-”Yo. Why is reality so hard?”, he asked.
-”I’ve no idea. Why is reality so hard?”, I replied.
-”It’s because there’s too many things to keep track of. I have a solution: micro-feng shui.”
-”Micro-feng shui? But isn’t micro less?”
-”Everything micro is good. For example: microchips. Very good.”
-”OK, so how does it work?”
-”Step 1: reduce spatial complexity. From now on, view the world as a planar space and ignore all height differences. That’s 30% less complexity. Then, step 2: happiness.”

Considering what’s published nowadays in various self-help books, packaging this idea into a 400-page book would probably reach New York Times bestseller list very fast. Not to mention the creation of some sort of a pseudo-religious movement, enabling my friend to be showered in non-Zimbabwean paper currency.

If that looks like a big number, think again: AIG has already received 150 billion USD, plus is about to receive 30 billion USD extra as bail-out/rescue/emergency funding. All in all this is 180 billion USD, almost three times the losses.

That’s… massive. But how much money is it, really?

If you had this money in one dollar notes, and carefully taped the short sides together, at 15.5956 cm length per note, it would form a 2.87*10¹⁰ m long chain. Considering that the average center-to-center distance from Earth to the Moon is about 384403 km, this would be enough to take the resulting chain all the way to the Moon and back 36 times – and you’d still have some money over to buy a mansion.

If you stacked the dollar bills, it would form a pile over 19600 km high. At about 8.848 km a pop, this is higher than over 2200 Mount Everests stacked on top of each other.

How and where do they store this huge mountain of money, then? Well, nowhere. It doesn’t really exist. It’s just numbers inside a computer!

It’s a Christmas-themed Flash game called Reindeer Rattle, where you control Santa Claus’ flying reindeer squadron to capture Christmas gift packets. Each gift gets more points and over time your reindeer posse grows longer and longer. It’s quite addictive – have a look!

I could imagine if a parent were to stick their kids in front of this game they could enjoy some good Yuletide and Christmas glögg in peace & harmony.

“The left side of the balance sheet has nothing right and the right side of the balance sheet has nothing left. But they are equal to each other. So accounting-wise we are fine.”

AIG already got $85 billion from the Fed, and the total sum might even go up to $120 billion. With that amount of money, I might consider becoming a stand-up comedian as well!

Contrast e.g. the rescue plans of United Kingdom with the annual spending in health and education. With numbers that large, they will need snowploughs to move all that money. Yes, of course nowadays it’s all digital, but I like the mental image.

Indeed, suppose there is a major outage of communications, electricity or both. The reason could be a disaster, such as a hurricane, an earthquake, or a man-made event such as a terror attack, or just a plain accident with someone cutting communication lines with construction machinery. The outage might not happen exactly where you live, but you might end up being “collateral damage” if you live in a nearby place. Maybe optical fibers or electricity lines running through the disaster area to your city are cut, causing loss of connectivity and blackouts.

The result is that you can’t use your fancy EMV-chip cards to buy food and water (i.e. pizza and Pepsi), as the card terminals are either off-line or out of power. You can’t get money out of an ATM either, for similar reasons. And since you’re not the only person with this problem, but rather one out of 30000 or 100000 or even 500000 people, you can imagine the chaos if the outage lasts long. Shops are full of stuff, but people can’t get money to exchange it for the goods. What happens?

Riots! Smashed windows! Martial law! Terror!

Maybe so, but don’t just yet run to your bunker.

As technological progress continues, and society evolves with it, we get a society which is, on the other hand, more and more cashless, but also more and more resilient to damage – e.g. card terminals will use the GSM network, because it makes sense (not all shops have ADSL, card readers might need to be mobile; case: pizza delivery).

Of course there’s a tipping point for the amount of damage after which things will just cease to work (e.g. direct nuclear bomb or asteroid hit), but in that case there would be other things to worry about than getting cash. In a “normal” case, there’s a good chance that most of the cell phone infrastructure will keep on working. Cell towers have backup power, and it’s not so likely that all landlines would be cut. Thus communications will route around the damage, allowing you to make card transactions and/or use the ATM.

Also, there’s satellite phone systems such as Iridium, but communication with the satellites requires extra gear, which is not so usual in an urban environment.

The real trouble is actually electricity. But, even this may not be so big a problem. As energy prices rise and people want to live greener, it makes sense for people to obtain their own electricity-generating devices, such as windmills and solar panels. Thus energy production is also becoming decentralized. But one could argue that it’s not proceeding fast enough.

With modern technology it would be possible to equip all houses with devices to generate at least a sizable part of their energy needs. This is a sane thing to do from many perspectives: national security, disaster resiliency, energy efficiency, fighting global warming and so on. It’s just not smart to centralize energy production; anything centralized has a single point of failure.

So, even if cash dies away in the near future, a cashless society will not be completely helpless in disasters.

However, as Mr. Howlett points out, there are other issues, such as loss of anonymity: everything you consume will be recorded in some kind of database, under your big, personal record. I see this as the biggest risk as there is very little a single person can do to avoid this (except maybe revisit the idea of packaging our personal data inside DRM mechanisms, and developing it further). Although there is an obvious and big privacy impact, on the other hand, a lot of people nowadays use “bonus cards” and such, so maybe people just don’t care enough about who sees what they buy. Oh well.

Note: Mr. Howlett is also writing a book called “The Death of Cash”. Synopsis and preview for it will be out in 2009.

Anyway, my bank (Nordea) recently sent me a Todos Argos Mini II USB smartcard reader, to be used with the Nordea internet bank. It’s actually quite simple to use.

This is how it works:

• Plug in the EMV-chip equipped card (which is tied to the account),
• input to the card reader the challenge from the internet bank, “666 42″
• type in the card PIN – “1234″,
• get a response from the card reader, “808 303″
• type in this response to the internet bank form,
• you are now in.

In order to enter the Internet bank, the user has to enter their personal ID number. This is not a secret. Also, any reader works with any card. The only requirement is that the card used is tied to the account – I can’t try to login to your account with my card. Therefore, the security lies with:

• something you have, i.e. the card
• something you know, i.e. the card PIN

Since the same “secret” PIN is used with EMV-chip equipped cards everywhere; grocery shops, kiosks, restaurants, etc., it is not impossible to find out this PIN. One way to do this is to simply queue behind some person. The next step, after the PIN is obtained, would be to steal their wallet. This will with almost certain probability give access to the person-number as well.

After this there are two options for the attacker:

• start emptying the account via an ATM, taking small sums at a time
• log into the internet bank and move bigger sums away – if the transfer is done within the same bank, the transfers are instantaneous

If the attacker is lucky, and the bank has crappy security, the transfers succeed for long enough for the attacker to do something more sinister, such as sending the money outside the country. For example, in Europe sending money to another country is quite snappy nowadays with the introduction of SEPA.

My suggestion would to add another “secret” value to the bank login, like the traditional Nordea internet bank login has. In the traditional OTP-based login, this number is called a “personal code number”, but it’s not the same as the person ID. This number is not known by anyone else except the user.

This would make it impossible to log in to the internet bank just by learning the PIN code by queuing behind a person and then stealing e.g. driver’s license or the whole wallet (assuming the person doesn’t write it down). I.e. purely physical attack would not be possible.

While the small smartcard gadget is advanced and prevents phishing attacks, it doesn’t really act as a security panacea as the balance will now be tilted more towards non-phishing, physical attacks. Compared to the old-skool OTP-login with the personal code number, the new system has 2 secret items; the card itself and the PIN. Although phishing doesn’t get you anywhere anymore, if the attacker can get your hands on your card and the PIN, you lose.

PS. If you found this post an interesting read, have a look at “A note on Scandinavian phishing” too.

Then, in a similar vein, I ran into this BBC article, which states: “Analysis of notes from a selection of Spain’s major cities showed that each one carried an average of 25.18 micrograms of cocaine.”

In other words, people snort so much of the illicit substance through rolled-up notes that the notes in circulation will have measurable amounts of cocaine in them. It’s unbelievable, but true.

Since people dig huge holes to the ground to get out minerals worth less, would this resource be somehow commercially exploitable?

Let’s do the math!

Assume you are in control of a shop selling relatively inexpensive goods at some busy area. Let’s assume, on average, there are 100 customers daily, each of who bring (on average) 2 notes to the shop. This means 100*2*25.18 micrograms = 0.005 grams of cocaine per day. The shop is run year-round, so let’s say about 330 days per year – this gives about 1.67 grams of cocaine per year per shop.

If you are a big franchise – similar to Subway, McDonald’s, Pizza Hut, whatever, and you’ll have, say, 1000 of specially equipped shops to “farm” or perhaps rather “wash” the cocaine out of the notes, you would be able to pull in a hefty 1.6 kg of cocaine every year, perhaps just in time for the company Christmas party.

Anyway, 1.6 kg may seem like a lot and I agree, it does. But you can fudge the numbers as you see fit, and see what the result is for you. Here’s the formula – similar to Drake Equation, but doesn’t involve little green men:

X * N * C * d * S

X = customers per day, on average
N = notes brought in by customers per day, on average
C = amount of cocaine in each note, on average, in grams
d = days in a year the shop operates
S = number of shops

In the example above, we’d get 100 * 2 * 0.00002518 * 330 * 1000 = 1662 (grams).

One use for CAPTCHAs is to prevent spamming with the idea that anything automated (such as mass-spamming computers) won’t pass the puzzle, and therefore will not be able to inject their trash-messages into a service. However, CAPTCHAs don’t work so well in practice anymore.

As demonstrated by the recent break of Gmail CAPTCHA, even really good CAPTCHA systems are vulnerable to a “mechanical turk” attack. This is an attack where, instead of computers attempting to solve the problem, the attacker “outsources” the solving to a group of real people.

For example, one way to conduct such an attack is the following: to enter a porn site, one must solve a CAPTCHA puzzle. This puzzle is actually one which comes from a valid service, and is reproduced at the porn site. People who want to see porn solve the CAPTCHA, thus giving the attacker a proper and validated answer to the presented puzzle. (Of course the system relies on the people giving a correct answer)

An alternative way is to just pay the people to do such work. Generally, if there is some incentive which the attacker can provide to people, it is possible to employ a number of people for solving the CAPTCHAs without them possibly knowing the real use of the solved puzzles. This kind of attack is very hard to beat.

However, there is at least a way to make the problem harder simply by enforcing a strict time window in which the CAPTCHA must be solved. In a nutshell, the server must create a random ID and remember it along with a timestamp, and present the ID with the CAPTCHA. When the user solves it, he provides the ID to the server and the server notes the timestamp (from its own clock) when the solution (along with the ID) is received. The server can now look up the original time, based on the received ID. With knowledge of the current time, the server can deduce the amount of time it took for the user to answer. If the solution has not been given within a certain time window, the solution is rejected (even if it was correct).

For example, if a user has 20 seconds time to solve the CAPTCHA, it will give a very tight time window for an outsourcing/mechanical turk attack. The act of spamming and logging into a porn site would need to coincide within the 20 seconds, minus the time needed to solve the puzzle, minus the time for network latency. Surely, with today’s traffic amounts, obtaining such simultaneousness is possible, especially if a single spammer controls a large number of sites which can aid the mechanical turk attack. However, the amount of such opportunities would be less than now, when the CAPTCHA is not tied to time. As the amount of opportunities lessens, the amount of spam resulting from successful attacks would be cut down.

Another aspect of the time windowed CAPTCHA is that it raises the requirements for efficient logistics when moving the puzzle to the group of people. This translates to increased costs, which is undesired by the attacker.

The presented idea is not perfect by any means: it would still not solve the mechanical turk attacks where real people are coupled with the spamming system to solve the puzzles in real- or near-realtime.

Further Notes

There are some practical issues with the time-window approach. Obviously to prevent a denial of service the old, unused ID to timestamp mappings would need to be cleared from the database periodically.

Also, for practical reasons, the authentication would need to be two-step: the first step where a user writes a message (or fills in the user information when registering, or whatever the CAPTCHA puzzle protects), the second step to display and process the CAPTCHA. This is because a user can spend a lot of time actually writing the information, and that should not be penalized. Besides, proof of having solved the puzzle is not needed until the user actually attempts to submit the information.

“”Yahoo! Wallet”‘s customer service is run out of the Philippines, and has the same keen sense of organization, training and fraud prevention that one might find among kindergarteners with lifelong iodine deficiency.”