Don’t Enjoin the Messenger

Two weeks ago three students from MIT appeared at DEFCON in Las Vegas to present their successful hack of the Massachusetts Transit Authority’s electronic fare system–the “Charlie Card.” The MBTA went to federal court to enjoin publication of students’ presentation, claiming it would violate the Computer Fraud and Abuse Act. The court granted the injunction on August 9, only to lift it yesterday, ruling that the MBTA was not likely to succeed on its CFAA claim. Follow the story’s arc here, here, here, and here–and then read Bruce Schneier’s timely (8/7) essay from The Guardian. Schneier’s piece discusses the successful hack of the London subway’s Oyster smartcard by students from the Netherlands. The Oyster card’s maker, NXP Semiconductors, sued to prevent publication of the hack; it lost. The Oyster card uses the same chip–the “Mifare Classic”–used by Boston and other transit systems. Schneier writes “[t]he security of Mifare Classic is terrible . . . it’s kindergarten cryptography. Anyone with any security experience would be embarrassed to put his name to the design. NXP attempted to deal with this embarrassment by keeping the design secret.” In ruling against NXP the Dutch court said “[d]amage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings.” (Emphasis supplied)

These two cases follow a familiar pattern: Company A does a crap job designing or delivering a good or service to Company B; someone blows the the whistle on Company A’s mis- or malfeasance; Company B blames the whistleblower for leaking news of flaw instead of blaming Company A for its lousy performance. Here the Dutch court got it right, and the U.S. court is heading in the right direction.

Recently, in the garden . . .

It’s been a terrible summer for the vegetable garden:  too much rain, not enough sun, and unchecked parasites.  While weeding the garden the other day Judy called to me:  “You have to see this!”  When I entered the garden she said “look!” and pointed at a denuded branch of a tomato plant.  It took a moment to spot this cute l’il feller:

"Creepy tomato bug"

Feasted unmolested for weeks this hefty beast had grown to about 4″ long,  To learn its name I entered this search string: <creepy tomato bug>.  Google’s first hit led to a page with “tomato hornworm” in the first paragraph, a name that squarely hit most of this bug’s particulars:  “Ma’am, can you describe your assailant?”  “Well, he was a worm  . . . green . . . eating a tomato branch . . . and he has a horn on one end.”   A search of <tomato hornmorm> confirmed this to be Manduca quinquemaculata, which grows into the Five-Spotted Hawk Moth.

When I disposed of the intruder I half expected it to hiss at me like the Aliens monster,  which would have stopped my heart.  It took its fate quietly, munching on the branch and dreaming, no doubt, of metamorphosis.  One more view:

Tomato Hornworm

Lower Drinking Age?

Would lowering the drinking age to 18 reduce the amount of binge drinking on college campuses? The Amethyst Initiative, started by the former president of Middlebury College, believes it would, as reported in College chiefs urge new debate on drinking age. The Initiative, represents presidents from about 100 colleges and universities, is “calling on lawmakers to consider lowering the drinking age from 21 to 18.” The proposal carries counter-intuitive appeal: reduce problem drinking by reducing legal impediments to acquiring and possessing alcohol. Mothers Against Drunk Driving opposes the proposal because it believes it would lead to more fatal car crashes; “MADD officials are even urging parents to think carefully about the safety of colleges whose presidents have signed on.”

I don’t know what impact a lower drinking age would have on binge drinking on campuses. Doing so would remove the forbidden-fruit allure of under-age drinking for those over 18, and that would somewhat change the social dynamic that leads to problem drinking. Since both typically occur when one is 18 alcohol consumption would still be linked to going off to college and experiencing greater freedom from adult supervision. One could argue that the drinking age should be lowered to 16, to enable teenagers to experience legal drinking when most are still living under their parents’ roofs. The causes of binge drinking are complex and drinking age is just one factor.

This topic comes up often in class. Not surprisingly, most students oppose the current laws. Students routinely ignore and subvert them. Anecdotal experience tells me that more than 50% of underaged students possess a phony ID at some point before they turn 21, which puts them at risk for arrest and a criminal record. Laws that criminalize a large number of people for customary behavior encourage disrespect for law: “when beer is outlawed, only outlaws will have beer.”

One cannot ignore MADD’s point about traffic fatalities. I believe (relying on someone I trust who researched this subject extensively a few years ago) there was a direct correlation between raising drinking ages to 21 and reducing alcohol-related fatalities. Opposing MADD is political suicide for state legislators.

This is unfortunate. It takes off the table solutions other than more rigorous law enforcement and stiffer penalties for underage drinkers. These don’t work, as our experience with harsher drug laws shows. It’s a plain fact that college students are going to drink. Solutions that don’t start with this fact–solutions of the “just say no” variety–are doomed to fail.

eBay 2, Luxury Retailers 1

The Wall Street Journal Law Blog relays news of a Belgian legal ruling that eBay is not liable for sale of counterfeit Lancome perfumes, holding “that eBay is a passive provider of ‘host’ services, as that term is defined in a European Community policy directive, and that it’s therefore entitled to more legal leeway than a brick-and-mortor auctioneer would receive if counterfeit goods were being sold on his premises.” This is the third ruling in the past month in cases brought against eBay over sales of counterfeit luxury goods. A French court ruled against eBay in one of the cases; eBay won the Belgian case and another decided in the U.S. As the Journal says, “circuit splits are nice, but country splits are even better.”

Early August

More rain this morning.This was the grayest, gloomiest weekend of weather I’ve seen all summer.

The sun burned through for a few hours yesterday afternoon, turning a humid and cool day into a hot, clinging one.  After building fixed-window frames for my workshop, filling bird feeders, relocating the woodpile to a more protected spot beneath the deck, and doing yard cleanup with a backpack-style leaf blower (which I also applied to the inside of my truck to dislodge dog fur) I went to the dock with a towel and book.  I intended to take a long swim but a thunderstorm to the west activated my rarely-used good-judgment brain lobes.  I swam enough to rinse the sticky sweat from my skin, floated and watched the sky, and climbed out to read on the dock, keeping one eye on the storm.  Jagged streaks of lightning flashed and thunder rumbled about ten miles to the west.  Clouds blanketed the entire sky, bringing early twilight.  Save for the faintest occasional gust that kissed my drying skin there was no wind.  The lake was preternaturally calm.  The air temperature dropped a few degrees.  I read–“Bangkok Haunts” by John Burdett, a wonderful beach (or dock) book–lifting my head every few pages to absorb the sky, storm, lake, air, and quiet.

The only interruptions were Cleo, who amused herself by dropping a stick in the water and jumping from the dock to retrieve it–good girl!–and a visit by two female mallards, who can be brazenly at home around the dock. They caught my eye when they swam past me, just a few feet from where I read, and climbed on to the dock about eight feet away.  In water up to their bellies (the dock remains submerged) they groomed, standing on one leg and scratching furiously at their sides with the other foot.  They scratched unbelievably fast and for a long time. They stretched and twisted their necks to dig their beaks into their back feathers, working them over with the same rapid intensity.  I was tempted to say “here, let me get that for you.”  The grooming respite went on for a few minutes during which they looked at me from time to time.  A mallard head-on is a comical thing.  The skinny head, flat bill, and close-set eyes make them appear two dimensional, like Toons.  Then they smoothed their feathers, flashing brilliant blue beneath the dull brown, tucked their legs, floated, and swam away, tossing one last look my way.

Cuil as Icarus

I’m not the only one who is underwhelmed by Cuil (“cool”–the name by itself is trouble), the new search engine that says it is “faster,” “bigger,” and “better” than Google.  This from today’s Globe:  “[B]y the end of the site’s first day, many bloggers and journalists seemed to have found something to dislike, whether it was a prominent site missing from a set of search results or Cuil’s propensity to match photos of one person with Web pages related to someone else.”  The article quotes a PR consultant about Cuil’s launch, who said “Cuil [should]  slap “BETA” all over the site and any other outbound communication.”  Here is more critical commentary from cNet and TechDreams.  Why pick on Cuil?  It suffers from one of the biggest sins of our age:  over-arching ambition and killer PR married to disappointing substance, like the Ryan Leaf of search engines.