2012 04 16

From TheCommandLineWiki

Jump to: navigation, search

Contents

News Cast for 2012-04-16

(00:00:17.653) Intro

(00:04:22.130) Security alerts

(00:04:41.005) Researchers develop quantum encryption method to foil hackers

  • Quantum cryptography has long been held as a sort of anodyne for security problems
    • Especially with commercial scale quantum computers always just over the horizon
  • Classical crypto relies on certain mathematical operations that are hard one way
    • But easy to reverse or perform a complementary calculation with the same inputs
  • It isn't hard to imagine missing a flaw in the math, some shortcut that undoes the security
    • Or even more likely some problem with a given implementation in code
  • Quantum crypto systems, by comparison, take advantage of the weird phenomenon
    • That occur when a superpose system is observed, decohering its state in a detectable way
  • So far the implementations have been modest and hence employ for key distribution
  • This means that the sending of half polarized photons from which a receiver
    • Recovers some physical measurement protects just the most critical part of a secure channel
  • It makes sense since sharing trusted keys is ridiculously hard to do without exposure to an attack
  • If the large enough keys can be share, the rest of the encryption can be cost prohibitive
    • To crack even if it utilizes plain old classical encryption
  • https://www.zdnet.com/blog/security/researchers-develop-quantum-encryption-method-to-foil-hackers/11326
  • Emil Protalinski at ZDNet's Zero Day covers how in practice such QKD systems aren't silver bullets
  • They have been proven to be open to manipulation by a third party
    • Who can read information exchanged, something that in theory is supposed to be impossible
    • But can be done due to side channels, or peripheral phenomenon, in the actual physical components
  • Researchers from the University of Toronto and the University of Vigo
    • Have come up with a new theoretical approach that is resistant to man-in-the-middle attacks
  • Sadly the article is scant of details, just mentioning
    • That the defenders use data derived from the channel's behavior
    • In what sounds like a mirror image of the attack that has been proven to work against QKD
  • One extra party is apparently required, to proxy some data and assist in the calculations
    • That can ultimately point to whether someone is eavesdropping or interfering on the channel
  • This 4th party need not even be a trusted party which bolsters my thought
    • That the technique relies on observing some side channel but using it
      • To enhance detection of attack rather than such are normally used, to further attacks
  • Regardless it is going to be at least five years before this work
    • Makes its way into the market, to replace or more likely augment existing products

(00:08:43.727) Five-year-old remote code execution hole patched in Macs, Linux

  • https://www.zdnet.com/blog/security/five-year-old-remote-code-execution-hole-patched-in-macs-linux/11475
  • ZDNet's Zero Day had news of a patch to a five year old flaw in Samba
  • This is an open source network file and print sharing server
    • That is commonly available on Linux and bundled with OS X Server
  • Unfortunately, the flaw in question is pretty severe
  • It arises from a problem in the code generator for RPC's code generator
    • Resulted in generated code with a security flaw
  • The article has more details, of how this looks like a bounds checking problem
  • A specially crafted RPC call can then cause a buffer overflow and code execution
  • Worse, the calling client need not be authenticated
    • And depending on how Samba is configured to run, the exploit could execute as root
  • Versions 3.0.x through 3.6.3, inclusive are affected but there are now patches
    • For all still supported versions of Samba, 3.4.16, 3.5.15 an 3.6.4
  • I expect that if you haven't seen a software update for your distro, you will soon
  • There isn't any specific mention of mitigation in the meantime though I expect
    • That if you dig into the server configuration, it may be possible to disable RPC
  • The article makes one other important to consider point
    • That a lot of Unix and Linux based appliances also contain Samba as a convenience
  • It should be pretty easy to figure out if any devices you use include it
    • As they will offer some sort of network file sharing at a minimum
  • Especially if it is Windows compatible, odds are good that it is Samba
  • You could use nmap on your home network to look for ports 137 through 139
  • If you do, please be careful to only run it against machines you own
  • Restricting scanning to the local subnet with private, unroutable addresses
    • Like those starting with 192. or 10.
  • These are most likely to be network storage devices or print servers
  • You should check for firmware updates for any such gadgets
    • And worse case scenario turn off file sharing if at all possible
  • The fact that Samba is GPL'ed software should increase the odds that a manual will mention its use
    • But I don't think there is a guarantee of that unless a vendor has modified its source in some way

(00:12:11.592) News

(00:12:25.423) Algorithms for smart sand that sculpts itself

  • http://boingboing.net/2012/04/02/algorithms-for-smart-sand-that.html
  • Cory at Boing Boing linked to some pretty incredibly work done at MIT
    • In their Computer Science and Artificial Intelligence Lab
      • As part of the Distributed Robotics Laboratory within CSAIL
  • One of the most compelling science fictional ideas in the space of nano-technology
    • Is that of a utility fog, a loose aggregate of cooperating nanbots
      • That can quickly and conveniently take the shape of any object desired
  • Hod Lipson, an innovator in robotics and 3D printing has been popularizing programmable matter
    • An approach to something very much like this nano fog
  • The MIT researchers have demonstrated a solution to one of the key challenges
  • With smart atoms, as it were, at a useful scale, even of grains of sand
    • There simply isn't going to be enough storage or processing power
      • For a top-down approach to making such smart sand assembling into any interesting
  • By breaking down the task of duplicating an object placed within a pile of smart sand
    • Or the scaled up demonstration components, smart pebbles that are 10 mm on a side
    • Into simple sensing and messaging passing
      • The researchers have been able to prove their algorithms effective
  • There is a video at the end of the linked post at the MIT news office
    • With a very understandable narration that demonstrates the idea very clearly
  • In a lot of ways, what they have done reminds me of cellular automata
    • That rely on sensing rules, such as the presence or count of neighbors in a grid layout
    • And the subsequent behaviors
  • Here the sensing is done through the main source of physical interaction in the smart pebbles
    • An electro-permanent magnetic that also serves for communication between the pebbles
  • This kind of magnetic, as the article explains, doesn't draw current to attract
    • But can be turned on or off with a simple electrical pulse
  • Presumably the magnets can also be used to simple pass current to touching neighbors
    • Pretty much exactly like every other electronic device or component
  • The other thought that kept occurring, one the article calls out more explicitly
    • Is how this is like a 3D printer that can program itself
  • The opening imagine begs us to envision placing a small model of an object
    • In the extrapolated far future form of these pebbles, a container of powder
  • Wait a few moments and then pull out a copy that has been scaled up to a more useful size
  • No need to use a 3D scanner, the smart sand or the pebbles, in the demo that will be given in May
    • At the IEEE International Conference on Robotics and Automation
    • Both figure out what the object you'd added is and from the bottom up
      • Figure out how to copy or even to enlarge the exemplar provided
  • The pebble based system is limited to four magnets and assembly in two dimensions
  • After adding the magnetics, memory and processor to their design
    • The MIT team couldn't squeeze two more magnets in to demonstrate in 3D
  • Regardless, their simulations show that the distributed algorithm holds when the cubes
    • Have to deal with neighbors above and below as well as in the same plane
  • I do think it is funny that in reading the specs of the pebbles
    • That they can have 32 kb of program code and only 2 kb of working memory
      • Just how much advanced this is from the earliest computers
      • That occupied the other end of the size scale, taking up entire rooms
  • The researchers are optimistic that scaling the smart components down
    • Is a straightforward engineering challenge
  • I am pretty sure I've read about similar self assembling robots before
    • But nothing even down to the 10 mm scale that could pull of such a neat trick
    • So I tend to credit that this is possible in the foreseeable future
  • I can easily imagine, too, that as a function of shrinking size
    • Smart sand may be able to use less power, both for how it coheres to take shape
    • And to distribute the necessary communication and processing throughout itself

(00:17:34.542) Print-your-own-robots developed in US

  • http://www.bbc.co.uk/news/technology-17614392
  • BBC News has a story that is frustratingly short on details
  • Three universities, MIT, Harvard and UPenn are working on an NSF grant
    • To develop robots that will be printable with future 3D printers
  • They have $10M over the next five years to explore an idea
    • Whose ultimate aim is to allow regular users to print out custom robots and parts
      • That include everything needed for a wide variety of purposes
  • http://web.mit.edu/newsoffice/2012/print-your-own-robots-0403.html
  • The emphasis, based on the MIT press release which has far more details
    • Is to shorten up the lengthy design and production cycle of today
      • To make purpose made robots far more accessible
  • Part of the work that I found was surprising is that they really focusing on need
  • Essentially their system will include a platform to help identify a person's need
    • And select a design they can either print at home or more likely initially
      • That they can have printed at low cost at something like a hardware store
  • Not surprisingly, the project leader is also working on the smart sand project
  • They have come up with two designs, already, with specific uses in mind
  • One is a bug-like crawling robot for exploring toxic environments
  • The other is a gripper meant to help those with limited mobility
  • The challenges are well known and considerable for even industrial fabricators
  • Again, this touches on ideas advanced by Hodd Lipson
  • Lipson has espoused this idea of 3D printing robots capable of walking out of the print bed
  • Even the most advanced printers cannot easily print in multiple materials
  • Doing so would be necessary to incorporate the electronics into the components produced
  • Given the scale of the project, its ambition, I think this is more like a moonshot
    • Right at the intersection of 3D printing and robotics
  • Even if they are not entirely successful, I expect they will advance both fields considerably
  • A solid improvement in printing combine materials would have applications
    • Well beyond their specific goal of electronics
  • It could open the way for printing all kinds of home gadgets, not just robots
    • Not to mention even how it would revolutionize traditional manufacturing
  • Maybe simpler would be more pedestrian multi-material prints
    • To add structural enhancements to the kinds of plastics
      • That home and small scale printers are capable of producing today
  • Either way, five years is a long time for this kind of research and development
    • And the funding should be sufficient for a pretty focused team to work on this exclusively
  • I will be honest I am struggling a little bit with just how widely useful custom robots might be
  • It may be easier for them to develop the needs assessment part, anyway
  • Doing so may be enough to convince me of the value of the other half of the idea
    • Of the robots they intend to make possible
  • I suppose it could be the sort of revolutionary change that is hard to predict
  • As I said, the ancillary benefits along the way are well worth it regardless

(00:20:58.623) Arrays of "Topological Insulators": a Step Towards Exotic Electronics

  • http://science.slashdot.org/story/12/04/06/1943245/arrays-of-topological-insulators-a-step-towards-exotic-electronics
  • Slashdot linked to a bit of news at Chemical and Engineering News
    • That I will be hones it making my head hurt a but to understand fully
  • Researchers at Peking University have demonstrated a cheap, precise method
    • For creating flakes of bismuth compounds that belong to a recently discovered class of materials
  • Called topological insulators, their interiors insulate electric current
    • While their surfaces are actually conductive
  • Slashdot also linked to an IEEE Spectrum article from July of last year that provides background
  • These materials were predicted by mathematicians that were, as near as I can figure
    • Extrapolating from phenomenon observed in existing semiconductors
  • In particular, in certain planes of semiconductors, electrons are constrained in ways
    • That are only seen when those electrons are not flowing, when they are bound to particles
  • The qualifier topological comes from the fact that the electrons form a continuous 2D surface
    • What, if I am reading the background article right, is called an electron gas
  • The reason these are of interest is they may provide ways to manipulate electron spin cheaply
  • Spin is the quantum affect that gives rise to magnetism at the macro scale
  • When the spins of all the electronics in a material align, you get a magnetic field
  • This application of spin is already in use at varying scales in data storage
  • One holy grail of quantum or even next generation classical computing
    • Is using the spin of individual electrons or smaller groups than used in storage
      • To perform the bit toggling fundamental to computation
  • If topological insulators can make this cheap and practical, not to mention more energy efficient
    • Than the current electronic computers, then we could see a considerable extension of Moore's law
  • This kind of material has been produce before but not easily or cheaply
  • One technique sounds similar to how sheets of graphene are made
  • A sticky film, possibly even just cellophane tape, is used to peel of layer of a bismuth compound
  • The other method is vapor deposition, which is used in making other materials for electronics
  • The problem with both is they don't allow much control over the resulting material
  • For topological insulators to work, they have to be created with a regular structure
  • What the Chinese researchers did is combine a resist method with vapor deposition
  • By masking off parts of a substrate, they can control where the vaporised compound adheres
  • Quoting from the article:
    • "The researchers used scanning electron microscopy
      • "and atomic force microscopy to confirm
      • "that the plates lay flat on the substrate, were 3 to 8 nm thick,
      • "and all had about the same area.
      • "They also used a technique called angle-resolved photoemission spectroscopy
      • "to confirm that the nanoplates had conducting surfaces and insulating interiors."
  • The breakthrough here not only yields cheap, quality insulators
    • But does so in quantities that will be useful as the materials approach commercial applications
  • The whole story reminds me of the recent advancements in memristors
  • Theory predicted those for years, as well
    • But only recently have researchers been able to produce them
  • Both lines of investigation also to me suggest that there will be opportunities
    • For the foreseeable future to incremental swap out the components we use
      • To keep the state of the art in computing advancing
      • Even as traditional materials hit their limits

(00:25:25.049) Multicore Chips As 'Mini-Internets'

  • http://hardware.slashdot.org/story/12/04/11/0151244/multicore-chips-as-mini-internets
  • Slashdot linked to the third MIT story I am going to discuss this episode
  • And it is the second story to consider a small step into the future of computing
    • Just like the first two stories both entirely unplanned involved advances in robotics
  • In this instance, researchers are working on the obstacles to scaling multiple core chips
  • Right now the cores use a single bus to share data
    • A trade off that works for eight or fewer cores
    • Such that the splitting up of task parallel computation beats the contention for the bus
  • The article notes that enterprise class CPUs with ten cores
    • Typically add a second bus to keep communications on the die speedy
  • I hadn't realized that the current designs had difficulty at so few cores
    • Compared to the theoretical upper bound I've read in other articles
      • Of up to hundreds or even thousands of cores
  • Li-Shiuan Peh is working on an alternate approach, applying the packet switching used on the internet
    • To the inter-core communications on many core test chips
  • Rather than contending for a single bus connecting all the cores
    • And having to drive signals along relatively longer and longer traces
      • Which ends up consuming more and more power offsetting the efficiency gains of multi-core
  • This is not the first time packet switching has been used for this purpose
    • Or so the article implies though it is unclear whether that is past research
    • From the very same researchers or work done elsewhere in the field
  • The challenges to making that work are the computation the cores have to do
    • To route messages not directly intended for them
    • And the memory needed to queue information when more than one packet reaches a core at a time
  • The researchers here have specifically developed two techniques that help with these obstacles
  • One involves a virtual bypass, where the sending core gives a receiving on a heads up
  • It can then preset its switch and forward a packet on without any additional computation
  • The other is to reduce the voltage difference between low and high signal for encoding bits
  • Presumably this reduces the switching speed as well as making the chip more efficient
  • Apparently by using these two approaches, they have realized a 38% improvement in efficiency
  • Part of the work was to establish the theoretical speed and power limits of multiple core chips
  • Data transmission already seems to be pretty close to the upper bound
    • But there is more work to go on the efficiency side
  • Regardless the energy consumption is still orders of magnitude better than chips using a buss design
  • I suspect that since there is so much experience with this sort of networking at large scales
    • There is tons of inspiration for ideas to try to implement on a single chip
  • There is definitely something conceptually appealing about using a network
    • Given the image of multiple core systems as shoe horning an ever increasing quantity
      • Of what essentially amount to stripped down versions of traditional single core chips
  • The article doesn't mention how far this research is from commercial designs
  • Given that there have been at least two iterations of this approach, though
    • I have to imagine it cannot be too far off
  • I supposed when we start to see commodity chips with more than eight cores
    • That will probably be based on some version of these designs
  • By commodity I mean more than 8 cores in a desktop or even a mobile chip
    • As opposed to the beefy and costly models targeted at high power server systems

(00:29:50.108) Following Up

(00:30:08.) Pirate Bay Promotion Attracts Over 5000 Artists

  • http://yro.slashdot.org/story/12/04/05/2229209/pirate-bay-promotion-attracts-over-5000-artists
  • Slashdot links to some good news, covered by the International Business Times
  • Response to The Pirate Bay's offer to promote independent artists has been outstanding
  • 5000 artists have applied, most of them musicians, most of them male
  • I suspect this coincides with the main demographic of the site's users
  • So far, there have been 14 regular campaigns in three countries
    • And 8 worldwide promotions
  • This is more than the group was planning to do in a single year
    • But since the idea has gone so well, they are considering do promotions every weekend
  • The article includes some impressive statistics for a couple of artists
  • There are also a few more details about how the project is evolving since its original launch
  • All in all, I'd say that the engagement with artists yielding an increase in direct support
    • Is a pretty strong endorsement that whatever else you can say about The Pirate Bay
    • They aren't strictly against artists or the value of works
  • There are undoubtedly other things they could in this vein
    • But given how they are pretty explicitly against copyright
    • And as such have become a huge target for litigation and takedown
      • I think this is a pretty practical compromise
      • Compared to them trying to become a more traditional channel
        • With licensing deals for content and e-commerce support for buying works
  • I think The Pirate Bay works best as a provocation
    • Defying simplistic classification by working with independents in this project and others
      • As well as being one of if not the most popular sites for finding links to infringing copies

(00:31:46.401) Blue Systems to sponsor Kubuntu

  • http://www.h-online.com/open/news/item/Blue-Systems-to-sponsor-Kubuntu-1518345.html
  • The H Open Source has fantastic news for anyone like me
    • Whose favoriate distro of choice isn't just Ubuntu but the KDE specific remix of it
  • Blue Systems, which already sponsors development of KDE for Linux Mint and Net Runner
    • Will be stepping up to continue paid support of Kubuntu after the end
      • Of Canonical's previous support announced a little while back
  • Blue Systems will be paying the Kubuntu devleper, Jonathan Riddel
    • So that he can continue the work on integrating, packaging and releasing
  • They will also provide funds for code sprints, promotional materials, web servers
    • And other expenses related to the distribution
  • Riddell will actually be leaving Canonical to work on Kubuntu full time
  • He also mentioned, in talking to The H, that they have not yet discussed
    • The trademark rules around the names Ubuntu and Kubuntu with Canonical
  • He did say he didn't expect this to be a problem
  • Personally, even if it is and the remix has to take on a new name
    • I could care less as I will continue to get support for my preferred OS for the foreseeable future
  • Several folks have responded to my recent adventures re-installing and getting Andrea switched
    • With an interest in giving Kubuntu a try
  • I am glad I can whole heartedly recommend it, without worry it will be coming to an end soon

(00:33:07.373) Outro

Retrieved from "http://thecommandline.net/wiki/2012_04_16"
Personal tools