fredag 31 december 2010

Short Tron Legacy review

I'm not going to try to make a full review of it, but I can sum it up as being a nice movie with awesome music (IMHO, some people might disagree on the music).
I liked the plot, and there were no big plot holes that I noticed while watching it. I can tell you that I didn't really notice the 3D effects (I've watched other 3D movies where the effect is notable), so I'm not sure if paying extra for watching the 3D version is worth it. I might notice how big the differences are if I watch the "2D version" later.

To sum it up: The guy who made "The Grid", Kevin Flynn, this computer generated world, got trapped by the program, Clu, that he had created to be like a copy of himself. This was because he had given it instructions to create a perfect world in there, but when he discovered these programs called "isomorphic algorithms" (or "isomors"), everything else became unimportant - including the program that was made to be a copy of himself. This was around 20 years ago in the movie's timeline.

The son of Kevin Flynn, Sam Flynn (who now has grown up without his father), are told by his father's old friend that he was paged from his dad's old office in a gaming arcade hall. Sam goes over there and then also ends up inside this virtual world himself.

He gets thrown into these light cycle and disc war games, and after a little while Quorra (who is an isomor) gets him out of there and to his (real) father (Sam first thought that Clu, who was made to be a copy of his father, was his father). At first his father, Kevin Flynn, wants to do nothing in order to prevent Clu from getting out to the real world (he really dislikes imperfection) since Clu don't know where Kevin Flynn is and needs his "identity disc" to get to the real world. Sam disagree, and then leaves to try to get out and to delete Clu from the outside. After this, Kevin Flynn and Quorra also decides to try to get out, and they try to find Sam.

If you want to know more, read a longer review or watch the movie.

I noted a couple of geek references, such as that the computer that was running this virtual world was running "SolarOS", very likely a reference to Sun's Solaris operating system. There were several other references like these.

Most of the other people who also watched the movie seemed to not have been as geeky as me but still seemed to like it, so I dare to say that you are going to like it if you find my short review interesting.

Posted via email from Nat's blog

söndag 19 december 2010

Tron Legacy 3D

I'm going to watch this movie in less then 2 hours! I hope it's as good as I think it will be! I'll tell you what I thought of it later.

Posted via email from Nat's blog

lördag 11 december 2010

Oh noez!

The snow is melting away!

Posted via email from Nat's blog

Animal footprints

What kind of animal could have made these tracks and that hole? [Insert curious smiley]

Posted via email from Nat's blog

måndag 6 december 2010

My ideas for DNS-P2P

First of all, see my previous post on dynamic DNS using DHT and assymetric crypto keys. I am going to reuse ideas from there.

Basic idea: We want a way to have static and globally unique names for web sites and servers. We want to avoid centralization, so no single organization like ICANN will exist for it.
This Domain Naming System will ask peers instead of a single server for IP addresses, thus P2P in the name.

So here it goes:
Every site has a master key pair. This is important. This key should be large, maybe a 16 kb RSA key.
Every host (individual computer that acts as server on a domain) has a key pair of it's own. The host's public keys are signed by the master key for the domain.

All these public keys are stored in the peer network using DHT. The IP adressess and all the DNS data is also stored using DHT, and it's signed.
To access a site, you ask for the public key by it's checksum. Then you verifiy the DNS data that comes back by checking the signatures and time stamps.

The checksum based domain names would be in hexadecimal format, like this (but random instead): 0123456789abcdef0123456789abcdef.pkh.p2p
Pkh stands for "Public key hash", and "hash" is another name for checksums. I would prefer something else, but I don't know what would be better.

The readable domain names, like website.p2p, would be "mapped" to the hash based ones. That means that when you ask for website.p2p, you get the hash based domain name.
When you ask for the hash, you get the public master key, host keys, and the DNS data such as IP addresses.

The real issue that still has to be solved is how we can make the readable domain names globally unique and secure...
I guess we have to go for "majority-unique", such that website-a.p2p will point to the same site for most users. We probably have to accept "subscriptions" or "moderation services" that will manage situations where several people want the same domain name, and they would be optional to use as well as decentralized.

I will write more about this in the future.

Posted via email from Nat's blog

söndag 5 december 2010

Gadget: Red Button

Do you ever get so mad that you feel like nuking your workspace out of orbit? Now you can at least make your destructive day dreams slightly more realistic*!

*Not really. Unless there really exists red buttons somewhere for blowing workspaces out of orbit.

Posted via email from Nat's blog

Test post

Testing posting from this Posterous client.

Posted via email from Nat's blog

lördag 27 november 2010


Here's some nice pictures of snow - from TODAY! It's not even December already! I am hoping it will stay for a while. :)

Posted via email from Nat's blog

söndag 21 november 2010

KDE rocks!

So, I'm running KDE now. I've been running it for a few days now, and beyond initial problems with networking (solved by installing networkmanager-kde from inside Gnome) and not being able to power down the laptop from withing KDE without console commands (kdm/gdm integration issues, I'm thinking of switching to kdm as default), it's perfect!

Everything is more stable now, more smooth, more clear and more of everything that is good. :D
It's now finally good enough to deserve being my primary desktop enviroment!

To sum it up, it's really just so good looking, clean, fresh, useful, smooth and flexible so that there are no reason to use anything else (at least not for me). Gnome will stay installed for a LOOONG time, but I doubt I'll use it for a while.

Posted via email from Nat's blog

fredag 5 november 2010

MonkeySphere and TCPCrypt

I'm beginning with describing MonkeySphere.

It is a nice and useful tool for making secure and authenticated connections to servers. From it's description: "The Monkeysphere project's goal is to extend OpenPGP's web of trust to new areas of the Internet to help us securely identify servers we connect to, as well as each other while we work online".
The idea is that each person can generate a cryptographic OpenPGP keypair, create subkeys for their computer and servers, and then exchanging the public keys in their key pairs.
When you want to connect to another computer, you use MonkeySphere and the dedicated cryptographic subkey in order to identify yourself and establish a secure connection (using SSH right now).

It is an encryption extension to TCP, designed to be transparent to userland software, making encrypt-by-default for all network and internet connections easy. From it's description:
"Tcpcrypt is a protocol that attempts to encrypt (almost) all of your network traffic. Unlike other security mechanisms, Tcpcrypt works out of the box: it requires no configuration, no changes to applications, and your network connections will continue to work even if the remote end does not support Tcpcrypt, in which case connections will gracefully fall back to standard clear-text TCP."
Unlike SSL, SSH and IPsec, it does not do authentication by default - it only encrypts it, which is enough to make the connection harder to spy on. It forces an attacker to do active attacks (modifying traffic) instead of just passive (just listening to traffic) if he want to spy on somebody.

Combining the two of them could make the whole internet a lot more secure instantly; having something as simple as Web of Trust (well, as easy as it could be) to REALLY know who you are connecting to and combing it with a traffic encryption method that NOT require modification of any software would instantly eliminate all reasons for not encrypting everything.
If you don't know what encryption is good for: Search for "Firesheep" on the search engine of your choice.

No, more of SSL won't help. There's a reason for everybody not already using it. No, SSH tunneling is not the answer. And no, IPSec is too complex.
But TCPCrypt is, as I said, easy. On Linux, all you need is to run a single line of shell code, and you're done. Now all traffic to other computers that also run TCPCrypt will be encrypted, preventing passive tools like Firesheep. By adding MonkeySphere's WoT management to authenticate the connections too (you also want to that who you're talking to is who they say they are), not even active tools will work, because then you will be alerted and the connection will be closed.

Technically, WoT can also be used the way SSL is used: Just let all the current CA:s (Certificate Authorities) generate OpenPGP keys and use them to sign peoples' OpenPGP keys instead of the keys they currently use to sign SSL certificates. Instead of browsers being shipped with SSL CA certificates preconfigured, they would have the CA's public OpenPGP keys.
It would be a minor change to most people that are not involved with SSL, and to most who are it would only be a change in what things are called and replacement of some tools.
So for those who only use the internet for broswing around on web sites, there will be no change worth caring about.

And the real great news: When it's working, all you need for secure connections to your friends is to exchange public keys to be able to establish a highly secure connection.
You and your friend just have to write down your public key fingerprints on pieces of paper (it's the most secure way) and give them to each other, and then type them in on your computers into the authentication software (MonkeySphere). Just that one more thing to remember besides IP address (and sometimes port number).
Then you can connect to each other to securely do whatever you wish, like chatting over IM, play network games or share files and documents.

As long as the key fingerprints match (otherwise the connection will fail) you can be sure that the other computer has the right private OpenPGP key from the key pair.
And as long as your friend has a secure computer (decent antivirus+firewall, Linux or OpenBSD, etc) it is really him and nobody else that you are connecting to. Which means that nobody else can read that document from work that you are sending him. Or read your IM conversation. Or mess with your LAN game. Or anything really as long as your computers are directly connected (which only is going to get more common with the constantly improving P2P and F2F software out there combined with faster internet connections).

Posted via email from Nat's blog

onsdag 20 oktober 2010

An absurdly geeky alternative Dynamic DNS scheme

Here's a scheme that could work great for Dynamic DNS and that do not need any central servers:

Version one, for individuals and small groups where everybody has administrative permissions:

You pick a secure password. This is the only thing you need to remember, but as you both connect to the server and administrate everything with it you need to keep it secret. This password is used to create an asymmetric cryptographic key pair. This must always be the same every time (no random elements), so the password also must be VERY secure!

The server has both the keys in the pair.
We use a peer to peer network (p2p, like bittorrent). The peers are random, so you connect to lots of strangers, since it's an open network.
The server does not need to be connected to the peer network 24/7, but it uploads the latest IP data there every few days (to prevent expiration) or when it changes.
The critical part: The IP adress of the computers you want to connect to are stored using DHT in the peer network, and it's signed with the private key and encrypted with the public key. You find it by searching in the DHT for a string that's unique to your key pair, probably the fingerprint of the public key. The current IP data is tagged with this string in the DHT.
The current data is always uploaded by the server every time it changes, and every time that the time stamp on the current IP data in the DHT gets too old.

To connect to one of your computers, you enter your password in a program. It computes the key pair, it computes the unique string, it searches in the DHT for the IP data, checkts the timestamp on it (important!) and it decrypts it and verifies the signature.
Then you connect to the IP (there could be a list, from which you pick an IP address).

Version two, for giving public access to the computers:

Only the admin(s) has the password (as before), and the general public use the public key's fingerprint to connect instead of the password.
The public key is also uploaded into the DHT, and it is tagged with it's fingerprint. This fingerprint should be a SHA512 hash or comparable.
Both the public key and IP data is fetched from the DHT at the same time.
The IP data in the DHT is not encrypted, just signed with the private key.

Multiple IP's can be stored in the DHT, each IP can be tagged with a name. IPs can also be grouped. This allows you to easily give the public access to several different services and servers with one fingerprint, as well as letting admins managing servers with only one password to connect to them all.

I would recommend using this in combination with TCPCrypt for additional security to prevent MitM attacks once you've got the correct IP. The server's public key (that the user already have) is used to authenticate the connection. This means that the user only has to know one thing (the fingerprint) to establish a secure connection. Either computer could switch IP at any time, move whenever it's he owner feels like it or the computers could even be replaced - but as long as the server admin keeps the pass secret and the user has the right fingerprint, they are both safe and can connect securely in seconds, anytime.

I think this can be very secure. I also think that the fingerprints has to be "visualized" someway when used to let the general public connect to your server. The client program should always compute a visualization that's unique for each string, but without randomization so that each fingerprint always has the same one. This makes it very easy for the user to be assured that he's entered the right fingerprint.
It should be a little "identicon like" (search for "Identicons" and you'll know what I mean), but probably more detailed and stylish. Those randomart images that SSH use comes to mind, but they are not random enough. The process to generate them should make it hard to generate multiple keys with images similiar enough to be mixed up by a user.

What do you think? I want comments.

Posted via email from Nat's blog

tisdag 19 oktober 2010

Gadget: Sunnan, solar charged IKEA lamp

Let's begin with the specs:
The Sunnan lamp has a solar cell, 16 LEDs, 3 x rechargable 1200 mAh AA NiMH batteries (1.2V as usual), the solar cell and batteries is in/on a removable "box", it has a flexible "arm", ~4 hours of light, and for every lamp sold, a kid in areas in Africa without electricity gets one (it's so dark near the equator already at around 6 to 7 pm that you can't see more then a few meters far or read, so it's awesome for school kids).
Here in Sweden it costs 150 SEK.

Like somebody else said in a comment (that I don't remember where I read it), it would almost be a shame to not buy one.

I'm thinking of getting a second one for experimenting with the LEDs.

Posted via email from Nat's blog

onsdag 13 oktober 2010

Free software tag on donation apps in app stores?

See this:!/Natanael_L/status/27249509668

FLOSS app developers could put #rewardfreedom in their donation app descriptions, making it easier for people to find and thus also directly fund free software development.
Just an idea, that I think should be tried out.

Posted via email from Nat's blog

söndag 10 oktober 2010

Read about OAM and radio yet?

"Orbital Angular Momentum".

Those three words should make you very exited. And why is that? Simple - massive radio bandwidth boosts!

Orbital Angular Momentum is a property of electromagnetical fields (photons, including radio AND light) that was discovered "recently" and that haven't really been used much yet. What makes it useful is that you can send MULTIPLE SIGNALS ON ONE FREQUENCY at FULL maximal bandwidth for the frequency on EACH signal!
It's because the signals can have different "OAM values" and be seperated from each other based on it!

One of the researchers think that 100 OAM different values could be used at once, meaning 100 channels on one frequency - bumping up 300 Mbps WLANs to 30 Gbps, with no other changes!

Oh, and that applies to fiber optics too, meaning 100x faster normal internet connections as well!

Search for "Orbital Angular Momentum radio" on your favorite search engine NOW!

(Some of the research is done by LOIS, a part of LOFAR, iirc, that study space with it.)

Posted via email from Nat's blog

tisdag 5 oktober 2010

Moving to Posterous

At the same time as my page at YIID broke I've decided to move my blog to Posterous completely. Edit: And now they're shutting down... My current blog:

Gonna use posterous a little more now

My subdomain at YIID have stopped working. Well, YIID closed them all. Meh^10000!!!

I'm going to use this site as my "home page" for things. Whenever I comment on news or blogs, etc, I'm going to use this. I used to use YIID for that, but as I said it's not working anymore. :/

In the middle of this, I also decided to merge my blogspot blog with this one. It might look a little weird with posts mixed up a little, but I can live with that.

And in combination with recently installing Sendy on my phone, you might also see more actual updates here. I guess it will be mostly pictures taken with my phone.

Posted via email from Natanael L's posterous page

söndag 3 oktober 2010

lördag 13 mars 2010

Hehehe, just read some of my old posts...

New year again, and it's March already. Time goes fast.

I've got internet at home now (3G modem). ICS + Wi-Fi router (dhcp off) for sharing = geeky. :)

I've spent some time programming. I was fiven a C++ coding book as a gift (one of ~20 books), and I've experimented with Python as well as written plenty of shell scripts (did I mention that Ubuntu is my primary OS now?).
I might just try Fedora sometime soon. I guess I'll install it when it's got a decent in-place upgrade system like Ubuntu has. I will probably have bought an extra hard drive to install it on already by then. :)

I'm on Cory Doctorow's mailing list - he recently sent an email saying that they're gonna send 200 free copies of his latest novel "For the Win" to people under 19;

"If you're under 19 and want a free early look at the book for review on
your blog/paper/whatever, send a note with your address to with "FTW" for the subject-line. Also include the
name of your blog or school paper. For fun, also share a game you
enjoyed recently and why."

I thought I'd try and see if I can get a copy to review over here in Sweden. :P