My first thoughts on the iPhone

“iPhone features a rich HTML email client and Safari — the most advanced web browser ever on a portable device — which automatically syncs bookmarks from your PC or Mac. Safari also includes built-in Google and Yahoo! search. iPhone is fully multi-tasking, so you can read a web page while downloading your email in the background over Wi-Fi or EDGE.”

My work at the Stop Badware group has shown me that trojan dialers are still all the rage. And I have to step back from my multiple T-1 connections at the collective space I hang out at or the even larger bandwidth provided on Harvard’s campus to realize that some people still use the plain old phone system to dial up to the internet. I don’t have a single system anywhere with a modem left so infecting me with a dialer really isn’t going to get you anywhere.

An iPhone however is just ripe for this type of abuse (and so are PocketPC based phones now that I think about it). So it isn’t that iPhones are going to be the only portable devices that will likely be targeted by this type of attack in the future but the descriptions of the iPhone certainly did set off that alarm in my head. Not just from browser based attacks but the rich HTML interface. MS has been quietly reducing the HTML rendering capabilities in their email clients because attackers kept exploiting every single aspect of it. I think over time Apple may need to learn this lesson as well. Rich HTML sounds great in the marketing of an email client but rarely has one survived without getting spammed to death, infected by trojans, or both.

Analysis of Microsoft’s Suicide Note (part 2)

“Some argue that the consumer gets little or negative ‘benefit’ from this increase, this is false. The consumer gets premium content on their PC”

Pete Levinthal
Software Engineering
ATI Technologies, Inc

This is a fair statement. Playing HD content from a Blueray or HD DVD disk is clearly an advantage that end users would appreciate. So in the sense that a benefit is an advantage I would say Levinthal’s statement is accurate. However, benefit can also refer to “profit” which would make his statement questionable. Considering that he mentions ‘negative “benefit”‘ I think we should delve further into this connotation. Profit is the positive difference between the amount spent and the amount earned. So in purely mathematical terms the amount of “cost” to the end user to play premium content must be lower then the amount gained in the operation of HD playback for a profitable expierence. I believe it is safe to assume what the amount gained is, HD playback. What isn’t so clear is what the costs are. In the programmers universe cost is generally associated with amounts of cpu cycles spent solving some problem. Thus if a programmer writes a function for a program which needlessly recomputes values it is considered “expensive”. An accomplished programmer can write elegant solutions which do not incur much cost.
Keeping the previous definition of “cost” in mind I think it is fitting to look into what the premium content protection really costs a user. From this analysis we can make a fair judgement on whether a user profits overall from the ability to play HD content. According to the Micosoft presentations here, here, here, and here the playback of HD content requires no less then two rounds of encryption/decryption before the video is sent to the display. First the video comes from the original HD media in encrypted format and is decoded. That decoded media is then encoded again using the AES algorithm and sent across the PCIe bus. Once it reaches the other side of that bus it is decoded and then sent across the HDMI interface to the display.
The entire process is documented here in a presentation by Microsoft:

Based on my own valuation of HD content playback I would say that the price is either near or exceeding the gain of watching content on my PC. Clearly the price of these computations goes down every 18 months* by 50% according to Moore’s law. This led to my earlier prediction that an affordable and usable system running Vista is perhaps 5 years away. Before I close on this installment I want to give a preview of the next piece I have lined up. This image struck me and has pervaded my thoughts about this article.

Why Do It
This image from a presentation delivered by Dave Marsh (Program Manager, Windows Media Technologies) captures how Microsoft frames this problem. Perhaps not intentional but all too apparent in this image is their end user acting deviously and maliciously hurting Hollywood, Microsoft, and probably America.

* Wikipedia cites Moore as stating 12 months between the doubling of transistors which given my previous statement would reduce the distance of a usable and affordable system 3.3 years away. There are other references in the article that state the chip making industry adheres to the “doubling every 18 months”. My prediction was that of 3.5x current capacities for an affordable system to play back HD content on a Vista PC.

Analysis of Microsoft’s Suicide Note (part 1)

[editors note: this is becoming far too long a post for a single entry and will be serialized over the coming week]

In a controversial technical analysis Peter Gutmann goes into fantastic detail about the recently released Vista operating system and it’s content protection scheme. One thing became clear to me after reading this analysis. Vista is being marketed to content producers, not consumers. If Windows XP was Microsoft’s attempt to embed a browser into the operating system then Vista is the attempt to embed DRM. Digital Rights Management technology has been applied to literally every ring of the OS architecture.

Vista’s target market is content producers and the underlying philosophy of the user experience will be far different then what many consumers expect it will be. Microsoft has attempted to plug the infamous “analog hole” as much as is possible by forcing all data through encryption algorithms. For those unaware of the “costs” of encryption it is sufficiently high. Pushing HD audio and video content through encryption/decryption routines is a tremendous strain on any system currently available and in the near future. Even with the application of Moore’s Law a conservative estimate could place affordable and usable systems within this new content system 5 years away. It will be interesting to see how these restrictions will be spun by the large marketing and PR teams since none of these innovations will benefit consumers in any way. The job that has been handed to these PR and marketing teams is to dress up a product designed with every restriction a producer has asked for and make a consumer want to buy it. One of the most quotable lines from the Gutmann analysis sums this up perfectly as, “breaking the legs of Olympic athletes and then rating them based on how fast they can hobble on crutches.”

In the past when I have delivered lectures to web application developers I would caution them to never trust user input. Perhaps developers took this philosophy a little too far. The entire operating system now seems to have turned against the user. Zero tolerance drivers and regulation code will lock the system down if any type of deviance is detected. So called “tilt bits” will signal an attack on the system if anything is found out of the ordinary. These changes won’t enhance user security unfortunately as they were designed to protect only “premium content”. Medical data, credit card numbers, and other private things that do deserve this level of protection are completly ignored. Untrusting of any environmental changes the system will shut down or degrade performance in response to a perceived attack.

This is a marked turn from the past versions of the Microsoft operating system. In the past one could take a hard drive from a Windows OS and drop it into an entirely different system. The new hardware would be detected and drivers applied on the spot. At most a single reboot would bring the user back into a usable system. This type of resilience was what impressed me during the early days of the new Windows architecture. In those days Microsoft was fairly dominant but still pursuing new customers. The new Vista scheme signals to me that they have exhausted new customer acquisition and are now focused on milking their existing market.

In the next post I will look at who benefits (Intel, Hollywood, code obfuscation providers) and who doesn’t (consumers) and some security issues (driver revocations for DDOS)

XrML for extensible rights management

XrML provides a universal method for specifying a right (for example, “play” or “copy”) or a condition (such as a time limit) that is associated with a particular work.

more information on this here <- warning, pdf


Second Life Population

A group of people who only exist in an online simulation.

by Frans Charming

400k users on the front page, I’m 13 days off on my prediction that we would reach it on the end of July. But what does such a number say anyway, if it is constantly redefined as it has been again on the LL blog.

“The number that is currently on our home page is a time-weighted average between “total number of sign ups ever” and “total number of logged in users over the last 60 days”. As of right now, those numbers are 493,563 and 225,028.”

Now That’s Security!

Bank of America has made their web services so secure that even I can not login. And I am the account holder! The failure for my login ability stems from the myriad secondary questions that are all very personal in nature. These “passwords” would read like a diary of your life from place of marriage, honeymoon, graduation, and birth. I tend to fill these answers with random gibberish so no one can simply research public records and gain access to my bank account. The new security features ensure that no one that can’t answer one of these random questions can gain access. This must be done with every new browser installation, computer setup, or possibly once per session (if certain browser protocols are followed).
I offer the application engineers that BoA hired these articles. Study them closely:…
It is a self inflicted version of this “attack” discovered by a small independent security group.

Missed Event: Data Surveillance and Privacy Protection

“There has been little discussion of methods and technologies for conducting data surveillance while respecting privacy and preserving civil liberties.”
Seem ironic to anyone else? To be fair the CRCS is looking to understand the far more pervasive surveillance infrastructure [being] created around us: the routine use of database information for law enforcement, counter-terrorism, and commercial markets.”

The speakers were very impressive including a former TIA director and author James Bamford (wrote several fantastic books on the NSA). Lately I’ve wondered why it is we are not in control of our own information. I should “own” all my personal data and when a company sells it to another company without my permission there should be accountability. If nothing else we should be able to whine (and prosecute) like the media cartels do with their property.

Super Seed!

The super-seed feature in S-5.5 and on is a new seeding algorithm designed to help
a torrent initiator with limited bandwidth “pump up” a large torrent, reducing the
amount of data it needs to upload in order to spawn new seeds in the torrent.

When a seeding client enters “super-seed mode”, it will not act as a standard seed,
but masquerades as a normal client with no data. As clients connect, it will then
inform them that it received a piece — a piece that was never sent, or if all
pieces were already sent, is very rare. This will induce the client to attempt to
download only that piece.

When the client has finished downloading the piece, the seed will not inform it of
any other pieces until it has seen the piece it had sent previously present on at
least one other client. Until then, the client will not have access to any of the
other pieces of the seed, and therefore will not waste the seed’s bandwidth.

This method has resulted in much higher seeding efficiencies, by both inducing
peers into taking only the rarest data, reducing the amount of redundant data sent,
and limiting the amount of data sent to peers which do not contribute to the swarm.
Prior to this, a seed might have to upload 150% to 200% of the total size of a
torrent before other clients became seeds. However, a large torrent seeded with a
single client running in super-seed mode was able to do so after only uploading
105% of the data. This is 150-200% more efficient than when using a standard seed.

Super-seed mode is *NOT* recommended for general use. While it does assist in the
wider distribution of rare data, because it limits the selection of pieces a
client can downlad, it also limits the ability of those clients to download data
for pieces they have already partially retrieved. Therefore, super-seed mode is
only recommended for initial seeding servers.

Noisechain ensures “no single person is provably responsible of hosting/distributing a given file.”

This is a really interesting technology that makes it difficult (if not impossible) to determine who is hosting a particular file. After reading the latest changes to the DMCA we may really need something like this. I’ll blog more about those changes next.

An anonymous person will use Noisechain, to break the 'FILE' into 5 parts. Here's what 
Noisechain does. XOR is a commutative operator, so we need few parenthesis:

   1. generate 4 files: A, B, C, D, with completely random data in each.
   2. calculate X = (A XOR B XOR C XOR D) which is random; see (b)
   3. calculate E = (FILE XOR X), which is random; see (b)
   4. we now have A, B, C, D, E, which are all random, **but** have the property: (A XOR B 
   5. permute A, B, C, D, E randomly, to lose track of which come from step '1', and which 
comes from step '3'.

So, from a '' file, noisechain will output 5 separate files, '[1-5].noise' which 
can then be hosted independently by 5 people.

Of course, it would be quite stupid to require 5 URLs for downloading the files. That is 
why, with each 'noise' file, you get a 'chain' file that points to the next URL.

Anyhow, it is mandatory to download *all* 5 files. If you have only 4 files, you have 
random data that gives **zero** information about the file. If the 5 people are in different 
countries, it it a nice bonus.

update 10/1/07: s/insures/ensures/g;