09 November 2006
Movie: Kekxili - Mountain Patrol
First and formost - this movie is set in Tibet, so the landscapes are amazing; but that does not really distract from an amazing story; about a couple of people, risking everything to hunt down poachers of the endangered Tibetan Antelope. It is based on a true story, and is told in a documentary style; which makes the movie an even more harrowing tale, focussing on various angles of the situation - the poor vilagers who are almost "forced" into poaching, how patrolmen's lives are affected by their actions; and even how they have to make really, really dificult moral judgement calls. It is not a hollywood movie - so do not expect a fairytale ending; but it is one of the most impressive movies I have seen, and one of the most moving.
Movie: The Devil Wears Prada
It was billed as a darkish comedy, something different from the ordinary. Unfortunately, it was nothing special ... just a twist of an usual storyline ... girl (aspiring journalist) applies for job as a PA to a fashion editor, gets the boss from hell, refuses to quit and adapts, thus becoming a "different" person ... you get the idea. It was funny - only because of the number of outrageous tasks set by the boss .. like finding the new Harry Potter. A few laughs, but nothing special really.
Movie: Cars
Yet more reviews courtesy of the Virgin in-flight entertainment system.
Not much can be said in addition to what has already been written about the Disney-Pixar movie. It is a simple, predictible story, with the traditional Disney moral for the kids; but it is so much fun, and so well animated - it is weel worth watching. And if you like cars, you will appreciate the differences in the characters as represented by the different cars.
Not much can be said in addition to what has already been written about the Disney-Pixar movie. It is a simple, predictible story, with the traditional Disney moral for the kids; but it is so much fun, and so well animated - it is weel worth watching. And if you like cars, you will appreciate the differences in the characters as represented by the different cars.
08 November 2006
The Scottish Highlands (a phlog)
Yesterday, Eric had to go to work (yes some people do work), and I decided that a trip to the Highlands would be a nice idea. It was quite expensive (30 Pounds!), but the weather was good (i.e. no rain) and in the end, a great trip really. On the whole, I learnt two main things about Scotland: 1) It is a beautiful part of the world, and it would be great to do a similar trip on a slower pace. 2) There have been a number of rather violent people who have wanted this beauty, and have killed mercilessly towards this purpose. In fact, the major "people" highlights of the tour centred around wars and battles.
In my past trips (for the last 3 years anyway), I have never done city tours or paid guided tours (mainly because of the expense). These have one real advantage - you get to hear a lot more about the history and stories that come with the place. Stories and facts that are well arranged and well told ... a very nice complete package. Anyway, enough mindless mumbo jumbo ... and onto the pics
A highlands cow ... damn these things are big
The first loch we stopped at
Same loch, higher up
Route through the mountains
The highlands reminded me of almost every story I had read by British authors, with a number of rivers, small forests - just no wildlife
Urquhart Castle
Searching for Nessie at Loch Ness
Urquhart Castle (from Loch Ness)
Nessie Explained?
In my past trips (for the last 3 years anyway), I have never done city tours or paid guided tours (mainly because of the expense). These have one real advantage - you get to hear a lot more about the history and stories that come with the place. Stories and facts that are well arranged and well told ... a very nice complete package. Anyway, enough mindless mumbo jumbo ... and onto the pics
A highlands cow ... damn these things are big
The first loch we stopped at
Same loch, higher up
Route through the mountains
The highlands reminded me of almost every story I had read by British authors, with a number of rivers, small forests - just no wildlife 
Urquhart Castle
Searching for Nessie at Loch Ness
Urquhart Castle (from Loch Ness)
Nessie Explained?07 November 2006
Reflections: ACM CCS 2006 and ACM STC 2006
I had been meaning to do a review earlier, but I have been busy exploring Scotland instead (and proof reading Honours Project reports) :p
To be honest, the program for the main ACM CCS 2006 was not very exciting; mainly because there was too much focus on cryptography, and less on security of systems in general. Also, I ended up at times choosing the wrong sessions - I went to a tutorial on Digital Forensics, where I learnt nothing new; and was a horrible presentation; and I later heard that the alternate, intrusion detection research papers, was quite good. Similarly, the paper sessions on Thursday turned out to be quite dreary; while I heard great reviews on the tutorials ... oh well.
The keynote talk, by Peter Neumann, while interesting at parts, was largely inconsequential - as he was effectively talking to the converted. His talk centred around software design that does not take account of the full scenario - and thus leads to security pitfalls. This has to do with a lot of things, including bad design principles and off course the lack of software liability.
The most interesting paper on Day 1, was "Hot or Not: Revealing Hidden Services by their Clock Skew", which investigated the potential of revealing a person's geographical location by studying his/her clock skew due to temperature fluctuations. It was a fun discussion; although maybe not very applicable.
Day 2 had a couple of interesting papers, mainly dealing with privacy. "Doppelganger: Better Browser Privacy Without the Bother", discussed a new cookie management system using Firefox extension. Not recommended for UCT though - requires quite a bit of bandwidth to work :p The very next paper, "Fourth-Factor Authentication: Somebody You Know", was also an interesting idea, discussing how to manage password retrievals in a more secure manner.
The paper in the session after lunch, "How to Win the Clone Wars: Efficient Periodic n-Times Anonymous Authentication", featured a brilliant presentation, and the content was interesting, but I don't think it will be easy to implement such a system in real life. The last session featured various attacks, and these were, as always, very interesting; including a discussion on botnets created through browser exploits, a discussion of 1-time pad problems in current software and a paper on short attacks through keyboard emanations - not as effective as last year's paper, but more useful for short attacks. Day 3 featured interesting papers but I wasn't really bowled over by any of them.
The Scalable Trusted Computing Workshop, on Friday was quite interesting - although the papers focussed more on "scalable" aspect. I learnt a lot more about the Trusted Computing Group, and even made some interesting contacts, so it was good from that point of view.
The highlight of the conference though, was probably, meeting Michael Schroeder (of Needham-Schroeder fame), who was being honoured by SIGSAC for his contributions to computer security. When we were talking, he mentioned reading about mobile banking in South Africa in the Economist, and he was very interested in the results of the honours mobile banking project. So, if we reference his paper, I am sure it is already one step to publishing (and the honours guys haven't even officially finished)!
To be honest, the program for the main ACM CCS 2006 was not very exciting; mainly because there was too much focus on cryptography, and less on security of systems in general. Also, I ended up at times choosing the wrong sessions - I went to a tutorial on Digital Forensics, where I learnt nothing new; and was a horrible presentation; and I later heard that the alternate, intrusion detection research papers, was quite good. Similarly, the paper sessions on Thursday turned out to be quite dreary; while I heard great reviews on the tutorials ... oh well.
The keynote talk, by Peter Neumann, while interesting at parts, was largely inconsequential - as he was effectively talking to the converted. His talk centred around software design that does not take account of the full scenario - and thus leads to security pitfalls. This has to do with a lot of things, including bad design principles and off course the lack of software liability.
The most interesting paper on Day 1, was "Hot or Not: Revealing Hidden Services by their Clock Skew", which investigated the potential of revealing a person's geographical location by studying his/her clock skew due to temperature fluctuations. It was a fun discussion; although maybe not very applicable.
Day 2 had a couple of interesting papers, mainly dealing with privacy. "Doppelganger: Better Browser Privacy Without the Bother", discussed a new cookie management system using Firefox extension. Not recommended for UCT though - requires quite a bit of bandwidth to work :p The very next paper, "Fourth-Factor Authentication: Somebody You Know", was also an interesting idea, discussing how to manage password retrievals in a more secure manner.
The paper in the session after lunch, "How to Win the Clone Wars: Efficient Periodic n-Times Anonymous Authentication", featured a brilliant presentation, and the content was interesting, but I don't think it will be easy to implement such a system in real life. The last session featured various attacks, and these were, as always, very interesting; including a discussion on botnets created through browser exploits, a discussion of 1-time pad problems in current software and a paper on short attacks through keyboard emanations - not as effective as last year's paper, but more useful for short attacks. Day 3 featured interesting papers but I wasn't really bowled over by any of them.
The Scalable Trusted Computing Workshop, on Friday was quite interesting - although the papers focussed more on "scalable" aspect. I learnt a lot more about the Trusted Computing Group, and even made some interesting contacts, so it was good from that point of view.
The highlight of the conference though, was probably, meeting Michael Schroeder (of Needham-Schroeder fame), who was being honoured by SIGSAC for his contributions to computer security. When we were talking, he mentioned reading about mobile banking in South Africa in the Economist, and he was very interested in the results of the honours mobile banking project. So, if we reference his paper, I am sure it is already one step to publishing (and the honours guys haven't even officially finished)!
31 October 2006
Reflections: ACM DRM 2006
Yesterday was basically the reason I am here - to attend and present my paper at the DRM Workshop at the ACM Computer and Communications Security (CCS) Conference. So, this is a brief reflection of the proceedings of the workshop.
The first paper, by some researchers from SUN, looked at some of the business models that movie industry could adapt from the MMORPG world. While the ideas are certainly applicable; I am not really sure of the practicality of the ideas. The second paper looked at privacy, from the point of legal and economic practicalities. Basically, the paper argues that there exists certain legal and economic obligations if a business wishes to collect private information. These obligations create a risk; and thus creates ceiling on how much privacy can be afforded to customers. It was a very interesting paper; but I think it glossed over one crucial point - very rarely do businesses actually take into full consideration the economic and legal obligations when they do collect private data.
My paper, which was next, was very well received, and attracted quite a lot of interest. I was not really expecting a great reception; because the paper is quite simple in nature - but it is an area that has not really been addressed before. So, I was pleasantly surprised at the paper's reception.
The next paper on a view only file system has been discussed before as a mechanism for short term DRM solution. The one presented this year went a step further and designed a VM based system. It could work; but I am not convinced on the security layer between the VM and OS/lower level VM; or the performance overheads. The paper following it discussed an interesting key distribution strategy; but I must admit I did not follow it as well as I should have.
Tom Kalker, from HP Labs and Coral, presented the invited talk focussing on interoperability. Most people who have voiced opinions against DRM, seem to imply hatred on the lack of DRM interoperability, and not some of the other issues. He discussed how interoperability in DRM is not only a format issue; but also a business and complete technological issue. He talked about Coral, which uses a credential system, allowing for interoperability. However, it is by no ways a perfect solution, as every device would still require their own file format etc.
The next paper discussed more interesting code obsfucation and diversification as a mechanism to combat piracy. It was quite impressive, until the performance hit .... 840 times slower!
Pramod Jamkhedkar and Gregory Heileman presented their paper next, and their DRM project is very similar to mine; and we have been presenting or discussing similar ideas for the past three years. This year, they discussed, what they considered fundamental flaws in Rights Expression languages. In a few ways, their arguement was flawed, because it discussed mainly the flaws of XrML and did not consider the fact that some of the issues are being addressed or have been addressed in other RELs like ODRL. However, the issues raised are correct and needed to be recognised.
The next talk on interoperability, was a bit of a miss; simply because a lot of the content seemed to be contrary to the issues raised earlier; and the underlying details were hazy at best. The talk following it was very interesting; discussing some of the background to Intel's LeGrande architecture. Bascially, the OS is going to be dead - instead, the CPU itself will have a trusted OS base; complete with drivers and firmware. Applications will run on top of this base; in a completely protected environment, similar in operation to Multics. I am not sure of the maturity of the solution, but both Intel and AMD, together with other interested parties, have been pouring money into similar projects; so something is bound to come up.
The next paper, from Phillips Labs, discussed ideas on how to lower consumer anger and better ways to handle consumers who make use of pirated DVDs; or more appropriately Blu-Ray discs. Much of the work presented revolved around the use and operation of blacklists in Blu-Tay discs. It was really interesting; especially on the changing position.
The last paper of the workshop on watermarking presented nothing new; and in fact I have seen many better applications of watermarking.
The first paper, by some researchers from SUN, looked at some of the business models that movie industry could adapt from the MMORPG world. While the ideas are certainly applicable; I am not really sure of the practicality of the ideas. The second paper looked at privacy, from the point of legal and economic practicalities. Basically, the paper argues that there exists certain legal and economic obligations if a business wishes to collect private information. These obligations create a risk; and thus creates ceiling on how much privacy can be afforded to customers. It was a very interesting paper; but I think it glossed over one crucial point - very rarely do businesses actually take into full consideration the economic and legal obligations when they do collect private data.
My paper, which was next, was very well received, and attracted quite a lot of interest. I was not really expecting a great reception; because the paper is quite simple in nature - but it is an area that has not really been addressed before. So, I was pleasantly surprised at the paper's reception.
The next paper on a view only file system has been discussed before as a mechanism for short term DRM solution. The one presented this year went a step further and designed a VM based system. It could work; but I am not convinced on the security layer between the VM and OS/lower level VM; or the performance overheads. The paper following it discussed an interesting key distribution strategy; but I must admit I did not follow it as well as I should have.
Tom Kalker, from HP Labs and Coral, presented the invited talk focussing on interoperability. Most people who have voiced opinions against DRM, seem to imply hatred on the lack of DRM interoperability, and not some of the other issues. He discussed how interoperability in DRM is not only a format issue; but also a business and complete technological issue. He talked about Coral, which uses a credential system, allowing for interoperability. However, it is by no ways a perfect solution, as every device would still require their own file format etc.
The next paper discussed more interesting code obsfucation and diversification as a mechanism to combat piracy. It was quite impressive, until the performance hit .... 840 times slower!
Pramod Jamkhedkar and Gregory Heileman presented their paper next, and their DRM project is very similar to mine; and we have been presenting or discussing similar ideas for the past three years. This year, they discussed, what they considered fundamental flaws in Rights Expression languages. In a few ways, their arguement was flawed, because it discussed mainly the flaws of XrML and did not consider the fact that some of the issues are being addressed or have been addressed in other RELs like ODRL. However, the issues raised are correct and needed to be recognised.
The next talk on interoperability, was a bit of a miss; simply because a lot of the content seemed to be contrary to the issues raised earlier; and the underlying details were hazy at best. The talk following it was very interesting; discussing some of the background to Intel's LeGrande architecture. Bascially, the OS is going to be dead - instead, the CPU itself will have a trusted OS base; complete with drivers and firmware. Applications will run on top of this base; in a completely protected environment, similar in operation to Multics. I am not sure of the maturity of the solution, but both Intel and AMD, together with other interested parties, have been pouring money into similar projects; so something is bound to come up.
The next paper, from Phillips Labs, discussed ideas on how to lower consumer anger and better ways to handle consumers who make use of pirated DVDs; or more appropriately Blu-Ray discs. Much of the work presented revolved around the use and operation of blacklists in Blu-Tay discs. It was really interesting; especially on the changing position.
The last paper of the workshop on watermarking presented nothing new; and in fact I have seen many better applications of watermarking.
30 October 2006
Movie: Talladega Nights: The Ballad of Ricky Bobby
I went to watch the movie here in DC with a friend from cyberspace ... one of the guys from the Atlas F1 Paddock Club. The movie house itself was interesting - basically an auditorium like most movie houses; but one that is also a full service restaurant and features arm chairs instead of normal movie seats. So we had two F1 fans watching a movie about Nascar while eating Pizzas.
The movie itself was surprisingly not too bad; and the rip offs of team orders and F1 were brilliantly done. As entertainment value, Nascar is not bad at all; and neither is the movie. If you are a racing fan; it's great; if only to identify all the different parallels.
The movie itself was surprisingly not too bad; and the rip offs of team orders and F1 were brilliantly done. As entertainment value, Nascar is not bad at all; and neither is the movie. If you are a racing fan; it's great; if only to identify all the different parallels.
Dam Festival 2006
I saw an ad talking about a Indie Rock festival in Washington DC; and I just couldn't give it a miss. Basically, a number of bands; spread out over a number of clubs playing in the evenings. Unfortunately, I managed to go to only one of the clubs - and it was an interesting experience.
First up; the club itself was quite small. Apparently, rock is a big genre in the DC area - the size of the club, Velvet Lounge, would lead you to think otherwise. Another disappointing aspect was the fact that most of the people who were there; seemed to be band supporters - they were there because they knew someone in one or more of the bands. The numbers were really small; and there was no real vibe - no mosh pits. Being Halloween weekend, there were a few costumed attendees - the best being a guy dressed up in a robot suit; completely with a functional iPod and speakers! At $8 cover charge; it was quite cheap; and good return for money.
The first band, Drunken Sufis (ft. The Psycho Terrorists), was in my opinion the best of the lot. They had an impressive stage show; and much of their music was about the War in Iraq, Bush etc ... almost Green Dayish. They had good songs and put on a great show - couldn't ask for much more.
The second band, from New Zealand, Over the Atlantic, was interesting - comprising of two members (bass guitarist and a lead guitarist/vocalist) and a computer doubling up as a synthesiser effort. It was interesting music - no doubt about that; but it just didn't click for me ... might work on radio; maybe - but not really a live band style.
The third and fourth bands, The Opposite Sex and The Object Lesson resp, were more mainstream rock bands; singing largely incomprehensible lyrics. However, they had really good music - brilliant guitar and drum play. The Opposite Sex features one member doubling up on a saxophone and a synthesiser; which reminded me a bit about the Nude Girls; but their songs were just not that great. The Object Lesson featured a hot keyboard player (wearing a catholic school girl outfit :p) instead of a Sax player and was the only band featuring a female member. I did not stay for the full set of the last band, The Chance, but they didn't seem too different from the two previous bands.
Overall, the music itself wasn't too bad - but it didn't have the vibe - maybe it was just a bad day.
First up; the club itself was quite small. Apparently, rock is a big genre in the DC area - the size of the club, Velvet Lounge, would lead you to think otherwise. Another disappointing aspect was the fact that most of the people who were there; seemed to be band supporters - they were there because they knew someone in one or more of the bands. The numbers were really small; and there was no real vibe - no mosh pits. Being Halloween weekend, there were a few costumed attendees - the best being a guy dressed up in a robot suit; completely with a functional iPod and speakers! At $8 cover charge; it was quite cheap; and good return for money.
The first band, Drunken Sufis (ft. The Psycho Terrorists), was in my opinion the best of the lot. They had an impressive stage show; and much of their music was about the War in Iraq, Bush etc ... almost Green Dayish. They had good songs and put on a great show - couldn't ask for much more.
The second band, from New Zealand, Over the Atlantic, was interesting - comprising of two members (bass guitarist and a lead guitarist/vocalist) and a computer doubling up as a synthesiser effort. It was interesting music - no doubt about that; but it just didn't click for me ... might work on radio; maybe - but not really a live band style.
The third and fourth bands, The Opposite Sex and The Object Lesson resp, were more mainstream rock bands; singing largely incomprehensible lyrics. However, they had really good music - brilliant guitar and drum play. The Opposite Sex features one member doubling up on a saxophone and a synthesiser; which reminded me a bit about the Nude Girls; but their songs were just not that great. The Object Lesson featured a hot keyboard player (wearing a catholic school girl outfit :p) instead of a Sax player and was the only band featuring a female member. I did not stay for the full set of the last band, The Chance, but they didn't seem too different from the two previous bands.
Overall, the music itself wasn't too bad - but it didn't have the vibe - maybe it was just a bad day.
28 October 2006
Freak House
Halloween seems to be very popular in the US, and this being Halloween weekend, there seems to be quite a few themed events happening around here. I came across "Freak House" in one of the free newspapers here, and as the website bills it "Torture. Murder. Shark attack. You'll scream your tits off!!"; it was just too tempting.
It is similar to London Dungeon in concept; although, more adult in nature. Basically, they have taken a whole three story house and converted it into a 9 roomed, scary/freak show. In many of the rooms, audience participation is almost pre-requisite; and I am sure a psychologist would have a field day in analysing how people react to certain situations. It was very cool, although London Dungeon is certainly more polished.
It is similar to London Dungeon in concept; although, more adult in nature. Basically, they have taken a whole three story house and converted it into a 9 roomed, scary/freak show. In many of the rooms, audience participation is almost pre-requisite; and I am sure a psychologist would have a field day in analysing how people react to certain situations. It was very cool, although London Dungeon is certainly more polished.
Rights and Repression
Being the capital of the world's most powerful country, it has also been the scene of many civil rights protests, and with America's thirst for storing history, it has also preserved a lot. The day before, yesterday ended up being quite a sobering tourist attraction day - as I ended up going through the Holocaust Museum and also going through various neighbourhoods involved in the Civil Rights movement. I also went up the Washington Monument, which was closed for renovation in my previous two visits.
The visit to the Holocaust Museum was sad, and at the same time, it did have a ray of hope in the end. The detailed examination of what happened to minority groups before and during WW2 is downright frightening ... how can fellow human beings really do that? But what was most frightening is not that it happened; but the reactions of the other countries in the world to the plight of the persecuted. Not only did they not chose to interfere earlier; but countries like the USA, sent refugees back, and, during WW2, refused to bomb gas chambers in some concentration camps even if it was physically possible. It is the indifference that really shocks - and the scary thing is - we haven't really learned anything since. After all; Rwanda happened and the world stood by - and Darfur is happening - and the world still refuses to take action.
The ray of hope, however tiny, is that the Holocaust museum is starting to document other holocausts - and trying to raise awareness of pressing issues like Darfur. I hope that it is not too late - otherwise 50 years from now; we will have another museum to add to the list.
Walking around Adams-Morgan, U Street precinct in DC was less strenuous on the mind, although not less worthy. One guidebook I read while browsing at Exclusive Books before arriving, claimed that Washington DC is predominantly black and latino. Moving around in downtown DC, you wouldn't believe that. Thus walking around suburbia was interesting in itself - and gives a very different view of a city ... A lot of the old buildings are preserved, and the contrast in architecture and style is amazing.
The visit to the Holocaust Museum was sad, and at the same time, it did have a ray of hope in the end. The detailed examination of what happened to minority groups before and during WW2 is downright frightening ... how can fellow human beings really do that? But what was most frightening is not that it happened; but the reactions of the other countries in the world to the plight of the persecuted. Not only did they not chose to interfere earlier; but countries like the USA, sent refugees back, and, during WW2, refused to bomb gas chambers in some concentration camps even if it was physically possible. It is the indifference that really shocks - and the scary thing is - we haven't really learned anything since. After all; Rwanda happened and the world stood by - and Darfur is happening - and the world still refuses to take action.
The ray of hope, however tiny, is that the Holocaust museum is starting to document other holocausts - and trying to raise awareness of pressing issues like Darfur. I hope that it is not too late - otherwise 50 years from now; we will have another museum to add to the list.
Walking around Adams-Morgan, U Street precinct in DC was less strenuous on the mind, although not less worthy. One guidebook I read while browsing at Exclusive Books before arriving, claimed that Washington DC is predominantly black and latino. Moving around in downtown DC, you wouldn't believe that. Thus walking around suburbia was interesting in itself - and gives a very different view of a city ... A lot of the old buildings are preserved, and the contrast in architecture and style is amazing.
27 October 2006
Drug Free Zone
I came across this while walking around in DC suburbia ... and I was instantly reminded of various episodes in Season 2 of Weeds. There didn't seem to be any surveillance cameras though
25 October 2006
Reflections: WESII
For the last two days, I have been attending the The Workshop on the Economics of Securing the Information Infrastructure, sponsored by I3P. It was quite an interesting conference bringing together people from different disciplines including computer security, economics and social sciences. A lot of the content did revolve around policies; but unlike ISSA, the content was much more constructive, and dare I say, more useful.
There were a few really interesting discussions and topics; so I will briefly discuss them - maybe some of you have something to say about them ...
First up, there was a panel discussion on DNSSec, including a very quick demonstration on how quick and easy it is to actually commit DNS spoofing attacks. Considering the fact that DNS forms the backbone of the Internet (from the users perspective), a secure DNS solution is really important. In summary, DNS entries themselves are not verifiable, and like the paper I am going to present next week at the DRM workshop; there is no verification service currently available for DNS. This means that a man in the middle attack is very possible scenario for DNS - because in the current DNS setup; the first response received from a DNS query is taken to be the correct query. For a spoofer, it is therefore possible to redirect any DNS query, and a malicious attacker can really cause a lot more damage than phishing attacks. DNSSec seems like a good solution; but implementation is the problem as it requires every top level domain controller to actually do it; and also enforce others to carry on.
Two papers at the end of the first day were also quite interesting. There was a discussion on modeling black markets for software vulnerabilities; a scenario that already exists with botnets - but can seemingly also extend to any malicious intent; just like the arms trade I suppose.
But it is the last paper that I am really excited about. Bob Briscoe from British Telecoms presented an idea on how to control congestion on the Internet; allowing users an equal share of the bandwidth pie. The proposal raises the potential for real quality of service guarantees for Internet access; but at the same time provide a very real solution for denial of service attacks. It is a very neat idea, and is definitely a paper I intend following up on.
One of the interesting papers from today was the analylis of the value of data, using techniques similar to the insurance industry. The paper discussed how data can be valued, and why the valuation easily explains why the uptake for some security products like disk encryption and email encryption is so low. Can't really say I agreed with the values; but the approach made sense overall.
There were a few really interesting discussions and topics; so I will briefly discuss them - maybe some of you have something to say about them ...
First up, there was a panel discussion on DNSSec, including a very quick demonstration on how quick and easy it is to actually commit DNS spoofing attacks. Considering the fact that DNS forms the backbone of the Internet (from the users perspective), a secure DNS solution is really important. In summary, DNS entries themselves are not verifiable, and like the paper I am going to present next week at the DRM workshop; there is no verification service currently available for DNS. This means that a man in the middle attack is very possible scenario for DNS - because in the current DNS setup; the first response received from a DNS query is taken to be the correct query. For a spoofer, it is therefore possible to redirect any DNS query, and a malicious attacker can really cause a lot more damage than phishing attacks. DNSSec seems like a good solution; but implementation is the problem as it requires every top level domain controller to actually do it; and also enforce others to carry on.
Two papers at the end of the first day were also quite interesting. There was a discussion on modeling black markets for software vulnerabilities; a scenario that already exists with botnets - but can seemingly also extend to any malicious intent; just like the arms trade I suppose.
But it is the last paper that I am really excited about. Bob Briscoe from British Telecoms presented an idea on how to control congestion on the Internet; allowing users an equal share of the bandwidth pie. The proposal raises the potential for real quality of service guarantees for Internet access; but at the same time provide a very real solution for denial of service attacks. It is a very neat idea, and is definitely a paper I intend following up on.
One of the interesting papers from today was the analylis of the value of data, using techniques similar to the insurance industry. The paper discussed how data can be valued, and why the valuation easily explains why the uptake for some security products like disk encryption and email encryption is so low. Can't really say I agreed with the values; but the approach made sense overall.
24 October 2006
Virgin Atlantic's Infight Entertainment System
In terms of intent; Virgin Atlantic's inflight entertainment system is quite amazing: on demand music, video and games - including playing games against other passengers on the plane. But after seeing a number of failures on both of my flights so far, I am convinced that the design is flawed.
Basically, the inflight entertainment system uses a very thin (anorexiac?) client which seems to process input and provide output only and one server (well atleast one per class anyway ... can't confirm about business class). Because the thin client performs no operations - the server does tend to become overloaded - and rebooting it; requires an inactivity period of over 30 minutes for most users. Furthermore, if too many users are using a certain feature - like the mapping service - then the system also becomes overloaded or too slow. In fact, there are a number of instances where the system (from the user's perspective) is just too slow or unresponsive.
In my opinion, it would be a better design in incorporate much of the interface processing components, like the menus on the client side. This way - the server does not have to do everything and the response time would be increased. Furthermore, if there are problems with one or two clients; it will not require the entire system to be rebooted. Just a few thoughts ... anyone else used a similar system?
Basically, the inflight entertainment system uses a very thin (anorexiac?) client which seems to process input and provide output only and one server (well atleast one per class anyway ... can't confirm about business class). Because the thin client performs no operations - the server does tend to become overloaded - and rebooting it; requires an inactivity period of over 30 minutes for most users. Furthermore, if too many users are using a certain feature - like the mapping service - then the system also becomes overloaded or too slow. In fact, there are a number of instances where the system (from the user's perspective) is just too slow or unresponsive.
In my opinion, it would be a better design in incorporate much of the interface processing components, like the menus on the client side. This way - the server does not have to do everything and the response time would be increased. Furthermore, if there are problems with one or two clients; it will not require the entire system to be rebooted. Just a few thoughts ... anyone else used a similar system?
How evil are you?
A link from Carl ... must say; many of the things listed are not really evil ...
| You Are 58% Evil |
 You are evil, but you haven't yet mastered the dark side. Fear not though - you are on your way to world domination. |
Movie: A Scanner Darkly
This is an adaptation of possibly Phillip K Dick's most personal novel - chronicling his own experiences in drug use. It is a celebrated novel; but I found it the most difficult to understand and follow of the ones I have read. The movie on the other hand is quite precise and easy to follow - a feat in itself.
The most obvious and impressive aspect of the movie is the technology used in merging live action and animation (almost painterly in nature) into one seamless movie. This gives the movie itself a certain look; which it self enhances the whole "drug use" genre in some respects.
The story itself is good - and like most other Phillip K Dick stories; it explores the various interconnections between various aspects of life taken to extremities - in this case surveillance, corporate influence and friendship. Keanu Reeves plays an undercover agent seeking out a drug cartel behind a very toxic and addictive drug - substance D.
Unlike some of the more blockbuster movies made from Phillip K Dick movies, like Minority Report and Blade Runner - this focuses more on the poor and the disenfranchised - and very much less explosive. None the less it is an amazing movie because it is made so well and even Keanu manages to show some expressions (although that could have been animation)
The most obvious and impressive aspect of the movie is the technology used in merging live action and animation (almost painterly in nature) into one seamless movie. This gives the movie itself a certain look; which it self enhances the whole "drug use" genre in some respects.
The story itself is good - and like most other Phillip K Dick stories; it explores the various interconnections between various aspects of life taken to extremities - in this case surveillance, corporate influence and friendship. Keanu Reeves plays an undercover agent seeking out a drug cartel behind a very toxic and addictive drug - substance D.
Unlike some of the more blockbuster movies made from Phillip K Dick movies, like Minority Report and Blade Runner - this focuses more on the poor and the disenfranchised - and very much less explosive. None the less it is an amazing movie because it is made so well and even Keanu manages to show some expressions (although that could have been animation)
Movie: The Notorious Bettie Page
I did not really know much about Bettie Page - a pinup model from the 50's who has been apparently photographed more than some of her more famous and well known counterparts like Marilyn Monroe and Cindy Crawford. The movie is effectively a biopic about her heydays when she was a major, well known model.
What is really interesting is that she was a force before the so called sexual revolution; so some of her reactions and the reactions of the society in general is quite interesting. In particular, Bettie Page was a well known fetish model; and the movie stresses that she was not into the fetish lifestyle itself; and how she rationalises what she does - esp in the light of being quite a strong Christian.
What is really interesting is that she was a force before the so called sexual revolution; so some of her reactions and the reactions of the society in general is quite interesting. In particular, Bettie Page was a well known fetish model; and the movie stresses that she was not into the fetish lifestyle itself; and how she rationalises what she does - esp in the light of being quite a strong Christian.
Movie: An Inconvenient Truth
A few quick reviews on the movies I watched while there was nothing else to do on the plane.
Trailers in Ster-Kinekor put the movie as the most terrifying movie ever made. As a documentary it is - mainly because you soon realise that what you can do as a person may not be enough; because 6.5 billion people also have to do the same thing. Climate change and global warming ... it is a fact; and it is terrifying what the future could be if we can't stop the degradation. As the movie states - do we have political will to do it? And more importantly - do all countries have the political will to do it?
Unfortunately, like many other "movies that have to be seen" the people who really need to see it; will no doubt not see it.
Trailers in Ster-Kinekor put the movie as the most terrifying movie ever made. As a documentary it is - mainly because you soon realise that what you can do as a person may not be enough; because 6.5 billion people also have to do the same thing. Climate change and global warming ... it is a fact; and it is terrifying what the future could be if we can't stop the degradation. As the movie states - do we have political will to do it? And more importantly - do all countries have the political will to do it?
Unfortunately, like many other "movies that have to be seen" the people who really need to see it; will no doubt not see it.
20 October 2006
Rent a Super Car
Now this is a business model that could work; and I would support! We all know that super cars are expensive machines; and thus most people can't really afford to drive one; let alone own one. So, Rio Prestige, based in Edinburgh, is a super car rental agency. For relatively low prices, you can hire a super car and drive it around.
Now they are based in Edinburgh; and I will be in Edinburgh in two weeks time ... an interesting opportunity except for the fact that you have to be 25 to hire ... maybe I can convince Eric to come along ...
Now they are based in Edinburgh; and I will be in Edinburgh in two weeks time ... an interesting opportunity except for the fact that you have to be 25 to hire ... maybe I can convince Eric to come along ...
18 October 2006
Movie: The Black Dahlia
Almost, everything I read about this movie before watching it was negative; so I did not really have very high expectations of the movie. On the surface, it is a movie about a murder mystery and the lives of the detectives that solve the mystery. As a detective story; it is great - and the pieces of the puzzle do come together. While, it is in no way comparable to a Agatha Christie or any other crime fiction great; the story is good, and plausible.
But it is the style of the movie that was really iffy. Arthur correctly pointed out; that the movie was done in a certain style, and thus was a good movie for that style. However, I think it was too stylized; there was an over emphasis in style - and that was a detriment. That too much style forced the movie to be too long; and introduced a really slow pace at some parts of the movie. In the end it is like too much make up on women (especially old women) - unattractive and artificial.
Sam commented that watching the movie was like going to a wine tasting when you don't drink wine. Maybe; but I think it would be more apt to say it was going to a wine tasting where cheap wine is being served from really expensive looking bottles.
But it is the style of the movie that was really iffy. Arthur correctly pointed out; that the movie was done in a certain style, and thus was a good movie for that style. However, I think it was too stylized; there was an over emphasis in style - and that was a detriment. That too much style forced the movie to be too long; and introduced a really slow pace at some parts of the movie. In the end it is like too much make up on women (especially old women) - unattractive and artificial.
Sam commented that watching the movie was like going to a wine tasting when you don't drink wine. Maybe; but I think it would be more apt to say it was going to a wine tasting where cheap wine is being served from really expensive looking bottles.
08 October 2006
Ho Ha about Gay Marriage?
There has been so much debate on the legitimacy of the proposed Civil Union bill, which have set me thinking (which, as a self confessed idiot could be dangerous) and so this post is very much a mind dump. But first a bit of quick background.
Firstly, it has been criticised by some in the Gay and Lesbian community, because it is a separate act; and is different from the current marriage act. Thus they argue; it is different and discriminatory. The government argues that it needs to be; because the marriage act is primarily based around religious and traditional ceremonies; and since the new bill is independent of religion; it requires different treatment.
On the other hand, there is the criticisms from the religious, and virtually every homophobic person, on how gay marriage is against nature, and against every religious belief; and thus immoral. In fact, the government was really pushed to write this bill; because the Constitutional Court ruled that the current Marriage Act is unconstitutional; so it is obliged to change the law. And like the death penalty - referendums on the matter will not help. To change the legal position on either; there needs to be a change in the constitution; and even a simple 2/3 majority is not sufficient to do that!
So either way; like it or not, gay marriage will be legalised; and there is effectively nothing that the opposition can do. This off course raises a few very important issues and problems. First and foremost - in a constitution that separates the church and the state distinctly; is there a need for a marriage act, other than to recognise marriage can be performed under religious and traditional ceremonies? In that scenario; other than recognised state machinery to register and dissolve marriages; why is there a need to have separate acts governing them?
Secondly, and more interestingly in my opinion: why should marriage be between two persons (as dictated by the last Constitutional Court judgment on the issue)? Why can a marriage not be between more than two persons? And it is not a new thing in South African culture anyway - quite a few cultural groups, like the Zulus, recognise polygamy. And so do some religions, including Islam. So, if it is religiously and culturally ok to have more then two persons in a marriage; why should a civil marriage be any different? Why should it not be possible to have marriages involving multiple persons, of different genders? Do we really have any right to regulate people's love and sex lives - as long as every one in the relationship is a consenting adult?
Gay marriage controversy ... wait till the polygamy controversy starts :P
Firstly, it has been criticised by some in the Gay and Lesbian community, because it is a separate act; and is different from the current marriage act. Thus they argue; it is different and discriminatory. The government argues that it needs to be; because the marriage act is primarily based around religious and traditional ceremonies; and since the new bill is independent of religion; it requires different treatment.
On the other hand, there is the criticisms from the religious, and virtually every homophobic person, on how gay marriage is against nature, and against every religious belief; and thus immoral. In fact, the government was really pushed to write this bill; because the Constitutional Court ruled that the current Marriage Act is unconstitutional; so it is obliged to change the law. And like the death penalty - referendums on the matter will not help. To change the legal position on either; there needs to be a change in the constitution; and even a simple 2/3 majority is not sufficient to do that!
So either way; like it or not, gay marriage will be legalised; and there is effectively nothing that the opposition can do. This off course raises a few very important issues and problems. First and foremost - in a constitution that separates the church and the state distinctly; is there a need for a marriage act, other than to recognise marriage can be performed under religious and traditional ceremonies? In that scenario; other than recognised state machinery to register and dissolve marriages; why is there a need to have separate acts governing them?
Secondly, and more interestingly in my opinion: why should marriage be between two persons (as dictated by the last Constitutional Court judgment on the issue)? Why can a marriage not be between more than two persons? And it is not a new thing in South African culture anyway - quite a few cultural groups, like the Zulus, recognise polygamy. And so do some religions, including Islam. So, if it is religiously and culturally ok to have more then two persons in a marriage; why should a civil marriage be any different? Why should it not be possible to have marriages involving multiple persons, of different genders? Do we really have any right to regulate people's love and sex lives - as long as every one in the relationship is a consenting adult?
Gay marriage controversy ... wait till the polygamy controversy starts :P
Subscribe to:
Posts (Atom)