Storing data for 1000 years

So we all know that books last a long while right?  How about its modern equivalent the CD, DVD or Hard disc?  Most of us commit a larg part of our life to digital storage these days and don't even spare a thought for how long this digital memory will last.  In the case of hard discs, 5 years might be your limit.

This then is the classic problem with digital storage – longevity.  All other problems vanish into insignificance when considering the persistence of storage. 

Our current best hope is optical media, the best of which are believed to be good for around 50 years. (interesting to think that our CD and DVD collections are more temporary than we are!)

Recently, a team from University of California Santa Cruz have come up with a system called Pergamum which uses regular hard drives to store data for a projected 1000 years.  The system, called Pergamum, uses a large number of inexpensive discs, most of which are spun down.  Persistence is created by using multiple slow sync mirrors & stripes. 

Clever caching and an even cleverer data distribution protocol ensures that data reads, writes, rebuilds and other operations make the least demand possible on the hardware whilst continuing to be power efficient.

As an example, it's estimated that a 10Petabyte system would consume only around £20 of power per year including HVAC requirements and would be capcble of maintaining that 10PB for arount 1000 years before a data loss occurred.  Pretty good methinks!

More on the announcement in this tgdaily article.

Painless Phone Call Recording

Have you ever had to make one of those calls that you wish you could record but locating the voice recording feature on your mobile or answering machine is too hard or you can’t then get the finished recording into a useable format?  This seems to happen to me about once a month.

Recently I discovered a service which makes the process of call recording extremely painless.  After registering you are given a phone number, access code and a pin. After dialling these in easy succession, you get…. A dial tone.  Any subsequent calls you make are recorded and the subsequent call recording is either emailed to you or is available for collection at the portal site.  Making multiple calls is easy as the ‘#’ acts as a break-in code to tell the system you want  to  make another call.

In pay-as-you go mode the process uses a premium rate access number and you simply pay by the minute for the call to the access number.  The onward part of the call is not charged back to you.

The service has other offerings suitable for more regular users and also features ideal for small businesses who need to regularly record outgoing calls to customers.

Additionally, it’s possible to have your own phone number for the service which then does not require the use of the access code and pin.  This also allows you to record incoming calls as you can set the service up to call you on receipt of a call.

All in all, this is a really nifty service.  Check it out at http://www.recordmyphonecall.co.uk/

Amazon Rip Off Charges Warning

The problem surrounds Amazons choice to let merchants pick their own shipping costs and the poor way in which Amazon makes those charges visible to the customer.

In essence, when you search for a product and Amazon returns the result, you never see the P&P charges that will be applied.

The important point here is that unlike eBay, who show P&P charges right on screen with the search results, it’s impossible to compare suppliers shipping costs on Amazon.

Try this for yourself: Go to Amazon and try to buy a 1 gig Micro SD card.  Attempt to predict how much you will pay based on the returned results.  You can’t because the merchants are all dropping the product price and pumping the P&P cost to such an extent that on all the first few pages of results, the P&P cost will double the price you pay.  Worse is that you can’t even find out what the shipping price will be.

The end effect of this problem is that it’s nit possible to trust any purchase on the Amazon Store.  TurboTas advice is to go use eBay so that you can see upfront how much you will pay.

Dumb Company of the Year is Ford and we are still in January!

Winning the both the Dumbest Company of the Year award and the Shoot-yourself-in-the-customer award so early in the year is a 1st, but I'm pretty sure that this is not going to get beaten this year, so I duly announce the Ford Motor Company to be the Dumbest Company of 2008 in the whole universe.  While I'm at it, they win next year and last year too.

It all started when the 9000 member strong Black Mustang Club decided to make a calendar of their cars.  these are the guys that Ford makes it's cars for.  Guys that cherish and enthuse about cars all day.

The members duly photographed, cropped touched and generally toiled on collecting a great showcase of their wonderful black mustangs and submitted the artwork to CafePress for making into a calendar for sale to BMC members.

The problems started immediately: CafePress notified the group that Ford legal tits had contacted them to block the publishing of the calendar.Get this: Ford claim that they own all representations of Ford vehicles in any photograph ever published and that no photo of a Ford may ever be used by anyone ever without their say so.  So there.  CafePress were worried enough by Ford hounding them that they have complied with the request and you cannot now get CafePress output with ford cars at all.

Hilarity ensued with around 9000 Mustang owners suddenly realising that although they have the car of their dreams, it’s a dream manufactured by probably the most tainted and evil company in the world.

A ford spokesman today suggested that any car owners wanting to take pictures of their cars should buy a GM or BMW vehicle instead.

You may also like to think about finding a printing house that understands copyright and trademark law too!

More on this crazy trademark issue here.

Linux Good Enough for NYSE Now

According to this article, the NYSE is now running Linux on all it's core systems.  This is really great news for a number of reasons. 

Going back a bit, you will recall that Microsoft actually bankrolled part of the SCO litigation? The logic was that the Linux legal FUD would help them. 

Alas, it seems to have gone a bit Pete for MS, with a tremendous backfire.  Far from being driven into the arms of Microsoft, the NYSE has sided with the devil and decided that a non proprietarty unix like operating system is what they wanted.

NYSE have moved around 600 HP servers (yes, 600) to Linux. 

Big Mac Eaters Beware! the £128 Burger Is Here!

Yes, not content with ripping customers off on the food, McDonalds have now started charging £125 if you spend to long eating it too.  And don't think you can get away with it.  McDonalds are using high tech number plate recognition devices to make sure you get lost within 45 minutes.  Of course they don't confront you in the store, they nab your details from DVLA and the first thing you know is when you get a letter weeks later asking for £125.

Oh, and McDonalds don't go soft either, the fine Rises to £213 if you don't pay.  Would you risk your house for a Big Mac.  Nope me either!

A spokesman for McDonalds said today: "If you don't like it, don't eat at our restaurants". 

TurboTas advises you to follow the tainted arches advice and go to Burger King, who still treat their customers like….. customers!

GMD winner announced

GMD or Gross Map Distortion is the practice of making a map look completely unlike reality, normally for commercial gain.

This weeks winner is Olympic Holidays who due to the inconvienient closeness of the airport to their resorts in Kremasti and Ixia, moved the airport 10 miles down the coast.

I suppose it could be an accident.  In this day of GPS enhanced accuracy, I suppose it's completely possible to slip and place the airport down the happily uninhabited west coast of Rhodes due to an error with a slide rule, but somehow I don't think so. Check it out for yourself on our handy map!

Olympic Holidays were, unsurprisingly, unavailable for comment today. 

ABP Shenanigans – Mozilla is Satan

It is with some hilarity that I recount that the Mozilla foundation is being seen as the new Satan.  WTF I hear you ask?  Well, it's all about the failure to display advertising content using an extension for Firefox called adblock plus (ABP) which prevents ads from being displayed on the most common sites.  What it actually does is modify the pages after downloading but before display so that the user does not get to see the ads. Think of it as a popup blocker on steroids.

Well, not surprisingly, some people are a bit miffed about this.  In their version of reality this constitutes theft as the user is bypassing the revenue stream which supposedly supports the site in the first place.

Okay, so to cut it a bit short, some plum has started a one-man hate campaign about this and is advocating that webmasters use the browser UA string to block anyone using Firefox. Any webmasters mad enough to actually block Firefox users redirect there users here. Further than that, this chap has decided that the people to blame for this are the Mozilla foundation.

Not the people that install and use ad-block plus? Nope.  Not the people that write the ABP extension? Nope. How about the people that maintain and issue the filter sets for ad-block plus such as filterset G?  Nope. Maybe then the harmless and beneficient people that make the best browser on the planet for free?  Could be!

Although I can empathise to a micro extent with the affected organisation which rely on the income from the ads to support their sites, I think the point is that ad sponsored websites don't really work too well.  It's always a juggling act between in your face adverts and keeping the site useable. 

Click though rates are so low that an awful lot of people have to suffer the ad just to get that one sale.  Personally, I expect this to change a lot in the future as it becomes more aparent that ad supported surfing does not work.

This has always been an issue for TV: maximising ad revenue.  Have the TV companies got it right?  Nope, but we don't have a choice.  Every ten to fifteen minutes we go wander off for 5 minutes.   Whats the upshot of this?  TV programmes are unable to persuade you to suspend your disbelief and get into the show.  The only fix is to use a recorder and bypass the ads.

How would it be if we applied this to other media forms and claimed a moral responsibility (and these guys would also claim it's a legal obligation) to view ads?

Is it against the law to take a piss when the advert break is on in the middle of Lost?  These people are arguing that you must watch the adverts and take a break during the feature!

When you buy a newspaper,  are you legally obliged to read all the adverts, particularly the crappy ones for big slippers and hearing aids? These people think you must read all the adverts and skip the content if you run out of time.

Well what is the answer then?  Tough one that. You need to take a long hard think about why you have a website, how you fund it and whether your audience will bugger off somewhere else if you put too many ads on the screen.

What have I decided to do?  Well, I like adblock plus and I use filterset G to dump the ads.  I've stopped surfing at work because the sites I use look rubbish in IE with all the ads. I'm being serious here: soem third rate news sites do horid things like have javascript powered keywords that put up advberts on mouseover.  I can't cope with that rubbish, so I stay in my comfort zone and don't use such invasive sites from the office.

I could change the UA string on the browser or the proxy so that the webserver thinks Opera is at the other end and get around the redirect, but then why:  The Firefox embargo has been in place for a month and I've never received a warning.  I would guess that the most badly affected people are those who run Blogs and things and are using the most invasive (and therefore the most commonly blocked) ads to try and make a couple of bucks.  I seem not to use those sites.  For now I can live with the fact than someone doesn't like me 'taking a leak' when they are trying to feed ads to my browser!

In the future, if a really important site takes issue with my lack of advertising consumption and I can't read their content, like say Google, BoingBoing or SlashDot, then perhaps I'll think again and maybe take a premium feed. Or maybe I'll find another site.  Until then, I'm really greatful there are plenty of IE users reading the ads so that I don't have to.

Remember information wants to be free but the whole world want to makey money from it!

SCO look sunk. Share price plummets as key case lost

To say that it's all over bar the shouting might be a bit previous, but on Friday the judge in Novell v SCO decided in favour of Novell, meaning that SCO never owned the Unix copyrights in the first place.  This is really important as it largely pulls the rug out from SCO v IBM too.

It's not quite that clean because SCO do get to keep copyright on Mods made sinc 1995 meanting that they have a couple of bits and bobs left to  sell to unsupecting punters.

It does mean though that SCO now owe most of the licensing monies they took from Microsoft and Sun to Novell, which is nice. 

The share price says it all really: Stock lost 71% of it's value today as investers bolted for the door.  What nutters were still in at that point pretty much deserved to lose it really.

 Great news all round.  All in all the company is now worth slightly less than an empty coke can.

Linear Parking Bays: Park by the foot!

Recently I saw a Smart car parked side on in a bay and thought, what a great idea.  Wouldn’t it be great if he gets to pay less for parking and large car owners get to pay more?  Why not charge for parking by the linear foot\meter or whatever? 

So the general idea is: you mark up the road with a series of stripes asay 50 cm apart. The user comes along and parks their car.  Out they hop and count the stripes that the car covers.  They then go to the meter and pay a sliding parking charge according to the covered stripes.  Some courtesy rules would exist for example to leave two uncovered stripes between vehicles, but other than that the only thing the user needs to check is how many stripes they are covering.

Image

The great thing about this idea is that it’s really easy to charge more for larger cars: the scale could be non linear to act as a deterrent to bring large cars into town.  In general such a system would have a very cheap entry level for micro vehicles, curve to a plateau for average vehicles and rapidly rise for larger cars.

The relatively simple repeating nature of the pattern could be laid down by an automated machine rather then manually,  and the lines need not use more resource (time or material). In fact measuring would be easier as the nature of the pattern is the regular repeating nature. 

As should be obvious, the amount of vehicles which can be concurrently parked would vary with the mean size of the vehicles, but just an average should show that more cars could be parked.

Guitar Hero II Busking

Actually, I think this could work really well.  You just need a battery powered 360, a small TV and your copy of Guitar Hero II.  Look it’s a great idea.  Fortunes could be made here, trust me on this.

It’s not as if there isn’t a precedent set already set: one of the world’s leading Guitar Hero experts, Luke Albigés, performed the original game at a busking session in Leicester Square Underground station.

So go get your 360 mobile and hit some power chords on the street!

2012 (twεnti twεlv) verb

2012 (twεnti twεlv) vb (usually derogative). The act of cocking something up so badly the only sane recourse is to assume a different name, leave the country, leaving behind a disaster of such imense proportions that the only recourse is to cover it with topsoil and start again from scratch, e.g. turning up to meet the queen nude or smearing excrement on your head during a job interview.

SMS Credit Card Confirmation

It’s becoming clear that credit cards are no longer worth jack in terms of security.  The great new idea of having a verification code which is actually printed on the card itself now seems embarrassingly stupid. Widespread theft of CC details now happens on such a regular basis that we no longer even flinch when we find out that company X leaked 45 million (yes, Million) credit card numbers over a period of 2 years.

Chip and PIN (Depending on who you believe) has made a significant reduction in the fraud rate that takes place in store, but online is still a very scary place to use your CC. Additionally, even bricks and mortar retailers are having trouble implementing PCI compliant payment solutions within the required timescales. So, what can be done?  Well it occurs to me that there are now a number of things we absolutely always have with us, these days.

In terms of what you must have items are wherever you go, the credit card is a given, but the mobile phone is pretty much the most ubiquitous piece of technology on the planet these dyas.  You’re almost as unlikely to go out without your phone as you are without your trousers.

So, when you make a purchase which is NOT chip and PIN protected, Why not send an SMS authorisation code and await confirmation?  Strikes me that this would be a pretty simple step to take? The merchant code on your favourite website would need a change to allow for the presentation of a unique code.  An SMS message pops up with the unique code and all you have to do is send an empty reply.  Bingo.  The fly in the oitment here, is that the Merchant cannot hold the Mobile phone number: The Moby number has to be the one on file with the credit card company.  REalistically, this means that the CC company or Clearing house has to send the text and await the response.  This has to be the case or the fraudster will just stick in another mobile number at purchase time (Meh).

 

All in all, this is a great scheme because it’s out of band: it does not rely on details held on the credit card itself or the merchant network.  In fact, eve the credit card company network is less critical: Even the availability of Credit Card to Mobile mappings would not assist an attacker unless they had the ability to Pwn the mobile phone too.  Effectivly, it’s adding another factor to the authentication process.

 

If we make the (presently flawed) assumption that mobile phones are left strongly secured (i.e. you PIN lock it), then even the theft of your card and phone continues to protect your credit card.

 

An extra benefit is that because any purchase attempt results in an SMS message to the cardholder, the cardholder gets pretty much instant notification of a possible problem.

 

As it happens, this leads onto a question: why don’t credit card companies offer SMS on purchase messages now?  It’s an obvious step for those that want a strong connection with what their credit card is doing.

  

 

 

Antony Gormley – Event Horizon

Acclaimed artist Antony Gormley has placed 31 statues of himself in various locations in London. All of them face towards the Hayward Gallery on the south bank where he presently has an exhibition on. Check out the locations of the statues in the Steve and Toby whistle stop tour. Hint: Look Up!  The homepage for Blind Light, the Gormley Exhibition on through August at the Hayward, can be found here.

The statues are all made individually by Gormley and his team and each is made by taking a fresh cast from Gormley himself. The casting process leaves rough edges and the channels used to pour the metal are left in place giving the statues an attractive, almost unfinished appearance.

All of the statues can be seen from the sculpture terraces at the Hayward, however there are some great viewing spots around london and each of the sculptures exhibits a life of its own when viewed in its local context. 

Disproportionate response to SPAM

Yesterday I invoked a ridiculously disproportionate response to a piece of SPAM.  No I don't want to buy a Renault and I don't appreciate not having an unsubscribe option either. This email must have been harvested by buying what is euphemistically called an opt-in list.

So not only were there no unsubscribe instructions, but if you visited the Renault website, the only way to unsubscribe was to provide more information: name, address, phone number, email address and information about my current car.  All this to stop receiving rubbish!

So my disproportionate response is a simple mail filter than trashes any email with the word renault ANYWHERE in the message & a greasemonkey script that removes Renault from any text rendered in Firefox. It's now not possible to send me an email with Renault anywhere in the message. 

In my internet world, Renault no longer exists.  Perhaps one day corporates will notice that sending marketing emails without explicit opt-in permission is a no-no!

PS3 Killer Game on the Way

What seems to be shaping up us the killer game that the PS3 needed at launch time. LittleBigPlanet from startup Media Molecule is going to freak you out.  The first game to truly show what the PS3 can do. You start out with a lovely stuffed rag doll and the rest is just about up to you.  Make stuff, collaborate with others to make stuff, solve problems, whatever.

The game has a physics engine that will make you pant and everything is made from real world type materials.  Check out the screenshots over at GameSpot.

Oh.  What?  That was not enough for you.  Okay.  Well also at the GDC07, Phil Harrison delivered an awesome keynote about what we can expect from the PS3 during this year.

Obviously the primary focus is online. Later this year, PS3 Home will enter the scene.  PS3 Home is like a Second Life environment right on the console, but integrated with your games, your mates and your media.  From it you can wander around, watch movies and indie clips, listen to music, chat  with friends, change clothes etc.  in fact, just about anything you can do in a real world.

The clever bit is that Sony will integrate games experience with the virtual world experience: they'll be games within the environment such as pool, snooker or bar games.  They'll be trophy rooms to go see your acheivements (or anyone elses) for all suportd PS3 games.  Purchased PS3 games will include content items for Home such as clothing and pictures and may even include an online location to go hang out at. 

 You'll get your own apartment that you can decorate as you wish.  You can even spend cash and get a bigger Apt.  The whole lot is driven by a Physics engine for that real world feel.  You can bring in your own content: imagine putting a memory stick in the drive and loading a picture direct into a picture frame in your apartment.  And any vistors can immediately see it.

More?  No?  Okay.  Well one of the things that Sony did well with the PS2 was hardware.  For some reason the xbox was never a big add on market.  One assumes that was because MS made it just too difficult to get devices tested and supported for the Xbox.

Still No matter: Xbox loss is PS gain.  Singstar will be coming to the PS3 very soon and you can perhaps imagine the options: Sing Online, Record your attempts and share them with your mates.  Even video your best attempts.  Online rating system and review by your (ex)mates Great!

All in All, Sony are playing catchup they way they play all things: they are throwing all their best toys, tricks and tools into PS3 and aiming not just to meet the 360, but to leave it behind like it's sitting still.

Sony call the new experience "Game 3.0".  Watch out for it: it may just be the next paradigm shift in gaming! 

HD DRM Busted

Thats it.  February 11th 2007 was the day.  The DRM system used by both HD DVD formats was broken completely today.  The DRM system which cost billions of dollars and years of effort to create was sent tumbling dwon by two people in just a few days with almost no expense other than some time and some software engineering knowhow. It turns out that all thats needed to defeat the DRM system is a knowledge of the AACS standard itself. What does this mean? Simple, it means that it's now possible to extract the HD DVD video stream from the disc and back it up or burn it or whatever you want to do with it.  Any Disc.  No Key seaching needed.

For those of you that need to know:

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

The problem with Firefox…is popups!

I know this sounds crazy, but bear with me just a second.  The problem with Firefox and popups is that it's so good at blocking them!  Great at home where I don't use any other browser, but bad at the office.

The office is a nice sensible controlled environment where I can't change the security settings (or just about any settings for that matter) in the IE6 browser.  The funny think is that I'm so used to not seeing popups at home, that I often manage to click them at work just because they are convincing and I'm not used to seeing them: like the one that looks like the screensaver setup dialog or a GPF.  It's just too easy to click 'ok'.

So my point is that those IE users who get popups all day long do end up far more sensitive than us that use a more securley setup browser. 

So the moral of the story: Firefox users: take especial care when using IE at work!

Chip and Pin Teething Problems or Something Deeper?

If you've tried to purchase petrol at a Shell station with your credit card over the last few days, you may have been surprised when the shopkeeper put the receipt on the counter and asked for your signature. In fact, Shell has withdrawn Chip and PIN from all their non franchised stores in the UK over a potential £1M scam.

If you believed the advertising campaign surrounding Chip and PIN, you'd be forgiven for thinking that the scheme is supposed to bar far less fallible than plain old signatures. Alas, all is not that simple.

Presently, it's believed that the POS terminals used in some stores have been tampered with to record the pin numbers of a massive number of customers. This information has presumably subsequently been used to withdraw cash or make purchases.This is a bit scary: The central Chip and Pin guys accredit every terminal model prior to its use in the field. They are supposed to be tamper proof and stop working if any attempt is made to muck around with them, such as to persuade them to record pin numbers.

Of course, in real life the Chip and PIN POS terminals have become so ubiquitous that many will undoubtedly find their way into the hands of that element of society that would probe them and find a way around the anti-tamper mechanisms built into the device.

The point here is that you don't really _need_ to fiddle with a terminal: It would be quite easy to produce a device which sat on top of the authentic device whilst recording everything the user does and just passing the signals on to an authentic terminal. This would be executed in much the same way as the card skimming devices that get fitted to ATM machines from time to time.

Indeed, take this a step further, in a hypothetical attack, imagine a POS terminal that routes the signals to an accomplice in a different store: when you type in your pin, you are not paying for the petrol at all but for a £2000 plasma TV. The beauty of this attack is that you never know.

Use of such a device would probably require cooperation of local staff, but there will always be ways to buy staff.

There are some pretty advanced techniques around for getting the PIN number and it's not difficult to see that any of these could aggregate to a powerful attack. Remember we only have 9999 different PIN Numbers (Actually, it's less than that but lets not do that discussion now).

1) Key timings
Use of the timings between key presses to predict what the number might be. Get an audio recording and feed it thorough a filter to detect the exact timings between the keys… Compare with statistical averages and guess the pin.

2) Key sounds
On some terminals, it's possible to detect slight differences in the sound made when the key is pressed.

3) Social engineering.
It's amazing how many people will give you one digit of their PIN without much prompting. Finding out about the target may give away valuable information: Phone numbers, dates of birth, anniversaries. Lets face it, most people use a PIN number than means something to them.

4) Shoulder surfing

5) Non intrusive tampering with the Terminal (Dusting the keys for example). This would give you 4 digits with only about 24 permutations: Not a bad reduction from 10,000. In conjunction with technique 1 or 2 you might get a 90% hit rate.

Defences

The best defence I can come up with is

1) Soft keys. I've seen these on high security door locks. Each key has an LED digit on it. The idea is that when the credit card is inserted, the keys re-arrange themselves in a random pattern, so that rather than

789
456
123

The pad might look like this…

697
198
324

The obvious idea being that this counters shoulder surfers and other techniques involving studying the equipment non-intrusively. The key displays would be pretty directional so the chap standing next to you can't see them.

Well you clearly need to think hard to use this and it's no good for the visually impaired, but you can easily see the benefits of such a system.

Even when you consider the slower number entry due to the thought required this scheme has tremendous potential, although it should be noted that many people remember their PIN by position on the pad and not the actual number itself.

It's interesting to note that all attacks on Chip and Pin are likely to be based around getting to know the PIN. 4 digit numbers are considered quite adequate as secret passwords: 10000:1 odds are good enough to be considered unguessable.

As a final thought, consider the legal position of Chip and Pin. Presently, the banks are claiming that anyone complaining about phantom withdrawals is probably lying. This is the default position. They have won court cases and continue to do so daily where they simply state that the burden of proof is on the customer to show that the transaction was not undertaken with their knowledge. They simply claim that the customer gave the PIN number away willingly.

The problems we have talked about today are all related to a wired device which _should_ be easier to secure. Consider the challenges facing wide scale RFID implementations such as the national ID card.

Expect more articles on this interesting subject soon.

Save of the Century

Being an IT professional, I have to hang my head in shame and admit to you that I nearly lost data today. I was resigned to restoring from the last full backup I took, which was ages ago. In the end a last ditch attempt came to fruition.

It all started innocently enough with the upgrade of the main server from FC3 to FC5.  I hate upgrading TurboTas so much that i missed out FC4 completly.   The upgrade began and (as with FC3), the installer baulked at my lvm drives.  not at all of them, just the striped 160s.  I guess this happened coz i use them native, not with any partition table. 

The installer warned me that it wouldzero the partition table on hdc and hdd if i continued.  I selected cancel and the install proceeded anyway.  Lo and behold, after the upgrade Linux booted fine but no LVM on the two big drives.

All LVM tools suggested that there was nothing LVMish about the two drives which left me a bit stumped.  The net was symathetic, but no actual help.  I tried vgrestorecfg, but this reported that the vg memebers were not correct.  In desperation, I wrote new signatures to the PVs using pvcreate.  I had to use -ff as lvm already thought they were in a vg.  

Next I tried the vgrestorecfg tool again, but now was told that the signatures were wrong.  In desperation I edited the backup file and changed the drive signates to those now reported by pvdisplay /dev/hdc and hdd.  Amazingly, vgrestorecfg worked. 

A few minutes later and I had mounted the drives and discovered that I seem to have lost nothing at all other than a few clumps of hair. 

The lesson, dear readers is to do those backups even if they are manual and a pain in the butt.  I've had my warning: you may not be so lucky.