Below are the 20 most recent journal entries recorded in saham's LiveJournal:

[ << Previous 20 ]

Thursday, April 3rd, 2008
8:55 am	Obama's view of abortion Yikes!! It looks like Obama supports abortion of babies who survive the abortion process. Most activists supporting abortion recognize the right to life of babies who were born regardless of the attempts to terminate the pregnancy. I believe life begins at conception, that is when the eternal human spirit is attached to the physical body. (Comment on this)
7:22 am	More on OOXML Some more commentary from Groklaw. The voting irregularities in many countries around the world all follow the same pattern. All the government and academia representatives say OOXML is nowhere near ready to be issued as a standard, and the representatives of commercial interests say the problems have been fixed sufficiently, or that the standard is important enough to approve now and fix later. For some reason the final vote leans towards the wishes of the commercial interests. The final votes were cast before updates from the BRM were published. Huh??!! Something is seriously wrong here. Would you fly a plane before the manufacturer had retested all the fixes made after the first round of testing? The BRM discussed at most only 20% of the comments. That is nowhere near 'fixed sufficiently'. The 'approve now and fix later' argument is just not the way standards work. Anyone who has been involved in the standard-setting process knows that. If the standard really is that important then the stakeholders will be prepared to go through another round of deliberations and present the specification for a new vote WITHOUT the need of having something approved first. The representatives of commercial interests are in a very sticky position. If Microsoft decided to withhold or delay release of critical software updates then they could lose out to their competition. Microsoft is defending their own survival in the marketplace so there is reason to believe they would use whatever leverage they have. Groklaw has further comment on how the ISO standards process has been gamed for OOXML. (Comment on this)
Wednesday, April 2nd, 2008
1:00 pm	Approval of OOXML The press release from ISO. An interesting proviso: Subject to there being no formal appeals from ISO/IEC national bodies in the next two months, the International Standard will accordingly proceed to publication. Groklaw describes some complaints about the ballot process. Norway has officially registered a protest. Some comment from a local hero, Mark Shuttleworth, from ZDNet. And a post from KDE. Be sure to read the comments. Comment from NoOoxml.org. [Update 3Apr: fixed KDE link] (Comment on this)
Monday, March 31st, 2008
8:39 am	RFID implants Using RFID implants for identification is not as foolproof as its backers would like everyone to believe. The idea is to implant an RFID chip under the skin. The chip contains only an identification number, which it will transmit on receipt of the correct radio frequency. The identification number is looked up in a separate database to see who it belongs to. The chip is powered by the radio frequency. Security measures have to be put in place to prevent RFID identification fraud: 1. Non-official sources of RFID chips must be eliminated. 2. The RFID chips must retain their original numbers no matter what, ie. non-reprogrammable. 3. Measures put in place to detect forgeries, ie. rogue RFID chips affixed on the skin. 4. Medical personnel who are able to insert or remove RFID implants have to be prevented from doing so unless authorized. Immediate loss of employment is a strong deterrent. 5. Measures put in place to prevent removal of the RFID chip by the owner. For example, some sealed small amounts of toxic substance can be placed around the chip which would be released if the skin was cut. There are a number of problems: 1. Databases linking identification numbers to people are still subject to error and abuse. 2. Existence of rogue RFID chips despite the countermeasures. This leaves room for the type of identity theft which RFID implants were supposed to solve. Few remedies may be available to the victims, if any. 3. Potential health risks of having an RFID transmitter under the skin. Some people may be more sensitive and react differently than others. What happens if some food additive unexpectedly causes things like allergic reactions? Will the sufferers figure out what is going on, and if they do will anyone believe them? 4. Skin wounds near the implant may be life-threatening. Robbers might stop holding a gun to the head and start holding a knife to the implant instead. What happens if a car accident victim gets a cut across the implant? More commentary here. Use google to search for "mark of the beast" to see what sort of public relations exercise would be needed to get RFID implants accepted. [Update 3 Apr] More risks, by MSNBC. The risk of privacy invasion is high. Anyone with a scanner can read your implant identification number and use it however they want. Scanners mounted in doorways can register your presence without your knowledge, for use by anyone who can gain access to the data besides whoever installed the scanner. The implant can move about under the skin so it can take some effort to locate it before it can be removed (no anti-removal technologies yet). There is also scar tissue to be removed in the process. Implants cannot be read in ambulances because there is too much radio interference. There are a number of ways of introducing RFID implants gradually. Pets, merchandise and valuable plants have already been done. Next comes tagging of young and elderly patients in hospitals, tagging of prisoners, voluntary tagging of personnel who need access to secure areas. Later tagging becomes a prerequisite for certain employment positions, or for special convenience at pay points and checkpoints. The companies manufacturing the implants will naturally downplay adverse medical reactions. Many governments and others who crave power will find the surveillance provided by RFID implants irresistible and may mandate their use. What guarantee do patients have that they will not be tagged while under sedation? How would they know? And if they do find out, who will foot the bill for removal of the implant? (Comment on this)
7:44 am	Security Risks Some comments from a Risks Digest issue. Heart device vulnerable to hacker attack: aka wireless communications traps: A few years ago I was a developer on a pet tracking project. The collar-mounted and base station units were supposed to be "auto-pairing" when powered up or if replacement units came into range but it took me ages to convince the customer and project manager that if a few neighbours all used the units they could pair up in 'interesting' ways at odd moments. As far as the customer was concerned I was just being lazy and didn't want to solve in software what they regarded as a non-issue. Telling the end-user to press a button on each device at the same time to make them pair up was apparently overly burdensom. My concerns were overridden and I sighed with much relief when the customer finally realised the low-cost GPS hardware they had picked wouldn't work indoors and cancelled the project. Payment by fingerprint: aka the biometric trap: The problem with biometric identification is that if someone has figured out how to forge your biometric data, how do you recover? Will they implant new fingerprints or irises? Biometric data must be combined with other forms of identification such as a smartcard, so one of them can be replaced in the event of a breach. Some fingerprint scanners can be fooled with a gelatine finger plus heating element. The possibility also exists that the biometric scanner can be bypassed and a rogue device supplies the same electronic data that the scanner provides, using a classic replay attack. My bank has a few nice security features for internet banking. 1. The login page requires two separate passwords for fooling systems which expect only one password. They used to pop up a keypad for entering a PIN code by mouseclick but sadly Vista made that too much of a headache. The mouseclicks bypass the keystroke loggers. 2. There is a monthly electronic payment limit. I can change the limit only by going to the bank and presenting my ID which has a photo of me, and the bank reserves the right to cap the limit they will give me. If anyone manages to do transactions on my account then the damage is limited somewhat. 3. For some actions such as adding a beneficiary and topping up my prepaid cellphone account, the bank sends me a SMS with a one-time password which I have to enter on the web page. The password expires within 15 minutes of it being sent to my cellphone. The web page lets me request a new onetime password. To change my cellphone number I have to go to the bank and present my ID. 4. The bank website uses https. These measures make life more difficult for anyone trying to break in, without making too-onerous demands of me to get done what I want. There is no guarantee that someone who has much time and money will not be able to get into my account, but regular thieves will be more tempted to find an easier target. (Comment on this)
Thursday, March 27th, 2008
1:02 pm	OOXML vote soon The ISO vote on OOXML happens in the next few days. Just a reminder that Microsoft's livelihood may depend on getting ISO certification for OOXML. Beware the one who is fighting for their own survival - they may not care what they destroy in the process. Apparently the good reputation of ISO is worth sacrificing. Microsoft's problem is that a good three quarters of their income is still derived from Microsoft Office and Windows operating system sales. The government contracts they crave often require the use of recognized standards. Microsoft will not support ODF except in superficial ways because ODF eliminates the customer lock-in which Microsoft has been using for over a decade to maintain its market dominance. Anyone who has tried switching from the Microsoft Office file formats to another software vendor knows the extreme frustration involved and why the strategy has been so effective. Microsoft has strong business reasons why it won't support ODF, but of course they won't say so, instead they complain about "technical problems" which no-one outside the company can verify, and appear to try help others develop workarounds. Anything to maintain the illusion that they would support ODF if they could. Even if OOXML did become a standard there is no way to force Microsoft to comply with it. Microsoft is still committed to its customer lock-in tactics and they will make sure no other application will truly be able to compete with Microsoft Office. Cold hard business facts. Some more discussion on the technical problems with OOXML and some of Microsoft's bully tactics in pushing ISO to accept OOXML as a standard. (Comment on this)
Friday, March 21st, 2008
9:23 am	Mercury problems with CFL bulbs Each compact flourescent light bulb contains enough mercury to contaminate thousands of gallons of water. 1 gallon is over 3.7 litres. Link to MSNBC article. Some US counties have banned throwing CFLs out in the trash but there are insufficient disposal facilities. The US EPA (Environmental Protection Agency) provides a detailed list of instructions on how to clean up a broken CFL bulb to avoid contamination, even while it says the levels of mercury are low. In just more than a year, since the beginning of 2007, 9 million fluorescent bulbs have been purchased in California and who knows how many in the rest of the world. Even if mercury-free CFLs becaome available tomorrow there will still be millions of broken bulbs ending up in landfills around the globe, leeching mercury into the water supply. Now how do I choose between mercury poisoning and air pollution from less efficient lighting? Finally, here are the EPA instructions on handling a broken CFL: Source: U.S. Environmental Protection Agency How to clean up a fluorescent bulb Before cleanup: Vent the room 1. Open a window and leave the room for 15 minutes or more. 2. Shut off the central forced-air heating/air conditioning system, if you have one. Cleanup steps for hard surfaces 3. Carefully scoop up glass fragments and powder using stiff paper or cardboard and place them in a glass jar with metal lid (such as a canning jar) or in a sealed plastic bag. 4. Use sticky tape, such as duct tape, to pick up any remaining small glass fragments and powder. 5. Wipe the area clean with damp paper towels or disposable wet wipes and place them in the glass jar or plastic bag. 6. Do not use a vacuum or broom to clean up the broken bulb on hard surfaces. Cleanup steps for carpeting or rug 3. Carefully pick up glass fragments and place them in a glass jar with metal lid (such as a canning jar) or in a sealed plastic bag. 4. Use sticky tape, such as duct tape, to pick up any remaining small glass fragments and powder. 5. If vacuuming is needed after all visible materials are removed, vacuum the area where the bulb was broken. 6. Remove the vacuum bag (or empty and wipe the canister), and put the bag or vacuum debris in a sealed plastic bag. Disposal of cleanup materials 7. Immediately place all cleanup materials outside the building in a trash container or outdoor protected area for the next normal trash. 8. Wash your hands after disposing of the jars or plastic bags containing cleanup materials. 9. Check with your local or state government about disposal requirements in your specific area. Some states prohibit such trash disposal and require that broken and unbroken lamps be taken to a recycling center. Future cleaning of carpeting or rug 10. For at least the next few times you vacuum, shut off the central forced-air heating/air conditioning system and open a window prior to vacuuming. 11. Keep the central heating/air conditioning system shut off and the window open for at least 15 minutes after vacuuming is completed. --- end --- (2 Comments |Comment on this)
Tuesday, March 4th, 2008
6:08 pm	The OOXML Ballot Resolution Meeting ECMA reports the BRM this way: link. Quote: The Ballot Resolution Meeting was a very productive and positive meeting, where National Bodies' representatives worked together very hard, resolving many issues, to come to an improved final DIS 29500 text, which will now be offered to the consideration of all National Bodies participating. Very carefully worded to gloss over the fact that 80% of the comments were not discussed and that most of the comments which were discussed were amended before being adopted. Just because some comments were accepted does not mean the representatives agree the standard as a whole is acceptable. The problem with an international standard is that a single comment may raise a problem serious enough to cause rejection of the whole standard. 80% is a mighty big window. The ODF Alliance's view(PDF) of the BRM. Rob Weir's eyewitness account: The Art Of Being Mugged. Quote: As the meeting concluded, ITTF requested that we not call the vote a "default" vote. "These were your choices, voted according to the rules you adopted," we were told. I reject this revisionist portrayal of the events. This was not my choice. This was merely the least bad of several bad choices that the ITTF deigned to allow us at the end of a grueling week trying to resolve 3,522 issues in bloated, technically immature proposal that has been mismanaged from the start. (Comment on this)
Tuesday, February 26th, 2008
3:41 am	Microsoft's bid for Yahoo Link Microsoft is still pursuing a merger with Yahoo. I have an email address with Yahoo, I'd prefer MS to keep their mitts off! Apparently much of Yahoo's programming talent plans to leave if MS buys them out. It seems MS's hunger for Yahoo stems from their inability to get MS products providing reliable server farms for email, web services and the like. Very much unlike the stable Linux and Unix systems. It would be a sad day indeed if MS destroys Yahoo, and I *really* don't need yet another reason to dislike MS. (Comment on this)
2:34 am	MacBook A friend of mine purchased a laptop recently with Vista on it and asked me to help install some software. I will be avoiding Vista whenever possible, it's like a micromanaging parent who insists I do absolutely everything exactly the way they want. After working with Linux, Vista feels like a straitjacket. After getting nervous about not being able to purchase XP anymore I started looking around and found that purchasing a reliable laptop with XP here in SA was a daunting task, so I decided to take the plunge and invest in a MacBook. I would've loved to get a MacBook Pro, but the white/silver case and price tag put me off so I got the black MacBook. A few hours later I'd gotten Boot camp and XP running -- I've got a few favourite Windows apps without Mac counterparts. And just in time, too, my job offer with the Delphi project arrived a day or two later. Programming in Delphi on XP on a Mac took a bit of time to get used to. Having XP and Mac OS side-by-side reassures me my avoidance of Vista continues to be a very good decision. I do most of my internet surfing in Firefox with the Mac OS, primarily for security reasons, but after XP it is just plain luxury. Seeing the BSD Unix command shell is an indescribable pleasure even though I haven't had reason to use it yet. My main quibble is the absence of a Delete button, so I have to find context-menus to delete stuff which can't be deleted with a backspace. Mac OS mounts the Windows partition in read-only mode. To get past that I had to install MacFUSE and the NTFS-3G drivers. Installation was the usual Mac dream of launching the package installer and clicking Next a few times. Just a bit more complicated than installing my USB 3G modem - that one didn't have so many clicks on the Next button. With Microsoft Windows I switch off as much of the animation as possible because it really irritates me. With the Mac the animations feel like an intrinsic part of the character of the OS. I'm a really sensitive person so maybe I can pick up Microsoft's hard-sell approach to software design versus Apple's carefully thought-out and well-considered interfaces. The translucent Dock is adorably cute and professionally functional all at the same time, summarizing nicely the difference between Apple's pioneering work and Microsoft's slapped-together catch-up. A bit like the difference between the British and SA versions of The Weakest Link -- the British presenter has a slightly dominatrix style with strong undercurrents of good humour, the SA one was just plain nasty at the expense of the the contestants. One of my favourite Get A Mac adverts is the one titled "Security" here. A bodyguard asks the Windows character whether to allow or deny just about every action taking place. Apple have taken on board the Unix approach to security -- for sensitive actions such as installing software or making configuration changes there is a pop-up requesting the administrator username and password, which then apply to that action only, the other running applications keep their non-administrator status. Nicely unobtrusive. Vista is just in your face all the time. There are thousands of viruses targeting Windows systems. There has been just one virus targeting the Mac, and for it to work you have to give it the administrator username and password so it can install itself. (Comment on this)
2:11 am	Extended break My previous employer was shut down by the parent company. A new company was started with the aim of retaining all the in-house knowledge but I decided to use my retrenchment package for a few months holiday till I find other employment to my liking. Something closer to home. All these years I've been using the company's internet link so I found myself without internet access from home. To take an effective break I decided not to get my own internet access for a while and I'm proud to say I managed a good month and a half. Since 1995 I haven't been without email or the internet for more than a week or two at a time. I've recently had a job offer but a prerequisite for the interview was a technically challenging project implemented within a few days. In Delphi. Haven't used that for over 9 years, though I did have a Pascal project about 5 years ago. Oh well, the project turned out to be a very productive experience in getting me back into Delphi mode. Now to wait until I hear whether I'm getting an interview. (Comment on this)
Thursday, December 13th, 2007
1:21 pm	More on CAPTCHAS Link Let me dare to opine about things a little outside my scope of expertise... The first thing about security measures is to ensure the cost of breaking in is higher than the value of what can be stolen. This includes the consequences of being caught, though for CAPTCHAS this doesn't seem like a serious consideration. The original use for CAPTCHAS, as far as I can gather, was to raise the stakes just a little. For many bots the effort of doing any OCR whatsoever put the effort way beyond the reward and that was good enough. The CAPTCHAS used by Ticketmaster need to be very much stronger than those protecting most email accounts, due to the profits to be made. As usual, designing a security system means you need to be familiar with the current state of the industry otherwise you might create something an expert can break easily. The example of a Chinese hacker offering cracking of CAPTCHAS for money is a surprise to anyone unfamiliar with OCR technology. As usual, the technology is surprisingly good with some problems and surprisingly bad with others, and a good system will capitalise on those areas where no easy answers exist for the foreseeable future. Seems the Google ones are of the best, with indistinct edges, touching or irregularly spaced letters, the same letter looking different if it appears more than once, and non-dictionary but easy to read words. The hotmail and yahoo ones are difficult to make out and are very annoying compared to Google's soothing shapes. As a non-expert I find it mystifying why the Ticketmaster ones are somewhat easier than Google's. A caveat, though, is that market prices often follow what people are prepared to pay for, meaning the price may differ somewhat from the actual effort involved in coming up with a solution to the problem. A government wanting access to email accounts will pay quite a bit more than someone wanting to make quick money. The really good examples of security are in places where there is something valuable to steal and there is a strong business incentive to prevent the theft. (2 Comments |Comment on this)
Tuesday, November 27th, 2007
4:28 pm	Traffic information sign trouble In an effort to deal with the traffic snarl between Johannesburg and Pretoria, remotely operated information boards were put up along the route to warn motorists of slow traffic ahead. Motorists could then take alternate routes. It worked rather well for a while, mostly, but of late it has become quite dysfunctional. One of the boards said there was severe congestion ahead for days after it had cleared. Over the last two weeks I've just about given up on the information boards altogether -- the warnings were not nearly accurate enough and I've started avoiding the main highway if the information displays are not working because there's invariably some congestion or an accident. One wonders what the working conditions and pay are like in the monitoring stations. Do the operators travel on the routes they monitor, or more importantly, do they drive cars in the first place? Do they have any clue that for the information to be useful it has to be given far enough in advance that alternative routes can actually be taken? More than once I've planned on taking a particular exit from the highway only to hit the congestion long before reaching that exit. One of the local news websites has a portal into the monitoring stations and I usually have a look there before I leave. The online source has been helpful consistently, so I know someone is watching the camera feeds, but with a travel time of an hour or more I really need those roadside information boards to give me additional updates. I'd also love to be able to suggest new ways of displaying the information. The current strategy is a 2-page alternating display along the lines of "No incidents on N1" "Between New Road and Alandale". How about "Flowing traffic ahead" on a single page? If there's congestion less than 4 exits ahead then I want to know. At one point the southbound N1 highway splits into the N1, M1 and N3. At first the signs only reported on the M1, and then later they switched to the N1. I've never seen a congestion warning for the N3. The most frustrating part of it all is that those responsible for operating the boards appear to have no incentive whatsoever for improving their performance or even measuring how well they're doing. Once again some unmotivated individual or organisation is the broken link in a system which would otherwise work quite well. Sigh. (Comment on this)
Thursday, November 22nd, 2007
1:21 pm	Amazon's Kindle The advert from Amazon. Screenshots from Wired. Some comment on DRM and the book industry. eBooks are crippled by DRM. Amazon's Kindle shows the technology is improving nicely, but keeping the sellers of 'content' happy means the major breakthrough is being able to upload plain text files to the device without an intermediary. With Amazon's help, and for minimal fee, you can get your own stuff downloaded in other formats. Probably so they can screen out stuff which might infringe someone's copyright. One thing Kindle has going for it is getting newspapers downloaded over the cellphone network, it will be interesting to see how much of a selling-point that will be. Newspaper articles are transient, not the stuff you expect to keep on your bookshelf for later reference, and more frequent updates are a big deal. Electronic paper is the right technology for reading - no flicker and no power required to maintain the display. But I do not want to use technology that is intrusively stopping me from downloading a document which is perfectly legal for me to read, without paying the watchers at Amazon for the privilege of getting material onto a device I've already paid for. [Edit 23 Nov: It has a USB port] (Comment on this)
Monday, November 19th, 2007
12:49 pm	The threat of Iran Link. The link proposes a reason why the US is making so much of Iran's nuclear ambitions. The nuclear ambitions are not to be discounted, but there is also an economic threat from a different quarter. Under Sharia law it is unlawful to charge interest so they have been trying to perfect a method of profit sharing where money is lent interest-free and the profit or loss shared by both sides. The government is the source of the funding. The huge threat is that if such a system is made to work then many third-world countries with escalating debts might take the bold step of defaulting on their payments to first-world banks and instituting the Iranian model to finance developments in their own countries. In 2000 President Obasanjo of Nigeria said: "All that we had borrowed up to 1985 was around $5 billion, and we have paid about $16 billion; yet we are still being told that we owe about $28 billion." The first-world banks know that if the third-world nations no longer lend money from them then their business model is in serious trouble. It only takes one successful example. (Comment on this)
Friday, September 21st, 2007
1:48 pm	Bush & co An interesting look into the Dubya mindset and the people around him. (Comment on this)
Monday, September 17th, 2007
7:37 pm	Risk Digest picks From Risks Digest. 1. Cell-phones are causing problems for 911 call centers. Multiple callers report the same car accident. Cellphone calls are interrupted far more often and are more difficult to handle. Result: more operators required to field the same number of calls. 2. A reason for keeping leap-seconds instead of replacing them with leap-hours: leap seconds happen far more regularly so time-accurate software gets to deal with them often, increasing the chances that they will be handled correctly. Leap-hours will be like Y2K events. As far as I can tell, UTC will continue to have leap-seconds to eliminate confusion as to what UTC really means. Those who don't want leap-seconds can switch over to GPS time. The GPS satellites transmit periodic messages to indicate how far apart UTC and GPS time are to help convert between the two. 3. Security issues with flying cars. A 6-meter electrified fence is no longer adequate to keep people out of your property. Drunk driver accidents could happen to people sitting in their living rooms watching TV. Assuming, of course, that flying cars become cheaper than helicopters. (Comment on this)
Friday, September 14th, 2007
2:01 pm	Why the US troops are coming home next year Link (for non-US readers, get past the ad by going here first). The US military doesn't have any troops left to send. Those that are there have already had their tours of duty extended from 12 to 15 months and the military won't extend them further. The military won't send the troops back before they've had a year at home, apparently saying it would "break" the military. I'd have thought extending the tours of duty over 12 months was risking that already but what do I know, I only did one year military service (was still compulsory back then). Of course, the spin is that the objectives of the surge have been reached, regardless of what really came out of it. (Comment on this)
12:22 pm	The role of fair use in the economy An article on a CCIA report. According to a study commissioned by the Computer and Communications Industry Association (CCIA), fair use rights on copyrighted work contribute more to the economy than the copyrighted works themselves. From the article: "Copyright was created as a functional tool to promote creativity, innovation, and economic activity," said Black. "It should be measured by that standard, not by some moral rights or abstract measure of property rights." I'm not saying copyright law should be devoid of moral or property rights, just that those rights should be balanced against the "promotion of useful arts and science" and the resulting economic activity. Shifting the balance too far towards the property rights end may have a negative economic impact. Another powerful element is the lust for control being exercised by the copyright holders, especially corporations, seeking short-term economic gain apparently without regard for long-term effects even to themselves. Or maybe they're also doing what shop-owners have been doing since forever -- put up the prices until the item stops selling and then reduce the price just far enough to where people start buying the item again. The problem with that approach, though, is that the laws of the land are being manipulated in the process and relaxing the controls again may not be so easy. (Comment on this)
Tuesday, September 11th, 2007
1:19 pm	Oral Rehydration Salts Link. The link provides a bit of information on an icky but fascinating subject of what happens when the human body starts defending itself. For most cases of diarrhea, a simple drink can provide good rehydration: One litre clean water, one level teaspoon salt, eight level teaspoons sugar. Drink within 24 hours. The mixture is surprisingly effective in warding off dangerous dehydration when medical help is not available. It is important not to try stop the diarrhea since the body is usually trying to get rid of something, which may take a few days in some cases (I am not a doctor). (Comment on this)