NSA drowning in overcollected data, can't do its job properly

NSA whistleblower William Binney warns that the agency collects so much useless information that it can't process it effectively. The Snowden leaks about the MUSCULAR surveillance program (tapping the fiber links connecting up the data-centers used by Internet giants like Google and Yahoo) corroborate Binney's view: in 2013, NSA analysts asked to be allowed to collect less data through MUSCULAR, because the "relatively small intelligence value it contains does not justify the sheer volume of collection."

Read the rest

Stross on Unix religion

Unix history: a religious perspective. (I like the idea of Linux as a Protestant Reformation: "a new, freely copyable kernel that all the faithful could read with their own eyes") Cory 30

Deriving cryptographic keys by listening to CPUs' "coil whine"


In RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis [PDF], a paper by Daniel Genkin and Eran Tromer of Tel Aviv University and Adi Shamir, the authors show that a sensitive microphone (such as the one in a compromised mobile phone) can be used to infer a secret cryptographic key being used by a nearby computer. The computer's processor emits different quiet sounds ("coil whine...caused by voltage regulation circuits") as it performs cryptographic operations, and these sounds, properly analyzed, can reveal the key.

It's a pretty stunning attack, the sort of thing that sounds like science fiction. But the researchers are unimpeachable (Shamir is the "S" in RSA), and their paper is very clear.

Read the rest

King James Programming: Markov chain trained on the Bible and a comp sci textbook

Michael Walker trained a Markov chain with the King James Bible and Structure and Interpretation of Computer Programs, a classic computer science textbook. The result is King James Programming, a tumblr filled with comp-sci-inflected biblespeak. I could read it all day long.

Read the rest

Kinematics: 4D printing for foldable, flexible forms

Jessica sez, "Kinematics is a system for 4D printing that creates complex, foldable forms composed of articulated modules. The system provides a way to turn any three-dimensional shape into a flexible structure using 3D printing. Kinematics combines computational geometry techniques with rigid body physics and customization. Practically, Kinematics allows us to take large objects and compress them down for 3D printing through simulation. It also enables the production of intricately patterned wearables that conform flexibly to the body."

Read the rest

badBIOS: airgap-jumping malware that may use ultrasonic networking to communicate

Security researcher Dragos Ruiu has been painstakingly untangling a weird, scary piece of malicious software that compromises the BIOS of the computers it attacks, allowing it to infect machines with different operating systems. He's dubbed it "badBIOS" and has seen it infect machines that aren't connected to the Internet. It appears that its initial vector may be a USB exploit, spreading by memory stick, but after that, it appears that it continues to communicate with other infected machines by ultrasonic networking through its hosts' mics and speakers (!). On Ars Technica, Dan Goodin has a deep dive into the strange, freaky world of badBIOS.

Read the rest

Black Perl, a poem in perl 3

Black Perl is a famous 1990 poem written in the programming language perl, by its creator Larry Wall. It is both a poem and a program, and runs under perl 3.

Read the rest

Implementing a Turing machine in Excel


Felienne describes how she, Daan van Berkel and some other friends went away for a weekend to hack a Turing machine out of Excel formulas. Lacking an infinitely long tape, they had to kludge around a bit, but the outcome is both cool and instructional (here's the machine itself). The Turing Machine is Alan Turing's "hypothetical device that manipulates symbols on a strip of tape," which formed the basis for modern, general-purpose computers.

Read the rest

Celebrate Software Freedom Day by hacking on STEED, a way to make email crypto easier

Georg sez, "End to end cryptography is one of the few truly effective ways in which privacy and security can be protected. GnuPG is the central tool for this, recommended and used by security icons such as Bruce Schneier. While the software itself is easier to use than most people realize, key exchange is cumbersome. The authors of GnuPG have developed a concept that will solve this issue: STEED. So this is a call to action for tomorrow's Software Freedom Day. Help spread the word so one of the biggest obstacles to pervasive end to end cryptography will be solved for good. Let the STEED run!"

Read the rest

Paranoid Browsing: anti-profiling plugin seeks feedback

Ben West read my novel Little Brother in tandem with the Edward Snowden leaks about NSA spying, and it got him thinking about a browser plugin called Paranoid Browsing to make it harder to profile your traffic based on surveillance. He's posted the source-code to GitHub and looking for critical feedback about the robustness of the system -- remember, the only experimental methodology for validating a security system is public discussion, because otherwise, you never know if your system is secure, or just secure against people who are stupider than you.

Read the rest

Unsupervised AI makes up some pretty funny jokes

Unsupervised joke generation from big data [PDF], a paper by University of Edinburgh researchers Sasa Petrovic and David Matthews, describes an ingenious and successful method for teaching a computer to make up jokes like "I like my relationships like I like my source, open;" "I like my coffee like I like my war, cold;" and "I like my boys like I like my sectors, bad." The researchers wrote code that called on Google's n-gram database to find noun-attribute pairs, zero in on nouns with ambiguous meaning, and automatically generate jokes.

Read the rest

Knitting as computation


K2G2 -- a wiki for "krafty knerds and geek girls" -- has a marvellous series of posts about "Computational Craft" through which traditional crafting practices, like knitting, are analyzed through the lens of computer science. The most recent post, A Computational Model of Knitting, point out the amazing parallels between knitting and computing, with knitting needles performing stack and dequeue operations, "While straight needles with caps store and retrieve their stitches according to the principle of LIFO (first in - last out), double pointed and circular needles additionally implement the functions of a queue or FIFO (first in – first out), effectively forming a double ended queue, also known as dequeue."

Read the rest

Some copiers randomly change the numbers on documents


In Xerox scanners/photocopiers randomly alter numbers in scanned documents, computer scientist David Kriesel shows that the Xerox WorkCentre 7535 randomly changes the numbers in its scans. The copier has firmware that tries to compress images by recognizing the numbers and letters in the documents it scans, and when it misinterprets those numbers, it produces untrustworthy output. The bug also occurs in the Xerox 7556 and possibly other machines, and as Kriesel points out, this could mean that engineering diagrams, invoices, prescriptions, architectural drawings and other documents whose numeric values are potentially a matter of life-and-death (or at least financial stability) are being randomly edited by machines we count on to produce faithful copies.

Read the rest

Researcher wins NSA cyber-security prize, says freedom is incompatible with the NSA "in its current form"


Dr. Joseph Bonneau, an engineer at Google, is the first-ever winner of the NSA's new Science of Security (SoS) Competition, a prize for excellence in cyber-security research. On learning that he had won the first prize, he published a scorching blog-post excoriating the NSA for its dragnet surveillance and opining "I don’t think a free society is compatible with an organisation like the NSA in its current form."

Read the rest

Killing stupid software patents is really easy, and you can help


The US Patent and Trademark Office is required by law to let the public submit "prior art" for pending patents -- essentially, evidence that the thing the patent-filer is claiming to have invented already exists. People who spot patents in need of killing post them to a Stack Exchange forum called Ask Patents, in the hopes that other forum members will come up with invalidating art.

Joel Spolsky writes about how he found -- in 15 minutes, mind you -- the prior art necessary to invalidate a dumb-ass Microsoft patent on scaling images. He documents the process by which he did it, and shows how easily you could do it, too. As Spolsky points out, software patents are all basically shit, and trivial to prove as such. It just takes a dedicated army of freedom fighters to find and submit the prior art that helps the overworked patent examiners at the USPTO to reject the garbage they get by the truckload.

Software patent applications are of uniformly poor quality. They are remarkably easy to find prior art for. Ask Patents can be used to block them with very little work. And this kind of individual destruction of one software patent application at a time might start to make a dent in the mountain of bad patents getting granted.

My dream is that when big companies hear about how friggin’ easy it is to block a patent application, they’ll use Ask Patents to start messing with their competitors. How cool would it be if Apple, Samsung, Oracle and Google got into a Mexican Standoff on Ask Patents? If each of those companies had three or four engineers dedicating a few hours every day to picking off their competitors’ applications, the number of granted patents to those companies would grind to a halt. Wouldn’t that be something!

Victory Lap for Ask Patents - Joel on Software (via O'Reilly Radar)