Archive for March, 2009

I am so going to die of food poisoning

March 30, 2009

StillTasty: Your Ultimate Shelf Life Guide

I Left Pizza Out Overnight – Is It Still Safe to Eat?
Do You Have to Refrigerate Opened Bottles of Mustard and Ketchup?
Is it OK to Put Hot Food in the Refrigerator?

I can’t count how many of these folks’ recommendations I routinely violate (but I’d like to try). My guess, in addition to the fact that a lot of foods are just naturally bacteriostatic, is that I’ve been lucky with the starting bacteria counts in my left-out soups and other foods…


A Solution to the Afghan opium problem

March 30, 2009

The Reality-Based Community: Give them some money

The current Afghan poppy harvest of about 8,000 tons (WDR p. 38) – potentially 800 tons of pure opiate – could be absorbed several times over in the needed expansion of morphine supply.

It would of course be difficult to set up a well-policed licit opium supply chain in Afghanistan, and to upgrade and fund the medical distribution chain for morphine in say Africa. But no other strategy is any easier or cheaper; and this one offers Afghan peasants a real way out to an honourable livelihood, which crop-burning does not. So: Give them some money. If courage is lacking for a policy switch, at least experiment by giving $10m for a pilot to some maverick counter-insurgency colonel of the McMaster or Kilcullen stamp.

I’m left wondering why so many bright people have a blind spot here. Many of us have been indoctrinated to think that because heroin is an evil, so is opium. This is quite wrong. The world would be a far worse place without the blessed opium poppy than it manages to be with it.

There’s only one question I have, but it could be a showstopper:

What’s in it for Big Pharma?

St Louis to Commuters: Drop Dead

March 30, 2009

03/29/2009 – Missouri’s last clear chance to avert transit collapse –

Nearly 40,000 residents of the region use public transportation to commute to work. That’s in addition to the students, the elderly and disabled — and their families and caretakers — who depend on the system.

h/t atrios

The rest of the article suggests that 5-10,000 of those commuters could lose their jobs because they can’t get to work in a timely fashion (sure, they could spend the thousands of dollars a year to go by car, but St Louis already has enough gridlock at rush hour). Employers may not be able to replace a lot of these people at current prices, because many of the potential replacements wouldn’t be able to get to work either. (Jobs going begging in a recession, go figure.)

Good thing those moderates in congress cut the part of the stimulus covering state and local operating budgets; taxpayers wouldn’t have wanted to be saddle with that cost.

No need to hack into PCs when embedded stuff is more fun

March 28, 2009

Power grid is found susceptible to cyberattack | ITworld

There are about 2 million of these devices currently deployed, but many more are expected to be added in coming years.

The researchers created a computer worm that could quickly spread among Smart Grid devices, many of which use wireless technology to communicate, according to Travis Goodspeed, an independent security consultant who worked with the team. “It spread from one meter to another and then it changed the text in the LCD screen to say ‘pwned’,” he said. Pwned is hacker-speak meaning “taken over.”

In the hands of a malicious hacker, this code could be used to cut power to Smart Grid devices that use a feature called “remote disconnect,” which allows power companies to cut a customer’s power via the network.

Oh, great. Computer security types have been telling reporters for decades that there’s no way to mess with the power grid by hacking stuff over networks because they’re all properly walled off, and now the power companies have figured out how to make it easy. (And in the hands of a malicious hacker this could not only hurt individual customers, it could also cause trouble for the grid itself — imagine a few gigawatts of demand suddenly disappearing, then reappearing a minute later, then disappearing again and so forth until something broke.


Worm breeds botnet from home routers, modems • The Register

The “psyb0t” worm is believed to be the first piece of malware to target home networking gear, according to researchers from DroneBL, which bills itself as a real-time monitor of abusable internet addresses. It has already infiltrated an estimated 100,000 hosts. It has been used to carry out DDoS, or distributed denial of service, attacks and is also believed to use deep-packet inspection to harvest user names and passwords.

“This technique is one to be extremely concerned about because most end users will not know their network has been hacked, or that their router is exploited,” the DroneBL researchers wrote here. “This means that in the future, this could be an attack vector for the theft of personally identifying information. This technique is not going away.”

Vulnerable devices include any home router or modem that uses Linux Mipsel, has an administration interface, sshd, or telnet in a DMZ, and employs a weak password. Once the malware takes hold, it locks legitimate users out of the device by blocking telnet, sshd, and web access. It then makes the devices part of a botnet.

Done “right”, this could create an entire alternate internet. Anyone whose routers were owned would get a different version of DNS, and all of their surfing could go to cracker-controlled versions of their favorite sites. Or just through cracker-controlled proxies. Whee.

Fingerprinting paper

March 28, 2009

Center for Information Technology Policy » Fingerprinting Blank Paper Using Commodity Scanners

We introduce a new method for measuring the three-dimensional surface of a page using only a commodity scanner and without modifying the document in any way. From this physical feature, we generate a concise fingerprint that uniquely identifies the document. Our technique is secure against counterfeiting and robust to harsh handling; it can be used even before any content is printed on a page. It has a wide range of applications, including detecting forged currency and tickets, authenticating passports, and halting counterfeit goods. Document identification could also be applied maliciously to de-anonymize printed surveys and to compromise the secrecy of paper ballots.

I wonder how big the signature for identification is — you’ve only a few dozen megabytes of information total in the scan, but you want to be able to identify subsections of that and so forth…

And of course when the Paper Patrol starts insisting that every sheet coming out of the pulp mills gets recorded, that will only be a few billion petabytes of storage every year. Beats watermarking all to hell.

Next year they’ll pay people to take houses

March 28, 2009


The median price for an existing, single-family detached home in California sank to $247,590 in February from $418,260 a year earlier, the Los Angeles-based group said in a statement. The U.S. median price fell 16 percent during the same period, the second-biggest drop on record, according to the National Association of Realtors

That number is really sobering. It’s not quite as much of a precipice as it looks like at first, because lots of the sales are foreclosures, where the bank will take any price it can get. When ordinary people are can’t get the price they want they try not to sell because that would mean turning a paper loss into a real one (and indeed the market almost ground to a halt in 2008, with sales up now, mostly foreclosure sales). So what it really means is that prices have dropped 50% in two years rather than 40% in one…

But you know what? Some of those houses, in places no one would want to live except that they were the only places you could find a house — they’re still a lousy deal.

If you’re going to steal $200M, do your homework

March 25, 2009

How police busted UK’s biggest cybercrime case

they used commercial keystroke-logging software – not spyware or specialist hardware, as initially and widely reported – to capture usernames and passwords needed to make Swift bank transfers.

These stolen login credentials were used in an unsuccessful attempt to transfer money to ten overseas accounts under the control of fraudsters a month later.

Repeated attempts to transfer funds to accounts in Spain, Dubai, Hong Kong and Singapore failed because of errors in completing one of the fields in the Swift system used to make transfers.

It makes you wonder how much went into the pocket of people with slightly better typing skills or a little more information, and possibly a touch less grandiosity.

These should be mandatory in public places

March 24, 2009

Headsets: Sanwa Throat Mic, For Your Very Tactical Cellphone Conversations

Sanwa’s hands-free throat mic looks like a military headset, but it’s made for use with your cellphone (which we’re assuming isn’t part of your black ops kit, but we’re not judging). Good for noisy environments and just those times you don’t want the cabbie to know about your ass rash, Sanwa’s system should be available for import soon

Geez, can you imagine cities suddenly no longer full of self-important people speaking loudly into thin air? You’d be able to tell who the crazies were again.

This, on the other hand, is a brilliant scam.

March 23, 2009

Economist’s View: “Despair over Financial Policy”

Citi holds $100mm of face-value securities, carried at $80mm.

The market bid on these securities is $30mm. Say with perfect foresight the value of all cash flows is $50mm.

I bid Citi $75mm. I put up $2.25mm or 3%, Treasury funds the rest.

I then buy $10mm in CDS directly from Citi [or another participant (BOA, GS, etc)] on the bonds for a premium of $1mm.

In the fullness of time, we get the final outcome, the bonds are worth $50mm

SAC loses $2.25mm of principal, but gets $9mm net in CDS proceeds, so recovers $6.75mm on a $2.25mm investment. Profit is $4.5mm

Citi writes down $5mm from the initial sale of the securities, and a $9mm CDS loss. Total loss, $14mm (against a potential $30mm loss without the program)

U.S. Treasury loses $22.75mm

Great program.

Too bad it’s funded with taxpayer dollars.

In practice things will probably be a bit different — the banks issuing the Credit Default Swaps will probably insist on a larger share of the loot, since they’re the ones who take a loss. But even if the swap is priced at $3.5M on a $10M investment the hedge fund makes money. (Oh, and of course the bank selling the CDS is committing a kind of fraud because they know that the price for the swap should be $10M/$10M, but since doing that deal mobilizes $20 mil of free money from the FDIC, they still come out ahead compared to not doing it.)

You’d think this could be prevented by forbidding the writing of CDSs on toxic, er, legacy paper, but since CDSs are unregulated private contracts, the best you could do would be to forbid the parties to the Geithner deal from doing it directly, and it would always be possible to find ways to make the money flow through intermediaries.

So essentially this is yet another pump-money-at-the-titans scheme, with hopes that the influx of dollars from the treasury will finally cause credit markets to unfreeze. But why the heck should banks be lending money in an evironment like this? Business is bad, and there are tricksy, devious borrowers out there. Just ask the Treasury.

No need to know

March 23, 2009

Google Latitude to Cops: ‘I Don’t Remember’

Google is promising that its new location-reporting service Latitude, which lets you broadcast where you are to your friends, will have a memory leak and won’t remember anything.

That’s a feature, not a bug. The intention is to make sure Latitude doesn’t become an honeypot for cops wanting to be able to easily find out where you have been or even say the names of everyone who attended, or was near, a political protest.

The policy, created in consultation with the Electronic Frontier Foundation, puts Latitude on equal privacy footing with Loopt, a popular friend-finding service that predates Latitude. Both services now overwrite your previous location with your new location, and don’t keep logs.

This is very nice, and not too hard to do. Libraries, of course, have been doing this kind of information-protection for decades — in line with ALA principles about the freedom to read without the government looking over your shoulder, typical library circulation systems started being designed early on to lose information about what books a person had taken out, as soon as they were returned.

Wouldn’t it be nice if other databases did the same thing?