Since the first computer was built to work for home user everyone knows that the computer usually does one thing at once. The monolithic systems are today wide spreaded and you hardly find software that uses more then one CPU core or even GPU cores. The MS-DOS users may remember the good old times when only one program could run, for example “copy”. Very interesting that MS-DOS was so widely spreaded but that slow. Unix had multiuser and multitasking systems which were the first approaches for a pseudo parallelsim. Today every Windows version and every other operating system uses multitasking. And there are even more approaches today:
Multitasking
Multitasking means that the time is “sliced” into small parts and every process on the machine gets some time slices. The CPU is very fast, so you probably don’t see that any processes are waiting.
Multithreading
This technique creates threads that run whithin processes. They are much easier to handle and they are really fast if you organize them: stopping, starting, pausing, suspending etc. Today Java programms are very easy to build with more than one thread.
SMT (Simultanous Multithreading)
Intel’s “hyperthreading” doesn’t work with 2 cores but with 2 registers and 2 instructions control units per core where you usually have just one core installed. It’s interesting because todays Netbooks using Intel N270 Atom processors usually have one core but they use SMT and therefor your operating system works pretty fast, even if it is a slower processor like an Atom model.
Multiprocessing
Today we have “Intel Core 2 Duo” or any other multiple core processors. Operating systems today usually try to run one half of the processes on one core and the other processes on the other. That is fine, but not perfect.
Combined
Today you usually have a multitasking operating system where in a couple of processes many threads are working. It is possible that you also have an Intel core with hyperthreading or even a Quad core system. And now imagine that every software you use is multithreaded. That would increase definetly the entire system speed.
And if you need even more power for programms that don’t branch too much, switch your nVidia or ATI graphics adapter on. Even very cheap graphic cards provide you with 500 GFLOPs (GeForce 8800 whatever).
Additional Links:
Posted
on January 17, 2010, 10:19 pm,
by admin,
under
Security.
It’s a shame for a swiss company. Many airports in germany are using a RFID system from that company to make sure that only authorized people can pass through security doors. That’s what the company wants to sell. On every RFID card there is data saved that is transmitted to the RFID readers nearby the doors. It has been cracked very simple, because the RFID cards from the personell don’t send encrypted data. With a pretty cheap hardware you can programate it in a way to receive the data sent by the RFID cards. This information can be used for the RFID readers at the doors. Just place your hardware device in front of the RFID reader and the door “magically” opens. Why? Well the transmitted data from the original RFID personell cards is not encrypted, everything is in plaintext.
Thank god that they are trying to see us naked without putting our clothes off, instead of solving serious security issues.
As seen on h-online some usb memory sticks were recently cracked. Again the problem isn’t the AES algorithm itself but there is another implemenation error within the password entry mechanism. Some IT experts were able to find out that they could make the password entry mechanism to send a specific string to the memory stick, while it doesn’t matter which password was typed in before. The result is a full access to the data of the usb stick.
This is usually nothing really special because it happens every day that systems are being cracked. What made be thinking about it and posting this is that the NIST certified those sticks as a FIPS 140-2 Level 2. Level 2 means the following:
“Security Level 2 improves upon the physical security mechanisms of a Security Level 1 cryptographic module by requiring features that show evidence of tampering, including tamper-evident coatings or seals that must be broken to attain physical access to the plaintext cryptographic keys and critical security parameters (CSPs) within the module, or pick-resistant locks on covers or doors to protect against unauthorized physical access.”
(from Wikipedia)
I don’t know what exactly happend during the tests of the stick but I wouldn’t buy any usb security sticks right now. Even if they are certified from the NIST. Probably it would be the best to take a normal stick and encrypt it as a volume with TrueCrypt. For any normal using it would fit all your needs.
Today I read that a RSA key of 768 bits has been “broken”. Just the key not the algorithm. Some pages report it as a break of RSA or something. I guess they didn’t read:
Actually they had a large cluster of computers and the finally factorized the given 768 bits number with 232 decimals. Very interesting although. Have a look at the paper.
This was my question about a new so called “job card”. The german government wants to introduce that card in order to “make things easier”. Or in my words, to spy more things out of the people. It’s very interesting that I think, that this card is a spytool. Some years ago I moved around in germany and my passport expired. I had to make a new one. But I already moved from my former appartment into another, far away, other city etc. I was asked to give them some documents because they won’t give me a passport. I asked the friendly woman: “Why?” Her answer was, that they have to check this, whatever.
I handed that documents out everywhere in germany but just in another cities. And all said they are ok. I asked the woman if she might uses her telephone or computer to communicate with my former town office. “Not that’s not possible.” Why? – “Because it is not possible!” I just thought WTF?????!!!! What is this? Communistland? So… today I read about ELENA and this one will make it easier for the offices to communicate. Not really communicate but I can hand them my job card out and they got ALL my data.
I was wondering why the “Sparkasse” is allowed. In Germany we have a lot of banks, and the “Sparkasse” is … something special… I don’t really know why and I don’t really know what exactly so special is. I just know that I don’t use their service because I just don’t like their viral interaction.
I guess the job card won’t come very fast, because it has serious problems with security and privacy. I’m curious about the next steps here.
‘
Posted
on January 3, 2010, 11:18 am,
by admin,
under
Security.
This night was a lot of fun. Veriface didn’t recognized me again with glasses. I logged in with my password just to make some tests. The first one was the picture of me printed on normal paper in colors. It didn’t work! I used to bend the paper in order to strech it some how but it still didn’t log me in. After switching some lights on and off Veriface started to recognize my eyes on the picture. I have no idea why this is happening but I guess the distannce between the eyes is an important login value. And probably also how you behave because I registered my face and there were taken pictures, and yes pictures while I was looking somewhere else and not on my monitor or the cam.
Still, … Veriface is unbroken by me. And I don’t have any further ideas, or let’s say I’m to lazy for this. There are much more things to talk about. If you have any idea, let me know.
Some of the readers here maybe read a page or two and thought: Yes thats it! This is the way it goes. Actually be careful! Don’t think that you are the super cryptographer just because you read a lot. Reading books is like practising in theory. You have to practise and find your own way. It is pretty hard to design cryptographic systems because you can’t have any idea about what goes wrong in your system. It is very difficult and takes a long time to design it. No question about the implementation which can be more dangerous than anything else in security.
Make your own programs. Test them, test your design, test your implementation and find out what you’ve done wrong. You’ll always find something that doesn’t work properly. And remember in cryptographic systems you have to be sure that 100 % works, not just 90 %
If you don’t want to get deep into cryptography, hire someone for your project! It’s a lot more cheaper for you if you have a cryptographer working for you from the beginning instead of hire him or her after you found catastrophic mistakes in your system. Remember WEP!
Posted
on December 27, 2009, 1:15 pm,
by admin,
under
Security.
According to the latest news about security and flying I thought back to my last flight. I had a Coke in my bagage of half a liter. Nice black fluid that tastes really good. They told me at the security gate at Berlin’s Schönefeld airport that I can’t take this with me because no fluid things are allowed in bottles. Only half a liter is allowed in maximum 100 ml transparent bags. Well I asked if I might split the bottle’s content into five 100 ml plastic bags and take them with me. I was surprised but they said: Yes! You can do this!
Fine. But I hadn’t 5 x 50 euro cent for buying their transparent 100 ml EU certified china-made waste just to take the 89 Euro Cents coke with me.
My first thought was that this is not done because of terrorists but because of the flight companies. Compare the Coke prices on board with the ones in the supermarktes. You’ll be shocked and that’s what I think, they just want you to buy it on plane, directly from the flight company.
Stupid right? Right!
Posted
on December 27, 2009, 12:01 am,
by admin,
under
Security.
Again I have to tell you something new about VeriFace. I wanted to login and had my glasses on. It didn’t worked. Without glasses it worked. That means that the scanned surface is not just around the eyes but also an the skin of the face directly. I wonder if it recognized me unshaved.
Posted
on December 22, 2009, 5:06 pm,
by admin,
under
Security.
Today I didn’t want to make any tests because it’s pre-christmas time and I don’t really care about non-family-related things like blogging about security and IT systems. But I was a bit surprised, because I started my computer and some people here were sitting around me. They all were in range of my webcam while VeriFace was trying to identify me. And it was very cool because there were three faces which were all well illuminated and not moving fast, but VeriFace logged me in. I suppose me and not the others because they have tried to log in themselves alone and it didn’t worked.
The software is still doing a good job but I bet that I’ll find something how to fake the authentication soon, or next year.