RSS Feed

‘tech’ Category

  1. well, gee, thanks!

    July 9, 2007 by Saar Drimer

    studentuniverse.com sells cheap airline tickets for students. They also have a neat little bonus they give for free to every student who signs up!

    For your protections we will not spam you

    That’s like me demanding a medal for my good social conduct because I don’t go around randomly punching people in the face.

    Well, thank you very much studentuniverse.com for protecting me from yourself and for practicing restraint with regards to your right to spam me and sell my information! It is also much appreciated that you are using my private information only for the purpose I am providing it for. (link to page imaged above).


  2. first patent issued, finally

    May 16, 2007 by Saar Drimer

    The first patent I submitted while I was at Xilinx was finally awarded. It was frustrating to wait nearly four years for the system to process it, though. The patent system is kind of broken and bad patents do manage to go through, but this one was actually useful. We’ll see how the other five I have in the pipeline take to be approved ;)

    “Method of measuring the performance of a transceiver in a programmable logic device” (USPTO, PDF)


  3. “I’ve got a customer”

    February 10, 2007 by Saar Drimer

    A few weeks ago Steven J. Murdoch and I released a video of a Chip & PIN terminal playing Tetris (YouTube version). Back then, I alluded to the fact that this is just a small part of something grander. We were working on an experiment that showed a particular vulnerability Chip & PIN is prone to. This is important because banks now maintain that if the PIN was used, then the customers must prove they were not negligent, which is impossible (given that they do not have access to the evidence and no way to show that no one has been looking over their shoulder, for example). Therefore, due to at least one way of defrauding customers who clearly have not been negligent with their PIN, they should be reimbursed.

    saar drimer, steven murdoch on watchdog bbc1Anyway, there is a somewhat of a technical article on ZDNet, with more info here, and Steven dissecting an insulting response from the Financial Ombudsman Service to a customer who seeks to know on what grounds he has been refused a refund.

    What was missing from the media hype over this is what is included in the academic paper. In it, not only do we describe the attack in detail, including background, we also describe and implement a defense against it called “distance bounding”, which is the main contribution.

    In addition, we spilled the beans on prime-time TV here on the island’s BBC1, in a program called “Watchdog“, which is a popular and long running consumer-watch program. This was quite an experience and I learned a lot from it. We spent about 11 hours with the crew, with the outcome of about 2 minutes of us appearing and a not-so-clear representation of the attack. Sigh. Before all this, I thought TV was evil; let’s just say I have not changed my mind.

    I cannot post the video publicly (it would probably infringe on someone’s rights) but if you’d like to see yours truly say the line in the heading of this post on TV, email me at <first name><last name>@gmail.com.

    UPDATE: Someone has posted the segment on YouTube, here. If you want a better quality version, email me.


  4. been busy

    January 9, 2007 by Saar Drimer

    All good things, though…

    On Christmas day, Steven Murdoch and I decided it would be fun to post a video of a Chip & PIN terminal playing Tetris on our group’s weblog. It was an excuse to say merry Christmas and happy new year to our readers. Then, I spent a week in Edinburgh, which is a lovely city, even in the winter. If you haven’t been, I’d recommend. Rosslyn chapel was really nice. They are doing really well due to the “Da Vinci Code Effect”–people flocking places Brown mentions in the book. Regardless, worth a visit. The Scottish parliament was nice, people were nice… I’ve seen enough castles for a year or so, though. I also learned about the Scottish history and now understand better the “situation” between them and the English. The Hogmanay on new year’s eve was canceled due to 70 mph winds, but that wasn’t a big deal.

    When I got back I found out that a paper of mine got accepted to a workshop, and I need to produce a final version. Then, our little “Tetris stunt” was picked up by some blogs and it went crazy from there… newspapers, radio… I’ll save you the details. It did, however, culminated in a Slashdot mention, which made us pretty damn happy.

    Since no one is reading this very weblog anyway, I can say that there is more surprises to come on the “Tetris” front! Stay tuned.


  5. bidthegrid.com

    July 5, 2006 by Saar Drimer

    bidthegridA good friend, Nir, has sent me a link to a website he’s been working hard to make and promote: BidTheGrid. He launched it less than two weeks ago and it looks like people are showing interest. The idea is interesting and site is well done… but after my last poor attempt at making predictions for the success of such internet fads, I’ll end with wishing him good luck.


  6. skype things

    June 1, 2006 by Saar Drimer

    Skype’s great; no need to deliberate on that any further.

    Yet, skype developers, I have one major issue, one minor and one feature request.

    Major: once I grant other users the privilege to see my “online status,” I can not revoke it. Ever (for that UID.) I may remove them from my contacts, or even block them, but they can still see me. That bothers me. I’m not sure what’s going under the hood, but it would make me feel better if I can revoke the permission. Anyone of us can easily think up scenarios why this would be desirable.

    Minor: There is no need to show how many contacts I have as part of my profile. It is permissible to have no other info than the UID on one’s profile but this piece of (private) info always appears. Easy fix.

    Request: I’d like to assign different “online status” to different users instead of a common one for everyone. Some people, I wouldn’t mind bothering me anytime, some I’d like to be invisible forever :) This will also help with my first concern above. It can probably be done through grouping; even two groups will suffice.

    There you have it.


  7. the myth of the space pen

    May 8, 2006 by Saar Drimer

    The popular myth, heard many times over:

    “…in the 1960s, NASA astronauts discovered that their pens did not work in zero gravity. So like good engineers, they went to work and designed a wonder pen. It worked upside down. It worked in vacuum. It worked in zero gravity. It even worked underwater! And it only cost a million dollars!

    The crafty Russians used a pencil.”

    This well written article discusses the origin and the truth. Good reading.

    “The Million Dollar Space Pen Myth is just that, a myth. The pens never cost a lot of money and were not developed by wasteful bureaucrats or overactive NASA engineers. The real story of the Space Pen is less interesting than the myth, but in many ways more inspiring. It is not a story of NASA bureaucrats versus simplistic Russians, but a story of a clever capitalist who built a superior product and conducted some innovative marketing. That story, however, is a little harder to sell to a public that believes what it wants to believe.”

    Snopes has a page about it as well.


  8. SHARCS and seat belts

    April 5, 2006 by Saar Drimer

    I was in Cologne, Germany for a few days attending SHARCS ’06– Special-purpose Hardware for Attacking Cryptographic Systems workshop. It was great meeting people in the field and talk hardware and crypto and hear the presentations. I came back with a few ideas for projects and increased motivation. I’ll have a more detailed and technical post on our group’s weblog in a couple of days. One notable hardware project is COPACOBANA: “How to Break DES for € 8,980[in 9 days]” by Sandeep Kumar, Christof Paar, Jan Pelzl, Gerd Pfeiffer, Andy Rupp and Manfred Schimmler. It uses 120 low-cost Spartan3’s (XC3S1000) from Xilinx.

    I’d like to thank the organizers for providing for my attendance; it is much appreciated.

    On a questionably related topic… why do taxi drivers never wear seat belts? I’ve taken a few taxi rides recently to notice that it is common practice even outside Israel (where no respectable taxi driver be caught … wearing one.) I mean, do they think statistics don’t apply to them? physics? Someone have a good answer? Just wondering out loud here.


  9. bogus science

    April 1, 2006 by Saar Drimer

    Not much to add to this; when some claim sounds too good, go through this list.

    The Seven Warning Signs of Bogus Science:

    1. The discoverer pitches the claim directly to the media.
    2. The discoverer says that a powerful establishment is trying to suppress his or her work.
    3. The scientific effect involved is always at the very limit of detection.
    4. Evidence for a discovery is anecdotal.
    5. The discoverer says a belief is credible because it has endured for centuries.
    6. The discoverer has worked in isolation.
    7. The discoverer must propose new laws of nature to explain an observation.


  10. microsoft usability rant for the new year

    January 1, 2006 by Saar Drimer

    Looking for a way to encrypt some of my directories and files I remembered that MS offered the Encrypting File System (EFS) in stock Windows. When I got to the “Advanced” dialog the encryption option was greyed out as seen below.

    windows encryption disabled

    Given the way it’s presented, I assumed it needs to be enabled somewhere, or that I, of course, had done something wrong. After much frustration and searching I found that this feature is not available in WinXP Home edition (that’s what I got with my laptop, so don’t tell me I should have chosen a different OS; if Dell had offered Linux/No-OS I would have chosen that.)

    Clearly, Microsoft chose the worst possible way of letting me know this. Given the choice of 1) not showing the option at all, 2) putting a little note saying “not available in this version” or 3) enabling this damn feature… they chose to grey it out. WTF were they thinking? Oh, maybe thinking wasn’t involved here.

    What do you use for directory/file/HDD encryption?