2010 10 24

From TheCommandLineWiki
Jump to: navigation, search

Contents

News Cast for 2010-10-24

(00:00:17.063) Intro

  • Quick review of Ra
    • http://www.boardgamegeek.com/boardgame/12/ra
    • Picked this up at a local gaming con a few weeks back
    • Designed by Reiner Knizia
    • It is composed of a board with two tracks
      • Tiles for drawing, tablets for scoring, tokens for bidding
      • And a marker token for the auctions
    • Our copy is a newer edition, included a bag from which to draw tiles
      • There were also some corrections to the rules that made them clearer
      • Than the borrowed copy we played at the con
    • This is a deceptively complex game
    • It takes a while to digest the rules but once you do, it plays quickly
    • It is marked for 12 and up but my 8 year old manages to play pretty well
    • It is a collecting games that relies on period auctions
      • Where the winner picks up a large number of tiles
    • You have limited sun tokens with which to bid
      • So strategy relies on picking when to bid and when to pass
      • Allowing you to bid later on
    • We find it takes less than an hour to play
    • My older son especially enjoys the game for the mythological references
    • Like alot of games by European designers, it is incredibly attractive
    • You can play with as few as two and as many as five
    • It is also entirely family friendly
      • Except for maybe the absolute youngest
      • Who might be spooked by some of the disaster tiles that wipe out things you've collected
      • Like the funeral tile
    • It makes for a slightly more involved than casual game
    • It takes more brain power than say Fluxx or Zombie Dice
      • But not a lot
    • So would be conducing to after dinner conversation while playing

(00:05:09.282) Security alerts

(00:05:25.817) New tactics attackers are using to bypass network security

  • http://www.theregister.co.uk/2010/10/18/aet_hack_technique/
  • The Register describes new findings from security vendor Stonesoft
  • They were testing their new security appliance when they came across
    • What they are calling advanced evasion techniques
  • It builds on existing tricks where attackers carve up their payloads
  • The idea is that if a target system or the intervening network hardware
    • Doesn't normalize the packets, re-assembling payloads
      • Then they are more likely to avoid scanners deployed at a network's perimeter
  • Given that defenders now are working harder to put these scattered parts of attacks together
    • This ramps the idea up even further
  • It sounds like it is specific to file sharing traffic, the article mentions
    • Mixing SMB sessions
  • In other words, AET combines fragmenting the lowest level data
    • With scrambling it higher up in the stack
      • Where it is encoded as information specifically for higher level services
  • This sounds similar to what malware does once it is on a target
    • In terms of changing itself, or using poloymorphism, to evade detection
  • Stonesoft submitted their findings to Finland's CERT-FI
    • As well as to an independent lab for verification
  • Stonesoft identified hardware based security devices as being most vulnerable
    • Mostly because they are harder or even impossible to upgrade
  • I expected once CERT-FI issues their full advisory
    • Those appliance vendors with patchable systems will provide updates
  • End user systems aren't necessarily affected
  • AET is about obscuring attacks en route
  • They have to assemble themselves as usual once in the network
    • So it shouldn't impact the effectiveness of defenses on servers and workstations themselves

(00:07:38.301) Compromise turns security vendor's site into a malware hub

  • http://www.theregister.co.uk/2010/10/19/kaspersky_website_compromise/
  • The Register reports that for three and a half hours last Sunday
    • The US web site of Russian anti-virus vendor, Kaspersky Labs
      • Had been hijacked and was serving malware out to visitors
  • Worse, when users complained, Kaspersky originally denied the problem
  • They came clean on Tuesday, laying blame on a third party application on their servers
  • During the attack, the site redirected to an attacking page
    • That launched a window designed to look like a virus scanner
    • That would then offering a download option on claiming to finding an infection
  • The Register speculates that a system would only be affected
    • If its user clicked on any of the links, triggering an installation
  • This is a very common form of attack
    • Taking over legitimate sites or setting up attractive, shady sites
    • And trying to fool a target into installing software
    • Wether that is a multimedia codec, a game or in this case some defensive software
  • Sadly, this is just the latest such incident for Kaspersky
    • Which has suffered repeated compromises
  • This one, unlike past attacks, didn't directly compromise any customer data
  • Regardless of Kaspersky's track record, it reminds us even legitimate sites
    • Can harbor some risk as they make for attractive targets for drive by attacks
  • Trust your instincts when something seems suspicious
    • Even if the domain name or web site is one you would otherwise trust

(00:09:15.674) News

(00:09:29.112) Mozilla's open web apps and experimental store

  • http://blog.mozilla.com/blog/2010/10/19/prototype-of-an-open-web-app-ecosystem/
  • Mozilla is looking to evolve the definition of a web application
  • This is clearly in response to Google's Chrome store and anticipating the Mac app store
  • The emphasis, though, is on how web applications are packaged
  • Adding a JSON manifest makes them self describing and installable
  • In the case of Mozilla's plan, installation means registering with a new client repository
  • In many ways, it seems similar to the plugin manager and add on manager already present
  • The difference is that open web apps only use web technology
  • That includes all of the advanced HTML5 capabilities, though, like local storage
  • The line between what a web application can do and what an add on can do
    • Has been steadily been blurring as HTML5 has brought more platform capabilities
  • This new versions of the still in flux standard directly supports rich applications
    • Right in the browser without the need for any native code access
  • Part of the announcement also discusses the idea of app stores
  • Mozilla isn't proposing to build a single store, but to use the open web apps standard
    • As a means to enable anyone to set up their own stores
  • As they put it, stores can then compete on features like ratings and discussions
  • They are trying to work out the hard parts like security and authorization to support payment
  • Unlike other efforts we've seen, Mozilla's idea leaves room for self installing apps
  • This is like Android in that there can be multiple stores
    • But you can also go directly to a developer's site to install a package
  • The client side repository will also go beyond managing and launching apps
  • Future exploration will include consolidated notifications and search across apps
  • Once again I admire Mozilla for their dedication to open standards
  • Open web apps will work across all browsers, this is not specific to Firefox
  • http://www.readwriteweb.com/archives/mozilla_challenges_apple_google_with_a_new_decentr.php
  • Some, like Marshall Kirkpatrick at ReadWriteWeb, are focusing solely on the app store part of this
  • That is understandable given the cache that stores have with mobile platforms
    • And the news that Mac OS X will be getting an app store
  • I also get the point that there is a gap here
  • Where do regular users get software?
  • I cannot remember the last time I was in a computer retail store
  • Do people still purchase shrink wrapped software off the shelf?
  • Does your average user know about some of the more popular online stores?
  • How many people do you know who only use the bundled crapware on the PCs they bought?
  • The idea of open, competing app stores could change that
    • Bring software discovery right along-side the browser
  • I think it still remains to be seen if ordinary users will accept
    • Thinking about web applications like regular old desktop applications
  • That is the more interesting question to me
  • The fact that Mozilla and everyone else is making an app store play
    • Regardless of how they all differ
      • Says that this model is going to be here at least for a little while
  • Mozilla's open web apps are intended to integrate, to work like desktop apps
    • But only use web technologies
  • Prism is their project to provide a desktop application wrapper around web apps
  • http://prism.mozillalabs.com/
  • Open web apps could potentially make use of Prism, seems to be complementary
  • Part of me is thrilled at this idea
    • As I think it combines with the cheap and easy server platforms that have been around a while
  • I think we need killer apps that go beyond email, social networks, and the few examples people cite
  • Desktop apps are unlikely to go away
    • But for applications that are by their nature networked, always on
    • This could be the shape of the future
  • Unlike offerings from Google, Apple and elsewhere
    • There is sample code, open to view and hack, as well as examples

(00:14:01.685) Breakthrough could eliminate need for computers to boot

  • http://hardware.slashdot.org/story/10/10/18/2342219/One-Step-Closer-To-Speedier-Bootless-Computers
  • I've been intensely interested in graphene since I first read about it
  • Laid out in a hexagonal arrangement, it is composed of a single layer of carbon atoms
  • Is it the stuff from which carbon nanotubes are made
  • In sheet form, it has some very interesting electrical properties
  • Slashdot links to a ComputerWorld article that talks about some new efforts
    • Around using this material for information storage and computing at the same time
  • Roland Kawakami and his research team at University of California, Riverside
    • Have demonstrated a compelling breakthrough based on earlier work with graphene
  • Their system also builds on the field of spintronics
  • Instead of using electrical current for storing information
    • These systems use another property, spin
  • Technically their approach is called tunneling spin injection
    • Because it injects an electron with a specific spin state
      • Into the resisting substrate provided by the ordered lattice of carbon atoms
  • Theoretically, once a particle is imparted with spin, either in the notional up or down direction
    • That spin will remain without the need to apply more energy
  • Applications to date have understandably been much more focused on storage
    • Especially non-volatile storage with much higher density than spinning drives or flash
  • The researchers at UCR, however, showed that computation could be combined
    • With information storage in particle spin
  • Spinning electrons are injected into graphene
    • And then toggled between their up and down states
      • Much like the bits in a traditional computer
  • The team has overcome some obstacles like improving the duration of imparted spin
  • In practice, the spin states degrade far more quickly than they anticipated
  • By adding an insulating layer between the graphene and the injecter
    • They've already shown a marked improvement in the lifetime of spin states
  • Kawakami is conservative in his estimates, saying this technology may be practical in five years
  • All the same, his team is already working with engineers
    • To develop the necessary supporting circuitry
  • The biggest remaining challenge will be to shrink the size and power needed
    • To inject the spin electronics and to affect their state
  • If this can be accomplished, it will both drastically cut power requirements
    • And speed up compute time, something like a thousand fold apparent increase in clock speed
  • The main reason for the speed up is that computation and memory will take place
    • In the same place rather than being separate systems
  • Right now, even main memory runs orders of magnitude slower than processors and their local registers
  • This would be like ramping up those registers so they are capacious enough to replace main memory
    • Maybe even enough to replace durable storage too
  • The fact that the spin states are non-volatile also means that a computer using this approach
    • Would turn on instantly, resuming immediately from its powered off state
  • Kawakami thinks that in ten years this might reduce the power requirements of computers
    • Such that you might never even turn one off at all
  • Kawakami emphasizes how early this research is
  • He likens it to the transition from vacuum tubes to electronic transistors
  • There is still work to be done, like developing even a spin based transistor
    • But the principles seem sound and tremendously exciting

(00:18:42.976) How Allies used math against German tanks

  • http://www.wired.com/autopia/2010/10/how-the-allies-used-math-against-german-tanks/
  • World War II interests me because the births of modern computing and cryptology
    • Are inextricably bound up in in
  • When I saw this Wired piece, by Ray Wert, I assumed it had something to do
    • With code breaking efforts or primitive computer simulations
  • As it turns out, the story is even simpler than that
  • At its crux was this question of how many tanks the Germans were producing each month
  • The Allies were interested in the question because they felt the German tanks
    • Were of superior capability
    • So the question of how the numbers stacked up was key to use of Allied machines
  • Traditional means of intelligence apparently produce estimates
    • That were simply too high to match the observed forces at key battles
  • The solution to the discrepancy actually is similar to code breaking efforts
  • Cracking the encrypted communications often relied on cribs
    • Observed facts that were not encrypted by related to protected messages
  • Clues often arose from patterns of data, not just single pieces
  • Here the clue was derived from the serial numbers on tanks
  • Piecing together enough samples, a sequential pattern was deduced
  • The article even gives the formula used
    • To calculate from a maximum sequential ID and a number of observed takes
    • The number of units produced in a month
  • After the war ended, it was possible to confirm the estimate
    • Which was one off from the actual number
  • There is a lesson for securing modern systems in here
  • Sequential numbers are used to identify a lot of things
    • Especially online when dealing with user data, electronics orders, and the like
  • That's before we even get into the role of generated numbers for modern cryptography
  • Many breaks of crypto systems have arisen from cracking how parameters are generated
    • Rather than attacking the math or other aspects of the code head on
  • If the Germans had used a harder to guess scheme
    • Then the Allies would not have been able to reverse engineer the production rate
  • Maybe the net effect would not have been all that great
    • But in such a huge conflict, it could have resulted in dragging some battles out
  • For network security, arbitrary identifiers likewise may not seem all that important
    • Until an attacker is able to reverse engineer keys for past orders
    • And combine that with other exploits to snag your users' data
  • This story is a vivid and clear reminder of how to think about
    • The mundane parts of a system that might be exposed to unknown adversaries
  • And a pretty good endorsement of the value of basic mathematics
    • To critical endeavors of all kinds

(00:21:17.186) Turning brain waves into music

  • http://www.wired.com/underwire/2010/10/robert-schneider-teletron/
  • Mind-machine interfaces are an abiding trope in science fiction, especially cyber punk
  • In the past year, there have been more stories about research bringing them to life
    • Using non-invasive techniques like EEGs
  • http://thecommandline.net/tag/cybernetics/
  • Whether the up tick has been due to an improvement in the available sensors
    • Or the increased quantity of sheer computing horsepower
    • This technology is even making its way into toys
  • I was immediately taken by a Wired article by Scott Thill
    • Showing what one musician is doing at the intersection of DIY and punk
  • Robert Schneider, singer/guitarist of Apples in Stereo
    • Has hacked a MindFlex toy which ordinarily uses its EEG
      • To control a fan that lifts and lowers a ball through a rotating maze
  • He's crafted an instrument, the Teletron, from a couple of these toys
    • Hooking them up to vintage synthesizers
  • There are a couple of videos showing the fruits of his labors
  • The first is a simple demonstration of increasing and decreasing pitch
  • He admits the result may not be musical as such
    • But it definitely has potential demonstrating the power of feedback
  • I could see the simple output of this toy EEG coupled with some of the
    • Rather impressive sonification tools I've read about
  • Or using that one stream of data to augment performance with traditional instruments
    • Hooking into an automated drum or loop machine, responding to the performers mood
      • Or their perception of the audience's emotional state
  • In the second video, Schneider and folks in Louisville, KY's LVL1 hackerspace
    • Explore the idea a little further
  • Schneider and experimental Robert Beatty tweak the synthesizers hooked up to the Teletron
    • While LVL1's Chris Cprek is hooked up to the EEGs
      • And reads some passages and poetry prepared by Schneider
  • Thill provides some good background on a field, brain music, that actually goes back a ways
  • Clearly with an $80 toy that other Makers and modders have taken apart
    • The field has become that much more accessible
  • I can easily see cross overs from the circuit bending and chip tuning scenes
  • The cheap EEGs may have too poor temporal resolution to do anything like
    • Driving something as sophisticated as a guitar or a piano
    • But they certainly prove a concept and are only limited by the hacker's ingenuity
  • I imagine as the higher end units become commercially available
    • Some brain musician will lay hands on one and really push the envelope
  • Inevitably the technology will trickle down into the cheaper toy market, too
    • Open up even more possibilities for the DIY and punk brain musicians
  • There is just something primal and appealing about the notion
    • Of potentially being able to tap into our very consciousness
      • And hear it as rich, maybe chaotic, but certainly complex music
  • And the feedback loop that is central to cybernetics is inescapable
  • The performance will feed back into the mood and attention of the wired performer
    • Forming a crazy strange loop that would undoubtedly thrill
      • Today's most experimental and out there musicians

(00:25:05.914) Following Up

(00:25:23.184) Barriers to real competition in the wake of the Google Books settlement

  • http://www.technologyreview.com/blog/mimssbits/25901/
  • Technology Review points to some analysis done by Eric M. Fraser
    • A legal expert whose work was published in the Stanford Law Review
  • The Google Books settlement is still under review by the Department of Justice
  • The whole process has been protracted
    • And there haven't been any developments in months
  • In the past, the settlement terms have been debated and delayed
  • Currently, the DoJ is expressing monopoly concerns over the deal
  • That is very much the takeaway from Fraser's work
  • The way the settlement stands now, Google has an exclusive right
    • To orphans works that no other party can get access to
  • This leads to monopoly power over pricing of those works
  • And as physical copies become scarcer, the Tech Review author thinks
    • That will only strengthen Google's monopoly position
  • The worst is that in practice the only way for another company to get similar access
    • Is to illegal scan books like Google did and work towards their own settlement
  • There is no guarantee doing so will yield a similar result to Google's deal
  • The author points out this is a consequence of the current overly broad state of copyright
  • Earlier discussions around the Books settlement sparked some interest in orphan works legislation
    • But nothing so far has come of it
  • The points of interest in the article also resonate
    • With the recent findings by the Library of Congress on the state of archiving audio
  • Even if we cannot agree on personal use rights under copyright
    • Can we at least agree that orphan works needs to be addressed
      • In a way that doesn't hand them over part and parcel to one company
      • Regardless of our estimation of how that company may behave for good or ill?

(00:27:49.808) Oracle wants LibreOffice members to leave the OOo council

  • http://arstechnica.com/open-source/news/2010/10/oracle-wants-libreoffice-members-to-leave-ooo-council.ars
  • I talked about the formation of the Document Foundation
    • And LibreOffice its fork of OpenOffice.org
  • The move was prompted by Oracle's less than stellar track record with open source
    • And concerns over the fate of the cross platform office productivity suite
      • Seen as a key alternative to the proprietary option of Microsoft Office
  • OpenOffice.org has also been a big driver of open document formats
    • Available and used by many other open source and free software projects
  • One question outstanding at that time was Oracle's reaction
  • They most definitely have refused the request by the new foundation for access to the trademarks
  • The database giant has also declined to formally join the Document Foundation
  • If that wasn't clear enough, Ryan Paul at Ars Technica reports
    • That Oracle has asked members of the new foundation to leave the OOo council
  • The OOo community manager told TDF members their participation in that new organization
    • Represents a conflict of interest
  • The choice presented was either-or, not necessarily leave the OOo community council
  • Paul interprets this, and I think correctly, that Oracle sees LibreOffice as a hostile fork
  • That is contrary to their stated position
  • I read one statement from a council member likening this
    • To Debian asking members of its project from Canonical to decide between the two
  • To be fair, TDF and LibreOffice are so new, its hard to say
    • That's how the relationship would have worked
  • It seems impossible that we'll find out
  • Oracle's actions will make it unlikely their will be upstream-downstream cooperation
    • Between the two projects, which is a shame
  • I would put my money on TDF, LibreOffice
  • By Oracle severing ties, they've lost touch with any goodwill they could have claimed here

(00:30:39.875) Outro

Personal tools