Sunday, March 30, 2008

Luggage lost in terminal 5

My guest arrived from the UK despite Terminal 5 opening day, her luggage did not. The
BBC reports there are 15,000 other los bags.

So how does the BA web site respond? No information available

BA does not have any telephone support either, none, zip, zilch nada. All they have is a number you can ring and get robot tell you that they have no information.

Wednesday, March 26, 2008 Internet Considered Dangerous Internet Considered Dangerous:

A pair of hoax ads on Craigslist cost an Oregon man much of what he owned.

The ads popped up Saturday afternoon, saying the owner of a Jacksonville home was forced to leave the area suddenly and his belongings, including a horse, were free for the taking, said Jackson County sheriff’s Detective Sgt. Colin Fagan.

But Robert Salisbury had no plans to leave. The independent contractor was at Emigrant Lake when he got a call from a woman who had stopped by his house to claim his horse."

Not so much internet crime as vast stupidity premised on the idea that the Internet is somehow 'different'.

Tuesday, March 25, 2008

Twitter / hallam

Observations from Twitter

  1. 35% of comments ask what the point of twitter is
  2. Nobody seems to respond with answers
  3. It is highly addictive as a write only medium

Why I don't shop at WalMart


Sunday, March 23, 2008

British And French: Less Confidence In Bush To Do The Right Thing In World Than Putin - Politics on The Huffington Post

Now here is a rare instance where I side with the Bush administration: British And French: Less Confidence In Bush To Do The Right Thing In World Than Putin (Huffington Post).

Putin has been very deliberately reconstructing a police state in Russia after the fall of Stalin's USSR. The recent elections were a sham in which the opposition parties were harassed and subject to arbitrary arrest.

Bush has governed in a similarly autocratic and fundamentally undemocratic fashion. Opponents have been smeared as 'unpatriotic'. Torture and arbitrary arrest have become state policy without any objection from the Supreme Court and rather less objection from Congress than should have been the case.

But for all this, none of the Bush administration 'achievements' are going to outlast it for very long, except that is for the pardons, the deficit and possibly the recession. Putin's Russia on the other hand is going to become very much less democratic before there is any improvement.

Irrellevant information

CNN reports that the chief of the firm involved in that Obama breach is Obama adviser. Clearly this is the 'investigation' of the matter that Rice promised.

But as with the Diebold 'revelation' that the CEO of the firm was a Republican who promised to help Bush get elected, the information is irrelevant to the central question of whether the activities were politically motivated.

The organizations involved here are businesses, not the military, not an organized crime ring, not a communist party cell. The idea that the CEO of a company can essentially order employees to engage in a criminal conspiracy to damage a particular political candidate and expect compliance is pure fantasy.

A CEO can set up internal policies in such a way that employees have incentives to break particular laws that affect the business. For example, giving store managers bonuses for saving money on cleaning costs and not asking if the companies they hire are using illegal workers or failing to pay the minimum wage. But ordering employees to break federal law for political reasons is unlikely to gain compliance and would expose them to blackmail.

Underlying this 'news' is the essentially feudal assumption that the only power hierarchy is the visible one. Employees are vassals who have sworn allegiance to their liege lords (CEO). If this assumption was true and there were no competing loyalties there would be almost no security problems. It is precisely because the employee's loyalties are not necessarily aligned with the organization that security is necessary in the first place. The CEO may be an Obama supporter but its the employee sitting at the terminal who has the ability to access the files and they might support McCain, the Klu Klux Klan or the Communist party.

The real question here is not who gave the workers their pay check but who was responsible for the information system that allowed them unrestricted access to the information. In this case the administration did not need to create the incentive, all they needed to do was to ensure that there was the opportunity.

This does not of course change the fact that these information systems are decades old and this is not the first time there has been a possibly politically motivated breach. The administration has had eight years to fix the security of these systems and they cannot claim 'terrorism' as an excuse for not doing so. This type of information is a terrorist target.

Friday, March 21, 2008

Predicting from the predictions markets

Charts from the inTrade online predictions markets seem to pop up all over the blogosphere. My question: what do they mean?

People tell me that these market prediction models 'accurately predict' outcomes. As with the claims for the accuracy of IQ tests it is one of those claims that is universally asserted despite any evidence to suggest the claims are meaningful, much less true. Note that the axis on the chart is labeled 'chance of victory', an explicit claim that the markets are a prediction.

In particular, what does a claim to have predicted the future accurately amount to? It is quite easy to see that the likes of Mystic Mogg who get every prediction consistently wrong are wrong. But inTrade does not predict outcomes, it predicts the probabilities of certain outcomes. What does it mean when inTrade 'predicts' that McCain has a 40% chance of winning the 2008 election? Does it mean that if the election is run ten times that McCain will win four of them?

If we had ten parallel universes and could run the election four times we could test such an outcome, but even then the outcome of an election is not exactly random chance. Its not like a sports match where there are a small number of variables that can have a huge effect on the outcome.

Election outcomes are in fact fairly predictable, opinion pollsters usually provide a prediction that is within a few points of the final result. But what does today's inTrade 'prediction' that McCain has a 40% chance of winning mean?

As with IQ tests, the reasoning behind the claim of 'accurate predictions' is essentially circular and hides a political agenda: Markets work, therefore predictions markets must work, therefore the predictions must be accurate - thus providing more 'proof' that markets work.

The Obama Passport Files Scandal

Before getting into conspiracy theories here, yes a very large number of federal government information systems are in fact configured so that any authorized employee can access any personal information whatsoever. The fact that contractors were able to gain access to Obama's passport files does not by itself indicate a conspiracy.

That does not mean that the situation is acceptable however or that it represents best practice or that the disclosures were not politically motivate or directed. It is an unfortunate fact that the US has a very long history of abuse of executive power for political purposes that long preceded Watergate. And it is somewhat interesting to say the least that there seems to have been rather more urgency in the investigation of Elliot Spitzer for a prostitution scandal than a long list of Republicans who have been investigated for taking bribes for many years now.

The information system in question was not subject to the access controls that might prevent an improper request for the information. Instead the system relies on accountability controls. If someone improperly looks at information they should not a red flag goes off and there are or should be consequences.

That is not a bad system in principle. Celebrities can be guilty of tax dodging too. If inspectors are unable to get access to the information they need a two tier system is created and a privileged elite can rely on their activities to be covered up. It is not possible to track every possible rule in advance, the system has to rely on accountability and consequences for malpractice.

The first problem I have with the implementation here is that for accountability to work it has to be prompt and conspicuous. Was there a delay between the access occurring and the culprits being fired? If so why? Were any investigations made to determine whether there was a conspiracy with political operatives?

The second problem I have is that even in an accountability based system there are cases where you want to employ access control and accountability in parallel. You do not want launch of nuclear missiles to be based on an accountability only regime (though this effectively was the case for many decades as the US missiles were by default set to a key code of 000000)

I don't see a valid reason for allowing a contractor unrestricted access to the files of sitting members of Congress. The fact that this is still the case suggests that the computer systems in question are probably antique relics of the 60s or earlier that should have been replaced long ago.

Update: The events only became public after a press inquiry.

Thursday, March 20, 2008

Thought of the day

Maybe Cuba should host the Olympics.

Why Johnny can read Pr0n.

Security Breaches have become a common event. Common wisdom is that the companies involved are not prepared to commit the time or money required to keep consumer data securely. Used correctly, every breach could have been prevented by cryptography. Is this because the users are stupid or because security applications are stupidly designed?

While these conditions may not be exclusive, the second is certainly true. Almost a decade after usability was exposed as a key problem in security applications by Whitten and Tygar, virtually every security application on offer is demonstratively unusable when attempting to perform the most basic workflow tasks securely. We can't know if the user is incompetent because we never gave them a chance.

One simple test to see if a security application is usable or not is to pick a simple task the user might attempt, replying to an email, copying music or video onto their computer, etc. and then consider if it is reasonable to expect the user to complete the task securely with respect to the type of risks that they might reasonably be concerned by. Does the user have enough information to be able to determine whether a particular choice is safe or not? Is effort required to determine the security context unreasonable?

When common applications are examined in this way it appears that nobody has ever performed a use case analysis. The systems turn out to be completely unusable. But use cases have been standard practice in security protcol design for years, what is the problem?

A part of the problem is that security is still largely regarded as a checklist compliance issue rather than a real requirement. The user asks for security so they are given a system that can be used securely, not one that they are likely to use securely. Current Web browsers 'solve' the security context problem by bombarding the user with useless warnings every time the security context changes. These are not meant to keep the user safe, the designers know that they will be turned off as the program is unusable otherwise. The only purpose is to dump responsibility for security problems onto the user.

Checklist security is the reason why it is impossible for a home user to use ACLs to protect their home movie content on their Windows Home Server. home Server is based on Windows Server 2003 which implements ACLs to comply with Orange Book and the Common Criteria. It is quite likely that use cases were performed in the design but I strongly suspect that they were security use cases, not use cases designed to determine if a typical user task could be completed securely.

Bad use case: Can Alice set read permissions on a directory?
Better use case: Can Alice store pr0n on her home computer so that she can read it but her son Johnny cannot?

Stated in this fashion it is pretty clear that the first one is not really a use case at all. But I now realize that I sat through a whole standards working group with thirty plus members that spent several years looking at a use cases document that was almost entirely of the first kind rather than the second. Writing good use cases is hard.

Another problem is that it most people find it very difficult to interpret the second use case correctly. Every one of the O/S vendors representatives I asked about the second use case interpreted it as 'how does Alice stop pr0n getting onto her computer' which is an entirely different problem. Since Marty Rimm's notorious 'cyberporn' media circus this particular security concern has been framed entirely in terms of controlling the communication channel: that is filtering Internet access. Framing is a real hazard when designing a system, what appears to be the primary security concern often is not.

As a parent of very young children I am far more concerned that they might find violence and horror than pornography. What they don't understand is unlikely to harm them but a young child can find relatively innocuous content very scary and have nightmares as a result. I have episodes of HBO Rome and Dr Who on the Home Server, the children are certainly not ready to watch those, we had to stop watching The Beatle's Yellow Submarine because it was too scary.

Trying to set protections on the 'scary stuff' directory using ACLs failed. Not only did it fail but the design of the Home Server means that it is impossible to achieve the desired outcome using ACL protections. To set access controls using Home Server you have to use the Home Server console. This system is actually somewhat easier to use, but only if you know it is there and the user experience does nothing to make the user aware of it when they discover that there is going to be no way to set the ACLs correctly.

Tuesday, March 11, 2008

One way to get people to upgrade to ipv6 I guess

Monday, March 10, 2008

Vatican develops four new sins

Apparently impressed by Steve Job's rollout of four new products at MacWorld, the Vatican has announced four new sins in time for the Easter holiday.

YouTube - Re: Senator Larry Craig (R-ID) Press Conference

The TVs showing CNN here at the IETF are suddenly filled with pictures of Eliot Spitzer. They keep showing long panning shots of stock stills.

Oh dear, a press conference with his wife standing by his side, looks somewhat familiar:

Monday, March 03, 2008

ELF Arson attack?

The 'Earth Liberation Front' does engage in terrorist tactics. Firebombing homes is intended to intimidate and is thus terrorism regardless of whether the intent is to kill people or not. In this attack, three model homes worth $7 million were set alight.

The comments left in this case suggest that this might well be a case of class warfare acting under the pretext of environmentalism. But it might have simply been an insurance fraud.

Whoever was to blame for this incident (there is no reason to think it was anyone other than the ELF), I have a feeling we will be seeing more like it as developers look at their inventory of unsold and in many cases unsellable housing stock.

My Grandmother used to tell me how factory after factory went up in flames in the Lancashire weaving industry heartland of Blackburn and Nelson. As profits dwindled the factory owners' exit strategy was an insurance fire.