Wednesday, December 18, 2013 and Hypocrisy

I've been really pissed off about lately. No, not the buggy website. No, not the confusing questions. No, not the confusing coverage. I've been pissed off about its media coverage and the political debate surrounding it.

The media has been criticizing Obama and his healthcare plan for more than a month now and its unfair. A role out of a website this big was sure to have some glitches and to be fair had plenty of those. From my experience and the media's story, it sounded like a simple lack of capacity problem. The project managers didn't expect peak coverage to be what it was. Of course, as a technology professional, I shouldn't expect the media to understand that big projects almost always have problems. Except that the media reported the massive problems with the Denver International Airport Baggage System and Boston's Big Dig (people died in the Big Dig). In this age of 24 hour news, it seems that the media's memory is about 15 seconds long.

Even worse is the way that Republicans handled They tried to sink it and now are arguing that it doesn't work. First they obstructed it—attempting again and again to repeal it. Think that uncertainty had any effect on the project plan? Then they refused to pass any minor technical corrections to the bill. These corrections are a common practice in Congress. They make sure that laws that are passed work properly. Whether or not you, as an American citizen, like an individual bill, you still want it implemented in a way that will cause the fewest problems, right? Well, not the Republicans. They then claimed that the technical problems were evidence that the plan didn't work. That's like saying that online shopping doesn't work because goes down for a while. The logic is flawed.

I recently signed up for healthcare through and I must say that it isn't the easiest process in the world, but it isn't the most difficult ever. Most of the difficulty is justified by security, identification, and financial concerns. I would say that the workflow is pretty well implemented.

Still there were some confusing parts. The first time through the application, I thought I had finished, but couldn't actually buy healthcare. I called the helpline. A lovely woman named Serena answered my call within 1 minute. She walked me through the process. It turned out I had missed some questions. I was then approved for a state subsidized plan at a cheap rate.

All in all, I am pretty happy with the experience.

A lot of things don't work in the government. Congress is thoroughly broken. It is more focused on obstructing the other guy than getting anything done. The state agencies are horrible. State administered unemployment, food stamps, and welfare offices are difficult beyond belief. But of course no one cares about that because only poor people have to suffer through that bureaucratic hell. It's nice to know that something in this government works: And it's a good thing that I found good healthcare through the system because this hypocrisy is making me sick.

Thursday, June 13, 2013

BREAKING: Supreme Court Rules Against "Natural" Gene Patents

We have some rare good news in the area of intellectual property (IP) law. The Supreme Court ruled today that Myriad Genetics' patents on two breast cancer gene mutations are invalid.

Myriad Genetics offers a test which lets women know whether they are at increased risk for breast cancer. The test tells women whether they have BRCA gene mutations. Women with these mutations are up to 65% more likely to develop breast or ovarian cancer. Myriad's patent covered ANY use of the mutations including ANY OTHER test for those mutations. Although Myriad claimed to allow further scientific research on these mutations, it isn't clear that they actually allowed all research to go forward. More importantly, Myriad used the patent to block all competitors from introducing other (different) tests. Patients who couldn't afford the tests had no other option. Even those who could afford the tests had to option to get a second opinion (important as no tests are fool-proof).

SCOTUS ruled today quite rightly that patents cannot cover naturally occurring genes. SCOTUS has drawn some fairly bright lines this year. Past cases have shown that patents of human transplanted genes are valid and those patents. The ruling earlier this year on the replanting of Roundup Ready Soybeans shows that those patents are broadly enforceable. This ruling shows that patents of naturally occurring genes are not valid. Note that in the Roundup Ready Soybean case, the genes in question did occur naturally, but were transplanted from a bacterium into soybeans.

UPDATE: Supreme Court Rules in Favor of Monsanto in Gene Pattent Dispute

The Supreme Court ruled in favor of Monsanto in the case of the agri-business giant vs. small Indiana farmer.

But the ruling was narrower than it could have been. The court ruled that Vernon Bowman violated the patent intentionally. He was in violation because he actually made an attempt to use the patented soybean seed without paying for it. It appears that those who violate the patent accidentally (because of plants spreading seed on their own) would not be considered in violation, but SCOTUS did not specifically rule on this issue. This point of law is crucial considering that genetically modified (GMO) wheat has popped up in a field in Oregon despite never having been distributed beyond test crops. On the other hand, farmers can't sue Monsanto preemptively to prevent patent enforcement on accidental cultivation of patented seed.

Friday, May 31, 2013

Clean Coal No Longer a Pipe Dream?

A new coal technology may be able to provide commercial electricity without emitting dangerous greenhouse gases.

Every one knows that climate change is a huge problem. If you don't think it is a problem then you are more in denial than the Swiss were during World War 2. But in addition to warming global temperatures, more intense hurricanes and desertification, we face the problem of ocean acidification. Very simply, the increases in atmospheric CO2 is turning the world's ocean (and lakes and ponds) into carbonic acid. The acid is dissolving coral and shellfish, disrupting the ecosystems that depend on those animals. Even climate change deniers can't deny acidification.

Solar and wind are getting cheaper and cheaper. But we still face the problem of how to run our TVs and microwaves when the sun doesn't shine. We also don't have the electric grid infrastructure to get the power from remote solar cells and windmills to American homes.

The coal industry has been pushing carbon capture technology. The emissions of coal fired power plants would be cooled down and passed through a solution which would bind with the CO2. But the world burns more than 8 billion tons of coal annually and this capture process is extremely expensive.

But there may be hope! We may have true clean coal technology soon! A group of researchers is in the process of commercialing coal direct chemical looping. What is that? Well, think about a fuel cell car. The hydrogen is not burning in a fuel cell. It is being oxidized, but it there is no fire and no loss of energy to heat. Instead the energy released is turned straight to electricity. Direct chemical looping is like that but with coal.

Very, very exciting. This technology may allow people to continue to use an extremely cheap, plentiful fossil fuel without causing further global warming.

Thursday, April 18, 2013

Why no recent updates?

Good day to all of my loyal (and disloyal) readers! I must apologize for the lack of recent updates. I started a new job at the beginning of April. I am managing Comodo Certificate Manager, an enterprise software platform for issuing, installing, and revoking SSL Certificates (for those of you who don't know what is, they enable secure e-commrece).

The job is awesome, but it has been a lot of work to get ramped up on the organization and technology. Even worse, I have had to move to New Jersey (without a car) and have to deal with the time sink of NJ Transit. When things settle down, I promise to post more awesome stuff for you guys!

Monday, March 4, 2013

UPDATE: Next Gen Credentials

UPDATE: Recently, I posted some musings on fixing the issue of too many passwords, security and next gen credentials.

It turns out that there is another approach I was unaware of: Behavioral Biometrics. Here's the idea. The system will confirm that the user is who they say they are by the way that they type, not by their password. The concept of using behavioral biometrics for authentication is nothing new, but prior approaches use the typing style as a secondary credential in multi-factor authentication schemata. I.e. a user would both need to know a password AND type it properly.

Obviously, the two-factor scheme would be more secure and not solve the remembering-passwords issue. The biometric only scheme would solve that issue, but would it be more secure than password authentication?

Aside from the problem of false positives (granting access to an unauthorized user), the more likely issue would be false negatives. It isn't clear to me that everyone types in a way that could be consistently recognized all the time. Perhaps for trained stenographers, but what about non-touch typers? I don't touch type. Rather I hunt and peck rapidly and inconsistently. How would a system recognize my style? Perhaps the algorithms are sufficiently robust. Perhaps these systems will only be adopted in situations (such as the NSA) where security is prized above ease-of-use.

It makes me wonder, though how robust these approaches are. Could an attacker watch someone type and mimic their style? Probably, but an attacker who could do that could more easily discover the password by watching.

Identification by behavioral biometrics was pioneered by authorities in Big Brother Britain (which has installed around 4 million cameras to spy on its citizens). British authorities use gait recognition, a computer vision technique whereby software identifies users by their walking style.

Ironic that security firms are using these techniques to secure people's personal information whereas Britain is using them to invade privacy.

Friday, March 1, 2013

A Brief Primer: Hackers and Hacking

Hacking is a serious problem that should be taken more seriously. This primer should help the technological beginner understand many of the issues.

Note that there are two definitions of hacking:

  1. Informal engineering
  2. Software based attacks on computing resources, usually using network infrastructures
This article concerns definition #2

Script Kiddies at Play

Much hacking has been the domain the domain of so called script kiddies. These mischief makers often have minimal technical skills. Instead they use freely available tools to break into poorly administered websites. They are not terribly organized, malicious, or dangerous.

Hacking Inspired by the Godfather

Criminal organizations hack for profit. Often they steal financial data, send spam, or commit click fraud (automatically click ads into order to earn ad revenue). They use malware such as viruses, worms, and trojans to hijack consumer PCs. Once they gain control of a PC, these groups link the machine up to a botnet, a group of hijacked machines that coordinate. These botnets usually consiste of more easily hijacked windows machines, but are often led by higher-powered hijacked Linux machines. Another technique criminals use is phishing, deliberately misleading someone into giving away their user name and password. Usually, this is done by presenting the user with an email or webpage that appears to be from a reputable online bank, retailer, or service provider. When the user enters their password, the criminal stores it and exploits the user later. This technique can lead to illegal credit charges, bank transfers, and even identity theft. Sometimes the thieves use social engineering or active impersonation to deceive users (over the phone or in person). Estimates of the cost of these cyber-crimes range from the low billions to $1 trillion. The true cost is probably somewhere in between.

Hacking Inspired by MLK, Ghandi, and Mandela

Hacktivists constitute another category of hackers. These collectives view hacking as a form of non-violent social or political protest. Anonymous is by far the best organized, most famous, and most capable such collective. One of the most common techniques used by Anonymous and other hacktivist organizations is the distributed denial of service attack. This form of attack sends so many requests to a server, that the server cannot handle legitimate requests. Many hacktivists have argued that DDoS attacks are legal. Another common hacktivist strategy is to steal data or hijack a website in order to humiliate its target. One of the most dramatic hacktivist actions occurred on live television. Anonymous announced that it hacked the infamous Westboro Baptist Church while the organizations' representative debated live on air.

Hacking as Patriotism

Recently, there have been many controversial reports regarding state sponsored hacking. Although not 100% confirmed (approximately 99.99% confirmed), these hacking incidents are particularly scary for two reasons:

  1. Nation states have an order of magnitude more hacking resources
  2. Nation states may attack enemy's critical infrastructure

More on state sponsored hacking upcoming.