Happy New Year!

Our new year’s resolution is to show a sense of childlike wonder at and acceptance of everything we come across, especially this year’s leap second.

Incidentally, this post is scheduled to go live at 2008-12-31 23:59:60. Let’s see what happens!

Update: Movable Type complained when I tried to save the post: “Invalid date ‘2008-12-31 23:59:60’; authored on dates should be real dates.” There goes my sense of wonder. Acceptance, however, remains.

Now will you believe MD5 is broken?

I’m just sitting here blinking, having a Brecht moment in which I am laughing at those who are crying and crying at those who are laughing.

At the CCC congress, a number of people did something dramatic — they created a forged SSL certificate. It’s dramatic, but nothing special.

We’ve known that MD5 is broken for over a decade. It’s been undeniable for nearly five years. We have seen people create colliding PDF documents, we’ve seen a prediction of the last Presidential election by having a multi-collision. This is a clever bit of engineering, drama, and publicity, but anyone with cryptographic sense gives it a shrug.

Nonetheless, the twitterverse and blogosphere are chattering about this, which is what makes me laugh.

On the other hand, there are a number of CAs still using MD5, which made the attack possible and they are only now changing. This is what makes me cry.

In a year that has seen organizations crushed because of heads in the sand when chaos emerges, here’s just another.

Happy Newton, everyone!

In honor of Newton’s Birthday festival, I therefore propose the following song, to be sung to the tune of “The Twelve Days of Christmas.” For brevity, I include only the final verse. All together now!

On the tenth day of Newton,
My true love gave to me,
Ten drops of genius,
Nine silver co-oins,
Eight circling planets,
Seven shades of li-ight,
Six counterfeiters,
Four telescopes,
Three Laws of Motion,
Two awful feuds,
And the discovery of gravity!

The Ten Days of Newton, by Olivia Judson

I miss Montreal

seattle bus stuck in snow.jpg
When Seattle is covered in snow, it’s easy to miss Montreal. Now, folks in areas that get lots of snow like to make fun of Seattlites for being unable to handle a little snow, but it turns out that there’s another reason (beyond the steep hills) the city has a (ahem) unique approach: “Seattle refuses to use salt; roads “snow packed” by design:”

But it turns out “plowed streets” in Seattle actually means “snow-packed,” as in there’s snow and ice left on major arterials by design. “We’re trying to create a hard-packed surface,” said Alex Wiggins, chief of staff for the Seattle Department of Transportation. “It doesn’t look like anything you’d find in Chicago or New York.”

[That’s right Chief Wiggins–you’d be fired if you tried that in Chicago or New York–Ed.]

That leaves many drivers, including Seattle police, pretty much on their own until nature does to the snow what the sand can’t: melt it. The city’s patrol cars are rear-wheel drive. And even with tire chains, officers are avoiding hills and responding on foot, according to a West Precinct officer.

Anyway, after what seems like a solid ten days of continuous snow, it’s 40F/4C and the snow is melting.

[Update: “After storm of criticism, Seattle mayor reverses no-salt policy for snow.”]

At the tail end of the car series…

fake license plate.jpg

Originating from Wootton High School, the parent said, students duplic ate the license plates by printing plate numbers on glossy photo paper, using fonts from certain websites that “mimic” those on Maryland license plates. They tape the duplicate plate over the existing plate on the back of their car and purposefully speed through a speed camera, the parent said. The victim then receives a citation in the mail days later. (“Local teens claim pranks on county’s Speed Cams,” Montgomery (Maryland) County Sentinel)

Eric Rescorla makes some inferences about what happens when you try this:

However, if people are actually getting tickets when you do this, then this reveals some pretty lame procedures by whoever’s running the photo radar system, since presumably the photo of the driver doesn’t match whatever the driver’s license photo of the person you’re issuing the ticket to, and of course the car model probably doesn’t match either.

My educated guess would be it’s easier to bill people and see who argues than check every license plate.

PS: Fonts from certain websites? Try Googling license plate image generator, which is where I found ImageChef to make the image shown. this site has a nicer collection of templates.

PS: Sorry, Eric, couldn’t resist!

News and Lessons from the Auto Market

lines of minis.jpg

“There are no hot segments,” said George Pipas, Ford’s market analyst. “And there really are no hot products.”

So closes an article, “Automakers Report Grim October Sales.” GM, sales down 45%. Ford, -30%. Chrysler, -34.9%. Toyota, -23%. Honda -25%, Nissan -33%.

MINI Cooper: Up 56.4%.

Soon, Ford will be caring about MINI’s market of “only” 60,000 cars a year, which is admittedly a lot fewer cars than Ford sells, and makes it easier to be up.

But I’d like to look a little beyond this for some lessons. I think MINI is pretty prescient in a couple of ways. It’s not just small before small was big. It’s not just cute. What’s really big is the mass customization story and what it means to customer involvement. Almost every MINI is different. The number of factory options is staggering, and then there’s a thriving aftermarket.

So while the Ford will still sell you any color you want as long as it’s black, white or grey, MINI has a dozen colors, some exuberant, and will sell you the roof in the body color, or white or black, and you can get either matching mirror caps, or customize those.

The customization and consumer involvement it brings is huge. A little chaos goes a long way, especially when you’re looking to stand out from the crowd.

As a CTO or as a program manager passionate customers who help you stand out from the crowd can be huge. But your customers can’t really do this unless you prime them. It’s your product. What features are going to excite your customer?

Ford may have answers. In fact, they seem to have better answers than the other American car makers. But they don’t have a wow. And a wow, an emotional response, a tug at the heartstrings is at the core of why MINI was up 56% while GM was down 45.

I drafted this back at the beginning of November, and as I’m getting ready to post, I saw “MINI Shutting Down Production for December,” and “Worldwide MINI sales down 12% for the year.” Near as I can tell, the October numbers are accurate, but I wanted to include context.

Photo: “Lots of Minis” by SquareGraph

Designing Cars

I was struck by this quote in “Edgy, Yet Still Aerodynamic” an article in the New York Times about how new cars are being designed and tested:

To his surprise, in hundreds of tests at Ford’s Wind Tunnel 8 southwest of Detroit the original edges produced less drag than curved substitutes, Mr. Koester said. In the bumper, headlights and hood, in fact, aerodynamics were improved by carefully designed edges.

Usually, aerodynamic shapes are rounded forms that slip through the air. But the wind tunnel is proving that counterintuitive, edgy shapes can reduce the drag coefficient and save fuel or battery power.

Even in fields where repeatable tests seem relatively easy, the expectation and intuition of professionals can be wrong. In information security, it’s far worse.

What are you doing to test your long-standing assumptions?

This is the farewell shoe, you dog

Bloomberg is reporting that “Shoe Hurled at Bush Flies Off Turkish Maker’s Shelves :

Baydan has received orders for 300,000 pairs of the shoes since the attack, more than four times the number his company sold each year since the model was introduced in 1999. The company plans to employ 100 more staff to meet demand, he said.

You can visit Baydan Shoes, and try to find them. Warning: Site plays bad music when you arrive, without an obvious off button.

Via Marginal Revolution.

Thoughts on the Somali Pirates

Stratfor’s podcast on the seizure of that Saudi oil tanker contained a fascinating tidbit: merchant ships are no longer allowed to carry arms at all, which, of course, makes piracy far easier. This is a dramatic transformation of the rights of merchant ships. Historically, private ships carried weapons when sailing far out of their own waters, and such weapons were an important deterrent to piracy.

As the nation state has claimed primacy over other entities, and exclusivity on the use of force, it has also worked an inter-national system based on the idea that only the state may employ violence. Entities which aren’t governments, say shipping conglomerates, don’t get a vote.

I didn’t realize that extended as far as officers of ships being unable to carry sidearms. I had wondered why ships sailing the Gulf of Eden didn’t convoy for mutual protection, and apparently the answer is that they can’t offer each other any. A few small machine guns would dramatically alter the payoff choices that pirates make. As is, they’re restricted to non-lethal means like water cannon.

Of course, to maintain it’s monopoly on the legitimate use of force, the state cannot allow even sidearms on ships. It also seems that it’s become hard to capture pirates. The Royal Navy has gone from hanging them to not capturing them to avoid claims of asylum in the UK. (Hanging pirates was in part a practical measure, given the lack of a secure brig on a smaller naval vessel, and the risk that the pirates would escape and capture their captors.) Of course, cheers for the Indian Navy have subsided somewhat, given that the pirate mothership they destroyed was a Thai ship with its crew held hostage inside.)

The fundamental trade, where the state has a monopoly on violence in exchange for preventing everyone else from employing violence, is a pretty good one when it works. (Assuming that rights including self-defense are not abrogated.)

But Somali pirates are only one of the ways in which the Westphillian system of national primacy is breaking down. Terrorism is another, as are the failure to deal with genocides in the Sudan or Congo.

Citizens, Juries and other Balances

the farewell kiss you dog.jpgFollowing on my post on Parliaments, Dukes and Queens, I’d like to talk about other checks on the power of government, besides throwing tea into the harbor.

In Britian, “a jury has failed to clear police in the death of Jean Charles de Menezes.” The jury is the first group who, frankly, has not whitewashed the death. Investigations by Scotland Yard, The Independent Police Complaints Commission and the Crown Prosecution Service all failed to find any form of punishable fault by the armed police or their leadership.

In New York, a police officer who wrongfully arrested a bike rider and lied about what happened has been indicted, “Officer Is Indicted in Toppling of Cyclist.” Charges have not yet been revealed, but I’m hoping for perjury and assault. The interesting thing about this case, which I’ve followed a little, is what changed everything was video of the incident.

Meanwhile, one of the illegal wiretap (2005 variant) whistleblowers, Thomas Tamm, has come forward. In “The Fed Who Blew the Whistle,” Michael Isikoff writes:

At one point, Tamm says, he approached Lisa Farabee, a senior counsel in OIPR who reviewed his work, and asked her directly, “Do you know what the program is?” According to Tamm, she replied: “Don’t even go there,” and then added, “I assume what they are doing is illegal.” Tamm says his immediate thought was, “I’m a law-enforcement officer and I’m participating in something that is illegal?” A few weeks later Tamm bumped into Mark Bradley, the deputy OIPR counsel, who told him the office had run into trouble with Colleen Kollar-Kotelly, the chief judge on the FISA court. Bradley seemed nervous, Tamm says. Kollar-Kotelly had raised objections to the special program wiretaps, and “the A.G.-only cases are being shut down,” Bradley told Tamm. He then added, “This may be [a time] the attorney general gets indicted,” according to Tamm. (Told of Tamm’s account, Justice spokesman Boyd said that Farabee and Bradley “have no comment for your story.”)

By now its obvious that individuals, empowered by technology are increasingly able to act as a counter-balance to some of the power of the state. This is relatively new and still nascent. The ability of random passers-by to video events is only a few decades old. The ability to get stories out there and draw attention to them has increased tremendously with the rise of Usenet, blogs, Facebook, etc. Of course, people have always stood up to the state, but I think the addition of video and networking make it easier and a more interesting balance than it has been.

This, of course, requires citizens to be active, engaged, and united. All the outrage over illegal wiretapping was effectively countered with propaganda alleging that illegal was the only way to wiretap, or that the law was outdated. It also requires the citizenry to be jealous guardians of their precious liberties.

I’ve been going back and forth on this post, in part because Muntazer al-Zaidi was beaten by jailers, and is facing a 7-15 year jail sentence for ‘offending the head of a foreign state.’

In unrelated news, the Obama transition team has done an internal review, which, shockingly, “Finds No ‘Inappropriate’ Contacts With Blagojevich

Evidence of Time Travel Found in China

The twain meeting

According to Ananova, a Swiss watch-ring has been found covered in dirt in a four-hundred year old Ming dynasty tomb. The watch was found, covered in dirt. It was stopped at the time 10:06 and has the word, “Swiss” engraved on the back.

The archaeologists on the dig have requested archaeologists from Beijing to help them unravel the mystery.

Emergent Chaos contacted the Hong Kong representatives of Allied Epochs, a time-travel law enforcement agency, who told us that an investigation into the matter is already ongoing, but no report on the incident is available yet.