Robin Wilton's esoterica

Oops. I should have learnt by now that I stray into the whole 'Physics' domain at my peril. I've redacted this post in response to comments (which I have left in place) - thanks to Drew and anonymous for those. 

On a recent visit to Washington DC I managed a quick look at the Smithsonian's National Air and Space Museum, which was great. Unfortunately I didn't get out to the Udvar-Hazy Annex near Dulles airport, but that's for another time. Anyway, downtown one of the exhibits I saw was a Hubble space telescope. It was placed in between the Skylab Orbital Workshop, and a linked pair of Apollo and Soyuz command modules.

It prompted a number of thoughts:

- first, scale: when you have an opportunity to see things like the early Gemini re-entry capsules, the Apollo command/re-entry module, the lunar lander, the space telescope and the Skylab section (in order of increasing size), it reinforces the impression that the Hubble is big. It's on the same general scale as the other large exhibits, but of course they had the additional design requirement of being able to contain human beings. With the Hubble, it's all machine. [The Hubble was launched using the Space Shuttle, as Drew points out. The US National Reconnaissance Office is apparently a bit reticent about how/when Keyhole-type satellites are launched, but according to howstuffworks.com, both the Shuttle and Titan-4 rockets are viable vehicles. The Spaceflight Now site maintains that the Keyhole has an optical resolution down to about 10cms/4ins - though one could expect the resolution of imaging released to Google to be significantly lower than that retained for intelligence purposes. In terms of size, the Hubble is about 40 feet long and has a telecope barrel of 10ft diameter. The 'fairing' mounted on a Titan-4 rocket for presumed Keyhole launches is about 66ft long.]

- second, the Soyuz command module reminded me irresistibly of the Starbug from Red Dwarf.

- third: did you know that the Hubble space telescope is essentially the same as the Keyhole surveillance telescopes from which (among other things) Google gets its satellite pictures of your roof? It's just pointed inwards rather than outwards. [anonymous casts doubt on this - but I refer you to Prof. Mark Monmonier's 2002 book "Spying With Maps", in which he explains the shared heritage of Hubble and Keyhole, and the different techniques used by surveillance satellites for 'straight down' and 'oblique' imaging. The 'How Stuff Works' site, among others, confirms the similarity. Drew - in my defence, I did say that the Keyhole mapping is just one of Google Maps' imaging sources...]

[A further update as of Tuesday Sept 4th., on the question of the maximum theoretical clarity of trans-atmospheric imaging: this BBC article describes how scientists from Caltech and Cambridge have used software to 'sharpen' the images captured by a 200-inch telescope at Mount Palomar Observatory by compensating for atmospheric distortion. The article points out the conflicting factors of atmospheric distortion and telescope size...]

So it makes sense, I suppose, that the current version of Google Earth includes a "Sky" button which you can use to get your own virtual planetarium.

Well - that's your productivity ruined for a few hours... I'm off to do some work.

There's been a fair bit of mailing-list discussion recently about implementing of an OpenID token within an Infocard profile. On the face of it, there are four readily-identifiable reasons why one might want to try this:

1 - to capitalise on the probability that Cardspace will grow in pervasiveness;

2 - to see whether it benefits from the addition of OpenID-style flexibility;

3 - to see whether, conversely, OpenID's much-discussed phishability can be reduced by using a different vector for its tokens;

4 - as a more general experiment in 'interworking' between different current identity technologies.

On 3 and 4, at least, the results seem positive. However, Gerry offers a balanced and penetrating analysis of the over-all project here, which I recommend.

If I can paraphrase his conclusions very roughly: 'it's an interesting and useful experiment, but tends to fail the "so what?" test. It is unlikely to improve user security, because technical limitations mean users are unlikely to form an accurate view of the extent to which they are protected or not.'

At the beginning of the month I happened to blog about Prof. John Daugman and the misgivings he expressed about fingerprint biometrics. I now have some practical experience of this which I'm happy to share for the greater good...

My new laptop has a fingerprint scanner which you can use to authenticate when you boot the machine. In a spirit of altruistic enquiry, I thought I should try it out. However, I was also mindful of Caspar Bowden's very thoughtful recent comments about 'reserving a few biometrics for later', so I only registered a couple of fingers, rather than the whole fistful. In late July/early August it all worked fine.

On holiday, among other things, I did some kayaking and rock climbing. One consequence of this was that the skin on bits of my hands was not in very good nick when I got home, and guess what, the fingerprint scanner didn't believe it was me. OK, there was a backup password, but as luck would have it (and how often does this happen when one goes on holiday) I had a mental blank as to what I had set it to. The most obvious password didn't work, and in thinking back through its predecessors I accidentally missed the correct one, so I had a rather sticky few hours contemplating the awkward conversation with my boss on Monday morning:

"Um, I've still got my new laptop, and it's all working just fine, but.. er.. I can't actually use it. I should be able to again when my fingerprints grow back."

Hmm.

Anyway, I hope this is of some use to anyone wondering whether to start using fingerprint biometrics.

1 - look carefully at what the fallback options are if some or all of your fingerprints stop working;

2 - bear in mind that if one option is a backup password, you might only ever need to use that infrequently - so consider what you might do to ensure that you remember it correctly over an extended period of time. (As an aside, I have a password for a telephone banking service which I never use. I am only ever asked for the password in a real, exeptional emergency, such as when I'm calling in to report a lost or stolen card. As a result, I can never remember what the password is, which rather defeats the point...)

I'm sitting on the veranda of the Cheat River Inn, overlooking a river valley which (if it were light enough) would still be misty from the evening's thunderstorm. As it is it's dark, but sleep is still not a realistic prospect because of the racket of the frogs, cicadas, crickets, katydids or whatever nocturnal fauna.

Quote of the day has to go to the guide on a tour of some local caves, hewn from the rock by millennia of dripping water:

"These are lahmstewn caves", he said, which took me a moment to transpose. "Evwer there there use to be an ancient Indian burial ground*, but out of respect for the Indians it was walled up in the 30s when the cave was commercialized".

The word "ground" had more syllables in it than I can sensibly transcribe. What struck me, though, was the ease with which most people from around here could blend seamlessly into life in the part of Wiltshire where I live. And I mean that as a compliment in both directions.
 

I think this one has to be filed under "posting from unexpected places"...

I've found a hot-spot... and not just for wi-fi (although it seems to be the only working wireless access point for many miles around).

I'm sitting in the Purple Fiddle, in Thomas, West Virginia.It has a justifiably excellent reputation for live music (mostly bluegrass) several evenings a week, but is also just a really pleasant place to hang out. The beer's pretty good, too.

It all seems a very long way from more warnings of heavy rain, and the announcement that bidding has opened for slices of the ID Card Programme pie. Where I am, if they offer you pie, it's more likely to be lemon, cherry or key lime. Yesterday, more out of curiosity and greed than anything else, I asked if I could have just a small slice. The waitress looked very doubtful.

"We..eee..lll,", she said after some thought... "I'll go ask, but I don't know if she can cut a small piece. Look around y'all... they don't really know what a small slice is 'round here."

Not many postings recently, I know, but I'm travelling at the moment and seem to be further from internet access than has been the case for some time. It's very odd suddenly being without email and internet search capabilities, but a useful reminder of how it is actually possible to function without them...

I thought I would be getting away from the rainstorms when I flew out of the UK, but there have been massive thunderstorms here too. Photos will follow shortly, when I have a more normal level of connectivity.

From the current edition of Private Eye:

"Despite complaints about "Gestapo-like" tactics purused by police investigating the cash-for-honours affair, it seems that the trio arrested by Inspector Knacker - Lord Levy, Ruth Turner and Sir Christopher Evans - may have been treated more favourably than most suspected villains.

For the past three years police have routinely taken DNA samples from people they arrest and added them to the national database, even if they are completely innocent. When the Eye phoned Scotland Yard to confirm that the cash-for-honours trio had indeed been treated like most other suspects, a spokeswoman said: "Taking DNA does not happen in every case."

We also asked Lord Levy's office, Tony's Blair [sic] new office (where Ms Turner now works) and Sir Christopher's office at his Merlin Boisciences company. Raply came there none."

As you may remember, Tony Blair and the then Health Secretary Patricia Hewitt were also questioned, but I would bet that the same policy exception will have been extended to them too.

OK, I like to think I have the customary level of middle-class angst
about recycling, littering and so on, but this is getting ridiculous.

A Home Office consultation report apparently says that respondents "welcomed the ability to reduce the threshold, including to the extent
of allowing for the taking of fingerprints, DNA and footwear
impressions for non-recordable offenses for the purpose of offender
identification and searching databases".

Who the hell are they consulting? 

The logic here defies analysis.

First, there's the notion that if a police officer spots you littering, they need to establish your identity to a degree which only a DNA sample can satisfy. Second, there's the implication that if you're caught speeding, the existing dvier and vehicle-based credentials are similarly insufficient to prove your identity. If that's the case, I look forward to challenging my next speeding ticket on grounds of mistaken identity.

Then there's the idea of searching the databases for someone who has just
committed a non-recordable offense. Either the assumption is that
people who commit one non-recordable offence (such as littering) commit
other non-recordable offences... which a trawl of the databases is,
let's face it, unlikely to reveal, or the assumption is that people who
litter also commit recordable offences such as burglary, rape, arson
and the like. So much for the presumption of innocence, but then, we
knew that had been ditched a while back anyway.

Then
there's  the implicit idea that DNA, fingerprints and footprints
are more or less equivalent as a means of identifying someone who the
police stop in the street. Wuh? Are they trying to imply that all
villains own only one pair of shoes? Does the name 'Imelda Marcos' mean
nothing to them?

To complete the Catch-22 scenario, I assume that if you decline to give a DNA sample for littering, you will be arrested for obstructing the police in the course of their duties, and a sample required on that basis. 

The Guardian's article
cites Baroness Kennedy's comment that, once your DNA sample is on the
database it is increasingly difficult to have it removed. Bear in mind
that the threshold has already been lowered in several significant ways:

1) All offences are now arrestable offences.

2) The police may require you to give a DNA sample if you are a witness to a crime, as opposed to a suspect or even a victim.

3) Being acquitted of a crime will not, by default, result in your DNA data being removed from the database.

Isn't it time the proportionality of this whole approach was challenged in the courts?

The Independent Police Complaints Commission's second and final report on the police shooting of Jean Charles de Menezes at Stockwell tube station two years ago (blog post, Aug 2005) is to be published any minute now. After the first report was released, the Crown Prosecition Service decided there was no basis on which to bring charges against any individual involved in the case.

Reports from the BBC and Guardian (article here, recap of police statements in 2005 here, and comment here) suggest that the IPCC's report is highly critical of the Metropolitan Police, but ultimately is unlikely to resolve the issues of (i) the killing of Mr de Menezes, whom the report itself apparently describes as "completely innocent", and (ii) the allegations of misinformation which have been lodged against the police.

Doctor Foster went to Gloucester
After a shower of rain;
He sampled a puddle,
and oh, what a muddle -
you might as well drink from the drain.

Chorus (vomitando con brio):

Salmonella, typhoid, e. coli;
Cholera, Staph. Aureus,  Clostridium D...
Escherichia, and Winter Vomiting Bug,
Thriving in those sodden piles of  thrown-out rug.
 

Read her views on why conferences are boring, unproductive and generally poor value for money...

A BBC Radio 4 programme, 'File on Four' reports the concerns of Professor John Daugman over the accuracy rates of fingerprint-based biometric systems. You can find a podcast of the programme here... The trailer for the article also mentions that Prof. Daugman happens to have developed an algorithm for iris-based biometrics, so although he is an expert, he is not necessarily an entirely disinterested one.

That said, his comments raise several entirely valid points. 

First, all fingerprint biometrics are not equal. There are different national standards for how many salient points you capture for a given fingerprint, and how many are required to claim a match. If I recall correctly, the standard adopted for the UK system is lower than that stipulated by, say, the FBI (citation needed... if you can confirm or refute this, please leave a comment...).

Second, a response to his criticisms from the IPS was "yes, we know there will be false positives/false negatives, but we always expected to have to have manual exception-handling for some cases". This is understandable - any security system depends as much on the policy controls as the technology used - but potentially worrying. You may remember that I wrote a few days ago about real usability issues in the Iris system at Heathrow's Terminal One.

In that system, a fairly concentrated stream of people is expecting to perform a simple authentication check (with no subsequent 'service delivery' beyond the opening of a glass door) in a tightly-controlled environment. The exception handling process ought to be relatively simple to implement, but is very badly done (at least, at Terminal One... my suspicion is that at Terminal Three it would be better handled).

By contrast, the ID Card scheme will be authenticating against a massively larger user population, in a highly distributed and varied environment for a wide range of subsequent services. It will be practically impossible to implement a standard and consistent set of error-handling procedures. I think it's over-optimistic to expect that the resulting user experience will, over-all be better than that at Terminal One.