Monday, July 31, 2006

If my blog looked funny over the weekend...

... it was because I messed up something while playing around with some WordPress themes. It looked fine from my computer but then a reader using MS Internet Explorer informed me that my pages didn't look like they used to.

My main workstation is running Solaris. I guess that's what I get for not using MS Internet Explorer.

Sorry about that. I'll be more careful next time.

Friday, July 28, 2006

I hope they can make this work

This Wired article just caught my attention.

Powering Up, One Step at a Time

Excerpts:

British engineers are converting street vibrations into electricity and predict a working prototype by Christmas capable of powering facility lights in the busiest areas of a city.

"We can harvest between 5 to 7 watts of energy per footstep that is currently being wasted into the ground," says Claire Price, director of The Facility Architects, the British firm heading up the Pacesetters Project. "And a passing train can generate very useful energy to run signaling or to power lights."
...

Gilbert is working with hydraulic-powered heel-strike generators, which he believes could be installed in the floors of busy public places like subway stations. Those stations typically capture the footfall of 20,000 commuters an hour during peak usage -- multiplied by 5 to 7 watts a person, that's more than enough to power a building's lights for the day.

...

The prototypes are scheduled for assembly by December 2006.

I think it's a cool idea. I hope they can make it work.

Wednesday, July 26, 2006

India rejects 'One Laptop per Child'

The Times of India has reported that India's Ministry of Human Resource Development has rejected the idea of One Laptop per Child.

Excerpt:

The HRD ministry has rejected the idea of 'one-laptop-per-child' (OLPC) being aggressively marketed by Nicholas Negroponte of MIT Media Laboratory. "India must not allow itself to be used for experimentation with children in this area," the ministry has said.

The ministry's detailed objection based on technical, social and financial grounds was sent to the Planning Commission two weeks ago.

It is not clear what the technical objections are; there was nothing mentioned in the article. As for me, I have my own personal reservations about OLPC's approach. At this time, I am not convinced that they are headed in the right direction. Why? Here's something from OLPC's FAQ page:

What is the $100 Laptop, really?

The proposed $100 machine will be a Linux-based, with a dual-mode display—both a full-color, transmissive DVD mode, and a second display option that is black and white reflective and sunlight-readable at 3× the resolution. The laptop will have a 500MHz processor and 128MB of DRAM, with 500MB of Flash memory; it will not have a hard disk, but it will have four USB ports. The laptops will have wireless broadband that, among other things, allows them to work as a mesh network; each laptop will be able to talk to its nearest neighbors, creating an ad hoc, local area network. The laptops will use innovative power (including wind-up) and will be able to do most everything except store huge amounts of data.

Here's my concern: considering that the target users are young children (6-12 year olds, if I'm not mistaken), how wise is it to make a machine that is run by a full-blown operating system? Do we expect these kids to "play system administrators" on their laptops? Do we expect them to know how to patch their systems when there are security vulnerabilities in the operating system or application programs? Or are they planning to have professional system administrators push the updates to these laptops? Is that really going to succeed?


I am not picking on Linux just because I am a Sun employee. I will still have the same reservations even if they use Solaris as the operating system. The fact is all operating systems will have their own vulnerabilities even if these operating systems are stripped down of unnecessary services. And when these vulnerabilities are discovered, they have to be dealt with. Besides, no matter what operating system is used, there are still application programs that will also have their own vulnerabilities.


OLPC is talking about deploying millions of these laptops. Wouldn't it be better if they are engineered in such a way that the end users will no longer have to worry about securing their individual laptops?


I think it makes sense to study the viability of a thin client model -- a device that has no operating system to begin with. That way, there is nothing to maintain on the laptop itself.

Friday, July 21, 2006

Things that caught my attention: biometric spoofing

Yesterday, I started a category that I called Things I take for granted. Today, I am starting another category. This time, I will call it Things that caught my attention.

First to make it to this category is biometric spoofing. I've had this lingering concern about biometrics for a while now. If people start using biometrics as a means to authenticate, what happens when someone gets a hold of the digital representation of your fingerprint or your iris? A password is easy to change but how easy is it to change your fingerprint? How about your iris?

Today, my news aggregator caught this article from Slashdot . The article pointers lead to ZDNet Asia:

Crime of the future--biometric spoofing?

Excerpts:

Watch where you leave your fingerprints--soon they could be the target of thieves looking to break into your bank account.

Although biometric security systems--using fingerprints, iris scans and facial recognition--are only just now entering the mainstream, they are likely to be common within a few years.

And as soon as biometrics begin to be used to protect bank accounts or benefit systems, crooks will start looking at ways of breaking into them

....

"We are leaving our prints everywhere so the chance of someone lifting them and copying them is real.

"Currently it's only researchers that are doing spoofing and copying. It's not a mainstream activity--but it will be. It's just human nature; if it can be done it will be done if you can achieve some benefit from it."

Different biometrics may be attacked in different ways. For example, researchers have proved in the past it is possible to trick fingerprint systems with fake fingers made of gelatine.

Similarly, would-be thieves could try to spoof facial recognition systems with photos, videos or facial disguises in order to get access to the systems or information they protect.

Part of the problem is that many of the biometrics used by these systems are easily visible.

Toth warned: "Many people are trying to regard biometrics as secret but they aren't. Our faces and irises are visible and our voices are being recorded. Fingerprints and DNA are left everywhere we go and it's been proved that these are real threats."

In response vendors are building tighter security into their biometric systems--for example to check that a finger has a pulse, or that a real iris is being presented rather than a photo.

For now, I don't trust biometrics as a means to authenticate. Maybe that's because I don't fully understand the technology behind it. But I like it better when you authenticate with something you know, something stored in your brain -- like a password that will in turn generate a random password. That way, the master password can easily be changed when there is a security breach. The random password, on the other hand is just that -- a randomly generated password that is valid only for a few seconds. This is the type of authentication that we use at Sun. Maybe one day, I will post something about that.

Perhaps, one day, biometrics will become really secure. But I will wait and see. Until I'm convinced, I won't sign up for any service that uses biometric authentication.

Thursday, July 20, 2006

Things I take for granted: syndication

Today, I'm starting a new category that I will call Things I take for granted. This category will contain posts about things that are almost second nature to me and yet may be completely foreign to other people. Of course, this is never meant to put anyone down. I'm sure that things that doctors take for granted will be foreign to me as well.

First to make it to this category is syndication. Most of my peers in the IT industry will take syndication for granted but to a lot of people, it is a complete mystery. Just yesterday, somebody asked me what those syndication buttons are for. Quite a few people have also asked me where I get the time to read all sorts of things. The secret: syndication and aggregators.

For those who are new to syndication, here's a good introductory article:

What is RSS/XML/Atom/Syndication?

Excerpts:

Syndication is the process of using RSS/Atom for automated updates, another way of getting the information you want. You no doubt have a list of web sites you browse daily for updates, whether they’re stored in your bookmarks or your head. If you find yourself loading 20 or 30 sites a day, and you notice if a few stop updating as frequently, you’ll inevitably stop checking them.

What if there were instead some way to have your list of bookmarks notify you when the sites you read have been updated? You wouldn’t waste time checking those that haven’t. Instead of loading 30 sites a day, you might only need to load 13. Cutting your time in half would enable you to start monitoring more sites, so for the same amount of time you originally invested in checking each site manually, you may just end up end up following twice as many.

Syndication provides the tools to do this. A news reader, or aggregator as they’re also known, is a program or a web site that automatically checks your list of bookmarks (which you only have to set up once) and lets you know what’s new on each site in your list.

.....

As an analogy, the news reader acts like a customizable newspaper. You can pull a variety of content from a growing number of sources into one place, to be read however you choose.

.....

The only stipulation is that the source must provide a feed....

If this introduction has whet your appetite, the next step is to grab a news reader and start playing.

.....

So there you go. If you have a Yahoo, Google, MSN, or AOL account, you can instantly take advantage of syndication. If you don't, there are free online aggregators like Bloglines, Rojo, NewsGator, and Netvibes. Also, some browsers like Firefox have builtin support for syndication.

Go ahead, try it so next time I post something, you will be notified right away. :)


Tuesday, July 18, 2006

Blog moved: Blogger.com -> WordPress

I've decided to spend more time blogging and since I am not very happy with blogger.com, I thought that I might as well get out of there while my blog is just starting. I feel that blogger.com is too restrictive. I have also read some discouraging posts here, here, here, and here.


So before I become one of blogger.com's problem statistic, I did some research and I decided to go with WordPress. Since I have a web host that is just sitting around and I enjoy doing installation and configuration anyway, it made sense that I host it myself. I feel that hosting it myself will give me more control.


Installation of WordPress was smooth. It even has an import function so I was able to import my entire blog. However, I noticed that the import was not perfect. Some of the blockquotes and links were not properly moved over. But I only have a few entries so far so I can live with that. Those should be easy to fix.


The thing that took the most time, though, is fiddling around with themes and plugins. After a few hours of fun, I am now at a point where I'm happy with the look and feel of the site.


There are still some things to do like redirecting my blogger.com pointer and setting up automated backups of this blog. I also need to put in the syndication stuff.


But it's 8pm so this should be good enough for now. :)