Category: Geeky Stuff Page 1 of 50


Today’s post is over at Safer Computing, about over- and under-estimating risk.

Orange Book

I did a talk today about the Orange Book. The Orange Book lays out some very well-structured, very stringent principles for the construction of truly secure systems. The audience for it was DoD and other government procurement officers who needed to buy reliably secure systems for classified processing.

This turns out to be a very personal topic for me. Around the time the Orange Book came out, I was working on a Multics system doing database work for a pharmaceutical company. Multics became one of the first systems to successfully be evaluated under the Orange Book criteria — at level B2. Honeywell, the maker of Multics, was quite pleased!

They gave these buttons away to all and sundry, and I got one.

I found the fact of a framework capable of assuring a secure computer system fascinating. It has always inspired me to find ways to make systems simpler and so more secure. Vendors to the commercial market today will insist that there’s no way to make systems both secure and affordable. Since the primary method of improving a product in its evaluation for an Orange Book rating is to make it simpler, I smell a rat.

One can probably say that my Multics experience in the 1980s inclined me toward getting my CISSP in 2005, and the whole progression of my career since then.

Making Ringtones

I like old rock and roll guitar riffs.  To me, the opening of Heartbreaker or the signature riff of Iron Man is just perfect — for a ringtone.

I see lots of apps in the Android play store offering to get ringtones for you. I worry about the security and commitment to users’ privacy of the companies behind these apps. Most apps, in fact. I have probably way fewer apps on my mobile devices than most people.

So I wanted to roll my own ringtones, and I have trial-and-error’ed my way to an efficient way to do this.

  1. Decide on the music you want to clip for the ringtone. This is the hard part.
  2. See if the song is in your MP3 collection. If you find it, skip to step 6.
  3. Find the song on YouTube.
  4. Using youtube-dl, make a local copy of the video as an MP4 file.
  5. Using VLC, convert the soundtrack of that MP4 to MP3 audio. (There are dozens of websites that offer to convert YouTube URLs into MP3s but I find these untrustworthy and would rather do it on my own machine.)
  6. Open the MP3 file in Audacity.
  7. Locate the clip you want and mark its beginning and ending. Be sure you listen carefully to the borders of the clip, as there are often small traces of the preceding and following bits of the track audible. Audacity allows you to clip with millisecond precision. Be patient, it’s worth it.
  8. Copy the clip you have selected and paste it into a new empty Audacity window.
  9. Export that clip as a WAV file

Now you have a fully functional ringtone. On my Android phone, the easiest way to get it into the right place is to upload it to Google Drive, download it on my phone and move it to the /sdcard/ringtones folder.

This practice probably violates the letter of copyright regulations, but I am going to emphasize that the ringtones made in this way should be for personal use only. They should not be shared and should definitely not be re-sold. To do either is to feed justification to the tyrannical regime of copyright currently in ascendance.

Stupid Jeopardy! Category

The category of Final Jeopardy! for the last game of the All-Stars team tournament was “Constitutional Amendment Math”. I had a foreboding when I saw this, and it was right.

The clue asked the contestants to add the numbers of the Amendments banning state-sponsored religion, ending slavery and repealing Prohibition. The answer is 35, “cleverly” arranged so as to be a tribute to Jeopardy!’s 35-year run. (In its current incarnation, that is; the older Art Fleming version is typically “forgotten” by Trebek’s crew.)

Well, here’s why this set my teeth on edge. The numbers of the Amendments are not really quantities. We don’t do arithmetic with them, any more than we do with zip codes or phone numbers. They are just labels that happen to be numeric. If we’re making a spot for them in the memory of a program, or in a database, we should allocate text strings, not numbers.

This is a very important principle: I have seen a lot of applications errors that originated because labels were stored as numbers and then later, unintended consequences arose. For example, if we store all phone numbers as numbers, what happens if a future change causes them to be rounded? 9165551309 is not much more interesting or useful as a number than, say, 9.166 billion. But as a phone number, a label to a communication channel, its usefulness has been completely destroyed.

Deliberately doing arithmetic with these values just because all of them happen to be made up of digits? That is the kind of thing that screams out the sort of basic design error alluded to with phone numbers.

Getting Ready for BSides

BSides Rochester is tomorrow. The preparations are in their frantic final day.

Plus, today is a training day on CTF Basics, presented by The Hackerground.

Get a ticket to B-Sides if you don’t already have one, and be there tomorrow!

Page 1 of 50