Thursday, July 31, 2008

Riding a high horse down a low road

Wednesday, July 30, 2008

The Fauxification of Associated Press

Press reports of how the Web has been destroying their business must have consumed a small forest worth of paper over the years. But while EBay and Craig's list invariably feature in these discussions the fact that the US establishment media is often indistinguishable from a right wingh propaganda machine is not.

What about the 'liberal media' you cry. Well the myth of the liberal media is precisely what you would expect to be used to obscure the fact that liberal ideas and voices have been systematically excluded from the US public discourse. Rush Limbaugh and Bill O'Rielly can spew hate speech onto the airwaves very single day but Bill Mehers gets fired for a single statement that the right found offensive.

Over the past few weeks there have been a number of Associated Press stories that appear to be little more than McCain campaign press releases. Now we discover that not only do the Associated Press journalists greet McCain with his favorite doughnuts with sprinkles, the Washington Bureau chief considered working for the McCain campaign.

Fournier describes his style of reporting as 'accountability journalism'. By which he means the press holding politicians accountable. But who holds the journalists accountable when they are partisans for one particular side?

Readers do, that's who. Or rather ex-readers. Between 9/11 2001 and November 2006, the US establishment media was falling over itself trying to emulate the Fox News approach of unabashed propaganda represented as news. Now they are discovering that they have lost the under 35 generation and much of the under 45s. They are no longer trusted.

Monday, July 28, 2008

Does a 'modular DSLR' make any sense

Nikon Rumors: continues to debate the 'modular' DSLR.

The first serious camera I used was a modular camera - my dad's Nikon F1 Photomic. But that was built in the days when cameras were mechanical systems. Does a modular camera make any sense in the digital age?

The question is not only relevant to cameras, Norman asked the same question of mobile devices themselves in 'The disappearing computer'. So lets consider where modular makes sense.

Every professional DSLR is modular: lenses are interchangeable. Camera bodies develop over time. Lenses represent a substantial fraction of the cost of a complete camera and necessarily involve some form of compromise with respect to performance, weight, cost and focal length(s) supported. Even if cost were no object, a 14-400 mm f/1.4 constant aperture lens would be undesirably heavy and unwieldy.

Modular makes sense when:

1) Some parts of the system are likely to become obsolete over time but a significant fraction of the value of the system is vested in parts of the system that are likely to retain their value.

2) The suitability of the system for a particular purpose depends on a component supporting a range of functionality that cannot be adequately supported in a single instance using generally available technology.

Both criteria apply to cameras and lenses. Bodies become obsolete every 2 years or so but a lens design generally remains acceptably close to the state of the art decades after it is introduced. Professional photographers queue up to buy new bodies the day they are announced but few would consider it essential to trade in their lenses as aggressively.

So does a modular body make sense with respect to the first criteria? Well lets consider where the majority of the cost goes. In rough order of decreasing cost I would guess the breakdown would be something like: sensor, cpu, calibration, body, display.

The sensor and the CPU are both developing rapidly over time. There is no point in putting a 20MP sensor in a camera with a CPU designed to support a 10MP sensor. Bigger sensors will demand bigger CPUs. There is no particular advantage to using a lower resolution sensor with a higher capacity CPU. Modularity makes no sense on this criteria.

Neither the body nor the display vary markedly in ways that make support for modularity desirable. The design constraint of modularity would almost certainly negate any imaginable advantage here. Moreover each body is designed around a particular CPU and sensor combination. So modularity makes no sense on the second criteria either.

There is however one area where modularity might make sense and that is to allow the CPU capabilities of the body to be supplemented by an outboard CPU. This does not make a great deal of sense for taking still photographs but makes very good sense if one is shooting very high definition video.

I suspect that it is no coincidence that the Sony 12MP DSLR chip supports slightly greater resolution than the ultra-high definition 4K format used in movies. The 8Hz maximum frame rate is very close to the 24HZ minimum for persistence of vision.

Nikon has an unrivaled range of professional lenses. If it developed an F-mount body for cinematography it would probably become the industry standard in a very short period of time. Processing the raw data rate off the chip in real time is probably beyond what current generation processors could perform in real time but well within the capabilities of a high end PC workstation with modern graphics hardware.

If there is a 'modular Nikon' I would expect it to be a dedicated back for shooting high definition video for cinema with the job of capture delegated to a dedicated off-camera processor/storage module. The back would not be a DSLR back at all, it would be a multi-sensor 3CCD back designed to capture the video and perform lightweight compression to allow the resulting RAW feed to be captured to disk over a wired 1Gb Ethernet connection.

Such a device would cost upwards of $10K with $20K being the likely starting point, lenses being extra.

Fist bump for public safety

USA Today is asking if the fist bump might replace the handshake.

Probably not, but think of the public health advantage, handshakes are a pretty good way to transfer germs. So much so that W. Bush has a flunkey whose job it is to carry the hand sanitizing lotion. Its not just the risk that the politician catch a disease that is the issue, its the risk of spreading it too.

We need some research to determine how may germs are passed in each form of contact and the probability that germs from the hand will be passed to the nose, mouth or other area likely to result in transmission of a disease.

Academics should note that this would easily net a publication.

Sounds like a need for an improved security protocol

Rabi condemns release of purported Obama prayer (CNN).

You would think that supreme beings would offer better security arrangements. Or maybe they do and its the people who refuse to take advantage of them.

Since a supreme being is logically capable of decoding any encrypted message in any amount of time (a day is a thousand years/ a thousand years is a day), it follows that the only security concern is to avoid ambiguity. A standard preamble works: "Lord of Lords," or whatever.

So in future encode your messages as follows:

C = E (p0 + p, k) where p0 is the preamble, k a randomly chosen key and E something like AES.

Saturday, July 26, 2008

No, there is a consistent standard

The Obama base visit flap has many wondering if the same standard is being applied to both camps. According to VetVoice, it is.

Obama was denied permission to visit an army base in Germany with news media and campaign staff. And the McCain camp was denied permission to make a similar visit to a US base the month earlier. Looks like the same rules are being applied to both.

It still makes no sense for the McCain camp to attack Obama for failing to visit the base in Germany after permission to make the visit was refused.

Thursday, July 24, 2008

What is China up to

I blogged on the Chinese cyber-attacks earlier.

One puzzling feature of the attacks is that they make no attempt to hide their tracks. The attacks come directly from the Chinese ministry of information. What is going on? Some possibilities:


  • The attackers are incompetent.
  • The attack is really coming from another source that compromised the computers in an attempt to frame China.
  • The Chinese are attempting to send a message.


I think that the last is the most likely. The attackers are certainly not incompetent, it is not likely the Chinese would not patch machines after vulnerabilities are detected. The question then is what the message is, some possibilities:


  • The warmongers in the Chinese military establishment would like to engage in a cyber-security arms race with the US and want to send a message to like minded warmongers in the US military establishment so that both can profit from the insecurity they create.
  • Retaliation for a US cyber-attack against Chinese infrastructure.
  • The Chinese cyber-security establishment is concerned that the deniability of cyber-attack coupled with the insecurity of the US information infrastructure is potentially highly destabilizing and want to force the US from an offensive posture to a defensive one.


The first possibility is not very likely. The Chinese military has no difficulty finding resources. The principal concern of the Communist party is internal security, they have no need to engage in an arms race with the US as they can cripple the US economy in half an hour by simply announcing that they no longer intend to buy US treasury bonds.

The second is entirely believable. If the Chinese suspect that they have been attacked by the US, retaliation is a matter of face. An anonymous attack would not meet the need to save face.

But the third possibility might be the most plausible.

Wednesday, July 23, 2008

National Journal Magazine - China’s Cyber-Militia

If you want to know what gets talked about at closed door meetings on cyber-security, take a look at this article.

What makes the claims convincing to me is the fact that the US military, in particular the Air Force has been boasting of its own prowess in cyber-space offensives. One air force general went so far as to tell a reporter 'we will bury you in cyber-space'.

So now we have a new cyber-security challenge. The attacks are deniable, there is no way to know whether an attack was mounted by China, Iran or an aly. Why would an aly attack? In the hope that the US would make good on its threat of instant retaliation. It need not be the government either, it might be a groop of far right nationalists. Hitler had the Reichstag burned down so he could blame the Communists, put them in prison and pass the enabling act. There is no shortage of groups that might perpetrate a cyber-attack on the US if they thought it might provoke a 'retaliation' against Iran. There are even groups inside Iran that might think they could gain.

Thursday, July 17, 2008

Torvalds on security bugs

As a security person I have a lot of sympathy for his position. It is much easier by far to break a system than to design a system that is secure and harder still to implement a secure design securely.

Too much of the security world is dominated by people whose only contribution is to point out flaws in everything. In many cases pointing out flaws that were known and understood by the system designers as necessary tradeoffs if certain goals were to be met.

As a result, much of the security infrastructure we have is overbuilt and unusable as far as ordinary users are concerned. In many cases we are still waiting for a solution to be deployed.

Some flaw discovery is useful and important. The early work on WiFi security for example. And sometimes public exposure is necessary. But people who discover flaws should not think that makes them clever than the people who design systems. Only people who design systems that are not broken have the right to feel smug about other people's flaws, but they are unlikely to do so because they understand how hard getting security design right really is.

But I do take issue with Torvald's depiction of what is a security bug. A bug that causes a system to crash is a security bug. That the machine crashes by accident is just as big a problem as that it was malice. In fact I don't think that any bug at the kernel level is likely to be anything other than a security bug, that is the nature of kernel mode. That is why recourse to kernel mode should be minimized.

Wednesday, July 02, 2008

The Nikon D700 lands

So the D700 is finally here. Is it time for every serious Nikon user to throw out their DX format cameras and stampede to the new FX full frame advantage?

The short answer is almost certainly not unless you are planning to spend at least as much again on fast wide angle lenses to take advantage of it like the 14-24 mm f2.8 zoom.

Somewhat bizarrely, Nikon is packaging the D700 with its 28-120mm kit lens. The 18-70 and 18-135 lenses are smaller and just as fast. They are not pro lenses, but neither is the 28-120mm. It is twice the price however.

The D700 is definitely the best choice out there for landscape work. Besides being $2000 cheaper than the D3 it weighs several pounds less. It is not going to stand up to as many years of hard knocks in the field but even the most active professional photographer would find it difficult to wear out any Nikon before it became obsolete these days. But to make the most of it you need the 14mm prime or 14-28mm zoom at an eye popping $1,340 and $1,550 respectively.

To make the most of the D700 you really need the 'magic three' set of fast f/2.8 zooms, 14-24, 24-70 and 70-200, costing $1,550 each. Add in the price of the D700 and that's $7,650 for the kit.

That's pretty steep when you consider that if you bought a D300 and the f4 12-24 in place of the 14-24 the set would cover the FX equivalent of 18-300 mm for $2,000 less. Moreover, as even the best lenses tend to be sharper and have less distortion in the center of the frame, the D300 kit is going to deliver better results.