Google I/O Extended – Isle of Man

Google I/O Extended - Isle of ManGoogle broadcast their Google I/O Extended conference from the US, as an adjunct to their much larger Google I/O conference.

Owen Cutajar of FutureTech hosted a live screening of the various announcements, guidance and tech gossip at The Forum, Mt Havelock, Douglas. Attracting a sizeable audience, possibly attracted by the free pizza sponsored by MICTA, there was plenty of opportunity to watch, absorb, chat and munch on pizza and sweets.

The night was captured on the Isle of Man’s Google I/O page.

The Forum is an ideal facility for meeting and learning with like-minded individuals. A number of events are held there, including training courses and seminars by the Isle of Man branch of the British Computer Society and the new and successful, Code Club.

Lots of topics were discussed, covering wearable technology such as Google Glass and watches, home automation using the recently-acquired Google/Nest, Cryptocurrencies and Android.

Although not a Google fan myself, I found the event particularly useful to fill in gaps of my knowledge of another side of the tech industry which I have views upon, though from an outsider’s perspective. Whilst I’m not going to run out and kit my house out with Nest or buy an Android phone, the opportunity to talk through the technologies with other audience members provided fresh insight. It would be nice to see the same applied to the other key players and conferences in the technology landscape, such as those by Microsoft, Apple and Facebook.

 

Russia

Considering the events not only of the last few days in Ukraine, but stretching back some 20 years, Europe is a hotbed of activity for politics, civil unrest and conflict. With Russia on its doorstep, the dynamics within Europe are getting ever tenser, complicated by Russia’s gas advantage. I thought I’d explore some maps of Europe to try and understand these dynamics further.

NATO members

The North Atlantic Treaty Organisation was set up during the Cold War between the West and the USSR. Although its role has somewhat changed since the break up of the Soviet Union, it remains a reminder of that difficult period. As such Russia sees an increasing number of its neighbours joining NATO which can only increase its discomfort.

NATO Members

Source: NATO

EU members

Although Britain is currently deep within an in/out debate with regards the EU, other countries are fighting to get in. In particular, former Soviet countries are keen to embrace Western ways and identify membership of the EU as a major achievement and line in the sand from former times. More of Russia’s western neighbours are snubbing Eastern ways and favour integration with the former enemy.

EU Members

Source: EU

Gas dependencies

Russia has a very strong position within the European gas market, accounting for around 30% of total gas dependence. Although alternative sources are constantly being explored, 30% can materially affect prices.

Russian Gas Dependence

These statistics are from 2004 and are therefore fairly old. However, their significance remains.

Countries with dependence on Russian gas that are ex-Soviet countries: Ukraine, Belarus, Lithuania Moldova, Latvia, Georgia, Estonia.

European countries with dependence on Russian gas greater than or equal to 0.5% of total domestic consumption: Germany, Italy, Turkey, France, Austria, Poland, Netherlands, Greece, Belgium.

European countries with dependence on Russian gas less than 0.5% of total domestic consumption: Sweden, Denmark, Ireland, Portugal, Spain, United Kingdom

Source

Conflict within the last 20 years

From Serbia to Syria, Europe and the Middle-East is at best a basket-case of tension. Civil unrest, aggressive neighbours and religious conflict pepper the landscape. Just searching for “unrest” yields hundreds of results which suggests Europeans are a “bolshy” lot (etymology unintended). But countries in such close proximity, in the middle of the geographic cold war, are bound to see conflict.

Conflicts in last 20 years

States experiencing civil unrest: Azerbaijan (2013), Belarus (2010)Bulgaria (2013), Czech Republic (2011)Denmark (2008), England (2011)Estonia (2007)Greece (2011-ongoing), Hungary (2006), Italy (2010)Latvia (2009),  Lithuania (2009)Moldova (2012)Romania (2012), Slovakia (2004), Slovenia (2012)Sweden (2013)Turkey (2013), Ukraine (2013-ongoing)

States experiencing conflict (on its own soil): Albania (1997), Bosnia, Croatia, Macedonia and Serbia (1992-1995)Georgia (2008), Libya (2011)Montenegro (1999), Northern Ireland (1968-1998)

“We’ve heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the internet, we know this is not true” Wilensky, Emeritus Professor, University College Berkley

Placebos: why are we not using them as a first-step treatment?

Drugs in containersThe BBC’s Horizon programme is always a fascinating insight into science and the recent programme about the power of placebos was no exception. A placebo is a treatment or drug that attempts to address symptoms of conditions or improve performance, but with no active ingredients or processes. The key is to convince the taker of the placebo that the placebo is a genuine drug or procedure.

The programme had a number of powerful demonstrations of the power of placebos. Cyclists were able to improve their performance, the symptoms of Parkinson’s Disease were significantly reduced and symptoms of irritable bowel syndrome were also reduced.

This reminded me of a weakness in the medical establishment, that of research-based medicine. You’d think doctors were scientists who prescribe based on scientific results. You’d be wrong. The medical establishment is alleged to shun scientific analysis and misrepresents medical research data. Ben Goldacre argues even an optimistic proportion of medical treatment would add up to only 50%-80% of treatments being evidence-based according to speciality. Hopefully your treatment will be one of them.

This is why I was pleasantly surprised by the example of a doctor that changed a surgical procedure he had practiced for 15 years for a placebo procedure. The randomised selection of patients experienced a ‘fake’ procedure, including a script-based performance by surgeons. There was no statistically significant difference in the pain relief experienced by patients. Another doctor prescribed a placebo as an alternative to a drug course for Parkinson’s disease with similarly positive results. Test patients were able to experience life as someone without the condition. Placebos rely on the body’s own pain relief mechanism, favouring natural over intervention.

If placebos are so effective, why aren’t doctors prescribing them? Doctors are over prescribing drugs. Anti-biotics are at a critical point due to over prescribing by doctors. Conditions such as depression and autism are treated with cocktails designed to interact with our brains at a chemical – and unnatural – level.

In my opinion, patients should perhaps be prescribed a placebo in the first instance for certain conditions. I don’t want to question the legitimacy of psychological illnesses such as depression, but I am a strong believer in self-help as a first step to treating anxiety, depression and other such illnesses. Meditation has been proven as an effective treatment for anxiety and depression; an effective treatment that is free. Counselling and hypnosis are also valid and effective treatments. (How a doctor can prescribe anti-depressants without counselling is beyond me.) In the absence of GPs prescribing “self-help” such as meditation, perhaps placebos could be used. A placebo could be prescribed as a first stage drug for patients. Studies have shown positive results for depression, so I believe this could be a positive first step for patients unwilling to “self-help”. Perhaps they could experience the same benefits but not subject themselves (and those around them) to the effects of aggressive anti-depressives.

Of course, wider access to placebos will intrinsically reduce their effectiveness as people start to “grow wise” to the practice, reducing the effect of the placebo. Again, the Horizon episode suprised me even here. Patients with Irritable Bowel Syndrome were prescribed placebos and were told so. They were told although the drug was a placebo, perhaps her own body would help her condition. Yet again, placebos were identified as being effective in reducing symptoms whilst the drug was taken.

Perhaps one reason why the medical establishment are not looking to natural methods or placebos as an opportunity to help patients rely on their own healing capabilities is due to the influence of pharmaceuticals. Your GP is the interface between you and a catalogue of expensive drugs, paid for by a state body which can achieve economies of scale for bulk purchase, satisfying the pharmas’ desire for profit. Your busy GP has to get through their patients for the day whilst personally addressing each and every patient’s concerns. It is easy to appreciate how drugs can be turned to as a “quick fix” for patients, helped by marketing departments of the pharmaceuticals who – whilst they cannot offer much more than a mousemat to help them sell their drugs – exert real influence on doctors’ routes of treatment.

To the War-room!

I’m currently studying for an MSc in Project Management. This is making my head pop at times so I’ll blog the bits that don’t make it into my academic submissions from time to time.

Man in front of a wall of writingIt strikes me that in the various projects I’ve worked on, I’ve found myself struggling to move between projects at a moment’s notice, flipping my consciousness in the process. In my head, I am mentally trying to compartmentalise my project work to ensure I don’t get confused as a result of any “leakage”. Meanwhile, my desk gets messier.

What if we could reflect this set of mental compartments in the real world, in the office? By separating project activities from each other in the office, it might just make it easier to flip between projects. Robert Wysocki mentions the “War Room”, which is a room dedicated to the project. This room will probably just be a meeting room “commandeered” by the project team for their collaboration and requires little more than usual office stationery and equipment during the course of the project.

The War Room should contain:

  • A whiteboard
  • A computer and projector
  • Ample water
  • Flipchart
  • Plenty of wallspace and blu-tac

The room is the “meeting point” for the project team both as part of formal meeting times and collaboration times, perhaps as a way to get away from the usual team and concentrate on the job in hand without distractions. The act of removing yourself from your usual position in the office will be an immediate benefit to reducing distractions and when you’re headed to the project War Room, it’s clear to your colleagues what you are working on.

It might be messy, with scrawling across the whiteboards, papers hanging from the wall, textbooks left open and memos littering the desks. It is however a workspace, dedicated to a particular purpose. When individuals enter that room, they join the project either as a collaborative member, a manager or an observer. It’s a physical boundary between the hum-drum taking-care-of-business work and transformative, collaborative work.

Of course, not every office is able to facilitate such luxuries. It might be due to physical constraints (not enough rooms/space) or political (“why should they get their own room?”). Unfortunately, the argument against productivity and office design has long since been lost and we’re doomed to cubicles spread across noisy, windowless offices so making the case for a dedicated collaborative space is going to be difficult.

Then again, if the business can’t give you a dedicated project collaboration space, what value do they really have on the project?

Chip and PIN safety is just smoke and mirrors

I’m no expert on credit/debit card safety but I’m concerned enough to share my thoughts and experience based on recent “hacking” stories in the news and complacency of retailers when storing your card data.

Chip and PIN is not more secure

Chip and PIN Security abstract imageFrom 2004, Banks have been pushing the Chip and PIN “safety in numbers” campaign to encourage customers (and particularly merchants) to shift to the new Chip and PIN technology. Previously, a payment was authenticated using a signature on a receipt (either produced via swiping in a magnetic card reader or a physical imprint of the card details). This had a high rate of fraud due to the weaknesses in signature authentication and ability for cards to be cloned – the magnetic strip became a single point of failure.

On the surface, it appears more secure. France saw an 80% drop in fraud when switching to Chip and PIN. The two factor authentication of Chip and PIN (what you have, what you know) has significantly reduced card cloning; the user doesn’t have to hand over their card whilst worrying about double swiping and their PIN is shared with their ATM PIN so the usability was maintained. However, card fraud has increased in the years since, resulting in the movement of fraud attempts rather than their elimination.

Without considering the vulnerabilities, four immediate problems come to mind.

Firstly, if you don’t enter your PIN correctly, the merchant will invariably downgrade to a Chip and Signature transaction. To the consumer, this mirrors the older process of signing the receipt. The difference is that the merchant has specifically opted in to using the less secure protocol and assumes the risk of fraud. (Given the attention I’ve seen sales assistants pay to the validity of the signature, I wouldn’t put any confidence in this mechanism).

Secondly, CCTV cameras are routinely aimed at the tills, for good reason. But these also collect what users are entering in PIN pads. Of course, we’re encouraged to conceal our entry with our other hand, but we do live in a society and this creates an implication of distrust of your fellow customer. If the card is stolen or is cloned in some way by a compromised terminal, your authentication is compromised but your card is fine.

Thirdly, what confidence do we have that the terminal has not been compromised? Consider the new means of robbing a bank, from an apartment a few blocks away. Santander and Barclays were both targeted with inexpensive IT kit installed by supposed IT engineers which allowed direct access to banking systems. What’s to say the same technique hasn’t been employed, with a sales assistant being duped into allowing “upgraded systems” to be installed from “head office”? A man-in-the-middle device can trick a card into believing signature authentication was used even when an invalid PIN was entered, leaving the incorrect PIN count held in the card intact.

Finally, there is the competence of the merchant. Hotels and bars often hold cards “open” to allow for future drinks/etc. to be added to the account at the customer’s convenience. Theoretically, when the customer signs the receipt when the account is closed they would identify any anomalies (assuming they’re not drunk enough not to realise). I’ve managed to pay for two expensive cocktails in a 5-star hotel without entering my PIN or signing due to this account system being incompetently applied.

In these the weakest security is the person, and it is most often the merchant at fault. Then there are the known exploits in Chip and PIN such as man in the middle attacks (PDF), so-called “yes-cards”, offline authentication, card cloning for use abroad, electronic authentication downgrade and good old robbery.

Cardholder not present is still not secure

Cardholder not present (CNP) is a technique of authenticating the card when the merchant cannot guarantee the authenticity of the cardholder, typically when ordering online or over the phone.

There are various ways of “proving” the identity and validity of a card in this scenario.

Firstly, the Card Security Code (CSC) attempts to prove that the card is in the possession of the purchaser (note, not necessarily the cardholder) at the time of ordering. These are the three digits on the reverse of your card. The CSC is not encoded in either the chip or the magnetic strip on the card, therefore a cloned card would not contain the CSC, rendering the transaction invalid. This can authenticate the transaction (and by implication, the validity of the card, if not the purchaser) but relies on the competence of the merchant to avoid these values being compromised. For instance, the PCI standard mandates that the CSC must not be stored within a database following transaction authorisation, should the database containing card data become compromised. The recent case of StaySure having their CSC data being hacked shows that this is not guaranteed and the customer has no way of knowing. (Ask yourself, if the CSC is needed for an electronic CNP transaction, how can Amazon ask for this code only once and continue to bill your account.) This comes down to the reliability and trustworthiness of the web sites and the individuals running them. How does the company store your card data? Do they retain your data, and for how long? Are there opportunities for individuals within the company to access that data unencrypted? Are paper trails generated containing your card details? The web site is a sealed box into which you have no view of how your financial data is managed. Phone-based and mail-based orders may be written down and printed off and left in accessible piles on employees’ desks (which is why PCI mandates physical access security to cardholder processing areas).

Secondly, Visa’s “3-D Secure” authentication mechanism known under the brands “Verified by Visa” and “Mastercard SecureCode” whilst seemingly authenticating the cardholder by asking more pertinent questions directly related with the cardholder’s bank account, does not provide real assurance to the cardholder that it is indeed genuine. The technique used by the scheme requires a web commerce site to embed an IFRAME within their checkout process that acts as a “window” into the banking system, requesting extra verification data. However, the user does not necessarily know that the site within the window is genuine. A malicious web site may embed a false authentication site, the user’s computer may be infected allowing false authentication sites to be used or DNS poisoning may be used to redirect valid authentication sites to malicious parties.

The Chip and PIN programme does provide benefits to the consumer, without a doubt, though this is largely based on usability. Any argument for increased security is a smoke and mirrors marketing campaign by the card issuers. Fraud has increased, particularly in Cardholder Not Present scenarios (and coupled with weak IT security on the part of web sites) and attacks have merely shifted to alternative weaknesses as opposed to being prevented. The big winners are the banks, because they are able to transfer the risk of a fraudulent transaction from themselves to the merchant or the customer. Stringent merchant contracts allow the bank to transfer liability of fraud to the merchant should the merchant chose to downgrade their authentication or to the cardholder if it can be proved that fraud was attempted. Interestingly, if a PIN has been entered, the banks refused to accept liability until 2009 even if the user denied having used the card.

Isle of Man Social Media Club: December 2013 Third Thursday

The Isle of Man Social Media Club Third Thursday lunch/dinner is a regular and informal gathering of people from a variety of disciplines, including marketing, PR and IT. This month, we’ll be meeting on Thursday 19th December at Jabberwocky.

We’ve been able to chat around a variety of topics related to social media, such as ethics, legislation, policing and more fun aspects of various social media platforms. Whilst we are all probably used to Twitter, Facebook and YouTube, we’re always keen to learn about new platforms and trends you may have spotted.

Jabberwock logo

Following our vote for a change of venue, the consensus points us to Jabberwocky, on Duke Street in Douglas (that’s the end of Strand Street, across from the pedestrian lights). Jabberwocky have a friendly team and have a good quality lunchtime menu with Bagels, Jacket Potatoes, Wraps and daily specials. They are also social media savvy, with a Facebook and Twitter presence.

Hope you can make it. If you can, help us plan numbers by giving us a shout in the comments …