SF: Anathem: the book of the year?

Posted on by
Reply

Anathem, the last book of Neal Stephenson (september 2008) is a pure marvel. Neal Stephenson already wrote many best sellers. Snow Craft, French title “le samourai virtuel” described some foundations of cyber worlds. The noun metaverse has been created by Neal. The Cryptonomicon kept me in thrill all along the 900 pages. These are great geek books.

In “Anathem”, Neal sends us in another universe. On the planet Arbre, the avouts, some kind of scientists/monks, live isolated from the secular world in convents. The secular world fears the potential of science. The two worlds are carefully isolated. A young avout, Fraa Erasmas is ready to spend his full life of mathematician in his cloister. An event will change his destiny and the future of his planet.

I could not stop reading the 900 pages of the book. I wanted to know the end of this complex philosophical adventure: A mix of science fiction, philosophical treaty and initiatory road movie. As for Cryptonomicon, you’re enchanted. The last book that similarly enthralled me was Dan Simmons’ “Ilium” (and of course “Olympos”).
Bragelonne has purchased the rights for France. Nevertheless, I recommend French readers not to wait the French translation. They will loose many subtleties that only French speaker may find. Many neologisms inherit from French. Neal Stephenson either leaves in France or speaks French.

If you liked Asimov’s foundations, then you have to read Anathem. In any case, you should read it.

Calculators and DMCA

Posted on by
Reply

In my old times (end 70s), the first programmable calculators appeared: HP34 with inverted Polish notation (A twisted mindset needed!), and the TI57, TI 58 and overall the mythic TI59. It was the first programmable calculator with 1K RAM! And recordable magnetic strip, printer… The competitor was HP41C.

But one of the most funny part of these calculators was to discover their secrets, i.e., find ways to do things that they were not suppose to do or find hidden features. We exchanged and searched feverishly these tips.

The recent episode of Texas Instruments (TI) reminded me these glory days. (sniff). Hobbyists succeeded to install different OS on TI’s latest graphical calculators. The applications are normally signed. Hobbyists succeeded to reverse engineer the signing keys and published them on blogs. Thus, TI issued letters demanding the bloggers to remove the information due to DMCA violation.

Mid October 2009, Electronic Frontier Foundation (EFF) represented three persons who received such notifications. EFF claimed that DMCA allowed reverse engineering to create interoperable custom software like the program.

End of October, TI has dropped the threats against these persons. Nevertheless, it seems that TI continues to issue such letters to other bloggers.

I believe that some people have the compulsory need to “hack” in the Noble sense a system that they own. It is a intellectual challenge. It is usual in the game console domain and even in the mobile phone. Sometimes they have the blessing of the manufacturer (Sony and the PS3). More often, they do not have it (XBOX, Wii, DS, iPhone, …) The hobbyists are not driven by greed, they are driven by intellectual challenge. Unfortunately, sometimes their work is reused by pirates who are money driven.

Should a manufacturer fight back hobbyists? If their work endangers the business model of the manufacturer, then the answer is yes. Else, the answer is not Manichean. Many other parameters may be analyzed: safety, liability,…

Microsoft’s PIFF

Posted on by
Reply

Last month, Microsoft announced an important initiative for DRM interoperability. Within a larger announcement, they disclosed the Protected Interoperable File Format (PIFF). The media focused mainly on smooth streaming and SilverLight. But content protection community should be interested by PIFF.

In an nutshell, PIFF defines a file format with a list of supported codecs but above all (at least for security minded people) two mandatory AES based scrambling modes. The basic idea for interoperability is that the PIFF protected essence can use any system of DRM to protect the license. Provided they both have the scrambling key used to protect “Rambo 28”, merchant A and merchant B can sell it using different DRM. PIFF compliant device A with DRM A can play “Rambo 28” sold by merchant B with DRM B. Device A just needs to get license from merchant A. The essence, ie “Rambo 28”, remains the same.

Is it a new revolutionary approach? No. DVB embraced this approach for many years with simulcrypt. In 2004, Thomson proposed to standardize this layer of protection in the IST Medianet project.

Is it a good thing? YES. According to me, it is clearly the right approach. That a giant like Microsoft takes this path is huge. Furthermore, it is royalty free, which is wise from Microsoft to facilitate the adoption. Now, the condition of success is that there will be ONE unique such format. Would there be more than one, then it would decrease its impact.

Of course, we may expect that next generation of Windows DRM and Play Ready will support PIFF. Which DRM technology provider will be the next one?

Will Quantum cryptography become mainstream?

Posted on by
Reply

Siemens SIS has teamed up with Swiss ID quantique company to propose quantum cryptography protected key exchange over dark fiber. (See id Quantique and Siemens collaborate to commercialize Quantum Key Distribution in the Netherlands)

Quantum cryptography has the intrinsic propriety to be robust against eavesdropping. According to Heisenberg, when observing an electron, you change its spin. This makes (in theory) its interception impossible, thus extremely secure.

It is one of the first large scale commercial initiative. The offer is currently limited to Netherlands and costs about 80,000$ for a pair of boxes. Thus, it is not yet to protect your personal mails.

But, the future is coming nearer.

Rovi

Posted on by
Reply

Macrovision changed its name. It is now ROVI. But the commercial offer did not change. Historically, macrovision started with an analog copy protection scheme. The objective was to avoid duplication of tapes or DVD by analog recorders. They added many other new systems.

See Rovi

Seven good security questions

Posted on by
Reply

We just received the Autumn issue of 2600 The Hacker Quarterly. I love this magazine for two reasons. Some of the articles are good. But the more important, this magazine gives a vision of the mindset of hackers, or at least I should say the Hackers. By Hackers with a H capital, I mean the guys who want to use the gimmick in a way different from the one that was intended by the designers. Sometimes, you discover also some security vulnerabilities that seem so obvious that you would not dare to test them (See the short paper Free DirecTV on by outlawyr)

Sometimes, you also find papers written by authors without warnames pseudonyms and who dare to give their email address. These papers have another tone (the type of tone you would find in French Misc magazine)

In this issue, John Bayne presented a comparison between SSL and DNSSec. At least, he compared just the management of certificates. The interesting part was not too much on the result of the match (SSL won!), but on the set of criteria, he used.
He asked interesting questions that could be used for evaluating any IT security system.

  • 1- How is trust implemented?
  • 2- How strong are the algorithms that are in use?
  • 3- Does the technology provide true end to end security?
  • 4- How clear is the warning that the technology presents to the users?
  • 5- How easy is it to implement a centralized policy for the technology?
  • 6- How widespread is the technology?
  • 7- How broadly will the technology protect you?