Archive for February, 2005


Monday, February 28th, 2005

Nice to see The Incredibles and Eternal Sunshine of the Spotless Mind get recognised. And The Aviator was also deserving. The rest – meh.

New bookshelves!

Sunday, February 27th, 2005

I am now in one of the few periods of my life where the amount of bookshelf space I own is greater than that required for the number of books I own. *cheer* I have a whole 6-foot tall bookcase just waiting to be filled with books.

Nanaca Crash!

Saturday, February 26th, 2005

Another silly fun Japanese game. The idea seems to be to send the guy flying as far as possible, using a combination of moves and taking advantage of people on the ground while avoiding others. I don’t really understand everything that’s happening, but it’s kinda fun!

My best score: a paltry 2289.58m.

Physical security

Friday, February 25th, 2005

A long time ago (in university) I read this lock picking guide.

I recently re-read Surely You're Joking, Mr. Feynman which contains (among other things) memoirs of how Richard Feynman cracked safes at Los Alamos during WWII. (The safes in question weren't very secure.)

And now I read Safecracking for the Computer Scientist by Matt Blaze, an excellent examination of safe security and comparisons to information security.

Fascinating stuff. Now where can I get a safe to play with?


Sunday, February 20th, 2005

It's a great email client, but why don't the junk mail controls also work on news? They're all still there in the interface, just greyed out. I want to be able to treat junk usenet posts the same way as junk email!

SHA-1 Followup

Saturday, February 19th, 2005

More re the SHA-1 result:

  • Around $30M (give or take a few million) should build you a machine to find a collision in a few days.
  • What previously took (say) the NSA 40 years to figure out now takes about a week.
  • A second preimage attack is theoretically 2106, according to a Schneier paper.

If a registered game developer conspires with the XBox linux guys, the birthday attack (269) is quite possible. Actually this raises an interesting point similar to the Nintendo vs Codemasters wrangles of the late 80s (if I’m remembering that correctly). Imagine you are a big publisher that has its own manufacturing processes and doesn’t want to rely on MS. Here’s what you do (would this work?):

  1. Spend around $30m to get a machine to find a collision. (Expensive, but $30m isn’t so much more than the cost of developing a big title – depends what this is worth to you).
  2. Write 2 XBEs – one is a game you have in dev, one is a generic loader program.
  3. Make it so that the SHA-1 hashes of the 2 XBEs collide. (Assumedly not too hard; use the machine, and adjust a bit of random padding on both until you get a collision.)
  4. Publish the game as normal through MS. They sign the game. But the crucial point is that the same signature that is now on the game will also fool a retail XBox into loading your generic loader program.
  5. Job done – you now have a loader program that you can use to run any game, without having to submit anything else to MS. Let the legal battles begin…

Final Fantasy II

Friday, February 18th, 2005

Is it just me, or is it needlessly difficult? The problem is this:

1. Characters progress according to how they are played. If you fight with swords a lot, you get good with swords. If you get hit a lot, your HP goes up. If you do a lot of magic, your MP goes up.
2. Ordinary monsters are quite easy to kill without magic, saving your MP.
3. HP and physical stats seem to rise more quickly than magic stats, even when you try to use magic to improve it.
4. Many of the bosses and tougher monsters you meet at crucial points have ridiculously high physical defence and must be defeated basically by magic alone.

So here I am, 5 or 6 hours into the game, and despite my best efforts at improving magic power, I still only have around 20-25 MP on each character, which basically means 5 or 6 decent attack spells or cures. The spells themselves are increasing in power – I can expect to hit for 150ish with the attack spells and cure a decent couple of hundred HP.

But contrast this with the fact that with my fighter-types I have around 600 HP and I am dual hitting often for upwards of 150 a pop. Most normal fights are over in a couple of rounds thanks to my mithril swords and axes. Then I meet a boss and find that weapons do 0-2 points of damage a time, so my fighters are relegated to curing and protection spells (I’m training them up as white mages) and my black mage, such as she is (not even any better magic-wise than my white-mage fighters, actually) has to defeat the boss basically single-handed.

This is a positive feedback loop: the more I have to defeat bosses with magic, the more I have to conserve MP while going through the dungeon (ethers are currently pretty darn expensive at this stage). The more I conserve MP, the less chance I get for magical progression. So the magic-only bosses get tougher. And what makes it worse is that there seems to be a cap on the amount of levelling up I can do: while fighting creatures of level N, I can only get up to level N in skills. To get to the level where I could have a reasonable chance against the boss, I need to fight the creatures which are in its dungeon – where I have to conserve MP.

The balance is all wrong. I don’t mind creatures with high defence, but the game is retarding my black mage’s magic progression while requiring it.

Atomic brain to power, fingers to speed…

Thursday, February 17th, 2005

I’m not a touch typer, but I am a pretty fast (8-finger or so) typer after 20 years of keyboarding, and I don’t actually have to look at the keys much. Of course, most of the kind of typing that I do is quite different from actual written English – it tends to involve a lot more {} () ; kind of things.

Anyway, today a co-worker and I were sitting at the same PC doing an exercise for a course we’re taking, and I was doing the typing. He remarked that I was a really fast typer. The exercise was easy, so I pretty much had it all in my brain – I was just reading from the internal script, as it were, and the fingers were just the output mechanism. (The internal script, btw, is not laid out in a linear fashion. I write my code the same way everyone does – skeleton followed by bits of body.)

It dawned on me that this is the way I do most of my programming – once I have the idea figured out, I just have to send the data to my fingers. And this is why I have to type quickly – to do otherwise seems absurdly slow when the work is clearly already done and just needs to get into the computer. It also explains why I get almost all my work done in about 3 hours a day. 🙂

SHA-1 now IHA-1

Wednesday, February 16th, 2005

Bruce Schneier reports that SHA-1 has been “broken” by a Chinese research team. I'm assuming this is a birthday attack resulting in collisions rather than a general purpose ability to find a collision for a given hash (which would be much more serious).

Nevertheless, it is a major result against SHA-1 and even more so against reduced (58) round SHA-1. The most interesting thing to me is that it may have interesting implications for XBox Linux (and possibly the security of XBox Live).

Libraries are fun

Saturday, February 12th, 2005

Got around to going to my local library today. And of course they were having a book sale. I picked up several nice geek books at a dollar apiece.