Show Sidebar Log in

NTP updated to counter attacks

Steve Woods International IT News, Open Source News Comments Off on NTP updated to counter attacks

NTP graphicIt’s that time of year again when summer daylight saving time has just ended in Europe and the developers of the NTP time synchronisation service are responding to a series of new attacks with an update, German IT news site heise reports. With these attacks communication between servers and clients can be manipulated so that the clients receive the incorrect time or no time at all.

The reference implementation of the NTP time server service is now version 4.2.8p4, with which the developers have closed 13 security holes, including a series of vulnerabilities which four Boston University researchers describe in detail in a research paper (PDF). The researchers succeeded in finding several ways of attacking the time service, including preventing clients of the service from using it, also known as a Denial of Service (DoS) attack and providing them with the wrong time under certain circumstances.

NTP is used to synchronise the local clocks of all kinds of computers via the network. Various providers make different servers available which a client can query for the current clock time. Nearly all modern operating systems adjust this unnoticed in the background. Nevertheless, there have been attacks in the past on software implementations of this system and on the NTP protocol itself.

Kiss of death

Two of the new attacks are characterised mainly by the fact that the attacker does not need to hook up to the connection between client and server as a “man in the middle“. Both kinds of DoS attack take advantage of the so-called “Kiss o’ Death” (KoD) packet to cripple communication between the client and server. The KoD packet tricks the client into thinking that a NTP server is very busy or overloaded and the client should send fewer queries.

Attackers can now fake packets for all services which a client normally queries for its time; and do so in such a way that the client doesn’t update its internal clock for months or even years on end. The elegant thing about this hack is that the attacker only needs to send very few packets. In the second attack possibility described by the researchers the attacker must fake many client requests and thus force the server to silence the client with KoD packets. This also results in the client no longer updating its clock.

Both holes (CVE-2015-7704 and CVE-2015-7705) have been plugged in the new version of NTP.

Time shift

With 2 further attack methods the researchers succeeded in foisting incorrect clock times on clients. Clients should normally ignore times which differ by more than 1,000 seconds from their system time – the so-called “Panic Threshold“. However, in many configurations this does not apply to NTP queries sent immediately after a reboot of the client. Their system times can therefore be manipulated almost at will if they can be forced to reboot. Cryptography operations can be gerrymandered or DoS attacks conducted on the software running on the client with such a manipulation.

The intentional fragmentation of IPv4 packets can also be abused to confound a client’s time queries and foist an incorrect time on it. However, this method is very fiddly and the researchers did not want to test in the the wild since it uses the techniques of the decades-old Teardrop attacks and can crash old operating systems. This problem with overlapping TCP/IP packets is not a specific error of the NTP protocol, but of the underlying operating systems.

Admins should patch NTP

The Boston University researchers discovered the security holes on 20th August. Their paper has only been published now to give the NTP developers time to plug the holes. The researchers are recommending that admins running NTP servers update them as quickly as possible to version 4.3.8p4.

Bristol academics announce breakthroughs for fundamental computer science problems

Steve Woods International Events, International IT News, Local IT News 2 Comments »

Earlier this week academics from the University of Bristol presented new breakthroughs on two fundamental problems in computer science. These results were presented at the 56th annual IEEE symposium on Foundations of Computer Science (FOCS 2015) in California earlier this week, the University reports.

One of the most challenging questions in computer science is whether there exist problems that are proven to be hard to solve. This is most famously shown in an unsolved computer science question of whether P=NP, for which a prize of $1,000,000 awaits the person(s) who can solve it.

In the first paper, New unconditional hardness results for dynamic and online problems, Dr Raphaël Clifford, Reader in Algorithm Design at Bristol University’s Department of Computer Science and colleagues from Denmark’s Aarhus University, have proved hardness results for versions of matrix vector multiplication, a fundamental tool in much of applied mathematics. The researchers go on to show further hardness results for problems where the data are dynamically changing.

The research team have studied the cell probe complexity of two fundamental problems: matrix-vector multiplication and a version of dynamic set disjointness known as Patrascu’s Multiphase Problem. The researchers have presented improved unconditional lower bounds for these problems as well as introducing new proof techniques of independent interest. These include a technique capable of proving strong threshold lower bounds of the following form: if we insist on having a very fast query time, then the update time has to be slow enough to compute a lookup table with the answer to every possible query. This is the first time a lower bound of this type has been proven.

The researchers have proved that the equal the highest that have ever been achieved and give the second ever example of such a mathematical proof that holds even when a potential solution is allowed to use random numbers.

In the second paper, Constructing linear-sized spectral sparsification in almost-linear time, Dr He Sun, Lecturer in Computer Science in Bristol University’s Department of Computer Science and Yin Tat Lee, a PhD student from MIT, have presented the first algorithm for constructing linear-sized spectral sparsifiers that runs in almost-linear time.

More and more applications from today’s big data scenario need to deal with graphs of millions of vertices. While traditional algorithms can be applied directly in these massive graphs, these algorithms are usually too slow to be practical when the graph contains millions of vertices. Also, storing these practical massive graphs are very expensive.

Dr He Sun said: “Over the past decade, there have been intensive studies in order to overcome these two bottlenecks. One notable approach is through the intermediate step called spectral sparsification, which is the approximation of any input graph by a very sparse graph that inherits many properties of the input graph. Since most algorithms run faster in sparse graphs, spectral sparsification is used as a key intermediate step in speeding up the runtime of many practical graph algorithms, including finding approximate maximum flows in an undirected graph, and approximately solving linear systems, among many others.”

Using spectral sparsification, the researchers ran many algorithms in a sparse graph and obtained approximately the correct results as well. This general framework allowed them to speed up the runtime of a wide range of algorithms by a magnitude. However, to make the overall approach practical, a key issue was to find faster constructions of spectral sparsification with fewer edges in the resulting sparsifiers. There have been many studies looking at this area in the past decade.

The researchers have proved that, for any graph, they can construct in almost-linear time its spectral sparsifier, and in the output sparsifier every vertex has only constant number of vertices. This result is almost optimal respect to time complexity of the algorithm and the number of edges in the spectral sparsifier.

UK government to switch to open source office suite

Steve Woods National IT News, Open Source News Comments Off on UK government to switch to open source office suite

A new deal announced today between the Crown Commercial Service and open source consultants Collabora will provide public sector organisations with savings on GovOffice, an open source office suite based on LibreOffice.

Collabora GovOffice is is compatible with both Google Docs and Microsoft Office (including the cloud version Office 365) and includes comprehensive support for the latest version of Open Document Format, which is recommended by the Cabinet Office for use by government organisations.

With a familiar interface for creating documents, spreadsheets, presentations and more (none of that ribbon nonsense. Ed.), Collabora GovOffice offers considerable cost savings compared to competing proprietary packages.

GovOffice screenshot

In addition, the forthcoming Collabora CloudSuite will extend Collabora GovOffice with internet and mobile access for viewing and editing documents, as well as online access in web browsers. IT managers will be able to deploy the cloud software locally, providing remote access to documents.

The deal covers both Collabora products and applies to all non-profit making government organisations, including those working on behalf of government, either directly or via outsourcing.

Reposted from the author’s blog.

Smart pavement for superfast wifi

Steve Woods National IT News Comments Off on Smart pavement for superfast wifi

glassy wifi symbolThe good burghers of the Buckinghamshire market town of Chesham have good reason to rejoice, not just for living in the beautiful Chiltern Hills, but because they have the first smart pavement (highway engineers would call it a ‘footway’. Ed.) that provides superfast wifi to passers-by.

Engineering and Technology Magazine reports that the wifi pavement, which has been developed by Virgin Media, provides connectivity via submerged access points linked directly to Virgin’s street cabinets that are connected to the fibre-optic network.

Download speeds can reach 166 Mbit/s – quite a bit faster than BT’s alleged “superfast” broadband offering – meaning a half-hour TV programme with a file size of some 640 MB can be downloaded in under 40 seconds. Furthermore, peak download speeds can be achieved up to 80 metres away from Virgin’s street cabinets.

Virgin Media chose Chesham to pilot the technology as the town is representative of UK population and at some 21,000 residents about the right size to allow quick deployment of services across the whole town.

At present the ultrafast wifi covers Chesham’s High Street and parts of the nearby 36-acre Lowndes Park.

Virgin Media mobile customers with Android devices will be able to access it through the company’s Wi-Fi Buddy app.

Virgin commented that data usage on its network is increasing by 60% every year and expects to see a 10,000% increase by 2025.

Virgin Media is currently investing £3 bn. in developing a new network that will provide ultrafast broadband speeds to four million more customers across the UK.

LibreOffice 5.1 – first bug hunting session announced

Steve Woods International Events, International IT News, Open Source News, Training, Volunteering Comments Off on LibreOffice 5.1 – first bug hunting session announced

Writing on The Document Foundation blog, Italo Vignoli has announced that a bug hunting session will take place from 30th October to 1st November for LibreOffice 5.1, the next planned major release of this popular open source office productivity suite.

LibreOffice 5 banner

Over those 3 days, volunteers and members of the LibreOffice community will check the first alpha of LibreOffice 5.1 for bugs and flaws.

On those dates, mentors will be available on the QA IRC channel and via email on the QA mailing list from 08.00 a.m. UTC to 10.00 p.m. UTC to help less experienced volunteers to triage bugs.

People who cannot participate the bug hunting session are always welcome to help chasing bugs and regressions when they have time. There will be a later bug hunting session in December this year to test LibreOffice 5.1 Release Candidate 1.

Additional information on bug hunting is available on The Document Foundation wiki.

Reposted from the author’s own blog.

Quantum cryptography technology wins top prize in New Enterprise Competition

Steve Woods Local IT News Comments Off on Quantum cryptography technology wins top prize in New Enterprise Competition

New quantum technology to ensure data is secure has won the University of Bristol’s equivalent to Dragon’s Den and a share of over £35,000 in prize money, the University reports.

KETS, a company formed by Dr Chris Erven, Dr Jake Kennard, Phil Sibson and Professor Mark Thompson, uses quantum cryptography to improve data encryption – ensuring information is safe in all situations, from bank transactions to critical infrastructure, not forgetting individuals shopping online from home.

Their concept beat 103 entries to scoop the top prize in Bristol University’s New Enterprise Competition, which was judged by a panel of industry experts.

The team won £10,000 in cash, £2,000 worth of legal support and a year in the Bristol SETsquared Centre – the University’s business incubator – to help develop the technology further, explore potential use and other matters.

KETS is the culmination of over two years work from a team of researchers based in the University’s Centre for Quantum Photonics.

The team describes the technology as a ‘game changer’ because it uses new quantum methods to ensure the most sophisticated and secure communications.

Dr Erven said: “It’s fantastic to win and the judging panel were very receptive to our pitch. It’s really starting to snowball now and this extra investment and support will make a huge difference. KETS technology will provide for secure communications in a fundamentally new way.”

Dr Kennard added: “It’s been a real team effort, building on all the excellent work which has been going on in Bristol for the last 10 years. We’re the first of hopefully many spin-outs to come from the Centre for Quantum Photonics at the University of Bristol, focusing on building devices that real people will use.”

Shropshire rural broadband campaign to be wound up?

Steve Woods National IT News 1 Comment »

switchIn the middle of last week, the Shropshire Star reported that the Shropshire and Marches Campaign for Better Broadband in Rural Areas, which has been campaigning for the last 3 years for better internet speeds in isolated communities, might be wound up.

The campaign has been endorsed by 50 rural town and parish councils in the area.

However, the success of the campaign is not the reason why it is facing extinction: the actual reason is a lack of people with the drive and enthusiasm to continue the fight.

Chair Patrick Cosgrave who has been the spokesman and the driving force behind the campaign has decided to step down.

Speaking to the Star, Mr. Cosgrave stated, “This campaign has been running for over three years and has taken up a great deal of personal time and energy.”

He also hinted very strongly that isolated rural communities may have to take a DIY approach to getting better connectivity, remarking: “In the absence of any direction or funding from the powers that be, communities may have to consider building their own networks and paying for them, despite having already paid through their taxes for others to be upgraded who often needed it less.”

However, for your correspondent, the most telling part of the Star’s story was a comment upon it by rural broadband campaigner Chris Conder, who is one of the leading lights behind B4RN, a community project bringing fibre to the rural North of England. Chris pulls no punches and her comment is reproduced in full below:

The whole of the country is in the same sorry state. The funding has been wasted making a few go faster, and still no progress in the rural areas, who are now classed as ‘too difficult and uneconomic’ (which is why the funding was made available in the first place).

The whole digital Britain programme is a superfarce, with people brainwashed into thinking they are getting fibre broadband down Victorian phone lines. You really couldn’t make all this stuff up, and we’re gonna be a laughing stock as other progressive countries lay real fibre. We will all still be languishing on copper for the next decade and it will be to late to catch up.

This, and the previous governments will answer to the history books as being totally incompetent when it comes to having a basic grasp of physics. IT ISN’T FIBRE BROADBAND IF IT COMES DOWN A PHONE LINE. And it isn’t all that fast either. Those on long lines won’t notice any improvement.

We need real competition, more alternative networks to force Openreach to invest instead of patching up and buying football rights. The exchanges are falling down, the poles blow over, the copper lines are exposed through the fields, the whole network is crumbling. We need fibre. Moral and optic. And we need it now. I can feel Patrick’s pain, and commend him for all the work he has put into trying to get a fit for purpose connection for his community. He will go down in history for having tried. Which is more than can be said for our pathetic telco incumbent who is killing the golden goose that once was the best phone network in the world. The poor engineers trying so hard to keep it running are tearing their hair out at the stupidity of management. Kudos to them for trying too. Poor digital Britain.

Quite.

Bristol’s SPHERE project showcased at ‘Internet of Things’ launch

Steve Woods Local IT News, National Events, National IT News Comments Off on Bristol’s SPHERE project showcased at ‘Internet of Things’ launch

SPHERE logoThe University of Bristol has announced that the SPHERE (Sensor Platform for HEalthcare in a Residential Environment) project was featured at the London launch of IoTUK – part of a £40 million government investment in the Internet of Things (IoT).

SPHERE – one of a dozen projects featured at the launch – brings together clinicians, engineers, designers, social care professionals and members of the public to develop sensor technologies that can monitor vulnerable people in their homes and detect problems like falls or strokes.

The University is a lead partner in the SPHERE project.

IoTUK is aimed at promoting the UK’s global leadership in the IoT and to increase the adoption of high-quality IoT technologies and services throughout the private and public sectors.

1,125 public sector websites no longer advertise proprietary PDF readers

Steve Woods International IT News, Open Source News Comments Off on 1,125 public sector websites no longer advertise proprietary PDF readers

FSFE logoAfter six years of activity, the Free Software Foundation Europe’s (FSFE) PDFreaders campaign is coming to a close this month as one of the FSFE’s most successful campaigns.

PDF iconThe campaign began in 2009 with the aim of removing advertisements for proprietary PDF reader software from public institutions’ websites. To start it all off, volunteers submitted 2104 “bugs”, or instances of proprietary PDF software being directly promoted by the public sector and the FSFE listed them online. Since then, hundreds of free software activists have taken action by writing to the relevant public institutions and calling for changes to their websites. The FSFE received a lot of positive feedback from the institutions concerned, thanking the FSFE for its letters. To date, 1,125 out of the 2,104 websites (53%) contacted have edited their sites to remove links to proprietary PDF readers or to add links to free software PDF readers.

In addition to writing letters, the FSFE also collected signatures for a petition calling for an end to advertisements for proprietary software products on government websites. This petition was signed by 90 organisations, 63 businesses and 2,731 individuals.

Furthermore, the FSFE campaigned for change at both national and international levels.

“This success would not have been possible without the help and hard work from our volunteers and the support from our donors. Thank you! While many public and private websites still promote proprietary readers, the level of awareness has changed significantly during our campaign and now it should be much easier for you to approach the remaining web-site administrators. Also most internet users today already use free software when they open a PDF file in their browser -a huge difference from 2009!” says campaign founder Hannes Hauswedell. “Of course work still remains and we invite you to keep on reminding (public) administrators to use open standards and not recommend proprietary software. And with your support, we too, will continue to fight for a web that respects its users’ privacy and freedom!”

Best “superfast” broadband coverage in UK claimed for Bristol

Steve Woods Local IT News, Media and Content, National IT News Comments Off on Best “superfast” broadband coverage in UK claimed for Bristol

image of fibre optic cableToday’s Bristol Post features a report entitled “Bristol best in UK for superfast broadband coverage“.

To quote from the Post piece:

You might think the capital would have the best superfast broadband coverage in the country.

But it is Bristol which tops the UK instead. Figures from thinkbroadband.com, complied [sic] by the Computer Business Review, show the city has the fastest download and upload speeds.

And quoting yet again from the same source:

Bristol has been gunning to be a UK tech hub has the best coverage in the country [sic], with 97.2 per cent of the area having access to superfast broadband.

Spurred on by this somewhat garbled information and determined to check its accuracy (The Bristol Post has a reputation locally for not being completely accurate at all times. Ed.), we tracked down the original Computer Business Review article, which says the following about Bristol and its broadband:

Bristol, which is gunning for a position as another UK tech hub, tops the list with overall superfast coverage of 97.2 percent.

This penetration gives it a download speed of 30.6 Mbps and upload of 5.4 Mbps. Bristol has used its existing infrastructure, a network of ducts built in the 1970s, to roll out fibre at a low cost.

According to the Computer Business Review rankings, the top 10 connected UK cities are (reported coverage follows in brackets. Ed.):

  1. Bristol (97.2%)
  2. Birmingham (95.2%)
  3. Liverpool (94.8%)
  4. Bradford (93.9%)
  5. Leeds (93.5%)
  6. Edinburgh (93%)
  7. London (92.6%)
  8. Manchester (91.9%)
  9. Glasgow (89.8%)
  10. Sheffield (83.7%)

According to the government’s definition, “superfast” broadband is connectivity with a minimum speed of 30 Mbps. However, even in fortunate Bristol, we all too often hear of poor connectivity (sometimes right next to BT exchanges. Ed.), particularly from the city’s digital and creative sectors, to whom good connectivity is essential for commercial success.

Do you live in Bristol or any of the other cities mentioned? What’s your experience of local “superfast” broadband connectivity? Tell us in the comments below.

Open data in Bristol goes 3D

Steve Woods Local Events, Local IT News, Media and Content, Open Data Comments Off on Open data in Bristol goes 3D

Bristol City Council is not unknown for its commitment to open data.

So far it has been building up open data resources in 2 distinct locations: its dedicated open data site and profiles – its data and maps resource about Bristol and its neighbourhoods.

We have now received news from BCC’s Kevin O’Malley that At-Bristol, one of the UK’s leading science and discovery centres, is currently transforming its planetarium to double as a 3D, 360 degree, immersive data visualisation dome, as recently reported by The Register.

Bristol Planetarium
Bristol Planetarium. Photo courtesy of Wikimedia Commons

The revamp is part of the city’s Bristol is Open plan which intends to capitalise on its tech knowledge and position itself as the word’s first “Software Defined Programmable City”. It’ll be interesting to see how the that reacts when faced with the realities of say, St Pauls or Withywood.

The revamped 100 seat planetarium will feature two 4K resolution projectors powered by 17 computers to deliver a 120Hz 3D model of the universe. It is claimed this will convert the facility into the UK’s first 3D planetarium.

The revamped planetarium – known as the Data Dome – will be the subject of a formal reopening on 18th November. More details will be posted on the Connecting Bristol website when available.

The opening is also part of the Festival of the Future City (PDF).

In other open data news, Bristol is also formally an Open Data Institute Network Node (https://theodi.org/nodes). Kevin states that the council will be increasing activity and holding regular events in support of this. Once again, details will be posted on Connecting Bristol.

Bristol bids to become UK’s IoT capital

Steve Woods International IT News, Local IT News Comments Off on Bristol bids to become UK’s IoT capital

As part of a consortium with San Sebastián and Florence, Bristol was recently awarded € 25 million to create integrated smart city solutions for tackling such urban problems as traffic congestion, poor air quality and unsustainable energy use, Bristol University reports. The project will focus primarily on East Bristol and will look at how technology can be developed further to create efficient, integrated and interactive urban environment which put citizens in control.

This award forms part of the EU’s Smart Cities and Communities funding, which comes under the Horizon 2020 innovation programme. That programme was seeking 2-3 three high impact cities, so-called ‘lighthouses’, through which key findings and successful ways of working can be replicated by ‘Follower Cities’ in order to find solutions to urban problems. The consortium, which is named REPLICATE (REnaissance of PLaces with Innovative Citizenship And TEchnologies), achieved highest score of all the entries for its innovative proposal to integrate energy, transport and ICT at scale.

Academics from both Bristol University and UWE will be involved in the project research and evaluation work, co-operating with local and international companies and small business, as well as the community and voluntary sector.

Dr Mike Yearworth, Reader in Engineering Systems at the Faculty of Engineering is leading Bristol University’s collaboration and the strategic planning and business modelling work for the REPLICATE project. Professor Dimitra Simeonidou, Head of the High Performance Networks (HPN) Group in the University’s Faculty of Engineering and Bristol Is Open’s Chief Technology Officer, is developing the Smart City Platform concept. Dr Helen Manchester from the University’s Faculty of Social Sciences and Law will be working with Knowle West Media Centre on involving residents. UWE’s involvement in the project will include Professor Graham Parkhurst, Professor of Sustainable Mobility and Director of the Centre for Transport and Society and Professor Eddie Wilson, Chair in Intelligent Transport Systems and Head of Engineering Maths at Bristol, who have contributed their transport modelling expertise.

News of the successful grant award comes after Bristol City Council submitted a bid last week to become the UK’s first Internet of Things (IoT) Demonstrator city region. If successful, this will generate an investment of nearly £17 million.

internet of things illustration
Image courtesy of Wikimedia Commons

The Demonstrator city competition comes under the aegis of the Department for Culture, Media and Sport (DCMS), which will invest £10 million for a single collaborative research and development project.

The purpose of the demonstrator city is to show how the IoT can be implemented on a large scale by using everyday objects connected to a network. The data captured by the network can benefit citizens by helping to improve the environment and services such as transport.

Bristol is Open (BIO), Bristol University’s joint venture with Bristol City Council, is already pioneering the introduction of smart city technology where data can be collected from city-centre sensors linked to a high performance computer. Bristol is therefore well placed in terms of having the experience, resources and expertise to take this project forward.

In particular, the IoT Demonstrator bid will propose new ways of meeting the challenges to air pollution faced by all large urban areas, particularly as the cost of air pollution in the UK is nearly £54 billion per year and 29,000 premature deaths per annum.

UWE hosts cyber security training camp

Steve Woods Local Events, Local IT News, Training Comments Off on UWE hosts cyber security training camp

UWE’s press office reports that the university is hosting a training camp designed for students interested in careers in cyber security.

hoodie at keyboardThe camp, which takes place from 10-12th October, offers an opportunity to learn about cyber defence from experienced professionals.

Around 40 candidates will spend three days living on site where they will get an insight into the cyber security industry, with a series of security exercises and workshops developed by organisations including HP, the National Crime Agency, CERT UK, BT, BAE IA, Sophos, Whitehatters Academy, CompTIA, Infosec Skills, Grillatech, ANG2 Consulting, IISP and CREST.

On the first day HP will welcome candidates to their labs where they will provide ethical hacking activities. They will work on a series of technical challenges catering for all abilities.

The second day will be held at UWE’s Exhibition and Conference Centre (ECC) and include a session on ethics from the National Crime Agency, whilst the third day will concentrate on careers.

Dr David Coward, UWE’s Head of Computer Science and Creative Technologies, said, “This is a fantastic opportunity. With only 40 students involved and some major organisations taking part, it’s a perfect opportunity for our students to gain access to key companies in the field.”

The candidates will also receive advice on interview techniques, social media networking and CV writing.

This camp is the second in a series of university Insight Camps to to be held this year: later camps follow in early 2016 in Greenwich and Edinburgh; to register your interest in these, please visit the Cyber Security Challenge website.

Bristol University, information leakage and sensitive personal data protection

Steve Woods Local IT News Comments Off on Bristol University, information leakage and sensitive personal data protection

Android screenshotDigital devices, such as smart banking cards or smartphones, are widely used to store private and sensitive data about peoples’ digital lives. However, securing these devices is a major task for the computing industry. A new research project by Bristol University’s Cryptography Research Group hopes to address the problem of leakage-related attacks.

Information leakage via side channels is a widely recognised threat to cyber security. Small devices in particular are known to leak information through physical channels, i.e. power consumption, electromagnetic radiation and timing behaviour. In other words, the power consumed by mobile phones can reveal information about the data stored on the phone and attackers could steal this data by capturing the leakage. This can ultimately lead to complete security breaches in the form of data recovery.

At present, accounting for leakage requires access to a fully-equipped testing lab with skilled people to conduct side channel experiments. This makes it virtually impossible for general cevice developers to test their products against leakage attacks as these labs are only available to high-end developers, such as those producing chip-and-pin cards.

The aim of the data leakage research project is to bring the skill of a testing lab to the desk of a standard consumer devices developer without the need for domain specific knowledge. To ensure the success of the project the research group has partnered with Embecosm, a leading developer of compiler toolchains.

Project leader Dr Elisabeth Oswald, Reader in Applied Cryptography in the Cryptography Research Group, said: “Our previous research has shown that in the case of small embedded devices, the nature of the leakages can be appropriately modelled using statistical tools.

“This project’s research hypothesis is that one can make meaningful statements about the leakage behaviour of new implementations on such small devices by utilising a priori derived models.”

The researchers hope the project will lead to a new generation of devices providing consumers with high-end security in low-end devices, as well as protecting consumers’ sensitive information. This is another important step on the arms race between the good and the bad guys as the world gets even more digital and attackers become more sophisticated.

France: one-third of local authorities embrace open data

Steve Woods International IT News, Open Data Comments Off on France: one-third of local authorities embrace open data

According to a study carried out by Markess International, the majority of local authorities should have initiated an open data process between now and 2017, French IT news site Le Monde Informatique reports. This type of project forms a springboard for digital transformation.

image of open data stickersWhile local government reform is is redrawing the local authority map, digital seems to be at the heart of the new organisational models. This at least is the message that Markess wants to pass on with the published results of its study of local government trends in 2015, which involved conducting online interviews with 53 local authority decision-makers in July and August. Data and its sharing, particularly via open data, lies at the heart of this revolution. One-third of authorities have already launched such a process and a majority should have joined them by 2017.

The initiatives which have already been implemented (particularly with the support or involvement of Etalab*) motivate those authorities that have not set out on this path to emulate them. Open data and data sharing break down traditional silos (to use the terminology. Ed.), calling existing processes into question. Format, licence, publication method and interoperability are problems which often go over the heads of local officials who therefore need to rely on expert opinion (not to mention the typical bureaucratic suspicion of openness. Ed.) . The question of technical tools also arises whilst data correlation is a priority for 39% of respondents, as are unstructured data analysis (35% of respondents), real-time analysis (26%) and visualisation (23%).

* Etalab is a public sector organisation established by the French Prime Minister in 2011. It is entrusted with creating a single interministerial portal for French public data, particularly for “strategic and quality data” within the scope of an open data policy. Source: French Wikipedia Etalab page.

Motor manufacturers should make their software available for review says Dutch MEP

Steve Woods International IT News, Open Source News Comments Off on Motor manufacturers should make their software available for review says Dutch MEP

The so-called “diesel dupe” in which the US Environmental Protection Agency (EPA) found that many Volkswagen and Audi cars sold in the USA had devices in diesel engines that could detect when they were being tested and changed performance accordingly to improve results is having repercussions on both sides of the Atlantic.

In the States itself the Free Software Foundation has reported the response of Eben Moglen of the Software Freedom Law Center to the scandal:

If Volkswagen knew that every customer who buys a vehicle would have a right to read the source code of all the software in the vehicle, they would never even consider the cheat, because the certainty of getting caught would terrify them.

Paul Tang MEP photographed in 2014On this side of the Atlantic, Dutch Labour (PvdA) MEP Paul Tang (pictured) reportedly wants the European Commission to compel motor manufacturers to open up the source code of their motor management software. This would counteract the manipulation of nitrogen oxide (NOx) test results as practised by the Volkswagen Group.

In written questions Tang is urging the European Commission to introduce practical measures. “We know that these types of chips exist, but we still don’t know how they work”, says Tang. “Motor manufacturers can therefore continue to provide doctored test models.” In this way other instances of this kind of manipulation by other manufacturers can also be exposed. (In the USA specific vehicles are provided for emissions testing; in Europe the equivalent test specimens are picked randomly off the production line. Ed.)

Finally, EU open source news site Joinup reports that this case is not the first time products have been fraudulently tweaked to pass emission requirements or to deceive customers. For example, Samsung, along with other manufacturers of hand-held devices, had their devices automatically raise thermal limits, voltages, frequencies and the number of processor cores put to work when they detected certain benchmarks being run, thus these manufacturers manipulated performance test results by the media, consumer groups and buyers.

A world without Linux

Steve Woods International IT News, Media and Content, Open Source News Comments Off on A world without Linux

Below is the first of what will a series of videos seeking to depict what the world would be like had Linus Torvalds not released his kernel 24 years ago, with that kernel then being combined with the tools produced by the GNU project to create a powerful and reliable operating system.

A World Without Linux is a web series that flips this reality on its head to illustrate entertainingly just how pervasive Linux is today.

The video itself reminds your correspondent of how much time he used to spend doing work research in reference libraries before the advent of the internet: now the internet comes to him, which is much more convenient. 🙂

Linux is the world’s largest collaborative project in the history of computing. It runs most of the world’s technology infrastructure and is supported by more developers and companies than any other platform. It’s everywhere – from your phone to your car and your office. It also powers the internet, the cloud, the world’s stock exchanges, supercomputers, embedded devices and more.

FSF was 30 at weekend

Steve Woods International Events, International IT News, Open Source News Comments Off on FSF was 30 at weekend

The weekend just gone saw another anniversary that ought not be forgotten: the Free Software Foundation (FSF) passed the 30 years milestone.

Richard StallmanGerman IT news website heise reports that the FSF was founded by Richard Stallman (aka rms. Ed.) on 4th October 1985.

At that time the organisation’s goal was fully consistent with the then Unix hacker culture, i.e. promoting the free exchange of computer software and information, distribution of computer software and information and easier access to computers for all.

One year previously Stallman had already founded the GNU Project. GNU was to be a free operating system compatible with Unix, which had already lost its open source roots by the late 1970s and had become a commercial product. In parallel with the decline of Unix, the success of GNU/Linux (Stallman’s GNU system with Linus Torvalds’ Linux kernel) shows how correct Stallman’s vision then was.

For John Sullivan, the FSF’s Executive Director, the greatest current danger lies in the increasing computerisation of our environment. PCs, laptops and Server have in the meantime been made able to run on free software. However, it’s a different matter for the innumerable embedded systems out there – from car onboard computers to smartwatches; these are not under the user’s control although they are nevertheless performing important tasks. He sees a further danger in proprietary services from Facebook via Salesforce, as well as from Google Docs, which also removes control from users over the whereabouts of their data.

The FSF is currently concentrating on explaining to the public the importance of free software, supporting free software projects, various campaigns such as the “Defective by Design” anti-DRM campaign, the enforcement of free software licences and promoting free hardware.

Linux kernel is 24 years young on Monday

Steve Woods International Events, International IT News, Open Source News 1 Comment »

Although Linus Torvalds, the originator of the Linux kernel, announced his initial work on the kernel on 25th August 1991, it was not until 5th October 1991 that Linus actually released his code: Linux kernel 0.01.

Linus Torvalds gives a photographer the finger
Linus Torvalds in combative mood

With this October anniversary in mind, it’s worth taking a bit of time to review what’s changed to the kernel over the intervening years.

Version 0.01 of the kernel had 10,293 lines of code. In contrast, version 4.1, released in July 2015, has more than 19 million lines of code, according to Phoronix. That’s quite spectacular!

The current Linux kernel is the result of one of the largest collaborative projects ever attempted and since tracking began 10 years ago, more than 10,000 developers working from more than 1,200 companies have contributed to the kernel.

Furthermore, the speed of Linux kernel development is breathtaking. The average number of changes accepted into the kernel per hour is 7.71, equivalent to 185 changes every day and nearly 1,300 per week.

This rapid development and collaboration have been a spur to others. Writing yesterday on the Linux Foundation blog, Jennifer Cloer states: “In recent years, the powerful growth of the Linux kernel and resulting innovation has inspired others to adapt the principles, practices and methodologies that makes Linux so successful to solve some of today’s most complex technology problems,” and, “We’ve learned so much from Linux and have no doubt that learning will continue.”