This is BrainLog, a blog by Dan Sanderson. Older entries, from October 1999 through September 2010, are preserved for posterity, but are no longer maintained. See the front page and newer entries.

November 2005 Archives

November 30, 2005

Freaky video of cornstarch in water, shaken at fixed frequencies.

Motion Mountain: The Free Physics Textbook. Free, downloadable, giant physics textbook.

November 29, 2005

Ruby the Rival. Authors, bloggers and developers, particularly those that work in Java, give their reactions to Ruby as a potential competitor to Java. (Partly to promote the new O'Reilly book Beyond Java by Bruce Tate.)

A nice article on screencasting from O'Reilly Digital Media. By Jon Udell, naturally.

November 23, 2005

In case anyone is interested:

New baby boy!

That's two! Two little kids! *thunderclap* Ah ah ah!

November 19, 2005

AARGH! Uninstaller for Other Sony DRM Also Opens Huge Security Hole. The SunnComm software and its uninstaller is also very dangerous.

It's easy to assume that if there is a market for a kind of software, there will be engineers willing to provide it. This says nothing about the competence of those engineers. I doubt it's a coincidence that software designed to break your computer in one way ends up accidentally slaughtering your computer in others.

November 18, 2005

Real Story of the Rogue Rootkit, Bruce Schneier on the Sony debacle. Bruce points out that Microsoft and anti-malware companies should have responded when Sony launched this software many months ago, but they are only responding now due to public outcry. The reaction represents a double-standard about malware: It's wrong if it comes from organized crime, but OK if it comes from a big company. Does this double-standard represent collusion that undermines our ability to trust providers of security software that's meant to protect us from this sort of thing?

In the case of Microsoft, perhaps, but otherwise it seems just as likely—and just as nasty—that security providers were afraid that disabling Sony's malware might appear to be assisting circumvention of copy protection technology. McAfee and Symantec didn't respond to Sony's software until this month, and so far are only willing to disable the cloaking feature, even though much of what the software does beyond the cloaking is destructive and excessive with regards to the stated goals of the software (preventing MP3s from being made from the CD contents) and within the definition of malware (such as spyware).

Department of Homeland Security US-CERT recommends that you never install audio-CD DRM software, such as Sony's XCP DRM.

Sony has published a complete list of music CDs that were published with the XCP software. They will eventually be replaced with a new printing without the software, but you may want to avoid these for this holiday season.

November 17, 2005

An Overview of Cryptography.

Firefox SessionSaver.

Firefox Scribe.

Both ways to save the contents of form fields prior to submitting the form, for all of us who have to write large amounts of text in forms but tend to accidentally close browser windows before we submit.

A real auto-save solution may be considered insecure (?), but these are certainly the next best thing.

November 16, 2005

Sony to pull (some) controversial CDs, offer swap. Specifically, Sony is pulling music CDs with the First4Internet XCP copy protection scheme off the shelves. XCP has been shown to expose computers to serious security problems, in addition to its intended effects of spying on your listening habits and breaking your computer's CD-ROM drive. Sony has not offered a way to cleanly uninstall the software, nor has it offered compensation for damage caused by the security hole. When pressed, Sony put up a method of removing the XCP software that introduces even more serious security holes. Ed Felten does the research.

Sony has not made any concessions regarding discs with the SunnComm MediaMax protection scheme, which is also known to spy on users and be a pain in the butt. XCP gets all the attention because it does these other ridiculously terrible things, which have inspired Microsoft and anti-virus software makers to swear to combat Sony's software.

It's worth distinguishing between the stated purpose of Sony's DRM mechanism (to prevent you from making MP3s of protected music CDs), the apparently intentional additional effects (to prevent you from discovering the DRM mechanism and removing it from your computer), and other side effects the intentions of which are unknown (surreptitiously communicating back to Sony information about your habits, opening security holes). Many of us are angry about all three categories, but it's worth noting that the software could perform its stated purpose without doing any of the other things. The other effects are likely to be intentional in varying degrees. DRM software that's difficult to remove might be more effective against casual file sharers than DRM which doesn't latch on so hard, so Sony probably did that on purpose. It's hard to believe Sony would intentionally expose my computer to security vulnerabilities, though we're free to wonder if Sony (or First4Internet) wants to reserve the ability to exploit the holes themselves.

But I think the oh-my-gawd-why-did-you-do-it-that-way uninstallation procedure that potentially does more harm than good demonstrates another angle on the DRM issue: There is a likelihood that any given DRM control mechanism will be poorly implemented. Even if we agreed that media conglomerates deserved to restrict how we use our computers or the music we buy, we can't trust them to implement the restrictions in a way that meets our expectations. Accidentally or otherwise, data tied up behind a DRM mechanism is further restricted by the limited quality of the implementation. Unrestricted data is not so affected, because I could always find a better way to access the data. See also: paperless electronic voting machines, DVD players; cf. Firefox with Greasemonkey.

The WSJ article includes an anecdote about Bela Fleck buying a copy-protected Dave Matthews CD and discovering he could not transfer the music to his iPod. Bela insisted that Sony not include copy protection on his own album.

Subversion and Xcode.

November 15, 2005

While Sony has agreed to cease the manufacture of discs that include their XCP copy protection software, found to break basic security protocols as a hacker's rootkit would to hide itself from detection, Sony has not addressed the second of two sets of copy protection included on some Sony-BMG music CDs. MediaMax, from a company called SunnComm, behaves in a similar fashion as XCP, though without the obvious security vulnerability: It installs software without permission, it does not remove destructive components even when asked to do so, and it lies about what it is doing in the end-user license agreement. One of its features is to prevent you from making MP3s from any Sony-BMG audio CD with this "protection". Another is to communicate a serial number back to SunnComm every time to try to play one of these discs. Once again, it falls squarely in the realm of spyware.

Ed Felten has the details.

While there is a version of SunnComm's software that could infect a Macintosh computer, it can't do so unless the user explicitly runs the installer. Windows users with "autorun" turned on (which is on by default) will have their computers infected as soon as the disc is put in the CD-ROM drive.

Significant properties of every integer from 0 to 9,999. I'm not sure I see the significance of 1033 = 81 + 80 + 83 + 83 (someone explain?), but most of these are fun.

November 11, 2005

Sony halts production of 'rootkit' CDs.

Sony DRM affects Macs too. It's not as clear from this report how this software gets run on a casual user's computer, but there is Mac software on the disc in some form. More info in the comments of the Slashdot thread.

November 10, 2005

List of audio CDs that will install Sony-BMG's DRM rootkit on your computer if you stick it in your CD-ROM drive, along with a couple of methods to help identify other discs with the malicious content. Certain music CDs published by Sony-BMG will automatically install invasive software on your computer if inserted into your computer's CD-ROM drive. The software is intended to prevent you from ripping the content off of the CD, such as to make MP3 files to transfer to your portable music player, but does so in a way that introduces security risks and can damage your computer. Indeed, its intended function, to prevent you from making MP3s from CDs you have purchased, could be considered damage, but it's worse than that. (CNet report, Ed Felten here and here, Wired.)

While normally I would expect this stuff to happen outside of the genres of CDs I usually buy, I'm sorry to see The Bad Plus's Suspicious Activity on the EFF's short list. Of course, Sony is doing this without the consent of the artists, so I can't hold it against the group, though the most they're willing to say about it on their web site is to post Sony's instructions for creating "secure" WMA (restricted, not iPod compatible) files from the disc. Mac users are not affected by the rootkit, but such a disc seems too risky to keep around, lest I forgetfully stick it into a Windows box a few years from now give it to someone who doesn't know about the problem. And of course, being broken, it may not work with all of my CD players.

Update: A Trojan Horse found in the wild that exploits Sony's rootkit if it's installed on your system.

Update: A suit has been filed in the State of California against Sony for violation of several California state laws.

Greatest Internet Moments.

Copyright from the 18th century to the Creative Commons and Open Source, Edward Rothstein, NYTimes.

November 7, 2005

Rockslide closes I-90 in both directions. This could be a serious problem for holiday traffic in the state of Washington. The Times article makes it sound like the closure will only be a couple of days, but TV says it could be weeks before the roads are deemed safe.

Oh, and, um, vote no on I-912.

Update: Two lanes could re-open as early as tonight. They're building a fence.

Review of the Matias OS X Keyboard

I recently acquired a Matias OS X Keyboard. So far, it feels decent, but I'm not really taking advantage of its special features. But it's priced like any other keyboard, and the correct placement of the Mac OS X command keys make it a great Mac keyboard.

continue reading...

SpamAssassin 3.1.0 for Dreamhost. DH currently provides SpamAssassin 3.0.3 by default, though some people are saying DH's installation is quirky. This installation tutorial is long and complicated, but it's Dreamhost specific, and I got some good hints from it for using the default 3.0.3 installation.

SA had a problem with reading its own Bayes token files at first, but I moved them out of the way and let sa-learn make new ones, and it works now. Maybe this is one of the quirks people are having problems with.

Another tip from the DH forums: Bayesian filtering won't kick in until it has learned at least 200 messages of both spam and ham. To check the levels:

sa-learn --dump magic

Bluffer's Guide to Fermat's Last Theorem

November 4, 2005

Can you trust Wikipedia? The Guardian gets a few experts to critique entries in their fields on Wikipedia. In some cases, in the amount of time it took for them to write up their complaints, they could have fixed the articles. Of course, Wikipedia being a dynamic entity, some of the entries cited in the article have reacted to the criticism.

Using Image Calibration Techniques to Reduce Noise in Digital Images.

November 3, 2005

Extreme thinking, Michael Nielsen. Bits of practical advice about making a living working through difficult intellectual matters.

Academy of Television interviews, available from Google Video. Awesome.

November 2, 2005

A catalog and comparison of syntax and style for many popular programming languages. How does your language spell if-then-else?

Does Visual Studio Rot the Mind? by Charles Petzold. Are overly helpful IDEs to programming what PowerPoint is to presentations? Is Windows so complicated that it needs an overly helpful IDE?

November 1, 2005

Programming The Nintendo Game Boy Advance by Jonathan S. Harbour.

Screen spanning for iBooks. Normally only the higher end Powerbooks can use an external monitor as extended display space (as opposed to mirroring the laptop's screen on an external monitor, which they can all do). You can use a software hack to enable screen spanning for iBooks.