About Me

I ramble about a number of things - but travel experiences, movies and music feature prominently. See my label cloud for a better idea. All comnments and opinions on this blog are my own, and do not in any way reflect the opinions/position of my employer (past/current/future).

17 August 2007

Music: Sister Chain & Brother John and Daniel Colletti

One of the Berlin residents from the Autosport Forums alerted me to a gig in one of the many cafes+bar+clubs in Berlin. So, together with Martin, I decided to go check it out. Intersoup can be described as an Asian cafe+bar, but with a very limited menu (comprising of soups and dumplings). However, the food was very good!

The opening act was a solo Goth guitarist, Daniel Colletti. The lyrics were in German, so can't really comment - but Martin said that it was quite depressing. Well, it was goth music ... Musically, rather unimpressive, but it was interesting to hear live music in a strange language.

The "star act" was a duo that describe their music as Victorian rock, and was described by the venue's flyer as "experimental rock". The duo, an Englishman playing bass or electric guitar, and a woman (who could speak German, not sure if she is German) who was the main vocalist. It was certainly very interesting music, and the lyrics were very cool - some were funny, some were serious ... but all very interesting. I think the closest mainstream act I can think off that they could resemble, would be Björk. Martin was so impressed, that he bought their EP!

Overall, it was a good night of food and music!

16 August 2007

Software Liability

The recent furore about the quality of Chinese made toys has brought an interesting subject to light: product liability. In the most recent case, Mattel, the world’s largest toy maker has recalled entire product lines because of two separate issues. The biggest issue (happened twice in two weeks), was the case of the use of lead based paint. As the Wikipedia article on lead explains, long term exposure to lead could lead to damage to the nervous system and other problems; and thus the use of lead based paint has been discontinued in most industrial nations. Thus this issue of product liability has arisen out of the manufacturing process. The second issue, was the recall of certain magnetic toys, which are dangerous if swallowed, and despite certain news reports, it is not really the fault of the Chinese manufacturers. Rather, it is a design problem – the toy designers designed a faulty product, and these toys are being recalled so that they can be fixed.

This is my round about way to get to the topic – software liability. Unlike every other product in the world, software development houses (the vendors) are effectively immune from product liability. One of the biggest factors behind security issues in computer systems are because products are not designed and developed (manufactured) correctly – leading to a multitude of security problems. But unlike Mattel, vendors do not have to recall software because of bad design or development. In fact, while many vendors do provide patches, there is no obligation for them to do so (well it does make business sense for them to do so, most of the time).

There have been many, most notably Bruce Schneier, who have argued that product liability must also extend to software, and it is the only way to get more reliable, secure software. His basic argument is, at the moment, there is currently no incentive for a vendor to make secure software; and instead, it is the end user who is forced to spend extra money in an attempt to make his computer more secure through the use of firewalls, anti virus software etc. Not surprisingly, majority of vendors are opposed to software liability. They contend that software is too complex, and that there will always be bugs. Furthermore, it is not necessarily just the software that is at fault, but the combination of software applications that are used that is at fault.

In the recent report (pdf) by the Science and Technology Committee of the UK’s House of Lords (really good read), Prof. Mark Handley from University College London, sums it up very well:
“If your PC, for example, gets compromised at the moment there is no real liability for the software vendors or the person who sold them the PC or anything else. The question then is: did the person who sold you that software or the person who wrote that software or whatever actually do the best job industry knows how to do in writing that software? If they did then I really do not think they should be liable, but if they did not then I think some liability ought to be there.”

And that is exactly how product liability in other disciplines work: if a bridge falls down, it is only the fault of the construction company if they did not follow accepted standard practices like taking shortcuts or building the bridge using poor quality materials. Likewise, it is the designer's fault if they build a bridge in an area known for earthquakes without considering earthquakes in their design. And it is the same reason, Mattel is recalling some magnetic toys – because the designers did not consider what would happen if children swallowed those magnets.

Software should be the same. There needs to be some degree of accountability. During the design phase considerations such as security , reliability, stability must be taken into account. And there are tools out there to conduct rigorous testing of software design: for example (citing a tool that I know very well), Petri nets can be used to prove whether a process is bounded or not – and unbounded processes provide a good indication that the process could experience buffer overflows or similar issues during implementation.

Similarly, development also needs to have some degree of accountability. Buffer overflows caused because there are no checks on whether the input is of a correct size or not is not usually a fault of the designer. It is the fault of the programmers who did not bother to check for it, and the QA people because they forgot to test for it. Yes, programming is still a human process, and unlike robotic assembly lines, cannot be relied upon to provide perfect results, all the time. But there should be a reasonable grounding of all programmers to deliver a certain level of quality. It’s the least that should be expected.

Off course, this does not mean that patches will not be required. But, hopefully, patches will be used to fix vulnerabilities and bugs that are beyond the basic assurances. And this would still mean that users have to take care and maintain their computers and software – just like every other product. And just like every other product, the vendors should inform the users of the correct way to use and maintain software. The issue of a “computer driving license” has often been discussed … maybe it is high time, that it is actually discussed seriously.

There is off course the case of open source. In open source software, there is often no one to sue (for liability). But I think Bruce Schneier provides the perfect middle ground: open source software that is freely distributed, installed and maintained by the user (through help from online communities) should not offer any liability protection; after all the software cost nothing to begin with. However, vendors that package and support open source software (such as Red Hat), should be liable. In the end it is about assurance: from a vendor like Red Hat you are getting assurance that a specific set of open source products that is secure and stable.

I think it is inevitable that software liability will happen; it is just a matter of when. In their recommendations, the Science and Technology Committee of the UK’s House of Lords state:
“We therefore recommend that the Government explore, at European level, the introduction of the principle of vendor liability within the IT industry. In the short term we recommend that such liability should be imposed on vendors (that is, software and hardware manufacturers), notwithstanding end user licensing agreements, circumstances where negligence can be demonstrated. In the longer term, as the industry matures, a comprehensive framework of vendor liability and consumer protection should be introduced.”

14 August 2007


Potsdam is a town near Berlin, the capital of the Brandenburg state, and was the summer residence of the Prussian royalty. The major tourist attractions of Potsdam, are the royal palaces and their grounds and gardens; now a UNESCO heritage site. Exploring Potsdam on your own is difficult: access into many of the palaces is available only through guided tours (which are off course, mainly, if not all, in German). For this reason, my Lonely Planet guide suggested that the palaces are best explored through tour companies, and I joined Brewer's Tours for the third time, now for their Potsdam tour.

The tour was led by Terry Brewer, the founder of the tour company. He once worked for the Allies, in Berlin, during the partition, and for the British Navy for a number of years, before "retiring" to Berlin. Tour guides make the tour, and he was a brilliant host, and his stories, his humour, and most of all, his knowledge, made the tour worth every Euro cent! The tour party was quite impressive too; apart from me, there were two Greek housewives visiting their daughters studying in Berlin, two physists working in Berlin (one from Italy, the other from Morocco) and an American movie producer, who is about to wrap up her first movie (documentary really) about tour guides in Berlin!

A point about the weather (see previous post) - it was forcasted to be sunny - even in the morning on the subway station. It drizzled for most of the day, so many of the outside shots were just not as spectacular as they should be. But no purple skies! :P

The palaces are strictly controlled, and every one has to wear these funny slippers inside most of the palaces. The slipers would make it lots of fun to slide in the marble halls ... and if it wasn't for the many minders, I think we would have had some competitions! You are also not allowed to take photos, so no views from the inside.

From Berlin, we caught a train to Potsdam (considered in the C zone in the Berlin transport system). We got off at Sancoussi Gardens station, and then started off at the New Palace, built by Frederick the Great in the 1760s. There are some spectacular rooms inside, especially the jeweled great hall, which is decorated with crystals and gems, and the top of Mount Kilimanjaro. The lavish lifestyle of royalty is so well demonstrated, and so spectacular.

I know it is Germany, and not prudish England, but the number of statues and paintings around the various palaces that have sexual overtones (some going further than overtones) is quite amazing. The swinging sixties could be considered prudish at times ... Oh yes, on this topic, one must mention about the bedrooms of the princes, which were adorned with paintings of naked women (renaissance art off course), and not forget the countless statues of naked men. Equality existed back then, I suppose.

The Orangery Palace, built in the 1850's was built to serve as a part greenhouse, part retreat. It has good views from the top, but it is the "fake" art gallery, full of Raphael copies that is really impressive. And it was open to the public back then too!

Sanssouci Palace, is the main attraction. However, the queues are massive (even on the rainy day, there was a 3 hour waiting time), and we just did not go in. It was not even part of the day pass for the palaces for that reason. But I think I am "palaced" out for now, even for Charlottenburg Palace in Berlin.

Unlike the Orangery Palace, the Picture Gallery, hosts real paintings - about 100 of them. It was possibly the world's first public gallery, and was built in 1763. The paintings are amazing, and so is the decorations of the gallery roof, doors and walls ... they just don't make galleries like these anymore.

The Marble Palace, under heavy restoration was the last stop for the day. The really interesting item in the entire palace is an old "secretary" desk - complete with a huge number of hidden cabinets; which are opened by hidden buttons, turning the key twice, rotating various columns (three sides have mirrors or paintings, the last show drawers). It is just absolutely amazing.

The Cecilienhof is the newest palace, and is famous for the location of the Potsdam Conference in 1945; where Germany was carved up between the victors of WW 2. It was here that US President Truman announced the development of the Atom bomb, and is also possibly the place where Truman signed the authorisation to drop the Atomic bomb on Hiroshima and Nagasaki ... possibly because it has yet to be revealed whether Truman signed the treaty in the White House before coming over to Potsdam. For modern Germany, it is possibly the most important palace of the lot.

Potsdam is a fascinating town, and to do real justice to it, I would need at least 5 or 6 days; time I do not have :( After the tour, most of the tour party (including Terry) went out to a pizza place in Berlin; referred to as "Anarchist Pizza" by the physicists. Very impressive pizzas (I had the one with Horse ham .. couldn't resist ...) and very funky location, complete with posters, graffiti, and clocks showing time in the various communist capitals of the world such as Beijing, Havana and Ho Chi Minh City. It was a great day really.

Weather forecasting through dice rolls

How hard is it to predict the weather? I don't know, but what I do know is not to bother with looking at the weather forecast for Berlin: it's always wrong, regardless of who gives it: BBC, CNN, local forecast on the underground trains (there are TV in the trains, that give news highlights etc of Berlin) and even the Internet.

In fact, the Internet is the worst - I have had forecast for heavy rain while it is sunny outside without a cloud in the sky and sunny forecasts for days where it is pelting down with rain (Friday being the most recent example).

South African weather forecasts seems to be very accurate; so the question remains: does Berlin lie on the path of a particularly bad weather system, or are the forecasters simply not good?