Get On, Clip In, Fall Off

For Those About To Authenticate Themselves - We Salute You

I have a lot of ideas in the shower. This is one of the sillier (but still almost plausible) ones.

The video game Guitar Hero isn't just a video game - it's also the foundation of a reasonably strong user authentication system.

People have been trying to find effective ways to authenticate users with biometrics for ages. It's now routine to see fingerprint scanners attached to machines, iris and retina scanners, and voiceprints. However, nobody has yet harnessed the power of rock as a method of authenticating that someone is who they claim to be.

Guitar Hero (and its open-source and therefore more useful for this exercise clone, Frets On Fire) is a game in which the player pretends to be a kickass rock star by playing notes on a guitar controller with 5 "fret" buttons and a bar which is hit to actually "strum" the selected note. A line of notes on an extended guitar fretboard scroll down the screen, and at the simplest level all the player has to do is to hold down the correct fret and hit the strum bar as the note scrolls across a line at the bottom of the screen. It starts out easy and gets very, very hard indeed at higher difficulty levels. Frets on Fire doesn't even need the guitar controller - it can be keyboard controlled.

What makes this interesting, though, is that every guitar player you listen to - every musician, really - will have a slightly different style. Nobody plays exactly on the beat and exactly according to the score - there are going to be individual patterns in the timings of the notes in a particular piece depending on who's playing them. Guitar Hero knows this - the player actually has a short but measurable window of time in which to play a particular note. Just measure the deviation from the "ideal" time for each note played, and you have a fingerprinting mechanism. This is similiar to the way in which telegraph operators developed distinctive "fists", enabling them to identify each other from the characteristics of the Morse they sent.

Even if someone miraculously plays every note right at the millisecond it's intended to be played, there's plenty of extra data to mix in from the timings of the players' manipulation of the fret buttons. Anyway, you definitely don't get style points in the world of rock for playing all your notes exactly in time (with the possible exception of some particularly tedious prog rock). That ain't rock and roll.

In short, it should be possible to make a reasonably good guess that someone is who they claim to be based on how they play a few of the widdly bits in Bark at the Moon. It doesn't have to be an entire piece - just a few licks will suffice. The more notes the better, obviously - just as longer passwords are more secure, rocking for longer is also more secure. Military applications and cryptoheads would probably insist on using the whole of Free Bird.

Higher levels of difficulty would also be more secure, as these involve progressively more notes and more frets. Thus, Guitar Hero practice would become a core job function for system administrators and others in positions requiring a high level of data security awareness.

There are vulnerabilities, but no more than other authentication systems. Impersonation is very difficult (everyone has their own rhythm, baby - even if you set up the sound to be identical, you can still tell if it's not Angus Young playing Back In Black), so the most obvious replay attacks would be resisted. However, this technique has unexpected strengths as well - alcohol and drugs will alter the player's reflexes and thus their timing fingerprint, enforcing sobriety requirements where these are necessary. That said, if while providing the initial sample the player is under the influence, they'll subsequently need to be drunk to be allowed to log in.

Doping and hypocrisy

I guess that most readers (both of you) won't need to be told that since I last got around to posting an update here, there have been a bunch of people expelled from the Tour. T-Mobile's Patrik Sinkewitz was the first to go after producing a positive test for testosterone in an out-of-competition test a month before the Tour began.

Then possibly the biggest shock - pre-race favourite Alexander Vinokourov produced a positive A-sample for homologous blood doping (i.e. transfusion of blood from someone else) after his time trial victory, and was slung out of the race so hard that his entire Astana team went home as well. Then the storm clouds which had been building around Michael Rasmussen ever since it was announced that he'd missed 4 out of competition tests in the last year finally burst when Rabobank withdrew him from the race, maillot jaune or not, and sacked him for having allegedly lied about his whereabouts in the week leading up to the tour.

Along with all that, a positive for testosterone from Cofidis' Cristian Moreni was almost an anticlimax, even if it did result in, yes, the whole of Cofidis booking an early flight home.

As I write this, various blogs (and Politiken, a Danish newspaper) are reporting rumours that one of the jersey holders produced a positive for something after Stage 14, but we'll have to see if that one turns out to be true. As L'Équipe doesn't seem to have anything on it, I'll remain sceptical until tomorrow.

Naturally, it's sad when this happens. It is, however, a good thing that cheats are being caught (although let's not forget that all the above are pending B-sample analyses which may still vindicate them). It's a sign that finally, the anti-doping systems are more or less starting to work. They're by no means perfect, but still, people are being caught. All of the other hundreds of tests carried out before and during this Tour have so far turned out negative, meaning that of the 189 riders who rolled down the start ramp in London, 186 haven't tested positive for banned substances. I'm including Rasmussen in that number as it's fair to do so - he hasn't, indeed, tested positive for anything, and that's important to remember.

The mainstream press has, naturally, reacted predictably (the usual 'Tour de Farce' headlines, calls for cycle racing to be banned, etc, etc). The cycling press is full of readers letters about how "I've followed cycling for 30 years, but this is the end". Dick Pound (now there's a name to conjure with) of WADA has helpfully offered to host an "anti-doping summit" to address the "crisis" of doping in cycling, after dissing cycling at every possible opportunity for the last couple of years. Everyone who has an axe to grind is grinding like crazy in the hope of getting themselves in the papers, even including Greg LeMond, who seems to be trying to set himself up as a representative of a semi-fictional era of cycling when all was lovely and there weren't dopers round every corner. Even Germany's two main public TV channels, ARD and ZDF, have got in on the act by self-righteously dropping coverage of the Tour.

What a load of bullshit. Hypocritical, self-serving bullshit. I tried to find a more elegant and poetic word to use here, but no - bullshit it'll have to be.

Why is it bullshit? Well, it's getting late and there's a lot of typing involved. I'll tell you tomorrow.

If you want to stop doping, do the testing right.

The still-dragging-on Floyd Landis case and the fact that cyclists are continuing to note chain of custody and test protocol issues today makes me sad. Patrik Sinkewitz's recent positive test for testosterone came from a session where a number of riders noted concerns about protocol and chain of custody issues on their control forms. Add to that the numerous lamentable holes in laboratory technique that arose during the Landis arbitration hearing, and it's clear that way too many doping tests and their associated analyses are being carried out using shoddy techniques. Even worse, most anti-doping agencies refuse to acknowledge this, preferring to repeatedly claim that their tests are bulletproof when it's clear that when they're being carried out in such a shoddy manner, they're not.

As an obsessive nerd, this offends me. If the lab work is shoddy or the testing protocols are dodgy then the science is bad and the evidence is bad too. Of course people who dope and cheat deserve to be caught and dealt with severely (and in all sports too, not just in cycling), but such terrible evidence handling would never stand up either to scientific scrutiny as a piece of research or in a court of law as evidence. The anti-doping agencies too often prefer to simply rely on their word being stronger than that of an athlete to get a conviction, and that's neither fair nor valid.

As with anyone accused of anything, suspected dopers deserve due process, and right now it seems they're not getting it. Due process is replaced with trial by media as test results are almost routinely leaked even before athletes and their teams have been told (Sinkewitz's result was faxed to the news agencies, for heavens' sake). This runs the risk of ruining peoples' careers and stripping them of their livelihoods and reputations just so an anti-doping agency can hold smug press conferences about catching cheats - never mind if they can be called guilty with near-100% certainty or not.

This shouldn't be rocket science. It should be possible to carry out doping controls accurately, scientifically and fairly. I'd like to present Mike's List of rules for drug testing protocols in sports which should help restore the confidence of athletes and fans alike in the ability of testing regimes to accurately catch cheats with as little suspicion as possible of false positives. Just as you don't want the innocent to be wrongly punished, you don't want the guilty to have a question mark left hanging over the validity of their test results.

1. An athlete suspected of doping is innocent until proved guilty by a positive B-sample or by a confession.
2. Until a B sample has been tested and the athlete concerned and their team have been properly informed, a positive or non-negative A sample result is confidential to the parties involved.
3. When a non-negative sample requires further investigation, it shall be treated as a negative result while enquiries are being made.
4. The chain of custody of test results shall be subject to the same control as the samples themselves. To minimise the risk of media leaks, an athlete producing an adverse test result shall be informed as soon as possible after their identity is positively ascertained following testing.
5. B-sample analysis shall under no circumstances be undertaken at the same facility that performed the A-sample analysis. Wherever possible the B-sample analysis shall be performed in a different country under the auspices of a different agency.
6. Sampling procedures, chain of custody recording and laboratory technique should be beyond reproach, and shall be held to the same well-known standards that are required for evidence in criminal courts.
7. All errors in handling and analysis shall be clearly logged and the testing process repeated where necessary, or upon request of the athlete or their agents.
8. The athlete or their designated agent has the absolute right to be present at the testing of a B sample. Laboratory and anti-doping personnel shall make every effort to accomodate this within reason.
9. No laboratory worker involved in an analysis shall ever be aware of the identity of the athlete whose A-sample they are processing.
10. Notwithstanding the above, no person associated in an official capacity with an anti-doping regime shall make any public remarks designed to imply that an individual or a number of individuals are guilty of doping offences or evading doping controls unless they are in possession of significant material evidence that this is the case.

There. Of course, they stand no chance of being enacted as this is only a random bloke's blog after all, but it makes me feel better.

Naughty riders who must be punished

So the Tour has finally hit the mountains in a big way. Fabian Cancellara surrendered the yellow jersey with good grace after holding on to it for a few days more than CSC had really planned to defend it for anyway. He surrendered it to a bewildered-looking young thing from T-Mobile, Linus Gerdemann, who was so taken aback at taking yellow in his first Tour that the next day he felt obliged to wear the yellow shorts and the yellow helmet as well just in case he forgot. This is just as well, as T-Mobile aren't going to need them this year after their leader Michael Rogers crashed out of the Tour after hitting a barrier on a descent that day. He kept riding for a while before giving up, and was found to have a dislocated shoulder. Personally, I don't think I could even stand up if I had a dislocated shoulder, let alone ride a bike. The same day, Robbie McEwen failed to pay attention to the time, finished outside the time limit and got eliminated from the Tour along with Danilo Napolitano, something which must be making Tommeke Boonen happier about his prospects for holding on to the green jersey.

Unfortunately for the long-suffering T-Mobile, Mark Cavendish climbed off the same day (not unexpectedly), then Patrik Sinkewitz hit a spectator on the ride down from the finish to the team hotel and had to abandon too. Then today, Marcus Burghardt hit an unattended labrador. He was okay and the dog was okay (there was a team car behind with a rack of spare labradors anyway, and a Mavic bike with a few yellow neutral service poodles) but his front wheel was trashed. He still finished the stage, but you've got to feel sorry for T-Mobile right now. This isn't their Tour...

In yellow now, however, is frighteningly-gaunt Dane Michael "The Chicken" Rasmussen, who stormed over the cols so hard on Sunday that he took not only the fetching polka-dot climbing jersey but the yellow jersey too. It'd be nice if he was able to defend it for a while, but the overall win may be a bit of a problem because he finds it hard to time-trial without falling off. We'll see. One thing for sure, though - the Rasmussen Group Of Pain on Sunday looked like somewhere team directors send riders for punishment if they've been very naughty and refused to apologise. He shelled out the rest of his group and just rode away at a speed alarmingly close to what I can do on the flat, leaving the pursuers weeping in his wake and radioing back to the team car to say they were very very sorry for being bad and can they come back to the peloton now, please?

As for me, the 'cycling bounce' which was hoped for in London in the aftermath of the Tour's visit has so far resulted solely in someone trying to push me off my bike today at the lethally-dangerous Albert Gate exit from Hyde Park, presumably to see if I bounced.

560 milliFabians

Now I've finally started riding my bike enough that it might hopefully be making me a bit better at riding bikes, I thought I'd try something a little different to my normal circular routes this evening. Yes, it was time trial time, but only in a vague sense of the word. For starters, I only decided to actually care about my time about 8km in, which is the kind of thing I don't think ace time-triallists do.

The idea was fairly basic - ride out for 20 minutes, then turn round and ride back again, seeing how close my inbound time was to my outbound and how far I'd got at the turnaround point. This seems like a fairly good measure of overall fitness. Not wanting to waste any more time I started working a lot harder, and 20 minutes out from home I reached the turnround point after having covered just over 10km. The journey back took eight seconds longer - 20:08 - and had some stiffer uphill digs than the outbound, so in general not too bad.

Then I looked at the numbers. My average speed over the whole ride was 30.1kph, which isn't too bad when compared with, um, grannies on shopper bikes. Fabian Cancellara's ride in last Saturday's Tour prologue was at an average of 53.74kph (although to be fair, that was a much shorter and pan-flat course with not much wind), which means that my performance today can be measured as 560 milliFabians. Maybe one day I'll break 600.

Claims Direct

I only just noticed today how appropriate it is that way too many of the adverts on Eurosport during the Tour de France are for ambulance-chasing claims firms. You know the kind of thing - "I was walking into my office and slipped on a wet floor with no warning signs. I had to go to hospital and was in great pain."

Maybe they're looking for some business from the professional cycling world. I could script some new adverts for them if they like -

"I was riding along at the back of the peloton and a spectator suddenly stood out in front of me on a piece of road which hadn't been barriered. I came off my bike, gouged my knee badly and lost my sunglasses. Accident Claims R Us helped me get back on the bike, and I got £5000 from the local council. - Mark C., T-Mobile"

"I was collecting musettes in the feed zone, and a bag got tangled in my spokes and made me crash heavily. The bag didn't carry any warnings about the possibility of this happening. I suffered severe grazing and blood loss, finished 44 minutes behind the leaders, needed hospital treatment and had to exit the Tour de France. Accident Claims R Us helped me, and I was able to get £12000 from my directeur sportif for the distress and pain this caused. -Geoffroy L., Cofidis"

"My chain slipped with no advance warning and made me lose my balance, causing me to crash. I had to wear out my entire team getting back to the back of the pack, spent hours in hospital, and started the next day's stage looking very silly with both knees heavily stitched and bandaged. The pain was tremendous, but worse, the honour of Kazakhstan was damaged and I may now not be able to win the Tour de France. Accident Claims R Us were happy to help me, and I got £8000 from Campagnolo for the distress this has caused me and the Kazakh people. -Alexander V., Astana"

Le Tour, so far

Avoiding all the usual "wow, the start was in London" stuff that would be expected here (and well, it was a weekend of great cheer for the capital and for Kent) the Tour has been pretty spectacular so far this year. Much of this spectacular has been down to Fabian Cancellara, whose demolition of the competition in the Prologue was only the beginning - he and CSC have worked hard to defend the yellow jersey over this first week. It's by no means standard for the winner of the Prologue to hold onto yellow for more than a couple of days, and to see the race leader attacking and taking stages for no reason other than, well, wanting to is great. It's dull, dull, dull (sorry, Lance) when taking and holding the race lead is seen simply as an exercise in mathematics.

The sprinters have put on a good show too - Robbie McEwen coming back from a nasty crash 20km before the end of a stage, getting back onto the back of the peloton and then working his way through to surprise Boonen and Hushovd with a mighty sprint out of nowhere was an awesome thing to watch, and I'm sure the people of Ghent were happy to see a Belgian one-two at the finish there after Tom Boonen... well, either let leadout man Gert Steegmans win or didn't. Nobody's telling for sure. Boonen got to break out his green shorts as a result anyway, although he's now had to give them up (possibly temporarily) to Erik Zabel, who seems to have been taking sprint points since roughly the time of Jacques Anquetil.

The British riders have distinguished themselves, too - David Millar made up for his disappointing form in the Prologue by going on a suicidal break on stage 1 and ending up in the polka-dot jersey for a few days for his troubles, and as I write this Brad Wiggins is 18 minutes off the front of the bunch on a solo breakaway. It's most likely a doomed breakaway, but if the peloton doesn't fancy pursuing him then you never know - tomorrow's the first serious climber's day with the Col de Colombiere near the end, so people will be looking to save their legs. Poor Mark Cavendish hasn't had the best of times, though, not least having had a contretemps with a spectator in Kent which led to a bike change, then the next day getting caught up in another crash near the finish.

Hero of the Tour for me so far, though, has to be Cofidis' Geoffroy Lequatre. Why? I mean, he turned pro in 2004 and hasn't got a single professional victory to his name yet, and rides as a humble domestique. Yeah, but then again, this is a guy who crashed heavily in the feed zone yesterday after his wheel had an argument with a musette, scraped himself raw and was assumed to have abandoned. But no, 44 minutes after the leaders he struggled bleeding across the line while everyone else was packing up and going home. Nobody would have faulted him for abandoning on the spot, but he still made it to the finish, just because.

This was of course well outside the time limit and by rights he should have been eliminated, but the commissaires decided to allow him to start today for 'combativité extraordinaire'. He spent the night in the hospital being cleaned up and stitched and eventually didn't start today after all, but this gesture allowed him a much more dignified exit from the Tour than being simply slung out for being outside the cutoff time. Huge respect to the man, especially in a sporting world where footballers will writhe around on the floor and have to be stretchered off whenever they sustain a slight cut to the knee.

Will Boonen regain the green jersey and hold on to it this time? With Kloden and Vinokourov both suffering from injuries, who will grab yellow from Cancellara? Will Michael Rasmussen use his mysterious alien powers to levitate up the mountains again? Will Eurosport ever start their goddamn cycling coverage on time? Will David Duffield choose a combination of shirt and jacket one day which clash so excitingly that my television actually explodes? Stay tuned for the next two weeks to find out..

More comment spam

Having had a (totally justified) complaint from my hosting people about the load the comment code on this site was causing on the server, I had to disable the commenting stuff recently. After cleaning out (I am not making this up) 96000 comments from the database earlier I'm now back up and running again using Akismet to filter spam. I hope this time things will be a little less crazy...

And yeah, yeah, I know. No postings. I should probably just start going on about cycling a lot or something. That Fabian Cancellara's a class act, eh?