Year: 2014

Did you fake your password?

It’s an evergreen news story in the tech world: the top 25 idiotic passwords we use. Every tech magazine reports it and trumpets our global stupidity in the face of hackers. The articles usually beseech us to think about security, to batten down our virtual hatches, to make sure we use a good strong password like 6z!!jciBAOdGEy5EHE&6 or something equally unmemorable.

spoof-login
The surveys and roundups of passwords usually show that simple alphanumeric strings are in widespread use purportedly protecting our Hotmail, GMail, Facebook, Twitter, Xbox, Sony and every other online account, even our bank and credit card accounts. Among the apparently silliest and simplest are things like “password” and “passw0rd”, “123456”, “ILoveYou”, “qwerty”, “abc123”, “111111” and many others besides. All equally crackable and/or guessable. Indeed, any short alphanumeric string, no matter how seemingly random can be cracked by so-called bruteforce means within seconds by a powerful enough computer, or an array of hijacked machines running malware.

Recent revelations about an alleged 5 million GMail passwords being published online revealed once again that the users of those accounts were particularly foolish with their password use. Security blogs suggested that 9 out of 10 of the passwords leaked could have been bruteforce attacked easily because they were so simple.

But, a twitter discussion with Michael Horak @fatmike182 and Benedikt Malleolus @BMalleolus has got me thinking about those silly statistics. Horak pointed out that of any bunch of leaked GMails there is a likelihood that a fair proportion will be either fake (accounts set up for spam and other malicious purposes) or else created for one-time use as a disposable account with which to register on a particular site. We have no easy way to determine what percentage of any list of username/password logins, from whatever hacked source, are genuine users and what proportion are fake, spam, disposable logins.

In other words, the shouty tech blogs that discuss password complexity and how inept most of use supposedly are at using decent passwords may be basing their proclamations on skewed data. Maybe many of us use really strong passwords and two-factor authentication, maybe more than they care to admit aren’t really so dumb as to use “password” as a password for our mission critical logins.

But, here’s a little puzzle, which of these two imaginary passwords would take the longest to crack?

“iSK6%3U6Gt” or “Password……..”

The answer, given the leading question may not surprise you, but is surprising nevertheless. It’s all about making the haystack in which your password needle might be found much bigger than everyone else’s. The mixed character password would be crackable in about a week assuming some kind of Massive Cracking Array Scenario carrying out one hundred trillion guesses per second. The latter password would take the same Array slightly longer, about 2 billion years. Of course, if everyone starts simply adding full stops to the ends of their passwords, the hackers will soon learn and add that pattern to their search algorithms. Maybe we need to be even a little cleverer than they give us credit for.

A brief word about tomatoes and prostate cancer

UPDATE: To avoid confusion: eating lots of tomatoes will not stop you getting prostate cancer if other risk factors are in place!

At least 20 years ago I wrote a news story in my rookie days about how the natural red pigment in tomatoes, the antioxidant lycopene, could somehow protect men against prostate cancer. Nothing was ever proven and the latest news which hit the tabloids in the last couple of weeks doesn’t add much, at least if you read between the lines.

NHS Choices, as ever, has a good summary:

“This large study has shown an association between the consumption of more than 10 portions of tomatoes per week and an 18% reduction in risk of prostate cancer. However, as this was a case controlled study, and not a randomised controlled trial, it cannot prove that eating more tomatoes prevents prostate cancer.”

Tomatoes grown and photographed by David Bradley

The study does have some strengths: large size and accounting for confounding factors. However, limitations include: reliance on dietary questionnaires and the broad categories for self-estimate of body size. After all, do you recall how many portions of tomatoes you’ve had and can honestly tell us how fat or thin you are?

The bottom line NHS Choices says:

“This study does not provide enough evidence to change the recommendations for reducing the risk of prostate cancer. A healthy, balanced diet, regular exercise and stopping smoking are still the way to go, rather than relying on eating one exclusive food type such as tomatoes.”

Tomato-rich diet 'reduces prostate cancer risk'.

Incidentally, from this paper: “Prostate cancer (PCa) represents a major public health burden in the western world. It is a peculiar disease as more men die with it than from it. Also interestingly, PCa was virtually unknown until the 20th century.”

Lodestar Festival 2014 Extras

I got rather too many photos from the 2014 Lodestar Festival, the top bunch are in my Flickr gallery and Facebook gallery. This little lot are ones I’ve plucked out from the folders that didn’t jump out at me first time through but are more representative of the festivalgoers than the bands themselves!

Post by Dave Bradley Photos.

The Dark Net – Jamie Bartlett

From the blurb: “Beyond the familiar online world that most of us inhabit — a world of Google, Hotmail, Facebook and Amazon — lies a vast and often hidden network of sites, communities and cultures where freedom is pushed to its limits, and where people can be anyone, or do anything, they want. A world that is as creative and complex as it is dangerous and disturbing. A world that is much closer than you think.”

jamie-bartlett-dark-net
If you’ve been using the Internet since pre-web days, as I have, you may wonder what more you could learn, having spent endless hours on bulletin boards, usenet, gopher systems and the like. Jamie Bartlett, may well open your eyes to a whole new world of neurotica from the true meaning of trolls to the doxxing of camwhores, racist-nationalist activist rants and how they spill into the real world the way to the Silk Road marketplace and the truth about some of the most disturbing abuses of humanity. From cypherpunks and cyberpunks to hackers and crackers. It’s all here, it’s all dark. He shines a light on the taboo zones and demonstrates what the darkest recesses of the online world might tell us about our real-world selves.

Bartlett is Director of the Centre for the Analysis of Social Media. His primary research interests are: new political movements and social media research and analysis, internet cultures and security and privacy online and so more than qualified to tell us about the darkest back alleys away from the information superhighway. A gripping read, more thrilling and chilling than many a fictional tale of the digital could ever be.

Footnote: As I understand it, there have been some issues brought to light since what I assume was Bartlett’s “time-of-writing” regarding various tools and techniques taken as fact at the time that are no longer necessarily valid. For instance, I don’t think the Tor (the onion router) browser and tools are necessarily as secure and private as was originally thought (although that may be due to 3rd party interactions and user errors, it’s unclear. Neither is PGP as honourable as it once was, but who’s to know whether that’s disinformation put in place by the spooks? Indeed, there are also ongoing revelations about spying by NSA and GCHQ that put paid to some of the safe harbours for libertarians.

One minor quibble that isn’t really about the Dark Net text at all is that the idea that human communication is mostly non-verbal is wrong, that piece of Deceived Wisdom has been debunkeud repeatledly over the years.

When Google comes to town

UPDATE: Friend of the blog Nick Howe just pointed out to me that the Google car has a flat tyre, rear offside…so wasn’t “broken down”, just had a puncture to deal with…I should have spotted that but was too busy getting the composition and exposure for my photo right!

flat-tyre

UPDATE: Daughter returning from school having collected her excellent GSCE results says there was an RAC van with the Google car, he’d actually just broken down, which would explain the driver’s surliness.

Mrs Sciencebase out and about in our village this morning alerted me to the fact that she had spotted a Google StreetView vehicle parked outside a boarded up shop on the High Street. I dashed out on my bike, camera in hand, to get a snap – watching the watchers – and hopefully have a chat with the operative. Well, I got a photo or two, but the chap with the controls was less than conversational, nervous almost, as if he’d been doing something wrong…like harvesting Wi-Fi passwords (allegedly) rather than assimilating images of the local streets. Either that or he was just a shy chap and not interested in chatting to the public…incidentally, I wonder if I’ll get a request to pixelate his number plate. Hahahah

google-streetview-car-2 google-streetview-car
Anyway, if you’re out and about in the village today and see him assimilating, give him the vees or a little wave depending on your mood and let’s all celebrate the wonder that is Google. Not.

Anticancer Aspirin? Not so fast

The news was full of the discovery that taking some aspirin every day for ten years could somehow reduce your risk of getting cancer, particularly cancers of the gastrointestinal tract. The stomach bleeding side-effect (for some) and other as yet unknown side-effects aside, I was skeptical from the start, it just looked like a review of reviews where they looked at the idea that taking aspirin for years and years might somehow correlate with not getting cancer. To me, this is like the inverse of so many other studies that purportedly “prove” that such and such an exposure to food, pollution, toxin or whatever will “cause” cancer. Correlation is not causation.

chemical-structure-of-aspirin

As far as I can tell, the discovery was based on a literature review and not an actual study of the pharmacology and biochemical effects of aspirin itself. Thankfully, NHS Choices magazine, which takes a look at the science behind the headlines seems to agree. “The study was carried out by researchers from a number of institutions across Europe and the US, including Queen Mary University of London. It was funded by Cancer Research UK, the British Heart Foundation and the American Cancer Society. The study was published in the peer-reviewed medical journal Annals of Oncology.” Fine. Good.

But, says NHS Choices: “Several of the study’s authors are consultants to or have other connections with pharmaceutical companies with an interest in antiplatelet agents such as aspirin.” That’s common, and, of course, those involved in pharma research are generally connected to the industry in some way. So, not necessarily a bad thing, there are often what some might refer to as conflicts of interest in biomedical research if these are indeed conflicts here.

More worrying though, and to my mind, the real nub of the problem is what NHS Choices says about the details of the study: “It is not clear that the results are reliable from the methods reportedly used to compile this review. This is because it included studies of varying design and quality, with much of the evidence coming from observational studies, which, while useful, cannot be totally relied on to test the effectiveness of healthcare interventions.”

NHS Choices also criticises the way studies in the review were chosen: “It’s not clear how the studies included in the review were chosen and whether others on the same topic were excluded. It is also not clear whether or not this was a systematic review, where studies are rigorously appraised for their quality and criteria are established for their inclusion.”

That sounds like quite the damning indictment to me and for that reason, I for one am out.

Daily aspirin 'reduces cancer risk,' study finds – Health News – NHS Choices.

Virtual Art Conservation

This tweet showing a partially restored painting where 500 years of grime, varnish and earlier conservation efforts got me thinking. We usually see all these fabulous old paintings through a patina of filth and there are people trying to strip them back to the artist’s original view…but with digital images and Photoshop could this be done virtually for a whole lot of artworks. We colourise old monochrome photographs, this would be akin to that, taking the image back to what it really looked like…

art-conservation

More details about this specific restoration work here.

2014 Sciencebase fifteenth anniversary

It was 20th July 1999 when I first registered the domain name sciencebase.com and transferred my old Elemental Discoveries website from their origins on various hosts to the present science super hub. Don’t the years just fly by? At that time, I was quite serious about building up a science portal (as they were then known) and publishing regular science news, views, and interviews in what would eventually become known as the blogging format. Quite by chance 20th July was the forty-fifth anniversary of a slightly more globally significant event — the first manned moon landing.

When I blogged the 10th anniversary post in 2009, I’d delivered 1600 items on the blog part of the site, plus all the legacy pages before I started counting. The CMS tells me there were almost 2500 items on the blog by July 2014. 1600 in the first decade, and then 900 posts in the last five years. Somewhere the rate went up slightly. Although as of the last year or two my focus has been less on frequent updates to this site and more about fulfilling deadlines for various clients, and my spare time tuning up and snapping photos – hence the recent “rebranding” to Songs, Snaps and Science of this and my social media stuff. [Update: March 2023, 3700 posts on the site, although some have been mothballed and some deleted over the years]

The Science blogging is mostly here on Sciencebase.com and announced on Mastodon, Twitter and Facebook. My photography is most accessible via my Imaging Storm site or on Fine Art America. My music via BandCamp.

The Real David Bradley

I feel awfully guilty calling myself “the real David Bradley” now that I’ve met the actor who played Argus Filch in the Harry Potter films and William Hartnell alongside actor Brian Cox in the BBC Doctor Who period drama “An Adventure in Space and Time”. I just happened to bump into him in a pub whilst we were on a camping trip to North Norfolk. I introduced myself and he was more than happy to give me an autograph, but only if I gave him mine (apparently he knew of his namesake and the book Deceived Wisdom), which was rather gratifying.

real-david-bradley david-bradley-actor
As two celebrities sharing a name and meeting for the first time, we didn’t do that whole selfie thing. Funnily enough though, my son was on an educational trip to New York City earlier in the year and bumped into actor Christopher Eccleston, who played the first Doctor Who in the resurrected TV show back in the 21st Century; they did do the selfie thing. Eccleston, of course, acted alongside the other/real David Bradley in gritty 1990s TV drama Our Friends in the North. Anyway, he was a lovely chap and perhaps even almost as chuffed as I was to meet his namesake…

UPDATE: Daughter home from her trip away with friend’s family tells us she bumped into comedian Rob Brydon in the Brecon Beacons…apparently his family pushed in front of them in a cafe queue, c’leb encounters of the wurst kind

Just a moderate bee sting

When the garden lawn is covered in blooming clover (Trifolium) and the last few honeybees (Apis mellifera) that haven’t yet succumbed to colony collapse disorder are busy about their floral business, it’s probably a good idea to not walk around barefoot in the garden with one’s reading glasses on, it would help avoid all that embarrassing hopping about in blooming apitoxin-induced pain…caused mainly by melittin (Glycyl-L-isoleucylglycyl-L-alanyl-L-valyl-L-leucyl-L-lysyl-L-valyl-L-leucyl-L-threonyl-L-threonylglycyl-L-leucyl-L-prolyl-L-alanyl-L-leucyl-L-isoleucyl-L-seryl-L-tryptophyl-L-isoleucyl-L-lysyl-L-argin yl-L-lysyl-L-arginyl-L-glutaminyl-L-glutamamide)

bee-sting-venom-melittin
UPDATE: Three days later. Sole of my foot is swollen, sore, red, hot to the touch and feels as if there’s a piece of tough leather just below the skin…nice…so headed to the Mayo Clinic website for their take on bee stings. Apparently, my sting is merely moderate, I can barely put my shoe on, so yeah, moderate. A mild reaction would have subsided within a few hours. Conversely, a severe reaction might involve: skin reactions, including hives and itching and flushed or pale skin, difficulty breathing, swelling of the throat and tongue, a weak, rapid pulse, nausea, vomiting or diarrhoea, dizziness or fainting, loss of consciousness. Thankfully, Mayo says that a moderate reaction this time does not predispose one to a severe allergic reaction on next apian encounter.

moderate-reaction-beesting
Honeybee photo by David Bradley Photographer