Browser Privacy & Fingerprinting

Ivan Szekely writes in email:

A team of young researchers – my colleagues – at the Budapest University of Technology and Economics developed a cross-browser fingerprinting system in order to demonstrate the weaknesses of the most popular browsers. Taking Panopticlick’s idea as a starting point, they developed a new, browser-independent fingerprinting algorithm and started to build a system-fingerprint database for further analysis. The description of the method and the analysis of the fingerprints can be read at http://pet-portal.eu/articles/view/37/2012-02-20-User-Tracking-on-the-Web-via-Cross-Browser-Fingerprinting.php (thesite is tri-lingual, if other language articles appear on your screen, click on the English flag)

By now the team has developed a new version of the fingerprinting system and is working on an effective method to prevent fingerprinting. In order to fine-tune the defense against fingerprinting, my colleagues need your feedback. Please click on http://fingerprint.pet-portal.eu, make a few tests and share your comments and suggestions with the developers.

Please take a second to visit http://fingerprint.pet-portal.eu and help them and us understand browser fingerprinting.

And there may be many others but they haven’t been discovered

Three newly discovered elements were given names on Friday by the General Assembly of the International Union of Pure and Applied Physics at a meeting in London.

They are Darmstadtium, or Ds, which has 110 protons in its nucleus and was named after the town in which it was discovered; Roentgenium, or Rg, with 111 protons, named after the discoverer of X-rays Wilhelm Conrad Roentgen; and Copernicium, or Cn, which has 112 protons and is named after the Polish astronomer Copernicus, who disrupted the view that the Earth was the center of the universe.

Goodbye, Rinderpest, we’re probably better off without you

On Tuesday in a ceremony in Rome, the United Nations is officially declaring that for only the second time in history, a disease has been wiped off the face of the earth.

The disease is rinderpest.

Everyone has heard of smallpox. Very few have heard of the runner-up.

That’s because rinderpest is an epizootic, an animal disease. The name means “cattle plague” in German, and it is a relative of the measles virus that infects cloven-hoofed beasts, including cattle, buffaloes, large antelopes and deer, pigs and warthogs, even giraffes and wildebeests. The most virulent strains killed 95 percent of the herds they attacked.

But rinderpest is hardly irrelevant to humans. It has been blamed for speeding the fall of the Roman Empire, aiding the conquests of Genghis Khan and hindering those of Charlemagne, opening the way for the French and Russian Revolutions, and subjugating East Africa to colonization.

(“Rinderpest, Scourge of Cattle, Is Vanquished,” New York Times)

The full article is fascinating, and worth reading.

Copyrighted Science

In “Shaking Down Science,” Matt Blaze takes issue with academic copyright policies. This is something I’ve been meaning to write about since Elsevier, a “reputable scientific publisher,” was caught publishing a full line of fake journals.

Matt concludes:

So from now on, I’m adopting my own copyright policies. In a perfect world, I’d simply refuse to publish in IEEE or ACM venues, but that stance is complicated by my obligations to my student co-authors, who need a wide range of publishing options if they are to succeed in their budding careers. So instead, I will no longer serve as a program chair, program committee member, editorial board member, referee or reviewer for any conference or journal that does not make its papers freely available on the web or at least allow authors to do so themselves.

Please join me. If enough scholars refuse their services as volunteer organizers and reviewers, the quality and prestige of these closed publications will diminish and with it their coercive copyright power over the authors of new and innovative research. Or, better yet, they will adapt and once again promote, rather than inhibit, progress.

I already consider copyright as a factor when selecting a venue for my (sparse) academic work. However, there’s always other factors involved in that choice, and I don’t expect them to go away. Like Matt, my world is not perfect, and in particular, I’m on the steering committee of the Privacy Enhancing Technologies Symposium, and we publish with Springer-Verlag. I regularly raise the copyright question with the board, which has decided to stay with Springer for now [and Springer does allow authors to post final papers].

There’s obviously a need for a business model for the folks who archive and make available the work, but when many webmail providers give away nearly infinite storage and support it with ads, $30 per 200K PDF is way too high for work that was most likely done on a government grant to improve public knowledge.

I’m not sure what the right balance will be for me, but I’d like to raise one issue which I don’t usually see raised. That is, what to do about citing to these journals? I sometimes do security research on my own, or with friends outside the academic establishment. As a non-academic, I don’t have easy access to ACM or IEEE papers. Sometimes, I’ll pick up copies at work, but that’s perhaps not an appropriate use of corporate resources. Other times, I’ll ask the authors or friends for copies. We need to understand what’s been done to avoid re-inventing the wheel.

If our goal is to ensure that scientific work paid for by the public is not handed over to someone who puts it behind a paywall, perhaps the next step is to apply pressure by only reviewing open access journals and conferences? When I first thought about that, I recoiled from the idea. But the process of looking for previous and related work is a process which must be bounded. There’s simply too many published papers out there for anyone to really be aware of all of it, and so everyone limits what they search. In fact, there are already computer security journals, including Phrack and Uninformed, which are high quality work but rarely cited by academics.

So I’m interested. Does being behind a paywall suffice as a reason to not cite work? If you answer, “no, it’s not sufficient,” how much time or money do you think you or I should reasonably spend investigating possibly related work?

Animals and Engineers

It’s been hard to miss the story on cat tongues (“For Cats, a Big Gulp With a Touch of the Tongue:)”

Writing in the Thursday issue of Science, the four engineers report that the cat’s lapping method depends on its instinctive ability to calculate the balance between opposing gravitational and inertial forces.

…After calculating things like the Froude number and the aspect ratio, they were able to figure out how fast a cat should lap to get the greatest amount of water into its mouth. The cats, it turns out, were way ahead of them — they lap at just that speed…The engineers worked out a formula: the lapping frequency should be the weight of the cat species, raised to the power of minus one-sixth and multiplied by 4.6. They then made friends with a curator at Zoo New England, the nonprofit group that operates the Franklin Park Zoo in Boston and the Stone Zoo in Stoneham, Mass., who let them videotape his big cats. Lions, leopards, jaguars and ocelots turned out to lap at the speeds predicted by the engineers.

I was also listening to the Quirks and Quarks story on “Wet Dogs Rule,” in which the researchers have used high speed photography figured out that dogs (and other animals) shake water out at a precisely optimal rate for energy invested versus surface tension and other factors that keep the water in their fur.

What’s surprising to me is the surprise that … “they lap at just that speed.” As anyone who’s ever read Darwin knows, any animal that expends extra energy on something, be it drying off or drinking water, will be disadvantaged compared to one that spends less energy for the same benefit. And over time, the animal that spends its energy more efficiently will have more energy to reproduce. To the extent that such strategies are influenced by genes, those genes that drive better strategies will spread. So I’m surprised that engineers are surprised that they can’t improve on millions of years of evolution.

Incidentally, congratulations to the CBC for being a news site that clearly links to the real academic work and researchers web sites.

Ambrose Bierce Punks Richard Feynman

Via Boing Boing, where Maggie Koerth-Baker gave a delightful pointer to this film of Feynman explaining for seven-and-a-half minutes why he can’t really explain why magnets repel each other. Or attract, either.

And trumping him in time and space, Bierce gave us this in 1906:

MAGNET, n.
Something acted upon by magnetism.

MAGNETISM, n.
Something acting upon a magnet.

The two definitions immediately foregoing are condensed from the works of one thousand eminent scientists, who have illuminated the subject with a great white light, to the inexpressible advancement of human knowledge.

Collective Smarts: Diversity Emerges

Researchers in the United States have found that putting individual geniuses together into a team doesn’t add up to one intelligent whole. Instead, they found, group intelligence is linked to social skills, taking turns, and the proportion of women in the group.
[...]
“We didn’t expect that the proportion of women would be a significant influence, but we found that it was,” Prof. Woolley, an organizational psychologist, said in an interview. “The effect was linear, meaning the more women, the better.”

The Globe and Mail, “If you want collective smarts…” In her interview with Quarks and Quirks, Woolley was careful to say that it wasn’t gender per se, but social awareness, but that such awareness correlates strongly with gender.

6502 Visual Simulator

In 6502 visual simulator, Bunnie Huang writes:

It makes my head spin to think that the CPU from the first real computer I used, the Apple II, is now simulateable at the mask level as a browser plug-in. Nothing to install, and it’s Open-licensed. How far we have come…a little more than a decade ago, completing a project like this would have resulted in a couple PhDs being awarded, or regarded as trade secret by some big EDA vendor. This is just unreal…but very cool!’

Visual6502.org, via Justin Mason