dmarti suggested that people come to my trusted computing talk at SDForum tomorrow, but that talk's been cancelled, so you'd be better off not showing up for it.

LNX-BBC

We haven't posted an official release announcement, but we did release LNX-BBC 2.1 (get a torrent, or do lame old direct download). They're going to be sold through the EFF store and the FSF membership program, and of course you can sell your own if you like. Business-card CD-R blanks have prices comparable to those of regular CD-R blanks a couple of years ago.

Hashes

I've had this silly momentary obsession with hacking our releases so that their MD5 checksums start with "bbcbbc", or perhaps so that both their MD5 and SHA1 checksums start with "bbc". I've been experimenting with some Python code which appends bytes to a given document in order to cause it to have a hash with chosen properties. Fortunately, you can't choose more than a few bytes of the hash, as a practical matter, but my success in this makes me want to encourage people to actually read the whole PGP key fingerprint when you're signing a key. Some people sort of doze off in the middle of verifying a fingerprint.

To make a checksum start with "bbc", you only have to examine about 4096 possibilities, and to make it start with "bbcbbc" (or "bbc210") it would be about 16777216 possibilities. Soon after that, we start to run into trouble.

Zack suggested the right approach: you don't hash the whole file every time, you hash the original file, save the current state of the digest, and then see what the output of the digest would be if you updated it with any of some thousands or millions or more of alternatives. In my code this is done with a loop containing a digest.copy(), digest.update(), and digest.hexdigest(), which work properly with Python's md5 and sha modules. It takes only a few seconds to run for a short string.

BitTorrent

Bram is famous; Jack Valenti sent personal letters to each of the five Commissioners of the FCC, mentioning BitTorrent downloads of TV shows as an argument for expanding technology regulation. The letters are signed "Warmly, Jack" -- by hand.

I know of two useful BitTorrent patches floating around; I wrote one (to make --responsefile and --url basically optional) and Aaron Swartz wrote another (a command-line downloader with a single status line, like wget).

General

I'm pretty busy with EFF stuff and still keeping my diary over here.

Palladium

I got a lot of attention not long ago for my diary entry with notes from our meeting with the Microsoft Palladium developers. That was a surprise; I didn't know that so many people were reading my new diary. I guess even more are reading it now.

The meeting was about four hours at the EFF office in San Francisco, and some of the people who are in charge of Palladium answered our technical questions, with no NDA. So that was interesting, and I see I'm not the only one curious about the results.

BBC

We aren't going to have a new version of LNX-BBC ready for LinuxWorld. We'd been hoping to, but we got caught up in the strange world of pivot_root. I did manage to rewrite "rdev" in one line of Perl, even though I'm not a Perl programmer. :-)

We also had a hard time getting in-person meetings together, and our volunteer usability tester got pregnant! At present, we have a rough outline for a revamped boot sequence using linuxrc. The old version simply used an initrd and never changed the root filesystem to be anywhere other than the RAM disk, but now we're getting more ambitious, and we're using an incredible mix of filesystem types. We have found possible uses for tmpfs, FAT, ext2fs, iso9660, cramfs, romfs, and the cloop compressed block device driver all within the same project. So we are becoming true boot sequence geeks.

I do hope that the new LNX-BBC version will be out before people have forgotten about our project. It's gotten some nice reviews in the past, and thousands of people are still carrying them in their wallets, but as the old discs crack, memories will fade, too. We've got a big CVS tree using GAR, Nick Moffitt's cool build system (which is the basis for the much-more-famous GARNOME, even though GAR was actually designed for the LNX-BBC project).

Our GAR tree now builds about 90% of the binaries which we shipped on the previous version -- in a repeatable, reliable way, from upstream sources. As Nick says, it's like an equivalent of BSD ports, but for gmake on Linux.

Conferences

I'm hoping to be at DEF CON, USENIX Security, and LinuxWorld in the next three weeks. After that, I don't have any concrete plans, but I'm sure I'll be back at CPTWG before long. We need more free software people at standards meetings and consortium meetings where DRM work is being done. A lot of the people who are doing DRM standards have never heard of free software before. (Some of them are actively hostile to it, but not all.)

In other news

You can find out lots of other news by reading Vitanuova. Of some free software interest: we are continuing to fight the "broadcast flag" mandate and other parts of Hollywood's legislative agenda. This also is something I wish more free software people would get involved in. The problem is that, when I describe how the broadcast flag works, people break out laughing. They apparently don't believe that something so silly could become Federal law. But I tell you that it's by narrow escapes and hard work that it isn't Federal law today.

The Palladium people are going to come back during USENIX Security to meet with us again and share more details, which I expect I'll write about in my web diary. I've also put in an inquiry with TCPA to ask the TCPA committee to visit EFF and give us their own overview. (Contrary to what some people believe, Palladium and TCPA are distinct and have different technical characteristics.)

That riddles archive is a lot of fun. I have found a horribly inefficient solution to the "100 prisoners and the light bulb" problem.

Development of the new LNX-BBC is going pretty well, thanks mainly to Nick Moffitt's cool GAR system (an integrated build environment implemented in gmake). I think there will be a new release early this summer. It's been almost a year since the previous release (1.618).

I got a nice new computer at work; our sysadmin put Red Hat 7.3 on it and I realized that it's been a long time since I had a Linux desktop with current software on it. There are unfortunately plenty of things I don't recognize, and features which come as a surprise to me, like large file support.

I'm spending most of my time working on EFF court cases and understanding and fighting Hollywood's legislative agenda. It's extremely worth reading this MPAA document, called "Content Protection Status Report", which sets out quite lucidly what America's most powerful copyright companies want and expect to accomplish in Congress in the near future. Among other things, they'd like to see a watermark detector legally required in every analog-to-digital convertor, in order to deal with the "analog hole" (the fact that you can avoid DRM restrictions by starting with analog media).

I'm calling it "Hollywood's new science-fiction and horror summer blockbuster".

EFF and others are having a party to celebrate Dmitry Sklyarov's return home. The party is in San Francisco on Wednesday evening. Or gurer be or fdhner.