Noteworthy
Looking through my notes, I have found several instances of triangular shapes that form an interesting group of figures. I have completed a rendering of the triangular form of the Borromean rings, featured earlier in Interlock. This time it's much cleaner and crisp. Here we can see the interlock a bit better and I have also added some woodcut-style shading and some sumptuous color that makes it resemble a real hand-crafted object.
This comes from an original rendering that was done of the triangular rings themselves, but without color and shading. The idea was to make a visual illusion. Without the color and shading it's almost too much to take in all at once. Some confusion sets in.
The Borromean rings are, of course, related to the Valknut. A fantastic impossible Valknut is featured in my blog post Drawing On Your Creativity. My old notes are full of the Valknut and also of impossible figures.
Yet, I have a few pages of handwritten notes where I dwell specifically on triangular figures.
The Borromean rings are remarkable as a three-way-dependent group. If you remove one, the other two fall apart. This is the essence of interlock, of course. The very definition.
Valknut
But the Borromean rings that were used by the Vikings had a very different overlap than this one. And they were usually shown pointing up, not down (though not always).
Here is the correct rendering (though some versions differ in left-to-right reflection from others), with bright colors for each ring. This is clearly distinguished from the first rendering because the insides of the triangles are V shapes.
There are many more ways to show it as well, each with its own overlap formula. If each successive overlap has an over-under-over pattern, though, there are only two, which you see here.
There are two forms for the Valknut, and here is another one. Sometimes this form is called the Triquetra. These two figures have existed for at least a thousand years or longer, in exactly these forms. Most depictions of it on runestones from the Viking age show it as thick and tightly formed. All apparitions of the Valknut are associated with Odin. It is said that it symbolizes Odin's promise that the dead Viking warriors have a place in Valhalla. Those who receive the Valknut are the chosen warriors. So, on thousand-year-old runestones in Denmark and Sweden, you often see a battle scene depicted and a Valknut appears marking the heroic figure.
As far as I'm concerned, though, the Valknut is a cool figure, exhibiting strong interweaving and geometry. My take on this Valknut is that it resembles, at least topologically, the trefoil knot.
Taking it Further
I drew this figure while trying to create a Valknut. But I hadn't allocated enough space for the inner portion, and so I had to join the triangles in the middle. I got another idea or two and sculpted it into its current format.
Isn't it interesting how triangular forms can so quickly become logo-worthy? They catch the eye. This form seems to express that the motion of the form is an internal force, rather than an outwards-moving force. It is closed in on itself, in a way.
One of the main issues with triangular figures is that it forces me to think before I draw. I have to plan ahead.
Here is another figure I drew recently. I think I was onto something with the three points on the right and bottom edge.
With such a triangular network, many possibilities exist. Sometimes I like the irregular forms, because they add character to the shape.
But usually the forms, as they were used in antiquity, were as regular as possible because that form clearly resonated with the ones who made them.
The form I was going for appears to be the Triquetra form with an interlocking triangle.
Inspired
Here is my rendering of this figure, with shadows to make the overlap a bit easier to grasp. By coloring each single thread, the interlocking nature of the figure becomes perfectly clear.
This form becomes almost inspiring in its simultaneous simplicity and complexity. It is no great surprise that this Triquetra form, in various mutations, has been used for so many thousands of years. Though usually the interconnected figure was a circle and the corners were rounded off to make it more like a trefoil knot.
The Book of Kells has one. A runestone on Gotland has a few. With the rise of Christianity in Scandinavia this figure became a cross by connecting four of them (the Carolingan cross). A round Triquetra is used to symbolize the holy trinity on some bibles.
But you can take this format even further. Imagine those who are fascinated by the Valknut (which, to me, symbolizes an idea), separated but entangled by their interest. Here is their symbol.
Nothing can break it.
It's almost like a heraldic mark or insignia.
A badge of fascination.
It shows that the interest for such things never dies. It gets carried on by those who discover the symbol anew. And so it has gone for thousands of years.
Those who practice the art of creating symbology know that there is an inherent interest built right into humanity for what graphic symbols convey to their observer.
The essence and practice of logo forms is rooted in our natural Jungian response to symbols. We can't help our response to them. Yet some logo forms come to stand for evil and other logo forms come to represent eternity. How does this happen? Will these forms forever be etched into our collective memories? The Valknut proves that a symbol can easily last thousands of years.
My sense is that forms are chosen by political groups and companies for a reason. A simple intelligent form can be chosen as a symbol that is easy to remember, to help propagate the brand by creating a catchy figure that can be expressed anywhere. That it can create such a strong impression often testifies to the strength of the designer and their understanding of how we respond to symbols.
Isn't graphic design wonderful?
Mark Zimmer: Creativity + Technology = Future
Please enter your email address and click submit to follow this blog
Saturday, October 27, 2012
Monday, October 22, 2012
Creativity and Invention
Invention is the act of making something entirely new or of discovering an entirely new way of accomplishing something, and so often this is a result of trying many different approaches. For me, when one method doesn't work or achieve the results I need, I just try something else. Yet what will make an approach different from someone else's approach is the spark of creativity. To solve the problem, try applying a technique or a principle that, at first glance, doesn't seem to apply.
When I invent things, I know I'm trying to solve a problem. I'm exhausting all of the possible ways to solve it. I'm looking for an efficient way to make use of the information or progress that has been made so far. I'm finding a better way to do it. Or a way to do it at all.
Try Something Unlikely
In ancient Egypt, blacksmiths were good at forming swords other rudimentary tools by holding a piece of iron into a fire to make it malleable and beating it with a hammer. The hammer and anvil had been used for many years, having been invented in the iron age. But sometime around 1450 BCE in ancient Egypt during the reign of Twthomosis III somebody decided that a leather bag could serve as a bellows, and that the increase of forced air would make the fire hotter. Because of this, metal became more malleable, and could even be melted.
This is a clear example of using an unlikely object in common use for something else entirely. A leather bag, used for carrying things, becomes a bellows for metallurgy. Many inventions, in fact, require this kind of discovery.
To make these kinds of discoveries, we must learn about as many things as possible, but perhaps not in depth. Absorbing a little about plenty of subjects is food for invention. It helps you make connections between things that are, for all intents and purposes, not connected in the first place.
For instance: knowing about Voronoi diagrams helped me figure out how best to render fascinating patterns like those produced by raindrops on a windshield. My blog post on where ideas come from is helpful in understanding how to exercise your brain to make such connections.
Try Try Again
But even more discoveries happen a small bit at a time. And the light bulb is the perfect example. Most people associate Thomas Edison with the discovery of the light bulb. But really, he only participated in part of the invention: the part that made it practical.
In 1800, Humphry Davy, in Britain, discovered that applying electricity to a carbon filament could make it glow, demonstrating the electric arc. Some 77 years later, American Charles Francis Bush manufactured carbon arc lamps to illuminate Cleveland, keeping the filament in a glass bottle. Two years later, Thomas Alva Edison discovered that filaments in an oxygen-free bulb would still glow. Then he tried literally thousands of materials before settling upon carbonized bamboo for the filament. The new bulb could last 1200 hours. And it had a screw-in base! But it wasn't until 1911 when modern sintered ductile tungsten filaments were invented at General Electric, that their useful lifetime was increased substantially. Then, in 1913, Irving Langmuir started using inert (electrically nonconductive) gases like argon (instead of a vacuum) inside the bulb, which increased luminosity by a factor of two and also reduced bulb blackening. Nitrogen, xenon, argon, neon, and krypton are routinely used inside bulbs today. However, when mercury vapor is used, the gas itself is the conductor, producing blue-green electric arc.
Of course, light bulbs are being reinvented every few years now. Fluorescent bulbs are used in businesses largely because they are four to six times the efficiency of incandescent bulbs. Then there were compact fluorescent light (CFL) bulbs, sharing the same efficiency advantage, but in a compact light bulb form factor. And now light-emitting diode (LED) lighting. These new bulbs save about 80-90% of the energy (over incandescent bulbs) required to illuminate us. And they last about 25 times longer than CFL bulbs.
The future is going to be just as much about conserving energy as it is about producing it.
Try Harder
The main use for creativity in invention is simply so you can solve the hardest problems of all. These are the problems that don't have an apparent solution.
Two supreme examples of this kind of problem are computer vision and computer cognition. Teaching a computer to understand everyday objects like faces, kinds of clothing, the make and model of a car, and even something as simple as a tree is incredibly difficult. Humans do this very well, of course, and this belies its complexity. Teaching a computer to read and understand a book is also hard beyond comprehension. Small parts of this, like optical character recognition and a small amount of natural language processing have been accomplished. But for the computer to actually understand the subject matter and discuss it, or even better to learn from it, is practically impossible. People dedicate their lives to solving this problem.
A small example of the problem of computer cognition is what I once dreamt about: subject space. I envisioned a space where all concepts are related in different ways. Each concept is a node in the graph of subject space and arcs between the nodes relate them.
Here I show is-a relations as a green arrow between two objects. So the green arrow between FLEA and BUG represents the information that a flea is a kind of bug. Similarly meat, rice, and carrot are a kind of food. This is a subset relationship. Another kind of relationship has to do with ownership or possession. A cyan arrow from one object to another means that the source object can possess the destination. A dog has legs, and so does a bug. A has relation can have other information associated with it. For instance, a dog has 4 legs and a bug has 6 or 8 legs. Any relation, which generally is where the verbs live in this space, can have additional information associated with it, in the form of an adverb. For instance the eats relation can have quickly associated with it.
Action relations concern a direct or indirect object. These are shown in indigo. Legs walk on the floor. A human buys food, and a dog eats the food. A flea lives on the dog. In this way buys, walk-on, lives-on, and eats are relations. And by definition, those relations can have a timestamp associated with them. The sequence in which actions occur affect the semantics. Sometimes in a causal way.
Very complicated relations are two way arcs, like the dog-master relationship. There are other obvious relationships, like is-an-attribute-of, where appropriate adjectives may be associated with subjects. Even idiomatic expressions get their representations here. For instance hair of the dog is slang for an alcoholic drink.
Note that a human has legs but I didn't include an arc for that relationship. This shows that subject space is not planar. In fact, it is n-dimensional.
Such a graph is useful in understanding and parsing the grammar of text or spoken language. A sentence can then be encoded into a series of factual semantic concepts. For instance, if you know the man buys food, then you will have to determine what the food consists of. Based on this graph, it could be meat, carrot, or rice, or some combination of them.
Also, the relation eats really means can eat. When parsing text, the fact that a given dog is eating or has eaten food is yet to be discovered. Once discovered, this subject space graph helps the semantic understanding system codify the actions that occur.
Sometimes the solution, however complex, can come to you in a dream. And this shows a creatively-applied technique, graph theory, and how it is applied to a nearly impossible problem, computer understanding.
Trial and Error
It is quite remarkable when a discovery gets made by accident!
Physicist Henri Becquerel was looking for X-rays from naturally-fluorescent materials in 1986. He knew that phosphorus would collect energy by being exposed to sunlight. And he had a naturally-fluorescent material: uranium. But there was one main problem: it was winter and the days were all overcast.
So the put his materials together in a drawer, including a bit of uranium and a photographic plate, and waited for a day when the sun would come out. When that day came, he removed the materials from the drawer and soon found that the photographic plates were affected by the uranium without being first exposed to sunlight.
And radioactivity was discovered.
My point is that sometimes a discovery is the result of unintended consequences. As for me, I have invented a few effects by accidentally creating a bug in a program I wrote. This is part of the pleasure of working in graphics. In fact, the cool visual effect in my Mess and Creativity post was discovered as the result of a bug in a program that computed image directions.
Trials and Tribulations
One problem, the lofting problem, was an elusive problem to me for years. I spent a lot of time constructing better and faster Gaussian Blur algorithms over the years, and even learned of a few new ones from such people as Michael Herf and Ben Weiss. But it wasn't until late 2004 that Kok Chen suggested that I apply constraints to the blur. And an iterative algorithm to solve this problem was born. This is detailed in my Hard Problems post.
When I invent things, I know I'm trying to solve a problem. I'm exhausting all of the possible ways to solve it. I'm looking for an efficient way to make use of the information or progress that has been made so far. I'm finding a better way to do it. Or a way to do it at all.
Try Something Unlikely
In ancient Egypt, blacksmiths were good at forming swords other rudimentary tools by holding a piece of iron into a fire to make it malleable and beating it with a hammer. The hammer and anvil had been used for many years, having been invented in the iron age. But sometime around 1450 BCE in ancient Egypt during the reign of Twthomosis III somebody decided that a leather bag could serve as a bellows, and that the increase of forced air would make the fire hotter. Because of this, metal became more malleable, and could even be melted.
This is a clear example of using an unlikely object in common use for something else entirely. A leather bag, used for carrying things, becomes a bellows for metallurgy. Many inventions, in fact, require this kind of discovery.
To make these kinds of discoveries, we must learn about as many things as possible, but perhaps not in depth. Absorbing a little about plenty of subjects is food for invention. It helps you make connections between things that are, for all intents and purposes, not connected in the first place.
For instance: knowing about Voronoi diagrams helped me figure out how best to render fascinating patterns like those produced by raindrops on a windshield. My blog post on where ideas come from is helpful in understanding how to exercise your brain to make such connections.
Try Try Again
But even more discoveries happen a small bit at a time. And the light bulb is the perfect example. Most people associate Thomas Edison with the discovery of the light bulb. But really, he only participated in part of the invention: the part that made it practical.
In 1800, Humphry Davy, in Britain, discovered that applying electricity to a carbon filament could make it glow, demonstrating the electric arc. Some 77 years later, American Charles Francis Bush manufactured carbon arc lamps to illuminate Cleveland, keeping the filament in a glass bottle. Two years later, Thomas Alva Edison discovered that filaments in an oxygen-free bulb would still glow. Then he tried literally thousands of materials before settling upon carbonized bamboo for the filament. The new bulb could last 1200 hours. And it had a screw-in base! But it wasn't until 1911 when modern sintered ductile tungsten filaments were invented at General Electric, that their useful lifetime was increased substantially. Then, in 1913, Irving Langmuir started using inert (electrically nonconductive) gases like argon (instead of a vacuum) inside the bulb, which increased luminosity by a factor of two and also reduced bulb blackening. Nitrogen, xenon, argon, neon, and krypton are routinely used inside bulbs today. However, when mercury vapor is used, the gas itself is the conductor, producing blue-green electric arc.
Of course, light bulbs are being reinvented every few years now. Fluorescent bulbs are used in businesses largely because they are four to six times the efficiency of incandescent bulbs. Then there were compact fluorescent light (CFL) bulbs, sharing the same efficiency advantage, but in a compact light bulb form factor. And now light-emitting diode (LED) lighting. These new bulbs save about 80-90% of the energy (over incandescent bulbs) required to illuminate us. And they last about 25 times longer than CFL bulbs.
The future is going to be just as much about conserving energy as it is about producing it.
Try Harder
The main use for creativity in invention is simply so you can solve the hardest problems of all. These are the problems that don't have an apparent solution.
Two supreme examples of this kind of problem are computer vision and computer cognition. Teaching a computer to understand everyday objects like faces, kinds of clothing, the make and model of a car, and even something as simple as a tree is incredibly difficult. Humans do this very well, of course, and this belies its complexity. Teaching a computer to read and understand a book is also hard beyond comprehension. Small parts of this, like optical character recognition and a small amount of natural language processing have been accomplished. But for the computer to actually understand the subject matter and discuss it, or even better to learn from it, is practically impossible. People dedicate their lives to solving this problem.
A small example of the problem of computer cognition is what I once dreamt about: subject space. I envisioned a space where all concepts are related in different ways. Each concept is a node in the graph of subject space and arcs between the nodes relate them.
Here I show is-a relations as a green arrow between two objects. So the green arrow between FLEA and BUG represents the information that a flea is a kind of bug. Similarly meat, rice, and carrot are a kind of food. This is a subset relationship. Another kind of relationship has to do with ownership or possession. A cyan arrow from one object to another means that the source object can possess the destination. A dog has legs, and so does a bug. A has relation can have other information associated with it. For instance, a dog has 4 legs and a bug has 6 or 8 legs. Any relation, which generally is where the verbs live in this space, can have additional information associated with it, in the form of an adverb. For instance the eats relation can have quickly associated with it.
Action relations concern a direct or indirect object. These are shown in indigo. Legs walk on the floor. A human buys food, and a dog eats the food. A flea lives on the dog. In this way buys, walk-on, lives-on, and eats are relations. And by definition, those relations can have a timestamp associated with them. The sequence in which actions occur affect the semantics. Sometimes in a causal way.
Very complicated relations are two way arcs, like the dog-master relationship. There are other obvious relationships, like is-an-attribute-of, where appropriate adjectives may be associated with subjects. Even idiomatic expressions get their representations here. For instance hair of the dog is slang for an alcoholic drink.
Note that a human has legs but I didn't include an arc for that relationship. This shows that subject space is not planar. In fact, it is n-dimensional.
Such a graph is useful in understanding and parsing the grammar of text or spoken language. A sentence can then be encoded into a series of factual semantic concepts. For instance, if you know the man buys food, then you will have to determine what the food consists of. Based on this graph, it could be meat, carrot, or rice, or some combination of them.
Also, the relation eats really means can eat. When parsing text, the fact that a given dog is eating or has eaten food is yet to be discovered. Once discovered, this subject space graph helps the semantic understanding system codify the actions that occur.
Sometimes the solution, however complex, can come to you in a dream. And this shows a creatively-applied technique, graph theory, and how it is applied to a nearly impossible problem, computer understanding.
Trial and Error
It is quite remarkable when a discovery gets made by accident!
Physicist Henri Becquerel was looking for X-rays from naturally-fluorescent materials in 1986. He knew that phosphorus would collect energy by being exposed to sunlight. And he had a naturally-fluorescent material: uranium. But there was one main problem: it was winter and the days were all overcast.
So the put his materials together in a drawer, including a bit of uranium and a photographic plate, and waited for a day when the sun would come out. When that day came, he removed the materials from the drawer and soon found that the photographic plates were affected by the uranium without being first exposed to sunlight.
And radioactivity was discovered.
My point is that sometimes a discovery is the result of unintended consequences. As for me, I have invented a few effects by accidentally creating a bug in a program I wrote. This is part of the pleasure of working in graphics. In fact, the cool visual effect in my Mess and Creativity post was discovered as the result of a bug in a program that computed image directions.
Trials and Tribulations
One problem, the lofting problem, was an elusive problem to me for years. I spent a lot of time constructing better and faster Gaussian Blur algorithms over the years, and even learned of a few new ones from such people as Michael Herf and Ben Weiss. But it wasn't until late 2004 that Kok Chen suggested that I apply constraints to the blur. And an iterative algorithm to solve this problem was born. This is detailed in my Hard Problems post.
Labels:
anvil,
bellows,
computer cognition,
creativity,
Egypt,
energy,
future,
hammer,
invention,
light bulb,
tools
Saturday, October 13, 2012
How Old Is Your Software?
Let's look at software vulnerability. What kinds of software are the most vulnerable?
Well, duh! The oldest, most crufty kinds of course! Whenever you add onto software year after year, you unwittingly create opportunities for exploitation. We say that our data are secure, yet we do not test software in anywhere near the rigorous fashion it requires!
This leaves us with highly-functional yet completely-vulnerable software. And the users don't even realize it. Business users, corporate users, individual users, you.
Which Software is the Most Vulnerable?
Means: Programmers only need to be connected to the Internet and have a computer capable of being programmed to become a hacker. This makes up basically every person on the planet in all but the seriously developing nations. So let's just say there is a large sample set of possible hackers.
Motive: To be vulnerable, you also have to be hiding something desirable, interesting, or perhaps embarrassing. In other words: valuable to someone who just needs some street cred. What holds this kind of data? Your computer, your hard disk, your database, managed by operating systems, software that routinely gets installed or updated, things like distributed database server software also that protect huge amounts of data. For more motives for hacking, see my first blog post on Hackers.
Opportunity: So, let's look at software that has enjoyed release after release year after year. These releases are generally done for the purposes of:
The best positive marketing driver is the first one: increasing their feature set. To do this, it is often necessary to allow other developers to add to their feature set. We see this in nearly every OS platform in history. Supporting Applications. Allowing Plug-ins. Enabling programmability.
Being able to program something is highly desirable. It is also exactly what causes the vulnerabilities.
In 1984, I bought my first Macintosh. Actually it was an original 128K Mac. And the first thing I did was to take it apart, with a long Torx screwdriver and some splints to crack open the shell. My business partner in Fractal Software, Tom Hedges, was doing the exact same thing in the very same room. We both came to the conclusion that it needed a real hard drive, which was an interesting hardware task. We also came to the conclusion that we wanted to program it.
I wanted to create a new application.
We met an Apple person, Owen Densmore, at Siggraph that year and he put us in touch with a key developer, Bill Duvall, who had built the Consulair C system with a text editor. Owen gave us the external terminal debugging capability, called TermBugA, that we could use to debug our applications. He put us in touch with Steve Jasik, who authored MacNosy, and had disassembled the entire ROMs in a Mac. We built our first apps for the Mac within a couple of weeks and began our development career.
This is the old school method. The very ability to program a device has a name now: pwn. This means "owning it" but it also has a whiff of programmability to it.
If a device is a computer of any kind, then the desire to program it freely is a natural consequence of these old school ways.
But those ways must change.
How Are The Vulnerabilities Exploited?
The goal is to become a privileged user on the computer. This will enable the hacker to install their programs, get access to whatever data is available without restriction, and basically to take over the computer. Once this is done, then malware can be installed. Things that log your keystrokes. Or watch you through your webcam. Or check which web sites you use, remembering whatever passwords you use to access them.
This enables them to steal your identity or your money. Or you can be blackmailed with whatever incriminating data is present. In other words, criminal activity that exploits you, your business, or your customers.
But overwhelmingly, your computer can become something that is not under your control and can be used as a base for expansion, virus propagation, or as a machine to support DDoS attacks as well.
How do they get control of your computer? Often it is with a very small bug.
Now, software above a certain size always has bugs in it, and that's the problem in a nutshell.
The kind of bugs that hackers look for are primarily buffer overrun bugs. Because all machines are Von Neumann machines, data is stored in the same place as code. This means that all the hacker needs to do is insert their code into your system and transfer control to it.
A buffer overrun bug allows them to do this because, by definition, once a buffer (a fixed-size place in memory to store data) is overrun then the program has lost control of what is going into memory. With a little cleverness, after overrunning the buffer, the data will go someplace that is a tender spot. This can cause another bug to happen or it can be a spot where program control will end up soon enough in the future.
And voilá, the hacker is running their own native code on your computer.
Their next trick is to become a superuser. This is sometimes referred to as becoming root. These terms come from UNIX, which is the basis for many operating systems, like Mac OS X and Linux.
This can be done several ways, but the most effective way is apparently to masquerade as a routine install of familiar software. Like Photoshop, Flash, a Windows Service Pack, etc.
But the process of taking over a computer, which comprises a rootkit, is often a several-step process.
Perhaps the computer becomes a bot, simply running jobs for the hacker: sending email spam at random times, using the computer's position in the network to attack other local computers, making the computer be part of a Distributed Denial of Service (DDoS) attack.
Perhaps the hacker only wants to get the data in that computer. The easiest way is to gain superuser access, and then you have the privileges to access all the files. Maybe the hacker just wants to watch the user and gain information like bank account numbers and passwords.
Sometimes the hacker just wants to get access to databases. The databases contain information that might be sensitive, like credit card information, telephone numbers. Since these databases are generally SQL servers, a specific kind of attack is used: SQL Injection attacks.
Poorly-written SQL can have statements in it that evaluate a string and execute it. Rather than running code with pre-specified bind variables. It is these strings that make SQL vulnerable to being co-opted by a hacker, who can modify the SQL program simply by changing its parameters. When the string gets changed to SQL code of the hacker's choice, it can be executed and the hacker can, for instance, extract all of the database records, instead of the usual case where the records on certain date may be accessed. Or the hacker can change the fields that get extracted to all the fields instead of a small number of them.
How Do We Combat This?
It is easy to say there is no way to fight system vulnerabilities, but you would be wrong.
The strongest way to stop it is curation. One form of curation is the ability of a supervisor to prevent malware from becoming installed on a system. When a system allows plug-ins and applications, these must be curated and examined for malware and the backdoors and errors that allow malware to take hold. And they must be limited in their scope to prevent conscription of the operating system and applications that run them.
In the case of Apple, curation means examining every App built for its platform for malware or even the whiff of impropriety. And this is a really good thing in itself, because it means that far less malware attacks iOS than does Android.
In the case of SQL injection attacks, rewrite your SQL to not use executed strings.
But general practices need to be followed religiously. Make sure your passwords are not guessable. Use firewalls to prevent unintended connections. Beware phishing attacks.
Well, duh! The oldest, most crufty kinds of course! Whenever you add onto software year after year, you unwittingly create opportunities for exploitation. We say that our data are secure, yet we do not test software in anywhere near the rigorous fashion it requires!
This leaves us with highly-functional yet completely-vulnerable software. And the users don't even realize it. Business users, corporate users, individual users, you.
Which Software is the Most Vulnerable?
Means: Programmers only need to be connected to the Internet and have a computer capable of being programmed to become a hacker. This makes up basically every person on the planet in all but the seriously developing nations. So let's just say there is a large sample set of possible hackers.
Motive: To be vulnerable, you also have to be hiding something desirable, interesting, or perhaps embarrassing. In other words: valuable to someone who just needs some street cred. What holds this kind of data? Your computer, your hard disk, your database, managed by operating systems, software that routinely gets installed or updated, things like distributed database server software also that protect huge amounts of data. For more motives for hacking, see my first blog post on Hackers.
Opportunity: So, let's look at software that has enjoyed release after release year after year. These releases are generally done for the purposes of:
- increasing their feature set
- making them faster
- fixing their security holes
So let's examine systems which do this. Operating systems, like Windows, Mac OS X, iOS, and Android certainly are updated quite often. System software for supporting desirable things like videos are updated often as well, like Adobe's Flash. So are things like their suite of programs the Creative Suite. In business, the Oracle SQL Server is updated quite often also, to add features and, more often, to patch vulnerabilities. Programming capabilities like Java site updated a lot also. Even GNU, the Free Software Foundation's operating system, which declares proudly that GNU's Not Unix (though it is identical to it in every way I can see) is updated quite often.
These are the most vulnerable software systems on the planet, merely because they are updated so often. And because so many people and businesses use them.
Being able to program something is highly desirable. It is also exactly what causes the vulnerabilities.
In 1984, I bought my first Macintosh. Actually it was an original 128K Mac. And the first thing I did was to take it apart, with a long Torx screwdriver and some splints to crack open the shell. My business partner in Fractal Software, Tom Hedges, was doing the exact same thing in the very same room. We both came to the conclusion that it needed a real hard drive, which was an interesting hardware task. We also came to the conclusion that we wanted to program it.
I wanted to create a new application.
We met an Apple person, Owen Densmore, at Siggraph that year and he put us in touch with a key developer, Bill Duvall, who had built the Consulair C system with a text editor. Owen gave us the external terminal debugging capability, called TermBugA, that we could use to debug our applications. He put us in touch with Steve Jasik, who authored MacNosy, and had disassembled the entire ROMs in a Mac. We built our first apps for the Mac within a couple of weeks and began our development career.
This is the old school method. The very ability to program a device has a name now: pwn. This means "owning it" but it also has a whiff of programmability to it.
If a device is a computer of any kind, then the desire to program it freely is a natural consequence of these old school ways.
But those ways must change.
How Are The Vulnerabilities Exploited?
The goal is to become a privileged user on the computer. This will enable the hacker to install their programs, get access to whatever data is available without restriction, and basically to take over the computer. Once this is done, then malware can be installed. Things that log your keystrokes. Or watch you through your webcam. Or check which web sites you use, remembering whatever passwords you use to access them.
This enables them to steal your identity or your money. Or you can be blackmailed with whatever incriminating data is present. In other words, criminal activity that exploits you, your business, or your customers.
But overwhelmingly, your computer can become something that is not under your control and can be used as a base for expansion, virus propagation, or as a machine to support DDoS attacks as well.
How do they get control of your computer? Often it is with a very small bug.
Now, software above a certain size always has bugs in it, and that's the problem in a nutshell.
The kind of bugs that hackers look for are primarily buffer overrun bugs. Because all machines are Von Neumann machines, data is stored in the same place as code. This means that all the hacker needs to do is insert their code into your system and transfer control to it.
A buffer overrun bug allows them to do this because, by definition, once a buffer (a fixed-size place in memory to store data) is overrun then the program has lost control of what is going into memory. With a little cleverness, after overrunning the buffer, the data will go someplace that is a tender spot. This can cause another bug to happen or it can be a spot where program control will end up soon enough in the future.
And voilá, the hacker is running their own native code on your computer.
Their next trick is to become a superuser. This is sometimes referred to as becoming root. These terms come from UNIX, which is the basis for many operating systems, like Mac OS X and Linux.
This can be done several ways, but the most effective way is apparently to masquerade as a routine install of familiar software. Like Photoshop, Flash, a Windows Service Pack, etc.
But the process of taking over a computer, which comprises a rootkit, is often a several-step process.
Perhaps the computer becomes a bot, simply running jobs for the hacker: sending email spam at random times, using the computer's position in the network to attack other local computers, making the computer be part of a Distributed Denial of Service (DDoS) attack.
Perhaps the hacker only wants to get the data in that computer. The easiest way is to gain superuser access, and then you have the privileges to access all the files. Maybe the hacker just wants to watch the user and gain information like bank account numbers and passwords.
Sometimes the hacker just wants to get access to databases. The databases contain information that might be sensitive, like credit card information, telephone numbers. Since these databases are generally SQL servers, a specific kind of attack is used: SQL Injection attacks.
Poorly-written SQL can have statements in it that evaluate a string and execute it. Rather than running code with pre-specified bind variables. It is these strings that make SQL vulnerable to being co-opted by a hacker, who can modify the SQL program simply by changing its parameters. When the string gets changed to SQL code of the hacker's choice, it can be executed and the hacker can, for instance, extract all of the database records, instead of the usual case where the records on certain date may be accessed. Or the hacker can change the fields that get extracted to all the fields instead of a small number of them.
How Do We Combat This?
It is easy to say there is no way to fight system vulnerabilities, but you would be wrong.
The strongest way to stop it is curation. One form of curation is the ability of a supervisor to prevent malware from becoming installed on a system. When a system allows plug-ins and applications, these must be curated and examined for malware and the backdoors and errors that allow malware to take hold. And they must be limited in their scope to prevent conscription of the operating system and applications that run them.
In the case of Apple, curation means examining every App built for its platform for malware or even the whiff of impropriety. And this is a really good thing in itself, because it means that far less malware attacks iOS than does Android.
In the case of SQL injection attacks, rewrite your SQL to not use executed strings.
But general practices need to be followed religiously. Make sure your passwords are not guessable. Use firewalls to prevent unintended connections. Beware phishing attacks.
Friday, October 12, 2012
Cubic Nesting
For some reason humanity is obsessed with the cube. We build our skyscrapers based on it. We study its symmetries. We ship products in it (excepting, of course, Painter, which came in a cylindrical package).
Nature has cubic symmetry built right into the salt crystal. And, as we will presently see, many other shapes have cubic structure built right into them, by virtue of polyhedral nesting geometry.
If you snub the corners off a cube all the way to the midpoints of the edges, you get a cuboctahedron.
This shape, shown here, fits perfectly inside a cube and you can immediately see how the corners of the cube may be removed. As far as I know, this is one of the few examples of a 14-face polyhedron.
It is natural in the sense that the cuboctahedron has one face for each face and vertex of the cube.
It has been said that if you pack clay spheres into a space and press them down that each clay ball will have approximately 14 facets.
You could think of the spheres as mutually-avoiding points in space. The polyhedra made by the mid planes between the points would then be a three-dimensional Voronoi diagram.
Another naturally-occurring polyhedron is the rhombic dodecahedron. This is the natural shape of a garnet crystal. It is bounded by 12 rhomboids whose diagonals have the ratio 1::sqrt(2).
The cool thing about the rhombic dodecahedron is that it can tessellate space. So it makes a nice packing form. Honeybees use it to form the cells of their honeycomb.
If you look closely, a cube can nestle perfectly inside a rhombic dodecahedron. In particular, this shape has one face for each edge of the cube.
The rhombic dodecahedron is the dual of the cuboctahedron because you can construct each solid by putting a vertex in the center of each face of the dual. But these are not the only solids that nestle with a cube.
Perhaps the coolest solid to nestle with the cube is the dodecahedron itself. This shape is bounded by 12 pentagons.
This shape is used for the 12-sided die in Dungeons and Dragons because it is a regular polyhedron.
Here, if you look closely you can see the cube nestled inside. In fact, there are five distinct nestlings. This is because each cube edge travels along exactly one of the five diagonals of each pentagon.
This shape is ruled by the golden section: (1 + sqrt(5))/2 or 1.6180339.... This number is the limit of the ratio between successive Fibonacci numbers, defined by the recurrence relation Fn = Fn-1 + Fn-2.
The Fibonacci sequence is 0, 1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 144, ... and it gets used for a lot of different purposes. For instance polyphase merge sorting and optimal one-dimensional searching.
If you connect the four vertices of a cube that don't neighbor each other, you get a tetrahedron. Each of the other four vertices caps a right tetrahedron.
Here I show it as an exploded view. The cube can be made up from five tetrahedra. One is of the platonic form, and nestles inside the cube perfectly (the center one).
This is one tessellation used for better cubic interpolation, it turns out. Diagonals become smooth when you interpolate in this way. Any tetrahedral tessellation converts more easily to barycentric interpolation, which is easier than trilinear, and offers less distortion on the diagonals.
Cubes can also be split into cubes, as everybody knows who has solved a soma cube or played with a Rubik's cube.
Or played Minecraft.
When you split cubes into cubes, you can irregularly cut a cube up into a paired set. This set consists of two pieces that are keyed to each other. The more sub-cubes you split a cube into, the more possibilities for keyed sets exist.
Here is a possibility, one of several, that exist when a cube is split into a 3X3X3 array of sub-cubes.
In all (but the trivial uninteresting) cases, a concavity on one side is met with a convexity on the other.
I have turned one of the pieces by 60 degrees so you can see that symmetry figures into how many of these keys there are.
For those people interested in splitting things up into pieces, you can see my Pieces post. For more secrets of three-dimensional thinking, my Three-Dimensional Thinking post, or my Three-Dimensional Design post.
Cheers!
Nature has cubic symmetry built right into the salt crystal. And, as we will presently see, many other shapes have cubic structure built right into them, by virtue of polyhedral nesting geometry.
If you snub the corners off a cube all the way to the midpoints of the edges, you get a cuboctahedron.
This shape, shown here, fits perfectly inside a cube and you can immediately see how the corners of the cube may be removed. As far as I know, this is one of the few examples of a 14-face polyhedron.
It is natural in the sense that the cuboctahedron has one face for each face and vertex of the cube.
It has been said that if you pack clay spheres into a space and press them down that each clay ball will have approximately 14 facets.
You could think of the spheres as mutually-avoiding points in space. The polyhedra made by the mid planes between the points would then be a three-dimensional Voronoi diagram.
Another naturally-occurring polyhedron is the rhombic dodecahedron. This is the natural shape of a garnet crystal. It is bounded by 12 rhomboids whose diagonals have the ratio 1::sqrt(2).
The cool thing about the rhombic dodecahedron is that it can tessellate space. So it makes a nice packing form. Honeybees use it to form the cells of their honeycomb.
If you look closely, a cube can nestle perfectly inside a rhombic dodecahedron. In particular, this shape has one face for each edge of the cube.
The rhombic dodecahedron is the dual of the cuboctahedron because you can construct each solid by putting a vertex in the center of each face of the dual. But these are not the only solids that nestle with a cube.
Perhaps the coolest solid to nestle with the cube is the dodecahedron itself. This shape is bounded by 12 pentagons.
This shape is used for the 12-sided die in Dungeons and Dragons because it is a regular polyhedron.
Here, if you look closely you can see the cube nestled inside. In fact, there are five distinct nestlings. This is because each cube edge travels along exactly one of the five diagonals of each pentagon.
This shape is ruled by the golden section: (1 + sqrt(5))/2 or 1.6180339.... This number is the limit of the ratio between successive Fibonacci numbers, defined by the recurrence relation Fn = Fn-1 + Fn-2.
The Fibonacci sequence is 0, 1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 144, ... and it gets used for a lot of different purposes. For instance polyphase merge sorting and optimal one-dimensional searching.
If you connect the four vertices of a cube that don't neighbor each other, you get a tetrahedron. Each of the other four vertices caps a right tetrahedron.
Here I show it as an exploded view. The cube can be made up from five tetrahedra. One is of the platonic form, and nestles inside the cube perfectly (the center one).
This is one tessellation used for better cubic interpolation, it turns out. Diagonals become smooth when you interpolate in this way. Any tetrahedral tessellation converts more easily to barycentric interpolation, which is easier than trilinear, and offers less distortion on the diagonals.
Cubes can also be split into cubes, as everybody knows who has solved a soma cube or played with a Rubik's cube.
Or played Minecraft.
When you split cubes into cubes, you can irregularly cut a cube up into a paired set. This set consists of two pieces that are keyed to each other. The more sub-cubes you split a cube into, the more possibilities for keyed sets exist.
Here is a possibility, one of several, that exist when a cube is split into a 3X3X3 array of sub-cubes.
In all (but the trivial uninteresting) cases, a concavity on one side is met with a convexity on the other.
I have turned one of the pieces by 60 degrees so you can see that symmetry figures into how many of these keys there are.
For those people interested in splitting things up into pieces, you can see my Pieces post. For more secrets of three-dimensional thinking, my Three-Dimensional Thinking post, or my Three-Dimensional Design post.
Cheers!
Subscribe to:
Posts (Atom)