Phone hacking

There is an excellent article from Light Blue Touchpaper about securing information (just in case you don’t get the delicate joke: Cambridge’s colour is light blue, as opposed to Oxford’s true blue; and of course “light the blue touch paper” is on the instructions of fireworks).

Part of it is just the obvious problems – people no changing their default PINs – and part more disturbing – the lack of ethics amongst a section of journalism, and more importantly the corruption of the police. And I could rant about how rubbish banks etc. are about their ridiculous phone “security”. But the more interesting bit is about designing the infrastructure to make this harder. I could talk about that I suppose but you’re better off reading LBT.

[Pulled to the top again because of the ZOMG news. Plod has pulled in Wade – but is this plod finally showing some backbone, or merely trying to look good, or just more collusion with the journo’s: where better to be at this point with a Parliamentary inquiry on Tuesday looming than snug and warm in custody, happily shielded from embarrassing questions? Big Plod has gone too – but of course saying he had done nothing wrong, ho ho.]

[Update: not-quite-so-big Plod has gone too. Unlike Big Plod, who pronounced himself totally innocent of any conceivable offense, nqsb Plod is silent so far, and “Mr Yates’s resignation came after he was informed he would be suspended pending an inquiry into his relationship with Mr Wallis.” [Updated: when will I learn to take copies? I think the Beeb have silently updated their report. Anyway, predictably enough nqsb Plod has declared himself entirely innocent, quelle surprise: “He said his conscience was clear”.]

[The picture is totally irrelevant, if you were wondering, and is from Early Warning]

SB out(r)age update

ScienceBlogs say they’ve upgraded their Rackspace package in a hyper-whizzy way, which is supposed to have fixed all the problems with IP blocking.

If you’re still having trouble, err, and can’t read this message, err… ahem, or perhaps you have a friend, yes that’s right, or maybe you can read this from work or not from home, anyway, please mail the failing IP to webmaster@scienceblogs.com.

Apologies for all the inconvenience. When/if I ever work out exactly what was going wrong, I’ll let you know.

[Update: I’m pleased to say that I at least can now read / write SB from home.]

Refs

* My nipples explode with delight (me, when I didn’t know what was going on)
* On the DDOS attack on Scienceblogs (Tim Lambert, who after all is a CompSci and all to understand all this blather)

Bruce Schneier knows Victoria’s Secret

Or, more oddities in the Cyberwar stakes. I can’t help thinking that the cyberwar stuff, much like conventional terrorism, is vastly overblown as a threat to national security, or indeed anything. A case in point is the normally very sensible Bruce Schneier with a short recommendation of a New Yorker piece about the crashing of a EP-3E Aries II in 2001 in China.

So, to recap: the pane is monitoring Chinese comms, crashes, and so is physcially in the hands of the Evil Hordes of Fu Manchu who naturally take it to pieces. Apparently this included operating system created and controlled by the N.S.A., and the drivers needed to monitor encrypted Chinese radar, voice, and electronic communications

Certainly, from the reports, it appears that whoever spend zillions of dollars on this expensive system failed to think of the possbility of it falling into enemy hands, and the cunning plan to destroy sensitive instruements in the event of capture was to pour coffee on them. This is imbecility of such a high order that only military intelligence could have done it.

But more than that, the NY gushes that the Chinks were

reverse-engineering the plane’s N.S.A.-supplied operating system… Mastering it would give China a road map for decrypting the Navy’s classified intelligence and operational data.

But… why? Surely even people as dumb as military intelligence wouldn’t be putting whatever Sekrit encryption system they use for their own data into a plane they are flying over mainland China? What would be the point? The plane, after all, is gathering a pile of Evil Empire data. That data doesn’t need any specially strong encryption. And even if it did: why would disclosure of the encryption method matter? Just because I lose my PGP password doesn’t make anyone else’s PGP-ed data any less secure. And anyway, the intelligance gathering only needs *en*cryption not *de*cryption.

The NY piece goes on to directly state that whatever came out of this plane allowed the Chinese to decrypt US secrets a few years alter, and that makes absolutely no sense whatsoever.

The only sensible thing in the entire piece appears to be a comment by Brian W. Point 3 of that comment makes some kind of sense – just possibly, the crypto keys are buried in some hardware (not that the NY article mentions this possibility). But but but – still, why? Perhaps, not to save the intercept data but to communicate back to base? But even then, were that so, you’d know that was the bit you had to destroy.

None of this makes any sense – apologies if I’ve been a bit incoherent here but the NY piece seems so obviously nonsensical that it is hard to know where to start.

Publishing code

Nick Barnes has an excellent opinion piece in Nature. And the comments are good too. There is a comment-on-the-piece by Anthony Fejes which I think is less good: too much like the kind of people who put you off cycling by insisting you have to wear a cycle helmet or walk. And you should read Nick’s follow up a CCC.

I’ve decided that I agree with Nick’s overall argument: yes you should publish your code. Which means, everything that is yours, including the little fiddly bits. Even if no-one will understand them. Even if people will deliberately misunderstand them.
Continue reading “Publishing code”

New watch

I have a funky new watch, a Garmin Forerunner 110. It lets me do kewl stuff like:

lunch-run-mcp

although you only get that after post-processing, of course. In fact I haven’t even worked out how to make it work like a GPS when running, i.e. display lat/long or grid refs. Nor have I worked out how to persuade the stupid post-processing software to give me mph instead of mins/mile like all the hard-core runners want, pah. But the upload-from-watch (via the provided nipple clamp) to-web-and-graph is impressively smooth and painless.

You’re fascinated – I know – so let me tell you that we did two laps: the first, slow, included the lake. The second was faster. And then at the red line I ran a bit faster back to the mothership. The heartrate peak of ~180 is when I sprinted up the A14 bridge.

[Update: give me mph instead of mins/mile – well, it has now swapped to mph, which is good, but I don’t know why, which is less good -W]

[Update: twice now the watch has frozen / locked up on me, both times when attaching it to the computer: I think it happens when you don’t get the clamp on quite correctly and it briefly connects / disconnects. If that happens, you have to reset it by pressing the “light” button for ~7 secs. But you lose all your data. Others have the same problem. Possibly press and hold Lap/Reset and the Light buttons simultaneously may be a better way of resetting.

Update on that: the problem mostly occurs if you *haven’t* “reset” the activity before trying to upload – somehow it can’t cope. So always remember to do that first.]

[Update: I’ve realised something about the tracking / recording, prompted by DHW: that although the max sample rate appears to be every-5-sec (and this isn’t configurable), it will drop samples that are “uninteresting” if it wants to. In particular, if you are erging, so the position is constant, it will quite likely not record many heart rate samples. The only solution I’ve found it to keep the watch on your wrist to generate movement and hence more logging.

Another whinge while I’m here: there is no “turn the light on and keep it on” mode, which would be useful for night time outings.]

Some links

More boring links blogs stuff. But just for once I do actually have something else to say, so I’ll try to clear this out asap.

* Do you need context to understand the CRU emails? Or can they be understood on their own? An analysis. No prizes for guessing the answer. But links to…
* The secret life of bugs which is a fun analysis of how much could you understand bugs from what was recorded about them? Answer, often not much. Mind you, some of the stuff in there is weird – how does The missing link to source code change-sets is one of the most problematic omissions. For the last bug of 70% of our survey respondents, the fix involved committing code to a repository. But 23% of those cases had no link from the bug record to the source make any sense in a sane system?
* Meanwhile, JA puts us all to shame by doing some science: “Assessing the consistency between short-term global temperature trends in observations and climate model projections”. Lots of comments there. Possibly addressing some of JC/KK’s “tribalism” problems.

Wireless mice and google buzz

Google has signed me up to their “buzz”, which seems to be like facebook but with fewer people and no silly games. This link might work, or it might not. Who knows. Is it any use? I don’t know.

Which brings me on to wireless mice. I’ve had a lot of trouble with my wireless connection over the past couple of weeks, and very annoying it is too. Eventually I realised that this coincided with Miriam buying a wireless mouse. And sure enough, now I’ve turned the silly thing off things are much better. This seems really dumb: everyone is going to want to use both together. She should have got a bluetooth one :-).