Wednesday, July 19, 2006

Is RFID tracking you?

We used to hear about the RFID issue in IT journals on the technological applications, and also in the political agenda of some activists raising privacy concern. Yesterday, I read from CNN an article on RFID tracking. As RFID becomes an everyday reality, the issue is now news instead of just technological or political discussions. You may wish to browse this article for details.

The article reports on the increasing use of RFID. It is replacing bar code tags and may eventually completely phase out the older technology and standard. This picture of a bunch of bananas with a bar code tag is a strange reminder that even green grocery can be tagged with RFID. I don't know where is the tag placed, as bunch of bananas is often torn apart by supermarket customers. So a tag could be inserted under the skin of each banana, if the cost per tag is very low and the labour is automated. There is a possible scenario that the big brother links up the credit card or Octopus information and obtains information of the purchase. With a powerful remote RFID sensor, other people will know when and where do you eat your banana.

Another striking picture from CNN is this pretty sales lady holding a pair of jeans. The caption says that the garment is tagged with RFID chip. When the pair of jeans is placed near the RFID sensor console, the monitor shows the details of the merchandise, and also other sizes and colours available. The catch is, if you buy it, you will carry the tag with you and the tag can lead to the customer information in the billing database. When you wear the pair of jeans and walk in the street, you may be flashing your identity around. There are promises that the tags will be disabled or its sensitivity reduced. But the advance of technology will also promise the development of more powerful sensor which can detect RFID data from a long distance, and perhaps location information via GPS.

But the present development of the issue is more comforting. The RFID industry is addressing the privacy concern by composing a best-practices manifesto. Participating companies include Microsoft, IBM, Intel, Visa U.S.A. and Proctor & Gamble. The manifesto is meant to assuage consumer fears about how data could be collected, shared and stored. Key parts of the document include an agreement to notify consumers about RFID data collection and give them a choice when it comes to gathering personal information. But the manifesto does not suggest any penalties for not complying. You may recall the handling of the issue on employee surveillance by the Hong Kong Privacy Commissioner. The concern is also addressed by a set of guidelines for employers without any obligation on compliance.

Nevertheless, RFID should not be viewed as something evil. See this CNN photo which shows the German Chancellor Angela Merkel participating in a demonstration on how a shopping cart full of grocery tagged with RFID could facilitate automated supermarket checkout. This is technology tomorrow today. The CNN article also reports on the level of risk on personal data security. On the issue of data leakage, the range of RFID data reception is short. Personal data are now freely available through cell phones and wi-fi connections which pose a greater data security risk than RFID chips. Supporters also say that goods and services transactions using RFID technology would be no more or less secure than they are today. For example, if you pay for goods and services today with a credit card, that information is stored in a database. If RFID is used to record sales, data will also go in the database. Similarly, data read from bar code will also be on the same database. If the government wants access to the the database containing goods and billing information and personal data, the process is essentially the same no matter how the information is collected, by RFID data or the bar code data.

Tuesday, July 18, 2006

Writing assignment

I don't know if this is the right thing to do. But the advertisement said it so nicely that it seems to be legitimate business. And it is global. I read about this service of writing assignment last week. You may wish to browse the website for details.

They write your paper for you. The service includes:
Custom write your essay assignment (term papers, essays, case studies, book reports, application essays) according to your requirements; at a fee of HK$75 per page, each page is 225 words. They will follow your required format and references are free and included. Papers are sent to you by email. Located around the world, they probably write your paper in a backroom somewhere in Sydney or New York.

I've always thought writing your paper is part of the learning and asking someone else write it for you is cheating. But these guys called themselves your writing assistant. You can attend lectures, read books, think on a topic, make an outline, and these guys will do the research for you, make up a database, do the data mining and statistics, write your paper from beginning to end with a conclusion you may or may not think of. Most importantly, they guarantee you can at least get a pass.

This service is not cheap, HK$75 for a short page of 225 words. I guess a short dissertation will probably cost HK$10000.

We need to re-think the moral standard as well as the learning mode. Students in the past were asked to do calculation by hand. Now calculators are permitted. There are now many statistical tools around that researchers do not have to burn the midnight oil to do the mathematics. We build our knowledge based on others so we do not have to learn how to make wheels anymore. All kinds of tools are available to make learning easier. But is writing your paper a step that can be eliminated as well? In any case, a market is being formed.

Saturday, July 8, 2006

Pathetique Symphony 悲愴交響曲

港樂的2005-06樂季到此完結,最後的音樂會當然要是最好的,就是柴可夫斯基 Tchaikovsky 最著名的兩首樂曲:他的降B小調第一鋼琴協奏曲 Piano Concerto No. 1 in B flat minor 和第六交響曲-悲愴 Symphony No. 6 Pathetique。還請來謝敏替 Gianluigi Gelmetti 客席指揮,和狄里柏斯基 Simon Trpceski 為鋼琴獨奏。港樂將今晚(7月7日)的音樂會定名為柴可夫斯基鋼琴協奏曲,可能是因為它較好聽,和 Trpceski 的名氣。不過我較為欣賞悲愴,所以我用它作標題。

Trpceski 近年人氣急昇,是炙手可熱的新進鋼琴家。今晚演奏的柴氏第一鋼琴協奏曲,大家都非常熟悉,所以聽眾要求都會提高。我覺得他今晚開場時熱身不足,第一樂章並無驚喜,但第二和第三樂章就明顯地出色很多。尤其是第三樂章,可以表現出如火的熱情。




悲愴交響曲的悲愴在於第四樂章。柴可夫斯基一反傳統,將一個慢版樂章放在最後,並命名為悲傷的慢版 Adagio Lamentoso。這個樂章回應第一樂章第一主題的悲壯情懷,但悲愴的心情盡顯,可以說是由頭到尾都是慘痛。弦樂奏出煩亂的心情,而低音大提琴做出一個一個的頓音,像是沉重的腳步。可以想像一幅圖畫,有一個人在荒野中遊蕩,腦子裡都是悲慘遭遇的回憶,然後仰天長嘯,像是對神的控訴,最後音樂歸於沉寂,這個人漸漸消失於失望和永恆的空虛之中。相傳柴可夫斯基創作這曲之時亦有這情緒;他於這首交響曲首演後不到一個月就去世,而且死因不是所說的故意染上霍亂,而是中山埃毒。

寫柴可夫斯基第六寫得較長,因為我曾在考音樂理論時作答此題目;多年前以英文作答,現在靠記憶再寫一個中文版。今晚聽此曲覺得十分滿意。Gelmetti 是現任羅馬歌劇院的總指揮,他的功力甚高,把港樂發揮得非常好。我很喜歡他處理第一樂章第一主題的手法,他把這感情澎湃的主題的速度放慢了一點,使它的感染力大大加強。第三樂章進行曲的銅管部份比較不太強,這使它與弦樂部分融合得較好。總括來說,這是一個很高水準的演繹。

Wednesday, July 5, 2006

RFID hacking

It seems inevitable that we are now entering the RFID era. Many major corporations are already putting in their hands on a RFID environment for goods, services and employees. The good news is that the security aspect and privacy aspect of the technology are being recognised in the course of development.

First the good news. A recent article from Wired News reported that IBM is introducing a retail-safe RFID chip to meet the privacy concern. The chip is used in logistic management of goods and can be read at a distance of 30 feet, facilitating the tracking of movement of goods, security in the shop and automatic billing. The so-called Clipped Tag has a notched antenna that consumers can tear off, much like the end of a ketchup packet. Removing this panel drastically reduces the readable range of the device, from about 30 feet to less than 2 inches. This function in effect changes the RFID chip from a long-range device to a proximity device. Consumers then do not need to worry about the identity of the goods being monitored on the street.

The Clipped Tag is meant to mitigate privacy risks by reducing the range of the device without disabling it completely. This leaves the tag intact for returns and other purposes, while ruling out the possibility of security attacks from a distance. IBM argues that the Clipped Tag may be a better option for both retailers and consumers than an industry proposal to permanently disable tags which destroys their marketing and inventory-tracking value.

Now the bad news. In another article also from Wired News, the real face of RFID hacking is revealed. A senior officer of a software firm arranged a robbery for a hacker to challenge the RFID-based security lock system. The hacker used a home-made wallet-sized device he called a cloner which was equipped with a coil of antenna fit in his palm. He walked past the officer unnoticed on a busy street and came close to a few inches from the back-pocket wallet which contained the smartcard. The antenna picked up the signal of the RFID chip on the card and enabled the cloner to record it. The data was then downloaded to a laptop using a USB cable for processing. The cloner was then switched from Record mode to Emit mode. The antenna was now ready to open doors, same as the authentic smartcard, in the secured office of the software firm. See this sketch from Wired News of the robbery in action. I think for security reason, the hacker did not wish to be photographed. He was more security-conscious than the security company.

The sea that contains unlimited number of RFID fishes for easy picking is very tempting for criminals and hackers. The article reported that RFID chips are everywhere: "companies and labs use them as access keys, Prius owners use them to start their cars, and retail giants like Wal-Mart have deployed them as inventory tracking devices. Drug manufacturers like Pfizer rely on chips to track pharmaceuticals. The tags are also about to get a lot more personal: Next-generation US passports and credit cards will contain RFID, and the medical industry is exploring the use of implantable chips to manage patients. According to the RFID market analysis firm IDTechEx, the push for digital inventory tracking and personal ID systems will expand the current annual market for RFID from $2.7 billion to as much as $26 billion by 2016."

"For protection, RFID signals can be encrypted. But most commercial RFID tags don't include security, which is expensive: A typical passive RFID chip costs about a quarter, whereas one with encryption capabilities runs about $5. It's just not cost-effective for your average office building to invest in secure chips. This leaves most RFID vulnerable to cloning or - if the chip has a writable memory area, as many do - data tampering."

The article commented that the world of RFID is like the Internet in its early stages, that nobody thought about building security features into the Internet in advance, and now we are paying for it in viruses and other attacks. We are likely to see the same situation with RFID. For the moment, I am not thinking of protecting my Octopus card, or the chip implanted in dogs, or even the tag in my shirt. However, as things develop, more personal and important information will be stored in RFID chips we carry.

Saturday, July 1, 2006

Wang Jian plays Tchaikovsky 王健演繹柴可夫斯基

王健是現今華裔著名大提琴家。我第一次看到他是在紀錄片樂韻繽紛,是 Issac Stern 多年前在中國表演和訪問的紀錄。王健當時只有八歲,人比大提琴還要矮。他個子很小,坐在椅子上,雙腳不到地,琴柄比他的頭高,但他拉起琴來感情十足。最有印象是影片結束打出字幕時是用他拉琴的片段作背景,一個很小的孩子,專注地拉一段很慢很悲哀的調子。樂韻繽紛中有很多個出現過的小童現在已是世界知名的音樂家了。我第二次聽王建已是差不多二十年後他在香港舉行的獨奏音樂會,技巧已充分成熟。今晚(6月30日)他和港樂合作演奏柴可夫斯基的洛可可變奏曲 Tchaikovsky's Variations on a Rococo theme。

今晚又全是柴可夫斯基的作品,有里米尼的弗蘭切斯卡 Francesca da Rimini 和第四交響曲 Symphony No. 4,又請來伊恩馬連 Ion Marin 作客席指揮。還是先要說說 Rococo。這是柴可夫斯基最出色的大提琴作品,曲式比較特別,以一段段的變奏來發展一個很美麗的主題。其中包含大提琴燦爛的表演和與樂團緊密合作的段落。主題以 Rococo 風格寫成,輕巧高貴,有對古典樂派大師致敬之意。王健的演出極有深度,他拉出來的主題旋律好像唱歌一樣,他在控制落弓力度和句法方面都別有一手;演奏時專注的表情,和幾十年前影片中的表情一樣。

Marin 指揮的柴可夫斯基第四交響曲亦有很好的表現。柴可夫斯基後期的幾首交響曲是他巔峰時期的作品,它們各有特色,第四和第五交響曲各有一貫穿全曲的動機 motif,是當時有些作曲家,如 Berlioz ,愛用的手法。第四交響曲的諧謔曲是弦樂撥弦演奏的經典,其知名度僅次於 Strauss 的 Pizzicato Polka。第四交響曲的終章和第五交響曲的都是同樣雄偉。我是較喜歡第五的,覺得它較直接。但今晚 Marin 指揮的第四演繹卻極佳,高潮層層疊疊,很有壓迫感,是近年來少聽到的佳品;港樂又進步了。