Category: Geek stuff

If it involves physics, math, computer science, electronics or has general geek cachet, this is the place for it.

You think you’re so clever, but you forget about the VAT

So much for saving money by using price differences between the US and UK version of Amazon. Today, I received not my headphones, but the duty bill for them:

Cost of headphones from Amazon.com: US$75 (C$85) (£40)
Shipping from USA to UK: US$26 (C$29)
UK Value Added Tax: £12 (C$25)
UK Parcelforce Clearance Fee: £14 (C$30)
Total: C$169 (Ack! Ack!)
Delivery time: about five weeks

Cost on Amazon.co.uk (with all taxes and shipping): £74 (C$156)
Delivery time: 4-6 days

In any case, I suppose I will cycle the five miles or so out to Kidlington (where the depot is) to pick them up either after my tutorials today or tomorrow. Many thanks to Jessica for her help with the ungainly trans-shipment process above.

The moral of the story: ye who think you can get $160 headphones for $85 are probably mistaken.

[Update: 9:01pm] I rode the six and a half miles to the pickup depot. I paid the $100 in taxes. I put in the headphones with the flanged eartips… and was disappointed. It sounded more precise than the default iPod earphones, but not enormously better. An hour later, I tried the foam eartips and I understood. Tori has never sounded more astounding. If it keeps up for a few years, the Etymotic ER6i headphones will have been worth every cent.

[Update: 2 August] It should be further noted that the Etymotic customer service people are unusually polite and helpful. I wanted to order the larger flanged tips to see if they work as well as the medium foam tips. There was no time spent on hold at all, and I was immediately put in touch with someone who is going to send me the large flanged eartips internationally for free. Such things are always pleasant surprises.

[Update: 8 August] I got the larger and smaller alternative eartips for the Etymotics today. The large flanged ones work much better than the normal flanged ones, but don’t sound quite as good as the normal foam eartips. That said, the normal foam ones get somewhat gross quite quickly and are hard to clean. I think I will mostly stick with the large flanged eartips.

[Update: 30 January 2007] I had a few minutes of abject panic today, when it seemed that the right earbud in my pair of excellent but expensive Etymotic ER6i headphones had dropped to 10% of its original volume. I had been listening for a few straight hours, working on a paper, and found myself wondering why the song I was listening to was so biased to the left. Thankfully, when I called their very helpful tech support people, we realized that it was just a clogged filter. I replaced it with one of the replacements included in the original set and all is well. (Actually, the right side is a bit louder now, but the filters are $2.50 each and I should wait until the other is more clogged).

Something to try over the weekend: cryptography by hand

For about three and a half hours tonight, I awaited essays from next month’s tutorial students in the MCR. Having exhausted what scaps of newspaper were available, I fell back to reading a copy of Dan Brown’s Da Vinci Code, abandoned by some departed grad student.

Two hundred and sixty pages in, and unlikely to proceed enormously further, I note somewhat pedantically that there have been no codes presented. At best, there have been a series of riddles. The book would be interesting for its historical asides, if I could consider them credible.

Rather than go on about that, I thought I would write an incredibly brief primer on how to actually encrypt a message:

Crypto by hand

In the next few paragraphs, I will show you how to use a simple cryptographic device called a transposition cipher. If you really want to learn it, follow along with a pen and paper. As ciphers go, it is very weak – but it is easy to understand and learn. For starters, we need a secret message. The following is hardly secret, but it will do for a demonstration:

“DAN BROWN IS A DUBIOUS HISTORIAN”

Next, we need an encryption key. For this type of cipher, we need two or more English words that do not use any letter more than once. It is quicker if they have the same number of letters, but I will use two with different numbers of letters to demonstrate the process:

“DUBLIN PINT”

Write the first word of the key onto a piece of paper, with a bit of space between each letter and plenty of space below:

“D U B L I N”

Now, add numbers above the letters, corresponding to their order in the alphabet:

“2 6 1 4 3 5
D U B L I N”

Now, add your message (hereafter called the plaintext) in a block under. If necessary, fill out the box with garble or the alphabet in order:

“2 6 1 4 3 5
D U B L I N
D A N B R O
W N I S A D
U B I O U S
H I S T O R
I A N A B C”

Note how each word of the first keyword now has a column of text underneath it. Starting with the first column in the alphabetical ordering (B, in this case) copy out the column, starting at the top, as a string of text. Make sure you understand what is happening here before you go on. The first column, read downwards is:

NIISN

Now, add to that string the other columns, read from top to bottom, in alphabetical order. You can leave spaces to make it easier to check:

NIISN DWUHI RAUOB BSOTA ODSRC ANBIA

Clearly, each column section should have the same number of letters in it. Make sure you’ve got the transcription right before going on. Note that the string above is the same letters as are in the original message, just jumbled. As such, this system isn’t smart to use for very short messages. People will realize fairly quickly that “MKLLINAIL” could mean “KILL MILAN.”

Moving right along…

Take the strong you generated a moment ago, and put it into a block just like the one you made with the first keyword, except with the second keyword. This time, if you need letters to fill out the rectangle, make sure to use the alphabet in order. You will need to remove the excess letters when working backwards to decrypt, so you may as well make it easier.

“3 1 2 4
P I N T
N I I S
N D W U
H I R A
U O B B
S O T A
O D S R
C A N B
I A A B”

Now we have the message even more jumbled. The final encryption step is simply to copy each column in that grid out, from top to bottom, in alphabetical order according to the second keyword:

IDIOODAA IWRBTSNA NNHUSOCI SUABARBB

Note: the shorter the key, the longer each column will be. The above string is your encrypted text (called cyphertext). This final version is a jumble of the letters in the original message. Remove the spaces to make it harder to work out how long the last keyword is. If you like, you can use that put that string through a grid with another word. Each time you do that, you make the message somewhat harder to crack, though it obviously takes longer to either encode or decode.

To pass on the message, you need to give someone both the cyphertext and the key. This should be done by separate means, because anyone who has both can work out what kind of cipher you used and break your code. The mechanisms of key exchange and key security are critical parts of designing cryptographic systems – the weakest components of which are rarely the algorithms used to encrypt and decrypt.

To decode it, just make grids based on your keywords and fill them in by reversing the transcription process described above. I am not going to go through it step by step, because it is exactly the same, only backwards.

If anyone finds out about the credibility of Mr. Brown’s historical credentials, it won’t be my fault.

One word of warning: this system will not keep your secrets secure from the CIA, Mossad, or even Audrey Tautou. This cipher is more about teaching the basics of cryptography. If you want something enormously more durable that can still be done by hand, have a look at the Vignere Cipher.

PS. It is rumored that this very blog may contain a tool that automates one form of Vignere encryption and decryption. Not that it is linked in the sidebar or anything…

[Update: 27 July] Those who think they have learned the above ciper can try decrypting the following message:

BNTAFREEHOOI-LTOSIRISOTWD-FTNWAOEYSOXT-ERASEAAAKGVE

The segment breaks should make it a bit easier. The key is:

SCOTLAND HIKE

Good luck, and please don’t post the plaintext as a comment. Let others who want to figure it out do so.

Strange and annoying WordPress bug

I am abandoning the What You See is What You Get (WYSIWYG) editor that is built into WordPress (they call it the ‘visual rich editor’). It has the extremely nasty habit of randomly inserting literally hundreds of [em] tags and [/em] tags into pages with complex formatting, such as my academic C.V. Usually, it closes every tag that it randomly opens, so the formatting isn’t visibly affected. As soon as you try to change some small thing, however, everything goes insane. Going back through and fixing all of these mangled pages is a big pain.

WordPress also has serious trouble dealing with [p] tags and line breaks.

I hope the cause behind this was identified in the recent bug hunt and will not trouble people after the next major release.

Essential free Mac software

After a year of using a Mac primarily, I have come to appreciate this excellent operating system. I have also come to understand some of the gaps in it, particularly insofar as the software and tools that it includes are concerned. The following, then, is my short list of essential (free) Mac programs. Naturally, they are geared towards the kinds of things I personally do all the time.

1) Adium – instant messaging program

The MSN Messenger client for Mac is quite terrible. It is unstable and badly out of date. The freeware program Adium talks not only to MSN, but to AIM, ICQ, Google Talk, and many other instant messenger services. You see one contact list for people on all the services you’ve listed and the software works well and in a stable fashion.

Make sure to get the Hobbes icons. The one of him dancing, to indicate the presence of a new message, is especially endearing.

One word of warning, all the different preferences can be a bit daunting when you start out. Leave them on the defaults and don’t worry about them.

2) Fetch – FTP client

An FTP program essential to anyone who runs websites. This one is much less temperamental than Cyberduck, which I used for many months before being introduced to this superior alternative. You can apply for a free educational license on the Fetch homepage.

3) Firefox – web browser

Hands down the best web browser for any platform, the Mac version of Firefox is an essential item. I hang on to Safari because it sometimes runs complex Java more reliably than Firefox does (I am thinking specifically of the photo upload script for Facebook). I hang onto Opera because the built in bittorrent support is very useful. With those caveats, Firefox is what I use 99% of the time. At a later point, I should write a list like this of the essential Firefox extensions (SessionSaver, AdBlock with Filerterset.G, and Flashblock come to mind instantly).

4) Google Earth – interactive atlas

Not essential, perhaps, but free and definitely great fun. The built in demonstration tour is worth a look. It shows off the terrain mapping nicely with Mount Saint Helens.

5) jEdit – text editor

Even with MS Office installed, there is no program in Mac OS that can cleanly edit files that must be text only, without formatting. I am talking about things like manually editing HTML files, PHP scripts, htaccess files, and the like.

6) KisMAC – wireless network detector

Particularly if you are running Tiger (OS 10.4), this free utility is helpful for dealing with wireless networks in more sophisticated ways than are possible using the WiFi implementation built into the OS.

7) MacJanitor – maintenance program

If you have a laptop that you leave closed or in sleep mode when you are not using it, chances are some of the timed maintenance scripts that are meant to run under Mac OS are never doing so. By default, they run in the early morning, but that will only happen if your computer is on. This program lets you run them manually, a good idea for maintaining system performance.

8) Password Safe – password utility

The Java version runs under Mac OS and is very helpful for keeping track of the passwords of things you use quite rarely. It is better than Keychain because you can install the Java version on a USB key and then use it on Macs, PCs, and Linux machines.

9) Remote Desktop Connection – system tool

I have no idea why this is not included by default in the operating system. Either this or one of the open source equivalents is necessary to connect to Windows based terminal servers.

10) Skype – VOIP program

Particularly if you have a Mac laptop with a built-in mic, Skype is an exceptionally convenient way to keep in touch with people inexpensively. I really wish more of my friends used it.

11) VideoLAN – media player

This open source video player can deal with the widest range of file types of anything I have used on the Mac. DivX files that simply will not play in Quicktime or Windows Media Player open without trouble, and it has fullscreen mode – a feature that is bizarrely lacking in other Mac video software.

One item that I won’t put on the official list is a third party MD5 hash checker. Only people who need to check the integrity of downloaded files will need one and it doesn’t really matter which one you choose. Just don’t trust the one built into Disk Utility (at least not for .iso files).

PS. The essential non-free software is basically MS Office (OpenOffice does not cut it when you need to collaborate with people using Office) and Photoshop 7, CS, or CS2.

Summer thunderstorm and Ubuntu Linux

Today’s thunderstorm was good news for the parched lawns of Oxford: deprived in past weeks as the consequence of a watering ban. I’ve always been an appreciator of thunderstorms. I like the drama. I like the sense of immersion in nature. Naturally, it is most poignant when you are out on the middle of the lake with a canoe. Not the most pleasant or safe way to experience one, but something that everyone should try at least once.

Another aspect of thunderstorms that I appreciate is how they psychologically empower me to hunker down and feel absolutely no guilt about doing so. They are a kind of free pass from all but the most pressing of obligations. Naturally, there isn’t a lot of appeal to going outside under such conditions, so I spent the time cooking and fiddling with some computer stuff I had set aside earlier.

Warning: computer jargon ahead

Continue reading “Summer thunderstorm and Ubuntu Linux”

Little known OS X feature

People running Mac OS 10.3 or higher should try the following little trick:

Hold down Control+Alt+Apple+8 (or asterix on the number pad, if you have a full keyboard).

This will reset your monitor to grayscale and invert it. This might be useful in a room where you want to use your computer unobtrusively. Otherwise, it might just be an opportunity to show off your OS X prowess to awe-stricken masses of onlookers.

Dust to dust

Back on the 6th of February, I first noted the presence of some kind of opaque foreign matter on the sensor of my Canon Powershot A510 digital camera. Today, I examined what has taken place since.

The state of the sensor:

Note: the colour cast on the original is just because I shot it using auto white balance and tungsten illumination. The second was taken using sunlight. The general speckle pattern all over it is from the wall, not the sensor.

Both shots were taken at the smallest aperture allowed by the A510 at the shortest focal length (f/8). To me, the comparison indicates a worsening situation. There has been speculation that the foreign substance is not dust, but mold. That would be consistent with the fact that it seems to be worsening, as well as to how the problem first emerged after a period of particularly dismal and rainy weather.

Why it matters, and what to do

Shots that involve areas of solid colour as well as small apertures frequently require touching up in Photoshop to remove the blotches. Sometimes, that isn’t even possible for me. (Look near the ground, to the left of the chapel.) Cleaning the sensor would require paying a technician rather more than the value of the camera. I bought it in North Vancouver for C$273.55 (£132), which included a 512 meg SD card that can be used with a new camera. Replacing it with a comparable camera would cost less (because this model has been replaced by newer ones) and more (because everything costs more in England). The big choice is whether to replace the thing, or start putting money into a digital SLR fund.

Having a camera small enough that I literally carry it everywhere has quite a bit of value to it. Having a DSLR would probably improve the quality of photos that I put on here, but it would definitely be more of a conspicuous item to carry and use. It would also further stress iPhoto, with larger image files…

…wanders back to his reading, pondering…

Movie physics

Apparently, the physics in The Da Vinci Code are no better than the history or theology. (Though this review is more about general plausibility than physics, per se.) Let it be known that Insultingly Stupid Movie Physics is among the greatest of all websites.

The review of The Core is funny enough to be worth reading, even if you haven’t seen that awful, awful film. People making films should probably take a careful look through their generic list of bad physics. Of course, scientific accuracy may not be terribly likely to put people in cinema seats, or sell DVDs.

On password security

I was talking with Kelly today about passwords, and how they are a fundamentally weak form of security. Supposedly, we are all meant to have different passwords for every site, so that one database being compromised by an external hacker or malicious insider won’t lead to our email and other sites being at risk. Also, we are supposed to use long and complex passwords with case-changes, numbers, punctuation, etc. (Think ‘e4!Xy59NoI2’) Together, these two requirements far exceed the capability of most human beings.

The real solution is to back up passwords with something else, so that they don’t need to be so strong. This is called two-factor authentication, and it could include something like a smart card that people carry and slot into computers along with a password so as to authenticate themselves. This is already used in cars. Inside the key or newer cars is a little chip with a radio antenna. When you try to use the key to start the car, a radio message is broadcast by the car. The chip detects it, does a bit of thinking to generate a response that authenticates the key, and re-broadcasts it. Using both the physical profile of the key and the radio challenge-response authentication system, attacks based on picking locks or freezing and cracking the cylinder inside them can be circumvented. The system obviously isn’t impossible to foil, but it is substantially more difficult in relation to the additional cost.

In the computer context, such two-factor authentication could take other forms: for instance, a little card that listens to a series of tones from an external source (over the phone, or from a computer), passes them through an algorithm and emits a series of tones in response to authenticate. This is just doing with audio what a smart card does with electricity. Ideally, the second factor would be like a credit card, in that you could have it cancelled and re-issued in the event that it is lost or stolen, immediately disabling the missing unit.

Until such a system emerges, it seems sensible to have tiers of passwords. I have two really weak passwords for things that I sometimes share with close friends. Then, I have a password for low-risk sites where there is no real harm that can come from my account being compromised. Then, I have a cascade of ever-stronger passwords. Something like LiveJournal has a pretty strong password, because it would be a pain if somebody took it over. The general vulnerabilities of passwords are:

  1. Someone could guess it (either manually or with a brute force attack)
  2. Someone could watch you type it in
  3. Someone could install a hardware or software keystroke logger on a machine where you enter it
  4. Someone could break into a database that contains it, then try using it on other sites you use
  5. Someone could extract it from a program on your computer that stores them in an insecure way (like Windows screen-saver passwords, which can be learned using a simple program)

Most of these require physical access to a machine that you use. I would guess that the most common of these is number four. Given that most people use the same password for everything, some underhanded employee at your ISP or webmail provider could probably grab it pretty easily, as well as information on other sites you use. (Hashing algorithms are one way this risk can be mitigated, on the server side, but that’s a discussion for another day).

At the top level, there are things that demand a really strong password: for instance, webmaster control accounts or anything connected to money. For these, I use random alphanumeric strings of the maximum permitted length, never re-using one and changing them every month or so.

Obviously, I cannot remember these for several banks and websites. As such, I write them down and guard them. I am much better at guarding little bits of paper than at remembering random strings of data. I regularly carry around little bits of paper worth tens of Pounds, and little bits of plastic worth thousands of Pounds, if only until disabled. Indeed, I have been guarding bits of paper for well over a decade.

Official daily post

Kelly at Puccini's

This has been a weekend full of surprises: mostly good, a few bad, and one simply baffling. Much as I am inclined to respond publicly to a certain recent provocation, I know it will be wiser to simply submerge it, and allow the author to float back to sanity of their own volition, or simply remain out of sight. Not to let that dominate the paragraph, it should be strongly affirmed that life is proving satisfying and interesting at the moment – if also quite tiring. Given my 6:30am projected wake-up time tomorrow, the plan is to be asleep by midnight, at the latest. Hopefully, my neighbour with the passion for early-morning chain-sawing (seriously) won’t be to to their wood-destroying ways tomorrow.

Writingandmacgeekery

For the first time, I found a reason to consider upgrading the operating system on my iBook from 10.3.9 to some version of Tiger (10.4). Namely, a program called WriteRoom that consists quite simply of a completely black screen, onto which you type basic green text. No fonts, no spell checking, no instant messenger windows popping up. Ironic as it might be to upgrade my operating system so as to use a program with fewer features than any text editor I have ever used, there is still a certain appeal. I already use TextEdit almost exclusively for writing on the Mac; Word uses too much RAM and does idiotic things like automatically trying to insert the last names of anyone in my Entourage contact list whenever I type their first names. I type: “He drew… a blank” and it ‘helpfully’ suggests “He Drew Sexmith a blank.” Much as I like to be reminded about friends from high school, this feature is much more trouble than it could possibly be worth.

That said, a new version of OS X is meant to be coming out sometime in the next few months (Leopard). As such, I think I will probably wait until it is possible to move forward by two bounds instead of just one. Of course, doing so will probably require that I get the extra 1GB of RAM that I have been considering. Initially, I was annoyed that I would need to remove the 256MB RAM upgrade that Apple overcharged me for when I bought this computer, but it seems that the mobo of the 1.3GHz 14″ iBook can handle a maximum of 1256MB of RAM anyhow.