Category: Interesting Reads

RFID passports (finally) coming soon to the US

(via Engadget)
The US State Department appears to finally think it is ready to issue e-Passports to Americans. Privacy advocates, security specialists, techie-weenies, and sensible people everywhere object, but in typical government manner, the State Department doesn’t care. “Nyah, Nyah!” appears to be the message.

Here’s the gist of it:

They’ll have radio frequency identification (RFID) tags and are meant to cut down on human error of immigration officials, speed the processing of visitors and safeguard against counterfeit passports.

Yet critics are concerned that the security benefit of RFID technology, which combines silicon chips with antennas to make data accessible via radio waves, could be vastly outweighed by security threats to the passport holder.

Making RFID tags usable but not abusable is a tough problem (right up there with solving Fermat’s last theorem, honestly). The technology will likely speed border checks and such, but by the very nature of the technology, they will be abusable and likely very insecure.

“Basically, you’ve given everybody a little radio-frequency doodad that silently declares ‘Hey, I’m a foreigner,'” says author and futurist Bruce Sterling, who lectures on the future of RFID technology. “If nobody bothers to listen, great. If people figure out they can listen to passport IDs, there will be a lot of strange and inventive ways to exploit that for criminal purposes.”

. . .

“The basic problem with RFID is surreptitious access to ID,” said Bruce Schneier security technologist, author and chief technology officer of Counterpane Internet Security, a technology security consultancy. “The odds are zero that RFID passport technology won’t be hackable.”

. . .

In May, researchers at the University of Tel Aviv created a skimmer from electronics hobbyist kits costing less than $110. The equipment was small enough to fit into a briefcase or be disguised in any manner of luggage or clothes that could hide the 15-inch copper tube antenna.

The antenna boosts the read-range from a few inches to a few feet. To extend the range of surreptitious access much further, a second piece of equipment is needed to fake the RFID reader into sending a “read” signal, which is then relayed via radio waves to the skimmer’s reader near the targeted RFID chip.

. . .

U.S. passports are issued for ten years, which means the RFID chip technology of those passports, along with their vulnerabilities, will be floating around for a decade. Technology would have to “stop cold” Schneier of Counterpane says for improvements in skimming and hacking equipment not to occur.

Schneier has talked about this before in his Crypto-Gram newsletter.

In 2004, when the U.S. State Department first started talking about embedding RFID chips in passports, the outcry from privacy advocates was huge. When the State Department issued its draft regulation in February, it got 2,335 comments, 98.5% negative. In response, the final State Department regulations, issued last month, contain two features that attempt to address security and privacy concerns. But one serious problem remains.

It’s still a hard problem to solve, and none of the security experts I trust have bought in to the project yet. Until I see someone like Schneier say “This is well done, with measures which should prevent unauthorized access.” I’m not liking it. Oh, and a little hint – it’s not likely any such expert will say any such thing any time soon.

[tags]RFID passports, e-passports, Identity theft[/tags]

UK to outlaw standby power mode?

(via PVR-wire)

“But I live in the US – I don’t care about that!” you might protest. And the truth is, for both of my regular readers, it probably doesn’t matter much (and I exaggerate – I doubt I have 2 regular readers). But this is a preview of a law I honestly expect to see come state-side eventually. Why? Well, check out the reason for a no-more-standby-mode law.

THE Government is to outlaw standby switches on televisions and video and DVD players to cut the amount of electricity wasted in the home.

Refrigerators, washing machines and dishwashers will have to become energy-efficient, and lightbulbs that burn too much energy will be phased out.

According to yesterday’s Energy Review, standby facilities use 8 per cent of all domestic electricity.

See that? Standby mode makes for 8% of domestic UK usage. Eliminating standby mode means after you turn off your TV, you’ll have to actually get your rear off the couch and push the power button on the box to turn it back on. This is because the remote-control power-on feature relies on the TV being in standby mode instead of being powered-off.

Of course, what more likely will happen is people will leave more equipment on when possible, thus increasing overall power consumption. But I’m just cynical enough to think people will take the lazy way out instead of the economical way out. Almost no one will notice the extra buck or two leaving on the computer or TV on will cost over a month, but they’ll remember having to drag that lazy ass off the couch to take three steps and turn on the TV with the button on the device.

[tags]UK power consumption, Electronic equipment standby mode[/tags]

Australia continues to host freaky-scary creatures

(via Dubious Quality)

Last week in his Friday Links section, Bill posted about fanged kangaroos and the ‘demon duck of doom’ found in Australia. Given the absurdly deadly creatures already known to inhabit the country on land and in the sea, I suppose we shouldn’t be surprised to know there were even more deadly inhabitants in the past (psssst – this is the main link – the whole purpose of this post – if you skip the others, follow this one).

SYDNEY, Australia – Forget cute, cuddly marsupials. Paleontologists

say they have found the fossilized remains of a fanged killer kangaroo and what they describe as a “demon duck of doom.”

A University of New South Wales team said the fearsome fossils were among 20 previously unknown species uncovered at a site in Australia’s northwest Queensland state.

. . .

Vertebrate paleontologist Sue Hand said modern kangaroos look almost nothing like their ferocious forebears, which lived between 10 million and 20 million years ago.

The species found at the dig had “well muscled-in teeth, not for grazing. These things had slicing crests that could have crunched through bone and sliced off flesh,” Hand said.

Crunched? Damned kangaroos. I don’t think I want my bones crunched through, nor my flesh sliced off, thank you very much. Fortunately, these things appear to be gone now. Still, freaky-scary, I tell you. Oh, and freaky-scary is a technical term, I think. Although I haven’t verified that.

[tags]Australia, Freak-Scary critters[/tags]

University-funded music subscription services failing

(via Freedom to Tinker)
The Wall Street Journal online provides some excellent details on how music services for students funded by colleges are failing. More importantly, there’s a lot of information on why these services are failing with the college crowd.

As a student at Cornell University, Angelo Petrigh had access to free online music via a legal music-downloading service his school provided. Yet the 21-year-old still turned to illegal file-sharing programs.

The reason: While Cornell’s online music program, through Napster, gave him and other students free, legal downloads, the email introducing the service explained that students could keep their songs only until they graduated. “After I read that, I decided I didn’t want to even try it,” says Mr. Petrigh, who will be a senior in the fall at the Ithaca, N.Y., school

I doubt most techies are surprised by this insite. We want movable bits. Free downloads to the hard drive are nice, but if we can’t move those bits to our portable MP3 players, burn them onto CDs to listen to in the car, or move them onto other computers we use, then we’re not so interested in those particular bits. Instead, we’ll find other places to get the bits in a format that lets us do what we want.

To stop students from pirating music, more than 120 colleges and universities have tried providing free or subsidized access to the legal subscription services over campus networks in the past few years. About 7% of all four-year schools and 31% of private research universities provided one of the legal downloading services, according to a 2005 survey of 500 schools by the Campus Computing Project, a nonprofit that studies how colleges use information technology

. . .

Purdue University officials say that lower-than-expected demand among its students stems in part from all the frustrating restrictions that accompany legal downloading. Students at the West Lafayette, Ind., school can play songs free on their laptops but have to pay to burn songs onto CDs or load them onto a digital music device.

There’s also the problem of compatibility: The services won’t run on Apple Computer Inc. computers, which are owned by 19% of college students, according to a 2006 survey of 1,200 students by the research group Student Monitor. In addition, the files won’t play on Apple iPods, which are owned by 42% of college students, according to the survey.

Hmmmmmm. Non-portable bits, disregard for 1/5 of the student body, and extra charges to get the format students want? Well color me surprised! I can barely fathom why the services aren’t doing well.

There is also little consensus among administrators about how successful the services have been in eliminating piracy. Although some say complaints from the recording industry have dropped sharply, no one can tell if that’s because fewer students are engaging in illegal file-sharing or if the industry simply doesn’t want to go after schools that are spending money to combat the problem. “The RIAA’s push to buy into these services strikes me as protection money. Buy in and we’ll protect you from our lawsuits,” says Kenneth C. Green, the Campus Computing Project’s director.

I buy this thought. I think most of the recording industry’s attacks on its own customers has been nothing more than a strong-arm tactic to get people to buy protection from the recording industry. Seems the mob might get a bit upset at the recording industry moving into their turf.

Here’s the kicker. What are students using for their music if not the freely available services? Oddly enough, it’s not the illegal services – Itunes seems to be the big daddy service, just like everywhere else. Imagine that – people will pay, if you make an effort not to screw them for staying legal.

Some schools that don’t offer free downloads dismiss the subscription services as too costly for the results they achieve, especially because so many students now buy music from Apple’s iTunes Music Store. “We were not in a position to offer an alternative to iTunes,” says Lev Gonick, the chief information officer at Case Western Reserve University in Cleveland. “The alternatives looked like they had more sizzle than steak.”

More sizzle than steak. I like that comment. And it seems about right.

[tags]MP3, Music downloads, Recording Industry[/tags]

Phishers getting more clever

(via Schneier’s security blog)

In an effort to fool more people, phishers have taken to using man-in-the-middle attacks.  In the past, if you thought a site was a scam or an email was a phishing attempt, you could enter bogus login information, see a success message, and know that the setup was a fake.  Now Washington Post has an article about phishers putting up a fake site and passing login credentials on to the real host site (in this case a bank, but also sometimes ebay, paypal, Amazon, and more) and using the response to determine what you see in response.  So if you enter bogus information, you will get a “Bad login” response from the fake host.  If you enter real information, you’ll end up forwarded to the real login success screen on the real host and the phisher will have a confirmed account.

The site asks for your user name and password, as well as the token-generated key. If you visit the site and enter bogus information to test whether the site is legit — a tactic used by some security-savvy people — you might be fooled. That’s because this site acts as the “man in the middle” — it submits data provided by the user to the actual Citibusiness login site. If that data generates an error, so does the phishing site, thus making it look more real.

By the way – Mr. Schneier predicted this last year (and really, it was a pretty obvious next step for phishers to take – I predicted it, too, but I’m not smart enough for anyone to listen to me).

[tags]Phishing, Online security, Computer fraud[/tags]

More net neutrality discussion

Ed Felton is one of the good guys.  And he’s a bright cookie, too (perhaps I’m mixing metaphors).  So when he speaks about net neutrality, I read it with the expectation that what he says is better than what I would come up with on my own.  With that in mind, I looked at his latest net neutrality article and saw his the commentary by others on this topic.
First, Felton highlights the end paragraph from his net neutrality paper (the first link above).:

There is a good policy argument in favor of doing nothing and letting the situation develop further. The present situation, with the network neutrality issue on the table in Washington but no rules yet adopted, is in many ways ideal. ISPs, knowing that discriminating now would make regulation seem more necessary, are on their best behavior; and with no rules yet adopted we don’t have to face the difficult issues of line-drawing and enforcement. Enacting strong regulation now would risk side-effects, and passing toothless regulation now would remove the threat of regulation. If it is possible to maintain the threat of regulation while leaving the issue unresolved, time will teach us more about what regulation, if any, is needed.

With this starting basis, he then writes on a response by Bill Hermann, from the Public Knowledge blog.  Essentially, Hermann writes that Felton’s wait and see recommendation is not smart.  If we wait too long, he argues, the topic will no longer be highly visible, and getting policy-makers to see things our way will be harder and more likely to fail.  This sounds well-reasoned to me.  I can certainly see the point, and after reading Hermann’s article, I’m starting to think maybe he is thinking better about this than Felton.  Then, however, Felton puts up part of the rebuttal to this from Tim Lee over at The Technology Liberation Front.

Lee’s response is extremely well-written, I believe.  And after reading it, I start to feel swayed back to Felton’s way.  Of course, since I’m not as good about thinking these things through carefully, I find myself writing about others far more often than writing my own commentary.  Lee points out how many times laws and regulations have been put in place to stop big business from taking industries over only to have those laws bent, twisted, and modified over years and years.  In the end, these bastardized laws then become the things which support big business controlling what was once off-limits and erecting barriers to entry to stifle competition.

So let’s say Herman is right and the good guys have limited resources with which to wage this fight. What happens once network neutrality is the law of the land, Public Knowledge has moved onto its next legislative issue, and the only guys in the room at FCC hearings on network neutrality implementation are telco lawyers and lobbyists? The FCC will interpret the statute in a way that’s friendly to the telecom industry, for precisely the reasons Herman identifies. Over time, “network neutrality” will be redefined and reinterpreted to mean something the telcos can live with.

But it’s worse than that, because the telcos aren’t likely to stop at rendering the law toothless. They’re likely to continue lobbying for additional changes to the rules—by the FCC or Congress—that helps them exclude new competitors and cement their monopoly power? Don’t believe me? Look at the history of cable franchising. Look at the way the CAB helped cartelize the airline industry, and the ICC cartelized surface transportation. Look at FCC regulation of telephone service and the broadcast spectrum. All of those regulatory regimes were initially designed to control oligopolistic industries too, and each of them ended up becoming part of the problem.

. . .

Finally, it’s important to note that the iron triangle goes both ways: once you pass network neutrality regulations, repealing them will be very difficult. This follows from the same iron triangle analysis he used above—if the telcos figure out how to use the rules to their advantage, they’ll lobby just as hard against repealing them. (just look at the legal fight to liberalize cable franchises) Which means that no matter how competitive the broadband market gets (and there could easily be dozens of wireless broadband providers a decade from now) the regulations will likely stay on the books.

All in all, a very compelling argument for waiting to see what happens.  As noted above, if laws are pushed through to protect ‘net neutrality, we are probably just as likely to find ourselves wanting, but unable, to repeal or change them in the future as we are to be satisfied with them and be happy we have them.  So protect your ‘net rights – don’t do anything about them until you have to.

[tags]Net Neutrality, Internet regulation[/tags]

Automated Master Lock crackers

I don’t link to Hack-a-Day very often, which is shameful on my part, as it’s an excellent site.  The latest article that caught my eye is one on Master Lock automated “cracking” machines.  And if you aren’t interested in the robotic crackers, there’s a link to a guide on opening these locks yourself in about 10 minutes.
[tags]Locks, Master Locks, Lock cracking[/tags]

Auto fuel from cow manure

My, what those Germans won’t do to stay ahead of the energy crisis!  In this case, it’s looking to cow manure as a source of energy.  Of course, in this instance, this Modern Mechanix posting shows us the Germans were doing this in 1949.  But maybe the whole technology will make a big come back with these soaring fuel prices we’ve seen of late?

THERE’S an old European proverb which says you can measure the extent of a farmer’s prosperity by the height of his manure pile. That saying is closer to the truth today in Germany than it has ever been before.

A German inventor named Harnisch has developed a simple device which converts manure into fuel. And this fuel is used to drive autos and tractors as well as provide household power.

The idea of using manure as fuel is not a new one. Cow manure has been used for this purpose for thousands of years in India and “Africa. As recently as 1912, many cities were operating gas lanterns on sewage gas.

Skeptical of the value of this technology?  You shouldn’t be.  Check out the supply ratio:

Methane from two cows is enough to heat the average farm house. With 20 head of cattle the farmer can operate a tractor for 120 days!

[tags]Modern Mechanix, energy crisis, alternate energy sources[/tags]

Dollar based shirts

(via MAKE ezine blog)

Money origami is what this is. The directions are a little funky-reading at the important step of adding sleeves to the creation, but the end result is a pretty slick looking folded bill that looks like a shirt. I’ve tried this, and am pleased with the results. I want to add a clarifying point to the original creator’s guide:

Gently unfold the previous two folds, keeping the creases. On the lateral fold furthest from the collar, refold it strait across as shown. (On the flatbed scanner, this made a bit of a mess of it, but it is fairly easy in 3D.)

At this step in the guide, the picture shows a bill with the entire top edge unfolded.  I couldn’t make a sharp fold in the bill and keep the whole thing flat.  After fiddling around a bit and reading the next step, I realized that at this point, the bill didn’t need to be pressed flat while doing the step.  So fold the entire top end of the bill so it is squared off as shown in the creator’s pictures without keeping the paper flat until after the following step.

And that is not clear, either.  Just work through with the pictures and the guide and keep in mind that at the step I’ve highlight, getting the bill squared off is necessary and means the paper won’t be flat until you finish the step that follows it.

[tags]Money origami, origami[/tags]

On the importance of backups

This story at Security Awareness for Ma, Pa and the Corporate Clueless offers insight into the value or good backups and the importance of testing everything that affects the backup routine.

A Toronto advertising firm had a really good systems administrator who was religious about backup. For years, they had been in good shape. He even tested the restore/recovery process from time to time as part of their disaster planning. Smart.
As part of their growth, the ad firm moved into new larger facilities a few blocks away. The architects coordinated with the techs to make sure wires were put in the right place, phones, VoIP, 1Gig backbone… all the stuff modern companies have when they do things right.

Then, the company moved. All the typical stuff that happens during a move happened. Testing was done on everything that was moved. All was good.

Continue reading “On the importance of backups”

Tunnel digging as a hobby

med_hobby_digging.jpgModern Mechanix so often puts up cool stories. I need to think more about this tunnel digging idea from the August 1932 issue of Modern Mechanix magazine. I could go for a few extra levels in my house.

ONE of the oddest hobbies in the world is that of Dr. H. G. Dyar, international authority on moths and butterflies of the Smithsonian Institution, who has found health and recreation in digging an amazing series of tunnels beneath his Washington home.

Almost a quarter of a mile of tunnels has been completed, lined with concrete. The deepest passage, illustrated in the accompanying diagram, extends 32 feet down.
Every bit of earth was removed unaided by Dr. Dyar, being carried out in pails. He found the tunnel-digging an appealing form of exercise to relieve the intense strain of his work day, which involved much close work with high-power microscopes.

The catacombs are constructed in three levels, with steps and iron pipe ladders leading between different tiers. The idea first came to Dr. Dyar when he sought to make an underground entrance to his furnace cellar.

I suspect I might have trouble convincing the wife that digging under the house is such a good idea, though.

[tags]Tunnel Digging, Modern Mechanix[/tags]

First US digital computer

More modern marvels from Modern Mechanix.  This time, it’s a nice little write-up on the first digital computer in the U.S.  Originally published in Popular Science in 1944, the write-up now is probably only of interest to really geeky people (like me).  Some interesting facts about the IBM ASCC (Automatic Sequence Controlled Calculator) from the site:

  • It cost $250,000 in 1944 dollars.
  • It could calculate using numbers with up to 23 signifigant digits. These were set with an array of 1,440 dials (check out the picture below)
  • It took 3/10 second for add/subtract, 5.8 for multiplication and 14.7 seconds for division.
  • It weighed 35 tons and was powered by a 2 horse-power motor. (With mhz, ghz, mb, gb, tb, dpi, ms, bps, etc don’t you think it’s time hp got back into the computer lexicon?)
  • It contained 500 miles of wire

And some of the article in question:

SOME boy may soon work his way through Harvard University by watching a 51-foot switchboard all night in an air-conditioned basement. Behind its polished panels, electricity will be solving the longest and most difficult mathematical problems ever conceived. It will be doing everything that is known to be mathematically possible with such numbers as 12,743,287,341,045,502,372,098.

Even Commander Howard H. Aiken, U.S.N.R., the professor in charge of this 35-ton calculating machine, says he does not know what you would call a number that long. It is billions of billions.

But the young man running this figure factory will not need to be a mathematician. If anything goes wrong, a red light will flash, he will make a few simple adjustments, and the mountain of machinery will go swiftly on with computations that professors have not lived long enough to complete.

We need to get that flashing red light thing back on computers for when things go wrong, though.  The only flashing red light on my system at home goes on whenever the hard drive lights up.  And the only warning light I get is that bright blue screen that comes up for those special Windows crashes.

[tags]Supercomputers, IBM, ASCC, Modern Mechanix[/tags]