Robert Accettura's
Fun With Wordage

I didn’t even think about it until about 15 seconds after I pressed enter:

grep 'call_user_func_array' * > out.txt

Sigh.

I said a while back RFID credit cards still have to prove themselves. Today I saw this interesting story on CNet:

As part of his presentation Wednesday, Laurie asked for someone from the audience to volunteer a smart card. Without taking the card out of the volunteer’s wallet, Laurie both read and displayed its contents on the presentation screen–the person’s name, account number, and expiration clearly visible.

You can find a ton of information including code and the hardware necessary to duplicate this his website RFIDIOt.

Another real potential issue is companies using RFID for security badges. Considering how easy it is to read and duplicate, potentially anyone who can get close to someone walking into an office can capture the data necessary to produce their own ID card. In this case only matching the photo stored by the company on their computer system (not the one on the badge) to the person’s face is security. So for those offices who don’t have security staff doing this, anyone could theoretically get in.

The best security mechanisms are the most simple and discrete. Credit cards are naturally pretty secure if used correctly. Nobody can abuse a credit card unless they know the number. Nobody can read it through a wallet. The wallet in this case is a great security feature. To read it you need to either visually inspect it for the numbers, copy it, get an impression of it, or swipe it through a reader. All things that require intimate contact with the actual card. Impressive security for some old technology isn’t it?

I’ll stick with swiping a credit card for the foreseeable future. Your only not liable for a stolen credit card if you and your credit card company mutually agree it’s stolen or being misused. Otherwise you may be on your way to an expensive dispute. Regardless it may have hit your credit, and you’ll spend a lot of time sorting it out and getting it corrected. Bad credit costs you money. Some individuals make it sound like it’s just a phone call and your done, but people who have had their credit card stolen sometimes spend several months fighting to save their credit.

According to Wired the Boeing 787 Dreamliner connected the networks for passenger services to critical flight systems:

The computer network in the Dreamliner’s passenger compartment, designed to give passengers in-flight internet access, is connected to the plane’s control, navigation and communication systems, an FAA report reveals.

Here’s what a Boeing spokesperson had to say:

…it is employing a combination of solutions that involves some physical separation of the networks, known as “air gaps,” and software firewalls. Gunter also mentioned other technical solutions, which she said are proprietary and didn’t want to discuss in public.

Would it really be that much more costly to create 2 networks. One for the important stuff like navigation and control systems, and another completely independent network for passengers to download porn? Networking gear isn’t that expensive. Internet access at 35,000 feet is high latency anyway.

I’m really not so sure I’d feel comfortable knowing that the same network that’s carrying a Rob Schneider movie to the guy in 11F is also carrying packets intended for the horizontal stabilizer.

Maybe I’m just paranoid. After all, I’m not to comfortable with the Airbus A380 apparently running windows in the cockpit.

Hopefully they get it all figured out quickly.

Back in March I mentioned that Microsoft is trying to standardize it’s HD Photo format as the official successor to the ever so popular JPEG format. Well it’s now looking to become JPEG XR.

Suprisingly it’s still not listed on Microsoft’s Open Specification Promise where Microsoft lists things it won’t sue over. Hopefully they will update that soon. My understanding from what I’ve read is that’s the intent.

It’s a pretty interesting thing going on. Video on the web has improved by leaps and bounds over the years from a tiny grainy video object that took a decade to load, to instantly loading and still improving quality Flash / Windows Media / QuickTime. Photos on the other hand have been using JPEG for pretty much a decade. Most photography buffs don’t seem to fond of JPEG because it can degrade picture quality, but still love services like Flickr.

Will JPEG XR spark a photo revolution by allowing better quality?

Logo © 2007 Google Inc.

I guess it would be safe to say that’s hinting at global warming. This is somewhat of a departure from previous years which are available after the jump. Interestingly I can’t find anything for last year (2006). Not sure if they just didn’t archive it or if they skipped earth day last year.

What makes this interesting is the more bold logo comes after Yahoo announces it’s going green.

This makes me wonder how environmental concerns will impact IT and the web in the coming months/years. It seems it’s becoming more and more important. Something tells me a majority of the change will be purchasing carbon credits. I’m not so sure the tech for going green is moving as fast as social consciousness.

(more…)

Yahoo is going carbon neutral. I’m curious how much is offset, and how much is reduction. Yahoo has a fairly large infrastructure. I wonder if they are using alternative power sources, or if they are going to plant a million trees. They do mention:

These projects could include a wind farm in India or a small-scale run of the river hydroelectric project in Brazil. We’re also looking to invest in emerging clean technologies.

Interesting. I wonder if we will see things like carbon neutral VoIP, carbon neutral bandwidth, carbon neutral data centers / colocation / hosting?

The Chase Freedom credit card isn’t bad (1% cash back, 3% on certain items). There is an unadvertised downside. While Chase doesn’t promote it very well, the card contains a tiny RFID chip. This allows you to pay for something using a contact-less terminal (no swiping). Just put your card near the reader and it registers. Is it really any quicker than swiping? Who knows, but likely not by much.

It looks like a regular credit card, same thickness, size, and shape. Just a tiny emblem exists on the upper right hand side to distinguish the onboard cargo. You can see it in the image above. A larger version of it is below:

For those wondering, the actual RFID chip seems to be on the left side, opposite the Blink logo.

Chase brands the technology Blink, American Express calls it ExpressPay, MasterCard calls it PayPass. They are all pretty much the same thing.

RFID doesn’t have a great reputation right now. There are some privacy and security concerns, such as an unauthorized party reading your credit card without you knowing. Think this is a tin-foil-hat mentality? It’s been done already. I haven’t found anything online to indicate criminal exploitation yet, but it’s possible and will happen.

Chase doesn’t advertise this, but if you contact them by phone or email, they will send you a replacement card, without the “Blink” capability. The actual plastic card is their “Rewards Visa” though the paper it’s attached to clearly says “Chase Freedom”. It’s just plastic, the credit plan is in the account not the card. So there you have it, you can get a secure credit card if your concerned about security.

Chase claims “Blink” it’s very secure, but I’m still not personally comfortable with the technology. According to their FAQ (in PDF format):

10. Are blink purchases secure?

Yes. As always, you are 100% protected against any unauthorized purchases. These transactions are safe because they are protected by an additional level of encrypted security. You must deliberately use the Chase card with blink at the point-of-sale to make a transaction. The Chase card with blink needs to be within an inch of the special reader and correctly oriented to be read. In addition, blink transactions use specific data that is protected by the highest level of security.

Judging from the speed in which it can be swiped (as demonstrated on the Chase blink website) one could technically walk by with a bag containing a reader and just brush by the victim to read the card in their pants pocket, sit next to you on the bus/train, etc. Easier than pickpocketing since no actual contact needed (such as digging a hand into someone’s pocket).

We already know they can clone RFID passports. What stops someone from reproducing the credit card, then using it? With regular cards, my wallet is an effective firewall. No way to read the magnetic strip or copy the numbers off of it without the actual card visible. And if my card is missing, I know I have a problem. I always keep it in my wallet so nobody can just look at it. This is a pretty secure way to handle a credit card. With this potential crime, I wouldn’t even know right away, and by the time I do realize I wouldn’t have any idea when/where it was compromised. It could potentially be months between the theft and usage of stolen data.

I’d like to see this tech a little more proven in the “real world” before I jump on board. For now it’s just good to know you don’t have to live with it, you can get a non-RFID card. I didn’t find this advertised anywhere on the Chase website. I guess they realized us tin-foil-hat people would ask for a blink-free card, so they made sure to have an alternative. I must give them credit for that (no pun intended).

Just call/email Chase and ask for a non-blink version of the card. They told me 5-7 days for delivery. No hassle. I was very pleased how painlessly they made it. It arrived in about 5 days.

Steve Rubel has the goods on the opening of the Second Unofficial Apple Store in Second Life. Freaky how real it looks. A lot of detail is really there. It recreates the Apple Stores from First Life .

I still question Second Life… Where are the ugly people? Where are the obese that dominate first life? Why do I have to see overweight people in belly shirts walking around in the summer while in Second Life this problem isn’t there? Serious false advertising for real life. No wonder people get addicted.

But I digress… new Apple Store!!!

One of the hardest things to program is the Date and Time. This is especially true when your doing it on the web. Why is that? Using a unix timestamp is immensely helpful and resolves many of the complexities, but it does have some issues (besides the Y2K38 bug). Well lets take a look at some of the “typical” things you need to be aware of:

• Your server is in one timezone, your users are in 23 others.
  Users don’t care what the time is at the site. They want things in their time.
• Does your server even know your users timezone?
  You could do this with JavaScript, and send it to the server, but that’s a mess. Or send a timestamp to the client, and let JavaScript print it out. But that’s still messy.
• Timezones aren’t obvious (think Indiana).
  Did you know some even use :30 such as UTC-3:30 for Newfoundland Standard Time.
• Looking back in time (or forwards) is difficult (how many hours between X and Y accounting for leap years, and DST changes)?
  This is a mess, enough said. And just in case you have a formula, did you account for the conversion between Julian and Gregorian calendars? Don’t forget not everyone switched in 15 October 1582 / 4 October 1582. Going forward remember we’ll eventually have another leap day, since the Gregorian calendar isn’t perfect.
• Your server observes DST. Does your user? When?
  Get the picture? Remember most states do, except for Hawaii (yea, that’s another Timezone) but Arizona doesn’t either, except for Navajo Nation. Again Indiana!
• The Politics of Time…
  If you call UTC+2 Israel Standard Time, you upset visitors from Muslim nations like Egypt. Call it Central Africa Time, or Egypt Standard Time and your considered anti-semitic. Same goes for UTC+8, is it Chinese Standard Time or Hong Kong Time? Most avoid this by just listing UTC±N. Unfortunately this confuses people, especially Americans who only refer to timezones as “Eastern” (UTC-5), “Central” (UTC-6), “Mountain” (UTC-7) “Pacific” (UTC-8). Note these American names aren’t so common in all of North/South America.
• Daylight Savings Time for 2007+
  Then you have a bunch of clowns who voted for the Energy Policy Act of 2005, creating the Y2K7 bug. The idea was an extra hour of daylight in the evening would reduce electrical use. What they didn’t realize is that it cuts daylight from the morning. My guess would be a follow up bill may fine the sun for failing to provide adequate light, and eventually include economic sanctions.

I thought a while back this could suck. Think about all the time/money that goes into updating and testing systems for these few extra weeks of DST. What a drag.

Swatch Internet Time was an obvious bust, but perhaps we could all just use UTC?

An interesting video of the new costumes Disney has come up with. No longer are the heads as animated as a Pez dispensers. Now the eyes and mouth move. Not only do they move, but they are in sync with the music. It’s amazing how well it’s done.

[Via: Boing Boing]