Emergent Chaos, and Chip & Spin

Emergent Chaos – a weblog on “security, privacy, and economics” (via risks). To pick but three consecutive good examples: Equifax CEO says identify theft is epidemic, fingerprint privacy is rubbish (as any fule kno), and the UK government does plan to sell your ID card information. One to watch.

Another one to watch, though less frequent, is Ross Anderson at Cambridge. In particular, check out Chip & Spin to find out why Chip & Pin is increasing fraud, not decreasing it.

On subject of which… Bash & I went out for dinner last night, and we noticed they were taking card payments using a wireless terminal. So out came my Palm Tungsten, and up was fired wiffi, which duly reported no 802.11 signal in the area. “In that case, ” asked Bash, “what’s the terminal doing?”. Answer at Chip & Spin, although you can guess a lot of it.. Obviously without a network connection, it wasn’tt performing any online back-end checks that, for example, I had enough money in my account to cover the bill. So it’s basically the card authenticating itself to the terminal, and authenticating me via the PIN I entered. But what suprised her most was this: if the chip happens to be broken (eg fried), the system should fall back to magstripe – which this particular terminal happened not to support. So what happens then? Answer: no authentication whatsoever. Zero. Nada.

Go read the paper. Seriously. It’s great.

Thimblebys in New Scientist!

Blimey, the Thimblebys are in New Scientist – and where do I spot it byt Robot Wisdom? Jorn, apparently, is unconvinced. On the other hand Andy, who’s seen it up close and played with it, is very impressed.

As it happens, I’ll be in London next week at the Royal Society Summer Science Exhibition, helping demo this very software to the masses. Come and see! (Map here.)

Javascript – not actually rubbish?

Javascript – LISP with a different syntax?

I’ve been hearing murmurings along these lines from People Who Know, particularly PhD Student People I Know Who Know, one of whom was apparently writing a Tetris clone in Javascript recently. So yeah, this could be good.

Google Maps now has satellite imagery.

The Google Maps satellite picture of the UWS campus predates the Digital Technium (for now).

Intersting also that we have higher-res of Swansea than of Cardiff. So I can see where I live quite clearly, but not where I used to live. Also managed to clearly pick out the Eiffel Tower (nice shadow!), the Vatican, and the Palace of Westminster fairly easily. Not in Swansea, though. K2 and Everest more elusive, particularly the former. Singapore still at lo-res (nice clouds, however!), but Beijing central high enough for a very clear shot of the Forbidden City. The Summer Palace is still hazy, however.

Simon‘s a cartophile in the true sense but me, I just love maps because of the imaginary journeys they take me on. As such, I’ve been waiting for this all my life. It’s just gonna keep getting better, with more detail, more 3-d, more up-to-date imagery, and better navigation. What an amazing age to live in.

A shedload of Ruby links

I definitely want to learn Ruby this summer, starting as soon as I get this exam team stuff out of the way (or possibly sooner). Here, then, is a collection of resources which I might find useful. I might revisit this post and expand it later as I find new stuff or add thoughts on what’s here. If anyone has anything to add, feel free.

I have already mentioned why’s (poignant) guide to Ruby.

The first edition of Programming Ruby: The Pragmatic Programmer’s Guide is available free online.

Later, like the world and his wife right now, I want to be Rolling with Ruby on Rails. More at the Ruby On Rails homepage.

Then, learn some Javascript and tackle Ajax on Rails.

In terms of reference material…

The Ruby home page.

Ruby Central and the library reference.

RubyGems – CPAN for Ruby, I think?

Ruby Garden looks worth watching and has the Ruby FAQ.

And ooh, RubyForge.

That should be enough to keep me going for a while.

Every time my fingers touch my lightsaber I’m Superfly TNT.

Revenge of the Sith: The Abridged Script [simon]. Who cares about the frickin’ spoilers, this is just as enjoyable as the movie’s gonna be…

Short dispatch from the front line

Well, it’s midnight which means today’s been a 16 hour day so far. Must be something about Wednesdays: last week I was here all night, and didn’t go home until about 4 the next day (then watched the best Shakespeare I’ve ever seen: The Comedy Of Errors in the open air in front of Oystermouth Castle with a cast of five – very manic).

Certainly a few hours’ more work to do tonight, but it shouldn’t be an all nighter. You never know, though.

Oh, how I love working on the exam team…

Meanwhile, via Simon, how to de-flea your cat.

Update: going home at 02:34 – an 18.5 hour shift. And no overtime! Yay!

Remain calm, there’s a dog in the vents.

While googling for something to do with the unison file synchronizer, I was distracted by The Seymour Skinner page at The Simpsons Archive. Was particularly amused by P.A. announcements. Tee hee, etc.

Alas, no time to linger – I gots coding to do.

In other news, the cat is running around the house like a lunatic.

“Attention everyone, this is principal Skinner. I trust you all remembered to bring in your implements of destruction. Now let’s trash this dump.”

Photoshopped Escheresques

Photoshopped Eschers – superb [robot].

Cultural Creative? Moi?

Via smallcool, What is Your World View?

Cultural Creative

You scored as Cultural Creative. Cultural Creatives are probably the newest group to enter this realm. You are a modern thinker who tends to shy away from organized religion but still feels as if there is something greater than ourselves. You are very spiritual, even if you are not religious. Life has a meaning outside of the rational.

Cultural Creative 81% · Idealist 69% · Modernist 50% · Existentialist 50% · Postmodernist 44% · Fundamentalist 31% · Materialist 25% · Romanticist 25%


Google Earth – like, wow.

Oh, the beauty of it [robot].

EEPI 2005

Also interesting, also in RISKS: EEPI 2005, Conference on Electronic Entertainment Policies, Problems, Solutions, held where else but Los Angeles? The call is very carefully worded and I particularly enjoyed “This will not be a place for finger-pointing or name-calling.” I guess the organisers know just how contentious this whole issue is.

Here’s the RISKS post, which is basically the same announcement from the conference web page.

Hyperthreading crypto key vulnerability

So I guess everyone else has seen this already, but (for reasons stated in my previous post) I missed it until the latest RISKS Digest dropped onto my doormat. Anyway, it’s a nice example of a covert channel, and I was flailing around unsuccessfully for a nice example when I spoke about them in one of my Operating Systems lectures this year (poor preparation on my part), so I should bear this in mind for the future.

Security researcher Colin Percival recently (13 May) announced a security vulnerability caused by the combination of the Hyperthreading and shared cache features of Intel Pentium 4 processors. By carefully measuring the time required for instructions to execute in one thread while the other thread is performing a cryptographic calculation, the secret key can be determined.

(My emphasis.)

Here’s the paper (PDF).

Insightful comment at the end of the RISKS post:

The RISK here is a classic example of relying on underlying abstractions (the hardware memory model) to behave in an ideal manner, rather than understanding their implementations. Many security flaws result from the adversary breaking the veil of abstraction to look at the soft, juicy parts inside. Even when the higher-level model is perfect (or formally verified), the mapping to implementation can hide a multitude of sins.

Indeed. We computer scientists just love abstraction – it’s a powerful conceptual tool which allows us to build very powerful; but when you actually have to deal with reality, rather than some mathematically ideal space, everything suddenly gets very messy and the thick straight lines you drew between the layers turn into fuzzy fractals instead. Or something.