|Ken Novak's Weblog
Purpose of this blog: to retain annotated bookmarks for my future reference, and to offer others my filter technology and other news. Note that this blog is categorized. Use the category links to find items that match your interests.
Subscribe to get this blog by e-mail.
New: Read what I'm reading on Bloglines.
Wednesday, September 15, 2004
The Australian: In Iraq's wasteland, total chaos looms: Aussie and British journalists are pessimistic. "Over the past three days Iraqis have found themselves plunged back into the front lines of a full-scale guerilla war, with the thin-stretched forces of the US-led coalition attempting both to maintain order in Baghdad and to conduct offensive campaigns in rebel cities such as Fallujah. There have been attacks on American soldiers and Iraqi troops and police as far north as Kirkuk, and in the southern city of Hilla, while Baghdad itself has exploded, with unrest near-continuous in the Sadr City district and the central Haifa Street neighbourhood.
Much of this upsurge stems from the fact that both sides in the fight want to press their advantage now: the Americans so as to prevent a disaster before their presidential elections, the insurgents because they feel they have gained the critical advantage. This has become clear from the increasingly bold pronouncements by the key figure behind the terror, Musab al-Zarqawi, who has even begun claiming responsibility for attacks through internet statements in his own voice.
Over the past two months, the scale and nature of the unrest has changed. Previously, even at the height of the bombings in Baghdad, there was an improvised feel about the attacks. Many observers now see a more concerted kind of direction to the terror, and the ability of the attackers to move freely is striking. ..
What lies behind the bleak picture is a catastrophic failure of intelligence – one so deep as to cast doubt on the viability of the US-backed Baghdad Government. US and Iraqi forces and their coalition allies neither know where the next attacks against their interests will fall, nor who is conducting them – nor who is carrying out the hostage-kidnapping operations. The Allawi Government has been alternately trying to stifle its enemies and to reach out to them with offers of ceasefires and local deals.
According to Middle Eastern intelligence websites and Western officials, one of the central initiatives of the Baghdad Government and the US, aimed at stopping the conflict in the Sunni triangle around Fallujah, has just foundered after prolonged negotiations. The aim had been to broker a peace deal with Sunni rebels and prominent figures from the old Baathist regime. Extensive talks progressed on several fronts but collapsed over Sunni demands for more power in the Baghdad Government. The murky security climate is matched by constant political infighting in the capital, where Western diplomats are becoming frankly pessimistic about the capacity of the present Government to keep the country together. "
and, Autumn in Iraq, when death grows on trees: "Against this sound and fury, pro-war critics complain that good news is being ignored, and they are right. So, too, is a lot of bad news. Kidnapping, looting, criminal opportunism and xenophobia make it simply too dangerous for Western journalists to visit many areas.
As recently as last (northern) spring we could travel relatively freely throughout Iraq, even to hotbeds of Sunni resistance such as Fallujah or Ramadi. We could eat in Baghdad's restaurants and shop in its markets. We lived in a suburban house until the day we received death threats. Today, we live in fortified hotels and move around the capital with extreme caution. A year ago every fatal attack on coalition forces, or suicide bomb, made news. Today they are so common we report only the really big ones.
Diplomats and officials remain as upbeat as they can. One thing on which everyone agrees is that, in the skeleton that holds Iraq together, the security bone is connected to the election bone, the election bone is connected to the legitimacy bone and the legitimacy bone connects right back to the security bone. " 11:55:53 PM
Electrovaya - Powerpad:
Laptop extender batteries that fit under the unit and supply power for "up to 12 hours" when fully charged. $200-500. 5:21:22 PM
SunWize Portable Energy System: "The SunWize Portable Energy System converts sunlight into electricity, allowing the user freedom to recharge a handset or other portable device anywhere the sun shines. The system is lightweight, weather-resistant, highly durable, .. UL listed, CE certified and has a system output of 8.5 watts. Built into the product is the patented SunWize OPTI-Meter LCD metering system that instantly measures sunlight intensity and allows optimum placement of the panel. The SunWize Portable Energy System is designed for daily field use. The 9.9 watt solar panel is constructed using a proprietary process in which the highest efficiency, single-crystal photovoltaic cells are permanently encased in rugged, weather-resistant urethane plastic. The panel’s nine-foot cord winds on a spool recessed into the back of the panel. A hinged metal stand folds flush into the panel’s back side. " Can output a variety of voltages. Can be combined with a second panel to double output. Price currently about $360.
Or, on a larger scale, The EN-R-Pak solar-powered portable power generation system, 50w panel bundled with battery to deliver 200w maximum, for about $2200. 5:17:07 PM
DIGITAL LITERACY FOR DEVELOPMENT PROFESSIONALS
: Announcing a new online course, "Digital Literacy for Agricultural Professionals": "A growing number of agricultural professionals now have Internet access but many are not quite sure what resources this makes available, how to best access these resources, or how to use the Internet in support of their work or to develop themselves professionally. This course is designed to help learners overcome these uncertainties" 10:29:27 AM
Design that Matters
: "DtM acts as bridge to bring problems identified by nongovernmental organizations (NGOs) and the communities into the classroom for university engineering and business students to tackle in their courses and research. " Affiliated with MIT and a design course there. 10:27:56 AM
What is ecto?
: "ecto is a feature-rich desktop blogging client for MacOSX and Windows, supporting a wide range of weblog systems.." 9:52:42 AM
Let Your Mobile Do the Pointing
: Magnetic sensors make an electronic compass, at low cost. Added to GPS, you can point at things and get info about them. 9:50:49 AM
Collection of phones that support eavesdropping: "The telephone is programmed with a telephone number and when anyone calls the spyphone, it rings and operates as a normal telephone but when the phone is called using the previously programmed spyphone number, it automatically answers without any ringing or lights and the display appears as if it is on ordinary standby" 9:17:31 AM
Unpatched PCs compromised in 20 minutes: "According to the researchers, an unpatched Windows PC connected to the Internet will last for only about 20 minutes before it's compromised by malware, on average. That figure is down from around 40 minutes, the group's estimate in 2003.
The drop from 40 minutes to 20 minutes is worrisome because it means the average "survival time" is not long enough for a user to download the very patches that would protect a PC from Internet threats. .. The time it takes for a computer to be compromised will vary widely from network to network. If the Internet service provider blocks the data channels commonly used by worms to spread, then a PC user will have more time to patch
[One] school is now checking the status of computers before letting them connect to the Internet. If a machine doesn't have the latest patches, it gets quarantined with limited network access until the PC is back up to date. " 8:58:40 AM
A Model for When Disclosure Helps Security: "Open Source and encryption [communities] view that revealing the details of a system will actually tend to improve security, notably due to peer review. In sharp contrast, a famous World War II slogan says loose lips sink ships. Most experts in the military and intelligence areas believe that secrecy is a critical tool for maintaining security .. this Article provides the first systematic explanation of how to decide when disclosure improves security, both for physical- and cyber-security settings..
many computer and network security problems appear different from the traditional security problems of the physical world. The analysis focuses on the nature of the first-time attack or the degree of what the paper calls uniqueness in the defense. Many defensive tricks, including secrecy, are more effective the first time there is an attack on a physical base or computer system. Secrecy is far less effective, however, if the attackers can probe the defenses repeatedly and learn from those probes. It turns out that many of the key areas of computer security involve circumstances where there can be repeated, low-cost attacks. For instance, firewalls, mass-market software, and encryption algorithms all can be attacked repeatedly by hackers. Under such circumstances, a strategy of secrecy - of security through obscurity - is less likely to be effective than for the military case." It seems to me this model also applies to many types of public facilities where probes and attacks can be rehearsed. 8:53:47 AM
Shred, Burn, Erase: "I've purchased thrift-store PCs and junk-shop hard disks [and] I've scanned through their contents before repartitioning the drives. I've seen personal letters and business correspondence, contracts and legal papers, Social Security numbers and other customer data. All you need is to scan a few recycled hard disks to gain a healthy paranoia about junkers that contain valuable information. .. I've also seen the results of projects by researchers such as Simson Garfinkel at Sandstorm Enterprises, who found high-tech vendor source code, financial information from investment firms, thousands of credit card numbers and even internal Microsoft e-mails on secondhand hard disks he bought at swap meets and used-computer stores and on eBay. ..
Then there are recordable CDs and DVDs, the bane of any IT shop that's trying hard to keep from leaking data. They're high-capacity, unerasable, tough to destroy and easy to drop into the wastebasket -- which makes them easy pickings for anyone who decides to dig through your Dumpster. " The author recommends both in house erasure and use of a commercial recycler that charges $10-30 to erase, to elminate single points of failure. 8:49:57 AM
Website offers Caller I.D. falsification service: "Slated for launch next week, Star38.com would offer subscribers a simple Web interface to a Caller I.D. spoofing system that lets them appear to be calling from any number they choose. .. Caller I.D. spoofing has for years been within the reach of businesses with certain types of digital connections to their local phone company, and more recently has become the plaything of hackers and pranksters exploiting permissive voice over IP systems. But Star38.com appears to be the first stab at turning Caller I.D. spoofing into a commercial venture. The service will charge a twenty-five cent connection fee for each call, and seven to fourteen cents per minute.
SecurityFocus took the site for a test drive, and found it worked as advertised. The user fills out a simple Web form with his phone number, the number he wants to call, and the number he wants to appear to be calling from. Within two seconds, the system rings back, and patches the user through to the destination. The recipient sees only the spoofed number displayed on Caller I.D. Any number works, from nonsense phone numbers like "123 4567" to the number for the White House switchboard. ..
Jepson and his partners believe that collection agencies in particular will find the service invaluable for getting recalcitrant debtors to answer the phone. .. The service does not appear to violate any federal criminal law, says Orin Kerr, a law professor at the George Washington University Law School, and a former Justice Department computer crime lawyer. "It doesn't violate the Wiretap Act or the Computer Fraud and Abuse Act or anything like that," say Kerr. But Rozanne Andersen, general counsel at the Association of Credit and Collection Professionals, believes collection agencies would be barred from using a Caller I.D. spoofing service under two federal civil laws: the Fair Debt Collection Practices Act, which prohibits false or misleading representations and unfair practices in collecting debts, and the FTC Act, which outlaws deceptive trade practices in general." 8:41:48 AM
BRUCE SCHNEIER on the no-fly list: "Imagine a list of suspected terrorists so dangerous that we can't ever let them fly, yet so innocent that we can't arrest them - even under the draconian provisions of the Patriot Act. This is the federal government's "no-fly" list. First circulated in the weeks after 9/11 as a counterterrorism tool, its details are shrouded in secrecy. .. It has been a complete failure, and has not been responsible for a single terrorist arrest anywhere. ..
People can be put on the list for any reason; no standards exist. There's no ability to review any evidence against you, or even confirm that you are actually on the list. ..
security is always a trade-off .. the problem is that the no-fly list doesn't protect us from terrorism. It's not just that terrorists are not stupid enough to fly under recognized names. It's that the very problems with the list that make it such an affront to civil liberties also make it less effective as a counterterrorist tool. ..
Any watch list where it's easy to put names on and difficult to take names off will quickly fill with false positives. These false positives eventually overwhelm any real information on the list, and soon the list does no more than flag innocents - which is what we see happening today, and why the list hasn't resulted in any arrests. .. Watch lists can be good security, but they need to be implemented properly. It should be harder than it currently is to add names to the list. It should be possible to add names to the list for short periods. It should be easy to take names off the list, and to add qualifiers to the list. There needs to be a legal appeals process for people on the list who want to clear their name. For a watch list to be a part of good security, there needs to be a notion of maintaining the list.
This isn't new, and this isn't hard. The police deal with this problem all the time, and they do it well. We do worse identifying a potential terrorist than the police do identifying crime suspects. Imagine if all the police did when having a witness identify a suspect is ask whether the names "sound about right"? No suspect picture book. No lineup." 8:38:09 AM
Vote Drives Gain Avid Attention of Youth in '04: "After dismal turnout by young voters in 2000, surveys this year show that interest in the election among the young is near the highest level it has reached at any time since 18- to 20-year-olds were given the vote in 1972. And state election officials say registration of new young voters is coming in at levels they have not seen in years.
Over 30 years, there has been a steady decline in youth turnout, with one big uptick, in 1992. The last presidential election featured a particularly low showing for those 18 to 24 - just 37 percent voted, compared with 64 percent for those 25 or older, surveys of voters leaving the polls say...
The pool of potential young voters is substantial - about 40.6 million Americans ages 18 to 29, or one in five eligible voters .. larger by 25 percent than the generation that preceded them..
Young voters, who split evenly between Mr. Gore and Mr. Bush in 2000, are also notoriously fickle, according to those who study them... Young voters flocked to Ronald Reagan. In 1992 - the year of Bill Clinton's "boxers or briefs" answer in a youth voter forum - they swung to Democrats. In 1996, Mr. Clinton beat Bob Dole among young voters by nearly 20 percentage points." 8:04:54 AM
Slippage of control in Iraq makes a mockery of power hand-over
: "To see how the situation has deteriorated one only needs to be reminded of the bullish confidence of coalition commanders in Iraq a year ago. Back then reporters were admonished if they talked of "no-go zones": the coalition presence, and with it the rule of law, extended to every corner of the country. Nowadays, by comparison, even British troops in the relatively quiet southern sector have all but conceded certain hostile towns.
The prospect of a "super rogue state
", as raised in recent days by Iraq’s new UN ambassador Samir Sum-aida'ie, is no longer a distant nightmare but an approaching possibility.
Alas, it is no use expecting "ordinary Iraqis" - the God-fearing, Saddam-hating, violence-abhorring majority to whom the coalition constantly appeals - to rally round to stop the worst-case scenarios unfolding. As the falls of Fallujah, Najaf and Samarrah have shown, Iraqis’ popular support - explicit, tacit or otherwise - tends to go to whoever wields the biggest sticks in town. For the first year after the fall of Saddam, that pretty much meant the United States Army. Now, however, as the half-way point of year two approaches, it is a role that is increasingly up for grabs." 12:48:15 AM
VERITAS First to Deliver Wide Area Disaster Recovery Capabilities for Microsoft Virtual Server 2005
: "VERITAS Software Corporation (Nasdaq: VRTS) today announced that VERITAS Storage Foundation™ HA for Windows software is the first to deliver the combination of enhanced high availability and wide area disaster recovery capabilities to Microsoft Virtual Server 2005 customers (see today’s Microsoft news release). VERITAS Storage Foundation HA for Windows integrates VERITAS Volume Manager™, and VERITAS Cluster Server™ the industry’s leading1 independent heterogeneous clustering and availability software, to help ensure continuous availability of mission-critical applications and data." 12:45:39 AM
Nanotechnology improves superconductors: "University of California scientists working at Los Alamos National Laboratory with a researcher from the University of Cambridge have demonstrated a simple and industrially scaleable method for improving the current densities of superconducting coated conductors in magnetic field environments. The discovery has the potential to increase the already impressive carrying capacity of superconducting wires and tapes by as much as 200 to 500 percent in certain uses, like motors and generators ..
Superconducting wires and tapes carry hundreds of times more electrical current than conventional copper wires with little or no electrical resistance. Superconducting technology is poised to bring substantial energy efficiencies to electrical power transmission systems in the United States. Much of the excitement caused by this discovery is due to the fact that the process can be easily and economically incorporated into commercial processing of the superconductors. ..
Dean Peterson, leader of the STC, said, "This is a significant technical advancement because it means we are now beginning to understand how to control defects in these superconducting materials and use them to our advantage. This was the first time we have been able to control the structural defects and in doing so, better engineer the material's structure to optimize performance." .. Scientists discovered that small, nanoscale defects are required to maintain high current densities in superconductors, particularly in the presence of high magnetic fields. " 12:38:57 AM
Spammers using sender authentication too, study says: August 31, 2004
: "2.8 % of legitimate e-mail passes SPF checks, compared with just 3.8 % of spam, CipherTrust's survey showed. .. spammers have been faster to adopt the technology than legitimate e-mail senders, Judge said. "Spammers are now better than companies at reporting the source of their e-mail," he said. ..
Only 31 Fortune 1000 companies publishing SPF or Sender ID records, and only 6 % of CipherTrust's customers publish SPF records, despite the fact that the company's products can check for and validate SPF records, he said.
But Wong, who co-authored both the SPF and Sender ID standards, said that stopping spam was never the intention of SPF or Sender ID. The technology is merely a way to stop one loophole spammers use: source address spoofing. Evidence that spammers are publishing SPF records is a good sign, Meng said. "Spammers are buying into a future that will wipe them out," he said.
In theory, when all spammers are forced to publish SPF records, along with all legitimate e-mail senders, it will be easy for legitimate companies to develop e-mail reputations for Internet domains that do and do not send spam, he said. ..
Meng said that SPF was never intended as an antispam cure-all, likening the difference between SPF and antispam technology to the difference between "flour and food." "There are about 12 things that we need to do to fix e-mail, and this is one of them," Meng said, paraphrasing comments by Nathaniel Borenstein of IBM Corp., another antispam expert. "When we have all 12 in place, we'll start to win the war." " 12:29:08 AM
Self-sustaining robot powered by flies in a fuel cell: "To survive without human help, a robot needs to be able to generate its own energy. So Chris Melhuish and his team of robotics experts at the University of the West of England in Bristol are developing a robot that catches flies and digests them in a special reactor cell that generates electricity. Called EcoBot II, the robot is part of a drive to make "release and forget" robots that can be sent into dangerous or inhospitable areas to carry out remote industrial or military monitoring of, say, temperature or toxic gas concentrations. Sensors on the robot feed a data logger that periodically radios the results back to a base station.
The robot's energy source is the sugar in the polysaccharide called chitin that makes up a fly's exoskeleton. EcoBot II digests the flies in an array of eight microbial fuel cells (MFCs), which use bacteria from sewage to break down the sugars, releasing electrons that drive an electric current. In its present form, EcoBot II still has to be manually fed fistfuls of dead bluebottles, but the ultimate aim of the UWE robotics team is to make the droid predatory, using sewage as a bait to catch the flies.
.. With a top speed of 10 centimetres per hour, EcoBot II's roving prowess is still modest to say the least. "Every 12 minutes it gets enough energy to take a step forwards two centimetres and send a transmission back," says Melhuish. But it does not need to catch too many flies to do so, says team member Ioannis Ieropoulos. In tests, EcoBot II travelled for five days on just eight fat flies - one in each MFC.
So how do flies get turned into electricity? Each MFC comprises an anaerobic chamber filled with raw sewage slurry - donated by UWE's local utility, Wessex Water. The flies become food for the bacteria that thrive in the slurry. Enzymes produced by the bacteria break down the chitin to release sugar molecules. These are then absorbed and metabolised by the bacteria. In the process, the bacteria release electrons that are harnessed to create an electric current." 12:20:22 AM