Month: February 2009

OC Transpo bus pass refunds

If anyone needs yet another reason to dislike OC Transpo (after this and this), it seems that they are trying to minimize the number of people who bought bus passes for December and who get the promised refunds:

Until Feb. 21, riders could bring their December passes to a kiosk and receive a full cash refund. But now that the deadline has passed, those still holding those passes must mail them to OC Transpo by Saturday and they will then receive a cheque in the mail — which may help those who gave up on the long line-ups at kiosks this past Saturday.

If riders miss the Feb. 28th deadline, they can exchange their December pass for a discount on a March pass.

The situation for those of us with annual passes remains ambiguous. We were being charged during the span when there was no bus service, and I don’t yet know what remedy (if any) will be offered.

Anyhow, those who bought monthly passes for December should mail them off as soon as possible.

Tropical forest carbon sinks

Shadows in downtown Ottawa

A recent Nature article discusses the status of forest-based carbon sinks in general, with special emphasis on an African sink that is estimated to be absorbing 1.2 billion tonnes of carbon dioxide per year: nearly twice the level of Canada’s 2006 emissions.

Today’s launch of the Orbital Carbon Observatory should help scientists to gain a better sense of how carbon dioxide is moving through and between the atmosphere, hydrosphere, and biosphere.

All told, the article estimates that 18% of human carbon dioxide emissions are being absorbed by tropical forests. The article highlights the uncertainties involved in the future trajectory of absorption by this sink. It may be that additional atmospheric CO2 causes it to maintain or even increase its absorption in the medium term. Conversely, it may be that the trees will reach a maximum size and cease to absorb further carbon, or that temperature and precipitation changes caused by global warming will restrict growth.

In any event, humanity will be in a better position to plan for the future once we have a deeper understanding of the nature of existing carbon sinks, and better projections for how they will respond to future conditions. In the mean time, working to avert further tropical deforestation is an important precautionary step.

Cool Tools on The Deniers

I was disappointed by a recent entry in the Cool Tools blog – a place that normally highlights useful stuff like little tripods. Their post on the 16th, which got re-posted on Boing Boing, was about Lawrence Solomon’s book: The Deniers: The World Renowned Scientists Who Stood Up Against Global Warming Hysteria, Political Persecution, and Fraud – And those who are too fearful to do so. The post argued that since science is advanced by those who question current beliefs, we should encourage those who question the reality of anthropogenic climate change.

It is regrettable that the mistaken impression endures that the key tenets of climatic science are still disputed by the scientific community as a whole. Greenhouse gasses unambiguously cause warming, and humanity is unambiguously releasing those gasses. While we certainly need critical thinking to advance climatic science (there is much left to learn about feedbacks and the internal dynamics of the climate system) the kind of people who deny the existence or seriousness of climate change are not engaged usefully with the scientific discussion. In most cases, they tell stories that contradict one another (it’s not happening, it’s not caused by greenhouse gasses, it is likely to be beneficial, it is all China’s fault, etc). In most cases, I also don’t think they are genuine in their approach: they are united by the desire to avoid government regulation of greenhouse gasses, not by a substantive disagreement about what is happening in the world.

Given the strength of entrenched interests opposed to climate change regulation, people willing to add confusion to the debate will always be able to find financial support. That is, at least, until society as a whole finally appreciates that their arguments are self-serving and wrong.

Legal guide for bloggers

Andrea Simms-Karp winking

For those who are serious about their blogging, or simply concerned about the legal ramifications of the practice, the Electronic Frontier Foundation has a Bloggers’ Legal Guide available.

While it is focused on American law, the general principles and issues discussed are likely to be relevant elsewhere. Issues covered include intellectual property, defamation, the legal status of bloggers as journalists, and more. It also includes a page specifically for students.

People living in countries that have weaker protections for free speech might be better served by the BBC’s guide: How to avoid libel and defamation. On a side note, I certainly hope that British law evolves away from requiring the author to prove their comments were justified and towards requiring the person or organization alleging libel or defamation to prove that such things took place. The current approach encourages frivolous lawsuits and drives journalists to bury or tone down stories without due cause.

OC Transpo and atheism

In case anyone needed yet another reason to dislike OC Transpo, it seems they have decided not to allow a group of atheists to run the same bus ads that have been displayed in London and elsewhere. The ads read: “There’s probably no God. Now stop worrying and enjoy your life.”

The ads will be running in Toronto and Calgary, though they have been rejected in Vancouver, Victoria, Kelowna, Halifax, and London.

Naturally, it would be unthinkable for bus companies to refuse a similarly innocuous banner promoting a particular religious organization.

The ‘SSL strip’ exploit

Emily Horn with garlic bread

The Secure Sockets Layer (SSL) is one of the world’s most important forms of commercial encryption. It is the public key system generally employed by e-commerce websites like Amazon, in order to prevent payment details from being intercepted by third parties. At this week’s Black Hat security conference in Washington, details were released on an exploit that takes advantage of the weak way in which SSL is implemented in secure (HTTPS) websites.

The tool – called ‘SSL strip’ – is based around a man-in-the-middle attack, where the system for redirecting people from the insecure to the secure version of a web page is abused. By acting as a man-in-the-middle, the attacker can compromise any information sent between the user and the supposedly secure webpage. The author of the exploit claims to have used it to steal data from PayPal, GMail, Tickermaster, and Facebook – including sixteen credit card numbers and control of more than 100 email accounts.

This kind of vulnerability has always existed with SSL because it is difficult to be certain about where the endpoints of communication lie. Rather than having a secure end-to-end connection between Amazon and you, there might be a secure connection between you and an attacker (who can read everything you do in the clear), and then a second secure connection between the attacker and Amazon.

To some extent, the problem can be mitigated through technical means (as described in the linked article). Beyond that, the question arises of what constitutes adequate precautions, from both a legal and a personal standpoint, and who should pay the costs associated with data breaches and fraud.

[Update: 23 February 2009] The slides from the original presentation about SSL Strip are available here and here. Both servers are under a fair bit of strain, due to all the popular interest about this topic, so it may be tricky to access them during the next few days.

[Update: 25 February 2009] SSL Strip can actually be downloaded on Marlinspike’s website.

[Update: 5 November 2009] One thing I think these SSL exploits (and others described in comments below) demonstrate is that we cannot rely completely on technical means to avoid fraud and theft online. There is also a role to be played by laws on liability and other means.

Plants and infrared light

If you have ever seen plants photographed using infrared film, you will know that they have a weird glowing quality when viewed at those wavelengths.

Apparently, the reason behind this has to do with quantum mechanics and photosynthesis. Photons with shorter wavelengths (violet and beyond) have higher energy than those with longer wavelengths (red and beyond, in the other direction). Since only photons with a certain level of energy can be used by photosystems I and II in chloroplasts, plants reflect insufficiently energetic photons, rather than absorbing them. This keeps them from taking in uselessly low energy photons which would simply turn into heat, rather than powering their photosynthetic machinery.

Canadian content requirements for the internet?

Apparently, the Canadian Radio-television and Telecommunications Commission (CRTC) is considering Canadian content requirements for the internet. While I do support the existence of public broadcasters, I have never felt the same way about Canadian content rules for television or the radio. To me, they seem parochial and unnecessary; why does it matter whether people want to watch shows or listen to music that originated elsewhere?

Of course, the internet idea is even more dubious. Unlike radio and television, where you get to choose between channels but have no input into what each one is putting out, the internet lets you choose each film or song individually. As such, enforcing Canadian content requirements is both more intrusive and less practically feasible.

I remember when there were high hopes that the internet would be free from this sort of petty governmental manipulation. Unfortunately, with all the censorship, dubious monitoring, and other governmental shenanigans happening now, it isn’t surprising that yet another government agency wants to assert its regulatory influence over what happens online.

Hearings begin on Tuesday, with the aim of reviewing the current policy of not regulating content on cell phones and the internet.

Webs of trust in academic publishing

Geometric sculpture

Public key cryptography was a breakthrough because of the many new types of secure communication it suddenly permitted: most importantly, between people who do not have a trusted channel through which to exchage a symmetric key. Instead, it permits each partner to make a public key widely available, as well as use the public keys of others to encrypt messages that only they can decrypt.

One avenue of attack against this kind of system is for an attacker to make a public key available that they pretend belongs to someone else. For instance, you mighy try to impersonate a government or industry figure, then have people send sensitive materials to you inadvertantly. One way to prevent this kind of attack is to use key signing: an approach employed by both the commercial software PGP and the free GPG alternative. With key signing, you produce a web of trust, in which people use their own secret keys to vouch for the validity of public keys posted by others. That way, if I trust Bob and Bob trusts Jim, I can adopt that trust transitively.

GPeerReview is a system intended to extend this trust function to the review of academic work. Reviewers produce comments on documents and sign them with their keys. These comments can include different levels of endorsement for the work being scrutinized.

It is difficult to know whether the level of academic fraud that takes place justifies this sort of cryptographic response, but it seems like a neat idea regardless. Providing secure mechanisms for people to prove who they are and that things are properly attributed to them is increasingly important as technology makes it ever-easier for nefarious individuals to impersonate anyone in front of a wide audience.