Monthly Archives: May 2009

Camera thanks!

Posted on by

An enourmous thank you to everyone who offered advice on what camera to get.

I ended up with a Canon Rebel after heading to a local camera store and having a chance to play with the stabilization features. It may end up on ebay, but I’m confident I’ll get high quality pictures. If they’re great, of course, depends on my skills.

I hesitate to even ask, but what one book have you seen most help someone learn how to take great pictures? I want something that’s focused on how to orient & frame shots, not something on the technical side. The camera knows more about that than I ever plan to. So what one book would you suggest?

I’m thinking about the Rebel for Dummies book, since it covers both technical and artistic aspects. What book have you seen help others more?

I wrote code for a botnet today

Posted on by

There’s a piece of software out there trying to cut down on blog spam, and it behaves annoyingly badly. It’s bad in a particular way that drives me up the wall. It prevents reasonable behavior, and barely blocks bad behavior of spammers.

In particular, it stops all requests that lack an HTTP Referer: header. All requests. Not just POST to the comment CGI, which might appear to make sense. Not just POST. All requests.

There’s two problems with this. First, it assumes a static attacker, which is a poor descriptor of spammers. Second, it has high auxiliary costs.

So I wrote 28 characters of code for a spamming botnet. This assumes that there’s a variable “site” which is getting spammed, and gets inserted in the header printing block:

printf("Referer: %s\n", site);

That’s it. I just broke the “Bad Behavior” plugin, because that’s what the comment link referer will look like. (If I were to put in site, path, that would be about 4 lines of code. Mostly because it’s been long enough since I’ve dealt with C string handling I’d have to look up how to split the string and drop the last component.) I’d link to it, but you know, I can’t see the site.

Incidentally, I didn’t contribute that code anywhere. It’s a thought experiment, which Bad Behavior’s author should have done years ago.

Good security design takes into account obvious next steps by attackers. It considers impacts on privacy and liberty. Missing those, security designs are at best acceptable, and at worst oppressive.

[Update: I realized I'm violating my own advice here, by saying "that's wrong." So let me be prescriptive: Don't use the referer header for security. Just don't. Don't even try. You might try to redesign blog posting to take into account a particular blog post, but that would require breaking commenting directly from the front page of a blog.] [Update 2, added link to WMV video around 'my own advice.]

My Wolfram Alpha Demo

Posted on by

I got the opportunity a couple days ago to get a demo of Wolfram Alpha from Stephen Wolfram himself. It’s an impressive thing, and I can sympathize a bit with them on the overblown publicity. Wolfram said that they didn’t expect the press reaction, which I both empathize with and cast a raised eyebrow at.

There’s no difference, as you know, between an arbitrarily advanced technology and a rigged demo. And of course anyone whose spent a lot of time trying to create something grand is going to give you the good demo. It’s hard to know what the difference is between a rigged demo and a good one.

The major problem right now with Alpha is the overblown publicity. The last time I remember such gaga effusiveness it was over the Segway before we knew it was a scooter.

Alpha has had to suffer through not only its creator’s overblown assessments, but reviews from neophiles whose minds are so open that their occipital lobes face forward.

My short assessment is that it is the anti-Wikipedia and makes a huge splat on the fine line between clever and stupid, extending equally far in both directions. What they’ve done is create something very much like the computerized idiot savant. As much as that might sound like criticism, it isn’t. Alpha is very, very, very cool. Jaw-droppingly cool. And it is also incredibly cringe-worthily dumb. Let me give some examples.

Stephen gave us a lot of things that it can compute and the way it can infer answers. You can type “gdp france / germany” and it will give you plots of that. A query like “who was the president of brazil in 1930″ will get you the right answer and a smear of the surrounding Presidents of Brazil as well.

It also has lovely deductions it makes. It geolocates your IP address and so if you ask it something involving “cups” it will infer from your location whether that should be American cups or English cups and give you a quick little link to change the preference on that. Very, very, clever.

It will also use your location to make other nice deductions. Stephen asked it a question about the population of Springfield, and since he is in Massachusetts, it inferred that Springfield, and there’s a little pop-up with a long list of other Springfields, as well. It’s very, very clever.

That list, however, got me the first glimpse of the stupid. I scanned the list of Springfields and realized something. Nowhere in that list appeared the Springfield of The Simpsons. Yeah, it’s fictional, and yeah that’s in many ways a relief, but dammit, it’s supposed to be a computational engine that can compute any fact that can be computed. While that Springfield is fictional, its population is a fact.

The group of us getting the demo got tired of Stephen’s enthusiastic typing in this query and that query. Many of them are very cool but boring. Comparing stock prices, market caps, changes in portfolio whatevers is something that a zillion financial web sites can do. We wanted more. We wanted our queries.

My query, which I didn’t ask because I thought it would be disruptive, is this: Which weighs more, a pound of gold or a pound of feathers? When I get to drive, that will be the first thing I ask.

The answer, in case you don’t know this famous question is a pound of feathers. Amusingly, Google gets it on the first link. Wolfram emphasizes that Alpha computes and is smart as opposed to Google just dumbly searching and collating.

I also didn’t really need to ask because one of the other people asked Alpha to plot swine flu in the the US, and it came up with — nil. It knows nothing about swine flu. Stephen helpfully suggested, “I can show you colon cancer instead” and did.

And there it is, the line between clever and stupid, and being on both sides of it. Alpha can’t tell you about swine flu because the data it works on is “curated,” meaning they have experts vet it. I approve. I’m a Wikipedia-sneerer, and I like an anti-mob system. However, having experts curate the data means that there’s nothing about the Springfield that pops to most people’s minds (because it’s pop culture) nor anything about swine flu. We asked Stephen about sources, and specifically about Wikipedia. He said that they use Wikipedia for some sorts of folk knowledge, like knowing that The Big Apple is a synonym for New York City but not for many things other than that.

Alpha is not a Google-killer. It is not ever going to compute anything that can be computed. It’s a humorless idiot savant that has an impressive database (presently some ten terabytes, according to the Wolfram folks), and its Mathematica-on-steroids engine gives a lot of wows.

On the other hand, as one of the people in my demo pointed out, there’s not anything beyond a spew of facts. Another of our queries was “17/hr” and Alpha told us what that is in terms of weekly, monthly, yearly salary. It did not tell us the sort of jobs that pay 17 per hour, which would be useful not only to people who need a job, but to socioeconomic researchers. It could tell us that, and very well might rather soon. But it doesn’t.

Alpha is an impressive tool that I can hardly wait to use (supposedly it goes on line perhaps this week). It’s something that will be a useful tool for many people and fills a much-needed niche. We need an anti-Wikipedia that has only curated facts. We need a computational engine that uses deductions and heuristics.

But we also need web resources that know about a fictional Springfield, and resources that can show you maps of the swine flu.

We also need tech reviewers who have critical faculties. Alpha is not a Google-killer. It’s also not likely as useful as Google. The gushing, open-brained reviews do us and Alpha a disservice by uncritically watching the rigged demo and refusing to ask about its limits. Alpha may straddle the line between clever and stupid, but the present reviewers all stand proudly on stupid.

Camera advice bleg

Posted on by

I’m thinking about maybe getting a new camera.

Before I say anything else let me say that I understand that sensor size and lens rule all else, and that size does matter, except when it’s megapixel count, which is a glamour for the foolish.

That said, I’m off to South Africa in a few weeks, and while my Canon S410 was a fine camera 5 years ago, I’m thinking that for a trip like this with a safari in the middle, I should get something that sucks less. I don’t really care about GPS or interchangable lenses. (Yes, I should. You’re so right. But I don’t want to be bothered. I’m not a great photographer.)

I don’t want to have a full-bore SLR, as nice as they are. They’re too big, I won’t carry it enough to really justify what it is. So if I want to spend less than a thousand bucks (ideally < $500), have something that doesn't require its own carrying case or manual, what's the current hotness?

Are any of these “micro-four thirds” available? Worth risking? Worth overcoming my “don’t want to bother with lenses?” Should I look at a something like a Nikon Coolpix P6000? = Is it worth getting a new phd mini camera?

Ban Whole Body Imaging

Posted on by

radar image of naked woman

Congressman Jason Chaffetz has introduced legislation seeking a ban on Whole-Body Imaging machines installed by the Transportation Security Administration in various airports across America. Describing the method as unnecessary to securing an airplane, Congressman Chaffetz stated that the new law was to “balance the dual virtues of safety and privacy.” The TSA recently announced plans to make the scanners, which capture a detailed picture of travelers stripped naked, the default screening device at all airport security checkpoints. Whole Body imaging (Backscatter X-Ray) technology was introduced as a tool for screening some air travelers.

Read “Congressman Seeks End of Whole Body Imaging at Airports” for the links.

These scanners won’t make us more secure. Our wallets and our dignity can’t afford these scanners. Kudos to Congressman Chaffetz.

As an aside, searching for this image (which we’ve used before) required turning off Google’s “SafeSearch.” If Google won’t show that image, why should you be forced to pose for it?

Previously: “TSA to Look Through Your Clothes” and “TSA Violates Your Privacy, Ties themselves in Little Knot of Lies

Seattle Parking Monitoring

Posted on by

Seattle’s King5 TV reports on “Parking enforcement’s powerful new weapon:”

An unassuming white sedan is the Seattle Police Department’s new weapon against parking violators. Just by driving down the street, George Murray, supervisor of SPD’s parking enforcement unit, can make a record of every parked car he passes.

“What we’re doing here is we’re actually reading the plates with the reader and electronically chalking them,” Murray said.

It’s electronic chalking because you won’t see any evidence parking enforcement has marked your car and started the clock ticking.

As the e-chalker passes by, its roof-mounted cameras send a picture of your vehicle and plate directly to an on-board computer. All Murray has to do is cruise the same street two hours later to know who’s been there too long.

Me, I wonder how long they keep the data.

Covering the Verizon Breach Report

Posted on by

As you probably know by now, the pattern of 1s and 0s on the cover of the 2009 Verizon Data Breach Investigations Report contains a hidden message. I decided to give it a whirl and eventually figured it out. No doubt plenty of people managed to beat me to it, as evidenced by the fact that I didn’t get my solution in early enough to win the cash prize — but so far, I haven’t seen anybody write up a walkthrough, so I thought I’d do one. (Chris Eng, “Decoding the Verizon DBIR 2009 Cover“)

Zero Knowledge Poster.jpg

This reminds me a lot of the posters we did at Zero-Knowledge. I’m not sure who came up with the idea, but we decided to encode a secret message in the bar codes. It was pretty tricky. We didn’t have the hundreds of bytes that Verizon had on their cover, we had 8 bytes per barcode, meaning we had no more than 40 characters in which to encode a message.

I remember a brainstorming session at a nearby bar (le Cheval Blanc?). We wanted something meaningful. We wanted something relating to privacy, anonymity and freedom. Something evocative and memorable. We kept running into that 40 character limit. The ads were expensive to produce, and we had already decided that we only wanted five, so that there would be recognition and people would see them repeatedly in Fast Company and Wired.

I don’t remember who came up with “Who is John Galt” as the slogan. We had bounced around some 1984 references (too negative), but kept hitting that limit. When we decided we needed to get them out, we settled on the Ayn Rand reference, and Ian Goldberg encoded them as bar codes. He just happened to have some bar code fonts sitting around.

Even with those constraints, it was a lot of fun tossing ideas around and seeing them in print all over the place.

Like Verizon, we hinted at there being something there to get people to look. Maybe one of these days someone will manage to keep it a secret for a while, and get a second wave of publicity out of their secret messages.

Anyway, I had fun reminiscing about the posters. Thanks to Austin Hill and Jean Bernard for hooking me up with high quality images of the posters.

Scalia: Just Because You Can Doesn’t Mean You Should

Posted on by

aka it’s not nearly as funny when you are the subject of the probe.
At a recent conference Justice Scalia said “”Every single datum about my life is private? That’s silly,”
Well, a professor at Fordham University decided to take Mr Scalia at his word, and had one of his classes collect a dossier on the Justice and this is what they found:

Professor Joel Reidenberg and his class now have a 15-page dossier on Scalia, including his home address, the value of his home, his home phone number, the movies he likes, his food preferences, his wife’s personal e-mail address, and “photos of his lovely grandchildren.”

So what we have here is yet another person discovering that while individual facts aren’t necessarily important, when you aggregate them together you have something quite valuable. Justice Scalia was understandably somewhat unamused

It is not a rare phenomenon that what is legal may also be quite irresponsible. That appears in the First Amendment context all the time. What can be said often should not be said. Prof. Reidenberg’s exercise is an example of perfectly legal, abominably poor judgment. Since he was not teaching a course in judgment, I presume he felt no responsibility to display any.

Daniel Solove, over at Concurring Opions has provided more details and analysis as well as a follow up from Professor Reidenberg. Of note is the fact that this is a regular assignment in the professor’s class each year and the previous class had been told to use Dr. Reidenberg himself as the subject of the dossier.