You are here

rick's blog

Whirlwind - an ancient computer

I first learned about computer architecture back in the 1970s. Much of what I learned came from a set of  block diagrams for the old Whirlwind computer built at MIT.  A few years back I had the document scanned in.

Whirlwind

Yes, it's built out of vacuum tubes. But it is also the complete design of a stored program digital computer in about 200 pages.

Wordpress tag: 

Plaxo and the Overly-Social Web

I admit I'm jaded by social web sites. It seems like today's hot business plan is always for something that's "better than Facebook" or more focused on one thing or another. Most of these sites just try to capture personal things and broadcast them: short textual bursts (Twitter), photos (Flikr), video (YouTube), school ties (Facebook), professional relationships (LinkedIn).

Can anything be left?

Plaxo helps solve a long running personal problem of mine: how do I keep my contact list up to date?

Some of these sites more-or-less help you find recent e-mail addresses. Only Plaxo synchronizes this information with your desktop contact list. It synchronizes mailing addresses and phone numbers, too. This is terrific. This is practical. And it links in to other social web sites, like Facebook.

Post category: 

Cutting a "black" wire in Tyson's Corner

The LA Times, of all places, has an interesting tidbit about an incident in Northern Virginia. A construction crew in Tyson's Corner cut a "classified" fiber optic cable. And the construction site was promptly visited by men in black SUVs.

Moreover, the cable cut was fixed that very day by AT&T personnel. Impressive response time, eh?

Post category: 

Crypto bypass on the iPhone 3GS

Cousin Jon sent me this Wired link: how to bypass iPhone's 3GS encryption using jailbreaking tools. I haven't paid serious attention to the iPhone (AT&T hasn't had a strong signal in my town) but crypto bypass always gets my attention.

In fact, the weakness has nothing to do with protecting personal information on an iPhone. It's all about third parties: Apple, the cell provider, and possibly an employer who provides/manages the iPhone.

If you're not troubled by being limited to the iPhone Apps Store, then the threat's relatively small, especially compared to desktop systems. Moreover, I doubt we'll see real iPhone viruses as long as most people are happy with Apple's app restrictions.

Post category: 

Spyware from a Cell Phone Carrier

Here's a scary harbinger of things to come - the top Blackberry carrier in the United Arab Emirates developed its own "upgrade" and distributed it to its customers. The carrier's upgrade contains spyware that apparently sends decrypted e-mails back to the vendor.

The vendor is 60% owned by the UAE government. (digg)

Post category: 

Hacking Business Accounts

A couple of months ago I talked to an attorney at a regional law firm. He mentioned that some of his clients had lost tens to hundreds of thousands of dollars to fraudulent wire transfers. I surmised that it was due to rootkits that allowed someone to remotely perform a wire transfer. I also wondered if this was a local or widespread phenomenon.

Apparently it's widespread.

Post category: 

More Matlab and RC4

A reader asked for more details on the RC4 and block cipher mode functions I wrote in Matlab.

To recap, I needed a 'block cipher' to produce a complete example of how a straight block cipher fails to hide large patterns in the output, and how an appropriate block cipher mode yields something akin to white noise.

Wikipedia has a "penguin" example with a block encrypted version (penguin still visible) and a block of white noise. The white noise represents what the block mode output is supposed to look like as opposed to being the genuine output of a block cipher mode. So I built this 'real' example, more or less.

I didn't have a block cipher that worked with small blocks. But I knew it wasn't hard to implement RC4. So I created a function to map 8 bytes of data into 8 bytes of 'ciphertext' to simulate the block cipher.

Post category: 

Wow. Lisp-based Web service

John Fremlin has implemented a dynamic web server in Lisp. He claims that it beats the socks off of everything else. If we're comparing Lisp against PHP, Python, Ruby, and similar scripting languages, I wouldn't be surprised if he proves to be right.

Lisp is almost the closest-to-the-machine text language interpreter there is. Forth might beat it for closest, but Lisp is soo much more powerful. Moreover, it's possible to build sane programs in Lisp that you can actually analyze. That gives us a slight hope of building reliable and secure web servers as opposed to the cobbled together things we have to live with.

Post category: 

Spying as public activity

Critics and comics sometimes say that government insiders get more accurate information from CNN than from the CIA. Now we have 'open source spying' (Wall Street Journal). There's a grad student who, via his "North Korea Uncovered" web site, is documenting all sorts of details of that notoriously secretive country.
Post category: 

Matlab, RC4, and Crypto-Graphics

A while back I used graphical images to illustrate why you never, ever want to reuse the keystream of a stream cipher. Recently I've constructed similar examples to show the role of modes in using block ciphers. There's a nice set of block mode examples in Wikipedia, but I wanted to include the real result of applying the mode.

 

smileycolorsmileyecbsmileycbc

 

While cryptographic neophytes may want to know why the second encryption clearly failed (if you can read the message, the encryption failed), cryptographic experts may find it interesting to see other examples of cryptographic failures appearing graphically.

 

[There is a later post with more info on RC4 in Matlab

]

 

A while back I used graphical images to illustrate why you never, ever want to reuse the keystream of a stream cipher. Recently I've constructed similar examples to show the role of modes in using block ciphers. There's a nice set of block mode examples in Wikipedia, but I wanted to include the real result of applying the mode.

 

smileycolorsmileyecbsmileycbc

 

While cryptographic neophytes may want to know why the second encryption clearly failed (if you can read the message, the encryption failed), cryptographic experts may find it interesting to see other examples of cryptographic failures appearing graphically.

 

[There is a later post with more info on RC4 in Matlab]

 

Post category: 

Pages

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer