Infrequently Noted

Alex Russell on browsers, standards, and the process of progress.

Upgrade

I'm a converted Ogg Vorbis user, and have been for some time now. I think mainly because KDE makes it incredibly simple for me to rip my CDs into Ogg format (path of least resistance and all that).

Anyway, I have been having an issue with my .ogg files ever since I upgraded to SuSE 8.1, as I often rip a CD at work and then scp it back to my home machine, meaning that the libogg versions could potentially be different. It seems that SuSE 8.1 didn't upgrade my libogg and instead decided to leave me with an older version. This caused all kinds of really funky problems when anything tried to access the files with something that understands how to decode .ogg.

Forcing an upgrade to libogg, libao, libvorbis, and vorbistools fixed it. Now I can listen to all my music again. Huzzah!

Centralized

On rumored proposals to build a central Net monitoring system:

There are a number of things that one must understand to completely grok what is (supposedly) being proposed. First, this system is not without precedent or precursor. The infamous "Carnivore" system (now widely deployed by the FBI) is at least as privacy endangering as any such proposed system. The jokes that were Carnivore's privacy protecting features are just eliminated with the new proposal. Anyone clinging to the vain hope that the FBI/DHS actually care about privacy or can't can't wait to have access to information about every little thing you do need to snap out of it. They are professionals with a job to do, and worse than that, at some level they are burecrats with jobs to protect. Getting more information would (in the simple minds of the burecrats) make doing that job easier, but there's a price involved. But then that's not really their problem until we make it so, is it?

Secondly, any such system touted as "just" doing pen register or trap and trace functioning simply cannot hope to constrain itself to these goals unless the code for doing so is made public and independent verification that privacy controls are in place, active, and operators are well trained is mandated. Odds this'll happen under the current administration?

Next, such a centralized system breaks all the rules for a well-designed security tool. The failure mode of any such system is catastrophic, and it creates a single point of failure. I'll spare you my full thoughts on how very, very bad an idea this system is for now, but I beleive that any independent review of a system matching the descriptions given in the media will be damning not only on a privacy, but also and effectiveness basis. Law enforcement isn't suffering from not having enough information now, it's suffering from not being able to analyze what it already has. Any effort to increase the ammount of information available will only be a drain on law enforcement's already strecthed capabilities. It is a very simple thing for politicans to submit that something is absolutely necessaray to "fight terror" as any resistance to their proposals can easily be branded un-american, so between those they employ and those they can cower, expect little rational resistance to any such actively detrimental proposal.

As if that weren't enough, recall that any such system will be built and operated by the lowest bidder.

Are YOU a member of the EFF yet?

Impressed

Google continues to impress me on an almost daily basis. First, they became the only way to search the web.

Next they made usenet actually useful from a web browser.

Then they became my personal news aggregator of choice.

What's the encore?

Making my christmas shopping that much better.

Follow-Through

Back in Winter '00/Spring '01 I was working with a team of friends on a hardened transaction system that relied upon locked-down appliance-type devices as transaction endpoints. In reviewing our options for a host OS for these boxes, we looked at Argus Systems Pitbull product, having heard good things about it. So we inquired via a lead submission form on their site if they might be interested in helping us develop a prototype running on their tools.

This past spring, while in my dejected job search, I received a call from someone at Argus. It took me a couple of minutes to remember who they were and why they might have had my cell phone number. When it finally realized what was going on I just started laughing. A 12 month lead turnaround time.

I explained to the mortified sales rep on the other end of the line that the prototype for the project had been completed almost a year ago and that we'd gone with Linux and OpenBSD instead. (the transaction system has since languished for lack of interest, not technical merit).

Anyway, it seems the jokers at Argus seem to have some systemic problems with follow through.

42

And to think that just a couple of years ago we were joking about whether or not l'ill GWB would try to start something with Iraq.