Yet Another Geeks Blog

Fun with WordFeud - part 2

noreply@blogger.com (Natanael) — Fri, 30 Dec 2011 23:17:00 +0000

I'd be impressed if he even takes the challenge. I would have resigned right away after complaining about cheating. ;)

- Sent from my phone

Posted via email from Nat's blog

Fun with Wordfeud

noreply@blogger.com (Natanael) — Tue, 06 Dec 2011 01:05:00 +0000

The image says it all. :)

- Sent from my phone

Posted via email from Nat's blog

Binary day, 11-11-11

noreply@blogger.com (Natanael) — Fri, 11 Nov 2011 08:24:00 +0000

No matter what date format you prefer (except for those with the year in four numbers), today's date is a binary date (only 1's and/or 0's). Yesterday was another one. And this one is actually the last of this century, since there won't be another year ending in only 1's and/or 0's until 2100.

Just thought you might be interested. :)

Posted via email from Nat's blog

Number of apps

noreply@blogger.com (Natanael) — Thu, 10 Nov 2011 07:40:00 +0000

Some people have 55 apps on their phones. This morning I had 55 apps *waiting for updates*. Total app count? Over 300.
Fortunately my SGS have room for them all, unlike my old Spica that almost always had out-of-space warnings when I installed new apps.

Among the updates were the newest version of mAnalytics - and it's great!
There were also an update of Google Goggles, but I don't really feel like using it's new autosearch feature for camera pictures. Feels creepy, kind of. And it's also not accurate enough.

I might write a bit more about my apps later, but for now this is all.

Posted via email from Nat's blog

Photos: Øresundsbron

noreply@blogger.com (Natanael) — Sat, 11 Jun 2011 15:41:00 +0000

Well, we usually don't use the ø-character over here, we call it Öresundsbron on this side of the border. But most signs and the advertisement for it use the ø-character. Do the Danish maybe use the ö-character for it (and do I have any Danish readers that can answer that question)?
Also, do you like my photos of it from beneath?

See the full gallery on Posterous

Posted via email from Nat's blog

Some thoughts about steganography

noreply@blogger.com (Natanael) — Sun, 29 May 2011 21:43:00 +0000

Here's a steganography method I've been thinking about today:

Let's say you have plaintext A to hide. You have something to hide it in, we'll call it medium B (preferably lossy, but hiding it in audio WAV audio files works just fine while JPG images often might be preferred).
You generate key C to protect it. You do this by picking a strong password and running this trough a one-way checksum generator. SHA256 is a good choice if you're going to use AES with 256 bit encryption.
If A is a text file, you should compress it. Bzip2 is a good choice, IMHO. Then you encrypt it with key C and a symmetric encryption algorithm like AES, giving you the ciphertext.
Then you generate an error correction code for the encrypted data becaue it makes it a bit more resistant against modifications.
Then you encrypt the error correction code with the same key C. (Yes, this means that if there's damage to the error correction code in the image you have lost the ability to get easy verification.)
Now you append the the encrypted error correction code to the ciphertext.
This is then hidden in your medium B using key C as a key, once again. Yes, this means that if you use a poor steganography algorithm that the key can be extracted from if all you got is the medium, then your encryption method is broken too.

When extracting the data you use the same key C to get the ciphertext and encrypted error correction code. Then you decrypt the error correction code and verify the ciphertext. Then you decrypt the ciphertext and get the hidden data.

If you used an encryption algorithm that does not have a "waterfall effect" on the error correction data, you would not loose the entire error correction data due to a small error in it.
(This would mean not using AES, but potentially just XOR:ing the error correction data with the key. Beware of any encryption method that is weak to cryptoanalysis! Also, beware of steganography methods that let attackers calculate your key!)
If using an encryption method where bits are encrypted one by one or only in small chunks that doesn't effect the rest of the encrypted data, it could allow a JPG image to be recompressed and the data would be recoverable, despite being encrypted and seemingly random to begin with. Depending on the sixe of the image and the data, the data could survive almost unimaginable alterations. With 1000% error correction data (10 bits of reduntant data for every bit of actual data - Qr codes use 30%, 3 extra bits per 10 bits of data) and a 20 megapixel image, a couple of lines of text could easily be hidden and survive many recompressions and alterations. The data could potentially be recoverable if you printed the picture and took a photo of it and then tried to recover the data from that.
Encrypting the error correction code prevents an attacker from being able to easily confirm if he has found the hidden ciphertext or not in an image.

So what's the point with all this? Nothing, really. It's just interesting to me. I'd like to try implementing this myself some day (with existing algorithms of course, sine I'm lazy ;).
It would be fun to print an image and take a photo of it and still be able to recover he hidden data.

Posted via email from Nat's blog

Turning Torso photo

noreply@blogger.com (Natanael) — Fri, 15 Apr 2011 23:50:00 +0000

I really wish I had a better camera. Maybe a Nokia N8 (those phones have amazing cameras). I should get a proper quality camera some day. I know I can find some pretty good angles for photos, but with the cameras I have access to it's rarely worth it.

- Sent from my phone

Posted via email from Nat's blog

Quick review: Tesla Plushies (Android game)

noreply@blogger.com (Natanael) — Thu, 31 Mar 2011 21:29:00 +0000

There you have the intro video for this fun and challenging Android game. I have beaten all levels except level hard #13. It often takes several tries to figure out how to make the plushies behave the way you want.

Once you have learned the game physics it becomes more of a fun challenge and spare time killer then a plain frustrating time waster.

If you have an Android, try it out now!

http://market.android.com/details?id=com.bithack.teslaplushies

Posted via email from Nat's blog

Quick Mirror's Edge review

noreply@blogger.com (Natanael) — Sat, 05 Mar 2011 09:30:00 +0000

Mirror's Edge is one of those great games that faaar to few people understand and appreciate. I recently found the game for 99 SEK, so I bought it and I loved it.

It is fun to play it a second time when you have learned how you play it. Everything goes much faster the second time, and you also find a lot of new paths and learn how to reach some of the paths you never thought you'd reach.

Like when you find out how to run right past by some cops in 5 seconds when it used to take over a minute to beat them up (one by one as always) or you'd got shot down.

Wall running and big jumps are always fun, which ME has a lot of. :)

Unfortunately my computer crashed recently, so I can't give you any of my screen shots.

Posted via email from Nat's blog

Wanted: Useful geopositioning app

noreply@blogger.com (Natanael) — Sun, 09 Jan 2011 22:19:00 +0000

When I take a close look at all these geo apps like Foursquare or it's competitors, none are really useful.

So this is what I want:
I want an app that makes it easy for me to know where my friends are, but not necessarily 24/7 (unless they want to) or only when the app is open.
I want something that runs silently in the background on my Android, with advanced but easy privacy controls and support for plugins (many of the requested features below can be implemented as plugins).

I don't want the world to always know where I am, but if a family member or friend wanna know, the app could tell them when they ask.

It should also make it easy to organize a group of people that is going to the same place.
Want to meet with your friends in the city? Mark a few places to go to and invite some people.
Going to see a movie (maybe rent one)? The app should make that easy too, including choosing which movie(s) to watch.
Barbeque? It should even make it easy to decide and track who brings what.
And of course, you'll be alerted when somebody is late and see on the map where they are + their average speed (no more asking "where are you and when are you coming?").

Are you suddenly close to a friend? You are probably not likely to care very much if it's someone you meet daily, but if it's a friend you rarely see you'd probably like to know.

A big bonus if it is open source (including the server side software), since I do not want a geopositioning app whose code I'm not allowed to see. It really should be free software.

Posted via email from Nat's blog

Short Tron Legacy review

noreply@blogger.com (Natanael) — Fri, 31 Dec 2010 20:01:00 +0000

I'm not going to try to make a full review of it, but I can sum it up as being a nice movie with awesome music (IMHO, some people might disagree on the music).
I liked the plot, and there were no big plot holes that I noticed while watching it. I can tell you that I didn't really notice the 3D effects (I've watched other 3D movies where the effect is notable), so I'm not sure if paying extra for watching the 3D version is worth it. I might notice how big the differences are if I watch the "2D version" later.

To sum it up: The guy who made "The Grid", Kevin Flynn, this computer generated world, got trapped by the program, Clu, that he had created to be like a copy of himself. This was because he had given it instructions to create a perfect world in there, but when he discovered these programs called "isomorphic algorithms" (or "isomors"), everything else became unimportant - including the program that was made to be a copy of himself. This was around 20 years ago in the movie's timeline.

The son of Kevin Flynn, Sam Flynn (who now has grown up without his father), are told by his father's old friend that he was paged from his dad's old office in a gaming arcade hall. Sam goes over there and then also ends up inside this virtual world himself.

He gets thrown into these light cycle and disc war games, and after a little while Quorra (who is an isomor) gets him out of there and to his (real) father (Sam first thought that Clu, who was made to be a copy of his father, was his father). At first his father, Kevin Flynn, wants to do nothing in order to prevent Clu from getting out to the real world (he really dislikes imperfection) since Clu don't know where Kevin Flynn is and needs his "identity disc" to get to the real world. Sam disagree, and then leaves to try to get out and to delete Clu from the outside. After this, Kevin Flynn and Quorra also decides to try to get out, and they try to find Sam.

If you want to know more, read a longer review or watch the movie.

I noted a couple of geek references, such as that the computer that was running this virtual world was running "SolarOS", very likely a reference to Sun's Solaris operating system. There were several other references like these.

Most of the other people who also watched the movie seemed to not have been as geeky as me but still seemed to like it, so I dare to say that you are going to like it if you find my short review interesting.

Posted via email from Nat's blog

Tron Legacy 3D

noreply@blogger.com (Natanael) — Sun, 19 Dec 2010 08:05:00 +0000

I'm going to watch this movie in less then 2 hours! I hope it's as good as I think it will be! I'll tell you what I thought of it later.

Posted via email from Nat's blog

Oh noez!

noreply@blogger.com (Natanael) — Sat, 11 Dec 2010 14:46:00 +0000

The snow is melting away!

Posted via email from Nat's blog

Animal footprints

noreply@blogger.com (Natanael) — Sat, 11 Dec 2010 14:35:00 +0000

What kind of animal could have made these tracks and that hole? [Insert curious smiley]

Posted via email from Nat's blog

My ideas for DNS-P2P

noreply@blogger.com (Natanael) — Mon, 06 Dec 2010 20:04:00 +0000

First of all, see my previous post on dynamic DNS using DHT and assymetric crypto keys. I am going to reuse ideas from there.

Basic idea: We want a way to have static and globally unique names for web sites and servers. We want to avoid centralization, so no single organization like ICANN will exist for it.
This Domain Naming System will ask peers instead of a single server for IP addresses, thus P2P in the name.

So here it goes:
Every site has a master key pair. This is important. This key should be large, maybe a 16 kb RSA key.
Every host (individual computer that acts as server on a domain) has a key pair of it's own. The host's public keys are signed by the master key for the domain.

All these public keys are stored in the peer network using DHT. The IP adressess and all the DNS data is also stored using DHT, and it's signed.
To access a site, you ask for the public key by it's checksum. Then you verifiy the DNS data that comes back by checking the signatures and time stamps.

The checksum based domain names would be in hexadecimal format, like this (but random instead): 0123456789abcdef0123456789abcdef.pkh.p2p
Pkh stands for "Public key hash", and "hash" is another name for checksums. I would prefer something else, but I don't know what would be better.

The readable domain names, like website.p2p, would be "mapped" to the hash based ones. That means that when you ask for website.p2p, you get the hash based domain name.
When you ask for the hash, you get the public master key, host keys, and the DNS data such as IP addresses.

The real issue that still has to be solved is how we can make the readable domain names globally unique and secure...
I guess we have to go for "majority-unique", such that website-a.p2p will point to the same site for most users. We probably have to accept "subscriptions" or "moderation services" that will manage situations where several people want the same domain name, and they would be optional to use as well as decentralized.

I will write more about this in the future.

Posted via email from Nat's blog

Gadget: Red Button

noreply@blogger.com (Natanael) — Sun, 05 Dec 2010 22:59:00 +0000

Do you ever get so mad that you feel like nuking your workspace out of orbit? Now you can at least make your destructive day dreams slightly more realistic*!

*Not really. Unless there really exists red buttons somewhere for blowing workspaces out of orbit.

Posted via email from Nat's blog

Test post

noreply@blogger.com (Natanael) — Sun, 05 Dec 2010 18:56:00 +0000

Testing posting from this Posterous client.

Posted via email from Nat's blog

Snow!

noreply@blogger.com (Natanael) — Sat, 27 Nov 2010 13:51:00 +0000

Here's some nice pictures of snow - from TODAY! It's not even December already! I am hoping it will stay for a while. :)

See and download the full gallery on posterous

Posted via email from Nat's blog

KDE rocks!

noreply@blogger.com (Natanael) — Mon, 22 Nov 2010 07:40:00 +0000

So, I'm running KDE now. I've been running it for a few days now, and beyond initial problems with networking (solved by installing networkmanager-kde from inside Gnome) and not being able to power down the laptop from withing KDE without console commands (kdm/gdm integration issues, I'm thinking of switching to kdm as default), it's perfect!

Everything is more stable now, more smooth, more clear and more of everything that is good. :D
It's now finally good enough to deserve being my primary desktop enviroment!

To sum it up, it's really just so good looking, clean, fresh, useful, smooth and flexible so that there are no reason to use anything else (at least not for me). Gnome will stay installed for a LOOONG time, but I doubt I'll use it for a while.

Posted via email from Nat's blog

MonkeySphere and TCPCrypt

noreply@blogger.com (Natanael) — Fri, 05 Nov 2010 19:09:00 +0000

I'm beginning with describing MonkeySphere. http://web.monkeysphere.info/

It is a nice and useful tool for making secure and authenticated connections to servers. From it's description: "The Monkeysphere project's goal is to extend OpenPGP's web of trust to new areas of the Internet to help us securely identify servers we connect to, as well as each other while we work online".
The idea is that each person can generate a cryptographic OpenPGP keypair, create subkeys for their computer and servers, and then exchanging the public keys in their key pairs.
When you want to connect to another computer, you use MonkeySphere and the dedicated cryptographic subkey in order to identify yourself and establish a secure connection (using SSH right now).

TCPCrypt, http://tcpcrypt.org/
It is an encryption extension to TCP, designed to be transparent to userland software, making encrypt-by-default for all network and internet connections easy. From it's description:
"Tcpcrypt is a protocol that attempts to encrypt (almost) all of your network traffic. Unlike other security mechanisms, Tcpcrypt works out of the box: it requires no configuration, no changes to applications, and your network connections will continue to work even if the remote end does not support Tcpcrypt, in which case connections will gracefully fall back to standard clear-text TCP."
Unlike SSL, SSH and IPsec, it does not do authentication by default - it only encrypts it, which is enough to make the connection harder to spy on. It forces an attacker to do active attacks (modifying traffic) instead of just passive (just listening to traffic) if he want to spy on somebody.

Combining the two of them could make the whole internet a lot more secure instantly; having something as simple as Web of Trust (well, as easy as it could be) to REALLY know who you are connecting to and combing it with a traffic encryption method that NOT require modification of any software would instantly eliminate all reasons for not encrypting everything.
If you don't know what encryption is good for: Search for "Firesheep" on the search engine of your choice.

No, more of SSL won't help. There's a reason for everybody not already using it. No, SSH tunneling is not the answer. And no, IPSec is too complex.
But TCPCrypt is, as I said, easy. On Linux, all you need is to run a single line of shell code, and you're done. Now all traffic to other computers that also run TCPCrypt will be encrypted, preventing passive tools like Firesheep. By adding MonkeySphere's WoT management to authenticate the connections too (you also want to that who you're talking to is who they say they are), not even active tools will work, because then you will be alerted and the connection will be closed.

Technically, WoT can also be used the way SSL is used: Just let all the current CA:s (Certificate Authorities) generate OpenPGP keys and use them to sign peoples' OpenPGP keys instead of the keys they currently use to sign SSL certificates. Instead of browsers being shipped with SSL CA certificates preconfigured, they would have the CA's public OpenPGP keys.
It would be a minor change to most people that are not involved with SSL, and to most who are it would only be a change in what things are called and replacement of some tools.
So for those who only use the internet for broswing around on web sites, there will be no change worth caring about.

And the real great news: When it's working, all you need for secure connections to your friends is to exchange public keys to be able to establish a highly secure connection.
You and your friend just have to write down your public key fingerprints on pieces of paper (it's the most secure way) and give them to each other, and then type them in on your computers into the authentication software (MonkeySphere). Just that one more thing to remember besides IP address (and sometimes port number).
Then you can connect to each other to securely do whatever you wish, like chatting over IM, play network games or share files and documents.

As long as the key fingerprints match (otherwise the connection will fail) you can be sure that the other computer has the right private OpenPGP key from the key pair.
And as long as your friend has a secure computer (decent antivirus+firewall, Linux or OpenBSD, etc) it is really him and nobody else that you are connecting to. Which means that nobody else can read that document from work that you are sending him. Or read your IM conversation. Or mess with your LAN game. Or anything really as long as your computers are directly connected (which only is going to get more common with the constantly improving P2P and F2F software out there combined with faster internet connections).

Posted via email from Nat's blog

An absurdly geeky alternative Dynamic DNS scheme

noreply@blogger.com (Natanael) — Wed, 20 Oct 2010 14:46:00 +0000

Here's a scheme that could work great for Dynamic DNS and that do not need any central servers:

Version one, for individuals and small groups where everybody has administrative permissions:

You pick a secure password. This is the only thing you need to remember, but as you both connect to the server and administrate everything with it you need to keep it secret. This password is used to create an asymmetric cryptographic key pair. This must always be the same every time (no random elements), so the password also must be VERY secure!

The server has both the keys in the pair.
We use a peer to peer network (p2p, like bittorrent). The peers are random, so you connect to lots of strangers, since it's an open network.
The server does not need to be connected to the peer network 24/7, but it uploads the latest IP data there every few days (to prevent expiration) or when it changes.
The critical part: The IP adress of the computers you want to connect to are stored using DHT in the peer network, and it's signed with the private key and encrypted with the public key. You find it by searching in the DHT for a string that's unique to your key pair, probably the fingerprint of the public key. The current IP data is tagged with this string in the DHT.
The current data is always uploaded by the server every time it changes, and every time that the time stamp on the current IP data in the DHT gets too old.

To connect to one of your computers, you enter your password in a program. It computes the key pair, it computes the unique string, it searches in the DHT for the IP data, checkts the timestamp on it (important!) and it decrypts it and verifies the signature.
Then you connect to the IP (there could be a list, from which you pick an IP address).

Version two, for giving public access to the computers:

Changes:
Only the admin(s) has the password (as before), and the general public use the public key's fingerprint to connect instead of the password.
The public key is also uploaded into the DHT, and it is tagged with it's fingerprint. This fingerprint should be a SHA512 hash or comparable.
Both the public key and IP data is fetched from the DHT at the same time.
The IP data in the DHT is not encrypted, just signed with the private key.

Multiple IP's can be stored in the DHT, each IP can be tagged with a name. IPs can also be grouped. This allows you to easily give the public access to several different services and servers with one fingerprint, as well as letting admins managing servers with only one password to connect to them all.

I would recommend using this in combination with TCPCrypt for additional security to prevent MitM attacks once you've got the correct IP. The server's public key (that the user already have) is used to authenticate the connection. This means that the user only has to know one thing (the fingerprint) to establish a secure connection. Either computer could switch IP at any time, move whenever it's he owner feels like it or the computers could even be replaced - but as long as the server admin keeps the pass secret and the user has the right fingerprint, they are both safe and can connect securely in seconds, anytime.

I think this can be very secure. I also think that the fingerprints has to be "visualized" someway when used to let the general public connect to your server. The client program should always compute a visualization that's unique for each string, but without randomization so that each fingerprint always has the same one. This makes it very easy for the user to be assured that he's entered the right fingerprint.
It should be a little "identicon like" (search for "Identicons" and you'll know what I mean), but probably more detailed and stylish. Those randomart images that SSH use comes to mind, but they are not random enough. The process to generate them should make it hard to generate multiple keys with images similiar enough to be mixed up by a user.

What do you think? I want comments.

Posted via email from Nat's blog

Gadget: Sunnan, solar charged IKEA lamp

noreply@blogger.com (Natanael) — Tue, 19 Oct 2010 16:44:00 +0000

Let's begin with the specs:
The Sunnan lamp has a solar cell, 16 LEDs, 3 x rechargable 1200 mAh AA NiMH batteries (1.2V as usual), the solar cell and batteries is in/on a removable "box", it has a flexible "arm", ~4 hours of light, and for every lamp sold, a kid in areas in Africa without electricity gets one (it's so dark near the equator already at around 6 to 7 pm that you can't see more then a few meters far or read, so it's awesome for school kids).
Here in Sweden it costs 150 SEK.

Like somebody else said in a comment (that I don't remember where I read it), it would almost be a shame to not buy one.

I'm thinking of getting a second one for experimenting with the LEDs.

Posted via email from Nat's blog

Free software tag on donation apps in app stores?

noreply@blogger.com (Natanael) — Wed, 13 Oct 2010 16:44:00 +0000

See this: https://twitter.com/#!/Natanael_L/status/27249509668

FLOSS app developers could put #rewardfreedom in their donation app descriptions, making it easier for people to find and thus also directly fund free software development.

Just an idea, that I think should be tried out.

Posted via email from Nat's blog

Read about OAM and radio yet?

noreply@blogger.com (Natanael) — Sun, 10 Oct 2010 18:14:00 +0000

"Orbital Angular Momentum".

Those three words should make you very exited. And why is that? Simple - massive radio bandwidth boosts!

Orbital Angular Momentum is a property of electromagnetical fields (photons, including radio AND light) that was discovered "recently" and that haven't really been used much yet. What makes it useful is that you can send MULTIPLE SIGNALS ON ONE FREQUENCY at FULL maximal bandwidth for the frequency on EACH signal!
It's because the signals can have different "OAM values" and be seperated from each other based on it!

One of the researchers think that 100 OAM different values could be used at once, meaning 100 channels on one frequency - bumping up 300 Mbps WLANs to 30 Gbps, with no other changes!

Oh, and that applies to fiber optics too, meaning 100x faster normal internet connections as well!

Search for "Orbital Angular Momentum radio" on your favorite search engine NOW!

(Some of the research is done by LOIS, a part of LOFAR, iirc, that study space with it.)

Posted via email from Nat's blog

Moving to Posterous

noreply@blogger.com (Natanael) — Tue, 05 Oct 2010 19:52:00 +0000

At the same time as my page at YIID broke I've decided to move my blog to Posterous completely.
http://natanael.posterous.com