2012 03 11

From TheCommandLineWiki
Revision as of 00:23, 12 March 2012 by Cmdln (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

News Cast for 2012-03-11

(00:00:17.848) Intro

(00:04:13.302) Security alerts

(00:04:29.918) The little white box that can hack your network

  • http://www.wired.com/wiredenterprise/2012/03/pwnie/
  • Writing for Wired Enterprise at Wired.com, Robert Macmillan explains a new bit of hacker kit
    • That builds on several existing ideas and practices in the world of security
  • He opens with a bit of a story, about a pen tester specifically hired to test
    • An unnamed bank's security and does so making use of an innocuous white plug computer
  • Called the Pwn Plug it is a pre-built, off the shelf version of a hacker's dropbox
    • Previously a custom machine an attacker would social engineer onto a target network
  • Such a machine then enables remote access and provides a bunch of tools
    • For further exploration or exploitation
  • The Pwn Plug was inspired by the SheevaPlug, the first of a series of wall wart shaped computers
    • That can run a fully functional Linux system in an incredibly small footprint
  • The outfit was started by Dave Porcello, a former security manager at an insurance company
    • Who saw not the opportunity to outfit true attackers but to help arm folks in the security industry
  • The device can be deployed as part of a penetration test, as the case opening the article
  • Macmillan describes several other uses that actually make a great deal of sense
    • Especially using the devices to help tackling the costs of security
      • As a network scales as the case with a large retail chain with networks in all its stores
  • The Pwn Plug can also be used as a remote access and control point
    • For network manage as well, a way for a central set of experts to more cost effectively
      • Exercise any number of IT functions that could otherwise require more expensive solutions
      • Or actually flying staff around, to various locations within a company's larger network
  • It is worth noting as with many multiple use security tools
    • That what Porcello is doing isn't making the likelihood
      • Of finding a truly malicious plug computer on your network any greater
  • What he has turned into a low cost product for security professionals
    • Is actually an incredibly obvious idea that no doubt many attackers
      • Are already using in the wild in some form or another
      • Even using the sort of optional camouflage that can be used with the Pwn Plug
  • The story should also reinforce that security is a mindset
    • And should include the curiosity to spot the out of place and the will investigate it

(00:08:27.829) Adobe provides tool for analysing Flash files

  • http://www.h-online.com/security/news/item/Adobe-provides-tool-for-analysing-Flash-files-1464864.html
  • The H Security has news of a new tool from Adobe that is more clearly
    • Meant to be of benefit to security folks and developers alike
  • Adobe is routinely in the news for vulnerabilities and exploits
    • For its ubiquities browser extension, Flash, used for a wide variety
      • Of enhancements to the stock capabilities on the web
  • Because Flash is available pretty much in every browser
    • And provides a very standard execution environment across different operating systems
      • It not surprisingly draws a great deal of attention from attackers
  • If you think about it, it represents an attack surface that the sum
    • Of all the installed browsers and operating systems attached to the web
  • What Adobe has releases is a tool, the SWF Investigator
    • That allows its user to investigate the contents of executable files Flash runs
  • SWF refers to the file extension commonly associated with these files
  • Investigator will undoubtedly be immensely useful in understand Flash based attacks and malware
    • That much more rapidly so researchers can identify mitigations and fixes
  • While it can clearly also be used as a debugging tool by Flash developers
    • It also includes an XSS fuzzer, a very security specific feature
      • Aimed at helping identify failures arising from cross site scripting vulnerabilities
  • Currently the tool is only available for Windows and OS X
    • However it is open source, licensed under the Mozilla Public License 1.1
    • And its source code is already available for download
  • It is possible some intrepid Linux and BSD folks will use this to package up versions
    • For those operating systems for any developers or security researchers interested in them

(00:11:05.924) News

(00:11:19.575) IBM Busts Record for 'Superconducting' Quantum Computer

  • http://www.wired.com/wiredenterprise/2012/02/ibm-quantum-milestone/
  • Cade Metz writing for Wired Enterprise at Wired pretty clearly explains
    • A story that several outlets had picked up
  • Researchers at IBM's Watson Research Center in Yorktown Heights, New York
    • Have made some demonstrably advances in the field of practical quantum computing
  • Metz gives a refresher for anyone not already familiar with the difference
    • Between classical computers, like we have on our desks, in our shoulder bags
      • And powering the latest mobile devices like tablets and phones
  • He greatly simplifies the nature of the fundamental unit of information
    • A qubit compared to its classical counterpart
  • While it is accurate to say that a quantum bit can hold the values 1 and 0 at the same time
    • As opposed to a plain old bit which has to choose between one or the other
      • That is not all of the story
  • A bit in a quantum state is probabilistic and spans not just the on-off states of traditional bits
    • But all values in between to varying degrees
  • More importantly for doing useful work, these super positions of bits
    • Can be made to interact, to accumulate probabilities in a parallel fashion
      • Hence the incredible claims about the possible speed ups from quantum computers
  • Metz does nail how much faster quantum systems will scale given the power of super positions
  • Bit registers double with each additional bit while the capability to cover all values of a bit
    • Means that qubit register scale much more rapidly
  • I hadn't really thought through how this affects the size such a memory store needs to be
    • Before it can do something interesting compared to the classical versions
  • Even with this lower barrier to practical computation
    • Metz describes what has really been holding back many quantum registers
  • The super position of states on which qubits rely is incredibly fragile
    • Subject to decohering or decaying into a simple, classical bit with a single value
  • While super position apparently doesn't have to be maintained indefinitely for effecting computers
    • There is a minimum time required to toggle states and implement a single step of computation
  • What IBM has demonstrated is the first superconducting qubit with coherence long enough
    • To cross this divide from the largely theoretical to the imminently practical
  • Superconductivity is just one physical effect that can be used to this end
    • But definitely judging from this article appears to be the furthest along
  • Given that we have yet to achieve room temperature super conductors, however
    • Don't expect a desktop quantum computer using the approach advanced by IBM
  • Another important development shown by the IBM team is working C-NOT gate
    • That can be reliable operated 95% of the time
  • The C-NOT gate is to a quantum computer what a NOT-AND or NAND gate is for a classical one
  • Any more complex circuit can be built up in a quantum system from a C-NOT
  • The ability to use one with close to the same reliability of existing NAND gates
    • Is a pretty strong signal that real world scale quantum computing may not be so far away

(00:15:06.939) Smithsonian Aims To Make Objects In Museum Collection 3D-Printable

  • http://tech.slashdot.org/story/12/02/28/2323234/smithsonian-aims-to-make-objects-in-museum-collection-3d-printable
  • Slashdot linked to a fascinating bit of digital archiving explained by
    • Daniel Terdiman at CNet who spoke with two staffers at The Smithsonian
  • Building on the success of a 3D scan and high resolution print
    • Of a Thomas Jefferson statue currently only on display at Monticello
    • Adam Metallo and Vince Rossi, 3D digitization coordinators at the institute
      • Are figuring out how to prioritize and scan even the smallest fraction
        • Of the Smithsonian's 137 million objects in its collections
  • The primary goal stated over and over in the article
    • Is to expand beyond the mere two percent on display to the public at any time
  • While technology is clearly on the side of the pair
    • Even at the current astronomical price of up to $100K for one scanner they already used
      • The real challenge is one that is all to common on digital archiving
  • The Smithsonian doesn't have anywhere near the resources necessary
    • To simply scan in ever item it curates in anywhere near a reasonable time scale
  • I really do credit that the two staffers mentioned are the online personnel
    • Currently working on what sounds like a brilliant way to augment the institution
  • High resolution 2D scanning has been a boon for the preservation and study of art
  • * That otherwise would be two fragile or rare to allow broader study
  • With high enough quality three dimensional scans
    • Whole new opportunities for sharing and study open up that the physical collection alone
      • Simply could not support
  • Utilizing 3D printed replicas only makes sense for exhibiting items
    • Where the act of display poses a risk to the integrity and preservation of the item
  • The article repeatedly mentions these efforts support schools and other museums
    • Meaning that the efforts are most likely focused on an incremental improvement
      • In the public access to the scanned works
  • Some covering this story started speculating that the scans themselves
    • Might be made available for free, like a public domain, GLAM derived Thingiverse
  • Terdiman doesn't include anything to support this notion
    • And in fact digitization efforts of similar collections has presented many barriers
      • To what we would assume would be easy online distribution
  • http://boingboing.net/2012/02/29/smithsonian-building-archive-o.html
  • Cory at BoingBoing has a quote from a representative flatly denying this possibility
  • Even if that wasn't the case, it isn't heard to understand why they wouldn't share the scans
  • For starters, I'll remind you only two people have been dedicated to these efforts
  • I also doubt The Smithsonian has outright purchased any 3D scanning and printing gear
    • More likely partnering with firms willing to do the work pro bono
      • Or for some other consideration like exclusivity
  • Worse, The Smithsonian has a bad history of taking an incredibly conservative view
    • Of how to use digital copies to fulfill its mandate of increasing the diffusion of knowledge
  • The article does mention the care that Metallo and Rossi are taking
    • To future the data they are creating with their modest efforts
  • One would hope that eventually public pressure could be leveraged
    • Or the institute will have recovered enough of their original efforts
      • That we might some day see the headline that anyone can freely download a scan for printing
  • I'd even wager that by the time this is the case, we'd all have home 3D printers
    • Up to do these works the justice they deserve

(00:19:29.575) Is It Time For Hacker Scouts?

  • http://blog.makezine.com/2012/03/02/time-for-girl-scouts-and-boy-scouts-2-0/
  • Slashdot linked to another thoughtful and thought provoking column by Phil Torrone on Make
  • Just as he consider the future of libraries as including maker spaces
    • He looks this time at the venerable youth organizations, the Boy Scouts and Girl Scouts
  • For those unfamiliar, Phil gives a good, brief background on both
    • As well as quickly sketching some of the challenges they face these days
  • He repeatedly notes how in many families, all the parents, single or a couple
    • Work and are not as able to be as hands on with their kids' activities
  • Online services and video games are new draw away from the older pursuits
    • That scouting offers from camping to handicrafts
  • All the same, Phil notes some attempts to update scouting, to keep it relevant
  • Despite the addition of a few badges that better reflect the skills
    • That kids may find useful to acquire and develop as they make their way in the world
    • He explains that a bigger opportunity is perhaps being missed
  • There are already tons of examples of virtual spaces and tools
    • That may be far more effective at showcasing skills acquired, old and new
      • Than a uniform or sash as with the traditional merit badge
  • Many kids already get the idea of shared leaderboards to highlight scores and accomplishments
    • From the world of online video games, one of the very past times competing with scouting
  • Torrone touches on much more briefly but to good effect some interactive possibilities
  • Knowledge sharing clearly no longer need be limited to folks in the same locality
  • He suggests the use of video chatting, even the opportunity to create virtual troops
  • Merit badges could be open sourced with the supporting material being wikis
    • Making it easier to discuss and keep up to date the requirements behind them
  • The post includes a far from complete but suggestive all the same list of ideas
  • Torrone goes a bit further than just ideas describing some of his own efforts in this space
    • Such as creating or finding more up to date badges
    • And even prototyping the sort of online leaderboard he discusses repeatedly
  • He concludes by asking for comment and discussion and does an excellent job
    • Of asking that people focus on opportunities and constructive ideas
      • Rather than criticizing the existing organizations
  • The post is well worth a read and spending some time thinking about
    • Although I think it is far from complete, something Phil would probably admit himself
  • Whatever you think of scouting, for one, it represents more than just discrete skills
  • In his background, he does a good job of explaining this actually
    • Of how merit badges used to be more than they are today
      • In many ways serving as strong experience for later professional development
  • Some idea of principles goes along with that, though, the most notable being honesty and preparedness
  • I think hacker culture actually has much to offer here, if we reflect on its positive aspirations
    • In terms of the same kind of self sufficiency, of understanding and doing for oneself
  • Many of the badges put forward in the article are cool in and of themselves
    • But I have to wonder whether there could be more to them than just 3D printing or soldering
      • For there own sake, rather as part of more broad projects for general competency
  • In this light, I also wonder if Torrone missed some more obvious openings
    • In a world which he repeatedly admits is filled with online and gadget based distractions
  • I have often advocated for media literacy for kids, as a means of better understanding these draws
  • Badge oriented activities around such literacy would use the very platforms
    • With which any sort of updated youth program would need to compete
  • Regardless, I tend more to agree with what Phil is asking then dispute the value of his ideas here
  • Read the post and think about it for yourself, see if you don't also find something interesting
    • At the intersection of the wealth of hackish pursuits and traditional scouting

(00:25:10.200) Erasing a bit shown to boost entropy

  • http://arstechnica.com/science/news/2012/03/information-and-entropy-finally-linked-through-experiment.ars
  • Kyle Niemeyer writing for Ars Technica describes a delightfully insightful experiment
    • That proves a long understood theoretical limitation on the speed of computation
  • He provides a bit of background on the work done by Rolf Landauer
    • That linked information processing directly with entropy
  • What it means is that any irreversible computing operation, like erasing a bit
    • Results in at least some marginal release of heat
  • This informs a good deal of the trajectory of ever faster processors
    • And why thermal load has gone up in lock step with more and more capable chips
  • Until now, there hasn't been any direct confirmation of Landauer's ideas
    • Just the indirect evidence that has become obvious in our quest for faster computers
  • The obstacle to an experiment to prove the Landauer limit, the theoretical upper bound
    • On how quickly the fundamental elements of computing, bits, can be toggled
      • Is the difficulty in measure heat dissipation from just one bit
  • Building on some novel work done on heat and entropy in steam engines
    • Specifically in constructing the smallest Stirling engine
    • a team from École Normale Supérieure, the University of Kaiserslautern,
      • And the University of Augsburg have finally made this key measurement
  • Niemeyer concisely describes how they undertook the effort
    • Using a laser to create a double potential well in a system
      • Consisting of a silica bead suspended in a drop of water between two glass slides
  • The left or right position of the bead was used to store the on or off state of the bit
  • Moving the bead to the right by tilting the slide set it to 1
    • Effectively erasing the bit, in a way that still exercised the rig
      • Even if the original value of the bit was already 1
  • In detailing the experiment, Niemeyer pins down the exact reason entropy
    • Has to increase around the physical representation of a bit
  • Initially a bit has even odds of being in either of its possible states
  • Erasing the bit, setting it consistently to a single default state
    • Reduces the entropy in the bit itself to zero as there is no uncertainty as to its possible states
  • To satisfy the second law of thermodynamics, there has to be an overall increase in entropy then
  • This takes the form of increased heat in the surrounding water droplet
  • They were able to measure this change with a degree of precision that bears out the Landauer limit
  • Further they were able to observe a correlation between the speed of erasure
    • And the degree to which entropy in the entire manifold increases
  • The curve they charted matches what we've seen with our modest progress towards the theoretical limit
  • The work hear isn't really directly practical though it does solidify
    • Our basis for reasoning through the potential in classical computing and its limits
  • I am now intensely curious if there is a similar limit inherent in quantum systems
    • As they would seem to involve a similar transition from many possibilities in a superposed state
      • Through to one possible value of a qubit when it decoheres
  • Further I am curious if that limit is markedly different because of the staggering difference
    • Between the simple probabilities of a classical bit versus the immense ones in a quantum version
  • Even if there is a limit and its scales in relative proportion to the performance of quantum computers
    • It still may leave far more room for improvements over the best possible classical systems
      • For unit of energy expended and of resulting computation performed

(00:29:26.511) Following Up

(00:29:44.384) Raspberry Pi network plan for online free-speech role

  • I've been following Raspberry Pi, a $25 Linux computer the size of a pack of gum
    • With extreme interest for some time for its transformative potential
  • It was original developed for education, to be cheap enough for teachers and schools
    • To give away en masse to students, making computers far more accessible
  • Because it is open source coupled with it being so cheap and easy to use
    • It has the potential to drive surprising uses beyond the original idea
  • http://www.bbc.co.uk/news/technology-17231698
  • BBC News pointed to one such instance, from developer and security researcher Nadim Kobeissi
  • He wrote a secure communications program, Cryptocat, intended for use on the Pi
  • Specifically he wants to buy batches of the cheap machines to use as servers
  • It certainly changes the question of cost and scale
    • So that a single activist can plan to deploy a local or regional network on such machines
      • To enable distribution of ownership and control closer to users
      • Than a more traditional communication system like Twitter or even IRC
  • There are plenty more details of the plans in the article
    • Including involvement from the fantastic hacktivist group, Telecomix
  • Cryptocat and a network of Pis running it isn't a guarantee of security and safety for activists
    • But the fact that it is both cheap and open makes it easier to assess and to improve these aspects
      • Especially in a rapid and iterative fashion

(00:31:28.882) App Inventor now open to all

  • http://blog.makezine.com/2012/03/05/app-inventor-now-open-to-all/?hl=en
  • Adam Flaherty at Make has the latest on the life of App Inventor post-Google
  • Inventor is a Scratch like graphical environment for building apps on Android
    • Aime largely at educators and students with a promise of a lower barrier
      • To entering the space of mobile technology development
  • Google dropped support for it as part of its purge of various Labs projects
    • As it has been shifting to put more weight behind fewer, more integrated projects
  • App Inventor found a new home at MIT's Center for Mobile Learning back in January
  • The project has now launched an open beta preview
  • Anyone with a Google account can now access and make use of the system
  • They've been in closed testing in the interim
  • From the quote that Flaherty includes, it sounds like they've been focusing
    • On new servers and infrastructure hosted at MIT
      • Specifically implied by their concerns over the open beta generated load
      • That their previous closed testing simply could not generate
  • I am glad to see that this is moving forward
    • Despite the challenges that MIT will no doubt encounter
      • Having far fewer resources than Google did
  • Perhaps we'll see more opening up of sources and services
    • Making it possible to distribute the support for the use of Inventor more widely
  • Now that it is being shepherded by MIT, I think it is entirely likely
    • And will undoubtedly depend on the public response, to how much and where the system is used

(00:33:08.640) Outro

Personal tools