Archive for May 2007

Real ID   Leave a comment

The Washington Post reports today that Congress is starting to listen to some of the widespread criticism over the Real ID Act (and the effectiveness of national ID cards).

Proponents say Real ID is an effort to strengthen security standards for state-issued driver’s licenses, a key recommendation of the 9/11 Commission. The 19 hijackers on Sept. 11, 2001, had 30 state-issued IDs, at least seven of which were obtained by fraud, a commissioner noted. They used them to rent cars and apartments, open bank accounts, and board planes.

But the proposed rules to implement Real ID, critics warn, could open the door to privacy invasions by establishing a national database of personal data, accessible to state and federal law enforcement and other entities. The law would force states to foot a $23.1 billion bill over 10 years for what amounts to a national ID card, they say. And it would, they argue, increase risk of identity theft and fraud.

Now, Big Brother concerns aside, the real question about Real ID is how much is it going to cost, and what are we going to get out of it? $2.3 billion dollars a year for 10 years is a pretty hefty bill for a identity card (note that the 9/11 hijackers would still have been able to acquire a Real ID following the same procedure they followed for getting their driver’s licenses). When professional spymasters and computer security experts pretty much uniformly reject the efficacy of an authentication system, civil rights groups decry the potential for abuse, and the National Govenor’s Association disagrees with the idea, the real question is, how did this law get passed in the first place?

I’m guessing that $23.1 billion represents a pretty big windfall for somebody.

Posted May 11, 2007 by padraic2112 in news, politics, security, tech

On the Nightstand – The Watchman   2 comments

Spoiler warning: I won’t reveal much of anything you shouldn’t already know about Pike from this book, but if you haven’t read any of the Elvis Cole books, there are series spoilers in this post.

Finished it last night. Apparently Robert Crais was at the Los Angeles Times Festival of Books and my sister, God bless her, picked up a copy and had him sign it… one reason to stick to paper instead of e-books! My sister said that Crais was enthusiastic to get a request for a personalized signature, apparently most people want a generic John Hancock to give them an e-Bayable item. Idiots. Thanks for the present, Megan, I loved it.

On the whole, I liked it immensely. I’ve always liked Joe Pike, and have been particularly fond of the fact that Mr. Crais has successfully written him into a number of Elvis Cole books without ruining him – a character like Pike would be *so* easy to screw up and turn one-dimensional, playing second fiddle to Elvis. Eleven books in, and instead the trickle of insights into Pike have come at a steady, even pace (until this book, of course) fleshing out the character instead of bleaching him. I also think that switching to Pike from Elvis as the primary mover of the story was brilliant given the events of The Forgotten Man. I was worried that Crais was going to crash the series and put out a “Elvis has an incredibly introspective recovery from being shot” book, and cutting the perspective over to Pike enabled Crais to continue the story of the pair without waxing melodramatic. I’ve been impressed with the Elvis/Pike books’ balance of character development with “action-fiction” story speed, this book delivers on that balance as well. Yay!

Of course, as a fan of the entire Elvis series, I’m dying to know how Mr. Cole’s personal life has progressed after The Forgotten Man, because I like Starkey better than Chenier, but I can handle the wait.

My one small complaint about this book is that a bit too much time (albeit a tiny amount of time) was devoted to talking about Pike’s relationship with his abusive father; it’s the first time I thought Crais was a little lazy in his writing. Not that this was unexpected (it’s been pretty obvious through the past 10 books that Pike has issues), but there were a couple of paragraphs that simply weren’t interesting (standard boilerplate “My father beat me” stuff), and one scene that would actually have been more powerful if it hadn’t been linked to Pike’s abusive father. It’s a pretty minor complaint, however… Crais makes up for it by spending the lion’s share of flashbacking talking about Pike’s relationship with Bud Flynn, which was more revealing into Pike’s character anyway.

I wonder if the choice of “Flynn” as a patronymic was a nod to McDonald’s F.X. Flynn, a charcter I like much more than the commercially popular Fletch.

Posted May 7, 2007 by padraic2112 in books, crime/mystery fiction

Legal Eagles   Leave a comment

This guy is a judge? You’ve got to be kidding me.

A $10 dry cleaning bill for a pair of trousers has ballooned into a $67 million civil lawsuit.

Plaintiff Roy Pearson, a judge in Washington, D.C., says in court papers that he’s been through the ringer over a lost pair of prized pants he wanted to wear on his first day on the bench.

He says in court papers that he has endured “mental suffering, inconvenience and discomfort.”

The case is international news, no less.

Edited to add (08/06/2007): Apparently he may not be a judge much longer.

Posted May 3, 2007 by padraic2112 in news

Planning for the future   Leave a comment

04-December-292,277,026,596.

vs.

19-Jan-2038.

Round 1… Ready… FIGHT!

Posted May 2, 2007 by padraic2112 in noise, OS, software, tech

Passwords, Crackers, and Hackers, oh my!   Leave a comment

Take this article, and add a dash of this funny, and muse on them a bit.

If a machine can have 269,000+ password attacks in 24 days, some of them are going to be successful if you have weak passwords… and right now, it’s pretty hard to come up with a unique password that isn’t based upon something in a password-cracking dictionary or three. I’ve trained myself to memorize things like “%9mR/z45&c74p”, but that’s an unreasonable expectation for average people. You used to be able to get away with simple character substitution (like, “1am4h4x0r” or “1l1k3d0g$”) but simple character substitutions are now included in those dictionaries that come with common hacking tools.

Of course, you want a password you can remember, so you either need to start training yourself to remember oddball strings of characters, or you need to outsource your password memorization to… well, to the computer. It’s good at remembering things, after all.

I recommend choosing a utility like PasswordSafe. Generate a nice long goofy password by mashing on your keyboard, and save it in a PasswordSafe. “JW#Za!K#tewijz.Q$” may be hard to remember, but it’s probably not in a hacker dictionary somewhere.

At least, not until some spider crawls across this blog post…

Posted May 2, 2007 by padraic2112 in security, software, tech

Bad Security 101   Leave a comment

Any security system that relies upon a secret key must include a revocation process. Why? Because sooner or later secrets get out, and once someone knows your secret key, you’re pretty much up the creek.

Somebody spilled the beans on the HD-DVD decryption key in February, which led the Advanced Access Content System Licensing Administrator, LLC to send cease and desist orders to have the 128 bit key taken down off of various sites.  This led to pretty massive civil disobedience, as the request to have the number removed from four sites prompted its rather quick publication on 9,410 new sites. Today the number is up to 248,000, according to a search I just performed on Google. (If you just search for “HD-DVD decryption key” you get 67,700 results as of right now, the 248,000 number is if you search for the actual key text).

On the face of it, this is simply absurd. You can’t claim intellectual property rights over a number simply by using it for a particular purpose. You can claim IP over a process (but quite frankly if the publication of 128 bits ruins your security, your process stinks on ice), that doesn’t give you ownership of a particular collection of numbers.

Of course, if you read Wikipedia’s entry about AACS, you’ll see that the entire DRM security scheme has suffered from several other massive flaws.

Posted May 2, 2007 by padraic2112 in news, security, software, tech