Leslie Huckfield case exposes Wikipedia’s weaknesses


Wikipedia
Wikipedia (Photo credit: Octavio Rojas)

Les Huckfield is hardly likely to be famous outside his own household, but 35 years after he was a junior minister in Jim Callaghan’s Labour government he is back in the news again today – because, now living in Scotland, he has backed Scottish independence.

The pro-independence “Yes” campaign are, not surprisingly, doing all they can to milk this endorsement: they desperately need some “Labour” support if they are to have the remotest chance of winning.

Ordinary folk might be inclined to say “Leslie Huckfield [as he now calls himself], who’s he then?” and go to Wikipedia and look him up (click the link to see).

What they get there is a short article that is pretty light on detail and does not do much to impart the flavour of his politics – having once been a strong critic of far left entryism into Labour, Huckfield turned into one of the strongest defenders of the Militant Tendency’s/Revolutionary Socialist League’s presence in the Labour Party and, reports John Rentoul, once proposed banning all car imports into the UK.

But more importantly, it completely leaves out the one thing from his time as an elected politician that Huckfield should be famous for: successfully stopping his attempted prosecution for allegedly dishonestly obtaining expenses of more than £2,500 from the European Parliament by deception.

The story of that – and why it proved important in more recent British political history – is covered in this article in the Law Society Gazette.

There is no sign, that I can see, that someone has deleted this information from the Wikipedia article and certainly no suggestion that Huckfield himself has stopped this from getting out. (Nor, I should add, is there any suggestion that Huckfield did anything improper in seeking to stop his prosecution.)

But this is a warning against relying on Wikipedia as a complete source. And it is also a reminder of why paying someone to do a job thoroughly – such as compiling an encyclopaedia – may still have advantages over relying on crowd sourcing.

I love Wikipedia, it is surely one of the greatest things to come out of the Internet – but it is not something I would rely on when it really mattered.

The nine billion names of God


English: A GIF animation about the summary of ...
English: A GIF animation about the summary of quantum mechanics. Schrödinger equation, the potential of a “particle in a box”, uncertainty principle and double slit experiment. (Photo credit: Wikipedia)

If you are an easily offended religious fundamentalist you should probably stop reading this now.

The nine billion names of God” is a famous science fiction short story by Arthur C. Clarke. In essence the plot is that some researchers complete a piece of work and suddenly notice that the world is being switched off.

A piece of whimsy, obviously. But what if it were something that could really happen (I am now risking a listing under “questions to which the answer is no” by John Rentoul)? If your scientific experiment reached a conclusion would you just let it run on, or switch it off (or maybe wait till your paper was accepted and then switch it off!)

The issue here is the question of whether or not the universe, as we see it, is in fact all just a gigantic computer simulation. As I have written before, if we accept that computing power will continue to grow without limit we are almost bound to accept it is much more likely we are inside a simulated than a real universe. Of course, if the universe was confirmed as a simulation it would make no physical difference to us (though I suspect the psychological blow to humanity would be profound), so long as nobody turned the simulation off.

Testing whether it is true that the universe is simulated requires finding a fundamental minimal size beyond which we cannot further explore the universe: this is because computing a simulation relies on the fundamental digital nature of a computer – you cannot get below one bit, however you have scaled the bits. Now, chance, God, the simulators (take your pick) have made this quite difficult via the Heisenberg Uncertainty Principle:

\sigma_x\sigma_p \geq \frac{\hbar}{2}

Where \sigma_x is the uncertainty in a particle’s position, \sigma_p uncertainty in momentum and \hbar a very small number – 1.055 x 10^{-34} Joule seconds. In most situations the very smallness of \hbar means the uncertainty principle is of no concern but once we start to reduce \sigma_x (ie look at extremely small parts of space) then \sigma_p starts to soar and the amount of energy needed to conduct experiments also flies through the roof.

But nature also gives us extreme energies for free in the form of cosmic rays and these could hold the clue as to whether the universe is grainy (hence a simulation) or smooth (at least at currently detectable sizes).

Footnote: the fundamental weakness in the argument seems to me to be the fact that computing is increasingly showing that an unlimited increase in computing power is unlikely. But if you want to know more about this I really do recommend Brian Greene’s The Hidden Reality.

So, is the MD5 weakness a real world problem or not?


My last posting – made in a hurry while I was waiting for a large SCP transfer to complete – has generated more traffic than anything else in the last month: possibly because it was mildly topical and largely because it was retweeted by John Rentoul, one of the UK’s leading political commentators and all-round good egg.

Maybe I was being a bit naive with it – because I took what the New Scientist said the US Department of Homeland Security said about the MD5 hashing algorithm – in short, it is completely broken and should not be used – and LulzSec’s claim to have cracked the Sun’s MD5 based password system and drew what I thought was the obvious conclusion – that an MD5 crack was in some way related to LulzSec’s attack on the Sun’s website on last Monday night.

But at least one person who ought to know more about this than me – forensic investigator Jonathan Krause – has taken issue with it and indeed with the whole idea that MD5 is a major security risk:

https://twitter.com/#!/JonathanKrause/status/95176137835163648

https://twitter.com/#!/JonathanKrause/status/95176336959733760

https://twitter.com/#!/JonathanKrause/status/95193690808655872

I have to admit I find this all a bit puzzling, as the web is full of stories like “brute force algorithm can crack 1.5 million MD5 hashes per second” and so on, as well as even some sites that allow you to look up previously brute forced hashes. (Of course 1.5 million per second is not a lot in a key space of 2^{128}.)

Yet on the other hand I can also find no concrete example (the disputed LulzSec crack at the Sun excepted) where someone is claiming to have made a practical use of an MD5 crack.