c h b m . n e t

The XNA Javaness

Microsoft is very excited about unified development for PC, XBOX and Mobile. They’re talking about the exact same game, with minor adjustments, on all 3 platforms. Most people can see some kind of fault with that reasoning. They can’t.

One size fits all tends to end up with whatever the worst platform can handle. This kind of works from XBOX and PC, with the XBOX being a crappy PC and PC developers being used to develop for crappy PCs. It doesn’t exactly work cause controls on a PC are much richer than on an XBOX. And console games are simpled down versions os PC games anyway.
But let’s face it, a Snapdragon mobile phone isn’t exactly a crappy PC. It’s not even a PC, it’s just a low power CPU with lowend 3D graphics. You’ll end up playing on your 2000USD PC a game your phone can render.

What works is having, not versions, but aspects of the game. You play some parts on the XBOX or the PC and some parts on the mobile. Example, on an adventure game you play some wicked 3D combats on XBOX and do your adventuring on the mobile taking advantage of all the nice things a mobile has, such as a touch screen and mobility. This isn’t rocket science, Nintendo did this with Zelda on Gamecube+GBA (expect the cable made it awkward), and in the end what you need for a compelling game is making the best experience possible all around, not go easy on the developers.

Week In Review 9W2010

Big news this week was Apple, in a kind of deuche bag move, decided to sue HTC out of existance instead of going after Google like a big boy. This is obviously a signal to Motorola and Android loving US carriers. On more Apple news, Steam is coming to OSX.
Verizon promises LTE overlay of the 3G network by 2013. They should probably attack non 3G markets first but hey, it’s their network!
On a greatly overhyped move Nokia added Skype to the Ovi Store making it easier for regular folks to use it. This is not the carrier armageddon it was touted to be but it’s a sure signal Nokia doesn’t want to depend a whole lot on carriers for the future. On more good Nokia news, non-DRM is coming to Comes with Music.
On DRM news, Ubisoft’s online DRM got cracked within the day. Problems affecting the DRM servers shut paying customers out while unpaying uncustomary enjoyed and Ubisoft claims it was a DDoS and even the singleplayer boxed versions download parts of the game so pirates don’t get the complete game. Man, I almost wish Ubisoft had something I actually want to play. Remember kids current DRM is just about annoying YOU.
Turns out cyberwas was not all it was up to be. Who coulda’ve thunk it ?? There is no cyberwar
And after closing up shop in Portugal Blockbuster is further going bust in the US. And cause paying customers really love to be treated like criminals late fees are back cause you know, Netflix and iTunes doesn’t exist in Blockbuster’s world.

The Microsoft Vapourization

One of the reasons Microsoft is on the way down is they gave up on shipping products. The last few things that made a blip don’t actually exist. Let’s review. There’s Surface which never could make it as a product, there’s project Natal which was announced 18 months ago for 4 months ago, Windows Phone 7 Series which will exist in real hardware at best, next Christmas and now Courier which they promise will be really awesome if it ever exists.

I can imagine Ballmer standing before the Board going “We’re going to make a killing next Christmas, just you wait. We have this really really amazing stuff just about ready to come out”.

Week In Review 8W2010

Bloom Box claims to have develop a miracle fuel cell. Other people say otherwise.
On ACTA news, the EU Commission claims not to accept the disconnect provsionins. As an EUian I’m fairly concerned about how that will translate into action but things are looking up and public pressure seems to be having effect. If you’re inclined to read such things there’s a leaked EU memo about the proceedings here and Michael Geist’s digest is here
The US IP Alliance says using Open Source Software is equal to not respecting copyright. Maybe they should ripoff some “if you use OSS the communists win” posters. For the record, OSS is based on copyright and only copyright law enables OSS licensing.
Living upside down probably causes strange blood flow to Australian heads which push on stupid censorship. To the point of hamfisted, dorky, attempts to censorship self references to censorship. Maybe the Communications Minister should just send itself down the memory hole and he’d all pretend this never happened.
You might remember last week news broke about peeping tom school officials. Recaping, this is a public school that forced children to have and use the spying equipment and banned personal non-compromised computers. The FBI is looking into the case and the dorky peeping tom principal confused eating candy with popping pills. Without much surprise ACLU and EFF are having a field day and pointing out you can legally videotape anyone secretly as long as you don’t capture sound on the USA due to laws quirkiness. Meanwhile the peeping tom says she’s not a peeping tom.

Week In Review 7W2010 (MWC Edition)

Symbian^3 will be bringing 2007 to phone near you till the end of the year. Nokia decided to delay their smartphone plans even further by announcing Maemo+Moblin=MeeGo with Intel. SE claims to have no business sense by turning down the GooglePhone. Windows Mobile is no more. Microsoft came to terms with the fact Windows Mobile was a turd, broke clean and emerged with Windows Phone 7 Series which is about 10 years of Windows Mobile. I don’t care much about homescreen grid designs and figuring out what’s sensitive in an interface with 0 cues is kinda hard but the thing, on demo, seems on par with people are doing this year. Lets see how it actually works out in real hardware.
On ACTA news, a leaked Mexico report surfaced. (ed: seeing everything about ACTA is secret I’m taking all claimed leaked documents as real, as opposed to my normal stance on this kind of stuff) And seems like public officials have been lying about what’s going on regarding enforcement policy. Not only that but the EU Data Protection Supervisor put forward a statement about ACTA where he, amongst others, regrets the [unelected] Commission handles the negotiation on it’s own without involving the citizen privacy ombudsman and reminds the Commission all agreed legislation must respect the EU law regarding data protection, privacy and citizens rights in general. In summary, the EDPS views widespread monitoring private citizens Internet activity as IP enforcement tool in interference with the right to private life and against case law established in the European Court of Human Rights. This is particularly relevant when currently, in Portugal, members of governing party are being publicly accused in the media of widespread corruption and (ironically) maneuvering to control said media based on leaked wiretaps generated on other investigations. Their defense is leaking said wiretaps is in violation of their right to private life. Sadly, the value of the right to private life seems to depend on who’s life it is and what lobby is on the other side.
Remember kids, riped DVDs don’t have annoying junk so are better.
France probably has a rampant child pornography problem we’re not aware of and trumps all other issues France is facing now. That’s the only reason for trying to pass an Internet censorship law through a special fast tracked ‘urgent’ process. All to protect the children of course.
Speaking of child porn, administrators at a US school used laptop cameras to spy on students at home. It would be nice, for a change, to bring the full force of the law to bear on this power abusing perverts instead of just using kids as strawman in political censorship laws.

Week In Review 6W2010

Lots of Google Buzz opla.
Google announced a trial FTTH rollout which is basically a slap on the wrist to US ISPs. Municipalities are of course happy to welcome an open access, cheap FTTH network. And they’re doing it in UK too.
On more highspeed news AT&T is rolling out LTE in 2011. Ericsson and ALU are the suppliers which is probably why ALU said recently it wouldn’t invest a lot more in WiMAX.
If you have a Mastercard or VISA chip card this might be a good time to get worried. I did a writeup on how the EMV system is basically flawed.
On censorship news this week Verizon is blocking 4chan, a US court says ‘obscene’ is defined by the craziest person able to access content, Iran suspends Gmail, Youtube won’t censor stuff just for Australia
And on I-can’t-believe-it’s-not-butter news, higher prices mean less sales for iTunes and the music guys tell the books guys they’re idiots (just not on those terms). Meanwhile Warner will end streaming licenses which means the Warner catalogue is mostly dead to me. On an interesting twist an Australian court says facts aren’t copyrightable which means the phone book can be copied but bible can’t (zing added by me).

The Pin&Chip frakup

Recently researchers at Cambridge examined the protocol between EMV banking chip cards and point of sale terminals and demonstrated an attack against the system where they make a payment without inputing the correct pin. This attack is trivial. I’m not talking about the research which is not only interesting but complex in nature. What I’m saying is, the system is fundamentally flawed and so trivial attacks are possible. I’m not exaggerating, a computer science undergrad could have come up with a better system. He wouldn’t even have to think too hard. He’d just need to copy it from a textbook.

The press always makes this things more spectacular than they actually are so to back up my claims we’re going to design a point of sale payment system and see what we can come up with. We’ll start with the chip in the card. This is small processor that’s designed to do cryptographic operations and hold secret information. This chips have been in use for a few years and are effective. Effective here means unless you’ve stollen Bill Gates’ card chances are you’ll steal less money than it would cost you to attack the card itself. Also, given people notice cards are missing odds are the card will be revoked before you get results from an attack on the chip. So, for this purpose, we’ll consider the chip effective. Unfortunately, as far as I know, most cards issued to this date are issue with ineffective chips and are similar to the old magnetic strip cards. We’ll ignore those and design for effective chips.

The chip knows 2 things, one is your pin to authenticate you and the other is a secret to authenticate itself with the bank. When the chip is reasonably convinced the person using the card is who he claims to be, through providing the correct pin, it will use its own secret to create a command the point of sale can send to the bank. The bank in turn will look at the command it received, verify it was generated by the correct chip after seeing the correct pin (through the secret the chip shares with the bank) and if it’s convinced the operation is legitimate execute the payment command.
So to get this thing going we only need an operation between the point of sale and the chip. The point of sale provides the inputed pin and the transaction to the chip. If the pin checks out the chip encodes the transaction so that the point of sale can send it to the bank. It the pin is wrong the chip returns an error to the point of sale and it gets displayed to the user. This system is far from the perfect, the user must trust the point of sale won’t steal his pin (which can be used with the stolen card). The user must also trust the point of sale will ask the chip to encode the correct transaction and not some other debit. But the bank can trust the chip saw the right pin and making a better system would involve a slower system and a more complex and expensive chip. This of course is not the end of the story, the system needs to be properly engineered to ensure it’s trustworthy. The devil is usually in details like making sure the transactions are not repeatable (so that a malicious point of sale can’t just reissue the same transaction over and over) or that a stolen card will lock itself up after a number of attempts.

Now that we designed a working system lets look at how the actual system works. The Cambridge researchers found the system has not one but two separate operations, validate pin and encode the command (actually, there’s a lot more around this but the essence of the system can be described this way). The points of sale don’t have a validate pin operation so this doesn’t seem to make much sense, the separation comes from the huge amount of complexity existing in the EMV system. So lets try to design a system as secure as our original one but with this extra constraint (such is the life of an engineer). We’d have to relink the two operations making the command encoding depend on the pin verification. This is done by having the chip give a random number, called a token, to the point of sale when it validates the pin. The point of sale in turn passes this token back to the chip along with the transaction it needs encoded. The chip confirms the token is valid and encodes the command for the transaction, guaranteeing the pin was correctly entered. This is heavier on the chip but is nearly as secure as our method (some design flaws on the chip might make this method weaker). Now lets look at how the EMV system actually works. On their system the validate pin operation doesn’t return a token. It just says yes or no and then the point of sale decides how to proceed. As the observant reader probably realized we just placed a lot of trust on the point of sale, the trusted chip is no longer master of our pin but must instead rely on the point of sale doing the right thing (which might be go to signature authentication). An obvious attack is having a point of sale that doesn’t do the right thing. It might go ahead with the transaction when a wrong pin pin is entered or delay printing the receipt a bit and issue a few extra transactions. But there’s another weak link on the system, the point of sale to chip communication goes through an unsafe interface, the chip contacts and point of sale reader. That’s what the researchers attacked, they inserted a device between the card and the point of sale that always reported “pin ok” coming from the chip (I won’t go into details about how to do this, it’s not trivial but it’s not very hard either). This type of attack wouldn’t even exist in our initial system. On our modified two operation system the attack wouldn’t work cause the attacker can’t just inject a known reply into the stream. In fact, it would only be possible to attack the chip-point of sale interface if the chip had a design flaw on the verification of the tokens. In all truth the EVM system does include some safeguards designed not to prevent but to report this kind of inconsistency. However this safeguards are so poorly designed and implemented they are not effective.

So by employing advanced cryptographic chip technology EMV ended up with something worse than the decades old magnetic strip cards. The problem with magnetic strips is they are easily copiable so someone using a “skimmer” that reads the card and intercepts the pin (recently some skimmers where found attached to ATMs and physically tampering a point of sale terminal to skim card is fairly easy) can easily create a duplicate of the skimmed card and then use it together with the skimmed pin. As mentioned before most currently used chip cards employ simple chips and are as easy to duplicate as magnetic strips. That together with the attack above make them less secure than strip cards. Newer Pin and chip cards can’t be skimmed but on the other hand a robber can use just the card without bothering with the pin. There’s even deeper problems with this system caused by having the two separate operations. The ability to coax the card into generating encoded commands allows someone with access to a large stack of cards (stolen, old discarded or blank unissued) to run something called a plain text attack. The attacker generates large quantities of encoded text from known plain text and then analyses the encoded text to try to derive knowledge about the encoding system. A successful attack may, depending on how well the system is engineered, compromise the whole system an allow havoc like easy card cloning.

Congratulations. If you read through the article and were able to follow you are now better at designing payment card systems than EMV. This kind of absurd failures are usually the result of committee design and pressures from manufacturers to make the system cheaper to build or less interoperable so that it generates vendor lock-in. In this case there was also no effective independent review, a key element in successful design of security systems. Sadly, the specification seems to cover so many usage possibilities and provides such latitude to proprietary implementations of key features by individual banks it would would be impossible to review. More distressing even is the EMV was probably never meant to be secure. It was meant to be marketed as secure to stop credit card signature fraud claims from stores. And it’s arcane enough to thwart any attempt to prove pin fraud so the end user is stuck with the cost of the frauds. In fact, the researchers claim to have been contacted by a number of pin fraud victims where the banks and EMV just claimed misuse of the card and never even investigated on grounds of the system being secure. Considering the simplicity of the attack I’m sure a number of criminal rings, who actually put resources into cracking this kind of systems, have known about this for quite some time. I’m also sure the laws the media and make-believe-security industries are trying to push to the effect of banning security research would also prevent us, the public, to ever know about this gapping flaws.

Looking forward, the researchers list some ways the system could be improved but are hard to implement in practice cause it would mean changing a number of existing systems. There’s another way which sheds signature verification altogether, making cards only create a valid transaction within a reasonable time after a successful pin authentication is performed. This would make the chip a bit more complex and more expensive so I’m sure the banks would never switch to this type of cards. After all, they already managed to shift the liability to the end user so why bother with actually protecting their customers ? Easy, market the cards that actually work bundled with a fraud insurance and obviously, an extra monthly fee.

Bye bye Blockbuster

A Blockbuster abriu insolv�ncia em Portugal. As desculpas invocadas s�o as habituais nestes casos, “a Internet” e “a pirataria”. N�o percebo como a pirataria, uma actividade praticada em alto mar por piratas que roubam barcos inteiros e sequestram ou matam as tripula��es, pode ter afectado a Blockbuster. Percebo sim como os cat�logos reduzidos e sem escolha tenham prejudicado o neg�cio. Percebo que os pre�os praticados afastem os clientes. Percebo que as “vers�es familiares”, censuradas em viola��o dos direitos morais dos autores para obedecer a um padr�o bacoco americano, fa�am os clientes sair desiludidos das lojas. E percebo especialmente que a Blockbuster tenha receio de culpar o prego final no seu caix�o, a TV por cabo e sat�lite.

Ainda tenho algures em casa um cart�o de s�cio da Blockbuster. Fui cliente regular durante alguns meses. Vi os filmes que valiam a pena ser vistos. Depois ficou s� a frustra��o de ir � loja para descobrir que a “estreia” que queria ver estava esgotada, de chegar a casa e descobrir que o dvd que tinha escolhido estava riscado e a preocupa��o de devolver o dvd a horas na 2a feira para n�o pagar a “multa”. A Blockbuster tornou-se um aborrecimento e naturalmente o cart�o desapareceu da minha carteira. A TVCabo n�o tinha problemas de stock, n�o me alugava dvds riscados, n�o tinha que ser devolvida � 2a feira e ao fim do m�s a factura n�o era assim t�o diferente.

A Blockbuster n�o est� sozinha na luta contra a obsolescencia. Nos anos 80 Portugal foi invadido pelos clubes de video de bairro, uma esp�cie de moda das croissanterias mas com cassetes VHS. Estes pequenos clubes cresceram primeiro � custa das cassetes copiadas ilegalmente e depois � custa do aluguer totalmente ilegal de jogos de consola. Mudam-se os tempos mudam-se as agulhas morais.
Tamb�m fui s�cio de um destes clubes pr�-Blockbuster. Depois chegou a Blockbuster com as suas lojas grandes e os clubes de bairro gritaram que iam ser esmagados. Agora � a vez da Blockbuster ser esmagada.

Bye bye Blockbuster. Ainda c� andavas ?

Week In Review 5W2010

The big news week was Symbian going open source ahead of plan. I think they’re opening the S60v5 code base but after the renaming nobody can really tell.
There seems to be a (geeky) video formats war going on with MPEG extending the H.264 royalty free period another 6 years. HTML5+Ogg seems to be viable enough to scare them into enabling HTML5+H.264 through 0 cost to end users. Btw, Flash keeps crashing with a more than year old bug and Microsoft decided SVG is something they might want to be involved with cause you know, they’re all about innovation!
It was kind of expected but a US Senator is probing into the involvement of a number of US companies with the chinese government (oddly, Microsoft isn’t mentioned). A line on the sand will be drawn at some point and CEOs better figure out what side they chose to be on.
On anti-censorship news an australian court rules ISPs are not obliged to filter content. This of course, flies in the face of the Government plans to force ISPs to block sites on a governmental blacklist. All for the children’s sake of course. Maybe the Australian Govt should get in touch with the UK Govt!
Pervs are lining up to man the naked scanner booths at Heathrow and Manchester as kiddie porn laws are no match for TERRURISM laws in UK. Every man woman and child will be seen naked in the interested of keeping you safe against terrorists stupid enough to use materials the scanners can actually see.

Week In Review 4W2010

This week was iPad week. Already did a review and an evil review. That’s it.
Fun mobile things: smart people at Nokia figured out how to turn an apparently normal 3G radio into a radar, Nokia revenue is growing again and “smartphone” quota too and NSN+LG hit 100Mbps on LTE.
In a trust-us-do-no-evil move Google published an internet draft proposing a DNS extension do identify the original client. Basically, your end device usually queries names to a local server that either knows the answer from cache or goes and finds it out. Problem for Google is sometimes “local” isn’t so local and it throws off their geographical distribution system sending say, a UK customer to a Netherlands server. What they want is an extension (this is optional intermediary server) where the “local” server can tell the server that actually knows the answer who the client is so it can reply with the best mapping. This means everyone along the way can sniff and create an IP accurate name resolution log. The correct solution to Google’s problem is getting people to move to IPv6 and use anycast addresses instead of creating more DNS cruft.
On IcantBelieveItsNotTerrorism news, a UK kids show was stopped basically for filming a scene with menacing hair-dryers. Cause you know, the UK Police can stop and warn/arrest anyone that’s doing terrurism.
And while Virgin says it’s going to start do use DPI to sniff out “illegal content” the EU is going to start investigating them for spying on their customers. Virgin sells an all-you-can-eat music streaming/download package with Universal titles so it’s basically strong-arming its customers into signing up for that. The advanced DPI technology Virgin is planning to use looks at file names so it’s pretty pathetic. And at least in my part of the world this kind of thing is a crime.
The people probably tried to take advantage of the iPad craze cause this was a ACTA full week. “Transparency” managed to make it to the agenda, just barely so and no in a very transparent way. A Canadian MP is demanding his government answer regarding ACTA, too bad we can’t do the same of the European Commission cause you know, they’re not actually elected so they don’t answer to the public. Meanwhile Michael Geist posted a What will ACTA mean to my domestic Law guide.
On stupid news of the week, the future Ubisoft DRM makes you be online to play offline games. “Oh phrack, my internet connection is down, I’ll play some single player … oh wait … I can’t …”. So yeah, I’ll just take a pass on Ubisoft, m’kay ?
On sad news Sun is gone baby gone.