Tuesday, March 14, 2006

Basketball Prank. On March 4, University of California Berkeley (Cal) played a basketball game against the University of Southern California (USC). With Cal in contention for the PAC-10 title and the NCAA tournament at stake, the game was a must-win. Enter "Victoria." Victoria was a hoax UCLA co-ed, created by Cal's Rally Committee. For the previous week, "she" had been chatting with Gabe Pruitt, USC's starting guard, over AOL Instant Messenger. It got serious. Pruitt and several of his teammates made plans to go to Westwood after the game so that they could party with Victoria and her friends. On Saturday, at the game, when Pruitt was introduced in the starting lineup, the chants began: "Victoria, Victoria." One of the fans held up a sign with her phone number. The look on Pruitt's face when he turned to the bench after the first Victoria chant was priceless. The expression was unlike anything ever seen in collegiate or pro sports. Never did a chant by the opposing crowd have such an impact on a visiting player. Pruitt was in total shock. (This is the only picture I could find.) The chant "Victoria" lasted all night. To add to his embarrassment, transcripts of their IM conversations were handed out to the bench before the game: "You look like you have a very fit body." "Now I want to c u so bad." Pruitt ended up a miserable 3-for-13 from the field. (See also here and here.) Security morals? First, this is the cleverest social engineering attack I've read about in a long time. Second, authentication is hard in little text windows -- but it's no less important. (Although even if this were a real co-ed recruited for the ruse, authenticatioln wouldn't have helped.) And third, you can hoodwink college basketball players if you get them thinking with their hormones. [Schneier on Security] 5:49:42 PM    comment []

Security and Usability. Simson Garfinkel sent me a copy of "Security and Usability: Designing Secure Systems that People Can Use," which he co-edited with Laurie Faith Cranor. I was really hesitant when I got it because I tend to hate collections of academic papers. They're often hard to read, heavily redundant, and jargon filled. This book isn't, and my copy is already dog-eared, and filled with turned-down pages. It is chock full of useful advice, interesting stories, great references, and useful lessons learned. If you build security software, or software with security implications, you should buy this book. Once you've bought it, it may help to skim the first few chapters, which set the scene, and do contain a fair bit of redundancy, probably unavoidably. If you get bogged down, skip forward, there's lots of great stuff. I think this is my favorite excerpt: We studied eight subjects’ experiences enrolling in the wireless PKI. Our subjects were sophisticated computer users, typically holding Ph.D.s in Computer Science. Despite using the GUI-based interface for enrollment and configuration of their machines, the process involved a total of 38 distinct steps. Each of these presented an opportunity for end users to make frustrating mistakes. The average time that it took them to request and retrieve their certificate and then configure their system was 140 minutes. Almost all of the subjects printed the instructions, and even those determined to understand what they were doing soon began following the instructions mechanically. In the end, many test subjects described enrollment as the most difficult computer task that PARC had ever asked them to do. All subjects had little idea of precisely what they had done to their computers. Several commented that if something were to go wrong, they could not perform even basic troubleshooting. For several subjects, this was the first time that they had ever experienced the inability to administer their own machines. Ironically, while PKI technology may have secured their machines for wireless use, it simultaneously reduced these end users’ ability to configure and maintain their own machines. (From chapter 16, "Making the Impossible Easy: Usable PKI," by Dirk Balfanz, Glenn Durfee, and D.K. Smetters.) [Emergent Chaos] 5:49:28 PM    comment []

Kuznicki Defends the Divine Right of Kings, Film at 11. Jason Kuznicki has decided to declare an "opposite day", wherein he defends an idea he disagrees with and attempts to do so without making a parody of that position. He chose to defend the divine right of kings, an idea that is anathema to his libertarian mindset. I was asked to give it a shot as well, but to try and make the strongest argument I can for ID, while an ID advocate would make the strongest argument against it that he can. I have too much on my plate at this point to devote the time to that project, but I might take him up on that offer sometime in the future. Read the entire post | Read the comments on this post [Dispatches from the Culture Wars] 5:48:43 PM    comment []

SimVirus. Opponents of animal testing for medical research often argue that the same tests could be performed via computer simulation; researchers counter that simulations simplify physiology too much to be useful in that way. But such a claim may be in its final era -- we now have the first functional, down-to-the-atom simulation of a biological organism. Computational biologists at the University of Illinois at Urbana-Champaign and crystallographers at the University of California at Irvine have created a complete simulation of the Satellite Tobacco Mosaic virus. We won't have a SimRabbit, SimRhesus Monkey or SimHuman any time soon, but such tools now appear to be much more plausible. The satellite tobacco mosaic virus is about as simple a virus as possible; the entire STMV genome consists of a little over a thousand nucleotides in RNA, along with a couple of proteins. The virus is referred to as a "satellite" because it relies on the presence of the tobacco mosaic virus in order to reproduce. Despite this simplicity, the researchers had to use a supercomputer to simulate a fraction of a second of viral activity: Running on a machine at the National Center for Supercomputing Applications, Urbana, the program calculated how each of the million or so atoms in the virus and a surrounding drop of salt water was interacting with almost every other atom every femtosecond, or millionth of a billionth of a second. The team managed to model the entire virus in action for 50 billionths of a second. Such a task would take a desktop computer around 35 years, says Schulten. "This is just a first glimpse," he says. "But it looks gorgeous." The researchers have a page describing the work in fairly complex language; Nature reduces the jargon a bit; and the University of Illinois-Urbana Champaign press release gives an essentially jargon-free depiction. Virus simulations at this level, even without a corresponding simulation of a host organism, can reveal surprising details about viral activity; this first simulation included its own breakthrough discovery about how the virus creates its protein shell. As these tools become more advanced, we should expect to see similar discoveries of the subtle behavior of viruses, bacteria and beyond. Eventually, we'll likely be able to simulate the effects of changes to the organism's genome. This will be a major advance in our ability to predict the effects of bioengineering experiments, and to prepare for non-obvious results. [WorldChanging: Another World Is Here] 5:48:27 PM    comment []

Cory: Full text of Bruce Sterling's ETECH speech from last week. Here's the complete text of Bruce Sterling's inspiring, cranky, visionary talk at last week's O'Reilly Emerging Tech conference. Bruce's talk made admirable sense out of what's going on with technology in the twenty-first century, what Web 2.0 and the rest all mean, and how they can be positioned against the history of other innovations. Bruce Sterling speeches inspire the hell out of me -- I dropped out of university after reading his 1991 GDC talk -- and they keep getting better: Computers are not "smart," in any useful sense of that term. They don't "think." They don't have "intelligence." Computers don't "know" things and they don't have any literal "memories." They're not artificially intelligent sci-fi beings like HAL 9000. Computers are boxes of circuitry, with strings, and slots for the strings. They are not alive and mentally active, they are just sitting there, ordinating. What is "ordinating," exactly? Well, if we'd invested our attention in figuring that out, instead of awkwardly struggling to make these devices think like a human brain does, then we would have successfully explored the very large set of interesting problems that computers turned out to be really good at . If you look at today's potent, influential computer technologies, say, Google, you've got something that looks Artificially Intelligent by the visionary standards of the 1960s. Google seems to "know" most everything about you and me, big brother: Google is like Colossus the Forbin Project. But Google is not designed or presented as a thinking machine. Google is not like Ask Jeeves or Microsoft Bob, which horribly pretend to think, and wouldn't fool a five-year-old child. Google is a search engine. It's a linking, ranking and sorting machine. Linking, ranking and sorting don't sound very sexy, glamorous or philosophically crucial. Instead of nostalgically clinging to the words - the neologisms of the past, which are now archaeologisms - we should pay more attention to the facts on the ground. What works? What matters? Link [Boing Boing] 6:14:46 AM    comment []