This rather heart-wrenching article from the New York Times discusses the shortage of pain-killing opiates for medical care in the developing world. This is more the consequence of (seemingly misguided) policies than of poverty. The issue was touched upon here earlier, as part of this discussion on the Afghan opium crop.
Category: Security
Security is immunity from the will of others.
APEC joke motorcade
By now, most people will have heard about the prank pulled off at APEC by the Australian television show The Chaser’s War on Everything. In short, they managed to get a fake motorcade of black cars with Canadian flags on them through two checkpoints and within ten metres of the hotel where President Bush was saying – all this during the heaviest security Sydney has ever seen, and while a man dressed as Osama bin Laden was in one of the cars. Previously, they managed to convince various film studios and embassies in Australia to allow them to bring a huge wooden horse into their secure compounds. Naturally, it was full of sword wielding men in silly period costumes. They also have a series of sketches where men dressed as stereotypical tourists manage to wander into all manner of secure areas, while people in traditional Arab garb get stopped within minutes.
All told, I think this prank is pretty funny. It also demonstrates how a bunch of circling helicopters and huge steel fences aren’t much good for security when the people you hire are muppets and the procedures you employ are half-baked. The fake passes that got them through both the ‘Green Zone’ and more secure ‘Red Zone’ checkpoints are hilarious.
Web abuse
Spam is terribly frustrating stuff, partly because of how it is inconvenient and partly because of how it is a cancer that wrecks good things. (See previous: 1, 2, 3) The ideal internet is a place of free and honest communication. Spammers create the need for extensive defenses and scrutiny which take time to maintain and diminish that openness and spontaneity.
If you think the spam in your email inbox is bad, just consider yourself lucky that you do not also have to deal with comment and trackback spam on two blogs, a wiki, YouTube videos, and a half dozen secondary places. There are even phony marketing bots on Facebook now: keep your eyes peeled for ‘Christine Qian’ and ‘her’ ilk.
In the end, while decentralized approaches to spam management are time consuming and annoying, they are probably better than centralized systems would be. With the latter, there is always the danger of the wholesale manipulation and censorship of what is able to find its way online, or be transmitted across the web.
A closer look at the War Museum controversy
Still pondering the controversy about the display in the Canadian War Museum, I decided to go have a look at it first-hand. On the basis of what I saw, I am even more convinced that the display is fair and balanced, and that it should not be altered in response to pressure from veterans.
Here, you can see the panel in question in its immediate surroundings:
This is one small part of a large area discussing the air component of the Second World War. A shot with a narrower field of view shows the controversial panel itself more clearly:
Here is a large close-up shot of the panel text. Nearby, a more prominent panel stresses the deaths of Canadian aircrew and the degree to which aerial bombing “damaged essential elements of the German war effort.” This alternative panel is located right at the entrance to this section of the museum.
If anyone wishes to comment to the museum staff, I recommend emailing or calling Dr. Victor Rabinovitch, the President and CEO. His contact information, along with that of other members of the museum directorate, is available on this page.
Random numbers
Truly random numbers are hard to find, as patterns tend to abound everywhere. This is problematic, because there are times when a completely random string of digits is necessary: whether you are choosing the winner of a raffle or generating the one-time pad that secures the line from the White House to the Kremlin.
Using random radio crackle, random.org promises to deliver random data in a number of convenient formats (though one should be naturally skeptical about the security of such services). Another page, by Jon Callas, provides further information on why random numbers are both necessary and surprisingly tricky to get.
This comic amusingly highlights another aspect of the issue.
Encrypting personal communication
Personal use of encrypted communication is yet another example of so-called ‘network effects.’ (These have been mentioned previously: 1, 2, 3.) The basic idea is that the more widespread certain technologies become, the more useful they are to everyone using them. The most commonly cited examples are telephones and fax machines; back when only a few people had them, they had limited utility. You would need alternative channels of communication and you would waste time deciding which one to use and exchanging instructions about that with other parties. Once telephones became ubiquitous, each one was a lot more powerful and convenient. The same can be said for email addresses.
Good free software exists that allows the encryption of emails at a level where it would challenge major organizations to read them. While this may not protect an individual message that falls under scrutiny, it changes the dynamic of the whole system. It is no longer possible to filter every email passing along a fibre-optic cable for certain keywords, for instance. You would need to crack every one of them first.
Making the transition to the routine use of encryption, however, requires more effort than the adoption of telephones or email. While those technologies were more convenient than their predecessors, encryption adds a layer of difficulty to communication. You need to have the required software, key pairs generated, and passphrases. It is possible to make mistakes and encrypt things such that you can never access them again.
As such, there is a double barrier to the adoption of widespread communication encryption: people must deal with the added difficulties involved in communicating in this way and with the problem that hardly anyone uses such systems now. If there is nobody out there with whom you can exchange PGP encrypted messages, you aren’t too likely to bother with acquiring and using the software. It is entirely possible that those two constraints will prevent widespread adoption for the foreseeable future.
One nice exception to this rule is Skype. Users may not know it, but calls made over Skype are transmitted in encryption form, very considerably increasing the difficulty of intercepting them. The fact that users do not know this is happening greatly increases the level of usage (you cannot avoid using it). While such systems may well not be as secure as explicit encryption efforts undertaken by senders and recipients, they may be a useful way to increase overall adoption of privacy technology. Such ‘invisible encryption’ could also be usefully incorporated into stores of personal data, such as the contents of GMail accounts.
PS. For anyone who decides to give PGP a try, my public key is available here.
Footprints all over the web – Google Web History
When I am online, I usually have at least one Google service open. At home, I usually have a Google Mail window open at all times, as well as Google Calendar. At work, it is only the latter. What I didn’t know until today is that whenever you are logged into your Google account, Google is tracking your web usage through a system called Web History. Accessing the system allows you to ‘pause’ the recording and even delete what is already there. While the listings disappear from your screen, there is good reason to doubt whether they vanish from Google’s records.
It is common knowledge that Google saves every search query that gets input into it, and does so in a way that can be linked to an individual computer. The web history service, however, has more troubling implications. Whether you are at work, at home, or at an internet cafe, you just need to be logged into any Google service for it to be operating. Since more than one computer can be logged into a Google account at once, and there is no indication on either machine that this is happening, anybody who gets your password can monitor your web usage, as well as your email and any other Google services you use. Given how common keyloggers have become, this should worry people.
One very helpful feature Google could implement would be the option to show when and where you last logged into your account. That way, if someone has been peeking at your email from London while you have been in Seattle, you know that it may be time to change your password. Also desirable, but much less likely to happen, would be a requirement that services like GMail store your information as an encrypted archive. Even if the encryption was based on your password and a relatively weak cipher, it would make it impractical for either Google or malicious agents with access to their information storage systems to undertake the wholesale mining of the information therein.
The final reason for which this is concerning has to do with cooperation between companies and governments. It is widely rumoured that companies including Microsoft and Yahoo have helped the Chinese government to track down and prosecute dissidents, by turning over electronic records held outside China. Given the increasingly bold snooping of both democratic and authoritarian governments, a few more layers of durable protection built into the system would be prudent and encouraging.
Sunday cipher
This is the easiest cipher I have posted so far.
The Code Book
Simon Singh’s The Code Book proves, once again, that he is a superlatively skilled writer on technical and scientific subjects. Thanks to his book, I now actually understand how Enigma worked and how it was broken: likewise, the Vigenere Cipher that has been built into this site for so long. This book manages to capture both major reasons for which cryptography is so fascinating: the technical aspects, centred around the ingenuity of the methods themselves, and the historical dramas connected, from the execution of Mary Queen of Scots to the use of ULTRA intelligence during the Second World War.
Anybody who has any interest in code-making or code-breaking should read this book, unless they already know so much about the subject as to make Singh’s clear and comprehensible explanations superfluous. Even then, it may arm them with valuable tools for explaining interesting concepts to the less well initiated.
At the end of the book is a series of ten ciphers for the reader to break. Originally, there was a £15,000 prize for the first person to crack the lot. Now, they exist for the amusement of amateur cryptologists. I doubt very much I will get through all ten, but I am giving it a try. The first ciphertext is on his website and is helpfully labeled ‘Simple Monoalphabetic Substitution Cipher.’ I expect to crack it quickly.
M’s PL, XII
(220), (210), (241), (310), (250)
(350), (380), (317), (271), (346)
(222+1), (212), (302), (258), (280)
(127), (100), (556), (452+1), (599)
(621), (633), (590), (392), (387)
(414), (423), (539), (572), (157)
(142), (128), (189), (529+2), (412)
(361+1), (351), (200), (229), (174)
(409), (440), (594), (532), (539)
(608), (259+1), (310), (271), (100)
(143), (98), (478), (530), (599)
(369+1), (343), (321), (370), (375)
(389), (413), (530), (58), (79)
(33), (87), (211+1), (251), (346)
(556), (608), (631), (640), (546)
(579), (549), (492), (481), (429)
(336), (387), (442+1), (219), (213)
(439), (450), (551), (632), (245)
(396+1), (589), (539), (418), (499)
(422), (460+2)
Hint: second Beale cipher.