Friday, March 28, 2008

Juggling identities: Udell, Cameron and Identity Woman

I've written about identity and reputation management, including a call for identity management services ...

We need more identity management tools that let us rapidly switch our personae (visible identities) and facets, while tracking our associated reputations and providing a visual cue as to our current identity. These tools can also remind us what each identity is designed for; it's not hard to forget the purpose or a persona, and thus to misuse it.

Obviously such a tool should have a biometric component, though it would need to be optional at first. One way to generate a revenue for such a service would be to provide the service free, but charge for the associated token*, biometric authentication component, or personal VPN add-on...

I figured there had to be people thinking deeply on these topics, but I couldn't make a good connection. I finally found one in an older post of Jon Udell's that's been sitting in my reading queue for months:

A conversation with Dick Hardt about British Columbia’s digital identity initiative « Jon Udell

On this week’s ITConversations show I chatted with Dick Hardt about that project. According to Kim’s Information Card thermometer, 10 percent of desktops are now running CardSpace or an equivalent identity selector technology such as DigitalMe. I’m not sure where the tipping point will be, but even if you’re in that 10 percent it’s hard to find concrete examples of how the technology will simplify your life...

DigitalMe? CardSpace?

This if from the Wikipedia CardSpace article:

...Windows CardSpace (codenamed InfoCard), is Microsoft's client software for the Identity Metasystem. CardSpace is an instance of a class of identity client software called an Identity Selector. CardSpace stores references to users' digital identities for them, presenting them to users as visual Information Cards. CardSpace provides a consistent UI that enables people to easily use these identities in applications and web sites where they are accepted...

...Because CardSpace and the Identity Metasystem upon which it is based are token-format-agnostic, CardSpace does not compete directly with other Internet identity architectures like OpenID and SAML... Information Cards can be used today for signing into OpenID providers, Windows Live ID accounts, SAML identity providers, and other kinds of services...

Microsoft initially shipped Windows CardSpace with the .NET Framework 3.0, which runs on Windows XP, Windows Server 2003, and Windows Vista. It is installed by default on Windows Vista and is available as a free download for XP and Server 2003 via Windows Update. An updated version of CardSpace shipped with the .NET Framework 3.5.

So. I think I've picked up the scent now. Then from Jon Udell to the Cameron blog he mentioned: "This blog is about building a multi-centered system of digital identity that its users control." The most recent post promotes a conference run by "Identity Woman Kaliya"...

User-centric identity is the ability:

  • To use one’s identifier(s) on more then one site
  • To control who sees what information about you
  • To selectively share presence and profile information
  • To maintain multiple identities and personas in the contexts you wish
  • To aggregate attention, navigation, and purchase history from the sites and communities you frequent
  • To move and share your personal data, relationships, documents, and other publications as you wish

Ok, that sure sounds like the "identity management services" I was asking for.

So I've found sources to track. Here's the odd part. Both Jon Udell and Kim Cameron work for the Borg.

I've read Udell since his BYTE days, and now I've added Identity Woman (not Microsoft) and Kim Cameron to my blogroll.

Thursday, March 27, 2008

The American corporation and the centrally planned economies of the soviet empire

Once in a while two loose neurons bang together and I look at the world differently.

That happened earlier today.

I'm almost always sure somebody's explored the idea, but in the dark ages there was no easy way to find out. I'd write my thoughts down move on. Now I just have to toss a few terms at Google.

Which is how I came to discover that this morning's unoriginal insight was the subject of a Brad DeLong paper written in 1997 when he worked for the Clinton administration.

My version of this insight struck because I've recently been thinking about some of the things all corporations have trouble with. This is work related rather than my usual idle speculation, so I can't provide details here. Suffice to say that my topic started small and concrete, but soon became quite grand. In the end I needed to consider three different sorts of exchanges of goods and services:

  1. exchanges within a corporation
  2. currency-based exchanges within a market economy
  3. collaborative exchanges between academics at different institutions or departments.

Sometime in the midst of this review, the obvious smacked me in the face:

The best publicly traded companies are an almost exact analog to the most finely tuned centrally-planned "command economies" of the Soviet empire, particularly the Czechoslovakian command economies of the late 1970s.

No wonder so many Soviet  and Communist Chinese bureaucrats had smoothly shifted into running massive corporations. Everything must have seemed so familiar. Conversely, the designers of the Czechoslovakian central planning process must have based it on their knowledge of American corporations.

I knew this insight couldn't be original, so I went looking for affirmation. Using the terms "corporation" and "planned economy" Google gave me a good hit on the first page:

The Corporation as a Command Economy by J. Bradford DeLong

University of California at Berkeley, and National Bureau of Economic Research July 1997

Most of us spend more than one-third of our waking lives working for large, modern corporations: organizations where we do not know personally either those at the top or the bulk of those at the bottom of the organization's administrative hierarchy. This is a striking change from two centuries ago, when a productive organization of more than thirty was unusual, and one of more than three hundred an extreme oddity....

...I am going to focus on the issues of corporate control. A corporation is a hierarchical organization. It has a boss--today the he (almost always a he) called the CEO, whose theoretical power is autocratic throughout the scope of the corporation, and subject only to the periodic continued approval of the Board of Directors and the annual meeting of the shareholders. But we were all told a decade ago, when the Soviet Union collapsed, that hierarchical organizations simply did not work as modes of organizing economic life--that you needed a market in order to achieve anything better than low-productivity, bureaucracy-ridden economic stagnation.

What, then, are all these large corporations--ATT and IBM, General Motors and Toyota, Microsoft and USX--doing? What methods of corporate control have saved them from turning into smaller versions of the unproductive Soviet economy?

So my comparisons are not original, and yet, as I scanned Brad's article, I was left with the impression that he gave too much credit to the efficiencies of General Electric , and not enough credit to the remarkable persistence of the planned economies.

My own prejudice is that today's corporations struggle mightily with the same challenges that brought down the planned economies of the Soviet era, and that they succeed more from their impressive ability to hold critical resources and to eliminate weaker competition, than through a unique gift for channeling and distributing resources.

If a new entity were to arise that combined the brute power of the corporation with the intelligence of a true market I think the modern corporation would go the way of the Soviet planning bureau.

That's a large if however. I am not aware of any serious challenger to the corporation, and so the planned economies of the world shall continue into the 21st century ...

XPonlinescanner: malware attack or very nasty ad? Interesting, either way.

Last week I ran into Firefox attack while browsing a local website. I posted about XPonlinescanner.com: Malware infection on Star Tribune and other news sites.

I figured I'd hear something more about this, but a Google search today only shows my original post. So maybe I was imagining things.

Except my original post continues to attract about one comment a day, along the lines of:

I've never heard of or been to the Star Tribune website, but this pop up has appeared on starting up firefox on both a Linux and a Mac computer. I don't use MS Windows.
It would appear that this is wider spread than just a rogue web site.

I just received it this morning. But I believe this one actually popped up while I was on Photobucket.
I closed it but it just opened into a window saying it was scanning and then I just closed it again. I'm hoping it didn't do anything else.

Started this weekend on the jsonline.com (Milwaukee Journal Sentinel) site. Complaint has been filed with site owner.

I've seen several versions of the install file over the past week which is an indication that someone is up to no good.
The source was: hxxp://xponlinescanner.com/2008/download'
XPantivirus2008_v77011816.exe
XPantivirus2008_v880136.exe
XPantivirus2008_v77024205.exe
XPantivirus2008_v880181.exe
I submitted these files to TrendMicro and they all came back as malware containing a Trojan downloader.

This popup is a Trojan Horse malware, users should close the window and not use any buttons presented in main popup.

just got the same treatment from them via salary.com and I notice it didn't install anything. They have a script that just resizes the browser really small and then they put a confirmation dialog on top of it. I closed the confirmation window and it resized my browser to the height and width of my screen and claimed to be scanning my computer....

I do wonder what's going on. If this is indeed a malware attack, it's interesting that it's propagating without comment across multiple sites. If it's not a malware attack, then it says something about the state of web advertising and the desperation of news sites.

Update 10/2/09: I wonder if the NYT breach of 9/15/09 was something similar...

...According to security experts, groups that are often based in Russia and Ukraine create the fake antivirus software and then recruit people to help distribute it by giving them a cut of any money made by selling the software. These so-called affiliates can mimic the advertisements of legitimate companies, learn their techniques for submitting ads to networks and sites, meddle with ad servers and then go so far as to provide customer support for people who install the software, keeping the scam running as long as possible...

Did the Strib ever realize it had been hacked? I don't think they ever admitted it.

Wednesday, March 26, 2008

Whimsley: a new addition to my bloglist

I came across a new-to-me blog today, via Nicholas Carr. I enjoyed the post on Mr. Google's Guidebook and a few others, so I added Whimsley to my bloglist.

I'd like to see a bloglist that could mix a random sample of old posts with a current feed (probably could do this with Yahoo Pipes), there's so much past material here that would be new to me. I did go to the very first post. The blog has survived the book mentioned below, but the original theme has persisted ...

Whimsley, Nov 2005:

This blog is a shameless attempt at promoting my forthcoming book, "No One Makes You Shop At Wal-Mart", which the fine people at Between the Lines are publishing next spring.

The book is an argument against a certain kind of thinking -- a very common way of thinking I call MarketThink. MarketThink is the belief that (in the absence of government action) the world really does work according to the rules of the idealized free-market. MarketThink is the claim that, as long as we can exercise individual choices, the invisible hand of the free market guarantees that we get what we want.

The title of the book comes from one particular phrasing of that claim. Wal-Mart has commonly been criticised for the damage its edge-of-town stores do to city centres. In response to these criticisms, one of the arguments that Wal-Mart's supporters make is that "no one makes you shop at Wal-Mart", and that if people really felt that Wal-Mart was bad for their cities, they would not patronize it.

An example of this kind of thinking comes from Ron Galloway, director of the new film "Why Wal-Mart Works & Why That Makes Some People Crazy", who said on CNN's Showbiz Tonight on October 31 that "138 million people vote with their feet to go to Wal-Mart. And Americans are pretty smart. And I think Wal-Mart, if Wal-Mart were really doing something genuinely wrong, the American people would be able to figure it out and not go."

What is wrong and why? Well, that's what this blog is about.

MarketThink has at least a nodding connection to the "folly of crowds", but I'm guessing he also discusses market failures, premature local minima traps. I wonder if he discusses future shock and fraud, and how they mislead the crowd.

I'm sure I'll have some more comments over time ...

The Market as a satisficing mechanism for finding local minima - where did I get this from?

A few months ago I fell into conversation with an exotic person -- someone young. This one had fallen into a familiar trap; he'd confused The Market with The Moral.

Bush and the GOP were, of course, lost down that rabbit hold eons ago.

Anyway, being pompous prone, I launched into a lecture about how markets are systems for developing "good enough" (satisficing) solutions to complex problems. They find "local minimal", not some magical optimal solution that's the best of all possible worlds.

This ability, of course, is miraculous. The Market is the best way we have to find the local minima. The role of society, and sometimes government, is to decide that the "minima" is not good enough, and to perturb the market into finding another, perhaps better, solution. Sometimes we even think we know where the perturbation should be directed.

There were two problems with my dissertation. One was that I'm pretty sure he didn't (care to?) understand a word of it. More importantly, I fear I was more-or-less making it up.

I say "more-or-less" because I think I read this sometime, but in the months since that conversation I've not come across a reasonable reference. This "more-or-less" business comes from reading a lot but having an average memory and a creative imagination -- I can't reliably separate what I've read from what I've invented.

I tried a search: market "local minima" "good enough" satisficing solution economics but only found some papers on AI problem solving.

Can someone point me to a reference?

Don't buy your iPhone this week -- iPhone order backlog

There are lots of possible reasons for an imbalance between iPhone demand and supply:

AppleInsider | Briefly: NYC iPhone sellout; new Jersey store; 2008 PC shipments

...AT&T retail stores in Manhattan aren't yet feeling the affects of the shortage, though Apple's online store is also reflecting an approximate 1 week delay for all new orders, suggesting that considerable backlog currently exists for whatever reason...

One of the possible explanations is that Apple is about to launch a new model.

I have been expecting a new model to be announced on June 31st and to be generally available around August, but I'm a pessimist. If you're considering buying an iPhone I'd wait a couple of weeks. If new models are coming out then the better Apple rumor sites expect the 16GB model to continue to be sold at a lower price point, and the 8GB model to be discontinued.

Tuesday, March 25, 2008

What if you lived in a world where nothing worked?

You know, like Bizarro world.

I think I've been slowly migrating into that world.

My MetLife experience today was typical. I have an ancient annuity with them (odd story), and I decided to try to update my online profile.

It went like this:

  1. Login with the default settings.
  2. Submit -- returns to login screen. No error message, just the login screen.
  3. Phone in, get password reset.
  4. Try again - get request to change password. Looks good.
  5. Login, oops, Back to #2.
  6. Do an online password reset. Notice button press doesn't seem to work with Firefox 2.
  7. Try it again with IE 7. It works.
  8. Now login again. back to #2.
  9. Wait -- what was that brief flicker of text? Something about a popup?
  10. Turn off IE 7 popup blocking.
  11. Try again.

The entire interaction with the MetLife web site occurs inside a popup window. The original login window remains behind, that's why I kept returning to the above step #2 when the popup was blocked.

Incidentally, if you ever want to hack into someone's account, I recommend MetLife. They implement the usual array of misguided security measures, including the laughable: "secret question". (Does any crook not know my mother's maiden name by now?)

I'm picking on MetLife, but these days I feel like a live in a great cloud of "stuff that doesn't work". Our world won't burn up or rust out, it'll just collapse in a great cascade of stuff that doesn't really work ...

PS. Most of the science fiction I've read assumed either a post-apocalyptic world or a world of uncanny reliability. Dysfunctional dystopias don't get their due. Terry Gilliam's (a famous Minnesotan!) Brazil and Twelve Monkeys are notable exceptions; Gilliam seems to have this niche to himself.

Monday, March 24, 2008

Head still exploding: The AT&T mobile phone rebate card scam

After I wrote this post I wondered if I was over-reacting:

Gordon's Notes: John's head explodes: AT&T rebate paid with an AT&T debit card

Ok, so I knew when I did the deal with Satan's pond-sucking scum that I should expect a shaft or two, but this one is so audacious.

I just noticed, in a very fine print amongst all the paper work of a new cell phone contract, that AT&T pays its rebates with an AT&T debit card.

AT&T has been sued over this practice...

I received my two cards ($50 each, one for each line of the family account), which are accepted "anywhere Visa debit cards are accepted", except you have to "tell the cashier" to "process the card as a credit transaction, not a debit transaction".

You need to activate the cards before use, by entering the number they're assigned to. AT&T tells me the number ends in 8. For both cards. Because both our phone numbers end in 8.

The cards expire in July of 2008, about three to four months after they came to us.

There are lots of complex rules about how to spend them. The only reasonable way to use them is to spend MORE than the card amount, then arrange with a flustered and irritated cashier (and their manager too?) to pay the residual through some other means.

Ok, so now I go to www.att.com/wirelessrebatecard to try to activate the cards. I'm redirected to https://www.888extramoney.net -- they're probably outsourced the scam. I'm asked to enter the "first 10 digits of your account number from your AT&T card". Well, I don't have an AT&T card, but I'll try the first 10 digits of the first VISA rebate card number -- since that might be tied to my phone number.

It turns out my theory is correct, from there I get a login screen that requests the entire card number and the last four digits of each cell number. I guess right on those and my cards are "activated". [1]

I could spit nails if I didn't have so many other battles to fight. I signed up with AT&T because of the #$!$#! iPhone. Compared to similar services from Sprint our family costs have gone up about 70% a month. Sprint, for all their many sins, didn't make me jump through these hoops.

In a just world AT&T would have to pay out billions for this kind of scam, but in this world George Bush is President, we have a Republican governor in Minnesota, and our state Attorney General has been neutered.

I just know some mid-level AT&T exec made SVP and a golden handshake when s/he came up with this scam to reduce rebate payments. I suppose it's unbecoming for me to to imagine her/his pending appointment in the eighth circle of hell ...

... The fraudulent—those guilty of deliberate, knowing evil—are located in a circle named Malebolge ("Evil Pockets"), divided into ten bolgie, or ditches of stone, with bridges spanning the ditches...

... Bolgia 10: Groups of various sorts of falsifiers (alchemists, counterfeiters, perjurers, and impersonators) are afflicted with different types of diseases. (Cantos XXIX and XXX)

[1] It's not documented, but if you login this way you can see the record of card transactions and the residual balance.

Update 12/29/08: One commenter suggested using the AT&T card to buy a gift card at a reputable retailer. Then you can use it when it suits you.

Update 3/6/09: As per a most appreciated comment AT&T has settled with the New York attorney general's office ...
A $2.63 million agreement with AT&T Mobility over a misleading and deceptive sales promotion involving rebate offers that were fulfilled with onerous and condition-laden rebate cards by the New York's Attorney General Andrew M. Cuomo.

AT&T is required to provide more than $2.63 million to consumers who received rebate cards from AT&T in fulfillment of its rebate offers on cellular phones and other wireless equipment and services.
I sincerely hope Minnesota climbs on board.

This isn't AT&T's only mobile services scam. They're also shafting their customers with EDGE phones, effectively eliminating data services people have paid for by contract and phone purchase.

Update 4/20/09: Dilbert on mobile phone rebates. "Dude, we spent it before you left the store."

Sad days for the American Academy of Family Physicians: AFP and FPM behind the paywall

The AAFP is putting American Family Physician and Family Practice Management behind a paywall. After April 1 new issues will only be available to members.

This is sad news. For years I've admired the academy's policy of public access to AFP, it's been a great patient and provider information resource. No more.

The academy is also restricting the default distribution of Family Practice Management to members in office practice; a good change overall but probably another indicator of diminishing advertising revenue. I suspect there are other economy measures going on that aren't being communicated to members.

What's going on?

I'm still a member, but I'm very removed from the AAFP these days. I don't really know. My guess is that advertising revenue, in particular, is down. I also wonder if membership is falling off; I suspect a lot of members were unhappy when the Academy failed to resist the peculiar board certification changes implemented by the American Board of Family Medicine [1].

It fits with a ten plus year trend of declining interest in primary care in general, and family medicine in particular. I think the crowd is wrong again, but I fear it will be another ten years before we rediscover that primary care physicians are a cost-effective way to deliver quality care. I also wonder if pharmaceutical advertising revenue is down across the board -- the pharmas are thought by many to be entering a period of grim economic news.

I hope the AAFP will reconsider. I'd be very surprised if removing AFP from public access is going to help finances and/or recruiting in any significant way. This is a bad economizing measure.

[1] Admirable in theory, in practice they're the equivalent of putting a patient with congestive heart failure on a high speed treadmill.

The emperor's clothes, Microsoft Word, and the folly of crowds

In the fairy tale version the impolitic child comments on the emperor's birthday suit. All the people who thought they were imaging the emperor's nakedness realize they're not crazy after all. The emperor is laughed out of town.

That's not how things work in the real world.

I thought of this recently as I revised my sister-in-law's Masters thesis*. Well, revised isn't quite the right word -- my job was to fix up a structured Microsoft Word document. In the old days in-laws typed up handwritten theses, now we repair Word documents. A much quicker job, but far more technical. Hmm. That about sums up the last 30 years of technological progress, doesn't it?

Anyway, as I adjusted styles, auto-generated lists of figures and tables from captions, set alignment styles for document objects, created section specific pagination rules, etc I recalled my 2003 rant against Microsoft Word. It's still pretty current, even though I've given up on my macro workarounds. Honestly, Word is broken**. It's been broken since 1995 or 1997, when some misguided Microsoft development team merged two different formatting models and produced the software equivalent of "the fly".

The Emperor is buck nekkid.

In the real world though, the crowd of hundreds of millions figures the child is deluded, and they must simply be doing something wrong. Surely a bazillion dollar company couldn't be producing junk - could it? Sharepoint must be a good document management system - because everyone uses it. Real estate must be a good investment - because everyone's buying houses. Global warming can't be a real problem, because our government would tell us if it were. Gmail's contact management and list functions can't be completely lousy -- because Google is full of geniuses. Crowds must be wise, because that's what the book says. Crowds re-elected George Bush, didn't they?

Hmmphh.

Either humanity has some serious loose screws, or I'm a loon.

Or both ...

PS. I don't believe in this "wisdom of crowds" stuff. Just to be clear. On the other hand, there's tons of money to be made betting on the folly of crowds.

--

* I think she's written a doctoral thesis, but that's another story. I hope she turns it into a book.

** Office 2007's XML based structured documents might be an improvement, but that requires a completely proprietary file format that none of my other applications can read.

Sunday, March 23, 2008

Google goes to warp speed, oddly fond of me

This morning I wrote a post about worrisome behavior associated with XPonlinescanner.com. At that time a search on the term led to the spammer's web site.

As of this evening a search on the same term leads to my blog post. This morning three people who ran into the same worrisome ad behavior left comments on my initial post -- they found it at the top of their searches within 15 minutes of the original posting.

This evening I posted about the frustrations of using iMovie '08 with a Flip Video camcorder. A few minutes after I posted it I decided to see if anyone else had discovered that Mike Ash's QTAmateur would translate the AVI files. I found exactly one post on the topic- mine.

Google indexed my blog post within 15 minutes of creation.

I then experimented with a post I made this evening to Apple's Discussion group. It too was indexed within 30 minutes of posting. That's nothing about me of course, Google is indexing that massive archive at an astounding speed.

This is unnerving on two levels. Personally it's unnerving that Google is so oddly fond of my blogs. They're not high readership blogs, though I do like to imagine my readership is unusually perceptive. Weird.

The personal focus is odd enough, but the indexing speed is even more uncanny. Google has quietly turned on a warp drive; how the heck are they able to index so quickly? What does this say about their bandwidth capacity -- that they're basically reading large portions of the net in almost real-time?

What oil price will radically change American life?

When does the price of oil change what Americans do?

I wrote in July of 2007 that a significant number of people would start to make different decisions at $5 a gallon. On the other hand I've read realtors claiming that the bubble popped when gas hit $3 a gallon, and people started worrying the cost of exurban commutes.

It's not just the absolute costs of course, it's the trend line. So if gas goes from $3 a gallon now to $5 a gallon in 2011, then people will react as much to the trend line as to the absolute value. If the price hits $5 a gallon in 2010 then the reaction will be even stronger.

On the other hand someone who does this sort of thing for a living things the price will have to hit $13 or so to force a "radical restructuring":
FuturePundit: Peak Oil By 2012?:

.... Energy analyst Charles T. Maxwell thinks gasoline prices in the US will need to more than triple to force Americans into a radical restructuring of how they live.

Maxwell said it will take $12 to $15 a gallon to get Americans to let go of what he called the “precious freedom of mobility.” As much as Maxwell laments the loss, he sees no other way for the U.S. to impose enough conservation to deal with the growing imbalance between oil demand and supply that he sees developing around 2010 and getting worse in 2012 or 2013, as the world hits a “peak” in conventional oil production...
I was thinking in terms of "start to change" when I picked $5 a gallon, radical change is a few steps beyond that.

Maxwell is elsewhere quoted as predicting "peak oil" in 2012-2013 resulting in a steady "rise starting in 2010, reaching $180 a barrel in 2015 and $300 a barrel in 2020". Since we're about $100 a barrel now, we wouldn't hit his "radical change" date until after 2025 or so.

I'd love to see an economist make some predictions here based on the historical record, though I have a hard time thinking of a precedent in an industrial economy outside of wartime.

As I've written previously our confusing situation may become clear within the next six months:
...If the price of oil is above $105 a barrel in August of 2008 then Peak Oil is on the sooner rather than later, and the world I grew up in is shuffling away -- sooner than I'd expected...
If we are at or above $105 in August I think we'll see a gradual and continuous change rather than a radical disruption. The price signals will be relatively clear with smooth trendlines.

This isn't, of course, good news for the survival of human civilization. Unless we put a very large carbon-tax-equivalent on coal, humanity will start burning massive amounts of coal to power our electric cars and to create various fuel products. Our carbon dioxide output will skyrocket -- even as our mobility and our gasoline consumption start to plateau. We'll push past the ancient maxima for CO2 and bake much of our habitat.

We need a technologic miracle, but in the meantime we need a carbon-tax-equivalent on coal.

Hacking encryption keys: quantum and otherwise

A non-specialist has written a review of quantum computer factoring that matches what I've been reading from my physics blogs. Quantum computing, alas, isn't as impressive as it used to be. Even if we can make it work, quantum computing is not necessarily a qualitative improvement over conventional computation -- though it will explore some (truly) mind-boggling quantum physics.

I wanted to call out one small part of the post though:

... I went over to a site that will tell you how long a key you need to use, http://www.keylength.com/. Keylength.com uses estimates made by serious cryptographers for the life of keys. They make some reasonable assumptions and perhaps one slightly-unreasonable assumption: that Moore's Law will continue indefinitely. If we check there for how long a 4096-bit key will be good for, the conservative estimate is (drum roll, please) — the year 2060...

Most of us make do with AES 128 bit (Tiger disk image encryption) and AES 256 bit (Leopard disk image encryption) keys. I checked out the NIST 2007 recommendations on keylength.com and found:

  • AES 128: > 2030
  • AES 256: >> 2030

Another table (ENCRYPT) described 256 symmetric key (ie. AES) as "good protection against quantum cryptography". So most of us don't need to worry about 4096 bit keys unless we're protecting information that will be very valuable in 2040.

I'll be 80 then -- if I'm alive. I'm not too worried.

Of course Schneier et all are usually reminding us that the key length is generally the least of our worries. Weak passwords, dictionary attacks, attacks on keys in memory, etc are all bigger threats. The biggest threat of all, though, is security that either destroys our data (that's really secure!) or that is too onerous to easily implement.

PS. I was in the "quantum will get us" crowd, so I'm a bit humbled by the new wave of "quantum reality".

XPonlinescanner.com: Malware infection on Star Tribune and other news sites

Preface: 3/24/2008.

I've retitled this post and added this preface due to a comment I received today:
I've seen several versions of the install file over the past week which is an indication that someone is up to no good. The source was: hxxp://xponlinescanner.com/2008/download
XPantivirus2008_v77011816.exe
XPantivirus2008_v880136.exe
XPantivirus2008_v77024205.exe
XPantivirus2008_v880181.exe
I submitted these files to TrendMicro and they all came back as malware containing a Trojan downloader.
So it looks like this was part of an attack of some sort. The Minneapolis Star Tribune site may have been compromised or it may be an unwitting attack vector. I couldn't find a good email address to notify them yesterday, but I did find a "feedback" form that looked like it might work. They really need to have a link to notify them of website issues in general and malware attacks in particular.
--
I click on the StarTribune National News link and my Firefox page vanishes. Instead I see:

I have to kill Firefox from the XP application list to get free. Talk about "erratic PC behavior, PC freezes and creahes".

There actually is a vendor selling this product. So this might not be a simple phishing attack; maybe the bot virus is embedded in a supposed commercial product instead. Maybe my XP box isn't really infected and this really was something the Strib's ad supplier tossed up.

Or not. [jf: see comments. Looks like a malware attack.]

I just can't tell. McAfee SiteAdvisor connects the vendor to spam, so I'm leaning towards my machine NOT being infected and XPonlinescanner.com being a shady enterprise with a good probability of a nasty "backdoor" in their "antiviral" "security" product.

I really do need to get rid of my last XP box. Using XP on the net is like waving a wad of bills in a port bar of old Bangkok.

Update 9/14/09: A similar attack hit the New York Times

Deliberations of the Zorgonian Commission on the Terran Problem

100011010101010: This human was exceedingly wrong about war #2545134 but publicly renounced his errors.

100101011010110: A cognitively disabled human was tortured for weeks by her housemates and her caretaker then murdered.

100011010101010: I see your point.

100101011010110: Then the deliberations may end?

100011010101010: It has been a long time, hasn't it?

010101010101010: Too long.

001101010101010: But who will take care of the dogs?...