers, and apart from a couple of minor problems (caused by a temporarily broken package being uploaded to the mirrors, almost always corrected in 24 hours), they have performed extremely well. My own workstation was up for 40 days until a recent office move, with apt-get updates being performed every 2-3 days or so; during this time I never once suffered any form of bug or error which prevented me carrying on with my work.
For me at least, Debian's unstable is plenty stable enough.
jtjm
Debian's primary advantage over Red Hat is its package management system- the combination of dpkg and apt-get makes keeping your system up to date and installing new packages ridiculously easy.
To install a new package, from a remote Debian mirror, for example, just type:
apt-get install
To get the latest list of available packages:
apt-get update
To update all the packages you have installed for which a new version is available on the mirror:
apt-get dist-upgrade
Once you've done you're first "apt-get update; apt-get dist-upgrade" and watched the system update 40 packages with minimal user interaction, you'll never want to switch back.
The Debian developers are also somewhat more careful to produce a system that is consistent throughout (you'll never have the backspace/delete key transposition problem again). They aim to produce a distribution that is as technically sound as they can make it, and from my experience, they are certainly closer to achieving this goal than any of the other distro maintainers.
There are more packages available for Debian than for any other distribution, and if you are concerned about using only Free Software, or work for a business and wish to be certain that you are aware of any non-free software you're using that requires a licence fee to be paid for commercial use, Debian is very careful about separating the non-free packages from the free ones, so you can easily tell whether or not you should bother to read the licence file.
jtjm
Presumably it wouldn't be too hard to encrypt the data (with a different cryptographic key for each "keyboard") to solve this problem.
--
jtjm
I can see these sensors being useful for short periods (perhaps in combination with small hand-held devices such as the palm pilot), but I don't see that they stand much chance of replacing the keyboard.
Firstly, one of the most important things when buying a keyboard is the feel of the keys- people's preferences vary here- personally, I like a "clicky" keyboard (like the Cherry range) rather than the membrane types.
Having no feedback at all would be very disconcerting. I don't quite understand how anyone but a perfect touch typist would know precisely where the keys were without any form of real keyboard, either. The bumps and ridges of the keys are essential to me in finding the right keys- typing on a desk would bound to be a little random.
And how long would it take to apply the sensors and calibrate them each time? It would be best if they were permanently fitted in such a way that they didn't interfere with other things we might want to do with our hands- about the only sensible location is under the fingernails, but unless there is a significant change in fashion, this eliminates at least 50% of the market.
I would have thought that sensors such as these might have a more useful application as part of a virtual reality "glove" or suchlike.
--
jtjm