Kittens Are Cute

Kittens are immensely cute. See below.

Three Sleeping Kittens

That aside, and now I’ve gotten the attention of all of you, I’m not going to write about kittens at all. As those of you who read Abnib (or otherwise read both Bryn and my blog), we had a little kerfuffle yesterday about the Welsh language. I thought I’d probably get a chance to post first, before he did, but I’ve learned very well not to post when drunk, and waited ’til this morning… by which time he’d written his own. In any case…

On The Value Of The Welsh Language

I agree entirely with Bryn that Welsh is indeed, not, definitively, an old dead language. In fact, I was surprised to find that usage of the language is increasing in many areas of Wales (which, to be fair, I find hard to understand the reasons for – I would have always have suspected it of being a language in decline). Statistically speaking, Welsh usage in Aberystwyth has fallen in the last 10 years (source: 1991/2001 census), but this can be attributed to the fact that the survey methods used between these two censuses has changed – for the first time, in 2001, students were counted by their term-time address (which is, to be fair, typically where they spend most of the year), rather than their home-time address. A deeper look at the statistics shows that the number of Welsh speakers in Aberystwyth has increased pretty much in-line with the population over the last decade. A great demonstration of what can be ‘proven’ with statistics.

In any case, Bryn’s blog entry meanders around the topic a little – if his post is directed (as I assume it is) to me, then he makes the mistake that I am comparing the Welsh language to British English, a dialect of English spoken by approximately 15% of English speakers worldwid… and, in fact, we spent a little while later in the evening finding fault with English – which, let’s face it, with it’s non-phonetic structure, crazy spellings, inconsistent double-letters, and double-meanings [right?], isn’t difficult – at which point the comparison came between Welsh and other phonetic languages; in particular Russian (which uses the nightmare Cyrillic alphabet) and Latin (which really is a dead language, sadly), and – kind of – Esperanto.

In the end, I think it’s important for Bryn to realise that it was not him I was trying to spark a debate about (which, in the end, is my only aim when launching with a contraversial point such as the one I made), but a language which he happens to speak (and which, given any kind of free time in my life, I’d still love to learn – something I’ve been promising myself for about four years now, but the most I’ve managed is a brief, free introduction). English is the third-most common “first language”, but then, Windows is the most common “first operating system”, and I don’t think that Bryn would have walked out if I’d have said that the operating system he uses was “old and dead” – to the contrary, this would probably have led to a lively debate about the relative merits of various operating system choice.

It seems that somehow my attack on the Welsh language was seen by Bryn as an attack on him, which it wasn’t. And perhaps more importantly, it doesn’t mean that what I implied is what I mean, only that this could get people thinking and talking about things they might not otherwise think twice about.

On ‘The Video’

Not one to split things into multiple posts if I think of them at the same time, I thought I’d also say a word about the video Bryn mentioned: sorry about that, but again – it’s not you or what you do, it’s just a bit of fun that I think got out of hand amongst the Troma Night troops. Not that that’s going to stop me showing next week’s mini-video (which I don’t think features you, Bryn).

Sorry there, old man. While I stand my ground on the Welsh language icebreaker, and I apologise profusely for letting ‘the video’ get out of hand, I still ought to have thought about your feelings, too. And you shouldn’t have walked out.

Aren’t kittens brilliant? There’s one more for you to look at, here.

SmartData On BBC News Online

From an article on the BBC:

Aberystwyth TechniumSmartData UK aims to create software and database solutions.

Company spokesman Gareth Hopkins said: “The move to Technium Aberystwyth has facilitated an expansion of the company and we believe this opportunity will open up a whole range of possibilities.

“The package offered by the Technium will assist us in creating more jobs and expanding into the international market place.”

Hayley’s LiveJournal

You know, there’ve been several occassions on which I’d have really loved to have left a comment on Hayley’s LiveJournal, but she’s set it so that only people she’s listed as “friends” can post comments to it, and she hasn’t listed anybody as friends!

But hey; now that I’ve mentioned this on my blog, everybody who knows us both will pester her until she fixes it. Winnage.

ATOM Feed Of Your GMail Inbox?

Checking my GMail account this morning, I noticed an unusual icon in the lower-right corner of the browser window:

Atom feed icon showing in a web browser viewing GMail

It turns out that Google‘s GMail service seems to be testing an ATOM feed – a kind of syndication feed (similar to those used by weblogs and news sites – see Scatmania’s ATOM feed) that can be ‘subscribed’ to from your desktop computer.

Right now, the GMail feed looks pretty bare:

ATOM feed from GMail

Nonetheless, this is an interesting turn of events – didn’t Google recently say that no other automated mail checking tools were to be used except for their own GMail Notifier (sorry, can’t find a news story to link)? But now it looks like they’re working on developing a format by which anybody can ‘subscribe’ to their own inbox (although probably only using a web browser – the non-browser-based XML readers seem to have difficulty with cookies, which are likely to be required.

It’s all interesting.

×

Security Engineering

A secure password does not make a system secure. No password – in fact, no authentication system – is entirely bulletproof. The key when designing a password-based access system, and choosing passwords, is to balance an equation. You must make the effort required to crack the password more valuable than the data the password protects. This will force the attacker to attempt another approach – there is no value in them continuing to try to break the password.

When laying barbed wire, we do not attempt to completely block access to the defended area (the enemy will just stay put and bring in tanks), unless we want to bring in enemy tanks (to, for example, ensure that they aren’t elsewhere!). We lay out barbed wire in a pattern that requires infantry to take a longer route in order to get in, in order that we can shoot at them more on their way. When laying barbed wire, there is never any doubt that the enemy will penetrate it, given enough effort.

When I tell people that no password is completely secure, and describe all that is above to them, they sometimes don’t believe me, or see the relevance. So here’s another example I came up with this morning:

When people install burglar alarms in their houses, they think they are doing it to prevent burglars. But this doesn’t work, otherwise the number of burglars would be expected to go down as the ratio of houses with burglar alarms has increased. No; a burglar alarm does not prevent burglars – what a burglar alarm does is makes the effort (in this case, the chance of getting caught) not worth the data protected (your TV, VCR, computer, etc.). So the burglar goes elsewhere – perhaps to steal less valuable stuff, but from somewhere that the effort is substantially lower. Burglar alarms don’t stop burglars – they redirect them.

But if the value of the data you’re protecting increases, then the equation disbalances, and it becomes worth the effort. If you start keeping stacks of gold bars in your living room, our burglar will probably risk getting caught to try to nab them. Or they might spend time getting the experience and equipment needed to disarm your alarm first. Or they might watch your daily patterns; see if you sometimes forget to arm the alarm, or maybe they’ll bribe your ex- to share with them the code.

There’s the basics of security engineering. Now, here’s the bit I missed:

Hackers are a very complicated set of people, of all manner of ages, disciplines, experience levels, and motivations. An important factor with many hackers is that, regardless of the possible value of the data, the effort taken to break into the system is irrelevant as a deterrent! Many hackers see more challenging systems as a ‘challenge’, and try to break into these systems just to prove that they can. Imagine your suprise when you find that your house has been broken into and all the gold bars in your living room have been autographed by some greyhat.

Now go change your passwords.

Windows XP SP1 Honeypot Breached In 200 Seconds

The internet is becoming a scarier and scarier place.

In a recent “honeypot” study, a Windows XP computer with Service Pack 1 was infiltrated in just 200 seconds, without even opening a web browser.

For the less techie-minded, a “honeypot” study involves setting up a new PC with a new operating system (in this case, a Windows XP SP1 machine) and connecting it directly to the internet to see how it is attacked and to what end. In this case, all they did was connect said computer to the internet… and less than four minutes later, it had been compromised by an attacker. Within half an hour, it was receiving instructions to act as a bridge to attack other computers.

Four minutes isn’t long enough to download and install ZoneAlarm. It certainly isn’t long enough to install Service Pack 2. And all across the globe, newbie PC users are buying off-the-shelf computers with no firewall, taking them home, and connecting them to the internet, basically ‘volunteering’ their computers and their bandwidth to be zombies and attack others around the world, relay spam, or share their files with anybody, anywhere.

If anybody needs help securing their system, just give me a shout.