Thursday, September 27, 2007

Scary video of cyber attack on generator

The Huffington Post is a twitter over a video purporting to show a hacker hit on the power grid.

There is no question that a well informed attacker with detailed knowledge of the systems being attacked could cause this type of destruction. Attacks that posed a serious risk of injury or even death were certainly attempted during the vandal hacker era.

The harder questions to answer is whether the attack could be mounted without using inside information and whether a successful attack was likely to further the goals of a politically motivated attacker.

The ability to gather some sensitive data from target organizations is not the same as the ability to gather the specific information required to make a successful attack. The ability to cause an incident at one power plant is not the same as the ability to mount a successful campaign. The ability to mount a successful campaign is not the same as the ability to make people care.

People cared about the fact that Bin Laden was able to murder 3,000 people on US soil in the 9/11 attacks. The fact that he also closed the US stock markets for almost a week did not register any complaints. The US power grid has from time to time failed on an extended basis, the NorthEast blackout of 2003 left 50 million US citizens without power. Inconvenient yes, but not in a way that is likely to further a minority political agenda.

Cyber-terrorism might be effective in limited situations where the political goal being campaigned for has widespread public support. One can imagine that a power outage in Burma next week might cause a real loss of face for the government as it would be interpreted as incontrovertible evidence that the dictatorship is losing control. But a similar outage in the US is not likely to have the same effect.

Department of not very good ideas

Well that did not take long, Verizon has reversed its ban on pro-abortion text messaging.

One can imagine the process that led to the decision. Senior executive picks up New York Times, Senior Executive calls CEO, CEO gives order, New York Times receives correction.

For any company to insert itself into such political situations is lose-lose proposition. The opposing side is only going to cheer a partisan ban that allows them to send messages while blocking the opposing side.

The critics were right, the Verizon ban is a precursor of what a net without net neutrality would look like: occasional partisan decisions by corporations are rapidly reversed as the businesses attempt to eliminate themselves from the decision process.

Wednesday, September 26, 2007

Project Names and Borges Numbers

Tom Van Vleck tells an interesting story about how the choice of project names can reveal unintended information. (H/T Making Light)

There is a similar attack that sometimes occurs in Web sites. Someone will notice that their order confirmation page URL is something like example.com/orders/10023993 and wonders what happens if they try to access example.com/orders/10023994.

Solving the problem for order numbers is easy - a simple MAC code will suffice. It is easy to create a sparsely populated set of machine readable identifiers. Solving the problem for human memorable phrases is much harder.

Perhaps one way to go would be to take article titles from wikipedia (there are a couple of million).

Sunday, September 23, 2007

Moore on Memogate

James Moore confirms the critique I have made in the past of the blogstorm that surrounded the Rather story alleging that George W. Bush had gone AWOL during his National Guard service.

According to the bloggers the damming evidence was forensic, the memos have various features that did not exist on typewriters of the day. Only as it happens, yes they did and at least one of the memos produced by the Whitehouse and accepted as genuine does indeed have a superscript.

The real flaw in the story was the source of the memos. Bill Burkett had been peddling his claim that he had seen files relating to Bush's service deliberately destroyed for several years. When someone in that situation suddenly appears with a smoking gun just before an election, the correct response is extreme skepticism. Even if his original claim were true the temptation to 'replace' the documents he believed destroyed would be overwhelming.

Regardless there is a significant chance that we will now discover the truth of the matter. The US army keeps complete microfiche copies of all its records, if the Rather suit reaches the discovery stage the Rather team are certain to attempt to obtain them.

Saturday, September 22, 2007

The Clinton Cabinet

The 2008 Presidential race has one very odd feature. The Democratic primary is not so much a contest for who is going to form the administration as who is going to take which role within it.

Krugman notes that the Edwards and Clinton health care plans are practically identical. Barring a major change in the race it looks like a Hilary-Obama ticket. Which leaves Edwards out of a job unless he is offered and takes, say, the portfolio at Health or perhaps even Justice. Similarly Richardson seems to be somewhat tiring of his role as governor of New Mexico. He is a former UN ambassador and Energy Secretary, he would seem a natural choice as Secretary of State.

Unless Hilary stumbles badly her competitors for the nomination have to weigh the risks and benefits of going negative very carefully. Its not just the risk of a backlash from the base they have to worry about, they also risk the chance of plum jobs in the administration. Obama in particular must know that anyone elected as veep in 2008 is going to have poll position in the 2016 race.

All of which leads to a very different dynamic from the deathmatch that the GOP field are engaged in. Whatever happens it is a fairly safe bet that none of the front runners plan to pull any punches going into the final round.

Monday, September 17, 2007

Federal Prosecutor Arrested In Child Sex Sting

I find this story bizare. How could a Federal Prosecutor not know that he was probably walking into a sting operation?

Man dies after 3-day gaming binge

CNN.com

Sunday, September 16, 2007

The Cyber-run

The Northern Rock is facing a bank run. Withdrawals have already topped GBP 2 Billion.

The photograph shows people standing in line to withdraw their money. But in the age of electronic banking why not log in and send a wire? What when we reach the point where a bank run can be triggered by some blog post and takes place in hours rather than days?

Friday, September 14, 2007

Interesting political use of the Web

The The Goodspeed Ninth Street Vacant Property Survey shows an interesting use of the Web for community politics.

One of the oddest features of the US is large amounts of valuable property standing vacant in big cities. Speculators buy property cheap in run down areas and wait for someone else to rehabilitate the neighborhood causing the value of their property to soar. The problem is that speculators of this type tend not to have the resources to renovate the buildings themselves and in the meantime the empty buildings owned by speculators drag the neighborhood down.

Mapping out the empty buildings and publishing the results helps begin the process of renewal. One way to renovate the neighborhood would be for the council to buy up the empty properties using its eminent domain powers. Which is of course why property speculators of this type tend to be people wired into the local politics.

Throwing public light onto problems of this type makes it much more expensive to maintain the corrupt little circles of mutual interests that allow the situation to continue. In theory vacant properties are subject to a penalty tax, but this can be waived if the Mayor choses. Raising the issue makes waivers much more politically costly.

Of course the irony of the situation is that the speculators themselves are the ones who have the biggest interest in seeing the situation resolved. Their problem is synchronization. Prices will rise if there is an expectation that the neighborhood will be regenerated.

All in all a demonstration that there is much more to economics than free market theory.

Tuesday, September 11, 2007

The Move-On Advert

Given the unceasing attacks from the right-wing noise machine on the patriotism of anyone who might criticize the right in general or the George W. Bush administration in particular the move-on 'General Betray-Us' ad was hardly outside the boundaries set by the likes of Coulter and O'Riely.

The fiasco in Iraq is unremitting and I don't see anything particularly wrong in resorting to name calling if it has the intended political effect. The real question then is what Move-On's goal was and whether it was effective.

As Kevin Drum points out the Republicans in the Congressional hearing made the mistake of repeatedly referring to the move-on advert throughout the hearing, reminding viewers that Petraus had been called a liar and accused of peddling fudged statistics. There is an old rule in politics that you never repeat the accusation, even if you are denying it you are still repeating it.

The effect of the advertisement was to frame the argument in terms of a partisan divide. This is exactly what Move-On were seeking to do. Their objective being to stop the war, the interests of the Democratic party being secondary to that goal.

The real test is not what the immediate reaction to the advert is but how it is regarded in six months time. As Atrios notes, the war party has no real strategy except to keep kicking the can down the road six months at a time. By that time the only thing that is likely to be remembered of this round of hearings is the phrase 'General Betray-Us'. The Presidential election will be in full swing and the GOP nominee is going to have to either come out against the war or work hard to shift public opinion in its favor.

There is however another possibe motive here. Over the past few weeks there have been reports of a 'Patraeus 2012' campaign being floated. This would certainly make a lot of sense given the poor quality of their 2008 field. Of the 2008 GOP primary candidates only Romney is a likely 2012 contender and then only if he does not win the 2008 nomination and lose the general. McCain is already too old and this is Giuliani's only shot.

A draft Patraeus movement would make sense. But only if Patraeus is seen as an Eisenhower type figure standing above the partisan fray. He ceases to be electable if he becomes seen as a Colin Powell figure, a once honourable soldier who compromised his integrity by acting as a mouthpiece for a laundry list of fibs from the Bush Administration. If blocking this option was the goal of the Move-On ad they were successful.

Update: Should have thought of it earlier. The Republicans were not making a mistake, they were giving themselves an alibi. MoveOn have given them the perfect framing for their excuse if they decide to take it later on.

Update2: Yes, of course the talk of Patraeus 2012 would have been mooted as a way to raise his stature ahead of the hearings. But that does not mean it could not happen.

The answer is 42.

This site is certified 42% EVIL by the Gematriculator (via Michael Froomkin)

Monday, September 10, 2007

Quechup

Complaints have been circulating about the slimy spamming tactics of date service Quechup.

As often happens there is much debate of the question 'is this spam'. In particular focussing on the particular tactic of asking visitors to share their address book 'so they can see who else is signed up' and sing the list to spam everyone in the address book.

Quechup has since added a notice to tell people that this is what is going to happen. Does this stop the messages being spam?

The Quechup messages are indiscriminate and almost certain to be unwanted by the recipient. According to my definition that makes them spam.

Framing the definition of spam in terms of permission leads to the same conclusion but only after it is pointed out that Alice cannot give Mallet permission to spam Bob. I don't like using permission as the basis for a definition precisely because it allows this type of slippery tactic.

More importantly we have to act quickly to establish a better framework for online identity and sharing contact information in an intelligent fashion. If every Web 2.0 startup tries to create its own social network we are going to quickly become swamped with the signup requests.

Sunday, September 09, 2007

Short-termism in stock markets

Tim Berry makes a good point about the myopic reaction of the stock market to news of the iPhone price cut. That stock markets have a myopic short term view is hardly news, but if you are in the stock for the long haul you are not going to react to a short term price blip anyway.

From a strategy point of view it makes perfect sense for Apple to drop the price of its phone. But considering the $200 price drop to come entirely from Apple's pocket is ridiculous. AT&T now know that their two year exclusive deal with Apple has demonstrated potential to cause customers to switch networks. Those additional customers do not require a substantial increase in infrastructure investment, the additional revenues go straight to their bottom line. AT&T are certainly helping Apple drop the price.

Apple's costs per unit are unknown but certainly much less than their cost of manufacture. If sales of the iPhone had slowed to a trickle after the initial rush it would be because it is a niche product and the best strategy would be a high price. Apple's move looks to be tactical, dropping the price ahead of the Christmas and not merely a long term strategic move out of marketing to a high end niche.

Stock markets are notorious for their short termism. But how to fix it? The usual approach is to assign disproportionate voting rights to one class of share. This creates more problems than it solves, the management installed by the holders of the priority shares only needs to respond to their interests, not the actual owners of the company.

So how about this, the voting rights of shares depend on the length of time the shares are held. Every share gets at least one vote but a share that has been held for a year gets an additional vote, shares held for three years two additional votes and shares held for five years three additional votes. Long term shareholders have a greater say in the running of the business but no class of share is permanently disenfranchised.

Friday, September 07, 2007

How to do RSA according to uncyclopedia

Ingredients

You will need:


  • a prime number of millilitres of Exponential Potion
  • another prime number of millilitres of water
  • a totient, readily available from your local Euler's® store
  • a Sprig Of Modulo, which can't be too similar to the totient


Method

  1. Put the Exponential Potion and water into a cauldron and mix.
  2. Mix in the totient.
  3. Now, carefully sprinkle some ground Sprig Of Modulo into the mix.
  4. Set fire to the cauldron.
  5. Count how many frogs fly out. This is your public key.
  6. Count how many birds swim out. This is your private key.
  7. Count how many pieces the cauldron explodes into. This is your modulus.
  8. Call the fire department.

Wednesday, September 05, 2007

Don't the Police have better things to do with their time?

Like sit around in men's toilets waiting for Republicans?