billso.com

Long-time readers of billso.com may remember that I used reCAPTCHA to validate comments about my articles. reCAPCTHA is a web service that shows users pictures of two words. The service knows one of the words. The second word was provided by an electronic book scanning project that needs help with its quality control.  reCAPTCHA send the results back to the scanning project, to help them fix their documents.

A CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) system is a simple test that determines if a computer user is a machine or a human. CAPTCHAs are small puzzles that people can solve quickly, while being too expensive for a computer system to solve.

I dropped the reCAPTCHA feature in May 2008, because the system was not stopping comment spam from appearing on my blog. “Comment spam” is just messages that have little or no relevance to an article or page.

In the past, people who wanted to crack a CAPTCHA system might pay users to stay at home and decipher dozens of captchas, in return for free content or Internet access. But people are slower and less reliable than computers. Processing power continues to improve, while CPU costs get lower.

Paying the price

Stephan Chenette, the manager of security research at Websense Security Labs, notes that CAPTCHA technology had made incremental improvements since 2000, while CAPTCHA crackers bought faster hardware and invested more in their efforts:

“CAPTCHA has been broken for the last year and a half. The technology has really not progressed. They’ve got a little bit harder but the hackers have made programs that can easily break them. This works both with print and audio CAPTCHA. All of these have been broken in one way or the other.”

In the last few months, the CAPTCHA systems of several major web sites have been cracked by automated systems:

• January 2008: Yahoo Mail
• April 2008: Gmail and Hotmail
• May 2008: Craigslist

This has resulted in a flood of spam, scams, and fake postings on services around the world. It’s become quite easy to create a fake Web site that can fool many users. Social networks like MySpace and Facebook offer many more opportunities to trick users into revealing their credentials and personal information.

In the last few years, financial service companies and banks have adopted multifactor authentication systems that ask users for more than a password or a CAPTCHA solution. Now organizations in other industries are looking at similar solutions, because it has become much less expensive for scammers and crackers to break these companies’ systems. Several OpenID providers have added multifactor features to their authentication systems, too.

This article called How CAPTCHA got trashed has more details.

Image courtesy of Mess of Pottage through a Creative Commons license.

Related posts and pages on billso.com

• Help
• OpenID
• 13 May 2008: JanRain launches CallVerifID multifactor phone service for OpenID
• 10 May 2008: Why use OpenID?
• 17 April 2008: Virtual keyboards and monitoring software foil keystroke loggers
• 25 March 2008: Digital TV is coming
• 13 March 2008: Avoiding the splogs
• 5 February 2008: The mobile web and billso.com
• 4 June 2007: Email and print links

Apple has sued Psystar, the marketers of the Open Computer, according to Jorge Espinoza’s article, Apple Goes After Clone Maker Psystar, and ZDnet. Apple seems to have a solid case, as Psystar modified Apple’s software as part of the Florida company’s product offerings. The original name of the Psystar product was the OpenMac, which didn’t please Apple, either.

Related posts and pages on billso.com

• Copyright and fair use
• 15 April 2008: Can Apple stop the Open Computer?

The retirement of Bill Gates from daily duty at Microsoft prompted bloggers and journalists to write long articles about Microsoft technology. It’s summer, and we have to fill the pages somehow. 

This Engadget article called Bill Gates: top ten greatest hits (and misses) has some details and product photos. Two of the “misses” are interesting.

The AutoPC was a voice controlled system that connected the driver to music, GPS and Outlook services. It went on sale in 2000 and died a quick death, but many auto manufacturers are offering systems with similar features in 2008. The same Microsoft business unit that developed the AutoPC also developed the SYNC system for Ford. 

The second “miss” is another example of pervasive or ubiquitous computing. It’s interesting that both of these products were championed by Bill Gates himself. 

I have worn my Suunto N6 HR SPOT watch almost every day for the last 2.5 years. Yes, the watch is a little large, and I have to clip it to a USB charger every 2 or 3 days to freshen up the battery. I never got the heart rate monitor feature to work properly, though. 

Microsoft partnered with Clear Channel to distribute news, sports, stock market and other data to users via Clear Channel FM radio stations.The silvery rim of the watch face is the FM antenna. It’s a one-way device that receives broadcasts, so it’s impossible to send information from the watch.

I don’t use Outlook, so I never use the appointment and messaging features. But the baseball scores are usually up to date, as long as I’m in a Clear Channel city, and I never need to set the time. It’s synced by an atomic clock somewhere in the cloud. 

Sadly, Microsoft discontinued the SPOT watch line in April 2008 - see this Engadget article called SPOT watches R.I.P. - 2004-2008. The cloud service still works on MSN Direct. I just go to the web site, log in, and select the information and faces for my watch. 

I see fewer wristwatches on wrists these days. Many of my friends rely on their mobile phone’s clock instead, as they carry their phones with them everywhere. Most modern mobile phones sync their clock to their carrier’s system. 

Image courtesy of billso through a Creative Commons license. 

The first reviews of the iPhone 3G are coming in, and they are less than glowing. Two of the reviewers are iPhone users who have been using new 3G models provided by Apple for a while. 

Walt Mossberg of the Wall Street Journal likes the iTunes App store and 3G bandwidth, but he did not like the shorter battery life. During one day of testing, his iPhone ran out of power.

Mossberg also notes that the AT&T’s new data plan pricing means that the iPhone 3G is more expensive than its predecessor. His article called Newer, Faster, Cheaper iPhone 3G has a video review, and a good amount of detail. 

David Pogue of the New York Times has his review in an article called For iPhone, the ‘New’ is Relative. Pogue seems to agree with Mossberg that current iPhone owners shouldn’t rush to the store for a new iPhone.

There’s still no voice dialing, video recording, copy-and-paste, memory-card slot, Bluetooth stereo audio or phone-to-phone photo sending (MMS).

Upgrading to the iPhone 2.0 firmware will provide access to official applications, along with many of the software tweaks in the 3G model like Microsoft Exchange support. The firmware won’t make an old iPhone use 3G frequencies or upgrade an old unit’s psuedo-GPS, however.

I’m less interested in getting an iPhone now, and more interested in looking at an iPod Touch, the WiFi-only cousin of the iPhone. The Touch won’t make phone calls, but I can buy an old unit and add the iPhone 2.0 firmware for $10, or just buy a new model. 

Want to see the insides of an iPhone 3G? iFixIt from New Zealand has posted plenty of pictures. At least the battery is no longer soldered onto the board connections!

Image courtesy of dotmotion through a Creative Commons license. 

Related posts and pages from billso.com

• iPhone
• 13 June 2008: 3G coverage for the new iPhone: Honolulu vs. the Northeast Corridor
• 9 June 2008: iPhone 3G
• 7 June 2008: The impossible solar iPhone
• 4 June 2008: GPS and mobile phones
• 29 April 2008: New iPhone will be subsidized, faster and thinner
• 28 April 2008: Should Apple sell hardware on two-year contracts?
• 20 February 2008: Mobile phone platform wars
• 10 February 2008: AT&T announces business and enterprise iPhone plans
• 31 January 2008: Applications are coming for the iPhone
• 26 January 2008: iPhone helps AT&T add more wireless customers
• 13 January 2008: The story of the iPhone
• 11 January 2008: Blackberry vs iPhone
• 4 September 2007: Gartner: Expect an enterprise iPhone
• 6 July 2007: 9 reasons not to use an iPhone in an enterprise
• 29 June 2007: Not everyone wants an iPhone
• 18 June 2007: Steve Jobs and his iPhone
• 17 June 2007: Anticipation builds for Apple’s iPhone
• 6 June 2007: Year 1 with an Apple iPhone = US$1936

Bruce Schneier published an article in Wired called I’ve Seen the Future, and It Has a Kill Switch. I agree with his basic premise - it’s a dangerous idea to include a kill switch in a networked device. It’s difficult to keep a determined cracker out of a well-defended network. It’s ludicrous to design a device that can disabled by remote control.

OnStar call representatives can bring a stolen vehicle to a slow and gentle halt by remotely disabling the car’s fuel system. Information Week article called Stop Thief!.

So how long will it take before someone tries to shut down an OnStar vehicle, just to show they can do it?