Avastin viagra internet and Lucentis (ranibizumab) are both drugs prescribed for certain eye clonidine online stores conditions, such as macular degeneration. This is a procedure where cheap viagra no rx they take a fluid sample from a person's joint and buy tizanidine without prescription test it to confirm if the person has SA. Asking compare viagra prices online about a person's medical history is essential to help a generic norvasc doctor understand the person's risk of pancreatic cancer. Although the generic amikacin classification of CKM syndrome is new, the underlying concept is find discount griseofulvin well understood by physicians. As such, more research is necessary estrace no prescription to understand if supplements with omega-3, such as flaxseed oil, zithromax buy drug can help treat or prevent dry eye. People should have purchase cheap atrovent online canada regular checkups and screenings and undertake self-examinations to identify potential buy generic zofran cancer-related concerns as early as possible. If a person does viagra cost not have symptoms of severe diverticulitis, they may receive treatment lipitor online on an outpatient basis. These symptoms may indicate severe infection or.

We talk a lot about how digital technologies are improving, and in particular making it possible to do automated language-processing tasks that used to require human intervention. A couple of nice examples that the technologies are not perfect yet. First, a reminder that automated language translation still requires human checking, especially if the output is going to be publicly deployed:

Or this attempt at automated cake decoration, which triggered an error message in the decorating software:

Thanks to Adweek for the restaurant sign and to Livejournal for the cake.

Peter Gordon of the Hong Kong Standard has a nice article about the book, and its relevance to a variety of issues facing Hong Kong.

The New York Times features “bits” stories today that are two sides of the same coin. On the front page, tech writer John Markoff reports that the shooting war between Russia and Georgia was preceded by a cyberwar — specifically, a “distributed denial of service” (DDOS) attack, aimed at critical computers in Georgia. A DDOS is simply a bombardment of Internet-connected computers with messages in such enormous quantities that even figuring out that the messages should be ignored overwhelms the computers’ network bandwidth and processing power. What makes it “distributed” is that the messages are coming not from a single source but from hundreds or thousands of machines, perhaps distributed around the world. And that’s what makes it hard to draw the natural conclusion, that the attack was coming from Russia, or even that Russian hands were on the trigger. Tracing the origins of an attack like this is very difficult, since the machines sending the messages may themselves have been taken over for this purpose by a remote attack, without the owner’s knowledge.

On the Opinion page, Garrett Graff — with whom I had friendly relations when he wrote for the Crimson — has an interesting analysis of the story behind Obama’s promise to text-message his VP choice. That database of contact info is hugely valuable in a political campaign, especially now that many young voters don’t have landlines. Badger them with text messages and they are more likely to vote. It’s how organizing now happens, and campaigns are about organization. McCain doesn’t seem to have figured that out yet. As far as I can see (the search window on his web site is broken), McCain sees information technology as mostly something to be feared. The only reference to the Internet is on the “Sanctity of Life” page. Reports keep coming (e.g. from Kevin Werbach here) that McCain’s technology policy will be announced any day now. But even when and if it comes, comparisons like the one Graff makes leave doubt that McCain really gets it in a way that will usefully guide government actions.

The three MIT students are talking a bit more about what they did and did not intend to say at the talk in Las Vegas last Sunday, before it was blocked by a judge’s temporary restraining order. The Globe and the Tech both have informative stories. The slides of the talk itself were distributed to registrants at the conference before the students and MIT had been sued. They are worth perusing (pdf here). You don’t need to parse the cryptography slides to be interested in the photographs of physical insecurities: unlocked doors, unattended equipment, etc.

Yesterday’s Herald story is also well-informed. And the comments seem to be running about 4:1 against the MBTA. Of course, the MBTA is a favorite whipping boy in the Boston area. This is the same organization that earlier in the summer went after Legal Seafoods, the great seafood restaurant chain, for some ads that teasingly compared MBTA conductors to halibut.

Media Nation has the right take on this. “Charles Evans Hughes forgot something when he wrote the U.S. Supreme Court’s landmark¬†Near v. Minnesota decision in 1931.¬†The chief justice listed national security, obscenity and the imminent threat of violence as essentially the only three reasons that the courts could ever step in and order someone not to exercise his right to free speech. What he left out: information that could result in the MBTA’s losing some fare money. What a bonehead, eh?” The Media Nation post goes on to note that the judge who issued the TRO has a history of offenses to the First Amendment.

Discussions of security problems at places like DEFCON enhance security. Let’s suppose the T had answered their phone when the students first tried to contact them and the whole thing had gone no farther than that. Then the T would have had the benefit of what those three undergraduates had learned. With a discussion at the conference, they would have had the ideas debugged by many far more experienced security experts too. Openness is the way to the truth; stifling free speech makes matters worse, not better.

Last month, Governor Patrick was being discussed as a possible Supreme Court nominee under an Obama administration. He knows about this case; supposedly he weighed in on it. The MBTA reports to him. He supposedly cares about education, and constitutional liberties. Get going, Mr. Governor. Tell Daniel Grabauskas, the T head, to drop the suit. And to stop complaining about fish jokes, too, and get his organization focused on locking its doors, at least!

The Chronicle, or Carbuncle as it is sometimes known, is the major weekly higher-ed newsletter. Today it web site features a 9-minute audio podcast with Hal and Harry, about Blown to Bits.

After yesterday’s heavy post, I thought I’d go with something lighter today. Google News accompanied a story on the conflict between Russia and Georgia with a map locating the battles in the American South!

US District Judge Douglas P. Woodlock has issued a temporary restraining order (pdf¬†here) to MIT students to prevent them from speaking at the DEFCON Conference in Las Vegas about how cracking the fare card systems used by our local mass transit system, the MBTA. According to the MBTA‚Äôs complaint (pdf¬†here), the students were working under the supervision of Professor Ron Rivest of MIT, a pioneering figure in the the modern development of cryptography. The complaint and the restraining order are directed against MIT as well as the three undergraduates, because ‚ÄúMIT has been unwilling to set limits on the MIT Undergrads‚Äô activities.‚Äù Imagine — a university not telling its students to hold their tongues about their discoveries.

The story is covered in the Boston newspapers (Herald story here, Globe story here). The most complete account is in the UK Tech site, The Register.

Prior restraint of speech is serious business, especially for the press and for academic researchers. A quick reading of the documents in this case suggests that this order is wrong. No human lives are at stake here, just the revenues of the MBTA, which are threatened not by the students’ acts but by the MBTA’s technical incompetence.

Ironically, the court has made public a document the students submitted in response to the complaint. This document (PDF here, courtesy of Wired) reveals a great deal of what the students were going to say. Similar information was apparently included in a class presentation that has been publicly available for weeks, and in materials thousands of conference registrants received on checking in. The injunction against speech is, if nothing else, moot.

Though details matter, the students seem fundamentally to have discovered a hole in the security fence and now are being taken to court for their plan to tell people about it. The most gaping hole the students report in the MBTA’s security system is that Charlie Tickets (paper tickets with a magnetic stripe) use a laughably weak form of security, which does not deserve to be called encryption. To guard against someone altering a few bits on the card to increase its value, the card includes a “checksum,” just a sum of all the bits, keeping only the lowest-significance six bits of the sum. If you imagine the data being in decimal rather than binary, this is equivalent to adding up a column of numbers and appending to the column the last two digits of the sum. Then if you wanted to check whether any of the numbers had been altered, you could compute the sum yourself and see that the last two digits matched what was on the card. Of course, if you knew how to alter the checksum too, you could easily defeat this crude check. And with only a hundred possibilities, it’s pretty easy to figure out how the checksum is computed and to forge it as well. (With six bits of checksum, there are only 64 possibilities to test.)

There will be a lot of fallout from this case. To be sure, the students might have used a more academic tease than “Want free subway rides for life?” to draw in an audience. And they may be in hot water for going into the MBTA’s network control rooms in the course of discovering that they were routinely left unlocked — a huge security problem. On the other hand, the statute the MBTA complains the students have violated — the Computer Fraud and Abuse Act — hardly seems applicable. The MBTA is claiming that the transmission of the vulnerability from the lips of the students to the ears of the listeners falls under a statute designed to outlaw fraudulent electronic attacks over computer networks.

At its core, the situation has arisen because the MBTA violated one of the basic principles explained in Chapter 5 of Blown to Bits: Kerckhoffs’s Principle. A security system is more likely to be secure if everyone knows what it is. Keeping the design secret is an invitation to crack it — if the students hadn’t done it, then criminals would. History has countless examples. What the MBTA should have done is to post its security design on its Web site and challenge all the world’s students to crack it. Technologies exist for secure data encryption. Keeping your bright idea on how to do it secret is not the way to get a good design.

The Electronic Frontier Foundation is defending the students. In the meantime, I would note one interesting detail. According to the Register’s report, when the students met with an MBTA representative earlier this week, “The MBTA official made clear the level of concern reached all the way up to the governor’s office.” Governor Patrick has styled himself a champion of personal freedom. Mr. Governor, you can call off the dogs. This is not the way to solve the state’s problems.

Bits leak. Of course that’s just a metaphor. Bits wind up where their creators didn’t intend them to be for lots of different reasons. Sometimes they are left unsecured, and sometimes security measures are overcome by determined aggressors. And sometimes there are human errors, especially in complex systems involving multiple corporations or government, where control is agreed upon among peers, not imposed by a strict command hierarchy.

The video coverage of the Olympics combines many features that make it ripe to go wandering. It’s a high-value digital asset; NBC is has paid almost a billion dollars. It’s copious, comes from decentralized sources, and is destined for multiple TV distributors around the world. Hundreds of millions of people want to see it, some of them technically savvy. And it’s on a 12-hour tape delay, which many would love to skip.

As the New York Times reports, some of the pipes have sprouted leaks. A digital plumber in Germany left a spigot open. Videos are popping up on YouTube, and being taken down quickly after NBC complains. From the sidelines, it’s fairly amusing to watch — ¬†an electronic (and much safer) version of the impoverished inhabitants of oil-producing countries such as Nigeria tapping the pipelines.

“Bits want to be free,” Nick Negroponte famously said. We are in the middle of an epic contest to defeat that will. There are another 8 days for the contest to be played out. Who will win — and who will win four years from now? This is the first digital Olympics, and it will likely be the last one where these questions have uncertain answers. As with so much else of the digital world, the arguments are going to be settled soon, and we’ll be living with the resolution for a long time.

One of the repeated lessons of Blown to Bits is that metaphors matter. We use them to describe digital phenomena, and then we use our intuitions based on the metaphor to decide how things should work or what should be prohibited.

Under the federal Wiretap Act, it is illegal to “intercept” an email. But what does that mean in a digital world in which messages are repeatedly stored momentarily in one computer and forwarded to another computer? Does “intercepting” just mean catching the bits in transit between computers? If you snarf a copy from an intermediary computer during the milliseconds while the bits are stored there, is that “interception” too?

Not according to a district judge in California. The case of Bunnell et al v. the Motion Picture Association of America involves a hacker named Anderson who was hired by the MPAA to obtain records from a file-sharing service that was distributing digital movies. Anderson managed to gain access to the service’s email server and have copies of emails forwarded to him, which he then passed on to the MPAA in exchange for $15,000. The company complained that this constituted an illegal theft of its corporate email. The judge ruled no, as reported by the Washington Post.¬†”Anderson did not stop or seize any of the messages that were forwarded to him. Anderson’s actions did not halt the transmission of the messages to their intended recipients. As such, under well-settled case law, as well as a reading of the statute and the ordinary meaning of the word ‘intercept,’ Anderson’s acquisitions of the e-mails did not violate the Wiretap Act.”

The case is being appealed, and the Electronic Frontier Foundation filed an amicus brief asking that the judge’s interpretation of “interception” be reversed. Were it allowed to stand, the EFF points out, the Wiretap Act would become meaningless as it applies to email in a store-and-forward network. The government could have lawful access to any email at all, without bothering with search or wiretap warrants.

That’s the name of a “crowdsourcing” Web site, whoissick.org. It’s a work in progress, so slow, but go try it. You type in a zip code and you find out the symptoms of people in your neighborhood. And the data comes from you too; you submit your observations of your own symptoms, or those of someone you know. Weird. The origin tale is peculiar too — the site’s creator waited with his sick wife for four hours in an emergency room, only to be told that she had the same symptoms as lots of other people in the area. He wouldn’t have bothered if he knew what was going around.

The site illustrates two developing trends. The ease with which mashups can be thrown together (including this one, from the Huffington Post site, with wonderful depictions of your neighbors’ political allegiances, drawn from public databases). And the ease with which we can now try to channel large numbers of voluntary, amateur observations into widely useful knowledge.