Friday, 7 August 2020

Newsflash: Biologists Discover A Use For The Residue From Compost

Biologists Discover A Use For The Residue From Compost


Biologists have discovered that if you leave garden compost long enough to rot, it produces a black oily residue which can be processed and a flammable material produced. This mix of complex hydrocarbons and miscellaneous organic and inorganic substances has been shown to be toxic and needs handling with great care.

There is speculation that if we dig deep underground there may be lots of deposits of this rotten biological matter, which could be processed to produce an energy supply.

A spokesman from the national grid says they are not concerned by the idea of a new rival energy source, because our existing energy sources of wind, solar, tidal and nuclear make electricity quite cheap, with minimal waste products that are being recycled effectively anyway.

Environmentalists are expressing concern that digging up the planet to find this stuff could be very environmentally damaging, as the stuff is likely to be toxic to plants, animals, sea life etc, and burning it would pollute the air and produce carbon dioxide which could affect the delicate balance of the greenhouse gases in the atmosphere.

When the minister for energy was questioned, she replied that it seemed "utter madness" that mining or drilling and then the processing and distribution of the resultant fuel oils would be very expensive and require a huge investment for little benefit, her words being "so you want to dig up this nasty biological residue laid down over millions of years, process it and then burn it, producing vast amounts of pollution? are you crazy?"


Wednesday, 1 March 2017

The appearance of security

Why Am I writing this?

I discovered something a while ago and found it interesting. I've never told anyone about it until now.  I thought I'd share it as people might enjoy my discovery, because it shows how something that gives a great impression of being secure may be nothing of the kind.

A secure office door


These are quite popular in offices, they cost about £25 on up depending on brand.



You can buy them on Amazon and Screwfix for example, and they're all pretty much the same design internally. To unlock the door is fairly simple: the C button clears or resets the state, you simply enter the 5-button combination and turn the handle. 

Changing the combination requires the lock to be removed from the door plate and some simple adjustments made.


How many combinations are there? How long would a brute force attack take?


There are 13 buttons, ignoring the Clear button. The combination consists of ONLY non-repeating symbols, so you'd expect the number of combinations to be 154440 (13 * 12 * 11 * 10 * 9).

Even if someone is pretty quick, and takes only 5 seconds to test each combo, you'd expect it to take over 4 days of continous trial and error (154440 try * 5 sec/try / 3600 sec/hour / 24 hour/day / 2), or eight if you were really unlucky!


How can you speed up the brute force attack?

One trick might be to use a soft pencil and lightly mark the buttons when there's nobody around to notice, then come back a day later and observe which buttons have been pressed. At worst you'd have to try all 120 combinations (5 factorial), about 10 minutes at five seconds per test (120 try * 5 sec/try / 60 sec/min).


It's secure, isn't it?

With 154440 combinations, and a physical attack taking typically four days, you can be fairly sure it's pretty secure.

However, there's a snag. Every one of these locks I've encountered suffers from the same design flaw. Take five seconds to think how a bad design might significantly compromise the lock's security.

... 1 mississipi

... 2 mississipi

... 3 mississipi

... 4 mississipi

... 5 mississipi


OK? Did you guess that it doesn't matter what order you press the buttons? I presume it allows the lock design to be very simple.

Wait, did I really mean that? Yes! it really doesn't matter whether you enter the combo as 12345 or 54321 or 32154.



Worse, now the pencil marking attack is trivial

You know what buttons are in the combination, just press them in order and you're in.

In some cases, the combination is never changed, and it leads to the buttons becoming visibly polished, which means an attacker doesn't have to do anything at all, simply press the buttons!


Exercise for my reader

* How many combinations are there effectively?

* How long would a brute force attack take in the worst case scenario of only the very last one succeeding?


scroll down

wait, did you work it out?

scroll down

scroll down

scroll down




Answers

We've dropped from 154440 combinations (13 * 12 * 11 * 10 * 9) to 1287 (13 choose 5), i.e. reducing the time to crack it by 2 orders of magnitude!

Assuming we were unlucky and had to try every combination, with 5 secs/test, it would be less than two hours! ( 1287 * 5 / 60 minutes)

Thursday, 19 May 2011

Implantable electronics

I didn't intend this blog to become yet another technology blog, in particular I wanted to keep away from simply commenting on the latest gadget. However, I think speculation on the future of the relationship between human and technology is within scope.



Some people have theorised that various electronic devices will be implanted, including even a mobile phone or communications computer.

I think the first stage will be the implantation of transducers, initially they might be analogue transducers such as speakers in the ears and a microphone in the vocal chords, and maybe even something to stimulate the optic nerve. As the brain becomes better understood, direct coupling would allow stimulation of the auditory and optical senses, and detect unspoken vocalisation. These developments could also be a significant boon to people with visual or auditory impairment.

These transducers will be charged up inductively whilst sleeping. These transducers will, like a bluetooth headset, receive their signals over a short range radio link, allowing the user to connect to a variety of devices such as mobile phones, portable computers, desktop computers, media streamers etc.

I think implantation of an entire phone or computer will follow quite a bit later because the advanced of technology means such devices would be dated after 18 months, and seriously obsolete after three. The radical surgery required to upgrade an implanted computer would definitely deter most people from being an early adopter, but the quality of audio technology is provably at its useful limit. Digital sound can be rendered or captured at a far higher quality than human senses need, so perhaps only the change from analogue transducers to direct coupling would be the most significant upgrade.


So what would the benefits be of an implanted digital connection linking to a portable computer/mobile phone? A key development would need to be good speech recognition - it'd be tailored specifically to one person's voice, so this is not too far fetched.

It would be possible to, without needing wires..
* carry out a virtually private telephone call
* enjoy music and video privately
* have your own personal alarm clock or reminder service, again, without disturbing others
* remotely control your fully automated house
* surf the web, read email etc without needing a monitor

In the very long term, as direct brain sensing becomes better, it'd be possible to directly control things as though they were an extension of your body, but that's for a whole new blog post!

Tuesday, 17 May 2011

Are search engines and content aggregators stealing from content providers?

Content creations and monetisation

The demand for content on the internet is insatiable, whether for news, fiction, opinion pieces, movies, or music. Those who create this content often want to monetise it either through pay-walls or advertising. Those who consume the content often want it as cheaply as possible or even free. Very popular sites often try a mix of "freemium", pay-walls, advertising and sometimes simply appeals for donation.

Tension between creators, search engines and content aggregators

Making content easy to find is a cause of tension between the content creators, search engines and news aggregators. On the one hand, the content creators want their content to be discoverable which means being featured in search engines and possibly having RSS feeds of articles or other form of syndication, but on the other they may not want to allow entire articles, or significant part, to be indexed and stored and thus lose the change to control access via paywalls or display adverts.

Search engines

Most people are aware of the spats between content providers and search engines, so I will tackle that first.

For example, if a search engine scans and caches the entire page, a person finding it may realise they can access the cache rather than have to login through the paywall. The good news is there are technical measures whereby the content provider doesn't have to block the search engine entirely, it can detect their spider and IP addresses and provide the article text yet tell them not to cache the article.

It's therefore reasonable to suggest that search engines don't steal content by anything other than careless misconfiguration by the content provider, and even then it is possible to have the cached content removed from the search engine if required.

Sometimes a content provider can make amazingly stupid decisions about controlling search engine access, one of the best was when Belgian newspapers decided to be removed from Google and then relisted months later!.



Content Aggregators

A growing concern for content creators is their loss of control due to content aggregators who as an intermediary between consumer and original source. For example, a consumer reading an RSS feed of the article may do so via an aggregator like Pulse, Flipboard or Taptu, and not visit the originating web site at all. With a reduced number of visitors to the web site, the opportunity to display adverts is reduced or even lost, particularly if the aggregator "deep links".

A further problem is that, as intermediary, many aggregators use caching which reduces the hit count on the origin site and feed stale data to the consumer. This skews the statistics for the site, causing them to under-report the level of site activity, this can reduce the value of the site in terms of readership population and diminish the interest of advertisers, cause stale unregistered adverts to be shown, and also prevent the site registering advert fill-rates.

Is there an answer?

The aggregator could provide their statistics to the content provider, if an arrangement could be made, assuming such statistics were kept and were useful. Also in theory the aggregator could artificially "hit" the RSS feed when the consumer refreshed their feed, and likewise "hit" the article to match the count of the consumer reading the article. However, that idea isn't particularly practical, it requires the aggregator to track the consumer (which may not be possible or acceptable to the consumer), and becomes somewhat useless when the consumer uses an offline reader.


Conclusion

I thus conclude that content creators have more to fear from uncontrolled aggregators acting to disintermediate them from the consumers than ever from search engines.

Sunday, 13 March 2011

Airports 1: customer service

I had problems checking in online last night. UA's website decided I neede a Visa, I ended up telling it I had an EEA or something when in fact I needed an EETA/ESTES.

When I came to baggage drop, the UA checkin desk picked up the problem, and it was sorted out ably and quickly by the UA staffer's supervisor, who's name tag I think said customer service director?


It seemed that last night UA's system hadn't found my name in the EETA system hence had decided to ask for other travel permits. It was likely down to issues between Opodo with whom I booked the flight, UA and the TSA.

Not only did they sort it out, they gave me a minor seat upgrade!

Who says airlines have forgotten customer service?

Airports 2: price bubbles

As I sit here eating my overpriced sandwich, drinking a sparkling apple juice I have time to wack out a blog post on thr experience.

Inside an airport there's a bored, captive audience who
have demonstrated their lack of poverty by paying for air travel.

We expect airports to have rip-off pricing, but how much?

So, having time to kill and armed with a smartphone I checked Dixons, who promise to price-match rivals such as JL and Amazon. I only found one item cheaper, the S G T, £5 less. A Canon G12 was 376, a Canon S95 299, an HTC Desire Z for 395, and a Sandisk 16GB uSDHC card (with usb reader) a stunning 80.

The shop assistant was amused, then bemused, when I told her if I'd bought everything I checked, it'd cost me over £150 in their store.

There's actually an outer and inner price bubble, for example before security an USA-UK mains adaptor is 1 cheaper and a medium latte about 0.50 cheaper.

I imagine each shop has horrendous overheads, paying BAA a fortune in rent, so it's not entirely the retailer's fault.

Paul

Sunday, 5 December 2010

Reflections on being a designer or engineer

I recently gave notice to my employer, and it reminded me of one thing I hope for... to not be cursed by the people who inherit my work. Too often I have inherited other people's work and suffered for it, so I hope I don't inflict such pain on others!

Many people designing or engineering things concentrate on innovation, unfortunately often to the exclusion of everything else, in particular to how easy the thing will be to build, test, install or maintain.

Software engineering is, IMNSVHO, particularly guilty of this. Developers hate fixing bad code written by other people, and they automatically (with some justification I have to say) approach any task where they have to pick up someone else's code as requiring a total rewrite. I say this is often justified because the reason the code needs their attention is because there's a problem with it - good code will be packaged neatly with documentation and can simply be used without too much
effort! One problem is when lots of different people have been involved and so you get a patchwork effect, each person having their own ways of doing things.

Having highlighted how it is a problem with software, the pattern is repeated when you refurbish old buildings -  the plumbing and wiring and frequently poor and chaotic having had different people working on parts of the system often with little visible of what else has been done. My father often talked about buildings where to get to water tanks and pipework they had to climb through very small hatches and it would be practically very difficult to get replacement parts into place.

Many people with cars will be aware of the problem that a small component that should be trivial to repair/replace requires significant disassembly before said item can be reached - one infamous example is where to replace a car's headlamp bulb you need to jack the car up and remove a wheel!

One of the various jobs roles I've had is as a systems administrator, which requires installing software and tweaking its configuration to suit the specific requirements, which usually entails integrating several packages to work with each other. After a while in this job you tend to get to quickly recognise software which will be a major headache, due to poor documentation, poor or wrong or absent error logging, or plain old buggyness.

I'd therefore appeal to people who design things, whether architects, software engineers or builders to please please PLEASE consider the poor schmuck who will inherit their work to give a decent amount of thought to testing and maintenance. One day someone will thank you for it, even if they don't ever get a chance to thank you in person! And when you do come across a situation where you inherit someone's work and it's not a nightmare to refactor, repair, test and maintain, do thank them if you get a chance!