Archive for January, 2015

Google has taken its first step to flag ordinary sites like Wikipedia and CNN with a security warning because they are unencrypted, allowing all data transmissions to be viewed by the prying eyes of hackers or governments.

Google just gave Chrome something of an insecurity complex.

That’s because the company has enlisted Chrome — the No. 2 desktop browser worldwide— in its effort to make secure, encrypted connections on the Web the rule rather than the exception. Encryption scrambles data during transmission to protect users from identity thieves and prying governments. This week, Google built a feature into a test version of Chrome to explicitly warn people about Web pages that are delivered without encryption.

As the feature spreads to mainstream versions of Chrome, it could alarm people who thought Web pages were working fine and could impose new costs on Web site operators who don’t want their users fretting that something is wrong. But in Google’s view, the problem needs fixing.

“We know that active tampering and surveillance attacks, as well as passive surveillance attacks, are not theoretical but are in fact commonplace on the Web,” Chris Palmer, a security programmer on Google’s Chrome team, said last month in a mailing list post explaining the plan.

Moving toward encryption by default is a profound, monumental change for the Web. With unencrypted pages, somebody like an Internet service provider, taxi or airport Wi-Fi operator, or malicious hacker offering a “free Wi-Fi” hot spot can read all the data sent to and from a computer. A hacker can also modify a Web page, and an ISP can insert its own advertising. To block against that kind of eavesdropping and tampering, Google encrypted its Gmail connections and search site in 2010, and Yahoo and Microsoft have followed suit.

But countless Web pages aren’t offered over a secure connection, including Wikipedia, Instagram, Craigslist, Imgur, China Daily, CNN and Amazon product pages. Indeed, 55 percent of the Web’s top million sites don’t offer encryption, according to 2014 analysis.

“In general the principle is sound,” said Robert Duncan, a manager at Internet services and research firm Netcraft. But actually turning the principle into practice will mean many difficulties. “For smaller Web sites, many webmasters won’t have any idea what security is and how to go about doing it, even if it’s free.”

Google has been pushing for an encrypted Web for years, but former National Security Agency contractor Edward Snowden’s revelations about NSA surveillance has lent new urgency to the cause. In 2013, Snowden showed the massive extent of government surveillance both through official channels like subpoenas and theinterception of communications traffic.

The first step in bringing the encryption plan to fruition came this week with a small first step that will directly affect almost nobody. The bleeding-edge Canary version of Chrome — not stable or tested enough for ordinary users — now offers a manual setting that enables the warning about unencrypted pages. A person visiting an unencrypted page will see in Chrome’s address bar a padlock with a red X over it.

As the year progresses, expect the change to spread to mainstream Chrome. Google hasn’t declared a schedule for activating the feature, but suggested one option could be to add the warning once encrypted connections reach a certain threshold of commonness.

To enable the feature now, a person has to install Chrome Canary and activate the “mark non-secure origins as non-secure” option in Chrome’s chrome://flags interface.


Google suggests a phased transition to the warnings, but in the long run, the company expects a reversal in browser behavior. Today, green lock icons denote secure pages while unencrypted pages are plain. In the future, as encrypted pages become the norm, they could get the plain pages while unencrypted sites could sport a red warning sign.

HTTPS advocacy

Encrypted Web pages are sent using the HTTPS (Secure Hypertext Transfer Protocol) technology. HTTPS arrived not long after unencrypted HTTP helpedbegin the Web revolution 25 years ago; the main incentive for adding HTTPS was preventing password eavesdropping on login pages and keeping credit card numbers secret for e-commerce.

Google has worked to counter one perception standing in the way of HTTPS: that HTTPS requires more powerful and therefore expensive hardware for Web site operators. But SSL/TLS, the encryption standard underlying HTTPS, “is not computationally expensive any more,” Google security expert Adam Langley argued back in 2010. “Ten years ago it might have been true, but it’s just not the case any more. You too can afford to enable HTTPS for your users.”

Snowden’s revelations helped marshal more allies to Google’s cause.

For example, the Electronic Frontier Foundation (EFF), an advocate of personal freedoms on the Net and outspoken critic of government snooping, has advocated HTTPS for years. But it increased its efforts after Snowden’s leaks.

The EFF and partners including Firefox developer Mozilla, network equipment maker Cisco Systems, and content distributor Akamai Technologies launched a project late last year called Let’s Encrypt to make it easier for Web site operators to move to HTTPS. Specifically, Let’s Encrypt will offers free certificates, the electronic credentials required to encrypt a Web site connection.

Mozilla support

Another ally for Google’s HTTPS plan is Mozilla.

“In general, this proposal seems like a good idea,” said Richard Barnes, the nonprofit organization’s cryptographic engineering manager. “Adding security to the Web is a core part of our mission…We strongly support the deployment of HTTPS as widely as possible.”

He specifically supports one facet of Google’s proposal: that warnings be shown starting when HTTPS-encrypted Web pages become more ordinary. Being more aggressive could cause confusion and other undesirable side effects.

“We wouldn’t want to turn on a warning light that’s on all the time — that just trains users to ignore it,” Barnes said. “An indicator of HTTP being insecure should be thought of as a way to move the state of HTTPS from ‘dominant’ to ‘universal,’ not from ‘bare majority’ to ‘universal.'”

Speed bumps and stop signs

Yandex, a Russian search rival to Google that now also offers a Web browser, sees user privacy and security benefits to Google’s plan, but it has its own ideas about warning users about unencrypted Web connections.

The Internet industry isn’t ready to deliver HTTPS connections at the scale they deliver HTTP connections today, said Anton Karpov, Yandex’s head of information security. Web site operators have to worry that HTTPS connections are sometimes blocked in areas like airports and that, contrary to Google’s position, HTTPS does require beefier hardware to handle the encryption calculations.

Another hitch is the content delivery network (CDN) business, in which companies armed with global network capacity and servers help Web site operators distribute their content the world over. CDNs can offer HTTPS connections — but they often charge a premium.

Outside the tech industry, there’s another kind of opposition. For example, in January, UK Prime Minister David Cameron pledged to ban encrypted communication software that’s unbreakable by the government in order to more effectively combat terrorism.

Web encryption could help thwart legislative ambitions to ban smartphone apps whose encryption comes with a government-accessible back door. For example, a person could point a browser at an encrypted online chat site in a different country.

Overall, the momentum toward encryption is powerful, as seen in Apple’s decision to encrypt data stored on iPhones and iPads and Google’s parallel move with its Android mobile operating system. New network technologies, including Google’s SPDY and its related standard HTTP/2, will in practice require encryption in some common instances.

Moving to an encrypted Web won’t happen quickly, but Google has momentum on its side.


Read Full Post »

IN 2010, when builders were excavating the site of the former World Trade Center in New York, they stumbled across something rather unusual: a large wooden boat, later dated to the 1700s.

Hitting archaeological remains is a familiar problem for builders, because the land they are excavating has often been in use for hundreds, if not thousands, of years.

Democrata, a UK data analytics start-up, wants to help companies guess what’s in the ground before they start digging. Using predictive algorithms, their new program maps where artefacts might still be found in England and Wales, in order to help companies avoid the time and cost of excavation. “It’s an expensive problem to have once you’ve started digging,” says Geoff Roberts, CEO of Democrata.

Archaeological services can amount to between 1 and 3 per cent of contractors’ total construction cost. “We wanted to bring data science in as an added tool, so humans involved in the process could use it to understand what would likely be found,” says Roberts.

The Democrata team scoured documents from government departments such as the Forestry Commission, English Heritage and Land Registry to find out what the land was used for in the past, for example, and about known archaeological sites. This included “grey literature”, the massive set of unpublished reports written by contractors every year.

With the aid of a supercomputer, they developed models that can pinpoint where treasures are likely to be hidden underground. For instance, land close to water, tin mines or sites of religious significance was ranked more highly than land elsewhere. Other factors like the local geology, animal and plant life also contributed to the score.

This week, Democrata will present the program to engineering companies and the government to hear their feedback.

Henry Chapman at the University of Birmingham, UK, says the tool may impede new discoveries in archaeology. “If you think about the number of archaeological fieldwork excavations that take place purely for trying to find out about the past, that’s a very small amount compared to all of the excavations done before commercial development,” he says.

This article appeared in print under the headline “How to avoid buried treasure when you dig”

Read Full Post »


Read Full Post »


Read Full Post »

Millions of men are believed to carry a string of DNA bequeathed to them by Genghis Khan, the Mongolian conquerer who reputedly fathered hundreds of children. But recent research suggests he was only one of several men whose genes can now be found in significant portions of the human population, according to an article in Nature Magazine.

Statue of Genghis Khan

The evidence for Genghis’s influence on today’s global gene pool is not iron-clad, but it is compelling—one team of scientists in 2003 found eight percent of men in 16 different Asian populations (0.5 percent of the global male population) shared nearly identical Y-chromosome sequences. Further DNA evidence traced their lineage to Mongolia about 1,000 years ago, which corresponds pretty closely with Genghis’s reign.

The Y-chromosome is a good genetic marker because it is only found in men—while a man can father several sons by chance, there is a much lower probability that those sons will go on to father large numbers of sons themselves. The probability of having many sons increases if a man and his male descendants live in a social system that allows them to sire children with a large number of women. Such systems existed in many societies around the world.

Now geneticists say they have found Y-chromosome sequences that indicate at least 10 other major genetic lineages across Asia besides Genghis Khan’s. Most of these can be traced back to periods in history when strong hierarchical structures began developing in societies in that part of the world. Those societies allowed powerful men to have many wives and concubines, increasing the chances that these genetic markers would be passed on to a growing share of the population.

The study supports previous evidence suggesting that the Great Scourge of the Steppes was not the only prolific patriarch in history. Earlier studies identified a common ancestor in the Uí Néill dynasty of Ireland, and a Chinese nobleman known as Giocangga, whose lineage was spread through his descendants—monarchs and nobles in China’s Qing Dynasty.

Read the full article in Nature Magazine.

Read Full Post »

Why do some people seem under the weather all the time, while others can share a bowl of chicken soup with a flu patient without getting the least bit sick?

It all comes down to the immune system. The strength of this hardware inside us to fight off disease varies considerably from person to person, and is affected by a number of factors, like age and nutrition. So it seems reasonable to think that genetics play a role, too. But how much of one?

Stanford researchers tackled that question in a study published Jan. 15 in the journal Cell. They took various immune system measurements in 105 sets of healthy twins, to separate genetic from non-genetic factors. They found that that while heritable factors do influence the immune system somewhat, non-heritable factors are more important.

This was not the finding the researchers expected. Mark Davis, senior author of the study, told Scientific American that his team was “surprised by the degree of environmental influence on so many components.”

One of the biggest factors was whether or not subjects had been infected with a specific virus in the herpes family. Known as “cytomegalovirus,” it is very common—between 50 and 80% of US adults have had it, though most are unaffected by it—and it had a huge impact on the subjects’ immune systems.

Whether that impact is positive or negative, though, is difficult to tease out. From Scientific American’s report:

Ultimately, it is going to depend on the individual, notes Chris Benedict, an immunologist at the La Jolla Institute for Allergy and Immunology in California. Infectious diseases and autoimmune disorders are two of our biggest killers. “It’s always a balancing act,” Benedict adds. “The immune system has to respond well to infections but not so robustly that it causes autoimmunity.”

Read Full Post »

Solar energy is definitely taking off and now researchers may have come up with the absolute best way to generate cheap solar power by installing solar panels in public parking lots…

The Washington Post reports that solar power proponents are increasingly turning their eyes toward America’s parking lots as the perfect locations for mass solar panel installations. The reasons for this are easy to understand: Parking lots taking up huge chunks of our landscape and absorb a ton of heat in hot weather. Why not put them to good use by installing solar panels over them?

The one big issue, the Post says, is that such solar panel installations are very expensive right now, much more expensive than your typical rooftop installation.

“It’s the most expensive type of system to build,” TruSolar’s Chase Weir, who rates financial risk for solar projects for a living, tells the Post. “A lot more engineering, a whole lot more steel, more labor, and therefore, it’s a relatively small percentage [of solar power]… but it is growing, and the cost to install a solar canopy today is less than the cost to install a rooftop just a few years ago.”

Even so, the potential is dazzling. Rutgers University, for instance, has a massive solar carport installation that generates 8 megawatts of power, which the Post points out is enough to power 1,000 homes.

Read Full Post »

Older Posts »