## Wrong Problem, Again

October 31, 2009

Yesterday’s Washington Post has a story about the leak of a confidential report from the House of Representatives Ethics Committee:

House ethics investigators have been scrutinizing the activities of more than 30 lawmakers and several aides in inquiries about issues including defense lobbying and corporate influence peddling, according to a confidential House ethics committee report prepared in July.

While the main focus of the story is the contents of the report, obtained by the Post, and the fodder for Washington gossip that it provides. I was interested to read that the report was disclosed because a committee staff member made it available on a peer-to-peer [P2P] file sharing network, apparently unintentionally:

The committee’s review of investigations became available on file-sharing networks because of a junior staff member’s use of the software while working from home.

There are, of course, the obligatory declarations that this was a violation of policy, that the matter is being investigated (doubtless Inspector Clouseau is on the case), and — amazingly — that no real security breach occurred:

The committee “is taking all appropriate steps to deal with this issue,” they said, noting that neither the committee nor the House’s information systems were breached in any way.

This is a most interesting concept.  It is akin to saying that burglars got into your house and stole everything that was not nailed down, but there was no breach of security since the front door lock was still intact.

Back in early August, I wrote about a significant leakage of sensitive government information onto P2P networks.   At the time, it was reported that Rep Edolphus Towns (D-NY) was planning to introduce legislation prohibiting the installation of P2P software on government networks.  As I said then, this misses the point:

In some cases, it appears that the software was installed without authorization by some of the network users.  Why are these systems and networks configured to allow ordinary users to install software?  This is just lunacy.

As I’ve observed in several other contexts here, it is not reasonable to set up a security regime that depends on ordinary users being competent systems and security administrators.   They are not, and there is no prospect that they will gain that skill — nor should that be expected.   If a system is going to be used to process sensitive information, it needs to be designed to be secure from the start.  The software installed should be limited to what is required to do the job, and any additions or changes should be vetted before they are made.   Allowing users to install anything that strikes their fancy, or allowing them to export sensitive data to external, uncontrolled environments, is insanity, not to mention incompetence.

## Rechargeable Zinc-Air Batteries

October 31, 2009

Electricity has a lot of attractions as a power source.  It can be generated in a wide variety of ways, including “green” methods like hydropower, solar power, and wind.  One of the sticking points with electric power, though, has always been how to store it.  The storage technology has come a long way, both with improved batteries and other devices, like ultra-capacitors.  Yet anyone who routinely lugs around a laptop computer, cellphone, and other electronic gadgets knows that lighter, smaller energy storage devices would be welcome.

Back in June, I wrote a note about new developments in lithium-air battery technology, in which I mentioned the use of disposable zinc-air batteries for devices like hearing aids.  Now Technology Review is reporting that a Swiss company, ReVolt Technology, is developing rechargeable zinc-air batteries.  Its first products will be small “button” batteries, similar in size and capacity to the disposable zinc-air batteries now on the market, but it has bigger plans:

A Swiss company says it has developed rechargeable zinc-air batteries that can store three times the energy of lithium-ion batteries, by volume, while costing only half as much. ReVolt, of Staefa, Switzerland, plans to sell small “button cell” batteries for hearing aids starting next year and to incorporate its technology into ever larger batteries, introducing cell-phone and electric bicycle batteries in the next few years.

As with lithium-air batteries, the advantage of using air as one of the reactants is that it need not be stored within the battery itself, since it can be readily obtained from the environment (at least for terrestrial applications).  This leads to higher energy density: more power per unit of weight.  Compared to lithium-based batteries, zinc-air chemistry is attractive because there is much less risk of overheating and fire.  The problem to date has always been that it was not possible to get more than a few charge / discharge cycles from a zinc-air battery, because of degradation of the electrodes.

The company  claims that, by using a modified catalyst together with gelling and binding agents, it has produced prototype cells that last more than 100 charge / discharge cycles, and hopes to increase that to 300-500 cycles, which might make these zinc-air cells very competitive for cell phones, for example.  The company is also working on a new battery design for use in electric vehicles, but it will be a few years before these are ready for real-world trials.

## Mozilla Releases Firefox 3.5.4

October 30, 2009

The Mozilla organization has released a new version, 3.5.4, of the Firefox Web browser.  This release fixes eleven security issues, six of them rated Critical.  It also incorporates other miscellaneous bug fixes and stability improvements.  It is available via the built-in update mechanism (main menu: Help / Check for Updates); alternatively, versions for all platforms — Mac OS-X, Windows, and Linux — are available in 70+ languages from the download page.  There’s more information in the Release Notes.

##### Update Friday, October 30, 23:59

If you are still using an older 3.0.x version of Firefox, there is a new version 3.0.15 which incorporates the security updates.  More information is in the Release Notes for Firefox 3.0; versions for different platforms and languages at the download page.    Firefox 3.0.x will continue to receive security updates only until January  2010; I suggest you plan to upgrade to the 3.5.x version as soon as it’s convenient to do so.

## Einstein Ahead in a Tie

October 30, 2009

The two great achievements of twentieth-century physics are Einstein’s theory of General Relativity, which describes the space-time fabric of te universe; and the theory of quantum mechanics, which describes the decidedly strange world of sub-atomic particles.  (The Nobel Prize winner Richard Feynman once wrote, in his book The Character of Physical Law, “I think I safely say that nobody understands quantum mechanics.”, referring to its completely unintuitive nature.)

One of the basic principles of relativity is that the speed of light is a constant: it is the same for all wavelengths of light, and for all observers.  But some theories of quantum gravity have posited that space-time is “grainy” at very small length scales (on the order of the Planck length, 1.6×10-35 meters).   This in turn would imply that light of shorter wavelengths (equivalent to higher energy) would be slowed down compared to radiation of longer wavelengths.  (This is somewhat analogous to the observation that larger diameter wheels travel more easily over rough surfaces.)  The effect, however, would be very small, and therefore difficult to observe.

Now the New York Times is reporting that scientists working with the Fermi Gamma Ray Telescope have been able to track a burst of gamma rays, of differing energies and wavelengths, given off by an exploding star 7.3 billion light-years away, about half the width of the known universe..  The photons in the bursts had energy levels ranging from 10,000 electron volts (eV) to 32 giga-eV, roughly a million to one ratio.  They all arrived within a 0.9 second interval; that implies that, if the quantum graininess exists, it must not manifest itself at any distance larger than the Planck length.  (There are also articles on this in the New Scientist and Ars Technica.)

This is not a conclusive result, one way or the other.  But it is somewhat exciting, because it provides some of the first true experimental evidence that bears on the theoretical question, at the threshold of the scale at which the quantum effect, if it exists, should become detectable.  And better evidence may be forthcoming: the same issue of Nature that contains the letter reporting the Fermi result also reports the discovery of a new, even older gamma-ray source, from a time when the universe was only about 630 million years old.

## Happy Integral Day

October 29, 2009

At St. Bonaventure University in southwestern New York state, today is Integral Day.  It commemorates the invention and first use of the familiar integral sign, ∫, in a note written by Gottfried Leibniz on this date in 1675.  Leibniz was, with Sir Isaac Newton, a co-discoverer of the calculus.  Leibniz, who was elected a Fellow of the Royal Society, was something of a self-taught polymath:

﻿Leibniz was a German mathematician and philosopher who readily crossed the lines between academic disciplines. He had a doctorate in law, served as secretary of the Nuremberg alchemical society and fancied himself a poet.

There was for many years a disputation between Newton (and his English supporters) and Leibniz (and his continental supporters) over who had come up with the basic concepts of the calculus first.

﻿Continental and English mathematicians would spend decades arguing over who invented the calculus, but it seems yet another example of simultaneous discovery. The two scientists were of the same era, associated in the same circles, read the work of the same precursors, and shared some of their own ideas. It should amaze no one that they came to the same results in slightly different mathematical language at nearly the same time.

What is not in dispute is  that Leibniz made significant contributions of his own.  He did fundamental work in differential equations, and invented the method of separation of variables.  And his notation for the calculus, not Newton’s, is what we almost always use today.  Say we have a function y = f(x).   Leibniz’s notation for the first derivative is:

$f'(x)= \frac{dy}{dx}$

whereas Newton’s notation for what he called “fluxions” just placed a dot over the variable:

$f'(x)= \dot{y}$

Those who teach or have taught introductory physics courses sometimes like Newton’s notation, particularly for use on a black- or white-board, since one can integrate just by erasing the dots.

## Ubuntu Linux 9.10 Released

October 29, 2009

This morning, the Ubuntu project released version 9.10 of the popular Linux distribution.  Information and download links are available at the Ubuntu web site.  (If you are downloading a CD image, please be a considerate ‘net neighbor and use a mirror in  your geographic region, or use BitTorrent.)  Besides the desktop version, which will be of interest to most users (and perhaps should be called the desktop/notebook version), there are versions for servers and for netbooks.  The standard desktop version is a bootable “Live CD”, so you can have a look at Ubuntu without making any changes to your existing system.

The main Ubuntu distribution uses the GNOME desktop interface, but there are alternative versions available:

• Kubuntu uses the KDE desktop manager instead of the GNOME manager used in standard Ubuntu.
• Xubuntu uses the Xfce desktop, which requires significantly fewer hardware resources than either GNOME or KDE, making it a potentially attractive option for older PCs

There is also an Edubuntu variant designed especially for educational use.  All of these variants use the same core operating system, and packages from the different versions can be inter-mixed.  (More information is available in the community documentation)

## Opening the Vote

October 28, 2009

Maybe there’s something in the air.  After the recent news that Microsoft is going to publish the documentation of the PST file format used by Outlook, there is now an article in Wired reporting that Sequoia Voting Systems will publish the source code for their new optical-scan voting system.   This is, in its own way, as noteworthy as the announcements of Microsoft’s new openness; Sequoia historically has fought tooth and nail to keep its source code and other details of its systems secret.  (Prof. Andrew Appel, of Princeton University, has commentary on the Center for Information Technology Policy’s [CITP] “Freedom to Tinker” blog on various aspects of the Gusciora v. Corzine trial in New Jersey, which turned on the accuracy of one of Sequoia’s earlier products.)  They have threatened to sue researchers if they revealed any of the company’s “proprietary information”, even when the examination was ordered by the court:

The company has long had a reputation for vigorously fighting any efforts by academics, voting activists and others to examine the source code in its proprietary systems, and even threatened to sue Princeton University computer scientists if they disclosed anything learned from a court-ordered review of its software.

There is some speculation that the forthcoming release of the code for the new device was prompted by the recent news that the first release of an open-source voting system had been made by the Open Source Digital Voting Foundation.  The company says the timing of the two events is a coincidence:

Sequoia spokeswoman Michelle Shafer says the timing of its release is unrelated to the foundation’s announcement.

Regardless of the timing, this has to be regarded as good news.  Prof. Ed Felten, Director of the CITP, said as much:

Princeton University computer scientist Ed Felten, one of the targets of Sequoia’s legal threats, said he was pleasantly surprised to see the company opening its new system to examination after vehemently resisting it in the past.

“I think Sequoia is recognizing that it won’t do anymore to just urge people to trust them,” Felten said, “and that people want to know that the code that controls these machines is open and that experts have had a full chance to look at it.”

This is really an important step forward.  Trusting voting machines that use secret software, never seen by anyone but the vendor, is hardly a way to build confidence in the election process.  I doubt whether most people would think it reasonable to have all the paper ballots from an election counted in secret by an unidentified cabal of vote counters.  Yet, in a way, the situation with secret voting machine code is even worse. A normally intelligent person can probably understand the security requirements of paper ballots without too much difficulty: you can only put one ballot in the box, you can’t take any out, and each ballot only counts once.  The average election judge is probably more or less clueless about what is important for E-voting security.

As in the case of cryptography, getting security right is hard.  The best method we know is to publish the details of the “mechanism”, so that they can be inspected by many eyes.

##### Update, Thursday, October 29, 11:13

Prof.  Ed Felten now has a post up on this announcement at the “Freedom to Tinker” blog.