西九龍文娛藝術區計劃要重新再來,各報章反應不一;有說政府是大輸家,出醜之餘還連累特首連任機會;有說是民主大勝利;政府卻說這是最佳做法,是強政勵治的表現。以下的社評較為中肯,可以參考。
此事最開心的是某些酸葡萄地產商,但我認為將地盤拆細拍賣各自發展是最差的做法。三個競逐的財團其實已包括約十個地產商,土地拍賣其實大部分都是由他們主宰。我不反對由大財團或地產商搞藝術;西九管理局不可能全由藝術家作主。管理學專家,營運專家和財務專家亦不可缺。由李嘉誠做主席再招納各路英雄亦可做得好。
天篷再被大做文章。做過政府工程的人會明白苦衷;因為發展建議邀請書列明天篷為必須條件,三個建議都已包含這個設計和其成本;亦有一建議因沒有天篷而被取消資格;所以孫公在發展建議邀請未完結前要在立法會堅持這項要求。
尊貴的議員又再因政治爭議而精神分裂;不久以前,在財赤時期,大家都要小政府,所有非核心服務都應由私營機構去做,以增加效率和減低成本。但忽然公私合營不再政治時髦,不如回復以往古老做法,則政府開支靠撥款,營運不必費心平衡賬目,收入撥歸庫房,以滅財赤。
最大的輸家是藝術愛好者,和等候開工的建築業人員。西九龍文娛藝術區計劃起碼要等下一個特首任期才可以開始規劃;我估計在2010年前都不會成事。
“ (星島綜合報道) 西九龍文娛藝術區計畫一波三折,在政治形勢與營商盤算之間的矛盾無法得到協調,令當局明白難以落實原先的發展模式,只好用上近乎大撤退的策略,期望退一步海闊天空。由於政府原先開出的種種發展條件已全部作廢,連天篷意念也可放棄,彈性肯定比以前大。至於計畫會否更快,則視乎如何評估原有構思的落實速度。
表面上,重新構思發展,計畫一定會推遲,這是基於原先構思可以按照原定時間表落實。但客觀環境卻令這個假設不切實際,堅持原有由地產商主導的發展模式,只會繼續衍生無了期的爭議和拖拉﹔因此,捨原路而另闢蹊徑,未嘗不是令計畫早點落實的選擇。
今次財團遲疑,原因是財政風險大,按政府要求注資三百億元及撥出一半樓面拍賣的要求,預計每平方呎樓面成本價要達一萬六千元。相對於目前同區豪宅優質單位平均呎價只賣到萬餘元,難以保證有足夠利潤,吸引到財團去冒險投資。
政府現在收回項目,將來若自行發展,毋須如私人財團追求利潤,把財務要求降至自負盈虧,將提高計畫的財政可行性,又可減少「利誘」財團惹來「官商勾結」的批評藉口。現時樓價回升,庫房收入又大幅改善,比起沙士剛過後初推計畫的日子,政府無疑有較豐厚的財力,可以承擔這個計畫。
但是,建造了硬件,只完成西九計畫的軀殼,計畫要成功,關鍵在於日後的營運效率。文化藝術往往是「蝕本生意」,要靠外間補貼。有立法會議員建議設施由公家營運,如此一來,西九管理局可能變成另一個醫院管理局,令納稅人背上沉重的財政包袱。
以管理局等模式營運得較為成功的,是機場管理局和地鐵公司,而地鐵的經驗特別值得參考。世界上沒有多少鐵路,能夠單靠運輸服務自負盈虧,往往要靠政府補貼。地鐵公司不致成為本港納稅人的包袱,還可以賺錢上市,原因一來是擺脫公務員架構獨立專業運作,二來是獲政府撥出大量土地,引來私人財團合力發展,以地產收益來補貼運輸經營的虧蝕。由於地鐵賣地符合公眾利益,至今沒有聽過有人批評其「明益地產商」或「官商勾結」。將來西九管理局也可以用上「以地養藝」的模式。
包括廣州在內的內地城市,已經在建造各自的高水平表演場地,本港實在經不起進一步的拖拉。當初深圳發展貨櫃碼頭,不少港人認為其軟件難以追上香港,現實是近年本港流失了大量潛在貨運商機予內地。文娛藝術區計畫經過今次的挫折,必須快馬加鞭,免重蹈貨櫃碼頭的覆轍。”
Tuesday, February 21, 2006
Online authentication
Just read another article on internet security at Wired News the day before. The problem of online authentication was a major theme at the 2006 RSA Conference. Major IT security companies now realize that an electronic token to be physically carried by the user is not a feasible "second factor" of authentication. You may recall that I also wrote an article last year on "Where is my electronic token?" in my blog along the same line.
How do I know this is the person of the true identity that I want to transact? Name and password can be stolen, but so is an electronic token. Furthermore, a token can be lost, damaged, malfunctioned, expired. The cost of replacing it, i.e. physically deliver it to the right person, is huge and the process is insecure. The mere thought of carrying a token in the electronic age makes you think that the internet has returned to stone age.
The intelligent human recognize their counterparts not by a token, but by characteristics. One way of doing it is through biometrics. Facial recognition, retina recognition, finger print, DNA test can all do the trick. However, these are not very feasible for internet transactions.
The clever IT security gurus come up with something simpler. Besides biometrics, there are many personal traits that can identify a person. One company proposes a solution which examines the device the client is using, including a number of factors such as IP address, a secure cookie or Flash object. A client logging in at the usual time from her usual machine will only need to enter the user name and password. But if that person is on a different machine using a different browser in a different time zone, for example, she will be presented with challenging questions that she answered when she signed up.
Some financial institutions are using a combination of such information combined with transaction history and usage patterns. For example, a typical everyday user suddenly sending a large sum at 2 a.m. to an account in Turkey might raise a red flag.
Another company adds an extra layer of security by locking out users who don't type in a password with the same typing style as the original user. The typing rhythm idea is flexible because the user can easily reset the system. When a new password is set, then there will be a new typing rhythm. The company calls it the disposable biometric.
There are yet new gadgets being developed. Other new offerings from RSA Security include a browser toolbar that works like a security token, and software that can turn a mobile phone into a token. The war still goes on.
How do I know this is the person of the true identity that I want to transact? Name and password can be stolen, but so is an electronic token. Furthermore, a token can be lost, damaged, malfunctioned, expired. The cost of replacing it, i.e. physically deliver it to the right person, is huge and the process is insecure. The mere thought of carrying a token in the electronic age makes you think that the internet has returned to stone age.
The intelligent human recognize their counterparts not by a token, but by characteristics. One way of doing it is through biometrics. Facial recognition, retina recognition, finger print, DNA test can all do the trick. However, these are not very feasible for internet transactions.
The clever IT security gurus come up with something simpler. Besides biometrics, there are many personal traits that can identify a person. One company proposes a solution which examines the device the client is using, including a number of factors such as IP address, a secure cookie or Flash object. A client logging in at the usual time from her usual machine will only need to enter the user name and password. But if that person is on a different machine using a different browser in a different time zone, for example, she will be presented with challenging questions that she answered when she signed up.
Some financial institutions are using a combination of such information combined with transaction history and usage patterns. For example, a typical everyday user suddenly sending a large sum at 2 a.m. to an account in Turkey might raise a red flag.
Another company adds an extra layer of security by locking out users who don't type in a password with the same typing style as the original user. The typing rhythm idea is flexible because the user can easily reset the system. When a new password is set, then there will be a new typing rhythm. The company calls it the disposable biometric.
There are yet new gadgets being developed. Other new offerings from RSA Security include a browser toolbar that works like a security token, and software that can turn a mobile phone into a token. The war still goes on.
Subscribe to:
Posts (Atom)