12/25/06
12/23/06
Felicity and Emma
We had some friends in from Winnipeg with their two year old daughter. Dora owns her soul too. :-)
What do you do all day?
Some times the days do stretch out when you are at home with a three-year-old and a baby. So kind of you to notice.
Advent calendar
This advent calendar came from her Uncle Bryce and Aunt Elisa. She gets the idea this year though is slightly frustrated by the linear process. Like all of those who like Christmas she wants to jump directly to the 25th. The stickers and finger puppets hiding inside each little box are quite a hit.
Baby warmer
Originally installed to warm one's feet when standing at the sink it doubles admirably as a baby warmer. You have to flip him every 15 minutes to get an even pink color but the end result is wonderful. :-)
Princess time (06-11-28)
Every girl needs a tiara, a magic wand and a pink feather boa at one point in her life.
The sports gal speaks (ESPN)
Then everything changed: She adopted Maddox, became a goodwill ambassador, started making normal movies and slowly made everyone forget that she was crazy. Next, she seduced and stole the husband of one of the most likable female celebs, adopted another baby with her stolen man, then had his biological child months before his divorce was even done. Now she travels all over the world in private jets wasting fuel and pretending to do nice things when we all know she's really a husband-stealing witch. But what really turned me into a full fledged Angelina hater was this month's Vogue article about her, with Angelina smugly pushing for peace talks between her and Jennifer Aniston, even having the gall to say, "That would be her decision, and I would welcome it." If I were Jennifer Aniston, I would welcome it, too. Then I would meet Angelina for lunch and repeatedly smash a chair over her head.
12/19/06
If Scrooge was a project manager
ON THE EDGE
A Business Justification for Christmas
by Ebenezer Scrooge, Project Manager
(Carl Pritchard, PMP, EVP)
A Business Justification for Christmas
by Ebenezer Scrooge, Project Manager
(Carl Pritchard, PMP, EVP)
12/16/06
Edwards Family Turkey Recipe
Equipment you'll need:
Timing:
Napa Valley Roast Turkey
Marinade:
§ 16 cups (4L) orange juice (I use from concentrate)
§ 2 cups ( 500mL) rice vinegar
§ 2 cups apple cider vinegar
§ 1 cup packed demerara sugar
§ 1 cup coarse pickling salt
§ 6 garlic cloves, crushed
§ 1 cup chopped cilantro
§ 1 cup sliced green onions
§ ¼ cup sliced fresh ginger
§ 2 tbsp whole black peppercorns
§ 1 tbsp hot red pepper flakes
§ 1 tbsp whole cloves
§ 2 cinnamon sticks, crushed
§ 12 whole star anise
12 lb (5.4 kg) turkey
½ cup butter, melted
freshly ground pepper
1. For the turkey, estimate approx 1 lb (0.45 kg) per person. It's important to buy a non-basted, unstuffed turkey. To thaw frozen turkey in refrigerator, allow 10 hours/kg. If thawing in cold water, allow 2 hours/kg (place turkey in a large container, cover completely with cold water and change every hour). Although it will continue to defrost in the marinade.
Cooking times here are for a 12 lb (5 kg) bird.
2. Combine marinade ingredients in a large stock pot and bring to a boil. Reduce heat and simmer for 45 minutes. Let it cool (can be made and refrigerated one day in advance).
OR
For a faster, self-cooling method:
Use frozen orange juice concentrate.
Bring 6 cups of water to a boil. Add everything but the orange concentrate and vinegar, and simmer for 45 mins. Take off the heat.
Add the vinegar, 3 cans of frozen concentrate, and 3 trays of icecubes plus ½ cup of water (equivalent of 6 ½ cups of water). This method also has the advantage that it doesn't stink up the house as much or attract all the fruitflies in a 5 km radius.
3. Remove neck and giblets from the turkey (set aside for soup if you like). Thoroughly rinse and dry turkey inside and out. Place in container, pour in brine, cover and refrigerate for 24 hours, turning bird over halfway through.
4. Remove turkey from brine, pat dry with paper towels and truss. Discard brine. Brush turkey with melted butter and sprinkle generously with freshly ground pepper. Place turkey on its side ( i.e. on the drumstick) on a greased rack in a roasting pan. Pour in ½ inch of water into the bottom of the pan. Add more during roasting if the juices are drying out.
5. Roast turkey uncovered at 325F (160C) for 1 hour. Using oven mitts wrapped in foil, turn turkey onto other side and roast for another hour. Turn on back (breast up) and roast for 30 minutes longer, or until juices run clear when thigh is pierced with a fork. Meat thermometer should read 185F (85C) in thigh, 170F in breast.
Transfer turkey to cutting board and cover loosely with foil. Let stand 30 minutes before carving. Spoon accumulated juices over sliced turkey, or use to make gravy.
- A plastic container large enough to hold the turkey and marinade. Make sure it fits in the fridge. If you don't have something big enough, line a cooler with double garbage bags and use ice packs to keep it cold overnight.
- A shallow roasting pan (preferably with rack insert), large enough to hold the turkey. No lid necessary, since the turkey is cooked uncovered.
- An instant-read thermometer to test when the turkey's done (we have one).
Timing:
- T-4 days: If using a frozen turkey, start defrosting in the fridge. Exact timing depends on turkey size (see step 1).
- T-2 days: make marinade, cool overnight (alternatively, use fast method and make on T-1).
- T-1 day: place turkey in marinade for 24 hours. Flip the bird over halfway through.
- T-day: For 12 lb bird, start cooking approx 4 hours before dinner to allow for heating, carving and making gravy.
Napa Valley Roast Turkey
Marinade:
§ 16 cups (4L) orange juice (I use from concentrate)
§ 2 cups ( 500mL) rice vinegar
§ 2 cups apple cider vinegar
§ 1 cup packed demerara sugar
§ 1 cup coarse pickling salt
§ 6 garlic cloves, crushed
§ 1 cup chopped cilantro
§ 1 cup sliced green onions
§ ¼ cup sliced fresh ginger
§ 2 tbsp whole black peppercorns
§ 1 tbsp hot red pepper flakes
§ 1 tbsp whole cloves
§ 2 cinnamon sticks, crushed
§ 12 whole star anise
12 lb (5.4 kg) turkey
½ cup butter, melted
freshly ground pepper
1. For the turkey, estimate approx 1 lb (0.45 kg) per person. It's important to buy a non-basted, unstuffed turkey. To thaw frozen turkey in refrigerator, allow 10 hours/kg. If thawing in cold water, allow 2 hours/kg (place turkey in a large container, cover completely with cold water and change every hour). Although it will continue to defrost in the marinade.
Cooking times here are for a 12 lb (5 kg) bird.
2. Combine marinade ingredients in a large stock pot and bring to a boil. Reduce heat and simmer for 45 minutes. Let it cool (can be made and refrigerated one day in advance).
OR
For a faster, self-cooling method:
Use frozen orange juice concentrate.
Bring 6 cups of water to a boil. Add everything but the orange concentrate and vinegar, and simmer for 45 mins. Take off the heat.
Add the vinegar, 3 cans of frozen concentrate, and 3 trays of icecubes plus ½ cup of water (equivalent of 6 ½ cups of water). This method also has the advantage that it doesn't stink up the house as much or attract all the fruitflies in a 5 km radius.
3. Remove neck and giblets from the turkey (set aside for soup if you like). Thoroughly rinse and dry turkey inside and out. Place in container, pour in brine, cover and refrigerate for 24 hours, turning bird over halfway through.
4. Remove turkey from brine, pat dry with paper towels and truss. Discard brine. Brush turkey with melted butter and sprinkle generously with freshly ground pepper. Place turkey on its side ( i.e. on the drumstick) on a greased rack in a roasting pan. Pour in ½ inch of water into the bottom of the pan. Add more during roasting if the juices are drying out.
5. Roast turkey uncovered at 325F (160C) for 1 hour. Using oven mitts wrapped in foil, turn turkey onto other side and roast for another hour. Turn on back (breast up) and roast for 30 minutes longer, or until juices run clear when thigh is pierced with a fork. Meat thermometer should read 185F (85C) in thigh, 170F in breast.
Transfer turkey to cutting board and cover loosely with foil. Let stand 30 minutes before carving. Spoon accumulated juices over sliced turkey, or use to make gravy.
12/14/06
Work in progress
Felicity can be a little withdrawn when she first arrives at daycare in anticipation of the coming parting.
This sometimes can throw off some of her little friends who were happy to see her arrive. We had been talking about being nice to our friends and saying nice words when we see them.
We're driving the other day and she pipes up from the back seat: I used nice words with my friends, Daddy.
I praise her and ask her what she said.
Response:
No, Alyssa, that's mine. I play with it! You don't play with it!
We may need to revisit the issue. :-)
This sometimes can throw off some of her little friends who were happy to see her arrive. We had been talking about being nice to our friends and saying nice words when we see them.
We're driving the other day and she pipes up from the back seat: I used nice words with my friends, Daddy.
I praise her and ask her what she said.
Response:
No, Alyssa, that's mine. I play with it! You don't play with it!
We may need to revisit the issue. :-)
I'm brave, I'm brave
A bit of context:
I have been reading a book to Felicity called "The tunnel" which involves a sister and a brother that do not get along. There mother sends them out of the house with orders to play together down to the vacant lot. Brother finds a dark tunnel and goes through it and disappears.
Sister is nervous but overcomes this and is brave and goes through the tunnel, into the wood, passes through the forest with lions, tigers and bears and finds brother who has been turned to stone. She hugs him, he revives, they pass back through the forest etc. and arrive home for lunch with a shared understanding.
We talk a lot about being brave as being able to do things that make you nervous or afraid.
Earlier this week Felicity and I were talking about the book and she looks at me and says I'm not scared in the tunnel because I know where my daddy is. I must admit it got a little dusty in the room for a moment. :-)
Back to the main narrative. I pick her up from daycare yesterday and we go to the swimming pool. The pool has a 3 story water slide that begins fully enclosed and completely dark as you drop for 6 or 7 seconds. That was a shock the first time we did it last year.
So we climb the stairs for the first time and talk about the tunnel and the slide. We drop in and I tell her she is doing very well as we round the turns in the dark.
The next time up we sit down, 1,2,3 and we plunge into the tunnel. Suddenly I hear this little voice in the darkness going:
I'm brave, I'm brave, I'm brave. :-)
I have been reading a book to Felicity called "The tunnel" which involves a sister and a brother that do not get along. There mother sends them out of the house with orders to play together down to the vacant lot. Brother finds a dark tunnel and goes through it and disappears.
Sister is nervous but overcomes this and is brave and goes through the tunnel, into the wood, passes through the forest with lions, tigers and bears and finds brother who has been turned to stone. She hugs him, he revives, they pass back through the forest etc. and arrive home for lunch with a shared understanding.
We talk a lot about being brave as being able to do things that make you nervous or afraid.
Earlier this week Felicity and I were talking about the book and she looks at me and says I'm not scared in the tunnel because I know where my daddy is. I must admit it got a little dusty in the room for a moment. :-)
Back to the main narrative. I pick her up from daycare yesterday and we go to the swimming pool. The pool has a 3 story water slide that begins fully enclosed and completely dark as you drop for 6 or 7 seconds. That was a shock the first time we did it last year.
So we climb the stairs for the first time and talk about the tunnel and the slide. We drop in and I tell her she is doing very well as we round the turns in the dark.
The next time up we sit down, 1,2,3 and we plunge into the tunnel. Suddenly I hear this little voice in the darkness going:
I'm brave, I'm brave, I'm brave. :-)
The Mother Jones Iraq War Timeline
In this timeline, we've assembled the
history of the Iraq War to create a resource we hope will help resolve
open questions of the Bush era. What did our leaders know and when did
they know it? And, perhaps just as important, what red flags did we
miss, and how could we have missed them?
12/10/06
12/6/06
Canada's documentaries lost to copyright
Canada's taxpayer-funded National Film Board has underwritten many
brilliant documentaries that are no longer available due to the
prohibitive cost of re-licensing the copyrights for the materials they
incidentally feature. The Documentary Organization of Canada has
released a new white paper
detailing the many Canadian treasures that are lost due to the greed of
rightsholders and the spike in copyright liability insurance.
Thanks to spiralling copyright licensing costs, payable to
whoever holds the copyright (unions, archives, creators, corporations)
-- and thanks, too, to the rising cost of insurance to protect against
copyright claims -- more and more public film footage is no longer
available to the Canadian public, nor for use by Canadian creators.
That's the message of the DOC's new white paper, released yesterday by
the 700-member organization.The Copyright Clearance Culture and Canadian Documentaries, written
by Ottawa copyright lawyer Howard Knopf, cites many eyebrow-raising
cases. An example: Quebec filmmaker Sylvie Van Brabant's film
Remous/Earthwalk has been withdrawn from public circulation because its
main character sings 30 seconds of a recognizable tune whose rights the
National Film Board has deemed too expensive to renew.
12/3/06
Do it yourself Planner
Thinking about setting goals for the new year. Check out:
DIYPlanner.com
We are a community
of people who see the value of paper as a medium for planning,
productivity, creative expression, and exploring ideas. We encourage
visitors to share advice and inspiration, and we love to see
submissions for templates, kit images and story articles. We are also
the official home of the free D*I*Y Planner kits. Please enjoy your stay, and make yourself at home!
DIYPlanner.com
We are a community
of people who see the value of paper as a medium for planning,
productivity, creative expression, and exploring ideas. We encourage
visitors to share advice and inspiration, and we love to see
submissions for templates, kit images and story articles. We are also
the official home of the free D*I*Y Planner kits. Please enjoy your stay, and make yourself at home!
12/1/06
Xmas gifts - a woman's perspective
There are two kinds of bad Xmas gifts: Copout Gifts and Just Plain Bad
Gifts. Every guy reading this needs to avoid them both. Some examples: (Scroll down to bottom right of page)
Gifts. Every guy reading this needs to avoid them both. Some examples: (Scroll down to bottom right of page)
30 Essential Pieces Of Free (and Open) Software for Windows
http://www.thesimpledollar.com/2006/12/01/30-essential-pieces-of-free-and-open-software-for-windows/
What follows is a list of thirty pieces of software that are the cream
of the crop of open source software for Windows. Not only is every
piece of it free, almost all of them directly replace expensive
software packages.
What follows is a list of thirty pieces of software that are the cream
of the crop of open source software for Windows. Not only is every
piece of it free, almost all of them directly replace expensive
software packages.
11/30/06
Pictures of the surface of the sun
Wow those scientists get up to all kinds of wild and crazy things... :-)
http://www.thesurfaceofthesun.com/index.html
http://www.thesurfaceofthesun.com/index.html
11/27/06
Christmas Giving
Hi! already told some of you about the Rockin’ For Research
Gala in Vancouver, to raise money for the Juvenile Diabetes Research
Foundation. was a blast. you click on the link below, and
listen to Song #1, you’ll hear one of the songs featured night
before the live show. part in it is pretty mellow, but it was
built around THOSE KIDS, who made me cry in the studio and again at the
gala just watching the slideshow of them all. were sweet and
strong and wonderful. Crying and singing is actually quite hard.
I’m aware that I would not be giving birth to our second child in
January without the absolutely phenomenal research that has changed the
face of 1 diabetes treatment since my diagnosis 30 years ago.
then people could only dream about having the kind of technology,
care, and “normal” experiences that we do today. advance has
made life more livable. the dangers associated with extreme high
and low blood sugar levels in us are still life-threatening and a 24
hours-a-day challenge. />
If you’re looking for a late write-off this year, the site makes it
very easy to make a donation of any size, from anywhere, to better the
future for so many little kids who face a lifetime riding the roller
coaster of insulin therapy and frightening diabetic complications.
you aren’t able to contribute, just passing this link on will be a
great help. it out!
Thanks, love, and good health,
Saffron
http://www.jdrf.ca/rockin
Gala in Vancouver, to raise money for the Juvenile Diabetes Research
Foundation. was a blast. you click on the link below, and
listen to Song #1, you’ll hear one of the songs featured night
before the live show. part in it is pretty mellow, but it was
built around THOSE KIDS, who made me cry in the studio and again at the
gala just watching the slideshow of them all. were sweet and
strong and wonderful. Crying and singing is actually quite hard.
I’m aware that I would not be giving birth to our second child in
January without the absolutely phenomenal research that has changed the
face of 1 diabetes treatment since my diagnosis 30 years ago.
then people could only dream about having the kind of technology,
care, and “normal” experiences that we do today. advance has
made life more livable. the dangers associated with extreme high
and low blood sugar levels in us are still life-threatening and a 24
hours-a-day challenge. />
If you’re looking for a late write-off this year, the site makes it
very easy to make a donation of any size, from anywhere, to better the
future for so many little kids who face a lifetime riding the roller
coaster of insulin therapy and frightening diabetic complications.
you aren’t able to contribute, just passing this link on will be a
great help. it out!
Thanks, love, and good health,
Saffron
http://www.jdrf.ca/rockin
11/26/06
Satire: End-life crisis marked by extravagant spending spree
What
began as a single, uncharacteristic extravagance-the payment of $15,000
for a coronary angioplasty to expand his narrowing arterial wall-has
given way to a growing number of personal luxuries, from the latest
brand-name heart medications to the most advanced palliative care.
The
unusual developments have led concerned family members to suspect that
the once prudent and conservative 74-year-old widower is undergoing an
acute end-life crisis.
What not to get your kids for Christmas
Avoid the loony Zune
(http://www.suntimes.com/technology/ihnatko/147048,CST-FIN-Andy23.article)
November 23, 2006
BY ANDY IHNATKO
Y es, Microsoft's new Zune digital music player is just plain dreadful. I've spent a week setting this thing up and using it, and the overall experience is about as pleasant as having an airbag deploy in your face.
"Avoid," is my general message. The Zune is a square wheel, a product that's so absurd and so obviously immune to success that it evokes something akin to a sense of pity.
The setup process stands among the very worst experiences I've ever had with digital music players. The installer app failed, and an hour into the ordeal, I found myself asking my office goldfish, "Has it really come to this? Am I really about to manually create and install a .dll file?"
But there it was, right on the Zune's tech support page. Is this really what parents want to be doing at 4 a.m. on Christmas morning?
That might not be Zune's fault. After about a year of operation, it's almost as if a Windows machine develops some sort of antibodies that prevent it from recognizing new hardware. But what's Microsoft's excuse for everything else?
Only the Zune software can sync music, video and pictures onto the device; Zune is incompatible with Windows Media Player, the familiar hub of the Windows desktop media experience.
The Zune app doesn't even have as many features as WMP. And why (for the love of God) doesn't it support podcasts? That's pure insanity.
It's incompatible with Microsoft's own PlaysForSure standard, too.
You'll have to buy all-new content from the new Zune Marketplace.
Oh, and the Zune Marketplace doesn't even take real money, proving that on the Zune Planet there's no operation so simple that it can't be turned into a confusing ordeal. The Marketplace only accepts Zune Points, with an individual track typically costing the equivalent of the iTunes-standard 99 cents.
By forcing users to buy blocks of Zune Points (with a $5 minimum), the Marketplace only has to pay one credit-card processing fee.
Zune Points will also make it easier for the Zune Marketplace to institute variable pricing. The music industry wants it desperately. The industry has been pressuring Apple to abandon its flat 99 cent pricing and start charging more for "hot" tracks.
Apple has stood firm against this, insisting that low, uniform prices keep sales high and discourage the iTunes Store's users from downloading music illegally.
I'm certain Microsoft will cave on this one. It has already given the music industry the other thing the industry has been demanding from Apple: a kickback on every player sold.
"These devices are just repositories for stolen music, and they all know it," said Doug Morris, CEO of Universal Music Group. "So it's time to get paid for it."
Well, Morris is just a big, clueless idiot, of course. Do you honestly want morons like him to have power over your music player?
Then go ahead and buy a Zune. You'll find that the Zune Planet orbits the music industry's Bizarro World, where users aren't allowed to do anything that isn't in the industry's direct interests.
Take the Zune's one unique and potentially ginchy feature: Wi-Fi. You see this printed on the box and you immediately think "Cool. So I can sync files from my desktop library without having to plug in a USB cable, right? Maybe even download new content directly to the device from the Internet?"
Typical, selfish user: How does your convenience help make money for Universal? No wonder Doug despises you.
No, the Zune's sole wireless feature is "squirting" -- I know, I know, it's Microsoft's term, not mine -- music and pictures to any other Zune device within direct Wi-Fi range. Even if the track is inherently free (like a podcast) the Zune wraps it in a DRM scheme that causes the track to self-destruct after three days or three plays, whichever comes first.
After that, it's nothing more than a bookmark for purchasing the track in the Zune Marketplace. It amounts to nothing more than free advertising.
The Zune is a complete, humiliating failure. Toshiba's Gigabeat player, for example, is far more versatile, it has none of the Zune's limitations, and Amazon sells the 30-gig model for 40 bucks less.
Throw in the Zune's tail-wagging relationship with music publishers, and it almost becomes important that you encourage people not to buy one.
The iPod owns 85 percent of the market because it deserves to. Apple consistently makes decisions that benefit the company, the users and the media publishers -- and they continue to innovatively expand the device's capabilities without sacrificing its simplicity.
Companies such as Toshiba and Sandisk (with its wonderful Nano-like Sansa e200 series) compete effectively with the iPod by asking themselves, "What are the things that users want and Apple refuses to provide?"
Microsoft's colossal blunder was to knock the user out of that question and put the music industry in its place.
Result: The Zune will be dead and gone within six months. Good riddance.
Andy Ihnatko writes on technical and computer issues for the Sun-Times.
Avoid the loony Zune
(http://www.suntimes.com/technology/ihnatko/147048,CST-FIN-Andy23.article)
November 23, 2006
BY ANDY IHNATKO
Y es, Microsoft's new Zune digital music player is just plain dreadful. I've spent a week setting this thing up and using it, and the overall experience is about as pleasant as having an airbag deploy in your face.
"Avoid," is my general message. The Zune is a square wheel, a product that's so absurd and so obviously immune to success that it evokes something akin to a sense of pity.
The setup process stands among the very worst experiences I've ever had with digital music players. The installer app failed, and an hour into the ordeal, I found myself asking my office goldfish, "Has it really come to this? Am I really about to manually create and install a .dll file?"
But there it was, right on the Zune's tech support page. Is this really what parents want to be doing at 4 a.m. on Christmas morning?
That might not be Zune's fault. After about a year of operation, it's almost as if a Windows machine develops some sort of antibodies that prevent it from recognizing new hardware. But what's Microsoft's excuse for everything else?
Only the Zune software can sync music, video and pictures onto the device; Zune is incompatible with Windows Media Player, the familiar hub of the Windows desktop media experience.
The Zune app doesn't even have as many features as WMP. And why (for the love of God) doesn't it support podcasts? That's pure insanity.
It's incompatible with Microsoft's own PlaysForSure standard, too.
You'll have to buy all-new content from the new Zune Marketplace.
Oh, and the Zune Marketplace doesn't even take real money, proving that on the Zune Planet there's no operation so simple that it can't be turned into a confusing ordeal. The Marketplace only accepts Zune Points, with an individual track typically costing the equivalent of the iTunes-standard 99 cents.
By forcing users to buy blocks of Zune Points (with a $5 minimum), the Marketplace only has to pay one credit-card processing fee.
Zune Points will also make it easier for the Zune Marketplace to institute variable pricing. The music industry wants it desperately. The industry has been pressuring Apple to abandon its flat 99 cent pricing and start charging more for "hot" tracks.
Apple has stood firm against this, insisting that low, uniform prices keep sales high and discourage the iTunes Store's users from downloading music illegally.
I'm certain Microsoft will cave on this one. It has already given the music industry the other thing the industry has been demanding from Apple: a kickback on every player sold.
"These devices are just repositories for stolen music, and they all know it," said Doug Morris, CEO of Universal Music Group. "So it's time to get paid for it."
Well, Morris is just a big, clueless idiot, of course. Do you honestly want morons like him to have power over your music player?
Then go ahead and buy a Zune. You'll find that the Zune Planet orbits the music industry's Bizarro World, where users aren't allowed to do anything that isn't in the industry's direct interests.
Take the Zune's one unique and potentially ginchy feature: Wi-Fi. You see this printed on the box and you immediately think "Cool. So I can sync files from my desktop library without having to plug in a USB cable, right? Maybe even download new content directly to the device from the Internet?"
Typical, selfish user: How does your convenience help make money for Universal? No wonder Doug despises you.
No, the Zune's sole wireless feature is "squirting" -- I know, I know, it's Microsoft's term, not mine -- music and pictures to any other Zune device within direct Wi-Fi range. Even if the track is inherently free (like a podcast) the Zune wraps it in a DRM scheme that causes the track to self-destruct after three days or three plays, whichever comes first.
After that, it's nothing more than a bookmark for purchasing the track in the Zune Marketplace. It amounts to nothing more than free advertising.
The Zune is a complete, humiliating failure. Toshiba's Gigabeat player, for example, is far more versatile, it has none of the Zune's limitations, and Amazon sells the 30-gig model for 40 bucks less.
Throw in the Zune's tail-wagging relationship with music publishers, and it almost becomes important that you encourage people not to buy one.
The iPod owns 85 percent of the market because it deserves to. Apple consistently makes decisions that benefit the company, the users and the media publishers -- and they continue to innovatively expand the device's capabilities without sacrificing its simplicity.
Companies such as Toshiba and Sandisk (with its wonderful Nano-like Sansa e200 series) compete effectively with the iPod by asking themselves, "What are the things that users want and Apple refuses to provide?"
Microsoft's colossal blunder was to knock the user out of that question and put the music industry in its place.
Result: The Zune will be dead and gone within six months. Good riddance.
Andy Ihnatko writes on technical and computer issues for the Sun-Times.
11/21/06
High school sports - impact of...
Robert Lipsyte
Link
Special to Page 2
This is what I learned in high school this year: The kids are not all right, and some of them even know why.
I've been talking to high school kids, especially jocks, on my book tour for "Raiders Night," a controversial new young-adult novel about the aftermath of a brutal training-camp hazing incident. In the book, the coaches, the school and the town try to put a lid on the incident. On the tour, coaches, schools and towns have been trying to put a lid on the book.
...
As it turned out, the high school kids I did get to, in New York, Illinois, Michigan and California, weren't all that concerned about the language, the sex and drugs in the book, either. It was what they lived with every day. They said they could handle that. What they did want to talk about was something they obviously couldn't handle – betrayal by adult society.
At one suburban Chicago high school where more than a hundred juniors and seniors had read the book before I came to speak, the football players I talked to privately wanted to vent about their profound and sophisticated mistrust of coaches.
Robert Lipsyte
Link
Special to Page 2
This is what I learned in high school this year: The kids are not all right, and some of them even know why.
I've been talking to high school kids, especially jocks, on my book tour for "Raiders Night," a controversial new young-adult novel about the aftermath of a brutal training-camp hazing incident. In the book, the coaches, the school and the town try to put a lid on the incident. On the tour, coaches, schools and towns have been trying to put a lid on the book.
...
As it turned out, the high school kids I did get to, in New York, Illinois, Michigan and California, weren't all that concerned about the language, the sex and drugs in the book, either. It was what they lived with every day. They said they could handle that. What they did want to talk about was something they obviously couldn't handle – betrayal by adult society.
At one suburban Chicago high school where more than a hundred juniors and seniors had read the book before I came to speak, the football players I talked to privately wanted to vent about their profound and sophisticated mistrust of coaches.
11/18/06
If everything is going according to plan...
You probably have the wrong plan. Following that general rule I decide to go in and reinforce my daughters good behavior today. 45 minutes in her room doing "quiet time" - this has replaced nap - without coming out and really without incident. The reason for the silence - Dad had left a permanent fabric marker in the room. Note: it also works on plastic, wood and metal and it really is permanent. The idea of installing a wireless web cam comes to the fore again. :-)
You probably have the wrong plan. Following that general rule I decide to go in and reinforce my daughters good behavior today. 45 minutes in her room doing "quiet time" - this has replaced nap - without coming out and really without incident. The reason for the silence - Dad had left a permanent fabric marker in the room. Note: it also works on plastic, wood and metal and it really is permanent. The idea of installing a wireless web cam comes to the fore again. :-)
Arphid Watch: Find Own Foot, Aim Hastily, Pull Trigger
Excerpted from Bruce Scheider - Security Expert Blog - his commentary has been italicized. His commentary is included within the body of the original story from the Guardian, one of England's better newspapers. Note that Canada and the U.S. are proposing a very similar approach with all the attendant flaws.
http://blog.wired.com/sterling/2006/11/arphid_watch_fi.html
Cracked it!
Three million Britons have been issued with the new hi-tech passport, designed to frustrate terrorists and fraudsters. So why did Steve Boggan and a friendly computer expert find it so easy to break the security codes?
Steve Boggan Friday November 17, 2006 Guardian http://www.guardian.co.uk/idcards/story/0,,1950226,00.html
Six months ago, with the help of a rather scary computer expert, I deconstructed the life of an airline passenger simply by using information garnered from a boarding-pass stub he had thrown into a dustbin on the Heathrow Express. By using his British Airways frequent-flyer number and buying a ticket in his name on the airline's website, we were able to access his personal data, passport number, date of birth and nationality. Based on this information, using publicly available databases, we found out where he lived, his profession, all his academic qualifications and even how much his house was worth.
It would have been only a short hop to stealing his identity, committing fraud in his name and generally ruining his life.
Great news then, we thought, that the UK had just begun to issue new, ultra-secure passports, incorporating tiny microchips to store the holder's details and a digital description of their physical features (known in the jargon as biometrics). These, the argument went, would make identity theft much more difficult and pave the way for the government's proposed ID cards in 2008 or 2009.
Today, some three million such passports have been issued, and they don't look so secure. I am sitting with my scary computer man and we have just sucked out all the supposedly secure data and biometric information from three new passports and displayed it all on a laptop computer.
The UK Identity and Passport Service website says the new documents are protected by "an advanced digital encryption technique". So how come we have the information? What could criminals or terrorists do with it? And what could it mean for the passports and the ID cards that are meant to follow?
First it is necessary to explain why the new passports were introduced, and how they work. After the 9/11 attack on the World Trade Centre, in which fake passports were used, the US decided it wanted foreign citizens who presented themselves at its borders to have more secure "machine-readable" identity documents. It told 27 countries that participated in a visa waiver programme that citizens with passports issued after the 26th of last month must have micro-chipped biometric passports or would have to apply for a US visa. Among those 27 countries are the major EU members, and other friendly nations ranging from Andorra and Iceland to Singapore, Japan and Brunei. The UK, of course, is also included.
(((If we simply returned to the security situation status quo ante on 9/10 instead of 9/11, it would be like the civilized world suddenly got over a massive, self-inflicted stupidity virus. Furthermore, we'd be a lot safer.)))
Standards for the new passports were set by the International Civil Aviation Organisation (ICAO) in 2003 and adopted by the waiver countries and the US. The ICAO recommended that passports should contain facial biometrics, though countries could introduce fingerprints at a later date. All these would be stored on a Radio Frequency Identification (RFID) microchip, which can be accessed from a short distance using radio waves. Similar chips are commonly found in retail, where they are used for stock control.
Fatally, however, the ICAO suggested that the key needed to access the data on the chips should be comprised of, in the following order, the passport number, the holder's date of birth and the passport expiry date, all of which are contained on the printed page of the passport on a "machine readable zone."
When an immigration official swipes the passport through a reader, this feeds in the key, which allows a microchip reader to communicate with the RFID chip. The data this contains, including the holder's picture, is then displayed on the official's screen. The assumption at this stage is that this document is as authentic as it is super-secure. And, as we shall see later, this could be highly significant.
Once the passports began to be issued in the UK in March, we began laying the foundations for examining them. Phil Booth, national coordinator of the campaign group NO2ID, suggested to his members that they apply for a new passport. Anyone who gets one before ID cards are rolled out will not have to register for a card until their passports expire in 10 years' time, and this appealed to Booth.
At the same time, Adam Laurie, my computer expert and technical director of the Bunker Secure Hosting, a Kent-based computer security company, and I began laying plans to examine the new passports. Laurie is actually not a scary individual - he is regarded in the industry as a technical wizard who cares about privacy and civil rights - but much of the electronic information he uncovers is. Two years ago, he revealed that Bluetooth mobile phones could be accessed remotely, drained of their contact details, diary entries and pictures, and manipulated to act as bugging devices. The cellphone industry spent millions of pounds plugging the gaps he exposed.
By last month, Booth, Laurie and I each had access to a new biometric chipped passport and were ready to begin testing them. (((Three guys. No budget to speak of. Mayhem ensues.))) Laurie's first port of call was the ICAO's website, where the organisation had published specifications for the new travel documents. This is where he learned that the key to opening up the secure chip was contained in the passports themselves - passport number, date of birth and expiry date.
"I was amazed that they made it so easy," Laurie says. "The information contained in the chip is not encrypted, but to access it you have to start up an encrypted conversation between the reader and the RFID chip in the passport.
"The reader - I bought one for £250 - (((okay, there must have been SOME budget))) has to say hello to the chip and tell it that it is authorised to make contact. The key to that is in the date of birth, etc. Once they communicate, the conversation is encrypted, but I wrote some software in about 48 hours that made sense of it. (((I hate reading stuff like this. "About 48 hours." Couldn't it have been at least 48 days or something?)))
"The Home Office has adopted a very high encryption technology called 3DES - that is, to a military-level data-encryption standard times three. So they are using strong cryptography to prevent conversations between the passport and the reader being eavesdropped, but they are then breaking one of the fundamental principles of encryption by using non-secret information actually published in the passport to create a 'secret key'. That is the equivalent of installing a solid steel front door to your house and then putting the key under the mat." (((Oh jeez. It's as Neal Stephenson said: cryptography is like a picket fence around your house that consists of one picket ninety miles tall.)))
Within minutes of applying the three passports to the reader, the information from all of them has been copied and the holders' images appear on the screen of Laurie's laptop. The passports belong to Booth, and to Laurie's son, Max, and my partner, who have all given their permission.
But could you - and what use would my passport be to you? A security feature of the chip ensures that information cannot be added or altered, so you couldn't put your picture on my chip. So is our attack really so impressive?
The Home Office thinks not. It correctly points out that the information sucked out of the chip is only the same as that which appears on the page, readable with the human eye. And to obtain the key in the first place, you would need to have access to the passport to read (with the naked eye) its number, expiry date and the date of birth of its holder.
"This doesn't matter," says a Home Office spokesman. "By the time you have accessed the information on the chip, you have already seen it on the passport. What use would my biometric image be to you? And even if you had the information, you would still have to counterfeit the new passport - and it has lots of new security features. If you were a criminal, you might as well just steal a passport."
However, some computer experts believe the Home Office is being dangerously naive. Several months ago, Lukas Grunwald, founder of DN-Systems Enterprise Solutions in Germany, conducted a similar attack to ours on a German biometric passport and succeeded in cloning its RFID chip. He believes unscrupulous criminals or terrorists would find this technology very useful.
"If you can read the chip, then you can clone it," he says. "You could use this to clone a passport that would exploit the system to illegally enter another country." (We did not clone any of our passport chips on the assumption that to do so would be illegal.)
Grunwald adds: "The problems could get worse when they put fingerprint biometrics on to the passports. There are established ways of making forged fingerprints. In the future, the authorities would like to have automated border controls, and such forged fingerprints [stuck on to fingers] would probably fool them."
But what about facial recognition systems (your biometric passport contains precise measurements of key points on your face and head)? "Yes," says Grunwald, "but they are not yet in operation at airports and the technology throws up between 20 and 25% false negatives or false positives. It isn't reliable."
Neither is the human eye, according to research conducted by a team of psychologists from the University of Westminster in 1996. Remember, information - such as a new picture - cannot be added to a cloned chip, so anyone using it to make a counterfeit passport would have to use one that bore a reasonable resemblance to themselves.
But during Westminster University's study, which examined whether putting people's images on credit cards might reduce fraud, supermarket staff drafted in for tests had great difficulty matching faces to pictures. The conclusion was that pictures would not improve security and they were never introduced on credit cards. This means that each time you hand over your passport at, say, a hotel reception or car-rental office abroad to be "photocopied", it could be cloned with equipment like ours. This could have been done with an old passport, but since the new biometric passports are supposed to be secure they are more likely to be accepted without question at borders.
Given the results of the Westminster study, if a terrorist bore a slight resemblance to you - and grew a beard, perhaps - he would have a good chance of getting through a border. Because his chip is cloned, with the necessary digital signatures, and because you have not reported your passport stolen - you still have it! - his machine-readable travel document will get him wherever he wants to go, using your identity. (((In other words, electronic passport theft is about as handy as regular, commercial identity theft. The real hell would come if the authorities didn't bother to stare at the passport but simply trusted the signal from the chip. Which was supposed to be the idea in the first place: these arphids are supposed to be making transit SAFER AND FASTER AND MORE CONVENIENT, not just introducing a new level of Rube Goldberg snafu.)))
What about the technical difficulties? The government claims the new biometric passport chips can be read over a distance of just 2cm, but researchers all over the world claim to have read them from further. The physics governing those in British passports says they could be read over a metre, but no one has yet done that. A Dutch team claims to have contacted chips at 30cm.
Laurie has, however, rigged up a piece of equipment that can connect to a passport over 7.5cm. That isn't as far as the Dutch 30cm, but it is enough if your target subject is sitting next to you on the London Underground or crushed up against you on the Gatwick Airport monorail, his pocketed passport next to the reader you have hidden in a bag. ((("Arphid pickpockets.")))
It takes around four seconds to suck out the information with a reader; then it can be relayed and unscrambled by an accomplice with a laptop up to 1km away. With a Heath Robinson device we built on Tuesday using a Bluetooth antenna connected to an RFID reader, Laurie relayed details of his son's passport over a distance of 10 metres and through two walls to a laptop.
Ah, the Home Office will say, but you still need to see the information in the passport that will form the key needed for connection. Well, not necessarily. Consider this scenario: A postman involved with organised crime knows he has a passport to deliver to your home. He already knows your name and address from the envelope. He can get your date of birth by several means, including credit-reference agencies or from the register of births, marriages and deaths (and, let's face it, he delivers all your birthday cards anyway).
He knows the expiry date - 10 years from yesterday, give or take a day, when the passport was mailed to you. That leaves the nine-digit passport number. NO2ID says reports from its 30,000 members up and down the country are throwing up a number of similarities in the first four digits of the passport number, so that reduces the number of permutations, potentially leaving five purely random numbers to establish.
"If the rogue postman were to take your passport home, without opening the envelope he could put it against a reader and begin a 'brute force' attack in which your computer tries 12 different permutations every second until it has the right access codes," says Laurie. "A five-digit number would take 23 hours to crack at the most. Once all those numbers were established, you could communicate with the RFID chip and steal all the information. And your passport could be delivered to you, unopened and just a day late."
But is this really credible? Would criminals or terrorists really go to such lengths? (((Governments certainly would; do you think Mossad agents are going to be wandering around with clumsily forged passports?))) Ross Anderson, professor of security engineering at the University of Cambridge computer laboratory, believes they would. "The point is that once you have extracted the data from the chip you can have a forged passport that contains not just forged physical stuff," he says. "You also have the digital bit-stream so the digital signature of the passport checks out. That makes it possible to travel through borders with it.
"What concerns me is that this demonstrates bad design on the part of the Home Office, and we know that government IT projects have a habit of going terribly wrong. There is a lack of security in what we can see - so what about the 90% of the iceberg in the system that we can't see?
"There isn't even a defence against the brute-force attack. In much the same way as you are only allowed three attempts to feed in your PIN number at an ATM, the passport chip could have been made to stop allowing repeated incorrect attempts to contact it. As things stand, a computer can keep trying until it gets the numbers right. To say this doesn't matter displays a cavalier lack of concern." (((What it really displays is that government spooks intend to do all this anyway, and they can't believe that private sector spooks and hobbyists can take the trouble. Rather like the Pentagon unable to believe that Al Qaeda can make serious mischief.)))
The problems we have identified with RFID chips in passports raise all sorts of questions about the UK's proposed ID card scheme, which will use the same technology. The government has not said exactly what will be contained in the ID card's chip, but there will be a National Identity Register that could contain around 50 pieces of information about you, ranging from your name, age, and all your addresses, to your national insurance number and biometric details. Eventually, you may need one to access healthcare. It could even replace the passport.
Already, then, criminals and terrorists will have identified just how useful cloned ID cards might be. It would be folly to think their best minds are not on the case.
The Home Office insists that UK passports are secure and among the best in the world, but not everyone agrees. Last week, an EU-funded body entitled the Future of Identity in the Information Society (Fidis) issued a declaration on machine-readable travel documents such as RFID-chipped passports and ID cards. It said the technology was "poorly conceived" and added: "European governments have effectively forced citizens to adopt new ... documents which dramatically decrease their security and privacy and increase risk of identity theft."
(((They did this, not because they want to make private citizens more secure against ID theft, but because they want to install huge databases that track the movements of civil populations generally. The point of electronic ID is to input a suspect passport number and see every place that guy's been in the last 20 years. Then you compare that the movements of other known malefactors and you've got an instant Al Qaeda winnowing-machine.)))
(((Of course some individuals will suffer, but compared to the awesome imaginary benefits of Total Information Awareness, that's like watching a few Nevada civilians cough up their lungs from atom-bomb tests.)))
The government is now facing demands from the Liberal Democrats and anti-ID card groups for a recall of the passports so that simple devices such as foil covers can be installed - at enormous cost. Such covers would at least stop chips being scanned remotely, though they wouldn't prevent an unscrupulous hotel receptionist from opening the passport and sucking out its contents the way we did.
It may be that at some point in the future the government will accept that putting RFID chips in to passports is ill-conceived and unnecessary. Until then, the only people likely to embrace this kind of technology are those with mischief in mind.
Guardian Unlimited © Guardian News and Media Limited 2006
Posted by Bruce Sterling 4:37 AM PST |
Excerpted from Bruce Scheider - Security Expert Blog - his commentary has been italicized. His commentary is included within the body of the original story from the Guardian, one of England's better newspapers. Note that Canada and the U.S. are proposing a very similar approach with all the attendant flaws.
http://blog.wired.com/sterling/2006/11/arphid_watch_fi.html
Cracked it!
Three million Britons have been issued with the new hi-tech passport, designed to frustrate terrorists and fraudsters. So why did Steve Boggan and a friendly computer expert find it so easy to break the security codes?
Steve Boggan Friday November 17, 2006 Guardian http://www.guardian.co.uk/idcards/story/0,,1950226,00.html
Six months ago, with the help of a rather scary computer expert, I deconstructed the life of an airline passenger simply by using information garnered from a boarding-pass stub he had thrown into a dustbin on the Heathrow Express. By using his British Airways frequent-flyer number and buying a ticket in his name on the airline's website, we were able to access his personal data, passport number, date of birth and nationality. Based on this information, using publicly available databases, we found out where he lived, his profession, all his academic qualifications and even how much his house was worth.
It would have been only a short hop to stealing his identity, committing fraud in his name and generally ruining his life.
Great news then, we thought, that the UK had just begun to issue new, ultra-secure passports, incorporating tiny microchips to store the holder's details and a digital description of their physical features (known in the jargon as biometrics). These, the argument went, would make identity theft much more difficult and pave the way for the government's proposed ID cards in 2008 or 2009.
Today, some three million such passports have been issued, and they don't look so secure. I am sitting with my scary computer man and we have just sucked out all the supposedly secure data and biometric information from three new passports and displayed it all on a laptop computer.
The UK Identity and Passport Service website says the new documents are protected by "an advanced digital encryption technique". So how come we have the information? What could criminals or terrorists do with it? And what could it mean for the passports and the ID cards that are meant to follow?
First it is necessary to explain why the new passports were introduced, and how they work. After the 9/11 attack on the World Trade Centre, in which fake passports were used, the US decided it wanted foreign citizens who presented themselves at its borders to have more secure "machine-readable" identity documents. It told 27 countries that participated in a visa waiver programme that citizens with passports issued after the 26th of last month must have micro-chipped biometric passports or would have to apply for a US visa. Among those 27 countries are the major EU members, and other friendly nations ranging from Andorra and Iceland to Singapore, Japan and Brunei. The UK, of course, is also included.
(((If we simply returned to the security situation status quo ante on 9/10 instead of 9/11, it would be like the civilized world suddenly got over a massive, self-inflicted stupidity virus. Furthermore, we'd be a lot safer.)))
Standards for the new passports were set by the International Civil Aviation Organisation (ICAO) in 2003 and adopted by the waiver countries and the US. The ICAO recommended that passports should contain facial biometrics, though countries could introduce fingerprints at a later date. All these would be stored on a Radio Frequency Identification (RFID) microchip, which can be accessed from a short distance using radio waves. Similar chips are commonly found in retail, where they are used for stock control.
Fatally, however, the ICAO suggested that the key needed to access the data on the chips should be comprised of, in the following order, the passport number, the holder's date of birth and the passport expiry date, all of which are contained on the printed page of the passport on a "machine readable zone."
When an immigration official swipes the passport through a reader, this feeds in the key, which allows a microchip reader to communicate with the RFID chip. The data this contains, including the holder's picture, is then displayed on the official's screen. The assumption at this stage is that this document is as authentic as it is super-secure. And, as we shall see later, this could be highly significant.
Once the passports began to be issued in the UK in March, we began laying the foundations for examining them. Phil Booth, national coordinator of the campaign group NO2ID, suggested to his members that they apply for a new passport. Anyone who gets one before ID cards are rolled out will not have to register for a card until their passports expire in 10 years' time, and this appealed to Booth.
At the same time, Adam Laurie, my computer expert and technical director of the Bunker Secure Hosting, a Kent-based computer security company, and I began laying plans to examine the new passports. Laurie is actually not a scary individual - he is regarded in the industry as a technical wizard who cares about privacy and civil rights - but much of the electronic information he uncovers is. Two years ago, he revealed that Bluetooth mobile phones could be accessed remotely, drained of their contact details, diary entries and pictures, and manipulated to act as bugging devices. The cellphone industry spent millions of pounds plugging the gaps he exposed.
By last month, Booth, Laurie and I each had access to a new biometric chipped passport and were ready to begin testing them. (((Three guys. No budget to speak of. Mayhem ensues.))) Laurie's first port of call was the ICAO's website, where the organisation had published specifications for the new travel documents. This is where he learned that the key to opening up the secure chip was contained in the passports themselves - passport number, date of birth and expiry date.
"I was amazed that they made it so easy," Laurie says. "The information contained in the chip is not encrypted, but to access it you have to start up an encrypted conversation between the reader and the RFID chip in the passport.
"The reader - I bought one for £250 - (((okay, there must have been SOME budget))) has to say hello to the chip and tell it that it is authorised to make contact. The key to that is in the date of birth, etc. Once they communicate, the conversation is encrypted, but I wrote some software in about 48 hours that made sense of it. (((I hate reading stuff like this. "About 48 hours." Couldn't it have been at least 48 days or something?)))
"The Home Office has adopted a very high encryption technology called 3DES - that is, to a military-level data-encryption standard times three. So they are using strong cryptography to prevent conversations between the passport and the reader being eavesdropped, but they are then breaking one of the fundamental principles of encryption by using non-secret information actually published in the passport to create a 'secret key'. That is the equivalent of installing a solid steel front door to your house and then putting the key under the mat." (((Oh jeez. It's as Neal Stephenson said: cryptography is like a picket fence around your house that consists of one picket ninety miles tall.)))
Within minutes of applying the three passports to the reader, the information from all of them has been copied and the holders' images appear on the screen of Laurie's laptop. The passports belong to Booth, and to Laurie's son, Max, and my partner, who have all given their permission.
But could you - and what use would my passport be to you? A security feature of the chip ensures that information cannot be added or altered, so you couldn't put your picture on my chip. So is our attack really so impressive?
The Home Office thinks not. It correctly points out that the information sucked out of the chip is only the same as that which appears on the page, readable with the human eye. And to obtain the key in the first place, you would need to have access to the passport to read (with the naked eye) its number, expiry date and the date of birth of its holder.
"This doesn't matter," says a Home Office spokesman. "By the time you have accessed the information on the chip, you have already seen it on the passport. What use would my biometric image be to you? And even if you had the information, you would still have to counterfeit the new passport - and it has lots of new security features. If you were a criminal, you might as well just steal a passport."
However, some computer experts believe the Home Office is being dangerously naive. Several months ago, Lukas Grunwald, founder of DN-Systems Enterprise Solutions in Germany, conducted a similar attack to ours on a German biometric passport and succeeded in cloning its RFID chip. He believes unscrupulous criminals or terrorists would find this technology very useful.
"If you can read the chip, then you can clone it," he says. "You could use this to clone a passport that would exploit the system to illegally enter another country." (We did not clone any of our passport chips on the assumption that to do so would be illegal.)
Grunwald adds: "The problems could get worse when they put fingerprint biometrics on to the passports. There are established ways of making forged fingerprints. In the future, the authorities would like to have automated border controls, and such forged fingerprints [stuck on to fingers] would probably fool them."
But what about facial recognition systems (your biometric passport contains precise measurements of key points on your face and head)? "Yes," says Grunwald, "but they are not yet in operation at airports and the technology throws up between 20 and 25% false negatives or false positives. It isn't reliable."
Neither is the human eye, according to research conducted by a team of psychologists from the University of Westminster in 1996. Remember, information - such as a new picture - cannot be added to a cloned chip, so anyone using it to make a counterfeit passport would have to use one that bore a reasonable resemblance to themselves.
But during Westminster University's study, which examined whether putting people's images on credit cards might reduce fraud, supermarket staff drafted in for tests had great difficulty matching faces to pictures. The conclusion was that pictures would not improve security and they were never introduced on credit cards. This means that each time you hand over your passport at, say, a hotel reception or car-rental office abroad to be "photocopied", it could be cloned with equipment like ours. This could have been done with an old passport, but since the new biometric passports are supposed to be secure they are more likely to be accepted without question at borders.
Given the results of the Westminster study, if a terrorist bore a slight resemblance to you - and grew a beard, perhaps - he would have a good chance of getting through a border. Because his chip is cloned, with the necessary digital signatures, and because you have not reported your passport stolen - you still have it! - his machine-readable travel document will get him wherever he wants to go, using your identity. (((In other words, electronic passport theft is about as handy as regular, commercial identity theft. The real hell would come if the authorities didn't bother to stare at the passport but simply trusted the signal from the chip. Which was supposed to be the idea in the first place: these arphids are supposed to be making transit SAFER AND FASTER AND MORE CONVENIENT, not just introducing a new level of Rube Goldberg snafu.)))
What about the technical difficulties? The government claims the new biometric passport chips can be read over a distance of just 2cm, but researchers all over the world claim to have read them from further. The physics governing those in British passports says they could be read over a metre, but no one has yet done that. A Dutch team claims to have contacted chips at 30cm.
Laurie has, however, rigged up a piece of equipment that can connect to a passport over 7.5cm. That isn't as far as the Dutch 30cm, but it is enough if your target subject is sitting next to you on the London Underground or crushed up against you on the Gatwick Airport monorail, his pocketed passport next to the reader you have hidden in a bag. ((("Arphid pickpockets.")))
It takes around four seconds to suck out the information with a reader; then it can be relayed and unscrambled by an accomplice with a laptop up to 1km away. With a Heath Robinson device we built on Tuesday using a Bluetooth antenna connected to an RFID reader, Laurie relayed details of his son's passport over a distance of 10 metres and through two walls to a laptop.
Ah, the Home Office will say, but you still need to see the information in the passport that will form the key needed for connection. Well, not necessarily. Consider this scenario: A postman involved with organised crime knows he has a passport to deliver to your home. He already knows your name and address from the envelope. He can get your date of birth by several means, including credit-reference agencies or from the register of births, marriages and deaths (and, let's face it, he delivers all your birthday cards anyway).
He knows the expiry date - 10 years from yesterday, give or take a day, when the passport was mailed to you. That leaves the nine-digit passport number. NO2ID says reports from its 30,000 members up and down the country are throwing up a number of similarities in the first four digits of the passport number, so that reduces the number of permutations, potentially leaving five purely random numbers to establish.
"If the rogue postman were to take your passport home, without opening the envelope he could put it against a reader and begin a 'brute force' attack in which your computer tries 12 different permutations every second until it has the right access codes," says Laurie. "A five-digit number would take 23 hours to crack at the most. Once all those numbers were established, you could communicate with the RFID chip and steal all the information. And your passport could be delivered to you, unopened and just a day late."
But is this really credible? Would criminals or terrorists really go to such lengths? (((Governments certainly would; do you think Mossad agents are going to be wandering around with clumsily forged passports?))) Ross Anderson, professor of security engineering at the University of Cambridge computer laboratory, believes they would. "The point is that once you have extracted the data from the chip you can have a forged passport that contains not just forged physical stuff," he says. "You also have the digital bit-stream so the digital signature of the passport checks out. That makes it possible to travel through borders with it.
"What concerns me is that this demonstrates bad design on the part of the Home Office, and we know that government IT projects have a habit of going terribly wrong. There is a lack of security in what we can see - so what about the 90% of the iceberg in the system that we can't see?
"There isn't even a defence against the brute-force attack. In much the same way as you are only allowed three attempts to feed in your PIN number at an ATM, the passport chip could have been made to stop allowing repeated incorrect attempts to contact it. As things stand, a computer can keep trying until it gets the numbers right. To say this doesn't matter displays a cavalier lack of concern." (((What it really displays is that government spooks intend to do all this anyway, and they can't believe that private sector spooks and hobbyists can take the trouble. Rather like the Pentagon unable to believe that Al Qaeda can make serious mischief.)))
The problems we have identified with RFID chips in passports raise all sorts of questions about the UK's proposed ID card scheme, which will use the same technology. The government has not said exactly what will be contained in the ID card's chip, but there will be a National Identity Register that could contain around 50 pieces of information about you, ranging from your name, age, and all your addresses, to your national insurance number and biometric details. Eventually, you may need one to access healthcare. It could even replace the passport.
Already, then, criminals and terrorists will have identified just how useful cloned ID cards might be. It would be folly to think their best minds are not on the case.
The Home Office insists that UK passports are secure and among the best in the world, but not everyone agrees. Last week, an EU-funded body entitled the Future of Identity in the Information Society (Fidis) issued a declaration on machine-readable travel documents such as RFID-chipped passports and ID cards. It said the technology was "poorly conceived" and added: "European governments have effectively forced citizens to adopt new ... documents which dramatically decrease their security and privacy and increase risk of identity theft."
(((They did this, not because they want to make private citizens more secure against ID theft, but because they want to install huge databases that track the movements of civil populations generally. The point of electronic ID is to input a suspect passport number and see every place that guy's been in the last 20 years. Then you compare that the movements of other known malefactors and you've got an instant Al Qaeda winnowing-machine.)))
(((Of course some individuals will suffer, but compared to the awesome imaginary benefits of Total Information Awareness, that's like watching a few Nevada civilians cough up their lungs from atom-bomb tests.)))
The government is now facing demands from the Liberal Democrats and anti-ID card groups for a recall of the passports so that simple devices such as foil covers can be installed - at enormous cost. Such covers would at least stop chips being scanned remotely, though they wouldn't prevent an unscrupulous hotel receptionist from opening the passport and sucking out its contents the way we did.
It may be that at some point in the future the government will accept that putting RFID chips in to passports is ill-conceived and unnecessary. Until then, the only people likely to embrace this kind of technology are those with mischief in mind.
Guardian Unlimited © Guardian News and Media Limited 2006
Posted by Bruce Sterling 4:37 AM PST |
11/8/06
11/6/06
UK is a surveillance society
From www.boingboing.net
The UK information commissioner called Britain a surveillance society, where "dataveillance" of buying habits is combined with cameras and other surveillance methods to track practically every movement of Britons.
From www.boingboing.net
The UK information commissioner called Britain a surveillance society, where "dataveillance" of buying habits is combined with cameras and other surveillance methods to track practically every movement of Britons.
The report's co-writer Dr David Murakami-Wood told BBC News that, compared to other industrialised Western states, the UK was "the most surveilled country"."We have more CCTV cameras and we have looser laws on privacy and data protection," he said.
10/31/06
10/26/06
How to Hack the Vote and Steal the Election
"Many people have asked for it so that the government will have to deal with it. So here it is: a guide to stealing an election that uses electronic voting machines written by Jon Stokes over at Arstechnica. From the article: "In all this time, I've yet to find a good way to convey to the non-technical public how well and truly screwed up we presently are, six years after the Florida recount. So now it's time to hit the panic button: In this article, I'm going to show you how to steal an election.""
"Many people have asked for it so that the government will have to deal with it. So here it is: a guide to stealing an election that uses electronic voting machines written by Jon Stokes over at Arstechnica. From the article: "In all this time, I've yet to find a good way to convey to the non-technical public how well and truly screwed up we presently are, six years after the Florida recount. So now it's time to hit the panic button: In this article, I'm going to show you how to steal an election.""
10/25/06
10/23/06
10/20/06
10/18/06
10/16/06
10/12/06
Herewith: Merlin’s top 5 super-obvious, “no-duh” ways to immediately improve your life.
1. Reduce noise - We all have innumerable inboxes, interruptions, and distractions that are part of work and life — you can’t change that. What you can do is get more hard-nosed about the elective diversions that you invite into your world. Cancel a subscription for a magazine you never read or sign off an annoying mailing list. Needles get easier to find when you aren’t constantly adding new hay to the stack.
2. Write things down - Ever find a piece of paper in your office with seven digits on it? You know it’s a phone number, but whose? Get ruthless about jotting down ephemeral information if you’ll need to recall it later. Remember that your brain is a creative organ with limitless creative possibilities — but it makes a really crummy whiteboard.
3. Focus on action - My favorite productivity book, “Getting Things Done” highlights how anything you want to do in life eventually comes down to intentional physical activity — even if it’s something as mundane as “take out trash” and “call Mom.” Learn the habit of planning your world around action verbs rather than fuzzy nouns. “Implement Strategy” is not a task; it’s a project. “Call Jim about strategy” is a very do-able “next action” that keeps the ball in motion.
4. Get out of your inbox - Many of us are habituated to living out of our email inbox, voicemail, and the other “in baskets” of our lives. Instead, try to set aside regular, periodic times when you trawl for the new content in your life — then get back to work! Inboxes are delivery systems, not workspaces. The real work is happening in your brain and practically every other place that’s not an inbox. Stop allowing yourself to be brow-beaten by the latest, loudest, or most dramatic item that’s landed in your world.
5. Get pickier - You are the sole person in your life who gets to decide where your time and attention can go. Take that responsibility seriously by not wasting time on junk. You know in your heart what’s really important to you — does the current direction of your time and attention reflect that? Is “kid hugging” time where it should be in proportion to “Blackberry checking” time? Be mindful at the highest level about where you focus your energy, and always strive not to squander it on undeserving activities.
1. Reduce noise - We all have innumerable inboxes, interruptions, and distractions that are part of work and life — you can’t change that. What you can do is get more hard-nosed about the elective diversions that you invite into your world. Cancel a subscription for a magazine you never read or sign off an annoying mailing list. Needles get easier to find when you aren’t constantly adding new hay to the stack.
2. Write things down - Ever find a piece of paper in your office with seven digits on it? You know it’s a phone number, but whose? Get ruthless about jotting down ephemeral information if you’ll need to recall it later. Remember that your brain is a creative organ with limitless creative possibilities — but it makes a really crummy whiteboard.
3. Focus on action - My favorite productivity book, “Getting Things Done” highlights how anything you want to do in life eventually comes down to intentional physical activity — even if it’s something as mundane as “take out trash” and “call Mom.” Learn the habit of planning your world around action verbs rather than fuzzy nouns. “Implement Strategy” is not a task; it’s a project. “Call Jim about strategy” is a very do-able “next action” that keeps the ball in motion.
4. Get out of your inbox - Many of us are habituated to living out of our email inbox, voicemail, and the other “in baskets” of our lives. Instead, try to set aside regular, periodic times when you trawl for the new content in your life — then get back to work! Inboxes are delivery systems, not workspaces. The real work is happening in your brain and practically every other place that’s not an inbox. Stop allowing yourself to be brow-beaten by the latest, loudest, or most dramatic item that’s landed in your world.
5. Get pickier - You are the sole person in your life who gets to decide where your time and attention can go. Take that responsibility seriously by not wasting time on junk. You know in your heart what’s really important to you — does the current direction of your time and attention reflect that? Is “kid hugging” time where it should be in proportion to “Blackberry checking” time? Be mindful at the highest level about where you focus your energy, and always strive not to squander it on undeserving activities.
10/3/06
9/30/06
9/25/06
9/24/06
9/17/06
9/8/06
When what we love and who we love are at odds
Link
For me, croc feeding joined skydiving and most of jaywalking, even, on
my personal list of Things I Could Conceivably Rationalize Before The
Kid, But That I Now Feel Too Burdened With Responsibility To Stay Alive
To Take Up. That list is going to be different for everyone, and none is
or should be the Dad In The Plastic Bubble, but I really wonder where
and how you negotiate the line between yourself and your family.
For me, croc feeding joined skydiving and most of jaywalking, even, on
my personal list of Things I Could Conceivably Rationalize Before The
Kid, But That I Now Feel Too Burdened With Responsibility To Stay Alive
To Take Up. That list is going to be different for everyone, and none is
or should be the Dad In The Plastic Bubble, but I really wonder where
and how you negotiate the line between yourself and your family.
9/6/06
He's so post-modern. At least he is trying hard with the use of the camera to represent the impermanence of narrative and the fallacy of voice as an interpretive device. I think the baby is grounding him too much in the historical flow and the classical narrative structure for the image to be fully post-modern.
Subscribe to:
Posts (Atom)
