You are here


Secure Computer Shuffling

I just re-read an ancient article referenced on entitled How We Learned to Cheat at Online Poker: A Study in Computer Security. The article points up that computer shuffling is hard to get secure in this situation, and illustrates three seperate bad security flaws in the algorithm used by a popular computer Poker site in 1999. Unfortunately, it then goes on to suggest a "secure" shuffle that actually is quite insecure…

META: May all spammers get involuntary facial tatoos advertising embarrassing personal hygiene products

Excellent. I've got a total of about 10 legitimate outside comments over the whole time this blog has been up. A few weeks ago, I made it possible to comment anonymously. Today, some pathetic excuse for a human being spammed advertising comments onto the head entry on the site 4 times. So it's spammers 4, good folks 10. Could be worse, I guess…


META: You can't spell hypocrite without rite. You can't even spell write. Heck, you can't spell right.

I am such a hypocrite. I post this lovely meta-comment about how I'm back to writing every night, and to compensate I'm going to cut down the number of words per blog entry to a couple of hundred to keep things manageable.

The next day, no blog entry. The day after that, a 1000-word screed.

I guess this is how writers are, but I thought I was better than that. Sorry, gentle readers. I'll continue to try to do better.


Is there a Doctor in the house? A Professor?

My brother ran into someone calling herself "Doctor X" and "Professor X" recently, who turns out neither to be a Ph.D. or M.D. nor apparently to have a Faculty position at the institution she is teaching in. While in my opinion highly unethical, this situation is not uncommon. It seems to be partly a result of confusion about what the titles "Doctor" and "Professor" mean. Let me try to clear up some of his confusion, and perhaps yours…


META: The backlog's gone, and then some

I've burned through all the backlog I built up. Worse yet, I'm beginning to lose faith in my ability to do nightly blogging. I'm going to give it another hard try, though...

I think part of it is that I got too ambitious: tried to do a bunch of serious, large-scale writing. For now, I think I'll limit myself to about 200 words per entry, so that I can keep the workload manageable. This may mean the occasional 15-part series. Whatever.


The Birthday Paradox Explained

I don't think the Birthday Paradox is that complicated to understand...

First, let's get away from the math for a bit. What if there are 367 people (curse you, Feb 29) in a room? What then is the probability that two of them have the same birthday? Why, it's guaranteed that two do! The "pigeonhole principle" says that if you keep picking unique birthdays for folks in the room, you will run out of unique birthdays before you run out of folks.

Introduction to network trust establishment [Part 1]

There seems to be a lot of confusion outside the core computer security community about what the goals and methods of computer and network trust and security are. This blog entry is a non-professional's attempt to solve some of these problems. It is inevitably going to be incomplete, since I'm busy, and contain mistakes, since this isn't my top specialization. Suggestions for improvement are appreciated...

My day was full

Started with breakfast at Original Pancake House with a friend at 8:30 AM (in the morning!), then met with an open source partner for a couple of hours, then played Abstract Interpretation for a couple of hours with students...

Mitnick, Kerckhoff, and Open Source

The web-news-o-sphere (/., digg, reddit, etc.) is all abuzz today with the news that the infamous Kevin Mitnick has declared open source programs to be less secure than proprietary programs. Actually, his actual thesis is quite a bit more nuanced than that, but folks can hardly be blamed for wanting a sound bite...

Issues for digital artifact photo archiving [Part 3]

In parts 1 and 2 of this series, I took a look at some basic issues of digital imaging of historical artifacts. In this part, I develop a brief worksheet for inventory reporting for artifact photo collections...


Subscribe to RSS - blogs