Fazal Majid's low-intensity blog

In France, nuclear power plants follow a standardized design. The end result is that France gets more than 70% of its electricity from nuclear, reducing its dependence on oil or natural gas from the unsavory regimes in Russia or Algeria, and making it a leader in reducing greenhouse gas emissions. The lessons from security incidents are also immediately applied to all other plants, leading to higher overall safety. Technicians trained on one plant are qualified for all, leading to more flexibility in managing the workforce.

In the US, each nuclear plant is a one-off, with the results being much higher costs to construct and operate them.

The same situation applies to the by-laws of public companies. Each is hand-crafted. The only beneficiaries of this situation are lawyers and crooked executives who use their mastery of the arcana in by-laws to prevent shareholders from exercising their rights.

Public company rules should be defined by statute, not left to the discretion of executives and their tame boards.

I moved this week-end, and took the opportunity to upgrade from my 32″ 720p Sharp LCD HDTV to a 46″ 1080p 120Hz Toshiba LCD HDTV. As I did basic hookups on Sunday and put in a Blu-Ray disc to test it, I was pleasantly surprised to find out my Toshiba TV’s remote control could drive my Panasonic Blu-Ray player without any programming. This is because the HDMI standard includes, in addition to video and audio, a control channel called CEC.

This is potentially a big win as HDMI should become ubiquitous. CEC is a mandatory part of HDMI 1.3 (but actually having a CEC implementation that does something useful isn’t). As HDMI becomes ubiquitous and consigns analog interconnects to the dustbin of history, we will finally have a control solution that can tie in all the disparate electronics in the typical home theater into a single seamless setup, at least on paper.

Unfortunately, the consumer electronics is doing all it can to muddy the waters. For starters, each vendor insists on maximizing consumer confusion by branding this technology with inconsistent terminology – Toshiba call this Regza Link, Panasonic calls it EZ-Sync. The user interface is also quite inconsistent from device to device. Compare this with how the computer and networking industries managed to create strong unified branding around USB and Wi-Fi. There is yet another digital video standard called DisplayPort, which will presumably be incompatible.

The Toshiba has only 3 HDMI ports and a passel of obsolete analog ports like component video or SVGA. Three HDMI ports are inadequate – I already have 5 HDMI devices waiting to be hooked up:

• Panasonic DMP-BD30 Blu-Ray player
• AppleTV
• Canon HV20 HDV camcorder
• Canon 5DmkII DSLR (awaiting delivery)
• Nintendo Wii (soon)

Toshiba would have been well advised to reduce the number of legacy analog ports instead, specially since they are more expensive than pure digital ports like HDMI, DVI or DisplayPort.

The press recycles worn clichés when it reports on volatility in the markets. Last week’s 700-point drop was a “collapse” and today’s 5% drop is a “meltdown”.

I’m sorry, but 30% is a meltdown and 50% is a collapse. 5% or 7% do not rate such excessive terms.

A widespread financial meltdown almost invariably correlates with widespread fraud. Companies that specialize in data mining should focus on developing forensic accounting data mining tools instead, and partner with investigation agencies or law firms to sell audit and prosecution services to the government, on a bounty basis. It’s not as if the enterprise market is going anywhere but down.

Some yahoo at Debian found what he thought was a bug in OpenSSL, and decided to comment out some code without having any clue what purpose it served. That purpose was to seed a pseudo-random number generator with entropy from memory, specifically /dev/random. This only broke the cryptographic security of OpenSSL on Debian (and thus Ubuntu) while being mostly undetectable. It’s quite likely attacks of the same ilk were deliberately planted by various spy agencies.

This is just an extreme example of why I prefer to build open-source software from source code myself rather than trust blindly in some packager whose choice of compile-time settings almost certainly doesn’t match mine. I have a framework of makefiles that specify how each package is built from source (meta-makefiles, really). This includes checking for new versions of the package, setting configure options and make environment variables. For instance, to fetch the most recent version of OpenSSL, all I do is make sync-openssl; make openssl then as root run make install-openssl. The maintenance burden is low as I have been assembling these metamakefiles over the last 12 years, targeting Solaris and OS X. The end-result is a deterministic build according to my specifications.

My process would not ward against a malicious attack like Brian Kernighan’s notorious trusting trust attack, but it has served me well over the years.