I don’t know if it’s been all over, I’ve read little news in the last two weeks, but this cryptography post just alerted me to a paper that looks quite interesting.

The 802.11 encryption standard Wired Equivalent Privacy (WEP) is still widely used today despite the numerous
discussions on its insecurity. In this paper, we present a
novel vulnerability which allows an attacker to send arbitrary data on a WEP network after having eavesdropped a
single data packet. Furthermore, we present techniques for
real-time decryption of data packets, which may be used
under common circumstances. Vendor produced mitigation techniques which cause frequent WEP re-keying pre-
vent traditional attacks, whereas our attack remains effective even in such scenarios.

We implemented a fully automatic version of this attack
which demonstrates its practicality and feasibility in real
networks. As even rapidly re-keyed networks can be quickly
compromised, we believe WEP must now be abandoned
rather than patched yet again.

Their demo code requires FreeBSD, which makes it unlikely I’ll get to play with it soon, but I’m still impressed.

jsMath both fascinates and scares me. LaTeX compatible math typesetting in JavaScript. The extra high resolution mode for printing is a lot better for math information in wikis than the usual method of LaTeX-to-PNG and actually looks pretty nice in print. Writing a moinmoin parser to support it was pretty trivial, and I already had some pages in inline_latex markup handy. Just changing

#format inline_latex

to

#format jsmath

was sufficient to get nice dynamic typesetting. Of course, it’s not perfect either – for example, resizing the text after it has been rendered causes symbols like \vec or \hat to not move correctly, but I’m impressed enough with what I have got so far, and having source compatibility with LaTeX means I can switch back any time. Impressive.

This is just too asinine to be true: Ahmadenijad Blog Contains A Little Surprise For Israeli Readers Using Windows and Internet Explorer. I assume it’s a hoax. Wouldn’t most people reading Ahmadinejad’s blog from Israel be Arabs?

If Google’s “Do No Evil” made them appear lovable to you while they didn’t yet own the Internet, Hiveminder is perfect for you. It’s incredible how much this site appears to make me want to love it. Holy crap, they even have a plain language “abstract” of their legalese on top of their EULA. They have cute jokes. They are self-deprecating about the bee theme. I find myself looking for a chink in the armor of lovableness that would allow me to hate them, but so far I’ve found none. They’re not even lovable but dumb, they’re lovable and smart, making me even more suspicious.

Hiveminder itself just a really nice and well-designed web service to manage tasks using an almost-GTD methodology – think Tracks with more features and without the hassle of setting up billions of Ruby packages. It appears to be made by BestPractical, the people behind RT, giving it loads of technical credibility. Of course, I’m still a bit skeptical about loading my data into somebody else’s database, but as long as there’s nothing out there that I can install myself that does a comparable job, I’ll just bite the bullet. It’s not as if this was my email or something.

Cosmic Variance has a great visual on the latest airline security scare. I also like the comments to this jwz post. Conspiracy theory: The neocons are really bent on destroying the airline industry in order to increase oil consumption by forcing people to drive everywhere in their SUVs. Now, if only I knew how the fuel consumption of a plane vs 200 individual cars compares… Pointers, anyone?

Today, I saw the Summer of Love [DE] exhibition at Kunsthalle Wien. I highly recommend it if you have any interest in hippie culture and philosophy at all, or just like pretty colours and pictures of naked ladies. The only criticism that might be levelled againt the exhibition is that there’s very little background information, so many of the pictures lack context if you don’t know anything about 60s counter culture.

This, btw, is Eric Clapton.
Previously: Hippie Philosophy

Since I keep getting investment spam that has its text contained in a GIF attachment, I thought I’d set a SpamAssassin rule to check for GIF attachments. Turns out that this isn’t possible because SA only lets you write rules on the “text” part of the message, and not on MIME headers or attachments. Even the “rawbody” tests only apply to the parts of the content that SA considers to be textual, so checking for the GIF header or its various encodings won’t help, either.

This means that I can’t use a 2 MB Perl behemoth to do a job that grep would be sufficient for. Sadly, the way my mail pipeline is set up, procmail comes after SA, and so I can’t even insert a custom header for GIF attachments from there. Hey, I could just route my mail SA to procmail to SA to procmail again… It makes my head hurt to even imagine it.

Vanity Fair has a pretty cool online piece about recently released tapes from the USAF’s North East Air Defense Center’s response to the 9/11 hijackings, including audio excerpts.

It’s very interestig to see the way they are operating… I always imagined this to be way more high tech and controlled than it apparently is/was five years ago. There is lots of confusion about airplane positions, and switching off the IFF transponder on an airplane was obviously enough to make it hard to find. I always imagined radar systems to be way more advanced than that. Choice quotes:

On initial notification of hijacked American 11:

8:37:56
WATSON: What?
DOOLEY: Whoa!
WATSON: What was that?
ROUNTREE: Is that real-world?
DOOLEY: Real-world hijack.
WATSON: Cool!

After sending some recently launched fighters an an emergency chase to intercept a reported low-flying aircraft near the White House:

HUCKABONE: It was our guys [the fighters from Langley].
CITINO: Yup. It was our guys they saw. It was our guys they saw—Center saw.
FOX: New York did the same thing….
CITINO: O.K., Huck. That was cool. We intercepted our own guys.

Via jwz.

I encountered Steve Pavlina’s log of his experience with polyphasic sleep today, and it sounds fun. He kept it up for almost half a year, then decided to switch back. Definitely sounds interesting. The whole site, by the way, makes interesting reading. While there’s a slight taste of newageyness to it which usually puts me off, most of the random articles I read so far were interesting and well written.

If you’re bored, in Austria, and would like to help hack the political process, why not sign (and submit) Unterstützungserklärung | Piraten Partei Österreichs? It’s not like I’d vote for them, but it’s probably a nice and cheap PR gag to help raise public awareness about some of the IP related nastiness that’s going on.

Update 2006-08-04: Hold that quill right there! To make a professional impression, you don’t want to sign it at home and then go submit it, you actually have to sign it right in front of an official for it to be valid. Mine is now signed twice, with one signature marked “valid” and the other “invalid”. I have no idea what the point of this is (since you have to show up in person and with photo ID anyways).