appstore and cryptography

With the onset of copy/paste in the 3.0 version of the Iphone OS i figured i would write some software providing a facile way of encrypting text with a password for sending via sms , email and whatnot, it is called TXTcrypt after a long struggle it is now both on the appstore and as a free desktop version which is legal to download.

Enter the 1996 Wassenaar Arrangement signed by 41 states (see attached map) , requiring special permission to market/export encryption software with keys greater than 56 bits in size and 64 bits in length (Category 5 Part 2 5.A.2.a.1.a.) .

This limitation applies to symmetric key algorithms , and just determining what i stated above required me to study dozens of cumbersome and often confusing documentations (that use length and size interchangeably).

Moving on, as the Apple App Store is based in the US , and US is a signatory of said act , applications using cryptography for anything else than authentication purposes are subject to the regulations of the Wassenaar Arrangement body in the US , namely The Bureau of Industry and Security, US Department of Commerce (BIS) .

The regulations for the named (5.A.2.a.1.a.) category fall into the BIS ECCN (Export Control Classification Number) 5D992 , and can be exported under the EAR to most destinations with No License Required (“NLR”) but a NLR Notification 742.15(a)(i)

For software exceeding 56/64 bits the classification is ECCN is 5D002 742.15(b) , and a export license if required in the form of a Commodity Classification Automated Tracking System (CCATS) number , luckily BIS has the conveniently named Simplified Network Application Process Redesign (SNAP-R) application for that , but just registering your company to request a PIN to access that turned into a monthly long enterprise , about the time when i abandoned this approach.

Because as it turns out , Apple does have a process handy shall you abandon or be stuck for a very long time in the claws of BIS , ECCN 5D002 rated applications without a export license can be posted to the app store for the U.S. and Canada only , just set it as so in itunesconnect and send the completed form (U.S.Canada Only Form.pdf attached) to the Apple Export Department.

Wassenaar

iphone and flash

Ok so i have to quote and comment on the following from informationweek : ^

Jobs’ statements are sure to disappoint Web developers, many of whom are familiar with Flash development

I am a web developer and i am not disappointed at all by his statement which for the record was straight on and amounted to :

“Flash is not yet good enough for the iPhone,”

Now i certainly do not know who advises Jobs , but i can tell you that a software engineers or web developer will agree with him on that , only the web designers and entrenched corporate entities might differ but that is another story.
And even them benefit from the fact that Jobs is pushing innovation by forcing adobe to improve the inners of the flash mess and not helping it’s monopoly over web content delivery systems.
Either way the folks at information week could use a touch of pertinence while delivering their comments.
That is to say in plain words that are either idiots or they are pushing agendas like any corporate monkey.
And here are quotes of comments on their own article page from people that probably developed with flash too instead of only looking at flash content as a way to make them experts on it.

Derek commented on Mar 5, 2008 4:13:57 PM Jobs is right – flash sucks. Ever try decompiling a swf file? It’s painful and arcane. Flash is ok from a user experience level and more efficient from a download perspective but the tools and formats for it are voodoo.

Webwin commented on Mar 5, 2008 4:16:24 PM Right on – I’m a developer and HATE dealing with Flash. It’s simply not open enough and as the previous poster mentioned – voodoo to some extent. As a developer I hate blindly writing to formats that aren’t open.

Shane Johnson commented on Mar 5, 2008 4:18:46 PM I’m surprised that so many sites use Flash myself. It’s about time someone stuck a flag in the ground out of defiance. There MUST be a better way to deliver video content than Flash.

kurt Witcher commented on Mar 5, 2008 4:38:18 PM I think a big problem with flash is the huge amount of processing power it takes to run. I’m guessing flash in its current form would drain the iphones battery probably 3 times faste, just so we can watch our online advertising bounce.

On MS VC++ 2005 reinventing the wheel

It comes as no surprise too , microsoft’s paradigm for adding new features is reinventing the wheel , and they overengineer it just to the point where it is inevitable to break , and impossible to determine why it did so.

Without further adieu let me present MicroSoft Visual C++ 2005 and it’s brand new ‘wheel’ , i mean deployment model , dll’s now have to come with manifests and policies , and rely on the Side-by-Side service and this is is just a rough sketch , you can seehttp://msdn2.microsoft.com/en-us/library/ms235342.aspx for in depth details , there is a method to this madness you know , as always.

To put it bluntly however what you have are :
2 files in %windir%WinSxSManifests , a .cat file (security catalog , for the policy) and a .manifest file (xml file for describing the libraries)
then you have a directory in %windir%WinSxS where you need to put your actual libraries (directory name and filenames being a mix of the name , version , hash , and architecture so you wind up with something like x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50608.0_x-ww_6262d37f
, nice )

Ok , so now to the explanation , all that is microsoft striving to accomplish with all this is so we can have different version of the same library for our programs that were built with and require a specific version of it , when all you had to do to achieve this since windows 3.1 till 2000 was drop the library in the same location with the program , as a windows program will always try to load a library from its parent folder first , then start looking in every path for it , so you had different versions of the same library , each with the program that required that version.

There can be much more to be said but i rest my case for now , what are the platforms that are ‘vulnerable’ , i mean capable of this new deployment model you might ask , why it’s NT 5.2 and it’s older brother NT 5.1 (vulgarly known as Windows 2003 and XP respectively)

On high-tech thrillers and story telling

I have finished going trough my third Dan Brown novel , i was curious about these “high-tech thrillers” he is supposed to write , and what can i say , they are not plain , prety documented and mostly entertaining , but i am not sure Dan Brown is a writer , or at best that he has any grip with technology.

There is something about the story telling of Umberto Eco , Jules Verne , Stephen King etc. that leaves no room for doubt in the reader that they are good writers , they do not only have good ideas and vast research , but they also know how to tell a story , and i am not sure Dan Brown knows that.

One might say that the storytelling suffers from the technical nature of these high-tech novels , well i will go on exposing serious flaws in that technical side too.

The amount of misinterpretation , distortion and exaggeration of the high-tech side of these books would without a doubt offend and scandalise any techie or geek that actually has a idea or two about high-tech things , but the problem is that i think it will be a bit disturbing to any cultivated person too , and most certainly will induce gross misconceptions about technical issues.

For example at some point a program written in a given programming language is runned , and while it is running a personage needs to recall some syntax of that programming language in order to give some runtime commands to the program in that language. Well anyone with the least idea about what a programming language is knows that one writes the code of the program in a given programming language , any input the program will get at runtime will be nothing more than strings precompiled into the program , it is unthinkable to think the strings inputed at runtime would be in the syntax of the language the program is written in , only shell scripting comes close to that , and that is only when in the shell , hence while running the shell , not another program.

Further down the book , it is told about a file entering a bruteforce decryption cpu grid , and propagating from there into a databank , the firewall of the grid being named as the only protection, implying that what goes in the grid has a direct and unrestricted link to the databank .
Well a databank and a cpu grid can not have a single entry point hence something passing the firewall of the grid infecting the databank , because some processors and some hard disks , serving entirely different purposes and users, would not be parts of the same system , instead two autonomous systems , and the communications between such systems is done trough a network , a network with multiple entry points and firewalls.
It is unthinkable that a general purpose databank and the cryptoanalysts code breaking grid would be two parts of the same system , a system that , for example if the cryptoanalysts would crash , would be unable to serve any of the databank users , and all this in the most critical and advanced informatics system in America.

Even nontechnical things that are almost common sense are grosly missplaced in some places , for example it is told about a access stairway to the internals of a mainframe hall , and it is told about a body that falls from it into such a internal part hence shorting it out , and even more further down the functionality is restored just by removing the body from it. Now , who in the world would think that the internals of a multimillion high-tech equipment would be left exposed under a access stairway from which anything from dirt to accessories (and humans) can fall ?

And the examples could go on and on , especially in the book Digital Fortress that i just finished reading , and from which the above examples are all extracted.

Is is just the fault of the lack of the understanding from the author’s side ?
Is it really not a big deal that people will take such ravings for a fact ?
Is it normal for a high-tech novel to be like this , and does this not affect its quality ?

The quirks and taboo’s of modern english

It is some time now since english has became my secondary language given my computer interests (kids, in the past there were only english versions of operating systems) , and technical things like RFC’s are better understood in their original language , still every now and then i can not feel entertained or puzzled by the english semantics , especially the roots of the words.

Let us take slang or vulgar words for example first , as i have learnt from http://tinyurl.com/hd5r, the most common vulgar words are just the old Anglo-Saxon words , while the French or Latin derived words describing the same thing are perfectly acceptable , and that is just a side effect of the conquest of England by Romans and then the French each of the conquerors having enforced their own language and vulgarised/tabooed the native one.

Another interesting fact about the english language is the lack of a specialised word to describe freedom , as in unconstrainment or unimprisonment , free , a term describing the lack of charge or fee for something being used to fill both roles , when : gratuit (French) , gratuito (Italian) , gratis (Spanish) (etc http://en.wiktionary.org/wiki/Free ) means free of charge and : libre (French) , libero (Italian) , libre (Spanish) , means unconstrained , unimprisoned , and paradoxically the english word : liberate means to free .

Also i have recently heard a american speaking about something and he used inches to define the size of a bigger thing and centimeters to define the size of a smaller one , now imagine my surprise as a person used to the metric measuring system , to hear someone use the inch system for measuring a big thing but unable to use a smaller division of it for measuring a smaller thing and have to fall back to the metric system for that , no wonder USA is the only country left that has not yet switched to the metric system.

And finally the most entertaining things to me are the many words created just by merging two words into one like : teapot , pancake , shotgun , landmark etc. and while creating words this way is practical it is nevertheless funny and unimaginative but i have to give special recognition to : alimony , layabout , doubleback , flabbergast , hehe.

European Union is being corrupted

A tyrannical ruler of the medieval lands here once said “If you do not want me , well i do want you” when he was opposed to becoming a king , and he had his ways to enforce his saying and overcome all his opposer’s.

Well for the sake of freedom of the european union and the freedom of software let us hope that the same thing does not happen with Mr. Bill Gates too.

Because that is exactly the case nowadays , but to fully understand the situation i have to make a quick recapitulation of the facts.

With a more liberal environment , and smaller control by corporate will Europe and the countries in the European Union have always been a safe heaven and the cradle of open source software movement initiated by it’s american fathers (Richard Stallman , Eric Raymond)

One of the key facts to protect such freedom was the lack of the american software patent laws within Europe , but now that is on the verge of collapse as corporate interests in the growing European software markets have determined companies like microsoft to do everything in their power and seize the new markets.

That is especially understandable when we look at recent global markets analysis that rate america a mature market in means of software , that means it’s rate of growth is small , the concurrence is acerb and the quality standards are high

On the other hand in europe , the young market has a towering growth rate , little to no concurrence , and a callow sense for quality with few exceptions mostly in mission critical and educational organizations.

However there is good news, the European Commission said Thursday that it was not satisfiedwith Microsoft’s proposed licensing program for dozens of communications protocols , and EUdecided to fine Microsoft for anti-trust violations , furthermore EU sleuths think Microsoft sabotaged Windows

The bad news is that EU Council has approved the Software patent directive while making amockery of European ideals and all this whilst acting in collusion with Microsoft, says high-profile MEP Dr. Maria Berger in a press release , she says that the Commission adopted the position of Microsoft founder Bill Gates on the subject “without further thought”. Gates had visited the Commission and the EP in February.

So please , go back home to USA , Mr. Gates , we do not need your abject meddlings nor your frail patents here in the EU.

The Confidence of the Incompetent The Peter Principle and Hagakure

I was baffled but not really surprised by a relatively new discovery by Dr. David Dunning that the most likely persons to overestimate their skills in a area are the ones that do not have any skills in that area.

The logical explanation seems to be that the skills required for competence often are the same skills necessary to recognize competence.

Interesting is the fact that unlike their unskilled counterparts, the most able subjects in the study, Kruger and Dunning found, were likely to underestimate their own competence.

The researchers attributes this to the fact that, in the absence of information about how others are doing, highly competent subjects assumed that others were performing as well as they were — a phenomenon psychologists term the “false consensus effect.”

This brings in mind a book that dates back to 1969 by Dr. Laurence Johnston Peter , The Peter Principle which largely states that every person in a organization strives to reach and eventually gets promoted to their incompetence level , at which they remain from thereafter.

In my opinion Dr.’s Dunning study sheds new light on the The Peter Principle , because now we can assume that a explanation to why the person never gets put off its incompetence level is that he appears to be at his most competent level only while being utterly incompetent.

Now let us go way back to 1716 and see exactly the same thing portrayed in a old japanese writingHagakure

QUOTE:
In one’s life. there are levels in the pursuit of study. In the lowest level, a person studies but nothing comes of it, and he feels that both he and others are unskillful. At this point he is worthless. In the middle level he is still useless but is aware of his own insufficiencies and can also see the insufficiencies of others. In a higher level he has pride concerning his own ability, rejoices in praise from others, and laments the lack of ability in his fellows. This man has worth. In the highest level a man has the look of knowing nothing.

Astonishingly how the insight on the human nature from almost 300 years ago is still as valid and revealing as the modern studies.

Intrigued by these new perspectives i have started to a little survey by myself on a much smaller scale , more exactly i am asking the users that take my PHP Skill Test and the Common Knowledge Test to average their competence for that test before seeing the test results

Image
Image

In the above graph notice how big is the difference at the end of the chart between the many with lots of confidence and the few with lots of knowledge

Image
Image

In the above graph a small scale number reflects a minority while a big number a majority , the distance between the two lines reflects the proportion between knowledge and confidence , a equal amount of them is reflected where the lines entwine.

The 2000 Ig Nobel Prize was awarded to David Dunning of Cornell University and Justin Kreuger of the University of Illinois, for their report, “Unskilled and Unaware of It: How Difficulties in Recognizing One’s Own Incompetence Lead to Inflated Self-Assessments.” ( published in the Journal of Personality and Social Psychology, vol. 77, no. 6, December 1999, pp. 1121-1134 )