The key to a good password hashing function (whether it’s for storing the hash in an authentication system or to generate a key for encryption) is that it be slow. Well, not actually slow, but difficult. Well, not actually difficult, but expensive. The progression of hashing algorithms reflects this, from crypto to bcrypt to scrypt. The most frequently (only?) cited section of the scrypt paper is the table at the end comparing the cost to build cracking machines for various algorithms. The focus is on designing an algorithm that is computationally expensive, such that it becomes financially expensive to build a cracker. Nevertheless, as expensive as it would be, it is possible to build an scrypt cracker. What if we could use an algorithm that made it impossible, not just expensive, to build a cracking machine?

more...

Went to a movie this afternoon because it was raining. Because it was raining, the government issued a puddles of unusual depth alert, causing everybody’s phone to blow up mid movie, within the space of a few minutes. The weather catastrophe alert tone could have been a credible sound effect, coupled with some great positional surround sound, but all the lit up screens gave the trick away. Then it kept happening as the less important people were notified and started interrupting the movie. There’s always a few idiots who can’t turn their phone off, but the number of alerts received made it seem likely the alerts can override vibrate or even silent settings.

The good news is the alerts can be turned off (somewhere in phone settings) to avoid disturbance at the movies or elsewhere. I did so last summer after noticing alerts happen whenever it rains.

The movie was Edge of Tomorrow. I liked it. Groundhog Day meets Starship Troopers.

Amber Alert update: Amber Alert worked well. Apparently, their definition of success was waking people up at 4am, since there’s no mention of how the alert influenced the outcome of the children, which is how I would determine if it worked well or not.

Much has been written about the awfulness of Apple Maps, but sometimes it’s just awesome. I’m in California; I search for a Philz (because that’s what you do in the Bay Area), and I get... Philadelphia. iPhone knows me better than I thought.

Having lunch today in Startup Valley, breathing in the entrepreneurship and prepping my elevator pitches. Here’s my latest startup idea: Whiskme.

The number of small batch distilleries has increased tenfold in the past ten years, making it harder than ever for connoisseurs to sample the market’s many offerings. Whiskme is a peer to peer app that leverages the sharing economy to deliver rare and exotic whisky (and occasional whiskey) right to your door. Users of our location aware social network app list the contents of their whisky collection that they are willing to trade, and identify samples they would like to try. Then our advanced cloud based platform processes these requests using sophisticated machine learning algorithms to create potential swap pairs. When a match is found, both parties are notified via our app and a Lyft car is automatically dispatched to handle the physical transport. You never need to leave your home!

Any Wikipedia article that has been mathematized is practically guaranteed to be incomprehensible. And it’s definitely guaranteed to be illegible. The article for locality sensitive hashing doesn’t disappoint.

Why is math illiteracy rampant? Because nobody should be forced to read text like this unless they’re guilty of some heinous crime.

Sometimes I receive mail from people with msn.com (or outlook.com or live.com) email addresses. Legit mail, even including patches for OpenBSD (crazy!). Unfortunately my IP address was blacklisted, so my direct replies would bounce back to me. The good news is that Microsoft has a support form you can use to resolve this issue. The bad news is it asks 30 (thirty!) questions (all required!) about my business and my mailing list.

“What OS are you using?” OpenBSD

“What mail transport software are you using?” smtpd

“Provide the URL of your web site.” ok... www.tedunangst.com

“Provide the URL of your Privacy Policy.” uh...

“In what manner(s) are recipients added to your mailing list(s)?” I type it in the To: box. Sometimes I click reply.

“Please copy/paste samples of a few of the messages you’re sending.” (An email containing a patch for src/lib/libfuse. Bet they haven’t seen that before.)

The good news is somebody at Microsoft has decided I “qualify for conditional mitigation” until such time as I have “established a good reputation” according to the form letter response. The bad news I don’t know if anybody read my answers to their inane questions and had a chuckle, or just clicked the green button and moved on to the next spammer trying to cheat the system.

I’ve skirted around the issue of paging flak for some time. It’s not that it’s hard; it’s quite easy. Easy to do wrong, that is. As explained here page numbers should start at 1 for old posts. That part is easy, but it leaves open the question of what to put on the last (highest numbered) page.

Lacking an obvious technical solution, I turned to rationalizing the absence of the feature as a feature in its own right. Without an easy way to dig through old posts, I needn’t worry about keeping their content updated. Old posts naturally fade away and decompose.

There’s also a certain psychological trick involved, call it the pot of gold at the end of the rainbow. There’s the implied promise of posts worth reading, if only you knew the right search terms to find them. A wonderful conceit.

Ah, well, all good things must end. Punting on the issue of paging, I redefined the problem. There’s now a one page flak archive. Minimal info to keep it small, should scale for the next few years without too much trouble.

Was compelled to see Transcendence, which I knew I would regret. I wish I could quip that it was better when the computer was in Johnny’s head instead of Johnny’s head being in the computer, but then I realized Depp didn’t play Johnny Mnemonic.

It’s a strange movie, as some kind of techno romance thriller. Spends way too long setting up the love story, but then realizes too late that it really wants to be a summer action blockbuster. Spoiler: the ending makes no sense. Also, to pick on one petpeeve, why do movie producers demonstrate glitches by having 3D textures replaced by code fragments? Enough people have played various Bethesda games to know what real texture glitches look like. :)

The consensus seems to be that Her is a better disembodied computer soul movie, but I skipped it because Phoenix was really creepy in the previews. Maybe I’ll add it to my list now.

The Thirteenth Floor is a much better movie to watch if you want to ponder the nature of virtual consciousness. It’s more of a stretch, but Don Jon (starring the voice of Her, Scarlett Johansson, in a great role) actually does some philosophizing on human connections, real and virtual, as well.

I keep wanting to compare Transcendence to Source Code (a decent, but terribly, terribly named movie), but there’s not much similarity. I think that’s because there was a preview for Edge of Tomorrow, which looked like an awesome sequel to Oblivion until I realized it wasn’t. It’s actually Source Code but with mech suits.

jwz has some singularity reviews as well. The Machine is ok. Apropos current events, it features a Turing Test.

(Watched Her on the plane back from the hackathon. Creepy and uncomfortable doesn’t begin to describe it. It’s a good film, and well made I think, but I won’t be watching it again. Actually lots of parallels with Don Jon.)

When writing C++ code, remember to close your static_cast<type> operations with </type>, as demonstrated in this Facebook post.

Reminds me of too much email protection, but I’m not sure where it was introduced. Facebook’s online editor? Or some overly helpful text editor used to compose the draft? Doesn’t appear dynamic, but the source for the page is over 300K of impenetrable data spread over a mere 39 lines. Hard to imagine a person actually typing it in as posted.

While I still remember the timeline and before I get confused by outsiders trying to rewrite history, here’s the official unofficial history of libressl. If there’s any one person to blame for causing libressl to happen, I’d have to say that it’s me. That’s not to say it was my idea, just that I instigated. This is how it began; who knows how it ends?

more...