Kindle as Research Tool, Revisited

As my usage of the Kindle as a research tool for this semester is winding down, I thought I’d reflect on my earlier post on the topic.  Unfortunately, I will mostly be talking about some of the negative aspects of my Kindle experience.

  • Overall, the use of the Kindle has been a success.  I’m intrigued by the new Kindles coming out, I really hope the keyboards are better; mine has been lightly used, but feels like the keys could fall off or cease to work at any moment.
  • The Kindle can sync notes and annotations between the various platforms, but it was inconsistent to the point of being worthless; only a fraction ever came across.  I used the notes on my Kindle Keyboard to do my work, when I would have rather used them in the Cloud Reader or the PC Kindle App.
  • I am disappointed with the Kindle edition of David Von Drehle’s Triangle: The Fire that Changed America.  The print edition of the book has an insert with photographs; it was completely missing from the Kindle edition.  While images are not the Kindle’s strong point at the moment, it is capable of rendering them, especially the applications on other hardware.  Also disappointing is that most Kindle books are supposed to have been given page number information that corresponds to their print editions, but Triangle did not have this; if I had had to do citations for a paper (this was for an oral report/presentation), I might have been in a bit of a pickle (although I was lucky enough to have access to the print edition).  I understand this could have been a labor intensive undertaking, but considering publishing is primarily electronic, I suspect this would have been a very simple thing to fix.
  • The Cloud Reader has no search capability. I somewhat understand that, but consider that a failure.
  • I was unable to find a platform that would allow me to do any copy and paste function; understandable from a copyright standpoint, but it’s disappointing that at least a limited amount of text couldn’t be copied. (In writing this post, I see a cumbersome workaround is available by using the Kindle website, but that assumes that your annotations actually sync)
I would use the Kindle again for research, but there are some fairly heavy issues that will hopefully be resolved. Considering that pleasure reading doesn’t really have the same demands as reading for research, I will definitely use it for that in the future (when the Kindle edition’s price is reasonable, which is a whole other conversation!).

Security Overhead: Revisited

My post yesterday on Security Overhead, I spent a lot of time talking about an SSL exploit recently released.  Woody Leonhard writes in an Infoworld article that this exploit is overhyped, that the vulnerability leveraged old and shouldn’t exist on most systems in production today (unless certain features were turned off for one reason or another– hey, it happens!).  Although there are claims that unpublished exploits exist that would affect modern systems, security experts are understandably skeptical.  Without more evidence, it sounds like this threat may be a lot less severe than initially reported, but as I think I just demonstrated, my IT expertise does not always allow me to validate the nature of these threats.  So far, I haven’t found any response or clarification at the Internet Storm Center on this issue.

Articles on the Spring 2011 E. coli outbreak

A brief L.A. Times article came out yesterday on the atypical and difficult to trace E. coli outbreak that ran from May to July 2011 in Germany, which has been identified as a new strain (the article was featured by the Center for Infection and Immunity, who provides a lot of great reading in this area).  If nothing else, getting fact-based information out there after the fact is important; there was a lot of misinformation going around on this one (the E. coli wound up coming from sprouts from Egypt).  The information comes from a recently published article on the outbreak in the New England Journal of Medicine.  A great quote from Dr. Martin J. Blaser in a related editorial:

This O104:H4 strain was well armed for mayhem and reminds us that evolution is a constant.



Security Overhead

I was reading an article about a theoretical exploit of SSL at the Internet Storm Center’s Diary.  Of course, SSL is the security protocol that is supposed to give us a warm fuzzy when we send our credit card information over the internet; but that security comes at a price.  I’ve worked with a few SSL off-load devices and load balancers over the years, and the fact that there’s a market for such a thing should tell you something.  As the article points out, the critical metric for these devices is sessions established per second.  Our modern information security model is math intensive by design, and that makes the very security a bottleneck and potential exploit, at least for a denial of service attack (hopefully nothing as nasty as a buffer overflow).

For a real life example of this, consider the TSA inspection points at the airports; the search of the bags and of your person is somewhat time intensive, and it’s something that everyone (or most everyone, anyway) has to go through.  For those who remember pre-9/11, when we weren’t quite as concerned about security in the US, this process didn’t exist, and people could move for quickly through the airport (generally speaking!).  Last year, some people were trying to protest the relatively new body scanners by opting for a hand search, hoping to bog down the system during the holiday rush. It seems like an utter failure in retrospect, due to lack of participation, but it might have been nasty.  On the other hand, I’m not sure that airports are too concerned about having too many people in their terminals, between the new restrictions about who is allowed through, and the restrictions on the flow of foot traffic caused by the inspection lines.

In the same respect, if an attack against SSL could shut down the security mechanism on a server without approaching the maximum bandwidth of a server, it could be possible to initiate a denial of service with far fewer attack devices.  As the article points out, even scaling up with off-load devices is not as much protection as in the past, since the ratio of attackers to targets is still much more favorable than a bandwidth attack, which is fairly brute-force and resource intensive.  Currently, this type of attack is theoretical, but the article was written to call attention to a proof of concept tool developed by a hacker group, so it may be in our future.  These type of clever denial of service attacks are not new; vulnerabilities in the ICMP protocol (smurf attack) and the TCP/IP stack (teardrop attack) have been exploited this way in the past, when a small amount of data could be crafted with malicious intent, before the advent of the ‘zombie armies’ of hijacked PC’s doing the bidding of a botnet.

It’s important in system design to make sure that a security mechanism doesn’t introduce new vulnerabilities, or at least to make sure that those vulnerabilities are considered and mitigated.

Google Reader and Unintended Consequences

I read this article on The Atlantic Wire about impending changes in a Google service called Google Reader.  Google Reader might be a little obscure to most users; it’s essentially a portal for aggregating RSS feeds from other websites, allowing you to gather the content from multiple websites in a single view.  Naturally, Google is converging its products to integrate with Google Plus, including the more “social” features of Google Reader, like sharing.  And like most change, people hate it.

What I found interesting, and what (somewhat) intersects with the Emergency Management field is that apparently, dissidents in Iran use Google Reader to communicate, since just about every social networking tool is locked down and/or blocked by the state.  Because Google (the Reader) is difficult to distinguish from Google (the search engine), and because Google has moved toward offering SSL secured communications on most of its products, the dissidents have been able to use it as a communication tool.  In their article, The Atlantic Wire quotes a local blogger, “Amir” who claims that Google Reader is the most popular site in Iran for this reason (it makes me wonder, if someone can separate out Google Reader from the rest of Google for a popularity ranking, why can’t the Iranian government separate it out to filter it?).  I don’t know what will happen, but I’m curious to see what develops.  It’s an interesting example of how when you release a system out into the wild, it can develop in ways you didn’t really intend.



Outlier hazard: wild animals on the loose

I’m very saddened to hear about what’s going on in Zanesville, Ohio, where the owner of a large number of exotic animals set the animals free and then took his own life.  About 30 of the animals escaped the property and were threatening the community; law enforcement officers almost unilaterally put the animals down (more coverage at USA Today, CNN).

Sadly, containing or capturing these animals wasn’t feasible, and there was an imminent threat of these animals attacking.  Tigers, cheetahs, wolves, monkeys, lions and bears were among the animals that escaped.  Residents were advised to shelter in place, and some schools were closed while the situation is being dealt with.

To add to the chaos, it doesn’t sound like there is a good way to deal with the bodies of the animals that were put down, so at least some have been left lying where they died and people have been arrested trying to steal the bodies, presumably for their fur or other body parts.

This is a tragic loss of life, and seems utterly surreal to read about, but USA Today notes,

Ohio has some of the nation’s weakest restrictions on exotic pets and among the highest number of injuries and deaths caused by them. The Humane Society of the United States has documented 22 incidents with dangerous exotic animals in Ohio since 2003, demonstrating risks to public health and safety and animal welfare.

At least it seems like there have been no casualties aside from the animals and the owner himself.  It will be interesting to see the aftermath of this unusual incident.  This was not an unknown hazard to Zanesville, but this certainly doesn’t seem like it would be at the top of anyone’s list to prepare for.

Progress toward a vaccine for malaria

It looks like researchers are very close to a vaccine for malaria (New England Journal of Medicine);  this is really exciting news in the area of public health, although I admittedly had to educate myself a bit more to appreciate it. Most vaccines are designed to go after viruses or bacteria, but malaria is a mosquito-spread parasite, and since takes many forms in its life cycle, it has been especially difficult to combat.  The current results show a 50% success rate, which, while not fantastic, could have a huge impact.  Of course, one of the big challenges, once the vaccine is available, will be funding and distributing it where it is needed.  This is the beast that The Bill and Melinda Gates Foundation set out to tame several years ago, and it’s impressive what bringing such resources to bear can produce.  Other efforts have been successful in reducing the spread of malaria, but they’ve targeted the mosquito.  There’s more information at this article at NPR.