Month: September 2007

Putting the Gap into “security gap”

From Money/CNN:

“Gap Inc. announced Friday that a laptop containing the personal information of about 800,000 job applicants was stolen from the offices of one of its vendors that manages data for the company.”

The laptop was not encrypted. Way to go. Part of the reason for the impressive total is Gap also owns Old Navy and Banana Republic. (The latter brand may inspire a few cracks about the information security approach used by the retailer.) Invariably adding insult to injury in these cases is the PR response:

Gap (Charts, Fortune 500) said it has no reason to believe the data contained on the computer was the target of the theft or that the personal information has been accessed or used improperly.”

The data on the laptop may not have been the motivation (unless there was a big sticker exclaiming “Danger! Confidential data, property of Gap Inc.”) but that does not help because: Either the criminals is 1. clueless and will simply resell the machine without peeking, in which case it is up to the next person to see what he/she just inherited, OR 2. is a professional and will try to sanitize the drive prior to resale, in order to hide the fact that it is stolen merchandise. It’s not a stretch to say that prior to wiping out the drive he/she may take a peek. In any case, how does the Gap conclude there has not been accessed or used improperly? Is there a new, alien technology in their possession to monitor ongoing access to a stolen drive? Did they run credit checks on all 800K applicants to check for signs of new -account fraud using the compromised identities?

Another fine addition to the excellent Hall of Shame maintained by PrivacyRights,  the Chronology of Data Breaches going back to ChoicePoint in 2005. Current count stands at 166M– half the population of the US, including every child if there had been no overlaps.  That web page could well serve as mandatory web-browser start page for CISOs and other influential officers of any organization tasked with protecting large amounts of user data.

cemp

Reversing the flow– when cars power houses

“You don’t have to plug it in” Toyota keeps insisting in their commercials about the Prius. A conservative company confronted with the problem of marketing a disruptive technology  to a conservative audience, opted for doing the exact opposite of what every other automobile manufacturer is doing: convincing you that their product is just like any other car. While every one is spinning tales of personal liberation and spiritual enlightenment, Toyota says this is just another car. You drive it like any other car, never mind this “hybrid” mumbo-jumbo and there is no fussing with a power cord.

The problem is owners want to mess with power cords. Toyota management may want to brush up on their copy of Crossing the Chasm, because the people buying into the technology are still early-adopters at this stage and they are interested in pushing the limits of the technology. Already CalCars demonstrated plug-in conversions and Google has a fleet of converted Priuses drawing power from the solar panels lining the roof of the parking lot for buildings 45-46 in Mountain View campus.

The capability goes both ways: they can either draw power from the grid (or off the grid from renewable sources, in the case of Google) or they can supply the grid. The economic viability rests on a type of “price arbitrage”– charge at night when electricity is cheaper due to lower demand, then supply the grid during the day when it is more expensive with all those air-conditioning units whirring away.

But that vision is a few years out for a vehicle rolling off the assembly line in bone-stock condition. Without voiding the warranty or paying for a conversion that costs more than the car itself, there is no easy way to tap into this resource. Undeterred, a community of tinkerers continue to push the limits while holding on to the warranty. One of the more interesting projects is PriUPS, a pun on UPS for Uninterrupted Power Supply.

The standard answer to unreliable utilities and hurricane-prone regions is a portable generator. But a car is effectively a portable generator. When the engine is running, the alternator supplies current. (Nevermind the battery commercials showing sports cars equipped with their brand shredding rubber: the battery starts the engine but is largely out of the picture under normal driving.) Tapping into this with an off-the shelf inverter is standard. Up to ~200W can be drawn directly from the cigarette-lighter adapter– is that an anachronism now that few people use it for that purpose?– and upwards of 2000W by hooking up to the battery itself. This means that in an emergency or power-loss, a car could power basic house-hold appliances.

In principle the Prius is great for this application. First it is equipped with a large bank of batteries distinct from the ordinary one (called “traction battery” in Toyota language) that can supply more juice. More importantly, it has automatic power management to sense when the battery is running low and run the engine to recharge. This is a big improvement over running the engine constantly or manually stopping/starting. Ordinary car batteries are not designed for deep-cycles so they can’t handle being nearly discharged completely and come back to life. The Prius traction battery has no such problem.

But the engineering department had other ideas and drawing power from the traction battery was not high on their list of priorities for the car. (Besides– what would happen if potential buyers got wind of that capability? It’s no longer “just another car” and they would run away screaming, intimated by all this technological complexity, according to Toyota thinking.) PriUPS project details all the hoops to jump through to get this working. Detailed descriptions makes for good reading in their own right, but the short version is this gentleman managed to get 2400W while the engine was running 40% of the time in burts of 3 minutes. 5-6KW is the upper limit extrapolated from there, more than enough to keep a residence fully functional, minus air conditioning.

Interesting enough Honda, Toyota’s biggest competitor at home, has a healthy business in small, portable generators from home back-up power. Exactly the type that could be replaced with a Prius in the garage.

cemp

So dark the con of baseball: home run #756

The fans have spoken. In restoring a measure of respectability to the blemished game, they voted to get the #756 home-run ball branded with an asterisk before its ultimate journey to Cooperstown. Creating a PR spectacle around the fate of an infamous ball is not original, (Chi-town residents can indignantly point to the decision by online vote to destroy the Bartman ball after the Cubs’ ill-fated 2003 post season run) and the accuracy of the election about as reliable as Diebold touch-screen voting devices, it appeals to an abstract sense of justice.

This is far from compensating for the failures of “Bud-Lite” Selig to keep steroid use in check during the late 90s. Outside the city limits of San Francisco, there were few who were seriously in doubt that this record is not tainted. As for the Giants front office, it was a good move because the inevitable run-up to the record and the many milestones on the way (500, 600, then passing Willie Mays and Babe Ruth) made for great drama, packing the seats at a stadium better known for its Bay views than the quality of baseball on the field.

The good news is 2007 will also be remembered as the season Alex Rodriguez reached the 500 home-run mark, the youngest for any player to reach that total. He has easily another decade of playing time. Assuming he can hit at least thirty HR every year during the rest of his career– easy enough, he averaged over 40HR for the past ten seasons– Rodriguez will eclipse the current record and erase a disgraceful chapter from the history of the favorite pastime. Until then, the most pithy description for the state of baseball comes from the Onion: “Destruction Of National Pastime Given Two-Minute Standing Ovation”

cemp

Upcoming conference: She’s Geeky

An unconference that my colleague Kaliya, aka the Identity Woman, is helping organize:

She’s Geeky (http://www.shesgeeky.org)

A Women’s Tech (un)conference

October 22-23 in Mountain View, CA.

 

This event is designed to bring together women from a range of technology-focused disciplines who self identify as geeky. Our goal is to support skill exchange and learning between women working in diverse fields and to create a space for networking and to talk about issues faced by women in technology.

 

Not coincidentally perhaps, She’s So Geeky is the title of a collection of essays my friend Annalee Newitz edited. Here is the video of her appearance at Google’s Mountain View campus in July.

 

On another tangent and speaking of identity, Digital ID World 2007 is going on right now.

cemp

R.I.P. Marcel Marceau

Marcel Marceau passed away at the age of 84 on September 22nd.

This blogger had the incredible opportunity to watch Marceau performing the character “Bip” as well as the signatures routines the mask-maker and ages-of-man at Moore Theater in Seattle in 2000. The image of the man stuck with the smiling-face mask on his  head, struggling to desperately to remove it, all the while emoting only that silly grin is not one you will soon forget. From the Wikipedia article:

Of his summation of the ages of man in the famous Youth, Maturity, Old Age and Death, one critic said, “He accomplishes in less than two minutes what most novelists cannot do in volumes.”

Google video search has movies about his life and news reports.

cemp

Auto manufacturers discover “vaporware”

“Some day soon our new software will enable you to…” <insert marketing fantasy>

This has been a consistent tagline in the software business: product announcements couched in the vocabulary of insurgent revolutionaries, extravagant promises and lofty ideals. What follows after several years and multiple apologetic post-scripts to the original press release, is a shadow of the original vision or more likely: nothing.

Recently in the grip of a bad case of the environmentalist fever (finding its way into lame advertising slogans along the lines of “most efficient V8 in its class“) automobile manufacturers are taking up this ancient art and perfecting it for mainstream appeal For example, there is the Chevy Volt from General Motor, an electric concept car with 40 mile range that promises to eliminate fuel consumption for majority of commuters. While still boasting two engines, the Volt improves on the hybrid concept: instead of having both engines drive the power-train, only the electric motor is hooked up to the wheels and the internal combustion engine is run only to charge the batteries. On the website it is described in glowing terms:

“Off-the-line torque is instantaneous, giving you responsive acceleration. Plus, this four- to five-passenger sport sedan still maintains the passenger and cargo capacities of a production car.(2) You’ll also enjoy the benefits of features you’ve grown to expect — driver and front passenger air bags(3) and the StabiliTrak Stability Control System, for instance — as well as new convenience features allowing you to charge certain small electronic devices without plugging them in.”

There is only one problem with the car: it does not exist in production. There is no way to walk into a show-room and experience that much vaunted low-end torque.

Volt represents another fantasy taking flight for GM, an attempt to recast an old-school traditional company heavily dependent on trucks and SUVs as some type of environmental pioneer. It is in the same vein as the yellow-washed ethanol campaign ads bragging about the number of E85-compatible vehicles GM has sold. (And how many of them are actually running on E85 outside the Midwest? Never mind questions about the long-term viability of a biofuel program that takes away more farmland to grow crops.)

Not to be outdone, BMW joins the fray with its own hydrogen vehicle. TV commercials featuring CGI animation show the car dissolving into water, to emphasize that the only output of burning water is pure water. Fair enough and at least this one can be seen on the roads because it’s based on a production model, a conversion of the 7 series to run on both regular gasoline and hydrogen. But as the German Spiegel magazine points out, the car is not particularly efficient in either mode. Currently being leased to celebrities, it remains at best a test platform for developing the necessary infrastructure for hydrogen refueling. As it turns out, the BMW 745h is true “vaporware” in a different sense of the word: due to challenges of  confining liquid hydrogen long term, its massive 45 gallon tank is slowly but continuously leaking hydrogen vapor.

No reason to let these details ruin a good PR campaign.
Next up: Lexus as the worst offender for exploiting “hybrid” technology for marketting.

cemp

On the fence with nuclear energy

There is a strain of schizophrenia running through the environmentalist movement. Long the favorite whipping boy for green-blood tree-huggers, nuclear energy is enjoying a resurgence thanks to global warming concerns. Along with solar, wind, geothermal and  tidal energy sources, fission is also free of carbon emissions– and unlike the others, already has a proven track record for providing significant fraction of energy in many regions.

The British scientist James Lovelock is no stranger to controversy with his Gaia hypothesis, but in his recent book The revenge of Gaia, he has also “gone nuclear” and came out swinging in favor of nuclear energy. First it paints a very optimistic view of fusion and calls for greater investment even though not a single controlled fusion reaction on Earth has yet been self-sustaining. (Controlled is the operative keyword, since weapons do not qualify as “renewable energy sources”) There is an interesting parallel with the fuel-cell mania taking place in the automative world here. Aside from the fact that both use hydrogen as fuel, they are both long-term, high-risk, reach-for-the-moon investments which amount to business-as-usual in the short term until some undefined magic development arrives.

More perplexing is his argument for increasing the share of conventional nuclear energy based on fision. At the heart of the issue is a very complex risk management problem involving industrial systems on large scale.  Unlike deciding between an SUV and small-car, this one is greatly complicated by the apples-to-oranges nature of the comparison, weighing the risks from dramatic accident in a reactor that unfolds within seconds to the slow, gradual build-up of climate altering chemicals in the atmosphere that leads to irreversible climate change over decades.

No room for such fine points in the book. Lambasting the critics of nuclear energy as misguided urban romantics operating out of fear, Lovelock issues a dramatic personal challenge on the subject of waste disposal:

“I have offered in public to accept all of the high-level waste produced in a year from a nuclear power station for deposit on my small plot of land; it would occupy a space about a cubic metre in size and it safely in a concrete pit, and I would use the heat from its decaying radioactive elements to heat my home.”

Not-in-my-backyard residents of Nevada can take comfort here. If only more people were willing to offer their own backyard for storing radioactive waste, the ongoing debacle of Yucca mountain could be finally put to rest.

cemp

Walt Mossberg on Ubuntu

This is not exactly new but Wall Street Journal’s influential columnist reviewed Ubuntu in a Personal Technology column last week. Regardless of what the review says (and it is not very harsh in assessing the weaknesses) this is another important milestone for open-source software, right up there with Dell’s decision to ship machines pre-loaded with Ubuntu out of the box. Mossberg after all has made a name in writing about technology for non-technophiles. So begins this particular review:

This column is written for mainstream, nontechie users of digital technology. […] So, I have steered away from recommending Linux, the free computer operating system that is the darling of many techies and IT managers, and a challenger to Microsoft’s dominant Windows and Apple’s resurgent Macintosh operating system, OS X.

Notwithstanding that caveat and inspired by his own readers to give Ubuntu a shot, Mossberg takes out a factory Dell machine loaded with Ubuntu for a spin.  Even this most user friendly version of the alternative OS is not enough to change his opinion:

My verdict: Even in the relatively slick Ubuntu variation, Linux is still too rough around the edges for the vast majority of computer users. While Ubuntu looks a lot like Windows or Mac OS X, it is full of little complications and hassles that will quickly frustrate most people who just want to use their computers, not maintain or tweak them. 

For good reason, because the Dell laptop had significant problems including faulty/missing drivers. But in all fairness a laptop is also a more capricious device compared to a desktop unit. Internally Google has a Ubuntu variant dubbed “Goobuntu” but it is only intended for desktop machines. (Read: tech support will have no mercy for users who install it on a laptop and then show up at the door for trouble-shooting.) For example, one problem cited was lack of sensitivity control on the track pad. This is the same problem that confronted this blogger when he upgraded a Dell 710M to Vista. Without the specific device driver for the track-pad, Windows will assign it a generic trackpad driver which has no control over pressure sensitivity. That means any contact with the area, even so much as a thumb glancing the surface while typing away will be interpreted as a mouse click. End result of clicking on random buttons or having the cursor jump around while typing is extreme frustration. By contrast, the typical desktop set up would have an ordinary USB mouse and the generic driver will do just fine. At worst some of the fancy functionality such as wheel-scrolling will not work, but none of the downsides of phantom mouse clicks.

This was not the only device-compatibility issue. Apparently the machine also struggled with recognizing a digital camera and an iPod. (Sync never worked.) Device drivers are a tricky subject because their presence/absence often entrenches market share and enforces lock-in. It’s difficult for the vendor to justify investing in writing drivers for an operating system with small market share. That means it is up to volunteers, assuming the vendor made necessary documentation available, to enble support. As a result fewer devices work on Linux and *BSD variants, which reinforces the marginalization because rational buyers will take into account device availability when making their choice.

Other challenges Mossberg encountered had to do with half-baked software. For example, the built-in media player can handle MP3s but the codec is not present out of the box. This has long been cited as one of the caveat emptors in defining what is possible with Linux or OpenBSD.  It is always possible to say that X is possible in Linux because chances are there is some graduate student somewhere in the world who hacked together a piece of code that does X– approximately. (That stands in contrast to say what is possible in Windows being tied much closer to MSFT’s pace of innovation.)  Putting aside the question of quality, this means that what is “possible” vastly exceeds what is ready out of the box. The article also cites the lack of commercial DVD playing software– open source advocates would point to DeCSS and its manifold descendants but as with Ikea furniture, “some assembly required.”

Most surprising part is the cost difference: the same laptop installed with Vista costs only about $100 or 8% over the open-source variant. Long-term pricing trends were supposed to favor open-source.  There will be greater pressure to adopt free software as hardware prices drop, the argument runs, because the operating system and applications will become the lion’s share of the cost. 8% is hardly that and considering that Ubuntu can be installed dual-boot with Vista (or better yet inside a virtual machine using VMware or Virtual Server) the savings may not justify the productivity hit for many users.

cemp

Commoditizing the exploit: iPhone saga continues

The release of the iPhone July and its tie-in to one particular wireless carrier set in motion a sequence of inevitable events:

  • Interest from the security research community in finding ways to defeat the system. If the device actually provided a semi-officially supported way to unlock, this would have taken out all the fun/challenge out of it. But by tying the device to AT&T, Apple was throwing down the gauntlet– an especially attractive target given the strong emotions (generally of hatred) inspired by any telco.
  • Simultaneous discovery and release of an exploit that unlocks the phone hitting the news.
  • Much discussion over how Apple/AT&T would respond and whether the cease-and-desist letters would start flying.
  • Commercial version of the “exploit” available for sale online from iPhoneSimFree. This is one click hacking-for-the-masses.
  • True commodification arrives with a free version of the same software.

Next steps one can extrapolate from here:

  • Apple responds by “fixing” the vulnerability that allowed unlocking in software. This will likely get pushed out as a forced update to all devices. Because it is a closed network and interacts with servers in the cloud, updates can become the offers that a customer can’t refuse. Users are  denied service unless their phone is running the latest and greatest version of the software. (There is still one catch here: it is difficult to remotely verify the software run on a device on the other side unless the device itself has trusted hardware. This is the so-called remote attestation problem that Palladium/NGSCB tried to solve with TPMs. But for most purposes relying on the device to report its own version works; non-compliant devices would have to be tweaked to consistently report bogus configuration to pass this basic check.)
  • Arms race in full swing: now that the first exploit stopped working, there is fame and glory again in releasing a new one that can unlock the patched iPhone.
  • Apple responds, issuing another fix. Lather, rinse, repeat.
  • And perhaps optimistically: sanity prevails and Apple realizes that this is a waste of corporate resources. Much the same way that Apple finally realized DRM is a waste of time, one can hope they will reach the conclusion that tying users to one particular carrier is an outdated business model made possible only by the archaic nature of wireless networks in the US and lack of proper competitive dynamics in the marketplace.

cemp

Reliability in the cloud: hidden dependencies

The much discussed outage of Skype last month and its eventual attribution in part to Windows Update— which itself was functioning perfectly normally as designed– leads to a number of interesting observations.

  • Distributed peer-to-peer systems were heralded for their reliability, owing to the lack of any SPOFs, or single-point-of-failure. Skype routes calls using a P2P network of machines owned by its own members (although authentication is centralized) and if there is anything in plentiful supply on the Net, it’s machines with idle time/bandwidth. The outage suggested that the parts were not quite as loosely-coupled as classic distributed systems theory would have one believe– they could fail in quite coordinated manner because they all sport the identical configuration.
  • Diversity fans will probably jump at the occasion to point out the evils of software uniformity. If some larger fraction of the Skype clients were running Linux or Mac, they may not have rebooted at the same time and spared the outage, the argument runs. But this is unlikely to make a quantitative difference as even the egalitarian market divided three-ways between Windows/Linux/Mac would have substantial number of nodes of any variant. Also it is possible to get diversity of behavior on the cheap without diversity of platform– in this case, randomly spreading apart the patch installation/reboot will do the trick.
  • This was a completely unexpected interaction between 2 cloud services, one for VoIP and one for software distribution. It’s taken for granted that two client applications  installed on the same machine can have allergic reactions and blow up the machine. (This is the well-known DLL hell problem in Windows.) But the dramatic demonstration that WU, a service hosted “out-there” in the cloud could impact another completely independent service hosted elsewhere is news.
  • What does this mean for those engineering services? Keeping Skype up and running was not in the design criteria for WU. If anything getting security patches out to vulnerable machines ASAP would have increased the pressure on Skype by rebooting all machines quickly.  A lot of software these days has auto-update capability, mostly poorly designed and not even giving the users chance to consent. It’s not a stretch to assume that one could initiate a forced reboot of most  Windows or Mac machines in quick succession. Is Skype at fault then for depending on the uptime of  machines that it has no control over? The architects did the right thing and hedged their bets statistically by requiring some fraction of their nodes to be operational. Is that more of a gamble than building a giant data center stacked with wall-to-wall racks of servers?  (It’s certainly cheaper and more efficient, and environmentally friendly considering the power usage of the modern data-center. And redundancy would have required multiple DCs, geo-located around the world.) Until now the gamble worked correctly but one day WU pushed the system beyond its  critical threshold.

cemp