Email and Forum Questions Profiles in IT: John Atanasoff Google's Data Center Design Defcon and Black Hat Conferences DNS Flaw Revealed Politics 2.0 Both Republicans and Democrats Are Using the Web Food Science: Microwave Oven
Email from John: Dear Tech Talk: Is the Bluetooth Connection in my car secure. John
Tech Talk Answers: Bluetooth connections require that the devices use a password to secure a connection. The default password on Bluetooth earpieces is 0000. The default password on most car Bluetooth systems is 1111. You can change the earpiece default. However, you can change the password on your car to something other than 1111. Then you can reestablish the connection (pairing).
In a large group, turn off discovery so you are invisible.
John Atanasoff was born on 4 October 1903 near Hamilton, New York.
His family moved to Brewster, Florida soon after his birth.
John became fascinated with his father’s slide rule, especially in the mathematical principles behind it operation ? logarithms.
At 9, he read A College Algebra, by J.M. Taylor, with included chapters on differential calculus, infinite series, and logarithms.
He completed the Mulberry High School in Old Chicora, Florida in two years.
In 1921, he entered the University of Florida in Gainesville. Since the university did not offer a degree in theoretic physics, he started taking EE courses.
He graduated from the University of Florida in 1925 with a BSEE.
In June 1926, Atanasoff received his MS in mathematics from Iowa State College.
He enrolled in a PhD program at University of Wisconsin. His doctoral thesis, "The Dielectric Constant of Helium," required serious computing.
He spent hours on a Monroe calculator, one of the most advanced calculating machines of the time.
After receiving his Ph.D. in theoretical physics in July 1930, he returned to Iowa State College with a determination to try to create a faster, better computing machine.
Atanasoff concluded that computers fell into two classes–analog and digital. Since the term "digital" was not used until much later, Atanasoff contrasted the analog devices to what he called "computing machines proper."
He began by building analog computers, but soon realized only a digital machine could give him the accuracy that he wanted.
One night in 1937, frustrated after many discouraging events, he got into his car and started driving without destination. Two hundred miles later, he pulled onto a roadhouse. He drank Scotch that night and thought about digital computing.
He envisioned a computer with several innovations, including a binary system of arithmetic, parallel processing, regenerative memory using condensers, and a separation of memory and computing functions.
After receiving a $650 grant from Iowa State College in 1939, Atanasoff was ready to build the first digital computer. He hired an EE student, Clifford E. Berry.
Atanasoff and Berry completed the Atanasoff-Berry Computer (ABC) in 1941.
When WWII began in 1941, work came to a halt and patenting was never completed.
Presper Eckert and John Mauchly were the first to patent a digital computing device, the ENIAC (Electronic Numerical Integrator And Computer). A patent infringement case (Sperry Rand Vs. Honeywell, 1973) voided the ENIAC patent as a derivative of Atanasoff’s invention. ENIAC was sponsored by the Army Ballistics Research Lab.
In 1939, he accepted a job with the Naval Ordnance Laboratory in DC as Chief of the Acoustics Division and was tasked with developing a computer for the Navy.
In 1949, he became chief scientist for the Army Field Forces in Fort Monroe, VA.
In 1950, he returned to Naval Ordnance Laboratory as Navy Fuse Program Director.
In 1952 he established The Ordnance Engineering Corporation, a research and engineering company in Rockville, Maryland, which was sold to Aerojet in 1957.
He worked for Aerojet until his retirement in 1961.
Google’s Data Center Design
Software reliability rather than hardware reliability
Last May, Google fellow Jeff Dean revealed some facts about Google’s datacenters.
Google uses clusters of 1,800 servers
Google doesn’t reveal exactly how many servers it has.
It puts 40 servers in each rack. With 36 datacenters worldwide and 150 racks per datacenter, , Google has more than 200,000 servers.
Google treats each machine as expendable.
Each year, typically a 1,000 individual machine failures will occur; thousands of hard drive failures will occur; one power distribution unit will fail, bringing down 500 to 1,000 machines for about 6 hours; 20 racks will fail, each time causing 40 to 80 machines to vanish from the network; 5 racks will "go wonky," with half their network packets missing in action; and the cluster will have to be rewired once, affecting 5 percent of the machines at any given moment over a 2-day span.
Google required Intel to create custom circuit boards.
The company has a small number of server configurations, some with a lot of hard drives and some with few.
Google likes multicore chips, those with many processing engines chip.
Software provides reliability. Dean described three core elements of Google’s software: GFS, the Google File System, BigTable, and the MapReduce algorithm. These packages remain proprietary except in general terms.
GFS, at the lowest level of the three, stores data across many servers and runs on almost all machines
There are more than 200 clusters running GFS, and many of these clusters consist of thousands of machines.
GFS stores each chunk of data, typically 64MB in size, on at least three machines called chunkservers; master servers are responsible for backing up data to a new area if a chunkserver failure occurs.
Machine failures are handled entirely by the GFS system.
To provide some structure to all that data, Google uses BigTable.
BigTable, which Google began designing in 2004, is used in more than 70 Google projects, including Google Maps, Google Earth, Blogger, Google Print, Orkut, and the core search index.
The largest BigTable instance manages about 6 petabytes of data spread across thousands of machines.
MapReduce, the first version of which Google wrote in 2003, gives the company a way to actually make something useful of its data.
For example, MapReduce can find how many times a particular word appears in Google’s search index; a list of the Web pages on which a word appears; and the list of all Web sites that link to a particular Web site.
On any given day, Google runs about 100,000 MapReduce jobs; each occupies about 400 servers and takes about 5 to 10 minutes to finish.
MapReduce, like GFS, is explicitly designed to sidestep server problems.
When a machine fails, the master knows what task that machine was assigned and will direct the other machines to take up the map task.
Defcon and Black Hat Conferences
Defcon (www.defcon.org) is the world’s largest annual hacker convention, held every year in Las Vegas, Nevada. Black Hat (www.blackhat.com), its sister conference, is devoted to security training and education.
Defcon is based on the military term: Defense Condition, a measure of defensive readiness.
Jeff Moss, also known as Dark Tangent, is the founder of the Black Hat and DEF CON computer hacker conferences.
Moss graduated from Gonzaga University with a BA in Criminal Justice. He worked for Ernst & Young, LLP in their Information System Security division and was a director at Secure Computing Corporation where he helped establish the Professional Services Department in the United States, Asia, and Australia.
Moss is currently based in Seattle, where he works as a security consultant for a company that is hired to test company’s computer systems.
In 2005 Jeff Moss sold Black Hat to CMP Media, a subsidiary of UK-based United Business Media, for a reported $14 Million USD. DEF CON was not included in the sale.
The Blackhat Conference was held in Las Vegas from August 2nd through 9th and DefCon 16 was held in Las Vegas from August 8th through 10th.
The first DefCon took place in June 1993. Over 6,000 people attended Defcon 15.
Many of the attendees at DEF CON include computer security professionals, journalists, lawyers, federal government employees, crackers, and hackers with a general interest in computer code and computer architecture.
The event consists of several tracks of speakers about computer- and hacking-related subjects, as well as social events and contest.
Contests include lock picking, robotic-related contests, art, slogan, coffee wars, and Capture the Flag. Capture the Flag (CTF) is perhaps the best known of these contests.
These conferences are home to the most hostile wireless network and Wall of Shame.
Topics included
Perils of virtualization and Cisco’s weak spots, and more DNS discussion.
Google and Gmail vulnerabilities caused by a ‘hole’ in Google Gadgets
VPNs can be hacked to allows attackers to take over remote users’ PCs.
The vulnerabilities of Web 2.0 applications.
Update on response to DNS vulnerability by Dan Kaminsky.
Rootkits and new hacking and intrusion-detection software.
DNS Flaw Revealed
Dan Kaminsky outlined the flaw in the DNS sytems.
It is a simple exploit that would allow a hacker to poison the DNS cache and redirect web traffic to a malicious site.
Kaminsky said there are three ages in computer hacking. The first was attacking servers (for example FTP and Telnet). The second was attacking the browsers (for example Javascript and ActiveX). We’re now about to enter the third age, where attacking Everything Else is possible.
Kaminsky detailed how various security methods on the Web can be defeated if one owns the DNS. For example, if a site wants to establish a Trust Authority Certificate with the Certificate Authorities, they use e-mail to confirm the identity of the requester. He also said that it’s possible to poison Google Analytics and even Google AdSense, which also rely on DNS lookup.
Prior to the patch, the bad guy had a 1 in 65,000 chance of getting it because the transaction ID is based on the port number used. With the patch, the chances decrease to 1 in 2,147,483,648. Kaminsky said it’s not perfect, but it’s a good enough start.
According to Kaminsky, this simple bug can be exploited to:
Break past most username/password prompts on websites.
Break the Certificate Authority system used by SSL, because Domain Validation sends an email and email is insecure.
Expose the traffic of SSL VPNs,
Force malicious automatic updates to be accepted
Cause millions of lines of network code to be exposed to attack
Leak TCP and UDP connectivity behind the firewall, to any website.
Expose the traffic of tools that aren’t even pretending to be secure, because ?it’s behind the firewall? or ?protected by a split-tunneling IPsec VPN.?
Here is a link to a full technical discussion of the flaw.
The DNS (Verizon FIOS) for my home computer was not patched yesterday. It was patched this morning before coming to the show.
Politics 2.0 Both Republicans and Democrats Are Using the Web
Commission on Presidential Debates (CPD) announced a partnership with MySpace.com to launch MyDebates.org, a portal that will offer live Web streaming of the upcoming presidential and vice presidential series of debates.
The agreement marks the first time the CPD has partnered with a Web site to include online functionality in the traditional debate format, the commission said.
Visitors to the site can download an application that will stream live video during the debates to a user’s blog, social network or Web site. The application will also allow users to track specific issues — and a candidate’s stance on them — during the live stream.
Friday’s Web 2.0 protest by Republicans in the U.S. House of Representatives that saw members Twittering, streaming live video and posting video to YouTube to protest the lack of a vote on an offshore drilling bill.
The GOP turned to Web 2.0 tools when the traditional means of communicating with the public, such as C-Span cameras and microphones, were shut down after the House adjourned for several weeks of vacation.
Several sources told Computerworld during the Republican "Twitter protest" that the mini-uprising marked a growing recognition by the Republicans that Web 2.0 tools such as social networks can be used to their advantage.
The Republican National Committee on July 29 launched a parody of Facebook called BarackBook that attempts to discredit Obama by highlighting as his "friends" people who may reflect badly on his presidential bid.
Micah Sifry, a blogger at TechPresident, noted Wednesday that YouTube views for Sen. John McCain (R-Ariz.) have doubled over the past month from 3.7 million to nearly 8 million, buoyed by two recent videos — The One" and "Celeb" — that amounted to 2.6 million of these new views.
The Obama campaign, meanwhile, has begun using a Web 2.0-style document-sharing site called Scribd, which has been called a "YouTube for documents," to post policy papers.
In terms of traffic to official campaign Web sites, July was McCain’s best month ever.
Obama continues to dominate the online social networking arena after posting a gain of 125,000 friends on Facebook in the past month. That brings his Facebook support list to more than 1.2 million, while McCain has garnered fewer than 200,000 supporters on the social network.
"McCain still trails Obama in organic mentions among bloggers, according to Technorati.
Food Science: Microwave Oven
Microwave radiation is around 2400 MHz, near the absorption peak of water
The frequency is slightly detuned from the absorption peak so the radiation penetrates to the center of the food.
The radiation heats the water molecules so the temperature never exceeds the boiling point of water.
Not good for heating meats that require browning through Maillard reaction , which occurs above 285 F.
Good for heating eggs, steaming vegetables, poaching fish, making caramel from sugar