インターネットで広く使われてる基礎技術に重大な欠陥が見つかりました。

長らく安全だろうと信じられ、さまざまなサービスをつくるのに広く使われていたOpenSSLという基礎技術が、「実は安全ではなかった」とが発覚したのです。

まだ、その方法で何か大きな被害などが報告されているわけではありませんが、数日前から欧米では大きな問題となりテレビや新聞でも報じられています。

これにより、画面上では「・」に置き換え表示されて他の人にわからないように思えるパスワードも含め、インターネット上の多くのやりとりが、傍受できる可能性が出てきました。

もちろん、既に解決策を見つけて対処をしているWebサイトも多数あります。

ちなみに米国ではmashableというブログが、この問題によってパスワードが漏洩する可能性があったWebサービスの一覧を公開しています：

The Heartbleed Hit List: The Passwords You Need to Change Right Now
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/


こうしたところでパスワードを盗まれると、今すぐには被害がでなくても、後でドロボウがパスワードをずっと知っていることを隠しておいて、あるとき、突然、乗っ取りをしたり、モノを買ったりと悪用する可能性もないとは言えません。



また、特定のサービスが安全かを確認するWebサイトも登場しています：
Heartbleed Server Test
http://filippo.io/Heartbleed/

上のサイトは @heima さんに教えてもらいました。

山下計画の山下哲也さんによれば、楽天やAmazonなどは概ね大丈夫ですが、いくつか日本の銀行系サイトで問題が大きそうなところがあるようです。

悪用するハッカー達はこんな情報、とっくに知って、行動を起こしているのに、こうした情報を報道しないことで、知らない人達が危険な場所を危険なまま歩くような状態が続いています。

日本のマスメディアでも、そろそろこの問題を本格的に取り上げ報じるべきタイミングだと思います。


なお、ツイッターで色々な方と情報交換したところ慌ててパスワードを変更しようとすると、そのタイミングでパスワードを盗まれる可能性もあるので、該当サイトには対策が施されるまでアクセスしないでおいて、対策が施されたらすぐにパスワードを変えた方が良さそうですね。

　昨日は帰りが遅くテレビもまったく見ていないが、日本のインターネットでは小保方さんの会見と並んで、どこかのニュース番組で「司会者がパワポ（PowerPoint）を知らなかった。」ということが、そこそこ大騒ぎになっていたのをFacebookの多数の関連投稿で知った。

　「あの司会者はパワポを知らなかったのではなく、知らない視聴者のために演技をしていた」という見方もあるらしい。

　こうした投稿へのコメントとして「パワポも知らないレベルの視聴者を相手に番組をつくっているテレビはメディアとして終わっている」といった意見もあれば、その上にのっかるように「だから、もうテレビは見ない」といった意見も見かけてフト思った。

　では「こんな話を大事（おおごと）にしているインターネットは果たしてそんなに立派なメディアなんだろうか？」と。

　実際、この話自体があまり有意義な話題には思えない…

　どうでもいいことだし、普段の自分なら、この話題ごと、いつも通りスルーをして触れることもないのだけれど、こうしたことを話題にする発想が、日本のインターネットをダメにしている、と常々思っていた。いい機会なので、ブログに書きたくなった。

　件の番組については見ていないので司会者がパワポを知っていそうだったか、知らなそうだったかについての意見はない。

　ただ、もし「視聴者を意識して、パワポを知らない演技をしていた」というのが仮に本当だとしたら、それは最善の方法かどうかは別として、マスメディアの人間として当然取るべき姿勢の１つではないかと思う。

　マスメディアは「知っている人だけわかればいい」という閉ざしたオタクのニッチメディアとは違うのだから。

　世の中、すべての人がパワポを使うとは限らない、そんなことを知らない人の方がよほど「井の中の蛙」で、ひとつの業界にあまりにも深くとじこもり過ぎだと思う。
　視点が狭過ぎだ。

When 3.11 (i.e. Great East Japan Earthquake) took place three years ago, Google was very quick to respond.

A few Googlers started working on localization of Google Person Finder; it was up and running within 106 minutes after the earthquake. That was when Google has opened and announced first version of Google Crisis Response page in Japanese.
Six hours after that, the team found out, most people were still using feature phone (back in 2011) and couldn't access the web page, so they have modified Person Finder and made it accessible via Japanese feature phones.
(FYI. after Typhoon Yolanda hit Philippines in 2013, Person Finder also became accessible through SMS).

---

Another group lead by Kei Kawai started to prepare satellite photos and aerial photos of the area of damage; Kei did so after the advice of Kevin Reece, who had experience in responding to a big natural disaster and who knew aerial photos will be very important.

Before I explain further, perhaps, I need to clarify the difference between Satellite photos and aerial photos. As the name implies Satellite photos are took in space (by the Satellite) while aerial photos are taken from the sky by airplanes. Because the distance between the ground is greater, satellite photos are good enough to recognize landscape and bigger architectures, but it is not as clear in detail as aerial photos.

---

The Google team asked Japanese government for permission but they was not as cooperative as Google expected, so it took a while until Google was able to provide the first aerial photos.

In order to prevent this kind of mishaps, I will explain why you would need it.
The aerial photos are, of course, very useful for the victims and those worried to recognize how severe the damage was.
But it is not just that.

It will be used among the rescue team to recognize how they can approach the area of severe damage (e.g. which shore, which road, which landing points, etc.).
It will also be used among those rescue team to mark which areas are searched, etc.
Aerial photos can also be used by those people who are planning to build shelters.

Satellite photos may also help. But it is best, if you have clearer aerial photos.

---

After the earthquake in 2011, Kei Kawai in Mountain View was perhaps, one of the first Japanese to receive GeoEye's satellite images of Tohoku after earthquake.
By then, Google was receiving request from Japanese media for satellite images of Fukushima, but he couldn't help himself from checking the image of coastal town in Minami Soma; his wife was from there. He was so surprise to see the coastline have shifted so much but was able to recognize her wife's house was still there after the tsunami.

These images were later used used on Google Earth but Google Earth is a gigantic complex system, and it will take time to update image, and it will take further time until everyone will be able to see the image.

But Kawai, knew some people want to use the images as soon as possible. So he picked some of the best satellite images, uploaded them to his Picasa image sharing service, then created a link on his Google MyMap.
This approach was invented by some Googlers in the UK, but Kawai took over their effort.
If someone click an area on that MyMap, the web browser would display the picture shared via Picasa.

Uploading the image to Picasa had a nice side effect. People concertned about particular area was able to form community through the comment area of Picasa exchanging information or even leaving a 'thank you' note to Google.

---

Although Google wanted to take aerial photos immediately after the earthquake, because the Japanese government was not as cooperative, they had to wait for two weeks until they finally were able to start taking aerial photos; those photos were shared through Google Earth and Google Maps on March 31st, and the world saw how big the damage was.

While Kei Kawai and other Googlers were working hard to get clear photos of the damaged area in Tohoku, a Japanese car manufacturer, Honda was trying to spread an important information.

Honda has an advanced telematics services for their cars called Internavi since 1998.
One of the interesting feature of Internavi is that it can share the probe information with other Internavi users; i.e. you can share information about where your car is and how fast it is moving. With this information, driver of cars equipped with Internavi will know the average speed of cars on each streets across Japan.

Back in 2004, there was a big earthquake near Niigata Prefecture (Niigata Prefecture Chuetsu Earthquake ) and Honda's Internavi team found another interesting use of car probe information; it will visualize which roads are not working.
If you have a big disaster, roads will be closed for landslides, for fallen trees, for tsunami, etc.
And those car heading to rescue the victims will waste great deal of time figuring out how they can approach the damaged area.
But Internavi team knew which roads are dead and which roads are alive because if a road is closed there will be no records of car probe on that road.
So in 2011, Internavi team of Honda has compiled a car probe data gathered from Internavi, compiled it as a KML file (a geographical data that can be overlayed on Google Earth) and shared it via Twitter.

Many people tried to connect the guy from Honda to people at Google (I was among the many who tried it). Later, they found each other and started a joint effort and ultimately, it has become part of the many Google Crisis Response service unique to Japan.

---

This information was so useful. One of my photographer friend check this info on his iPhone and drove all the way to Tohoku.

Kazuma Watanabe is a head of an NPO who helped so many after the earthquake; Kazuma arranged a few cars full of goods heading toward coastal area where Tsunami hit. In the mean time, he stayed in Sendai and was checking the probe information and directed which road his staffs should take through phone calls.

Let me walk through how these information can be useful in action.

Let's say, you are heading to Shiogama city through a coastal highway and check Google x Honda probe information. And then, you find people are avoiding the area around Sendai Airport and Natori river.
So I would open Google maps or Google Earth and check what's over there.
And you find the bridge over Natori river were taken down by the Tsunami and gone.

---

academy hillsから送られてきた書類。
返送用の封筒の「梅」の花を見ていて、ふと気がついた。
「切手って82円だっけ？」
どうやら４月から消費税増税でそうなるらしい。

つまり、「返送が月をまたいでも大丈夫ですよ」という言葉のない気遣いの現れなのだ。
そして、返送する相手の心をちょっとなごます梅の花。
「おもてなし」は何もホテルとレストランの専売特許ではない。
日常のあらゆるところに自然と出てくるものであり、それを感じとって愛でるのが日本人の粋だ。
そして、最近ではそれを愛でる日本人のハートを持った人は、日本だけではなく世界中に誕生し、
日本を訪れては、我々が当たり前と見過ごしている小さなこと１つ１つにいたく感動している。

このことをFacebookに投稿したら、こんな返事があった。
「質量とサイズなどで切手料金シールが自動的に出力される機械が総務に」あって、それが使われているというのだ。

20世紀を通し我々は「便利さ」を「豊かさ」の象徴と、はきちがえた信仰をつづけてこうした世界をつくってきた。

先日、英語ブログでも触れた横浜美術館の展覧会「魅惑のニッポン木版画」展の最初の展示室を覗くと、江戸時代の人々が、最新技術を彩り豊かで味わいのある生活を生み出すために活用していたかを伺い知ることが出来る。

これに対し、今は技術が文化と逆の方向を向いていると感じることが多い。
常にそうだったわけではない。

アップル社は1984年に発表したMacintoshで、DTPという技術を世に広める。
これは今日のほとんどの出版物で使われている技術であり、
ある意味、アップルは今日のグーテンベルグとも言える。

スティーブ・ジョブズも、いくつかのインタビューで、そうしたことができたのは、自分が大学でカリグラフィーなど技術以外のことにも関心を示したことが影響していると答えている。

だが、一方でこのDTPが欧文の出版物から豊かな文字表現を奪った側面もある。

きれいな装飾の絵本などで使われていたスウォッシュ文字やカーニング、リガチャーと言った活版印刷時代に築かれた豊かな文字表現の文化がDTP化によって出版物から消え去ったのだ。

---

　しかし、アップルやアドビ、マイクロソフトといった会社はその状態を放っておかなかった。

スティーブ・ジョブズの不在時代も、これらの会社のエンジニアらが技術によって豊かさが失わされるなんていうナンセンスを起こしてはいけない」と必死で頑張り、今日では多くのフォントに、こうした活版印刷時代の文字表現をする技術が、かなり盛り込まれるようになった。

　翻って、これは日本だけではないかも知れないが、技術の他の領域では、便利さと効率ばかりを宣伝して、それによって失われる「豊かさ」を忘れさせ、「便利だけれど粗末」、「便利だけれどみすぼらしい」をはびこらせてしまっているものも多いのではないかと危惧している。
　しかも、多くの日本人は、一度、「便利」におかされると、粗末を当たり前のこととして身体で受け入れてしまい、そこを基準に発想をしてしまうような気がしてならない。

　技術には、それまで一部の人しか享受できなかった「豊かさ」をインスタント化して、より大勢に広げる側面がある。それは、それでいいことだ。
　問題はその後だ。
　同じコストで、かつての豊かさを取り戻す、あるいはそれを超える努力をする人がいれば、これまで我々が築いてきた文化は前進する。逆に、インスタントな状態に安住してしまうと、文化はむしろ後退してしまう。
　文化を前進させつつ、それを大勢に広げて行くことは技術者だけではできない。
　そうした文化の良さを深く知る人がいて、その人の主導の元、技術者に対して「この品質でないと認められない」といったせめぎ合いをして初めて本当に豊かで優れたものが誕生する。

　それなのに、最近の我々が住む世界は、この議論が少々欠けているような気がしてならない。
（いや、クリエイターと呼ばれている人達の世界では欠けてないように聞こえるが、大きな影響力を蓄えてきた技術の側の人達の世界では、ほぼ皆無なので、この２つの別世界がつながれば問題は解決するのかも知れない）。


　もう１つ課題がある。
　この文化の「根っこ」を失ったインスタントがはこびる社会で育った次世代に、どうやって本来の日本の美を伝え、教えていくのか。
　冒頭でも紹介したような「日本の美徳」が意味のないものとは、私にはとても思えない。
　ならば、子供たちにそうした「美徳」をどうやって伝えていくのか。おそらく日々の積み重ねこそが大事だとは思うが、豊かな感性を育めるはずの時間を受験勉強と塾に奪われ、家では疲れ果てるかゲームかスマホに没頭しているこの時代、日常で刺激のない積み重ねで本当に価値を継承できるのか。これも重要な問題の１つだと思う。

　書くだけ書いたが、私自身が筆無精で、気遣いはしても、それを実行に移せない人間なので自分への反省を込めながら問題提起させてもらった。

---

European Union, wake up!
It is 21st Century.
So don't spread bad design such as USB. It would create another century of plug/cable mess.

You shouldn't let computer manufacturers and chip manufacturers design connectors and cables. They just don't bother practicing a good design. USB is one example of that.

Before USB, we had FireWire (IEEE 1394) designed by Apple and Sony (the two exceptions of the bad-design industry). The connector of FireWire has a very distinctive shape, so the user could tell the orientation just by touching it (in the dark or behind the PC for example).

---

On the other hand, if you have a modern PCs with USB ports, you know what I mean ...
Maybe some of you have the super-power and never pushed the USB plugs up-side-down, but even if so, ask friends/family around you.
I am most certain that they keep repeating the same mistakes even as we speak now thanks to the carefully mal-designed USB plugs.

Of course, everybody person and organization makes mistakes, and you should give a chance to vindicate.
But in the case of USB? Haven't we done enough of that?
I think USB has produced generations of bad designs.

From the very first version of USB, you always have to look at the connector to tell which side is up.
Perhaps, the best design in USB history is the mini-USB port whose shape was a bit easier to distinguish.

---

And maybe because USB organization doesn't bother hiring a good designer, for the micro-USB, they just shrink the mini-USB design. But size 'does' matter. That design worked for mini-size but not for the micro-size.

Now it is a global habit for hundreds of millions of people around the world to waste time figuring out which side is up and which side is down; and thanks to the bad design, even when you are holding the cable in the correct orientation, sometime, it doesn't plug-in as smoothly as the lightning cable.

Apple, Inc. (with good designers) knew as the connectors become smaller, it would become hard to distinguish the orientation by the shape of connectors; and that is why they invented the 'lightning' cable which you can plug-in without bothering the correct orientation; you can hook the cable either way and it works.

Android users and Apple-hater should at least try the 'lightning' cable; you can still keep hating Apple, but I want you to become fair enough to distinguish a 'good design' in the area where 'bad design' has most penetration.

---

The mess with micro-USB doesn't end in the thoughtless connector shapes.
If you are an high-spec Android phone user, perhaps, you must know by now that you have to have a correct AC adapter and a correct cable to charge your phone.

While some old wall adapters only support 1 Ampere, to charge some of those high-spec Android phone, you have to have more than 2 Ampere (which by the way, is also a requisite to charge iPads).
And when you do that, you also have to have a correct micro-USB cables.
There are so many micro-USB cables that just doesn't charge those high-spec Android phones.

I wanted to write this article for so long but keep forgetting it, but today, I have decided to write it for two reasons:

1) yesterday, I had to bought a micro-USB cable because I needed to use my Android phone and it was out of battery. And that micro-USB cable didn't work.
2) in my friend's Facebook wall, I found a new Japanese gadget for those troubled by this charging problem

The gadget is called 'CHARGE DOCTOR' and if you hook it in between your charger or PC and microUSB cable, you will know if the cable is transmitting sufficient amperes (i.e. if that cable works).

---

It is a perfect example of 'necessary evil' created thanks to the bad design of microUSB.

I don't want to anger the Apple haters, but if you allow me. In order not to create this kind of mess (with bad quality cables), Apple put a chip inside the 'lightning' plug and certifying proper cables with 'Made for iPhone' and 'Made for iPad' logo.
This is how you protect the good experience of your customers.

The connectors and cable todays are not the cables and connectors of the 1990s, it is transmitting incomparably high amount of data and electrical currencies and you need careful control of it.

But USB gangs are just defining the spec and let the other manufacturers create a mess; well, to be fair with them, there is also a 'certified USB' logo, but the USB created a culture where their distributors and customers go for the cheaper cables, etc.

I still hope, USB will do a better design job with their next generation connectors and cables, but re-creating the customer culture and brand recognition is not as easy.

---

Now, there is a third reason that I had to write this article.
European Union seem to have passed a law to force all manufacturers of smartphones to stick with the micro-USB port (they are not giving USB.org to try a better design) after 2017:

geek.com: Apple will be forced to use micro USB chargers by 2017

In the beginning of this post, I wrote 'you shouldn't let computer manufacturers and chip manufacturers design connectors and cables.'
But before that, we shouldn't let government or political union regulate 'connectors and cables.'
I know European countries had made a huge mistake by making the power plugs in Europe a chaos. And perhaps, this traumatic mistake leads to this new regulation for 'connectors and cables.' But don't!

Today, the market economy will decide the standard and it is more difficult to create another mess like the European power plugs. As a matter of fact, if you look at the smartphone market, there are basically two big standard setters: Apple and USB.

If you insist in regulating it, you have to go to Apple's design because EU includes UK, France, Germany, Italy, Spain, Sweden and other countries that care for 'GOOD DESIGN."
But it is very unlikely, that Apple would open their standard. Even if they did, it will be awkward for Apple to certify competitors' phones. That's why you should 'not' regulate.

I believe designers in European countries should unite and fight this non-sense law.