Buhjillions

In thinking about Bruce Schneier’s post on Wired.com, I’ve Seen the Future, and It Has a Kill Switch, I can’t help replaying in my head an Eddie Izzard bit about the kill/stun dichotomy of the “phaser” weapons in Star Trek.

There should have been many more settings, not just kill and stun.  Kill, stun, limp: that’s the next one down, isn’t it?  …or maybe on “bit of a cough” setting, even lower than that.

Some devices already have a remotely enabled kill switch, such as corporate Blackberries with remote wipe cabability (intended to protect sensitive company data should it be lost or stolen), and others will soon follow, like reports that OnStar is adding the ability to remotely stop the engine of a connected car (again, marketed as an anti-theft system).

Microsoft, however, is looking to set its phasers on stun, limp, or even “bit of a cough.”  They’ve filed a patent application for something they call Device Manners Policies (DMP), another Minitrue-style name and acronym, which, like Digital Rights Management is less about manners (or rights) and more about restrictions.  Schneier calls it Selective Device Jamming.  Essentially, under this scheme, locations will be outfitted with hardware to broadcast to your devices the rules of the land, such as “vibrate only” for cell phones, or “no photography” for cameras.  Hospitals or airplanes where critical equipment can be subject to interference from wireless devces would be able to force your devices into sleep mode until you leave the area (how will such wireless transmissions be guaranteed not to cause interference themselves?).

Microsoft wants to draw analogies with the societal guidelines we call “manners,” i.e. that it’s considered rude to talk on your cell phone in the movie theatre.  However, this is a false analogy since manners are guidelines, not rules.  DMP wants to disable functionality in your electronics (albeit temporarily) without your consent, or force them into sleep mode: limp and stun settings.

No, an actual manners technology is only a short step away from the “location-based services” stuff that all the cool kids were talking about 2 years ago–some of which are already out.  See, once your devices know where they are, you can do digital manners all client-side, without having to contact the Borg Cube to get your orders.  You have a couple different profiles, such as “theatre” which might mean switching to silent, “office” which sets ring volume to low, and “street” which sets it to high so you can hear it above the sounds of the city.  Simple, no external restrictions, and the user still stays in control.  Each person is free to choose to obey social guidelines or not: just like real manners.

Photo by Ted Sali
Creative Commons Licensed

I remember my first lesson on how to write a letter: how to address an envelope, the rigid explanation of formatting differences between business and personal, the impressive-sounding terms for the parts of a letter (the salutation, the complimentary closing, the postscript).  It was in elementary school language arts class.  We wrote letters and the teacher marked them up in red pen.  Commas missed after “Dear Mr. President,” and things like that.

They understandably assumed that letter writing would be one of the most common ways that I expressed myself to other people.  Little did they suspect that letter writing would be almost entirely supplanted by the writing of emails.  In fact, letter writing is still important because it is so infrequent.  It is a way to get noticed.  Writing a letter, to a company which has pissed me off, to my senator, or to a company I want to hire me, is the epistolary equivalent of breaking out the big guns.  Far, far more pedestrian is the humble email to which most of my written communication is consigned.

As regular readers may have guessed, I’m often appalled at how bad some people are at communicating through the medium of email.

This is why I think that email should be an important part of elementary education.  And, it should be taught by teachers of language.  (Tangentally, in my day they called this subject “language arts,” which I suspect is a rebranding of the subject “English.” I have no idea what they call it these days.)  Email is (or should be) no longer any more mystifying to a 10 year old than the postal service—so we don’t need computer/technology teachers to introduce it.  Using language to communicate is what email is all about, and kids will need more guidance on how to write emails than they will on how to send them.

Letter writing and email writing share a similar core, but should really be taught as distinct media.  A fundamental reality of email in today’s world is the sheer volume that people receive, unparalleled by letter-writing that preceeded it.  Most people will decide in a matter of seconds whether or not an email is worth the time to ever 1) read or 2) resond to.  In order to have any hope of getting their message across, students need to know how to write emails that sound out clearly among the constant noise—not an easy task for beginning writers!  They need to know the importance of writing good subject lines, how to get to the point quickly in the body of the email, and how to make it clear (and easy for their recipient to respond with) what they want.

They should be taught the (only slightly) technical details of email, just like we did for letters: how to address it, the parts (To:, From:, CC:, BCC:, Subject:, then the familiar salutation, body, closing), how to format not only original emails, but forwards and replies as well, the difference between HTML and Plaintext.  They should be introduced to all the fun that can be had with formatting, colors, fonts, pictures, hyperlinks and the <blink> tag, have their little hearts broken when it doesn’t display like they intended on their friend’s email client, and then be gradually weaned away from all the bling to find styles that fit the tone and purpose of the email.

If there are any elementary school teachers out there, I’d love to collaborate on writing some lesson plans for this. Get in touch!

Photo by adam79

PayPal just sent me an email saying that starting July 9th, they’ll stop charging for “Personal Payments” if they are funded from a bank account (i.e. not a credit/debit card).  I’m guessing this is an attempt to cut into the market share that online banking gets for making these types of payments.  It may also be a direct response to the move by banks to make these transfers instant (see post on card readers).

I have to admit, it’s pretty attractive.  No more messy exchange of bank details, just the email address of your recipient is all that’s needed.  However, I imagine that it will take somewhat longer than the new “instant” transfers offered by banks.  I wonder if I can move money overseas this way?  Also, what’s the difference between “personal” and “commercial” payments?  Is there anything to stop ebayers from getting their cash monies as personal payments and avoiding paying fees to PayPal entirely?

NatWest, my bank here in good ole England has seen fit to beef up security for some aspects of internet banking by moving to Strong Authentication.  Unfortunately, they haven’t seemed to have done the PR on this move as well as hoped.  Most of the reaction I’ve read on the net so far has been people annoyed.

Strong Authentication, or multi-factor authentication is considered by researchers to be significantly more secure than using a single factor.  A factor in this case is something that identifies a person, and factors are usually classified into 1) things a person knows, like a password or PIN, 2) things a person has such as a bankcard or keyfob built for this purpose, and 3) things a person is or does, like a retinal scan or fingerprint.  So online banking, which only required the user to enter in username/password combo relied on a single factor, whereas the ATM uses strong authentication since the user is required to have their bankcard and know their pin.

So NatWest (and I guess other RBS banks?) are sending that ATM-style authentication home to users by sending each a small calculator-like card reader for use with their bankcard.  It works pretty much exactly like the card readers in the grocery store, except that they give you a code online to enter in reader, and then the reader gives you a code to enter online.  I, for one am pleasantly geeked-out to use it, and glad to see that NatWest is taking the security of online banking seriously by putting so much money and effort into getting it out to users.

I don’t think they’ve done a particularly good job so far of allaying people’s concerns.  Lots of comments on blog posts are bemoaning the fact that they’ll have to carry the damn thing around with them—no, you wont.  You’ll only need it to make a payment to someone online if you’ve never made a payment to them before.  The readers are also entirely identical, meaning you can borrow your cubemate’s reader if he has his at work and you keep yours at home.  But I’ve heard rumors that the big reason NatWest is beefing up security is because they’ll be cutting down the delay between making a payment and the recipient getting credited.  It’s now about 3 working days, and apparently the plan is to make it happen in seconds.  If true, that’s a really important new feature that NatWest could use as a way to introduce the readers:  “We’re working faster to process your payments, but also means that we need to increase security.”

Finally, since the reader is just a standard thing (even readers from other banks will apparently work), I’m hoping either they’ll release software that works with laptop smartcard readers, or someone hacks it together.  The security is in the microchip on the card, so putting the reader as widely available as possible shouldn’t undermine the system.

Criminal elements like scammers, spammers, and botnet overlords using internet-based attacks are nothing new.  Things got interesting last year, when an army of computers (which appeared to be controlled from Moscow) launched an attack against the government of Estonia, crippling their servers and forcing a shut down of international network access.  It was the first incident on my radar where a national government was the target of a computer attack.  Then, earlier this year, the US Air Force announced the formation of their Cyber Command, an attempt to build up our military’s capability to deal with internet- and computer-based threats, both defensively and offensively.

So criminals and national governments are putting together their attack armies to wage war on the internet.  What’s new to me, however, is that some private companies are doing the same.  Revision3, an internet television company, claimed that they were attacked over Memorial Day weekend by MediaDefender, a company that disrupts P2P networks in an attempt to discourage the spread of copyrighted works.

For years people have expected this day to come: real-life battles happening in cyberspace; and the internet is comparatively less safe than the places most (first-world) people are used to doing business.  It will be an interesting evolution over the next few years to see how we as a society deal with this new frontier.  The US military is justifyably concerned that foreign or domestic elements could use the internet to do serious harm to the US and our interests, but I’m now becomming aware that it isn’t just governments that need to be concerned.  This incident will be an interesting test case to see if our laws and law enforcement agencies are strong enough to extend an arm of protection to legitimate businesses operating in American jurisdictions.