août 12, 2010

Thoughts about the Personally Encrypted IMAP Storage proposal

When reading the Personally Encrypted IMAP Storage proposal, a couple of things came to my mind.

1) Why use public key crypto when you're going to going to store the private keys on the servers? It'd be much simpler (safer) to encrypt the messages with symmetric crypto (like AES or Twofish) using the user password. Or maybe using something a bit fancier than the user password:

use Digest::SHA;
# user provides $password, $salt is a random number for each user stored in the DB
my $hash = $salt;
for (my $i=0; $i<256; $i++) {
	$hash = hmac_sha1($password, $hash);
}
# encrypt using $hash

2) Since most MUA have PGP/GPG support, wouldn't it be nice to just encrypt the messages with the user's public key before they're stored in the maildir, and let the MUA decrypt them? That's more in line with the traditional way of designing public key crypto systems. One caveat would be that the headers would not be encrypted, but nothing stops you from implementing symmetric crypto on top of that (like discussed in 1).

3) All this would prevent snooping of mail already received, it wouldn't stop someone from putting a wiretap at the MTA level (or with your ISP) and read every new message received in the clear...

Posted by gfk at 12:28 PM | Comments (1) | TrackBack

février 11, 2010

I just ditched Mail.app for Postbox

I finally had enough of enduring Mail.app odd behavior.

I host my own IMAP server at home and I keep every email I ever received since 2002. My INBOX has ~43 000 messages in it and I have almost 200 000 messages from various mailing lists I subscribe to. In total, I have 10GB of email.

Without a doubt, Mail.app isn't able to handle that. I decided to look for something better.

On my Mac Mini at home, Mail.app would often start spinning the beach ball for several minutes indexing who knows what and basically be useless until it deemed okay for me to continue reading my emails. I also have an old PowerBook G4 12' on which Mail.app would take between five and twenty minutes just to start!

After searching Google for an alternative, I found some discussion about a new program called Postbox. It's commercial software based on Mozilla, so I wasn't really keen to buy it because of all the free alternatives, but there was a 30 days tryout, so I gave it a try.

Oh the speed! On my PowerBook, Postbox takes between thirty seconds and one minute to start and about one second to load an email. It's night and day compared to ol' Mail.app. On my Mac Mini, well let's just say it's blazing fast!

It has other nice features like conversation view which is really well made, but the speed is really the deal breaker for me. I didn't had the intention to buy it at first but after three weeks of use, I can't imagine going back to Mail.app. It's been a while since I actually bought a piece of software, but this one is really worth it.

The normal price is 39$ but I only paid 29$ because I used a discount code R7FERKN to save $10.

Posted by gfk at 6:48 PM | Comments (0) | TrackBack

juillet 24, 2008

Firefox History URL Auto-Completion

Damn, this URL Auto-Completion based on visit history in FireFox makes me look like some sick pervert...

Posted by gfk at 11:08 AM | Comments (0) | TrackBack

mai 15, 2008

I love EC2 and RightScale!

Monday morning, one of our web sites got infected by a javascript virus that spreads through SQL Injection. I don't work on mondays (good life) so I wasn't there to see the chaos but I eared that it was quite bad: customers complaining that our web site infected them for example.

The people working that day took the server offline, restored the infected DB from a clean backup and all was good (temporarily).

I got a couple phone calls, we talked about installing a reverse proxy to catch these kinds of attacks. It would take a few days to set this up.

They looked for the piece of code where the injection occurred, but missed one (or many) because the day after the server got infected again.

This time I was at work, so I witnessed the speed at which they fixed the problem (temporarily again). The server must has been offline for about five minutes. It was fairly quick but everybody was very nervous because they knew that there was still vulnerable code somewhere on the site.

The new reverse proxy was still a few days from being up and running, there was a lot of frowny faces around.

I logged on RightScale, cloned a Ubuntu server that I use for personal projects, created a RightScript to install Apache and configure it with mod_security.

About three hours later I switched the DNS to this reverse proxy and happy faces came back! There are still a few wrinkles to iron out, but more than 99% of the site is working fine -- and safely!

We ran the EC2 server until we got the physical one delivered and configured the way we like. It cost about $30 to run the EC2 server -- and $2000 for the one from HP.

About RightScripts

What makes RightScale rock so much are the RightScripts. I usually refrain from using such a lame trademark for something as simple as a script, but I love this thing so much that I won't mind doing a little PR for them.

My first experiences with EC2 were met with the frustrations that resulted from doing a small change on the AMI config. I'd have to wait about half an hour for the bundling to complete. Then I'd find out that I missed something and I had to bundle the AMI again!

The idea behind RightScripts is that you have a very stable minimal AMI and you install/configure what you want on startup. It takes a couple minutes more to start the server but it's so much simpler!

Another great advantage of RightScript is that they provide a very detailed documentation of the server.

About the only thing that I don't like about RightScale is their pricing model. They offer a free developer account (that part I like) but if you want more service you have to subscribe to their $2500 setup + $500/month service.

While they crave Amazon's fine grained pricing model (you can run servers for hours for a few bucks) their first step is outrageously high. I speculate that this is because their system is not honed enough and that they have to do a lot of fine-tuning for each new customer (they include 8 hours of consulting in their $2500 setup).

Hopefully they will adapt their pricing model for the little guys once their system is flexible enough.

Some code

For those wanting to experiment with this, here's a sanitized version of the rightscript that I use for this reverse proxy.

The Ubuntu image provided by RightScale isn't exactly the way I like it, so I always run this little script when I start an instance:

ln -fs /usr/share/zoneinfo/America/Montreal /etc/localtime
# The EC2 server is on the east cost while mirrors.kernel.org is in San Francisco, use a closer mirror.
perl -p -i -e "s|http://mirrors.kernel.org/ubuntu|http://mirror.anl.gov/pub/ubuntu|g" /etc/apt/sources.list
aptitude -q -y update
aptitude -q -y install libc6-xen
ldconfig -v
# You can check that it worked with: ldd /sbin/init
# It should give something like this (with nosegneg):
# libc.so.6 => /lib/tls/i686/nosegneg/libc.so.6

aptitude -q -y --without-recommends install screen
useradd -m gfk
mkdir /home/gfk/.ssh
cp /root/.ssh/authorized_keys /home/gfk/.ssh/authorized_keys
chown gfk.gfk /home/gfk/.ssh/authorized_keys

I can then move to more interesting tasks like connecting this server to my home network with OpenVPN:

mkdir -p /etc/openvpn
cd /etc/openvpn
wget -q https://s3.amazonaws.com/[...]/rproxy-openvpn.gpg
[decrypt the archive]
aptitude -q -y --without-recommends install openvpn
# aptitude starts openvpn automatically

Then configure Apache as a reverse proxy with mod_proxy, mod_headers and mod_security:

# Install Apache2 dependencies
aptitude -q -y --without-recommends install apache2-threaded-dev libxml2-dev
mkdir -p /mnt/nowhere

# Configure the modules that we need (mod_proxy, mod_rewrite, mod_headers)
/usr/sbin/a2enmod proxy
/usr/sbin/a2enmod proxy_http
rm /etc/apache2/mods-enabled/proxy.conf
/usr/sbin/a2enmod rewrite
/usr/sbin/a2enmod headers

# Install mod_security2
cd /mnt
wget -q https://s3.amazonaws.com/[...]/modsecurity-apache_2.5.4.tar.gz
tar zxf modsecurity-apache_2.5.4.tar.gz
cd modsecurity-apache_2.5.4/apache2
./configure
make
make install

# Configure mod_security2
mkdir -p /etc/apache2/modsecurity
cd /etc/apache2/modsecurity
wget -q https://s3.amazonaws.com/[...]/modsecurity-core-rules_2.5-1.6.1.tar.gz
tar zxf modsecurity-core-rules_2.5-1.6.1.tar.gz
perl -p -i -e "s|SecAuditLog\s+logs/modsec_audit.log|SecAuditLog /var/log/apache2/audit.log|g" /etc/apache2/modsecurity/modsecurity_crs_10_config.conf
perl -p -i -e "s|SecDebugLog\s+logs/modsec_debug.log|SecDebugLog /var/log/apache2/modsec_debug.log|g" /etc/apache2/modsecurity/modsecurity_crs_10_config.conf
perl -p -i -e "s|SecServerSignature \"Apache/2.2.0 \(Fedora\)\"|SecServerSignature \"Apache/2.2 Reverse Proxy\"|g" /etc/apache2/modsecurity/modsecurity_crs_10_config.conf

/usr/sbin/a2dissite 000-default
echo "LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so" > /etc/apache2/mods-available/security2.load
echo "Include /etc/apache2/modsecurity/*.conf" > /etc/apache2/mods-available/security2.conf
/usr/sbin/a2enmod security2
/usr/sbin/a2enmod unique_id

# Configure web sites
cd /etc/apache2/sites-available
wget -q http://s3.amazonaws.com/[...]/rproxy-apache.gpg
[decrypt the archive]
/usr/sbin/a2ensite rproxy

# SSL Site
a2enmod ssl
echo "Listen 443" >> /etc/apache2/ports.conf
a2ensite rproxy-ssl

# Set the default charset
echo "AddDefaultCharset windows-1252" > /etc/apache2/conf.d/charset

# Finish Apache2 installation
aptitude -q -y --without-recommends install apache2 

Posted by gfk at 3:09 PM | Comments (0) | TrackBack

mars 11, 2008

Latency?

Oh my God, I'm installing Debian inside a Virtual PC using VNC inside Windows Remote Desktop from my PowerBook G4. Geez, I wonder why it's so slow...

Posted by gfk at 9:32 PM | Comments (0) | TrackBack

février 5, 2008

Yes we can

Lyrics

It was a creed written into the founding documents
that declared the destiny of a nation.
Yes we can.

It was whispered by slaves and abolitionists
as they blazed a trail toward freedom.
Yes we can.

It was sung by immigrants as they struck out from distant shores
and pioneers who pushed westward against an unforgiving wilderness.
Yes we can.

It was the call of workers who organized;
women who reached for the ballots;
a President who chose the moon as our new frontier;
and a King who took us to the mountaintop and pointed the way to the Promised Land.
Yes we can to justice and equality.

Yes we can to opportunity and prosperity.
Yes we can heal this nation.
Yes we can repair this world.
Yes we can.

We know the battle ahead will be long,
but always remember that no matter what obstacles stand in our way,
nothing can stand in the way of the power of millions of voices calling for change.

We have been told
we cannot do this
by a chorus of cynics,
they will only grow louder and more dissonant.

We've been asked to pause for a reality check.
We've been warned against offering the people of this nation false hope.
But in the unlikely story that is America,
there has never been anything false about hope.

Now the hopes of the little girl who goes to the public school in the Dillon
are the same as the dreams of the boy who learns on the streets of LA.
We will remember that there is something happening in America.
That we are not as divided as our politics suggests.

We are one people.
We are one nation.
And together, we will begin the next great chapter in the American story
with three words that will ring from coast to coast,
from sea to shining sea.
Yes. We. Can.

Watch

Watch in low resolution on DipDive and download in high quality on The Pirate Bay.

Credits

THE YES WE CAN SONG WAS RECORDED AT ETHER AND RECORD PLANT IN LA ON JANUARY 30 AND 31ST, 2008.

ceo of inspiration: barack obama

song produced by:will.i.am

guitar by:george pajon

video produced by:will.i.am and mike jurkovac

director:jesse dylan for cYclops form

executive producers:
will.i.am
mike jurkovac
fred goldring
jesse dylan
priscilla cohen
sheri howell

associate producers:
sean larkin
sarah pantera
carol cohen
steve koskie
wendi morris
scott spanjich

talent:
adam rodriguez
alfonso ribeiro
amaury nolasco
amber valletta
auden mccaw
anson mount
austin nichols
aisha tyler
bryan greenberg
cliff collins
common
derek watkins
ed kowalczyk
enrique murciano
eric balfour
eric olsen
esthero
fred goldring
harold perrineau
herbie hancock
hill harper
john legend
john schaech
kareem abdul jabbar
kate walsh
kelly hu
maya rubin
nick cannon
nicole scherzinger
sam page
sarah wright
scarlett johansson
shoshannah stern
taryn manning
tatyana ali
tracee ellis ross
will.i.am

crew:
carol cohen LINE PRODUCER
matt harrison PRODUCTION SUPERVISOR
adam martin 1ST AD
kevin o’neil 2ND AD
araeia robinson PRODUCTION ASST.
patrick mcgovern PRODUCTION ASST.
rolf kestermann DP
ryan brown 1ST AC
justin rhoads DIT
marek kanievska 2ND UNIT DP
torre catalano 3RD UNIT DP
jamie banfield GAFFER
kevin shipley ELECTRIC
braydon baldwin GRIP
adam joeseph SOUND
damon d’amato TELEPROMPTER
adam kleinfield STILLS DIT
brett freedman HAIR AND MAKE-UP
asia geiger HAIR AND MAKE-UP
terrence “biff” butler EDITOR
carold lynn weaver POST PRODUCER
anton capaldo-smith ASSISTANT EDITOR

vendors: rock paper scissors EDITORIAL indie rentals CAMERA cinelease LIGHTING AND GRIP film this! PERMIT image mechanics STILLS rushes TELECINE greenberg teleprompting SCRIPTING line 204 WALKIES

Posted by gfk at 8:31 PM | Comments (0) | TrackBack

mai 23, 2007

Al Jazeera on Afghanistan

For the last days, Al Jazeera has been producing some fascinating reports on many facets of the Afghan life. They are all hosted by YouTube.

The Toughest Battle

Jailed women
Kite Running
Osama
Health
Street Kids
Education
Opium

Inside Story

Afghanistan's backbone - Part 1
Afghanistan's backbone - Part 2

News reports

Nato & the Taliban
Cameraman captures bomb footage

Posted by gfk at 9:10 PM | Comments (0)

décembre 26, 2006

Why I hate every program made by ISC

I'm playing with ntpd/ntpdc these days and when reading the docs for ntpdc, I was comforted in my prejudice against every program made by ISC:

Authenticated requests always include a timestamp in the packet data, which is included in the computation of the authentication code. This timestamp is compared by the server to its receive time stamp. If they differ by more than a small amount the request is rejected. This is done for two reasons. [...] Second, it makes it more difficult to request configuration changes to your server from topologically remote hosts. While the reconfiguration facility will work well with a server on the local host, and may work adequately between time-synchronized hosts on the same LAN, it will work very poorly for more distant hosts.

Shit.

Posted by gfk at 1:54 PM | Comments (0)

décembre 18, 2006

A Special Christmas Box from SNL

The Digital Short from last Saturday Night Live was so funny, it brought tears in my eyes. A must see.

I'm not a fan of his regular work, but I must admit that Justin Timberlake is really a great entertainer. Last SNL with him was the funniest of the season, I'm really looking foward to seeing him again on the show.

Posted by gfk at 7:03 PM | Comments (0)

juillet 18, 2005

8 ways to help Africa

The Québécois Libre has an interesting article about ways to help Africa:

"I believe most human beings do want to help those in need, but not always the same people, in perpetuity, under any circumstances. We want to help people to become self-sufficient, so that they can then pass it on."

Read the article on the Québécois Libre's site.

Posted by gfk at 8:44 PM | Comments (0)

mai 25, 2005

The New Yorker: Star Wars III critic

The New Yorker has a critic of the latest Star Wars movie. Let's say that the critic is not shy to say what he thinks of the movie... I still intent to go see the movie, but I must admit that this review is just candy.

What can you say about a civilization where people zip from one solar system to the next as if they were changing their socks but where a woman fails to register for an ultrasound, and thus to realize that she is carrying twins until she is about to give birth? Mind you, how Padmé got pregnant is anybody’s guess, although I’m prepared to wager that it involved Anakin nipping into a broom closet with a warm glass jar and a copy of Ewok Babes. After all, the Lucasian universe is drained of all reference to bodily functions. Nobody ingests or excretes. Language remains unblue. Smoking and cursing are out of bounds, as is drunkenness, although personally I wouldn’t go near the place without a hip flask.

Read the article on the New Yorker web site.

Posted by gfk at 6:28 PM | Comments (0)

mai 12, 2005

Paul Graham: Hiring is Obsolete

Paul Graham writes a good article about yet another example on how Internet is changing the way we live.

What's an especially productive 22 year old to do? One thing you can do is go over the heads of organizations, directly to the users. Any company that hires you is, economically, acting as a proxy for the customer. The rate at which they value you (though they may not consciously realize it) is an attempt to guess your value to the user. But there's a way to appeal their judgement. If you want, you can opt to be valued directly by users, by starting your own company.

The market is a lot more discerning than any employer. And it is completely non-discriminatory. On the Internet, nobody knows you're a dog. And more to the point, nobody knows you're 22. All users care about is whether your site or software gives them what they want. They don't care if the person behind it is a high school kid.

Continue reading the article on Paul Graham's web site.

Posted by gfk at 10:28 AM | Comments (0)

avril 23, 2005

It's a Flat World, After All

The New York Times has a fascinating article about our world getting smaller every day. They have a strange policy of removing from their web site content older than a week or two, so I'll take the freedom to reproduce the article in this blog entry.

If this moment has any parallel in recent American history, it is the height of the cold war, around 1957, when the Soviet Union leapt ahead of America in the space race by putting up the Sputnik satellite. The main challenge then came from those who wanted to put up walls; the main challenge to America today comes from the fact that all the walls are being taken down and many other people can now compete and collaborate with us much more directly. The main challenge in that world was from those practicing extreme Communism, namely Russia, China and North Korea. The main challenge to America today is from those practicing extreme capitalism, namely China, India and South Korea. The main objective in that era was building a strong state, and the main objective in this era is building strong individuals.

It's a Flat World, After All

By THOMAS L. FRIEDMAN

Published: April 3, 2005

In 1492 Christopher Columbus set sail for India, going west. He had the Nina, the Pinta and the Santa Maria. He never did find India, but he called the people he met ''Indians'' and came home and reported to his king and queen: ''The world is round.'' I set off for India 512 years later. I knew just which direction I was going. I went east. I had Lufthansa business class, and I came home and reported only to my wife and only in a whisper: ''The world is flat.''

And therein lies a tale of technology and geoeconomics that is fundamentally reshaping our lives -- much, much more quickly than many people realize. It all happened while we were sleeping, or rather while we were focused on 9/11, the dot-com bust and Enron -- which even prompted some to wonder whether globalization was over. Actually, just the opposite was true, which is why it's time to wake up and prepare ourselves for this flat world, because others already are, and there is no time to waste.

I wish I could say I saw it all coming. Alas, I encountered the flattening of the world quite by accident. It was in late February of last year, and I was visiting the Indian high-tech capital, Bangalore, working on a documentary for the Discovery Times channel about outsourcing. In short order, I interviewed Indian entrepreneurs who wanted to prepare my taxes from Bangalore, read my X-rays from Bangalore, trace my lost luggage from Bangalore and write my new software from Bangalore. The longer I was there, the more upset I became -- upset at the realization that while I had been off covering the 9/11 wars, globalization had entered a whole new phase, and I had missed it. I guess the eureka moment came on a visit to the campus of Infosys Technologies, one of the crown jewels of the Indian outsourcing and software industry. Nandan Nilekani, the Infosys C.E.O., was showing me his global video-conference room, pointing with pride to a wall-size flat-screen TV, which he said was the biggest in Asia. Infosys, he explained, could hold a virtual meeting of the key players from its entire global supply chain for any project at any time on that supersize screen. So its American designers could be on the screen speaking with their Indian software writers and their Asian manufacturers all at once. That's what globalization is all about today, Nilekani said. Above the screen there were eight clocks that pretty well summed up the Infosys workday: 24/7/365. The clocks were labeled U.S. West, U.S. East, G.M.T., India, Singapore, Hong Kong, Japan, Australia.

''Outsourcing is just one dimension of a much more fundamental thing happening today in the world,'' Nilekani explained. ''What happened over the last years is that there was a massive investment in technology, especially in the bubble era, when hundreds of millions of dollars were invested in putting broadband connectivity around the world, undersea cables, all those things.'' At the same time, he added, computers became cheaper and dispersed all over the world, and there was an explosion of e-mail software, search engines like Google and proprietary software that can chop up any piece of work and send one part to Boston, one part to Bangalore and one part to Beijing, making it easy for anyone to do remote development. When all of these things suddenly came together around 2000, Nilekani said, they ''created a platform where intellectual work, intellectual capital, could be delivered from anywhere. It could be disaggregated, delivered, distributed, produced and put back together again -- and this gave a whole new degree of freedom to the way we do work, especially work of an intellectual nature. And what you are seeing in Bangalore today is really the culmination of all these things coming together.''

At one point, summing up the implications of all this, Nilekani uttered a phrase that rang in my ear. He said to me, ''Tom, the playing field is being leveled.'' He meant that countries like India were now able to compete equally for global knowledge work as never before -- and that America had better get ready for this. As I left the Infosys campus that evening and bounced along the potholed road back to Bangalore, I kept chewing on that phrase: ''The playing field is being leveled.''

''What Nandan is saying,'' I thought, ''is that the playing field is being flattened. Flattened? Flattened? My God, he's telling me the world is flat!''

Here I was in Bangalore -- more than 500 years after Columbus sailed over the horizon, looking for a shorter route to India using the rudimentary navigational technologies of his day, and returned safely to prove definitively that the world was round -- and one of India's smartest engineers, trained at his country's top technical institute and backed by the most modern technologies of his day, was telling me that the world was flat, as flat as that screen on which he can host a meeting of his whole global supply chain. Even more interesting, he was citing this development as a new milestone in human progress and a great opportunity for India and the world -- the fact that we had made our world flat!

This has been building for a long time. Globalization 1.0 (1492 to 1800) shrank the world from a size large to a size medium, and the dynamic force in that era was countries globalizing for resources and imperial conquest. Globalization 2.0 (1800 to 2000) shrank the world from a size medium to a size small, and it was spearheaded by companies globalizing for markets and labor. Globalization 3.0 (which started around 2000) is shrinking the world from a size small to a size tiny and flattening the playing field at the same time. And while the dynamic force in Globalization 1.0 was countries globalizing and the dynamic force in Globalization 2.0 was companies globalizing, the dynamic force in Globalization 3.0 -- the thing that gives it its unique character -- is individuals and small groups globalizing. Individuals must, and can, now ask: where do I fit into the global competition and opportunities of the day, and how can I, on my own, collaborate with others globally? But Globalization 3.0 not only differs from the previous eras in how it is shrinking and flattening the world and in how it is empowering individuals. It is also different in that Globalization 1.0 and 2.0 were driven primarily by European and American companies and countries. But going forward, this will be less and less true. Globalization 3.0 is not only going to be driven more by individuals but also by a much more diverse -- non-Western, nonwhite -- group of individuals. In Globalization 3.0, you are going to see every color of the human rainbow take part.

''Today, the most profound thing to me is the fact that a 14-year-old in Romania or Bangalore or the Soviet Union or Vietnam has all the information, all the tools, all the software easily available to apply knowledge however they want,'' said Marc Andreessen, a co-founder of Netscape and creator of the first commercial Internet browser. ''That is why I am sure the next Napster is going to come out of left field. As bioscience becomes more computational and less about wet labs and as all the genomic data becomes easily available on the Internet, at some point you will be able to design vaccines on your laptop.''

Andreessen is touching on the most exciting part of Globalization 3.0 and the flattening of the world: the fact that we are now in the process of connecting all the knowledge pools in the world together. We've tasted some of the downsides of that in the way that Osama bin Laden has connected terrorist knowledge pools together through his Qaeda network, not to mention the work of teenage hackers spinning off more and more lethal computer viruses that affect us all. But the upside is that by connecting all these knowledge pools we are on the cusp of an incredible new era of innovation, an era that will be driven from left field and right field, from West and East and from North and South. Only 30 years ago, if you had a choice of being born a B student in Boston or a genius in Bangalore or Beijing, you probably would have chosen Boston, because a genius in Beijing or Bangalore could not really take advantage of his or her talent. They could not plug and play globally. Not anymore. Not when the world is flat, and anyone with smarts, access to Google and a cheap wireless laptop can join the innovation fray.

When the world is flat, you can innovate without having to emigrate. This is going to get interesting. We are about to see creative destruction on steroids.

How did the world get flattened, and how did it happen so fast?

It was a result of 10 events and forces that all came together during the 1990's and converged right around the year 2000. Let me go through them briefly. The first event was 11/9. That's right -- not 9/11, but 11/9. Nov. 9, 1989, is the day the Berlin Wall came down, which was critically important because it allowed us to think of the world as a single space. ''The Berlin Wall was not only a symbol of keeping people inside Germany; it was a way of preventing a kind of global view of our future,'' the Nobel Prize-winning economist Amartya Sen said. And the wall went down just as the windows went up -- the breakthrough Microsoft Windows 3.0 operating system, which helped to flatten the playing field even more by creating a global computer interface, shipped six months after the wall fell.

The second key date was 8/9. Aug. 9, 1995, is the day Netscape went public, which did two important things. First, it brought the Internet alive by giving us the browser to display images and data stored on Web sites. Second, the Netscape stock offering triggered the dot-com boom, which triggered the dot-com bubble, which triggered the massive overinvestment of billions of dollars in fiber-optic telecommunications cable. That overinvestment, by companies like Global Crossing, resulted in the willy-nilly creation of a global undersea-underground fiber network, which in turn drove down the cost of transmitting voices, data and images to practically zero, which in turn accidentally made Boston, Bangalore and Beijing next-door neighbors overnight. In sum, what the Netscape revolution did was bring people-to-people connectivity to a whole new level. Suddenly more people could connect with more other people from more different places in more different ways than ever before.

No country accidentally benefited more from the Netscape moment than India. ''India had no resources and no infrastructure,'' said Dinakar Singh, one of the most respected hedge-fund managers on Wall Street, whose parents earned doctoral degrees in biochemistry from the University of Delhi before emigrating to America. ''It produced people with quality and by quantity. But many of them rotted on the docks of India like vegetables. Only a relative few could get on ships and get out. Not anymore, because we built this ocean crosser, called fiber-optic cable. For decades you had to leave India to be a professional. Now you can plug into the world from India. You don't have to go to Yale and go to work for Goldman Sachs.'' India could never have afforded to pay for the bandwidth to connect brainy India with high-tech America, so American shareholders paid for it. Yes, crazy overinvestment can be good. The overinvestment in railroads turned out to be a great boon for the American economy. ''But the railroad overinvestment was confined to your own country and so, too, were the benefits,'' Singh said. In the case of the digital railroads, ''it was the foreigners who benefited.'' India got a free ride.

The first time this became apparent was when thousands of Indian engineers were enlisted to fix the Y2K -- the year 2000 -- computer bugs for companies from all over the world. (Y2K should be a national holiday in India. Call it ''Indian Interdependence Day,'' says Michael Mandelbaum, a foreign-policy analyst at Johns Hopkins.) The fact that the Y2K work could be outsourced to Indians was made possible by the first two flatteners, along with a third, which I call ''workflow.'' Workflow is shorthand for all the software applications, standards and electronic transmission pipes, like middleware, that connected all those computers and fiber-optic cable. To put it another way, if the Netscape moment connected people to people like never before, what the workflow revolution did was connect applications to applications so that people all over the world could work together in manipulating and shaping words, data and images on computers like never before.

Indeed, this breakthrough in people-to-people and application-to-application connectivity produced, in short order, six more flatteners -- six new ways in which individuals and companies could collaborate on work and share knowledge. One was ''outsourcing.'' When my software applications could connect seamlessly with all of your applications, it meant that all kinds of work -- from accounting to software-writing -- could be digitized, disaggregated and shifted to any place in the world where it could be done better and cheaper. The second was ''offshoring.'' I send my whole factory from Canton, Ohio, to Canton, China. The third was ''open-sourcing.'' I write the next operating system, Linux, using engineers collaborating together online and working for free. The fourth was ''insourcing.'' I let a company like UPS come inside my company and take over my whole logistics operation -- everything from filling my orders online to delivering my goods to repairing them for customers when they break. (People have no idea what UPS really does today. You'd be amazed!). The fifth was ''supply-chaining.'' This is Wal-Mart's specialty. I create a global supply chain down to the last atom of efficiency so that if I sell an item in Arkansas, another is immediately made in China. (If Wal-Mart were a country, it would be China's eighth-largest trading partner.) The last new form of collaboration I call ''informing'' -- this is Google, Yahoo and MSN Search, which now allow anyone to collaborate with, and mine, unlimited data all by themselves.

So the first three flatteners created the new platform for collaboration, and the next six are the new forms of collaboration that flattened the world even more. The 10th flattener I call ''the steroids,'' and these are wireless access and voice over Internet protocol (VoIP). What the steroids do is turbocharge all these new forms of collaboration, so you can now do any one of them, from anywhere, with any device.

The world got flat when all 10 of these flatteners converged around the year 2000. This created a global, Web-enabled playing field that allows for multiple forms of collaboration on research and work in real time, without regard to geography, distance or, in the near future, even language. ''It is the creation of this platform, with these unique attributes, that is the truly important sustainable breakthrough that made what you call the flattening of the world possible,'' said Craig Mundie, the chief technical officer of Microsoft.

No, not everyone has access yet to this platform, but it is open now to more people in more places on more days in more ways than anything like it in history. Wherever you look today -- whether it is the world of journalism, with bloggers bringing down Dan Rather; the world of software, with the Linux code writers working in online forums for free to challenge Microsoft; or the world of business, where Indian and Chinese innovators are competing against and working with some of the most advanced Western multinationals -- hierarchies are being flattened and value is being created less and less within vertical silos and more and more through horizontal collaboration within companies, between companies and among individuals.

Do you recall ''the IT revolution'' that the business press has been pushing for the last 20 years? Sorry to tell you this, but that was just the prologue. The last 20 years were about forging, sharpening and distributing all the new tools to collaborate and connect. Now the real information revolution is about to begin as all the complementarities among these collaborative tools start to converge. One of those who first called this moment by its real name was Carly Fiorina, the former Hewlett-Packard C.E.O., who in 2004 began to declare in her public speeches that the dot-com boom and bust were just ''the end of the beginning.'' The last 25 years in technology, Fiorina said, have just been ''the warm-up act.'' Now we are going into the main event, she said, ''and by the main event, I mean an era in which technology will truly transform every aspect of business, of government, of society, of life.''

As if this flattening wasn't enough, another convergence coincidentally occurred during the 1990's that was equally important. Some three billion people who were out of the game walked, and often ran, onto the playing field. I am talking about the people of China, India, Russia, Eastern Europe, Latin America and Central Asia. Their economies and political systems all opened up during the course of the 1990's so that their people were increasingly free to join the free market. And when did these three billion people converge with the new playing field and the new business processes? Right when it was being flattened, right when millions of them could compete and collaborate more equally, more horizontally and with cheaper and more readily available tools. Indeed, thanks to the flattening of the world, many of these new entrants didn't even have to leave home to participate. Thanks to the 10 flatteners, the playing field came to them!

It is this convergence -- of new players, on a new playing field, developing new processes for horizontal collaboration -- that I believe is the most important force shaping global economics and politics in the early 21st century. Sure, not all three billion can collaborate and compete. In fact, for most people the world is not yet flat at all. But even if we're talking about only 10 percent, that's 300 million people -- about twice the size of the American work force. And be advised: the Indians and Chinese are not racing us to the bottom. They are racing us to the top. What China's leaders really want is that the next generation of underwear and airplane wings not just be ''made in China'' but also be ''designed in China.'' And that is where things are heading. So in 30 years we will have gone from ''sold in China'' to ''made in China'' to ''designed in China'' to ''dreamed up in China'' -- or from China as collaborator with the worldwide manufacturers on nothing to China as a low-cost, high-quality, hyperefficient collaborator with worldwide manufacturers on everything. Ditto India. Said Craig Barrett, the C.E.O. of Intel, ''You don't bring three billion people into the world economy overnight without huge consequences, especially from three societies'' -- like India, China and Russia -- ''with rich educational heritages.''

That is why there is nothing that guarantees that Americans or Western Europeans will continue leading the way. These new players are stepping onto the playing field legacy free, meaning that many of them were so far behind that they can leap right into the new technologies without having to worry about all the sunken costs of old systems. It means that they can move very fast to adopt new, state-of-the-art technologies, which is why there are already more cellphones in use in China today than there are people in America.

If you want to appreciate the sort of challenge we are facing, let me share with you two conversations. One was with some of the Microsoft officials who were involved in setting up Microsoft's research center in Beijing, Microsoft Research Asia, which opened in 1998 -- after Microsoft sent teams to Chinese universities to administer I.Q. tests in order to recruit the best brains from China's 1.3 billion people. Out of the 2,000 top Chinese engineering and science students tested, Microsoft hired 20. They have a saying at Microsoft about their Asia center, which captures the intensity of competition it takes to win a job there and explains why it is already the most productive research team at Microsoft: ''Remember, in China, when you are one in a million, there are 1,300 other people just like you.''

The other is a conversation I had with Rajesh Rao, a young Indian entrepreneur who started an electronic-game company from Bangalore, which today owns the rights to Charlie Chaplin's image for mobile computer games. ''We can't relax,'' Rao said. ''I think in the case of the United States that is what happened a bit. Please look at me: I am from India. We have been at a very different level before in terms of technology and business. But once we saw we had an infrastructure that made the world a small place, we promptly tried to make the best use of it. We saw there were so many things we could do. We went ahead, and today what we are seeing is a result of that. There is no time to rest. That is gone. There are dozens of people who are doing the same thing you are doing, and they are trying to do it better. It is like water in a tray: you shake it, and it will find the path of least resistance. That is what is going to happen to so many jobs -- they will go to that corner of the world where there is the least resistance and the most opportunity. If there is a skilled person in Timbuktu, he will get work if he knows how to access the rest of the world, which is quite easy today. You can make a Web site and have an e-mail address and you are up and running. And if you are able to demonstrate your work, using the same infrastructure, and if people are comfortable giving work to you and if you are diligent and clean in your transactions, then you are in business.''

Instead of complaining about outsourcing, Rao said, Americans and Western Europeans would ''be better off thinking about how you can raise your bar and raise yourselves into doing something better. Americans have consistently led in innovation over the last century. Americans whining -- we have never seen that before.''

Rao is right. And it is time we got focused. As a person who grew up during the cold war, I'll always remember driving down the highway and listening to the radio, when suddenly the music would stop and a grim-voiced announcer would come on the air and say: ''This is a test. This station is conducting a test of the Emergency Broadcast System.'' And then there would be a 20-second high-pitched siren sound. Fortunately, we never had to live through a moment in the cold war when the announcer came on and said, ''This is a not a test.''

That, however, is exactly what I want to say here: ''This is not a test.''

The long-term opportunities and challenges that the flattening of the world puts before the United States are profound. Therefore, our ability to get by doing things the way we've been doing them -- which is to say not always enriching our secret sauce -- will not suffice any more. ''For a country as wealthy we are, it is amazing how little we are doing to enhance our natural competitiveness,'' says Dinakar Singh, the Indian-American hedge-fund manager. ''We are in a world that has a system that now allows convergence among many billions of people, and we had better step back and figure out what it means. It would be a nice coincidence if all the things that were true before were still true now, but there are quite a few things you actually need to do differently. You need to have a much more thoughtful national discussion.''

If this moment has any parallel in recent American history, it is the height of the cold war, around 1957, when the Soviet Union leapt ahead of America in the space race by putting up the Sputnik satellite. The main challenge then came from those who wanted to put up walls; the main challenge to America today comes from the fact that all the walls are being taken down and many other people can now compete and collaborate with us much more directly. The main challenge in that world was from those practicing extreme Communism, namely Russia, China and North Korea. The main challenge to America today is from those practicing extreme capitalism, namely China, India and South Korea. The main objective in that era was building a strong state, and the main objective in this era is building strong individuals.

Meeting the challenges of flatism requires as comprehensive, energetic and focused a response as did meeting the challenge of Communism. It requires a president who can summon the nation to work harder, get smarter, attract more young women and men to science and engineering and build the broadband infrastructure, portable pensions and health care that will help every American become more employable in an age in which no one can guarantee you lifetime employment.

We have been slow to rise to the challenge of flatism, in contrast to Communism, maybe because flatism doesn't involve ICBM missiles aimed at our cities. Indeed, the hot line, which used to connect the Kremlin with the White House, has been replaced by the help line, which connects everyone in America to call centers in Bangalore. While the other end of the hot line might have had Leonid Brezhnev threatening nuclear war, the other end of the help line just has a soft voice eager to help you sort out your AOL bill or collaborate with you on a new piece of software. No, that voice has none of the menace of Nikita Khrushchev pounding a shoe on the table at the United Nations, and it has none of the sinister snarl of the bad guys in ''From Russia With Love.'' No, that voice on the help line just has a friendly Indian lilt that masks any sense of threat or challenge. It simply says: ''Hello, my name is Rajiv. Can I help you?''

No, Rajiv, actually you can't. When it comes to responding to the challenges of the flat world, there is no help line we can call. We have to dig into ourselves. We in America have all the basic economic and educational tools to do that. But we have not been improving those tools as much as we should. That is why we are in what Shirley Ann Jackson, the 2004 president of the American Association for the Advancement of Science and president of Rensselaer Polytechnic Institute, calls a ''quiet crisis'' -- one that is slowly eating away at America's scientific and engineering base.

''If left unchecked,'' said Jackson, the first African-American woman to earn a Ph.D. in physics from M.I.T., ''this could challenge our pre-eminence and capacity to innovate.'' And it is our ability to constantly innovate new products, services and companies that has been the source of America's horn of plenty and steadily widening middle class for the last two centuries. This quiet crisis is a product of three gaps now plaguing American society. The first is an ''ambition gap.'' Compared with the young, energetic Indians and Chinese, too many Americans have gotten too lazy. As David Rothkopf, a former official in the Clinton Commerce Department, puts it, ''The real entitlement we need to get rid of is our sense of entitlement.'' Second, we have a serious numbers gap building. We are not producing enough engineers and scientists. We used to make up for that by importing them from India and China, but in a flat world, where people can now stay home and compete with us, and in a post-9/11 world, where we are insanely keeping out many of the first-round intellectual draft choices in the world for exaggerated security reasons, we can no longer cover the gap. That's a key reason companies are looking abroad. The numbers are not here. And finally we are developing an education gap. Here is the dirty little secret that no C.E.O. wants to tell you: they are not just outsourcing to save on salary. They are doing it because they can often get better-skilled and more productive people than their American workers.

These are some of the reasons that Bill Gates, the Microsoft chairman, warned the governors' conference in a Feb. 26 speech that American high-school education is ''obsolete.'' As Gates put it: ''When I compare our high schools to what I see when I'm traveling abroad, I am terrified for our work force of tomorrow. In math and science, our fourth graders are among the top students in the world. By eighth grade, they're in the middle of the pack. By 12th grade, U.S. students are scoring near the bottom of all industrialized nations. . . . The percentage of a population with a college degree is important, but so are sheer numbers. In 2001, India graduated almost a million more students from college than the United States did. China graduates twice as many students with bachelor's degrees as the U.S., and they have six times as many graduates majoring in engineering. In the international competition to have the biggest and best supply of knowledge workers, America is falling behind.''

We need to get going immediately. It takes 15 years to train a good engineer, because, ladies and gentlemen, this really is rocket science. So parents, throw away the Game Boy, turn off the television and get your kids to work. There is no sugar-coating this: in a flat world, every individual is going to have to run a little faster if he or she wants to advance his or her standard of living. When I was growing up, my parents used to say to me, ''Tom, finish your dinner -- people in China are starving.'' But after sailing to the edges of the flat world for a year, I am now telling my own daughters, ''Girls, finish your homework -- people in China and India are starving for your jobs.''

I repeat, this is not a test. This is the beginning of a crisis that won't remain quiet for long. And as the Stanford economist Paul Romer so rightly says, ''A crisis is a terrible thing to waste.''

Thomas L. Friedman is the author of ''The World Is Flat: A Brief History of the Twenty-First Century,'' to be published this week by Farrar, Straus & Giroux and from which this article is adapted. His column appears on the Op-Ed page of The Times, and his television documentary ''Does Europe Hate Us?'' will be shown on the Discovery Channel on April 7 at 8 p.m.

Posted by gfk at 3:09 PM | Comments (0)

avril 18, 2005

Wired: Fuck the FCC

Wired has a good article summing up what I'm thinking about the soviet-like organisations that want to keep the airwaves decent.

In a world of unlimited spectrum, shackling the First Amendment is obscene.

The theory dates from the 1920s: The airwaves are a scarce public resource, so Washington must license them and insure that they're used for the public interest. That means no f-bombs, no sphincter talk, and absolutely no nipples at the Super Bowl. When cable and the Internet came along, the Supreme Court held that the government can't regulate their content because scarcity isn't a problem. But how much longer will spectrum scarcity be something to worry about?

Read the article on Wired's web site.

Posted by gfk at 8:19 AM | Comments (0)

avril 1, 2005

Scientific American Gives Up

A pretty good april fool from Scientific American. I would have linked to their site, but they don't offer the article online, so here's a copy.

Okay, We Give Up
From the April 2005 Issue of Scientific American.
Who said scientists had no sense' of humor?

There's no easy way to admit this. For years, helpful letter writers told us to stick to science. They pointed out that science and politics don't mix. They said we should be more balanced in our presentation of such issues as creationism, missile defense and global warming. We resisted their advice and pretended not to be stung by the accusations that the magazine should be renamed Unscientific American, or Scientific Unamerican, or even Unscientific Unamerican. But spring is in the air, and all of nature is turning over a new leaf, so there's no better time to say: you were right, and we were wrong.

In retrospect, this magazine's coverage of socalled evolution has been hideously one-sided. For decades, we published articles in every issue that endorsed the ideas of Charles Darwin and his cronies. True, the theory of common descent through natural selection has been called the unifying concept for all of biology and one of the greatest scientific ideas of all time, but that was no excuse to be fanatics about it.

Where were the answering articles presenting the powerful case for scientific creationism? Why were we so unwilling to suggest that dinosaurs lived 6,000 years ago or that a cataclysmic flood carved the Grand Canyon? Blame the scientists. They dazzled us with their fancy fossils, their radiocarbon dating and their tens of thousands of peer-reviewed journal articles. As editors, we had no business being persuaded by mountains of evidence.

Moreover, we shamefully mistreated the Intelligent Design (ID) theorists by lumping them in with creationists. Creationists believe that God designed all life, and that's a somewhat religious idea. But ID theorists think that at unspecified times some unnamed superpowerful entity designed life, or maybe just some species, or maybe just some of the stuff in cells. That's what makes ID a superior scientific theory: it doesn't get bogged down in details.

Good journalism values balance above all else. We owe it to our readers to present everybody's ideas equally and not to ignore or discredit theories simply because they lack scientifically credible arguments or facts. Nor should we succumb to the easy mistake of thinking that scientists understand their fields better than, say, U.S. senators or best-selling novelists do. Indeed, if politicians or special-interest groups say things that seem untrue or misleading, our duty as journalists is to quote them without comment or contradiction. To do otherwise would be elitist and therefore wrong. In that spirit, we will end the practice of expressing our own views in this space: an editorial page is no place for opinions.

Get ready for a new Scientific American. No more discussions of how science should inform policy. If the government commits blindly to building an anti-ICBM defense system that can't work as promised, that will waste tens of billions of taxpayers' dollars and imperil national security, you won't hear about it from us. If studies suggest that the administration's antipollution measures would actually increase the dangerous particulates that people breathe during the next two decades, that's not our concern. No more discussions of how policies affect science either so what if the budget for the National Science Foundation is slashed? This magazine will be dedicated purely to science, fair and balanced science, and not just the science that scientists say is science. And it will start on April Fools' Day.

Okay, We Give Up

MATT COLLINS
THE EDITORS editors@sciam.com
COPYRIGHT 2005 SCIENTIFIC AMERICAN, INC.

Posted by gfk at 11:22 AM | Comments (0)

mars 15, 2005

New Yorker's cartoons of the week

Here are three cartoons from this week's New Yorker that I find particularly funny.

“Next time you hold up a crowded store, don’t wear a recognizable fragrance.” (Police arresting a criminal outside a department store.)

ID: 120696, Published in The New Yorker March 21, 2005

“You’d tell me if I was genetically modified?” (Daughter to mother as she is being tucked into bed.)

ID: 120698, Published in The New Yorker March 21, 2005

(Man at work thinking about golf, golfing thinking about sex, having sex, thinking about work.)

ID: 120707, Published in The New Yorker March 21, 2005

Posted by gfk at 7:02 PM | Comments (0)

mars 14, 2005

Email over High Frequency Radio in Africa

Back in November 2002, Linux Journal had a fascinating article about Radio Email in West Africa over HF links.

"Deep inside the warm green interior of Guinea, centered in the frontal lobe of West Africa, field personnel in the widely scattered village-towns of Dabola, Kissidougou and Nzerekore now enjoy access to regular internet e-mail, directly from their desktops. Here we have bridged the digital divide, and there isn't a telephone line or satellite dish in sight."

Read the article on the Linux Journal web site

Posted by gfk at 9:00 AM | Comments (0)

janvier 3, 2005

Anderson Cooper's coverage of the Tsunami

In the recent days I watched Anderson Cooper on CNN and I must say that I'm really impressed by his talent for presenting information. I copied part of his transcripts from December 29th and 30th where he talks about a photo of a new born baby from Malaysia. I couldn't find the photo on the web, if anyone has it, please send it to guillaume@filion.org.

29 December 2004:

Good evening again. Welcome to our international viewers as well.

We've been forced to show you some truly awful images the last couple of nights, and we're sorry to say we will be doing that again this hour, and probably for hours and days to come.

There is really no choice, given the dreadful reality of what's happened and what continues to happen in the wake of these killer waves.

But right now, for just a moment, we want you to start with something else. We want to start with this. Now, don't look away. It's all right. Her name is [Supia Tulasi]. She's 3 weeks old, and she's fine. As you can see, she's just tired. She's sleeping peacefully on her mother's arm.

And that is the miracle of it, that she is with her mother, that she is OK, that she is sleeping peacefully.

Her parents were in a seaside restaurant in Panang, Malaysia. When the tsunami struck, her parents and family were swept out of their building, everyone but the baby. She was left behind, alone for hours on a mattress, floating on five feet of water.

Who is more defenseless than a little child? Who is more vulnerable? And yet when her mother and father fought their ways back into the building, from which all other life had been flushed, they found her, crying on the mattress. The tsunami that had pulled trucks out to sea and people out of swimming pools, the waves that tossed and twisted and engulfed so much and so many, had spared her, 20-day-old [Supia Tulasi].

We want you to keep her face, her hope, in mind for the rest of this hour. It will be necessary, we're afraid.

[...]

We're going to end this evening exactly where we began two hours ago, with a single image that deserves to be seen again. This image, of a peacefully sleeping child not quite three weeks old.

There's nothing at all out of the ordinary about S. Tulasi of Panang, Malaysia. She has that patented angelic look babies always have when they're comfortably asleep and can smell and sense their mothers cradling them.

Look at her. Clearly, in her tiny universe all is well with the world.

But all was not well earlier. This baby spent hours entirely alone, floating in five feet of water on a mattress after her parents and the rest of her family were washed out of their seaside restaurant by the tidal wave that did so very much damage and killed so many all along the coast of south Asia.

Grown men could not resist that tide. Buildings and cars couldn't resist. Whole villages and families couldn't resist. Some small islands couldn't resist.

But when her parents fought their way back, they found S. Tulasi, 20 days old, still lying there on that mattress, crying but safe. Alone, entirely defenseless, heartbreakingly vulnerable, she'd done what so many others struggled so hard to do but could not. She had survived. A squealing bundle of hope. Something many in South Asia wish they could hold onto tonight.

31 December 2004:

Good evening again. You may not realize it, but this is the 366th day of the year. 2004 was a leap year. And it ends in a way none of us could have imagined. On this night you'll no doubt hear a lot of talk about Father Time and Baby New Year. Tradition says old Father Time robs us of opportunities. Baby New Year gives us hope. This week for millions, hope has been a hard thing to hold on to.

So tonight we begin, as we have before, with an image we think you can hold on to, a Baby New Year we met just this week.

At first all we saw was this photo, 20-day-old Supia Tulasi, peacefully asleep in her mother's arms. A miracle because somehow when a torrent of water washed her parents out of their restaurant in Panang, Malaysia, this little girl survived alone, on a mattress, floating in five feet of water.

Today we have a new image to show you, a video we just saw for the first time. Supia Tulasi at home, at peace, swaddled in love and drinking from a bottle of milk her mother is holding. She is not a number tonight. She is not a statistic. This little girl gives us hope, a Baby New Year to hold on to as we look forward as what's to come.

Stay with us as we welcome a new year with hope. Hope that help arrives in time. Hope that the disaster does not worsen. And hope that the lost will and can be found.

PS: Looking at my web site visits, each month I get a couple visits from people who are looking for Anderson Cooper's mother... Obviously this article is not what they're looking for, who they're looking for is Gloria Vanderbilt.

Posted by gfk at 5:11 PM | Comments (0)

décembre 27, 2004

New Yorker: The mistress's daughter

A very touching article written by Amy Homes in this week's New Yorker. The author tells that she is an adopted girl and how she found out who her birth mother is. She finds out that she was the mistress's daughter.

Every nuance, every detail, means something. I am like a recovering amnesiac. Things I know about myself, things that exist without language—my hardware, my mental firing patterns, parts of me that are fundamentally, inexorably me—are being echoed on the other end, confirmed as a DNA match. It is not an entirely comfortable sensation.

Read the article on the New Yorker's web site.

Posted by gfk at 10:47 AM | Comments (0)

novembre 11, 2004

GFK's, what about that nickname?

Every now and then, people are inquiring about my nickname, GFK's. Here's the story.

FAQ: GFK's, what about that nickname?

My father got a modem in the beginning of the 90's. We connected it to our Macintosh II and logged on to Synapse, the BBS of the Club Macintosh de Québec (Quebec Macintosh User Club).

I had to choose a nickname for the BBS, the Oliver Stone's movie JFK was really popular in those years. I was 12 years old at the time, and my english was pretty thin. When pronounced in english, JFK sounds like GFK pronounced in french, so GFK was an interesting souding nickname. I added the 's because I kept seeing it in english texts and I didn't know what it was used for! ;-)

The complete nickname is GFK's, even if it is not syntactically correct, i.e.: "GFK's said that it's nice". However, you can use GFK (without the 's) whenever you feel like it, i.e.: "GFK's a nice guy" and "GFK said that it's nice".

Later in the 90's, the term "GFK's Palace" was coined by Gabriel Michaud. He was the SysOp (System Operator) of MacMania BBS, a local BBS running on Hermes. I was one of the CoSysOps. MacMania was part of the FidoNet (node 1:240/318), sending a message from MacMania to the Internet would take one week! When Gabriel (and his BBS) moved to the other side of the city, I had to pay a toll charge to call the BBS. Gabriel proposed that I became a FidoNet point, so that I only had to connect for a few minutes per day. He called my node GFK's Palace. I also own the domain gfk-palace.org since 2001.

My nickname should not be confused with these entities:

• GfK Group, a European market research institute.


• Government Fury Kills, a punk music group from Québec City.


• Grand Forks International Airport (GFK), North Dakota’s busiest commercial airport.

Posted by gfk at 8:04 PM | Comments (1)

novembre 8, 2004

Hand Drills and the Art of House Building

Some people seem to think that security and cryptography are the same thing. They think that adding cryptography to a product will make it secure. I used to think that, but I was wrong. When reading Secret and Lies by Bruce Schneier, I realised that cryptography can be compared to a hand drill, and that security is like building a house. That is, cryptography is a tool for security, just like a drill is a tool for building a house.

Hand Drills and the Art of House Building

Some people seem to think that security and cryptography are the same thing. They think that adding cryptography to a product will make it secure. I used to think that, but I was wrong. When reading Secret and Lies by Bruce Schneier, I realised that cryptography can be compared to a hand drill, and that security is like building a house. That is, cryptography is a tool for security, just like a drill is a tool for building a house.

Lots of so-called security courses are in fact cryptography courses, and I believe that this misconception is a big mistake; it is like giving a course about the inner workings of a drill and calling it House Building 101, it doesn't make sense. Worse is that people following this course will think that they're able to build a house, and will end up building a crappy house. You won't be able to make a secure program if you think that cryptography in the only thing needed for security.

In fact, when building a house, you don't even need to understand how a drill works, you only need to know how to use it, the different kinds of drills and when you should or not use them. Again, this is the same for cryptography, you don't need to know the implementations differences between RSA or DH, but you need to know that DH does its key exchange during the transaction while RSA can store its public key in a file for later distribution.

It is also possible to build a house without using a drill, it will be more or less easy depending on the kind of house, but most of the times it will be possible. Once again, this is the same thing for cryptography and security, it is perfectly possible to build a secure program without using cryptography, some kind of programs will be harder to secure without cryptography, but most of the times it will be possible.

I believe that one of the reasons why a lot of security courses focus only on cryptography is because security is hard to teach, it's almost philosophy. Exams are almost impossible to make. I understand that professors can be tempted to drop these vague security ideas and go with the solid maths: explain the RSA equations, and ask the students to encrypt and decrypt Hello World at the exam. That's easy to teach, isn't it? What sucks is that you end up with drill experts trying to build houses.

That's what I witnessed at my University in the last couple years. For quite some time now, the Computer Science department wanted to start a Software Engineering program so they provided a curriculum (list of courses) for that program. One of these courses was called Security, Pirates and Cryptography (I guess they meant hackers/crackers instead of pirates), there was no description for this course, but it looked very interesting. Last year, they got the approbation to start the program, this course is now called Cryptography and Computer Security and when you look at the description, you realise that it only talks about cryptography. Why give a complete security course when you can just drop some mathematical equations on the black board?

Please make sure that you know what you're getting when you're enrolling in a security course. Be sure to read the complete course description, if it only talks about cryptography algorithms and you're interested in security, then you don't need it. You can take it if you want to, but don't pretend to know more about security when you finish the course, you'll know more about drills, but don't hope to know the art of house building. After all, security is an art, and maybe that's why it's so hard to teach. I believe that this is not a valid reason not to teach it.

Posted by gfk at 7:32 PM | Comments (0)