Side Channel attacks

Last month I attended Cryptoday 2009 – a workshop on cryptography and security hosted by the Computer Science department of the Technion. Amongst the lectures there was one by Prof. Moni Naor of the Weizmann Institute that focused on the feasibility of, and defense from, certain kinds of attacks on security that circumnavigate traditional encryption by attempting to read information directly from the physical medium. Attacks which are known as “side-channel attacks”.

I’m mentioning this because the June issue of Scientific American Magazine published a really interesting article on the topic titled “How Hackers Can Steal Secrets from Reflections” which explains this kind of attack in a simple and interesting language. It’s a little far fetched, but well worth reading.



Google ChromeOS – a non-event

*** Posted on All rights reserved. ***

The net is abound with buzz nowadays about the aannouncement of a Google “Operating System” due to come out the second quarter of 2010. Yawn..

Beyond the discussion of what qualifies this as an Operating System, for which I will direct you to two excellent articles by TechCrunch and The Register (Caution: colorful language), there is also the question of what the product actually is. According to Google, the Chrome OS is “Google Chrome running within a new windowing system on top of a Linux kernel.” In other words: Install Linux, Install Chrome, take away anything that isn’t Chrome, and expect who ever is using this to only use tools that run in Chrome. Seems to me this should take about a week for a competent System guy to do, assuming he has to write his own scripts.

So what’s the big deal here? The “new Windowing system”? Gnome, KDE, and the rest aren’t good enough for you, you need something that will launch Chrome automatically without showing a Desktop first? I mean seriously, what are they going to be spending a year on?

The answer is as simple as it is sad: they are going to spend the next year on trying to make Chrome do things the way a real OS does, and on trying to make Web-apps function like real apps. With all kinds of hocus pocus like HTML 5, Google Gears, and G-D knows what else, they’re going to try and develop a comparable platform for running the programs you need inside a browser.   I doubt they’ll succeed, and I seriously doubt that they can do it in a year.

And that’s the bottom line. No one really cares is the OS they use come from Microsoft, Mac, Linux, or Ed’s computer shopp and live tackle, they simply want to install their applications (that they’ve been using for years) and have them work. Period. This is the reason that after a great valiant run at Linux, I came back to Windows. It let me do the things I wanted, and have been doing for over a decade, without having to re-learn and re do everything. Trying to get everyone to shift paradigms and move to Google Docs is one thing (and a daunting task at that). The fact that Google Docs can’t do everything that office can is completely different. In the larger scheme of the corporate world, a $200 saving on a computer with a free OS is nothing compered to the amount of time, and hence money, wasted on trying to relearn years of established ways to do things.

There’s even more to is than that. As the Register points out:

But it’s not just Office that will keep Microsoft’s hold on the PC market. Can you replace Active Directory with a web app? Is there a site I can visit to connect to my office’s shared printer? What do you mean World of Warcraft doesn’t run in the browser? How do I play a DVD in Google Chrome?

And he’s absolutly right: The greatness of a true OS is that it can run ANYTHING, not just thing that are written in the limited context of the Internet. And if a program is installed on my hard drive it will run with or without a network connection, and can access and modify the files on my drive without the fear that sudden server congestion will break it. Until ChromeOS can claim even a little of that, it is not Operating System, it’s a non-event.

Good Weekend,


IPhone fun, yet again

For anyone who’s missed this:

Teen Releases First Jailbreak App for iPhone 3GS

You’d figure Apple would learn eventually and stop trying to lock down it’s products… Oh, wait.


The epitome of gimmick

*** The original address for this post is If you read this post anywhere else, it means: A. It’s stolen.  and B. You read some mighty boring sites (That would steal THIS). 😉  ***

I haven’t had much time to update in the past couple of days (lots of fun Java work) but I wanted to share a small site which I think is a serious contender to the “Epitome of Gimmick” award:

The concept is simple: Darkness takes less energy than light, therefore, if we make our screen entirely black, it will take less energy than if it were white (like Google).

It’s a gimmick for two reasons.

A. Depending on your screen, black may actually take more energy than white, and

B. If you had said this five years ago, people would have looked at you like you’re nuts and asked you if you didn’t have anything better to do. If you say it five years from now, people would look at you like you’re nuts and ask we don’t you invest your energy in some REAL energy saving solutions.  But now, right now, people are already concerned enough about the environment to listen to things like this, and clueless enough to actually follow them. This leads to a site which has no distinction other than its color scheme becoming a major destination on the Net.

Something that isn’t special, but has something that looks special enough to attract your attention. Yup, that a gimmick alright. 🙂 Personaly, I’m waiting for the IPhone app that would blacken the touch screen…

Ok, Back to JavaLand.


Asking questions that mean something.

Here is a trivia question for all the minutia lovers out there: what former US surgeon general looks like colonel sanders and has a name that has something to do with chickens?

Go ahead. Type that into Google, bing, or Wolfarm alpha, and see what you get. Chances are it’ll be a long laundry list having to do with Obama picking his surgeon general, KFC, or chicken jokes. In fact, you will get a whole load of matches to your query, but you will not one simple thing: an answer.

This is, of course, because search engines don’t understand questions. They simply scan your search terms for keywords and try to give you relevant pages. They do some rudimentary grammar analysis to try and determine the subject of the query (IE the thing you are actually looking for) but more often than not, they get it wrong (which is why you get more entries about chicken then the surgeon general). Search engines have a hard time with descriptions, too. A ‘man who looks like a thing’ is the sort of thing that a search engine simply can’t handle. And finally, search engines can get easily confused in determining what pages to return that might contain an answer (Consider this post, for example, it has links to search engines, chicken jokes, and observations about grammar. If you had to quantify it by keywords, you’d end up with some mighty odd matches)

I say this because there has been a trend recently of creating “answer engines” – search engines that can understand your question and miraculously supply you with the answer. It started a few years ago with “ask Jeeves” (now part of and had its latest arrivals in the much publicized Wolfarm Alpha and the bing “decision engine”. Sadly it seems that hype aside, there really is no noticable difference between a search engine and a answer engine, with the possible exception of Wolfarm – the first engine that has the desency to tell you when it doesn’t understand what you want.

I’m not faulting search engines developers, mind you. Understanding plain-English questions is a hugh and daunting task, and the field is really only init’s infancy. Search engines have gotten a lot better over the past few years, and will continue to improve (and users will continue to get better in searching, which is a different topic for a different day.) But we’re still far far away from the day when all the knowledge of the Internet is at our fingertips. Search engines can fill in many details, but they’re no replacment for a structured approche to learning,  no replacement for simple thirst for knowledge, and no good in trivia. At least, not yet.

Big Endian.


For anyone who’s wondering, the answer is

C. Everett Koop

C. Everett Koop

a great name, if I ever heard one.

Fair use vs Piracy

I mentioned a week ago that a certain site seems to be stealing programming-related content from several blogs including my own. I took it upon myself to notify the two other people who’s blogs I found and telling them too, and so I was delighted to hear from sriram chewsthefat – one of the two – who wanted to know how to lodge a complaint against the site in question. Sriram: Due to the fact that the site doesn’t have any email or contact information, I ended up lodging a complaint with their HOST company, called You can find exact directions on how to lodge a complaint at Good luck.

During the course of the week I discovered yet another site which was stealing my posts: (You might notice that the headline sounds awfully familar..) Yet, I don’t mind this one nearly as much, for a very simple reason: Whoever copied my post put a link to this blog at the bottom of the page. They didn’t pretend that they wrote my blindingly witty comments about the IPhone, they attributed them to the source.

That’s the small but oh-so-curcial detail. Above all else, a writer want to be read and recognized. When I write a piece about facade classes, of java Strings, or even why IPhones suck, I want who ever reads is to benifit from it, and I want that person to be able to respond to me. I don’t really care how a person found my words. I care that he finds them, reads them, knows who wrote them, and occationally write something back. Nothing is more exciting to a blogger then comments (hint hint) , so when a site uses my words but strippes out my name, that’s piracy, and it makes me mad. Where as a site that links back to me will never hear me complaining. And why should I? They’re just helping advertise my blog, it’s fair use. And if they make money in the process, well… I’ll chuck that up to advertising fees. 🙂

Good weekend,


P.S., On the same topic, check this out:

Just because it’s mobile, doesn’t mean you should move it…

Two tidbits caught my attention today:

1. According to Engadget the Autonet Mobile router, which turns your car into a wifi hotspot, will now be sold via Amazon for the paltry price of $299 (plus a $29 monthly fee.) The move was announced after both Chrysler and General Motors, who had been Autonet business partners, have recently gotten into financial trouble. While personally I have to applaud the company for it’s tanacity and customer empowerment , I still have to ask: Who ever came up with the notion that this is a good idea? Have we really become so connected that having Wifi IN THE CAR seems like something we absolutly need?

2. A recent study by SquareTrade finds that over 20% of IPhones have been damaged by accident within 22 months of purchese (report published on .  According to the study, 66% of the accidents involved dropping the phone on a hard surface, while and additional 25% involved water damamge, such as dropping your phone in the toilet. In the face of such numbers, I do feel that one has to ask: Is it possible that some of these “accidents” weren’t so accidental? Could some of it be just the end results of IPhone users trying to actually get some use of their phones? Just wondering.