Category: Geek stuff

If it involves physics, math, computer science, electronics or has general geek cachet, this is the place for it.

The first rule of the internet

Against a sophisticated attacker, nothing connected to the internet is secure. Not your GMail account, not your Facebook account, not your website, not your home computer (especially if you are using WiFi), not industrial facilities, not governments.

While this may not absolutely always hold, I am increasingly convinced that the right way to treat the internet is to act as if this is so. If there is some information you absolutely want to keep private, keep it in a form that is not linked to the internet. Dig out an old computer for non-networked use or, better yet, use paper. Accept that anything you put online, even in a private email, could end up on display to the entire world.

People can certainly do a lot to protect themselves from what are essentially untargeted attacks. The people who run botnets just need control of random computers, and their attack methods are good enough to breach security on your average system. If security in yours is significantly better than average, you are probably at little risk from such annoyances. Everything changes, however, when the attacker has resources and expertise at their disposal, and they have you for a specific target. Organizations like governments, corporations, and organized crime groups have these resources, and attack techniques are always spreading to less sophisticated operators. As they say at the NSA, “Attacks always get better; they never get worse.”

Similarly, it is safest to assume that there is no mechanism that you can use to secure a non-networked computer from a sophisticated attacker. You can use encryption, but chances are they will be able to pull the passphrase from somewhere or find some workaround. If that passphrase is short, it can be defeated using brute force dictionary attacks. If it is stored anywhere on your computer, phone, or the internet, it can be found.

If you want secure encryption, use something like random.org to generate a random alphanumeric string with as many bits of data as the encryption you are using (there is little point in using 256-bit AES with a weak key like ‘AnteLope2841’. You need a key like:

xxDTAJjghYCb7YFm8zcV6YYhmgmvmNxE.

Once you have a strong key, write it down on paper, keep it locked up, and never use it for anything other than decrypting that one file.

Spying on the U.N.

In addition to describing many situations of allies spying on allies, Richard Aldrich’s GCHQ: The Uncensored Story Of Britain’s Most Secret Intelligence Agency also describes a number of alleged incidents of the United States and United Kingdom spying on the United Nations, particularly during the led-up to the Iraq War.

Aldrich describes how the NSA and GCHQ used the UNSCOM weapons inspectors in Iraq as “short-range collectors” of signals intelligence (SIGINT). He also describes the bugging of the U.N. headquarters in Iraq during that period, the bugging of the U.N. Secretariat (including Secretary General Annan’s office), and espionage conducted against non-permanent members of the Security Council before the vote that would have authorized the 2003 invasion of Iraq.

Aldrich claims that “listening in on the UN was routine” and that “in 1945 the United States had pressed for the UN headquarters to be in New York precisely in order to make eavesdropping easier”.

GCHQ: The Uncensored Story of Britain’s Most Secret Intelligence Agency

Richard Aldrich’s excellent GCHQ: The Uncensored Story of Britain’s Most Secret Intelligence Agency contributes significantly to the public understanding of the role secret intelligence agencies have played in world affairs and the domestic politics of Britain and elsewhere. From the codebreaking of the second world war to the frightening mass surveillance and data mining of the modern era, Aldrich provides a consistently interesting and informative account. Technical details on signals intelligence (SIGINT) techniques are relatively few, but the book contains a lot of new and interesting information running quite close to the present day.

GCHQ’s history

The Government Communication Headquarters (GCHQ) is Britain’s version of America’s National Security Agency (NSA) or Canada’s Communication Security Establishment (CSE). They are primarily the governments interceptors and decrypters of communications: from the telemetry data from the missile tests of foreign powers to (increasingly) the electronic records tracking the communication and behaviour of all ordinary citizens. Aldrich covers the history of GCHQ from the second world war virtually up to the present day: with long sections on the U.S.-U.K. intelligence alliance; the Cold War; progressing intelligence technologies; overseas listening stations and decolonization; terrorism; secrecy, the media, and oversight by politicians and the public; the post-Cold War era; and the modern day.

Aldrich describes an extraordinary number of cases of allies spying on one another: from the United States and United Kingdom during the interwar and WWII periods to India bugging Tony Blair’s hotel room during a Prime Ministerial visit to the considerable espionage conducted by the U.S. and U.K. against the United Nations Security Council and Secretariat in the lead-up to the 2003 Iraq War. It is safe to assume that everybody is spying on everybody all the time. Indeed, in the later chapters, GCHQ describes how private organizations and organized crime groups are increasingly getting into the game. For instance, he alleges that British banks have paid out billions of Pounds to hackers who have gotten into their systems and blackmailed them.

GCHQ also documents the collusion between private companies and espionage organizations, going back at least to the telegraph and earliest submarine cables. Right from the beginning, the owners and operators of these communication links secretly passed along data to intelligence organizations, which was used for purposes of diplomatic and military espionage, as well as to gain economic advantage through industrial espionage. Aldrich also describes how private companies have been made to build back doors into their products so that organizations like GCHQ and the NSA can crack the communications of people using them. This applied to manufacturers of cryptographic equipment in neutral countries like Switzerland during the Cold War.

Aldrich also argues that the Data Encryption Standard (DES) was intentionally weakened to allow NSA snooping, though I have read elsewhere that the NSA actually used its expertise to strengthen the algorithm. Aldrich does a good job of describing one deep tension in the current mandate of GCHQ: on one hand, it is increasingly encouraged to help private British companies like banks secure their computer and communication systems. At the same time, it tries to preserve back doors and insecure communication methods in products used by others, so as not to undermine its own espionage mandate. Similarly, Aldrich talks on a number of occasions about the tension between using intelligence information and protecting the sources and methods used to acquire it. While it may be especially damning to condemn the dubious actions of a foreign power using their own intercepted and decrypted communication, doing so inevitably informs them that you are reading their traffic. Something similar is true when it comes to using surreptitiously acquired information to prosecute criminal trials.

GCHQ contains lots of information on the spotty record of the world’s intelligence services, when it comes to predicting major events. He describes many situations where policy-makers were caught by surprise, because their spy services didn’t pass along warning. These include the Yom Kippur War, the overthrow of the Shah of Iran, the Soviet invasion of Czechoslovakia, the fall of the Berlin Wall, and others. Aldrich also describes the Iraq-WMD fiasco, what it shows about the analysis of intelligence services, and what some of its broader political ramifications were.

At many points, Aldrich identifies how GCHQ and the NSA are by far the most costly intelligence services of the U.K. and U.S. respectively. The NSA dwarfs the CIA, just as GCHQ dwarfs MI5 and MI6 in staffing and resources. This is reflective of the special importance placed on intercepted communications by policy-makers. It is arguably also demonstrative of how GCHQ has been able to use the deep secrecy of its work to evade government scrutiny and secure considerable material support.

GCHQ’s present

The last section of Aldrich’s book is positively frightening. He describes how the fear of terrorism has driven a massive increase in technical surveillance – certainly within the U.K. but very likely elsewhere as well. He describes how a 2006 European law requires telephone and internet companies to retain comprehensive records of the communications of their customers for ten years, and how the government is planning to store their own copy of the information for data mining purposes. Aldrich explains:

The answer [to why the government wants its own copy of the data] is ‘data mining’, the use of computers to comb through unimaginable amounts of information looking for patterns and statistical relationships. This practice now constitutes the most insidious threat to personal liberty. What makes surveillance different in the age of ubiquitous computer and the mobile phone is that our data is never thrown away. Machines routinely store millions of details about our everyday lives, and at some point in the future it will be possible to bring these all together and search them.

Aldrich quotes a disturbing warning from the retiring Director of Public Prosecutions, Sir Ken Macdonald GC. Macdonald warns that powers are being irreversibly granted to the state, and that “we may end up living with something we can’t bear.”

Personally, I think all this is much more dangerous than terrorism. If the choice is between tolerating a few terrorist attacks per year and building up a gigantic secret alliance between government and private companies, designed to track all the details of the lives of individuals, I would prefer the terrorism. After all, terrorist groups are weak outlaw organizations with limited resources. The state, by contrast, is massive, potent, permanent, and not always subject to effective oversight. Our fear of a few bands of fanatics (collectively far less dangerous than smoking or car crashes) is driving us into giving the state unparalleled ability to monitor everybody.

The book is similar in purpose to Matthew Aid’s The Secret Sentry: The Untold History of the National Security Agency, though I think Aldrich’s book is significantly better. I recommend the entire book to history buffs and those with an interest in intelligence or the Anglo-American alliance. The last section – on the growing power of the state in response to terrorism – I recommend to everybody.

Rail electrification and power transmission

Over on The Oil Drum there is an interesting article up on rail electrification in the United States, as a way to reduce the risks associated with climate change and the possibility of peak oil.

There are some appealing synergies that could be associated with electrified rail: in particular, the possibility of combining electric rail infrastructure with electrical transmission infrastructure. That could allow renewable projects in remote areas to be linked to the grid, as well as help with inter-regional load balancing. The more different kinds of renewable power you can combine, the easier it is to deal with intermittency. The same is true for using renewable energy sources from across a broader geographic area.

Six Easy Pieces

In 1964, Nobel Prize-winning physicist Richard Feynman gave a series of introductory lectures on physics to undergraduate students at CalTech. Six Easy Pieces is an abbreviated version, with six chapters on the essential elements of modern physics including atomic theory, conservation of energy, gravitation, quantum mechanics, and the relation of physics to other sciences.

The lectures highlight Feynman’s particular style, in that they are engaging and accessible. The book contains hardly any mathematics and – aside from one dated and strangely detailed departure into categorizing elementary particles – everything in the book should be reasonably accessible to anyone with a passing knowledge of science. At many points, Feynman identifies things that were unknown to science in 1964. Contemporary readers may find themselves wondering how much has changed in the intervening time. Indeed, it would probably be a valuable exercise for somebody to write an update. Ideally, a talented science writer like Simon Singh who could bring a talent in expression to the update that would mirror that in the individual.

Feynman does accord some space to more philosophical issues, such as defining ‘science’. He repeatedly asserts that: “Experiment is the sole judge of scientific truth” and uses that criterion to distinguish it from other kinds of knowledge, including mathematics.

The best thing about the book may be some of the elegant ways in which Feynman explains fundamental truths about the universe, and how they relate to each other. He doesn’t simply assert things like the nature of gravitational attraction or Heisenberg’s uncertainty principle, but in many cases illustrates how they arise from other pieces of known physics. For instance, Feynman elegantly explains how Kepler’s Laws on planetary motion can be elaborated into Newton’s universal theory of gravitation.

Essential Mac apps

One thing doing a clean install of your operating system does is remind you of which bits of software are most essential – the ones you can’t go long without missing.

Here’s the order in which I re-populated my Mac’s application folder:

  1. Starcraft II – the game that prompted the whole process
  2. iPhoto – for storage of digital ‘negatives’
  3. Quicksilver – application launcher and superior alternative to Spotlight
  4. TextMate – excellent text editor and coding tool
  5. Firefox – better than Safari, especially with AdBlock
  6. Skype – to keep in touch with phoneless friends

I will make note of when I install other vital apps, like Fetch (FTP program) and the indispensable Photoshop.

One distinctly nice thing about Mac OS is that, because I used Time Machine to backup and restore my user profiles, all my application preferences were preserved.

The Periodic Table

In 2006, the Royal Institution of Great Britain voted Primo Levi’s The Periodic Table to be the best science book ever written. On the basis of that endorsement, I was expecting something along the lines of a very well-written history of the discovery of the elements. Levi’s book differs substantially from that expectation; it is a kind of post-Holocaust memoir, presented in the form of twenty one sketches named after elements. Most have an element of mystery to them, usually involving an investigation of the nature of a substance or the cause of a change. Ultimately, the book feels deeply personal, set against a backdrop of very practical chemistry: the sort where a couple of men in Italy scrape together a living synthesizing pyruvic acid, or making stannous chloride from tin, to sell to small-scale mirror manufacturers.

In many ways, the one of the book is established in relation to the second world war, and especially the Holocaust. In a story focused on the dynamic between prisoner-chemists and one of their masters in Auschwitz , Levi contemplates some of the ethics of complicity:

I admitted that we were not all born heroes, and that a world in which everyone would be like him is, that is, honest and unarmed, would be tolerable, but this is an unreal world. In the real world the armed exist, they build Auschwitz, and the honest and unarmed clear the road for them; therefore every German must answer for Auschwitz, indeed every man, and after Auschwitz it is no longer permissible to be unarmed.

For the most part, however, the book meditates on much more ordinary sorts of human relationships and is full of wise observations. Describing the purpose of the project, Levi explains that:

[I]n this book I would deliberately neglect the grand chemistry, the triumphant chemistry of colossal plants and dizzying output, because this is collective work and therefore anonymous. I was more interested in the stories of solitary chemistry, unarmed and on foot, at the measure of man, which with few exceptions has been mine: but it has also been the chemistry of the founders, who did not work in teams but alone, surrounded by the indifference of their time, generally without profit, and who confronted matter without aids, with their brains and hands, reason and imagination.

At times, the abstract realities of chemistry provide solace. A compound used in high-end lipstick is most abundantly found in the excrement of vipers, but that is as good a source as any since molecules are molecules without reference to their history. Near the end, Levi tells the true story of a single atom of carbon that finds it was around the Earth – incorporated into rock and plant and animal – and explains how the story must be true, given the sheer multiplicity of carbon atoms circulating in the world.

Ultimately, that Levi excels at is the sketching of character: whether it is his own, that of the various objects of romance or curiosity he encounters, or that of compounds and the elements themselves. As such, the book is very human: a consideration of how a thoughtful person functions in a world where some conditions are established through immutable physical laws, and others through the opaque decision-making of the powerful.

CBC documentary on geoengineering

Like it or not, an increasing amount of attention is being given to geoengineering – the idea of deliberately modifying the climate system to counteract the warming effects of greenhouse gases.

On November 25, the CBC documentary series Doc Zone is broadcasting the premiere of Playing God With Planet Earth: Can Science Reverse Global Warming? According to the promotional materials, the documentary:

explores the last ditch efforts of scientists and engineers trying to avert a planetary meltdown.

As the threat of climate change grows more urgent, scientists are considering radical and controversial schemes to rehabilitate the climate. Since none of these wild—and possibly dangerous—ideas have ever been tried before, the filmmakers used a distinctive “painted animation” technique (like a “graphic novel”) to explore these futuristic scenarios.

“Human ingenuity could temporarily roll back the effects of global warming. At the same time, it could cause catastrophic damage and spark deadly political conflict,” says director Jerry Thompson.  “We’ve interviewed some of the world’s leading scientists, engineers, environmentalists, lawyers, and disaster-relief workers about the possible consequences of intentionally manipulating the climate—versus the risk of doing nothing.”

In addition to the Thursday screening on CBC television, it will be possible to watch online on the show’s website.

If readers do end up watching it, please consider leaving a comment about it here.

Instant message only passwords

Most email providers now provide instant message (IM) functionality as well. GMail has GTalk, Microsoft’s Hotmail has MSN Messenger, and so forth.

GMail accounts, in particular, are likely to contain large amounts of sensitive information. As such, it is worrisome to turn over one’s email address and password to something like a mobile phone app, so as to be able to use GTalk on the move.

I was reminded of this recently when I tried to login to Facebook Chat via Nimbuzz, an IM app for Nokia’s Symbian OS. When I tried to set up my Facebook account, Facebook warned me of how Nimbuzz would be able to access a huge heap of information about me and all of my friends. I don’t know anything about the company that makes this software: how good their security practices are, whose legal jurisdiction they fall under, how many voyeuristic employees have access to their login credential database, etc.

To reduce the level of risk associated with IM clients, I suggest that companies like Google allow users to set two passwords: one that allows access to their whole account, and another that only allows you to log into it for purposes of instant messaging. That way, if the makers of an IM client turn out to be evil or incompetent, the scope of the damage is constrained.

Small cameras versus big cameras

When I went to visit Toronto this past weekend, I had to lug a suit bag with me. The idea of bringing along my Canon 5D Mk II digital SLR (dSLR) and associated gear and lenses was too daunting, so I brought along my little Canon A570IS point and shoot (P&S) camera instead.

It has been quite a while since I used a point and shoot, so the experience felt novel to me. Those little cameras certainly have a few things going for them:

  • It can be carried in a pocket and easily held with one hand.
  • Since the camera fits in a pocket, you don’t need to constantly advertise that you are carrying it.
  • It can fit into small spaces, allowing for unusual compositions.
  • Subjects are not intimidated by such a small camera.
  • The tiny shutter is very quiet.
  • The relatively low value of the camera makes you less worried about loss, damage, and theft.
  • There are fewer condensation problems, since the smaller camera and lens have less thermal momentum.
  • The camera takes ubiquitous AA batteries, rather than expensive proprietary cells.
  • The camera can automatically detect faces, and focuses on them.
  • For a small camera, a small tripod is sufficient for long-exposure shots. It is also easier to brace a small camera on most horizontal surfaces.
  • The camera is so light, there are no problems with carrying it around everywhere, for hours.

Of course, there are a few reasons why I missed my 5D. By far the most important is image quality. The sensor in the A570IS is small and produces visibly noisy images at 200 ISO, and ones that are terrible at 400 ISO and up. By contrast, images from the 5D look very decent at 2500 ISO. Because of the superior lenses, shots taken on the 5D also look better in more subtle ways. The 5D also has a more accurate viewfinder; the shot that ends up on your memory card looks much like the one composed through the viewfinder, with minimal cropping and parallax problems.

80% of the time, the ideal option would be something that is about the size and weight of the A570IS but which has the image quality of the 5D Mk II. The rest of the time, the size and weight of the 5D would actually be preferable. In particular, all the dedicated controls spread across the 5D body make it easier to choose the ideal settings for a particular shot quickly.

Alas, for the foreseeable future there will always be the need to choose between convenience and quality.