Side Channels

“Side Channels” is three years old! It has been an interesting year, albeit with little blogging. One of the highlights of the past year was my four week trip to Brazil in April. Good food, weather, people. I visited Rio de Janeiro (Ilha Grande, Rio), Pernambuco (компютриландшафтRecife, Ilha de Itamaracá, Porto de Galinhas), and Rio Grande do Sul (Porto Alegre, and the great town of Vacaria).

In Recife there is a very long beach stretch along a neighborhood called Boa Viagem. It is a popular destination, but used to be more so until in the early 1990s when ecosystem disruption due to development has driven sharks to Boa Viagem beaches. Shark attacks on humans have then become much more frequent. I found this sign interesting as one rarely sees this kind of language on signs, and it was unexpected there in Brazil’s Northeast. Note that the Portuguese portion doesn’t evoke statistics and simply says “Danger: area susceptible to shark attacks.” (Presumably because it is common knowledge over there and the risks are well known).

I realized that “Side Channels” is two years old this month. Not very exciting, is it? Well, it has gotten less of my time and attention in the past six months. A few things led to this… firstly, I was, and still am, busy. I am involved in a few research projects that I am excited about and enjoy working on. I also devote time to people around me who I like to spend time with. Secondly, I feel I don’t have anything profound to say that hasn’t already been said. You’ll notice that I try to be original whenever I can… but it is hard when everyone and their grandmother have a weblog too ;) Over time my expectations of this way of expression settled at the right place. I do not expect to have huge readership and I write whenever and of whatever I feel like. I feel comfortable with that; no pressure.

So, my dear readers, I appreciate those of you who have stuck around and loyally keep coming back for my outbursts. As a thank you*, I give you a recent picture from my trip to Edinburgh with Craigmillar Castle as the backdrop.

_{* Yeah, I know it might seem like I am full of myself, giving a picture of myself as a “thank-you”… but I really like this one and I couldn’t think of anything else to give ;)}

Todd Shriber contacted, what may be considered, random people online soliciting them to hack into his former college and give his GPA a face lift. He gave them all his personal information, including SSN, and some pictures of local squirrels the “hackers” required as “proof”. They, in turn, put the e-mail correspondence online, of course.

Turns out the idiot works as a communications director for a Montana congressman. He was later fired after his extracurricular contractual endeavors were publicized in sites like reddit.

So, two things. Firstly, not everyone who talks shop is an expert… this applies to real life too. Secondly, if people still have not realized that other people are not who they say they are (in real life too!) they deserve this kind of treatment. The more this happens, the more people be careful what they say or write, mostly in consideration of their future. In our world, where everything is recorded and archived, nothing is forgotten. Memory is cheap. Remember this when, in five years’ time, your potential employer asks you about the time you got drunk, busted, and jailed on new years’ eve, as you detailed with pride on your now moldy myspace page. Old-school cool becomes new-school stupid.

Oh, yeah, some fucker stole my bike; the joy of living in Cambridge. Somehow, uncharacteristically to the island, no security cameras covered the scene.

Phil is a good friend and fellow engineer. We met at a now defunct silicon valley start-up years ago. Phil has just discovered the blogosphere, RSS, feeds and all that “experience” and I offered to host his thoughts. Knowing Phil, he’s got a lot to say but very little time, so I hope we’ll get to hear his thoughts often. Phil would like to keep with us only on first name basis for now, so his full identity will remain a bit vague. He described himself as:

Electrical engineer. History buff. Novice investor. Political charlatan.

So, welcome Phil… and I hope our current four readers will be entertained by us both ;)

Word is out. The Light Blue Touchpaper weblog by the researchers at the Security Research Group, Computer Lab, U of Cambridge is active. Humbly, I have to say that it was my idea to start the weblog, but most of the setup work was done by the crafty Steven J. Murdoch. I don’t have much to contribute at this point, but probably write articles there every now and then in the future.

It’s bound to be a great security resource, so check it out.

Yes, it has been a year since I decided it would be a neat idea to put forth my thoughts in a weblog form (just like everyone else and their grandmother, lawyer and milkman). It was a good decision; I enjoyed it a great deal more than I originally expected. First, it made me a better English writer as it is not my first language; second, it made me more inquisitive as I pursue further details on things I might want to blog about (i.e. I gained knowledge;) third, I gave friends and family (and…-shrug-…strangers) an opportunity to keep tabs on me (oddly enough, I’m not much of a talker about private stuff in real life;) and finally, I made new acquaintances and friends, which is more than I bargained for.

I tried to be interesting and contribute original content to the “world” and have gained a handful of loyal readers (you four know who you are) that genuinely makes me happy. I never thought that getting a “new comment” would be so exciting.

A lot has changed in my life during the passing year, both professionally and personally. My enthusiasm with writing has fluctuating irregularly and that was sometimes apparent with the frequency of posts. As of late I’ve had a nagging notion in the back of my mind whenever I though of something to write; it pretty much felt like “who the hell gives a shit about what you think?” (if only more people were capable of such thoughts.) But then the flip-side chimed in — usually too late — with the retort: “it’s your freakin’ weblog and you can write whatever you damn please.” So, these days the first argument wins, a condition that might change in the future, but then again, may not. I will continue to write to you through this weblog… but perhaps less frequently. I have to add that it’s a competitive blogging world out there; with so many damn good weblogs, it’s easy to feel inadequate or not worthy of attention.

I thank you all (still here? good!) for your audience.

Now go do something productive.

It’s been 10 days since my last post. What can I say? I just don’t feel like writing. It’s not a silly “bloggers block” (eeek) I just don’t feel like writing.
I got back to Cambridge, moved, removed all facial hair, and am getting back into research action. In a little while this weblog will celebrate it’s 1^st anniversary and I’ll write a post about the past and future… Am I experiencing the first year hardship that is so typical with relationships? With my weblog? It is needy, after all. Rewind. Back to work.

I like updates, upgrades and new stuff.

I’ve updated to Wordpress 2.0 beta2 and made some cosmetic improvements — at least I think they are — like the “about” box on the top right. I tried very hard to install a “new post email notifier“, but gave up when I got hungry and cranky. If anyone thinks they will use it, let me know and I’ll give it another go.

I did install “subscribe to comments“, something I’d like to see in other weblogs and think is highly useful. You can get notification of any new comments on any particular post, even if you did not comment. It is also very easy to manage your subscriptions as well. Give it a try and let me know of any issues.
There are many plug-ins out there for wordpress, if you’d like to see any on this weblog, just ask.

The upgrade went fairly smooth. But then again, I didn’t have many “after-market” features to migrate. I was kind of disappointed with the lack of new features, though. One of the reasons I upgraded now with the beta is because I wanted to enhance your side-channels experience without needing to do it again when the official release comes out. When I obtain a good picture of myself, that’s going to be up there in the corner to make you feel “connected” :) This is a good time to plug my “Guest map” again… if you are not on it, I’d like you to be.

I’ve encouraged an office mate to create a weblog. I came up with the theme and the names (”Fenglish” and “I’m Chinese. Correct my English”), which I think are quite funny. Feng is a smart guy and a great sport about the whole thing. Check it out.

I’m light on original content today…

I keep on telling people how much fun it is to have a weblog and offer my assistance whenever they need it for setting up or anything else. So here are some good posts for beginner and more experienced bloggers. I have quite a bit to take from the advice dispensed here; things that I was aware of for a while but was too lazy to implement such as a picture of myself with an “about” page and some custom style/graphics. I’ll get to it.

“The Seven Deadly Sins of Blogging” - I pretty much agree with everything written here (except I wouldn’t go comparing JK Rowlings to Shakespeare.)

If all you post say, “hey look what I found over there (link), I think it’s great and you should look at it…”, then you will eventually lose all your reader because you have nothing original to offer.

“7 Mistakes for your First Week Blogging” - Good advice here for beginners and experienced bloggers. I am just now — after nearly a year of blogging — getting over obsessing over my stats.

“Been blogging 6 months” - Great advice from a pure genius.

While we’re on the topic of lists, here’s a good one:
“The Top 100 Things I’d Do If I Ever Became An Evil Overlord”

Enjoy.

Spam mostly come from zombie computers. Weblog comment spam comes from zombie networks as well.

I am getting about 40 a day now; all of which are put in my moderation box because they contain words that are in my blacklist (these people are not very creative on the content front.) The IP address that the comment came from is recorded and contained in the email I get notifying me a new comment has been posted. Although it won’t point to the spammer, I though it would be nice to map where the spam is coming from using the Google maps API. In a more effective and useful form, bloggers may send a dedicated webpage their comment spam and it will add the IP to the map/database. Wordpress or other tools can be made to send a copy of the email to this website automatically upon detection of comment spam (there is really no privacy issue here.) I think that would be neat and may help in some way to identify spammers. If anyone is interested in making this happen, let me know, I’ll contribute what I can.

SM pointed me to mailinator.com which is a on-time-e-mail service that is very cool… and also to hostip.info for getting IP information… go there and see if they got your location right.

I’m going to ignore my no-link-followed-by-a-one-liner rule for the sake of the best new weblog around… the Dilbert blog. Awesome! puts it concisely.

I also get the daily Dilbert.

I’ve first seen these on Kyle’s weblog and now I got one of my own (if you read my actual post, you’d notice I was way, way, waaaaaaaaay off in my prediction.)

These post related comment spam (PRCS) are ones that relate to the topic of the post. In Kyle’s case, it was obvious advertising by a bot without much content and even then, we were contemplating whether it should be deleted. But since we had the discussion on its merits, the comment had to stay.

The recent PRCS I got was obviously written by a human that wanted to link to his new webpage and it was very related to the post content. And although the person did ask for my opinion, I believe that it still does not constitute an attempt to spark a discussion. I concluded that it was motivated by PageRank, nothing more.

I’m leaving it for posterity because I am writing about it, otherwise, I would chalk it up as spam.

What do you think?

As a side note, I am getting tons of comment spam lately, any of you bloggers seen a spike as well?

Folks,

LOOK UP!

I’ve changed the name of my weblog to “Side Channels” to better reflect the underlying theme of this log (security) and also to convey my attitude… I like looking/thinking at/of things from a different angle. Doing so reveals new things that come contrary to common wisdom, and may also enable one to find vulnerabilities (as in the field of security.) I intend to do a lot of that during my studies at Cambridge.

I also created a subdomain for the weblog, weblog.saardrimer.com (surprise!) and the permalink structure is a bit different now… %postname%_%post_id%.

So I have a few requests:
1. Change the link and name if you link to this weblog.
2. If you know of other weblogs named “Side Channels,” let me know ASAP (I couldn’t find any.)
3. Tell me what you think of the new name.
4. Continue to visit!

Cheers.

Truth be told, my weblog has not grown in terms of readers for the last 4-5 months. You 4 are the devoted friends that come to read my musings on a basis I can set my clock to. I thank you for your persistence.

No, I am not ready to give up yet.

You see, it is my fault. I think I am not providing enough interesting content. Maybe I can’t; should my ramblings be interesting to a wide crowed? However, I see the crap posted on other weblogs with great following and lively discussion and it makes me I wonder (a lot!) Maybe I censor myself too much so my content would not offend anyone. Maybe my weblog is too “intellectual” (i.e. boring) or perhaps I am not specialized enough. Or is it the frequency of my posts? It might be the vanilla presentation of this weblog, or lack of colors, features, ads and counters. Many things can contribute to lack of growth.

So I ask you, my dear readers, tell me what can I do to make this weblog better (and consequently, more popular… after all, my goal is to have a discussion and exposure to the things I write.) You all are avid readers and people I know have valuable input. I encourage you, then, to give it. Provide me with concrete advice and criticism and be as blunt as possible.

MyGuestMap lets you, my dear reader, put yourself on the map and be counted! Don’t miss this golden opportunity to let me know where you are reading my writings from. All 4 of you should take the time to so!

Click here to start, it takes a second (also under “links” on the right.)

Zoom in to your exact location!

…was on 31/08/05 or 08/31/05 depending on how you look at it. I was not aware of this event until I read about it on Stuart’s weblog.

BlogDay2005 is the brainchild of Nir Ofir from SparkArmada. Basically, on 31/8 bloggers are encouraged to link to 5 other weblogs to expose their readers to them. It’s a nice idea and if I still log next year, I’ll be timely about it too.

I’m thinking that it’s never too late so here are my 5 “references”…

Enjoy.

For the last few months I’ve noticed that I get a ping from the msnbot/1.0 roughly every couple of minutes. It’s really messing up my statistics. In addition, it is taking from my bandwidth allowance; that’s minor because I am not even near my monthly limit (I rarely get beyond single digit percentage.)

I want to be indexed in a timely manner, just like the next guy, but when my “last 300 visitors” stats is 90% MSN bot, I think it is a little too much. Comparatively, I get a visit from the yahoo and google bots once every couple of weeks. I could edit the robots.txt to ban the bot, but there is no need as it is not doing any real damage.

I could not find anything on the web to explain this onslaught of pings, anybody has seen one? Perhaps someone at MSN likes my weblog.

I’ve concluded my brief visit to Cambridge and now I am back in Israel after nearly a 2 year absence. I haven’t left my air conditioned parents’ house yet dreading the humidity and heat blast I will have to endure. Besides, the culture shock one comes to expect when returning here is not really something I look forward to; if you ever been here as a visitor, you’ll know what I mean. On the other hand, this is where I feel at home because I know what to expect and how to behave without feeling like a fish out of water as I do anywhere else. It’s also the only place where I don’t need to fill in papers when I go through immigration. Of course, by other hard core Israelis I am already considered a dropout and they can even detect an American accent in my Hebrew. I’m OK with that.

I might write more about Israel while I am here with all the disengagement action going on, but I might not. Israel was dealt a bad hand from the world press over the years, and I don’t want to contribute to that from the “inside.” Instead, I try to be more constructive and informative so people understand the news better.

on another note…

The highlight of yesterday was spending time with my mom, brother, sister and soon-to-be 2 year old niece. That little girl is really something. However, she wouldn’t get close to me. She’s got a very fast response time, this is how it went:
me: “Sapir…”
her: “What?”
me: “Come to Saar.”
here: “NO!”
me: “Why?”
her: “mommy.”

I thought that routine was amusing, but can’t think of why this would be of any interest to you readers; I left it in all the same.

I’ve been blogging for about 6 months now and wanted to share my experiences and what I have learned about this medium thus far. It might even be useful for other greenhorn bloggers.

Original? I often start a draft and while writing it debate whether I am bringing something new to the table. My intention is to be original and not recycle headlines or repeat common wisdom. However, realistically, most things have been said in one form or another. If I think my point is not strong or the “original is marginal” I chuck the draft. Otherwise, I post it and then look for what other people had to say about it. I never knowingly present ideas that are not solely my own; if they are not, I give credit.

Controversy. Controversial post spark a discussion which is the essence of the “blogosphere.” The right balance, however, is to create a place for civilized discourse while not being blatantly offensive to any of the readers. I try to maintain that balance by not yielding to spontaneous ranting that might not suit this medium or reflect poorly on me with time. I try to consider each cpleted post for a while and sometimes let others read it before I publish it.

Length. People don’t read long posts, so I try to keep them short. In most cases I don’t write everything I can or want to say for the sake of brevity. I am not en expert (yet!) with an audience craving for my new insights, so I feel like every post should be regarded as an elevator pitch. The goal is to have people come back for more and be intrigued enough to start a discussion.

Frequency. It seems that people read only the most recent entries when they come upon the weblog. I think that the frequency should be proportional to the traffic in order to maximize the exposure of each post. At this time, I believe that a new entry every 2-3 days is optimal. It also depends on the content; some posts are duds and others are more popular. I am always surprised by my inability to guess the popularity in advance.

Time. I found that it takes me at least an hour to complete each post. It is more than I expected originally (hey, it looks easy, right?) but quality takes time and I won’t settle for mediocrity.

Thread. This weblog is a mishmash of topics with little connection between them; they reflect my thoughts at the time. The common thread is therefore, me.

Read and comment on other people’s weblogs. Thats the best way to increase traffic on your weblog if you have one. In turn, other authors will visit your weblog and there is good potential for “cross-traffic” and making new aquentances.

Linking to other people’s posts increases traffic and gives credit where it is due.

Overall, I enjoy blogging tremendously and I intend to continue posting for as long as I have time to do so and still be original. I also appreciate comments; it is always a delight to get remarks from people because it means they actualy read something I wrote.

If you read my weblog, like it, hate it or have anything to say, please speak up.

My most viewed post, btw, is #33, “the solitaire effect”.

Thanks for reading.
saar.

I went on a two an a half day solo hike in the “Ventana Wilderness” (part of the more known “Big Sur country”) to get away from it all. Haven’t seen a soul.

I hiked along the Carmel River; all told, I covered about 19 miles and roughly 45 wet river crossings. I carried all the equipment/water/food needed on my back so it started heavy and became lighter as I went. My muscles are aching as they have ever been; it has been a while since I ventured out on an all-inclusive intense hike like this. As I was lying in my tent I was thinking of some good weblog posts and was formulating them in my head; I reaffirmed how much I enjoy this weblog business.

I got back home all excited to see if there are new comments on the weblog (none, sigh) and check my emails only to find that the internet connection was down. After hours of retrieving all phone numbers (the old fashioned way) and router/access passwords it turns out that SBC changed the login to include @pacbell.net.

Alright, enough with the excuses for no new content for the last week ;)

* John Fedak has good pictures of this trail here and many others here.