Repetition blinds us to just how odd certain rituals of tradition are. Like how it seems perfectly normal that every December we chop down millions of small trees, decorate them with electric lights and glass balls, and display them prominently in our homes.
Tradition
18 Dec 2008 11:25 by Rick
Apple cancels Christmas
17 Dec 2008 11:39 by Rick
Verified by Visa
15 Dec 2008 12:05 by Rick
Another attempt at improving the security of online transactions is Verified by Visa (and a very similar system called Mastercard SecureCode). The system is that a password independent of anything written on the card and with much more variability (10-15 characters) is verified with the bank first and then used for transactions. Not all banks nor all retailers are signed up yet but it looks to be a good system, albeit with only one of the factors of authentication in use (Something-you-know). A clever part is the echoing back of a phrase decided by you (“Personal Message”) in advance to give you confidence that it is a genuine transactions (so beware of any Verified-by-Visa popups that don’t contain this phrase).
However the implementation on the ground has not been good. Very little advance information has been sent out to customers and often the first thing they discover is a retailer that is using it, sometimes with no option. You do get an invitation to sign up there and then (called Activation During Shopping) but this is exactly the situation we have all been warned against—an unknown web address (not even the retailer one) asking for personal details and passwords. I recommend that if you come across this, pause the transaction and go to a different window and sign up directly via your known bank web site.
Now when will The Cooperative Bank join in? Ah, they are, slowly, it just doesn’t say so on the Visa site. They have decided not to use Activation During Shopping so they get a gold star from me for having a clue. I will take half of it back though, as they are using a “memorable name” rather than a real password, nor do they seem to be using the echoed personal message. Is this really one system or are people making it up as they go along?
Cardholder Not Present
5 Dec 2008 10:51 by Rick
The key requirements when approving a transaction are authentication, proving that you are the person you say you are, and authority, that you are allowed to perform the transaction. With a typical credit card transaction, these two go together as the authentication shows that you are the owner of the account who automatically has full authority. There is scope to break that link, but that would need to be another article.
The mantra in the security industry regarding authentication is
- Something you have—such as a card.
- Something you know—such as a PIN or password.
- Something you are—much harder and relies on such things as biometrics.
When you go into a shop, you take the card out of your wallet immediately satisfying point one. Presented with a keypad, you type in your PIN satisfying point two. If the card had a photograph then it would (very weakly) satify point three as well, just as the signature used to do before Chip-and-PIN.
Cardholder Not Present transactions have always been weak. These are those done on the phone, by post or over the internet. Point one becomes subverted because there is no way to tell that you actually have the card, you could just have a photo-copy or a note of the number. If point three was ever covered then that is lost as well. So the authentication is reduced just to what you know—the card number. They have tried to improve this recently by adding three extra digits to the back of the card. The theory was that this number was not embossed nor recorded in shop transactions so was less likely to be compromised. In practice it is still visible to anyone who handles the card (which is why I obliterate mine) and an increasing number of face-to-face transactions are asking to know and record the number. Hotel receptionists, for example, who want to be able to process a transaction if you do a runner.
There are a number of initiatives to improve the position, mostly by providing the customer with some sort of device to generate a sequence of one-time passwords which are predictable by the bank but not anyone else. Each device is unique and keyed to your account. This has taken a significant step forward and now it is possible to build such a device directly into the card; a great achievement as the card still has to be capable of passing through an ATM machine and shop chip readers. What this provides is two major improvements: firstly it restores the requirement “Something you have” because you have to have the card to use it and it is locked to your account so there is no using one device with another card number. Secondly, it requires the “secret” number to be entered into the device itself not the online/telephone transaction so there is no risk of it leaking; and this number is now the truly secret PIN not the number printed on the back of the card.
This will surely annoy hotel managers though.
Anyone for Tennis
4 Dec 2008 14:59 by Rick
A colleague was thinking of joining Henleaze Lawn Tennis Club but is not so sure after reading about some of their activities.
Since 1994 we have welcomed members of the Mouilleron Tennis Club on three occasions and visited Mouilleron twice. Mouilleron-le-captif is situated in the Vendée near Roche-sur-Yon not far from the coast.
The visits have been over a long weekend and on both sides we have enjoyed playing tennis, wining and dining and exploring each others regions.
I now need to rescue D & N from ROTFL.
Latency for the Layman
3 Dec 2008 14:19 by Rick
This excellent article by Gustavo Duarte explains what is going on when you are waiting for your computer to do something. If the language is a bit technical for you, a summary is:—
Consider your super-fast computer and compare that with finding information by hand. Getting data from the CPU cache memory is like picking up a paper from your desk—perhaps 3 seconds. Getting it from the second level cache is equivalent to a well indexed book near your desk—say 14 seconds. Getting it from main memory is a four minute stroll down the corridor to the stationary cupboard. Now, wait for it, fetching it from the hard drive is equivalent to sending Stanley to find Dr. Livingstone—One year and three months. If it’s on the internet then you may as well wait for NASA to launch the next Mars Probe and hope it comes back.
Analogue vs. Analogue
27 Nov 2008 12:30 by Rick
It looked like there was an interesting article in The Economist a short while ago. In their Science and Technology department the (unnamed) correspondent asks Which is better: analogue or digital?. It is full of good technical stuff like hysteresis and second harmonic distortion. Unfortunately it is apparent in the first paragraph that he has no idea what he is talking about.
…do audio amplifiers and microphones with old-fashioned thermionic valves (“vacuum tubes” to Americans) inherently produce a sound more natural and satisfying than those with transistors and other solid-state devices?
This is not Analogue vs. Digital but Valve vs. Transistor, a completely different and unrelated beast.
How great Thou art
25 Nov 2008 19:40 by Rick
When Christ shall come with shout of acclamation
and take me home – what joy shall fill my heart!
Then shall I bow in humble adoration
and there proclaim, my God, how great Thou art!
Stuart Wesley Keene Hine
For John.
Flags up
24 Nov 2008 23:17 by Rick
I don’t know why but flag poles flying Union Jacks* seem to have become popular in BS6. Two have appeared in recent months, one in Cotham Grove and one in Redland Road opposite Fernbank. I haven’t observed them enough to see if they are following proper flag etiquette. Up at the company we had a new man unexpectedly made responsible for the three new flag poles outside the executive block and he had no training. So I gave him a copy of some basic rules I found. These things need to be done properly else you will offend someone! Particularly with visitors from the far and middle east.
* Apparently it is now ok to call it a Jack. Union Flag is seen as pedantic.
Bread Machine Economics
23 Nov 2008 20:40 by Rick
Having now run the machine for a while we are getting some idea of the benefits. I made three loaves this weekend—we now eat a lot of bread.
A large wholemeal loaf from our baker costs £1.45. It is nominally a 800g loaf but weighs 780g when purchased. From the supermarket they are £1.11. This is decent bread, not packet cotton-wool.
To make one in the machine using stock (supermarket) flour costs 50p for a large loaf. It is a different shape, but I checked and it weighs 800g after baking. If I were to use organic stone-ground flour from the beanie shop then it would cost 93p. Fancy flours like spelt and rye put up the cost, and white loaves are cheaper.
So it is very good value. The cost is almost entirely the flour; the only other ingredients are 25g margarine, 2tsp sugar, 1.5tsp salt, 1.25tsp dried yeast and the power (0.43Kwh); together they account for about 12p. And there is zero wastage which is better even than hand made home baked bread. Everything that goes into the pot comes out in the loaf and is eaten—no floury hands, bowls or kneading boards.
The bread keeps well and tastes good, not only straight after baking but on to the next days as well. Now that we are confident, I will try experimenting with the ingredients. I want to see what lowering the salt, sugar and fat does to the results as that would make it even healthier. The only complaint we have is that our (Panasonic) machine has a very quiet “done” beeper, especially considering how much noise it makes while running, so we have to keep an eye on the time.
Webmaster