The above demonstration is from the PDF file linked above. Like it says; 482 bytes is enough to get a good image out of a single barcode. We could stack multiple barcodes together and then cat them so to reconstruct a higher fidelity JPEG if needed.
Obviously a barcode solution is preferable to what the Americans are planning, an embedded RFID chip. There are no privacy problems with printed barcodes; you cant scan them without the explicit permissoin of the passport holder, which is exactly what is needed.
Once again, because it is built on standards based technologies, this solution is cheaper than the ones being planned. There is no vendor lock in, interoperability is guaranteed and the "shenanigan factor" is greatly reduced.
The system - not just the cards, although cards will be involved - that I want to demonstrate needs to challenge the whole notion of a centralised database, especially one that holds biometric records. [...]
That is exactly what the system I just described does; the parts are cheap, now all we have to do is write the software. It can all be done in Perl. The face matching part looks undoable on a short timescale, but I am sure that there is a vendor that will step up and offer a solution.
To be clear:
The centralized database of photographs held by the passport office is there only to do duplicate application checks.
If we did not have this check, then people would be able to get two passports in different names with the same photograph, which is something that would make the concept impossible to sell to any passport issuing authority.
This database would be held by the passport office, and be used only for dupechecking. It would never be used for anything else. The passport office already keeps a copy of the picture used when you made an application, and all of your details stored on a database. This is a step that almost eliminates duplicate passports. I say almost because face recognition is not foolproof. But you know this.
Of course, MI5 & co will have unlimited access to this database, as they presently do with the Pasport Office's records. This is acceptable. What is UN-acceptable, is every country having access to your passport data, via a single giant database wether you have crossed their borders or not. The creation of this database is what we need to prevent, and since it has been clearly demonstrated that it is not needed to increase the security of passports, and that it would be hugely expensive in comparison to our distributed solution, there is no real reason to do it.
The original idea that I published needs to have this dupe check proceedure, which is by itself innofensive, as long as no one other than the passport office has access to it and it is used for this single purpose of dupechecking.
On this subject of dupechecking, I would love to know how the passport office (indeed, any passport office) presently does dupechecks. If your papers are in order, you should be able to get a passport in any name that you want. Obviously only "bad guys" do this, and it must be said that for the majority, the passport system works perfectly. Part of the reason it works well in the UK is that you have to have your application form and photographs signed by a current passport holder. This works very much like the PGP "web of trust" where you can sign the PGP key of someone you know so that you can vouch for the identity of someone when they present their public key to a third party.
In this way, if the initial seed population of passports are issued correctly, and the people are trustworthy, you can generate a large body of good passports because everyone swears that the persons that they are introducing to the British Passport are known to them. This sort of disctibuted human trust is far better for people than centralized trust; it puts a high value on the British Passport, makes citizens take responsibility for the security of the system...rather like jury duty. Sadly all you need are a few bad seeds and you can generate branches of bad passports created by people who are not civic minded - you know the sort, the people who leave litter on the ground right in front of you in broad daylight.
Me? I can't. Well, I could, but it would take time and resources which are unavailable to me at present. I'm not a *nix hacker, I have no experience of peripheral hardware and very little (miniscule) experience of making apps.
I could help with the web end of things, especially the front end / UI.
Putting chips in paper passports is a pain in the ass Why not put the chip on a card and have a wallet inside the passport to hold this. Not 100% fool proof (you could lose it), but it kind of works.
Speaking of passports, my girlfriend's 2001 French issued passport is not machine readable. My 1997 UK passport is. I seem to remember that the US demands machine readable passports, although on my last trip (Feb 2004) they didn't use any machines to read it. In fact, I have never seen it being read by machine.
Could not the digital information be optically encoded in hologram form?
Looks like the answer is "no" maybe:
he key points made in this paper are:
1. Currently only an expert can detect a skillfully counterfeited hologram. Holograms offered now as anticounterfeit devices have a high forensic value, but limited value as a front-line defense because there is not a convenient and reliable way to detect counterfeit holograms at the retail counter. 2. Current machine readers for holograms require special kinds of holograms in special formats; they cannot detect a counterfeit VISA dove. 3. A Universal Hologram Reader is a major technical challenge, but it turns out to be feasible. 4. A Universal Hologram Reader will give security holograms a new lease on life, and will help establish and maintain holograms as a effective front-line defense against counterfeiting well into the next century.
I just got a promotional email from a well-known online supplier of teeshirts and other goods that can be printed with your design, and it featured a BBQ apron with Bob Dodds on it. This seems like it should be more than coincidence, but I don't really know what to make of it.
I was thinking also about the ID chip in the passport page. The ID page in my passport is a thickly laminated piece of paper with a hologram in the laminate. Could not the digital information be optically encoded in hologram form? Since the hologram is a precise laser etching, it could potentially be much more stable and pack way more information than a printed barcode.
Re: Google merch For some twisted reason I just imagined someone with a "Gooooooooooogle" (with according page number links) tatooed on his cock. Leave it to me to lower the brow!
in other news: I got a job! I have been broke/in debt for over 5 months, this is going to be awesome.
"It's an imaginary scene from World War 2, though it could have happened. Battalion headquarters gets a report over the phone from a front line sector. 'Armor moving to our front, 300 yards out bearing 75 degrees.' The information is plotted in grease pencil on a 1:10,000 map with an an acetate overlay. The position of the platoon reporting is known on the map. A protractor marks out the bearing and ruler paces of the distance. A symbol for enemy armor is drawn on the acetate. Ten minutes later, more details come in. 'Armor is three tanks'. A number is written in beside the enemy armor symbol. Battalion asks the platoon commander if someone can get a better look at the armor. Twenty minutes later, another update is phoned in. 'Sir, I don't know what they are doing there, but the armor is ours.' The map plot is amended, and the symbol for enemy armor is changed to reflect friendly armor.
Sixty years later a reader browsing internet news stories gets breaking news that an American helicopter has killed forty persons at a wedding. But story goes on after he closes the browser."
Would PGP / GPG / Open PGP suffice for the cryptographic signature?
You mention "a PGP-like signature check"... Why only PGP-like?
My bad; GPG a signature is perfect for this.
Perhaps they are too complex? Or too widely used to be of any use?
Actually, this is precisely why GPG is perfect for the signatures. GPG is widely used, well understood, and complex enough to do lots of useful things, like detached signatures.
Perhaps the encryption is not strong enough?
The encryption is WAY strong enough.
setting this up should be technologically trivial. As trivial as your four-point summary makes it out to be.
Its a race then! You need to build this:
A page that has:
a form where you can upload a JPEG of your passport photo
fields for Name, Date of Birth.
The system (mocking up as the Passport Authority will pretend that it is a person that has vouched for you. It will issue you with:
a passport number
a date of issue
Place of issue
Of course in the real world scenario, all the checks used to currently control passport issueing would suffice to issue with a digitally signed passport, except for one extra step:
biometric face matching
The system should be able to search through its database of photos and see if there is a dupe in there. If it finds one, then the application should be rejected.
Obviously the face matchine part is the hard part; I dont know if there is any CLI face recognition software out there are some dudes you can ask since its such a sexy project.
The GPG signature part is a piece of piss. In the real world signatures should be made on a machine that is offline. This is to protect the crucial Private Keys from compromise.
Storing the Pictures and signatures on an external device: people visiting the site can of course download their pictures and the related signature, but for the sake of the demonstration, you will need to store this image and signature on some sort of PIC card etc.
From this cool site. With many cool readers and reader/programmers.
You then need to build a simple piece of software that will load the image and signature from the card, display the picture, and associated info, and then check the signature with the Public Key of kit that is distributed everywhere....I mean to all ports in foreign countries. :]
Something else to think about. Putting chips in paper passports is a pain in the ass, and makes the passport more expensive. If you could convert the picture and signature into a highly compact barcode, the passport would be much cheaper to manufacture. You then would have to recover the picture and signature from the barcode, display it and check the signature. Could you sqeeze a passport photo into a pave of a passport? Hmmmmmm.
Much of what seems to be required is in the public domain
Would PGP / GPG / Open PGP suffice for the cryptographic signature? You mention "a PGP-like signature check"... Why only PGP-like? I guess that's to do with copyright / license restrictions so why not GPG (which is obviously GPL'd) or Open PGP?
Perhaps they are too complex? Or too widely used to be of any use? Perhaps the encryption is not strong enough?
I am asking this because I am ignorant about this and because if any of these already exisiting, widely used and open (in the case of GPG / Open PGP) then setting this up should be technologically trivial. As trivial as your four-point summary makes it out to be.
Last July, a US district court judge court dismissed charges brought against her saying they were unconstitutionally vague and revealed a "lack of prosecutorial standards."
But in November, Attorney General John Ashcroft personally announced a new superceding indictment brought against Stewart, accusing her of passing messages between her client Abdel Rahman, and an Egyptian terrorist organization. Rahman was convicted of conspiring to blow up several New York landmarks and to assassinate Egyptian President Hosni Mubarak. He is serving a life sentence.
Stewart, who has denied the charges, is a familiar figure in New York courts, frequently representing low-income and minority clients. She joins us in our firehouse studio blocks away from the court house. [...]
Aren't you glad this wasn't an "rm -rf" command? (Actually, I haven't been able to get the command "string" to accept spaces.)
Here a list of thing that will also work. (Notice: you need to close the help application between calls.) Current Date & Time (A script on your machine) top (Monitor all running applications and their resource usage.)
ls (Spit out a listing of files in your home directory.) ls -la (This one doesn't work because spaces cannot be used in the command string) du (This is the one that launch when you opened this page. It's totally harmless!)
The AppleScript doing the work is: /Library/Documentation/Help/MacHelp.help/Contents/Resources/English.lproj/shrd/OpnApp.scpt
In it, line 10 should prevent executing malicious code on mounted volumes: open file completeParamof the startup disk
But, that "of the startup disk" doesen't limit execution to the startup disk.
From the disk image, run ?install prefpane,? which will put the MoreInternet preference panel into your System Preferences panel.
Open the MoreInternet panel, and select the help: protocol.
Change the application it launches from the Help Viewer (which has the script-running vulnerability) to something benign. (I used TextEdit.) I used Chess, which, unlike TextEdit, gives me a clear visual cue that a page tried to invoke the help: protocol.
The fees are between 666% and 958% higher than ministers indicated when the bill passed through parlia ment four years ago. The charges would undermine Labour's commitment to freedom of information, which was made in a personal pledge by Tony Blair before the 1997 general election. [...]
Except you won't need to go to prison, the approach outlined is to fine people and not follow up non-payment. So no 'fuss' about imposition of cards can be made, Blunkett's view is that if you keep things quiet enough then the poison will slowly accrete to a level causing the slow decay and barely noticable death of freedom.
They've obviously learnt from the Euro non-Debate that if you tell people what you want to sign them up for, something they don't believe in they won't vote for it.
ID card backlash: is the poll tax effect kicking in?
By John Lettice Published Wednesday 19th May 2004 10:14 GMT
UK public support for ID cards is declining, while opposition is hardening, and a surprising number - perhaps five million - would be prepared to take to the streets in opposition, according to a new opinion poll released today. The results, although they still show 61 per cent in support of the scheme, show committed opposition in sufficient numbers for poll tax-style disruption to be a very real possibility.
Since last month's Detica survey, numbers strongly opposed to any kind of ID card have doubled from 6 per cent to 12 per cent. Within the opposition 28 per cent, which would translate as 4.9 million in the population as a whole, say they would participate in demonstrations, 16 per cent (2.8 million) would get involved in "civil disobedience" and 6 per cent (around a million) would be prepared to go to prison rather than register for a card. Talk is of course cheap at this stage, but this is still an indication of seriously vehement opposition just a few weeks after the scheme was unveiled, and even the more favourable (for the Government) Detica poll showed quite clearly that the vast majority of people knew practically nothing of what the scheme entailed. And the more they learn, the less they may like it.
The latest survey was commissioned by Privacy International and conducted by YouGov, and obviously its intentions differ from the Detica survey, so the results are not always directly comparable. But some of the most interesting numbers stem from the differences. YouGov found that in addition to losing numbers, support is weakening, with people less sure, and rather lower numbers prepared to go for a compulsory scheme (which, ultimately, it will be). And some of the key components are decisively rejected by the public as a whole, which is what you might call a bit of a problem. Most (47 per cent versus 41 per cent) don't want to have to tell the government when they change their address, and 24 per cent strongly oppose revealing it in the first place (So perhaps they'd care to revolt against against passports and driving licences? But never mind...).
Again, 45 per cent oppose the requirement to inform the government when a card is lost, stolen or damaged (44 per cent in favour) and 34 per cent are against having fines or imprisonment as penalties for failure to comply.
It is of course utterly illogical for people to be in favour of the scheme while opposing aspects of it whose removal would render it (as currently envisaged) unworkable. But The Detica poll also showed that support of the scheme was based on some pretty staggering misconceptions, so perhaps what we have here is a picture of a nation on its way to an education - as they join the dots up, it's surely rather more likely that they'll begin to reject the scheme as a whole, rather than, say, concluding it's OK for the government to keep tabs on your address after all.
And among the entrenched opposition there's something that really is very surprising. Across the board Conservative voters are markedly more likely to oppose the scheme, go to demos, participate in civil disobedience and even go to prison, than Labour voters. If he plays his card right, former "Mr Poll Tax" Michael Howard, now Conservative leader of the opposition, could yet have his revenge. And indeed the image of him being hauled into the van by the Met is quite treasurable...
>>>> Subject: Dont buy gas on 05/19/2004!!! >>>> >>>> >>>> >>>> IT HAS BEEN CALCULATED THAT IF EVERYONE IN THE UNITED STATES DID NOT >>>> PURCHASE A DROP OF GASOLINE FOR ONE DAY AND ALL AT THE SAME TIME, THE >>>> OIL COMPANIES WOULD CHOKE ON THEIR STOCKPILES. >>>> >>>> AT THE SAME TIME IT WOULD HIT THE ENTIRE INDUSTRY WITH A NET LOSS OF >>>> OVER 4.6 BILLION DOLLARS WHICH AFFECTS THE BOTTOM LINES OF THE OIL >>>> COMPANIES. >>>> >>>> THEREFORE MAY 19TH HAS BEEN FORMALLY DECLARED "STICK IT UP THEIR behind >>>> " DAY AND THE PEOPLE OF THIS NATION SHOULD NOT BUY A SINGLE DROP OF >>>> GASOLINE THAT DAY. >>>> >>>> THE ONLY WAY THIS CAN BE DONE IS IF YOU FORWARD THIS E-MAIL TO AS MANY >>>> PEOPLE AS YOU CAN AND AS QUICKLY AS YOU CAN TO GET THE WORD OUT >>>> >>>> WAITING ON THIS ADMINISTRATION TO STEP IN AND CONTROL THE PRICES IS NOT >>>> GOING TO HAPPEN. WHAT HAPPENED TO THE REDUCTION AND CONTROL IN PRICES >>>> THAT THE ARAB NATIONS PROMISED TWO WEEKS AGO? >>>> >>>> REMEMBER ONE THING, NOT ONLY IS THE PRICE OF GASOLINE GOING UP BUT AT >>>> THE SAME TIME AIRLINES ARE FORCED TO RAISE THEIR PRICES, TRUCKING >>>> COMPANIES ARE FORCED TO RAISE THEIR PRICES WHICH EFFECTS PRICES ON >>>> EVERYTHING THAT IS SHIPPED. THINGS LIKE FOOD, CLOTHING, BUILDING >>>> MATERIALS, MEDICAL SUPPLIES ETC. WHO PAYS IN THE END? WE DO! >>>> >>>> WE CAN MAKE A DIFFERENCE. IF THEY DON'T GET THE MESSAGE AFTER ONE DAY, >>>> WE WILL DO IT AGAIN AND AGAIN. >>>> >>>> SO DO YOUR PART AND SPREAD THE WORD. FORWARD THIS EMAIL TO EVERYONE YOU >>>> KNOW. MARK YOUR CALENDARS AND MAKE MAY 19TH A DAY THAT THE CITIZENS OF >>>> THE UNITED STATES SAY "ENOUGH IS ENOUGH" >>>
Okay, to answer my own question, in approx chronological order of year of joining...
Volts (1982) Legg Legg the Philbert (1985) Oggy 9 (1986) The Nicaraguan Babies (1986) Petrol Ignition (1986) Volvo to Hell and the Bedford Van Ensemble (1986) 54 MS (1986) Psychic Del and Jim (1986) Acid (1987) Dere Little Chaps (1987) The CSE (1987) A Completely New Experience (1987) Vehicle Derek (1987) Big Chief Fail (1989) Magic Davros Band (1990) (The) Chair (1994) Mister X (1994) Phlegmarse (1995) Less (1996) Spunkle (1997) Scored Exhaustive (1998) Vehicle Derek (2000) The Results (2002) The Bubbles (2004)
Most Heard Recordings 1. Brian Eno Interviewed on KPFA's Ode to Gravity, 1980 820 downloads 2. Steve Reich at UC Berkeley University Museum 669 downloads 3. John Cage and David Tudor Concert at The San Francisco Museum of Art (January 16, 1965) 407 downloads 4. William Burroughs Press Conference at Berkeley Museum of Art on November 12, 1974 298 downloads 5. Nicolas Slonimsky Speaks about Frank Zappa 265 downloads
The European Union yesterday agreed to hand over airline passenger data to US security agencies, drawing angry complaints that it was ignoring civil liberties concerns.
The data being transferred to the US includes credit card numbers and personal contact information.
But in last-minute negotiations it was agreed that data regarded as too personal, such as dietary requirements that could reveal religion, race or health, would not be given.
No governement agency has (/should have) the right to mine information from the public taking part in perfectly legal activities. No third party should make any gains from two bodies entering into a contract (the passenger and the airline) - that is a basic component of contract law.
Citizens of the EU nations are not US citizens and have no accountability to the US outside its borders.
MOORE BRINGS DOWN HOUSE: LONGEST STANDING OVATION 'IN HISTORY OF CANNES' FOR BUSH BASH FILM:
20 mins standing ovation for FAHRENHEIT 9-11, yelling, screaming, cheering... 'This is the longest standing ovation in the history of the festival! Unbelievable!' declared Cannes stalwart Thierry Fremaux. Moore, raising fist, unable to speak over crowd, vows to fight... Controversial scene in film shows wounded American GI in Iraq talking about how Democrats must win election... Movie shows video of U.S. soldiers laughing as they place hoods over Iraqi detainees, with one of them grabbing a prisoner's genitals through a blanket...[...]
The modern harpsichord, The harpsichord as we know it today, has inspired the greatest composers of the 20th century. They have given the modern harpsichord an extraordinarily rich repertoire. They have brought a new image to the modern harpsichord. Leaving its former reputation far behind, casting off the weight of tradition and using the ideas, technology and techniques of today, they have been totally free to discover the potential and the rich expressiveness of this old instrument, as never imagined before.
Yesterday he said: "When you see the movie you will see things you have never seen before, you will learn things you have never known before. Half the movie is about Iraq - we were able to get film crews embedded with American troops without them knowing that it was Michael Moore. They are totally fucked." [...]
15) Orange jumpsuit Berg shown in video wearing orange jumpsuit known to be of U.S. issue. The orange jump suit "appears" to be identical to the jumpsuits used at Guantanamo. (Compare with pictures at Guantanamo.) The orange jumpsuit was standard US military issue to men in custody. It is unlikely Berg would continue wearing a U.S. custodial uniform if he had been released by the military as they claim. The fact he was still wearing the suit is both anomalous and suggestive. One wonders: Was there an immediate transfer of Berg from the US military to unknown persons, preventing Berg from discarding his US prison garb? [...]
MIAMI (Reuters) - Greenpeace, charged with the obscure crime of "sailor mongering" that was last prosecuted 114 years ago, goes on trial on Monday in the first U.S. criminal prosecution of an advocacy group for civil disobedience.
The environmental group is accused of sailor mongering because it boarded a freighter in April 2002 that was carrying illegally felled Amazon mahogany to Miami. It says the prosecution is revenge for its criticism of the environmental policies of President Bush, whom it calls the "Toxic Texan."
Sailor mongering was rife in the 19th century when brothels sent prostitutes laden with booze onto ships as they made their way to harbor. The idea was to get the sailors so drunk they could be whisked to shore and held in bondage, and a law was passed against it in 1872. It has only been used in a court of law twice, the last time in 1890.
Greenpeace says the decision by the U.S. Attorney's Office to prosecute the organization rather than just the activists who boarded the APL Jade freighter is a sea change in policy, and a conviction would throttle free speech everywhere.
It would also be a sharp blow against Brazilian efforts to halt the trade in a hardwood so precious it is known as "green gold." It yields fatter profit margins than cocaine and is blamed for the destruction of vast swathes of the Amazon.
"Illegal logging goes on and they're bringing it to Miami and making loads of money, and we're going to trial," said Sara Holden of Greenpeace International.
The case is unprecedented, not just because of the bizarre nature of the crime.
Six Greenpeace activists were charged after the 2002 protest in choppy waters off Miami, pleaded guilty and sentenced to time served -- the weekend they spent in jail.
But U.S. prosecutors were not satisfied, and 15 months later came up with a grand jury indictment of the entire organization for sailor mongering. [...]
I went and saw Troy, Brad Pitt's new men-in-skirts movie last night, at the big Odeon in Leicester Square, paying £10.50 for the privilege. Not that I begrudge it: apparently, acquiring the rights to the Iliad was very expensive, and they have to charge a small fortune to viewers if they hope to recoup.
I don't even begrudge them the 30 minutes' worth of commercials they subjected their captive audience to. Well, I did. But I didn't let it get to me.
What did get to me was this warning, shown before nearly every film in the UK:
"You are not permitted to use any camera or recording equipment in this cinema. This will be treated as an attempt to breach copyright. Any person doing so can be ejected and such articles may be confiscated by the police. We ask the audience to be vigilant against any such activity and report any matters arousing suspicion to cinema staff. Thank you."
Every time I see this, my blood boils. I just paid a fortune to see this movie, I've been subjected to 500 percent concession stand markup and half an hour of commercials and now you're going to give me a little lecture about how badly I'll get beaten up if I turn out to be a pirate, and ask me to snitch on my fellow moviegoers?
It's adding insult to injury, if you ask me. It's unforgivably rude.
So here's what I've started doing: whenever this warning is screened, I take a very obvious flash photo of it. I've done it twice now, and both times, I got a round of applause. You can do it too. If we all do it, if we all laugh and boo when this warning comes on, maybe the movie companies will get the picture.