Tuesday, October 30, 2007
The captchas are here
One of my recent, and rather widely linked, posts has attracted a huge amount of automated spam, linking to what seems to be a nasty spyware-purveying site. I have deleted perhaps 10 copies so far, but more keep coming in.
So, hello captchas, sorry commenters.
Monday, October 29, 2007
I would hope that nobody who received the mail was fooled. Apart from obvious questions like what this person is doing in Nigeria, there is, as the above article says, "the troubling detail of why their knowledge of grammar and punctuation has forsaken them."
How do you lose access to your account? By someone stealing your password, obviously. How do they do that? There are various ways:
- First of all, there are dictionary attacks. If you use an English word as your password, you can be sure your password is not safe. Even a straightforward combination of words and numbers, like "Hello123", is not safe.
- Then, most webmail access is unencrypted, and it is hard for a newcomer to see how to encrypt. This is one of the many disgraceful aspects of how free webmail providers behave. With Google mail, you should go to https://mail.google.com/ (note the "s" at the end of the "http"; you'll also see it in bank gateways and the like.)
What's wrong if it's unencrypted? Simply this: anyone sitting in your network, or administering a gateway between yours and the server's, can read it. Worse, if you're on an unencrypted wireless connection, or on a WEP-encrypted one (WEP is useless), anyone within range of your access point can read it.
- There is cached data on your disks. If you throw away an old computer, or give it to the service centre, much compromising information may be readable.
- Then there are phishing scams. Scammers routinely send out a mail along the lines of "Your hotmail account has administrative problems, please authenticate it here", and send you along to a fake site where you log in and they keep your password. Unfortunately, many people still fall for it.
- Then there's the most insidious of all: keystroke loggers. These are trojans that sit on your computer and keep track of what you type. Getting one on your computer is as easy as visiting a spyware-infested site, if you use certain operating systems and web browsers that originate in Redmond, WA. So keep your computer clean (I'd say avoid Microsoft Windows totally if it's at all possible for you, and if you must use it, don't use Internet Explorer, and if you absolutely must use IE, disable ActiveX, and if you must use ActiveX, there's no hope left for you); and don't access important sites from cybercafes or computers you don't control.
So what does one do? A colleague pointed me to a very informative article by Bruce Schneier, on how to choose good passwords and keep them safe, which should be required reading for all computer users. He describes the capabilities of dictionary attacks and forensic tools, and how to bypass them.
You should not only choose a secure password, but a different secure password for each website you use: otherwise, if one is compromised, they all are. One problem is that many users can't remember one non-trivial password, let alone a unique one for each site. So here's a trick that I came across some years ago, I can't remember the source. The general idea is as follows, the details can be varied.
- Choose a word or string that you will remember for sure. It need not be very complex. For example, "MyPassword".
- Append to it the domain name of the site you are accessing, for example "MyPasswordmail.google.com".
- Run the resulting string through a hashing program like md5sum. In this case, the output is "0017e27585c50866609a6d41a127555e -"
- Use the first 8 characters of that output, in this case "0017e275", as your password.
As I said, many obvious variants are possible, and if you pick your own -- or even if you follow the above scheme entirely -- chances are essentially zero that your password will ever be guessed. The disadvantage is that you need access to the md5sum program to recover your password. But this is usually available already on linux and can be installed on windows and other platforms. So, if you follow the injunction above against using untrusted computers, it should not be a problem.
This protects against dictionary attacks; it may also protect to some extent against forensic analysis of a disk (since the password looks like random hex, not like an obvious password, it may be harder to find among all the other junk on your disk). And if you lose your password on one site, the other sites stay secure. But it will not protect against the other attacks mentioned above; you should still use secure HTTP, particularly when on wireless networks, should be vigilant against phishing attacks, and should not let spyware onto your computer.
Caveat emptor: I am not a security professional. If you're in a security-critical situation, don't go by the above; get professional advice.
Sunday, October 28, 2007
Not for children
If you're Prince (formerly known as The Artist Formerly Known As Prince), you file a demand, under the DMCA, that YouTube take down the clip. You see, your rights as an artist (even one formerly known as Prince) are being violated if people can hear 29 seconds your music as background to a video of a dancing toddler. "It's simply a matter of principle," says a Universal Music spokesman defending Prince.
The song was "Let's go crazy."
Saturday, October 27, 2007
Yes, Gujarat was worse than anything else.
Then Gujarat 2002 happened and I decided never to have any further truck with their sympathisers.
Now Tehelka has revealed exactly how the riots were orchestrated by the state machinery, headed by Narendra Modi. Complicity is not the word. They organised the whole thing.
The reaction has been predictable. Opposing politicians have demanded Modi's resignation or removal. The BJP, while not really refuting the stories, has questioned the motives behind the article: "How is it that this magazine never carries an expose on Congress either at the Centre or states?" The media seems to think that this confirms what we all knew anyway. The Hindu's N Ram, never short of words where it doesn't matter, has not yet editorialised on this topic, nor did his paper give the story any importance when it broke. But today, at least, it carries a couple of front-page stories. Abi summarises the reactions of some other newspapers.
I took some time writing my own reaction, but the blogosphere has mostly beaten me to it. Prem Panicker, in particular, deals well with the standard defensive reactions. I haven't yet spotted anyone willing to identify themselves in Modi's defence. But there are lots of anonymous comments asking things like "What about the Godhra train? What about the 1984 Sikh riots? What about the Kashmiri Pandits?", as if any of those lessened the importance of this outrage, or that our acknowledging and addressing this outrage would weaken our response to those other outrages.
So let's get that out of the way first: yes, these and other such occurrences should all be condemned. In particular, the 1984 purging of Sikhs in the capital was a genocide by any definition. Rajiv Gandhi may or may not have been complicit, but most certainly winked and nodded at it ("When a great tree falls, the earth shakes"). Other Congress leaders in Delhi were complicit, and some were actively organising the affair. It is a disgrace that no action has been taken against any of them to this day; some, such as H. K. L. Bhagat, have died unpunished. As an example of state terror, 1984 Delhi was just as bad as 2002 Gujarat. The Kashmiri pandits have suffered too long. Godhra was an atrocity, regardless of whether it was spontaneous or premeditated, and regardless of what the provocation (if any) may have been. There have been many, many more such incidents where Muslims were not the victims; all of them should be condemned and we should try to ensure they never happen again.
Ok, that's out of the way. Here's what I want to say: though many of those incidents -- in particular, the 1984 anti-Sikh riots -- equalled or exceeded Gujarat in barbarity and had just as much connivance from those who are supposed to protect us, Gujarat was worse. Because what happened in Gujarat arose from an ideology that has been poisoning our lives since well before independence; and that ideology is not just alive and well, but given respectability by the participation in our political process of parties such as the BJP and the Shiv Sena.
It amazes me that people bother to protest when the RSS, or its offshoots like the BJP, are labelled "fascist". The founders of this organisation, such as M. S. Golwalkar, quite openly modelled the RSS after fascist European organisations of the 1930s. The inspiration ranged from their supremacist ideology down to cosmetic details like the wearing of shorts at their "shakhas". And Hindu supremacism is every bit as evil as white or "Aryan" supremacism.
The ideology has not changed one iota since those days. From Golwalkar's time, the RSS and its offshoots have continuously striven towards the same goal; and all the "incidents" punctuating their history since then -- such as Mahatma Gandhi's assassination, the Babri masjid demolition, numerous riots including the 1993 Mumbai riots -- all stem from that ideology: Hindus (of a particular description) are supreme, and don't dare to be nice to Muslims.
So Gujarat was not a one-off like the 1984 riots. It was the culmination of the RSS routemap towards taking over Indian society. It was everything that this crowd had been working towards since before independence. Even in 2002, many commentators were calling Gujarat a laboratory. The goal is to follow this laboratory trial with country-wide field tests, and then release it on the nation.
That is why Gujarat was so unspeakably bad. If it goes unpunished, and even worse, if it appears that civil society wants it to go unpunished, if Modi is allowed to get away with it, it is the green signal to the RSS that they can go forward. It is the start of India's slide into fascism. If you thought Gujarat was bad, wait for phase 2 of the RSS's laboratory trials.
Thursday, October 25, 2007
Ego boost, courtesy Google
The Google Toolbar lets you see the page ranks of sites that you visit, and the opinion page of the WashPo has an even lower page-rank: just 4. Which, as it happens, is also the page rank of the blog that you are now reading.
So my humble abode is, in Google's estimation, as important as The Washington Post's opinion page. And my work web page has a page rank of 5: more important than the WashPo's opinion page.
(Um... actually, their opinion articles are written by people like Charles Krauthammer and Robert Novak. So perhaps I shouldn't be too flattered.)
Wednesday, October 24, 2007
A play and a musical
At one time, Hollywood produced quite a large number of musicals. But growing up in India, I, like most young people, knew only of two: The Sound of Music, and My Fair Lady. Admittedly these have been among the most successful movies of all time, but I still wonder why Singing in the Rain, Mary Poppins, West Side Story -- to name a few -- did not find more of an audience in this country.
My Fair Lady was, of course, adapted from Bernard Shaw's "Pygmalion" (free Project Gutenberg e-text). The movie (and its predecessor, the Broadway musical) contains notable differences from the play. In particular, where Shaw -- distressed by an early performance that introduced a romantic ending -- appended a lengthy prose diatribe explaining why Eliza would marry the uninteresting Freddie and develop no romantic relationship with Higgins, Alan Jay Lerner concluded My Fair Lady with Eliza returning to Higgins' room (though the question of subsequent romance was left unresolved). I generally assumed that Shaw would have squirmed at this, as he would have at the idea of his play being converted into a Broadway musical.
So it was with great interest that I recently watched the 1938 movie of Pygmalion, starring Leslie Howard as Higgins and Wendy Hiller as Eliza. The screenplay is credited to Shaw himself, who received an Oscar for his efforts; it deviates significantly from his original play, but what struck me was how little My Fair Lady deviates from this movie. Even the ending is the same (Shaw presumably was persuaded of its merits) -- except that in Lerner's version, Higgins, walking home, bursts into song ("I've grown accustomed to her face") and, where the 1938 movie concludes with the line "Where the devil are my slippers, Eliza?" Lerner substituted "Eliza, where the devil are my slippers?" Numerous other new elements in the 1938 film -- from the "educating Eliza" scenes, with marbles in her mouth, to the line "The rain in Spain stays mainly in the plain", to the ballroom scene featuring Higgins' former Hungarian student Karpathy, who "exposes" Eliza as a Hungarian princess -- have been borrowed almost without modification by Lerner. Most surprisingly, the melody of "I could have danced all night" is clearly audible in the ballroom scene. It wouldn't be an exaggeration to say that "My Fair Lady" is the 1938 movie interspersed with songs, and with different actors.
As for the actors -- I wasn't born early enough, or in the right city, to watch Julie Andrews as Eliza; but Rex Harrison and Audrey Hepburn do a great job in the movie. However, to me, Howard rings truer. Harrison's Higgins seems to be playing a part: he is a rude, mannerless, inconsiderate character, not out of his inner nature, but in order to be provocative and to have a bit of fun at everyone's expense. Howard's Higgins does not seem to be acting a role: he really is like that. And Wendy Hiller, as Eliza, is absolutely outstanding from start to finish.
That leaves the songs. Compared to the 1938 movie, these (and Technicolor) seem to be the main value additions to My Fair Lady. And Lowe's melodies are indeed valuable. But I have several nits to pick with the lyrics.
Henry Higgins, let us remember, is fanatical about the English language; while his field is phonetics, surely grammar would not be much lower on his priorities (and, indeed, he repeatedly corrects Eliza's grammar.) Yet the first lines that Lerner's Higgins sings are these:
Look at her, a prisoner of the gutters
Condemned by every syllable she utters;
By rights she should be taken out and hung
For the cold-blooded murder of the English tongue.
But in English (as opposed to American), only inanimate objects are hung; humans, when executed, are hanged. ("By rights" does not sound very British either.)
We may excuse Lerner for this: he was after all an American. But what do we make of these lines from "I'm an ordinary man"? Could Higgins possibly have uttered such a monstrous line as "I'd be equally as willing for a dentist to be drilling than to ever let a woman in my life"? I would have thought that "equally as willing" is incorrect English on both sides of the Atlantic; "for" and "than", following that phrase, ring quite wrong; and shouldn't the refrain be "let a woman into my life"?
Perhaps Higgins is being sarcastic, but that doesn't make much sense either: if he wanted to lampoon someone, it would be a Cockney, not an American. I'm rather mystified that Rex Harrison, who was reportedly a Shaw purist who carried the Pygmalion script to rehearsals, allowed himself to sing these lines. But they have become classics, so what do I know.
Having picked those nits, let me admit that the songs are indeed very enjoyable. So here are a couple of links to close out this post. Though Julie Andrews was sidelined for the movie, we can watch her do "Wouldn't it be loverly" here. (She also sings on the 1956 Broadway cast recording, which is marvellous, and on the 1959 London cast recording, which I haven't heard.) Audrey Hepburn was mostly overdubbed by Marni Nixon in the movie, but the DVD includes her versions of two songs as alternate takes; you can watch that here. (She struggles a bit on the high notes; one can understand why she was dubbed, but it is really quite a creditable performance.)
It's a country so prudish that the site of Janet Jackson's exposed breast at the Super Bowl traumatised the nation, yet toddlers are exposed to guns and gun crime routinely and pre-teens are marketed sexually provocative clothing.
It's a country where airport screeners unerringly detect and remove that lethal shower gel that you're carrying. (I should have known, but forgot to check mine in, particularly as I had carried it days earlier on Air India -- an airline not unaccustomed to terrorism -- without demur.) Yet, in tests in Los Angeles, they failed to detect 75% of fake bombs.
It's a country where racial discrimination was not only normal 50 years ago, but enshrined in the law in many states. Today it is socially unacceptable, not just to discriminate, but even to joke about it. That's a remarkable turnaround, which I'm sure we could replicate in India, with respect to our disgraceful treatment of the "lower castes", if we made the effort -- but we refuse even to recognise the seriousness of the problem.
Some may argue that political correctness now goes too far -- see this for example -- but the achievements can't be denied.
Yet, taking the subway (the "T") in Boston, I saw advertisements saying (from memory): "Take the T to Salem and enjoy a haunted weekend." I don't think Americans would countenance tourism advertisements saying "Take a trip to Georgia and enjoy a trail-of-tears weekend", or "Take a trip to Alabama and enjoy a weekend of lynching and cross-burning". But an episode in American history that, to the modern mind, should seem just as disgraceful as those more recent episodes, is seen as harmless family entertainment. Is it because the victims were white women? Or because they were regarded as pagans (though they probably weren't)? Or did it just happen too long ago to worry about it?
Here's a thought-provoking post about the stereotypical witch (Misshapen green face, stringy scraps of hair, and a toothless mouth beneath her deformed nose. Gnarled knobby fingers twisted into a claw protracting from a bent and twisted torso that lurches about on wobbly legs) and why this image probably did describe the witches of the time.
Tuesday, October 09, 2007
Translation of the Swedish article on the plagiarism case
A commenter on Abi's blog pointed out the only example of media coverage that seems to have occurred of this case (which seems to have been known for two months). Unfortunately it's in Swedish.
Dag-Erling Smørgrav very kindly sent me a translation. I don't in general reproduce entire articles on my blog, but in this case I think it's merited (and, needless to say, DES is not responsible).
Article was pure plagiarism
A scientific article written by five Swedish researchers has been plagiarised in a respected international journal. "I have never seen anything like it," says Börje Johansson, professor at the University of Uppsala and KTH and one of the authors.
In late August Sergei Simak, lecturer at the University of Linköping, sat down at his computer and looked up cerium dioxide. A recent article with an exciting title popped up on his screen and he started to read.
After only a few sentences, it was clear. The text was identical with the one he himself, Börje Johansson and three other researchers had written and published a few years earlier in the respected journal PNAS (Proceedings of the National Academy of Sciences of the United States of America).
"They have replaced the abstract, changed the figures a little and added a citation to our article - beyond that the content is exactly the same as in ours," says Börje Johansson.
The article is about research that might prove useful in the development of fuel cells - a potentially important energy source in the future.
"There are perhaps four years of work behind the results presented in our article."
The plagiary was published in May in the Journal of Materials Science, a respected scientific journal. Editor-in-chief Barry Carter writes in an email to DN that it is one of the most serious cases of plagiarism he has seen. A retraction will soon be published in the journal. The article is still published online, but Barry Carter writes further that the publisher, Springer, are investigation whether and how it can be removed from their home page.
Barry Carter considers it likely that one or more of the so-called authors of the plagiary are innocent.
Tom Mathews, doctor at the Indira Gandhi center for nuclear research in India and one of the four researchers named as authors, distances himself from the article in an email to DN. So does Roshan Bokalawela, graduate student at the University of Oklahoma in the USA.
DN has not been able to reach the other two authors. One of them claims in an email to the Swedish researchers that he received a draft from a researcher in Nepal.
According to the Swedish regulation on university colleges, it is the duty of the university college since September 1st, 2006 to investigate all reported cases of suspected scientific cheating.
Lisa Kvist Wadman
 Kungliga Tekniska Högskolan (Royal Institute of Technology) in Stockholm
 The Swedish word "plagiat" can mean either the act or the result of plagiarism; I chose to use "plagiarism" for the former sense, and the archaic form "plagiary" for the latter.
 sic, I assume they mean "web pages".
 "förordning" equivalent to a federal regulation in the US or a statutory instrument in the UK
 "högskola", literally "high school", officially translated as "university college"; an institution that offers education up to a master's degree or equivalent in a limited range of subjects.
I find it odd that, after two months, Springer is still investigating whether and how to remove it from their home page. Even if they do not, surely they can put up a notice that this article was plagiarised. (arxiv.org has an automatic plagiarism detector. It is high time journals started doing the same thing.)
Sunday, October 07, 2007
Great minds think alike?
Abstract of "Optimization of ionic conductivity in doped ceria", Andersson et al., PNAS, 2006:
Oxides with the cubic fluorite structure, e.g., ceria (CeO2), are known to be good solid electrolytes when they are doped with cations of lower valence than the host cations. The high ionic conductivity of doped ceria makes it an attractive electrolyte for solid oxide fuel cells, whose prospects as an environmentally friendly power source are very promising. In these electrolytes, the current is carried by oxygen ions that are transported by oxygen vacancies, present to compensate for the lower charge of the dopant cations. Ionic conductivity in ceria is closely related to oxygen-vacancy formation and migration properties. A clear physical picture of the connection between the choice of a dopant and the improvement of ionic conductivity in ceria is still lacking. Here we present a quantum-mechanical first-principles study of the influence of different trivalent impurities on these properties. Our results reveal a remarkable correspondence between vacancy properties at the atomic level and the macroscopic ionic conductivity. The key parameters comprise migration barriers for bulk diffusion and vacancy–dopant interactions, represented by association (binding) energies of vacancy–dopant clusters. The interactions can be divided into repulsive elastic and attractive electronic parts. In the optimal electrolyte, these parts should balance. This finding offers a simple and clear way to narrow the search for superior dopants and combinations of dopants. The ideal dopant should have an effective atomic number between 61 (Pm) and 62 (Sm), and we elaborate that combinations of Nd/Sm and Pr/Gd show enhanced ionic conductivity, as compared with that for each element separately.
And the abstract of "Determination of dopant of ceria system by density functional theory", Muthukkumaran et al., Journal of Materials Sciences, 2007:
Oxides with the cubic fluorite structure, e.g., ceria (CeO2), are known to be good solid electrolytes when they are doped with cations of lower valence than the host cations. The high ionic conductivity of doped ceria makes it an attractive electrolyte for solid oxide fuel cells, whose prospects as an environmentally friendly power source are very promising. In these electrolytes, the current is carried by oxygen ions that are transported by oxygen vacancies, present to compensate for the lower charge of the dopant cations. Ionic conductivity in ceria is closely related to oxygen-vacancy formation and migration properties. A clear physical picture of the connection between the choice of a dopant and the improvement of ionic conductivity in ceria is still lacking. Here we present quantum-mechanical first-principles study of the influence of different trivalent impurities on these properties. Our results reveal a remarkable correspondence between vacancy properties at the atomic level and the macroscopic ionic conductivity. The key parameters comprise migration barriers for bulk diffusion and vacancy–dopant interactions, represented by association (binding) energies of vacancy–dopant clusters. The interactions can be divided into repulsive elastic and attractive electronic parts. In the optimal electrolyte, these parts should balance. This finding offers a simple and clear way to narrow the search for superior dopants and combinations of dopants. The ideal dopant should have an effective atomic number between 61 (Pm) and 62 (Sm), and we elaborate that combinations of Nd/Sm and Pr/Gd show enhanced ionic conductivity, as compared with that for each element separately.
I am unable to access the full text of the second article, but I am told that it continues to be very similar to the first. It shows the cutting-edge nature of research at Anna University, that they independently came up with identical results to the Swedish group, a bare few months after the Swedes published their paper. Surely it must be independent work: it beggars belief that the Anna University group would have copied their work, verbatim, from a paper published in a high-profile journal like PNAS in the very same year -- if we admit such possibilities, the sky is the limit and beyond anyone's imagination. Right?
(The similarity, apparently, was spotted by students at IIT Madras, and is being investigated by the journal).
UPDATE - As a commenter on Abi's blog observes, coverage of the story has appeared in Sweden here. Unfortunately I don't know Swedish, and the online translators seem much less capable than the German-to-English translators, for example. So I'd welcome a translation. Using Intertran, I get this gem:
Chefredaktören Barricades Carter am typing in one mejl to DN that the tube themselves if a of they grossly nominal of plagiarism he has looking. A amendment am arriving within short in magazine. Article find still publish p nätet , but Barricades Carter am typing forth that sheepish , Am leaping , analysing if and how the able tas away frn their ghastly. Barricades Carter deem that the is believable that a ors several of they s call authors to plagiatet is innocent. Vacant Mathews , doctor wide Indirect Gandhi centre for atomic research in India and a of they four scientist as mention as author , am grabbing divide frn article in one mejl to DN. The do also Roshan Bokalawela , doctor wide University perceive Oklahoma in America. They television second authors am not having kunnat ns of DN. A of them assert in one mejl to they Swede authors that he was getting outline frn a scientist in Nepal.
I think that means Barry Carter, chief editor of JMS, is sheepishly leaping around to find out how this happened, will be publishing a retraction soon, and believes that several of the "authors" are innocent; Tom Matthews dissociates himself from the paper; and so does Roshan Bokalawela. But I can't be sure. And I wonder where Nepal comes in.
Finally, I didn't intend to make fun of Anna University above -- there are some fine people there (but, as Abi says, their future institutional reputation will depend on how they act here). My "sky is the limit" comment was a quotation from here.
UPDATE - I have posted a better translation of the Swedish article.
Saturday, October 06, 2007
The point of having access to the internals of your car, or the source code of your software, is not necessarily that you personally can fix it if it goes wrong. The point is that you have access to numerous experts who can do so for a fee, or who can advise you for free.
So Microsoft sells you cars with the hood welded shut, and you are at their mercy when things go wrong, which is pretty often. But Apple takes it to the next level.
At least Microsoft allows you to install your own fittings. If you prefer your own car stereo, or upholstery, or radio, you may install them. You have freedom of service providers -- you can use what fuel you like, what oil you like, what roads you like.
Apple seals not only the hood, but the fittings. You are not allowed to install your own. If you install any third-party utility, or if you use an unapproved service provider, they come in and destroy your machine. You spent a few hundred dollars on a shiny new iPhone, and you are now left with a useless slab of metal and plastic, a "brick", because you had the temerity to install third-party applications on it or try to use it on a service provider other than AT&T. (Incidentally, in the case of the iPhone, the hood is literally welded shut -- you can't even replace the battery without shipping it to Apple, and renting a replacement phone at exorbitant rates while you wait.)
This story came out days ago. Some commentators argued that it must have been an honest mistake -- Apple pushed out an incompletely-tested update that "bricked" some unmodified phones as well as modified or unlocked ones. One could believe this, except that Apple themselves threatened their customers with bricked phones if they dared "unlock" them. Others said that maybe AT&T forced Apple to do this -- but every previous report about the iPhone had said it was Apple calling the shots over every aspect of the deal.
No matter. What sort of company goes around destroying its own customers' property? If it had been a genuine mistake, wouldn't you expect, at least a mea culpa, if not some sort of compensation? None has come -- Apple's spokespeople have recommended that customers buy a new iPhone. Which may happen in the fantasy-world that Apple seems to live in, but in the real world, not only are owners of bricked iPhones unlikely to touch Apple again, but interested spectators like me are likely to stay away too. (I was seriously considering a Mac for a new computer -- Unix under the hood, more stable than Windows, friendlier -- at least in some ways -- than Linux. But no longer.)
So, no mea culpa from Apple. Instead comes the expected lawsuit.