Sunday, August 21, 2005

Cops in Kirkuk

This CNN article talks about a show running in Kirkuk, which is basically an Iraqi vers ion of "COPS". The show runs segments of local police officers in action, and is followed by a community call-in segment where callers get to offer praise or voice gripes.

This seems like an excellent way to introduce media transparency to a nation with almost no concept of the subject. The material is local news, so people can check the facts through the rumor mill, and the call-in portion gives direct feedback to the chain of command. Hopefully this will introduce Iraq to the idea of a free press (before their press gets bought out by some American media giant).

Ow

I'm sitting in bed with an ice pack on my knee as I type this -- the results of our first playoff victory. We finished up our regular season of ice hockey last week, and the better of my two teams made it in to the playoffs. Not a huge accomplishment in itself -- 8 of the 10 teams in our division made it in -- but we were ranked 2nd headed in, so we were expecting to have a relatively easy win.

Apparently the other team was not filled in on the plan.

They were skating in playoff mode from the first puck drop, and it took us a little time to get warmed up and realize if we didn't play a good game we'd be in trouble. In the middle of the first period Andrew sent a nice slapshot into the net; unfortunately my knee was in the way at the time. The unpadded, back of my knee. I immediately went back to the bench for a shift change to wait for the pain to subside and the adrenaline to kick in. After that I was good until around third period.

We had a scary moment when Alan, our leading scorer, got taken out by the goalie, did several spins in the air, and hit the ice holding his knee. He stayed down for a couple minutes, but eventually got up and limped back to the bench. He ended up skating the rest of the game, but at a reduced level. Hopefully he's feeling better for our next game tomorrow night.

Hopefully I'm feeling better, too...

We won the game 4-2, but it was a lot closer than it should have been, considering that we beat the same team 8-2 in the regular season.

Thursday, August 04, 2005

Fuel Cell Bike

Apparently a new Fuel Cell Motorcycle is going to arrive in the U.S. soon. It's fairly expensive considering its performance (top speed ~50mph), especially since early adopters would have to spring another $1500 for a fuel reformer to create the hydrogen the beast runs on... Nonetheless interesting to ponder. It looks like a dirt bike, interesting to see how well it would actually fare off-road.

Wednesday, August 03, 2005

Security Research Ethics

Jeff and I had an interesting conversation over lunch regarding a recent disclosure about a flaw in Cisco's IOS operating system by security researcher Michael Lynn (Wired Article). Cisco tried very hard to make sure the presentation never happened, and it's obvious to everyone, in retrospect, that the attempted cover-up did far more damage than the original disclosure. From the Wired article:

[Michael Lynn] said he conducted the reverse-engineering at the request of his company, which was concerned that Cisco wasn't being forthright about a recent fix it had made to its operating system.


Jeff's position (and Cisco's position) was that the original disclosure of the information by Lynn was unethical, and that he should have given the company more time to respond to the information and tell users to upgrade their firmware. My position was that if a firmware update already exists (it does) to cover the vulnerability, then disclosure is acceptable.

Further complicating the issue,
Cisco's Press Release implies that Lynn revealed Cisco-proprietary code in his presentation:
... ISS and Cisco had prepared an alternative presentation designed to discuss Internet security, including the flaw which Lynn had identified, but without revealing Cisco code or pointers ...


I downloaded the presentation (available from cryptome.org, among other places) to see what information he actually revealed. He outlines the general procedure one would follow to create a remote-code exploit on IOS. He has some source code examples, but they're all of dissassembled MIPS assembler code. One can argue about whether disassembled code is Cisco property, but it's clearly code he created and not code that Cisco provided to Lynn. A few C function prototypes are also in the presentation, but only the most wildly paranoid would call a function prototype a code disclosure.

Finally, Bruce Schneier came down firmly on the side of disclosure.

I tend to think that Lynn got a raw deal for basically doing his job, and when told to present an alternative (read: sanitized) presentation instead of the one he originally created, he opted for disclosure instead of job security. The real question in my mind is why Cisco went ballistic over it.

Track Day

Spent a day at Thunderhill last week, in my first-ever track day in a car. The event was put on by the Golden Gate Lotus Club, which was a fairly relaxed group. For those who have never seen (or heard of) Thunderhill, here is a satellite view of the track (Google apparently doesn't have hi-res imagery of Willows area).

There was plenty of track time available -- drivers were split into a "Fast" group and a "Faster" group; the "Fast" group was restricted to passing mostly on the three straightaways, whereas the "Faster" group was limited to drivers with multiple days of track experience, and had unrestricted passing. Sessions ran for half an hour and alternated between the two groups, which was pretty nice, since you could just glance at your watch and figure out how long until your next session was going out.

Getting out on the track was a blast. I took it pretty easy for the first couple sessions, especially after the driver's meeting comments about not spinning out in the first session, then started to push the car harder. The STi proved to be a very easy car to drive fast -- it has a basic tendency to push, even with the center diff unlocked, and towards the end of the day when I was sliding the car through turn 2 it transitioned cleanly from hard cornering into a gentle four-wheel slide.

I learned an incredible amount as the day went by, and I was going much faster by the last session than I was at the beginning of the day. My progress was marked by my gas consumption -- I burned two full tanks of gas at the track, going through an indicated half-tank of gas alone in my last session (although I must point out that it was the first half tank, which is smaller than the second half).

Tire wear was less than expected, but I think the stock tires are now nearing the end of their useful life anyways. I'll probably have to start shopping around for a new set soon, although finances being what they are, I may just throw the winter tires back on and run on them for a while.

I didn't really feel the need for any more power out of the car after the day -- certainly I was full on the gas in many parts of the course, but I had to feather the throttle through at least half the course, so I would say I am tire-limited (and skill-limited) rather than power-limited. One modification I would like would be some sort of four-point or five-point harness. I saw one of the (eight or nine) Mitsubishi Evo drivers had a harness put in his car that was pretty low-impact. The other thing is that I want a video mount for my camera...

Tuesday, August 02, 2005

Rice One-ups MIT on Being Open

Inspired by the MIT Open Courseware project, Rice university has created a site (article) where colleges and professors can provide their own course materials for free.

Unlike MIT's program, which simply takes the material they use already and publishes it on the web, the Rice program is much more ambitious -- they aim to be the Sourceforge of educational materials, a central repository of courses that anyone can contribute to, where users can examine, review, and rank the material.