What a tragic night for these USA! Even Obama himself admitted in his acceptance speech that the dreams of our country's forefathers lie dead and gutted, albeit with his usual lawyerly double-talk that allows his supporters to hear only what they will. At the risk of stretching an analogy too far, I must now anticipate that the meat of these dreams is now hanging, aging, readying itself to be tastier for the Democrats when they devour it next year with our first openly communist president in office.
I wish I could place my hope in revolt, in a secession from the union, or in an amputation from it of California, New Mexico, even Vermont. But it is not to be. This creeping influx of socialism has, like a cancer, managed to distribute itself throughout our cities and their ever-expanding suburbs, and it seems that no state can now be considered to present a safe refuge from the scourge of the liberals, as they get out their vote -- early and often -- by offering their vision of a welfare state and its gateway drugs, free money and free healthcare. No simple solution can escape the fact that all too many US voters no longer subscribe to the American ideals represented in the declaration of independence, in the bill of rights, in natural law, and in limited government. Let's not even complicate things with the matter of states' rights, with the notion that these federal elections are for a government which should not have its fingers in most of the places where they routinely poke and play. At first blush, it sure would be easy to contemplate voting being limited to landowners, adults over 25, taxpayers, citizens, or some combination of these. It would be nice to envisage a system where pinko states do not send their funds and personnel into nearby red states during the election run-up to thwart the true will of the other state. But none of these measures would likely pass: politicians will continue to pander to the majority of our citizens to whom the wealth can be redistributed; Massachusetts will continue to push its beliefs on and into New Hampshire, and few will notice with as much horror as they should the fact that the aged, failing liberal democrat and socialist countries of Western Europe are all thrilled with the choice of Barack. Once upon a time, such a warm welcome from this corner would have given serious pause for thought, if not a kiss of death.
And yet the talking heads are now discussing how so many people voted for the black guy because he is black. "Isn't it wonderful," they say, "how we have come full circle and elected someone whom only decades ago would not have been worthy to use the same water fountain?" They talk of people electing Barack Hussein Obama, a self-avowed Marxist, the most liberal of the US senators, and an advocate of increased taxes, multiplied and unfettered government spending and handouts (sorry, "rebates"), and friend of racist preachers, Black Panthers and other domestic terrorists -- and why? Because they thought his policies sound? Because he was less bad than his rival? No, they say, it's because he's black. If true -- if voters in exit polls truly said that was an influence upon their vote -- then surely these voters should have their right to vote struck out forever. It is incumbent upon the voter to be informed and to make an informed choice. Grudgingly, I accept and forbear that some people are so naive or so simple as to vote purely based on party lines. Why else could anyone bring themselves to vote for Shaheen or Lynch? But to vote based on skin color? If true, this would be unbelievable, intolerable, and would most assuredly smack of racism in and of itself. This is not a game of mini-golf, where one can throw a game to the gangly kid to make him fit in and feel good. This is the presidency of these United States. This should be serious stuff, not a coloring game. Hell, if Condy Rice and Orrin Hatch had been on a ticket together, I would have leapt to vote for it. If Thomas Sowell and Ron Paul were on a ticket together, I would have given up my job to go work for their campaign. But rest assured their races, sexes and religions would have had little to do with my vote.
Is it possible that his rival truly failed to appeal to the liberals? Hardly. He's never been a true advocate of small government or of conservatism. McCain is one of the most left wing Republicans, a true centrist and statist, someone who can barely stand to look at a problem without contemplating a big government solution and, moreover, a government solution that involves compromise, bipartisanship, regulation and complexity. He doesn't stand on tradition, require mandates to be funded, or pay heed to the constitution. He engenders more calls of RINO than an African water hole. With the exception of national defence, McCain looks just like a Democrat. And then Obama folded partway through the campaign and admitted he wouldn't be going around pulling troops out willy nilly either. So that should have nullified McCain's only possible negative to the pinkos.
And yet here we are. In a runoff between McCain's small "s" socialism and Obama's big "S" Socialism, it was inevitable that the US would come out the other side worse off. But I never truly believed, not for one moment, that the electorate would make such an appallingly bad decision, nor in such momentous numbers.
Enough. Time to go soak my head and await Obama's new New Deal.
P.S. I am always asked who the heck Thomas Sowell is. So let me save you the effort of googling... here's a recent and relevant post of his
P.P.S. It's nice when the mainstream media get something right...
Wednesday, November 5, 2008
Sunday, August 31, 2008
Risks of Poor Authentication of Financial Services Customers
It is in the nature of risk mitigation that one aims to seek a balance between the cost of the hazard and the cost of the mitigation. However, it's even better when you can reduce the cost of the hazard through a few dollars of good PR. Banks long since realized that it was cheaper to blame other people for problematic systems and processes than to fix them. Back in the 80's, until the people and the courts became wise, ATM hacks would routinely result in accusations of mistake or fraud against the accountholders. (Google some of Ross Anderson's writings or comp.risks archives if you don't believe me.)
Le plus ce change, le plus ce la meme chose. My bank in the UK has for many years provided me with a strong two-factor authentication for their online services (PIN pad hashed SecurID token plus a further website username and password). However, this is certainly the exception to the rule, and most of my online accounts continue to operate on single-factor setups that are easily socially engineered around, by telephone, by no-factor public-records type questions, etc. You know the sort of thing... where were you born, who was your mom, what's your social? And then there's the credit reporting agencies, who require no authentication at all before they will throw spurious negative reports into your files.
So what, you ask? Well, I recently came across a well-researched discussion of the issues and can recommend it to your attention...
Le plus ce change, le plus ce la meme chose. My bank in the UK has for many years provided me with a strong two-factor authentication for their online services (PIN pad hashed SecurID token plus a further website username and password). However, this is certainly the exception to the rule, and most of my online accounts continue to operate on single-factor setups that are easily socially engineered around, by telephone, by no-factor public-records type questions, etc. You know the sort of thing... where were you born, who was your mom, what's your social? And then there's the credit reporting agencies, who require no authentication at all before they will throw spurious negative reports into your files.
So what, you ask? Well, I recently came across a well-researched discussion of the issues and can recommend it to your attention...
Wednesday, August 27, 2008
Environmental Specifications for Consumer Devices
Most folks who know me know all too well my predilection for a degree of ruggedness in electronic equipment which I select. It's not that I actually buy that many "rugged" devices -- the markup for this "feature" (which used to be standard) has become too high for my liking in most cases -- but rather, it is that I am ever so good at destroying things.
I have probably broken more laptops and cellphones than the average granola-and-yogurt-eating Californian has had hot breakfasts, and whether it is dunking them, bending them, smashing them, overheating them or just plain wearing out the connectors, I can safely say that I have been there and done that. At one point several years ago, I took to carrying my cellphone inside a waterproof case that floated and with which one could swim, but it required removal to recharge every time, and then Nextel came out with their "water-resistant" model, which actually worked OK in the shower, so long as you didn't put it under the stream. Of course, vendors' definitions of water resistance vary widely. Heck, waterproof doesn't mean much of anything without a decent IPX rating (6's and 7's) to go with it.
On a side note, last time I got a new laptop I sacrified the ability to use it in the arctic or in my bathtub or on a sunny beach day with a drizzle in the offing... in return for price and performance. I got another Thinkpad for about one quarter the cost of a much slower and lower resolution Itronix Gobook. After all, IBM's onsite repair contract mitigates the effects of most accidents, and I can manage to make do without a laptop in all the usual places, like, umm, the arctic, my bathtub, the beach, the truck, or even just the back deck. It would be jolly nice, sure, but it's hardly the end of the world to have to go find some shelter before (carefully) pulling out the laptop.
OK, so where am I going with this post? Am I planning to lament the fact that equipment of yesteryear was often much better... old radio equipment with drop-proof alloy cases that would scratch and dent before they would crack or shatter, mil-spec keyboards, circuit boards with integrated circuits attached with actual flow-soldered thru-hole pins, and with everything conformally coated in epoxy resin, and connectors that were designed for multiple insertion cycles and which could be left connected or disconnected without compromising the casing's integrity? In a word, no.
No, I am just amazed. And flabbergasted. And wondering how much gear I should have to carry in my armpits and crotch. It's one thing when a hard drive bearing gets too cold and seizes, or a battery gets too cold and loses ampacity. These things are understandable technical hurdles and you get what you pay for. Roll on the hydrogen fuel cells or whatever. But for the love of God, when you pay for a device whose very nature is to work in the boonies and backwoods, which is sold and advertised as being rugged, and which does not involve any hard disks whatsoever, you might reasonably expect that it would perform to specification.
To the point, then: I have a Motorola 9505a satellite phone for use on the Iridium network. Last winter I was plagued by problems with the LCD display screen on it, which loses all contrast in its pixels when it gets even a little bit cold. I needed the phone too much to send it back, but figured that while it's still in warranty and before the winter rolls around again, I finally had time to address the problem. I checked the spec and, lo and behold, http://www.iridium.com/products/product.php?linx=0001 claims an operating range of -10 Celsius to +55 Celsius. Hardly ideal, I thought when I bought it, but I figured that below that the battery would start to give up and so accepted it as being fair enough, and determined to keep it inside my jacket until I needed it.
So what's the problem again? Well, it's the LCD screen that goes with the cold, well before the battery ever does. Expose it to modest cold -- for example, so that you can hold it to your ear in the winter and use it -- and within a minute or two you can no longer see anything on the display, kinda important when you need to see call progress detail, figure out what the beep meant, see if you're still connected, or type in and/or redial a number. How cold, you ask? Oh, sure, I'm in New Hampshire, where it can easily get to -40 Fahrenheit. But I am not talking about that. I am talking about when it's merely around freezing.
So, says I, it is probably just my phone. I have a bad display module. It's a one-off. I'll get it repaired. How wrong I was. The truth is far worse.
It appears that Motorola's warranty service only applies if the phone doesn't actually power up and allow you to make phone calls in the very best of conditions, with a good quality signal in a nice room temperature ambient. If the phone doesn't actually perform to their published specifications, that's not a warranty issue. No sirree. You might think about suing them for failure to perform, but there's nothing they will actually do for you. Apparently not being able to see anything on the display does not constitute an "operating problem".
So is it true? Have we humans really not yet learned to build a display capable of surviving a little cold? Goodness me no, my several Garmin GPS units and even my everyday Motorola cellphone, which collectively cost less than the Iridium phone, all survive just fine and can show me a nicely contrasting image when similarly freezing. But when building a super-expensive ruggedized satellite phone specified and designed for use in places where cellphones can't or won't, why oh why would anyone spend an extra dollar on a decent display?
Moral of the story: never trust specifications without knowing how (and of course when, where, why, and by whom) they were tested. Is the great thing about the various mil-specs or IP ratings the fact that, for example, they present a better definition of a water spray (pressure/direction/volume/time) than that implied by "rainproof", for example? Hell no, it's the fact that they require that the specifications end up being tested. Maybe not independent testing, but even having a QA lab in the same company is far better than some design engineer licking his pencil, fingering his calculator, and saying "Ho yes. -10 Celsius should work fine."
Second moral: caveat emptor... rugged stuff is no longer for people who need it to perform, it's for people who think they need it or just want it to look cool. Reminds me of the state of play in the watch market decades ago. "Yes, sir, absolutely. This $40 watch is waterproof to 300 metres. Look, it says so right on the face in fancy lettering that your friends can all admire."
I have probably broken more laptops and cellphones than the average granola-and-yogurt-eating Californian has had hot breakfasts, and whether it is dunking them, bending them, smashing them, overheating them or just plain wearing out the connectors, I can safely say that I have been there and done that. At one point several years ago, I took to carrying my cellphone inside a waterproof case that floated and with which one could swim, but it required removal to recharge every time, and then Nextel came out with their "water-resistant" model, which actually worked OK in the shower, so long as you didn't put it under the stream. Of course, vendors' definitions of water resistance vary widely. Heck, waterproof doesn't mean much of anything without a decent IPX rating (6's and 7's) to go with it.
On a side note, last time I got a new laptop I sacrified the ability to use it in the arctic or in my bathtub or on a sunny beach day with a drizzle in the offing... in return for price and performance. I got another Thinkpad for about one quarter the cost of a much slower and lower resolution Itronix Gobook. After all, IBM's onsite repair contract mitigates the effects of most accidents, and I can manage to make do without a laptop in all the usual places, like, umm, the arctic, my bathtub, the beach, the truck, or even just the back deck. It would be jolly nice, sure, but it's hardly the end of the world to have to go find some shelter before (carefully) pulling out the laptop.
OK, so where am I going with this post? Am I planning to lament the fact that equipment of yesteryear was often much better... old radio equipment with drop-proof alloy cases that would scratch and dent before they would crack or shatter, mil-spec keyboards, circuit boards with integrated circuits attached with actual flow-soldered thru-hole pins, and with everything conformally coated in epoxy resin, and connectors that were designed for multiple insertion cycles and which could be left connected or disconnected without compromising the casing's integrity? In a word, no.
No, I am just amazed. And flabbergasted. And wondering how much gear I should have to carry in my armpits and crotch. It's one thing when a hard drive bearing gets too cold and seizes, or a battery gets too cold and loses ampacity. These things are understandable technical hurdles and you get what you pay for. Roll on the hydrogen fuel cells or whatever. But for the love of God, when you pay for a device whose very nature is to work in the boonies and backwoods, which is sold and advertised as being rugged, and which does not involve any hard disks whatsoever, you might reasonably expect that it would perform to specification.
To the point, then: I have a Motorola 9505a satellite phone for use on the Iridium network. Last winter I was plagued by problems with the LCD display screen on it, which loses all contrast in its pixels when it gets even a little bit cold. I needed the phone too much to send it back, but figured that while it's still in warranty and before the winter rolls around again, I finally had time to address the problem. I checked the spec and, lo and behold, http://www.iridium.com/products/product.php?linx=0001 claims an operating range of -10 Celsius to +55 Celsius. Hardly ideal, I thought when I bought it, but I figured that below that the battery would start to give up and so accepted it as being fair enough, and determined to keep it inside my jacket until I needed it.
So what's the problem again? Well, it's the LCD screen that goes with the cold, well before the battery ever does. Expose it to modest cold -- for example, so that you can hold it to your ear in the winter and use it -- and within a minute or two you can no longer see anything on the display, kinda important when you need to see call progress detail, figure out what the beep meant, see if you're still connected, or type in and/or redial a number. How cold, you ask? Oh, sure, I'm in New Hampshire, where it can easily get to -40 Fahrenheit. But I am not talking about that. I am talking about when it's merely around freezing.
So, says I, it is probably just my phone. I have a bad display module. It's a one-off. I'll get it repaired. How wrong I was. The truth is far worse.
It appears that Motorola's warranty service only applies if the phone doesn't actually power up and allow you to make phone calls in the very best of conditions, with a good quality signal in a nice room temperature ambient. If the phone doesn't actually perform to their published specifications, that's not a warranty issue. No sirree. You might think about suing them for failure to perform, but there's nothing they will actually do for you. Apparently not being able to see anything on the display does not constitute an "operating problem".
So is it true? Have we humans really not yet learned to build a display capable of surviving a little cold? Goodness me no, my several Garmin GPS units and even my everyday Motorola cellphone, which collectively cost less than the Iridium phone, all survive just fine and can show me a nicely contrasting image when similarly freezing. But when building a super-expensive ruggedized satellite phone specified and designed for use in places where cellphones can't or won't, why oh why would anyone spend an extra dollar on a decent display?
Moral of the story: never trust specifications without knowing how (and of course when, where, why, and by whom) they were tested. Is the great thing about the various mil-specs or IP ratings the fact that, for example, they present a better definition of a water spray (pressure/direction/volume/time) than that implied by "rainproof", for example? Hell no, it's the fact that they require that the specifications end up being tested. Maybe not independent testing, but even having a QA lab in the same company is far better than some design engineer licking his pencil, fingering his calculator, and saying "Ho yes. -10 Celsius should work fine."
Second moral: caveat emptor... rugged stuff is no longer for people who need it to perform, it's for people who think they need it or just want it to look cool. Reminds me of the state of play in the watch market decades ago. "Yes, sir, absolutely. This $40 watch is waterproof to 300 metres. Look, it says so right on the face in fancy lettering that your friends can all admire."
Monday, August 25, 2008
Rationalizing my online services
Many moons ago, in a land far away and a time before HTML, I had a bulletin board. V.21 satisfied me, but with V.22(bisync.) came enough bandwidth to join FidoNet. Then came HTML versions 1, 2 and even the wonders of v3, and I built myself a website. In the fullness of time I enjoyed hosting my website on different servers and different operating systems, but rarely got around to actually updating the content. Who cares about content when there are firewalls and reverse proxy servers to configure and maintain!? And so the content languished and fell into disrepair, and eventually I admitted that the site was without purpose, merit or other redeeming qualities. And it perished.
Recently, however, I have been occasioned to take up the whole SaaS kick, not because it's hot, but because it suits my circumstances and allows me to get rid of my various expensive-internet-connection-demanding, power-hungry, attention-starved poorly-backed-up servers in favor of a few shillings paid to Google.
I have noticed that, in the meantime, people have gotten all excited about blogs. Supposedly these are a new invention. I am not quite sure in what way they are new. But, whether one argues the degree of innovation entailed, I will confess that tapping words into a hosted form and clicking "PUBLISH POST NOW PLEASE!!!" is a lot more convenient than ferreting around in the html or keeping some active content running on my own box. Which is all a rather long-winded way of saying that, at least in theory, this forum should provide for slightly more frequent updates and posts than my previous incarnations of my website.
Will this prove true? Will I post anything more than nonsense here? Will the content updates actually be interesting or relevant enough to any one person for them to bother reading? Maybe. And maybe, if I am careful about it, that one person might even be someone else! Either way, it will definitely entail me finding my feet when it comes to posting stuff, and achieving a balance between posting nothing at all, and posting all manner of irrelevant data, or even widely known and otherwise available information. I am no diarist, I have never kept a journal, and Messrs Strunk & White would probably have conniptions at the verbosity which I display when I do not spend lots of time refining my words. (I won't be refining much of anything, this blogging business is for fun not profit, thus my time is limited.) So be forewarned. Be prepared for lots of nonsense and noise as I strive to find the method and the substance.
On a more technical note, my life is now run by Google. Long may they fail to be evil. They have, however, asked me to tick a checkbox if I have any "adult content", to protect the prying eyes of minors and limit their liability. God knows I don't expect to be mentioning tits and ass that much on here, but lest the urge to take me I do, in keeping with my libertarian leanings, wish to keep my posting options firmly open. So, yes, you have to click through the adult content warning: sorry about that! And who knows, now that I have set the boolean, maybe I will be motivated to talk about all manner of things...
Here endeth my first post. (now I can go test the site and see what a post will look like :-) )
Recently, however, I have been occasioned to take up the whole SaaS kick, not because it's hot, but because it suits my circumstances and allows me to get rid of my various expensive-internet-connection-demanding, power-hungry, attention-starved poorly-backed-up servers in favor of a few shillings paid to Google.
I have noticed that, in the meantime, people have gotten all excited about blogs. Supposedly these are a new invention. I am not quite sure in what way they are new. But, whether one argues the degree of innovation entailed, I will confess that tapping words into a hosted form and clicking "PUBLISH POST NOW PLEASE!!!" is a lot more convenient than ferreting around in the html or keeping some active content running on my own box. Which is all a rather long-winded way of saying that, at least in theory, this forum should provide for slightly more frequent updates and posts than my previous incarnations of my website.
Will this prove true? Will I post anything more than nonsense here? Will the content updates actually be interesting or relevant enough to any one person for them to bother reading? Maybe. And maybe, if I am careful about it, that one person might even be someone else! Either way, it will definitely entail me finding my feet when it comes to posting stuff, and achieving a balance between posting nothing at all, and posting all manner of irrelevant data, or even widely known and otherwise available information. I am no diarist, I have never kept a journal, and Messrs Strunk & White would probably have conniptions at the verbosity which I display when I do not spend lots of time refining my words. (I won't be refining much of anything, this blogging business is for fun not profit, thus my time is limited.) So be forewarned. Be prepared for lots of nonsense and noise as I strive to find the method and the substance.
On a more technical note, my life is now run by Google. Long may they fail to be evil. They have, however, asked me to tick a checkbox if I have any "adult content", to protect the prying eyes of minors and limit their liability. God knows I don't expect to be mentioning tits and ass that much on here, but lest the urge to take me I do, in keeping with my libertarian leanings, wish to keep my posting options firmly open. So, yes, you have to click through the adult content warning: sorry about that! And who knows, now that I have set the boolean, maybe I will be motivated to talk about all manner of things...
Here endeth my first post. (now I can go test the site and see what a post will look like :-) )
Subscribe to:
Posts (Atom)