Monthly Archives: October 2007

Florida Ditches Touchscreens for Paper and Optical Scan Voting

Blog_Florida_Voting_2004.gifWell, it turns out we don’t have to wait for the technology to be ready. Florida is ditching all of its touch-screen voting machines and moving to a proven technology:
Under the state’s new election law, disabled voters can keep voting by touch screen — akin to using an A.T.M. — until 2012. But everyone else will use them only twice more, for the presidential primaries on Jan. 29 and municipal elections next spring. With optical scanning, voters use pens to mark paper ballots that are then read by scanning machines, leaving a paper record for recounts.

Voting Machines Giving Florida New Headache, By Abby Goodnough, October 13, 2007

Meanwhile, how is the source of these machine helping?
Sequoia Voting Systems, which manufactured some of Florida’s machines, offered to buy them back for a bleak $1 apiece.
Now here’s a case where vendor liability would be very interesting.

-jsq

Silver Bullet Security Considered Harmful

Silver_Bullet.jpg In the comment discussion about Linus’s schedulers vs. security polemic, Iang mentioned a paper he’s writing:
We hypothesize that security is a good with insufficient information, and reject the assumption that security fits in the market for goods with asymmetric information. Security can be viewed as in a market where neither buyer nor seller has sufficient information to be able to make a rational buying decision. These characteristics lead to the arisal of a market in silver bullets as participants herd in search of best practices, a common set of goods that arises more to reduce the costs of externalities rather than achieve benefits in security itself.

The Market for Silver Bullets, by Ian Grigg, Systemics, Inc. $Revision: 1.27 $ $Date: 2005/11/05 18:25:54 $

Evidently security needs to find another precious metal for its bullets, given that the Storm Botnet is still out there after months, phishing becomes more expensive all the time, spam has killed electronic mail for a whole generation of users, and the best the monoculture OS vendor can come up with is a new release that attempts to push responsibility for all its bugs and design flaws back on the user.

What to do? Continue reading

HelpJet: Disaster Evacuation in Style

images.jpeg AIG may sell boutique wildfire insurance, but that’s nothing on HelpJet:
The new service from West Palm Beach-based Galaxy Aviation guarantees its well-heeled members a seat on a chartered jet out of the hurricane zone, reserves five-star hotel rooms and limousine transfers and rolls out a red carpet — literally.

“We call it evacuation in style,” said Brian Rems, who came up with the HelpJet concept.

Hurricane Victims Can Evacuate in Style, By MATT SEDENSKY, Associated Press Writer Saturday, September 16, 2006

Naomi Klein points out the flip side:
For the people left behind, there is a different kind of privatized solution. In 2006, the Red Cross signed a new disaster-reponse partnership with Wal-Mart. “It’s all going to be private enterprise before it’s over,” said Billy Wagner, chief of emergency management for the Florida Keys. “They’ve got the expertise. They’ve got the resources.” He was speaking at the National Hurricane Conference in Orlando, Florida, a fast-growing annual trade show for the companies selling everything that might come in handy during the next disaster.

Disaster Capitalism: The new economy of catastrophe, By Naomi Klein, Harper’s Magazine, September 8, 2007

So what are we looking at here? Clever entrepeneurs seeing a market need and filling it? Or the calculated privatization of every government function (Klein)? More to the point, is it good risk management?

Oh, and is there really money in it? www.HelpJet.us currently is all about Galaxy Aviation, and doesn’t say Help Jet anywhere, nor does it mention the kinds of services Help Jet was selling. (I’m pretty sure that’s the right URL, since Google still shows old initial text for about.html as “Not any more with Help Jet, the world’s first hurricane escape plan that turns a hurricane evacuation into a jet-setter vacation. Here’s how Help Jet works. …”) Meanwhile, AIG has been known to start a line of insurance just to see if it will sell.

-jsq

Linus on Schedulers vs. Security as Numbers vs. Opinions

linus_torvalds.jpg Thus Spake Linus:

Schedulers can be objectively tested. There’s this thing called "performance", that can generally be quantified on a load basis.

Yes, you can have crazy ideas in both schedulers and security. Yes, you can simplify both for a particular load. Yes, you can make mistakes in both. But the *discussion* on security seems to never get down to real numbers.

So the difference between them is simple: one is "hard science". The other one is "people wanking around with their opinions".

Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel, by Linus Torvalds, kerneltrap.org, Monday, October 1, 2007 – 7:04 am

Linus Torvalds, inventor of Linux and thus originator of its associated industry, continues:

Continue reading

Boutique Wildfire Insurance

aigtrucks.jpg Of course it’s AIG offering this:

In 2005 the loss prevention experts at AIG Private Client Group created the first-ever personal wildfire protection program. This groundbreaking service is available exclusively to AIG Private Client Group policyholders who reside in designated response zones in the western U.S.

Wildfire Protection Unit®, Exclusively for AIG Private Client Group Policyholders, AIG Private Client Group, accessed 9 October 2007

If you guessed that Aspen and Vail were among the designated response zones, you guessed correctly! And Los Altos and Beverly Hills. Good old AIG: charge what the traffic will bear and see if there’s a market.

They have a similar hurricane protection unit.

Continue reading

The Flaming Black Swan of Hinckley

suicideexpress.jpg They didn’t see it coming, because they were looking the other way:

Speaking of wildfires, my book of the day is Under a Flaming Sky: The Great Hinckley Firestorm of 1894. It is the sharply written story of a how a Minnesota town of 1,200 was devastated by a catastrophic firestorm that came raging out of the nearby woods with tornado-class winds and a 300-foot wall of fire, killing 436 people.

Book du Jour: Under a Flaming Sky, Paul Kedrosky, Infectuous Greed, October 3, 2007

Wikipedia says it burned 200,000 acres and some sources say 800 people died. Some people who lived jumped into wells or ponds or the river, or caught one of two trains that made it out of town.

So what was it that burned?

Continue reading

Bananas and Apples: Another Monoculture

banana-bunch_d.gif Yes, we will have no bananas, again:

Most commercial growing facilities handle just a single banana type — the one we Americans slice into our morning cereal.

How much time is left for the Cavendish? Some scientists say five years; some say 10. Others hold out hope that it will be much longer. Aguilar has his own particular worst-case scenario, his own nightmare. "What happens," he says, with a very intent look, "is that Panama disease comes before we have a good replacement. What happens then," he says, nearly shuddering in the shade of a towering banana plant, "is that people change. To apples."

Can This Fruit Be Saved? By Dan Koeppel, popsci.com, June 2005

Cavendish is the variety of banana eaten the world around. "Quite possibly the world’s perfect food," says Chiquita. But perfection comes with a price if it leads to monoculture. And that’s what we’ve got with bananas: every commercial Cavendish banana tree is grown from cuttings of the original tree, and so is genetically identical. Banana monoculture has borne the fruit of disaster before.

Growers adopted a frenzied strategy of shifting crops to unused land, maintaining the supply of bananas to the public but at great financial and environmental expense — the tactic destroyed millions of acres of rainforest. By 1960, the major importers were nearly bankrupt, and the future of the fruit was in jeopardy. (Some of the shortages during that time entered the fabric of popular culture; the 1923 musical hit "Yes! We Have No Bananas" is said to have been written after songwriters Frank Silver and Irving Cohn were denied in an attempt to purchase their favorite fruit by a syntactically colorful, out-of-stock neighborhood grocer.) U.S. banana executives were hesitant to recognize the crisis facing the Gros Michel, according to John Soluri, a history professor at Carnegie Mellon University and author of Banana Cultures, an upcoming book on the fruit. "Many of them waited until the last minute."

Denial in the face of a clear and present ecological danger. We’ve seen this before.

Continue reading

Free Burma!

free_burma_05.gif Well, I hadn’t been planning on posting more on the Myanmar or Burma situation, but within minutes of my posting yesterday, the Free Burma folks found my post and commented on it with a link back to their site.

I’ve got to admire their quick use of the Internet to amplify their activism. Their web pages say they only started Sunday. Looks like some of their supporters are actually astroturf web sites, but that just goes with the territory. Also, a lot of people can’t type in their own web addresses correctly. However, they’ve collected a dozen more supporters while I’ve been typing this.

So, how could I refuse to post again on their requested date, which happened to be today?

-jsq

Simply Switched Off the Internet: Myanmar Junta v. Bloggers

Sanghas23.jpg When blogging is a revolutionary act:
Internet geeks share a common style, and Ko Latt and his four friends would not be out of place in cyber cafés across the world. They have the skinny arms and the long hair, the dark T-shirts and the jokey nicknames. But few such figures have ever taken the risks that they have in the past few weeks, or achieved so much in a noble and dangerous cause.

Since last month Ko Latt, 28, his friends Arca, Eye, Sun and Superman, and scores of others like them have been the third pillar of Burma’s Saffron Revolution. While the veteran democracy activists, and then the Buddhist monks, marched in their tens of thousands against the military regime, it is the country’s amateur bloggers and internet enthusiasts who have brought the images to the outside world.

Armed with small digital cameras, they have documented the spectacular growth of the demonstrations from crowds of a few hundred to as many as 100,000. On weblogs they have recorded in words and pictures the regime’s bloody crackdown, in a city where only a handful of foreign journalists work undercover. With downloaded software, they have dodged and weaved around the regime’s increasingly desperate attempts to thwart their work. Now the bloggers, too, have been crushed. Having failed to stop the cyber-dissidents broadcasting to the world, the authorities have simply switched off the internet.

Bloggers who risked all to reveal the junta’s brutal crackdown in Burma, by Kenneth Denby, The Times, 1 October 2007

Unfortunately for the bloggers, they all had to register with the government to be allowed to blog in the first place. If the junta falls, they’ll be heroes. If it survives, they’ll probably be dead.

This is not the first time. Continue reading

APWG in Pittsburgh and Fraud in Japan

gm2007logo.jpg The Anti-Phishing Working Group is having one of its periodic member meetings, this time in Pittsburgh. Probably I shouldn’t report too much detail, but I’ll say that interesting things are going on worldwide that may spread to other countries. For example, in Japan it seems that fake programming sites are more popular than phishing. Also, if I heard correctly, most phishing in the Japanese language originates from phishers in Japan. This would make sense, since it’s very hard for foreigners to write well enough to pretend to be Japanese. So that one probably won’t spread too widely, but the fake programming scam could.

My favorite is the history attack. World War II ended on 15 August 1945 in Japan, so a timeline of that war can get a lot of hits on a war’s end link in August of any year. Who would have known history could be so popular?

Meanwhile, during Carnival in Brazil, nobody reports malware, so there’s a dip in measurements…. Then and the rest of the year, sophisticated personalized social engineering attacks seem to be popular in Brazil.

-jsq