CryptoBox
Sunday, May 30, 2004
Quantum Cyptography
I wish I'd blogged this first, but a couple of weeks ago SlashDot posted a link to a recent announcement of great interest to crypto-dilettantes and other IT security types. Seems the EU is trying to use the magic of physics to defeat Echelon, the NSA's alleged super-sniffer, program.
How to read Macchiavelli
Unfortunately, Machiavelli has been read by generations of capitalist leaders as an endorsement of their most primitive and anti-social urges. This is not the author's fault. Any ideological book can be interpreted as a guide to selfishness and hedonism. Similar misinterpretations have happened to Darwin, Adam Smith, The Bible, and just about any other manifesto or holy book you can imagine.
Machiavelli did not advocate cruelty and treachery; The Prince is really just a guide about how a leader should behave in order to survive and prosper when surrounded by the lowest sort of allies and opponents alike. I think the best read of Machiavelli can be had by discounting the advice you want to hear. The most growth will come from meditating on those observations that most displease or vex you. It is a book about trying to be strong, just, and wise, while threatened by weak, corrupt, and foolish people.
Madness
Recent experience has gotten me thinking deeply about madness in its many forms. I think that dementia and certain forms of new-age spiritualism are just two sides of the same coin. Adherents of cat-phychic-phonemna, etc. will take offence, and I'm sorry. But I think it is very significant that psuedo-scientific/spiritual "powers" like this are on the rise as America ages en mass.
Spooks & databases
Fed spooks still mining commercial databases looking for terrorist patterns of behavior. This is very creepy. They are even looking at Internet searches.
See: the article
Thursday, May 27, 2004
Fink for OSX.
You may have heard of Fink. But if not, you're missing out on a great opportunity to turn your OS X computer into a real Unix workstation. This means that you can easily install and use all of those cool open-source tools that Linux and BSD snobs are always talking about.
Fink is a very creative combination of "packaging" tools for two different Unix-ish operating systems. First, bow-down to the power of FreeBSD because FreeBSD has an incredible system called (confusingly) "Ports". It's basically a way for you to very quickly install any of about 4,000 open-source (free) programs that you may have heard of whithout having to waste your time searching for software dependencies and code libraries. Debian Linux took this basic idea and brought it to the Linux world. And now Fink brings Debian's
"Packages" (same as "Ports") system to Darwin, the BSD-based Unix operating system at the heart of Apple's OS X.
I'm installing Fink now. Click back here on the "Comments" link below to see how it went. So far it seems very similar to installs on FreeBSD, which is to say that so far there are none of the stupid missing library or broken link problems that ultimately led me away from RedHat Linux.
Wednesday, May 26, 2004
Reading Plato's Phaedo. Phaedo is a socratic dialogue wherein Socrates proves things like the soul having existed before birth and after death. He also demonstrates that things that are seen are in a constant state of change - and things that are unseen are eternally unchanging. An example of the latter is the concept of truth - it does not change, yet can not be observed, yet the mind (and the soul) knows it implicitly.
Laws such as SB-1386 are a great opportunity for salesmen. I am currently stuck in a meeting listening to some dweeb “consult” about those kinds of laws. I feel like handing him a copy of Death of a Salesman. I've worked alongside a lot of sales guys and when I saw that play onstage (starring Brian Denehy) I could not believe that someone had published a book that so accurately and brutally captured the pointless and hollow existence that so many men fall into by living on hype, lies, bullshit, and arrogance. It is a heartbreaking story. Whenever I want to yell at a dumbshit salesman, I just remember that story and I cut him some slack.
Wednesday, May 19, 2004
New script execution via browser exploit on OS X. See a fix at wirefarm.com My favorite comment from that blog: "I reckon it's just a matter of time before the MSIE:win division sues Apple for infringing their patent on having the default URI scheme handler execute system-wide scripts".
".
Securing Miniframes
Miniframes, also known as Mini Computers, were a strange sort of adolencence between the mainframe era and the client/server PC-dominated era. Think late 1980s. I've suddenly got to learn a lot more about a couple of old miniframe platforms and how to secure them. Some systems are not even manufactured (hardware) or updated (OS/software) anymore. This means that some organizations run their ancient miniframe OS inside of some kind of virtual machine (harware emulation) living on top of Unix or something else "modern". In the case of what I've got to try and lock down the OS and the application (a database) are sort of a single entity. There is no TCP/IP stack, so CGIs (scripts) run locally on the "modern" OS and talk to the cleartext (not encrypted) files that make up the ancient OS/application. So Unix knows about the old OS, but not the inverse. Sort of like a person with two personalities where only one of them knows that it is not the only personality. So how to secure a system that keeps everything in cleartext and has no concept of the all-important trust boundary between applications and operating systems? Hmmm. Sounds a bit like the Windows NT family (at the heart of Win2k, WinXP, Win2003, etc.). Windows developers chose to put all graphical user interface (GUI) applications (just about everything) into the same memory space as the underlying OS's kernel uses. They did this so it would run faster, but this also means that marginally trustable applications like Outlook or something can execute code inside the same memory space as the most vital kernel modules. So an email virus can take over the entire OS without breaking a sweat. Perhaps I should think of this wierd miniframe OS/app on top of Unix as having the same level of vulnerability as Windows NT. No, I think this is different. In either case, if the root/admin account gets compromised, you're screwed. But what we're actually talking about here is data confidentiality and integrity, not kernel/OS integrity. Hmmm. Yes, I see it now: the trick here is to NOT see the virtual machine environment or even the obscurity of the miniframe OS/app. on top of it as providing any (or much) protection of the data. The files live inside Unix as ascii files. So they need to be protected in the same way as any other files on Unix. But we have to also secure the VM and OS/app parts too. Now I see which way to go. I need to segment the trust on the system almost as if it were an un-trusted network: data in one part of the network, processing in another, the client doing the querying, in another, with possibly malicious actors in-between. Sounds good, excpet I can't encrypt anything. Hmmm. Sort of reminds me of how Qmail was coded: none of the parts of qmail trust eachother, so, unlike other mail server software packages, qmail is only at v1.03 and has been there since 1998!
Tuesday, May 18, 2004
SB1386
Identity Theft trend?
Over the past year, a lot of personal information has been compromised
at several universities. At this point I don't yet think that this
represents hackers targeting personal information for identity theft or
fraud, but the public and at least the California legislature has taken
notice. Anyone who is an IT admin or security professional or lawyer
involved with IT should be aware of this:
The California State law, SB-1386:
http://www.sb-1386.com/
The San Diego compromise:
http://www.washingtonpost.com/wp-dyn/articles/A7275-2004May7.html
http://www.nbcsandiego.com/education/3276559/detail.html
Recent similar compromise at Indiana State University:
http://www.indianastatesman.com/vnews/display.v/ART/2004/04/21/
40860575d6d09
Recent similar compromise at Georgia Institue of Technology:
http://www.computerworld.com/securitytopics/security/story/
0,10801,69213,00.html
Recent similar compromise at University of Georgia:
http://www.cnn.com/2004/EDUCATION/01/30/computer.breach.ap/
wifi news
Great news posted on href="http://slashdot.org/article.pl?sid=04/05/18/1359229">Slashdot
today:
"The FCC unanimously voted today to allow wireless providers to use the
frequencies between television stations to broadcast WiFi in rural
areas. Broadcasters argue that this will cause interference on
television stations but the FCC chairman says otherwise."
I sort of can't believe the FCC didn't buckle to the TV lobby on this
one. I'm hoping that this could be the beginning of a new "last mile"
broadband technology to compete with DSL & cable.
Been learning about LDAP a bit. I strongly recommend Gerald Carter's book from O'reilly on this subject. I never realized, for example, that LDAP can be used for much more than just keeping contact info on people. He explains how to use it to keep track of all your configuration info about applications, hosts, accounts, etc. More on LDAP later.
Saw the movie Troy this weekend. I went with VERY low expectations and was still really dissappointed. It stank. There were so many things wrong with it: A blond, German model playing Helen of Troy (the ancient Greek beauty with the "face that launched a thousand ships". Couldn't they at least have used a brunette? Speaking of such, there were a few giant Welsh/Scottish red/blonde-haired types doing an encore of their performances in Braveheart. Another nice encore was the soundtrack from Gladiator. And Brad Pitt's faithful re-creation of his cocky/naked performance in Fight Club was another re-run. Also, I'm not sure, but I think the statues inside the city of Troy were Minoan or Mycenaean. At least one statue, seen behind Peter O'toole while he prayed, was a sort of Tiki/Hawiian/Polynesian figure with a great six-pack. This is Hollywood cheese at its cheesiest. Oh, by the way, even the acting by the few non-models sucked. My wife suggests that when even good actors suck, it must be the director's fault.
Sunday, May 16, 2004
Slashdot reported today that another site, ArsTechnica says that Cisco's source code was stolen recently. The original post was on a Russian site securitylab.ru. Apparently, part of the code was posted on an IRC channel. This could mean annoying stuff like buffer overflow exploits coming out and tedious/painful IOS upgrades all around the world. Or it could mean nothing at all. I've heard rumors for years that people in the hacker/warez communities have had Cisco's source.
I've often wondered if the IOS kernel was coded from scratch or if its a decendant from one of the old BSD or AT&T branches.
My guess is that this will probably be anonther security non-event despite the great scandal-value for the IT media. The recent TCP vulnerability was a real scare (with regard to BGP), but I don't think it has amounted to anything, thankfully. However, it does remind us that the Cisco IOS is one of those mysterious embeded Unixish OSs that is not transparent at all. Contrast that with Juniper's willingness to give admins a real csh shell before dropping them into the JunOS shell environment. The Russian site even has a couple of code snippets of IPv6 stuff. I don't read C but the comments are interesting. FYI the translation done by World Lingo seems better that what I'm used to from URL translating sites.
Saturday, May 15, 2004
My favorite program these days is TeXshop. It allows you to use the best parts of TeX/LaTeX on the Mac without learning or knowing how to compile/run it on Unix/Linux.
TeX is a great way to write a document because you can write all the content without worrying about formatting and typesetting until you've gotten the structure and content clearly defined. Its basically a markup language. Try it out. You'll actually enjoy writing reports. See also this great pair of articles by Kevin O'Mally at O'reilly's website.
"Reading" in your car on the way to work (if you use OS X):
1. Copy the text of the ascii or PDF and paste it into TextEdit. Then Format > Make Plain Text.
2. Save it as Unicode UTF-8.
3. From a shell:
say -v Bruce -f whitepaper.rtf.txt -o whitepaper.aiff
4. Open whitepaper.aiff in iTunes: File > Add To Library.
5. In iTunes, go to your Library folder, and locate the file.
6. Double click it.
7. Click the Burn Disc button in the upper right corner of the iTunes window.
8. Play it in your car just like any audio CD.
I recommend Meditations by the Roman emperor Marcus Aurelius. The link I've provided is to a text version of a 19th century translation. The language and concepts (interpretation) reflect that era, so you may also want to contrast it with a fine modern translation by Gregory Hays. It is an astonishingly relevant and insightful example of private introspection by one of the few "great" Roman emporers who was respected in his own time and 2000 years later.
Friday, May 14, 2004
Attending the Internet Law Program at Harvard this week has convinced me that I should learn to use the power that is blogging. I'll start by sharing my intellectual adventures and interests. I hope they help others in their attempts to educate themselves and to help themselves and others to understand the sometimes incongruous interactions between technology, philosophy, culture, history, language, politics, and economics.
