January 15, 2025

Posts Comments

On digital TV and natural disasters

September 12, 2008 by

As I’m writing this, the eye of Hurricane Ike is roughly ten hours from landfall.  The weather here, maybe 60 miles inland, is overcast with mild wind.  Meanwhile, the storm surge has already knocked out power for ten thousand homes along the coast, claims the TV news, humming along in the background as I write this, which brings me to a thought.

Next year, analog TV gets turned off, and it’s digital or nothing.  Well, what happens in bad weather?  Analog TV degrades somewhat, but is still watchable.  Digital TV works great until it starts getting uncorrectable errors.  There’s a brief period where you see block reconstruction errors and, with even a mild additional amount of error, it’s just unwatchable garbage.  According to AntennaWeb, most of the terrestrial broadcast towers are maybe ten miles from my house, but that’s ten miles closer to the coast.  However, I get TV from Comcast, my local cable TV provider.  As I’ve watched the HD feed today, it’s been spotty.  Good for a while, unwatchable for a while.  The analog feed, which we also get on a different channel, has been spot on the whole time.

From this, it would appear that Comcast is getting its feed out of the air, and thus has all the same sorts of weather effects that I would have if I bothered to put my own antenna on the roof.  Next year, when the next hurricane is bearing down on the coast, and digital TV is the only TV around, it’s an interesting question whether I’ll get something useful on my TV during a disaster.  Dear Comcast, Engineering Department: please get a hard line between you and each of the local major TV stations.  Better yet, get two of them, each, and make sure they don’t share any telephone poles.

[Sidebar: In my old house, I used DirecTV plus a terrestrial antenna for HD locals, run through a DirecTV-branded HD TiVo.  Now, I’m getting everything from Comcast, over telephone poles, into a (series 3) TiVo-HD.  In any meaningful disaster, the telephone poles are likely to go down, taking out my TV source material. I get power and telephone from the same poles, so to some extent, they make a single point of failure, and thus no meaningful benefit from putting up my own antenna.

Once the storm gets closer, I’ll be moving the UPS from my computer to our, umm, shelter-in-place location.  I don’t expect I’d want to waste precious UPS battery power running my power-hungry television set.  Instead, I’ve got an AM/FM portable radio that runs on two AA’s.  Hopefully, the amount of useful information on the radio will be better than the man-on-the-street TV newscasters, interviewing fools standing along the ocean, watching the pretty waves breaking.  Hint: you can’t “ride through” a storm when the water is ten feet over your head.]

Filed Under: Uncategorized Tagged With: , , ,

Preparing for a natural disaster

September 11, 2008 by

As Tinker readers may know, I live in Houston, Texas, and we’ve got Hurricane Ike bearing down on us.  Twenty-four hours ago, I was busy with everything else and hadn’t even stopped to think about it.  Earlier this week, the forecasts had Ike going far south of here.  That all changed and now it appears likely that Ike will hit the Texas coast not to far away.  The eye of the storm is probably not going anywhere near us, but we’ll be on the “dirty” side of the storm, and that means lots of rain and possible power outages.

Yesterday, I went to the supermarket and stocked up on assorted non-perishable goods, waters, batteries, and all that.  The lines were entirely reasonable.  The supermarket was clearly more prepared than I was, bringing in several shipping palettes of bottled water.  (Today, I’d bet the supermarket is crazier, but I’m not heading there to find out.)

My house is 51 feet above sea level and is outside the statutory flood plain.  At least in theory, I don’t have to worry much about flooding.  The most likely concern would be wind-driven rain getting through the not-terribly-well-sealed front door or some of the “French doors” that our builder overused on the house.  (“French doors”, which I doubt have much to do with France, are double doors, hinged on the side, and meeting in the middle where they latch to one another.)  My plan is to run a seam of duct tape around around the outside of the doors and windows on the first floor.  We’ll get in and out via the garage (which we tend to do, anyway).  I’m not going to try climbing up a ladder to the second story, since those “casement” windows seem to be more solid.

To evacuate or not to evacuate?  That’s the question.  When Hurricane Rita came through three years ago, we spent a thoroughly unpleasant 17 hours driving from Houston to Dallas (normally a four hour drive), where my parents live.  This time, our plan is to ride out the storm and then evaluate what we’re doing next.  Assuming the house is intact and we have power, we’ll be fine.  If we lose power and it appears unlikely to come back any time soon, or if our house is thrashed, then we’ll worry about evacuating.

Of course, I have to worry about more than just my family.  I also have to worry about my research group, the students in my classes, and so forth.  My security class meets this afternoon.  We’ll be talking about disasters.  (I tried to get some people from our university’s IT department to come talk about their disaster preparation, but unsurprisingly they’re busy preparing.  I’ll try to get some of them after it’s all over.)

For our research group, I’ve got a paper in the works for NDSS ’09, whose submission deadline is basically the same as when the hurricane is due.  The chair was nice enough to give us an extension, so now we just have to work out how we can keep doing the writing, even if there’s no power around.  (Felten has graciously offered to host our subversion server.  Luckily, the experimental work is all done, so it’s just a matter of getting it written up properly.)

Who knew disaster preparation could be so much fun?

Filed Under: Uncategorized Tagged With:

A curious phone scam

September 10, 2008 by

My phone at work rings.  The caller ID has a weird number (“50622961841” – yes, it’s got an extra digit in it).  I answer.  It’s a recording telling me I can get lower rates on my card (what card?) if I just hit one to connect me to a representative.  Umm, okay.  “1”.  Recorded voiced: “Just a moment.”  Human voice: “Hello, card center.”

At this point, I was mostly thinking that this was unsolicited spam, not a phishing attack.  Either way, I knew I had a limited time to ask questions before they’d hang up. “Who is this?  What company is this?”  They hung up.  Damn! I should have played along a little further.  I imagine they would have asked for my credit card number.  I could have then made something up to see how far the interaction would go.  Oh well.

Clearly, this was a variant on a credit card phishing attack, except instead of an email from a Nigerian dictator, it was a phone call.  I’m sure the caller ID is total garbage, although that, along with the demon-dialer, says that the scammer has some non-trivial infrastructure in place to make it happen.

So, the next time one of you receives an unsolicited call offering to get you lower rates on your card, please do play along and feed them random numbers when they ask for data.  At the very least, there’s some entertainment value.  If you’re lucky, you might be able to learn something that would be useful to mount a criminal investigation.  Maybe half-way through you could suddenly have an important meeting to get to and see if you can get them to give you a callback phone number.

Update: reader “anon” points to an article from The Register that discusses this in more detail.

Filed Under: Uncategorized Tagged With:

Come Join Us Next Spring

September 3, 2008 by

It’s been an exciting summer here at the Center for Information Technology Policy. On Friday, we’ll be moving into a brand new building. We’ll be roughly doubling our level of campus activity—lectures, symposia and other events—from last year. You’ll also see some changes to our online activities, including a new, expanded Freedom to Tinker that will be hosted by the Center and will feature an expanded roster of contributors.

One of our key goals is to recruit visiting scholars who can enrich, and benefit from, our community. We’ve already lined up several visitors for the coming year, and will welcome them soon. But we also have space for several more. With the generous support of Princeton’s Woodrow Wilson School and School of Engineering and Applied Sciences, we are able to offer limited support for visitors to join us on a semester basis in spring 2009. The announcement, available here, reads as follows:

CITP Seeks Visiting Faculty, Fellows or Postdocs for Spring 2009 Semester

The Center for Information Technology Policy (CITP) at Princeton University is seeking visiting faculty, fellows, or postdocs for the Spring 2009 semester.

About CITP

Digital technologies and public life are constantly reshaping each other—from net neutrality and broadband adoption, to copyright and file sharing, to electronic voting and beyond.

Realizing digital technology’s promise requires a constant sharing of ideas, competencies and norms among the technical, social, economic and political domains.

The Center for Information Technology Policy is Princeton University’s effort to meet this challenge. Its new home, opening in September 2008, is a state of the art facility designed from the ground up for openness and collaboration. Located at the intellectual and physical crossroads of Princeton’s engineering and social science communities, the Center’s research, teaching and public programs are building the intellectual and human capital that our technological future demands.

To see what this mission can mean in practice, take a look at our website, at http://citp.princeton.edu.

One-Term Visiting Positions in Spring 2009

The Center has secured limited resources from a range of sources to support visitors this coming spring. Visitors will conduct research, engage in public programs, and may teach a seminar during their appointment. They’ll play an important role at a pivotal time in the development of this new center. Visitors will be appointed to a visiting faculty or visiting fellow position, or a postdoctoral role, depending on qualifications.

We are happy to hear from anyone who works at the intersection of digital technology and public life. In addition to our existing strengths in computer science and sociology, we are particularly interested in identifying engineers, economists, lawyers, civil servants and policy analysts whose research interests are complementary to our existing activities. Levels of support and official status will depend on the background and circumstances of each appointee. Terms of appointment will be from February 1 until either July 1 or September 1 of 2009.

If you are interested, please email a letter of interest, stating background, intended research, and salary requirements, to David Robinson, Associate Director of the Center, at . Please include a copy of your CV.

Deadline: October 15, 2008.

Beyond this particular recruiting effort, there are other ways to get involved—interested students can apply for graduate study in the 2009-2010 school year, and we continue to seek out suitable candidates for externally-funded fellowships. More information about those options is here.

Filed Under: Uncategorized Tagged With:

Cheap CAPTCHA Solving Changes the Security Game

September 2, 2008 by

ZDNet’s “Zero Day” blog has an interesting post on the gray-market economy in solving CAPTCHAs.

CAPTCHAs are those online tests that ask you to type in a sequence of characters from a hard-to-read image. By doing this, you prove that you’re a real person and not an automated bot – the assumption being that bots cannot decipher the CAPTCHA images reliably. The goal of CAPTCHAs is to raise the price of access to a resource, by requiring a small quantum of human attention, in the hope that legitimate human users will be willing to expend a little attention but spammers, password guessers, and other unwanted users will not.

It’s no surprise, then, that a gray market in CAPTCHA-solving has developed, and that that market uses technology to deliver CAPTCHAs efficiently to low-wage workers who solve many CAPTCHAs per hour. It’s no surprise, either, that there is vigorous competition between CAPTCHA-solving firms in India and elsewhere. The going rate, for high-volume buyers, seems to be about $0.002 per CAPTCHA solved.

I would happily pay that rate to have somebody else solve the CAPTCHAs I encounter. I see two or three CAPTCHAs a week, so this would cost me about twenty-five cents a year. I assume most of you, and most people in the developed world, would happily pay that much to never see CAPTCHAs. There’s an obvious business opportunity here, to provide a browser plugin that recognizes CAPTCHAs and outsources them to low-wage solvers – if some entrepreneur can overcome transaction costs and any legal issues.

Of course, the fact that CAPTCHAs can be solved for a small fee, and even that most users are willing to pay that fee, does not make CAPTCHAs useless. They still do raise the cost of spamming and other undesired behavior. The key question is whether imposing a $0.002 fee on certain kinds of accesses deters enough bad behavior. That’s an empirical question that is answerable in principle. We might not have the data to answer it in practice, at least not yet.

Another interesting question is whether it’s good public policy to try to stop CAPTCHA-solving services. It’s not clear whether governments can actually hinder CAPTCHA-solving services enough to raise the price (or risk) of using them. But even assuming that governments can raise the price of CAPTCHA-solving, the price increase will deter some bad behavior but will also prevent some beneficial transactions such as outsourcing by legitimate customers. Whether the bad behavior deterred outweighs the good behavior deterred is another empirical question we probably can’t answer yet.

On the first question – the impact of cheap CAPTCHA-solving – we’re starting a real-world experiment, like it or not.

Filed Under: Uncategorized Tagged With: , , ,