Just how safe is SHA-1?

Q: How hard would it be to find collisions in SHA-1?
A: The reported attacks require an estimated work factor of 2^69 (approximately 590 billion billion) hash computations. While this is well beyond what is currently feasible using a normal computer, this is potentially feasible for attackers who have specialized hardware. For example, with 10,000 custom ASICs that can each perform 2 billion hash operations per second, the attack would take about one year. Computing improvements predicted by Moore ‘s Law will make the attack more practical over time, e.g. making it possible for a wide-spread Internet virus to use compromised computers to mount such attacks as well. Once a collision has been found, additional collisions can be found trivially by concatenating data to the matching messages.

source

I dunno about everyone else on planet earth, but I feel safe enough with that probability, at least until Independence Day arrives.

Writer’s Block: My Favorite Apps

What are your favorite web or mobile apps? Which ones do you use everyday?

Live Journals Writer’s Block

Web applications are things that can either be awesome or truly disappointing, most fall some where in between for one reason or another. In particular, there support for sane web browsing ;).

From the apps I use every day, I would have to say that my favourite is Google Web Search, if that actually counts :-P. The reason being, Google uses a nice AJAX system for suggesting search terms—which can be helpful when you’re not sure exactly what you’re gonna type next. On top of that, the search results are often excellent (in proportion to your query terms). unlike some sites hosting web search engines, Google doesn’t try to be an all in one portal — it’s just a search engine! With lovely tabs to other resources ;). Microsoft/Bing has even gone this wrote as well. For those that want a more portal like page, you can build your own with iGoogle personalised pages instead of relying on a generalised one (Ala MSN classic).

In terms of web apps, in the more modern rich user experience sense, I’m not sure if I really do have a favourite. Every day, I use Googles Mail, Groups, and Talk (XMMP) systems; several flavour of phpBB and vBulletin forum; not to mention extensive utilisation of Wikimedia and Reference.com (from ask.com) services. Perhaps, Google Mail, Docs, and Reader are the modern web apps that I favour the most. I like them, because Google takes a more minimalist yet distinctive approach to developing their apps, yet they are often fully featured. Google Reader for example, the only areas for improvement I can see, is support for themes and even more optimization for speed; nether of which are required to enjoy the experience.

Lately, I’ve been using rtm, which is arguably the best designed web app created to date! It combines all the attractiveness of a good web app, into an easy to use — self documenting package. Complete with keyboard shortcuts! The ability to integrate both GTalk and RTM into GMail with ease, is a massive perk.

To few web apps these days realise that the old school design rules still ring on home. Revised, I would say these are what most people forget:

  1. Users have more to do in their lives, then just run your stupid app
  2. It’s shouldn’t (strictly) be necessary to visit the website to use it
  3. If it looks like an app, it should act like an app not something alien
  4. It shouldn’t matter what browser is, as long as it follows the standard

Point 1 is something the folks at RealPlayer and PlayXpert should really take to heart, seriously now!

While point 2, is best exemplified by software such as RTM and GMail—both integrate quite well into other websites, and in Googles case, to most desktop software.

The third point being, if it looks like a program, it should act like one: the fact that it’s running inside a web browser that is using a desktop widget toolkit, instead of running stand alone in a desktop widget toolkit, shouldn’t matter very much—learn about the principle of least astonishment, and take it to heart!

Fourth, brings to mind a time that I stopped by a Yahoo! video page when responding through a thread in forums.pcbsd.org. The result was humorous: Yahoo told me that my Operating System (FreeBSD) and Web browser (Firefox) were upsupported, suggested that I download a supported browser like IE or Firefox, then went on to proclaim that I was missing Windows Media Player and Adobe Flash plugins, never mind the fact that my web browser is configured to use the MPlayer plugin to handle Windows Media 8=). I assume their website has changed for the better in the years following: but it shows an important lesson. Don’t blacklist usability, smartlist accessibility. If it’s unsupported, downgrade intelligently and warn the user unobtrusively that their setup is missing XYZ functionality, don’t just send them to /dev/null because they don’t meet your expectations of Joe & Jane user.

If people did that in a desktop program, like Microsoft Office, a company might go out of business or lose market share to wiser competitors ^_^. Sheesh, I wonder how many ignorant webmonkies have used user agent detection or faulty CSS files when wiser work arounds were (and are) available.

One reason that I often favour Googles web applications, they tend to work well and stay the hell out of my way. I’ve yet to see any of them do anything truly stupid or grandiosely insulting.

Codes, Designs, and EPI

Today has been a fairly productive day, despite a heck of a lot of interruptions; to the point in fact, that at least 2 hours of work time was lost to it… Thanks ma!

Most of my mental energy was devoted to refining the interface between epi-add and $EPI_WIZARD, and figuring out how best to document it. My original vision for it was using bidirectional communication between finite state machines running in separate processes (the installer and the wizard). Amid the 21,000 interrupts of the day, I’ve managed to balance out the problem, and have come up with a more interesting solution; one which vastly simplifies the wizard programming interface and grants more freedom to anyone who wants to write an $EPI_WIZARD, which should be easy as pie.

By contrast, most of my code time was spent working on epi-unpack and prototyping ideas for the previous problem. Other then a few changes that I would like to make, epi-unpack is basically done; I’ll probably work on epi-verify next, while the others are reviewing the code for epi-unpack. One thing that distinguishes our Encapsulated Package Installer (EPI) system from PC-BSDs PushButton Installers (PBI; formally PcBsdInstallers), is that PBI is a static monolith from the undocumented garage; ours is knit atop a framework of UNIX programs, with standards and manuals to be shipped along with them ;).

I can not lie, UNIX has effected my philosophies on software design—for the better.

Generally, I don’t discuses business or classified projects on my Live Journal as a matter of ethics, but since EPI is now public knowledge, I’m free to blog about it’s development. The same can’t be said of all things SAS or work related lol. Most likely more things will filter through about EPI, so I’ve created a `tag` for it. Over 3 years and 1500+ entries, and I have never really gotten into Live Journals tagging feature, but have been contemplating it for the last few weeks.

The only way I can ever find my old entries is through Google or sequential search, nether of which are reliable; so utilizing memories and tags would be a darn good idea by now. The problem of categorizing my thoughts, as always remains a problem :=(+).

Outsmarted again!

I sneezed and Willow took off, as usual lol. After a while I looked and she wasn’t back on the bed, our the couch, so I started looking all over for her.

Checked under the step stool, in ma’s bedroom, under the dining room table, in the kitchen, the bathroom, next to the couch, on ma’s couch, heck even under the Parakeet! Guess what!!! Willow was under the covers on my bed, and that was the first place I had looked…. even moved the covers! Yet, sure enough when I walked back into the room it was her head looking quizzically at me, as if to say what the heck are you looking for idiot!

Oy vey!

gdesk? Hehe

Well, as something that’s been on my eventually to get around deciding; I’ve setup Google Desktop Enterprise Edition on SAL1600.

Earlier during the last reformat, I had opted into trying a newer Windows Desktop Search, yet found it to be just as useless as the old style search technology that had shipped with Windows XP back in 2001 :-(. In point of fact, I would much rather use GNU Find and skip the useless window dressings >_>.

Googles Desktop search, is not what interests me. In fact, nether does Strigi or Beagle – the only search program that would interest me, is a sexy wrapper around GNU Find (or equivalent) that mates it to a easily scriptable plugin system (think customized grepping) that would enable it to be come aware of any program you choose (think searching chats for pidgin, docs in google, news feeds in pan, blah blah) without having to rely upon someone to code it for you—just write a little shell script ;).

So obviously, I’m a power user who learned how to organise file systems very tightly, although I think that will become a mark of the dinosaurs before Windows 11 >_>.

What did attract me to Google Desktop, is the Gadgets system. Right now I have the sidebar up with time and temperature—never turn the TV to the weather channel lol. Since the only use I really have for Windows main panel, is the integrated system tray and clock, I’ve now set the panel to minimal height. I run much to many programs to be able to use a “Taskbar” without feeling like I’m dancing with a cement kimono!

The sidebar from Google Docks is also displaying Calendar & Mail gadgets making my life easier, plus Talk is docked for extra value. Since my desktop is never free of having a command prompt and web browser open, the Win+G shortcut for the search bar doesn’t matter any 8=). Ok, so I’m a whore for tools that speed up my work time instead of increasing it ;).

Intently interesting me, is whether or not the deskutils/google-gadgets port on FreeBSD works reasonably. While Google Talk lacks a version that’ll run on BSD, I don’t need it—since I rely upon Pidgon, and wish I did not need Xfire on the windows machine…. since integration would make life easier. It’s so funny how I actually have a more integrated system under FreeBSD, then Windows <_<.

OSX, KDE, and Vista have made greater emphasis on the desktop widget/gadget concept in recent years, but to me, it is just very much the modern incarnation of the old as gold dockapp.

It’s so funny how new innovation is often an upgrade to the last generations revolution.

Operation Triage: Day 1.1 at the RTM

Last night I setup an account on rtm for evaluating it’s usefulness to my todo list problemo. It provides all the features that the gmail/gcal/ig integrated tasks buddy from Google is lacking, and integrates perfectly into their workflows—awesome job RTM!

Remember The Milk (rtm) is a web based application and supporting service, for managing tasks; you could probably keep your grocery list on this thing too, if you had a decent phone. It supports the obvious stuff, due dates, time estimates, repeaters (oy), and combines it with attributes more often found in social systems, like tagging and sharing. The amount of ways to work with rtm alone make it easier to mate with ones workflow on a level, that most web apps on the net could only dream about reaching. Without a doubt, Remember The Milk has been designed to be the supreme queen in web usability, and provides such a nifty set of keyboard shortcuts that give Geeks like me an extra edge on top of it. I almost think my mother could use this website… it’s that easy lol. The power-user features also make it well worth learning how to utilise every ounce out of the system. So far the only negative thing I can say about rtm, is that adding a due date on the rtm website doesn’t magically add it as an event in my gcal, but alas no one is flawless :-P.

I’ve imported all my todo list, after filtering the 5 month out of date file through my brain log along the way, plus put in everything everything on the immediate plate; took me about an hour. Everything of major importance has been marked accordingly with reminders scheduled to be sent to one of my Instant Messengering accounts. Three things that attracted me to rtm: the ability for using tags (as fellow delicious & gnolia fans will enjoy) in addition to regular task lists; reminders by most forms of contact like email, sms, and virtually every IM method short of an automated phone call; not to mention integration with Google Mail & Calendar.

Currently I’ve created Cleaning, Contact, Projects, Reading, SAS, and Writing lists to go along side the standard issue Inbox, Personal, Study, Work, and Sent lists. Tags are being used so I can quickly study what’s on the list according to subject matter; this way when any of the various hats needs a quick servicing within a group of tasks, I can dip into those open loops and screen out the others. Smart lists also make it possible to quickly study tasks by meta-criteria; my first smart list is one to show me all open tasks, that have a priority marker set.

As I told a friend earlier, I essentially don’t have to do nothin’ but stay white and die, the huge ass list of todo’s is mostly projects I’m involved with, and usually get clobbered by the fact that I get interrupted 200+++ times a day by the surviving parental unit, until they fade off the days agenda. Fortunately most of my tasks are in the format of, to do before hell freezes over—but most I would like to get done within the much shorter term! That’s where Operation Triage comes into play.

Everything is being trimmed back in accordance with what I have time and energy to deal with at this point in life, and to get as much of the stuff that I want gotten done organised so it doesn’t “Fall off” the water fall. Continently the only urgent loops being to get my learners permit, tend to SAS business, and my most important projects. Other tasks are growing closer to completion, and RTM will help me keep them in line with reality.

For the most part, these tasks in the rtm system amount to crap I need to read (lower priorities :'() and things that I need to write: which is easily sorted by priority. The hard part is Just Getting It Done without having to threaten anyone along the way with bodily harm :-/. Actually that would be a productivity boost I’m sure, but it is most strongly against my gentle nature 8=). I need to do further study on how best to collate the development tasks, since they don’t quite fit into a box, so much as a creative juice meets free time equation.

To do list, I shall conquer you!

Interesting tidbit: Microsoft Links Malware Rates To Pirated Windows

Shared from Google Reader

Microsoft Links Malware Rates To Pirated Windows—Slashdot

I’ll believe this when Microsoft releases all versions of Windows as Open Source under the GPL, and only makes a profit by selling support contracts—fat chance of that happenin’ and you can bank on it.

In the past near-decade of using Windows based computers, the machines in my care probably have one of the lowest infections, compared toanyone I know, who is an “Average, gullable, luser”. Do stupid things and your box is trashed, it won’t make a difference whether or not you paid for it.

Hmm, if people are going to start blaming outdated pirated copies of windows for the spread of malicious software: how about Microsoft try ditching the pseudo-worthless WGA garbage and making the Windows and Native APIs more restrictive in what they can tamper with?

Oh yeah, just blame other people, real s.m.r.t. idea.

Interesting tidbit: Man accidentally ejects himself from plane

Shared from Google Reader

Man accidentally ejects himself from plane—The Guardian World News

Oh man, this guy is never going to live that down! Sheesh, how stupid do you have to be not to know what’s going to happen if you yank the ejection rip-cord seated between your legs? Haha, that just sounds so wrong in of it self!

Here’s to narrowly evading the receipt of a Darwin Award, one lucky son of a bitch at a time !!