If you tell enough stories, perhaps the moral will show up.

2009-03-28

Authentication News Roundup

Two items tonight, on the Authentication Hotline

Rubbish Disguises
City financial types are being directed by firms and industry bodies to wear casual clothes on the riot days, so they don't stand out. It's a lovely idea -- take one middle aged bank operative, replace suit with M&S chinos and polo shirt and Shazam! indistinguishable from a climate change protester.

Or maybe you could try wearing a keffiyah. That should do it.

Effective Disguises
New spam trend: We're starting to get stiffy lolly spam pointing to .cn sites. The sender appears to be bright enough to realise that firms have filters which spot this a mile off, but also that there will be approved addresses bypassing the filters. So this mail is spoofed from plausible addresses. Yesterday I removed unisys.com from our approved list which should stop the immediate problem, but the attack is going to work until there's some way of authenticating envelope sender addresses.

The problem will really kick off when spammers realise that everyone has a bypass for FT.com because their news alerts are totally indistinguishable from spam.

I guess we need a checkbox. For any bypass, domain or just a single address, you need to be able to say "only bypass if the sender is spf authenticated".

2009-03-25

"It's Wrong to Wish on Space Hard Ware"

I wish, I wish, I wish you'd care.

I saw the space station!

On Monday night, I did it properly, looked up the ephemeris on Heaven's Above, prepped up the less mad son, and saw it rise and brighten splendidly out of the ruins of the sunset, fly right overhead, flare sunset orange and drop suddenly into the shadow about ten degrees past the zenith. All highly satisfactory, and making me feel like a Proper Dad.

Then today, walking west on my way home from the station, a familiar-looking star caught my eye with its rapid rise and increasing brightness. I watched and sure enough it disappeared twenty degrees past the zenith. Pure fluke, but I caught the time and there's the transit on the site.

2009-03-23

Minor Identity

The less mad son just had a significant birthday and Mrs U was fulminating about the difficulties the building society put in the way of his opening a teenager's account -- effectively the full-scale anti-money-laundering precautions for a pass-book account with no cheques and a cash-only card. As a minor can't be held to a contract, she couldn't even see the point of asking for a signature.

But I can. If I was laundering money, I think the prize of a full scale bank account attached to a false identity would be well worth waiting a few years for. And in the meantime, spending rich uncle Lenny's generous birthday and Christmas gifts on Premium bonds keeps the account warm, plausible, and busy with a spot of placement. So I don't blame them at all.

2009-03-16

Existential Insecurity

The problem I have is that I don't believe in computer hardware.

This story puts it nicely. How can you fabricate and reliably operate a device with 16 billion capacitors, each holding 10 electrons? http://www.theregister.co.uk/2008/12/16/mlc_cpm_pcm/

It's not the physics. I believe in electrons. I did the Milliken experiment in school and I made a transistor in college.

And I've got over credulity gaps before:  As a young man, I couldn't believe in computer processors and language compilers. I thought it was magic. It took a degree in computer engineering to see that you could build a processor out of NOR gates and a clock, and that a compiler was a data structure task preceded by lexical and structural analyses. I understand that the right mental tools can turn incredible things into engineering.

But this gap is just too wide. Think about the difference between a nice throwing rock, and a modern assault rifle. Or the difference between a cave with a fire at the front and the Bell Labs building in Holmdel NJ. There's a difference -- a huge difference. But is the modern as much as a thousand times more difficult or involved than the primitive? Stretching a point, is it as much as a million? It's not more, and it's taken many lifetimes to go from one to the other.

The simplest computer memory cell in modern designs is a transistor and a capacitor, more or less. That's one bit. You need eight to make a byte, and another for parity -- call it ten. So the 2G flash card in your camera, or the 2G DRAM on your PC -- and these are low values today -- is 2 x 10E10 cells. Twenty billions. The vast majority of them have to work reliably, predictably, over a service life of years. A single bad cell won't make the device unusable, but it can't tolerate many failures -- and this stretches my credulity.

Shockley was making recognisable transistors in 1947 -- less than a single lifetime ago. And now we have twenty billions -- not total in the world, but mass produced on commodity component  for a dollar. It's not a bit more of a step than the modern building or weapon. It's order after order of magnitude in a vanishingly short time. I don't believe there's any mental tool (Moore's law, the square law of miniaturisation ...) that will cover that gap.

So if you ask me how the ALU works, or what microcode looks like, or why recursive descent parsers are a good thing, I can tell you. But if you ask me why you can trust the data in your camera card or your memory stick, all I can say is that it's magic.

2009-03-15

I Have Been Advised....

Mr Infrastructure sent me an email. He was escalating an issue his team had with security policy.

One phrase stood out: "I have been advised..."

This is the greatest cop-out ever. It means: "Because I don't claim to understand this, you can't challenge me on it. I win."

I challenged him.

2009-03-02

Financial Insecurity

When I drafted this this morning, I wondered if I was only one who interpreted this as a cabinet minister threatening Goodwin with a bill of attainder? A quick google shows I wasn't, and in fact there doesn't seem to be any alternative construction. The problem would arise at the ECHR and I suppose that's why mad Harry (or the rest of the government anyway) is backing away.
Mark my words. Sometime over the next few months, there will be a quiet announcement: The matter is settled, and the settlement is secret. Though the spokesman will be authorised to say that Sir Fred Goodwin has agreed to reduce his pension payments. And every year, £700,000 will be paid out -- under a variety of headings -- to Sir Bentnose.

Spam Counter - 2009 Feb: 972

Mostly drugs. Some Rolex. I particularly liked "Unlock her odorant gates" but it was just a graphic so I can't tell what it was about.
It's going up. I suppose the spamternet has interpreted the loss of McColo as damage, and routed around it.