|
|
Ho John Lee | February 4th, 2010 | Comments are closed
These are my links for January 30th through February 4th:
- Op-Ed Contributor – Microsoft’s Creative Destruction – NYTimes.com – Unlike other companies, Microsoft never developed a true system for innovation. Some of my former colleagues argue that it actually developed a system to thwart innovation. Despite having one of the largest and best corporate laboratories in the world, and the luxury of not one but three chief technology officers, the company routinely manages to frustrate the efforts of its visionary thinkers.
- Leonardo da Vinci’s Resume Explains Why He’s The Renaissance Man For the Job – Davinci – Gizmodo – At one time in history, even da Vinci himself had to pen a resume to explain why he was a qualified applicant. Here's a translation of his letter to the Duke of Milan, delineating his many talents and abilities. "Most Illustrious Lord, Having now sufficiently considered the specimens of all those who proclaim themselves skilled contrivers of instruments of war, and that the invention and operation of the said instruments are nothing different from those in common use: I shall endeavor, without prejudice to any one else, to explain myself to your Excellency, showing your Lordship my secret, and then offering them to your best pleasure and approbation to work with effect at opportune moments on all those things which, in part, shall be briefly noted below..The document, written when da Vinci was 30, is actually more of a cover letter than a resume; he leaves out many of his artistic achievements and instead focuses on what he can provide for the Duke in technologies of war.
- jsMath: jsMath Home Page – The jsMath package provides a method of including mathematics in HTML pages that works across multiple browsers under Windows, Macintosh OS X, Linux and other flavors of unix. It overcomes a number of the shortcomings of the traditional method of using images to represent mathematics: jsMath uses native fonts, so they resize when you change the size of the text in your browser, they print at the full resolution of your printer, and you don't have to wait for dozens of images to be downloaded in order to see the mathematics in a web page. There are also advantages for web-page authors, as there is no need to preprocess your web pages to generate any images, and the mathematics is entered in TeX form, so it is easy to create and maintain your web pages. Although it works best with the TeX fonts installed, jsMath will fall back on a collection of image-based fonts (which can still be scaled or printed at high resolution) or unicode fonts when the TeX fonts are not available.
- Josh on the Web » Blog Archive » Abusing the Cache: Tracking Users without Cookies – To track a user I make use of three URLs: the container, which can be any website; a shim file, which contains a unique code; and a tracking page, which stores (and in this case displays) requests. The trick lies in making the browser cache the shim file indefinitely. When the file is requested for the first – and only – time a unique identifier is embedded in the page. The shim embeds the tracking page, passing it the unique ID every time it is loaded. See the source code.
One neat thing about this method is that JavaScript is not strictly required. It is only used to pass the message and referrer to the tracker. It would probably be possible to replace the iframes with CSS and images to gain JS-free HTTP referrer logging but would lose the ability to store messages so easily.
- Panopticlick – Your browser fingerprint appears to be unique among the 342,943 tested so far.
Currently, we estimate that your browser has a fingerprint that conveys at least 18.39 bits of identifying information.
The measurements we used to obtain this result are listed below. You can read more about the methodology here, and about some defenses against fingerprinting here
Ho John Lee | January 31st, 2010 | Comments are closed
These are my links for January 23rd through January 30th:
- Leonardo da Vinci’s Resume Explains Why He’s The Renaissance Man For the Job – Davinci – Gizmodo – At one time in history, even da Vinci himself had to pen a resume to explain why he was a qualified applicant. Here's a translation of his letter to the Duke of Milan, delineating his many talents and abilities. "Most Illustrious Lord, Having now sufficiently considered the specimens of all those who proclaim themselves skilled contrivers of instruments of war, and that the invention and operation of the said instruments are nothing different from those in common use: I shall endeavor, without prejudice to any one else, to explain myself to your Excellency, showing your Lordship my secret, and then offering them to your best pleasure and approbation to work with effect at opportune moments on all those things which, in part, shall be briefly noted below..The document, written when da Vinci was 30, is actually more of a cover letter than a resume; he leaves out many of his artistic achievements and instead focuses on what he can provide for the Duke in technologies of war.
- jsMath: jsMath Home Page – The jsMath package provides a method of including mathematics in HTML pages that works across multiple browsers under Windows, Macintosh OS X, Linux and other flavors of unix. It overcomes a number of the shortcomings of the traditional method of using images to represent mathematics: jsMath uses native fonts, so they resize when you change the size of the text in your browser, they print at the full resolution of your printer, and you don't have to wait for dozens of images to be downloaded in order to see the mathematics in a web page. There are also advantages for web-page authors, as there is no need to preprocess your web pages to generate any images, and the mathematics is entered in TeX form, so it is easy to create and maintain your web pages. Although it works best with the TeX fonts installed, jsMath will fall back on a collection of image-based fonts (which can still be scaled or printed at high resolution) or unicode fonts when the TeX fonts are not available.
- Josh on the Web » Blog Archive » Abusing the Cache: Tracking Users without Cookies – To track a user I make use of three URLs: the container, which can be any website; a shim file, which contains a unique code; and a tracking page, which stores (and in this case displays) requests. The trick lies in making the browser cache the shim file indefinitely. When the file is requested for the first – and only – time a unique identifier is embedded in the page. The shim embeds the tracking page, passing it the unique ID every time it is loaded. See the source code.
One neat thing about this method is that JavaScript is not strictly required. It is only used to pass the message and referrer to the tracker. It would probably be possible to replace the iframes with CSS and images to gain JS-free HTTP referrer logging but would lose the ability to store messages so easily.
- Panopticlick – Your browser fingerprint appears to be unique among the 342,943 tested so far.
Currently, we estimate that your browser has a fingerprint that conveys at least 18.39 bits of identifying information.
The measurements we used to obtain this result are listed below. You can read more about the methodology here, and about some defenses against fingerprinting here
- Benlog » Don’t Hash Secrets – If I tell you that SHA1(foo) is X, then it turns out in a lot of cases to be quite easy for you to determine what SHA1(foo || bar) is. You don’t need to know what foo is. because SHA1 is iterative and works block by block, if you know the hash of foo, then you can extend the computation to determine the hash of foo || bar
That means that if you know SHA1(secret || message), you can compute SHA1(secret || message || ANYTHING), which is a valid signature for message || ANYTHING. So to break this system, you just need to see one signature from SuperAnnoyingPoke, then you can impersonate SuperAnnoyingPoke for lots of other messages.
What you should be using is HMAC: Hash-function Message Authentication Code. You don’t need to know exactly how it works, just need to know that HMAC is specifically built for message authentication codes and the use case of SuperAnnoyingPoke/MyFace. Under the hood, what’s approximately going on is two hashes, with the secret combined after the first hash
- Data.gov – Featured Datasets: Open Government Directive Agency – Datasets required under the Open Government Directive through the end of the day, January 22, 2010. Freedom of Information Act request logs, Treasury TARP and derivative activity logs, crime, income, agriculture datasets.
via BoingBoing:
Many color laser printers hide information about your printer’s serial number and the date and time of your print job in every job you print. It’s believed that this is done to get your equipment to incriminate you without your knowledge. Now EFF has decoded the information-hiding scheme on the Xerox Docucolor series, by getting EFF supporters to print out pages from their printers and mail them to our researchers, who examined them under magnification and special light and cracked the code.
EFF: Is Your Printer Spying On You?:
Imagine that every time you printed a document, it automatically included a secret code that could be used to identify the printer – and potentially, the person who used it. Sounds like something from an episode of “Alias,” right?
Unfortunately, the scenario isn’t fictional. In a purported effort to identify counterfeiters, the US government has succeeded in persuading some color laser printer manufacturers to encode each page with identifying information.
They have a longer discussion and an online pattern decoder for reading the tracking output from a Xerox Docucolor 12 on the EFF site.
Update 10-29-2005 21:10 PDT – EFF has a list of printers which include visible tracking.
Ho John Lee | June 10th, 2005 | 8 comments
An interesting thread on Google Answers, regarding what services are available to track the current location of a cell phone. (via del.icio.us).
For about $200.00 ICU, Inc. offers to locate a cellular telephone by
pinging the phone – a kind of triangulation process similar to the one
I mentioned earlier. Ms. Landers explained that the cell phone appears
as a ‘blip” on a screen. They provide the service 24 hours a day, 7
days a week in order to help locate missing persons, fugitives,
cheating spouses, etc. They regularly serve bondsmen, authorities,
investigators and many others. You will receive the results within 7
to 10 minutes of a successfully completed ping that will indicate
within approximately 50 feet, where the phone was located at the time
of the ping.
I.C.U. Inc.
http://www.tracerservices.com/cpl.htm
http://www.tracerservices.com/cplfaqs.htm
Aside from the cell phone tracing, the list of services on the I.C.U. Inc web site makes for fascinating reading.
Update: 08-15-2005 23:59 – Came across the CellTrack project, which is developing a free, open source cell phone tracking system (presently for GSM). It requires installing a client application on the phone, however, so it’s not useful for finding someone who doesn’t want to be found. (screenshots here)
Also came across this paranoia-inducing clip at Instapundit:
THEY CAN HEAR YOU NOW: When I was in Beirut in April one of the leaders of the Cedar Revolution, Nabil Abou-Charaf, told me that Syrian intelligence agents used cell phones to “spy” on people.
“You mean they monitor your phone conversations,” I said.
“No,” he said. “They can listen to us all the time even when we’re not using the phone.” He could tell I didn’t believe him. “We know as a fact they can do this.”
Still, I didn’t believe what he said about spies using his cell phone as a bug. If the cell phone is off or just sitting there it isn’t transmitting a signal.
Looks like I was wrong. Julian Sanchez at Hit and Run points out this chilling excerpt from a story in last week’s Guardian.
The main means of tracking terrorist suspects down has been the monitoring of mobile phone conversations. Not only can operators pinpoint users to within yards of their location by “triangulating” the signals from three base stations, but – according to a report in the Financial Times – the operators (under instructions from the authorities) can remotely install software onto a handset to activate the microphone even when the user is not making a call.
I’m sure the police love this feature. Police states apparently love it, as well.
|
|
