Liudvikas Bukys

Archive for the ‘LINKS’ Category.

Ubiquity Breeds Utility

October 31, 2003, 4:46 pm

Andrew Anker on wireless networks at Dartmouth: VentureBlog: Ubiquity Breeds Utility:

The wireless revolution is possibly over-hyped, but don’t tell that to the good folks at Dartmouth. They have gained wireless ubiquity, and are completely re-thinking how they use cellphones, PDAs, computers, newspapers, instant messenger, printers, power outlets, and most importantly, their time.

Category: LINKS, universities | Comment

Security risk of processing medical and tax files overseas

October 27, 2003, 7:41 am

Rick Alber, via
Dave Farber’s Interesting-People:

David Lazarus, an investigative business reporter for the San Francisco
Chronicle, had a series of 3 chilling articles about how companies
cannot maintain privacy protections when they send medical and tax
records overseas for processing. The folks on the IP list might like to
read about these recent developments:

A tough lesson on medical privacy:
Pakistani transcriber threatens UCSF over back pay – Pakistani clerk threatens to reveal patient
medical information unless she receives additional pay.

Privacy takes a backseat – U.S. accountants are taking advantage of Indian
tax accounting services, shipping client information overseas for return
preparation, without informing clients.

A politician who reads the papers – California legislator proposes bill to prohibit
sending medical data overseas.

Category: LINKS, security examples | Comment

The Relationship Between Network Security and Spam

October 25, 2003, 5:53 pm

Carl Hutzler and Ron da Silva, AOL Time Warner, at NANOG:
The Relationship Between Network Security and Spam:

Large ISPs like AOL have deployed sophisticated blocking, rate
limiting, and filtering technologies which are forcing spammers
to find new methods.

In order to blend in, spammers like finding IP space and/or
accounts on major ISPs. We are forcing them to the ISPs

Spammers are likely paying hackers to provide IP space for
them to utilize with the goal being to spread out the volume
across many IPs to blend in.

Many of the techniques hackers use are more and more criminal
and disruptive in nature

Network and Application Security are more important than ever.

The presentation’s last slide includes instructions on how owners of networks can register to receive realtime AOL spam complaints (the Complaint Feedback Loop).

Category: LINKS, security, spam | Comment

Workarounds for certain old DVIPS-generated PostScript files

October 24, 2003, 9:22 am

This is for the benefit of other RH9 or URW font users googling for a solution to this problem:

Valek Filippov <frob@df.ru> distributes
the URW fonts, modified to include Cyrillic characters.
The RedHat 9 and RawHide distributions are tracking his version.

The problem is some old versions of the Tex converter DVIPS generated PostScript code that depended on fonts having an executable FontBBox attribute (defined
with curly braces ‘{‘ ‘}’ not brackets ‘[‘ ‘]’).

The following PostScript code dumps the FontBBox of every font (one way to run it is to pipe it into GhostScript with the command “gs -sDEVICE=nullpage”):



%!

FontDirectory { exch == /FontBBox get == } forall

and it turns out that the fonts Times-Roman AKA NimbusRomNo9L-Regu
and Helvetica AKA NimbusSanL-Regu are not executable under the default RH9 install.

The problem PostScript code generated by the Tex converter DVIPS,
essentially:



%!

/Helvetica findfont begin FontBBox 4 array astore

One published example that demonstrates this bug is:
this TR from MIT, but there are
plenty of others.
I speculate that the idiom arose from an early (also buggy) Apple LaserPrep file.

The GhostScript error produced when these fonts are installed is like this:



Error: /stackunderflow in –astore–

Operand stack:

   false   FontBBox   –nostringval–   –nostringval–

Execution stack:

   %interp_exit

   .runexec2   –nostringval–

   –nostringval–   –nostringval–

   2   %stopped_push

   –nostringval–   –nostringval–   –nostringval–

   false   1   %stopped_push

   1   3   %oparray_pop

   1   3   %oparray_pop

   .runexec2   –nostringval–

   –nostringval–   –nostringval–

   2   %stopped_push

   –nostringval–   –nostringval–

   –nostringval–   –nostringval–   –nostringval–

Dictionary stack:

   –dict:1050/1123(ro)(G)–   –dict:0/20(G)–

   –dict:93/200(L)–   –dict:207/270(L)–

   –dict:12/14(ro)(G)–   –dict:12/13(L)–

Current allocation mode is local

GNU Ghostscript 7.05: Unrecoverable error, exit code 1

I have posted bug reports to Valek Filippov and to the developers of the pfaedit tool, and I hope that will result in new releases of the fonts that are more tolerant of this historical DVIPS error.
George Williams, author of pfaedit,
has pointed out
the relevant text in the PostScript Reference Manual:

In many Type 1 fonts the FontBBox array is executable, though
there is no good reason for this to be so. Programs that access
FontBBox should invoke an explicit get or load to avoid
unintended execution.

but has expressed willingness to change his pfaedit font editor to produce fonts with executable FontBBox.

In the meantime, system administrators can manually edit the fonts themselves, e.g., on RH9, edit /usr/share/fonts/default/Type1/*.pfb and make sure all FontBBox definitions uses braces not brackets.

Or, if you want to fix the incorrect code in your old dusty-deck DVIPS-generated PostScript files, you can use the following shell script:



#!/bin/sh

perl -pi.bak \

    -e ‘s@(?!/)FontBBox(?= 4 array astore)@currentdict /FontBBox get aload pop@’ \

    ${1+”$@”}

Note that the
URW fonts distributed by the GIMP project do not tickle this problem (but they probably don’t include the Cyrillic characters either).

Category: LINKS, misc | Comment

CAPTCHA

October 20, 2003, 7:32 am

Scientific American: Baffling the Bots — Anti-spammers take on automatons posing as humans on
“completely automated public Turing test to tell computers and humans apart” (CAPTCHA):

“This is our arms race,” he says. “There’s no question that bots are going to become more and more sophisticated.”

Image: HENRY S. BAIRD PARC

Note that I’ve heard rumors of (or at least predictions of) CAPTCHA-workaround systems that farm out recognition work to pools of humans, e.g. by presenting them to users of other heavily-trafficed sites. If anybody has a specific example of that, I’d like to know.

Update: Thanks to Yakov Shafranovich for pointing out
Matt McCay’s weblog pointing to a
Pittsburgh Post-Gazette article citing Luis von Ahn at CMU as the source of this:

But at least one potential spammer managed to crack the CAPTCHA test. Someone designed a software robot that would fill out a registration form and, when confronted with a CAPTCHA test, would post it on a free porn site. Visitors to the porn site would be asked to complete the test before they could view more pornography, and the software robot would use their answer to complete the e-mail registration.

Category: LINKS, security, spam | 3 Comments

EFF on Trusted Computing

October 7, 2003, 11:17 am

EFF: Trusted Computing: Promise and Risk summarizes the features and dangers of “trusted computing” frameworks, and proposes an “owner override” modification to fix the “unacceptably grave design flaw” of attestations without any owner control.

[via Ed Felten: Freedom to Tinker]

Category: LINKS, security | Comment

University of Florida squashes P2P

October 3, 2003, 8:55 am

Wired News: Florida Dorms Lock Out P2P Users:

The University of Florida has developed a tool to help extricate the school from the morass of peer-to-peer file trading, and early results show that it’s succeeding.

Integrated Computer Application for Recognizing User Services, commonly called Icarus, debuted over the summer on the network that links all the residence halls on the UF campus.

Category: LINKS, policy and law, universities | Comment

RIAA Enemy #1: Wal-Mart, Not Kazaa

October 2, 2003, 12:55 pm

Kevin Laws: RIAA Enemy #1: Wal-Mart, Not Kazaa:

So while the industry still has the ability to generate initial interest for a hit record, they no longer have the ability to get the message out in dying music stores or capitalize on that interest quickly. This has made it very difficult to create the next Britney Spears. It still happens, of course, but the primary advantage the big music companies had over potential new entrants is disappearing. While file sharing is starting to have a significant impact, it is Wal-Mart that has done the most to damage the RIAA members so far.

Category: LINKS, misc | Comment

Rasch: Journalists served subpoenas in Lamo case

September 29, 2003, 2:41 pm

Mark Rasch: The Subpoenas are Coming!:

The demand that journalists preserve their notes is being made under laws that require ISP’s and other “providers of electronic communications services” to preserve, for example, e-mails stored on their service, pending a subpoena, under a statute modified by the USA-PATRIOT Act.

The purpose of that law was to prevent the inadvertent destruction of ephemeral electronic records pending a subpoena. For example, you could tell an ISP that you were investigating a hacking case, and that they should preserve the audit logs while you ran to the local magistrate for a subpoena.

It was never intended to apply to journalist’s records.

Category: LINKS, policy and law | Comment

KaZaA sues RIAA for copyright infringement

September 25, 2003, 2:57 pm

What a headline.
As Dave Barry would say,
“I am not making this up”:
The Register: KaZaA sues RIAA for copyright infringement
«
… Sharman says the RIAA has distributed versions of KaZaA Lite with warning messages to potential infringers, which it deems “monopolistic and conspiratorial” behavior. In July a Judge nixed an attempt by Sharman Networks to stop the distribution of RIAA-flavored KaZaA software using Antitrust legislation. That failed, but this time it’s trying again…
»