The Flowing Candy Bees

Last week my Amazon Kindle suddenly froze, just as I was turning a page.  It did not respond to buttons, did not respond to a reset, did not shine a light when plugged in.  No funny screen lines or other buggy behavior, just sudden bricking.

We called the Amazon help line and I had to go through all the steps I already tried, talking to someone who wasn’t really listening to me (“Hold down the power button for 20 seconds.”  “Okay…no, 20 seconds later and it’s still frozen.”  “Great, now tell me when it’s done rebooting.”)  Eventually I was told that the Kindle was broken and out of warranty, but in order to keep me as a customer they were willing to sell me a new one for a little over half the price.  I said probably not.

My wife, however, noticed that the Kindle made a slight rattle when shaken.  I pried the back off and noticed two tiny screws were lying around in the case.  There were three screw holes, so I searched for and found the third screw jammed under the mainboard.  I put them back and tightened the screws with a knife, and the thing sprang back to life.  I’m guessing one of the screws fell in just the right place and shorted something, which explains how it could suddenly go from fully functional to completely unresponsive as I was using it.

Why were there loose screws?  Probably poor quality control at the factory, but maybe also because I have a Kindle cover with two metal tabs that slot into the side of the device.  If one (or one’s toddler) tugs and pushes on the Kindle while it’s jacked in, it can pry at the mainboard, maybe enough to dislodge a screw.

If you have a Kindle with the same symptoms—completely unresponsive, doesn’t reboot, doesn’t charge—you might want to check if one of the screws is missing.  You might hear a rattle if you shake it, but if a screw is jammed somewhere it won’t make noise.

I’m at the SPIE Electronic Imaging conference in San Jose, about to begin the second day of the Media Forensics and Security track. There have been some pretty cool papers, including one by Erik Kee and Hany Farid revealing a unique way to use the little image thumbnails in EXIF headers to trace an image to the camera that took it. It turns out that different camera models use slightly different parameters to scale/crop/adjust/compress the image, and by estimating those parameters you can often determine the brand of camera that took the image (you can also get this elsewhere in the EXIF header, but if someone tampers with that data the thumbnail provides a check.)

Anyway, I took a train from Oakland to San Jose, using my credit card, checked into my hotel with my credit card, and bought a cheapo umbrella, also with my credit card. On that third transaction the card was declined. Assuming that these purchases in California triggered some fraud alert, I called the card company to find that they couldn’t help me because all their computers were down. Ha ha, dammit.

The next day I reached them just before I registered for the conference, which I also wanted to put on the card. It turns out that my card was not blocked, it was cancelled. And not because of transactions from CA, but because of a massive leak of credit card information from “a major retailer.” They wouldn’t say who, but it was probably the parent company that owns TJ Maxx.

Of course, I am on the other side of the country and cannot wait for a replacement card to arrive in the mail. The operator explained that I could still use the card if I (a) called the 1-800 number just before I was about to hand the card to a cashier; (b) waited on hold; (c) provide my card number and privacy questions over the phone; (d) gave them the amount I was about to spend; and (e) let him hold the card open while the transaction goes through.

I was pretty ticked at first, especially as I am not in a good situation to have my card cancelled (with no notification, of course.) But then, from a security standpoint I would be happy if this sort of blanket inconvenience occurred every time a leak happened. We need people to feel the consequences of their data being abused, so that retailers feel at least some pressure not to leave all your transaction data from 4 years ago on a computer connected to the Internet.

I routinely have to produce vector graphics as EPS files, for figures in conference papers. Usually I compose these things as a slide in Apple’s Keynote, and choose “save as Postscript” from the Print menu. This gets me a big white field, with the figure lurking within. It must be rotated and cropped.

One of the great embarrassments of the computer industry is that you can’t simply rotate and crop a picture in one of the world’s most common image formats. Other embarrassments include the increasing difficulty of plugging a computer into a projector, and the industry decision to put rental movies on exposed, scratchable plastic platters. The EPS problem is less of a scandal, but it is still pretty bad. You want to look at an image, rotate, crop and save it; pretty much every OS could do that out of the box since the 1980s—to a raster image. To do the same with a vector graphic you need to dig up and download a raft of decades-old utilities, and pore through a few support forums along the way.

I eventually figure out a byzantine way to fix these pictures, but it is completely different for each computer system I’ve ever used. If you found this page by Google search, I can give you a working solution for OSX; if this is not your system, I can only wish you luck.

First, the ugly setup. I have Ghostscript and LaTeX installed on my computer, which give me the commands I need to manipulate Postscript files. You can get LaTeX here, and for Ghostscript you go to this page. Download and open the most recent distribution, navigate to its folder in the Terminal, and type the commands ./configure, make, and sudo make install. Making ghostscript requires that you have the compiler installed; if you get a command not found when typing gcc at the Terminal prompt, then you need to dig out your install disk and install the optional Xcode tools.

To crop, I start out with a printer output start.ps on OSX, and distill the thing from a PS file into an EPS file using the Terminal command eps2eps start.ps nextStep.eps. This also tidies up the file; if you don’t do this first, the other commands will eventually get confused.

Step 1.5: open the EPS file with a text editor, and delete the third line that starts “HiResBoundingBox.” This is redundant information, and if you leave it in, you will eventually have two different bounding boxes.

Next, I use ./psfixbb -c -e nextStep.eps > stepThree.eps to fix the bounding box. You can find this script online, and it invokes Ghostscript to work. Psfixbb renders the picture as a raster image, scans that image to find the nonwhite pixels, and estimates the true bounding box of your graphic.

[It supposedly has an option to rotate the picture too, but it doesn't work. It will rotate the bounding box and leave the graphic alone.]

Finally, if you must rotate the image use epsffit -r NUM NUM NUM NUM stepThree.eps stepFour.eps. Replace those four NUMs with the four numbers spit out by the previous program. This program manages to rotate EPS files properly under OSX.

Kevin Craver is apparenly the Shaw Newspapers Journalist of the Year. Tell me if you see any resemblance.

He won this prestigious honor with Danielle Guerra for covering an improbable cluster of rare brain cancers that occurred near a chemical plant that at various times dumped stuff in the aquifer and in the air. The underlying story is very complex, and they didn’t dumb it down: the cancer cannot be traced to any simple cause, and isn’t simply environmental malfeasance by some chemical plant, but also a failure of local government, and an inability of local officials to wrap their heads around the science involved—and yet, here are two people who were able to wrap their heads around the science and also communicate it to ordinary people. Part of the award is surely due to presentation, because rather than simply reporting on events in plain text they used new media formats to give the victims a presence they otherwise would not have had in spare print.

Kevin is a generally skeptical person, and resourceful, distinct from other jouranlists because he is equipped with the scientific, logical and quantitative machinery needed to question and evaluate factual claims. For example, when the plant in question used air stripping to transfer harmful waste into the air, its managers argued that this wouldn’t hurt the town because the town was south and the wind blew west to east. Kevin turned to nearby O’Hare airport to access their mountains of data on wind speed and direction, allowing him to prove that this was an absurd simplification.

But seriously, he has to lose the sweater. Not that it’s a bad sweater, but the last 10 pictures I took of the dude are in that sweater. He’s starting to come across as a cartoon character.

As of this morning we are officially homeowners. After a small confusion over who actually had the keys, we took possession of this lovely Binghamton west-side home on Binghamton’s lovely west side. Everything is awesome about this, all the way down to the Monty Pythonic house number.

Our house faces the park, so we basically have a 22-acre front lawn complete with tennis courts, a pool, and a haunted carousel where the vampire clowns sleep during the day. Location location location!

Read the rest of this entry »

The 2008 contest is up at underhanded.xcott.com. This year’s challenge: block-out parts of an image in such a way that the clipped pixels can be somehow reconstructed.

A neat steganographic trick: find a form of artificial data partially driven by pseudo-random bits, rip out the PRNG, and replace it with a ciphertext beacon. If the PRNG state can be estimated by someone who receives the data, you have a covert channel. Example:

These are two of my PhD students. We created some novelty iChat backdrops, like this “rainclouds in the office” deal. The rain and lightning are driven by a PRNG, which we replaced with a contaminated patch that grabs ciphertext from another application. On the other side we can extract the PRNG bits by the position of the raindrops. With various animations we can transmit ciphertext on the order of 500bps.

What’s so great about this? Well, first of all, it’s almost perfect. The cat-and-mouse game of steganography usually involves tampering with natural data like images; inevitably, this tampering tweaks some obscure statistics that give away the embedding. You refine your tampering, Wendy refines her classifier. There is no obvious end to this game, because nobody has perfect statistical knowledge of images, video or audio clips.

In our case, we decided to tamper with a data source that is engineered to be indistinguishable from iid coin flips. If the original PRNG was strong, there’s really no way you can tell (that’s the “almost” part—Apple’s built-in PRNG is pretty weak, so you can’t just doctor an existing animation.)

Second of all, it’s supraliminal. A “subliminal” channel is a mainstream crypto term for steganography, coined by Gus Simmons (see a great story on this in the May 1998 IEEE Journal of Selected Areas in Communications.) This has nothing to do with so-called subliminal messages; it just means hiding data in a throwaway part of a message that nobody notices. In contrast, a “supraliminal” channel hides data in very blatant, obvious, visible parts of a message. Peter Wayner’s mimic functions, which transform messages into text dialogs, are supraliminal. So are these animations: if you try to wipe out the channel, you tamper with content.

Which is the point of a supraliminal channel. We introduced the term in a 1998 paper at the 2nd Information Hiding Workshop in Portland (jeez, so much happened that year,) and the purpose was to establish a brief uncensorable channel which can be used as a primitive in a key-exchange protocol. You see, steganography is for people who aren’t allowed to do key exchange. You have an environment where sending crypto is banned, sending key data is banned, sending random strings is banned. And if you try to embed your public key in an image, you have to do it without a secret key—meaning that the warden can erase the channel. A supraliminal channel allows you to send that initial public data without the erasure.

The one caveat is that anything you send over this public channel cannot have any structure or meaning that distinguishes it from channel noise. You can’t send plain text, you can’t send an RSA key (what a coincidence, those bits form a number that I can’t factor) but you can do Diffie-Hellman with a known p, if your values (mod p) are slightly fixed to look uniform over n-bit strings.

Thirdly, this was fun. I’ve done a lot of fun projects before, breaking DRM schemes, taking part in contests, running our own security contests, creating end-to-end prototypes, but this one was the coolest. It involved coding, reverse-engineering, data collection and analysis, protocol design, and actual graphic design. Half the challenge was coming up with fun ideas for novelty backdrops.

We presented this at Information Hiding 08 in Santa Barbara, and for fun I used a contaiminated background animation in the Keynote slide theme. You can put these things anywhere.

BTW, I got a lot of useful information on Quartz Composer programming from Kineme.net, and without their help we wouldn’t have been able to make our animations draggable into iChat. We owe those dudes a debt of gratitude.

Spotted by the folks at HackADay.com, here’s a simple way to open locked doors without any lockpicking skills: use a length of gauge 6 copper wire to pull the handle from the other side.

What’s really interesting is the policy that makes the hack possible: businesses and public buildings are required to have accessible door latches by the Americans with Disabilities Act. This usually means handles in place of round door knobs; in general, you should be able to open a door with a closed fist, without fine manipulation. This also happens to produce a door interface that can be pulled by a crudely fashioned length of copper wire.

This is an excellent real-world (by which I mean non-computer) example of the interplay between security, accessibility and usability. You want a lock on the door, but you also want the door to be easy to open, and if you aren’t thinking about both goals simultaneously, one goal can clobber the other. This sort of design compartmentalization is common, difficult to avoid, and a big part of the reason why security is hard.

Of course, this isn’t a necessary trade-off, because accessibility does not preclude security. This hack simply means that few people think that much about both simultaneously. You can probably design an ADA-compliant door interface that can’t be easily pulled from the other side.

I’ll try this hack soon, because our department just got re-keyed. Some fool contractor lost a master key and everything had to be changed and updated. My office key used to open our reading room and copy room and dept office, but now each requires a separate key and I haven’t been able to collect ‘em all.

Apparently there will be a “Professional Bull Riding” event this weekend at the arena across the river.

This is a mere half mile from my house, which is only about a two hour walk if you have to shovel. Which brings me to the other interesting thing that just happened: the remaining 25% of winter. Whee, snow. Enough snow to close the University, by knocking out the power campus-wide. It was also enough winter to give me a cold.

In other news, the Underhanded C Contest has just begun. I decided to host it on my main site as a WordPress blog. I have to say that WordPress makes my life much easier. It’s not just for blogs: WP is really the quickest way for me to put up a web site about anything, with most of the features I usually need. This is especially true now that WordPress has pages and a page menu, and attributes that I can use to mark articles as hidden. I amended the WordPress theme code so that users can be served a completely different site, with hidden content etc, once they log in.

We’ll shall see, however, how well it does against a Slashdotting.

So far I’ve shoveled for four hours, cumulative: a half hour late last night, 2 hours this morning, 45 minutes at lunch, and 45 minutes in the afternoon. This is the first time I had to shovel the driveway so we could get out, and again in the afternoon so we could get back in.

It’s a lot of time and trouble to shovel because firstly, my entire back lot is paved. This house is divided into two apartments, and the whole backyard is off-street parking in anticipation of the big Binghamton population boom of 2159. So imagine shoveling out your entire backyard (if you live in Silicon Valley, imagine a lot about twice the size of your backyard.) Secondly, the driveway squeezes between two houses, so there’s no place to move the snow. I spent most of the time carrying the snow out of the alleyway one shovelful at a time.

I’m guessing maybe two more hours will be needed before tomorrow morning, when classes resume. Maybe then I’ll finally see the dude on the ATV. There’s this dude, see, and he has an ATV with a mini-plow, and he’ll clear your driveway in minutes for something like 10 bucks. Except he shows up only when you are done shoveling. I have no idea where he lives; he just materializes on the streets of town after the snow is down, like the spark in Qix. Maybe after a few levels he’ll get here faster.