Information Technology Research Update by Diomidis Spinellis Department of Management Science and Technology Athens University of Economics and Business (AUEB) http://www.dmst.aueb.gr/dds/ Volume 2 Issue 5 October 3rd, 2002 A free periodic newsletter providing summaries, analyses, insights, and commentaries on information technology research brought to you by the Information Systems Technology laboratory http://istlab.dmst.aueb.gr In this issue: - Technologies to Watch - HBR and WSJ on RFIDs - IEEE Security & Privacy Magazine - The New Linux Kernel Technologies to Watch --------------------- ACM's TechNews, the IEEE Spectrum and the Economist's Technology Quarterly (TQ) supplement are some key the places where new technologies and trends are often aired. The September issue of the TQ was choke-full of IT news including features on the ultra-wideband (UWB) wireless technology, drug delivery microchips, electronic voting, the relationship between Internet adoption and societal trust, digital rights management, streaming video, inkjet printers, and a portrait of Sun's Bill Joy ("The other Bill"). UWB is predicted to supplant Bluetooth and WiFi (the wireless Ethernet standard previously known as 802.11b) as the preferred method for the wireless distribution of video and music within the home. With Hyperlan advocated in Europe over WiFi, and two competing 3G technologies also claiming broadband capabilities we predict a new all-out standards war. Electronic voting methods are gaining popularity all over the world, but the risks introduced by their adoption are considerable. Recent debate in the USENET comp.risks forum has highlighted the problems of ensuring, the often contradictory, goals of confidentiality and verifiability. Voting machines whose operation is protected as a trade secret and company owners linked with the Russia mafia further complicate the picture. Two solutions being proposed involve using the machine as an automated device for creating user-verifiable ballots. Researcher Barbara Mercury advocates a printed receipt that the voter can visually verify, while cryptographer David Chaum proposed a readable ballot consisting of two layers: once these are separated, they can be used for counting votes, but are not anymore readable by humans. In addition, the ballot part retained by voters can be used to verify over the web that their vote was indeed counted. The high compression ratios of music and video achieved by the respective MP3 and the upcoming object-based MPEG-4 standard, coupled with the high popularity of online sharing platforms like Napster (now defunct), KaZaA, and Morpheus are creating a lot of anguish for content makers, owners, and distributors: artists, record labels, and now also film studios. The responses are varied, but can be broadly classified into legislative, technology-based, and revised business models. The legislative approaches are apparently receiving the most attention in the US. They have been widely ridiculed as trying to create a new crime: "interference with a business model", but are nevertheless gaining ground. As an example, the US Digital Millennium Copyright Act (DMCA) prohibits consumers to reverse-engineer technical measures that are used to prohibit copying, even when consumers need to do so to exercise their fair-use rights. Recent proposals try to mix technology and law into a potential explosive mix. One would allow record studios to launch hacking attacks against user machines participating in peer-to-peer illegal file sharing networks. Technology-based approaches are equally interesting. The Trusted Computing Platform Alliance and Microsoft's Palladium architecture are aiming to create a hardware base for a trusted platform that can be used to allow only authorized content distribution and disallow software that does not conform to digital rights management (DRM) standards. Interestingly, a Microsoft representative recently claimed at a conference that Palladium could not be used against software piracy; shortly afterwards an independent researcher filed for a number of patents covering this application area. A different technical approach to DRM is based solely on innovative cryptography. In 1993 Amos Fiat and Moni Naor demonstrated how two unrelated devices can establish a key with only a one way communication path; the approach was later extended to also allow revocation (taking back a key) over the same path. This technology, termed "broadcast encryption" can for example be used for distributing DVDs encrypted with a key that is not stored as such on the DVD player. An article in the August 2002 issue of IEEE Computer details how the scheme can be used for securely distributing digital content. New business models are however the most probable long-term industry response. Pressplay, a joint venture between Sony and Universal is using Microsoft's DRM technology to offer over 100,000 tracks for $9.95 a month. Other approaches use online web-based fan clubs as a way to promote CDs and free song downloads as a method for obtaining consumer information for cross-selling purposes. Touching the technologies behind online content sharing communities is the Economist's portrait of Bill Joy, termed "Edison of the Internet" because of his crucial role behind the Berkeley Unix TCP/IP implementation, Sun's RISC processors, Java, and Jini. Recently Bill Joy and his colleague Mike Clary developed JXTA (pronounced "Juxta") as a suite of protocols that allow individual computers to organise themselves into peer-to-peer networks. You can find-out more about JXTA and downlaod a free copy from . HBR and WSJ on RFIDs -------------------- You will probably have read in previous issues of the Information Technology Research Update details of the RFID technology: cheap microchips that can be put on a product (or even a banknote; see ITRU v2i1) to passively send a unique identifier when queried by an external electronic device. In a recent article in the Harvard Business Review (Glover T. Ferguson, "Have Your Objects Call My Objects", Harvard Business Review 80(6):138, June 2002) the author identifies the important potential of a new breed of sophisticated object-to-object RFID applications. These will flourish, standardizing the "silent commerce" paradigm and paving the way for new business models. Such applications include end-to-end product tracking, variable pricing on a much higher scale, products able to adjust themselves to improve conditions such as safety, downtime, etc., and RFID implants that relay personal medical information. A related article in the Wall Street Journal (23/9/2002) informs us that Frost & Sullivan expects the RFID application market to grow at a yearly rate of 29 percent and be worth around $7.25 billion by 2008, drawing most of its strength from manufacturing, logistics, transportation, and security. MIT's Auto-ID Center and the Cambridge Institute for Manufacturing are engaged in RFID infrastructure development, while some retailers and suppliers have embarked on pilot programs. [eLTRUN is currently running a pilot study in a super-market as part of the IST-funded myGrocer project.] RFID tags still remain too costly to incorporate into many mass-market goods, and Donna Schollard of the Unilever Digital Futures Laboratory says that it could take over five years to reach the ideal goal of 1 cent per unit. IEEE Security & Privacy Magazine -------------------------------- The IEEE Computer Society Board of Governors approved a new periodical to be launched in 2003 aiming to deliver practical, real-world security and privacy solutions to computing professionals. You can obtain a preview of the type of information the IEEE Security & Privacy Magazine will offer by visiting the April Security and Privacy supplement to the Computer magazine, located at . The New Linux Kernel -------------------- (Contributed by Giorgos Gousios, ISTLAB research associate) The Linux kernel has come a long way since the time it only supported a very restricted set of devices and architectures. Today Linux is ported to almost all feasible architectures and supports almost every device that is conformant to some kind of standard. The existing infrastructure also allows good expandability, for example the USB 2.0 bus support was done almost immediately after the standard was out. This kind of progress is not a matter of chance. A big amount of effort is put behind the scenes by developers. The democratic community of the kernel hackers decides what to be supported and how by organising the kernel summits, a developer's gathering that tends to become a standard the last few years. The rest of this bulletin is going to be a summary of what was discussed and desired at the two kernel summits for the development of the 2.5 kernel series. Filesystems: Many new filesystems are now supported by default in the kernel and Linux is able to boot from partitions that contain them. Most of them are back ported from other commercial UNIX OS's to ensure compatibility and to cover the lack of a standard journaled fs. New filesystems include IBM's JFS, SGI's XFS, a new version of ReiserFS and ext3fs, linux's standard ext2fs reimpemented to support journalling. Also the VFS layer is moving to support SGI's delayed allocation technique, allowing the system to just mark the space an application needs when writing to a file and queuing the write operation for bigger writing blocks. Finally, the kernel contains improved support for other common filesystems, such as NTFS and UDF. Block Layer: The block layer is an abstraction layer to underlying storage devices (e.g. SCSI drives) and device structures (e.g. RAID). There were some inherent problems in the current implementation, for example the exhaustion of device numbers and the incomplete error reporting. What is going to be in the 2.6 kernel series almost a reimplementation of the block layer with new features such as I/O barriers, that allows the layer to place restrictions on the reorganization of writes for ensuring that a committed write is committed indeed, and multipage I/O optimisations that will speed up writes of big chunks of data in parallel. Hot-plugging: This is almost new in the kernel. It is a generic mechanism of handling device hook up and removal events. Hot plugging is supported by most modern buses, e.g. PCI, USB and PCMCIA. The mechanism that works now is to start a script after each device event, that is responsible to decide for the event, load the appropriate supporting modules and export a device name. The device naming is a hard part of the implementation because names must make sense to user and it is not guaranteed that the appropriate devices exist in /dev. Database optimisations: Database systems are of great importance for business and thus many requests by commercial brands at the kernel summits were for improving large database performance. Current issues among others include raw I/O driver splitting large write requests in chunks, lack of asynchronous I/O, lack of large memory pages, heavyweight semaphore implementation and lack of multiqueue scheduler. Most of these issues will be fixed in the 2.6 series, so that the use of Linux on large database servers will be more straightforward. Security: Linux currently lacks a standard security infrastructure that will allow it to veto some operations to certain applications. The Loadable Security Module (LSM) project is trying to provide a standard mechanism by which enhanced security regimes could be loaded into the kernel. Since there is little performance penalty (around 2-5%) and the interface is already frozen, there are great chances that the LSM will be merged to the 2.6 tree. Power management: Power management has been a weak point in Linux. Support for APM was only completed after the standard had been obsoleted by ACPI. The ACPI standard defines an interface that allows the kernel to get information for the resources a computer offers and manage their power consumption. The ACPI implementation is now almost into the kernel, and from the writer's experience is working really well. The only lacking feature is the sleep mode, which in turn raises many issues difficult to come by (e.g. developers need to find a generic way to speak to device drivers in order to put them to sleep). Other changes: There are many other changes that are not discussed in detail: A port to AMD's x86-64 architecture, the long awaited asynchronous I/O interface, many SCSI cleanups including the rumoured mid-layer (the layer between SCSI controller drivers and SCSI devices) extinction as a consequence of the block layer advances, the aforementioned USB 2.0 support, virtual memory system enhancements, development of an inline documentation system similar to Java's one, support for fast process switching useful for real time systems, processor optimisations, a new build system, networking and firewall optimisations, a new bunch of device drivers, Bluetooth and many other smaller things. As it is obvious for the above the new Linux kernel will be even more capable of competing with well known commercial systems in the business arena. The main target of the newly developed kernel, scalability, seems ready to be achieved and all the changes together will allow Linux to claim a larger share in the OS market.