If the law supposes that, the law is a ass – a idiot

If the law supposes that, the law is a ass – a idiot

If the law supposes that, the law is a ass – a idiot[1]

I have at last had a glance at Windows XP Service Pack 2. I cannot say that I like what I have seen. It can lull users into a false sense of security, while they are little more safe than beforehand. Why should this be? Well, let us start on a Microsoft feature called ActiveX; if you seek a definition of what this is, the Windows glossary tells us, “A set of technologies that allows software components to interact with one another in a networked environment, regardless of the language in which the components were created”. What does this mean? Let me narrowly rewrite this definition so that the potential danger it presents becomes more apparent. A set of technologies that allows software components, such as viruses, Trojan Horses and other malware, to interact with others in an internet environment. In other words, without ActiveX operating in the background, a PC would be less liable to have many forms of pests installed.

So, how can we avoid using ActiveX in our everyday activities? The biggest danger is with Microsoft internet explorer, which relies heavily on it for some of its features. Other browsers, such as Firefox, Netscape and Opera do not use ActiveX, so switching away from IE to one of the others (I recommend the free Firefox) is already a very positive action in favour of security. Nevertheless, in a corporate environment, sometimes one is forced to use IE. In this case, there is a way of disabling ActiveX. Open IE and go to Tools|Internet Options|Security|Custom Level; you can choose a radio button labelled Disable under “Run ActiveX controls and plug-ins”. There is a downside to this: you may find some web sites displaying incorrectly, if they were written in such a way as to use non-standard features, but it also means that the authors of these sites can not force an install of any kind of malware. It is possible to overcome this difficulty if you add the URLs of sites you are 100 per cent sure of as being free of pests to IE's trusted site list and not requiring server verification to these sites.

You may argue that SP2 corrected all the ActiveX security issues. That is true, but only the security issues that were known to Microsoft some months before SP2 was issued. Since then, many others have been sought out by those whose joy it is to cause as much pain as possible to internet users.

Let me cite another weakness that SP2 has not corrected. There is a firewall system incorporated in XP. What is a software firewall? Basically, it is a system that is supposed to block unauthorised access to and from the internet. The TCP/IP system is a protocol that allows networking, including to the internet, by using ports, of which there are literally thousands. The firewall blocks access to ports that are not in use, so preventing third parties from cracking into your machine. For example, port 110 is, by default, the one that is used when you receive an e-mail, while port 25 is used to send one. Each application you have that uses the internet is allocated a port which has to be opened. Most of the commonly used ports are open, whether you use them or not. Now, no security system can ever be perfect and, if you opened a doubtful web site or opened an equally doubtful e-mail attachment, which installed a spyware system on your computer, using ActiveX, then you may be vulnerable. That spyware may use an open port to transmit your keystrokes to a third party. The XP firewall system, like hardware firewalls, does not block any ports to outgoing data so relying on it may lead you to all sorts of hazards, such as crooks finding out your passwords, credit card details and so on. The only way to minimise this risk is to install a firewall that blocks data in both directions. I use ZoneAlarm Pro (there is a free minimal version at www.zonelabs.com), which is regularly upgraded as new cracking methods become apparent. There are also a number of others, such as the Norton Personal Firewall or the Sygate Personal Firewall. However, it is essential to disable the Windows XP firewall before installing a third party one.

Spyware, adware, malware, viruses, Trojan horses, you name it, they are all there waiting for the unwary. I was recently asked to look at a friend's computer, which was badly functioning. The man is not the most computer- literate, although he likes to think he is. My first question was whether he had an anti-virus utility. He replied that he had the free AVG from Grisoft. I asked him whether it was up-to-date. He shrugged his shoulders. Sure enough, it was over 4 months since he had an update. I updated it and did a scan. As luck would have it, his machine was clean of viruses, so I then enquired whether he had an anti-malware utility. He replied that, yes, someone had recommended HijackThis so he installed it but could not understand how to use it. Not knowing the application, I had a quick look at it and did not understand it either! However, it was apparent that it detected a few thousand suspicious items, with long screeds of how to eliminate them. I thought a simpler utility would be more suitable so I installed the free Ad-Aware (I use PestPatrol, but this is not a freebie for removing the pests). I was rather surprised to find it detected only about half the number that HijackThis did, as I thought that it was reasonably good. I, therefore, installed the free PestPatrol, which detects but cannot eliminate. It detected about 95 per cent of those that HijackThis did. The latter gave an impressive detection performance, but I cannot really recommend it, unless you are a professor of information technology. Anyway, it became apparent that, as many of the bugs could not be removed automatically, it was going to be a very lengthy job cleaning up his machine, so we opted for backing up his essential data, reformatting all his drives, reinstalling all his applications and restoring his data. Having done this, the computer worked like a charm. He then went out and bought the Norton Internet Security suite, which comprised firewall, anti-virus, anti-spyware and anti-spam. Hopefully, he will be able to sleep on both ears, now.

I recently came across a superb programme for backing up data. It is called Filestream TurboBackup and a free trial can be downloaded. It has the advantage that it is easy to back up and restore anything you want, including the “System State” of the computer. Better than that, you can put the back up on any hard disc you like on your network. Even better still, you can send it to a CD-R/RW drive, but you may argue that your system is more than a CD will hold. No matter, you still have two choices, a compressed back-up may be spanned over as many CD-Rs as it takes, or even over multiple DVD ± Rs (I am now able to back up to double- layer DVD+ Rs that hold about 8.5 Gb each, the equivalent of 13 ½ CDs!). This does not sound very relevant to an article about the internet, but it is! I participate in a number of technical net lists, such as some of the IPC ones, and I like to archive potentially useful information. I have over a gigabyte of such archives. Previously, I backed up these files to a hard disc on another computer, which was not really convenient: I can now back them up, compressed, to a single CD-RW and add incremental updates. This is an excellent alternative, at www.filestream.com/turbobackup.

Finally for my prologue, I should like to go completely off-topic, at least from the point of view of the subject matter of this journal. As you probably know, I live in the Republic of Cyprus. The press and information office of the government of this island has recently inaugurated a good web site entitled the Aspects of Cyprus at www.aspectsofcyprus.com/ and, from here, you can download and view a large number of Macromedia Flash files with text and over 300 stills and four videos, lasting about 90 min, on nearly a score of different subjects related to my adopted home. The site is superb, although the quality of the video does not do justice to the subject, but the necessary Flash compression to fit it into an internet-compatible format is a necessary compromise. If you are unable to download it, for any reason, and you ask nicely in an e-mail to communications@pio.moi.gov.cy, they will send a copy to you on a CD, free of charge.

What is today's burning issue for our activities? Of course, it is still lead-free soldering and the EU RoHS and WEEE Directives. But it is far less the technical problems, although these still exist, of course; it is how the various clauses within the directives should be interpreted. Now, in my opinion, if a ruling is unclear, the legislators have not done their job correctly. These directives are so unclear that the Director General of the European Commission has seen fit to publish a 14-page FAQ (frequently asked questions) file on the internet, presumably to try and help in their interpretation (Figure 1). In Mr Bumble's words, is this file (more pages than the legislative part of the directives themselves) not an ample demonstration that this law “is a ass – a idiot”? So, let us have a look at it.

Figure 1 Front page of the European Commission's explanation of the RoHS and WEEE Directives

http://europa.eu.int/comm/environment/waste/pdf/faq_weee.pdf

The first thing that strikes one is in the foreword: “These FAQ reflect the views of the commission, and as such are not legally binding; binding interpretation of community legislation is the exclusive competence of the European Court of Justice”. Each page also has the footnote “Not legally binding” for additional information that the legislators can weasel out of their responsibilities by enacting a law that is unclear. Just to make it even more confusing, the foreword also states “This is a living document and so may be revised in the future”.

Let us imagine a hypothetical scenario: the CEO of a company in an EU member state has a problem interpreting the country's transposed enactment of the directives. He, therefore, asks for guidance from the national authorities, who look up these FAQs. The said authorities, after due consideration, quote a paragraph from this document, while stating that it is opinion. Fortified by this advice, the company goes into production of tens of thousands of gizmos. A few months later, some of these gizmos end up in a country where the authorities are more zealous in applying the law and they look up the newly revised version of the same document, which now contradicts the original answer to the question. They decide that the OEM is in infraction of the RoHS Directive and refuse to allow the gizmo to be sold.

It is easy to see that sloppy rulemaking can easily end up in front of the European Court of Justice, especially if the second country has a manufacturer of competitive gizmos that are more expensive. Who will win? Only the lawyers arguing the two sides, with their exorbitant fees, and the judges whose stipends will not exactly be negligible.

Yet we, citizens of the EU, pay these commissioners, MEPs and the whole chain of civil servants behind them a royal salary to produce such equivocal legislation, while having no say in the ruling. Before this directive (there was only one then, it was split into two later) was even submitted, I was in contact with the chairman of the committee writing it, trying to find out something about the environmental risk assessment, which is a mandatory part of the legislative process. I was blithely told that none had been carried out because they had no funding to do so. Because there was no risk assessment, costing a few tens of thousands of euros, not only does industry have to disburse many millions of euros in going lead-free, but it will cause increased carbondioxide emissions and tropical rain forest devastation, to produce less reliable products. It is easy to see why two countries with important electronics industries, France and the Netherlands, rejected the ratification of the new EU Constitution, if this is just one example of the many thousands of rules that appear stupid to the people who are concerned by them. The EU appears as a dictatorship rather than a democratic institution.

Looking through the FAQs, the mind boggles at some of the answers. Under the first question, What are the criteria for determining whether a product falls under the RoHS Directive?, we learn that a teddy bear with battery is exempt, presumably because, when it is switched off, it can still fulfil its basic function (maybe they mean being cuddled silently by a kid). The same teddy bear is also exempt as WEEE. All we have to do then is to clothe an electronic device into the “skin” of a toy animal. Another interesting answer: equipment that is specifically designed to be installed in airplanes, boats and other means of transport is considered to fall outside the scope of the RoHS Directive. So, an MP3 player that is fitted with a clip to attach it to the crossbar of a bicycle is exempt? Or is it?

There is a long paragraph discussing whether ink cartridges fall under the directives. Basically, a cartridge is not considered as WEEE. However, if a printer is discarded with an ink cartridge inside it, the cartridge magically does become WEEE. The RoHS Directive categorically does not apply to ink cartridges (even if it has electrical or electronic functions?).

TV repair shops and the like must have a headache coming. The technicians have to know when an article they are repairing was first put on the market, so that they make sure that a pre-RoHS component not be used to fix something that was first put on the market after 1 July 2006, although it may be used on something that was marketed before 1 July 2006. Now, there is a whole screed relating to what “put on the market” really means. This occurs when a product is transferred from one party to another within the EC. A TV set that leaves a factory in France, for example, on 30 June 2006 can legally contain all the lead, cadmium and other nasties that you wish, but an identical TV set leaving the factory on 1 July 2006 cannot, even though a printed circuit board in it may have been soldered a year previously. In other words, “put on the market” is not the same as “produce” or “manufacture”.

Want to know how to avoid the WEEE Directive? If you accidentally cut your finger and a drop of blood falls on some electrical or electronic device, it becomes exempt; infected products are understood to be products that have come in contact with blood or other biological contaminants prior to end-of-life. Of course, it will probably be more onerous to dispose of it as biological waste, anyway!

One thorny question that has frequently been raised is the permitted maximum concentration of, say, lead in ordinary solder. A draft decision is in the works to set this as 0.1 per cent by weight in homogeneous materials (0.01 per cent of cadmium). Another controversial terminology that has required defining is the use of the term homogeneous material. This is stated as meaning “...a material that can not be mechanically disjointed into different materials”. In this document, this definition is further refined:

• •

  The term “homogeneous” means “of uniform composition throughout”. Examples of “homogeneous materials” are individual types of: plastics, ceramics, glass, metals, alloys, paper, board, resins, coatings.

• •

  The term “mechanically disjointed” means that the materials can, in principle, be separated by mechanical actions such as: unscrewing, cutting, crushing, grinding and abrasive processes.

Note that the separation excludes chemical or thermal separation. If we take a thick film frit that has been fired on to a ceramic substrate, it would be almost impossible to “disjoint” it without grinding off some of the ceramic as well, but it would be up to the court to decide, if the frit contained a forbidden metal oxide. It is still not clear. There are a number of other cases that are equally unclear. By making the definition progressively tighter, the authors of this document are leaving the way open to more exceptions that could be argued in court.

If we take a solder joint or the tinning of a component lead, we often have three or more very distinct phases which become visible in a microsection, the substrate metal, the inter-metallic compounds and the tin or solder. Theoretically, by careful mechanical “disjointing”, it would be possible to separate the three phases. Is the concentration to be determined for each phase?

Now, there is still a matter that has not been addressed seriously in these FAQs or the directives. How do the relevant authorities of the EU member states determine whether an article complies with RoHS or not? Do they buy a piece of electrical or electronic equipment and “disjoint” every single component and analyse the residues? Of course not! I have no idea how much a 200 MW alternator costs, other than a lot of lolly, but there is no way that anyone could check whether any part of it contained more than 0.1 per cent of lead or other “forbidden” material. That is an easy example, but what about an expensive piece of electronics, imported as a single item by an individual from a supplier outside the EU? Quite frankly, I see no practical way other than the supplier providing a certificate of conformity, but a certificate cannot guarantee conformity, no matter how many rubber stamps are applied to it.

At the time of writing, we have just one year before RoHS enters into force. The single thorny issue that still remains for many companies within our industry is how to make their goods comply, with lead-free solder and components. Time is short, but we are still seeing on the forums many questions that the directives and these FAQs address badly or, at least, with little practicality. Are we going to see, in a few years, a rash of business at the European Court of Justice, brought about by large multinationals requiring clarification of arbitrary decisions by member states? I hope not, but it is the SME owner who will be hardest hit, because he will not have the means to obtain any decision other than that of the bureaucrats of the country he lives in. However, the law is there; we have to make the best of it, even if it is “a ass – a idiot”.

http://www.cepelec.com/iso_album/leadfreehmiller.pdf

Just to wind up this subject, this is a 53 page paper that was written by one of the more vociferous antagonists to RoHS, a couple of years or so ago. Although I am aware that the directive is having some very negative holistic environmental effects – and, for that reason, I was opposed to it – I am sufficiently pragmatic that I accept it as a fait accompli. Mr Miller, even today, appears to believe that tilting at the EU windmill will cause the directive to be repealed. I, therefore, do not endorse what he says in this paper, although it does make sense in a number of places. Abstraction made of the political aspects and the non-existent environmental ones, this document is well worth reading, just to keep the subject in perspective.

Brian EllisCyprusbne@bnellis.com

Note1 “If the law supposes that”, said Mr Bumble... “the law is a ass – a idiot”. Charles Dickens, Oliver Twist (1838) ch. 51.