Computing


I’m really looking forward to Terry Pratchett’s The Colour of Magic (obnoxious Flash site here, amusing promotional clips here). Part 1 was shown last night (England time), with Part 2 tonight, so I’m flexing my remote-viewing neurons and getting ready to peer across time and space to see the show tomorrow night.

In the meantime, I was amused to see the difference in promotional styles between those involved.

Actor Karen David is playing the character of Liessa Dragonlady in the movie. Ms David has created a YouTube account, and has put up some a video of her learning to swordfight for the
movie, and another one where she trains to swordfight upside down.

Karen David, you see, actually wants to promote herself. The more people who see her work, the more likely it is she’ll get more acting jobs. This is a Good Thing.

But then there’s anti-promotion, where the anti-promoter wishes to discourage people from buying their product. The Times Online is an example. The Times has put up a video clip of Tim Curry talking about his role in the movie — or at least, they say they have put up this clip, but I doubt it is correct. I can’t get it to play in any of three different web browsers, and at least two people have managed to battle the Times’ useless comment system to say that they too can’t get it to work. (I tried to leave a comment, but it got swallowed by the Rift — twice.) The Times’ webpage is so convoluted and confusing, with so much effort put into preventing viewers from accessing audiovisual files, that it’s hardly a surprise that they’ve broken something and the page simply doesn’t work.

That’s anti-promotion. Knowing what I know about the Times, I’m not inclined to waste my time going to their website — and I tell my friends and colleagues. Advertisers, take notice.

I’d like to link to the page so you can try it yourself, but the Times’s Terms and Conditions
prohibits linking to individual pages, or “Micro sites” as they call them. Possibly because the T&Cs were written by somebody with as much grasp of reality as the Bursar of Unseen University, and as much grace as the Dean. Presumably the aim is to inconvenience their readership as much as possible — heaven forbid that readers point their friends and colleagues at specific articles.

However, the T&C don’t prohibit listing the URL to pages, only linking. It’s allowed to tell people what the URL is, so long as it isn’t a clickable link. As if that makes any sense whatsoever. So here’s a non-clickable non-linked URL that you can copy and paste into your browser, if you care that much, and remember folks, some lawyer probably charged the Times tens of thousands of pounds for those T&Cs.

http://entertainment.timesonline.co.uk/tol/arts_and_entertainment/books/article3582378.ece

And when you’re done, don’t forget to send them an email asking why they want to make it difficult for readers to find the page they’re interested in. But if you really want to make an impact, don’t email the Times, email their advertisers, who I’m sure will just love it that the Times is doing their bit to reduce the number of eyes on each page. Actually, considering the annoying, obnoxious Flash video ads, the advertisers are probably just as crazy.

Advertisements

There are lots of advantages to running Linux, even if you’re not technically minded. It’s free (as in “free beer” and “free speech”), it comes with a heap of applications, there’s no spyware and viruses for Linux to speak of, and it gives you as close to total control over your computer as you can deal with.

The disadvantage is that many websites out there treat you not just as a second-class citizen — that (dis)honour goes to Mac users — but as a non-person. Things are far better now than they were a decade ago when I first moved onto Linux, and problem sites are now well and truly in the minority, but it does happen.

For example, the BBC is currently playing an Internet-radio broadcast of Terry Pratchett’s Nightwatch. Sending audio over the Internet should be easy: it could be as simple as offering a link to an ogg (free, open format) or mp3 (closed, semi-open but very popular format), and then let the user choose whatever music player they want to listen to the file. Easy, no stress, no fuss, no complicated web programming, it just works. That’s how the Internet was designed to be.

But no, the Beeb chooses to use streaming audio, and worse, instead of using a semi-open standard like mp3, they use RealMedia instead. Real has a decidedly negative reputation in the marketplace. But I’m not here to talk about that. Instead, I’m going to explain how Linux (and maybe Mac users?) can listen to Nightwatch without being a guru. There’s the tiniest bit of command line work involved, but nothing onerous. Your Auntie could do it.

Firstly, you must make sure you have mplayer installed. If haven’t, you can find detailed instructions on installing mplayer around the Internet. The hard part is setting up the correct software repositories, which is a once-off job. Once you system knows which repositories to look in, installing software is a snap: just use the Add/Remove Software program. It will do all the heavy lifting for you, finding and downloading the software off the Internet. If you prefer to use the command line, yum or apt-get will do the same. Depending on which version of Linux you’re using, there’s every chance that the repositories are already in place.

(I’m being deliberately brief here, because there really are an imperial tonne of instructions out there, and that’s more than a metric ton. If you really can’t find instructions using Google, then drop me a comment and I’ll write something up.) Don’t forget to install the extra codecs.

Come back once you have mplayer installed. I’ll be waiting.

Okay, done? Great. Now, there are three four steps to listening to the radio programme:

  1. Get the URL of the stream.
  2. Download the stream.
  3. Listen to the stream.
  4. Throwing the stream away again. (Yes, really.)

Step 1 is the hard part. Here’s what I did to get the URL of the stream (but don’t do this yourself, because there’s an easier way):

  1. Fire up Firefox (heh, pun intended) and go to the BBC’s Listen Again page and find the entry for Nightwatch.
  2. Click the Listen to latest show link and wait for the BBC iPlayer (“iPlayer”? Apple has a lot to answer for…) to open in a new window.
  3. If you have installed the Linux version of RealPlayer on your PC, and have configured your browser to use it, then (in theory) it should Just Play. But for those who haven’t:
  4. Click the pause button to stop the download, then right-click the Listen using stand-alone Real Player link and choose “Save link as…” or similar (the exact command depends on your browser).
  5. Save the file “nightwatch.ram” to your home directory.

Now that I’ve done it the Hard Way for you, here’s the Easy Way: right click on this link and save it to your home directory. (And, my friends, that’s why Digital Restrictions Management will never succeed in making bytes uncopyable: no matter how hard it is to access the file the first time, the second time is a snap. Media companies, save yourself a lot of money and heartache and learn to live with the rules of physics. Water is wet, and bytes are copyable.)

Step 2, downloading the stream: open a terminal (you’re a Linux user, I trust you know how to do that, right?) and type: mplayer -dumpstream `cat nightwatch.ram`

You should see a short burst of activity from mplayer, ending with “Cache size set to 640 KBytes” (or similar), then nothing for a while. Don’t panic, mplayer is busy streaming the audio file and dumping it to disk. Approximately thirty minutes later, or more if you have a slow Internet connection, mplayer will apparently suffer a seizure:

    Stream EOF detected
    Core dumped ;)
    Exiting... (End of file)

Do not worry, that is normal. Now rename the file “stream.dump” to something more sensible (say, “nightwatch-part_N.rm”). The .rm extension is important.

Step 3 is as easy as you would expect on Windows or Mac: double-click on the renamed file and it should play in the appropriate audio player. Worse case, right-click on the file and choose Open With…. You can play the file using any player that understands the RealAudio format. Mplayer or VLC media player are good choices, or the Linux version of Real Player.

Step 4 is the bit that, in the eyes of the BBC’s lawyers, means you aren’t really downloading the audio, but merely “streaming” it, even though there actually is a download taking place. Yes, it’s silly, but that’s what your music player or browser does every time you listen to a streaming file: download, listen, delete. That’s what the BBC’s own “iPlayer” does. (Disclaimer: I don’t actually know what the BBC’s lawyers will think about this argument, nor do I know what it might cost you to argue it in court.)

So, here goes step 4: once you’ve listened to the audio file, delete the file in the usual way.

And there you have it.

Rumours of Microsoft Windows including CIA or NSA backdoors have been around for years. This one though seems to be genuine.

Good random number generators (RNGs) are important for computer security. There are many security applications, from secure passwords to the software that lets you do Internet banking, that rely on a healthy chunk of randomness. If you can predict the “randomness” (in other words, if it isn’t really that random), you can often break the security. So important is the use of random number generators that the US government works closely with industry and academics to produce the state of the art RNG software.

But the government’s trusted role in the process includes a powerful temptation: what if they could include backdoors in the security software, so they could access your data but (hopefully) nobody else could? Some years ago, under President Clinton, the US tried to mandate the Clipper chip, which included a virtual backdoor to any software using it. That attempt failed, but in November security consultant and professional cryptoanalysist Bruce Schneier wrote about one of the latest RNGs championed by the NSA, “Dual_EC_DRBG”:

Problems with Dual_EC_DRBG were first described in early 2006. The math is complicated, but the general point is that the random numbers it produces have a small bias. […]

But today there’s an even bigger stink brewing around Dual_EC_DRBG. In an informal presentation (.pdf) at the CRYPTO 2007 conference in August, Dan Shumow and Niels Ferguson showed that the algorithm contains a weakness that can only be described as a backdoor.

With a cloud over the Dual_EC_DRBD algorithm, one wonders why Microsoft have now added it to Vista. It suggests to me not so much any nefarious motives on behalf of Microsoft, as just a failure to do their homework. Dual_EC_DRBD comes with NSA’s stamp of approval, but civilian cryptoanalysts are advising that even if the backdoor has not been put in it deliberately, it’s mere existence is a security breach.

It’s important not to over-react to this one. It doesn’t mean the NSA can read your email — they’ve had the ability to do that for years. What it does mean is that, at some time in the future Vista application software that relies on Dual_EC_DRBD will contain a secret backdoor. Who knows who will have the key? The NSA? Some private contractor who helped build it? In five years time, it could be in the hands of anyone.

If Microsoft is serious about security, they need to remove this insecure RNG from Vista.