nerdy – Page 13 – If we had a Marriage, These Would be its Thoughts

PaperTrust

October 5, 2011 7:10 pm

So, a while back I blogged an idea I had about cryptographically signing various documents. I specifically talked about checks, but you can apply the principle anytime you have a fairly small amount of data which is supposed to be issued from a trusted source: cashier’s checks, money orders, driver’s licenses, event tickets, passports, boarding passes, etc.

Well, I spent some time playing around and put together a working example. It’s not fancy, but it does the job. It’s been a few months, but it really didn’t take that long. Especially since I had to do some reading about QR codes and using them, along with public-key cryptography, from Python. So I had a basic prototype done in about a week. Then back in August I decided to flesh things out a bit more and produce a nice demo application. I’m calling the system “PaperTrust” as it allows you to embed the trust element onto the paper item.

Here’s a video demonstration:

Text description of the demo:
So, in my demo, we generate data for a cashier’s check and then sign it using the demo private key. We stick the signed data (which includes a signing-organization ID) and the signature into a QR code and stick that onto the check and print it. Now the check is physical and can be carried around as usual.

Now say you’re going to use this check to pay for something from a stranger. This stranger needs to know they can trust the check. So they use their verifier application to scan the QR code from your check. It reads the organization ID, looks up the correct public key for that organization, and verifies that the signature is valid. It also displays the signed data so the person can compare it to what’s physically printed on the check. This is a cryptographically secure guarantee that the check is valid (or at worst an exact copy of a real check, which should make tracking down counterfeiters a lot easier). So you would use this in tandem with traditional anti-forgery measures like watermarks, micro-print, thermal ink, etc.

I’ve put the code up on GitHub: PaperTrust on GitHub.

A Rumination on Science and Education

September 7, 2011 8:21 pm

I’m currently reading a biography of the physicist Richard Feynman (by James Gleick). So far it’s excellent. What I’m really fascinated with right now is (at least how Gleick portrays) the progression of science during Feynman’s schooling years (the mid to late 1930s). The number of high caliber physicists at the time (and the time just leading up to it) is astounding: Einstein, Bohr, Rutherford, Heisenberg, Dirac, Lorentz, Schrödinger, De Broglie, Fermi, Oppenheimer, and I’m probably missing some still. Those guys are each incredible scientists in their own right and it’s no wonder the understanding of physics changed so dramatically during the 1930s. The only comparison I can think of is the progression of art during the European Renaissance.

As I’m reading, I can’t help but wonder about what set apart that time period in history from anything since in terms of scientific progression. Computer Science has a similar vein of tumultuous rapid progression during the era of Turing, von Neumann, Dijkstra, Gödel, Church, Cook, Levin, Kleene, Shannon…But as I’m looking at it, most of these pioneers (in fact, all but Dijsktra) were essentially contemporaries of the physics revolution being discussed. They all would have been products of the same time period of schooling (whether in the U.S. or Europe). Which further raises the question of what was so different about the education systems through which these incredible people went?

Sadly, I don’t really have an answer. But if we’re looking to reform our education system for better results, what better goal than to figure out what was happening in education from about 1910-1935?

But then, maybe it wasn’t the education system at all. Maybe it was the societal mindset about learning and discovery. Maybe it was simply that the education system and society didn’t inhibit the intense drive for understanding and innovation that these people felt. Quoting from page 63 of the book (Genius: The Life and Science of Richard Feynman):

At MIT in the thirties the nerd did not exist; a penholder worn in the shirt pocket represented no particular gaucherie; a boy could not become a figure of fun merely by studying….America’s future scientists and engineers, many of them rising from the working class, valued studiousness without question.

If this is an accurate portrayal of the time period, it certainly helps explain to me why so many incredible scientists were produced during that era. Gleick describes in one passage of how Feynman and many of his contemporaries grew up reading the Encyclopedia Britannica eager to learn more about the world around them.

They tinkered with, broke, and repaired things–something I think is rarely encouraged these days. I know this is one of the ways I developed my own interests in science and computers. I wanted to learn how things worked, so I played with them, changed them, broke them, and attempted to repair them (sometimes successfully).

People are inquisitive by nature. I think we, as a society, are getting far too good at crushing that inquisitiveness with standardized lesson plans which allow no room for deviation to follow student interests, standardized pedagogy which insists all students learn in the same way, and standardized tests which demand that all students regurgitate their “knowledge” in one, simplified fashion.

If there’s one thing I learned in the years I worked as a T.A. it’s that students assimilate information in incredibly varied ways. Its hard to come up with new approaches to the material on-the-fly in order to try to help the student make the connection. But if you don’t, and instead insist on “the one true approach” to the material, the student will fall behind, become discouraged, and lose interest in the subject matter.

We need to encourage the asking of questions and the seeking out of answers by research, experimentation, or otherwise. We need to foster the innate curiosity, creativity, and inquisitiveness that children have.

I’m not so concerned with the mindless consumption of media or playing of games because our minds need downtime to process and assimilate the world around us. However, I think the hours spent watching TV and browsing the Internet are more of a symptom than a cause; in that we still seek out “new” things, just in a manner that parents aren’t worried about anyone getting hurt or anything getting broken. But situations where one might get hurt or something might get broken are, by far, the most likely situations where we might actually learn and remember a lesson.

Check forgery protection using public-key cryptography

April 11, 2011 8:31 pm

Mom forwarded an email that was attempting to scam her in response to a Craigslist ad she placed for some furniture.

While I was thinking about this I realized we have the ability to essentially stop check forgery, specifically cashier’s checks and money orders, but the principle would also apply to personal checks if we could develop a trusted lookup source for public keys.

Public-key cryptography allows you to publish a public key that can be used to either verify that you digitally signed something with your private key or to encrypt something which can only be decrypted with your private key.

The application would be as follows.

First, the banks put together a trusted database of public keys. This part is essential, as it must be possible to lookup a public key for any bank and you need to have a trusted source where at you do the lookup. A central database is mainly a convenience factor, you could simply have each bank publish their public key on their own site, but a more integrated solution is more likely to be used. This is not an insurmountable hurdle.

Second, when a bank creates a cashier’s check it uses the data on the check (name, amount, date, etc.) and their private key to produce a digitally signed digital copy (or digitally signed hash) of the data which could be printed directly on the check as a QR code (or set of QR codes depending on size) [QR codes are those square barcodes].

Third, when someone attempts to cash the check the cashing bank scans the QR code(s) and verifies that the data matches what’s printed on the check and also looks up the public key of the issuing bank and verifies that the signature is legitimate. In fact the actual printed data would be unnecessary at this point if it was encoded in the QR code, but I imagine we’d want to leave it on for the sake of the humans handling the check.

That’s it. If implemented correctly and securely it would guarantee the authenticity of cashier’s checks. The same system could be used for money orders as well. The other great thing about it is that individuals could verify a check the same way. They could scan the QR codes themselves with their fancy phones and then lookup the bank’s public key (either from a trusted central repository or from the individual bank) and verify the authenticity of the check without any risk.

The biggest hurdles would really be getting a trusted repository set up and having banks securely store their private keys. There are easy extensions making this process even more feasible. You can use a master key to create sub-keys which could be used by individual branches. That would limit the risk if any individual branch’s private key were compromised. With a central repository a compromised bank would revoke the published public key and flag it as compromised. Any outstanding checks would need to be brought back to the issuing bank to be reissued using a new key. A hassle, but it should be a world-shattering occurrence for a private key to be compromised.

This system is totally possible with today’s technology. It would just be a matter of setting it up and getting banks to participate. Maybe I should go talk to some venture capitalists…

Google’s Instant Search – Now Active (for some)

September 8, 2010 9:40 am

I did a search a moment ago and was surprised to discover that real-time searching is enabled for my account. This is apparently Google’s big announcement today. It’s kind of neat; no more hitting “Enter” or clicking “Search”.

It doesn’t seem to be active for everyone yet. I pulled up a different browser without logging in to my Google account and there was no real-time searching there.

The name they’re using is “Instant Search” there’s an option next to the search box to turn off instant search:

Migrating from Songbird to Rhythmbox

June 4, 2010 4:40 pm

Once upon a time a company created Songbird. A music player designed to supplant all other music players and have Linux compatibility with iPod support. So we set Jess up with it and she started using it to organize and play her music. And it was good.

Mostly.

Turned out that the iPod support was flaky at best, but they were supposedly working on it. Then Songbird announced that they were dropping iPod support. A few months went by and then Songbird announced they were dropping Linux support. So now they’re just another music player in a sea of existing and mature players with nothing much to distinguish them from the rest.

So lacking iPod support and getting no further updates for the Linux version we needed a new solution for Jess’ music needs. However, she’d already gone through all the hassle of getting her music library setup just right in Songbird with all her ratings and playcounts and playlists. Since she has several thousand songs she didn’t want to try to redo all that by hand.

Being the master of computer science that I am I decided to take it upon myself to figure out how to automagically migrate her music out of Songbird and in to Rhythmbox. (When combined with Gtkpod these 2 make an acceptable and working solution for music management and iPod syncing.)

Unfortunately, for unknown reasons neither system used any kind of normal standard for storing their data. Well, that’s not entirely true. Most of the data is just fine. But file location data was a mess. Songbird stored it in some weird convoluted ascii encoding of unicode. Rhythmbox stores it in some randomly/partially url-encoded form of unicode. But lacking any clear documentation on the matter I had to reverse-engineer both formats. It was a pain.

But I did it! And now for your benefit I present my automagic music migrator to get you successfully and as painlessly as possible from Songbird to Rhythmbox.

I’m hosting this project on Github: http://github.com/kdickerson/Export-from-Songbird

Download the file songbird_to_rhythmbox.py file and then run it:

#python songbird_to_rhythmbox.py

or make it executable and run it:

#chmod +x songbird_to_rhythmbox.py
#./songbird_to_rhythmbox.py

It will ask you 2 questions. 1. What user you’d like to migrate (the default is the current user, so most people will just hit enter). and 2. If you would like the script to overwrite your existing rhythmbox library or just output the migration to a new file for you.

I wrote and used the script with Python 2.6.5

What this script WON’T do:
It won’t migrate playlists. Jess already had an export function for playlists in Songbird and exporting the playlists as M3Us and then importing to the migrated Rhythmbox worked with only a very small percentage of errors for files with special characters.

I thought about spending the time to automate migrating playlists, but I don’t feel like it. Rhythmbox stores playlists in another xml file and Songbird stores them in the same database as the other data, so you can use my script as a guide to write your own playlist migrator if you’d like.