Dead is the age of pamphleteers. Hard data brings to mind visions of science fiction movies and the Utopian surveillance state which has - and this is a cliche - used Orwell's "1984" as a training manual as opposed to a warning. We do not have Huxley on the six o'clock anymore and Tupac is not around except in hologram form to remind us that slavery days are hardly an age past.
Here are some koans instead.
Q: Why has the fifth estate experienced mass surveillance through the centuries?
A: It's easy
Q: What do you call a non-Russian speaker who quotes Tolstoy and Dostoevsky?
A: Typical Blogspot user
Q: How many software updates does it take before you blame it on the compiler?
A: I don't know, it's still compiling
edit: If you're in Calgary, make sure you vote for your school trustee, councilor and mayor. I'm sure if Andrei was living here, he'd vote Mr. Naheed Nenshi as well. Nenshi has a strong Public Policy background from Harvard and was a professor of many years at Mount Royal University. His leadership was instrumental during the city flooding and may have been key in saving the town from a massive shutdown.
Wednesday, October 16, 2013
Tuesday, October 15, 2013
Spoof attacks, MITM and outdated certificates
On the subject of network ethics, we often want to ask how fraudulent digital fingerprints may manifest themselves over a particular domain. Whether you are using Chrome, Internet Explorer or Firefox, it is very easy to access the SSL certificates you have access to. As it turns out, the layer is not so secure.
The investigation started when I got onto campus this morning and decided to check the key chain on the Windows 7 machines in the library. A quick Google search turned up (using the keywords "fraudulent certificates") a few articles on spoofs, phishing and man in the middle (MITM) attacks over outdated certificate authorities. While some Tom can (and do) access information over web sockets between Alice and Bob's computers, we must keep in mind that most of these certificate authorities over SSL were instantiated in the 21st century. You can usually find certificates from Mozilla, Microsoft, Yahoo and Google. Other typical objects in the key chain usually come from international telecommunication networks, like Turkish and Dutch roots.
Typical adopters of web browsers will never give these objects much thought, they just kind of run in the background as artifacts of SOCKS routing. It is a matter of course that an attacker would use the path of least resistance and spoof or else forge a digital fingerprint for malicious means using what, prima facie, look like trusted certificates.
Although the latest documentation says that browser updates usually circumvent attacks on outdated or fraudulent authorities, it seems like it may not be the case after all. Attacks have been cited in 2011 onward by sources worldwide (a quick Google will turn up thousands of results). At the cost of bashing Microsoft (which is not the intent), the interesting case is that you usually do not find such digital fingerprints on even what figures like RMS call "spyware operating systems" (like Ubuntu). Indeed, a quick look at my home network does not turn up any fraudulent or else outdated certificate authorities.
Now, a colleague did make mention of some back-doors like this back when we were studying at the University of Calgary Health Sciences department, and it seems to have been patched, but IT in general here seems to allow for more than just MITM attacks - often unwittingly. Dangers of unauthenticated or non-secure SSL channels could be a 'black hat' digital signature, which implicates unknowing end users as perpetrators - not victims - of MITM or spoofs, and also allows prying eyes to look into your email. As an example, we trust our service providers to keep our banking information secured. I can say that my bank account information has been left as a starred item on Gmail since 2010 or so and there have been no worries. What does cause worry is when geographic metadata itself releases malicious digital fingerprints into cyberspace, particularly as a University student, and the next thing you know some police choppers are flying over an entire sub-net to investigate what is believed to be bad traffic.
The investigation started when I got onto campus this morning and decided to check the key chain on the Windows 7 machines in the library. A quick Google search turned up (using the keywords "fraudulent certificates") a few articles on spoofs, phishing and man in the middle (MITM) attacks over outdated certificate authorities. While some Tom can (and do) access information over web sockets between Alice and Bob's computers, we must keep in mind that most of these certificate authorities over SSL were instantiated in the 21st century. You can usually find certificates from Mozilla, Microsoft, Yahoo and Google. Other typical objects in the key chain usually come from international telecommunication networks, like Turkish and Dutch roots.
Typical adopters of web browsers will never give these objects much thought, they just kind of run in the background as artifacts of SOCKS routing. It is a matter of course that an attacker would use the path of least resistance and spoof or else forge a digital fingerprint for malicious means using what, prima facie, look like trusted certificates.
Although the latest documentation says that browser updates usually circumvent attacks on outdated or fraudulent authorities, it seems like it may not be the case after all. Attacks have been cited in 2011 onward by sources worldwide (a quick Google will turn up thousands of results). At the cost of bashing Microsoft (which is not the intent), the interesting case is that you usually do not find such digital fingerprints on even what figures like RMS call "spyware operating systems" (like Ubuntu). Indeed, a quick look at my home network does not turn up any fraudulent or else outdated certificate authorities.
Now, a colleague did make mention of some back-doors like this back when we were studying at the University of Calgary Health Sciences department, and it seems to have been patched, but IT in general here seems to allow for more than just MITM attacks - often unwittingly. Dangers of unauthenticated or non-secure SSL channels could be a 'black hat' digital signature, which implicates unknowing end users as perpetrators - not victims - of MITM or spoofs, and also allows prying eyes to look into your email. As an example, we trust our service providers to keep our banking information secured. I can say that my bank account information has been left as a starred item on Gmail since 2010 or so and there have been no worries. What does cause worry is when geographic metadata itself releases malicious digital fingerprints into cyberspace, particularly as a University student, and the next thing you know some police choppers are flying over an entire sub-net to investigate what is believed to be bad traffic.
Monday, September 2, 2013
Core/Operator Design Pattern
define Core:
Collection of libraries constituting the [modular] components that compose the software/hardware abstraction layer. Size N for object(libraries) is "very large".
define Operator:
A user-agent, real or simulated, that enacts the effect of maximizing symbolic links and symmetry at the operating system level through the use of software developer kits and formal logic.
0. (Core ^ Operator) is a unity
1. A unity defines new work closures in software life-cycles
Collection of libraries constituting the [modular] components that compose the software/hardware abstraction layer. Size N for object(libraries) is "very large".
define Operator:
A user-agent, real or simulated, that enacts the effect of maximizing symbolic links and symmetry at the operating system level through the use of software developer kits and formal logic.
0. (Core ^ Operator) is a unity
1. A unity defines new work closures in software life-cycles
Information and No Original Research
The nature of information, whether on the Internet or the "real world" has been very obviously well-characterized as "increasing without limit", denoted by our favourite function: the exponential. With the saturation of information versus the lack of interested academics, we can only get out of this slump of having no original research by generating new questions from preexisting data sets. There is a running joke in the programmers community: "grids, grids and more grids". Indeed, the mathematical structure of the grid and matrix are timeless. Euclid and the pre-Socratics solved very interested properties in maths using these kind of structures.
Rather than coming up with new programming languages and frameworks, give your Data Structures and Algorithms textbook some love and read the first three chapters or so. You'll find everything you need to solve interesting statistical problems to be pre-installed with your GNU/Linux minimal build or else your Windows/Apple machine.
Rather than coming up with new programming languages and frameworks, give your Data Structures and Algorithms textbook some love and read the first three chapters or so. You'll find everything you need to solve interesting statistical problems to be pre-installed with your GNU/Linux minimal build or else your Windows/Apple machine.
Time Distortion and Learning in Virtual Realities
In the film The Matrix, Morpheus and other red-pillers tell us about how being plugged in longer than others seems to change our sense of reality, personalities and perceptions. Indeed, if you were to ask the regular net user since the inception of IRC and those who have successfully run a business on the Internet, they might tell you "it's all about the timing". In a place where mathematical logic rules and propositions inherit their futures from the study of vector fields, we have to ask ourselves the point at which imagination and reality begin to break down. At the cost of sounding like a hipster, the plugging in process seems to change the time scale at which our minds manage to process and learn new information and the rate at which it acquires knowledge.
Just like the "slumdogs" in India managed to learn biotechnology in two weeks with one computer connected to the Internet, we now see a boundary re-emerging in which humans are melding with the neo-agora and decentralized economics: the boundary of choice. Perhaps this is what Captain Picard meant when he was discussing how economies worked in his future:
We... handle our money systems differently here.
Just like the "slumdogs" in India managed to learn biotechnology in two weeks with one computer connected to the Internet, we now see a boundary re-emerging in which humans are melding with the neo-agora and decentralized economics: the boundary of choice. Perhaps this is what Captain Picard meant when he was discussing how economies worked in his future:
We... handle our money systems differently here.
Hashes per second versus Cryptocoin Output
If you look at a typical mining pool for cryptocurrencies, you will notice that most of them contain a "Hall of Fame" segment. Upon closer inspection, you may notice that some people clock in at some absurd number like 140954085 mhash/second and get x number of some cryptocoin (let's say it's 100 BTC). One row down, you may see some user who clocks in at 43948 mhash/second is getting 10 or 20 more BTC than the user getting x number of BTC. Statistically, this means that there is little to no correlation.
The race for building the "best miners" seems to have been a rat race instead of one to the finish line. Save your cash and read the documentation. The transmission protocols used in cryptocurrencies are based on the same ones used for your favourite BitTorrent client and relies on open connectivity to the network. Hash computations aren't going to solve any quicker when the original algorithm by Satoshi was meant to actually be a self-evolving blockchain.
The race for building the "best miners" seems to have been a rat race instead of one to the finish line. Save your cash and read the documentation. The transmission protocols used in cryptocurrencies are based on the same ones used for your favourite BitTorrent client and relies on open connectivity to the network. Hash computations aren't going to solve any quicker when the original algorithm by Satoshi was meant to actually be a self-evolving blockchain.
Subscribe to:
Posts (Atom)