Main | « September 2004 | November 2004 » | Archives
Red Sox Nation - Far East
Due to a last-minute change of schedule, I had to send Seth Hitchings, one of our best (read: customer presentable) engineers to Taiwan during World Series week. Apparently, our local team was somehow involved. Seth managed to catch most of the games live from his hotel room and a tea shop. He kept a web journal, complete with pictures, of the events.
I was flying home from Denver during the last game. The pilot had the game on one of the in-seat audio channels. The Sox won just as we were taxiing to our gate at Logan and I thought that mobs of fans would run out onto the tarmac and tip my plane over.
People seemed to be in a pretty good mood around the office today. I assume it must be because they missed me during my two weeks of travel.
Seth, sorry you missed the home crowds; take pride in your role as Red Sox ambassador to the people of Taiwan. Thanks for going.
Oh, nice tie.
October 28, 2004 | Permalink | Comments (1)
Things to Do in Denver When You're Fed
I'm in Denver, Colorado for the Digital ID World 2004 Conference. I came in directly from Japan (great trip, despite the typhoon and four earthquakes), so I'm going to spend some time balancing out the excellent tofu and tempura of Kyoto with good old-fashioned American steak.
Tomorrow (Tuesday, 10/26), I'll be speaking on a panel discussion about "PKI Deployments. Balancing Return, Cost & Complexity" from 2:30 - 3:30. If you're at the show, feel free to stop by and heckle me.
Please no, "Who's your daddy?" I was asked that by the US passport control officer at LAX where my standard response tactfully invoking the questioner's mother seemed situationally inappropriate.
October 25, 2004 | Permalink | Comments (1)
Jakob Nielsen's Alertbox
Jakob Nielsen has posted a new alert entitled "User Education Is Not the Answer to Security Problems" (amen). Among other recommendations, Jakob advocates that we:
Digitally sign all information to prevent tampering and develop a simple way to inform users whether something is from a trusted source. This might, say, replace current stupid security warnings that people don't understand because they expose the guts of the technology. ("The security certificate has expired or is not yet valid." Aha. And what does that mean to a normal person?)
I've been saying something like this for years. I'll even go a bit further: there is no good reason, today, that any legitimate email sent out by a serious company should not be digitally signed. A small number of consumers behind email-modifying proxies may get confusing error messages (companies can mitigate this by sending important mail without embedded HTML or JavaScript), but this can be quickly ironed out.
If you're a bank, hospital, or any other company that's worried about consumer confidence in your brand - you should be signing all of your outgoing email. Period.
Jakob's whole article is very good. Read it here.
October 25, 2004 | Permalink | Comments (0)
No dripping!
There are machines outside of hotels and office buildings in Japan into which you stick your wet umbrella and get it instantly wrapped in plastic. This prevents wet floors and makes it look like everyone just bought a new umbrella.
I'm reporting this fact to my loyal readers on a broadband wireless connection, while traveling at 270 kilometers per hour on the bullet train to Kyoto.
In my mind, this raises three fundamental questions about my own home country:
1. Why don't we have magic umbrella-wrapping machines?
2. Why don't we have broadband wireless connections that work at 270 kilometers per hour?
3. Why don't we have trains that work at 270 kilometers per hour?
Write your congressman. It's time for some pork barrel spending.
Mmmm pork barrel.
October 22, 2004 | Permalink | Comments (8)
A groan of puns
One of the ways I amuse myself on business trips is trying to come up with clever (given my somewhat limited and juvenile intellect) collective nouns. A collective noun is a peculiar feature of the English language used to describe a group of other nouns – usually people or animals. Common examples are, "a flock of sheep", "a school of fish" and "a pride of lions". Quasi-humorous collective nouns include, "a suit of lawyers" and "a club of golfers". I’ve tried explaining this concept to non-English speakers, but have not generally succeeded.
Last year, while watching horse races at the Hong Kong Jockey Club (no longer the, ahem, Royal Hong Kong Jockey Club, as I was politely but firmly corrected by my hosts), I saw a number of jockeys standing around at an award ceremony and spontaneously invented, "a shortage of jockeys". Today, passing group after group of uniformed Japanese school girls in my cab (or, more accurately, being passed by group after group while stuck in Tokyo traffic), I triumphantly decided that from now on, the collective noun shall be, "a giggle of schoolgirls".
My pride in these two linguistic inventions was cruelly dashed ten minutes ago when I discovered not only that both had already been coined, but that they appear together on a single Google-indexed web page.
I hate Google. They ruin my best ideas.
[Update: "a bloviation of bloggers" is original! My place in English language history is secured.]
October 20, 2004 | Permalink | Comments (3)
Back in Japan
I’m back in Japan this week.
The good news about Tokyo cab rides: there’s flawless, high-speed wireless Internet access even at 60 mph.
The bad news: You don’t get to go 60 mph very often and every trip takes an hour.
Net net: Lots of time for blogging.
October 19, 2004 | Permalink | Comments (0)
What's taking so long in that voting booth?
Edward Felten over at Freedom to Tinker has two amazing posts (one, two) about bugs in popular electronic voting machines that, if true, make it possible for just about anyone with a $50 smart card kit to vote multiple times and otherwise seriously tamper with the election. Actually “bugs” is not the right word. The problems stem from a design so stupid that it’s hard to spot the specific error. Like someone once said, “This so far off it’s not even wrong.” Google thinks that someone was Wolfgang Pauli.
I’ve put together the following technical illustration to explain the problem:
Here’s a slight variation on the “conversation” from Edward’s first post. It won’t make sense until you’ve read the original.
terminal to card: "My password is 1234"
card to terminal: "la la la la la la la la la la"
terminal to card: "Are you a valid card?"
card to terminal: "No. I mean yes!"
terminal to card: "Please deactivate yourself."
card to terminal: "Whatever you say, spaceman."
For the record, I cannot verify that Edward’s description of the problem in Diebold machines is accurate. However, the allegations are well documented and wholly consistent with the track record of electronic voting machines in this country. I can verify that “programming” smart cards is as easy as claimed; we do it all the time. Of course you can make smart cards (or, more accurately, smart card based systems) that don’t have such flaws (again, we do it all the time), but just because something could be done correctly, doesn’t mean that it has been done correctly.
The problems with electronic voting machines should be front page news. These aren’t slight theoretical flaws. They’re a clear and present danger to the foundations of our democracy. Note, that I don’t believe the allegations that these flaws are deliberately engineered to throw the election. Occam’s razor digs up carelessness and incompetence long before it gets to malice. Either way, the problems are inexcusable. Secure electronic systems are a well known area. For example, Dielbold also makes perfectly good ATM machines. They should know how to build a secure box.
October 16, 2004 | Permalink | Comments (5)
Google Desktop Search is the best program ever
Ever wonder why you can search the entire World Wide Web instantly, but it takes 20 minutes to find a file on your Windows desktop? Google has just fixed this glaring injustice with the public release of the free Google Desktop Search beta. Once you download the program, it’ll take an hour or so to build a local index on your computer and then your life will be vastly improved. You’ll be able to find any document, email or cached browser page on your computer by filename or internal text, instantly. This is fantastically useful.
I'll never have to sort my email again. Google continues to make good things.
October 14, 2004 | Permalink | Comments (3)
FDA approves giant pennies
Here’s the MSNBC article. Prior discussion on this blog can be found here and here.
All kidding aside, I think implantable RFID chips were a great idea for cows and are a great idea for those people who, like cows, cannot be expected to remember to bring their wallets all the time. A medical history application is a reasonable use for this technology. Just to be clear, your medical history is not stored on the chip. The chip just has an ID number which can be used to call up your history from an existing database. Access to the database can be controlled using the normal methods. It’s kind of like those medical ID bracelets that professional golfers always seem to wear. Not the magical copper and magnet ones; those are crap.
October 13, 2004 | Permalink | Comments (0)
e-Passport problems
There’s a good write-up in the EETimes about recently discovered flaws with the Department of Homeland Security’s proposed electronic passports. The new passports have an embedded contactless (ISO 14443) “smart-card” chip that stores personal information and (sometimes) a biometric template. The problems come in two flavors: reliability and privacy.
The reliability issues are what you’d expect from a fairly new technology with mandated cross-vendor interoperability: some readers were not able to properly read some passports placed on them. I have no reason to believe that this is a serious problem. Like other standards before it, ISO 14443 will take a few generations to work out the kinks. We at CoreStreet work with many cards and readers and I expect that the number we have to smash (run over, shoot, microwave) out of frustration will decline over the coming months. Remember how hard it was to get Ethernet cards to work correctly in the late eighties? No? Sometimes I think I missed out on some fun in that decade.
The privacy issues are more serious. Basically, since the current standards don’t call for any encryption between the passports and the readers, it’s possible to build a clandestine reader and read passports from a distance:
Using a reader equipped with an antenna, NIST testers were able to lift "an exact copy of digitally signed private data" from a contactless e-passport chip 30 feet away, said Neville Pattinson, director of business development technology and government affairs for smart-card provider Axalto Americas.
Two government officials are quoted with reassurances:
An ICAO spokesman said the organization specifies a contactless "proximity" chip that can be read only within a distance of a few inches. He said he didn't know which chips had been used in the tests but called it "extremely unlikely" that proximity chips could read information from more than 4 inches away.
Unfortunately, the distance limitation on the read has more to do with the antenna on the reader than with the chip on the passport. Four inches is the maximum range for a regular antenna and a fast read time, but significantly greater distance can be achieved with larger antennas and multiple attempts. Radio wave stuff is a black art to me, so I can’t say for certain whether or not it’s possible to restrict the read range on the actual chip, but i doubt it.
Another misleading quote follows:
A Homeland Security spokeswoman confirmed the tests had "demonstrated that if the readers are not designed with appropriate shielding, the data transmitted from the chip to the reader could be detected several feet away."
Once again, the problem has nothing to do with the legitimate readers. You can shield the readers in the finest dwarven mithril, but that won’t stop a rogue reader from getting at your passport data.
The only long term solution is to add encryption to the cards. This can’t be done in any meaningful way with most current ISO 14443 chips because those cards are not capable of storing a secure private key. The finer points of public key cryptography are beyond the scope of this blog entry, but suffice it to say that the only way you can have meaningful encryption for tens of millions of individual passports is to have individual private keys. There are cards that can do real public/private key stuff on a proximity interface, but this “dual interface” technology (so called because the cards can be typically be used in contact or contactless mode), is probably a year or two away from widespread use. Maybe these kinds of findings can spur the industry forward.
In the meantime, the article suggests that it would be extremely impractical for bad guys to build giant covert readers, and that metal-lined passport wallets can minimize opportunities for unauthorized reading. Both statements are true, so there’s no cause for near-term concern. The chips are good enough for now, and “dual interface” cards will clean up the remaining problems over the next few years.
One quote near the end really caught my attention:
Kefauver also speculated that at some point, the contactless chip and passport could be eliminated altogether. Instead, a person's biometric data would be measured at the point of contact and compared with information stored in a central database. That would shift the security concerns from the chip to the network.
Now that seems like a really dangerous idea. The privacy, reliability, performance, cost and security implications of a central database approach are all potentially catastrophic at the scale we’re talking about. Proving this is left as an exercise to the reader.
(But if you have the answers and want a job, drop me a note.)
October 12, 2004 | Permalink | Comments (5)
