Security Through Inanity

1 February 2008 — dan

So here I am signing on for the Australian Government's online Medicare thingy, which started out pretty secure. You do the first stage of the signup stuff, and then they send you a letter with your password for the next stage of the signup in it.

And then, after you log in using that password, you get this:

Dumb security question form

Make sure your Answers are only known to yourself! You know, like your mother's super secret maiden name that not even SHE knows!

(And yes, the missing apostrophe's the icing on the cake.)

I know this kind of crap is nothing new, but this is a pretty awesome implementation of it.

Not only do they tell you to use the archetypal, perfect example of an appallingly insecure "secret question", but they also tell you to set up four more such questions. So even if your first question is quite a good one, like "What poster did I have on my bedroom door before I had the Van Halen one?", you're likely to come up with something a lot less secure as you add more and more of the bloody things and run out of ideas.

(Here's another one that forces you to have five questions. Bonus points for the versions that won't let you enter an answer with fewer than six characters. Because nobody's called Smith or Jones.)

I came up with a properly obscure but memorable question for the first of the five on the Medicare form, then entered keyboard-mashing randomness for the other four. Then I wondered whether these "authentication" questions might be asked at some time other than when I'd forgotten my password - if they're used all the time, possibly even over the phone, then making one of them "Dummy question 3? / sdtrt45ruidhbioweyrvga34awe7du" is probably not a good idea.

So I tried duplicating my good first question and answer for the other four as well, despite the fact that the instructions tell you to record five different ones. That turned out to be fine.

(I've now discovered that the Medicare site uses the "security questions" when you want to change stuff like your contact details. It asks you two of the questions then, so it's a good thing I didn't just bang my face on the keyboard. Because all five of my questions are the same, the system of course just asked me the same question twice. It didn't seem to mind.)

It's possible to wring some security out of even a system that forces you to use mother's-maiden-name as an authentication question, by simply making up a novel answer for that question. But if you use the same oddball "maiden name" for authentication for every such site, then the first time the information that your mother's maiden name is "snorkel" gets out - which you should assume it's going to, because these people have demonstrated themselves to be idiots by their choice of this security system in the first place - you're just about as screwed as you would be if you'd used the real, matter-of-public-record maiden name.

To get around this, you have to come up with a different "maiden name" for every site that asks. You of course won't be able to remember them all unaided, so will need to store them along with your other passwords. Since the only time you're likely to need the "maiden names" is when you've lost the other passwords, though, this brings one face to face once again with the blatant stupidity of the whole concept.

And yes, the blithe suggestion of "maiden name" secret questions also skates over the issue of people whose family doesn't have a vanilla Western surname at all. Not to mention foundlings, people who had the hide to be born to unmarried parents, and that so-often-neglected portion of the information security marketplace, humaniform robots.

("My mother? Let me tell you about my mother.")

UPDATE: How did that guy "hack" Sarah Palin's Yahoo e-mail account?

That's right: By taking advantage of "secret questions" that were matters of public record, or otherwise trivially easy for anyone to guess.

(It's a shame that Palin didn't use that account to do anything very interesting. Wouldn't it have been awesome if it turned out that was the account she used to indulge her secret passion for Mythbusters slash stories?)

Posted in Nerdery. 13 Comments »

Revolutionary Sonic Boiler Probably Not A Scam!

31 January 2008 — dan

Peter Davey

A reader asks:

Hey Dan,

Tell us about this thing please. Can there be that much transfer of energy so quickly?

Steven

Well, we don't really know how quickly Peter Davey's "sonic boiler" is supposed to be working. The article says it boils the water "within seconds", which is a bit of a fuzzy definition. I'd like to see exactly how fast it actually does boil it.

And if you want to transfer energy to a liquid, hitting the resonant frequency of that amount of liquid in that container is actually not a good way to do it. That'll just spray water up the walls. And talk of "resonances" is of course practically diagnostic of crackpottery.

But, making the usual allowances for scientific illiteracy in the popular press, it's possible that someone could have come up with a way to dump energy into water faster than your normal immersed heating element can do it.

Immersed elements are already pretty darn good, though.

The "2200-2400W" electric jug in my kitchen will bring half a litre of water to a good enthusiastic boil in about eighty seconds, and it draws as much power as you can get from the maximum ten-amp-per-socket current rating of 220-240V countries like Australia and New Zealand, where this inventor resides.

The sonic boiler could be running at 15 amps or more, but that's cheating; 15-amp sockets are special equipment (used for things like air conditioners), and anybody can boil tons of water in half a second if they're allowed to use as much electricity as they like.

About 500ml is the minimum amount you can put in most electric jugs without leaving some of the heating element hanging in the air to overheat. It's also two mugs worth of liquid. So, as Peter Davey says, people certainly do often boil more water than they need. But making an electric jug of conventional design that can heat one mug worth of liquid is not a great engineering challenge. Let's do the sums and see how fast such a jug could perform, in Physics Experiment Land where pulleys have no friction and cows are spherical.

The (physics, rather than dietary) calorie is the amount of thermal energy necessary to raise the temperature of one gram of water by one Celsius degree. So if you start with 250 millilitres of water at 25°C (which means almost exactly 250 grams of it) and need to raise it all to 100°C, you need 75*250=18,750 calories, which is 78,450 joules.

A joule is a watt-second. So if you've got a 2400-watt heater that transfers heat with perfect efficiency to water, you must run it for 32.7 seconds to do this job.

Taking that into account, my electric jug is, clearly, not that far from the theoretical maximum water-heating efficiency.

Assuming its element could be fully submerged in only 250ml of water, that water would boil in about forty seconds, which is only 1.22 times the Physics Experiment Land time for the job.

Given that the element has to heat up from the inside out, and that some energy is lost through the walls of the jug, and that some more is lost to internal evaporation and sound and so on, this electric jug is clearly working about as well as it even theoretically could, when you take real-world limitations into account. Some other 2400-watt heater, built in such a way as to be less limited, could only possibly do the job in 82% of the time, unless it was magically getting energy from nowhere. And Peter Davey does not appear to be making any such claims.

(I'm also assuming that he's not cheating by pre-heating the boiler before it's dipped in the water. It's not hard to boil water "instantly" if you drop a red-hot rock in it.)

So I say good luck to this bloke. He may well have come up with a genuinely new and interesting heater element design, which may have advantages over existing bare immersible heaters, which are generally rather dangerous things. And his heater may work very nicely with even small amounts of water, which in itself is a step forward; you can get electric kettles with the element built into the baseplate which work with arbitrarily small amounts of water, but they take longer to heat up in the first place because of all the extra metal around the element. There may indeed be a niche for this sonic heater, if it performs as advertised.

But there ain't no such thing as a free lunch. If the sonic heater works very much faster, in seconds-per-gram terms, than any old discount-store electric jug, then it's another perpetual motion machine, which would have a few applications beyond just making a quick cup of tea.

Posted in Electricity, Science. 10 Comments »

Moletech Fuel Saver retraction gets official... sort of

30 January 2008 — dan

I used the Sydney Morning Herald's feedback form to ask them what had happened to their adulatory article about the Moletech Fuel Saver. The other day that page had turned into a weird error-within-a-page, but it now gives a proper "your page was not found" error.

The reply, from "Thea & Justine", reads in full:

The article was removed from our site for legal reasons.

I've asked them whether they'd care to elucidate, but I suspect they would not.

I've also e-mailed the actual author of the piece. The game's afoot!

Posted in Cars, Scams, Science, Strange Tales. 3 Comments »

The Six Ugliest Space Lego Sets

29 January 2008 — dan

I'm sure every kid who, like me, spent hours on end poring over Lego (or Meccano) catalogues, was not doing so in simple appreciation of the masterful design that went into the models.

No - we were looking at the parts. Looking, and evaluating.

"It's five more dollars for this spaceship over that one, but you get a big engine cone instead of the medium size, and one of the cool new blue spacemen instead of just another red one..."

And so on.

I developed a great enthusiasm for Technic Lego as well, but Space was my first love. And it had some weird sets.

Every now and then there'd be something that was just so super-cool that the parts in it hardly mattered, seeing as you never took it apart. The Tri-Star Voyager qualified in that category for me, and the old Space Shuttle (less confusingly called the Two-Man Scooter outside the USA) was a contender too.

The real entertainment was to be had at the other end of the aesthetic scale, though.

Sets that you built, looked at, said "I'm eight, and even my spaceships look better than that", and dismantled at once, lest their ugliness prove to be contagious.

Let's kick off with Space Lego's greatest miss from 1985, the unmentionable, or at least un-named, set 1968...

Lego set 1968

...which was apparently built from the wreckage of one or two crashed Gamma-V Laser Craft (which look completely fantastic; my Gamma-V was another of my never-taken-apart models).

Lego Interplanetary Shuttle

And then there's this, the Interplanetary Shuttle. It's apparently a mail delivery vehicle... with a control panel in front of the driver, facing away from him.

Different Space series had a whole genre of funny looking little robots, the king of which was the mighty 6951 Robot Command Center.

Lego Robot Command Center

The Robot Command Center is the only one on this list that I actually owned - because as a parts pack, it was superb.

As a model, though, it was atrocious. It was not only bizarrely misshapen; it also had things on it that didn't even make sense.

Those big blue double-canopy jaw things on the side were the most obvious. I suppose the grabber arms were meant to lob rocks into them or something.

(I used them as prison cells, and as spaceship canopies for ships flown by robots, who had no need for anything as primitive as looking out the window.)

More subtle were the finned rocket cylinders embedded, for no clear reason, in the Robot Command Center's ankles, just above the skid-jets (borrowed from a more sensible vehicle) on which it, presumably very unsteadily, skated across the landscape.

(Completely embedded rocket parts were unusual, but Lego made a habit of putting rockets on ground vehicles. OK, perhaps the nozzles on this dude's classic Shovel Buggy are actually a horn that plays The Yellow Rose of Texas, but I doubt it. I mean, that wouldn't work in a vacuum, would it?)

The Robot Command Center spawned some more Big Ugly Robots. 1994's Robo Guardian was a notable example...

Lego Robo Guardian

...with a total of ten wheels, four of which were unable to touch the ground.

(Did they at least touch the other wheels, and so rotate in the opposite direction? Surely they weren't just hanging there...)

But unquestionably the Ugliest of the Big Ugly Robots hit the market three years later.

I present, with pride, the Robo Stalker.

Lego Robo Stalker

Egad.

But wait, there's one more.

One very special, very rare, very ugly spaceship.

Even most real Space Lego enthusiasts have never seen one of these in the flesh, because it was only available, in 1983, as a special promotion with (of all things) Persil laundry detergent. Well, that was the deal for the UK version of the set, anyway - it was apparently available in other countries with some similar deal.

On the plus side, you didn't have to send in any box tops - though you did have to send in £9.95, which is more than £24, about $US50, in today's money.

Lego set 1593

Behold - Set 1593!

(This is another one, like #1968, which has a set number but no name.)

Once you've finished wondering how drunk these little Lego men were when they decided to be seen in this thing, I really must insist you check out the full-size original image on the Lugnet site here, because this baby's just full of entertaining details.

The cockpit, for a start, has holes in it. Not just the ones you can see above the wing - there are two more on the sides below the wing, and one more gaping hole on the front of the cockpit under the wing. So it looks as if these little guys are going to have to keep their helmets on for the entirety of their mission. And they'd better watch out for space-birds.

Set 1593 also features two big main engines mounted on 2x2x2x2 brackets, which are flimsily attached to one-stud-wide rails. And there are ladder/grille pieces (radiators?) hanging down off the body in four places.

And, the finishing touch: On the top of the nose of the ship, directly behind the big skeletonised dish, is a two by two turntable.

With nothing on it.

It's just a little bit on the front of the ship that can turn round and round.

(Oh, and behind the front dish on the underside of the ship is what every sane Lego kid agreed was a dual laser gun... pointing backwards, at the pilot, through that hole in the front of the cockpit.)

As far as play value goes, this set is decent. That top-heavy land-crawler thing hooks onto the back of the ship (which doesn't make it look much better...), and there's a sort of base-station... cupboard... contraption, and various accessories.

But boy, is it ugly.

To make things even weirder, set 1593 apparently contains all of the parts from the perfectly decent 6880 Surface Explorer and the classic, Concorde-ish 6929 Starfleet Voyager. It would appear the latter crashed into the former at full speed, and 1593 - with its very own box and instructions - was the result.

But, as with every other one of these sets, you can always break it down for parts. And maybe build yourself a Surface Explorer and a Starfleet Voyager.

It's not as if even the ugliest of Lego sets is a stupid Death Star that turns into a giant Darth Vader robot for no reason at all. Any Lego set can be reassembled at will into whatever you want.

Which could be why they're still around, after fifty years.

Posted in Humour, Nerdery, Toys. 13 Comments »

Moletech Fuel Saver - the plot thickens!

27 January 2008 — dan

Four days ago (I forgot to post about it until now) I was surprised to actually receive a reply from the Australian Federal Government's pithily-named Department of Infrastructure, Transport, Regional Development and Local Government about the Moletech (or maybe MTECH) Fuel Saver, an entirely generic-sounding magical fuel treatment device which I blogged about a while ago.

The enthusiastic Sydney Morning Herald piece about the Fuel Saver concluded with a claim that the abovementioned Department Of Having A Very Long Name had published some sort of report on the device, following "a vehicle emissions test report conducted in October last year".

One Craig Stone from that Department, though, did in fact get back to me, as follows:

Thank you for your query. The Department of Infrastructure, Transport, Regional Development and Local Government, formerly the Department of Transport and Regional Services (DOTARS), is currently looking into this matter.

At no time has the Department endorsed this product or conducted emission testing on it.

Thanks, Craig!

And isn't this a turn-up for the books - it seems that some people selling a magic fuel treatment gadget aren't being entirely straightforward about the validity of their supporting evidence! Say it ain't so!

Oh, and one more thing: The Herald piece, entertainingly headlined "Fuel Saver No Snake Oil", was here and here, but isn't any more. This is odd, because I don't think the Herald (or their sister paper the Melbourne Age, which has done the same thing with its copy of the article) normally retract Web articles - certainly not with a mere "page not found" error, as is the case here.

There's no official notice of retraction that I can see, either. The only mention of the Fuel Saver on the Herald's site right now is in this reprinted AFP piece.

And actually, it gets even weirder. The text of the article as it currently stands, surrounded by all the rest of the normal ads and navigation and so on that surrounds any other article text, now appears to be a standard Internet Explorer "The page cannot be found" 404 error, complete with the bit at the bottom that says

HTTP 404 - File not found
Internet Explorer

That looks pretty bloody odd when you're viewing the page in Firefox.

It's not a frame, or anything; it really looks as if someone's copied and pasted an Internet Explorer 404 page into the Sydney Morning Herald's content management system as the text for that article.

I wonder if we're looking at the handiwork of an embarrassed author, here?

Posted in Cars, Scams, Science, Strange Tales. 6 Comments »

"This may be your answer to the job problem!"

26 January 2008 — dan

The Modern Mechanix blog's reprint of a December 1931 feature about Scientific Hoaxes that Have Fooled the World is entertaining in itself.

But, as I've said before, there's usually some more entertainment to be gained from the advertisements in these old magazines. And such is certainly the case this time.

On the third page of the Scientific Hoaxes piece, a proud graduate of the Federal School of Illustrating expresses his relief that, in those dark days of the Great Depression, "I'm a trained artist - and I've quit worrying"... about losing his job.

I like to think that even readers in 1931 would have been laughing at the supreme employability of guys who know how to draw.

(Page four of the feature has an ad offering you the chance to "Learn Electricity the McSweeny Way!" I am uncertain whether anybody who, when asked what they knew, said "Electricity!", has ever actually gotten a job.)

Posted in Humour, Science. 3 Comments »

What's a plot hole's Schwarzschild radius, anyway?

24 January 2008 — dan

Wikipedia has a general, if somewhat fuzzy, policy against the inclusion of "fancruft" in articles. This is entirely fair; it's amazing how much vitally important information about Pokemon and Buffy The Vampire Slayer would appear in... well, pretty much every Wikipedia article... without such a policy.

As the terse TV Tropes entry on the subject mentions, the "In Fiction" and "In Popular Culture" sections in countless Wikipedia articles are focal infection points for the fancruft disease. And, as it also says, TV Tropes is where you should be putting that stuff anyway - if you can settle for somewhere other than Wikipedia as a repository for your invaluable creative output.

There are, however, some articles on Wikipedia where fancruft is pretty much the purpose of the exercise.

Like "Plot Hole".

As is so often the case, the Talk page for "Plot Hole" is at least as much fun as the article itself.

Posted in Nerdery. 6 Comments »

Security through graffiti

24 January 2008 — dan

You know, writing your PIN number on the wall next to the ATM machine you usually use is not actually that bad an idea, as long as nobody sees you doing it, or notices you reading it.

Of course, you may well be screwed if someone paints the wall.

Posted in Humour, Strange Tales. 2 Comments »
« Older posts
Newer posts »