AY2.ORG

Mac OS X 10.4 “Tiger” is officially released today. (So if you’re going to read about on the BBC or The Register etc, you read it here first). Nope, I haven’t ordered a copy, nor am I overly excited about it, despite many a Apple Corp’s friendly “reminder” emails.

I mean sure Dashboard is wonderful and sweet, and Spotlight powerful and handy, but they just seem to lack that “killer app” quality that would make a starving student part with his beer money.

Of course, the burning question on everyone’s mind regarding this release must be “What is Apple going to call the next release of the Mac OS?”. Lion? Puma? Leopard? Lynx? (By the way, note to Apple Marketing Department: I’m not sure about between a panther and a jaguar, but surely a tiger runs slower than either of them?) Would it be Mac OS XI “Grizzly Bear” instead? Perhaps a more intriguing question would be “Would the next released be shipped before Longhorn?”

Anyway this is all too much for a Friday. Perhaps I do need a Tiger to cool down after all.

London Marathon 2005

Chip and PIN, recently deployed in the UK, is a smartcard-based user authentication system for credit and debit card payments. It is supposed to enhance security based on the assumption that computer checked Personal Identification Numbers (PINs) are much harder to forge than hand-written signatures (which are hardly ever any closer examined than a cursory glance anyway).

True to their style, Ross Anderson et al at the Computer Laboratory, University of Cambridge are claiming otherwise. They’ve launched a new website Chip and SPIN where you can download a paper detailing their findings and opinions.

The paper gives the impression that the Chip and PIN system, rather counter-intuitively, “causes” the recent rise of fraud. However, if one actually reads the referenced Guardian news article, such a claim was never made. Two types of fraud that increased the most for 2004 from 2003 were stolen in-transit card frauds (due to high volume roll out of new cards) and card-not-present frauds (shopping over the Internet or telephone). The former isn’t an intrinsic weakness of the Chip and PIN system itself (only its deployment), the latter isn’t something Chip and PIN can address anyway (PINs can only be checked with the card present). And it’s important to bear in mind that those figures are not the whole story — it’s only meaningful to compare the actual increase to projected increase where Chip and PIN weren’t deployed at all.

The authors introduced the important issue of liability which rarely makes the Chip and PIN propaganda, if at all. They also outlined the very real issue of the fallback mechanism — the use of signatures when the cardholder claims to have forgotten the PIN, or the (less sophisticated and secure) magnetic stripe on the card is used in a foreign country without a compatible smartcard payment system. Finally the authors sketched a few technical attacks, ranging from the plausible to the more far fetched. I wouldn’t lose any sleep worrying about them at this point, but then the crooks do have a large incentive in investing in and acquiring the necessary technology and skills to mount the more sophisticated attacks. When that happens, worry.

Overall, the paper provides some good insights to balance the Chip and PIN “spin”, but flawed in trying to sensationalise the results by attributing the news headline to their findings. I mean, does a crook really care who’s liable for the money he steals?

I knew it was too good to be true. Yes, my friends, the comments functionality of this site is now officially broken. Kaputt. 壞了。

Now two paths lie before me. Will I take the Blue Pill and just reinstall WordPress, and live a blissfully ignorant life? Or will I take the Red Pill and go down the rabbit hole that is nights of bleary-eyed hacking in the PHP jungle, risking it all for intellectual fulfillment and enlightenment?

I guess there’s always the Green Pill — I’d do sod all and let my thousands of loyal readers yearning desperately for their ability to post their comments. Hmmm .

Previewed at dpreview.com is the latest offering from the canonical Canon. The successor of the successful EOS 300D — the unimaginatively named EOS 350D (Rebel XT in the States or Kiss N Digital in Japan). Its vital statistics along with the sexy acronyms are nothing less than mouth-watering:

• 8.0 megapixel CMOS sensor
• DIGIC II image processor
• 3fps continuous shooting for 14 frames
• 0.2s start-up time
• 9 custom functions

Do I need one? Well, no.

Do I want one? Hell yes.

Did I tell you my birthday is less than a year away?