I tested the battery on my iPod yesterday to see if I qualified for the $50 store credit Apple’s offering to settle a class-action lawsuit. No dice for me — my 3-year-old first-generation 10 Gig iPod (specced to last 10 hours) does, in fact, still last around 9.5 hours continuous play from a full charge.
No iPod settlement for me… Read More »
The Times Online has just released a transcript of an official Cabinet Office brief that presumably was the basis for the discussion later detailed in the Downing Street Memo they released last month. Unlike the previous leak, this transcript is missing the last page and has been anonymized by the Times to protect the source.
Given that the Downing Street Memo story is just now getting traction in the US media (a month after being leaked) it’ll be interesting to see how this new story is handled here, especially given how understandably gun-shy the US media is right now about criticizing the administration without being damn sure the sources can be verified. According to an interview USA Today’s Mark Memmott gave On The Media (MP3), the main reason they delayed so long in talking about the first leak was that they couldn’t verify the memo themselves.
Downing Street Memo slow burn? Read More »
About a year ago I mentioned how the “virtual band” The Bots had put up a public-domain database of G.W. Bush audio clips to help would-be remixers get started. Their own rap Fuzzy Math is fun, but IMO succeeds mostly on the novelty of hearing GW saying things he’d never cop to in real life. The mixes over at The Party Party (by the band (me)™)) take GW mixing to the next level. The music stands on its own, and they turn the inherent choppiness of the mixing process into an advantage by fitting it with the natural rhythm of the music. (Be sure to especially check out My name is RX, a cross between Bush, Sympathy for the Devil and Slim Shady.)
Researchers at RUB and the University of Mannheim have a nice demonstration of how the recently discovered attack on the MD5 hash function can be used to fool someone into signing one document when they think it’s another:
Recently, the world of cryptographic hash functions has turned into a mess. A lot of researchers announced algorithms (“attacks”) to find collisions for common hash functions such as MD5 and SHA-1 (see [B+, WFLY, WY, WYY-a, WYY-b]). For cryptographers, these results are exciting – but many so-called “practitioners” turned them down as “practically irrelevant”. The point is that while it is possible to find colliding messages M and M’, these messages appear to be more or less random – or rather, contain a random string of some fixed length (e.g., 1024 bit in the case of MD5). If you cannot exercise control over colliding messages, these collisions are theoretically interesting but harmless, right? In the past few weeks, we have met quite a few people who thought so.
With this page, we want to demonstrate how badly wrong this kind of reasoning is! We hope to provide convincing evidence even for people without much technical or cryptographical background.
Their method is simple and clever. They use the newly discovered attack to generate two random strings that have the same hashed value (say R1 and R2). Then they put those at the start of a “high-level” document description language like PostScript and tack on something along the lines of “if the previous value was R1, print an innocuous message I can get signed, otherwise print the real message I want signed.” A well-known weakness to the MD5 algorithm is that if R1 and R2 have the same hash values then R1+some text will have the same hash value as R2+the same text here, so depending on whether they use R1 or R2 as their preamble they get two very different messages with the same hash value.
MD5 collision for two meaningful documents Read More »
A couple fun tools that’ve crossed my path the last few days:
(I was going to post GMerge as well, but it’s been taken down after receiving what has to be the most friendly cease-and-decist letter I’ve ever read…)
Fun with Google Maps & Posters Read More »
 |
| Symbol’s WSS 1000 (the non-wireless, old version) |
This month’s Technology Review has a brief article on how UPS has upgraded their Symbol Technology ring-scanner wearable computers to use Bluetooth and Wi-Fi instead of a wire to an arm-mounted computer. The article is missing a few details (most notably it makes it look like Symbol came in to oust some other vendor’s system, when in fact Symbol made the old system too), but it is a nice update on one of the early commercial wearable computer success stories.
One bit in the article that I found interesting was UPS’s comment on barcodes vs. RFID:
Robert Nonneman, a manager of industrial engineering at UPS, says the company has watched RFID for 15 years but doesn’t see it as an imminent solution to the problem of parcel tracking. In test runs, he says, RFID tags did not surpass the accuracy rate of bar code scanners. And an RFID rollout–including tags and a new technological infrastructure–would be costly. “You can’t simply replace optical scanners with an RFID reader and expect an improved return on investment,” he says. “There have to be process changes to leverage the technology.”
I remember years ago Dick Braley from FedEx talking about the possibility of using RFID to ping a room full of packages and determine which (if any) need to be shipped out that day. That sort of room-flooding is a very different application than scanning a single package, and is one that barcode-readers will have a hard time performing, but it sounds like it’s either not what UPS needs, would require a huge upgrade path or just not available yet from RFID technology.
UPS wearables & barcodes vs. RFID Read More »
The Union-Tribune reports that Wal-Mart and other digital-photo printer services are refusing to print pictures that, in their opinion, look “too good” and thus might be copyrighted by a professional photographer. This is likely in response to guidelines drawn up by the Photo Marketing Association International, which among other things instruct “If there is not a clear lawful basis to make the copy, the safer course is to decline to copy.” While not legally binding, following the guidelines are a good hedge against being nailed for copyright infringement by the PMAI, as Kmart Corp. learned when it was sued in 1999.
I suspect these guidelines came out of a genuine desire to “protect our members’ legal rights,” but I can’t help but notice how well suited they are for stifling legitimate competition. If you’re a crappy photographer then no problem, go ahead and use the online photo-processing site. But if you’re good at using Photoshop and your high-end consumer digital camera then you’re going to get harassed. Next time leave it to a professional, or better yet become one yourself and join the PMAI. I’m sure flashing a membership card would be more than enough to convince the clerk at Wal-Mart that you’re legit.
(Link via Copyfight)
Update: I should point out it’s not just Wal-Mart that’s being hard-nosed here. On various blogs people are talking about trouble with a variety of other services, including Kinkos and Kodak’s Ofoto.
Just as long as you’re not good enough to compete… Read More »
Today’s NYT article Social Security: Migrants Offer Numbers for Fee seriously reminds me of the “borrowed ladder” concept from the movie GATTACA:
Mr. Luviano, 39, obtained legal residence in the United States almost 20 years ago. But these days, back in Mexico, teaching beekeeping at the local high school in this hot, dusty town in the southwestern part of the country, Mr. Luviano is not using his Social Security number. So he is looking for an illegal immigrant in the United States to use it for him — providing a little cash along the way.
This year’s UbiComp 2005 conference will include a one-day workshop on Ubiquitous Computing, Entertainment and Games:
The theme of this workshop is ubiquitous computing entertainment, playful social networking, and games. Our goals are to provide a productive forum in which international researchers, members of the entertainment industry, game players, game designers, and game publishers can discuss key issues in ubiquitous gaming, present and future uses of ubiquitous computing that create compelling, playful and socially beneficial gaming experiences, and to facilitate an exchange of ideas that will allow ubiquitous games to break out of their current “niche” and into the mainstream.
The workshop will be September 11th, 2005 in Tokyo.
UbiComp Gaming Workshop Read More »
For over a decade my friend Jay and I have exchange trapped presents at Christmas. When I say trapped I mean it in the classic Circle of Death game style — if you open the present carelessly a buzzer will sound or explosive cap will trigger. It all started when we were designing traps for live-action role-playing games, but quickly became a challenge to one-up each other each year. These days we open all the other presents first and then settle down with our flashlights, dentist tools and wire clippers to work on opening each other’s presents while the rest of the family eats pie and enjoy themselves making unhelpful comments.
Jay and I each have our own style of trap-making. Jay has become a master of secreting traps in places that you’d think he couldn’t access. His high-point is probably the time he gave me a deck of gaming cards that he had somehow unsealed, hollowed out, rigged with a cap-popper trap, then resealed and reshrinkwrapped such that it looked like new again. (That’s rivaled by two years ago, when he managed to plant an explosive inside a cut-then-resealed chocolate egg.) I’m always trying a new angle on things — my favorite is still the time I gave him a “special” version of Looking Glass’ PC game System Shock, which included a specially-included candy red button in the second room of the game that when pressed would berate him for not checking closely for traps as it dropped powerful monsters on his head. (It always helps to know the programmers…)
This past Christmas I wanted to try a trap where the mechanism was plain to see but a puzzle to disarm. The result is the magnet trap shown bottom left. The metal plates at the bottom are sold in joke shops as Exploding Toilet Seat gags. They’re spring-loaded to lift up and set off a cap, but in this case the magnets attached to the top of the popper are being pressed down by the magnets attached to the top of the lid. On one side is a north-polarity magnet being pushed down by another north-polarity magnet, on the other side is a south-polarity magnet pushed down by another south-polarity magnet. The whole system is quite stable — until you try to turn the lid to open the jar. Then the north and south magnets on the lid switch positions and pull the poppers up, setting off the caps. You can see the whole thing in action by clicking on the picture below. Jay tried using magnets underneath the jar to counteract the ones on the lid, but that wasn’t enough force to fight both the magnets and the mechanical spring. I’ll leave the right way to disarm the trap (and the way I originally set it) as an exercise to the reader (and will probably eventually put it in an update).
Jay had two traps this year — the first was a buzzer trap held down by a Borg Teddy Bear that he had gotten at the Star Trek Experience in Los Vegas. It was rigged so if I moved the bear or pulled the wrong wire first it would go off. Remembering my MacGyver lore, I pulled the red one (or was it black?) and disarmed it. The main trap, however, was the bear itself — he had taken it to a teddy-bear factory and had them sew in a voicebox that played his own message. I didn’t set it off (I learned long ago never to press something from jay that says “press me” on it), but am still impressed. You can see it in action from the other movie linked below.
 |
 |
| Magnet trap explained (Quicktime, 3.1M) |
Borg Teddy-bear trap (Quicktime, 750K) |
Update (7/24/05): explanation of how to disarm below the fold.
Trapped Christmas Presents Read More »