Two weeks ago three students from MIT appeared at DEFCON in Las Vegas to present their successful hack of the Massachusetts Transit Authority’s electronic fare system–the “Charlie Card.” The MBTA went to federal court to enjoin publication of students’ presentation, claiming it would violate the Computer Fraud and Abuse Act. The court granted the injunction on August 9, only to lift it yesterday, ruling that the MBTA was not likely to succeed on its CFAA claim. Follow the story’s arc here, here, here, and here–and then read Bruce Schneier’s timely (8/7) essay from The Guardian. Schneier’s piece discusses the successful hack of the London subway’s Oyster smartcard by students from the Netherlands. The Oyster card’s maker, NXP Semiconductors, sued to prevent publication of the hack; it lost. The Oyster card uses the same chip–the “Mifare Classic”–used by Boston and other transit systems. Schneier writes “[t]he security of Mifare Classic is terrible . . . it’s kindergarten cryptography. Anyone with any security experience would be embarrassed to put his name to the design. NXP attempted to deal with this embarrassment by keeping the design secret.” In ruling against NXP the Dutch court said “[d]amage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings.” (Emphasis supplied)
These two cases follow a familiar pattern: Company A does a crap job designing or delivering a good or service to Company B; someone blows the the whistle on Company A’s mis- or malfeasance; Company B blames the whistleblower for leaking news of flaw instead of blaming Company A for its lousy performance. Here the Dutch court got it right, and the U.S. court is heading in the right direction.
It’s been a terrible summer for the vegetable garden: too much rain, not enough sun, and unchecked parasites. While weeding the garden the other day Judy called to me: “You have to see this!” When I entered the garden she said “look!” and pointed at a denuded branch of a tomato plant. It took a moment to spot this cute l’il feller:
Feasted unmolested for weeks this hefty beast had grown to about 4″ long, To learn its name I entered this search string: <creepy tomato bug>. Google’s first hit led to a page with “tomato hornworm” in the first paragraph, a name that squarely hit most of this bug’s particulars: “Ma’am, can you describe your assailant?” “Well, he was a worm . . . green . . . eating a tomato branch . . . and he has a horn on one end.” A search of <tomato hornmorm> confirmed this to be Manduca quinquemaculata, which grows into the Five-Spotted Hawk Moth.
When I disposed of the intruder I half expected it to hiss at me like the Aliens monster, which would have stopped my heart. It took its fate quietly, munching on the branch and dreaming, no doubt, of metamorphosis. One more view:
Would lowering the drinking age to 18 reduce the amount of binge drinking on college campuses? The Amethyst Initiative, started by the former president of Middlebury College, believes it would, as reported in College chiefs urge new debate on drinking age. The Initiative, represents presidents from about 100 colleges and universities, is “calling on lawmakers to consider lowering the drinking age from 21 to 18.” The proposal carries counter-intuitive appeal: reduce problem drinking by reducing legal impediments to acquiring and possessing alcohol. Mothers Against Drunk Driving opposes the proposal because it believes it would lead to more fatal car crashes; “MADD officials are even urging parents to think carefully about the safety of colleges whose presidents have signed on.”
I don’t know what impact a lower drinking age would have on binge drinking on campuses. Doing so would remove the forbidden-fruit allure of under-age drinking for those over 18, and that would somewhat change the social dynamic that leads to problem drinking. Since both typically occur when one is 18 alcohol consumption would still be linked to going off to college and experiencing greater freedom from adult supervision. One could argue that the drinking age should be lowered to 16, to enable teenagers to experience legal drinking when most are still living under their parents’ roofs. The causes of binge drinking are complex and drinking age is just one factor.
This topic comes up often in class. Not surprisingly, most students oppose the current laws. Students routinely ignore and subvert them. Anecdotal experience tells me that more than 50% of underaged students possess a phony ID at some point before they turn 21, which puts them at risk for arrest and a criminal record. Laws that criminalize a large number of people for customary behavior encourage disrespect for law: “when beer is outlawed, only outlaws will have beer.”
One cannot ignore MADD’s point about traffic fatalities. I believe (relying on someone I trust who researched this subject extensively a few years ago) there was a direct correlation between raising drinking ages to 21 and reducing alcohol-related fatalities. Opposing MADD is political suicide for state legislators.
This is unfortunate. It takes off the table solutions other than more rigorous law enforcement and stiffer penalties for underage drinkers. These don’t work, as our experience with harsher drug laws shows. It’s a plain fact that college students are going to drink. Solutions that don’t start with this fact–solutions of the “just say no” variety–are doomed to fail.
I’m lying on my back to nurse a sore hip. I opened my phone for amusement and saw the WordPress app. I opened the app, spent 30 seconds setting it up and voilà! I’m couch-blogging. I’ve not decided whether this is progress.
The Wall Street Journal Law Blog relays news of a Belgian legal ruling that eBay is not liable for sale of counterfeit Lancome perfumes, holding “that eBay is a passive provider of ‘host’ services, as that term is defined in a European Community policy directive, and that it’s therefore entitled to more legal leeway than a brick-and-mortor auctioneer would receive if counterfeit goods were being sold on his premises.” This is the third ruling in the past month in cases brought against eBay over sales of counterfeit luxury goods. A French court ruled against eBay in one of the cases; eBay won the Belgian case and another decided in the U.S. As the Journal says, “circuit splits are nice, but country splits are even better.”
More rain this morning.This was the grayest, gloomiest weekend of weather I’ve seen all summer.
The sun burned through for a few hours yesterday afternoon, turning a humid and cool day into a hot, clinging one. After building fixed-window frames for my workshop, filling bird feeders, relocating the woodpile to a more protected spot beneath the deck, and doing yard cleanup with a backpack-style leaf blower (which I also applied to the inside of my truck to dislodge dog fur) I went to the dock with a towel and book. I intended to take a long swim but a thunderstorm to the west activated my rarely-used good-judgment brain lobes. I swam enough to rinse the sticky sweat from my skin, floated and watched the sky, and climbed out to read on the dock, keeping one eye on the storm. Jagged streaks of lightning flashed and thunder rumbled about ten miles to the west. Clouds blanketed the entire sky, bringing early twilight. Save for the faintest occasional gust that kissed my drying skin there was no wind. The lake was preternaturally calm. The air temperature dropped a few degrees. I read–“Bangkok Haunts” by John Burdett, a wonderful beach (or dock) book–lifting my head every few pages to absorb the sky, storm, lake, air, and quiet.
The only interruptions were Cleo, who amused herself by dropping a stick in the water and jumping from the dock to retrieve it–good girl!–and a visit by two female mallards, who can be brazenly at home around the dock. They caught my eye when they swam past me, just a few feet from where I read, and climbed on to the dock about eight feet away. In water up to their bellies (the dock remains submerged) they groomed, standing on one leg and scratching furiously at their sides with the other foot. They scratched unbelievably fast and for a long time. They stretched and twisted their necks to dig their beaks into their back feathers, working them over with the same rapid intensity. I was tempted to say “here, let me get that for you.” The grooming respite went on for a few minutes during which they looked at me from time to time. A mallard head-on is a comical thing. The skinny head, flat bill, and close-set eyes make them appear two dimensional, like Toons. Then they smoothed their feathers, flashing brilliant blue beneath the dull brown, tucked their legs, floated, and swam away, tossing one last look my way.
I’m not the only one who is underwhelmed by Cuil (“cool”–the name by itself is trouble), the new search engine that says it is “faster,” “bigger,” and “better” than Google. This from today’s Globe: “[B]y the end of the site’s first day, many bloggers and journalists seemed to have found something to dislike, whether it was a prominent site missing from a set of search results or Cuil’s propensity to match photos of one person with Web pages related to someone else.” The article quotes a PR consultant about Cuil’s launch, who said “Cuil [should] slap “BETA” all over the site and any other outbound communication.” Here is more critical commentary from cNet and TechDreams. Why pick on Cuil? It suffers from one of the biggest sins of our age: over-arching ambition and killer PR married to disappointing substance, like the Ryan Leaf of search engines.
Last year Comcast slowed BitTorrent traffic on its network because, it said, BitTorrent file transfers consumed inordinate bandwidth. Advocacy groups Free Press and Public Knowledge complained about the practice to the F.C.C., presenting one of the first legal challenges to violation of the principals of net neutrality, the concept that all Internet traffic should be treated the same. Net neutrality is a core value embodied in the original architecture of the Internet, and its preservation is considered by many to be essential to maintaining the Internet’s vitality. On Friday the F.C.C. ruled 3-2 against Comcast and ordered it to cease blocking BitTorrent traffic by the end of the year. F.C.C. Commissioner Kevin Martin said after the ruling ““We are preserving the open character of the Internet. . . We are saying that network operators can’t block people from getting access to any content and any applications.” Saul Hansell reported in the New York Times the dissent, among other things, argued “that Comcast’s systems were a legitimate method of managing the capacity of the network and not an attempt to disadvantage rivals.” Comcast is expected to appeal the ruling, which may spur Congress to enact legislation protecting net neutrality. Hansell reports that “[c]uriously, representatives from other telecommunications companies praised the decision, even though they objected to the commission meddling in how they manage their networks. They said they would prefer such rulings to legislation from Congress . . .” because legislation would likely provide the telecoms with little wriggle room. The F.C.C. decision, on the other hand, deals only with Comcast’s specific BitTorrent blocking and does not establish broad precedent.
While crawling in bumper-to-bumper highway traffic last week I was thinking about the differences between those drivers who wait in line to merge and those who cut the line to merge at the last possible point. I try to avoid binary thinking but yield when it comes to highway-merging behavior: I fume about line-cutters 85% of the time. The other 15% of the time I cut the line. (What this says about my values I’ll leave aside for now.) Everyone who drives has an opinion on merge behavior, which is why The Urge to Merge in today’s paper will likely be the most-emailed article from the New York Times this week. Cynthia Gorney’s article, on what she calls “The Caldecott Tunnel Problem” (in pre-Ted Williams Tunnel Boston we’d have called it the Callahan/Sumner Tunnel problem), is quite funny and breaks (brakes?) the binary-thinking barrier, explaining why the most efficient merging pattern uses both “lineuppers” and “sidezoomers.”
Today at Higgins Beach in Scarborough, on a foggy cool Maine morning, I received an introductory surfing lesson from my friend Mike. Mike opened the lesson with sand diagrams showing proper foot placement on the board and a demonstration of how to pop up from prone–think of a brown sugar and cinnamon Pop Tart leaping from the toaster–to what Mike called the “stupid surfer stance” (legs bent, body low, arms outstretched) once one catches a wave. Then we strapped the board leash to my ankle and entered the surf. The first 30 minutes were spent repeating these steps:
- I lie on the board
- I paddle the board around to face the beach
- Mike holds the board from behind and waits for a catchable wave
- After a short wait Mike says “start paddling!”
- I start paddling towards shore
- The wave catches the board, which accelerates
- Mike gives the board a mighty push to reach critical speed
- I pop from prone to “standing” (loosely defined, it covers any position other than prone)
- I fall into the ocean
- I cover my head to prevent a board-beaning
- I retrieve the board and paddle out to Mike
- Mike patiently offers suggestions
- I lie on the board, etc.
It’s the same technique used to teach kids to ride two-wheeled bikes. The waves were entry-level, about 1.5 feet. 1.5 foot waves are bigger than I thought they would be (but still small) because wave height is measured from level surface to wave crest, not from the base to the crest of the breaking wave. Because the waves were small we were the only ones in the water. I haven’t fallen so often since I learned to downhill ski. It was a pleasure to learn that I can still have lots of fun falling down. Take that, age.
Mike took a few runs while I watched how to do it, and then he surfed with a borrowed board while I tried surfing without his guiding hands. I managed to catch a few waves, and actually stood on the board for two of them in what you could call the “really stupid surfer stance.” After another hour my pop drooped, I fell back on what I think of as the “leaving the confessional “stance–one knee on the board, the other leg bent, preparing to rise and walk to the alter to say three Our Fathers and three Hail Marys–and I thoroughly lavaged my nasal passages with brine. I called it a day when I could paddle no more. Mike surfed for a while longer, catching wave after wave. He moved to Santa Monica last year and clearly has used his time well. We topped off the morning with coffee and a great diner breakfast. When I returned to the house I collapsed in a reclining deck chair, read two pages of my book, and fell into a deep sleep for an hour.