Side Channels

“Side Channels” is three years old! It has been an interesting year, albeit with little blogging. One of the highlights of the past year was my four week trip to Brazil in April. Good food, weather, people. I visited Rio de Janeiro (Ilha Grande, Rio), Pernambuco (компютриландшафтRecife, Ilha de Itamaracá, Porto de Galinhas), and Rio Grande do Sul (Porto Alegre, and the great town of Vacaria).

In Recife there is a very long beach stretch along a neighborhood called Boa Viagem. It is a popular destination, but used to be more so until in the early 1990s when ecosystem disruption due to development has driven sharks to Boa Viagem beaches. Shark attacks on humans have then become much more frequent. I found this sign interesting as one rarely sees this kind of language on signs, and it was unexpected there in Brazil’s Northeast. Note that the Portuguese portion doesn’t evoke statistics and simply says “Danger: area susceptible to shark attacks.” (Presumably because it is common knowledge over there and the risks are well known).

In 1992, when I was 17, I traveled with my father to the US for a few weeks. We had a family friend living in Huston, whom we wanted to visit. He was away and due back a day of so after we arrived so he gave my father the alarm access-code so we can help ourselves in. We arrived at the house late at night, something went wrong with entering the code, and the alarm went off. Almost instinctively my dad rushed me to the car and we drove off to check into a motel for the night. My dad explained that we were likely to end up in jail if the police got to the house, regardless of our explanation. Back then I thought it was a bit extreme; surely we can reason our way out of it, like we would be able to back in Israel. Looking back at it, it was probably a reasonable choice given the circumstances.

Today, if we were caught, in addition to being arrested we would surely be additionally tased for bad measure. The near-daily news of people being tased for no good reason reminded me of my story above. Some taser cases and videos can be found on top hits from reddit on the topic; Andrew Meyer coined the “don’t tase me, bro” catch phrase while being tased after making a bit of a fuss asking John Kerry some questions; here’s the comic. Some people die after being tased, though the marketing says that the tool is supposed to be non-lethal. But when you give people a “non-lethal” alternative to verbally or physically dealing with other people, it is a natural outcome that it turns from an alternative to a norm. This is the situation today, with cops tasing without much thought and it seems as though the chances of being tased is largely random, mostly depending on how the cop feels at the moment. With the general sense of paranoia and justification that anything is permissible in the name of security and anti-terrorism, all you have to do is act out of the ordinary, like being slow to hand a cop your proof of insurance; Schneier calls this “The War on the Unexpected“.

This arbitrary taser treatment given by trigger happy cops is scary, and certainly does not contribute to a general feeling of security it was meant to promote. The long term effect is the continuous erosion of trust in police and the “system” — not that it is in any good shape currently — which will be difficult to recover from even if tighter controls are placed on taser use. When this happens the unintended consequence would be that police lost the “touch” of actually dealing with people, and even worse, they would use their lethal weapons (guns) more casually than before. I wouldn’t be surprised to hear in the near future of a case where a cop claims that he/she reached for the taser, but instead shot the poor speeder in the chest with a lethal bullet.

I guess I am un-cool, trying to purchase a pair of jeans that are NOT “pre-washed”, “pre-patterned”, and “pre-torn” (George Carlin comes to mind with all this excessive use of pre-whatever).

I have just returned from a 10 day trip to Boston, where I attended a conference and presented a paper (which won “Best Student Paper“!) One of the items on my shopping list was a new pair of jeans, as my previous ones are torn, patterned, washed from real-life events. I wasn’t prepared to how difficult this would be.

Essentially, most jeans today come “pre-cooled”, which means that they have patterns on them that emulate heavy use and have torn bits which are “pre-patched”. When I confront “sale associates” with this issue they are a bit dazzled but soon realize that indeed, I am in a bit of a “situation” as non of the jeans they have on offer answer to my unique requirements: jeans that look new! (Some “associates” said that that is the first time they ever thought of this.)

I finally found a pair at Macy’s; it was not exactly the figure I was looking for, but I figured that if I want new jeans that looked new, my options are incredibly limited.

Good news: some nice days in Cambridge.

Bad news: I’m balding.

I remembered a story from my undergraduate days… one of those things you recall and can’t imagine doing again. I took a mandatory “technical writing” class in my junior year. I absolutely hated the professor (Tara M.), who seemed to hate anyone of my gender and was not afraid to show it by preferential treatment. The first words out of her mouth in the first day of class were “I am god, and you will do as I say.” “Yeah, that’s going to go well,” I remember thinking.

Towards the end of the term we had to give a 5 minute presentation on any topic we chose. This is peace-lovin’, hippie, lovey-dovey Santa Cruz, remember. I decided to give a presentation on types of hand grenades, how to throw them, and what to do if a fragmentation kind comes flying your way. I’m sure she (and possibly others) didn’t like me any better after that, but I was satisfied ;) I got a ‘B’ for the class and some respect from gamers. But I think that I learned the most from writing a three page formal complaint to the head of the department about her skills as a teacher. I’m not sure if that had anything to do with her leaving UCSC a couple of years later; google doesn’t show her teaching elsewhere. I suppose that “god” retired from teaching.

Some of the readers of this weblog can vouch for the accuracy of this story (some proof-read my letter ;) Now I am going to see if I still have it and the presentation somewhere.

Last night I happened to watch Rambo: First Blood. Of course, this is not the first time I’ve seen it, but it has been a while. The cruelty these vets suffered from the population upon their return always struck a chord with me. For the record, Rambo I is a good movie; it has what we would call today “moderate violence” and a decent message and dialog (unlike its successors). I dare say that even the acting was good. These were the times where they (Hollywood) had to produce a good script because they couldn’t distract the audience with visual effects like they do today.

Anyway, I remembered that as a child and young teenager, I was convinced that the Vietnam War was invented by the movie industry as a ruse to produce war movies. I think I had the notion of this “fake” war because I only heard about it in the movies. Then I grew up and found out the sad truth. In Israel, they didn’t teach us about these wars; we had plenty of our own.

Lately, I am increasingly annoyed with people assuming that a lack of an answer means a “no” when they are invited to do something. Well, it isn’t! A lack of an answer means (surprise!) a lack of an answer. I’d much rather hear a “no, I won’t come to your lousy party even if you served the last drink on earth” than a silenced cop-out. At least I know where I stand.

People are embarrassed/shy/uncomfortable saying “no” in general, for some odd reason. Delaying a “no”, or not giving it at all, hoping that everything will just magically go away — like kids closing their eyes assuming no one can see them anymore — is disrespectful for the other person’s time and effort. Yes, I believe that saying “no” is a sign of respect only second to a “yes”, of course (unless it is a “courtesy invite”, but that’s another matter), while non-answer is, you guessed it, insulting.

I don’t require a reason. I don’t care. Why do people feel obliged to give an, often made-up and unimaginative, excuse to weasel out of something they don’t want to do? I long for the day where I can comfortably say “Nah, don’t feel like it” (those who know me already know that I often do it anyway, but it is socially unaccepted and considered impolite, especially around relative strangers, and I end up looking like a weirdo).

So, for those of you that interact with me… say “no” without the excuse and I promise to never-ever-ever-ever be insulted or ask why. But for goodness sake, do it quick.

A few weeks ago Steven J. Murdoch and I released a video of a Chip & PIN terminal playing Tetris (YouTube version). Back then, I alluded to the fact that this is just a small part of something grander. We were working on an experiment that showed a particular vulnerability Chip & PIN is prone to. This is important because banks now maintain that if the PIN was used, then the customers must prove they were not negligent, which is impossible (given that they do not have access to the evidence and no way to show that no one has been looking over their shoulder, for example). Therefore, due to at least one way of defrauding customers who clearly have not been negligent with their PIN, they should be reimbursed.

Anyway, there is a somewhat of a technical article on ZDNet, with more info here, and Steven dissecting an insulting response from the Financial Ombudsman Service to a customer who seeks to know on what grounds he has been refused a refund.

What was missing from the media hype over this is what is included in the academic paper. In it, not only do we describe the attack in detail, including background, we also describe and implement a defense against it called “distance bounding”, which is the main contribution.

In addition, we spilled the beans on prime-time TV here on the island’s BBC1, in a program called “Watchdog“, which is a popular and long running consumer-watch program. This was quite an experience and I learned a lot from it. We spent about 11 hours with the crew, with the outcome of about 2 minutes of us appearing and a not-so-clear representation of the attack. Sigh. Before all this, I thought TV was evil; let’s just say I have not changed my mind.

I cannot post the video publicly (it would probably infringe on someone’s rights) but if you’d like to see yours truly say the line in the heading of this post on TV, email me at <first name><last name>@gmail.com.

UPDATE: Someone has posted the segment on YouTube, here. If you want a better quality version, email me.

I realized that “Side Channels” is two years old this month. Not very exciting, is it? Well, it has gotten less of my time and attention in the past six months. A few things led to this… firstly, I was, and still am, busy. I am involved in a few research projects that I am excited about and enjoy working on. I also devote time to people around me who I like to spend time with. Secondly, I feel I don’t have anything profound to say that hasn’t already been said. You’ll notice that I try to be original whenever I can… but it is hard when everyone and their grandmother have a weblog too ;) Over time my expectations of this way of expression settled at the right place. I do not expect to have huge readership and I write whenever and of whatever I feel like. I feel comfortable with that; no pressure.

So, my dear readers, I appreciate those of you who have stuck around and loyally keep coming back for my outbursts. As a thank you*, I give you a recent picture from my trip to Edinburgh with Craigmillar Castle as the backdrop.

_{* Yeah, I know it might seem like I am full of myself, giving a picture of myself as a “thank-you”… but I really like this one and I couldn’t think of anything else to give ;)}

All good things, though…

On Christmas day, Steven Murdoch and I decided it would be fun to post a video of a Chip & PIN terminal playing Tetris on our group’s weblog. It was an excuse to say merry Christmas and happy new year to our readers. Then, I spent a week in Edinburgh, which is a lovely city, even in the winter. If you haven’t been, I’d recommend. Rosslyn chapel was really nice. They are doing really well due to the “Da Vinci Code Effect”–people flocking places Brown mentions in the book. Regardless, worth a visit. The Scottish parliament was nice, people were nice… I’ve seen enough castles for a year or so, though. I also learned about the Scottish history and now understand better the “situation” between them and the English. The Hogmanay on new year’s eve was canceled due to 70 mph winds, but that wasn’t a big deal.

When I got back I found out that a paper of mine got accepted to a workshop, and I need to produce a final version. Then, our little “Tetris stunt” was picked up by some blogs and it went crazy from there… newspapers, radio… I’ll save you the details. It did, however, culminated in a Slashdot mention, which made us pretty damn happy.

Since no one is reading this very weblog anyway, I can say that there is more surprises to come on the “Tetris” front! Stay tuned.

Todd Shriber contacted, what may be considered, random people online soliciting them to hack into his former college and give his GPA a face lift. He gave them all his personal information, including SSN, and some pictures of local squirrels the “hackers” required as “proof”. They, in turn, put the e-mail correspondence online, of course.

Turns out the idiot works as a communications director for a Montana congressman. He was later fired after his extracurricular contractual endeavors were publicized in sites like reddit.

So, two things. Firstly, not everyone who talks shop is an expert… this applies to real life too. Secondly, if people still have not realized that other people are not who they say they are (in real life too!) they deserve this kind of treatment. The more this happens, the more people be careful what they say or write, mostly in consideration of their future. In our world, where everything is recorded and archived, nothing is forgotten. Memory is cheap. Remember this when, in five years’ time, your potential employer asks you about the time you got drunk, busted, and jailed on new years’ eve, as you detailed with pride on your now moldy myspace page. Old-school cool becomes new-school stupid.

Oh, yeah, some fucker stole my bike; the joy of living in Cambridge. Somehow, uncharacteristically to the island, no security cameras covered the scene.

Just a ping to say Happy new year, Merry Shopping Christmas, Greasy Hanukkah, or whatever else people are celebrating at this time of the year.

I know for a FACT, though, that something awesome is waiting for us all next year!

Balls of Fury

YEAH! It’s going to be awesome! I hope it shows on this island here… but I doubt it. I’ll just have to fly over to the US for the premier.

Good.

Good news I am still alive. Bad news is that I lost the mood to blog, for now.

Doing OK, busy with trying to make some productive progress towards the PhD thing. Been to Spain at the end of September and going to Ireland this coming weekend. In the meantime I attended the 10^th annual “Apple Day” in Cambridge’s Botanic Garden. I sampled many apples (roughly 30 kinds) with the favorite being “Ashmead’s Kernel“, an “old” apple concocted in the 1700 England:

An old English winter russet, medium size, golden-brown skin with the crisp, dense, yellowish flesh, characteristic of russets: sugary and aromatic with intense flavor. Winner of taste tests and has some resistance to scab and cedar apple rust.

(These descriptions remind me of wine labels… they mean absolutely nothing until you’ve had a sip. They are so silly too! But I digress…)

Not much else to publicly report.

High-tech church (Norwich Cathedral): can you spare some credit card? Just slide it in the slot.

“Eat British Beef with Confidence” or, “We’ll do our damn best to keep the existence of mad cow in your beef to ourselves.” I’ve never eaten with my confidence, I wonder what it is like.

(more…)

Warning: personal reflections ahead. If you are prone to crying, move to something else, or get a tissue ;)

I left Israel at 22, lived in the US for 8 years and now have spent a year in the UK, looking at at least two more there. I no longer speak perfect Hebrew (some say I have an “American” accent, but it is hard for me tell) and my English isn’t perfect either. While in Israel, I don’t feel I belong anymore, I have not felt home in the US (couldn’t afford it, hehe) and I’m certainly not feeling it in the UK.

The conclusion is that I’m in-between—this is the life I chose. Looking for the positive side of all of this I concluded that while I gave up feeling “home,” I gained the ability to live anywhere. So, basically, I am open to any place without much hardship. This attitude is in contrast to the people who are perpetually afraid to leave their comfort zone—and yes, family and friends—and move on to something different with ease.

Was it worth it? Not sure, but it is too late to futz about it. Oops… I just did ;)

I’m going to attempt coining a new term now (if you are aware of an existing one, let me know.)

leighvoice: The change in voice pitch men have when they talk to their significant other over the phone.

You know what I’m talking about. I’ve noticed this before, but certain members of our group have reminded me of this phenomenon as I eavesdropped for my research. The “leighvoice” is named after the wife of a certain member who exhibited the most pitch differential I’ve had the privilege of hearing.

Yes, I’m talking about Miami Vice! The best actors of Hollywood team up to give us a thrilling ride, full of depth and introspection. We’re going to get a rare glimpse into the lives of the people who make this world safe (it’s based on a true story, the original Miami Vice TV series.)

Some notable quotes:

Foxx: There’s “undercover” and then there’s “which way is up.”
Ferrell: You think I’m in so deep, I forgot?
Foxx: I never doubted you.

and

Chief: Things get emotional, moves get messy; moves get messy and the wrong people die!

Deep stuff! I’m SO going to see it!

(OK, so I think I’m going to have some trouble getting someone to come see this with me, if there are any volunteers out there, let me know; we can negotiate how much I pay for your ticket ;)

I had an idea for a research project and pitched it to Markus… after a brief intro, Markus constructed his own version of where this will go and I constructed my own… each in our own minds. This was a couple of days ago.

Today, we sat down to talk about it; we were both excited about the prospects… Markus laid out his mental version and I found it a bit uninteresting. Then he asked me to describe what I had in mind… after I was done, he said “that’s exactly what I was saying!”

We figured that we both used terminology that we are used to and took it where we were comfortable with, but we were in fact having the same ideas.

This happened to me in the past, but it was never this pronounced.

Exam administration in large is fundamentally flawed because it
1) tests mostly for memory capability rather than analytical ability, and
2) tests for performance under extreme pressure.

Both are very bad metrics for predicting the academic ability of a person because in the real-world these conditions are rarely present, BOCTAOE. And sure, memory is somewhat of an indicator for capability but not without the other (and besides, we now have Google to compensate.) Einstein said that “education is what remains after one has forgotten everything he learned in school.” In other words, education = understanding, not memory.

I’m a poor test taker, so you might question my motivation for changing the system although I honestly feel that what I propose is fair for all and a much better indicator for capability than current methods.

All exams should be
1) open material (anything paper allowed except for the one in front of the person sitting next to you,) and
2) loosely bounded by time (say, x3 the present settings.)

This will allow for
1) hard questions based on understanding rather than memory, and
2) elimination of the pressure element that is a differentiation factor that has very little to do with real life requirements.

The only down side to this is that it requires more work from the people who write the exams, which is the very reason why it will never be implemented. I had two teachers at UC Santa Cruz who implemented the above; they were the best educators I have ever had (if you are curious who they are, email me.)

I’ve returned from a week in Belgium a couple of days ago… maybe I’ll write about it. Maybe not, though; I don’t feel like writing long articles these days.

“Our creepiest genetic invention, the dog” on Slate is a good read with interesting links.

Not all our designs were utilitarian. We made some breeds just for fun. Some, like the Pharaoh Hound, were thought to be ancient because they looked like dogs drawn on Egyptian tombs. But last year, when we checked their DNA, we found no evidence they were older than modern breeds. Apparently, breeders crafted them by mating dogs that looked like the drawings. Life imitated art.

I remember hearing a rebuttal for cruelty to cows claims that went something like… “they are the most successful animals in history!” Meaning that by their utility to humans they outlived their time. This is more of an interesting insight than excuse, though.