Benlog

A friend of mine mentioned that he saw an ad when he googled for my name. Further investigation into Google AdWords shows that Adidas, the footwear company, has actually purchased “ben adida” as a search term with Google. Which means that if I want to advertise under my own name, I’d have to pay 8 cents a click to be above the sneaker, not the usual 5 cents per click.

Now, the funny thing is that people regularly ask if I’m related to Adidas, the shoe company. I’m not. But now Google is selling my name to them? Some people might claim I deserve a cut!

I guess the real question is: who are these people out there who search for my name but then get distracted and decide to buy a pair of sneakers?

Garden State is one of the best movies I’ve ever seen. A fantastic story, top-notch acting, and an incredible feeling that Zach Braff is going to be huge, if he isn’t already.

Barely recovered from vacation, Greg points me to two nuggets.

First, a fantastic and eloquent op/ed in yesterday’s New York Times written by the Boss himself, Bruce Springsteen:

Our American government has strayed too far from American values. It is time to move forward. The country we carry in our hearts is waiting.

Second, a JuliusBlog post that exposes a detailed timeline of terror warnings and how they relate to political events unhelpful to Bush. In a world where talking points take center stage, it’s a bit refreshing to look at some raw data. You can draw your own conclusions.

CNET reports that voters are not worried about voting machines, but experts are.

Some people are using this observation as an excuse to dismiss the worries of security experts. To paraphrase Avi Rubin, it makes about as much sense to ask voters what they think of election machine security as it does to ask patients what they think of various artery graft options in heart bypass surgery. If you want an expert opinion, ask the doctor, not the patient.

However, that’s not to say CNET’s report is useless. The voter’s perception, like the patient’s, is tremendously important. A democratic election can only succeed if it is actually secure and if it is perceived to be secure. The question to ask is: why have the experts been unable to communicate their worries to voters?

I don’t have a satisfying answer to that question. Surely, part of the problem is that security experts are sometimes not very good at marketing their ideas. Another part is that certain vendors are spending much time and money convincing people that their machines are secure and no further discussion is required. Yet another part is that the security issue has become entangled with the voter disenfranchisement issue, because the new, worrisome machines also happen to be the machines that, for the first time, provide people with disabilities the ability to vote on their own.

All of these issues can be resolved in time. One issue, however, will probably always haunt the election problem: people don’t understand security. It’s part of the reason why auto insurance is legally mandated. If it weren’t, many people simply wouldn’t get it because the risk/protection tradeoff is not a natural connection to them.

Whatever opinion one holds about voting machine security, let’s remember one thing: voter opinion on voting security matters as an indicator of how well experts are doing their job, not as another input into the security debate.

The Guardian makes a solid point about France (Salon syndication of the story, I can’t seem to find it at the Guardian’s site): the French principle of integration through denial of cultural/racial differences is a catastrophe.

I’ve always been impressed with the level of cultural and racial integration in the US. America sees variety as a strength to cultivate, where France sees it as an anomaly to rectify. Sure, the American approach to integration isn’t perfect nor accepted by all. Yet its results seem vastly superior.

Apple is angry at Real over their upcoming Harmony service. Real “hacked” the iPod, according to Apple.

So, is Real breaking Apple’s protection on music sold via Apple’s iTunes? Are they allowing you to share your Apple tunes farther than Apple’s license permits? Are they allowing you to file-share your Apple tunes, Kazaa-style? No, No, and No. Real doesn’t let you do anything with your Apple music that you couldn’t do before.

Real is simply translating their digital rights scheme to make it iPod-compatible. So, if you buy a song on the Real store, you can play it on the iPod.

Who thinks there’s anything wrong with that? Real wants you to buy whatever portable player you like and retain the ability to play their songs. Other songs, bought on other services, can still be played in the same way. The iPod becomes even more versatile and useful. And since the money-maker for Apple is the iPod and not the Apple Music Store, Apple wins, too!

I’m a huge Apple fan, but on this one I couldn’t disagree more with their lawsuit threats and BS PR. I paid $400 for my iPod, and if someone comes up with an add-on that makes my iPod more useful, that’s none of Apple’s business. It’s time we stopped granting so much control to companies that deal in copyright-related products. It’s *my* iPod, dammit.

UPDATE: beating me by a solid 6 minutes, Ed Felten has a similar and interesting post.

Dan O’Dowd, the CEO of Green Hills Software believes that Linux is insecure. I won’t try to respond to all of his claims, but there is, at least one point that demands a correction:

Many of the objections to my assertion that Linux is not suitable for defense systems are based on the truly bizarre misconception that secrecy reduces security. If secrecy isn’t important to security, then why does Linus Torvalds keep the means of accessing the core Linux development tree a secret from all but a few people? Because if he published the details of his defenses, some jerk would break in and screw up the Linux development effort.

[…]

“Security through obscurity” is a derisive slogan invented by the open source community to describe the practice of hiding the source code of sloppy software to prevent attackers from finding the vulnerabilities.

Mr. O’Dowd is thoroughly confused.

The term “secrecy,” as used by open-source and security experts, means preventing others from reading the source code. In fact, that’s why the expression “security through obscurity” uses the word “obscurity:” darkness, or the inability to see. On the other hand, Linus keeping “the means of accessing the core Linux development tree” to himself is an example of write access control. Open-source software allows everyone to see the software, but certainly not everyone can modify a particular source tree.

Surely, Mr. O’Dowd knows the difference between reading and writing.

Then there’s this issue of “security through obscurity.” Contrary to Mr. O’Dowd’s claim, this slogan significantly predates the open-source community. By more than 100 years, in fact.

Cryptographers like to refer to Kerckhoff’s Law which dates back to 1883 and states that a system should be secure even if everything about it — except the relatively short cryptographic key — is publicly known. Claude Shannon restated it more than 50 years ago as “the enemy knows the system.” When the National Institute of Standards and Technology decided to select a new American Encryption Standard, they held a world-wide open review for 2 years. This is no fad.

Let’s be fair: Mr O’Dowd’s software is delivered to clients with source code. His software might very well be excellent. Once you’ve paid the licensing fee, you can even verify this claim on your own, assuming you have the resources and time to do so. So Green Hills Software may very well make fantastic software.

What they’re surely not good at, however, is providing an honest, educated critique of another system’s security.

There is an ongoing genocide in Sudan. Passion of the Present is your source for all information and all actions you can take. It’s non-partisan. Wherever you stand on the political spectrum, this is worth a few minutes of your time.

When Bush and co. were pushing for war in Iraq, France led the opposition at the UN. I was and remain unhappy with France’s opposition because I believe it was just as poorly motivated as Bush’s war stance: it stemmed from France’s lucrative oil contracts with Saddam Hussein’s government and significant Iraqi debt towards France which the US is now asking France to forgive.

But there’s another issue which Clinton addresses in a recent interview with Le Monde (ignore the out-of-context and misleading title of the article).

Opposition to a premature war is one thing, but France and Germany went beyond that stance: they were effectively opposed to war against Iraq in all cases, no matter what the UN inspectors might discover. This meant the UN would never believably threaten war. Yet threatening war is usually more important than actually fighting war.

So the French were just as guilty as the US of refusing to judge the situation objectively, based on the inspectors’ report. In prematurely closing the door to an objective UN assessment with all possibilities on the table, the French handed American neocons a freebie. If the UN refused to help regardless of the situation on the ground, what would have been the point of involving them in the first place?

That’s not to say the French are to blame for Bush’s irresponsible war in Iraq. But maybe a more objective stance from France might have tempered the neocon extreme.

Sometimes, one extreme helps another. The outcome isn’t pretty.

Dave Barry on passwords (registration required):

We employees are required to keep changing our passwords until, in a triumph of corporate security, we cannot remember them even with the aid of Sodium Pentothal.

Password management is becoming insane. My bank just recently forced me to change my password after just a few months. Their system prevents you from selecting any password you’ve ever used with them before. On one hand, I’m impressed by the effort they put into their security system. On the other, I can’t help but admit that I’m nearing that stage where I simply can’t remember all of my passwords.

What to do? Use a password manager like Bruce Schneier? Hope something better than passwords will finally become real? We are, without a doubt, nearing a significant security/usability crisis.