Richard Casement internship

The Economist’s Richard Casement internship is seeking applicants once again. The winner will spend three months this coming summer in London, writing about science and technology. They are most keen on people with a scientific background who are inclined to try their hand at journalism. The work environment would probably be incredibly stimulating, and the intern would likely make a lot of useful contacts. Partly because of that, they get a lot of applicants. Despite how the job offers only a “small stipend,” they got 220 applicants for the position last year.

I am not applying this year, though I encourage others to do so. The article I wrote last year, about the importance of hash functions, can be accessed online.

Comprehensive storage

Your average active computer user has more and more data. The first computer I effectively administered had 170 megabytes of hard disk space. Difficult choices had to be made about the relative merits of Doom versus Simcity. Now, just my primary email account has 1500 megabytes of data in it. I have 15 gigabytes worth of photos I have taken (all since 2005) and 20 gigabytes of music.

All this has been made possible by dramatically falling storage prices, combined with the spread of broadband internet. Soon, I expect that this combination will reach its logical conclusion. Right now, people are constrained by the size of their smallest hard drive, as well as by the difficulty of accessing larger remote drives. Eventually, I expect that most people will have a multi-terabyte disk connected to the internet at high speed and securely accessible from virtually any device in the world over the internet. The biggest question is whether this will be an ‘answering machine’ or a ‘voicemail’ solution.

The answering machine option is a big disk purchased by an individual consumer (perhaps a rack of disks, so that cheaper bigger ones can be added to the array as they become available). A company that made three things easy would have a license to print money. The first is integrated ease of use. iTunes music on the big disk should be immediately accessible from a person’s laptop or iPhone, provided they have internet access. The same should be true for saved television shows, photos, etc. The second is effortless backup. It is perfectly feasible to have a disk that is big enough to ensure that the failure of any one component does not lead to any loss of data. The third is security. The big disk should be secure enough against outside attack for use in storing commercially sensitive materials; likewise, the connection between outside devices and the disks should be secure. Probably, this means different levels of access for different sorts of devices, managed through a good user interface.

The voicemail option is to leave all the kit to someone else and just buy a service. Lots of companies are moving towards this model. In many ways, it’s a lot more efficient. Maintaining adequate but not excessive space for a million users is easier than doing the same thing for one; there are also economies of scale, since you can have specialists do all the technical work. The downsides of this model are mostly security related. You need to trust the service provider to keep your data safe. You also need to trust them not to apply arbitrary constraints on how you can use it, as Apple has sometimes done.

I predict that most people will use the second model exclusively, and will pay little or nothing to do so. More technically savvy people will run their own drives, but will probably use external services for (free) unencrypted or (subscription based) encrypted backup. Personally, I can’t wait. External hard drives have the feel of a 1980s solution, rather than one that is aware of the potential of the internet.

Seeking USB stick crypto

A piece of software that does the following would be very helpful to me:

  1. Creates an encrypted archive on a USB key
  2. Does so using a credible open-source algorithm, such as AES
  3. Ideally, is open source and well scrutinized by competent members of the security community
  4. This archive can be read using software on the key, on either a Mac OS X machine or a Windows XP box
  5. The software that does the encryption and decryption does not require administrator priveleges to run.

Do any such utilities exist? TrueCrypt is cool, but requires an admin account. SanDisk’s CruzerLock is Windows only, and has a really awkward interface. The disk encryption feature of PGP cannot be run off a flash drive. The encrypted disk images created by Mac OS cannot be read using a Windows machine.

Responding to the violence in Kenya

Hydro installation on the Ottawa River

Reading about the ongoing strife in Kenya is both worrisome and depressing. This is especially true if the lessons of Paul Collier’s The Bottom Billion are taken to heart. He highlights how a single period of instability can often initiate a pattern of recurring conflict, as well as how problems in one state can plague an entire region. Both risks seem to be acute in the Kenyan case, as democratic institutions and investor confidence are undermined and the trade and security prospects of landlocked neighbouring states like Uganda and Rwanda are threatened. The last thing Africa needs is another unstable neighbourhood, in addition to those around Sudan, Zimbabwe, and the DRC.

All the more reason for the African Union and other bodies to use their influence to convince Mwai Kibaki to change course. Ideally, the election that he rigged should be repeated under fair conditions, as monitored and enforced by representatives of the international community. The AU has been shamefully complacent in the face of abusive and corrupt regional governments, but it has an opportunity here to limit the scope of escalating violence and hopefully prevent the descent of the region into a conflict trap. For the sake of Kenya, the region, and the continent, other influential powers and organizations should support that effort.

Facebook and the expectation of privacy

Graffiti on a bench

Another privacy spat has erupted in relation to Facebook, the social networking site. It all began when the site began actively advertising everything you did you all of your friends: every time a photo was updated or a relationship status changed, everyone could see it by default, rather than having to go looking. After that, it emerged that Facebook was selling information to third parties. Now, it seems that the applications people can install are getting access to more of their information than is required for them to operate, allowing the writers of such applications to collect and sell information such as the stated hometown and sexual orientation of anyone using them.

Normally, I am in favour of mechanisms to protect privacy and sympathetic to the fact that technology makes that harder to achieve. Facebook, I think, is different. As with a personal site, everything being posted is being intentionally put into the public domain. Those who think they have privacy on Facebook are being deluded and those who act as though information posted there is private are being foolish. The company should be more open about both facts, but I think they are within their rights to sell the information they are collecting.

The best advice for Facebook users is to keep the information posted trivial, and maintain the awareness that whatever finds its way online is likely to remain in someone’s records forever.

[Update: 12 February 2008] Canada’s Privacy Comissioner has a blog. It might be interesting reading for people concerned with such matters.

Cut cables in the Middle East

Something strange is happening to undersea fiber optic cables in the Middle East: they are being cut. At least four, and possibly five, of the communications links have failed in the last twelve days. The first two were allegedly damaged by a ship’s anchor; subsequent failures are more mysterious. Serious disruptions are being experienced in Egypt and India, along with lesser problems in Bahrain, Bangladesh, Kuwait, the Maldives, Pakistan, Qatar, Saudi Arabia and the United Arab Emirates. The fifth cable cut seems to have disabled internet access in Iran.

It’s tempting to ascribe some nefarious motive to all of this. That said, it is sensible to recall how past hysterias proved unjustified. After much hoopla in the media, it turned out that the ‘cyberwar’ against Estonia was the work of a twenty year old subsequently fined $1,620 for his misdeeds.

The cable problems are being widely discussed:

[Update: 16 February 2008] According to The Economist, all this was just hysteria.

The failure of liberal dreams for Afghanistan

Sayed Pervez Kambaksh’s death sentence is a compelling demonstration of how thoroughly the west has failed in Afghanistan. The death sentence was issued by an Afghan court in response to the allegation that Kambaksh had downloaded and distributed a report about the oppression of women. This is not the first time a death sentence has been issued for blasphemy in Afghanistan since the imposition of the Karzai government, but it is a pretty egregious case. Yesterday, the sentence was confirmed by the Afghan Senate.

Is the whole point of the war in Afghanistan the replacement of one brutal band of thuggish warlords with another? Admittedly, the present government is better than the Taliban was, but that is hardly a ringing endorsement. Canada is considering an ever-more long term commitment to the protection of this government while, at the same time, we cannot trust them not to torture detainees that are transferred to them.

What is to be done in response? Do we become hard-headed realists, asserting that aiming to empower women or promote human rights was never a realistic or appropriate aim of the war in Afghanistan? Supporting a government just because they seem relatively pliable and seem to say the right things about cracking down on groups that worry us is certainly a practice with a long history. That said, it isn’t a very successful one. After all, it is why the west armed the Mujahideen in the first place (not to mention the Pinochets and Musharrafs of the world). Do we become isolationists, then, despairing of our ability to effect any progressive or worthwhile change in the world? That doesn’t seem practically or morally tenable in a world as interconnected as ours has become.

Perhaps all we can do is become a bit more cynical and a lot more critical about the supposed justifications for interventions. Rather than aspiring to replace oppressive societies with somewhat better ones, perhaps we should admit that overthrowing governments – however awful – will normally lead to horribly broken societies. That is not to say that it is always the worst option available. A horribly broken society is better than one in which an active genocide is occurring. With such exceptions admitted, it does seem as though the dream of a transition to liberal democracy through military intervention has been essentially invalidated by the experience of western states in Afghanistan and Iraq since 2001.

Radiation types and units

Types of radiation

Radiation is categorized in several different ways. One is on the basis of energy levels: ionizing radiation is sufficiently energetic that it can cause an atom or molecule to be stripped of an electron, turning it into an ion. This depends on the energy level of the individual particles or waves and has nothing to do with the total number of them. Non-ionizing radiation is simply that which doesn’t have enough energy to liberate an electron.

Another way to classify radiation is in terms of whether it is electromagnetic (consisting of photons) or particle radiation. There are three types of particle radiation: alpha decay, based on the emission of two protons and neutrons bound together in a helium nucleus, beta decay, wherein the particle emitted is an electron, and neutron radiation, where atoms release neutrons. Alpha particles are not generally very dangerous, because they are unable to penetrate much of substance. Even a few centimetres of air can have a strong protective effect. That said, ingestion can still be highly dangerous. The Polonium-210 that killed Alexander Litvinenko is an alpha emitter. Beta particles can usually be shielded from using a few milimetres of lead. Neutron radiation is unusual insofar as it is capable of producing radioactivity in the atoms it encounters. Shielding consists of a large mass of hydrogen rich materials.

Electromagnetic radiation with sufficient energy to be ionizing cosists of x-rays and gamma rays. Both consist of high-energy photons (those with short wavelengths), with gamma rays having shorter wavelengths than x-rays (10^(-12)m rather than 10^(-10)m). Shielding, especially for gamma rays, must be dense and fairly extensive.

Measuring radiation

Radiation is also measured in a variety of ways: important ones being Roentgens, rads, rems (Roentgen equivalent in man), Curies, Becquerels, and Sieverts.

Becquerels are a unit of radioactive decay based only on the number of decays per second. A Curie is equal to 3.7 x 10^10 Becquerels, and is approximately equivalent to the activity of 1 gram of Radium isotope. These units reflect the number of emissions only – not their physical or biological effects.

A Roentgen is a measure of ionizing radiation based on the ratio between charge and unit mass. Rads are a largely obselete unit of radiation dose, equal to 100 ergs of energy being absorbed by one gram of matter. Rems are the product of the number of Roentgens absorbed, multiplied by the biological efficiency of the radiation. Rems are also considered highly dated as a measure of radiation. 450 rems is an approximate lethal dose (LD50), for those who do not receive prompt treatment.

Sieverts are the recommended replacemend, “found by multiplying the absorbed dose, in grays, by a dimensionless “quality factor” Q, dependent upon radiation type, and by another dimensionless factor N, dependent on all other pertinent factors.” The LD50 for ionizing radiation is about 5 grays or about 3-5 Sieverts. If the biological efficiency used to calculate rems equals one, one Sievert is 100 rems.

Mastercard and RFID

I got a replacement Mastercard in the mail today and was slightly surprised to learn that it has an embedded radio frequency identification (RFID) tag in it. The idea is that it will let merchants bill you card by having you put it near a reader, rather than swipe it though a magnetic strip reader. The existence of the RFID tag does raise a couple of issues, however.

First, it has been shown that such tags can be activated using inexpensive directional transmitters from relatively long ranges. The way they work is by using the energy in the incoming radio signal to power the circuitry that produces a response. I don’t know if the tag in my card simply has a unique identifier, or whether it actually performs a challenge-response authentication. Either way, it is likely that the presence of the card, and the fact that it is a Mastercard, can be determined at a distance of several tens of metres at least, using information and equipment fairly easily acquired.

Secondly, I don’t know about the liability associated with such cards. I know that if I lose my Mastercard and report it promptly, I am only liable or $50 at the most. I am not sure about a situation where somebody clones the RFID tag and uses it to make purchases.

Overall, I see little value in contact-free payment systems. I would rather have a traditional card without new features and vulnerabilities. Unfotunately, Mastercard says that RFID-free cards are no longer available.

More on RFID:

Good information on space militarization

This briefing on the militarization of space is very interesting. It is especially good insofar as it describes the special situation of the United States in relation to space and warfare, the consequences of the recent Chinese test of an anti-satellite missile, and some of the practicalities involved in tracking space debris and keeping satellites away from it.