Category Archives: Security

Energy, Security

Toyota rides sustainability wave

Leave a comment

Sales are booming for the hybrid maker Toyota. They say sales are up for all their vehicles, including SUVs, but I find it particularly interesting that they are now talking about making over 300,000 hybrids a year. Just a couple years ago they were tepid about making less than 50,000 a year, concerned that the market would be small or fail to evolve. Now the news is that the company is firing on all eight batteries:

Japanese car firm Toyota has seen its vehicle sales soar in September, compared to a year earlier, in sharp contrast to those of its US rivals. The car firm saw year-on-year sales rise 20%, helped by sales of passenger cars…

[…]

Sports Utility Vehicles (SUV) and trucks – traditionally major businesses for US car firms – have lost their appeal in recent months with rising oil prices.

This trend was confirmed by Ford’s results, which saw car sales rise by 26.2% for the period – while sales of its trucks declined by 5.5%.

Also interesting is that the US companies are now even talking about taking bonuses back from executives:

After a board meeting on Tuesday, GM said it would change its bylaws to require that executives return bonuses or incentive compensation, should the firm restate its financial results.

On what strange computer did they figure bonuses when their company was headed for major headaches? Is this like the captain of the Titanic pushing for more speed as he boasted of the ships resiliance to disaster? Were the numbers simply wrong, or was GM and Ford management unable to understand the warning signs?

Poetry, Security

Hummingbird

Leave a comment

by William Talcott (1936 – 2006)

When they’re hard
up for sugar they’ll steal bugs
the spiders wrapped in their webs.

The bones of the arm are so reduced
the wing’s a feathered hand.

The poet has one in the peach
branches of his poem
on top of news from the gulf
and scattered references to machismo.
I arrive in time to add an Aztec note.

I’ve seen the tongue
insinuate its way to the sweet
center of a rose.
I’ve heard the tick tick in fuschias
like little bombs.

They say the consecration of its temple
required the blood of ten thousand hearts.

And here is an article in CNet about Talcott’s lost passwords, as mentioned by Bruce.

Are they the tongue of the hummingbird? Could his passwords be hidden in his poetry?

History, Poetry, Sailing, Security

Nine Million Bicycles

Leave a comment

I was listening to a song called Nine Million Bicycles by Katie Melua and wondering why it reminded me so much of riding in dusty old buses in the country…and then I suddenly realized the melody was a near exact match of the ballads I used to hear when travelling around asia many years ago.

The bridge of the tune, rather ironically, doesn’t fit and I am skeptical every time I hear her beckoning me to cross it with her. Warm by the fire? Just believe everything that she says? She offers hope in her words, yet her soothing voice is a haunting reminder of the lonliness that can often take a seat right next to you on a late night journey down empty roads. Have you ever leaned your head against a cold rattling window, unable to point the way home, and pulled your jacket tighter to try and shut out a chill?

And while I find myself wondering about the trust implied in her lyrics, perhaps in a similar way that Ulysses lashed himself to his mast near the Island of Sirens, others have apparently taken up a more literal issue with the lyrics of the song:

I suspect that Katie took some poetic licence in order to make her lyrics scan. She replaced the bisyllabic number “14” with the nearest monosyllabic number, namely 12″. This alteration is just about acceptable, but the next line in the song is unforgivable. To say that the age of the universe is “a guess” is an insult to a century of astronomical progress. The age of the universe is not just “a guess”, but rather it is a carefully measured number that is now known to a high degree of accuracy.

While Simon Singh is technically correct, I feel he is missing the point of her expressing a “fact” in the face of the number of bicycles in Beijing and age of the universe. Although we may feel small, and we may feel lost and insignificant, she tells us not to worry because there are boundaries in time and a real significance to our relationships. Perhaps the fire she sings of is something I was wishing for on all those long nights. A sad yet joyful ballad, about trust, love and…leaps of faith.

Now if I could just stop playing the song over and over again.

Security

Election Official Accountability in Los Angeles

Leave a comment

Some scary comments from a Los Angeles City Beat interview with the infamous McCormack:

On credentials:

CityBeat: How do you respond to the charge by Kim Alexander of the California Voter Foundation that you put 40,000 votes at risk by asking Diebold to alter the software on the eve of the recall election?

Conny McCormack: That woman has absolutely no credentials in elections. It’s almost laughable. She says I put 40,000 votes at risk. I would never do that. I wouldn’t have a job if I did that.

That is a rather immature logical fallacy. She is attacking the other person’s character rather than answer the argument presented to her. And who in their right mind would use “I have not been fired, therefore I must be qualified…” as a defense? That’s a high-stakes politicized strategy since she infers that her opinion on any subject will always be “correct” until she gets fired. Because she has been wrong before, and yet still has a job, therefore she may be wrong again and still keep her job. See Donald Rumsfeld for another example of this dilemma.

But, since McCormack brought it up, it turns out Kim Alexander is a seasoned researcher who has focused on voter privacy and computerized voting systems. She was even recognized by the EFF for her efforts. According to her bio:

In 2004 she received the Electronic Frontier Foundation’s Pioneer Award, along with computer science professors David Dill and Avi Rubin, for their pioneering work spearheading and nurturing the popular movement for integrity and transparency in modern elections.

And according to the EFF:

In 1999 she served on California’s Internet Voting Task Force, which in 2000 issued the first comprehensive study of Internet voting security and concluded that the Internet was not yet a safe place for securely transacting ballots. In 2003, she served on the California Secretary of State’s Ad Hoc Touch Screen Voting Task Force. The task force report included a minority opinion of which Alexander was a co-author. The California Secretary of State adopted the opinion, and as a result, California is the first state in the nation to require that electronic voting machines provide a voter-verified paper trail.

[…]

Prior Pioneer Award recipients include Tim Berners-Lee, Linus Torvalds, and Vinton Cerf, among many others.

Impressive credentials indeed! McCormack is clearly not only mistaken about Kim Alexander, but it looks like McCormack may have an axe to grind with her — aside from political battles over state regulations and favored vendors, there may be a pride issue related to Alexander’s recognition for leadership and influence.

Back to the interview…here is McCormack on Diebold:

You are friends with Deborah Seiler, Diebold’s chief sales representative in California, and L.A. County is now buying equipment from Diebold. Is the friendship appropriate?

I’ve had a long-term friendship with her. There’s nothing wrong with a friendship. Has it influenced my judgment? Of course not. In terms of the Diebold contract for L.A. County, I was not on the evaluation committee. I removed myself from that. But Diebold was the only vendor that met all the requirements for L.A. County. Sequoia wrote a letter saying it could not meet the requirements.

Perhaps because the requirements could not be met securely? People say she is a shill of Diebold and, well, the facts do point in that direction. Why anyone in her position would flaunt friendship with a company like Diebold as “nothing wrong” is downright baffling. “I understand people’s concern” would sound more reasoned and mature, but the absolutism in her position belies a defiance of the facts and a lack of propriety. Remember how Randy “Duke” Cunningham insisted he did “nothing wrong” until he entered his plea?

McCormack on certifying software:

Isn’t proper certification of election software an issue?

We have been using and patching software in L.A. County for over 30 years. Whenever changes are made, an incredible amount of testing is done — literally thousands of checks. Now, there have been infractions by all vendors, including in L.A. County. We have not been dotting every “i” and crossing every “t” to certify all the software. But it would be the biggest irony, to me, to have someone say that because we hadn’t done it by such-and-such a date we couldn’t do it.

Wha? Huh? Whoa Bessie! Release known flawed elections software because it is capable of being fixed in the future? She really takes the concept of risk management to new lows. The threat (T) is high, the value of the assets (A) is high, and yet she wants to ignore the vulnerabilities (V)? If you accept the formula “Risk = T*A*V” then I find it impossible to tell anyone the risk is low when the vulnerabilities are not dealt with appropriately. My comments on this topic ended up on Bruce’s blog.

And finally, McCormack on proprietary software:

Isn’t there a problem with the software being proprietary, making it almost impossible for the Secretary of State’s office to examine it?

They have the authority to examine it, or they can go to court and ask a judge if they can examine it. Proprietary software has always been used in elections in this country. That doesn’t mean it is evil, or that there is anything wrong with it. It is just a way of preventing competitors from coming in and stealing it.

She’s deferring the question to later, perhaps with full intent to block any attempts to expose proprietary software. Who would be able to convince a judge to let the public take a look at the source code and under what terms? What would such a challenge look like?

In other words, she is apparently more concerned with the likelihood/ability of someone challenging the software’s security than with someone breaching its security. And so I support Bruce Schneier’s criticism that this election official has foolishly and apparently carelessly confused secrecy with security.

Another expert counter-point is provided in Ed Felton’s recent testimony (PDF) on Electronic Voting Machines to the US Congress:

Intuitions developed with older technologies can mislead when applied to computerized systems.

[…]

Getting the details of voting right is difficult, especially in today’s high-tech polling place. But failure is not an option. The stakes are too high, and the risk of malfunction or fraud too great, to make our current course tenable in the long run. We need to work harder and smarter, exploiting the knowledge of both election experts and technical experts.

Very eloquently stated.