Showing posts from February, 2009

TLS/SSL usability

Security researcher Dan Kaminsky posted this article where he mentioned: Moxie introduced (to me anyway) the concept of Positive vs. Negative Feedback. Negative Feedback systems occur when the browser detects an out-and-out failure in the cryptography, and posits an error to the user. In response to the New Zealand bank data, in which 199 of 200 users ignored a negative prompt, browsers have been getting crazier and crazier about forcing users to jump through hoops in order to bypass a certificate error. The new negative errors are at the point where it is in fact easier to “balk” — to stop a web transaction, and move onto something else. So Moxie’s putting his energy on the old positive feedback attacks — simply disabling the security, and seeing if anyone notices. And here he shows up with some pretty astonishing data: Nobody noticed. To be specific, absolutely 0% of users presented with missing encryption on important web sites, being asked to provide sensitive financial dat

The U.S. should probably nationalize banks

The situation in the U.S. currently appears to be like this: Everyone is used to paying for their houses and cars with loans. The U.S. tax system, in fact, is geared to encourage taking loans and discourage saving up and then buying. (I'd like to learn more about that; this is what I heard.) Banks have made investments for which they are now not sure to what extent they will be repaid. Each individual bank is therefore compelled to abstain from loaning and to bulk up on capital until they know what their situation is. Since most banks are in the same situation, however, most banks are abstaining from loans, and people cannot get financing for their large purchases. In a no-loan environment, it will take years before most people save up enough money to buy houses and cars with cash. When they do, the houses and cars bought this way will tend to be smaller and more economic. In the meanwhile, as most people have neither loans nor savings, houses and cars aren't getting sold. Hous

The Fun-Fun Ultra Super Happy People

Eliezer Yudkowsky wrote an intriguing short story where three civilizations of conflicting values meet accidentally for the first time and face the dilemma of what to do with one another. If you are interested in reading this quite interesting story, perhaps now would be a good time to scoot over and do that before I ruin it for you. Eliezer skilfully presents a sandwich situation where humans run into an inferior race, the Baby-Eaters, who most highly value an activity that's genocidally awful to the point of requiring intervention from the humans' point of view, just when a third civilization arrives, the Maximum Fun-Fun Ultra Super Happy People, that is most powerful, and which finds both the Baby-Eaters and the humans' ways morally unacceptable. A dilemma arises whereby humans can either accept genetic reprogramming to make humans compatible with the Super-Happies, relinquishing the ability to suffer, while the Super-Happies adjust themselves to be compatible with hu

The doghouse: Costa Cruises

We haven't been on a cruise yet, but we were excited about the idea, so we booked a Caribbean cruise through Costa. We were supposed to go on the Costa Fortuna which, among other things, features an "Internet Point". Our recent traveling experience is that internet access is by now available everywhere. Literally wherever we went in the United States - from cities to rural areas to remote deserts - we could always plug in our laptops. We expected that the same would be available on the ship. After all, who do cruises cater to, if not people who have the means to afford them, and who have careers that require them to stay in touch? So if there is an Internet Point, it should be possible to plug in our laptop and take care of business. Right? Wrong. As we found out only after we already paid in full, not only does the Costa Fortuna's Internet Point not allow you to plug in your laptop; you have to use their public computers, the access is painfully slow , and costs

Madame Prosecutor

The Economist about Carla Del Ponte's memoir : Ms Del Ponte, a Swiss prosecutor, was appointed to the tribunal in The Hague in 1999. Ruthlessly harrying the former Yugoslavs into giving up those that the court had indicted for war crimes including genocide, Ms Del Ponte became the most loathed woman in south-eastern Europe. One of the most enjoyable aspects of this memoir, which was published in Italy last year and is now coming out in English, is to see that loathing so heartily reciprocated. There are no diplomatic niceties here. After one Bosnian Croat was acquitted of a massacre, Ms Del Ponte’s colleagues discovered that crucial evidence had been doctored. The Croats set up a whole team specifically to thwart the tribunal’s work. Croatian leaders, she notes, always made bountiful promises before resorting to “stealth and deception and attack from behind”. Citing a colleague, she concludes: “The Serbs are bastards... But the Croats are sneaky bastards.” [...] Most disturbing

The cause of the crisis

Amidst all the confusion, finger-pointing and bad news, we forget to realize that this recession has a reason - a fairly deep and simple one, at that; a contradiction, a false assumption that led the world into this. In the acuteness of a suffering state, the true reason is harder to see, because unexpected suffering begets indignation, indignation begets anger, and anger requires an external cause to be angry at. But the true deep reasons for this crisis are not negative aspects of human nature such as greed, or misaligned incentives of financial managers, or the policy of Federal Reserve, although for sure all of these played a part. The true deep reason is a benign, yet shortsighted and naive, desire that most people would consider justified. It is the desire for a secure and prosperous retirement. What fails to be emphasized is how both the tech stock bubble and the housing bubble could not have happened if it was not for an overwhelming deluge of funds, a deluge which exceeded t