January 13, 2010

January 14, 2010

Flawed Security

As awareness of the seriousness of the Chinese intrusion into Google expands, I would like to highlight what the Chinese "People's Daily" is saying about Google today:

As the world's most famous search engine company, supposedly its defense capabilities should also be very strong. If the defense system is really flawed, it is necessary to strengthen preventive measures, while passive withdrawal only shows incompetence, but also contributes to the arrogance of hackers, which is very inconsistent with Google's prominent identity.

Think about that for a moment.

Google caught the electronic equivalent of a Chinese drone attack, using sophisticated weapons and circumnavigating layers of defenses. Imagine if the Chinese People's daily had issued a similar statement about the lack of antiaircraft missiles atop the World Trade Center or lax security of United Airlines.

The Google attack was not merely a picked lock.

As some details come out, it is clear that the attacker must have had access to many resources: the ability to make a custom virus on a previously unknown bug in IE; a familiarity with the architecture of Google's highly protected internal systems; and the knowledge of Chinese dissident private email addresses. An expert has called the attack on gmail "incredibly sophisticated, the kind only seen in the government and defense industrial sector."

What seems increasingly flawed is the premise that it is possible to operate an honest business under the thumb of Chinese authorities.

Posted by David at 09:15 AM | Comments (0)

January 15, 2010


A puzzle!

Rearrange the letters SEARCH ENGINE to make a phrase representing the displeasure of a nation.

h/t Rachel Grey

Posted by David at 11:38 AM | Comments (8)

January 16, 2010

Ballmer Favors Torture for Lawyers

After a series of Chinese lawyers have been imprisoned and tortured and "gone missing" for speaking up for their clients in China, our friend Steve Ballmer still "doesn't understand" why Google is upset about break-ins into Chinese lawyers email accounts. "I donít think there was anything unusual," he says.

Perhaps torture of lawyers is routine at Microsoft; it is a bit unusual at Google.

Posted by David at 12:18 PM | Comments (0)

January 17, 2010


My wife was originally not going to bother voting in Tuesday's special election for Senate, since we live in deepest of the deep blue states.

But it's turning out to be a nailbiter, so she's going to vote after all.

Go vote.

Posted by David at 07:38 AM | Comments (0)

January 18, 2010

Campaign Calls

We've gotten three calls from the Scott Brown campaign in the last 24 hours, two of them late at night. The GOP smells blood in the water.

But everybody around here is a Democrat!

Posted by David at 12:10 PM | Comments (1)

January 19, 2010

My God, What Have We Done?

Fellow Massachusetts voters! What was the point in electing Brown?

Continue reading "My God, What Have We Done?"
Posted by David at 09:57 PM | Comments (3)

January 24, 2010

Xinhua: We Report, You Decide

Does reading the Chinese press remind you of watching Fox News?

There is a whole world outside China and outside Fox News that is starkly different and a bit closer to reality.

But when you realize that Fox is actually the most trusted news brand in the U.S. today, you can get an appreciation for the success that a censored Chinese media can have inside the world's largest society. The effects of squashing dissent in the name of nationalism are not "very limited"...

Posted by David at 09:49 AM | Comments (1)

January 30, 2010

Random Seeds, Coded Hints, and Quintillions

Here is a seedable random number generator in Javascript that you can set up to produce a determinstic sequence of pseudorandom numbers. Browsers do not provide a built-in way to seed Math.random(), so this solution is handy both when you need a repeatable pseudorandom sequence that is completely predictable, and when you need a robust seed that is much more unpredictable than your browser's built-in random number generator.

Update: seedrandom is checked in at github, available as a node package, available as a bower package, and available on cdnjs. It can be used directly as a modern AMD script with require.js, or as a node.js package.

Many games that use weak random number generators have been cracked by exploiting their lack of randomness, and recently it has even been shown that it is possible to guess your 'random' Social Security Number given information about the time and location of your birth. To resist this type of attack, you want do better than a linear congruential PRNG seeded with the current time. Explanations below.

Continue reading "Random Seeds, Coded Hints, and Quintillions"
Posted by David at 08:06 PM | Comments (28)