Here's a thought I had the other day.  People can choose to donate their organs to medical science upon death.  Why not allow the donation of your medical record too?  Surely, once you're dead, there are fewer privacy concerns with your personal medical history.  Over time, the information from these medical records can be invaluable.  I wonder if this is something that has been considered before.

I guess one problem I can think of with this is if it were sufficiently popular, everyone's family medical history would become relatively public.  Arguably, though, your own personal record is yours to do with as you choose, and you ought to be able to choose to open it up for medical research.

octanez 's recent appeal for opinions on monitors has inspired me to rant on the current monitor situation.

Back in the good ol' days, monitors were "fullscreen" and came in 4:3 aspect ratios.  Now, thanks to HDTV and Apple (who, I believe were the first to offer widescreen displays to the masses), all you can find are closer to 16:10 (and almost all laptop displays are glossy...which itself is a different rant).  This annoys me to no end.  It's such a marketing scam.  They sell you bigger screen diagonals, you get smaller screens...and they're not actually wider; they're shorter.  One might say that fullscreens are a dying breed, being rapidly replaced by 5/6screens.

I guess this is okay for those who use their machines for nothing more than e-mail, watching movies and playing games.  It's also fine if it's a desktop, where you often have the space for a 1920x1200 monstrosity.  (Such monstrosities can actually be quite nice...I have one in the lab.)  This said, it's definitely not okay on a laptop.

A case in point.  I currently have two Thinkpad laptops.  A 4-year-old T43 and a 4-month-old X300.  With respect to size, both machines are in the same category of portability – they're exactly the same width, but the X300 is shorter.  The T43 has a 1400x1050 screen resolution; a very nice trade-off between screen real-estate and size/portability.  The X300, on the other hand, has a 1440x900 screen resolution.  For those of us who actually use our machines for real work, it's a real pain to work on a laptop screen that's only 900 pixels tall.  Those 150 vertical pixels that are missing make a world of difference.  I hate working on the X300 so much that I continue to use my old T43; the X300 sits sad and neglected on my desk.

What's more, looking at Lenovo's current line of Thinkpads, to get anything that meets my 1280x1024 minimum requirement for productivity, you need to get a 6-lb monstrosity.  Yikes.

I don't know.  Maybe I just have abnormal needs that stem from some bizarre case of e-claustrophobia (iClaustrophobia?).  Maybe most who work on computers for a living don't mind being trapped working in a tiny virtual cubbyhole if it means freedom from that ever-so-dreaded letterboxing when they sit back to watch their Netflix or Hulu or whatnot.

In the desktop realm, I welcome our evil widescreen overlords.   I hope (probably in vain), though, that they'll bring back the fullscreen laptop.

From Slashdot:
New security check points in 2020 will look just like something out of the futuristic movie, The Minority Report. The idea of the new checkpoints will allow high traffic to pass through just as you were walking at a normal pace. No more waving a wand to get through checkpoints — the new checkpoint can detect if you have plans to set off a bomb before you even enter a building.




An interesting idea, if somewhat Orwellian.  Also, here's one easy way around it...plant your bomb in someone else's suitcase without their knowledge.

David Skillicorn at Queen's University in Kingston, ON has created an algorithm that analyses diction in a speech to detect spin (or, as Stephen Colbert might put it, truthiness).  He's used his technique to analyse speeches from the current election race and found Obama to be more truthy than McCain.

Branka Zei Pollermann, founder of the Vox Intitute in Geneva, has analysed the candidates' voices.  According to her, "McCain [sounds] very much like someone who's clinically depressed."  He speaks monotonically, his voice sounding the same regardless of whether he's talking about positive prospects or discussing sad facts.  Also, his voice and facial movements often don't match up, leading to "a lack of credibility."  People are unlikely to trust statements made in a flat tone, particularly when the accompanying facial expressions don't match.

(Source)

Slashdot recently linked to a CNET article suggesting that the U.S. government, right now, has legal means to track your location in real-time through your cell phone without your knowledge.  The technical ability certainly exists:  there is tracking software out there that can track a person's location even if the person swaps SIM cards and changes phones -- even though those things can change, your calling patterns still remain the same.

What about getting the necessary data?  Information about every phone call you make goes through several companies.  Certainly, there's your wireless provider.  There's the callee's wireless provider.  Oh, and there's the guys running the cell towers.  And the company that connects the cell tower to the wireless provider.  What about the company that handles the exchange between wireless providers?  And the company that interfaces the wireless and landline networks.  Oh, and your wireless company probably outsources its billing.  And its customer service.  You get the point.

All these companies have access to sensitive information about our calls, so there are lots of access points to get real-time information.  Since we're talking about metadata, wiretapping laws don't apply.  And with the current mess of laws (cf. FISA Amendments, Patriot Act), requests for this information usually comes packaged with a gag order, so if we were being tracked, we wouldn't know about it.  Joy.

Proof positive that Facebook apps are evil: http://news.cnet.com/8301-10784_3-9977762-7.html

According to Facebook's Director of Platform Product Management: "We expect third-party apps to follow the rules the users set" ... "but there's NO WAY for Facebook to verify compliance since Facebook applications run on PRIVATE THIRD-PARTY SERVERS."

Of course, people knew this already...the users just seem to ignore it.  The root of the problem, though, is Facebook's app development model is just wrong.  Facebook should be the one responsible for enforcing their own users' privacy -- implement it once on the Facebook end and filter the data that gets passed onto the app developers.  Facebook's blind trust in the app developers just seems horribly misplaced.

A floppy drive doing undoubtedly horrible things to a floppy disk for our amusement:
http://www.youtube.com/watch?v=X4SCSGRVAQE

An IBM XT...or is it?
http://www.youtube.com/watch?v=1s1vTw8zfcY

I got a new credit card in the mail today to replace one that's about to expire.  Except I got more than just a credit card. Embedded within is one of those nasty little RFID tags.  Yep.  I'm now officially tagged.

While the convenience of not having to swipe my card at the grocery store is nice, it's probably not worth the security concerns that comes with carrying around one of these tags.  Receiving this little piece of hardware made me suddenly more concerned about issues that, up until now, I've not paid much attention to.  What's actually on the tag?  What kind of security is in place?  What's the range of the tag?

A quick Wikipedia search [1] [2] reveals that the tag in the card is based on the ISO/IEC 14443 standard, which defines a proximity card with an RFID tag that operates in the HF range, at 13.56 MHz.  Fortunately, at this frequency, Faraday cage shielding (a.k.a. tin foil hat technology) is effective.  I'm not sure, though, that I'd want to carry around a piece of aluminium foil in my wallet...it'd probably ruin the leather.  Shielding the card would also eliminate most of the convenience conferred by the RFID tag -- if I have to pull the card out of my wallet, I may as well just swipe it through the stripe reader too.

Kevin Fu at UMass Amherst's CS department, together with people at RSA, published a paper last year on RFID-enabled credit cards.  They examined 20 cards and found that during a card transaction, all cards transmit the card holder's name and card number unencrypted.  With some of the cards, there was no evidence of any nonce being used, so the protocol for those cards is susceptible to a replay attack.  They were also able to program an ordinary RFID reader (one not intended for use with credit cards) to emulate an RFID credit-card reader.  The cards could not tell the difference between the modified reader and a commercial credit card reader, strongly suggesting that there is no authentication mechanism on the RFID tag.  They have a video demo on YouTube.

Well, this kinda sucks.  Even if I shielded my card, an eavesdropper can still listen in on my card transactions and learn my name and card number.  Heck, the card was sent to me unshielded.  Someone could have picked up that information while the card was still sitting in its sealed envelope.  All you need to do it is $8's worth of parts.

All this kinda reminds me of security theatre -- something that's designed to make you feel safe, but actually does nothing for security.  (Hey, look...we're using shiny new tech!  It's gotta be better than the old tech!)  I guess the card companies are hoping that because you don't have to take your card out of your wallets to use RFID, you'll feel more secure, so they're skimping on actual security.

Or maybe I'm just being paranoid.  (Do I really need to keep my laptop hard drive fully encrypted?  :P  )

A talk from last year's Defcon by Johnny Long on low-tech hacking (vehicle surveillance, shoulder surfing, dumpster diving).  Amusing and informative.

http://video.google.com/videoplay?docid=-2160824376898701015

So, it's been a while since I've blahgged.  I'm tempted to post the occasional blahg entry, given that this is apparently how a bunch of my friends keep in touch with each other.  And I hope to be less emo and more friend-locked (hah, how punny) this time around.

What do people think?  Does anyone actually read this stuff?

When the mind is opened, the spirit is freed, and the body matters not.
Lightning flashed, sparks shower. In one blink of your eyes, you have mis-seen.
I only know a snowflake cannot exist in a storm of fire.
The sun is warm, wind is wild, grass is green along the shores, here no bull can hide.
There is a child in all of us.
Those who seek oneness are all that they seek.
Words cannot express things...speech cannot convey the spirit, swayed by words one is lost.
When the mind is freed, the body is no longer required.
She goes into the lake without making a ripple, she goes into the forest without disturbing a blade of grass.
Because it is so clear, it takes a longer time to realise it. If you immediately know the candlelight is fire, then the meal was cooked long ago.
I cannot teach you what you already know.

"It will be a great day when our schools get all the money they need and the air force has to hold a bake sale to buy a bomber." --sticker on some guy's laptop seen in CTB

Certainly something that made me stop and think. Obviously, the day national defence becomes unnecessary will be a Great one. But at the moment, national defence is vital, be it in the form of vehicles of war, or foreign and domestic intelligence.

The sticker also makes a statement about the budgeting priorities of the government: national defence gets a far bigger chunk of the budget than education. In 2000, for example, the U.S. spent 5 times as much on defence as it did on education ($294B vs. $59B). I wouldn't be surprised if this ratio is even greater now, with the current administration.

I don't presume to understand the intricacies of how the education and defence budgets are spent, but does national defence really need all that money? Sure, stealth bombers cost a bit more than school gymnasiums and field trips. Can't some of it, though, go towards education? On the face of it, many more kids would get a better education, with a potentially profound impact on their lives. After all, is it really desirable to have a well-defended but under-educated country?

It is interesting to note that, by contrast, Canada's 2005 budget allocates $708M to education and $679M to defence. I find this reassuring to see.

I wonder how many cookies and brownies I need to sell to get my very own B-2 stealth bomber....good thing I took that cooking class last semester!