Links

Ben Laurie blathering

31 Dec 2006

Pedestrian Crossings and Strange Legal Language

Filed under: Motorbikes — Ben @ 19:51

I realised recently that I didn’t fully understand the zig-zag lines around pedestrian crossings. In particular, I wasn’t sure whether you could overtake on the zig-zags after you’d crossed the crossing. The answer is that you can, but figuring it out has been interesting.

I’ve always understood the zig-zags to mean “don’t overtake the lead vehicle”, which they do, but if that’s all they’re for, why do they appear on both sides of the crossing? It doesn’t take a huge amount of research to discover that they also mean “no parking”, which I knew but had kinda forgotten about. But if they also control overtaking, what on Earth does this mean once you’ve passed the crossing? The Highway Code is actually crap on this, it says

You MUST NOT overtake the moving vehicle nearest the crossing or the vehicle nearest the crossing which has stopped to give way to pedestrians

Like several other parts of the Highway Code, this is fantastically poorly drafted. Clearly the vehicle nearest the crossing could be beyond it, which would make it legal to overtake the lead vehicle approaching the crossing!

Luckily, the Act itself (The Zebra, Pelican and Puffin Pedestrian Crossings Regulations 1997) is a little clearer

24. – (1) Whilst any motor vehicle (in this regulation called “the approaching vehicle”) or any part of it is within the limits of a controlled area and is proceeding towards the crossing, the driver of the vehicle shall not cause it or any part of it –

    (a) to pass ahead of the foremost part of any other motor vehicle proceeding in the same direction; or(b) to pass ahead of the foremost part of a vehicle which is stationary for the purpose of complying with regulation 23, 25 or 26.

OK, so at least we know it only applies to before the crossing. But hang on, what’s this “any other motor vehicle” thing? The Highway Code (and my understanding) say only the lead vehicle! Fortunately…

(2) In paragraph (1) –

    (a) the reference to a motor vehicle in sub-paragraph (a) is, in a case where more than one motor vehicle is proceeding in the same direction as the approaching vehicle in a controlled area, a reference to the motor vehicle nearest to the crossing; and(b) the reference to a stationary vehicle is, in a case where more than one vehicle is stationary in a controlled area for the purpose of complying with regulation 23, 25 or 26, a reference to the stationary vehicle nearest the crossing.

Why do this? Why say “any vehicle” and then say “actually we only meant the front one”? I don’t get it.

29 Dec 2006

Triumph Daytona 675

Filed under: Motorbikes — Ben @ 18:34

I told myself I’d wait at least a year before upgrading my bike (which, if you recall, is a Suzuki SV650). I nearly managed to wait out the year – filling in the last few months with test rides of various bikes. Until about a month ago my favourite was another Suzuki, the GSX-R750. Then I tried the Triumph Daytona 675. I don’t know what to say about it, other than I totally love it. Its also the only bike I’ve ridden that has made my SV seem unstable in comparison (and SVs are renowned for being a solid ride) – but despite feeling absolutely rock solid, its also incredibly responsive and confidence inspiring. Anyway, the long and the short of it is that I bought one, delivered a week before my year was up…

Not just any Triumph Daytona 675: mine

Boy am I having fun!

House of Cards

Filed under: Digital Rights,Open Source,Security — Ben @ 12:29

My friend Peter Gutmann has written a rather splendid paper drily entitled “A Cost Analysis of Windows Vista Content Protection“. What its really about is the increasingly baroque contortions Microsoft and others are having to indulge in to support the fantasy that DRM is actually possible.

The documentation is peppered with sentences like:

“It is recommended that a graphics manufacturer go beyond the strict letter of the specification and provide additional content-protection features, because this demonstrates their strong intent to protect premium content”.

This is an exceedingly strange way to write technical specifications, but is dictated by the fact that what the spec is trying to achieve is fundamentally impossible.

The bad news, though, is the despite its impossibility, hardware manufacturers are going to have to jump through expensive hoops, which we, the consumers, will be paying for. It will be impossible to avoid these extra costs, too, since uncertified hardware just won’t work. And all this so Microsoft can continue to feed the media industry’s fantasy that they can somehow prevent “illegal copying. Peter optimistically thinks this is going to kill Microsoft. Possibly so, but I predict death throes that drag on for years, if not decades.

28 Dec 2006

Official: PHP Security Sucks

Filed under: General,Rants,Security — Ben @ 13:24

I am disappointed (but not surprised) to see Stefan Esser resigning from the PHP Security Team. All my security interactions with PHP have been disappointing, to say the least. Amazingly enough, Zend, who make money from PHP, say

It is not the case, however, that the PHP project is trying to conceal the fact that PHP has been implemented in a very unsafe way. But Suraski [Zend CTO] does think it preferable to produce a patch before publishing any bug report.

Yes, it is preferable, but you have to actually produce the patch. Failure to do so is not a reason to withhold the security flaw – if we follow that path we’re back to the bad old days where security flaws get brushed under the carpet and users suffer. PHP need to get with the program: fix the bugs in a reasonable amount of time, or have the world know what a useless bunch you are.

Esser paints a pretty bleak picture of an institutional head-in-the-sand attitude in the PHP developer community

… as soon as you try to criticise PHP security, you become persona-non-grata in the security team. In addition many of his suggestions were ignored because the developers considered Esser’s choice of words, too abrasive. He says that he had stopped counting the number of times he was called a traitor when he published a bug report on a vulnerability in PHP.

and

… bugs were sometimes not correctly fixed or were re-introduced. This was often not noticed because there was no test-rig for exploits and the idea of having one was categorically rejected.

I’ve always advised against PHP because of its lack of security, but now I know its developers are actually actively campaigning to ensure it is insecure I think its time I worked a bit harder at it.

So: PHP security sucks. Don’t use it.

Will The Real Hacker Please Stand Up?

Filed under: Rants,Security — Ben @ 12:56

A long time ago, I wrote about Tipping Point and friends, whose business is selling exploits. Today I read that

Underground hackers are hawking zero-day exploits for Microsoft’s new Windows Vista operating system at $50,000 a pop, according to computer security researchers at Trend Micro.

Presumably I’m supposed to think this is somehow different from (and, naturally, far, far worse than) established businesses hawking zero-day exploits at God-knows-what a pop? Can someone explain why?

21 Dec 2006

Stellar Lavarand

Filed under: Crypto — Ben @ 17:34

Remember lavarand, SGI’s amusing toy where they used lava lamps to generate randomness you could download on the web? Some crazy people think they can make a business of this, only using the solar wind, the clouds of Venus, the Northern Lights, Jupiter’s shortwave emissions and other cosmic events as their random source.

Just like lavarand, this causes a moment of “oooo, shiny”, rapidly followed by “but why would I want someone else to see my randomness?”. So, kids, feel free to point and laugh at anyone foolish enough to use this service for anything real, but don’t try it at home.

15 Dec 2006

Jobs for the Boys: DHS and the Root Zone

Filed under: Distributed stuff,Security — Ben @ 15:56

The Department of Homeland Security have a spec for signing the root. I’m sure they didn’t intend it to be (given the “NOT FOR FURTHER DISTRIBUTION” notice), but it is publicly available in a mailing list archive. In this spec they include the staffing requirements, which come to an astonishing 20 full-timers. Yes, 20 people to sign a zone that is currently 2,470 entries, for 1,193 names (most of which are glue) delegating a whole 265 domains.

Another part I find amusing (OK, I’m easily amused) is section 7.6 “Non-Scheduled Operations”.

A change in the KSK [Key Signing Key – the key everything else depends on] on the other hand takes a longer time as the new KSK has to be configured into resolvers all over with a world which can only take place after the operators of the resolvers have been convinced that the new KSK is valid.

So, “takes a longer time” is one way of putting it. Takes forever would be, perhaps, more accurate. I have a much better solution for this. But I guess it won’t be popular since it clearly makes the root redundant, and I’m sure ICANN, the DHS and the Department of Commerce wouldn’t like that. On the other hand, I think making the root irrelevant would fix a huge pile of stupidity that’s currently going on. And that would be a Good Thing.

Democracy Inaction

Filed under: Digital Rights,Rants — Ben @ 11:46

Two weeks ago, I wrote to my MP, Andrew Slaughter, using the most excellent WriteToThem. Today, WriteToThem asks me to confirm whether he has responded, which he has not, putting me amongst the majority of his constituents. According to TheyWorkForYou (hah! I wish!) he only condescends to reply to 35-44% within 2-3 weeks. TheyWorkForYou has other interesting statistics – interesting if you want to understand what a complete waste of space your MP is, that is. For example, he has never voted against his party (this statistic originates from yet another great site, The Public Whip).

Anyway, the point of this post is not so much to moan about my MP but to point out that if you (unlike my MP) want to get more involved in democracy in the UK there are some fantastic sites out there to help you. And guess what? Not a single one is run by the government, and they are all free.

14 Dec 2006

Gates on DRM

Filed under: Digital Rights — Ben @ 14:38

I don’t have much to add to the blog I read on this so go and read it, except to point out that, once more, the world outside the US doesn’t exist:

His [Bill Gates] short term advice: “People should just buy a cd and rip it. You are legal then.”

This, of course, is simply not true in the UK and, no doubt, elsewhere. Though, once more, I do invite copyright holders to prosecute me for ripping my entire CD collection. And putting it on more than one machine.

13 Dec 2006

Zombie Musicians

Filed under: Digital Rights — Ben @ 10:29

Such is the power of the debate over copyright extensions, it can, apparently, reach beyond the grave. The PPL took out a full page ad in the FT

More than 4,500 British recording artists have banded together to demand “fair play for musicians” over copyright term.

Apparently these artists are so keen on this concept some of them have defied death to make the demand. So far the list of possibly (and definitely) dead people who may have attempted this is

  1. Freddie Garrity
  2. Lonnie Donegan
  3. James Shand
  4. Richard Harris
  5. Richard Berry
  6. Nat Gonella

If you spot any more, let ORG know!

7 Dec 2006

Apple Sauce

Filed under: Open Source,Rants — Ben @ 18:10

I found this report on an Apple European Analyst Event, whatever that is. Apple, apparently, say

The fastest way to get to open standards (our commitment) is through open source.

So far, so good. They go on to say

We’re a major contributor to Jabber, mySWL, modperl, php, OpenLDAP, Apache, python, SQLite, Rails, CalDav, FreeBSD, freeRadius, SpamAssasin, SquirrelMail, ApacheAnt, OpenSSL etc

Well. I don’t know about the rest of them, but I do know about OpenSSL and Apache. I’ve been working on OpenSSL since it began, and I don’t remember any contribution from Apple. I just checked the CHANGES file – not a single mention of Apple. Also, I know for a fact that Apple have spent a good deal of energy trying to remove OpenSSL from their stack.
I was going to say the same holds true of Apache but my friend Fred Sanchez has worked on Apache forever and also works for Apple. To what extent his contributions to Apache were effectively Apple’s and not his own, I don’t know. Apart from Fred, though, I’m not aware of any Apple contributions there, either.

I wonder if the rest of their “contributions” are equally fanciful?

Open Rights Group Impact

Filed under: Digital Rights — Ben @ 17:02

I’m pleased to see an article in the Guardian citing ORG

It is clear that it has already become a force to be reckoned with and has had a big influence on making the Gowers review of intellectual property rights, published this week, more consumer-friendly.

Even the business section thinks ORG is worth mentioning

Dave Rowntree, drummer with Blur and a member of the Open Rights Group, said: “The idea of a private copying exception is long overdue and, together with a proposal for orphaned works and the transformative works and parody exceptions, it will make for a more robust copyright law which encourages creativity rather than stifles it.”

4 Dec 2006

Big Brother Knows Best

Filed under: Anonymity/Privacy,Civil Liberties — Ben @ 13:18

The Guardian printed a coupon last week that you could fill in and mail to the NHS asking to not have your medical records included on the NHS’ Spine.

In keeping with their policy of establishing consensus through advertising, the Department of Health have apparently responded that

nobody could have genuine grounds for claiming “substantial and unwarranted distress” as a result of having their intimate medical details included on a national computer system

Since, it seems, the criterion for being allowed to opt out is that you must demonstrate “substantial and unwarranted distress”, this means that no-one can opt out!

No doubt in a few months the fact that no-one has opted out will be quoted as evidence that there is widespread public support for the Spine.

Update: According to The Register, Lord Warner, health minister said:

“Patients will be informed in advance about new ways in which their information will be held and shared and they will be told they have the right to dissent – or ‘opt out’ – of having information shared.”

which doesn’t really tally with a statement by another minister, John Hutton:

“The Data Protection Act also provides patients with a right, where they are suffering substantial damage or distress, to object to processing of their data, including to prevent their data being held at all in an identifiable form, though this is expected to be a very rare event. We are currently considering how this right should apply to implementation of the NHS care record.”

If you care about this stuff, you might want to take a look at The Big Opt Out.

1 Dec 2006

What Kind Of Knots?

Filed under: Knots — Ben @ 11:24

Alice in Wonderland wonders (I guess that’s her job?) what kind of knots we’re tying in Second Life.

She’s not alone. So let me explain. They are “ideal” or “tight” knots. If you imagine a perfect piece of string – one you can bend until it touches itself and that always has a perfectly circular cross section, always the same diameter – and you try to tie a knot with this string, then the shortest possible version, given a fixed diameter piece of string, of that knot is the ideal version.

Ideal knots are interesting not only because they are pretty

but because they predict some of the properties of knotted DNA. Why, no-one knows.

BTW, when I do pictures of ideal knots, I usually show them at half their real diameter. This is because when they’re full sized you can’t see the interesting details in the middle. Pictures like

solve that problem to some extent – and I could do better ones now. The one above doesn’t quite touch itself because when it was drawn we were using points and straight lines to approximate the knot, and those don’t really work, whereas now we use arcs of circles.

Anyway, I’ve been working on these things on and off for around ten years with various collaborators, and I still am, as you can see from the Second Life foolishness. By the way, watching these things render is so much fun its almost worth creating a Second Life character for. I did!

Powered by WordPress