Posts

I moved this week-end, and took the opportunity to upgrade from my 32″ 720p Sharp LCD HDTV to a 46″ 1080p 120Hz Toshiba LCD HDTV. As I did basic hookups on Sunday and put in a Blu-Ray disc to test it, I was pleasantly surprised to find out my Toshiba TV’s remote control could drive my Panasonic Blu-Ray player without any programming. This is because the HDMI standard includes, in addition to video and audio, a control channel called CEC.

This is potentially a big win as HDMI should become ubiquitous. CEC is a mandatory part of HDMI 1.3 (but actually having a CEC implementation that does something useful isn’t). As HDMI becomes ubiquitous and consigns analog interconnects to the dustbin of history, we will finally have a control solution that can tie in all the disparate electronics in the typical home theater into a single seamless setup, at least on paper.

Unfortunately, the consumer electronics is doing all it can to muddy the waters. For starters, each vendor insists on maximizing consumer confusion by branding this technology with inconsistent terminology – Toshiba call this Regza Link, Panasonic calls it EZ-Sync. The user interface is also quite inconsistent from device to device. Compare this with how the computer and networking industries managed to create strong unified branding around USB and Wi-Fi. There is yet another digital video standard called DisplayPort, which will presumably be incompatible.

The Toshiba has only 3 HDMI ports and a passel of obsolete analog ports like component video or SVGA. Three HDMI ports are inadequate – I already have 5 HDMI devices waiting to be hooked up:

• Panasonic DMP-BD30 Blu-Ray player
• AppleTV
• Canon HV20 HDV camcorder
• Canon 5DmkII DSLR (awaiting delivery)
• Nintendo Wii (soon)

Toshiba would have been well advised to reduce the number of legacy analog ports instead, specially since they are more expensive than pure digital ports like HDMI, DVI or DisplayPort.

The press recycles worn clichés when it reports on volatility in the markets. Last week’s 700-point drop was a “collapse” and today’s 5% drop is a “meltdown”.

I’m sorry, but 30% is a meltdown and 50% is a collapse. 5% or 7% do not rate such excessive terms.

A widespread financial meltdown almost invariably correlates with widespread fraud. Companies that specialize in data mining should focus on developing forensic accounting data mining tools instead, and partner with investigation agencies or law firms to sell audit and prosecution services to the government, on a bounty basis. It’s not as if the enterprise market is going anywhere but down.

Some yahoo at Debian found what he thought was a bug in OpenSSL, and decided to comment out some code without having any clue what purpose it served. That purpose was to seed a pseudo-random number generator with entropy from memory, specifically /dev/random. This only broke the cryptographic security of OpenSSL on Debian (and thus Ubuntu) while being mostly undetectable. It’s quite likely attacks of the same ilk were deliberately planted by various spy agencies.

This is just an extreme example of why I prefer to build open-source software from source code myself rather than trust blindly in some packager whose choice of compile-time settings almost certainly doesn’t match mine. I have a framework of makefiles that specify how each package is built from source (meta-makefiles, really). This includes checking for new versions of the package, setting configure options and make environment variables. For instance, to fetch the most recent version of OpenSSL, all I do is make sync-openssl; make openssl then as root run make install-openssl. The maintenance burden is low as I have been assembling these metamakefiles over the last 12 years, targeting Solaris and OS X. The end-result is a deterministic build according to my specifications.

My process would not ward against a malicious attack like Brian Kernighan’s notorious trusting trust attack, but it has served me well over the years.

Much of the current financial crisis is due not so much to realized losses on mortgage-backed securities as on uncertainty as to how much the derivatives are worth. Perhaps it’s time to start reversing the process and producing individual mortgages back from derivatives, which at least have some assessable value, even if real estate prices fall by 30%.