a_cubed: (Hat)

The ethics of big data is generating a lot of discussion these days. I read an interesting article today which showed that some managers in the health sector find the voracious attitude that “everything must go into the pot” “creepy”, while analytics professionals go on about the benefits of more (good quality) data giving more useful information. This article, though, was quite typical in the area in that it focussed on the US situation, with the problem that health-care providers in the US are driven by their revenue systems: the source of the data for big data health analytics in the US in the article is cited as the “Revenue Cycle Management (RCM) systems” which capture data mostly so that the healthcare provider can charge the right (i.e. the legally/contractually allowed) price to the funder. Of course it’s pretty much only the US that has this crazy system. Elsewhere there are fewer payers for healthcare for the majority of people, sometimes down to (almost) one in places like the UK. The US situation also raises large questions because of the crazy way its healthcare is funded in that patients are severely lacking in trust that the use of their data will not lead to significant individual problems, up to and including being sacked for being potentially too expensive to provide health insurance for.


Of course this does not mean that in other countries there are no big ethical issues with big data for health analytics. The proposals by the UK government to limit or ignore patients’ ability to opt out of the care.data program, through which private companies such as pharmaceutical companies would gain potentially significant private benefits alongside possible public health benefits, but with no guarantees of privacy or security of the data, raises similar questions to the century-plus debate about census data (before WWII ethnicity data in the US census was supposed to be inaccessible to the government at large – that guarantee was wiped away after Pearl Harbour, leading to the disenfranchisement, loss of property and internment of over 100,000 American citizens of Japanese descent).


Europe, with its more heterogenous health funding systems must explore the issues around all the models and not be driven by US-centric concerns.


Current Mood: (contemplative) contemplative
Current Music: Raiders of the Lost Ark Soundtrack


a_cubed: (Peace)

There are many science fiction stories published each year with wild speculation, and usually few details. It’s not unusual, therefore, just by the law of averages, for sometimes the SF to be followed by the  a discovery of (somewhat) matching science. An interesting piece on anti-agathic (delaying or removing the effects of ageing) work I saw today reminded me of a piece in a Heinlein novel. In “Methuselah’s Children” where a secret bunch of families with naturally bred longevity flee the Earth in an early spaceship because of the threat of a pogrom and/or being the subject of vivisection to discover the secret of their longevity. Returning to Earth after some interstellar adventures and with time dilation having kept them even younger than ever, they find that their existence spurred Earth to invest in anti-agathic research and discover a “blood cleaning” process which seriously reduces ageing. Not a novel idea, actually, as this Guardian article points out, the idea was proposed by Libavius in 1615. It’s looking like it might have potential, though. The work of Wyss-Coray on the effects of young mouse blood on old mouse brains (and vice versa) shows that transfusion of young blood into an old mouse causes a revival of neuron birth, while old blood in young mice retards such development.


There’s a horror story in here about, say, the Chinese communist party using both sides of this – harvesting young blood to keep their gerontcratic leaders healthy, while deliberately transfusing older blood into younger dissidents to dumb them down.


As that very good Guardian article mentions (it’s an in-depth and very well-written science piece, a rarity in modern journalism) though, it’s not just the idea of transfusions – we can hardly keep up with other demands for blood for transfusions in most societies. The idea that we could track the protein components of blood plasma as we age and filter out the ones which contribute to ageing and synthesise and add back the ones which promote health and youth, are interesting. Of course there’s also the idea that’s been used by a number of SF authors where by tinkering with ageing and encouraging bodily regeneration, we “use up” our body’s ability to regenerate and instead of gaining (near)immortality we die quicker (sometimes very quickly) though with amazing powers of regeneration in the (usually short) time. Again, this is perhaps a worry with these real science ideas.


Current Mood: Interested


Originally published at blog.a-cubed.info

a_cubed: (Default)
(Note: this postmay appear twice, though it looks like LJ have screwed up the cross-posting system Iwas using from my WP site.)
I signed up today for a conference in Spain. They are using PayPal for taking registration. I’m trying to avoid PayPal, but as the only alternative (bank transfer) is a real pain to do from Japan, I bite the bullet when the other party only offers PayPal as a sensible option. So, I was directed to a PayPal site to process the payment, having given them all the registration details they demanded (including them requiring a landline phone number! I just re-entered my mobile number, which they had already also required). The initial PayPal page was all in Spanish. There was no visible button for changing the language. An understandable (to me) bit asked for my country, so I selected Japan and the page renewed into English. Odd, but useful to me. So, I gave them my credit card details including the billing address and submitted them. The “review and confirm payment” page then came up in Japanese. These days I know enough Japanese to have been able to figure this one out.

So, PayPal displayed itself in three different languages during one transaction, with at no point that I could see a visible button to select a language I can definitely use, and with some apparently random selections of which language to display a particular page in. This is not good internationalisation.
a_cubed: (Default)

Despite their own advertising claims and hype, Apple did not invent the personal media player, the smartphone or the tablet computer. However, their second or third generation mass-market devices in these areas have clearly captured the market at a crucial time becoming the single largest provider of such devices and relgating their competitors to mostly fighting amongst themselves for second place. While Android devices outsell iPhones by more than 3:1 no single manufacturer was able to beat Apple for sales until Samsung pulled out of the Android pack in 2012. By this time, however, the name of the game was iSomething. Ask a teenager what type of mobile they have and they’ll often say an iPhone, even if it’s Android device. Similarly iPod and iPad have become the standard term for media players and tablets. With the release of the iPad mini, even mid-sized tablets no longer seem distinct from the fruity products.


This all seems good for the Cupertino mothership, with brand recognition supporting their product with much higher product margins than anyone else (Samsung sells more but makes less), while their tied-in software and content distribution system also buoys up their profits more than in the more open Android marketplaces.


But this is a double-edged sword as at least two companies have learned before: Kleenex and Hoover. They became so ubiquitous and their products so associated with the product class that they effectively lost much of their trademark protection due to genericisation. Google made a strong effort to prevent this, although both the OED and Miriam-Websters include the verb “to google” as a synonym for searching the Web, particularly but not solely with the Google search engine.


I am hearing a lot of usage of iPhone, iPod and iPad to refer to smartphones, media players and tablets, particularly at places like airports where we’re told to take our iPads out of bags and iPods/iPhones out of pockets for security screening, and on planes where we’re told to switch off our iPods/iPhones and iPads for take-off and landing, and only use our iPhones in airplane mode while in-flight.


While it may seem a boon to their current business model to be the poster-child of the current generation, becoming too generic can lose your edge in law and undermine your position in the market as the brand people will pay more for (which seems to be and remain the core of Apple’s approach [pun intended]).


Current Mood: Jetlagged
Current Music: Dune (2001) OST


Originally published at blog.a-cubed.info

a_cubed: (Wolf)

I know at least one of my LJ friends will have sympathy with this one. I’ve received the proofs for a new journal article(*). While most of the comments are reasonable there’s a pair that are rather stupid when taken together. In the paper we reference this paper:


Dick , A . R . and Brooks , M . J . ( 2003 ) Issues in automated visual surveillance . In: Sun e t al (eds .) .


which as anyone who udnerstands referencing can see then cross-references:


Sun , C . , Talbot , H . , Ourselin , S . and Adriaansen , T . (eds). ( 2003 ) Proceedings of the Seventh International Conference on Digital Image Computing: Techniques and Applications, DICTA 2003, 10 – 12 December 2003, Macquarie University, Sydney, Australia . CSIRO Publishing .


The copy editors have separately asked:


Please provide further publication details in the reference Dick and Brooks (2003).


and:


Reference Sun et al (2003) not cited in the text. Please cite in the text, else delete from the reference list.


Argh!


 


(*) From my web page “News” section about this paper: A joint paper with Dr James Ferryman of the School of Systems Engineering, University of Reading has just been accepted by Security Journal. The pre-print of The Future of Video Analystics for Surveillance and Its Ethical Implications is available from the The Open Depot.


Current Mood: (pissed off) pissed off
Current Music: None


Originally published at blog.a-cubed.info

a_cubed: (Default)

Academia.edu (an academoc networking site) has an interesting alert service whereby they email anyone whose page is accessed with a referrer URL from one of the main search engines, and give the search terms, the search engine and, where available (from the web server log of academia.edu rather than from the search engine), the country from which my page was accessed. It’s interesting to see how people find me and from where. Yesterday I got such an alert where one of my papers was found via a search on a minor paraphrasing of one of the significant sentences (i.e. not a linking piece of text but one of the presentations of the core ideas in the paper). Thinking about how I’ve worked in the past, I suspect this was an academic checking for plagiarism in a piece of student work that has made them suspicious.


Current Mood: awake
Current Music: None


Originally published at blog.a-cubed.info

a_cubed: (Default)

Having written far too many emails explaining my views on how academia can best move to toll-free access to the scholarly literature (often abbreviated as Open Access) I have written this up on my web site: How to Achieve OA.


Current Mood: (accomplished) accomplished
Current Music: Ghost in the Shell 2: Innocence Soiundtrack


Originally published at blog.a-cubed.info

a_cubed: (Default)

Fascinating article in the Atlantic magazine showing pictures from the only official photographer in the Manhattan Project’s secret city.


Current Mood: artistic
Current Music: Battlestar Galactica (2003) Miniseries Soundtrack


Originally published at blog.a-cubed.info

a_cubed: (Default)

One of my current research projects (DESVALDO, funded by the CIGREF Foundation) involves surveying people about their use of digital data. While our primary target is non-expert computer users, expert users are also welcome to take it. This is the survey.


Current Mood: (curious) curious
Current Music: None


Originally published at blog.a-cubed.info

a_cubed: (Default)

Ross Anderson, Cambridge


Deception: Would personalising payment pages reduce small scale fraud?


How is being watched by humans different to being watched by software?


Blackstone: The law is the long march from status to contract. Are we now towards the end of the long march from honour codes to ubiquitous technical surveillance?


Dave Clark, MIT

Reactions to Prior Talks


A lot of the stories we tell are move/counter-move systems? Why are we in an equilibrium and it’s not that one side won? Perhaps it’s just that if one side won, the question is not interesting.


The way to reduce crime is not to build perfect systems, but to make sure crime doesn’t pay.


Peter Robinson, Cambridge

The Eyes Have It


There is something that can be done with eye gaze in detecting speakers’ state of mind.


Identifying people who are cognitively overloaded (e,.g. while driving, to reduce interupptions from navigation systems or the like).


Peter Swire, Ohio State

Tour of Projects


Encryption and globalisation paper, particularly the attempts by China and India to repeat the US mistakes.


Going Dark v. the Golden Access of Surveillance.


USvJones.com: Help judges by suggesting usable doctrine.


Are Hackers Inefficient?


The Right to Data Portability


Pretty Good De-identification


The Second Wave of Global Privacy Protection (Ohio State, Nov 2012) conference


Rahul Telang, Carnegie Mellon

Competition and Security


Does (can) competition increase security and/or privacy?


Hospitals are under incrasing pressure to invest in patient security and privacy.


In a more competitive healthcare market, there is evidence of more data breaches.


On most other measures, more competition increases quality.


Alma Whitten, Google

When is the Future?


The future is at most ten years from now. Meaningfully, five or ten years from now is the future, because things move so fast.


Technologists have a fair amount of power to build the future. But technologists are often taking their subtle direction from artists: particularly from science fiction.


Shows the “Expo” sequence from Iron Man 2. “I really want that interface”.


Some questions: Where are the boundaries? Who maintains it? Who pays for it?


Easy answers in the fiction (an eccentric techno-genius billionnaire), but if we want those tools for everyone these questions become more difficult to answer.


Current Mood: fascinated


Originally published at blog.a-cubed.info

a_cubed: (Default)

William Burns, Decision Research, CSUSM

Resilience in the Face of Terrorism: Risk Communication as Inoculation


Ratio of behavioural component of response to terrorist events (mostly incorrect) compared to the actual direct impact is approx 15:1. So while reducing loss of life is a good goal, minimisation of the over-reaction in the aftermath is also very important. Pre-emptive risk communication is the sensible approach.


A sensible risk message (terrorists aim to succeed in making you afraid, don’t let them win) has a significant impact on people’s responses to terrorist activity.


Chris Hoofnagle, UC Berkeley

Mobile Payments : Consumer Benefits & New Privacy Concerns


On Teror: I am terrified of motivational speakers, flying coach class on United and children’s products from China.


In a credit card, no party to the transaction has a complete view of the sale.  Merchants know what was bought but not exactly who you are. The CC issuer knows where and how much you spent, but does not know what you spent. This drives loyalty cards.


Mobile payments means that everyone in the chain can see all of the information.


 


Richard John, USC

Games Terrorists Play


Talking today about the non-rational terrorist.


Stackelberg competition game model.


Defender (leader) chooses counter-measures; attacker (follower) chooses attack.


Can we benefit from the irrationality of our adversaries? Terrorists often do not maximise their expected value – they follow irrational strategies which do not lead to their apparent goals. Reference: Predictably Irrational by Dan Ariely. We can do better than a strong Stackelberg equilibirum if we understand our opponents’ irrationality.


Persuading protection forces to act rationally and use these random approaches is a hard problem in itself.


Steven LeBlanc, Harvard

Constant Battles


The myth of the peaceful, Noble Savage. Humans have always had warfare and high death rates. There is a tendency to wish away prehistoric warfare by calling it something else or pretending it never existed. THe evolutionary pressures on surviving warfare are significant in the human genome?


Where data is good 15-25% of males die from warfare and 5% of females.


Death rates decrease with incrased social complexity. You are safer if you pay taxes. The more taxes you pay, the safer you are.


Mark Levine, Exeter

The Psychology of Violence Prevention


How to enroll the support of collective psychology to suppress violent action.


The action of third parties is seen in traditional psychology is seen as mostly negative: mob violence, mass hysteria, peer group pressure.


Looking at CCTV records of third party interventions (or lack of intervention) in violence.


Larger groups are less violent. How do third parties coordinate successfully.


Identity and eye-gaze: 52 participants, asked to view the same video with different priming questions about their identification with the subjects.


Ingroup bias: men look more at the men, women look more at the women. Men look more at the “perpetrator”, women look less at the “perpetrator”.


When people are primed in terms of their gender identity, they look at the third parties more than just the participants in the violence.


When primed to think of themselves are part of the group rather than as an individual, the women look more widely, whereas the men look more focussed. When primed as individuals, men and women look equally focussed/broadly.


John Mueller, OSU

Terrorism Since 9/11 – the American Cases


Only one occurrence in the US since 9/11 where a muslim terrorist killed anyone in the US, and almost no injuries. Hal of the cases appear to have been partly instigated by agent provocateurs of the government and all of the attemtped terrorists have been incompetent and mostly highly unbalanced.


Current Mood: fascinated


Originally published at blog.a-cubed.info

a_cubed: (Default)

David Livingstone-Smith, New England

Ideology


The camera obscura description of ideology as an accidental inversion of reality. The Conspiracy Model of ideology as a purposive distortion of reality in pursuit of some goal.


There is a perfectly good model of non-intentional purposiveness available: the notion of biological purpose, e.g. the orhid that simulates a wasp for the “purpose” of seducing male wasps to use them as a pollenation vector.


Millikan’s theory of proper function provides analysis of non-intentional purposes. The thing that caused a reproduction of an item is the proper function of the item.


Ideologies are collective misrepresentations of the social world that:


perpetuate the power of dominant groups, creating the circumstances allowing their reproduction and the reproduction of that power.


 


Rachel Greenstadt, Drexel

Anonymouth: How to make machine learning for security usable


Long term anonymity is challenging, as shown in the case of “A Gay Girl in Damascus”. It’s particularly difficult to re-write an existing document in a new style.


Anonymouth provides a suggestion set of ideas for how to make your documents less recognisable as your own.


Luke Church, Cambridge

“tracking” for societal benefit


Users don’t understand derived sales models.


Asking programmers to allow the researchers to record and analyse their every keystroke and mouse click leads to refusal because they are afraid of the usage of that data.


Please can we slow down the process of restricting scientists access to data.


Bruce Schneier, BT

Profiling and Airports


Why profiling makes no sense in security, even if you have a differential threat. Arguing against intuition, “common sense” and “obviousness” with clear (security) engineering principles is hard.


Public policy has important characteristics which divorce it from individual common sense about security.


Political rhetoric focusses on folk belief, common sense and intuition, rather than solid engineering principles. Non-security issues are driving security decisions (including corporate interest, law enforcement interests, military interests).


The four horsemen of the cyber apocalypse used for two decades to justify intrusion.


Persuasion and security questions. How to teach people not to have their security fear buttons pushed.


Matt Blaze, University of Pennsylvania

Folklore


Why (Special Agent) Johnny (Still) Can’t Encrypt (redux)


APCO Project 25 (P25) cryptographic system for first responders.


Serious vulnerabilities in multiple ways, in theory. How often do they cause problems in practice?


Rule #1 of cryptanalysis – look for cleartext.


Ridiculous amount and high security content of cleartext. About 30 minutes of cleartext per day per city.


The problem exists because radio encryption is harder than we think.


After discussions with various agencies there was often a short term drop in cleartext but then a reversion and even an increase.


The act of paying attention to problems like this can lead to a reduction of security because of misunderstanding.


Institutional memory of the previous generation of analogue radios (encryption reduces quality) is still maintained even though it is completely incorrect for the current systems.


Current Mood: fascinated


Originally published at blog.a-cubed.info

a_cubed: (Default)

Pam Briggs, Northumbria

A “Family and Friends” Perspective on Privacy and Security


Prevailing rhetoric is that privacy and security operate at a personal level – with individual decisions.


Too little attention paid to inadvertent disclosure in social or family networks.


Location-based services – one of the potentially most disruptive applications for privacy in the next few years.


Ubicomp in a family setting.


Facebook account hacked – three facebook friends to provide re-authentication.


 


Jaeyon Jung, Microsoft

Tools to Analyse Personal Data Exposure Through Apps & Developing UIs for Control


Problem is that access to information by Apps is often “all or nothing” for classes and without certain classes the app cannot be used at all – even if the app does not need it, depending on how it is programmed.


Some participants in a study of smartphone app data transfer were unsurprised – this is the price you pay for “free” apps. Others were surprised at things like the collection and transfer of location data when the app did not need it. Others felt they were not bothered by the collection per se, but wanted to know who had the data.


Some participants planned to uninstall particular apps (e.g. Angry Birds) because of their data collection. Some felt that the option of disclose or don’t use was not a good situation.


We need better user experiences for users in knowing about and controlling the information their smartphones give out.


 


Rob Reeder, Microsoft

NEAT guidance for usable software security


RSA data release started with a spear phishing attack based on an XL.


Security guidance to users in MS products should now follow NEAT: Necessary, Explained, Actionable, Tested.


 


Christoph Paar, Ruhr University

Real World Hacks


How do attackers learn their trade? With better information about how attackers develop their approaches, then we can potentially improve the defences. Obfuscation may be more use than its reputation (security by obscurity) gives it credit for.


 


Frank Stajano, Cambridge

The quest to replace passwords


Passwords have really poor usability. Does this mean we get good security? No.


Predictions of the demise of the password have ben greatly exaggereated. We use more and more passwords every year.


Make sense of what has been done – those who fail to study history are doomed to repeat it.


Evaluation framework for authentication systems.


Passwords are not going to die any time soon. Many schemes are better than passwords on security. Some schemes are better on usability than passwords, but most are worse. All are worse on deployability.


 


Jeff Yan, Newcastle University

Does psychological profiling predict MMORPG cheaters


There are many technical solutions to analysing in-game behaviour to identify cheating. Is it possible to identify likely cheaters with a psychological test. What about the issue of potential cheaters cheating on the questionnaire.


Current Mood: fascinated


Originally published at blog.a-cubed.info

a_cubed: (Default)

Sandy Clark, University of Pennsylvania

The Honeymoon Period and Secuity Development


Bug identification models don’t work for vulnerability identification.


Casinos have developed good approaches to patching exploits in their systems (general systems, not just computer-based systems).


Scams are the “buffer overflow errors” of human consciousness.


Attackers adapt, so defenders must adapt.


Evolutionary Biology model for Parasite/Host competing evolution (the Red Queen Hypothesis everyone must run in place to maintain the best outcome, which is not a perfect system).


Modelling the defender is not enough. We need to model the attacker. More importantly, we need to model the interaction and the violation of assumptions is one of the key eleents of this.


 


Richard Clayton, Cambridge

Devo estar falando Portugues? (Should I speak Portugese)


IM Worms.


Portuguese-specific short IMs for infection have significanly higher numbers of click at peak than “language-independent” ones.


 


Cormac Herley, Microsoft

Fraud


Anything I do with a password can be repudiable.


We should be teaching check(cheque)-clearing rules instead of Byzantine security tips.


 


Markus Jacobsson, PayPal

What are password strength checkers actually doing?


Strength checker? Fast Runner? Has Tail, Has Black marks, Has Yellow surface, Has Dots? Result is a budgie not a leopard.


Determine the user’s mental process for creating (strong) passwords.


Comment by Richard Clayton: passwords for porn sites need to be enterable with only one hand.


 


Eric Johnson, Dartmouth College

Fraud in Healthcare


US healthcare costs are $2.5T. Farud is estimated at some hundreds of billions of dollars.


Medical Identity Theft?

The US medical system is setup to provide opportunities for fraud. Particularly dueto the pay-and-chase model.

Very easy to join medicare/medicaid as a payee, just a bureaucratic process.


Geting hold of identity ius not hard. The monetisation model is the keydevelopment.


Grainne Kirwin, Inst of Tech, Ireland

Psychology of Cybercrime


Interrested in victims of cybercrime. Why are they targetted, how do they react?


Trait anxiety, rather than state anxiety (Big-5?): how does it compare to susceptibility to fraud?


Victim facilitation and precipitation. Insult someone and they hit you (precipitation). Leave your keys on the bar (facilitation).


Considering how facilitation relates to liability. Most people will indicate that faciltative victims should be more liable.


David Modic, Exeter

Risk and Internet Scams


Ego-depletion, materlialism, marketing (susceptibility to being scammed).


Ego-depletion has no effect on falling for a scam.


No materialism measure has ay impact.


Appeal is very limited effect.


Scammers offer money not goods and intangibles.


Current Mood: fascinated


Originally published at blog.a-cubed.info

a_cubed: (Default)

Jeff Hancock, Cornell

Detecting Deceptive Language and Promoting (more) Honest Behaviour


Detection of the difference between purchased reviews of hotels by people who had not stayed there and real reviews by those who had. Automatic detection could identify 90% of the fake reviews – only works for differentiating between those who had stayed there and those who had not.


Lab studies on identifying lying: psychological distancing leads to verbal immediacy, cognitive complexity leads to a different discourse structure, anxiety and guilt lead to emotional leakage. However, various types of situation lead to differences in how the models can be applied.


How to promote more honest behaviour.


Promoting honest behaviour. Triggering a feeling of a face triggers social constraints on lying.


Current research will include graphics to see what can improve honesty.


Tyler Moor, Wellesley College

Why user intent affects how we combat online wickedness


Online crime is mainly fought by private actors rather than state agencies.


Sometimes crime is difficult to distinguish from undesirable behaviour.


What is the distinction between bad behaviour and criminal behaviour?


Distinguishing between phishing and malware installation (which can lead to keylogging and loss of authentication details). Phishing is attacked by the banks. Malware installers are attacked by the search engine.


Transparent redirection by cracked sites depending on the referrer information from Google search pages.


Need to identify the intent of the user.


 


Robert Trivers, Rutgers

The Folly of Fools: the logic of self-deception.


Lying to others is indivisible from self-deception.


Psychologists tend to study only deception. Philosophers worry too much about self-deception. You need both to understand deception.


Choice of language as well as physiological reactions give clues to deliberate deception. Self-deception could be deliberately practised in order to avoid deception clues.


Interesting data on self-deception: we do believe our deceptive positive self-image.


Self-deception is offensive (aimed at deceiving others), rather than what the psychologists claim: that self-deception is defensive, aimed at making ourselves happier.


We need more evidence on detecting deception in real situations.


80% of accidentsd happen with the pilot instead of the co-pilot in actual charge. Co-pilots are hesitant to correct errors from their more senior colleagues, particularly if they do not have a pre-existing strong relationship.


When considering deception, you must always keep self-deception in mind.


 


Joseph Bonneau, Cambridge

Guessing human-chosen secrets


What’s easier to guess? Older or younger users’ passwords? Passwords or random 9-digit numbers. PIN or Mother’s Maiden Name?


Showed the cartoon of Jesus having 2512 as his PIN to his father, whose birthday is Christmas Day, and his father promptly went and changed his PIN.


Released files of stolen passwords allowed statistical analysis of password choices.


Gathering data within Yahoo via an encrypted hash to allow for statistical analysis without knowledge of the actual passwords.


Changing user behaviour (such as changing passwords occasionally) is better than just stressing the risk.


Language makes something of a difference, but at most a factor of two in difficulty.


 


Stuart Schecter, Microsoft

Better Passwords


P@ssword was a “strong” password accroding to Yahoo’s algorithm. P@$$word1 was a “strong password according to Google’s algorithm.


Ban popular passwords!


Important internal passwords for high value propositions (MS, Google) need better approaches.


Current Mood: fascinated


a_cubed: (Default)

As of writing (16:00 JST on Wednesday 18th January 2012) Wikipedia is blacked out apart from one page:


Wikipedia: SOPA


This is in protest at two bills currently being debated in the US Congress (PIPA in the House and SOPA in the Senate). These bills are being rushed through at quite a fast track in congress because they are bi-partisan (meaning: the big businesses who drafted the bills, and are corruptly paying congress-critters in campaign donations for their support, have bought peple in both parties).


In early January there was a movement by some opposed to this bill asking various large Internet organisations to black out in January in a coordinated effort to oppose these bills and raise public awareness about them. Most of the major service providers such as Google can’t really afford a day’s blackout. As Wikipedia is a non-profit and doesn’t make money per eyeball it was one of the few high profile sites to be able and willing to take this step.


There are more details from the EFF about these proposals.




a_cubed: (Wolf)

While revising my lectures for the coming academic year I had some thoughts about the shape of economics in the Knowledge Economy that I thought I’d put down. These are just some initial ideas, not fully worked out.Eric Reasons has an interesting perspective on his blog about how the new economy of free is undermining the old and destroying our current measures of wealth and economic growth. One of the common themes of my teaching is how what’s happening now can be understood better if we consider what has happened before (not quite the Mormon/Battlestar Galactica “this has all happened before. It will all happen again”). Looking at the development of the telegraph helps us understand the social and economic impact of the Internet. Looking at the industrial revolution helps us to understand the information revolution. Reasons is right in that current economic changes are radically undermining our current measures of wealth, which are principally based on atoms. Of course in the pre-industrial age wealth was based primarily on hectares. Not all hectares were equal and good management/work could improve (to a physical limit) the value of existing hectares. But Marx’s analysis that labour is the missing element of economic analysis in the mercantilist commodity economics of the day was a significant insight (I’m with Karl Popper in that Marx did brilliant work on observing and analysing the state of his time but a terrible one with his predictions of the future). Reasons makes some similar mistakes. He claims that the 20th century gave us free time we’d never had before. Actually, if one looks at agrarian economies, stable economies had significant free time, i.e. time which was not spent on subsistence labour for one’s family, for many though not all. This free time wasn’t spent watching soap operas because television didn’t exist. It was spent doing things beyond the immediate needs of the individual and family. Some of it was spent enriching the feudal lords. When a peasant had to spend two or more days a week working the lord’s land, that was their free time. Another way this free time was spent was the construction of the major cathedrals, many of which still stand today as features of the urban landscape. Wikipedia is, I contend, the modern equivalent of the medieval cathedral. These days, particularly in Japan, many employers act as feudal lords and expect such “free” time to be gifted to the company with long working hours and presenteeism. The late industrial economy and particularly the early knowledge economy have been characterised by a diminution of free time for a large part of the population. The 9-5 job has become the 8-7 job with email, mobile phone calls and international travel added on top. For others, as documented by Naomi Klein, flexible hours have become a millstone around the necks of the manual worker, with Starbucks or McDonalds requiring shifts of 7-10am and 4-7pm making up the working day and no recompenses for the double commute (many of their stores are in locations their employees can’t affford to live in and the early and late public transport they rely on also extends travel time).


Reasons talks about the deflationary pressures of innovation and claims that the new “free” economy that Anderson talks about in Free (and that Doctorow criticises as on half-analysed in his Guardian piece) will be one in which we will have less money, but goods will cost less, and we’ll have more free time. The kicker according to Reasons is whether, and possibly for whom, the balance betweeen reduced income and reduced outgoings will balance or improve. However, if we look again at the shift from the agrictulural to the industrial economy, we see that those things which were represented by money in the agricultural economy (land) were supplanted by movable goods (cars, televisions, washing machines). As Charlie Stross pointed out in the Introduction to Toast, a conversation with H. G. Wells in which one is limited to yes/no answers would quite probably give Mr Wells some very strange ideas, because he would be focussed on the things that mattered in an early industrial economy: coal, steel, warships. He couldn’t know about aircraft, nuclear weapons, computer software, and would not regard international finance, insurance, tourism as significant economic indicators. Similarly as we move from the industrial economy to the knowledge economy our measure will need to change. Money is currently still the main mechanism of exchange and will probably remain necessary for physical goods for a long while until and unless we can develop Star Trek-style replicators from today’s crude 3-D printers, and even then the raw materials going into them may keep monye important for a while. But already we see that issues such as reputation may be far more important to the new economy than physical structures. The banking collapse was driven at least in part by a bubble in reputation as over-inflated values poisoned a realistic lending market. All I think at this point that we can reasonably say about the economy of two or three decades down the line is that the commodities that will be important then are as opaque to us now as the microprocessor would have been to H. G. Wells.


Current Mood: Intellectual
Current Music: Star Wars: The Empire Strikes Back Soundtrack


Originally published at blog.a-cubed.info

a_cubed: (Peace)

I’ve just submitted a paper to Computers and Society. The draft submission is available on OpenDepot.


Current Mood: (accomplished) accomplished
Current Music: Torchwood Soundtrack


Originally published at blog.a-cubed.info

a_cubed: (Default)

On The Register recently there was an interesting article about ebooks and how the book publishing industry seem to be following the music and movie industry down the same path of woe by trying to screw their customers in the move to digital distribution. Leaving aside the actual proportion of costs which the physical printing, distribution and returns of overstock entail, the idea that the digital edition costs MORE than the print edition really is utterly stupid. Modern publishing uses internal digital formats for the files which are then passed to the printer for physical printing. Getting this into the digital distribution medium is  trivial one time programming exercise. While I would be willing to accept that the digital price difference should only be small, the fact that new ebooks are selling at higher prices than the hardcover is just stupid.


Anyway, that’s all covered in the article. In the comments the author discusses the issue of the public lending library with some of the commenters. That’s what prompted this post, actually, which is thinking how it might be possible to run a public lending library with ebooks. The whole point of a public lending library is that the library buys the book once (depending on where you are they then pay a royalty fee for usage, or not) and lots of local people get to read it. There was always an issue raised by music publishers about LPs and later CDs being available this way since people were clearly borrowing things from their library and copying them, first onto tape then onto CDRs then into digital music files. The same thing would likely happen with public libraries. So, is it possible to have a system of public libraries (who will operate within the law as much as they can, although their patrons won’t necessarily do so if it’s easy)? Here’s for once where DRM might actually have a use. Consider a dedicated public library ereading machine. This machine has only one data interconnect method, and uses hardware-based encryption to decrypt the file held on its storage and display it on the screen. The device is physically sealed and designed so that cracking it open is hard to do and once done accessing the data transfer between the processor and screen is hard to do. These devices are loaned to the library user with the books they’re borrowing on them. When you go to the library you give them the current device back and get another with the books you want this time loaded up. Yes, you have to physically visit the library to do this, though the devices could be mailed through the post like DVD-rental services, for those in remote areas (postage costs would mean the device would need to be as light as possible, but since it is only trying to be a read-through device and not a general purpose device, this should keep the weight down). The library can, depending on the legal situation, either track how many loans they’ve made and pay the appropriate royalty fee, or limit the number of parallel loans to the number of “copies” they’ve “bought”. The point of this is to provide a replacement for the free public lending library service that minimizes the disagreements with the publishers, all of whom have long argued that public lending libraries unfairly undercut their business, but which still mostly survive in the UK at least, because of public support for free access to information, beyond what’s available for free online.




Originally published at blog.a-cubed.info

October 2016

S M T W T F S
      1
2345678
9101112131415
16171819202122
23242526272829
30 31     

Syndicate

RSS Atom

Style Credit

Expand Cut Tags

No cut tags
Page generated Jul. 24th, 2017 08:48 pm
Powered by Dreamwidth Studios