I was discussing his Zphone encrypting telephone system with Phil Zimmermann today. In his system, phone calls are encrypted with opportunistic, certificateless cryptography, which I applaud because it allows zero user interface and not centralization. It is vulnerable to "man in the middle" attacks if the MITM can be present in all communications.

His defence against MITM is to allow the users of the system to do a spoken authentication protocol at any time in their series of conversations. While it's good to do it on the first call, his system works even when done later. In their conversation, they can, using spoken voice, read off a signature of the crypto secrets that are securing their conversation. The signatures must match -- if they don't, a man-in-the-middle is possibly interfering.

I brought up an attack he had thought of and called the Rich Little attack, involving impersonation with a combination of a good voice impersonation actor and hypothetical computerized speech modification that turns a good impersonator into a near perfect one. Phil believes that trying to substitute voice in a challenge that can come at any time, in any form, in any conversation is woefully impractical.

A small amount of thought made me produce this attack: Two impersonators. Early on in a series of conversations, the spy agency trying to break in brings in two impersonators who have listened to Alice and Bob respectively (we are hearing their calls) and learned their mannerisms. A digital audio processor helps convert the tones of their voice. That's even easier on an 8khz channel.

As you may know, if you buy a cell phone today, you have to sign up for a 1 or 2 year contract, and you get a serious discount on the phone, often as much as $200. The stores that sell the phones get paid this subsidy when they sell to you, if you buy from a carrier you just get a discount. The subsidy phones are locked so you can't go and take them to another carrier, though typically you can get them unlocked for a modest fee either by the carrier or unlock shops.

I've been seeing a lot of press lately worrying that the internet won't be able to handle the coming video revolution, that as more and more people try to get their TV via the internet, it will soon reach a traffic volume we don't have capacity to handle. (Some of this came from a Google TV exec's European talk, though Google has backtracked a bit on that.)

In light of my recent threads on CitizenRe I built a spreadsheet to do solar energy economic calculations. If you click on that, you can download the spreadsheet to try for yourself. If you don't have a spreadsheet program (I recommend the free Gnumeric or Open Office) it's also up as a Google Solar Spreadsheet but you may need a Google account to plug in your own numbers.

Many cities (and airports) have official taxi monopolies. They limit the number of cabs in the city, and regulate them, typically by issuing "medallions" to cabs or drivers or licences to companies. The most famous systems are in London and New York, but they are in many other places. In New York, the medallions were created earlier in the century, and have stayed fixed in number for decades after declining from their post-creation peak. The medallion is a goldmine for its "owner." Because NY medallions can be bought and sold, recently they have changed hands at auction for around $300,000. That 300K medallion allows a cab to be painted yellow, and to pick up people hailing cabs in the street. It's illegal for ordinary cars to do this. Medallion owners lease the combination of cab and medallion for $60 to $80 for a 7-9 hour shift, I believe.

Here in San Francisco, the medallions are not transferable, and in theory are only issued (after a wait of a decade or more) to working cab drivers, who must put in about 160 4-hour shifts per year. After that, they can and do rent out their medallion to other drivers, for a more modest rental income of about $2,000 per month.

On the surface, this seems ridiculous. Why do we even need a government monopoly on taxis, and why should this monopoly just be a state-granted goldmine for those who get their hands on it? This is a complex issue, and if you search for essays on taxi medallions and monopoly systems you will find various arguments pro and con. What I want to get into here is whether some of those arguments might be ripe for change, in our new high-tech world of computer networks, GPSs and cell phones.

In most cities, there are more competitive markets for "car services" which you call for an appointment. They are not allowed to pick up hailing passengers, though a study in Manhattan found that they do -- 2 of every 5 cars responding to a hail were licenced car services doing so unlawfully.

Recently I opened up a surprising can of worms with a blog post about CitizenRe wondering if they had finally solved the problem of making solar power compete with the electrical grid. At that post you will see a substantial comment thread, including contributions by executives of the firm, which I welcome. At first, I had known little about CitizenRe and the reputation it was building. I thought i should summarize some of the issues I have been considering and other elements I have learned.

CitizenRe's offer is very appealing. They claim they will build a plant that can make vastly cheaper solar. Once they do, they will install it on your roof and "rent" it to you. You buy all the power it produces from them at a rate that beats your current grid power cost. Your risks are few -- you put down a deposit of $500 to $1500 depending on system size, you must cover any damage to the panels, and they offer removal and replacement for a very modest fee if you need to reroof or even move. You lock in your rate, which is good if grid rates go up and bad if grid rates go down or other solar becomes cheaper, but on the whole it's a balanced offer.

In fact, it seems too good to be true. It's way, way cheaper than any offering available today. Because it sounds so good, many people are saying "show me." I want to see just how they are going to pull that off. Many in the existing solar industry are saying that much louder. They are worried that if CitizenRe fails to deliver, all their customers will have been diverted to a pipedream while they suffer financial ruin. Of course, they are also worried that if CitizenRe does deliver, they will be competed out of business, so they do have a conflict of interest.

Here are some of the things to make me skeptical.

If you're like me, you select special unique passwords for the sites that count, such as banks, and you use a fairly simple password for things like accounts on blogs and message boards where you're not particularly scared if somebody learns the password. (You had better not be scared, since most of these sites store your password in the clear so they can mail it to you, which means they learn your standard account/password and could pretend to be you on all the sites you duplicate the password on.) There are tools that will generate a different password for every site you visit, and of course most browsers will remember a complete suite of passwords for you, but neither of these work well when roaming to an internet cafe or friend's house.

However, every so often you'll get a site that demands you use a "strong" password, requiring it to be a certain length, to have digits or punctuation, spaces and mixed case, or subsets of rules like these. This of course screws you up if the site is an unimportant site and you want to use your easy to remember password, you must generate a variant of it that meets their rules and remember it. These are usually sites where you can't imagine why you want to create an account in the first place, such as stores you will shop at once, or blogs you will comment on once and so on.

Strong passwords make a lot of sense in certain situations, but it seems some people don't understand why. You need a strong password in case it is possible or desireable for an attacker to do a "dictionary" attack on your account. This means they have to try thousands, or even millions of passwords until they hit the one that works. If you use a dictionary word, they can try the most common words in the dictionary and learn your password.

A well known curse of many representative democracies is gerrymandering. People in power draw the districts to assure they will stay in power. There are some particularly ridiculous cases in the USA.

I was recently pointed to a paper on a simple, linear system which tries to divide up a state into districts using the shortest straight line that properly divides the population. I have been doing some thinking of my own in this area so I thought I would share it. The short-line algorithm has the important attribute that it's fixed and fairly deterministic. It chooses one solution, regardless of politics. It can't be gamed. That is good, but it has flaws. Its district boundaries pay no attention to any geopolitical features except state borders. Lakes, rivers, mountains, highways, cities are all irrelevant to it. That's not a bad feature in my book, though it does mean, as they recognize, that sometimes people may have a slightly unusual trek to their polling station.

Virtualizer technology, that lets you create a virtual machine in which to run another "guest" operating system on top of your own, seems to have arrived. It's common for servers (for security) and for testing, as well as things like running Windows on linux or a Mac. There are several good free ones. One, kvm, is built into the lastest Linux kernel (2.6.20). Microsoft offers their own.

So many social networking sites (LinkedIn, Orkut, Friendster, Tribe, Myspace etc.) seem bent on being islands. But there can't be just one player in this space, not even one player in each niche. But when you join a new one it's like starting all over again. I routinely get invitations to join new social applications, and I just ignore them. It's not worth the effort.

I've decided to stop watching Studio 60. (You probably didn't even know I was watching it, but I thought it was worthwhile outlining the reasons for not watching it.)

Studio 60 was hailed as the most likely great show of this season, with good reason, since it's from Aaron Sorkin, creator of one truly great show (the West Wing) and one near-great (Sportsnight.) Sorkin is deservedly hailed for producing TV that's smart and either amusing or meaningful, and that's what I seek. But I'm not caring about the characters on Studio 60.

So many people today are using tags to organize photos and to upload them to sites like flickr for people to search. Most types of tagging are easiest to do on a computer, but certain types of tagging would make sense to add to photos right in the camera, as the photos are taken.

Alan Turing proposed a simple test for machine intelligence. Based on a parlour game where players try to tell if a hidden person is a man or a woman just by passing notes, he suggested we define a computer as intelligent if people can't tell it from a human being through conversations with both over a teletype.

It's more and more common today to see software that is capable of easily or automatically updating itself to a new version. Sometimes the user must confirm the update, in some cases it is fully automatic or manual but non-optional (ie. the old version won't work any more.) This seems like a valuable feature for fixing security problems as well as bugs.

But rarely do we talk about what a giant hole this is in general computer security. On most computers, programs you run have access to a great deal of the machine, and in the case of Windows, often all of it. Many of these applications are used by millions and in some cases even hundreds of millions of users.

When you install software on almost any machine, you're trusting the software and the company that made it, and the channel by which you got it -- at the time you install. When you have auto-updating software, you're trusting them on an ongoing basis. It's really like you're leaving a copy of the keys to your office at the software vendor, and hoping they won't do anything bad with them, and hoping that nobody untrusted will get at those keys and so something bad with them.

At various times I have been part of dinner groups that meet once a month or once a week at either the same restaurant or a different restaurant every time. There's usually no special arrangement, but it's usually good for the restaurant since they get a big crowd on a slow night.

I've written before about ZUI (Zero user interface) in crypto, and the need for opportunistic encryption based upon it. Today I want to further enforce the concept by pointing to mistakes we've seen in the past.

In the SF Bay Area, there are carpool lanes. Drivers of fuel efficient vehicles, which mostly means the Prius and the Honda Civic/Insight Hybrids can apply for a special permit allowing them to drive solo in the carpool lanes. This requires both a slightly ugly yellow sticker on the bumper, and a special transponder for bridges, because the cars are allowed to use the carpool lane on the bridge but don't get the toll exemption that real carpools get.

One growing technique for use in anti-spam involves finding ways to "fail" on initial contacts for sending mail. Real, standard conformant mail programs try again in various ways, but spammers, in writing their mail blasters, tend to just have them skip that address and go to the next one in their list.

Two common approaches include simply returning a "temporarily unavailable" status on any initial mail attempt that might be spam. Another approach is to have dead MX records both at the "try first" and "try last" end of the MX chain.

Radio technology has advanced greatly in the last several years, and will advance more. When the FCC opened up the small "useless" band where microwave ovens operate to unlicenced use, it generated the greatest period of innovation in the history of radio. As my friend David Reed often points out, radio waves don't interfere with one another out in the ether. Interference only happens at a receiver, usually due to bad design. I'm going to steal several of David's ideas here and agree with him that a powerful agency founded on the idea that we absolutely must prevent interference is a bad idea.

My overly simple summary of a replacement regime is just this, "Don't be selfish." More broadly, this means, "don't use more spectrum than you need," both at the transmitting and receiving end. I think we could replace the FCC with a court that adjudicates problems of alleged interference. This special court would decide which party was being more selfish, and tell them to mend their ways. Unlike past regimes, the part 15 lesson suggests that sometimes it is the receiver who is being more spectrum selfish.

Here are some examples of using more spectrum than you need:

• Using radio when you could have readily used wires, particularly the internet. This includes mixed mode operations where you need radio at the endpoints, but could have used it just to reach wired nodes that did the long haul over wires.
• Using any more power than you need to reliably reach your receiver. Endpoints should talk back if they can, over wires or radio, so you know how much power you need to reach them.
• Using an omni antenna when you could have used a directional one.
• Using the wrong band -- for example using a band that bounces and goes long distance when you had only short-distance, line of sight needs.
• Using old technology -- for example not frequency hopping to share spectrum when you could have.
• Not being dynamic -- if two transmitters who can't otherwise avoid interfering exist, they should figure out how one of them will fairly switch to a different frequency (if hopping isn't enough.)

As noted, some of these rules apply to the receiver, not just the transmitter. If a receiver uses an omni antenna when they could be directional, they will lose a claim of interference unless the transmitter is also being very selfish. If a receiver isn't smart enough to frequency hop, or tell its transmitter what band or power to use, it could lose.

Since some noise is expected not just from smart transmitters, but from the real world and its ancient devices (microwave ovens included) receivers should be expected to tolerate a little interference. If they're hypersensitive to interference and don't have a good reason for it, it's their fault, not necessarily the source's.

Update: Several of the spam bounces of this sort that I got were traced to the same anti-spam system, and the operator says it was not intentional, and has been corrected. So it may not be quite as bad as it seemed quite yet.

I have a social list of people I invite to parties. Every time I mail to it, I feel the impact of spam and anti-spam. Always several people have given up on a mailbox. And I run into new spam filters blocking the mail.