climate change policy, science, and activism; photography; cartography and mapmaking
I have made my Montreal transition from ‘official business’ to ‘touristic exploration.’ Having traded a suit and tie for cargo pants and a microfibre shirt – and a hotel bed for a hostel air mattress – I am off to explore the city a bit.
My earlier request for information about any good plays, art shows, concerts, or other entertainments is re-affirmed with added urgency.
Anne Michaels’ Fugitive Pieces is too overwhelming a book for me: overwhelming with sadness, with detail, with history, and with language evocative of inescapable grief. As such, it took me many weeks to read. One passage does a particularly good job of succinctly encapsulated the inescapable historical anguish that makes this small book so heavy:
History is the poisoned well, seeping into the groundwater. It’s not the unknown past we’re doomed to repeat, but the past we know. Every recorded event is a brick of potential, of precedent, thrown into the future. Eventually the idea will hit someone in the back of the head. This is the duplicity of history: an idea recorded will become an idea resurrected. Out of fertile ground, the compost of history.
That kind of curse extends to all the characters in the book. None find any comprehensive solace; none manage to lift their feet above the boggy terrain of the past and make their way to a firmer present shore. The book presents a number of brief illuminations, but each has the ultimate character of being palliative rather than redemptive:
But sometimes the world disrobes, slips its dress off a shoulder, stops time for a beat. If we look up at that moment, it’s not due to any ability of ours to pierce the darkness, it’s the world’s brief bestowal. The catastrophe of grace.
These people are swept along like houses carried by hurricane waters – whether floating towards tragedies or temporary reprieves from grief. The point is hammered home with talk of tornadoes transporting people or ripping them apart; lightning providing unexpectedly cooked geese, straight from the sky, or simply flattening people. Michaels’ people do not possess agency of the kind that we perceive ourselves to have, and which is essential to optimism.
The author’s approach to thought is almost completely unlike my own. Rather than focusing on patterns, both the author and the protagonists focus on details. Rather than drawing comprehensible conclusions from extrapolated data, they draw opaque, personal, emotional conclusions – as veiled as modern poems. The book is beautiful and powerful, but also soul-sapping and exhausting. It is a book with depths to reward you for your struggle.
In a way, this book is the antithesis of Nabokov’s Lolita. There, inherent ugliness is flawlessly concealed by language that has the power to immerse your whole mind in the succession of sounds and syllables. In Fugitive Pieces, your mind can never quite get to the language because it is hampered at all times by the heaviness of grief.
On Tuesday, the space shuttle launched once again on a mission to add another piece to the International Space Station (ISS). As I have said before, it is a needlessly dangerous, unjustifiably expensive, and rather pointless venture. The science could be equally well done by robots, without risking human lives, and without spending about $1.3 billion per launch (plus emitting all the greenhouse gasses from the solid rocket boosters and related activities).
More and more, the ISS looks like a hopeless boondoggle. The lifetime cost is being estimated at $130 billion, all to serve a self-fulfilling mandate: we need to put people into space to scientifically assess what happens when we put people into space. Furthermore, the window between the completion of the ISS in about 2012 and the potential abandonment of the station as soon as 2016 is quite narrow. Robert Park may have summed up the whole enterprise best when he remarked that:
“NASA must complete the ISS so it can be dropped into the ocean on schedule in finished form.”
Normally, I am a big supporter of science. I think funding the International Thermonuclear Experimental Reactor and Large Hadron Collider is wise; these machines will perform valuable scientific research. Likewise, I support the robotic work NASA does – especially when it comes to scientists looking down on Earth from orbit and providing valuable research and services. I support the James Webb telescope. I also support the idea that NASA should have some decent plans for dealing with an anticipated asteroid or comet impact. The ISS, by contrast, is a combination between technical fascination lacking strategic purpose and pointless subsidies to aerospace contractors.
Of course, the Bush plan to send people to Mars is an even worse idea with higher costs, more risk, and even less value.
This week’s Economist includes an unusually poor article on security. It explains that the upcoming Swiss election will be using quantum cryptography to transmit the results from polling stations to central tabulation centres. It alleges that this makes the whole electoral process more secure. This is wrong.
What this is essentially saying is that there would otherwise be a risk of manipulation of this data in transit. The chief polling officer at one station might send a set of figures that get altered by a malicious agent en route to the tabulation centre. Having an encrypted link prevents this man-in-the-middle attack. It does not prevent the polling officer from lying, or the person at the tabulation centre from manipulating the results they input into the counting machines. It doesn’t prevent ballot-stuffing, vote buying, or the compromise of computer systems used to collect or tally votes. In short, it provides no security for the parts of the electoral process that are actually vulnerable to attack. In the absence of good security at the more vulnerable points in the electoral process, using quantum cryptography is like putting a padlock on a paper bag.
Hopefully, they will print my brief letter taking them to task for allowing themselves to be seduced by technology, rather than think sensibly about security.
[Update: 29 October 2007] Bruce Schneier has written about this. Unsurprisingly, he agrees that using quantum cryptography does not increase the security of the Swiss election.
During the next three weeks, I am doing a bit of a tour of eastern Canadian cities. From tonight until Sunday, I will be in Montreal. I will be busy with work until Friday, but should have the weekend to appreciate the city. Montreal is definitely one of the most interesting places in Canada. It always seems more culturally vibrant than Toronto or Vancouver, particularly in the summer. If anybody knows of interesting events happening in Montreal during the upcoming weekend (concerts, art shows, plays, etc), I would really appreciate knowing about it.
From the evening of November 9th until the evening of the 12th, I am going to be in Toronto. While that is mostly for purposes of visiting family, I would also be keen to meet up with friends who will be around then. Six weeks after that, I will be in Vancouver.
Getting a bit of such travel in before this whole region becomes an ice cube seems like a good idea. That said, it has apparently been an unusually warm fall (bad news for the pine trees). Right now, it is 20°C outside, and it has been uncomfortably warm to bicycle uphill in a jacket recently, even in the middle of the night. I haven’t found it problematic to be walking to and from work in a dress shirt and no jacket, except where sudden downpours or puddle-splashing trucks have left me sopping. My historical chart suggests that temperatures at this time of year should be about 9°C. The fourteen day trend suggests that they will be getting closer to that vicinity pretty soon.
Only nerds and the nerd-tolerant should proceed past this point.
While it is obvious that the 2007 Fourth Assessment Report (4AR) of the Intergovernmental Panel on Climate Change (IPCC) was going to be more comprehensive than the 2001 Third Assessment Report (TAR), I was surprised to see the extent and the breakdown:
Sector – Studies assessed in TAR – Studies assessed in 4AR
Cryosphere: 23 – 59
Hydrology and water resources: 23 – 49
Coastal processes and zones: 4 – 56
Aquatic biological systems: 14 – 117
Terrestrial biological systems: 46 – 178
Agriculture and forestry: 5 – 49
Human health: 5 – 51
Disasters and hazards: 3 – 18Total: 95 – 577
While it is simplistic to equate the number of studies examined with the overall quality of the conclusions drawn, the large increase is certainly reflective of the amount of research being devoted to climate change issues, as well as the level of resources it has been deemed appropriate to spend examining that body of scientific work.
These figures come from Cynthia Rosenzweig, a research scientist at NASA and member of the IPCC’s second working group.
In order to be able to decipher a secret message through cryptanalysis, you need to have a sufficient quantity of data to evaluate whether it has been done properly. If all a cryptoanalyst has to work with is enciphered text (say, in the form of an intercepted message) the attempt to decipher it is called a ciphertext-only attack. For a variety of reasons, these are very tricky things to accomplish. The element described below is one of the most basic.
In order to understand why a message of sufficient length is important, consider a message that consists only of a single enciphered phone number: “724-826-5363.” These numbers could have been modified in any of a great number of ways: for instance, adding or subtracting a certain amount from each digit (or alternating between adding and subtracting). Without knowing more, or being willing to test lots of candidate phone numbers, we have no way of learning whether we have deciphered the message properly. On the basis of the ciphertext alone, 835-937-6474 is just as plausible as 502-604-3141.
Obviously, this is only a significant problem for short messages. One could imagine ways in which BHJG could mean ‘HIDE’ or ‘TREE’ or ‘TRAP.’ The use of different keys with the same algorithm could generate any four letter word from that ciphertext. Once we have a long enough enciphered message, however, it becomes a lot more obvious when we have deciphered it properly. If I know that the ciphertext:
UUEBJQPWZAYIVMNAZSUQPYJVOMDGZIQHWZCX
has been produced using the Vigenere cipher, and I find that it deciphers to:
IAMTHEVERYMODELOFAMODERNMAJORGENERAL
when I use the keyword MUSIC, it is highly likely that I have found both the key and the unenciphered text.
This concept is formalized in the idea of unicity distance: invented by Claude Shannon in the 1940s. Unicity distance describes the amount of ciphertext that we must have in order to be confident that we have found the right plaintext. This is a function of two things: the entropy of the plaintext message (something written in proper English is far less random than a phone number) and the length of the key being used for encryption.
To calculate the unicity distance for a mesage written in English, divide the length of the key in bits (say, 128 bits) by 6.8 (which is a measure of the level of redundancy in English). With about eighteen characters of ciphertext, we can be confident that we have found the correct message and not simply one of a number of possibilities, as in the phone number example. By definition, compressed files have redundancy removed; as such, you may want to divide the key length by about 2.5 to get their unicity distance. For truly random data, the level of redundancy is zero therefore the unicity distance is infinite. If I encipher a random number and send it to you, a person who intercepts it will never be able to determine – on the basis of the ciphertext alone – whether they have deciphered it properly.
For many types of data files, the unicity distance is comparable to that in normal English text. This holds for word processor files, spreadsheets, and many databases. Actually, many types of computer files have significantly smaller unicity distances because they have standardized beginnings. If I know that a file sent each morning begins with: “The following the the weather report for…” I can determine very quickly if I have deciphered it correctly.
Actually, the last example is particularly noteworthy. When cryptoanalysts are presented with a piece of ciphertext using a known cipher (say Enigma) and which is known to include a particular string of text (such as the weather report introduction), it can become enormously easier to determine the encryption key being used. These bits of probable texts are called ‘cribs‘ and they played an important role in Allied codebreaking efforts during the Second World War. The use of the German word ‘wetter’ at the same point in messages sent at the same time each day was quite useful for determining what that day’s key was.
Some people will be surprised to learn that the kiwi fruit (produced by a hybrid of Actinidia deliciosa and other species of that genus) was named after the somewhat similar looking bird of that name (Apterygidae Apteryx) in 1959 as a marketing ploy. Apparently, the fruit had previously been called a ‘Chinese gooseberry’ but that name was seen as overly political during the Cold War. The alternative name ‘melonette’ was problematic because melons faced high import tariffs. The solution dreamt up by the produce company Turners and Growers was thus to brand the fruit with the name of the bird it supposedly resembles. The general association between the bird, the word ‘kiwi,’ and people from New Zealand extends back before 1899. The kiwi bird has been part of the regimental signs of New Zealand Regimentas since the Second Boer War.
The whole thing is reminiscent of the re-branding of Patagonian Toothfish (Dissostichus eleginoides) as ‘Chilean Sea Bass.’ The intention to alter consumer perceptions of products by changing their names isn’t reserved for agricultural or fishery organizations trying to optimize their sales; some environmentalists are trying to re-brand ‘biodiesel’ with the moniker ‘industrial agrodiesel‘ in order to alter perceptions that this is a green or sustainable fuel.
Computer security is an arcane and difficult subject, constantly shifting in response to societal and technological forcings. A layperson hoping to get a better grip on the fundamental issues involved can scarcely do better than to read Bruce Schneier‘s Secrets and Lies: Digital Security in a Networked World. The book is at the middle of the spectrum of his work, with Beyond Fear existing at one end of the spectrum as a general primer on all security related matters and Applied Cryptography providing far more detail than non-experts will ever wish to absorb.
Secrets and Lies takes a systematic approach, describing types of attacks and adversaries, stressing how security is a process rather than a product, and explaining a great many offensive and defences strategies in accessible ways and with telling examples. He stresses the impossibility of preventing all attacks, and hence the importance of maintaining detection and response capabilities. He also demonstrates strong awareness of how security products and procedures interact with the psychology of system designers, attackers, and ordinary users. Most surprisingly, the book is consistently engaging and even entertaining. You would not expect a book on computer security to be so lively.
One critical argument Schneier makes is that the overall security of computing can only increase substantially if vendors become liable for security flaws in their products. When a bridge collapses, the construction and engineering firms end up in court. When a ten year old bug in Windows NT causes millions of dollars in losses for a company losing it, Microsoft may see fit to finally issue a patch. Using regulation to structure incentives to shape behaviour is an approach that works in a huge number of areas. Schneier shows how it can be made to work in computer security.
Average users probably won’t want to read this book – though elements of it would probably entertain and surprise them. Those with an interest in security, whether it is principally in relation to computers or not, should read it mostly because of the quality of Schneier’s though processes and analysis. The bits about technology are quite secondary and pretty easily skimmed. Most people don’t need to know precisely how smart cards or the Windows NT kernel are vulnerable; they need to know what those vulnerabilities mean in the context of how those technologies are used. Reading this book will leave you wiser in relation to an area of ever-growing importance. Those with no special interest in computers are still strongly encouraged to read Beyond Fear: especially if they are legislators working on anti-terrorism laws.
