The Lords

I suggested in a comment at Tim’s that unicameralism would be OK, so long as it means getting rid of the House of Commons.

I was mostly joking. But maybe it’s worth thinking about.

On the anti side, there’s this amendment by the Lords to the Criminal Justice bill creating penalties for “Recklessly disclosing” personal data.

In order to rule that something is reckless, you need to have some idea of what normal practice is, to contrast against recklessness.

But in handling of data, there practically is no normal practice, and what there is is mostly terrible. We in the IT industry just make it all up as we go along. That’s what being such a young, fast-moving profession is all about. The high-profile failures that we’ve seen have been notable more for bad luck than for being worse than the rest of the industry.

I’m not saying that the current situation is satisfactory. But slinging around vague terms like ‘reckless’, outside of the context of the Data Protection Act which, for all its faults, at least tries to define the concepts it deals with, will not improve anything.

Business IT does not work to a level of reliability adequate for protecting confidential data, or for other critical functions. If we were to operate on a similar basis to the people who write software for planes or power stations, costs and delays would increase to the point where 90% of what we now do would simply not be worth doing.

And that has to be the answer for confidential personal information. If it really needs to be secret, it shouldn’t be on commercial-grade IT systems in the first place. If the state or a private business collects it, don’t be surprised when it leaks. Most of the time, the recklessness is in collecting it in the first place.

Back on unicameralism, I think the reason for this mistake by the Lords is a desire to defeat the government, to make them look weak, to get more votes. So if we didn’t have a Commons, we wouldn’t have had this bad amendment.

Perhaps.

The Data Leak

I haven’t got round to making a big deal of the loss of Child Benefit data. Like the Samizdatists, I see it as a hopeful development in terms of public recognition of what large-scale government data collection actually means. I’m not disturbed by it for two reasons: first, because I’m not surprised. I have years of professional experience developing and supporting systems using large amounts of data, and I know how difficult it is to keep stuff confidential. I also have a generally low opinion of the competence of government. It’s more surprising that this got out than that it happened.

The other reason I’m not disturbed is that in general I’m more worried by what the government will deliberately do with the data than by what it will accidentally do with it. The copies of the data still in government hands may be used to decide, for instance, who can and cannot be allowed to learn basic science. Nothing so unpleasant is likely to develop from the copies that have gone astray.

And, to justify that point, I don’t believe in identity theft. It is not that I don’t believe that fraudsters use the names of other people in their frauds, but that I don’t believe that the person whose name is used is the victim of that crime. The actual victim is the party that the fraudster transacts with, and I do not accept the position often taken by the real victims, that their losses are in fact to be borne by an uninvolved third party.

If, for example, a credit card issuer believes that I owe them money, they should have to prove to a very high degree of certainty that they I actually borrowed it from them. That they have at some point in the past received a piece of paper in the post with my name on should not be enough for them to even go to court on, let alone stand any chance of winning. Some kind of human witness to my being their customer should be the minimum to even start.

If this makes life too difficult for financial services providers that do without local branches, so be it. There are considerable savings made by such remote operation, which are shared with customers, but there is no justification for imposing the resulting costs and risks of fraud on uninvolved third parties. Either they find some way of reconciling their cheap business model with reasonable standards of proof, or we can all go back to visiting our local bank branch for a credit card or personal loan.

Back to the government, I do think the incompetence shown here is significant, like the case a few years ago of the non-deported released prisoners (which resulted in the whole “home office not fit for purpose” furore), because it gives me the impression that attention is not being paid to government simply doing its various jobs properly.

To expand: government departments are answerable to ministers, and through them to parliament, but both sets of politicians are obsessed with changing policy and passing laws. The actual day-to-day implementation of existing policy only ever gets any attention when it spectacularly fails. The few spectacular failures (which are not successfully covered up) are necessarily the tip of a very large iceberg of general incompetence, which will not change for as long as it does not get attention. For the electorate to give it attention is barely possible, because of the difficulty, common to all organisations, of practically measuring performance.

I have no solution to this problem. My familiar answer is “government should do less”, which I stand by, but it’s not really a solution, because it is a change of policy in its own right. All I can say is that it’s up to those who oppose my policy to explain how their policies can be carried through competently by a government.

"The computer did it"

In The Register, the story of a man who got 7 days because when he signed up for facebook, it sent an invitation to “be his friend” to every facebook member whose email address was in his address book — including his ex-wife, whom he was under a court order not to attempt to contact.

He might of course have been lying, but if not he has been punished for what his computer, and facebook’s computers, did on his behalf.

The point is that the law has to decide how much responsibility a person has for what their computer decides to do.
Up till now, the assumption has been that whatever your computer does, is done at your request, and you are wholly responsible. This despite the fact that that has never been true, and is getting further from the truth every year.
There is no legal tradition to apply here. The nearest analogy to the relationship between a person and his computer is the relationship between a man and his dog.
People have kept dogs for thousands — most likely tens of thousands — of years, so everyone has a rough idea what the deal is. The general legal view is that you have a duty to keep your dog from causing harm under foreseeable circumstances, but there is a distinction between what your dog does and what you do. If your dog attacks a child, you are not guilty of Grievous Bodily Harm, but you might be guilty of keeping a dangerous dog. If your dog craps on the street, that is different than if you crap on the street, but you might still be fined.
If you are found guilty of not properly controlling a dog, you can be banned from keeping one. If your dog causes harm and is considered not to be controllable, the court can order it to be destroyed.
(If you deliberately cause your dog to kill someone, that is still murder of course, but your intention is crucial)
This is the only rational legal framework for crimes committed by a computer without the intention of its owner.

Back to Debian

When I first used Linux, I picked the Debian distribution. I came to appreciate its combination of reliability and flexibility. However, the delays between stable releases were always an irritation, and after about ten years I moved several of my machines over to Gentoo. The big advantage of Gentoo for me was that, because it was a source distribution, the newest application packages didn’t depend on the newest system packages. I could emerge, say, gnome-meeting (as it was then), without having to have the 30 exact library versions that someone else had compiled it against.

I fairly soon found that Gentoo was too high-maintenance for machines that I wasn’t using myself. The older hardware I had left on Debian because compiling Gentoo on them would have taken weeks. Ubuntu was picking up by then, and the more modern hardware in the house, other than my own desktop, I moved from Gentoo to Ubuntu.

I had thought Ubuntu would be just what I wanted – the solid engineering of Debian but with frequent releases and the bells and whistles. I found it nice and smooth, but when something did go wrong, which wasn’t particularly often, it turned very difficult to deal with. In particular xfce (which the rest of my family use) never quite worked right – on one release you couldn’t log out without the session hanging!

In frustration, I took the advice of a colleague and went back to Debian, this time risking “testing”, which at that time was Etch. I don’t think I had a single problem. Etch went stable a while ago, and I had no reason to chase more recent application versions, so the family’s machines are all Debian Etch.

Recently my wife got a new laptop. I’m always slightly afraid of laptops, so her old one had been left with a badly out-of-date Gentoo. I downloaded the stable Etch installer CD (other machines had been installed to either sarge or a testing snapshot of etch). I was hugely impressed by the installer. It worked so well, and the whole process was very quick. I think the Etch installer is better than any I’ve used for any distribution. The only manual intervention was the partition setup, where I wanted to leave part of the disk alone and set up the rest with LVM, which was very straightforward.

The laptop’s wireless was tricky, but it was a broadcom 4311 for which native linux drivers are very new. I grabbed the latest testing kernel and patches from the wireless-dev guys, and it works very well. The driver’s been overhauled in the last couple of weeks, but I’m not in a hurry to pick up the new (b43) one.

A couple of days ago I tried to bring my Gentoo desktop up to date. I ended up in such a mess of obsolete packages, packages conflicting with non-existent versions of themselves, and general chaos, that the cleanness and lack of hassle of the various debian machines really sunk in.

Last time I replaced the hard disk I’d carefully left smallish free partitions and one huge LVM PV, so running the Etch install took about half an hour in the evening then the same again in the morning, and now I’m running a clean, coherent system where everything works together, and the package system knows exactly what’s on it and where it all came from.

I still have to stick on a few non-free bits: the flash player and Sun java, and maybe realplayer, but I respect debian’s ignoring those. I’ve got a system that’s completely managed and completely free software, and if I need a couple of extras on top, I can take care of that myself.

So this is just a huge round of applause for the Debian crew, who’ve made the distribution just what it should be. Some credit must og to Ubuntu too — although the distribution didn’t work out for me, I suspect a lot of the smoothness and ease of setup that Debian used to lack has been supplied via their contributions.

What's a Website?

thelondonpaper today ridicules Judge Peter Openshaw, who “stunned a London court by admitting he did not know what a website was.”

Judge Openshaw was hearing a trial of three men accused of “internet terror offences”, whatever they are, and told Woolwich Crown Court “The trouble is I don’t understand the language. I don’t really understand what a website is.”

I would like to hear the journalist John Dunne give his definition.

“Website” is a pretty vague term. What website are you reading this on? Is it Blogger? Is it blogspot.com? Is it Anomaly UK? Is it bloglines or some other aggregator?

Let’s say it’s Anomaly UK — not on the basis of any technical definition, but because that’s what it says at the top of the page.

Whose website is it? I guess it’s mine, because I “created” it, although that (fortunately) did not involve supplying any physical material, paying a penny, or interacting with any human being. Most of the content came from me, but some of it from Google, some of it from various unidentifiable commenters, some bits from Sitemeter or technorati or whoever “NZ Bear” actually is. The content actually resides and reaches you from Google, except for the bits that don’t, or the bits that are put in or changed by some system I know nothing of between you and it. (“Bits” in the non-jargon sense, that is.)

A judge – or a legislator – who thinks he knows what “a website” is, but in fact only knows what the average web user knows, could make some horribly bad decisions: think about the Danish court that ruled that deep linking is illegal, for example. No politician who had thought to ask the question “what is an email address” (and got an accurate answer) would have planned to require sex offenders to register their email addresses, as John Reid did.

Since the “internet terror” cases in question involves an “extremist web forum” (and perhaps nothing else), making sure lawyers and witnesses are very precise about what was “on the internet” is probably essential to reaching a correct verdict. Judge Openshaw’s question was penetrating and important.

XML again

For the second time today, I’ve seen an assertion of mine on this blog made by someone much more authoritative.

Me, October 05:
XML is a text format for arbitrary hierarchically-structured data. That’s not a difficult problem. I firmly believe that I could invent one in 15 minutes, and implement a parser for it in 30, and that it would be superior in every way to XML.

James Clark, Friday:
.. any damn fool could produce a better data format than XML.

via Tim Bray, who explains that James Clark “was designated Technical Lead of the original XML Working Group and is the single largest contributor to the design of XML”, and also points out the reason XML is a poor data format is that he and Clark and the rest designed it as a document format, not an arbitrary data format.

Rockbox

Excited by the EMI/Apple announcement of imminent DRM-free downloads, I checked whether my audio player — an iAudio M5 — could play the AAC format that Apple sells. I found that it couldn’t, but that the open-source Rockbox player software, which can, has recently been ported to the M5.

I’ve installed it, and it works. I like the plugins – there’s a chess program, and a sudoku. The metadata database feature doesn’t seem to work, and the interface is sometimes slow to respond, which is irritating. (It can take a couple of seconds sometimes for a submenu to come up, and if you’ve repeated your selection, the extra events then take effect afterwards).

These are quibbles; I’m very impressed with rockbox. I’ll dig into the database issue over the Easter weekend, and maybe come up with some patches if I can work out what it’s supposed to be doing.

There are other obstacles to taking advantage of the Apple thing: there is some question as to whether rockbox can play 256kbps AAC in realtime, but I suspect on the M5 it can, as it has a more powerful CPU than some of rockbox’s older targets. I also understand you can’t just buy iTunes from the web, you need to install the software. Apple may change that, or I might be able to get it working with Wine.

There is also a question as to whether the iTunes offer is value for money. I currently get music by buying CDs from the likes of Play or 101cd, typically at GBP5-8 each (very little music that has come out in the 21st century has interested me). I will try it out if I can, just because it’s a step that has to be encouraged.

Security Speedbumps

Software, more than most other things that are designed, tends to be designed by trial and error. That’s because it’s so easy to build a a design to test it. Other engineers have to actually construct a prototype to test, so their time is better spent working out in advance whether the design is good enough.

This principle is responsible for the relative shoddyness of software.

It has been observed that this approach doesn’t work for security purposes, as there you’re not concerned to how your design responds to specific, or even random stimuli, but in whether some stimiuli can be constructed that will cause a misbehaviour. This is the concept of Programming Satan’s Computer, coined by Ross Anderson.

But software isn’t the only thing designed by trial and error. Any system that can evolve over time will basically be constrained by the requirement that it must appear to work. That constraint will keep most errors out, but not security flaws, just as conventional software testing keeps out most errors, but not security flaws.

There’s an unrelated concept in security of the “speedbump”. A speedbump is something that discourages people from doing something the designer doesn’t want them to do, by forcing them to undertake some procedure which shows unambiguously that they are doing what they’re not supposed to – like breaking an easily-breakable lock, or something. It doesn’t actually stop them from being able to do it, but it stops them pretending – even to themselves – that they’re not really doing anything they’re not supposed to.

Putting these two concepts together, a real-world security process that is preventing something virtually nobody really wants to do, and is evolving over time, will tend to end up as a speedbump. If it becomes less than a speedbump, it will no longer appear to work, so that won’t happen. But because the speedbump deters casual attackers, and virtually all attackers are casual, it will appear to work.

The one kind of person who shows up this kind of security speedbump is the person who, usually under the influence of alcohol, is too oblivious to be deterred by the speedbump. Back in the 1991 Gulf War, a man I knew slightly walked into the Ministry of Defence in London, wandered round some corridors, went into a random office and asked in alcohol-slurred cockney “What is this Gulf War all about then?”. Similar, via Schneier, this story of a drunk man climbing over the perimiter fence and boarding a plane at Raleigh-Durham International Airport.

The fence is supposed to stop people from being able to board aircraft without passing through the proper security channels. It appeared to work, but only because nobody wanted to do it badly enough to actually climb the fence. The fence is a speedbump: entirely effective, except against terrorists and eccentric drunks.

This speedbump phenomenon is not the same as “Security Theatre”. Security theatre is generally a new measure introduced for show, which, while possibly effective against a narrowly-defined threat, is easily bypassed and not effective against a broader, more realistic range of threats. These speedbumps are more likely to be long-standing security measures, which are assumed because of their long standing to be working effectively.

The complaint is that if a decision is made that security must be improved, searching out and rectifying security speedbumps is likely to be less visible and obvious than installing new, showy, security theatre, even though it could be much more productive.

Therefore we are dependent on the eccentric drunks finding our speedbumps.

Ubuntu Dapper on IBM 300PL

(This probably belongs on some Ubuntu wiki page rather than here on my blog – if you’re not currently trying to get Ubuntu to install, this will probably not be of much interest to you).

I picked up a 500Mz P3 box on eBay yesterday, and had a bit of trouble installing Ubuntu on it. I solved the problem in the end, so here’s the solution for those with similar troubles.

The machine is an IBM 300PL model 6862-U60

It would boot off the Ubuntu “Dapper Drake” 6.06-1 disk, but would hang at various points through the boot process.

Pressing F6 at the first ubuntu boot screen lets you see and edit the kernel boot line. I deleted “splash” and “quiet” from the boot line to see more output. That showed that the problem was I/O errors on the CD-ROM drive (hdc).

hdc: media error (bad sector) status=0x51 { DriveReady SeekComplete Error }
hdc: media error (bad sector) error=0x34 { AbortedCommand LastFailSense=0x03 }
ide: failed opcode was: unknown
end_request: I/O error, dev hdc, sector 0
Buffer I/O error on device hdc, logical block 1

I tried different discs, a different CD-ROM drive, and connecting the CD-ROM as slave on the primary controller instead of master on the secondary. No change (except for it being “hdb” instead of hdc in the last case, as expected.)

I tried an old Ubuntu disc (Breezy Badger, in fact). It ran perfectly. I noted that doing “hdparm /dev/hdc” from a shell under the Breezy CD showed that dma was not enabled. It looked like dma wasn’t working properly on the CD-ROM. (the chipset is an Intel PIIX4)

I added the kernel option “ide=nodma” before the ” — ” on the boot line to see if the Dapper CD would work. It got further, but still failed once it came to trying to unpack the package files.

The problem is that while the kernel wasn’t automatically enabling dma on the CD-ROM, the Ubuntu system was enabling it itself in the installer.

There is a separate option “nohdparm” which prevents that. Because it’s a Ubuntu option not a kernel option, it goes after the ” — ” on the boot line.

My full boot line was therefore:

boot=casper initrd=/casper/initrd.gz ramdisk_size=1048576 root=/dev/ram rw ide=nodma — nohdparm

(I hadn’t touched anything before “rw”)

And with that, the installer worked perfectly.

Quick summary: Press “F6” when the Ubuntu screen comes up, remove “quiet” and “splash”, add “ide=nodma” before the ” — ” and “nohdparm” after.

Once the system is installed onto the hard disk, edit /etc/hdparm.conf, and add the following

/dev/hdc {
dma = off
}

so that the CD-ROM drive will work correctly in the installed system.
The onboard sound isn’t automatically detected; it’s a Crystal 4236B; I added the following line to /etc/modules:


snd_cs4236

(There might be a neater way of doing that, I don’t know).