Category: Internet matters

Posts about the internet

More amateur cryptography

One of the oldest problems in cryptography is key management. The simplest kind of cryptographic arrangement is based on a single key used by however many parties both for encryption and decryption. This carries two big risks, however. In the first place, you need a secure mechanism for key distribution. Secondly, it is generally impossible to revoke a key, either for one individual or for everyone. Because of these limitations, public key cryptography (which utilizes key pairs) has proved a more appropriate mechanism in many applications.

Once in a while, now, you read about ‘unbreakable’ cryptography based on quantum mechanics. The quantum phenomena employed are actually used for key generation, not for the actual business of encrypting and decrypting messages. Like the use of a one-time pad, the symmetric keys produced by this system hold out the promise of powerful encryption. Of course, such systems remain vulnerable both to other kinds of cryptographic attacks, particularly the ‘side channel’ attacks that have so often been the basis for successful code-breaking. Recent examples include the cracking of the encryption on DVDs, as well as Blu-Ray and HD-DVDs.

An example of a side-channel attack is trawling through RAM and virtual memory to try and find the password to some encrypted system. When you login to a website using secure socket layering (SSL), the data sent over the network is encrypted. That said, the program with which you access the site may well take the string of text that constitutes your password and then dump it into RAM and/or the swap space on your hard disk somewhere. Skimming through memory for password-like strings is much less resource intensive than simply trying every possible password. Programs like Forensic Toolkit by AccessData make this process easy. People who use the same string in multiple applications (any of which could storing passwords insecurely) are even more vulnerable.

As in a large number of other security related areas, people using Apple computers have a slight advantage. While not on by default. if you go into the security menu in the system preferences, you can turn on “Use secure virtual memory.” This encrypts the contents of your swap space, to help protect against the kind of attack described above.

The real lesson of all of this is that total information security can never be achieved. One just needs to strike a balance between the sensitivity of the data, the probability of it coming under examination, and the level of effort that would be required to overcome whatever security is in place.

PS. My PGP public key is available online, for anyone who wants to send me coded messages. Free copies of the encryption software Pretty Good Privacy (PGP) can also be easily downloaded.

Infernal machines

Proving the adage that technology is actually driven by evil spirits who let it fail just when it is most inconvenient: the MySQL database that serves as the back-end to my wiki has chosen this morning – an hour before I need to give a presentation stored in the wiki – to go kaput. SQL failures have been an irksome occasional occurrence with GoDaddy hosting. Good thing I printed off a PDF version of the presentation before going to sleep.

Oywg, gk eygcwylw vfmfkghtamdv trzknrz utg fwbyuyq zu lf ezx dvpyu dxiggmkn – ljae tw wt jec vvq wph whv cozi sax ej bv – lwwlmme sya L srqm oip tb zxfpbum gx uckf hui vchuwzbv um pufs ntw ar wvtaiebrtvwa woro oec. Hbc, O prgw tu lpff gr gczi qp okts l pdxk hmwqt iyiveedogmsa hr kwv Ugrpvxaw Zvrtbfhs, eje cy wtvxl pgmkg nmfgl gz exivc. (CR:ISM)

OUSSG seeks new webmaster

Studying at Oxford? Interested in Strategic Studies? Web savvy? If these characteristics apply to you, consider nominating yourself to be the next webmaster of the Oxford University Strategic Studies Group. At present, I am serving in this capacity, but I will be leaving Oxford at the beginning of July.

The workload is very reasonable: uploading a termcard in HTML and PDF format once a term and then formatting speaker biographies and photos for each week of term time. Documentation that describes all of these processes, step by step, will be available. No coding skill is necessary; indeed, anyone who can run a blog can use Mambo, the content management system behind the OUSSG site. Basic knowledge of FTP use, HTML, and photo cropping would be assets.

Nominations for President, Vice-President (my other current role), and Secretary open at this Tuesday’s meeting at 8:30pm in All Souls College. Anyone interested in the webmaster position should contact any member of the executive in person or by email.

Ever upwards

WordPress Upgrade Chain:

Report bugs. Upgrades like this always make me nervous.

Papa Fly Productions and the nsn section should change over during the next couple of days, once I have kicked the tires here a bit.

[Update: 29 Jan 2007, 5:00pm] nsn portion upgraded to 2.1

[Update: 29 Jan 2007, 6:00pm] Papa Fly Films upgraded to 2.1. I was nervous about theme compatibility, so I made a full backup of the 2.0.7 install beforehand.

Climate change game

The BBC has made a free online game, in which you try to manage European policies during the next century so as to deal with climate change, all while maintaining political popularity. It is quite difficult, and perhaps not overly realistic. Dealing with energy is extremely easy (I could never even come close to selling my surplus), whereas food and water require constant management. In reality, I would expect markets to deal with food and water problems fairly easily (especially if the latter were priced intelligently), whereas large scale energy issues require government leadership. More information about the game is here.

Perhaps the greatest flaw of the game is how it deals with the popularity of initiatives. The way in which public opinion is modeled seems badly off-kilter. One would not expect to be able to get a screen at the end that says all of the following:

  • Well done!
  • Europe emitted a very low level of carbon emissions, which is likely to result in global temperatures increasing by 1.4-2.5 degrees Celsius.
  • You left the economy in ruins. Hyper-inflation and joblessness are endemic across Europe. People are starving and crime and lawlessness have taken hold.
  • You were generally liked and seemed to consider public opinion on almost all the decisions you took.

I am not sure what this ‘victory’ screen says about the BBC’s opinion on European voters, but the combination strikes me as supremely implausible. The willingness of the other world leaders to accept binding targets is also rather greater than one would expect.

Who art thou?

While more than 100 people a day consistently visit this site, less than a dozen leave comments regularly. A lot of the remainder seem to be people who search for something specific, either find it here or do not, and then depart. One recent query of the first sort: “how many chapters mphil thesis?” And one of the latter: “photo of two turkeys.” Discounting such visits, there still seem to be some silent readers out there.

I would be really curious to know a bit about those who read consistently. You don’t need to say who you are, but I would love to know where you are from and why you read this blog. Knowing that would give me a greater ability to write on subjects people care about (say, sandwich economics) and less on topics of lesser interest. I have never sought a mass audience, but I would like to please the audience I have.

People who have been silent thus far are especially encouraged to leave a note.

Blogging less of a priority

Graveyard in Oxford

Today was really busy, as most days in the immediate future seem likely to be. As such, expect me to retreat a bit from writing excessively much here. This is a somewhat anxious time, and anxiety is best dealt with in less public places.

PS. This site and Papa Fly Productions have now been upgraded to WordPress 2.0.7. Here’s hoping that more than ten days pass before they need to issue another security fix. Thankfully, the installation seems to have been painless.

Web 2.0 wandering

Muddy river near The Trout

A post on Metafilter led me to a long-winded essay about why blogging is a fundamentally cynical activity. Then, a comment on the MeFi post led me to a page that randomly generates text that sounds like a piece of postmodern criticism. It was amusing and memorable enough to add to del.icio.us. From the blog run by the person who wrote the script, I found the video to Pink Floyd‘s “High Hopes,” which looks like the recollections of someone who did far too many drugs while they were at Oxford. I recognize the type of places, but not the places themselves. It must be Cambridge.

The above is some kind of amazingly self-referential romp around some of the cleverer sites out there driven by user-submitted content. These people are the “You” that Time Magazine saluted. Collectively, the contemplation of all this technology and effort gives one a sense of trivial empowerment. It’s interesting, and it takes up time, but it doesn’t get us anywhere. At least, no more so than sitting around and listening to music. At least, in its curious way, it is a social activity.

MacWorld 2007 keynote

Peacock near The Trout

Sure Apple gets millions worth of free advertising by releasing its products in their glitzy, spectacular way. At the same time, it is hard for a geeky Mac fan not to comment.

Everyone expected Apple to announce the iPhone at Macworld, though there does seem to be more to this device than most people expected. Everyone expected it to be an iPod and a phone, in this case it has 8GB of storage, and most expected it to be widescreen. The two megapixel camera is probably pretty poor – as telephone cameras universally are – but it could be useful regardless. The biggest surprise is that the thing runs OS X, rather than the proprietary and limited systems generally associated with smartphone and Blackberry type devices. Combined with the embedded sensors (proximity, ambient light, and an accelerometer), I imagine people are going to come up with some pretty amazing hacks for these devices.

The iPhone is a quad-band GSM + EDGE phone with WiFi and Bluetooth 2.0. A lot of people probably expected it to be 3G, but this is a better move for Apple. 3G has pretty much been a disaster for everyone who bet on it. The fact that it seems capable of talking to WiFi networks is also a big plus, especially if it can be used to do VoIP in an elegant way. The fact that it does not is unsurprising, but also a letdown. I am personally looking forward to the days when mobile phones automatically form mesh networks to pass traffic between themselves. That would circumvent the need for network infrastructure for calls within densely populated places and really change the business circumstances in which cellular service providers found themselves.

The mundane issues are more what concerns me: it looks like the starting price is US$499 for a 4GB model and US$599 for the 8GB and they will start shipping in June. Those prices are based on signing up for a two year phone contract, also. There’s no way it makes sense to buy the release version, as there are usually a couple of serious flaws that get sorted out in the next version. (Not that I will be spending $600 on such a device any time in the foreseeable future.) The battery life is supposedly sufficient for five hours of talk time and sixteen hours of audio listening. If true, that is better than my iPod Shuffle, and enormously better than my old 20GB 4th generation iPod.

Like a lot of people, I am curious about whether this device will stand up to everyday abrasion better than the iPod Nanos do. There’s also no way I would even consider buying this platform before Skype or something similar can be run on it.