netjeff.com – Page 31

So they are getting closer to film, but still have a ways to go. For example, what about contrast, film speed, etc? Take a look at http://pic.templetons.com/brad/photo/pixels.html and http://www.templetons.com/brad/nondig/ for good discussion on the relationship between digital and film.

Also, every "pixel" in film has at least 8 bits of red, green, and blue. But in most digital sensors, each pixel only record 8 bits of red, green, or blue; the pixels are laid out in a mosaic. So the effective resolution compared to film is only 1/2 to 1/3. The exception is the (still in prototype) Foveon X3 sensor. The Foveon does 8 bits of RGB for every pixel. They have a good discussion at http://www.foveon.com/X3_better.html with image comparisons at http://www.foveon.com/X3_comparison.html

Redneck neighbor

Posted onSeptember 12, 2002AuthornetjeffLeave a comment

This is very funny, mostly because of the writing style.

http://www.knology.net/~carlos/redneck.htm

Info on burning CDs

Posted onSeptember 9, 2002AuthornetjeffLeave a comment

http://www.mrichter.com/cdr/primer/primer.htm

Not exactly a tutorial, more like a reference.

A new crime: interference with a business model?

Posted onAugust 19, 2002December 30, 2007AuthornetjeffLeave a comment

The entertainment industry is desperate.

First they convince congress to pass the Digital Millennium Copyright Act (DMCA), which, among other things, could make it illegal to loan a copy of your e-book to a friend.

Now they've convinced Rep. Howard Berman to submit the "Peer-to-Peer Piracy Prevention Act, a bill (PDF) that gives the entertainment industry the special right to hack your personal computer if they suspect you are violating copyright (they don't need to prove anything, just suspect). Think of it like this: If a mugger steals your wallet, are you allowed to burn down his house? No, that's called vigilantism and it's illegal. But that's what the entertainment industry is asking for the right to do.

Bruce Schneier this to say in the 15 Aug 2002 issue of Crypto-Gram (emphasis mine):

To me, it's another example of the insane lengths the entertainment companies are willing to go to preserve their business models. They're willing to destroy your privacy, have general-purpose computers declared illegal, and exercise special vigilante police powers that no one else has…just to make sure that no one watches "The Little Mermaid" without paying for it. They're trying to invent a new crime: interference with a business model.

Security: how well does it fail?

Posted onAugust 13, 2002December 30, 2007AuthornetjeffLeave a comment

Excerpts from an article in the Sept 2002 issue of "The Atlantic":

Indeed, he [Bruce Schneier] regards the national push for a high-tech salve for security anxieties as a reprise of his own early and erroneous beliefs about the transforming power of strong crypto. The new technologies have enormous capacities, but their advocates have not realized that the most critical aspect of a security measure is not how well it works but how well it fails.

[Here's an example of measuring how "good" security is by how well it fails]

… at Sea-Tac Airport, someone ran through the metal detector and disappeared onto the little subway that runs among the terminals. Although the authorities quickly identified the miscreant, a concession stand worker, they still had to empty all the terminals and re-screen everyone in the airport, including passengers who had already boarded planes. Masses of unhappy passengers stretched back hundreds of feet from the checkpoints. Planes by the dozen sat waiting at the gates.

In Seattle a single slip-up shut down the entire airport, which delayed flights across the nation. Sea-Tac had no adequate way to contain the damage from a breakdown — such as a button installed near the x-ray machines to stop the subway, so that idiots who bolt from checkpoints cannot disappear into another terminal. The shutdown would inconvenience subway riders, but not as much as being forced to go through security again after a wait of several hours. An even better idea would be to place the x-ray machines at the departure gates, as some are in Europe, in order to scan each group of passengers closely and minimize inconvenience to the whole airport if a risk is detected — or if a machine or a guard fails.

xplanet (desktop background)

Posted onAugust 4, 2002December 30, 2007AuthornetjeffLeave a comment

Renders an image-mapped picture of Earth (or other planets) as your background

http://xplanet.sourceforge.net/

Also has support for mapping a "cloud layer" onto the Earth, using real time(!) visible image data from satellites (eg. GOES). It can do a ton of other stuff too, including plotting satellite tracks, earthquake locations and magnitudes, city names, etc.

Available for unix and Windows.

Buffer-overrun attacks

Posted onAugust 1, 2002AuthornetjeffLeave a comment

This is a short summary of buffer-overrun attacks:

http://www.rsasecurity.com/rsalabs/technotes/buffer/buffer_overflow.html

It's not especially technical, but it does use some simple examples written in C.

TCPA / Palladium Frequently Asked Questions

Posted onJuly 16, 2002December 30, 2007AuthornetjeffLeave a comment

This is potentially scary stuff:

http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html

Think of the TCPA/Palladium intiative as making your computer more trustworthy for software vendors and media companies, but makes you trust your computer less because you'd never know when files might be deleted or software would be disabled remotely.

Counterexploitaion

Posted onJuly 12, 2002December 30, 2007AuthornetjeffLeave a comment

http://www.cexx.org/

Do you ever feel exploited…

… when a telemarketer calls?
… when you receive spam in your mailbox?
… when software you install spies on you?

Then this is the site to help you get even — exploit the exploiters.

Analysis of TCP sequence number vulnerability

Posted onJuly 1, 2002December 30, 2007AuthornetjeffLeave a comment

This is some very technical stuff. But if you already know what they are talking the whole article is very interesting. They look at a variety of OS's including the Windows versions, Solaris, Mac, etc. Below is an excerpt of the introduction from the paper:

Upon connection via TCP/IP to a host, the host generates an Initial Sequence Number (ISN). This sequence number is used in the conversation between itself and the host to help keep track of each packet and to ensure that the conversation continues properly. Both the host and the client generate and use these sequence numbers in TCP connections.

As early as 1985 there was speculation that by being able to guess the next ISN, an attacker could forge a one-way connection to a host by spoofing the source IP address of a trusted host, as well as the ISN which would normally be sent back to the trusted host via an acknowledgement packet. It was determined that to help ensure the integrity of TCP/IP connections, every stream should be assigned a unique, random sequence number. The TCP sequence number field is able to hold a 32-bit value, and 31-bit is recommended for use by RFC specifications. An attacker wanting to establish connection originating from a fake address, or to compromise existing TCP connection integrity by inserting malicious data into the stream [1] would have to know the ISN. Because of the open nature of the Internet, and because of large number of protocols that are not using cryptographic mechanisms to protect data integrity, it is important to design TCP/IP implementations in a way that does not allow remote attackers to predict an ISN (this is called a "blind spoofing" attack).

Read More …