October 01, 2011

Signal Transmission (or: Why You Should Never Buy Monster Cables)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I spent last night drumming, so you fanciful folks get a simple article this week.

Do You Buy Hardware Cables?

Have you ever wondered why, whenever you go to a big box retailer like Best Buy or Circuit City, the prices you see for simple cables can extend upwards of $40, and sometimes more? Sure, the packaging talks about gold-plated terminators and being twelve times faster than the competition, but does that really justify the price difference? I'm here to help you learn a bit and potentially (hopefully!) save a great deal of money.

History Lesson

In order to do that, I'll have to tell you a little bit about what those cables are actually doing. In order to give you a good grasp of the situation, we'll need to go back to the difference between analog and digital signal transmission. Any time you want to transfer information between two pieces of hardware, you're going to need some variety of wire or connector. It used to be the case that we'd just stretch copper wires between them, letting the hardware pretend that it was just a really long internal connection. This is actually how most speakers in home theaters and car sound systems are wired today: just take some copper cables, connect them to the right terminals, and the speakers take the actual electrical impulses from your player to reproduce the sound. This is what analog is.

Digital signals, on the other hand, are more complicated in their execution (but not conceptually difficult). When one piece of hardware, for instance a DVD player, wants to communicate to a visual display, say a television, the DVD player starts off with the raw data it's trying to display. How the data starts off (zeroes and ones on a DVD, magnetic charges on a tape, a ceramic disc with grooves) doesn't really matter. That data needs to be in a format that the television can understand, so there's hardware inside of your DVD player to turn the input (whatever it was) into something the TV can understand. Then you use a cable to transmit that digital signal to the television, where it's converted using dedicated hardware into the picture that you see.

The Difference

Long, boring, blah blah blah. Why's all that important? Well, it turns out that analog and digital signals have a major, critical difference. When analog signal is degraded or weakened, you start getting interference with your output. If you accidentally drive a staple through a cable wire (the horror stories from working as support at Time Warner are deep and many) but you don't use a cable box, you'll still probably be able to see a picture on your screen, but it'll have all sorts of white flecks or static in it, and your audio will hiss, and all sorts of other terrible things. However, if you take that same exact pierced cable, and run it through a cable box (which turns the analog signal from the cable wire to a digital one (technically your TV did that with the cable wire itself, but don't worry about that)), you'll be lucky to get a picture a quarter of the time, and weird green boxes, a black screen, and no audio the rest.

You see, with analog transmission, you never have a perfect signal (there's always some variety of signal loss when transmitting analog signal), but it's pretty resilient in handling information loss (stapling the wire). With digital transmission, though, it's generally an all-or-nothing situation. I say generally because in most cases, the manufacturers of hardware try to deal with information loss, but it's must harder to get right than just accepting issues like analog does. In the earlier example that involved a cable box, the same staple that gives you some static with analog can completely stop you from getting your shows with digital.

Why We Use Digital Transmission

With that in mind, why do we use digital at all? Well, the normal situation for folks is that the hardware and the wires are fine, in which case digital give you perfect signal reproduction when you'd always have loss with analog. The much cooler thing is that digital information uses much, much less bandwidth (or how much data can go across a wire at a time) than analog. Analog is kind of a brute-force solution, where a single type of information is pushed across while trying to keep it as close to the source as possible. Digital uses zeroes and ones to transmit the information perfectly, and it's much easier to cram zeroes and ones together while still getting them to represent the same thing. When you're able to push more data, you can have more colors, more pixels, more channels, more everything!

The Take-Away

Alright, that lesson's over and done with. Now I'm able to tell you why it matters! Digital allows you to transmit data flawlessly, so long as you meet a minimum of bandwidth and don't have too many problems with the cable or hardware. The people who make the specifications for this are really good at what they do (usually a consortium for each specification, made of several companies that have a vested interest in getting it right (among other things)), and they leave a lot of breathing room in specifications for growth and failure. So long as you meet the minimums they provide, things just work.

Why are Monster Cables and their ever-present ilk evil? They attempt to con potential customers into believing that gold-plated terminals, or super-precise build standards, or potential transmission speed, or the dead chicken they have glued to the ceiling of the factory actually matter. Here is what's actually important when buying a cable:
  • make sure it's the type you need for your hardware
  • it must meet the minimum specification
  • it should probably be certified (differs per cable, but not as important as you think)
  • it should be long enough for what you're using it for
That's it. In other words, the wire could be made of tin and the terminals made out of rubber, but so long as it meets the specification, it will work.

Extra Special Bonus Round

If you're still with me, I've got an awesome gift for you for toughing it out. If you need cables, order them online. Those $60 HDMI cables you see at Best Buy? It turns out they cost less than $10 from reputable dealers. It can go as low as $5 if you wait around for sales. Here's a link for one right now! Pretty sweet, eh?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFOhquEdzdg8zBNoIARAvdkAJ9q+rNy8H4DPkMjcVhgOSCUtjdFQQCcCrU9
d8gpguhrtw9emYa/N5Yj9KA=
=pxdx
-----END PGP SIGNATURE-----

September 24, 2011

The Internet Enables: Music

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi again, everybody! After a decent break, a soul-blood pact has brought me back here, and this time I'm bringing some Bandcamp with me. It holds a special place in my heart for a wide variety of reasons, and I wanted to talk about not only why I enjoy it on a personal level, but also about why it's an interesting property of the Internet. No lists this time around, though; you'll have to read through (and also click the links!) to get what's up.

Before I can get into the nitty gritty, you need to know what it is first. Bandcamp is a musical distribution hub that pretends it's a website. Pop open this link right now. There's a white square with a black triangle, which is also a play button, and you should press it. When you do, music by Cloudkicker will begin streaming to your computer from somewhere out on the Internet, and it'll exit your speakers. The particular sound you're listening to right now is the seventh song in the album, "Push It Way Up!".

While that's playing (hope you enjoy prog metal/rock!), here's what makes this amazing: Cloudkicker is a one-man band that has no label, no production studio, and no advertising budget. It's actually just the name some guy (Ben Sharp, from Colombus OH if you must know) picked out to represent the music he'd be sharing with folks. From start to finish, he authored, recorded, mixed, and produced it all himself using a combination of drum-authoring software and guitars. After he had the tracks put together (and the album art, and so on and so forth), he signed up for an account on Bandcamp, configured the album's landing page to his liking, and loosed it upon the world.

Essentially, this is the first portion of why I like Bandcamp: you don't need to be signed to a label or independently wealthy to spread your music. You don't even need fancy, expensive software or instruments or even a super-powerful computer (although those help!). Right now, at this very moment, you could do the very same thing. All you'd have to do is go grab a copy of Audacity for whatever OS you're using to read this, create some samples from Youtube clips, loop them into a nice 4/4 beat, and throw it up on Bandcamp.

The point goes much further than this, though. Traditionally, to make an actual living off of your music, you used to need to know a guy who knows some dude who has a studio-like environment for mastering (or god forbid purchase the hardware yourself), and then produce cassettes or vinyls or CDs, and then figure out how to get people to pay money for them. This, as one might imagine, was outrageously expensive. Labels originally existed to essentially find a high-potential (read: guaranteed money-making) band, front them money to get an album or four made, and then profit from the investment.

The problem with labels in general is that they want to make money. A fair amount of it. All the time, from everything. They're a business, so that's what they're supposed to do! Unfortunately, making money means minimizing your risks and maximizing your profit, so new bands should have a sound that is known to widely appeal to audiences already, or makes only a few changes to known formulas. Bands that are already well-known are expected to continually produce music that is easily recognized as matching their previous style, even though there are exceptions (and rebels like Mastodon). Additionally, since getting a band's name out further than the street corners and venues of your home town is very expensive, labels are essentially who choose what music gets heard, and where, and how often across the country.

This assertion leads me right into point number two: the Internet goes pretty much everywhere. If you type the URL for Bandcamp, you get there (from most countries, anyways). If someone in the United Kingdom makes a ton of pony-themed mixes, I can listen to them without a plane trip. Talent from all over the globe now has a matching platform upon which they can share whatever madness or beauty they can create. This is actually quite similar to OCRemix, but it's original or themed music instead of video-game music. There's another, more critical difference, though, and it's a doozy.

The final point I'd like to make is actually the biggest one: Artists set the price for each track and for whole albums, and Bandcamp helps them collect. If Bandcamp operators were to hear an album and say to themselves, "this is the second coming of music, and we could be billionaires overnight if we charged oodles for it," but the artist just wants folks to have it, then the most that album is going to cost people is a dollar. Full album downloads can even be free, provided a couple of cases are met (artist pays at most $0.03 per free album, or the album is selling at a good rate... it's complicated but in an awesome way). In fact, all the albums that I've linked in this article are, at the time of writing, available for $0. Big 'ol nothing. Free as in beer. That dime you found on the sidewalk? Keep it, because you won't need to spend any portion of it on these!

Of course, if you like what you hear, you should definitely pay money. Brace yourself for the warm-and-fuzzies, though; Bandcamp is very different from essentially every other music provider today, online or otherwise. When you decide to pay for an album, the biggest cut Bandcamp will take is 15%. Mind you, they have to use payment collection services like any other internet-based store, which nibbles out another 4-6%, but in essence if you fork over $10 (which is less than you'll pay for ANY good album at a brick-and-mortar store!) at least $7.50 is going to the artist. If this does not blow your mind, here's a kick-ass chart you need to see.

That money's not going to advertising, or fancy parties for the recording studio, or shareholders, or distribution rights, or airtime, or any of that nonsense. It's going right to the people who made the music. Not only are you making sure that artists you like are more likely to make more music, you're also rewarding someone for their talent and hard effort. Even more: if you've never sold something you've made with your own two hands, it's the best feeling in the world to know that someone else will pay for something you made.

Okay, if you've made it this far, here's the take-away: click here, find something you really like, and give the person who just made your day better in FLAC/MP3/WAV/OGG/whatever format a thank-you.

*

Since this is a blog or something, here's a bunch of stuff I like:
Cloudkicker (prog metal/rock)
Dan Dankmeyer (super-progressive metal)
Gradient Audio (dubstep, wub-wub!)
Jackle App (bit of everything electronic)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFOfWtNdzdg8zBNoIARAq0XAJ9ugHcyXDiZ7S8QdfTMh8PuTAqapgCgiSqL
w5YbztCVn8x4m9wG3JWW6u4=
=pFIc
-----END PGP SIGNATURE-----

March 25, 2011

Normal Person Passwords

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The last post, I will admit, was heavy on details and light on usable information.  It was also super-long.  While I won't apologize (I know reading long things is a dying art, but I would rather folks didn't read me at all than to get a quarter of the way through a post and say 'tldr'), I am more than happy to make this one fun and sweet (and two days late (and apparently also super-long)).

How to make long but memorable passwords:
Human minds are fascinating things.  They're terrible at remembering random data without that randomness being made less random, but remember associated information with an incredible level of detail.  Even minor details can stick around for years with just a few recalls.  The trick is to think, then remember and use repeatedly.  I'll give you a trick for making random passwords in these easy steps:
  1. Think of your most favorite thing.  It can be an activity, or a club or group or class you go to, or your dog, or whatever.  You might think of a few good ones, but pick one.
  2. You can't use this, because everybody knows what it is.
  3. Think of another thing that you like.  If it didn't even cross your mind when making the first thing, it's a keeper.
  4. Next, think of your thing, and see what bubbles to the surface.  This is a right-brain activity, and may take a moment or two.  A few words, ideas, pictures, sounds and things like that should stick out.
  5. Combine two of those right-brainy things with the idea you chose.  If they're too random, pick a few things you know you'll remember.
  6. Harden the password (which is lower).
As an example, I ran through the steps and had to discard a handful of really common junk until I landed on Bicycle. Riding a bike makes me happy, and I do it on occasion, but it's not exactly a central point in my life.  Folks know I do it, but I'm not a fanatic about it... it's just a thing I know.  Some right-brain thinking later, and I wound up with the fact that I recently replaced my bike's chain, and bike chains are different for multiple gear setups.  This is a bit too random, and hard to memorize, so I'll make it a bit easier by using my memory of replacing my chain with a 15-speed-length one.  So, smushing them together, I get Bicycle15Gears.  Pretty good, but it needs hardening!

Password hardening is using a few quick rules you keep to yourself about changing letters and numbers in your password.  Some ideas (don't use all of these, or the first one, or first two; mix and match and make your own!) are here:
  • Last letters in words get capitalized ('spears' turns into 'spearS')
  • Hold shift on the first and last charactors in the password ('GreenGardeningGloves97' becomes 'GreenGardeningGloves9&)')
  • Put some charactor between each part of the password (2HandRails becomes 2_Hand_Rails)
  • Type all numbers twice (sweet59 becomes sweet5599)
  • All passwords start with a character (DropTheBomb becomes $DropTheBomb)
Anything that doesn't make your password more simple (like capitalizing all letters) makes it better.  In my example, I'll put a character on the beginning and end, making it ^Bicycle15Gears^, then separate my words with underscores.  After that process, I have ^_Bicycle_15_Gears_^.  This is a good password; it has uppers, lowers, numbers, and special characters, and is longer than 10 characters.

Alright, so now you have a super-secure password that will be easy to remember.  That doesn't make it any harder to type... but keep in mind that the harder it is for you to type (*not* remember!), the harder it is for anybody to crack it.  What should you do with this new, incredible password?

Download KeePass.  The top left box (which is Standard Exe for Windows) is probably the best bet.  When it's installed, start it.  Click File->New.  You'll get a dialog.  Put your new super-duper password into this box.  If REALLY want to be secure, choose a keyfile (which uses the file as another kind of password).  If you do, make sure to pick a file that's always gonna be around!  Choose a heading (I did Internet) and click Edit->Add Entry.  Fill out the generic information (title is Facebook, the rest is secret), then when you get to the password area, press the [...] button, then the little key right below it.  Press Generate a few times, until you get a lot of bits of randomness, then press OK.

BAM.  With that paragraph, you now have a way of having tons of login names and passwords while only having to remember your super-duper password.  This is as safe as you can get without diving into paranoia-land (your ankle-deep in it right now!).  Happy passwords!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFNjDvEdzdg8zBNoIARArI3AJ4zyGL3aGU5tskIkXr2y1YetXf79ACfWaqZ
2mfkeIUvFGzSn09PgqnBr+M=
=XEeJ
-----END PGP SIGNATURE-----

March 21, 2011

How Passwords Work (And Don't)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Today I hope to illuminate some common misconceptions about passwords, what they really mean, and how they can be/are used.  As always, I'll try to keep it simple, but some of the rules are a little wonky if you don't already know them.  Just stay with me, I'll do my best to help!

First, let's start with what most folks already know.  If a website or program wants to make sure you are who you claim to be, it asks for a password.  This works because when we keep passwords in our head, and hard to guess, only the person who made the password should be able to guess it right.

Quite a few folks (I believe the last estimate was nearly three quarters of all computer users) have already made a mistake.  If you have sticky notes or a notepad with a login and password on or near your computer, but still used a long and complicated password, you're fairly safe from internet-based attacks.  If someone goes rifling through your computer room, though, or if they grab it during a break-in, or snatch it from your purse/wallet, they have absolute access.  If you have a really easy password to make sure that you don't forget it, you're still at risk from pretty much anybody who wants into your account.

Another easy mistake to make is to use the same login name and password on multiple sites.  Facebook, myspace, grooveshark, pandora, twitter, google, banks, cable, internet, phone, water, electricity... there are a lot of places that use names and passwords!  And if you use the same login name and password for all of them, when one gets compromised the attacker will have your login information for every last one of them.  More on this further down, but for now, back to passwords themselves.

When someone doesn't know your password, there's a huge number of ways that they can still manage to get into your account.  If your password is short, they can try a method called 'brute-force', which is exactly what it sounds like: they start off at 'a', and then go to 'b', and then 'c'... and on and on, until something works or they give up.  If your password is short, they'll most likely guess it even if it's complicated.  If it's long, brute force will take a long time to get there, or won't get there at all.

The next type of attack is called 'dictionary', and is essentially when the attacker starts off with a long list of common words (it's easy to use all the words in a large dictionary as a starting point, then add in names for city, state, roads, sports teams, and all sorts of other things) and goes through one at a time guessing with them.  Most dictionary attacks also combine words, so they'll get 'redwalls' the same way they'll get 'red' and 'walls'.

The first two methods, as described above, work even when the attacker doesn't know anything about you.  But what if you use a long password with things like your date of birth, SSN, telephone number, pet's name, or things like that?  While not exactly sophisticated, 'guessing' is a form of attack as well, and the better you know your target, the more likely you are to succeed.  You should never use personal information that you don't want shared with the world as part of your login name or password (either of them!), as they significantly reduce the number of different things your password could be.  Why not your login name, either?  Well, take this as food for thought: a quick search for leaked data shows that it happens all the time, even to big-name companies!  If an attacker can link your login name to you, they get whatever you used as your password, name, and anything else you entered for free!

Alright, so a login name and password that you can keep in your head, but neither points back to you, and your password should be long and complex?  That is a lot to handle (even for technical folks)!  Fortunately, there are tricks and tools that make this easier while still being safe.  If you use a modern browser, you may have had it ask to remember your password.  I have not, and will never trust this functionality.  It's too easy to have someone borrow your computer for just a second, and even if you logged out to be safe, they just press OK and are logged back in!  However, modern browsers also have better features, like Firefox's Master Password feature.  It goes hand-in-hand with the functionality that remembers your login details, but instead of just handing them out like candy, it asks for a password before it gives them out.

What if you just have to write down things or you'll forget?  I actually fall into this category, so I can help you along with that, too.  There are stand-alone, open-source programs like KeePass that will store all of your login names and passwords behind a single password.  If you can choose and commit one really good password to memory, this will handle all the rest!  When choosing one of these programs, though, make sure it comes from a reputable source that you know and trust, and it's usually good to have security software be open source so then people who actually care about that kind of thing (programmers like me!) can tattle on programs that try to steal your information, or just plain don't work.

In the end, passwords and such go way deeper than this, but those details are mostly for people who make the security for web sites and programs that take logins.  This post is already super-long, so I'll safe nifty ways of making random-but-memorizable passwords (or super-secure random passwords) for a later post.  As always, questions, details, clarifications and such should go in comments.  Thanks for reading!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFNiB7vdzdg8zBNoIARAljuAJwN6a8833Nquclr9BH76qq6aMnCBQCgmI8R
cmrzCVQsHv3++9Y+lZcQ9wA=
=JDxf
-----END PGP SIGNATURE-----

March 16, 2011

The Lost Art Of Counting Back

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Over the course of several years of retail and customer service, I discovered a couple of very important rules that held true in nearly every encounter.  The first and foremost of these is that Americans have learned they can be jerks to that stooge behind the counter and get away with it, except for when they can't.  I truly wish businesses were more progressive in this aspect; there's a difference between "the customer is always right" and "the customer is usually right, but also can be a complete jerk".  I've not once met a person who, upon being informed that their continuing attitude would result in immediate ejection from the storefront, continues to be jerk.  They most often become sullen for a second and then move right along into being a model customer (bless their rotten hearts).

The other important rule I'll talk about today is that people rarely look at what you give them until they are forced to.  If you've ever been through a fast food restaurant's drive-thru, ordered successfully, and then arrived at work or home only to find that what you had was of less value than what you paid for, you've been given a hard lesson in this.  However, it gets worse!  When folks pay with cash, they're so blithely unconcerned about how much you give back that you could give back fives in place of tens all day long and only a handful of folks would notice right then and there.  Granted, this can easily result in them going home, realizing they'd been had, and then all reconvening at your location with pitchforks and torches, but still...

In any case, here's how you count back change to someone (and how you make sure a cashier is counting back your change right to you):
  1. Start with the amount the customer Paid
  2. Add pennies to the total until their change ends in a 0 or 5
  3. Add a nickel and one or two dimes until they reach 00, 25, 50, or 75 cents in change
  4. Add quarters until their change ends in 00.  You now have their change!
  5. If you had to grab change, add a dollar to their total and forget about how much change they had
  6. Add twenties until adding another will put you over what they paid you
  7. Add tens until adding another will put you over what they paid you (a pattern!)
  8. Add fives until adding another will put you over what they paid you
  9. Add ones until you MATCH what they paid you
  10. Here's the magic: Hand them their change and say how much it is, and then "makes (add change to total)"
  11. Then keep adding to that, starting with the smallest bills (ones) first
  12. When you've counted everything, the amount you'll be saying is what they paid you!
If you're getting change counted back to you, follow steps 10-13 only and you'll know it's right.

It looks long-winded, but after you've done it a few times, it makes a wonderful kind of sense to both your brain and your hands.  Also, if they gave you change so that you'd give them bigger coins (or none at all), you have to do the change part with different rules.  That's okay, because they've already made it easier on you!

Why should you care about that mess at all?  After all, now that we're a paragraph away from that scary thing, I can say that it does look complicated. Well, for starters, it means that the cashier knows they gave you the right amount (which is good for them) and that you got the right amount too (which is good for you).  It also saves you the trouble of ever having to go back and convince a cashier (or *giggle* their manager) that they need to give you more money.  There's also some word coming through the grapevine that cash is local-friendly because running credit cards is quite expensive for small-dollar-item places (Visa has to get paid too, you know).

Now you know.  Retail's hard on everybody, folks!  Show some compassion to the working stiff behind the counter and the experience can be better for the both of you!


*
I've added an actual, honest-to-god example here.  I didn't include it with the main stuff because few folks wants to go through a checklist and then hear about it all over again right away.  Come back in a little bit and give it a try:
Customer buys a candy bar ($1.09) and pays with a $20
Start with 09 cents
Take out a penny, have 10 cents
Take out a nickel and a dime, have 25 cents
Take out three quarters, have 00 cents
Took out money, so add a dollar to total, which is $2 now
Can I use a $20?  Nope, $22 is too high!
Can I take a $10? Yep, a ten makes the total $12
Can I take a $5? Yep, a five makes the total $17
Three $1 gets me to $20, which is what they gave me

At this point, I look in my hand, see a penny, a nickel, a dime, and three quarters.  I hand them this terrible mess and say "Ninety-one cents makes two dollars", and then count up with the smaller bills first.  "Three, Four, Five" is the ones, "Ten" is the five-spot, "and Twenty" when I tack that ten on there.  Since I was counting bills right where the customer could see, they're already neat and in order, and they had a second to put away their change.  Perfect for the OCD in everybody!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFNgEzGdzdg8zBNoIARAkPgAJ9F1xzk3u39aTuYybLXiFfmfg0AFgCgmZD+
jRK8yK3qZ9UCXyb+iAJN3dA=
=cVQR
-----END PGP SIGNATURE-----

March 13, 2011

On Boxes With Locks

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

With fear of alienating what few readers I have, I'll jump right in on a big topic: Encryption.  I'll start this one by telling the story I try to tell everybody when I'm talking about encryption:

Before the internet, there were two spies who needed to trade information in a hostile country.  Since the two were operating in different regions, they couldn't simply meet up in a coffee shop and swap notes.  Since it's a hostile country, there are no established lines of communication that they can trust.  Instead, each spy had a notepad, a good padlock and the only key for it, and a lockbox with a latch big enough to attach several padlocks, but even one lock will jam the box completely shut.  They used the country's own public mail system (which was known for digging through mail, reading whatever they wanted, and stealing anything that wasn't firmly attached to said mail).  How did they trade messages without getting caught?

The first problem comes up when when you realize attaching a padlock to a box means the recipient can't open it.  Putting the key inside the box doesn't help because the recipient can't open the box (not even a crack!).  If the sender tries to mail the key separately, the public mail couriers will steal it, and use it to open the box.  The problem is that anything the recipient can do, the couriers can do.  So what gives?

The trick to the story is that you can attach more than one padlock.  The first spy writes a message and puts it inside the box, snaps the lock on the box while keeping the key, and mails it to the second spy.  The second spy can't do anything with this locked box, but they snap their own padlock on it anyways, keeping the key, then mails it back.  Now neither spy can get into the box!  However, the magic happens when the first spy takes off his padlock.  They still can't get into it, as they don't have the second spy's key, but that's okay.  They send it back anyways.

When the second spy receives the box, surprise!  The only lock left on it is the one that uses their key!  They pop off the lock, and read the first spy's note.  Then the same process happens, but the first and second spy have traded roles.

Gosh, that's a lot of work to send a message, and it must take an awfully long time!  However, it does satisfy all the needs the spies had:

    * The mail couriers are never able to open the box
    * The mail couriers are never able to get a key, even though they can see the lock
    * Things inside the box still go from one party to the other
    * All the spies need are their own padlock, and their own key

 This is essentially how symmetric cryptography works.  You take a bunch of data (the box), apply your encryption key (padlock) to it, then send it to a third party.  This turns the data into a bunch of gibberish that neither party can really get meaning from.  The third party applies their own encryption key, making it even MORE garbled, and sends it back to you.  You reverse your original encryption (removing your padlock), still can't read the mess of bits, and send it back to the third party.  The third party reverses their original encryption, and *poof* the original message appears.  Technically, it's possible to break encryption, but if it's done correctly, it's possible in the same way that our sun going supernova is possible.

Why does this even matter to a normal, non-super-computer-nerd person?  If you've ever bought something online, you put your credit card numbers into one of these boxes.  Some kinds of logging in (not usually web sites, but game logins and such) put your password into a box (this is a lie, but it's close enough!).  It's also the reason that surfing the internet on public wifi at a coffee shop is pretty much the same as announcing out loud what you're looking at (including forums that you're reading, images you're downloading, anything that isn't encrypted really).  Sites are a little better about securing things these days, but even a couple months ago Facebook would tell your login details to everybody listening to your connection (the firesheep addon was made to elaborate this point).

And now you know a little bit more about why some things are safe online, and some things are not.  I'll be talking about public key encryption, too, because it's fantastic and incredible and everybody should use it, but that's another post's worth of details.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQBNkoYkdzdg8zBNoIARAldIAJ91MS41XLbLgUaq/VRqFpmHsUwI9gCcDCiN
tI06M2e8M1JTcucd6kBxphU=
=ieod 
-----END PGP SIGNATURE-----

March 11, 2011

Greetings, Salutations, It's Too Late To Turn Back

Greetings to you, friends and friends of friends.  It's officially too late to turn back, and the only option you have left is to see this through to the end.  This is like one of those dreadful chain letters, but with less dire portent.

I'm mainly starting this blog as an outlet for the every day tech I use in my life, be it software, hardware, firmware, wetware, or underwear.  Being a rabid fan of computing shouldn't just be squandered on killing zombies (regardless of how hard I may be trying on a given week), and since I give out so much advice and opinion about the stuff anyways, I might as well solidify my thoughts and commit them to the all-remembering Internets.  Since I'm a jack-of-many-trades, expect to hear about the likes of these:
  • Programs (internet browsers, anti-virus suites, open-source lifesavers)
  • Silicon (what's the difference between a CPU, GPU, and PSU anyways?)
  • Mechanics (or Powerful Batteries Are Serious Business)
  • The Internet and You (how to browse a bit safer, and maybe teach new router tricks after convincing it to work right in the first damn place)
  • Paranoia (and how!)
  • ... and maybe even how I think the whole world's falling apart.  This is a blog, after all!
No matter what topic I've chosen for a poorly guided rant, I do hope to keep in mind the fact that I'm not writing for other technobrains.  Instead, look for the What, Why, and How in each post and see if you can make it work for you.  If I lose you, let me know!

Enjoy intermittent profanity, hidden gems of wisdom for living (completely unintentional), and more parentheses than you can shake your fist at.  Stick with it, calisthenics are good for you!  For the sufficiently motivated, you should add your own experiences and questions to the comments, and I might even make a new post just for you!

Alright, you're free.  No 13 years of bad luck for you.  Thanks for your handful of minutes :>