Tuesday, August 19, 2008

Hacking an unencrypted connection?

Once upon a time, the word "hacker" was meant to indicate a programmer capable of neat programming tricks that earned the admiration of his peers. (Read Steven Levy's book Hackers for a chronicle of that time, which ended in the early 1980s.)

Over the years, the word mutated to mean "someone who breaks into other people's computers." However, there was still a connotation of skill in the term.

Now, apparently, the word means "someone who borrows someone else's open wireless connection." And this, according to the Gujarat police, is not easy to do: they suspect a "techie", a Wipro engineer of having done it.

To recapitulate this story: an e-mail sent before the bomb blasts in Ahmedabad was sent from an IP address traced to a block of flats where an American, Ken Haywood, lived. The building had wireless internet, unencrypted. You could argue this is foolish, but it is not illegal. The police nonetheless have been making Haywood's life difficult (no word about the other residents of the building complex). At the same time, they think a Wipro "techie" could have "hacked" the connection.

Here's a news flash for our police and our equally moronic media: ANYONE with a laptop within a few tens of metres from the building in question could have used the internet connection, if it was unencrypted. It is not even clear that it is illegal to do so.

(Most internet connections that are encrypted use a discredited scheme called WEP, which can be broken in minutes. I think Haywood should consider himself lucky that his wireless connection did not use WEP. The police would have been totally convinced that he was the terrorist mastermind, since obviously nobody in the world could have "hacked" his connection: after all, it takes a Wipro "techie" to "hack" an unencrypted wireless connection.)

Now, it seems, Haywood has fled these morons and this country. Good for him. Good for the immigration authorities in Delhi for letting him through.

Saturday, August 16, 2008

Wikiality

Wikipedia is often clubbed together with open-source software (such as Linux) or open-access publishing (such as the PLoS journals) as an example of how information wants to be free. But, as many have pointed out, there is an enormous difference. Open-source software such as Linux, and scholarly journals such as PLoS, are rigorously peer-reviewed.

You can take Linux code and do what you like with it, such as adding a device driver for your own obscure hardware, within the restrictions of its licence: the GNU General Public License. You can reproduce PLoS articles and use their content in other ways, within the restrictions of their licence: a Creative Commons licence. What you cannot do, without satisfying extremely high standards of quality, is have your own code included in the Linux sources distributed by Linus Torvalds, or have your own research published by PLoS.

With Wikipedia, however, anyone may edit an article, and it is instantly readable by millions.

Surely the difference is glaringly obvious, but defenders of Wikipedia have claimed for years that mischievous edits are quickly reverted by editors. And this is often true, but I suspect that it is now much less true than formerly. Where it used to be rare to find a Wikipedia article, on a subject of even slight general interest, that had glaring errors or obvious "ego" additions, it is now rare to find an article that does not have such defects.

A couple of years I found Wikipedia a useful and largely reliable resource. Now I find it a useful resource that must be double-checked on every point, no matter how minor.

Here is a list of recent examples:

  • Some time ago Slashdot linked to a Donald Knuth interview, where he talked of, among other things, literate programming -- and linked to the Wikipedia article on it. Unfortunately, as of that date, that article was so incorrect as to be worse than useless (and sparked an ill-informed flamewar on Slashdot too). After the Slashdot link appeared, an "edit war" ensued and it seems to have been restored to a somewhat informative state; but the incorrect version was what was available for months earlier. It used to be that one could trust Wikipedia on technical subjects, but that seems no longer to be true.

  • When I checked Wikipedia for "semolina" some months ago, the following sentence [UPDATE 18/08: link fixed] caught my eye (and it was in the references section of the article!) "Semolina in India is known as "Sooji". Various delicious preparations are made with Sooji. Sooji Halwa is the most famous which is a sweet item. Among Bengali's also this is very popular and used for preparing various sweet items. One of them in Bengali cuisine is known as Soojir Payesh, which is prepared by boiling sooji balls in sweetened milk." Not incorrect, but hardly very professional-looking, and not in the appropriate section; but this text survived from March 25 until May 12.

  • Some time ago Rahul Basu observed, with amusement, that there was a Wikipedia entry for the name Rahul; and regretted that he did not qualify for the list of famous Rahuls. What he did not notice was that several others had had the same regret, and attempted to amend matters; the edit history of that page is rather interesting, and the current choice of "famous" Rahuls is quite strange. (Any such list seems rather pointless.)

  • And finally, my most recent peeve and the one that provoked this post: in the article on the Wodehouse character R. Psmith, Wikipedia (as of today) claims that his name, in the last book (Leave it to Psmith), was changed from Rupert to Ronald Eustace. The "Ronald Eustace" appellation dates from Wikipedia's very first entry on the subject, in March 2005. Now, the second question to ask is, "why did Wodehouse do this?" and Wikipedia suggests that it was to avoid confusion with another Rupert in the book (Rupert Baxter).
    But the first question to ask is, "is this true?" Leafing through my copy of the book, the only evidence I can see to back this claim is the following exchange towards the end of the book, between Eve (who had been taken in by Psmith's impersonation of the Canadian poet Ralston McTodd) and Psmith:
    "Mr..." She stopped. "I can't call you Mr McTodd. Will you please tell me your name?"
    "Ronald," said Psmith. "Ronald Eustace."
    "I suppose you have a surname?" snapped Eve. "Or an alias?
    ...
    "There's not much sense in pretending now, is there? What is your name?"
    "Psmith. The p is silent."
    Personally I cannot see how this could be read as indicating that Psmith's given names were "Ronald Eustace": he was obviously "pretending". But this bit of folk wisdom seems to have become replicated all over the internet, never to be stamped out.


Colbert was right: soon our reality will be defined by Wikipedia.

Tuesday, August 12, 2008

Big blue screen

Some years ago, I saw the biggest Windows error I'd ever seen at the Toys'R'Us store at Times Square, New York.



But it seems the Chinese do these things on a much bigger scale.

Monday, August 11, 2008

Putin them in their place

After its coverage of Nandigram and Tibet (note: those links are to my previous blog posts on the subject, and perhaps not very edifying), The Hindu is at it again. While most of the world press, that I have seen, is castigating the imperialist aggression of Russia (still believed to be led, despite his having stepped down, by Vladimir Putin) against small, harmless, democratic Georgia, The Hindu headlined its Sunday edition (which I saw, since we still buy the paper on Sundays) "Russian forces stop Georgian offensive against South Ossetia", and lest any doubt on its stance remain, published a stinging editorial on Georgia's "adventurism" today.

But this time I think the Hindu may have a point: if they are not actually themselves balanced, they may at least be balancing out the rest of the media.

Even the most pro-Georgia articles do agree that South Ossetia and Abkhazia are separatist with a pro-Russian population. They also agree that Georgia was the initial aggressor in sending in troops into South Ossetia. If separatism supported by the population is good in Chechnya, Tibet, and (for much of the western media, until recently) Kashmir, why is it bad in Georgia?

I am nowhere near sufficiently informed to draw a conclusion. But here are two relatively balanced-sounding Western articles (not surprisingly, both are from The Guardian): James Poulos and Mark Almond.

(PS: a nugget for those who were pained at my title. The former Russian president's name is spelled "Poutine" by the French, which is closer by French phonetic rules to the actual pronunciation; as it happens, "poutine" is a harmless Quebecois snack but "Putin", if pronounced phonetically in French, sounds like a rather impolite word. So I wonder what sort of headlines the pun-happy French have concocted on this occasion.)

Sunday, August 03, 2008

Saturday, August 02, 2008

Fighting the terrorists

It is about a week since the bomb blasts in Ahmedabad and Bangalore, and a few days since the reports of 18 bombs being defused in Surat. India Today, among others, screams on its cover that India is soft on Islamic terrorism. Here are several thoughts:

Protecting planes is hard, and India seems to be doing that pretty successfully: the last "incident" was the Kandahar hijack, for which the security loopholes occurred in Nepal. Airport security in India seems pretty thorough but much more efficient and less intrusive than, say, in the US. I don't have to take off my shoes or my belt. I don't have to send my wallet or keys through the X-ray machine. They don't confiscate my shower gel or even my twin-blade razor -- both of which would be seen as lethal weapons in the US. (They did once make me check in a bottle of wine, though.) Subsequent to the recent attacks, I went through security checks in Chennai, Delhi and Bangalore airports and noticed no heightened security: clearly what is in place is felt to be adequate.

Protecting trains is much harder. They do routinely scan you and search your bag in the Delhi metro (again, not terribly timeconsuming, I found). But yesterday, at the (old) Delhi Junction railway station, was the first time I had to go through a metal detector to reach the railway platform. Still, given the sheer size of our rail network, there hasn't been much terrorist activity there either. On one recent occasion, I observed that the toll was as much due to lack of emergency exits -- and the practice, on that particular train, of locking all doors at night (for "security", of course), converting it into a steel jail -- as due to lack of security. If terrorists were to target, say, a cinema hall, this will be equally true: despite the Uphaar tragedy, the need for emergency exits is just not taken seriously.

Protecting public, open places is impossible. And public places were what were targeted in Bangalore and Ahmedabad. Unless one puts up entry barriers for the entire city and vets each one of the several million residents of the city. The cost of that -- and I don't mean monetary -- would be unacceptable. This is true not just in India. One can bomb an open market anywhere in the world. In airports abroad, it would be easy to bomb the departure lounge. It's not so long ago that a terrorist with Indian origins tried to ram a blazing vehicle into Glasgow Airport. Terrorism is always a cowardly thing, but I suspect the reason this sort of thing isn't more common is that, even to the terrorists, targetting civilians in public places is too easy, too cowardly.

Yet reading all the rants in the Indian media and blogosphere, one would imagine that the recent acts are a catastrophic failure of intelligence and security. To listen to the BJP, one would think either that a draconian act like POTA would magically stop such acts of terror, or that this is so hard to do that the government must have conjured it to distract attention from the BJP's recent antics in Parliament. Nobody wants to point out the obvious: not only is such "terrorism" easy, it signifies the desperation of the terrorists who, unable to strike at even medium-security targets, are forced to hit the defenceless.

These are acts that will earn them only contempt, even from their "supporters", and they know it.