Category Archives: Security

Celebrating 750 years of Peeling the Onion

Data integrity issues live at the heart of any reference material, but Wikipedia and the rapid-release cycle of Internet content has created a whole new level of controversy.

The Onion has put together a fine example of this in their fun article: Wikipedia Celebrates 750 Years Of American Independence

“At 750 years, the U.S. is by far the world’s oldest surviving democracy, and is certainly deserving of our recognition,” [Wikipedia founder] Wales said. “According to our database, that’s 212 years older than the Eiffel Tower, 347 years older than the earliest-known woolly-mammoth fossil, and a full 493 years older than the microwave oven.”

I love reading the razor-sharp work of the Onion, but I have just two words for them: Pot. Kettle. Black.

Take, for example, their recent analysis of the recent cease-fire by Hizbullah:

As the cost of rocket fuel soared to $630 per gallon Monday, Middle Easterners who depend on the non-renewable propellant to power 10-kilogram rockets have been forced to severely restrict their daily bombing routines, bringing this latest round of fighting to an unexpected halt.

“The way things are going, I won’t have any money left over for other necessities, such as anti-aircraft missiles, land mines, and machine guns,” said Hezbollah guerrilla Mahmoud Hamoui, who is just one of hundreds of Islamic militants compelled to scale back their killing until rocket-fuel prices return to their pre-2006 levels.

That’s rediculous. Everyone knows rocket fuel hit $972 per gallon.

Galileo Test Satellite Code Cracked

The Guardian’s “free our data” series reports on a team of researchers including a Cornell professor who wanted to test their receiver with the publically funded Galileo geo-location satellite system. They first discovered that the signals were encoded. Then, when they requested access, they were told to wait. So, naturally, they instead cracked the codes:

Galileo’s spokesman downplays the significance of Psiaki’s code-breaking efforts. “We expected this,” he says, “because the codes on the test satellite are easy to crack. In the Galileo system satellites will use different codes and to crack them I would say they will need 100 years.”

In that case, why not publish them in the first place? The more significant question is the incident’s impact on private investors. It is unclear how a commercial service can make money competing with a free service. Galileo’s spokesman argues that subscribers will be attracted by the system’s guaranteed reliability.

Psiaki, however, says: “It always seemed to me a little odd that you could get enough subscribers to a paid service when the free one is pretty good to begin with.” He can sympathise if Galileo does want to charge “a nominal fee” for the open service. But one thing he says Galileo can’t do is protect the open service with more secure codes, because of that EU-US agreement. In the end, he says, “these simpler codes may be the ones that are the most valuable commercially, because these are likely to be the preferred codes for mass-market receivers”.

StarBucks makes Grande error

Hard to know what the giant coffee company wanted to happen when they distributed a coupon via email for free coffee. The coupon was a simple image file and was quickly forwarded to a wide audience. Viral marketing or botched campaign? Their “rumor response” page claims that the coupon was not intended to be so successful:

An email offering a free Starbucks iced coffee was distributed to a limited group of Starbucks partners (employees) in the Southeast United States on Wednesday, August 23, 2006 with instructions to forward to their group of friends and family. Unfortunately, it has been redistributed beyond the original intent and modified beyond Starbucks control. Effective immediately, this offer will no longer be valid at any Starbucks locations.

We apologize for any confusion and inconvenience as a result of this offer.

At more than $5.00 for a large (grande) iced beverage, I could be convinced that this was a mistake. However, when you look at the announcement above (“group of friends and family”) as well as the fine text of the coupon, the rules just seem too unsophisticated to be unintentional. I mean, it does not even say something obvious like “Southest Starbucks Employees only”. They clearly used the word “person”, instead of a more specific term like associate employee, or staff member. The only thing worse might have been “per life-form”. I can just imagine people bringing their pets to Starbucks — “here’s my coupon and, let’s see, my fish wants an espresso and my dog would like a latte”:
starbucks fine print

Oh well. I guess you could ask your “Barista” for discount code 114 instead and they might just be so impressed (could they be sequential?) they will punch it in without question. Of course, you will have to try not to look surprised then they give you a ceramic candle-stick holder for half price.

FAA admits fault

The US air controller crisis might finally get the President’s attention following this admission:

The Federal Aviation Administration admitted it broke its own rules in putting only one controller on duty.

We often forget how important the controllers are, since they are the least noticed when they are doing their best work. For some much needed perspective, I went back and reviewed the 1981 testimony to a US congressional subcommittee by the Air Traffic Controllers Organization President Robert Poli:

Controllers constantly face countless situations which require them to make decisions affecting the lives of thousands of people. … Day in and day out, they must guard against even the smallest error, for a mistake could kill hundreds. There is no room for guesswork, nor is there time to sit back and leisurely consider a traffic situation. Decisions must be swift, positive and correct. … Being able to accept such an intense level of responsibility is at the heart of the controller’s job. However, its residual effects are felt in every aspect of his life. Over time, while dreading the terrible consequences of one incorrect control decision, the controller loses the fight to the knowledge that he is human and, in the long run, fallible. The strain created by this internal war generates insidious effects on the controller’s entire life. They can manifest themselves in physical or mental disorders, social withdrawal, marital trouble or concealed alcoholism.

This was in the weeks and days up to the decision by President Reagan to fire over 10,000 striking controllers and begin private contracting for air traffic control. Fast forward to 2004 when complaints very similar to those in 1981 were again coming from the controllers facing staff shortages. In particular, the National Air Traffic Controllers Association requested in 2003 that an additional 1,000 new air traffic controllers be authorized each year for three years.

The current controller workforce is stretched to the limit and we cannot call up the reserves. There are no reserves. That is why we also ask this Subcommittee to stop the FAA from terminating, removing, transferring or reassigning any air traffic control specialist solely because the agency erred in hiring that individual after he or she reached the maximum entry age.

President Bush instead passed a four-year $60 billion bill that increased the number of privately funded control towers and gave funding for only 302 controllers.

So you might want to take a moment to think about all the money being spent to keep America safe and how it is really working when understaffed and often underpaid controllers have been warning of very clear and present danger. National Air Traffic Controllers Association president John Carr put it this way in his 2003 testimony to a US congressional committee:

The thousands of controllers hired during the post-PATCO recovery period will reach retirement eligibility soon. Based on FAA data, over 50% of the workforce will be eligible to retire by 2010. The Government Accounting Office reports the number is even higher. Currently, there are not enough controllers to fill the gap. A new hire is not a replacement for a full performance level retiree. It takes anywhere from three to five years for a new hire to become a full performance level air traffic controller. Most of this training is on-the-job and requires a certified controller to staff each position along with the trainee.

Therefore, the FAA must immediately begin hiring and training the next generation of air traffic controllers to prepare for the wave of upcoming retirements, the increased traffic and system capacity enhancements. Addressing this issue can no longer be deferred because of the significant time required to train new controllers. If we do not begin to hire and train new controllers today, we will be left with a system that is woefully short staffed and unable to accommodate the demands for air transportation.

Predictable disaster?

Edited to add (8/30/2006):

The Associated Press has provided some more insight into the Kentucky controller and crash. Short-staffed, the controller on the job also appears to have been asked to carry long shifts with little rest:

National Transportation Safety Board member Debbie Hersman said the controller had only nine hours off between work shifts Saturday. That was just enough to meet federal rules, which require a minimum of eight hours off between shifts, Hersman said.

“He advised our team that he got approximately two hours of sleep,” Hersman said.