technology

IE unsafe 98% of the time

security, technology / /

From Noam Eppel’s “Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security“:

The security company Scanit recently conducted a survey which tracked three web browsers (MSIE, Firefox, Opera) in 2004 and counted which days they were “known unsafe.” Their definition of “known unsafe”: a remotely exploitable security vulnerability had been publicly announced and no patch was yet available. Microsoft Internet Explorer, which is the most popular browser in use today and installed by default on most Windows-based computers, was 98% unsafe. Astonishingly, there were only 7 days in 2004 without an unpatched publicly disclosed security hole. Read that last sentence again if you have to.

IE unsafe 98% of the time Read More »

Even worse spam is coming

business, security, technology / /

From Spam Daily News’s “Spam zombies from outer space“:

Spammers could soon use zombie computers in a totally new way. Infected computers could run programs that spy into a person’s email, mine it for information, and generate realistic-looking replies.

John Aycock, an assistant professor of computer science at the University of Calgary, and his student Nathan Friess conducted new research that shows it is possible to create a new type of spam that would likely bypass even the best spam filters and trick experienced computer users who would normally delete suspicious email messages.

There are two key reasons why spam is suspicious to anti-spam filters and human targets alike. First, it often comes from an unrecognized source. Second, it doesn’t look right.

The evolution of spam zombies will change this. These new zombies will mine corpora of email they find on infected machines, using this data to automatically forge and send improved, convincing spam to others.

The next generation of spam could be sent from your friends’ and colleagues’ email addresses – and even mimic patterns that mark their messages as their own (such as common abbreviations, misspellings, capitalization, and personal signatures) – making you more likely to click on a Web link or open an attachment.

What features can be easily extracted from an email corpus? There are four categories:

1. Email addresses. The victim’s email address and any other email aliases they have can be extracted, as can the email addresses of people with whom the victim corresponds.

2. Information related to the victim’s email program and its configuration. For example, the User-Agent, the message encoding as text and/or HTML, automatically-appended signature file, the quoting style used for replies and forwarded messages, etc.

3. Vocabulary. The normal vocabulary used by the victim and the people with whom they correspond.

4. Email style.

  • Line length, as some people never break lines;
  • Capitalization, or lack thereof;
  • Manually-added signatures, often the victim’s name;
  • Abbreviations, e.g., “u” for “you”;
  • Misspellings and typos;
  • Inappropriate synonyms, e.g., “there” instead of “their”;
  • Replying above or below quoted text in replies.

Even worse spam is coming Read More »

The Flash Worm, AKA the Warhol Worm

security, technology / /

From Noam Eppel’s “Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security“:

In 2001, the infamous Code Red Worm was infecting a remarkable 2,000 new hosts each minute. Nick Weaver at UC Berkeley proposed the possibility of a “Flash Worm” which could spread across the Internet and infect all vulnerable servers in less than 15 minutes. A well engineered flash worm could spread worldwide in a matter of seconds.

The Flash Worm, AKA the Warhol Worm Read More »

A technical look at the Morris Worm of 1988

security, technology / /

From Donn Seeley’s “The Internet Worm of 1988: A Tour of the Worm“:

November 3, 1988 is already coming to be known as Black Thursday. System administrators around the country came to work on that day and discovered that their networks of computers were laboring under a huge load. If they were able to log in and generate a system status listing, they saw what appeared to be dozens or hundreds of “shell” (command interpreter) processes. If they tried to kill the processes, they found that new processes appeared faster than they could kill them. Rebooting the computer seemed to have no effect within minutes after starting up again, the machine was overloaded by these mysterious processes.

… The worm had taken advantage of lapses in security on systems that were running 4.2 or 4.3 BSD UNIX or derivatives like SunOS. These lapses allowed it to connect to machines across a network, bypass their login authentication, copy itself and then proceed to attack still more machines. The massive system load was generated by multitudes of worms trying to propagate the epidemic. …

The worm consists of a 99-line bootstrap program written in the C language, plus a large relocatable object file that comes in VAX and Sun-3 flavors. …

The activities of the worm break down into the categories of attack and defense. Attack consists of locating hosts (and accounts) to penetrate, then exploiting security holes on remote systems to pass across a copy of the worm and run it. The worm obtains host addresses by examining the system tables /etc/hosts.equiv and /.rhosts, user files like .forward and. rhosts, dynamic routing information produced by the netstat program, and finally randomly generated host addresses on local networks. It ranks these by order of preference, trying a file like /etc/hosts.equiv first because it contains names of local machines that are likely to permit unauthenticated connections. Penetration of a remote system can be accomplished in any of three ways. The worm can take advantage of a bug in the finger server that allows it to download code in place of a finger request and trick the server into executing it. The worm can use a “trap door” in the sendmail SMTP mail service, exercising a bug in the debugging code that allows it to execute a command interpreter and download code across a mail connection. If the worm can penetrate a local account by guessing its password, it can use the rexec and rsh remote command interpreter services to attack hosts that share that account. In each case the worm arranges to get a remote command interpreter which it can use to copy over, compile and execute the 99-line bootstrap. The bootstrap sets up its own network connection with the local worm and copies over the other files it needs, and using these pieces a remote worm is built and the infection procedure starts over again. …

When studying a tricky program like this, it’s just as important to establish what the program does not do as what it does do. The worm does not delete a system’s files: it only removes files that it created in the process of bootstrapping. The program does not attempt to incapacitate a system by deleting important files, or indeed any files. It does not remove log files or otherwise interfere with normal operation other than by consuming system resources. The worm does not modify existing files: it is not a virus. The worm propagates by copying itself and compiling itself on each system; it does not modify other programs to do its work for it. Due to its method of infection, it can’t count on sufficient privileges to be able to modify programs. The worm does not install trojan horses: its method of attack is strictly active, it never waits for a user to trip over a trap. Part of the reason for this is that the worm can’t afford to waste time waiting for trojan horses-it must reproduce before it is discovered. Finally, the worm does not record or transmit decrypted passwords: except for its own static list of favorite passwords, the worm does not propagate cracked passwords on to new worms nor does it transmit them back to some home base. This is not to say that the accounts that the worm penetrated are secure merely because the worm did not tell anyone what their passwords were, of course-if the worm can guess an account’s password, certainly others can too. The worm does not try to capture superuser privileges: while it does try to break into accounts, it doesn’t depend on having particular privileges to propagate, and never makes special use of such privileges if it somehow gets them. The worm does not propagate over uucp or X.25 or DECNET or BITNET: it specifically requires TCP/IP. The worm does not infect System V systems unless they have been modified to use Berkeley network programs like sendmail, fingerd and rexec.

A technical look at the Morris Worm of 1988 Read More »

Paul Graham’s lessons for startups

business, technology / /

From Paul Graham’s “The Hardest Lessons for Startups to Learn“:

1. Release Early.

The thing I probably repeat most is this recipe for a startup: get a version 1 out fast, then improve it based on users’ reactions.

By “release early” I don’t mean you should release something full of bugs, but that you should release something minimal. Users hate bugs, but they don’t seem to mind a minimal version 1, if there’s more coming soon. …

I’ve seen a lot of startups die because they were too slow to release stuff, and none because they were too quick. …

Even if you had no users, it would still be important to release quickly, because for a startup the initial release acts as a shakedown cruise. If anything major is broken– if the idea’s no good, for example, or the founders hate one another– the stress of getting that first version out will expose it. And if you have such problems you want to find them early.

Perhaps the most important reason to release early, though, is that it makes you work harder. When you’re working on something that isn’t released, problems are intriguing. In something that’s out there, problems are alarming. There is a lot more urgency once you release. And I think that’s precisely why people put it off. They know they’ll have to work a lot harder once they do.

2. Keep Pumping Out Features.

Of course, “release early” has a second component, without which it would be bad advice. If you’re going to start with something that doesn’t do much, you better improve it fast. …

By “feature” I mean one unit of hacking — one quantum of making users’ lives better.

As with exercise, improvements beget improvements. … You should make your system better at least in some small way every day or two.

… Users love a site that’s constantly improving. In fact, users expect a site to improve. …

They’ll like you even better when you improve in response to their comments, because customers are used to companies ignoring them. If you’re the rare exception — a company that actually listens — you’ll generate fanatical loyalty. You won’t need to advertise, because your users will do it for you. …

If your product seems finished, there are two possible explanations: (a) it is finished, or (b) you lack imagination. Experience suggests (b) is a thousand times more likely.

3. Make Users Happy.

Improving constantly is an instance of a more general rule: make users happy. One thing all startups have in common is that they can’t force anyone to do anything. They can’t force anyone to use their software, and they can’t force anyone to do deals with them. A startup has to sing for its supper. That’s why the successful ones make great things. They have to, or die.

When you’re running a startup you feel like a little bit of debris blown about by powerful winds. The most powerful wind is users. They can either catch you and loft you up into the sky, as they did with Google, or leave you flat on the pavement, as they do with most startups. Users are a fickle wind, but more powerful than any other. If they take you up, no competitor can keep you down. …

The median visitor will arrive with their finger poised on the Back button. …

There are two things you have to do to make people pause. The most important is to explain, as concisely as possible, what the hell your site is about. … A startup should be able to explain in one or two sentences exactly what it does. … You probably shouldn’t even start a company to do something that can’t be described compellingly in one or two sentences.

The other thing I repeat is to give people everything you’ve got, right away. If you have something impressive, try to put it on the front page, because that’s the only one most visitors will see. Though indeed there’s a paradox here: the more you push the good stuff toward the front, the more likely visitors are to explore further. …

The industry term here is “conversion.” The job of your site is to convert casual visitors into users …

4. Fear the Right Things.

Another thing I find myself saying a lot is “don’t worry.” Actually, it’s more often “don’t worry about this; worry about that instead.” Startups are right to be paranoid, but they sometimes fear the wrong things. …

What you should fear, as a startup, is not the established players, but other startups you don’t know exist yet. They’re way more dangerous than Google because, like you, they’re cornered animals.

Looking just at existing competitors can give you a false sense of security. You should compete against what someone else could be doing, not just what you can see people doing. A corollary is that you shouldn’t relax just because you have no visible competitors yet. No matter what your idea, there’s someone else out there working on the same thing. …

And in any case, competitors are not the biggest threat. Way more startups hose themselves than get crushed by competitors. There are a lot of ways to do it, but the three main ones are internal disputes, inertia, and ignoring users. Each is, by itself, enough to kill you. But if I had to pick the worst, it would be ignoring users. If you want a recipe for a startup that’s going to die, here it is: a couple of founders who have some great idea they know everyone is going to love, and that’s what they’re going to build, no matter what.

Almost everyone’s initial plan is broken. If companies stuck to their initial plans, Microsoft would be selling programming languages, and Apple would be selling printed circuit boards. In both cases their customers told them what their business should be — and they were smart enough to listen. …

5. Commitment Is a Self-Fulfilling Prophecy.

I now have enough experience with startups to be able to say what the most important quality is in a startup founder, and it’s not what you might think. The most important quality in a startup founder is determination. Not intelligence — determination. …

Time after time VCs invest in startups founded by eminent professors. This may work in biotech, where a lot of startups simply commercialize existing research, but in software you want to invest in students, not professors. Microsoft, Yahoo, and Google were all founded by people who dropped out of school to do it. What students lack in experience they more than make up in dedication. …

In a startup, there’s always some disaster happening. So if you’re the least bit inclined to find an excuse to quit, there’s always one right there. …

You have to be the right kind of determined, though. I carefully chose the word determined rather than stubborn, because stubbornness is a disastrous quality in a startup. You have to be determined, but flexible …

6. There Is Always Room.

… There is always room for new stuff. At every point in history, even the darkest bits of the dark ages, people were discovering things that made everyone say “why didn’t anyone think of that before?” …

The reason we don’t see the opportunities all around us is that we adjust to however things are, and assume that’s how things have to be. …

So for all practical purposes, there is no limit to the number of startups. Startups make wealth, which means they make things people want, and if there’s a limit on the number of things people want, we are nowhere near it. …

7. Don’t Get Your Hopes Up.

Startup founders are naturally optimistic. They wouldn’t do it otherwise. But you should treat your optimism the way you’d treat the core of a nuclear reactor: as a source of power that’s also very dangerous. You have to build a shield around it, or it will fry you.

The shielding of a reactor is not uniform; the reactor would be useless if it were. It’s pierced in a few places to let pipes in. An optimism shield has to be pierced too. I think the place to draw the line is between what you expect of yourself, and what you expect of other people. It’s ok to be optimistic about what you can do, but assume the worst about machines and other people. …

Shielding your optimism is nowhere more important than with deals. If your startup is doing a deal, just assume it’s not going to happen. The VCs who say they’re going to invest in you aren’t. The company that says they’re going to buy you isn’t. The big customer who wants to use your system in their whole company won’t. Then if things work out you can be pleasantly surprised.

The reason I warn startups not to get their hopes up is not to save them from being disappointed when things fall through. It’s for a more practical reason: to prevent them from leaning their company against something that’s going to fall over, taking them with it.

For example, if someone says they want to invest in you, there’s a natural tendency to stop looking for other investors. That’s why people proposing deals seem so positive: they want you to stop looking. And you want to stop too, because doing deals is a pain. Raising money, in particular, is a huge time sink. So you have to consciously force yourself to keep looking. …

VCs and corp dev guys are professional negotiators. They’re trained to take advantage of weakness. [8] So while they’re often nice guys, they just can’t help it. And as pros they do this more than you. So don’t even try to bluff them. The only way a startup can have any leverage in a deal is genuinely not to need it. And if you don’t believe in a deal, you’ll be less likely to depend on it. …

The way to succeed in a startup is to focus on the goal of getting lots of users, and keep walking swiftly toward it while investors and acquirers scurry alongside trying to wave money in your face. …

Paul Graham’s lessons for startups Read More »

Brin’s Transparent Society explained, briefly

commonplace book, security, tech in changing society, technology / /

From Technology Review‘s “Big Brother Logs On“:

In his 1998 book The Transparent Society, which is well known in the privacy advocacy community, science fiction author and technology watcher David Brin argues that society inevitably will have to choose between two versions of ubiquitous surveillance: in one, only the rich and powerful use and control the system to their own advantage; in the second, more democratic future, the watchers can also be watched. Brin concedes that the latter version would mean everybody’s laundry hung out in public view, but the transparency would at least be mutual. Rent a porn video and your wife knows it; but if she drives to your best buddy’s house four times a week while you’re at the office, you’ll know that also.

Brin’s Transparent Society explained, briefly Read More »

Surveillance tools to detect drowning swimmers

security, tech in changing society, technology / /

From Technology Review‘s “Big Brother Logs On“:

Consider the benefits of the “computer-aided drowning detection and prevention” system that Boulogne, France-based Poseidon Technologies has installed in nine swimming pools in France, England, the Netherlands and Canada. In these systems, a collection of overhead and in-pool cameras relentlessly monitors pool activity. The video signals feed into a central processor running a machine perception algorithm that can effectively spot when active nonwater objects, such as swimmers, become still for more than a few seconds. When that happens, a red alarm light flashes at a poolside laptop workstation and lifeguards are alerted via waterproof pagers. Last November, a Poseidon system at the Jean Blanchet Aquatic Center in Ancenis, Loire-Atlantique, France, alerted lifeguards in time to rescue a swimmer on the verge of drowning. Pulled from the water unconscious, the swimmer walked away from a hospital the next day.

Surveillance tools to detect drowning swimmers Read More »

CCTV in the UK deters crime

law, security, tech in changing society, technology / /

From Technology Review‘s “Big Brother Logs On“:

In many ways, the drama of pervasive surveillance is being played out first in Orwell’s native land, the United Kingdom, which operates more closed-circuit cameras per capita than any other country in the world. This very public surveillance began in 1986 on an industrial estate near the town of King’s Lynn, approximately 100 kilometers north of London. Prior to the installation of three video cameras, a total of 58 crimes had been reported on the estate. None was reported over the next two years. In 1995, buoyed by that success, the government made matching grants available to other cities and towns that wanted to install public surveillance cameras – and things took off from there. …

And not many argue about surveillance’s ability to deter crime. Recent British government reports cite closed-circuit TV as a major reason for declining crime rates. After these systems were put in place, the town of Berwick reported that burglaries fell by 69 percent; in Northampton overall crime decreased by 57 percent; and in Glasgow, Scotland, crime slumped by 68 percent. Public reaction in England has been mixed, but many embrace the technology. …

CCTV in the UK deters crime Read More »

From P2P to social sharing

business, law, social software, tech in changing society, technology / /

From Clay Shirky’s “File-sharing Goes Social“:

The RIAA has taken us on a tour of networking strategies in the last few years, by constantly changing the environment file-sharing systems operate in. In hostile environments, organisms often adapt to become less energetic but harder to kill, and so it is now. With the RIAA’s waves of legal attacks driving experimentation with decentralized file-sharing tools, file-sharing networks have progressively traded efficiency for resistance to legal attack. …

There are several activities that are both illegal and popular, and these suffer from what economists call high transaction costs. Buying marijuana involves considerably more work than buying roses, in part because every transaction involves risk for both parties, and in part because neither party can rely on the courts for redress from unfair transactions. As a result, the market for marijuana today (or NYC tattoo artists in the 1980s, or gin in the 1920s, etc) involves trusted intermediaries who broker introductions.

These intermediaries act as a kind of social Visa system; in the same way a credit card issuer has a relationship with both buyer and seller, and an incentive to see that transactions go well, an introducer in an illegal transaction has an incentive to make sure that neither side defects from the transaction. And all parties, of course, have an incentive to avoid detection. …

There are many ways to move to such membrane-bounded systems, of course, including retrofitting existing networks to allow sub-groups with controlled membership (possibly using email white-list or IM buddy-list tools); adopting any of the current peer-to-peer tools designed for secure collaboration (e.g. Groove, Shinkuro, WASTE etc); or even going to physical distribution. As Andrew Odlyzko has pointed out, sending disks through the mail can move enough bits in a 24 hour period to qualify as broadband, and there are now file-sharing networks whose members simply snail mail one another mountable drives of music. …

The disadvantage of social sharing is simple — limited membership means fewer files. The advantage is equally simple — a socially bounded system is more effective than nothing, and safer than Kazaa. …

From P2P to social sharing Read More »

The value of Group-Forming Networks

commonplace book, social software, technology / /

From David P. Reed’s “That Sneaky Exponential – Beyond Metcalfe’s Law to the Power of Community Building“:

Bob Metcalfe, inventor of the Ethernet, is known for pointing out that the total value of a communications network grows with the square of the number of devices or people it connects. This scaling law, along with Moore’s Law, is widely credited as the stimulus that has driven the stunning growth of Internet connectivity. Because Metcalfe’s law implies value grows faster than does the (linear) number of a network’s access points, merely interconnecting two independent networks creates value that substantially exceeds the original value of the unconnected networks. …

But many kinds of value are created within networks. While many kinds of value grow proportionally to network size and some grow proportionally to the square of network size, I’ve discovered that some network structures create total value that can scale even faster than that. Networks that support the construction of communicating groups create value that scales exponentially with network size, i.e. much more rapidly than Metcalfe’s square law. I will call such networks Group-Forming Networks, or GFNs. …

What kind of value are we talking about, when we say the value of a network scales as some function of size? The answer is the value of potential connectivity for transactions. That is, for any particular access point (user), what is the number of different access points (users) that can be connected or reached for a transaction when the need arises. …

The value of potential connectivity is the value of the set of optional transactions that are afforded by the system or network. …

Metcalfe’s law, simply derived, says that if you build a network so that any customer can choose to transact with any other customer, the number of potential connections each of the N customers can make is (N-1), giving a total number of potential connections as N(N-1) or N2-N. Assuming each potential connection is worth as much as any other, the value to each user depends on the total size of the network, and the total value of potential connectivity scales much faster than the size of the network, proportional to N2. …

In networks like the Internet, Group Forming Networks (GFNs) are an important additional kind of network capability. A GFN has functionality that directly enables and supports affiliations (such as interest groups, clubs, meetings, communities) among subsets of its customers. Group tools and technologies (also called community tools) such as user-defined mailing lists, chat rooms, discussion groups, buddy lists, team rooms, trading rooms, user groups, market makers, and auction hosts, all have a common theme—they allow small or large groups of network users to coalesce and to organize their communications around a common interest, issue, or goal. Sadly, the traditional telephone and broadcast/cable network frameworks provide no support for groups. …

What we see, then, is that there are really at least three categories of value that networks can provide: the linear value of services that are aimed at individual users, the “square” value from facilitating transactions, and exponential value from facilitating group affiliations. What’s important is that the dominant value in a typical network tends to shift from one category to another as the scale of the network increases. Whether the growth is by incremental customer additions, or by transparent interconnection, scale growth tends to support new categories of killer apps, and thus new competitive games. …

What’s important in a network changes as the network scale shifts. In a network dominated by linear connectivity value growth, “content is king.” That is, in such networks, there is a small number of sources (publishers or makers) of content that every user selects from. The sources compete for users based on the value of their content (published stories, published images, standardized consumer goods). Where Metcalfe’s Law dominates, transactions become central. The stuff that is traded in transactions (be it email or voice mail, money, securities, contracted services, or whatnot) are king. And where the GFN law dominates, the central role is filled by jointly constructed value (such as specialized newsgroups, joint responses to RFPs, gossip, etc.). …

I’d like to close with a speculative thought. As Francis Fukuyama argues in his book Trust, there is a strong correlation between the prosperity of national economies and social capital, which he defines culturally as the ease with which people in a particular culture can form new associations. There is a clear synergy between the sociability that Fukuyama discusses and the technology and tools that support GFNs-both are structural supports for association. As the scale of interaction grows more global via the Internet, isn’t it possible that a combination of social capital and GFN capital will drive prosperity to those who recognize the value of network structures that support free and responsible association for common purposes?

The value of Group-Forming Networks Read More »

What can we use instead of gasoline in cars?

politics, science, tech in changing society, technology / /

From Popular Mechanics‘ “How far can you drive on a bushel of corn?“:

It is East Kansas Agri-Energy’s ethanol facility, one of 100 or so such heartland garrisons in America’s slowly gathering battle to reduce its dependence on fossil fuels. The plant processes about 13 million bushels of corn to produce approximately 36 million gal. of ethanol a year. “That’s enough high-quality motor fuel to replace 55,000 barrels of imported petroleum,” the plant’s manager, Derek Peine, says. …

It takes five barrels of crude oil to produce enough gasoline (nearly 97 gal.) to power a Honda Civic from New York to California. …

Ethanol/E85

E85 is a blend of 85 percent ethanol and 15 percent gasoline. … A gallon of E85 has an energy content of about 80,000 BTU, compared to gasoline’s 124,800 BTU. So about 1.56 gal. of E85 takes you as far as 1 gal. of gas.

Case For: Ethanol is an excellent, clean-burning fuel, potentially providing more horsepower than gasoline. In fact, ethanol has a higher octane rating (over 100) and burns cooler than gasoline. However, pure alcohol isn’t volatile enough to get an engine started on cold days, hence E85. …

Cynics claim that it takes more energy to grow corn and distill it into alcohol than you can get out of the alcohol. However, according to the DOE, the growing, fermenting and distillation chain actually results in a surplus of energy that ranges from 34 to 66 percent. Moreover, the carbon dioxide (CO2) that an engine produces started out as atmospheric CO2 that the cornstalk captured during growth, making ethanol greenhouse gas neutral. Recent DOE studies note that using ethanol in blends lowers carbon monoxide (CO) and CO2 emissions substantially. In 2005, burning such blends had the same effect on greenhouse gas emissions as removing 1 million cars from American roads. …

One acre of corn can produce 300 gal. of ethanol per growing season. So, in order to replace that 200 billion gal. of petroleum products, American farmers would need to dedicate 675 million acres, or 71 percent of the nation’s 938 million acres of farmland, to growing feedstock. Clearly, ethanol alone won’t kick our fossil fuel dependence–unless we want to replace our oil imports with food imports. …

Biodiesel

Fuels for diesel engines made from sources other than petroleum are known as biodiesel. Among the common sources are vegetable oils, rendered chicken fat and used fry oil. …

Case For: Modern diesel engines can run on 100 percent biodiesel with little degradation in performance compared to petrodiesel because the BTU content of both fuels is similar–120,000 to 130,000 BTU per gallon. In addition, biodiesel burns cleaner than petrodiesel, with reduced emissions. Unlike petrodiesel, biodiesel molecules are oxygen-bearing, and partially support their own combustion.

According to the DOE, pure biodiesel reduces CO emissions by more than 75 percent over petroleum diesel. A blend of 20 percent biodiesel and 80 percent petrodiesel, sold as B20, reduces CO2 emissions by around 15 percent.

Case Against: Pure biodiesel, B100, costs about $3.50–roughly a dollar more per gallon than petrodiesel. And, in low temperatures, higher-concentration blends–B30, B100–turn into waxy solids and do not flow. Special additives or fuel warmers are needed to prevent fuel waxing. …

Electricity

Case For: Vehicles that operate only on electricity require no warmup, run almost silently and have excellent performance up to the limit of their range. Also, electric cars are cheap to “refuel.” At the average price of 10 cents per kwh, it costs around 2 cents per mile. …

A strong appeal of the electric car–and of a hybrid when it’s running on electricity–is that it produces no tailpipe emissions. Even when emissions created by power plants are factored in, electric vehicles emit less than 10 percent of the pollution of an internal-combustion car.

Case Against: Pure electric cars still have limited range, typically no more than 100 to 120 miles. In addition, electrics suffer from slow charging, which, in effect, reduces their usability….

And then there’s the environmental cost. Only 2.3 percent of the nation’s electricity comes from renewable resources; about half is generated in coal-burning plants.

Hydrogen

Hydrogen is the most abundant element on Earth, forming part of many chemical compounds. Pure hydrogen can be made by electrolysis–passing electricity through water. This liberates the oxygen, which can be used for many industrial purposes. Most hydrogen currently is made from petroleum.

Case For: Though hydrogen can fuel a modified internal-combustion engine, most see hydrogen as a way to power fuel cells to move cars electrically. The only byproduct of a hydrogen fuel cell is water.

Case Against: … And, despite the chemical simplicity of electrolysis, producing hydrogen is expensive and energy consuming. It takes about 17 kwh of electricity, which costs about $1.70, to make just 100 cu. ft. of hydrogen. That amount would power a fuel cell vehicle for about 20 miles.

What can we use instead of gasoline in cars? Read More »

Recover sounds from the ancient world

cool stuff, history, technology / /

From Christer Hamp’s “Archaeoacoustics“:

By archaeoacoustics I mean the recovery of sounds from the time before the invention of recording. This implies that such sounds would have been recorded inadvertently, while intending to do sometring else. Not much has been written about this subject and only very few experiments have been made, but I find the subject fascinating enough to dare the deep waters of the unproven and often scorned.

So far no ancient sound has been heard, and the experiments conducted have been attempts to reproduce the conditions at which such recordings would have been produced, successful attempts, according to the papers published.

What is probably the first publication on the subject appeared in 1969, when Richard G. Woodbridge, III related four experiments in a letter in the Proceedings of the IEEE1. In the first experiment, he could pick up the noise produced by the potter’s wheel from a pot, using a hand-held crystal cartridge (Astatic Corp. Model 2) with a wooden stylus, connected directly to a set of headphones. The second experiment yielded 60 Hz hum from the motor driving the potter’s wheel. More interesting were the following experiments, with a canvas being painted while exposed to sounds. In the third experiment the canvas was painted with a variety of different paints while exposed to martial music from loudspeakers. Some of the brush strokes had a striated appearance, and “short snatches of the music” could be indentified. For the fourth experiment, the painter spoke the word “blue” during a stroke of the brush, and after a long search the word could be heard again when stroking the canvas with the stylus.

Recover sounds from the ancient world Read More »

Malware focused on theft above all

law, security, tech in changing society, technology / /

From AFP’s “70 percent of malicious software aimed at theft: survey“:

Seventy percent of malicious software being circulated is linked to various types of cybercrime, a study by security firms Panda Software showed. …

The survey confirms a shift from several years ago, when malicious software was often aimed at garnering attention or exposing security flaws.

“Malware has become a took for generating financial returns,” the report said. …

About 40 percent of the problems detected by Panda was spyware, a type of malicious code designed for financial gain, primarily through collecting data on users’ Internet activities.

Another 17 percent was trojans, including “banker trojans” that steal confidential data related to bank services, others that download malicious applications onto systems.

Eight percent of the problems detected were “dialers,” malicious code that dials up premium-rate numbers without users’ knowledge; “bots,” a scheme involving the sale or rental of networks of infected computers, accounted for four percent of the total.

The e-mail worm, which was recently considered a major Internet threat, made up only four percent of the total.

Malware focused on theft above all Read More »

Clay Shirky on why the Semantic Web will fail

language & literature, tech in changing society, technology / /

From Clay Shirky’s “The Semantic Web, Syllogism, and Worldview“:

What is the Semantic Web good for?

The simple answer is this: The Semantic Web is a machine for creating syllogisms. A syllogism is a form of logic, first described by Aristotle, where “…certain things being stated, something other than what is stated follows of necessity from their being so.” [Organon]

The canonical syllogism is:

Humans are mortal
Greeks are human
Therefore, Greeks are mortal

with the third statement derived from the previous two.

The Semantic Web is made up of assertions, e.g. “The creator of shirky.com is Clay Shirky.” Given the two statements

– Clay Shirky is the creator of shirky.com
– The creator of shirky.com lives in Brooklyn

you can conclude that I live in Brooklyn, something you couldn’t know from either statement on its own. From there, other expressions that include Clay Shirky, shirky.com, or Brooklyn can be further coupled.

The Semantic Web specifies ways of exposing these kinds of assertions on the Web, so that third parties can combine them to discover things that are true but not specified directly. This is the promise of the Semantic Web — it will improve all the areas of your life where you currently use syllogisms.

Which is to say, almost nowhere. …

Despite their appealing simplicity, syllogisms don’t work well in the real world, because most of the data we use is not amenable to such effortless recombination. As a result, the Semantic Web will not be very useful either. …

In the real world, we are usually operating with partial, inconclusive or context-sensitive information. When we have to make a decision based on this information, we guess, extrapolate, intuit, we do what we did last time, we do what we think our friends would do or what Jesus or Joan Jett would have done, we do all of those things and more, but we almost never use actual deductive logic. …

Syllogisms sound stilted in part because they traffic in absurd absolutes. …

There is a list of technologies that are actually political philosophy masquerading as code, a list that includes Xanadu, Freenet, and now the Semantic Web. The Semantic Web’s philosophical argument — the world should make more sense than it does — is hard to argue with. The Semantic Web, with its neat ontologies and its syllogistic logic, is a nice vision. However, like many visions that project future benefits but ignore present costs, it requires too much coordination and too much energy to effect in the real world, where deductive logic is less effective and shared worldview is harder to create than we often want to admit.

Clay Shirky on why the Semantic Web will fail Read More »

The structure & meaning of the URL as key to the Web’s success

commonplace book, tech in changing society, technology / /

From Clay Shirky’s “The Semantic Web, Syllogism, and Worldview“:

The systems that have succeeded at scale have made simple implementation the core virtue, up the stack from Ethernet over Token Ring to the web over gopher and WAIS. The most widely adopted digital descriptor in history, the URL, regards semantics as a side conversation between consenting adults, and makes no requirements in this regard whatsoever: sports.yahoo.com/nfl/ is a valid URL, but so is 12.0.0.1/ftrjjk.ppq. The fact that a URL itself doesn’t have to mean anything is essential — the Web succeeded in part because it does not try to make any assertions about the meaning of the documents it contained, only about their location.

The structure & meaning of the URL as key to the Web’s success Read More »

The 1st software patent

business, history, law, tech in changing society, technology / /

From Robert X. Cringely’s “Patently Absurd: Why Simply Making Spam Illegal Won’t Work“:

Software patents have become inordinately important for something that 25 years ago we didn’t even believe could exist. After several software patent cases had gone unsuccessfully as far as the U.S. Supreme Court, the general thinking when I got in this business was that software could not be patented, only copyrighted. Like the words of a book, the individual characters of code could be protected by a copyright, and even the specific commands could be protected, but what couldn’t be protected by a copyright was the literal function performed by the program. There is no way that a copyright could protect the idea of a spreadsheet. Protecting the idea would have required a patent.

Then on May 26, 1981, after seven years of legal struggle, S. Pal Asija, a programmer and patent lawyer, received the first software patent for SwiftAnswer, a data retrieval program that was never heard from again and whose only historical function was to prove that all of the experts were wrong — software could be patented. Asija showed that when the Supreme Court had ruled against previous software patent efforts, it wasn’t saying that software was unpatentable, but that those particular programs weren’t patentable.

The 1st software patent Read More »

How patents ruined the Wright brothers

history, law, tech in changing society, technology / /

From Robert X. Cringely’s “Patently Absurd: Why Simply Making Spam Illegal Won’t Work“:

Nobody can deny that the Wright brothers were pioneers. Their use of a wind tunnel helped define the science of aerodynamics and had influence far beyond their time. But their secrecy and litigious nature held back the progress of flying, and eventually lost them their technical leadership. The Wrights flew in 1903. They made a small public announcement 100 years ago, then went silent until 1908 as they worked to solidify their patent position. While they continued to fly from pastures around Dayton, Ohio, the brothers generally did so in secret, waiting for patents to be issued.

When the Wrights finally appeared in public again five years later, first in Washington, DC, and later in France, the performance of their aircraft still astounded the world. But that was it. Once the brothers filed a patent infringement suit against rival Glenn Curtiss, their attention was totally turned to litigation and their aeronautical progress stopped. Curtiss and Wright eventually merged and built aircraft into the 1940s, but the creative energy by that time was all from Curtiss. By then, Wilbur had died and Orville was best known as the man who signed every pilot license. Though their patent was upheld, they didn’t in any sense control the industry they had invented.

How patents ruined the Wright brothers Read More »

OmniPerception = facial recognition + smart card

security, tech in changing society, technology / /

From Technology Review‘s’ “Face Forward“:

To get around these problems, OmniPerception, a spinoff from the University of Surrey in England, has combined its facial-recognition technology with a smart-card system. This could make face recognition more robust and better suited to applications such as passport authentication and building access control, which, if they use biometrics at all, rely mainly on fingerprint verification, says David McIntosh, the company’s CEO. With OmniPerception’s technology, an image of a person’s face is verified against a “facial PIN” carried on the card, eliminating the need to search a central database and making the system less intimidating to privacy-conscious users. …

OmniPerception’s technology creates a PIN about 2,500 digits long from its analysis of the most distinctive features of a person’s face. The number is embedded in a smart card-such as those, say, that grant access to a building-and used to verify that the card belongs to the person presenting it. A user would place his or her card in or near a reader and face a camera, which would take a photo and feed it to the card. The card would then compare the PIN it carried to information it derived from the new photo and either accept or reject the person as the rightful owner of the card. The technology could also be used to ensure passport or driver’s license authenticity and to secure ATM or Internet banking transactions, says McIntosh.

OmniPerception = facial recognition + smart card Read More »

Face recognition software as an example of “function creep”

security, social software, technology / /

From Technology Review‘s’ “Creepy Functions“:

Consider one example of function creep. The Electoral Commission of Uganda has retained Viisage Technology to implement a face recognition system capable of enrolling 10 million voters in 60 days. The goal is to reduce voter registration fraud. But Woodward notes that the system might also be put to work fingering political opponents of the regime. And Uganda probably isn’t the first country that springs to mind when someone says “due process” or “civil rights.”

From Technology Review‘s’ “Big Brother Logs On“:

Take the fact that the faces of a large portion of the driving population are becoming digitized by motor vehicles agencies and placed into databases, says Steinhardt. It isn’t much of a stretch to extend the system to a Big Brother-like nationwide identification and tracking network. Or consider that the Electoral Commission of Uganda has retained Viisage Technology to implement a “turnkey face recognition system” capable of enrolling 10 million voter registrants within 60 days. By generating a database containing the faceprint of every one of the country’s registered voters-and combining it with algorithms able to scour all 10 million images within six seconds to find a match-the commission hopes to reduce voter registration fraud. But once such a database is compiled, notes John Woodward, a former CIA operations officer who managed spies in several Asian countries and who’s now an analyst with the Rand Corporation, it could be employed for tracking and apprehending known or suspected political foes. Woodward calls that “function creep.”

Face recognition software as an example of “function creep” Read More »

Smart World of Warcraft Trojan

security, social software, tech in changing society, technology / /

From Information Week‘s’ “ Trojan Snags World Of Warcraft Passwords To Cash Out Accounts“:

A new password-stealing Trojan targeting players of the popular online game “World of Warcraft” hopes to make money off secondary sales of gamer goods, a security company warned Tuesday.

MicroWorld, an Indian-based anti-virus and security software maker with offices in the U.S., Germany, and Malaysia, said that the PWS.Win32.WOW.x Trojan horse was spreading fast, and attacking World of Warcraft players.

If the attacker managed to hijack a password, he could transfer in-game goods — personal items, including weapons — that the player had accumulated to his own account, then later sell them for real-world cash on “gray market” Web sites. Unlike some rival multiplayer online games, Warcraft’s publisher, Blizzard Entertainment, bans the practice of trading virtual items for real cash.

Smart World of Warcraft Trojan Read More »