I recently stumbled up on the Adeona project, a free and open source system for helping recover lost or stolen laptops. You need to install a piece of software in your laptop and location information (in encrypted form) which is only accessible to the owner of the laptop, i.e. you, is sent to an OpenDHT node. (There are proprietary products such as LoJackForLaptops, PCPhoneHome, etc as well which do more or less the same thing, may be with different degree of privacy assuarnce)
Downloads are still not available but they have published some papers on this in some good conferences. My first concern is the privacy; I don't want others to keep tab of where I go! According to the researchers, their solution is privacy preserving. I also have some questions about its usefulness especially when the laptop's been stolen.
This solution works only if the laptop is connected to the Internet and the system is not modified or removed.
How hard it is to remove or stop the service running from the laptop?
How hard it is to spoof location information?
How do we quantify the level of privacy it provides?
Thursday, July 24, 2008
Tuesday, July 15, 2008
After Effects of the Recent DNS Patch
There's a high chance that you heard about the Internet-wide patching of a serious DNS flaw discovered early this year and major vendors patched it early this month.
According to what I read, DNS was vulnerable to cache poisoning attack which gives an easy passport to malicious attackers to redirect web traffic and emails to their systems and do all kinds of nasty things. The vulnerability is due to lack of entropy in the query ID field together with a lack of source port entropy.
I was more interested in the DNS traffic patterns after the large scale patching and found this diagram which shows the traffic in the proximity of the fix date.
The spikes seem to be large scale DNS attacks. Apparently, we don't see much difference in attack patterns between after and before the patch.
According to what I read, DNS was vulnerable to cache poisoning attack which gives an easy passport to malicious attackers to redirect web traffic and emails to their systems and do all kinds of nasty things. The vulnerability is due to lack of entropy in the query ID field together with a lack of source port entropy.
I was more interested in the DNS traffic patterns after the large scale patching and found this diagram which shows the traffic in the proximity of the fix date.
The spikes seem to be large scale DNS attacks. Apparently, we don't see much difference in attack patterns between after and before the patch.
Friday, July 11, 2008
The Browser Insecurity Iceburg
The Web browser Insecurity Iceberg represents the number of Internet users at risk because they don’t use the latest most secure Web browsers and plug-ins to surf the Web. This paper has quantified the visible portion of the Insecurity Iceberg (above the waterline) using passive evaluation techniques - which amounted to more than 600 million users at risk not running the latest most secureWeb browser version in June 2008..
Courtesy: Understanding the Web browser Threat: Examination of vulnerable online Web browser populations and the "insecurity iceburg"
They have used Google's search data (made privacy preserving) to gather these statistics. You'll find other interesting statistics in the paper as well. It's a good idea to upgrade our browsers to the latest versions prevent from being target of browser based attacks.
Doll Test
I first saw this short documentary (full) last year (yes last year)..thought of adding it here...after nearly half a century this test was done initially, still the test result (i.e. perception) is the same.
Thursday, July 10, 2008
Which data model and query language for content management?
The paper "What Goes Around Comes Around" by Michael Stonebraker and Joey Hellerstein surveys about different data models and the associated query languages introduced in the past with a view to prevent repeating the history when inventing new data models.
As mentioned in the paper, there have been 9 major data model proposals:
Hierarchical (IMS): late 1960’s and 1970’s
Directed graph (CODASYL): 1970’s
Relational: 1970’s and early 1980’s
Entity-Relationship: 1970’s
Extended Relational: 1980’s
Semantic: late 1970’s and 1980’s
Object-oriented: late 1980’s and early 1990’s
Object-relational: late 1980’s and early 1990’s
Semi-structured (XML): late 1990’s to the present
It's a good read up to get a grip on how data models evolved and the lessons learned.
Authors predict that XML will become popular as an 'on-the-wire-format' as well as data movement facilitator (e.g. SOAP) due to its ability to get through firewalls. However, they are pretty pessimistic about XML as a data model in DBMS mainly because of its complex query language (XQuery), complex XMLSchema and its having only a limited real applications (schema later approach for semi-structured data) which cannot be done using OR DBMS's. It seems if you don't KISS ;-) (Keep it Simple and Stupid), you are going to loose.
As mentioned in the paper, there have been 9 major data model proposals:
Hierarchical (IMS): late 1960’s and 1970’s
Directed graph (CODASYL): 1970’s
Relational: 1970’s and early 1980’s
Entity-Relationship: 1970’s
Extended Relational: 1980’s
Semantic: late 1970’s and 1980’s
Object-oriented: late 1980’s and early 1990’s
Object-relational: late 1980’s and early 1990’s
Semi-structured (XML): late 1990’s to the present
It's a good read up to get a grip on how data models evolved and the lessons learned.
Authors predict that XML will become popular as an 'on-the-wire-format' as well as data movement facilitator (e.g. SOAP) due to its ability to get through firewalls. However, they are pretty pessimistic about XML as a data model in DBMS mainly because of its complex query language (XQuery), complex XMLSchema and its having only a limited real applications (schema later approach for semi-structured data) which cannot be done using OR DBMS's. It seems if you don't KISS ;-) (Keep it Simple and Stupid), you are going to loose.
Tuesday, July 8, 2008
The Greatest Match Ever
I enjoyed watching the Wimbledon ladies final between the Williams sisters the previous day and their doubles final. Just when I thought I have seen everything in this edition, I was proved wrong the next day when I witnessed the greatest men's tennis final ever on grass. While Federer was trying to win the title for the 6th time in a raw (and breaking Bjorn Borg's record), Nadal eying at his first Wimbledon title having lost to Federer last two occasions.
Both the players were equally up to the task and you can hardly tell who had the upper hand. However, if you watched the match, you won't disagree with me that Nadal was a little better than Federer on that day. And rightfully Nadal won the title at the end in his 4th championship point. It was a pretty close match - 6-4, 6-4, 6-7 (5-7), 6-7 (7-9 Nadal missed two championship points), 9-7 (What a sporting feast for Spain who recently clinched Euro cup 2008 beating Germany as well). I was fascinated by the masterclass of tennis played; it was unbelievable how they converted aces and winners into shots and difficult-to-hit ones into winners. Nadal also went to record books by being the first player to win back-to-back French Open and Wimbledon after nearly 3 decades. This match also the longest match to the date (without the rain breaks). Both played very professional tennis and I was simply amazed how graciously both handled the pressure where an armature would have screamed or even outcried at a miss. Great Match!
During the rain-interruption I was able to watch (thanks to espn360) the Asia cup final where our team (Sri Lankans) thrashed Indians. I was really happy to see Sanath hitting a winning century in this match and Ajantha Mendis, the new found spinner, was simply unplayable for Indians. Well done Lions!
Both the players were equally up to the task and you can hardly tell who had the upper hand. However, if you watched the match, you won't disagree with me that Nadal was a little better than Federer on that day. And rightfully Nadal won the title at the end in his 4th championship point. It was a pretty close match - 6-4, 6-4, 6-7 (5-7), 6-7 (7-9 Nadal missed two championship points), 9-7 (What a sporting feast for Spain who recently clinched Euro cup 2008 beating Germany as well). I was fascinated by the masterclass of tennis played; it was unbelievable how they converted aces and winners into shots and difficult-to-hit ones into winners. Nadal also went to record books by being the first player to win back-to-back French Open and Wimbledon after nearly 3 decades. This match also the longest match to the date (without the rain breaks). Both played very professional tennis and I was simply amazed how graciously both handled the pressure where an armature would have screamed or even outcried at a miss. Great Match!
During the rain-interruption I was able to watch (thanks to espn360) the Asia cup final where our team (Sri Lankans) thrashed Indians. I was really happy to see Sanath hitting a winning century in this match and Ajantha Mendis, the new found spinner, was simply unplayable for Indians. Well done Lions!
Tuesday, July 1, 2008
Out of Print (Newspapers)?
Most of the things mentioned in the blog entry 'Are newspapers doomed?' by Richard Posner go well with my opinion on the subject (i.e. the online news media taking over the space of the print media). The idea of bundling in his note is well taken although I am not an expert in economics ;-).
"A bundled product is one that combines a number of products the demands for which may be quite different--some consumers may want some of the products in the bundle, other consumers may want other products in the bundle (sports, weather, politics and you name it)...Bundling is efficient if the cost to the consumer of the bundled products that he doesn't want is less than the cost saving from bundling..." The key take away point is that bundled product may be cheaper than the total price of the individual unbundled component.
It is disputable if bundling or specialization the way to go in online media. I put my money on specialization as a start-up option mainly due to the following two reasons.
1. There are much more competitors in the online market than print media.
2. It's easier to aggregate views from many different sources and provide a through view of the news at hand.
As the business grows, bundling may be considered to attract more audience.
Further, he indicates that older generation prefer to read hard copies compared to the younger generation. While this may be true for the current demographic spread (may be due to print media being the dominant source when they were young), I think this trend will also change in the future; when people get used to online news when they were young, they'll probably continue to read online (resistance to change factor comes to play).
Few years ago (when I was in Sri Lanka), every Sunday morning I used to read Lakbima, Sunday Times and/or Sunday Observer (Sri Lankan news papers), but here in USA, I prefer to read news online. I'm not alone, these sources [1, 2] back up the fact that more and more people get information online, shrinking the market for the printed newspapers. I think, among other things, following contributed to this trend.
1. It's much cheaper to circulate information online.
2. Most printed newspapers rely on ads to generate revenue. With the advent of online advertising including free (like craiglist) services, their revenue through ads started to diminish, propelling them to look into alternatives.
I am more interested in the technical challenges in realizing the above trend. A part of my research is directed towards efficient and secure content distribution. Looking at the trend I think my research can make a positive impact in the future in this area; I always want to do something that is useful to people. Who knows, in the near future, you'll see many people reading their morning news through hand held wireless readers!
"A bundled product is one that combines a number of products the demands for which may be quite different--some consumers may want some of the products in the bundle, other consumers may want other products in the bundle (sports, weather, politics and you name it)...Bundling is efficient if the cost to the consumer of the bundled products that he doesn't want is less than the cost saving from bundling..." The key take away point is that bundled product may be cheaper than the total price of the individual unbundled component.
It is disputable if bundling or specialization the way to go in online media. I put my money on specialization as a start-up option mainly due to the following two reasons.
1. There are much more competitors in the online market than print media.
2. It's easier to aggregate views from many different sources and provide a through view of the news at hand.
As the business grows, bundling may be considered to attract more audience.
Further, he indicates that older generation prefer to read hard copies compared to the younger generation. While this may be true for the current demographic spread (may be due to print media being the dominant source when they were young), I think this trend will also change in the future; when people get used to online news when they were young, they'll probably continue to read online (resistance to change factor comes to play).
Few years ago (when I was in Sri Lanka), every Sunday morning I used to read Lakbima, Sunday Times and/or Sunday Observer (Sri Lankan news papers), but here in USA, I prefer to read news online. I'm not alone, these sources [1, 2] back up the fact that more and more people get information online, shrinking the market for the printed newspapers. I think, among other things, following contributed to this trend.
1. It's much cheaper to circulate information online.
2. Most printed newspapers rely on ads to generate revenue. With the advent of online advertising including free (like craiglist) services, their revenue through ads started to diminish, propelling them to look into alternatives.
I am more interested in the technical challenges in realizing the above trend. A part of my research is directed towards efficient and secure content distribution. Looking at the trend I think my research can make a positive impact in the future in this area; I always want to do something that is useful to people. Who knows, in the near future, you'll see many people reading their morning news through hand held wireless readers!
Subscribe to:
Posts (Atom)