Wed Sep 29 00:00:00 PDT 2004
Fischer Random Chess
I enjoy playing chess, although I
often go through phases where I stop playing for extended periods
of time. Mostly, I get frustrated by the sheer amount of
memorization and study required to win against any but the most
casual of players. In modern chess, mastery of opening theory,
transposition, and memorization of a solid opening repertoire in
all of its common variations is required to play competitively.
This makes chess much less fun than it should be.
However, I've recently become interested in chess again. My resurgent interest is primarily due to the growing acceptance of Fischer Random Chess. In particular, FICS (the Free Internet Chess Server) supports Fischer Random Chess, as do most of its popular graphical interfaces, including: FICS even provides ratings for Fischer Random players, although this rating may also includes standings for certain other randomized variants as well.
There are tremendous numbers of other chess variants. So, why am I particularly intrigued by this one?
Many chess variants are not, strictly speaking, chess. Pieces may move differently, or there might be deliberate imbalances between the opposing sides. A great example of this is the game called "Maharaja and Sepoys," in which a lone king--which moves like both a queen and a knight--faces off against a standard chess army. While a fun game in itself, it isn't really chess as we know it.
Fischer Random Chess, on the other hand, plays almost identically to regular chess. What makes it different is the deliberate obsoletion of the vast body of opening theory. By creating a semi-randomized back rank with exactly 960 legal starting positions, Bobby Fischer created a chess variant that requires skill in traditional chess strategy and tactics, but that doesn't require extensive memorization of standard openings to create exciting and novel games.
At present, standard chess has roughly 500 recognized openings, many with numerous variations on each theme. This equates to thousands of possible openings based on the single standard setup. By creating alternative starting positions, not only is encyclopedic knowledge of openings next to impossible (at least for human players), it also requires that the opening itself be re-evaluated each time one plays, rather than making the opening something to be gotten through as quickly as possible to get to the middle-game, where skill is more important than memorization.
While it's conceivable that eventually a new body of opening theory will be developed that reduces the opening to a manageable number of predefined themes and memorized moves, this is unlikely to happen anytime soon. Until then, Fischer's new system brings strategy and tactics back to the forefront of chess.
It's too early to tell if Fischer Random Chess will ever displace modern chess in common play, but its popularity is certainly growing. Personally, I think it's a superior system; try it yourself, and see if you don't agree.
However, I've recently become interested in chess again. My resurgent interest is primarily due to the growing acceptance of Fischer Random Chess. In particular, FICS (the Free Internet Chess Server) supports Fischer Random Chess, as do most of its popular graphical interfaces, including: FICS even provides ratings for Fischer Random players, although this rating may also includes standings for certain other randomized variants as well.
There are tremendous numbers of other chess variants. So, why am I particularly intrigued by this one?
Many chess variants are not, strictly speaking, chess. Pieces may move differently, or there might be deliberate imbalances between the opposing sides. A great example of this is the game called "Maharaja and Sepoys," in which a lone king--which moves like both a queen and a knight--faces off against a standard chess army. While a fun game in itself, it isn't really chess as we know it.
Fischer Random Chess, on the other hand, plays almost identically to regular chess. What makes it different is the deliberate obsoletion of the vast body of opening theory. By creating a semi-randomized back rank with exactly 960 legal starting positions, Bobby Fischer created a chess variant that requires skill in traditional chess strategy and tactics, but that doesn't require extensive memorization of standard openings to create exciting and novel games.
At present, standard chess has roughly 500 recognized openings, many with numerous variations on each theme. This equates to thousands of possible openings based on the single standard setup. By creating alternative starting positions, not only is encyclopedic knowledge of openings next to impossible (at least for human players), it also requires that the opening itself be re-evaluated each time one plays, rather than making the opening something to be gotten through as quickly as possible to get to the middle-game, where skill is more important than memorization.
While it's conceivable that eventually a new body of opening theory will be developed that reduces the opening to a manageable number of predefined themes and memorized moves, this is unlikely to happen anytime soon. Until then, Fischer's new system brings strategy and tactics back to the forefront of chess.
It's too early to tell if Fischer Random Chess will ever displace modern chess in common play, but its popularity is certainly growing. Personally, I think it's a superior system; try it yourself, and see if you don't agree.
Fri Sep 24 00:00:00 PDT 2004
SanDisk's MP3 Player
It seems like everyone has an MP3
player these days. You've seen them: the tiny little devices
smaller than a wallet which people have clipped to their belts,
strapped to their wrists, or tucked into a shirt pocket. Well,
after a few years of tech envy, I've joined that illustrious
crowd.
Of course, no tech gadget purchase can be free of angst. I spent weeks trying to find just the right combination of features at a price point I could justify to myself before settling on the SanDisk Cruzer Micro MP3 Companion.
Originally, I had several criteria for my player:
I insisted on the absence of DRM, partly as a matter of policy, and partly for practical reasons. Policy-wise, I firmly believe that DRM is anti-consumer, and unreasonably limits rights over products I've legitimately purchased. Practically speaking, even if I were willing to accept DRM, the DRM corporate drones don't even have Linux on the radar, so I wouldn't be able to use DRM-encumbered devices with my systems anyway.
As a result, the ability of the player to work as a mass-storage device under Linux is critical to me. It avoids the necessity of installing weird drivers, proprietary software, or third-party applications (whether open-source or not).
The required support for MP3 should be pretty self-explanatory, since it's the reigning standard for compressed audio files. However, it *is* patent-encumbered, so I'd prefer to use Ogg Vorbis whenever possible, but decided early on that this was a feature I could live without if it became too limiting in my search.
So, with these goals in mind, I started shopping. This turned out to be somewhat akin to kissing a lot of frogs without finding a prince(ess).
Firstly, the vast majority of current players had to be discarded because they simply don't work with Linux. One of the most interesting players I found was from iRiver; it even included Ogg Vorbis support! However, the iRiver units require the use of Windows-only software to load files onto the device, and have some weird DRM limitations that appear to make it impossible to save songs back to your computer in the event that you lose the original files. So, add one more frog to the list.
Several players used Sony's proprietary Memory Stick format. While this makes them expandable, Memory Stick is more expensive than normal flash drives, and isn't a universal PC standard or well-supported under Linux.
Then, as I was wandering around Fry's Electronics one day, I ran across the SanDisk player. It's got a great form-factor, and uses USB keydrives for storage. Because it's just a flash-based mass-storage device, it can be used with *any* modern operating system without any special software. It just shows up as a removable hard drive. All you need to do to load it up is to take the USB keydrive, plug it into your USB port, drag a few files over, and plug the key back into the player. No fuss, no muss.
The device does, however, have two drawbacks. Firstly, it doesn't support Ogg Vorbis. This is a minor matter, unless you are a patent purist, and is an acceptable trade-off for me. Secondly, and perhaps more importantly, the form-factor of the keydrive slot is intended only for use with the SanDisk Micro USB keydrives, which cost a little more than standard-sized units. This seems a reasonable trade-off for the open standards the unit provides, especially since reliance on a form-factor (as opposed to a proprietary connector or media type) can't really be considered exclusionary. It is worth noting that there is nothing but the size of the slot preventing you from using any other USB memory stick you like, so I don't consider this a firm lock-in in the same way that a device based on the Sony Memory Stick would be.
Overall, I've been very happy with my new MP3 player. If you use Linux, or want to support manufacturers who make devices unencumbered by DRM, I'd definitely give the SanDisk MP3 Companion a look.
Of course, no tech gadget purchase can be free of angst. I spent weeks trying to find just the right combination of features at a price point I could justify to myself before settling on the SanDisk Cruzer Micro MP3 Companion.
Originally, I had several criteria for my player:
- Flash-based
- Expandable
- DRM-free
- Works as a mass-storage device under Linux
- Supports MP3 format
- Supports Ogg Vorbis format
I insisted on the absence of DRM, partly as a matter of policy, and partly for practical reasons. Policy-wise, I firmly believe that DRM is anti-consumer, and unreasonably limits rights over products I've legitimately purchased. Practically speaking, even if I were willing to accept DRM, the DRM corporate drones don't even have Linux on the radar, so I wouldn't be able to use DRM-encumbered devices with my systems anyway.
As a result, the ability of the player to work as a mass-storage device under Linux is critical to me. It avoids the necessity of installing weird drivers, proprietary software, or third-party applications (whether open-source or not).
The required support for MP3 should be pretty self-explanatory, since it's the reigning standard for compressed audio files. However, it *is* patent-encumbered, so I'd prefer to use Ogg Vorbis whenever possible, but decided early on that this was a feature I could live without if it became too limiting in my search.
So, with these goals in mind, I started shopping. This turned out to be somewhat akin to kissing a lot of frogs without finding a prince(ess).
Firstly, the vast majority of current players had to be discarded because they simply don't work with Linux. One of the most interesting players I found was from iRiver; it even included Ogg Vorbis support! However, the iRiver units require the use of Windows-only software to load files onto the device, and have some weird DRM limitations that appear to make it impossible to save songs back to your computer in the event that you lose the original files. So, add one more frog to the list.
Several players used Sony's proprietary Memory Stick format. While this makes them expandable, Memory Stick is more expensive than normal flash drives, and isn't a universal PC standard or well-supported under Linux.
Then, as I was wandering around Fry's Electronics one day, I ran across the SanDisk player. It's got a great form-factor, and uses USB keydrives for storage. Because it's just a flash-based mass-storage device, it can be used with *any* modern operating system without any special software. It just shows up as a removable hard drive. All you need to do to load it up is to take the USB keydrive, plug it into your USB port, drag a few files over, and plug the key back into the player. No fuss, no muss.
The device does, however, have two drawbacks. Firstly, it doesn't support Ogg Vorbis. This is a minor matter, unless you are a patent purist, and is an acceptable trade-off for me. Secondly, and perhaps more importantly, the form-factor of the keydrive slot is intended only for use with the SanDisk Micro USB keydrives, which cost a little more than standard-sized units. This seems a reasonable trade-off for the open standards the unit provides, especially since reliance on a form-factor (as opposed to a proprietary connector or media type) can't really be considered exclusionary. It is worth noting that there is nothing but the size of the slot preventing you from using any other USB memory stick you like, so I don't consider this a firm lock-in in the same way that a device based on the Sony Memory Stick would be.
Overall, I've been very happy with my new MP3 player. If you use Linux, or want to support manufacturers who make devices unencumbered by DRM, I'd definitely give the SanDisk MP3 Companion a look.
Tue Sep 21 00:00:00 PDT 2004
Knoppix Lightens the Load
Okay, so it's been another long while
since my last blog entry. However, I have been far from idle in the
interim. For me, part of keeping busy is traveling for work, and
that's how Knoppix has
entered the picture.
If you're a consultant, you know how often one shows up at a client location, only to find that they're not ready for you: no cube, no workstation, no building access. Years ago, I decided to avoid at least some of these issues by bringing my own laptop. This saved me a lot of headaches over the years, as well as helping clients avoid paying for time spent unproductively waiting for facilities or human resources to fill out all the right requisition forms, or for I.T. to provide connectivity.
My laptop is, relatively speaking, a pleasure to travel with. It weighs in at under four pounds, even with the assorted accessories I drag around with it. But even so, traveling back and forth with any laptop can get old--especially in the climate of unconstructive but time-consuming "security" checks in post-9/11 airports. If you're flying weekly, just having one more bag to carry, regardless of how light it is, can be a huge inconvenience.
Not only is it inconvenient, but on my current project, Knoppix and some bizarre company policies have made it unnecessary. Let's look at the policies first.
My current client, like many large enterprise customers today, refuse to let contractors plug their own laptops into the corporate network--even when a security expert's hardened, non-Windows laptop would be a safer choice than the unstable laptops that untrained users have repeatedly had infected by malware. While I appreciate the fact that someone, somewhere, within the organization has decided that security is important, this is another example of a security policy which attempts to solve the wrong problem.
So, on the first day of the project, I showed up ready to work but was told I'd need to wait until the end of the week to receive a company-issued laptop. This laptop, of course, ran such wonderfully-vulnerable applications as Word, Internet Explorer, and Outlook. Related absurdities at this company required that all network logins be sent in cleartext across insecure public network connections, therefore ensuring that an operating system that is usually compromised within 20 minutes of Internet exposure now had the life expectancy of a mayfly with advanced progeria.
This policy made my personal laptop redundant. I suddenly had two laptops to keep track of on this project, and to shepherd through airport insecurity: my trusted, secure laptop, with which I can securely connect to various remote servers; and another which is just as capable from a hardware perspective, but completely untrustworthy as a conduit for passwords or security tokens. I wanted to be able to leave my personally-owned (and unwelcome) laptop at home, but still be able to use a trusted computer to connect to the applications and systems which I need to do my job. How could I turn the untrusted corporate laptop into a trustworthy communications conduit?
First, let's define the problem a little more clearly. All security eventually rests on a set of assumptions, so let's take a closer look at mine:
For those who aren't familiar with it, Knoppix is a Linux distribution that is best-known for its exceptional auto-configuration routines, and is able to run completely off of a 700-MB CD-ROM. By cold-booting Linux from write-only media, I can be sure that a compromised Windows host computer cannot tamper with the applications or operating system.
In addition, Knoppix has the ability to create an encrypted, persistent home directory. By storing my SSH private keys on a USB keydrive encrypted with AES-256, I can ensure that my private keys remain private. Even if the laptop contained a hardware key-logger, an attacker would have to capture all of my passwords and the private keys stored on the removable drive before my remote systems could be compromised.
While one might construct a scenario under which these precautions could be bypassed, it seems to me that this system provides sufficient safeguards for the average paranoiac. By my lights, it provides three layers of encryption, two-factor authentication, and requires enough knowledge to put together all the related elements that even possession of the laptop, boot disk, and USB keydrive are insufficient for compromise by hotel housekeepers who aren't also NSA operatives. :)
So, while I'm engaged on this project, I no longer have to bring two laptops back and forth with me. In fact, I don't even have to carry one. Instead, I simply keep my USB keydrive with me, and will double this prodigious burden at the end of the project by taking the Knoppix CD-ROM with me as well.
How much lighter can it get?
If you're a consultant, you know how often one shows up at a client location, only to find that they're not ready for you: no cube, no workstation, no building access. Years ago, I decided to avoid at least some of these issues by bringing my own laptop. This saved me a lot of headaches over the years, as well as helping clients avoid paying for time spent unproductively waiting for facilities or human resources to fill out all the right requisition forms, or for I.T. to provide connectivity.
My laptop is, relatively speaking, a pleasure to travel with. It weighs in at under four pounds, even with the assorted accessories I drag around with it. But even so, traveling back and forth with any laptop can get old--especially in the climate of unconstructive but time-consuming "security" checks in post-9/11 airports. If you're flying weekly, just having one more bag to carry, regardless of how light it is, can be a huge inconvenience.
Not only is it inconvenient, but on my current project, Knoppix and some bizarre company policies have made it unnecessary. Let's look at the policies first.
My current client, like many large enterprise customers today, refuse to let contractors plug their own laptops into the corporate network--even when a security expert's hardened, non-Windows laptop would be a safer choice than the unstable laptops that untrained users have repeatedly had infected by malware. While I appreciate the fact that someone, somewhere, within the organization has decided that security is important, this is another example of a security policy which attempts to solve the wrong problem.
So, on the first day of the project, I showed up ready to work but was told I'd need to wait until the end of the week to receive a company-issued laptop. This laptop, of course, ran such wonderfully-vulnerable applications as Word, Internet Explorer, and Outlook. Related absurdities at this company required that all network logins be sent in cleartext across insecure public network connections, therefore ensuring that an operating system that is usually compromised within 20 minutes of Internet exposure now had the life expectancy of a mayfly with advanced progeria.
This policy made my personal laptop redundant. I suddenly had two laptops to keep track of on this project, and to shepherd through airport insecurity: my trusted, secure laptop, with which I can securely connect to various remote servers; and another which is just as capable from a hardware perspective, but completely untrustworthy as a conduit for passwords or security tokens. I wanted to be able to leave my personally-owned (and unwelcome) laptop at home, but still be able to use a trusted computer to connect to the applications and systems which I need to do my job. How could I turn the untrusted corporate laptop into a trustworthy communications conduit?
First, let's define the problem a little more clearly. All security eventually rests on a set of assumptions, so let's take a closer look at mine:
- Linux is inherently more secure than Windows.
- SSH keys are more secure than using passwords.
- Private keys must be kept private to remain secure.
- Key-logging is the most effective way to bypass any cryptographic safeguard.
- Hardware-based key-logging of a laptop is possible but unlikely.
- Data or applications on writable media can be compromised.
For those who aren't familiar with it, Knoppix is a Linux distribution that is best-known for its exceptional auto-configuration routines, and is able to run completely off of a 700-MB CD-ROM. By cold-booting Linux from write-only media, I can be sure that a compromised Windows host computer cannot tamper with the applications or operating system.
In addition, Knoppix has the ability to create an encrypted, persistent home directory. By storing my SSH private keys on a USB keydrive encrypted with AES-256, I can ensure that my private keys remain private. Even if the laptop contained a hardware key-logger, an attacker would have to capture all of my passwords and the private keys stored on the removable drive before my remote systems could be compromised.
While one might construct a scenario under which these precautions could be bypassed, it seems to me that this system provides sufficient safeguards for the average paranoiac. By my lights, it provides three layers of encryption, two-factor authentication, and requires enough knowledge to put together all the related elements that even possession of the laptop, boot disk, and USB keydrive are insufficient for compromise by hotel housekeepers who aren't also NSA operatives. :)
So, while I'm engaged on this project, I no longer have to bring two laptops back and forth with me. In fact, I don't even have to carry one. Instead, I simply keep my USB keydrive with me, and will double this prodigious burden at the end of the project by taking the Knoppix CD-ROM with me as well.
How much lighter can it get?