Jul 022009
 

Long before there was a commercial Internet, there were dial-up service providers, bulletin board systems, and the like. At one time, the largest among these was CompuServe, offering a comprehensive range of services including hundreds (if not thousands) of forums, online chat, downloads, and games. Indeed there was a time when no self-respecting computer company existed without a support forum on CompuServe.

I became a CompuServe subscriber in 1991 I believe. Soon after, I discovered a wonderful game hosted by CompuServe: Richard Bartle’s original Multi-User Dungeon, running under the name British Legends. Ten years ago, CompuServe discontinued British Legends using the bogus excuse that the game is not Y2K compatible; I have been running a faithfully ported version of this game on my server ever since.

But the CompuServe service remained. Under the brand name CompuServe Classic, the original service stayed in operation in all these years. Its value was greatly diminished, but it was still usable as a reliable international dial-up Internet service provider (indeed, this is the reason why I kept my CompuServe subscription active.) That is, until now.

A few months ago, they sent out an e-mail informing users that the Classic service will be discontinued on June 30.

Out of curiosity, I tried logging on to CompuServe moments ago. Yes, the old text-based services were still available until recently. But today, this is what I am greeted with:

$ telnet gateway.compuserve.com
Trying 209.154.35.102...
Connected to gateway.compuserve.com.
Escape character is '^]'.

User ID: 70674,3414

?? LOGSTU - System BHC is temporarily unavailable

Well, what can I say? So long, and thanks for all the fun.

 Posted by at 1:41 pm
Jul 022009
 

There is something positively charming about the random nature of the Internet.

I am watching a British comedy, One Foot in the Grave, on Vision TV (as to why a supposedly religious channel is broadcasting somewhat risqué British comedies in the first place, now that’s a question for another day, but I am certainly glad that they do.) At one point, the story features an old Citroen that appears in a trash dumpster in front of the protagonist’s house. The car has a license plate: MOJ459P.

On a whim, I entered this license plate number into Google. Surprisingly, there was a hit: http://www.convergence.cx/. For no discernible reason, the page features nothing else but the mushroom cloud of a nuclear explosion, and an immortal quote from Charles Babbage, pondering the sanity of members of Parliament who were wondering if his machine could give correct answers if given wrong data.

And it is a weird Web site. The page contains an invisible link to a host-side script that barfs back a series of random generated e-mail addresses. Or, I should say, almost random generated; among a bunch of bogus addresses, the e-mail addresses associated with the registration information of the IP number from which I perform the query also appear. What this means, I have no idea. The site doesn’t seem malicious, but then what is it? The top-level domain .cx is the country code for Christmas Island, but the site itself is registered as a “Convergence Organisation Object”, in London, the United Kingdom, since 2001. I have no idea what it is. Curious.

 Posted by at 1:16 am
Apr 052009
 

Whatever my opinion is of the “fair and balanced” editorial policies of FOX News, I had no reason to doubt that the company itself was a legitimate business.

Until now.

As I was searching for news on North Korea’s failed rocket launch, one link I clicked on was that of a FOX News posting on this story. The page came up, along with the usual series of ads… except that one of them looked more than a little unusual. Not the kind of ad you expect to see on a legitimate Web site.

It said, “Christian Mom Makes $5k/M”. And sure enough, it’s a scam. The Web site, registered in December 2008, just reeks of fakeness; fake life story, fake testimonials, further postings “disabled due to spam”. Not to mention that what it actually sells, the so-called “Google Home Business Kit”, is not worth anything… you can make money with Google (google.com/adsense) but you don’t need to buy any “home business kits” to do so, and you’re unlikely to make $5,000 or even $500 a month.

So perhaps FOX was duped when they accepted the ad of a scamster? I was tempted to give them the benefit of the doubt but then I scrolled to the bottom of the page where this ad was repeated along with two other advertisements. One was titled “I’m Happy I Lost My Job”. Same idea: fake Web site, fake testimonials, $5,000/month, Google Home Business Kit. The person this Web site supposedly belongs to claims to have come from the Ottawa area. Does this mean that the ad was, in fact, geographically targeted because my IP address puts me in Ottawa, and any scamster knows that I am more likely to believe an ad if it comes from my local neighborhood? I have a proxy server in the US, so I tried reaching the FOX Web site through that server with a different Web browser. Same result, same three ads. I even tried to run the browser on that remote server (painfully slow, through an X-Window connection) and still, the same ads came up. So the Ottawa thing is perhaps just a coincidence.

Compared to these two ads, the third link, which was for a teeth whitener ranked #1 by Rachel Ray (presumably I’m supposed to know who Rachel Ray is; hmmm, let me check, Rachel Ray is the title of a novel by 19th century English novelist Anthony Trollope, but there is a television personality named Rachael Ray, presumably that’s who they meant) almost seems legitimate. (Of course if it had been authorized by the real Rachael Ray, they’d presumably have spelled her name correctly.)

So what does this tell us? I can think of several possibilities, most quite unflattering to FOX News and their viewers. For instance:

  • FOX News are scamsters, working together with other Internet con artists, ripping people off;
  • FOX News don’t care where their money comes from and accept ads without screening from Internet con artists;
  • FOX News accept ads specifically targeted at people colloquially described by the derogatory term “white trash”.

But the real question is, what does this say about the quality of the news they deliver?

 Posted by at 12:49 pm
Jan 272009
 

Long before blogs, long before the Web even, there was an Internet and people communicated via public forums (fora?), Usenet foremost among them.

Yet I stopped using Usenet about a decade ago. Here is a good example as to why. Excerpts from an exchange:

You will have more success on Usenet if you learn and follow the normal Usenet posting conventions.

About posting conventions: where did I stray from them? I do indeed want to respect the list rules.

Have a look at <http://cfaj.freeshell.org/google/>

Got it: thanks.

You failed to appropriately quote the message that you are responding to. See the FAQ and the more detailed explanation of posting style that it links to. Then, if the explanation provided is not sufficiently clear, ask for clarification.

I am afraid that you have not yet ‘got it’. You have gone from not quoting the message you are responding to, to top-posting and failing to appropriately trim the material that you are quoting.

If you had been told what you did wrong, that would, hopefully, eliminate one class of error from your future posts. You were told where to read about conventions, which *should* eliminate *all* of the well-known errors.

You are forgiven if you thought that the thread from which I excerpted these snotty remarks was about Usenet’s “netiquette”. But it wasn’t. It was all in response to a very polite and sensible question about ways to implement a destructor in JavaScript.

I guess my views are rather clear on the question as to which people harm Usenet more: those who stray from flawless “netiquette”, or those who feel obliged to lecture them. I have yet to understand why it is proper “netiquette” to flood a topic with such lectures  instead of limiting responses to the topic at hand, and responding only when one actually knows the answer. I guess that would be too helpful, and helping other people without scolding them is not proper “netiquette”?

 Posted by at 1:31 pm
Jan 272009
 

I’ve read a lot about the coming “digital dark age”, when much of the written record produced by our digital society will no longer be readable due to changing data formats, obsolete hardware, or deteriorating media.

But perhaps, just perhaps, the opposite is happening. Material that is worth preserving may in fact be more likely to survive, simply because it’ll exist in so many copies.

For instance, I was recently citing two books in a paper: one by d’Alembert, written in 1743, and another by Mach, from 1883. Is it pretentious to cite books that you cannot find at any library within a 500-mile radius?

Not anymore, thanks, in this case, to Google Books:

Jean Le Rond d’ Alembert: Traité de dynamique
Ernst Mach: Die Mechanik in ihrer Entwickelung

And now, extra copies of these books exist on my server, as I downloaded and I am preserving the PDFs. Others may do the same, and the books may survive so long as computers exist, as copies are being made and reproduced all the time.

Sometimes, it’s really nice to live in the digital world.

 Posted by at 3:51 am
Jan 012009
 

I am starting the new year by reading about a substantial piece of cryptographic work, a successful attack against a widely used cryptographic method for validating secure Web sites, MD5.

That nothing lasts forever is not surprising, and it was always known that cryptographic methods, however strong, may one day be broken as more powerful computers and more clever algorithms become available. What I find astonishing, however, is that even though this particular vulnerability of MD5 has been known theoretically for years, several of the best known Certification Authorities continued to use this broken method to certify secure Web sites. This is hugely irresponsible, and should a real attack actually occur, I’d not be surprised if many lawsuits followed.

The theory behind this attack is complicated, and the hardware is substantial (200 Playstations used as a supercomputing cluster were required to carry out the attack.) One basic reason why the attack was possible in the first place has to do with the “birthday paradox”: it is much easier to construct a fake certificate that has the same signature as a valid certificate than it is to recover the original cryptographic key used to sign the valid certificate.

This has to do with the probability that two persons at a party have the same birthday. For a greater than 50% chance that another person at a party has your birthday, the party has to be huge, with more than 252 guests. However, the probability that at a given party, you find at least two people who share the same birthday (but not necessarily yours) is greater than 50% even for a fairly small party of just over 22 guests.

This apparent paradox is not hard to understand. When you meet another person at a party, the probability that he has the same birthday as you is 1/365 (I’m ignoring leap years here.) The probability that he does NOT have the same birthday as you, then, is 364/365. The probability that two individuals both do NOT have the same birthday as you is the square of this number, (364/365)2. The probability that none of three separate invididuals has the same birthday as you is the cube, (364/365)3. And so on, but you need to go all the way to 253 before this results drops below 0.5, i.e., that the probability that at least one of the people you meet DOES have the same birthday as you becomes greater than 50%.

However, when we relax the condition and no longer require a guest to have the same birthday as you, only that there’s a pair of guests who happen to share their birthday, we need to think in terms of pairs. When there are n guests, they can form n(n – 1)/2 pairs. For 23 guests, the number of pairs they can form is already 253, and therefore, the probability that at least one of these pairs has a shared birthday becomes greater than 50%.

On the cryptographic front, what this basically means is that even as breaking a cryptographic key requires 2k operations, a much smaller number, only 2k/2 is needed to create a rogue cryptographic signature, for instance. It was this fact, combined with other weaknesses of the MD5 algorithm, that allowed these researchers to create a rogue Certification Authority certificate, with which they can go on and create rogue secure certificates for any Web site.

 Posted by at 2:30 pm
Nov 272008
 

Like other software, this Web logging software, WordPress, also needs to be updated from time to time. It appears that my attempt to update it just now to version 2.6.5 was successful.

 Posted by at 7:08 pm
Nov 272008
 

A few hours ago, I became rather alarmed, as suddenly, my outgoing network connection was saturated. “What the…?” asked I, as it took a little bit of frantic searching in the log files before I had my answer: Somehow, my old Web page about the 4-bit processor I built many years ago became rather popular, as apparently, it was featured on reddit.com. Cool! Now if only those visitors actually clicked on the Google ads that I hastily placed on these pages…

 Posted by at 12:45 am
Nov 182008
 

Having heard on the news all the phony reasons as to why President-elect Obama must give up his Blackberry, I was planning to write down my strong opinions here. But, it’s no longer necessary… it appears that Newsweek has done it, and I agree with them on all counts: Obama should keep his Blackberry, as it is time for the United States to have a 21st century president.

 Posted by at 4:52 pm
Nov 162008
 

In the year 1086, William the Conqueror ordered a survey of England. The result of this became known as the Domesday Book, a detailed account of the material wealth of England on that day of accounting, or reckoning, or doom (dom in Old English), i.e., on domesday.

900 years later, the BBC engaged in a cultural heritage project. The BBC Domesday Project was a multimedia survey of the United Kingdom, published using the latest technology: laser disc. Remember laser discs? Not compact discs, laser discs. 12 inches wide, big, shiny, designed originally to store near broadcast quality analog video.

The two Domesday discs contained professional video segments, numerous photographs encoded as single-frame analog video, along with a large amount of data (including geographic data and data from the 1981 census), as the discs could store about to 300 MB of digital data, a huge data capacity at the time.

All you needed to view the BBC Domesday disc was a specially manufactured laser disc player, along with an Acorn computer with specialized interface hardware.

Of course today it is a tad hard to find a laser disc player of any kind, never mind a specially manufactured model. As to the Acorn with the custom interface and coprocessor, good luck finding one on eBay!

The original creators of the BBC Domesday project knew about possible obsolescence; yet despite their efforts (they sent copies of everything to the UK National Data Archive, where apparently everything promptly disappeared) the data were almost lost.

Although it appears that the BBC Domesday project has been largely rescued, it highlights a bigger problem: what happens to our society’s written record if the medium on which it was written becomes obsolete? Some people speak of the digital dark ages, a period in history (i.e., the present) that will become inaccessible to future researchers, as our collective memory is written in a form that will not be compatible with the hardware of the future. Indeed, to some extent it has already happened… how many people have computers today that can read 5.25″ floppy disks, for instance? Or, what happens to Web sites when the people who maintain them are no longer around? Never mind 900 years, will any of our “domesday books” still be readable just 90 years from now?

 Posted by at 2:21 pm
Nov 142008
 

I just received the latest Microsoft security newsletter, and I was surprised to find that according to Microsoft, there is a debate about security vs. obscurity. Which may go a long way towards explaining why Microsoft products are so notorious when it comes to their (lack of) security!

That is not to say that there are no valid points in favor of obscurity measures; as the example discussed by Microsoft clearly demonstrates, it is always beneficial to make an attacker’s life a little harder. But it is a real stretch to call this a “debate”.

That is because it is not an either-or proposition. You can never have security through obscurity, and no amount of obscurity will make an otherwise unsecure system secure. But the security of a well-secured system can be improved by a little bit of obscurity, and in that sense, obscurity can supplement (but never replace) real security.

Reading on, it seems to me that some of the contributors to Microsoft’s “Great Debate” realize this. Too bad the person in charge of giving the article its title didn’t.

 Posted by at 11:43 pm
Nov 122008
 

Today, I decided to download and install WordPress, a web logging tool. It’s time for me to join the 21st century, get rid of my homebrew Day Book, and start using a modern web logging tool instead. (I refuse to call it a “blog”. I really dislike that word.)

Halloween cat

A little confusing, but I think I also know how to include an image. My test image is my favorite Halloween cat. I think it’s nice to start a brand new web log with a friendly black cat.

 Posted by at 10:28 am