Tuesday, November 03, 2009

Notes on Windows Kernel Security...

Having been the lead architect on more than a few security projects - I can really appreciate the aims of the windows security kernel API.

A token to represent every object in the system. Objects live everywhere, as files, users, domains, et cetera.

But somewhere along the development timeline, vain attempts to obfuscate the true meaning of certain elements were chosen over safe techniques, using provably secure algorithms and clear documentation.

Simply speaking, it became an extreme example of complication with varying true security value. Drivers which run within the kernel are treated as aliens, pretending to be running in restrictions which are entirely fictitious fantasies - leading to insecurities and ultimately more bugs.

Provable security is difficult enough within the computer environment - safe timing, "true" randomness and safe, tested cryptographic algorithms are difficult enough as it is.

Don't get me wrong - the security paradigm of Windows is arguably much better (at least theoretically) than Unix. It's just done very badly.

For example, having to decide if I need a Security Context, a SID, LUID, SecurityUserData, or perhaps an Access token is inane and utter bull. All these types could easily be represented as a single type, with perhaps a non-referenced user-mode handle for safety.

So, for now, I put this down on my " Top Ten Horrors of the Security World."

Friday, October 16, 2009

Officially a blog slug...


Having been through a three major surgeries in the family, kids' week off from school, a few illnesses and several impending work deadlines - I have completely neglected this poor haven of strange ideas... yup, I'm a slug...

My RSA adventures have lead to some interesting shortening of attack vectors, but nothing of true value as of yet - though I thought I had it licked at one point! Still, some great insight for me.

I've learned a LOT on approaching impossible problems - analysis saves a lot of development work, but only if you're willing to identify and gather real data. Also, you need to analyze sets, not just points on a graph. Knowing your functional, set values and computational limitations beforehand gives you an enormous edge in quickly performing tests - but you must be careful not to be boxed into your own boundaries.

For instance, here's the boundaries for all RSA factors, taken as a percentage of distance from the square root. This trend holds for all magnitudes of prime and presents a rather reduced attack space than I first anticipated. The blue line is the running minimum "center point," the green space represents all possible distances between one the real factor and the square root of the quotient, and the blue space represents all possible distances between the one real factor and the center point (p + q / 2)

In laymen's terms - this means that there's no need to go outside of this space to look for possible p factors for the quotient pq - thus reducing the attack surface. In practical terms, the distance between the square root and one of the factors is AT MOST 2.5%!!! And though the distance may increase to 10% - it is a known search space of much reduced size. Yes, that is still a large area when dealing with 300 digit numbers - but VASTLY smaller than I originally anticipated. Perhaps this is well known among mathematicians - but it was an eye opener for me!

I definitely have gained much even though I have yet to solve this beast!

Sunday, August 09, 2009

A new approach to cracking RSA...

I've spent 10 years tinkering with RSA factoring algorithms. Everybody needs a hobby, eh? I've tried many, many different approaches in solving the problem more efficiently than is currently practiced.

RSA factoring is plain stupidly simply. Find two prime numbers that are the factors of one very large number.

For example,

16347336458092538484431338838650908598417836700330923121
81110852389333100104508151212118167511579

× 19008712816648221131268515739354139754718967899685154936
66638539088027103802104498957191261465571

= 31074182404900437213507500358885679300373460228427275457
20161948823206440518081504556346829671723286782437916272
83803341547107310850191954852900733772482278352574238645
4014691736602477652346609


So far I've explored Russian Peasant division, bit multiplication shortcutting, bit reversal with vector unit multiplication, and traditional sieving and plain bruteforce. A few years back I happened across a new method - but it was only reliable in some cases. The fantastic news is that it when it did work - it was incredibly fast. I was able to factor 384 bit numbers in a few minutes, rather than hours.

I've lost the code, but I finally remembered the basic algorithm. And it occurred to me that perhaps it was simply a rounding error in my path decision algorithm.

Anyway - my "project rotation" is upon me again, and hopefully this time I will finally succeed.

Sunday, July 19, 2009

Life's passage in a swirling pop of time..

I really can't believe how quickly time is passing since I hit about 35 years old! The kids had dug up some old pictures and drawings from 2003... and it dawned on my how very little time I feel has passed, yet I know that it's been SIX years. I feel as though there are so many things left to do, and so I am excitedly looking forward to what comes next.

I just need to build that laboratory now!

Saturday, July 04, 2009

A somewhat muted 4th...

But based on tonight, I propose that the "country consumer confidence," as gauged by the length and number of fireworks is certainly slipping. It was still a beautiful night, but people didn't drop nearly as much on fireworks. The neighbor down the road who usually drops about $1,000 on something that could be compared to a miniature Addison BoomTown - only did about half that. The folks in the town proper were nearly dark - mostly sparklers, black cats and a few small displays.

Some people spend hundreds of dollars putting on fireworks shows, some people just $10 dollars. But, nearly everybody does something... because we can, ha ha ha.

I know I only did about half as much myself - but that was mostly due to the fact that my tractor was out of commission last week and I didn't get the time to mow the area necessary for big arial displays done safely. I still did as much of the small ground stuff though.

On a brighter note - the kids had a blast tonight. Lots of smoke bombs, sparklers, roman candles, tanks... everything they love!

Oh, and I'm almost done with bunk bed #2... totally awesome, dude. Hope you had a wonderful, safe, and self-evident Fourth of July.

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, --That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness. Prudence, indeed, will dictate that Governments long established should not be changed for light and transient causes; and accordingly all experience hath shewn, that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed.

Wednesday, June 24, 2009

Searching for fluid and thermal dynamics help...

I need some help from someone willing to hear an idea and bounce back real world knowledge at me.

So I have a truly wild idea for an "automotive power plant" which, in my whimsical estimation should absolutely blow conventional, modern hybrid and diesel milage away. It's also simple and elegant as well.

But my assumptions may be hideously misguided as well. I've done a cursory search in the USPTO database and found little, if any pre-existing claims for such an idea..

Anyway, if you have some basic experience in either of these fields I'd really appreciate your time. You don't need to be an automotive engineer or have formal training - just an idea of what your doing.

Drop a comment and I'll get back to ya if you're interested in my wacky adventure!

Tuesday, June 23, 2009

A math professor makes the convivial play...

As all of you know (of course!), this blog's namesake comes from a book by Ivan Illich, a priest and philosopher of sorts. And so in the tradition of "Deschooling Society," I present a new criticism of educare.

Really good criticism doesn't just manifest an idea - it belies an idea which imposes a mental struggle upon the reader. And so when a math professor scourges our system of education with true wit and "the ugly truth" - I just couldn't resist.

First, I present the coup de pied bas (low kick):
Sadly, our present system of mathematics education is precisely this kind of nightmare. In fact, if I had to design a mechanism for the express purpose of destroying a child’s natural curiosity and love of pattern-making, I couldn’t possibly do as good a job as is currently being done— I simply wouldn’t have the imagination to come up with the kind of senseless, soul-crushing ideas that constitute contemporary mathematics education.

Everyone knows that something is wrong. The politicians say, “we need higher standards.” The schools say, “we need more money and equipment.” Educators say one thing, and teachers say another. They are all wrong. The only people who understand what is going on are the ones most often blamed and least often heard: the students. They say, “math class is stupid and boring,” and they are right.
Obviously the man has a point. Look at math scored world-wide and the USA begins quite strongly in the Kindergarten through Fifth grades, and quickly slopes downwards from there.

I have watched my own children's fascination with mathematics shrink and wallow in misery. It's not that they don't enjoy the concepts - it's simply become a boring monotony of testing regimes on par with the infamous "Are we there yet? Are we there yet?," et cetera.

Hence, the fouetté (whip):
Why don’t we want our children to learn to do mathematics? Is it that we don’t trust them, we think it’s too hard? We seem to feel that they are capable of making arguments and coming to their own conclusions about Napoleon, why not about triangles? I think it’s simply that we as a culture don’t know what mathematics is. The impression we are given is of something very cold and highly technical, that no one could possibly understand— a self-fulfilling prophesy if there ever was one.

It would be bad enough if the culture were merely ignorant of mathematics, but what is far worse is that people actually think they do know what math is about— and are apparently under the gross misconception that mathematics is somehow useful to society! This is already a huge difference between mathematics and the other arts. Mathematics is viewed by the culture as some sort of tool for science and technology. Everyone knows that poetry and music are for pure enjoyment and for uplifting and ennobling the human spirit (hence their virtual elimination from the public school curriculum) but no, math is important.
I believe what he's saying is quite simple - we've become focused on the applications and ultimate use of mathematics. In doing so, we've actually forgotten the factor of humanity in education. Children will only quell imagination and curiosity for so long before pronouncing a subject as boring - the death knell of active learning. Rulers, books, and verbal warnings thus become the trade of education in the latter grades.

I'm not saying it doesn't work - it just works badly for most.

Finally, the crochet(hook):
If teaching is reduced to mere data transmission, if there is no sharing of excitement and wonder, if teachers themselves are passive recipients of information and not creators of new ideas, what hope is there for their students? If adding fractions is to the teacher an arbitrary set of rules, and not the outcome of a creative process and the result of aesthetic choices and desires, then of course it will feel that way to the poor students.

Teaching is not about information. It’s about having an honest intellectual relationship with your students. It requires no method, no tools, and no training. Just the ability to be real. And if you can’t be real, then you have no right to inflict yourself upon innocent children.
My own experience in math (indeed, most of my early education) exactly mirrors these conclusions. I learned math from my physics teacher (Dr. Bob Rowe), for goodness sake. He'd challenge us, he'd even allow us to explore ideas together. He had us work endless problems, but there was almost always more than one right way to do things. I stank at physics - but the fundamental idea that solutions come in variety sticks with me to this day.

I got answers so wrong, so often that had I not been so driven - I am sure that my life would have been quite different. I am not a genius by any stretch - I merely follow ideas where they lead me no matter how preposterous they may seem in search of an answer.

That said - it's certainly not a utopian world. In fact I believe all teachers are truly desirous of those moments when their pupils "get it." Certainly pupils are of all different stripes and molds - and teaching is hard work.

But I truly appreciate this man's viewpoint, and it can be done - just not everyone will do it. So if you teach, I implore you to at least let yourself struggle with these ideas. We want our children to be able to solve problems on their own - so let them.

Tuesday, June 09, 2009

Greek book progress...

Six chapters (really sections), and 15 pages down! I'm on a breather for the moment, just got my oxford greek grammar book which is dense, but useful for learning. It's also a nice contrast to my "New Introduction to Greek" book, which is hard-as-rock dense, but very informative nevertheless.

I'm working road for now... so hopefully I'll get back to book soon!

Sunday, May 24, 2009

Greek bug...

I've long let my blog languish... argh!  Durn facebook!  But I hope to get back on the wagon once more!

I've recently been trekking back into attic Greek, as I only was able to take a few hours of classes from the wondrous Dr. West.  I figured I'd ball up my fascination and pare it into a workbook of sorts, as I have promised my children the joy of Greek this summer.

Of course this means I have a lot of learning for myself as well!  But that's part of the fun.  If anyone's interested I'd love your thoughts on my workbook.  Leave me a comment, and I'll send it over.

Monday, March 23, 2009

It's the end of the world as we know it...

The media is just killing me.  Is there a black hole where we're storing our excess cash?  Did someone leave a bail of hundreds next to the cows?  Did stock sales suddenly become one-sided trades?

I won't go ninja-conspiracy-theory on ya'll - but I'm tired of ludicrous statements where money managers and bank presidents start speaking in cryptic "dissolved, disappeared, or extinguished"  money speak.

In actuality the stock market is merely an anticipation of wealth.  When I buy a stock and it goes down - the actual money has not disappeared.  But my anticipation of making money has when I sell my looser stock.  The simple fact is that the "anticipated money" never existed until I sell out my stock.

Money has not disappeared, dissolved or sublimed - it's simply not being used to buy stock anymore. And there's the rub - who took their money and where is it now?  Is that why we're currently on a cash hunt across the globe?

Monday, March 02, 2009

Compiler, Scanner, and Lexer, Oh My!

As with all my pursuits, I generally sit around and think "real hard" for a "long time."  So, for the checklist of things I have begin, I can now add the ultimate compiler.

Being the generalist, yeah basically a "bard," I have always considered it a formidable task to write a compiler.  For the uninitiated, a compiler takes a string of text and converts it into a machine executable program.

For instance, a "C" program like such:
#include

int main() {
printf("Hello, World!\n");
}
Then would be compiled into a program which would print "Hello, World!" onto the screen.  Simple enough - but actually there's a huge amount of work involved.  Thus, my long arduous "thinking about it... yup"® has persisted, until a couple of days ago when I figured what the hell, I'm not getting any younger!

And as always, I figure that if I'm going to put so much effort into parsing a single language such as "C" then by goodness, I'm going to make a compiler that can parse nearly anything.

So I wrote up a new language, hence forth known as "Plato," and have written the scanner for it. I suppose it's a GLR if you want to be exact, but in actuality it's "what works best" based on a ruleset.  After completing about 50% of the scanner I realized there is indeed a better way, so now I'm writing a full-blown compiler tool suite.

The final product will be a universal compiler - taking Java, C#, C++, C, perl, assembler and Plato languages and generating a program which interoperates between any language you can define a human readable ruleset for.  But for now, I'm simply writing Plato.

Friday, February 20, 2009

Quantum Fascination Continues...

So this is just too fascinating to pass up!  A year or so ago Nicolas Gisin, of the University of Geneva, proposed that the human eye could arguably detect a few photons at a time.  In other words, we can detect extremely low light.

And it only took some time, and a separate experimental investigation into "cascading quantum states" by Francesco De Martini and buddies at the University of Rome to posit that, indeed people could experience quantum entanglement through their retinas.

Thursday, February 12, 2009

Johnny Ong cracks me up...

I had to post this over here... too funny!  Thanks Johnny...

Life's Happenings: People Can Hear What You Say

I was barely sitting down when I heard a voice from the other stall saying: 'Hi, how are you?'

I'm not the type to start a conversation in the restroom and I don't know what got into me, but I answered, somewhat embarrassed, 'Doin' just fine!'

And the other person says: 'So what are you up to?'

What kind of question is that? At that point, I'm thinking this is too bizarre so I say: 'Uhhh, I'm like you, just traveling!'

At this point I am just trying to get out as fast as I can when I hear another question. 'Can I come over?'

Ok, this question is just too weird for me but I figured I could just be polite and end the conversation. I tell him 'No..I'm a little busy right now!!!'

Then I hear the person say nervously... 'Listen, I'll have to call you back. There's an idiot in the next stall who keeps answering all my questions.

Cell phones, don't you just love them.

Monday, February 09, 2009

Secretary has a point...

The Children's and Schools Secretary in Britain has voiced fears of a return to "far right politics and Fascism."
"I think that this is a financial crisis more extreme and more serious than that of the 1930s and we all remember how the politics of that era were shaped by the economy."
Though a former economic advisor at the English Treasure - having a name like Secretary Ed Balls, and an inconsequential title in the British Government is likely to tarnish any message the poor bloke would speak - but it most certainly gets buried under the massive festival of DOOM which our politicians are celebrating these days.

And that's part of the problem.  It's as though every time a politician speaks, Adam's "invisible hand" smacks down the economy with a vengeance.  Likely, those few brave souls confident enough to invest in the economy are busy playing the economic equivalent of the "Hokey Pokey."

And perhaps Fascism will rise in the world - but I really hope not.  Humanity has got to be smarter than they used to be, right?

Tuesday, February 03, 2009

Catholic Meltdown

(update - New York times has broken the news mainstream)

(copied from my facebook note)
Those of you who know me over the years, have perhaps known my hesitation towards supporting the Legion of Christ & to a lesser extent, Regnum Christi.

For some time now - I've been pretty upset that these organizations have lived with a continual denial of unanswered questions and secrets. Now a few more secrets have come to light - and it's pretty ugly stuff for a Catholic order.

I've known about some of these things for a long time. Suffice it to say - that even with the knowledge of these abuses (both public, and still hidden) I still converted to the one, true Faith.

And I could take this opportunity to say I told you so. But, I just can't.

You have in your orders some of the very best people I know. And I mean that. I have to remember that our faith lies with Christ and his Church, not in misguided sins of humanity.

For all my friends in those orders, and who work for them - I pray that you can stay and demand Truth as well as you have demanded excellence and charity so far.

God bless you all.

Zazzle ROCKS!

I love Zazzle! Zazzle is an answer to a 7 year old prayer! If you like it, please let people know about my work!

Radical Rose 7

Thank you!
Steph

Monday, February 02, 2009

You know there's a problem when...

You know there's a problem with a system, when not even the people who MAKE THE LAW can get it right.

Tom Daschle apparently "forgot" about several problems with his tax records - and ended up paying $128k+ in back taxes and fees.

It makes me think of an NPR story from 8-9 years ago - in which a reporter submitted her taxes to 10 different CPA's.   Of course you already know the results - she received ten totally different results, with different taxes owed and very different exemptions.

And why is it that some people "get to amend" their returns - and others "go to jail."  Why do we even jail tax evaders, really?  Wouldn't it be better served to garnish wages or government benefits?

So in essence, are congressmen showing us that to "game" the system your best solution?  Daschle certainly isn't the first - and I can't help but feel jilted when I patiently spend hours(days?) preparing my massive return (business, personal, and this year farm) to get it correct. 

Yes, I've even made a couple of mistakes (wrong SSN number from illegible card, and a single dollar rounding error.. cost me over $250 in fees).

Monday, January 19, 2009

Wednesday, January 14, 2009

Words and actions

Found some choice quotes and writings from the Founders today.  Their public support of Christianity is surprising given the context in which we read of them today.  Here's a couple of interesting quotes.

"The Christian religion," Adams said," as I understand it, is the brightness of the glory and the express portrait of the character of the eternal, self-existent, independent, benevolent, all-powerful, and all-merciful Creator, Preserver and Father of the universe, the first good, the first perfect, and the first fair. It will last as long as the world. Neither savage nor civilized man, without a revelation, could have discovered or invented it." " Religion and virtue are the only foundations, not only of republicanism and of all free governments, but of social felicity under all governments and in all the combinations of human society. Science, liberty, and religion are the choicest blessings of humanity: without their joint influence no society can be great, flourishing, or happy." - John Adams

"I am sure there never was a people who had more reason to acknowledge a Divine interposition in their affairs, than those of the United States; and I should be pained to believe that they had forgotten that agency which was so often manifested during our Revolution, or that they failed to consider the omnipotence of that God who is alone able to protect them." - George Washington

Sunday, January 04, 2009

The Black Swan...

So I've begun to read "The Black Swan" and while I've heard lots of positive comments I'm kind of taking a negative attitude to the book.  Admittedly I'm only a few pages in... but the snideness is a bit rattling.

For example...
"What is surprising is not the magnitude of our forecast errors, but our absence of awareness of it." - prologue xx
Which universe is he arriving from?  I can't disagree with the comment in general, but who do you know that believes in long term forecasting?

I object, because who is the "our" here?  The only promoters of such forecasts are those that derive power from such things.  The Ag Secretary "believes" in the crop forecasts because he is foolish to ignore them - especially when they're right (even if only by chance).

Then he makes ludicrous statements such as proclaiming the Internet to be a Black Swan.  That's about like saying the hammer was a chance invention?  Those of us who watched the internet's growth, encouraged it, debugged and developed it's pieces weren't thinking "I wonder if this is cool?"

Just because the internet suddenly appeared in your life doesn't mean it was a charm springing out of the forehead of Zeus.  No more than the invention of the car, or the airplane.  They are patently obvious to those in the trenches.

But I will give you a real Black Swan of the tech world... Jeff Han's Ted Talk on multitouch interfaces:

Saturday, January 03, 2009

Interesting news...


Thought I'd share a few tidbits of news that have some significance for me.  A lot for a single post - but I think it points towards a much more troubling future, though hopefully I'm wrong.

First, the Vatican has divorced itself from Italian law.  I think the writing was on the wall but it's interesting under-the-radar news nonetheless.

Next, Global Warming may or may not be true - but the trend is teetering towards a cooling period.  Sunspots are at a historic low and point towards a period of cool weather.  This is bad news for crop growers, energy & heating costs, and local governments.

I don't have a news story for this one, but it's been well circulated that Venezuela needs a rather hefty price per barrel ($42 IIRC) and all signs are pointing towards a meltdown there.  In fact the lunacy of energy prices forebodes a troubling situation economically the world over.  Don't call it deflation yet - but if it starts quacking like a duck who knows where this is going?

Lastly the insanity of mortgage re-pricing is reaching lunacy as well. Perhaps the moon really does drive people crazy - being at an all time peak in size this last month.  Casey Mulligan posts the news that if you want to save money on your mortgage - simply WORK LESS!!

So in other words, buy a good coat, work less, and buy the '69 TBird you've always wanted.  You'll make out better than us schlubs apparently.