Category Archives: Science

Science

CSIRO & BOM report – “Drought: Exceptional Circumstances” (not)

Posted on by

For those looking for the joint assessment by the Bureau of Meteorology and the CSIRO that’s all over the news at the moment, you can find it on the MAFF website. There is also a web page listed for the data and analysis in the report, but it’s not working yet (I guess they forgot the webmaster doesn’t work on weekends).

It’s about 35 pages long and is fairly technical, but not overly daunting. The content, however, is pretty scary. For us in Victoria is it predicting:

  • by 2010-2040, exceptionally hot years are likely to affect about 75% of the region, and occur every 1.3 years on average;
  • by 2010-2040, exceptionally low rainfall years are likely to affect about 10% of the region and occur about once every 12 years on average;
  • by 2030, exceptionally low soil moisture years are likely to affect about 11% of the region and occur about once every 9 years on average.

Historically it says that Victoria and Tasmania are down 109 mm in rainfall since 1950 and average temperature is up by almost 0.8C over the same 50 year timescale.

The most worrying thing is that these predictions are based on a lower level of CO2e emissions than we are currently tracking towards.

Observations since 1990 show that we are tracking the highest IPCC emission scenario, called A1F1, but climate simulations have not been performed using the A1FI scenario. Most climate research institutes around the world did simulations using the mid-range emission scenarios, called A1B and A2. Hence, in this report, projections for the next 20 to 30 years are based on simulations using mid-range emission scenarios.

So if we carry on how we’re doing now, then the reality could be much worse..

Applying Graphics Cards to Password Cracking

Posted on by

On the Beowulf list there has been a long thread on GPGPU and especially nVidia’s CUDA language. As part of it Prentice Bisbal posted about a friend of his, Mario Juric, who decided to write a proof of concept MD5 password hashing program to take advantage of CUDA.

In his message to the Beowulf list Prentice quoted Mario saying:

If you attempt to compute a single hash on an entire card, you won’t get any improvement. Same as you wouldn’t if you tried it on a single vs. quad core CPU. But if you compute four hashes, than single vs. quad makes a huge difference. And the GPU cards are effectively 128 core CPUs, so when you need to compute millions of hashes…

Now Mario Juric (who organised the AstroGPU workshop) has put up a web page on the program, which gives details of the sort of performance he got with a quick hack.

One way of visualizing this is noting that a single 8800 Ultra could brute-force break an MD5 hashed password of eight or less characters+numbers (A-Z, a-z, 0-9) in about ~16 days.

But this really is just a quick hack:

The MD5 code used here was written in less than 2 days, as a proof-of-concept, and with only a single one-liner GPU-specific optimization.

Of course if people do want to try playing with it the program is available, though at the moment there isn’t a software license included with it. I’ve emailed Mario about the license to see if he can clarify what the rules are.

Bletchley Park in Cash Trouble ?

Posted on by

For the past few weeks I’ve been reading “Codebreakers“, a collection of memoirs and essays by former staff at Bletchley Park, aka the Government Code and Cipher School (GCCS) War Station-X, Room 47 Foreign Office, etc. which worked throughout the war breaking enemy ciphers such as the German Enigma machine, the decrypts of which were called “Ultra“.

But today, via Bruce Scheiers blog, I’ve learnt that the trust that now runs BP has is facing financial problems as they receive no external funding and need cash to help preserve the buildings and the exhibits they restored after taking over the site in the 1990s.

The Bletchley Park Trust receives no external funding. It has been deemed ineligible for funding by the National Lottery, and turned down by the Bill & Melinda Gates Foundation because the Microsoft founder will only fund internet-based technology projects.

For the site that hosted the organisation that arguably saved the day in World War 2, not to mention being the birthplace of the first real computer, Colossus (( yes, I know it wasn’t Turing complete! )), it’s a sad predicament. 🙁

Help Search for the Missing 1999 Mars Polar Lander

Posted on by

The Planetary Societys Emily Lakdawalla has blogged about an interesting project up on their website at the moment, trying to rope in volunteers to help NASA locate Mars Polar Lander using images from the HiRISE camera on the Mars Reconnaissance Orbiter. Emily writes:

What I would really love is if any of you readers out there who wanted to join in the search would write to me and let me know which image you’re searching, or ask me to assign you one, so that we can spread out the effort of all the volunteer searchers and make sure each image is examined by multiple people. I’ve also given some guidelines on how to report anything that you think might be a piece of the missing Mars Polar Lander. So if you want to join in the search, go check out that page.

Currently there are 18 images to search through, and the full resolution JPEG 2000 images are over 1GB a shot..

Plastic cereal ?

Posted on by

CSIRO has developed a biodegradable plastic that’s made from wheat starch. They say:

The wheat starch plastic has similar properties to conventional plastic, but it will break down in the compost heap in 40 to 50 days.

They also claim that it won’t contaminate the food it holds, but I wonder if it is suitable for coeliacs given that wheat starch is known to contain residual gluten ?

(Hat tip to Jeremy for that).

Ross Anderson’s “Security Engineering”

Posted on by

Back in 2006 Ross Anderson (Professor of Security Engineering at the Cambridge Computer Laboratory) announced on his blog that he had published the full contents of the first edition of his book “Security Engineering” in PDF format. The book covers a whole range of security issues from creating, managing, accrediting & breaking the mechanisms themselves through security politics and into topics like DRM.

Now the second edition of Security Engineering is about to arrive (published April 14th in the US, Amazon say stock expected in 1-4 weeks) and mine is on order already (along with a copy of Linus Torvalds Just for Fun).. 🙂

Quote for the day

Posted on by

In 1969 Bob Wilson (later the first director of Fermilab) was called before a hearing of the US Congressional Joint Committee on Atomic Energy to answer questions about particle accelerators. In it Senator John Pastore demanded to know how such a device improved the security of America and Bob Wilsons response of “nothing at all” didn’t go down to well, and so he was prodded further.

His obituary from Cornell in January 2000 puts it like this:

“It has only to do,” Wilson told the lawmakers, “with the respect with which we regard one another, the dignity of men, our love of culture. It has to do with: Are we good painters, good sculptors, great poets? I mean all the things we really venerate in our country and are patriotic about. It has nothing to do directly with defending our country except to make it worth defending.”

I have to concur.

Earthquake near Lake Kivu (Updated)

Posted on by

The USGS has reported a magnitude 6.0 quake in the area of Lake Kivu in the Democratic Republic of Congo. Lake Kivu is one of three known “exploding lakes“, and Wikipedia says:

The trigger for lake overturns in Lake Kivu’s case is unknown but periodic volcanic activity is suspected. The gaseous chemical composition of exploding lakes is unique to each lake; in Lake Kivu’s case, methane and carbon dioxide due to lake water interaction with a volcano. The risk from a possible Lake Kivu overturn would be catastrophic, dwarfing other documented lake overturns at Lakes Nyos and Monoun, since approximately 2 million people live in the lake basin.

The USGS maps show the epicenter on dry land, but with a possible error margin of over 4 miles it could just be under the southern part of the lake. Even in the current location the USGS shake map shows a large area of the lake that could be affected.

Shake map for earthquake near Lake Kivu, 20080203

The BBC has the first reports of casualties, though thankfully no reports of a lake overturn.

Taking the Myki ?

Posted on by

So Melbourne is investigating an electronic tag based ticketing system for public transport called Myki (presumably meant to be pronounced My Key and not mickey), and in an interesting coincidence Bruce Schneier reports a successful attack against a Dutch ticketing system that’s about to be deployed:

The first reported attack was designed by two students at the University of Amsterdam, Pieter Siekerman and Maurits van der Schee. They analyzed the single-use ticket and showed its vulnerabilities in a report. They also showed how a used single-use card could be given eternal life by resetting it to its original “unused” state.

The second attack is a reverse engineering of the crypto algorithm through a physical attack on the circuitry which will be a jumping off point for further attacks, I guess.

I wonder how long it’ll take for the Melbourne system to be similarly compromised ?