An idiosyncratic look at, and comment on, the week's net and technology news
by Alan Lenton
Ok guys - I've got some demi-bad news. Because of work commitments, Winding Down is going fortnightly for the next two months. At work we are due to ship products in about six weeks, so I'm going to be working late and some weekends over that time, which will seriously cut down on the time I have available to scan the techosphere and pluck out items for your edification.
That means that there will be no Winding Down next weekend, but there will be one the week after.
And, of course, it means that this week, there is a Winding Down!
There's a fascinating experiment about to begin in the European Union (EU). Sometime before 18 March this year, everyone in the EU who uses Internet Explorer (IE) as their default browser on Windows XP, Windows Vista, or Windows 7, will be presented with a screen with the five major browsers - IE, Opera, Firefox, Chrome, and Safari - and their logos, and asked to make a choice for a new default. The logos will appear in a random order on the screen.
This is part of the outcome of EU investigations into Microsoft's use of its desktop operating system near monopoly to leverage the use of Internet Explorer. After 18 March the same set of options will be offered to all purchasers of new machines with Windows installed.
What the result will be in terms of browser percentages of the market is a complete unknown, except that most people will probably choose the browser they are familiar with - Internet Explorer. Although that's by no means a given, since a poll taken last year indicated that a substantial majority of people in the EU don't know what a browser is. My guess is that in that case they may well just click on the first item on the list, which is the equivalent of a random selection!
Still, a hundred million people can't be wrong... Or can they?
More or less since credit cards came into existence, the issuers have been trying to find ways to offload the consequences of fraud onto the card owner. In the UK, the most recent twist in the saga has been the introduction of what is known as 'chip and pin'. This means that every time you use the card you have to enter a pin number. Since the issuers have always claimed that the system is secure, then if your card is used fraudulently, you -must- have failed to keep the number safe, therefore the loss is yours, not the issuers or the merchants. Q.E.D.
Unfortunately... researchers at the UK's Cambridge University, led by Ross Anderson (whose book on 'Security Engineering' is well worth a read - much of the non-cryptography stuff is very accessible to the layperson, see the URLs for an Amazon.com link) has now demonstrated how to get the machines to accept any pin number via what's called a 'man in the middle' attack.
They managed to make valid, authenticated, transactions without knowing the pin number (once it's cracked, any number will be accepted) on cards from all the UK's major issuers. The UK Payments Administration, which represents the payments-card companies, is, of course, in denial, basically claiming the attack is too difficult for ordinary people. However, the assessment of the researchers is somewhat different - they claim that the programming and engineering skills required to break the security are minimal.
For those of you with a technical bent, here are the details. The attack is extremely simple. The normal routine when you buy something with your card is as follows: the customer inserts the card and enters their number. The device sends the pin on to the card's chip which compares it to the number stored on the chip and sends back a code verifying the correctness of the number, and the transaction proceeds.
To crack this the researchers used a laptop connected to by very thin wires to the chip. The laptop using a Python script, intercepts the verification request to the chip and sends back an OK code which the device thinks came from the chip.
Of course, at first sight that's very clumsy, but as the researchers pointed out, the attackers could carry similar kit in a backpack, with the wires trailing down a sleeve, for use with a stolen valid card. And, of course the whole point of the system is that the retail staff are trained not to look so they can't be accused of stealing your pin! More to the point, I don't doubt that anyone with a little expertise could make a very small device, indeed, if this was all it had to do.
The so-called climategate scandal about the antics of UK East Anglian so-called climate experts refusing to provide the data on which their research is based (and even destroying some of it) has raised a few other concerns in this field, one of which I have been going on about for some time.
The issue in question is the computer models used. It's not just a question of the legendary phrase, 'Garbage in, garbage out' (GIGO for short), which is the computer programmer's way of saying if you feed rubbish data into a computer, then what it tells you will be rubbish. No, what worries me is a more fundamental point. Without being able to inspect the program, how to you know that it isn't riddled with bugs, and even more seriously how do you know the model on which it is based is correct?
Let's look at each of those in turn. Bugs in the program do not necessarily crash it, but they can, instead, change its output in subtle ways. This is especially the case with systems like weather and climate where an error in rounding off the umpteenth decimal place can make the difference between snow and a heat wave. (Butterfly wings and all that chaos stuff!) Unless you can get someone who knows what they are doing to look at the program code, there is no way of knowing how accurately the program represents the model.
But there is an even deeper problem than mere program bugs. How do we know the models being used to predict climate change are correct? There is no commonly accepted way of proving a computer model correct, except by using it to make predictions and then verifying that those predictions are correct. Unfortunately, climate models are predicting results tens, or hundreds of years into the future, so it's going to take a while to check the result, by which time it will probably be too late to fix any of the errors.
And, if you really want another layer of stuff to worry about, take a look at Orrin H Pilkey's book 'Useless Arithmetic' where he argues that it is impossible to predict physical phenomena like earthquakes and volcanoes with computer models, because while you can model what's physically happening in some, if not most of the triggering events, you can't predict the order in which they will happen - something which massively affects the results.
When I was a child, scientists were worried about a new 'ice age', rather than global warming. I'm not convinced that they weren't right. Paleoclimatologists (those who study climate over the entire history of the Earth) tend to be a little less forthcoming over the question of global warming than most. This might be because they consider that we are in the middle of an ice age! Yes really, the well known past ice-ages were not solid periods of ice covering half the planet, they fluctuated between massive glaciation and short (in terms of the history of the planet) periods of warmth, one of which we are in at the moment! For the record we are in the middle of what is known as the Pleistocene Ice Age.
Of course, it might be the case that the global warming reported by the popular climate models is all that's keeping the return of the glaciers at bay...
On a less serious topic, I originally thought this was a joke, but we are nowhere near April Fools Day yet. It seems that terrorists, living in South Carolina, and who want to overthrow the United States government, are required to pay a five dollar fee and register with South Carolina's Secretary of State!
I'm still not convinced it's not a joke, but I did look it up on the State web site, and it was there...
Did you like the look of the newly presented Apple iPad the other week? Well... there are a number of unanswered questions, all of which Apple representatives are keeping silent on in the face of increasingly insistent questioning. Take a look at this list put together by InfoWorld:
1. Can you save and transfer documents to the iPad?
2. Does the iPad support Microsoft Exchange email?
3. Does the iPad support VPN and configuration management?
4. Can you use media services other than iTunes on the iPad?
5. Can the iPad be used for videoconferencing?
6. Will the iPad's internal storage be upgradable?
7. Will the iPad allow multiple applications to run simultaneously?
8. Will Apple allow the use of Flash on the iPad?
Frankly, I don't care about 2, 3, and 5, and I strongly suspect the answer is no, since Apple have never evinced any interest in enterprise computing in the past. Numbers 1, 4, and 6, I would want positive answers to before even considering buying it.
When I was looking round for alternatives to the Kindle a few months ago, I did find one device that looked very interesting - the Lenovo IdeaPad u1 Hybrid. At first sight it looks like a regular laptop, but the screen completely detaches to become a touchscreen smart book like device. I haven't see one of these in the shop yet, but I did find an enthusiastic early review on Engadeget. Still, it's important to try out these new fangled toys before laying out hard earned cash.
The jury is still out on both these devices for me, but I'm watching closely.
Forget the Pentagon's missile zapping lasers, I want one of Intellectual Ventures mosquito zapping lasers. The device was demonstrated at the annual TED conference in Long Beach California, where a slowed down version zapped a fish tank full of the critters. The real thing is capable of zapping some 50-100 mosquitos a second. Since the devices are likely to cost around $50 each, they are not a solution for mass use in Africa, but they could be used to set up some sort of defensive perimeter around surgeries and the like.
Regardless, I want one!
Only 13 years old? Buy Now, Pay Later (Maybe with your allowance)
Re-engineering the human immune system
Is Google planning to fibre Britain?
Microsoft's new 'phone home' anti-piracy practice unacceptable, says critic
Supergeek pulls off 'near impossible' crypto chip hack
Thanks to readers Barb, Fi, and to Slashdot's daily newsletter for drawing my attention to material used in this issue.
Please send suggestions for stories to email@example.com and include the words Winding Down in the subject line, unless you want your deathless prose gobbled up by my voracious Spamato spam filter...
14 February, 2010
Alan Lenton is an on-line games designer, programmer and sociologist, the order of which depends on what he is currently working on! His web site is at http://www.ibgames.net/alan.
Past issues of Winding Down can be found at http://www.ibgames.net/alan/winding/index.html.