Category: Internet matters

Posts about the internet

The virtues of digital photography

While there are certainly benefits to film, there are also many excellent reasons for which people are switching to digital. The sensors in even the low-end digital SLRs have rather good low-light performance. They are less grainy at 1600 ISO than the sensors in point and shoot cameras are at 400 or even 200 ISO. The dSLR systems also include features like depth of field preview, mirror lock-up, and bracketing for both exposure and white balance. Also very useful are dedicated controls for things like white balance, ISO, and exposure compensation. Sure, you can set all those things through menus in most good point and shoot cameras. It is a lot more pleasant to be able to do so on the fly, while still looking through the viewfinder.

As a fan of wide angle lenses, I do find the 1.6X multiplication from small sensors annoying. That being said, dSLRs these days do come with decent kit lenses that include an appropriately altered range. And, of course, there is always the enormous value of being able to take unlimited photos without marginal cost and get immediate feedback on the results of what you are doing. Being able to consult luminosity and RGB histograms half a second after taking the photo certainly beats having to wait for processing and printing.

In short, there are many virtues to digital photography: especially to those of us who are uncertain about there we will be living in the next few years. Just like one’s personal library, shipping around binders of archive-quality negatives is an expense and a pain. Ones and zeros can be zipped around the world at a much lower price, and with less risk to the originals.

New developments in spam

Remarkably, it seems that 70% of the world’s spam emails were originating from an American firm called McColo. On November 11th, two American internet service providers cut them off from the web, leading to the huge drop in the global volume of spam. It is estimated that 90% of spam messages are actually sent by computers that have been compromised by viruses, which makes it a bit surprising that such a drop could be generated by disconnecting one firm. Clearly, it is a network that needed central direction to operate. Those that emerge as successors will probably be more robust, located in more unpoliced jurisdictions, or both.

While the respite is likely to be temporary, the situation may reveal some useful information on the practice and economics of spam. This unrelated paper (PDF) examines the latter. The researchers infiltrated a segment of the Storm Botnet and monitored its activity and performance. On the basis of what they observed and estimates of the rest, they concluded that the botnet earned about 3.5 million dollars a year by selling pharmaceuticals. While that isn’t an inconsiderable sum, I suspect it is less than is being spent by companies combatting the flood of spam messages themselves.

Recyclable packaging from Amazon

A recent decision by Amazon.com deserves to be applauded. They are collaborating with manufacturers to reduce the use of bulky and hard-to-open plastic packaging. In place, they are making products available in streamlined packaging made from recyclable cardboard.

It’s a small step, but a sensible one. It also demonstrates the degree to which big retailers can play a role in setting standards. A similar push from someone like Wal-Mart could have a pronounced effect.

Loggers and tree-huggers

HSBC has released the strangest environmentally related ad I have ever seen. Usually, environmental advertising is absurd because filthy companies like Exxon pretend to be clean, or because they horribly distort environmental science. This one is strange both because it doesn’t make much sense internally and because there is no sense in which it constitutes a genuine endorsement of HSBC. The ad is bewildering if you take the logger to be the protester’s father; it becomes a bit more disturbing if you take them to be romantically involved. Either way, the best shot in the piece is the older male protester putting away his glasses while the police approach.

John Swansburg has produced some fairly extensive analysis.

NIST hash competition

Several times, the American government has held open competitions to create new cryptographic standards. Important examples include the Data Encryption Standard (DES) selected in 1976 and the Advanced Encryption Standard (AES) chosen in 2001. As mentioned before, the hunt is now on for a new hash function. These are one-way forms of encryption that play a number of vital roles, such as making it possible to save only encrypted versions of passwords in password databases that might be compromised.

Bruce Schneier, who made an unsuccessful bid for his TwoFish cipher to be accepted as the AES, is now part of the team that has created the Skein Hash Function for the ongoing National Institute of Standards and Technology competition. The function is based around a successor to TwoFish called, unsurprisingly, Threefish. All entries must be submitted by tomorrow and will be publicly scrutinized over the next four years or so. The result should be a more secure successor to the SHA hash functions.

Contemplating netbooks

Having played around a bit with Tristan’s EEE PC, I am considering getting a netbook computer myself. My old iBook is not very portable and, while the big screen and keyboard it offers have advantages, there is considerable appeal in a machine that could be a default content of my backpack.

Do any readers have experience with particular netbooks? I would be looking for something that is tolerable for writing emails and blog posts on, and good for surfing the web. Long battery life would be an advantage, as would an operating system that does the most common tasks well.

I won’t be buying anything for a couple of months, at least, due to a bit of a financial crunch, so machines that look promising and have not yet been released are also worth mentioning.

The Code-Breakers

For those with a serious interest in the history and practice of cryptography, David Khan’s The Code-Breakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet provides an enormous mass of knowledge. The scope of the 1200 page book is vast: covering everything from the earliest ciphers to the origins of public key cryptography in detail. It is probably fair to say that the period best covered is that between the Middle Ages and the Second World War, though the sections covering the decoding of Egyptian hieroglyphics and Linear B are also detailed and skilfully written. Those interested primarily in the contemporary practice of cryptography – or those seeking a more concise text – would be well advised to consider the books by Simon Singh and Bruce Schneier on the topic.

Khan’s book excels in actually describing how various cryptographic systems work, as well as how they were broken. For the most part, his analysis is factual and dispassionate. The sole exception is in the period covering the Cold War, in which his ire against the Soviet Union and those Americans who turned into traitors for it are acute. At times, the book gets into an excessive amount of detail about the bureaucratic organization of different cipher bureaus: including lengthy sections about how various wartime bodies were reorganized. In most cases, the book does not provide much biography on the men and women involved, though exceptions exist in the case of some of the most eminent or interesting cryptographers. The book does provide an interesting discussion of the history of writing on cryptography, including the impact that major publications had on the development of the field and its comprehension within society at large. Kahn also does a good job of debunking some of the many spurious claims that have been made about ‘revolutionary’ and ‘unbreakable’ cryptosystems that people have invented: stressing how the making of cryptographic systems is a realm of abstract mathematics, while the breaking of such systems is a gritty and practical exercise.

In addition to covering the techniques of cryptography and cryptanalysis themselves, the book covers many related security issues: including physical security, invisible inks, elements of spycraft, decisions about how to use information gleaned through cryptanalysis, and the use of broken cryptographic systems to transmit fake or confusing information. The book also covers the relationships between cryptographic work and the activities it is supporting. An especially intriguing section details the efforts of the American navy to combat rum smuggling during the prohibition era. Ships with floating cryptoanalytical laboratories provided vital intelligence to interception vessels, just as other cryptanalysis had helped re-direct U-boats away from German submarines during the Second World War. The book covers an enormous variety of code systems, ranging in use and sophistication. These include diplomatic and commercial systems, high level military systems used between major installations, systems for vehicles, trench codes for those on the front lines, and more. The most abstract section of the book contemplates communication between human beings and extraterrestrials, covering questions about how we could recognize alien communication, as well as mathematical steps through which a comprehensible discourse could potentially be established.

For those interested in actually breaking codes and ciphers themselves, the book provides detailed information on techniques including frequency analysis, factorization attacks of the kind used against polyalphabetic substitution ciphers, and the index of coincidence. It also provides a lot of information on the weak ways in which cryptography is often used and the kinds of errors that have allowed for key breaks into previously unreadable cryptosystems. While it would not be especially useful for attacking modern computerized cryptographic systems, it would provide some guidance for those seeking to break into amateur or puzzle-type cryptographic challenges.

The Code-Breakers may well be the most comprehensive cryptographic history available, though it is far less detailed in its description of post-Cold War cryptosystems than some of its more concise recent contemporaries. For those wishing to gain an appreciation for how cryptography emerged, the role it played for most of human history, and the techniques that have been employed to guard and attack messages, this is an ideal place to turn.

Distributed tremor detection

Jesse Lawrence is an Assistant Professor at Stanford University, primarily interested in earthquake seismology and distributed computing. One idea has now merged the two fields: using the accelerometers increasingly commonly built into laptops and phones to make a distributed system for earthquake measurement. By having lots of sensors, it is possible to distinguish earthquakes from other forms of motion. The distributed approach also has advantages: it can provide more detailed information about extreme vibrations than delicate seismometers. It can also provide data collected at many more points, increasing understanding of the earthquake as an effect across a large area. Apparently, with appropriate signal processing, it would be possible to use the system to warn people in surrounding areas not yet affected by the quake, since the data could move more quickly than the seismic waves themselves.

Those wishing to join the Quake-Catcher Network can get the Mac or PC software online. Presumably, people in California are especially encouraged to enroll.

Keeping track of discussion threads

One of the major reasons for which I keep writing here is because of how it forces me to engage with and clarify my own thinking on important issues. One of the most important mechanisms through which that occurs is the discussions that often accompany posts.

I realize that it is awkward to keep re-visiting the same post over and over, looking to see if anyone has responded to your comment. To make it easier, there are two alternative options for seeing new comments:

  1. You can subscribe to an RSS feed of the comments. If you don’t know what that means, this guide provides an introduction.
  2. You can sign up to receive the comments daily by email.

Either way, you can keep track of discussions (as well as links to news items relating to posts) more easily.

Attacking encrypted bitmaps

Just because your photos are encrypted, it doesn’t seem that you can count on them to be totally unreadable to someone without the key. The attack only seems to work against bitmap images, so those secret JPGs, PNGs, and GIFs should be safe for now. This is because most types of files contain significantly more entropy than bitmaps. That is to say, there is a lot more redundant information in a BMP file than there is in something compressed. Even in the case of the vulnerable images, the technique can only produce “the outline of a high-contrast image.”

Once again, it proves the statement that ‘you can’t hide secrets from the future with math.’ Cryptographic attacks – and the resources available to attackers – will only keep increasing over time.