Practicing security

Last week I was stuck a night in Frankfurt due to the high winds. Soon after I settled into the 17th floor of the Holiday Inn, gusts screaming round the building, I got a call on my mobile. I thought it would be my taxi driver confirming the time for the re-booked flight the next day, but instead there was an unfamiliar voice:

“This is HM Revenue and Customs, we have a message for you, but first can we confirm your name and address”

Actually name and address to phone number is not that secret, but still I asked:

“How do I know you are who you say you are?”

“If you prefer you can ring back on …. it is to your advantage”

I checked that it would be OK to ring the next day on my return and rang off … I didn’t say (life is too short), that being given a number to ring back does not increase my confidence unless I can verify it.

In fact the next day I checked on the HMR&C site and the number was their helpline. However, this call had many hall marks of a fraudulent call: how could I, or a less technically aware citizen know this was a good call? In this case the information requested was relatively innocuous (but of course could easily continue, “and date of birth … bank details …”) and the phone number given was an 0845 number which costs the recipient money … either genuine or high-value fraud. Of course, if I was fradulently ringing up people pretending to be HMR&C, at any sign of trouble giving the genuine helpline numer would be just what I would do to allay suspicion!

It is not just HMRC that give calls like this; banks and credit card companies are forever ringing up and asking you to confirm your identity … and that usually does include giving some form of security code. But they have rung you up, so have more confidence in who you are then you do in them, yet never offer any means to confirm their identitiy.

Email too: I have received various mails from banks which look very like phishing emails. In one case I received an email where the domain of the sender was different from the domain of the reply email and different again from the domain of the URL link. It goes to say that none of these were the same as the standard domain of the bank. In this case the only reason I knew it was not phishing was that it offered information and did not request anything secure.

By sending emails and making phone calls that are virtually indistinguishable from fraudulent ones, the banks (and even HMR&C) are training us to be victims of fraud.

Literally we are encouraged to practice being insecure.

keeping track of history (Blair, Iraq, and all of us)

I had been struck by Blair’s long-awaited statement about the manner of the execution of saddam, that he belatedely made last Tuesday evening. However, I wanted to be suer of what he said, so yesterday evening attempted to find out. Perhaps I am just too poor a web-user, but I found it incredibly difficult. Google seraches fund many earelier news articles about the fact that he hadnlt said anthing at that stage, and ones from earelier last week saying what he was about to say something and what it would be (now-a-days it seems news is written before the event), but nothing reporting what he said or when he said it (I couldn’t recall the exect day either).Having found earlier or later articles in newspapers and on the BBC I thought it should be easy to trace from them to related ones and hence the statement I was after … but no. While most seem to offer long term “most important stories in 2005” archives, there does not appear to be an easy way (or possibly any way) to say “what was the BBC online stories for Wednesday January 12th 2007?”.

I did find the ‘number 10‘ site that does have a list of the prime minister’s speaches and statements, but of course not all his statements, just the ones they want you to read!

Eventually yahoo! news came to the rescue (albeit found through Google!) with a more recent article, but with links to background including a guardian online article from last wednesday … which yes! did have the full text of the relevant part of the statement:

As has been very obvious from the comments of other ministers and indeed from my own official spokesman, the manner of the execution of Saddam was completely wrong. But that should not blind us to the crimes he committed against his own people, including the death of hundreds of thousands of innocent Iraqis, one million casualties in the Iran/Iraq war and the use of chemical weapons against his own people, wiping out entire villages.

So the crimes that Saddam committed does not excuse the manner of his execution but the manner of his execution does not excuse the crimes.

Now to be fair, knowing this was accessible I tried an alternative tack and searched inside the guardian site using keywords and was able to find the article that way. Having realised this and did some searches on the bbc site and got the video of the statement. (Once I’d found suitable serach terms!)

So on newspaper and the bbc sites it seems you can do google-style searches, but not (unless I’m still missing something) ask “what was on the news last Wednesday” or (reasonably completely) what are the related articles to this one.

Obviously in a pre-web world I would not expect to be able to do this. I could (and still could) visit the British Library for old copies of newspapers (I assume they keep them) and for the last week possibly the local library. But of course when information is available it is not what you could find that counts, but what is easiest. The information that is available is the information that gets seen. Even in university our students are reluctant to read books as they believe they can find all they need on the web.

Now the reason I wanted to find the Blair statement was the reference to “one million casualties in the Iran/Iraq war”. He was rightly pointing out that the failings of the legal process of his execution should not blind us to the horror of his crimes. Now given the delay I assume the words were well prepared, and yet of three crimes things he noted one was this.

I guess the figure of 1 million sounded good (big numbers always impress), but to mention this without also noting that that war was waged with the complicit and explicit support of many countries including the UK and US seems at best amnesiac and at worst deceptive. Does he really not know this? Or is he simply hoping most who hear it won’t?

I can recall the Iran-Iraq war as a young adult, but those younger will have been in school and even for those around at the time I’m sure the memories get a little fuzzy, so perhaps he can get away with this type of manipulation. Or perhaps it is tht he only partly recalls the events and honestly presents this?

The US involvement is well documented, both in terms of miltary presence in the Gulf at the time, officially neutrally, but with minimal pretense acting against Iran who was then the ‘evil power’. Indeed (recalling my own and Nad’s earlier posts about the execution), in looking for this I found George Washington University’s National Security Archive of declaissified documents. In this there is a photograph of Donald Rumsfeld, then a special envoy from President Reagan, shaking hands with Saddam Hussein. This is not surprising, diplomatc have to do this all the time. Significantly though this meeting was, as the national secturity archives show, shortly after US intelligence had confirmed Iraq’s use of chemical weapons (Blair’s point 3) and discussed this at a presidential level. The US (in full knowledge) then went on to block UN resolutions deploring Iraq use of chemical weapons … initially with UK support. the ful story of UK support, I’m sure is there, but even harder to find … I seem to recall British warships in the gulf, but it was more than 20 years ago!
I an age of instant information, it is amazing that getting the basic facts of ongoing news items is so difficult. I recall a year or so back there was a call for journalists to give more context in theor reporting. However, when interviews a respected journalist insisted that theor job was the news, the changes not the backgrund … but without the background the interpretation of what we hear is different.

If journalists do not see it as their job to give such background and it is still so hard to find elsewhere, then politicians can go on deceiving themselves and their people.

absolutely nothing

I few days I was reading from George Perec’s Species of Spaces and Other Places1, or rather reading is not quite the right word, Perec is an odd writer and the book is more something to dip into than to read in any concerted fashion.

Perec is writing about spaces without function and says:

How does one think of nothing? How to think of nothing without automatically putting something round that nothing, so turning it into a hole, into which one will hasten to put something, an activity, a function, a destiby, a gaze, a need, a lack, a surplus …?

This reminded me of another book, Edward Casey’s The Fate of Place2. Casey surveys various creation myths and finds that while at forst glance many seem to have a creation ex nihilo, in all cases the emptiness, the void is not so empty, either bounded, or filled with chaotic churning, unformed things. There is no empty space.

These myths are about the feelings and conceptions of people and tell us somehting deep about our inability to capture an essence of nothingness, just as Perec struggles. The concept of the number zero eluded (or appalled) the Greeks and the idea of the empty set causes problems for many students, perhaps only made palitable by the curly brackets surrounding the emptiness {} … “putting something round that nothing“.

They say “nature abhors a vaccum”, although I guess one wonders whether it is just people who abhor it. One of the surest forms of torture is sensory deprivation.

The role of the void in physics has changed over the years. From being simply the empty gap between things. 19th century scientists populated it with electromagnetic and gravitational fields – the void became the medium, a material internet through which forces rippled.

In Einstein’s General Relativity, space is no longer the medium through which gravity is transmitted, but instead it is the distortions of space-time that define matter itself. Space is not filled with other things, it is the things.

However, in Quantum Mechanics we find a world that is rather like the voids of those reation myths, empty space forever filled with zero-point energy. And in the emptiness particles and anti-particles constantly appearing and anihilating one another; a boiling broth not still waters.

Most strange, when empty space is bounded, the very walls are sucked in by an extra emptiness. The bundaries mean that certain modes of vibration of the space between the walls are not possible – like a guitar string that will only play certain harmonics – and those missing vibrations cause missing energy.

So, when Perec puts “something round that nothing” he in fact makes it less than it was before.

  1. George Perec, Species of Spaces and Other Places , (tr. John Sturrock), Penguin, 1997. ISBN 0-14-018986[back]
  2. Edward Casey, The Fate of Place: A Philosophical History, University of California Press, 1998. ISBN 0-520-21649-0[back]

the power of sequential thinking

A short while ago I was mentioning to another computing academic at a meeting the curious fact that the computational power of the complete internet is now roughly similar to that of a single human brain [[see article here]]. While this little factoid is deliberatly provocative, I did not expect the strength of the response.

“that’s impossible” he said.

“why” I asked, “I’m not saying they are similar, just that there is the same computational potential”

“Computers are sequential” he said, “brains are associative”.

Further attempts to reason, likening it to other forms of simulation or emulation, simply met with the same flat response, a complete unwillingness to entertain the concept.

Partly this is to do with the feeling that this somehow diminishes us as people, what for me was a form of play with numbers, for him was perhaps an assault on his integrity as a human. I guess as a Christian I’m used to the idea that the importance of a person is not that we are clever or anything else, but that we are loved and chosen. So, I guess, for me this is less of an insult to my idea of being who I am.

This aside it is interesting that the reason given was about the mode of computation: “computers are sequential” vs. the massively parallel associativity of the human brain.

Of course if the computational substrate is all the PCs connected to the Intenet then this is hardly purely sequential and in fact one of the reasons that you could not ‘run’ a brain simulation on the Internet is that communication is too slow. Distributed computation over 100s of millions of PCs on the internet could not synchronise in the way that long-range synapses do within our brains.

Amongst other things it is suggested that our sense of consciousness is connected with the single track of synchronised activity enabled by the tight interconnections and rapid feedback loops within our brains1. In contrast, individual computers connected to the onternet compute far faster than they can communicate, there could be not single thread of attention switching at the rate that our minds can.

If the internet were to think it would be schizophrenic.

Sequence is also imprtant in other ways. As the man said, our brians are associative. When considering spreading activation mechanisms for intelligent internet interfaces, one of the problems is that associative stuff gets ‘mixed up’. If London has a high level of activation, why is that? In a designed computational framework it is possible to consider mutiple ‘flavours’ of activations spreading through a network of concepts, but our brains do not do this, so how do they mange to separate things.

Now to some extent they don’t – we get an overall feel for things, not seeing the world as little pieces. However, it is also important to be able to more or less accurately ascribe feelings and associations to things. Consider one of those FBI training ranges were bank terrorists and hostages pop out from behind windows or doors. Your aim is to shoot the terrorists and save the hostages. But, if you see a robber holding a hostage how do you manage to separate the ‘bad and kill’ feelings and properly ascribe them only to the terrorist and not the hostage.

The answer may well be due exactly to the switching of attention. Even with both terrorist and hostage are next to each other, as mental attention shifts momentarily to one and then the other, the mental associations also shift. Rodney Cotterill in Enchanted Looms describes two levels of attention switich2. One near conscious and taking around 500ms and one connected with more low-level visual attention (sometimes called a visual searchlight) at 20-50ms. It is probably the slower timescales that allow fuller webs of association to build and decay, but maybe there are other intermediate timescales of attention switching as well.

If this is right then the rapid sequential shifts of attention could be essential for maintaining the individual identity of percepts and concepts.

If we look at concepts on their own, another story of sequence unfolds.

There is a bit of a joke among neuroscientists about grandmother cells. This is the idea that there is a single neuron that in someway encodes or represents your grandmother3

Looking at this purely from a computing science perspective, even if there were not neurological reasons for looking for more distrubuted representations, there are computational ones. If concepts were stored in small local assemblies of neurons (not single ones to allow some redundancy and robsutness) and even a reasonably large part of our brains were dedicated to concept memory, then there just seems too few ‘concept-slots’.

If we used 100 neurons per concept and 10% of the brain for concept memory, we would only have space for around 10 million concepts. A quick scan through the dictionary suggests I have a reconition vocabuary of arounf 35,000 words, so that means I’d have less than 300 other concepts per dictinary word one. Taking into account memories of various kinds, it justs seems a little small. If we take into account the interconnections then we have plenty of potential long-term storage capacity (1/2 petabyte or so), but not if we try to use indiviudal groups of neorons to represent things. Gradmother cells are simpy an inefficient use of neurons!

Now there is also plenty of neurological evidence for more distributed storage. Walter Freeman describes how he and his team lovingly chopped the tops off rabbits’ skulls, embeded electrodes into their olfactory bulbs and then gently nursed them back to health4. The rabbits were then presented with different smells and each smell produced a distinctive pattern of neuron firings, but these patterns exteded across the bulb, not localised to a few neurons.

If neurons had ‘continuous’ levels of activation it would be possible to represent things like “1/2 think it is a dog 1/2 think it is a fox”, simply as an overlay of the activation of each. However, if this were the case, and one could have in mind any blend of concepts, then an assembly of N neurons would still only be able to encode up to N concepts as the concepts patterns would form a set of basis vectors for the N-dimensional vector space of possible activation levels (a bit of standard linear algebra).

In fact, neurons tend to behave non-linearly and in many areas there are patterns of inhibition as well as mutual excitement and disinhibition, leading to winner-takes-all effects. If this is true of the places where we represent concepts for short term memory, conscious attention, etc., then this means instead of representations that ‘add up’, we have each pattern potentially completely different, similar to the way binary numers are encoded in computer memory: 1010 is not a combination of 1000 and 0010 but completely different.

In principle this kind of representation allows 2^N (two to the power of N) rather than N different concepts using the same N neurons … In reality, almost certainly representations are less ‘precise’ allowing some levels of similarity in representations etc., so the real story will be more complex, but the basic principle holds that combinations of thresholding and winner-takes-all allow more distinct concepts than would be possible if combinations of concepts can occur more freely.

However, notice again that higher capacity to deal with more concepts is potentially bought at the cost of being able to think of less things ‘at once’ – and the side effect is that we have to serialise.

Returning back to the “computers are sequential, brains are associative” argument, whilst not denying the incredible parallel associativity of human memory, actually there seems as much to wonder about in the mechanisms that the brain ‘uses’ for sequentiality and the gains it gets because of this.

  1. see Gerald Edelman, Wider then the Sky, Yale University Press, 2004, ISBN 0-300-10229-1[back]
  2. Rodney Cotterill, Enchanted Looms: Conscious Networks in Brains and Computers, Cambridge University Press, 1998, ISBN 0-521-62435-5. See p. 244 for 500ms switching and pp. 261 and 265 for 20-50ms spotlight/searchlight of attention[back]
  3. Although the grandmother cell this is generally derided as oversimplisitic, there is evidence that there is more neuron specialisation then previously thought [[see Mind Hacks: evidence for ‘Grandmother Cells’]]. Also it is easier to encode relationships if there are single patches than configuratiin sof neurons, so perhaps we have both mechanisms at work.[back]
  4. Walter J. Freeman, How Brains Make Up Their Minds, Phoenix, 1999, ISBN 0-75381-068-9. See p. 95 onwards for rabbit olfactory bulb experiments.[back]

paying the tax

tax collectors get a bad press, but we have just got to the end of filling in our annual tax returns online and is an amazingly trouble free process … I can still remember when it was paper forms and 2 days before the final deadline we’d discover we needed extra green pages for this thing or other. Now-a-days you just fill in the boxes on the web form, if you haven’t got the figures it just remembers it all for later, then at the end you press the button and it works out everything. And even better, they said they owed me £80 🙂

If only every online service was as good. A short while ago we tried to open a savings account with the Northern Rock and gave up as the applet-based system they use is not compatable with Apple Macs … other banks seem to be able to use SSL for security and browser-independent HTML, so why not them! Suffice to say we went elsewhere.

Even worse was an experience early last year. I’d given a seminar at another university and submitted an expense claim. The university sent me payment advice as an email, but it displayed oddly when I viewed it and got a high spamassassin rating. A bit of digging and I found that the high spam rating was due to the fact that there was not a closing body tag in the HTML. I was going to mail the university IT support and then saw that the company who supplied the software, Albany Software, was named in the email and decided to mail them directly to avoid embarassing them to their client.

So I went to their web site … but it didn’t display properly in Firefox, I tried Safari … even worse! Eventually I got their ‘support’ contact email by using view source and mailed them, mentioning both the broken HTML in the email and the broken website.

The reply from their ‘support’ email:

“Try using Microsoft Internet Explorer. Though Firefox is vastely superior, most websites/applications are only compatible with Internet Explorer.”

Who said the days of the old sys admins had gone!

The happy end to the last story is that I just revisited their site, they have at last got it working cross browser … well I guess better late than never.

Anyway thumbs up for Her Majesty’s Revenue & Customs, even if others need to catch up a little.

politics of water – trouble in paradise

Today I got a mailed posting from Geoff Ellis who is visiting family in Mauritius (see copy at end of this entry)

Water politics is on the rise both because of climate change and competition for the use of rivers that cross borders. Recently I heard that the Dead Sea is drying up, although evidently the Aral Sea may be slowly recovering.

However, this also reminded me how as a child the Free Wales Army were my heroes. I was to small to understand much about it, but I do know they blew up water pipelines. Sadly (so I thought) they were eventually captured and put behind bars and the water pipelines were safe. Now I guess these were acts of sabotage rather than terrorism and in retrospect it sounds rather ridiculous … blowing up oil pipelines, yes, but water?

Being brought up with Cardiff they seemed sort of Welsh Robin Hood-like figures – very romantic.
It was only years later I understood the full story.

When I was nine years old my dad died and after that we lived on a state widows pension supplemented with students (and at one stage Irish navvies) staying half-board. Hard work – hot meals to prepare breakfast and evening, washing, not to mention cleaning the thick orange Cardiff clay from the carpets when the navvies were staying.

Once a year we got the bill for the water rates. There was also a once-a-year bill for the house rates (tax on land/housing), but as we were on low income we got 90% rebate for this, so it was not too bad. But when the water rates came, there was no rebate, and that stage not even monthly payments to spead the cost. Mum was good with money, budgeting carefully and saving for major bills, but still it was a big bill and hard to pay on one go … and for this water tax there was no relief or rebate, no matter your income, you had to pay in full.

It was then years later again and I was renting my own hose for the first time in Bedfordshire … England. When I got my first water rates it was for £60 (it was a few years ago!) and when I asked mum I found hers was for £300. The population in Wales is very spread out, so it is more expensive to transport the water, and hence, I guess, why it cost five times as much.

If Wales has a national resource (once the coal was plundered), it is water … it rains, and rains, and rains! When I was little my dad used to drive us up to visit Brecon, through the coal valleys north of Cardiff and up into the Brecon Beacons, with the vast reservoirs filling the valleys between the mountains. We picnicked beside the streams flowing down the mountains and wondered at the huge dams.

The water from these dams does not flow to Cardiff, the coal valleys or central Wales, but is piped to Birmingham … and as the water flows out, no money flows back. So English water is cheap, and the cost of Welsh water falls heavily on those who can afford it least.

The Free Wales Army deserve a play or a film, a slightly askance view … you cannot present blowing up water pipleines with a straight face, but with a hint of the issue beneath. For me as a child, the politics of water was a painful and serious business.
Geoff’s posting from Mauritius:

water trouble in paradise

L’Avenir, St. Pierre, Mauritius 31 Dec 2006

In this usually quite village of L’Avenir nestled amongst the mountains on the Mauritian plateau, New Years eve is a time for cleaning the house ready to welcome the New Year with fireworks. But this year is different. The road is ablaze at both ends of the village as some of the residents, frustrated by days of water cuts, have taken to Royal Road. They just haven’t run out of water, in the higher parts of the village for 5 days now, some have run out of clean clothes to wear. It is true that the reservoirs are lower this year due to less rainfall than usual over the winter months, but what makes the residents angry is the seemingly unjust way in which the limited water is supplied. In the neighbouring village of Beau Bois they have water and in the small town of St. Pierre a mile away I’ve seen people washing the pavements in front of their houses, no sign of water shortage there. And of course, the hotel swimming pools are full, the greens and fairways of the golf course are lush and I doubt if any ministers or government officials have been washing in a bucket! As one residents told me, making a civil disturbance in the only way to get the water turned back on, no one answers the water board office ‘hotline’ . Whether or not we will be able to wash in 2007 is somewhat in the hands of the gods.

Geoffrey Ellis (UK resident on holiday in L’Avenir with parents-in-law)

fire in the streets in Avenir
[see full image]