2006-09-28

on trusting someone!

http://lwn.net/Articles/201440/

I think people can generally trust me, but they can trust me exactly
because they know they don't _have_ to.

Don't worry about the rest if the article if you're not into open source.

Just reflect on the statement itself...

2006-09-25

Nevermoto!

I've had it with Motorola. I was seduced by an A780, but the experience didn't live upto the seduction. 20,000 rupees down the drain in 1 year and 3 months :-(

And hell hath no fury like an evangelist who's seen the darkness, if you'll pardon the word play!


Lessons learned:

  • never, ever, buy a phone that is so badly supported! One month after the battery dies I'm still waiting for a new one. And using an old Nokia 3315 for now. [And hardly missing the A780, dammit!]
  • never buy a phone designed by an American company. Their networks are so behind the times they don't even know what features to include or test! Ever heard of location info coming up as an SMS?
  • the most often used features should use the least keystrokes. Redialling the last number shouldn't be FOUR key presses.
  • the most often used features should be the most tested. T9 (aka "predictive text input") sucks on this thing. In many ways (doesn't cycle the first 2-3 letters if you ask it to cycle the choices, doesn't allow a space before a special character, ...)
  • playing sudoku online during meetings is great, but not that important. Really!
  • ditto for a camera, web browser, mp3 player, voice recording, and T9 on the dialer.

What's my real gripe? No Linux support

The Motorola A780 does not support Linux. Yes, you heard it here first!

Here's my definition of "Linux support":

The device should not create yet another Windows dependency in order to be used as intended (which in this case includes backup/sync tasks).

Any device where the CD-ROM that comes with it assumes you run Windows has failed the test.

And please ignore the few geek pages that show how to synchronise the phone data with a Linux box -- if I can't recommend it to my non-techie brother, it isn't good enough to claim "we support Linux" whatever else you may want to claim!

[geek note:] It shouldn't be that difficult to create a statically linked Qt/GTK binary with minimal dependencies that can access the device from USB and get the stuff out and in. Sort of like jpilot; nothing fancy, but functional.

Yes, the A780 runs Linux inside, which is nice, but the warm fuzzy feeling wears off very quickly after a month of using the damn thing.

My next phone will likely be a lowly Nokia 1108. Hey, it's got a flashlight attached :-)

Zune won't play MS DRM infected files

http://www.theinquirer.net/default.aspx?article=34478

So, in general, the device that Microsoft is aiming to gut the iPod with does three things really well. It screws legal music customers, screws partners, and actively advocates breaking the law to use. What a wonderful world we live in, all brought to you by the letters D, R and M, and the term infection. Seriously, you can't make this stuff up.

2006-09-19

(security) Xavier Boyen - On the Impossibility of Efficiently Combining Collision Resistant Hash Functions

About a year ago, when the first collision attack against MD5 was made public, I asked my boss (who's a real scientist, unlike me!) why we couldn't simply use two different hashes and club them together, because the chances of finding a hash collision between two different strings, for two different hash functions, ought to be close to impossible.

Looks like I wasn't on crack after all... :-)

http://ai.stanford.edu/~xb/crypto06b/index.html

Let H1,H2 be two hash functions. We wish to construct a new hash function H that is collision resistant if at least one of H1 or H2 is collision resistant. Concatenating the output of H1 and H2 clearly works, but at the cost of doubling the hash output size. We ask whether a better construction exists, namely, can we hedge our bets without doubling the size of the output? We take a step towards answering this question in the negative --- we show that any secure construction that evaluates each hash function once cannot output fewer bits than simply concatenating the given functions.

2006-09-11

(malware,DRM) Schneier on Security: Microsoft and FairUse4WM

http://www.schneier.com/blog/archives/2006/09/microsoft_and_f.html

Microsoft's priorities vis-a-vis security...! As you read this, remember that since 2003, MS's strategy for issuing patches for security holes has been that, regardless of how critical the hole is or how many computers are affected, patches come out only the second Tuesday of the following month.

Except, it seems, when someone hacks their DRM. Then the patch comes out in 3 days :-)

Quotes:

If you really want to see Microsoft scramble to patch a hole in its software, don't look to vulnerabilities that impact countless Internet Explorer users or give intruders control of thousands of Windows machines. Just crack Redmond's DRM.

[...]

Now, this isn't a "vulnerability" in the normal sense of the word: digital rights management is not a feature that users want. Being able to remove copy protection is a good thing for some users, and completely irrelevant for everyone else. No user is ever going to say: "Oh no. I can now play the music I bought for my computer in my car. I must install a patch so I can't do that anymore."

[...]

It should surprise no one that the system didn't stay patched for long. FairUse4WM 1.2 gets around Microsoft's patch, and also circumvents the copy protection in Windows Media DRM 9 and 11beta2 files.

That was Saturday. Any guess on how long it will take Microsoft to patch Media Player once again? And then how long before the FairUse4WM people update their own software?

Certainly much less time than it will take Microsoft and the recording industry to realize they're playing a losing game, and that trying to make digital files uncopyable is like trying to make water not wet.