Category: Internet matters

Posts about the internet

Any used computers kicking around?

I find myself with a renewed interest in setting up a VNC compatible Linux-based terminal server. I don’t want to use my existing laptop because (a) I don’t want to leave it all on the time and (b) I don’t want to expose it to possible attack from the wider internet. As such, I am looking for a fairly basic used system – PC or Mac – that someone is willing to let go cheaply. A computer that got relegated to a closet when a newer one was purchased might be perfect.

Do any readers in the Toronto/Ottawa/Montreal area have any such hardware kicking around? It only needs to be capable of running a virtual private network client, terminal server client, and web browser.

Rainbow tables

Transit archway

I have previously written about one-way hash functions and their importance for cryptography. Recapping briefly, hash functions take some data (a password, a picture, a file, etc) and pass it through a mathematical algorithm. This produces an output with two special features. First, it should be very difficult to find two pieces of data that produce the same output (collisions). Second, it should be very difficult to work backwards from the hashed version to the original. By ‘very difficult,’ I mean ‘challenging for a government with cryptoanalysts and millions of dollars worth of hardware.

Rainbow tables are a novel way of reversing hash functions. Basically, these consist of massive databases of hash and plaintext data. Rather than trying to calculate back from the hash you have to the password you want, you can use the hash in combination with the latter to get the password quite quickly. Since many applications and operating systems use hashed passwords to increase security, having access to rainbow tables could make them significantly easier to compromise.

This is just another example of how math-based security is constantly challenged by evolving technology and falling prices. Being able to afford enough storage for rainbow tables alters the security of hash functions generally. MC Frontalot definitely had it right when he argued that: “You can’t hide secrets from the future with math.”

PS. As with slugs, the best defence against rainbow tables probably consists of using salt.

Climate blogs

For those wanting more information on climate science and policy than they are getting from here, these are some blogs to consider:

  • Gristmill: Diverse, accessible, and very frequently updated
  • R-Squared Energy Blog: Written by an oil expert, mostly about petroleum and biofuels
  • RealClimate: Usually very detailed and quite technical, raw climatic science
  • ClimateEthics: Infrequent posts, but long and complex ones
  • DeSmogBlog: Fairly similar to Gristmill. Sometimes has very interesting information
  • The Oil Drum: More than you will ever want to know about hydrocarbons

No matter what your appetite for climate information in blog form, those should satisfy it.

Are there any others that people read and would recommend?

The Art of Intrusion

Ottawa war memorial

I bought Kevin Mitnick‘s book largely out of nostalgia for elementary school days involving 2600 Magazine and a phone system that still used in-band signaling. While it does demonstrate that computer hacking skills don’t translate brilliantly into writing ability, it is a quick and interesting read for security-inclined nerds.

The lesson for the general public is that decent security is very hard to achieve; there are just too many avenues of attack. When dealing with something as complex as a corporate or government network, there will virtually always be some obscure forgotten modem, some employee who can be tricked, some wireless signal that can be intercepted. Faced by opponents with sufficient time, resources, and risk aversion, pretty much any network is likely to fail.

Of course, that doesn’t mean we should throw up our hands and ignore security. It remains possible to stop many breaches, to notice the ones that happen, to limit the damage they do, and to improve our chances of catching those who pulled them off. For those whose business it is to do such things, the Mitnick book may provoke a bit of new thinking. For interested amateurs, it provides a decent glimpse into the real character of computer hacking: an activity apparently more akin to patient, precise occupations like archeology than to fast-paced daredevil stunts like those in Hackers or The Matrix. Overall, Bruce Schneier is more interesting and a better writer, but Mitnick has a lot more focus on (and perhaps more access into) the blackhat community.

Another climate resource

For those of you hunched over your keyboards, despairing at the lack of reading material on climate change available online, here is a new resource:

It is largely focused on the United States, but has at least a link or two relevant to virtually every climate change related issue or area.

Build your own traffic jam

Those interested in matters of transport and urban planning will find this Java-based traffic simulator entertaining. The model – produced by the Swiss Federal Institute of Technoloy can simulate ring roads, highway onramps, the effect of lane closures, and other things.

It definitely demonstrates the existence of tipping points in complex dynamic systems like traffic. Often, you find that a very subtle change has a huge macro-level effect. While the simulation surely isn’t perfect, it does suggest that more capable versions could be excellent planning tools.

The Swiss group has other models, as well.

Aesthetic query

What do people think about the big thumbnail images in the last few posts? They do allow for a much better sense of the overall picture, and they don’t sit awkwardly to one side of a white space. At the same time, they seem to diminish the text – especially when you cannot see the beginning of a post without scrolling down.

Should I stick with 450 pixel thumbnails or revert to 320 pixel ones?

Recovering encryption keys from RAM

Rusty icy truck

Most successful attacks against strong, well-designed encryption take the form of ‘side channel’ attacks: ones that aren’t based on breaking the strong cryptographic algorithm, but which are based or circumventing it or subverting it somehow. Common varieties include timing attacks, which examine the precise amounts of time cryptographic equipment or software takes to perform operations, and power monitoring attacks, which examine which parts of a piece of equipment are using energy when.

Researchers at Princeton have recently uncovered a potentially significant side-channel attack against whole-disk encryption systems like BitLocker (built into Windows Vista), FileVault (same for Mac OS X), and Truecrypt. The attack is based on analyzing the random access memory (RAM) of a computer system once it has been turned off. Despite the common perception that this clears the contents of the RAM, they have demonstrated that it is possible to use simple techniques and equipment to get a copy of what is inside: including the cryptographic keys upon which these programs depend:

We found that information in most computers’ RAMs will persist from several seconds to a minute even at room temperature. We also found a cheap and widely available product — “canned air” spray dusters — can be used to produce temperatures cold enough to make RAM contents last for a long time even when the memory chips are physically removed from the computer. The other components of our attack are easy to automate and require nothing more unusual than a laptop and an Ethernet cable, or a USB Flash drive. With only these supplies, someone could carry out our attacks against a target computer in a matter of minutes.

This is bad news for anyone relying on encryption to protect the contents of their laptop: whether they are a banker, a spy, a human rights campaigner in China, or a criminal. Other technologies exist to help foil whole-disk encryption systems when the attackers are lucky enough to find a computer that is turned on and logged in.

Researchers in the same organization have done some good work on electronic voting machines.

Pondering Mac succession

Three years ago today, I first turned on my 14″ G4 iBook. Since then, it has served me very well: progressing from Panther through Tiger to Leopard and from Photoshop 7.0 to CS2. The machine has served purposes ranging from editing every photo posted to this site to serving as the platform on which my thesis was written to initiating video calls through Skype. Unlike most of my electronics, it has never needed to be handed over to a technician for repair. That said, the machine is definitely showing its age – particularly in terms of processing power and hard disk space.

Three years is a decent lifespan for a laptop (especially one that was a value rather than a performance model from the outset) and I am planning to replace the thing within the next few months, finances permitting. While the MacBook is an obvious successor, I am leaning more towards one of the Intel-based iMacs. I will still have the old iBook to lug around for taking notes and writing emails, when required, and it’s a whole lot nicer to watch movies on a 20″ screen than on a 14″ one. I would also feel a lot more unconstrained with a 250 gigabyte drive than with an 80 GB one.

Setting up my mother’s system also provided a hands-on demonstration that the new iMacs are more than elegantly designed boxes. They are well-designed, well-integrated systems focused on doing the things for which any computer I use is essential. The Mighty Mouse may be fiddly and frustrating, but that’s the only element of the package I found to be less than excellent.

[Update: 1 April 2008] I was seriously thinking about buying a 20″ iMac this month, but the fact that the new ones will have inferior screens is giving me pause. Apparently, the new screens only show 2% of the colours the old ones did.

[Update: 22 August 2008] I got my new 24″ iMac today. It’s a gorgeous machine, and I especially appreciate how well the Migration Utility works for transferring files and settings from an old to a new Mac. In the tradition of naming my computers after characters from science fictions books, I have dubbed this one ‘Seldon’ after Hari Seldon of Isaac Asimov’s Foundation universe.