Saturday, January 9, 2010

Even the 768 bit RSA algorithm cracked, so far 1024 is safe

Cracking encryption codes is an activity that has been carried out for millenia now, since the carrying of information in a way that outsiders cannot read it is as old as man's quest for politics and fighting with each other. The tales of the Enigma project in the second World War, the quest between the Allied and Axis powers to read each other's secret messages, and then the quest between the Soviets and the US over encryption and safety of messages eventually turned into a battle of mathematics; and this is what encryption is all about now, a quest for who can have a higher degree of combination of mathematics and computing power to either set up more secure systems, or to break other other's codes.
A few years ago, it seemed that 128 bit encryption was secure, and now it does not even seem that 768 bit is secure (link to article):

Most modern cryptography relies on single large numbers that are the product of two primes. If you know the numbers, it's relatively easy to encrypt and decrypt data; if you don't, finding the numbers by brute force is a big computational challenge. But this challenge gets easier every year as processor speed and efficiency increase, making "secure" a bit of a moving target. The paper describes how the process was done with commodity hardware, albeit lots of it.
Although most people aren't going to have access to these sorts of clusters, they represent a trivial amount of computing power for many organizations. As a result, the authors conclude, "The overall effort is sufficiently low that even for short-term protection of data of little value, 768-bit RSA moduli can no longer be recommended." 1024-bit values should be good for a few years still.

Saturday, November 14, 2009

Feedback of a Flash user on Silverlight

I came across this article a couple of days back, and found this to be a nice review, although a bit one-sided. The article takes the case of a long time Flash developer who got tempted to use Silverlight for a project. The article presents the problems he faces, and although he mentions in the end that he was not experience enough in the Microsoft and Visual Studio area, this should not be a roadblock. And he is right, since Silverlight is meant to take the battle to Flash, and it should have a great experience for somebody whose expertise on Flash. If a Flash developer found it difficult to move to Silverlight, it would just add another level of difficulty in getting Flash user to convert to Silverlight. Read the article at this location.
The article is a thorough criticism, not only of Silverlight, but also the efforts around Microsoft for improving the infrastructure related to Silverlight. For example, the article talks about how difficult and time-consuming it is just download and install Visual Studio. And the help and guidance provided was not very friendly.


Don’t dumb things down on my account, but understand that not everyone installing (rather, waiting for the install process to complete so they can use) your tools knows them well enough to get themselves in and out of your workflow with ease. Lower the barrier of entry and you may appeal to, and more importantly, enable, a lot more folks. This may be hard for you, seeing as your existing and historic developer contingent has already adapted to what I think is a very hardcore centered developer process.

Sunday, October 4, 2009

The iPhone app that shows climate change

The iPhone is a great commercial success for Apple. The phone has mesmerized users all over the world, and become the corner-store for a smartphone that is well designed, provides what users want, and most noticeably, provides a platform for 3rd party apps that can extend the various functions available to users. The App Store allows developers to create apps and have them in front of users, whether these Apps be free or purchasable, and the number of apps that have been downloaded is an ever increasing number. The Apps cover a huge gamut of areas, whether these be news, business usage, games, cool gadgets, useless stuff, sports, and so on.
A different topic; that of global warming. Global warming is a phenomenon that is progressing at a rapid pace, and human efforts to put a brake on emissions are really not up to the mark; developed countries that have contributed to the problems in the most significant ways do not want to take measures that will harm their economies, unless developing countries take similar steps. Developing countries want to make sure that the contributor pays the maximum, and do not want to get strung by tough climate norms without exacting all the possible help they can (even though it is developing countries that will be hit harder by the impacts of global warming).
Some of the impacts of global warming are:
- Glaciers receding and carrying less water
- Water levels rising due to melting of polar and Greenland ice caps
- Atmospheric temperatures rising
These are just an indicative list.
Well, visitors to the Swiss Alps can now get to evaluate the results of global warming on an iPhone (link to article):


As these rivers of ice retreat back up the valleys they carved out, so scientists' knowledge of climate change advances, in turn helping us recognize the signs of a warming world. Now a new iPhone app is helping visitors to the Swiss Alps understand how climate change is altering the landscape. Developed by the Oeschger Center for Climate Change Research at the University of Bern in Switzerland and Swiss software company, Texetera, the Jungfrau Climate Guide is an interactive guide to glaciers and climate change.
For a fee of 20 CHF (around $19) visitors to the Jungfrau Alpine region can hire an iPhone loaded with the app. "For example," Meuli explained, "if you are standing in front of a glacier you will be told why it is no longer as big and provided with images of what it looked like 100 years ago, and what it might look like in the future."

Such an App can be very interesting to the user. They provide information that a tourist seeks in terms of tourists tracks, information about flora and fauna, and also provides information about how global warming has changed the levels of glaciers. As you get more Apps that cover changes in weather patters, track storm patterns and sea levels, people will be more aware.

Sunday, September 13, 2009

Twitter confirms that it does not own user Tweets

There is a section of Users (using various internet services such as Facebook, Email services, Twitter, etc) that are very sensitive to any thought that companies might want to be claiming copyright on the content that users generate. So, for example, when Google first announced that Gmail would have advertisements running next to the email, and these advertisements would be based on the content of the email, there was some controversy about how Google would be looking at the content of user's emails to generate these ads (and it slowly died away after Google talked about a computer algorithm to derive the context-aware advertisements).
Facebook faced a problem in February 2009, when its Terms of Use scared people into thinking that the Facebook is claiming copyright over the content uploaded by users; that controversy became very large very quickly, and needed changes and announcements by Facebook management to mollify and dampen the controversy. Twitter was in danger of landing in a similar public relations problem, but they seem to have taken quick action (link to article):


Twitter co-founder Biz Stone on Thursday said that the popular online messaging site had updated its Terms of Service to clarify what users can expect from the service, though the announcement appears to be more about reassuring users than delineating substantive rights. "The revisions [of Twitter's Terms of Service] more appropriately reflect the nature of Twitter and convey key issues such as ownership," said Stone in a blog post. "For example, your tweets belong to you, not to Twitter."
"The vast majority of tweets are likely to be too short and lacking in creativity to qualify for copyright," said Fred von Lohmann, senior staff attorney for the Electronic Frontier Foundation, in an e-mail. "So they are not 'owned' by anyone, much like your idle chatter while walking down the street isn't 'owned' by anyone."

Saturday, August 22, 2009

Apple responds to FCC enquiry about rejection of Google Voice

The Apple iPhone is such a popular device that it has encouraged a huge number of 3rd party developers to write applications for the iPhone, and Apple makes a large number of them available on the iTunes store (Apple claims that around 20% of the 500 apps that it receives per week are not approved - either directly rejected, or they need some modifications). However, it is apparent that one area where Apple is most concerned about is apps that either affect Apple's or AT&T's data plans or the money they make from voice calls. There was a lot of controversy in the month of July when Apple rejected the Google Voice (learn more) application, a software that could enable people to save money in making calls (even if Google Voice is not a VOIP application). The FCC was concerned about this apparent rejection, since it would seem that customers were being denied an alternative, and asked Apple for an explanation.
Apple has finally replied to the FCC, giving multiple reasons for the rejection, including privacy issues, and an apparent change of the basic call making flow inside the app (link to article):


"The application has not been approved because, as submitted for review, it appears to alter the iPhone's distinctive user experience by replacing the iPhone's core mobile telephone functionality and Apple user interface with its own user interface for telephone calls, text messaging and voicemail," Apple said in a statement posted on its Web site. Apple also said Google Voice's importation of the Contacts database represented a privacy concern. "[T]he iPhone user's entire Contacts database is transferred to Google's servers, and we have yet to obtain any assurances from Google that this data will only be used in appropriate ways," Apple said.
Separately, Apple acknowledged that its agreement with AT&T obligates it "not to include functionality in any Apple phone that enables a customer to use AT&T's cellular network service to originate or terminate a VoIP session without obtaining AT&T's permission.


However, Apple is stating that the application is still under review, and not rejected; an apparent subterfuge to ensure more time, and maybe hope that back-channel contacts ensure that the issue goes away.
At some time in the future however, Apple will find that the platform that it has built in the form of the iPhone and the app store will be broken open, that Apple will find that the rights it has to deny an application will need more openness. This could happen through a mix of consumer reaction and pressure from regulators.

Friday, August 7, 2009

Twitter shuts down for some time due to attack

The fragile nature of many of the important destinations of the internet was visible once again. Social networkers of the world, suddenly found that they were not getting their fix from the highly popular Twitter site, and that the site had stopped responding on Thursday, the 6th of August. And it was not only Twitter that was affected, other sites such as Facebook were affected as well. However, Twitter was the site that was most affected.
When sites start going down to attacks, this is mostly due to something called a DDOS (Distributed Denial of Service), and is mostly done through the use of requests for service from many different machines (many could mean hundreds of thousands or millions). In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately. One way to do these attacks is through the use of botnets (wikipedia), machines all over the internet that have been taken over.
However, this attack was somewhat different. This was carried out through the use of spams, and was actually part of an attack against the accounts of a person called Cyxymu (wikipedia), a blogger who supports the country of Georgia against Russia. People were sent spam messages with links to his accounts on different social networking sites, and a huge number of them clicked on these links (link to article):

The messages were designed to discredit Cyxymu by associating him with a spam run. Other security researchers, such as Patrik Runald at F-Secure (here) and Graham Cluley at Sophos, are sceptical about this Joe Job-style theory for the attack.
Twitter’s two NTT hosted address blocks were moved in response to the attack, Arbor adds. Twitter's reliance on just one service provider, and apparent lack of back up and redundancy, much less a comprehensive disaster recovery plan, goes a long way towards explaining why it was hit so badly.

One such attack normally causes the attacked entity to place a much higher emphasis on trying to prevent such attacks in the future, and one can expect Twitter to do the same.

Sunday, June 21, 2009

Fined a huge amount for downloading songs

The Recording Industry Association of America (RIAA) has been fighting a battle against people indulging in music-sharing across the internet. For the past many years, the music industry has seen a reduction in the number of music sales through the physical medium (CD's, DVD's, etc.) and this reduction is being blamed on the amount of file swapping that happens (file swapping gained prominence with Napster, and when the RIAA shut down Napster through a court case, other, more difficult to control file sharing methods such as P2P and torrents have gained prominence).
The music industry and the RIAA have been fighting against these, although fighting against a much widely dispersed enemy in the form of torrent sites and servers is more difficult. The music industry also started attacking the actual users, getting their details from ISP's, and then serving them notices with huge amounts of damages. The RIAA also had some hugely embarrassing mistakes, suffering from targeting people such as single mothers, children, and so on, all of which were huge Public Relations disasters. In some cases, they have successes, with people settling with the RIAA out of court. However, in another case, they have won huge damages (link to articles):

A federal jury Thursday found a 32-year-old Minnesota woman guilty of illegally downloading music from the Internet and fined her $80,000 each -- a total of $1.9 million -- for 24 songs. Jammie Thomas-Rasset's case was the first such copyright infringement case to go to trial in the United States, her attorney said. Attorney Joe Sibley said that his client was shocked at fine, noting that the price tag on the songs she downloaded was 99 cents.
This was the second trial for Thomas-Rasset. The judge ordered a retrial in 2007 after there was an error in the wording of jury instructions. The fines jumped considerably from the first trial, which granted just $220,000 to the recording companies.


Not sure about whether this will be a success, given that the accused is a single mother who works for an Indian tribe. Also, the RIAA has mostly given up fighting these cases, so this would be one of the few such cases that are still existing.