current journal
FAQ
contact
rss/xml
atom/xml
spam notice

archive
as if using weird-looking symbols made the code any stronger At an age when kids might play cops-and-robbers games, my brother and I (teamed with our friends at the time) played at making, breaking, and capturing codes. Decades later, he gave me some of the files he had about my operations. Shown is his copy of a code obtained by ransacking my room. As easy as a simple substitution cipher is to break by cryptanalysis, in this case capturing it was easier still.
Recent discussions of bulk collection of telephone metadata occasionally note that the US Supreme Court held, in 1979, that recording the numbers a telephone subscriber has dialed is not a search under the Fourth Amendment and thus does not require a warrant.

Just because something is the law doesn't mean it's good law. Like a lot of Supreme Court decisions, this one (Smith v. Maryland) was not unanimous (5-3). From dissenting opinions (by Potter Stewart and Thurgood Marshall, respectively):
The numbers dialed from a private telephone—although certainly more prosaic than the conversation itself—are not without "content."
The prospect of unregulated governmental monitoring will undoubtedly prove disturbing even to those with nothing illicit to hide. Many individuals, including members of unpopular political organizations or journalists with confidential sources, may legitimately wish to avoid disclosure of their personal contacts. [...] Permitting governmental access to telephone records on less than probable cause may thus impede certain forms of political affiliation and journalistic endeavor that are the hallmark of a truly free society. Particularly given the Government's previous reliance on warrantless telephonic surveillance to trace reporters' sources and monitor protected political activity, I am unwilling to insulate use of pen registers from independent judicial review.
Today, miscellanous items.
  • In case anyone was wondering why the 14 July entry (about DuckDuckGo) had disappeared, the quick answer is that I screwed up. I've restored it (lucked out: the Wayback Machine had a copy).
  • Speaking of DuckDuckGo, they wrote back to me saying they deem it a bug that they don't index all of the Tommyjournal archives. Whether or not they'll fix it remains to be seen. For better or worse, Google has by far the most comprehensive index of my pages.
  • A pun I wish I'd thought of myself: a dude looking for a climbing partner described the sought relationship as "strictly plutonic".
  • I like the look of Japanese orthography qua Japanese orthography. But ツ (tsu) as an emoticon—a usage that Wikipedia says is "becoming increasingly popular" in "the Western world"—is not my cup of tea.
  • xkcd #1233 (Relativity) exemplifies several things I like about xkcd: juxtaposition of science and pop culture, crude but effective illustration, no inhibitions about making references some people might not get, and just the kind of silliness I find amusing.
from Vulcan Stairway in San Francisco.strange, like how?
DuckDuckGo, a search engine that doesn't log your queries, has been in the news recently. I like their approach to privacy, I like that their birthday is on a February 29, I like some of the stuff on their founder's blog, and they did OK with some sample searches I tried (although they only index a small fraction of this blog's archives).

On the minus side, I think three syllables is too many for the name of a search engine. A couple Echinopsis cacti at a neighbor's house flowered today. Each flower takes a month or so to develop, opens one morning, and wilts the same day. Two plants bloomed in sync this morning, something I've seen this species do enough times that I don't think it's coincidental.

I poked around a little on the web and found pages on the why of synchronized flowering but not the how. I once asked a biologist friend how they do it, and he thought they usually communicate through the substrate—which didn't explain what's happening when plants in separate pots do it.

The two that bloomed this morning were in pots about ten feet apart. My guess is that they communicate chemically through the air, which I think is pretty impressive.
click for uncropped version My dad built a lot of stuff out of wood, pretty intensively for a while but only occasionally once he got older—partly because by that point he had all the furniture he needed. When he was in his mid-80s, the gears in his thickness planer self-destructed—presenting him with the decision of whether or not to get another one even though he wasn't building much stuff. "I can't see living without a thickness planer," he said, and he got a new one.

The old planer, US-made, looked like the one in the illustration reproduced here. The new one, Japanese, weighed half as much, ran on half the voltage, and looked half as imposing—but did a better job.

The thickness planer was among the tools I moved here when I drove across the country in 2008. I was in the middle of a project last week that called for using the planer; I turned it on and smoke came out, the kind that a co-worker used to call essence of 4700 ohms. I figured the motor was toast.

But no, it was a drive belt that burnt up. So based on a sample of two, I conclude that transmission failure is how thickness planers quit working. Nice thing this time: I only need a new belt, not a new planer.

Blog postings like this make me wish I'd implemented subject tags.
a small portion of this evening's sunset

I've gotten better results taking pics of people than I have with landscapes or sunsets. Part of it is that a photo of a large expanse won't have the desired effect unless it's presented in a large format—perhaps an obvious point, but one that I hadn't appreciated until I read it somewhere, after which I didn't feel so bad that my pics of landscapes don't come off so well. (I've never had a really big enlargement made.)

I used to walk through Grand Central Terminal every day on my way to work in New York, where Kodak had a 18×60 foot backlit transparency that changed every month: the largest enlargements in the world. Some people thought the pics were kitschy and thus out of place in a building known for its elegant architecture, but I remember liking them.

They were assembled in strips like wallpaper. In the early days, the image was made of 41 pieces, each one roughly 0.5×6 meters. Over time, Kodak geared up to make the panels wider; in the last few years of the program, each panel measured 6×18 feet. If you think enlarging and developing and retouching film is work, imagine doing it on that scale. Encryption tools for securing email have been available for some time, although most people don't bother to use them.

Large email providers don't have an incentive to further the adoption of strong encryption. Google could have built user-friendly end-to-end encryption into Gmail from day one and promoted its use, and with the growth of Gmail it could've reached a large enough user base to really catch on. That didn't happen because it would've kept Google from reading your email for its own purposes (e.g., selecting targeted advertising).

And. When service providers coöperate with the US government in surveillance, keep in mind that in many cases the government pays to defray the cost of providing the requested information. Just playing follow-the-money, individual Gmail users aren't paying customers whereas the snooping government is; whose interests will Google be more inclined to serve?

I read news and commentary on the Snowden case every day, which takes patience when encountering stuff written by people who may not understand the subject well. E.g., in the WaPo,
Greenwald said the people in possession of Snowden's files "cannot access them yet because they are highly encrypted and they do not have the passwords." I'm sure that elicited laughter in Moscow and Beijing. Snowden's encryption may be an obstacle for journalists such as Greenwald, but it's not a problem for the PLA and the FSB.
If encryption is done right, it is uncrackable for practical purposes. It's not like a safe deposit box, where any box we have the tools to build we also have the tools to dismantle. With well-designed-and-managed encryption, no one decrypts the data without the key. The question then becomes, can they get your key (by guessing, keystroke-logging, rubber-hose cryptanalysis, ... ).

A lot hangs on "doing encryption right". There are ways to do it wrong, but I imagine Snowden knows the difference.

Although the WaPo essay I quoted from above didn't go into detail, it gives the impression that encryption is but a small hurdle for a skilled adversary, as if various Hollywood portrayals of encryption-breaking were authentic.

This is a nuanced subject; a detailed treatment is beyond the scope of this blog posting. My point is, just because Government X has successfully hacked into lots of machines doesn't mean it can break any encryption it wants.

As long as we're on misconceptions in the press, the value of data obtained by tapping fiber optic Internet cables is sometimes exaggerated. Taking email for example— even though Gmail has access to your email in plaintext on their servers, they routinely encrypt it (e.g., by ESMTPS) for transmission across the Internet, and if that's done right it is not trivially decrypted in transit (and nor is HTTPS for web pages).