Sunday, July 22, 2007

Thriller

Now for some relaxing youtube videos.
First the classic Thriller video by Michael Jackson.
Then the same thing recreated by 1500 inmates.
And for the final the Indian version.

Now there is more than inmates can do:
First the algorithm match (with subtitles and Ninjas).
Then recreated by nearly a thousand inmates.

As for some light scientific reading I can recommend "A history of slot machines"

Labels:

Saturday, July 21, 2007

See Metallica using only 9 charracters

This is the last Metallica post for now, with a look at what it took to gain entry to the concert.

The picture shows one of the 3 tickets used to gain entrance to the concert, the tickets where e-mailed to me as a pdf-file. One ticket was used by me, one used by Gabi and one was sold in the Friday bar. There is lots of information on the ticket, but the important information was section B, entrance 8 and the bar code. Section A was the few in front, and section B was for the rest of us. Entrance 8 was probably a way to divide up people into groups, so not everyone would use the first entrance.

The only thing they were interested in at the entrance was the bar code. They scanned it with a hand held bar code scanner, the device showed a green light, and I was allowed through to the concert area. So 9 characters of information was all that was needed to gain entrance (in this case "+7MA$7$-V"). The other 2 tickets contained only alphanumerical characters in the bar code, so that gives a message space of at least 39^9 ≈ 47 bits. If we assume 50 000 tickets then roughly 1 out of (2^32) 9 digit codes is a valid entrance value. This 9 character code is probably a hash of some kind, and if it is constructed in a good way it is as good as unbreakable.

On the other hand, as I was a reseller of one ticket, I had ample opportunities to cheat. E.g. Sold the ticket more than once (they have some kind of back end system which allows the bar code to be used only once). The first one would go through easy, but the others would be rejected. I could have modified the hash value to some other value and sold it to some unsuspecting fool as a valid ticket, and so on. Now I am only an honest but curious attacker so no harm was done, but if any of you reading this can come up with attacks on the ticket system then please post a comment.

One more thing to add, a boy got a metal replica of a gun through airport security(link in Norwegian).

Labels:

Thursday, July 19, 2007

Great Metallica concert

Following up on the last post, the Metallica concert was great. I had waited for 20 years to see them live and it was great seeing them. I especially liked the fact that at the end of the concert the drummer spoke Danish. I have known that he was Danish for a long time, but never hear him speak. I have added some links to videos from the concert further down in the post.

I will follow up this post with a look at big concerts and security. 50 000 people had paid about 640 Danish kroner to see the concert. That means that the band gets 30 million for playing for 3 hours (if they only have 1/4 of it after expenses are paid they that is still a good hourly wage). On the other hand there is a lot that must function on time and without problem otherwise you have 50 000 angry people and a security nightmare. Therefore the security must be tight, but not uncomfortably tight. When looking at security we must think of potential threats, for inspiration on potential attacks look at Schneier and his movie plot contests.

In that respect we can start too look at their attempt at restricting sound recording equipment and photography. Some years ago it was prohibited with all forms of cameras and sound equipment. This is still not allowed, but they are starting to cave inn to mobile phones. They now said that mobile phones where allowed, but added "please do not use the camera function". I can tell you that this was totally ignored. At any time during the concert I could look around me and with a high probability see at least one camera phone up in the air. Most people looked like they used the video function to capture some moments of the concert, and after the concert I saw a good deal of compact cameras, probably smuggled in before the concert. So there their attempt at stopping sound recording and photography are totally not working. They should try to relax their requirements and wake up to the digital environment, but this is like the large music companies which are still working in ignore mode. To organizers of large concerts: Let me tell you once and for all, your attempts at blocking the future are not working (all links to youtube videos, for more search for Metallica and Århus).

On the other hand I would say from personal experience that a ban on cameras are probably useful in the sense that it is very annoying to see a concert where people take pictures with flash all the time, and if you allow cameras most people will forget to turn the flash off.

Labels:

Friday, July 13, 2007

Girls are evil and selling a Metallica ticket

I was going to call this post: "Never trust anyone", but after talking over lunch it got the current title. Todays news story (in Norwegian) is a man that once had a girlfriend and they where living together and where engaged. The girl wins 9,6 million Norwegian kroner and moves out a few days later. He sues her but gets nothing and now has to pay 62500 Norwegian kroner in lawyer fees.

Now lets look a bit more closely. The lottery ticket did not have a name attached to it, and the girl was talking to the lottery company so she got it transfered to her account. He goes to court and does not ask for half, but for all of it. They did not have any written agreement between them while living together. So it was word against word in court. The lawyer fees where incurred not the first time he lost, because when he appealed the verdict and lost again, then it was just frivolous litigation and he rightly incurred the lawyer fees for both sides. So remember to have money in your hand or written agreements with people. Even your girl/boyfriend, never trust them they might cheat you.

Which brings me to my story I have a Metallica ticket that nobody wants. I had a verbal agreement, but that deal fell through so now I am desperately trying to sell a Metallica ticket for the concert tonight (or I will stand to loose DKK 660).

Labels:

Wednesday, July 11, 2007

Stupid Norwegians

Speaking as a Norwegian, there is maybe not a race dumber than Norwegians once the weather becomes warm and they get a couple of beers. This article tells about a prime example of the race called Norwegians and how dumb and lucky they get (article in Norwegian).

A 26 years old guy came to Roskilde, when it was over he walked 2-3 kilometers on the rail tracks and lay down. Gets run over by train and looses his legs, waits 45 min in the ditch gets seen by the next train and is alive today. More stupidity and luck is a rare find. On the same note we have this youtube video of dumb Norwegians in Italy. It is an advertising video, but it shows how Norwegians should refrain from staying anywhere where the temperature could be over 25. Luckily this seems not to be a problem in Denmark at the moment.

Updated 12/07: Just an additional note on stupid Norwegians, last year 3.290 of them had to be hospitalized because of they had had to much to drink (alcohol poisoning). Article is in Norwegian.

Thursday, July 05, 2007

Ideas change lives

In my (almost) random search through the internet, I have looked at many sites, but then I came across the TED conference as they say it "Inspired talks by the world's greatest thinkers and doers". For me that means expensive conference (I will never afford it) with famous speakers, where I will sleep through the doers part because they are more interested in money than ideas.

I might be right about it not being worth it for me to go there personally, but the site contains more. They have shot videos of the best talks and put them up for free on the internet. And I have just watch a few videos and they are mind blowing!!!

Labels:

Wednesday, July 04, 2007

Bush watch not stolen

Given new evidence I retract my statement that Bush watch was stolen. The evidence is another video shot by NBC from a different angle. I could find two different youtube videos to show this clip. Even Bruce Schneier has updated his blog concerning this case.

Norway also have their share of pickpockets as the Norwegian police chief found out the hard way. Maybe this guy knew something about it, he was arrested with 14 drivers licenses and 14 credit cards. He claims he was going to the police with the cards, when he was arrested, but I personally do not believe that guy. (Last two links in Norwegian.)

Labels:

Tuesday, July 03, 2007

Video of pickpockets

I always knew Italians gypsies where not to be trusted, this video of pickpockets from Milan proves my point. See how the pickpockets follow the unsuspecting tourist and remove valuables from their purses.

So when traveling abroad never keep your wallet or important travel documents in easy to reach places. Keep things in your front pocket or in a bag where it takes you 1 minute to get to them. Pickpockets can be in any country Spain, Albania, etc. also spring to my mind. For further reference of pickpockets here is the video of Bush loosing his watch in Albania.

Edited: After showing the video to Claudio (an Italian) I have to update this post. First he tried to say that it was first a fake, but looking at the tape we can see that it is probably authentic. Then he tried to say it was not Italian, but the Italian flag kind of gives it away. Then he said they where probably gypsies and not Italian so there he probably has a point. (But I still think the gypsies have Italian passports.)

Labels: