"Hacker Nadim Kobeissi is showing off a prototype tool, miniLock, at a hacker conference this weekend. The tool is a free, open-source browser plug-in that will let users easily encrypt just about anything."

gazaDeaths.com f

I made a website that gathers information from the Gaza Health Ministry to display statistics and names regarding Palestinian deaths in the current July 2014 palestinian conflict.

Upcoming Cryptography Work

Fast Company has published an interview with me that covers recent advancements with Cryptocat, my design rationale for a lot of Cryptocat work, and also the current Cryptocat Kickstarter that’s trying to raise $45,000 for the project.

I’m also traveling to New York City this weekend to attend HOPE X, where I plan to present my next encryption software project, miniLock. WIRED published a preview of miniLock last week.

miniLock will make use of some interesting and original file encryption and file sharing techniques using elliptic curve cryptography. I’ll post the slides for my talk right after it’s given on Saturday, and will also be releasing miniLock with a full, peer-reviewed design specification, unit test kit, third-party cryptographic audit, API, reference implementation and more.

Here’s a good excerpt from the Fast Company interview:

Why the focus on the general public?

Cryptography is my main research interest and I’ve always had the opinion that you have to focus on practical, applied cryptography. I see a lot of research being done on really theoretical cryptography. But I don’t like that approach because it’s a very Ivory Tower, academic approach. I really want to focus on the kind of cryptography that has practical benefits to regular individuals in the world. Everything I’ve done related to cryptography has I think embodied the belief that if you want to do cryptography research it’s much more valuable to do stuff that’s related to practical or applied cryptography.

Why is it important for you that Cryptocat is free and open source software?

First this is an argument that I believe in at the engineering and programming level. I think that encryption software can’t afford to not be open source. I think that in order to evaluate the research and security of any cryptographic software, you need to adhere to , which has been a staple for cryptography for many decades. The principle is simply that you cannot obtain security via obscuring your practices. You have to obtain your security via assuming that the adversary already knows all aspects of the system and nevertheless the system is still secure.

So how does that principle play out with Cryptocat?

The way I enforce this is not only by making Cryptocat open source software, but by making it free software under a permissive license. We document the software and the cryptographic specification and we open up our development process. We hire auditors to do biannual audits and release those audits for the public to examine. It’s a very transparent approach to doing cryptography research. Unfortunately it’s resulted in the misconception that Cryptocat is more broken than other tools because we keep talking about how many different bugs we find and fix. But the real reason for that is because no other software has this level of transparency.

It’s been almost a year since I’ve seen “Somewhere”, a short film produced by Nicolas Ménard and Rich Vreeland. It remains quite possibly my favourite short film of all time. I’m posting it here on my blog for visitors to check it out.

The usage of geometry and the spacing of shapes is masterful. It makes scenes from beautiful geometric combinations, and manages to wrap it all in an emotionally gripping context.

VHS Head - Body Magic
from Persistence of Vision
887 plays

VHS Head’s Persistence of Vision comes out today on SKAM records. I’ve listened to his entire discography and I can attest that Adrian Blacow pulls out many more stops in this iteration than in his previous ones. He continues to define his aesthetic, stemming from a mix of Boards of Canada style surrealism and the soul of 90s VHS culture. There’s also an accentuated theme of “retro horror” to this release, which VHS Head plays well throughout the album.

Persistence of Vision seems stuck in limbo between danceable beats and IDM-style synths, and the result is surprisingly great. The album was delayed in production, and it shows: a full listen of this 15-track album flows seamlessly from track to track — VHS Head manages to paint his aesthetic cleanly throughout.

A criticism I have of the album is that some of the tracks lean back too comfortably on the Vaporwave scene that engulfed electronic music in 2012 and 2013, thereby allowing these tracks to meander through without contributing meaningfully in terms of melody or sound. Thankfully, such occurrences are rare.

I’ve chosen to post the track Body Magic since I feel it adequately showcases some variety present in this overall excellent album. But don’t let it fool you — the whole album reaches out and covers far more ground. If you’re an electronic music snob, Persistence of Vision is almost certainly going to mindfully contribute to your perspective.

I got my copy from iTunes.

6electronic music,

My Response to DMCA Protection Offers

As the developer of Bluenote, I sometimes get emails from agencies offering to “remove” the “thousands of pirated copies” of Bluenote off the Internet, in a “fast, effective and affordable fashion”, using the DMCA.

This “removal” is discussed matter-of-factly, but in the context of their email, I feel like I’m being contacted by a hit man offering to “take care” of someone who’s been causing me problems. To add to the climate of fear, they usually include links to Google searches revealing pirated copies of Bluenote. Gasp!

I’ve never replied to these emails, but the latest from “DMCA Force” annoyed me, and I wrote the following response:

Dear Jason,

Bluenote is especially made in order to be DRM-free, thereby making it not difficult to pirate.

I think that your work, in which you are effectively attempting to profit off Internet censorship enacted by the fears you attempt to instill in content creators, contributes to a less free Internet.

I also think that you should find a job that actually contributes to mankind’s greatest free flow of information instead of stymying it via the force of this kind of mediocre message. I think the fact that you effectively profit off Internet censorship is shameful.

Regards, NK

If you can’t afford Bluenote, by all means pirate it. If you feel like I deserve the money, then it would be nice if you paid the five bucks. But I would much rather see myself losing money than have someone play my fears in order to use a misguided law to further censor the free flow of information on the Internet.

Oneohtrix Point Never - Format & Journey North
from Rifts
947 plays

Format & Journey North is a really underrated electronic music track by Oneohtrix Point Never. I say underrated because it’s barely available on YouTube and no one seems to have heard of it, even though it’s an exceptionally expressive and creative ten-minute piece that’s been out there for years.

The track is split into two parts. The first part is calm and reflective (even including a rainforest background). But as the track reaches its halfway point, it transitions into an intense melody with countless overlapping samples that manage to still produce a coherently powerful message.

This is one of my favourite electronic music tracks of all time. As usual, listening only with good headphones or a solid speaker system is recommended.

6electronic music, oneohtrix point never,

Hitler’s Soft Side

Reading accounts of Hitler’s behaviour at his Berghof mountain house is fascinating and distressing in equal measure. Here are some quotes from a recent Washington Post interview with one of Hitler’s twenty two maids at his mountain retreat (the last surviving one):

"Late at night, Hitler liked to steal away to the kitchen for a bite of “Fuhrer cake,” a specially prepared sheet cake with apples, nuts and raisins that the kitchen was expected to always have on hand."

Another interview from 2008 with one of Hitler’s former maids yields the following information:

Recalling her first direct request from [Hitler], she said she was drying some porcelain cups when he came down the stairs. ‘Hello,’ he said softly. ‘Sorry to trouble you, but could you make me some coffee and bring some gingerbread biscuits to my study?’

These tidbits are distressing to me because I’ve always imagined that these small things, things like sneaking into the kitchen late at night for some of your favourite, special cake, or softly asking someone for a gingerbread biscuit to eat while you work in your study — were the things that unquestioningly granted you some allowance of honesty and humanity. No matter how small these acts are, they reflect a facet that I’ve always prioritized when evaluating people. But here they are, reflected in modern history’s worst human being.

It’s easy to imagine that Hitler snuck down for some Fuhrer Cake and then went back upstairs to lock himself in his study and draft an order for another shipment of Zyklon B.

I’ve been recently playing Sonic 3 and Knuckles on my GCW Zero and I just finished the entire game (with all fourteen emeralds!) It is really a masterpiece of retro gaming.

I have a lot of love for this game — if the screenshots above intrigue you, you should definitely grab an emulator (or better yet, a GCW Zero) and give it a play through. The graphics, style and gameplay are timeless and artful. To top it off, much of the wonderful soundtrack was composed by Michael Jackson!

Play it, if only for the final boss fight, which involves a giant fire-breathing robot that shoots a beam of pure energy out of a giant emerald embedded in its stomach, in space. Such a work of art shouldn’t be forgotten as a mere retro video game, but memorialized as an element of culture.
ZoomInfo
I’ve been recently playing Sonic 3 and Knuckles on my GCW Zero and I just finished the entire game (with all fourteen emeralds!) It is really a masterpiece of retro gaming.

I have a lot of love for this game — if the screenshots above intrigue you, you should definitely grab an emulator (or better yet, a GCW Zero) and give it a play through. The graphics, style and gameplay are timeless and artful. To top it off, much of the wonderful soundtrack was composed by Michael Jackson!

Play it, if only for the final boss fight, which involves a giant fire-breathing robot that shoots a beam of pure energy out of a giant emerald embedded in its stomach, in space. Such a work of art shouldn’t be forgotten as a mere retro video game, but memorialized as an element of culture.
ZoomInfo
I’ve been recently playing Sonic 3 and Knuckles on my GCW Zero and I just finished the entire game (with all fourteen emeralds!) It is really a masterpiece of retro gaming.

I have a lot of love for this game — if the screenshots above intrigue you, you should definitely grab an emulator (or better yet, a GCW Zero) and give it a play through. The graphics, style and gameplay are timeless and artful. To top it off, much of the wonderful soundtrack was composed by Michael Jackson!

Play it, if only for the final boss fight, which involves a giant fire-breathing robot that shoots a beam of pure energy out of a giant emerald embedded in its stomach, in space. Such a work of art shouldn’t be forgotten as a mere retro video game, but memorialized as an element of culture.
ZoomInfo
I’ve been recently playing Sonic 3 and Knuckles on my GCW Zero and I just finished the entire game (with all fourteen emeralds!) It is really a masterpiece of retro gaming.

I have a lot of love for this game — if the screenshots above intrigue you, you should definitely grab an emulator (or better yet, a GCW Zero) and give it a play through. The graphics, style and gameplay are timeless and artful. To top it off, much of the wonderful soundtrack was composed by Michael Jackson!

Play it, if only for the final boss fight, which involves a giant fire-breathing robot that shoots a beam of pure energy out of a giant emerald embedded in its stomach, in space. Such a work of art shouldn’t be forgotten as a mere retro video game, but memorialized as an element of culture.
ZoomInfo
I’ve been recently playing Sonic 3 and Knuckles on my GCW Zero and I just finished the entire game (with all fourteen emeralds!) It is really a masterpiece of retro gaming.

I have a lot of love for this game — if the screenshots above intrigue you, you should definitely grab an emulator (or better yet, a GCW Zero) and give it a play through. The graphics, style and gameplay are timeless and artful. To top it off, much of the wonderful soundtrack was composed by Michael Jackson!

Play it, if only for the final boss fight, which involves a giant fire-breathing robot that shoots a beam of pure energy out of a giant emerald embedded in its stomach, in space. Such a work of art shouldn’t be forgotten as a mere retro video game, but memorialized as an element of culture.
ZoomInfo

I’ve been recently playing Sonic 3 and Knuckles on my GCW Zero and I just finished the entire game (with all fourteen emeralds!) It is really a masterpiece of retro gaming.

I have a lot of love for this game — if the screenshots above intrigue you, you should definitely grab an emulator (or better yet, a GCW Zero) and give it a play through. The graphics, style and gameplay are timeless and artful. To top it off, much of the wonderful soundtrack was composed by Michael Jackson!

Play it, if only for the final boss fight, which involves a giant fire-breathing robot that shoots a beam of pure energy out of a giant emerald embedded in its stomach, in space. Such a work of art shouldn’t be forgotten as a mere retro video game, but memorialized as an element of culture.

How do we know when decryption is successful?

I recently answered a nice question on StackExchange’s cryptography forum:

Judging by the algorithm on the Blowfish Wikipedia article, there is no way for the process to fail with an error. How then does GnuPG know when to tell you your password is correct when decrypting a file, rather than proceeding to decrypt meaningless data?

An important property of a ciphertext is that it has to be indistinguishable from truly random data. This allows the encryption cipher to produce ciphertext that reveals no information about the plaintext (other than size) or the encryption key. In fact, this property even allows encryption algorithms to act as pseudorandom byte generators by simply making them generate a stream of random ciphertext.

In the case of stream ciphers, decryption is the result of XORing each ciphertext byte with its corresponding keystream byte in sequence. If the keystream byte corresponding to the ciphertext byte is correct, the result of the XOR will yield the original plaintext byte. Since ciphertext cannot be made to provide any information regarding the plaintext, it follows that it also cannot be made to reveal whether the XOR of a certain keystream byte yielded a correct plaintext for the byte or not. Otherwise, the cipher would be clearly broken and allow us to basically query it for information regarding the plaintext.

A similar principle applies to block ciphers such as Blowfish, except those ciphers operate on entire blocks of bytes instead of individual bytes, and also employ other operations such as substitution in tandem with XORs, organized in structures such as Feistel networks.

Therefore, when it’s important to be able to inform the user whether a decryption operation has succeeded in yielding the expected data, cryptography engineers use Message Authentication Codes. Hash-based MACs allow a candidate plaintext to be compared against an authenticated hash value. If the check passes, then we know that it is the correct plaintext and are then able to notify the user that the decryption function was successful as intended.

Generally, if you want to verify the integrity of encrypted data as it goes through the wire to reach someone, you would generate a MAC for the ciphertext. But if you also want to verify that the decrypted plaintext is correct (as seems to be your case here,) then you would generate another MAC for the plaintext and send it along with the ciphertext.

While hash-based MACs are probably the preferred way to do this, they aren’t the only way to verify successful decryption. For example, TrueCrypt will check the first four bytes of the volume header in order to see if decryption is successful. This approach is likely to be more error-prone than HMACs in most applications, however.

Finally, there are block cipher modes of operation (such as Galois Counter Mode) that grant block ciphers such as Blowfish or AES the ability to self-authenticate. This pretty much allows a ciphertext to verify its own integrity without the need for an external check. Depending on what you’re trying to accomplish, you may want to investigate both HMACs and Galois Counter Mode and decide which offers the verification properties you’re looking for.

Daniel Rehn is a great guy who takes the time to salvage beautiful art from the computer age. Today he introduced me to these gems, all book covers or magazine art from two or three decades ago.
ZoomInfo
Daniel Rehn is a great guy who takes the time to salvage beautiful art from the computer age. Today he introduced me to these gems, all book covers or magazine art from two or three decades ago.
ZoomInfo
Daniel Rehn is a great guy who takes the time to salvage beautiful art from the computer age. Today he introduced me to these gems, all book covers or magazine art from two or three decades ago.
ZoomInfo
Daniel Rehn is a great guy who takes the time to salvage beautiful art from the computer age. Today he introduced me to these gems, all book covers or magazine art from two or three decades ago.
ZoomInfo
Daniel Rehn is a great guy who takes the time to salvage beautiful art from the computer age. Today he introduced me to these gems, all book covers or magazine art from two or three decades ago.
ZoomInfo
Daniel Rehn is a great guy who takes the time to salvage beautiful art from the computer age. Today he introduced me to these gems, all book covers or magazine art from two or three decades ago.
ZoomInfo
Daniel Rehn is a great guy who takes the time to salvage beautiful art from the computer age. Today he introduced me to these gems, all book covers or magazine art from two or three decades ago.
ZoomInfo
Daniel Rehn is a great guy who takes the time to salvage beautiful art from the computer age. Today he introduced me to these gems, all book covers or magazine art from two or three decades ago.
ZoomInfo

Daniel Rehn is a great guy who takes the time to salvage beautiful art from the computer age. Today he introduced me to these gems, all book covers or magazine art from two or three decades ago.

6computer age,

"When a technology is closed-source, it cannot be openly and transparently maintained or evaluated for flaws by the worldwide community of engineers that keep the Internet functioning,” Kobeissi says. “Heartbleed may have never been openly disclosed if it weren’t for the open-source process."
Chris Zabriskie - Unfoldment, Revealment, Evolution, Exposition, Integration, Arson
from Reappear
1,087 plays

This is a great classical piece by Chris Zabriskie, composed with analog synthesizers. I feel it really showcases electronic music’s ability to be a patient, subtle medium that conveys a powerful message.

6electronic music,

The GCW Zero is an outrageously good open source gaming handheld. It runs a great Linux build on top of a 1GHz CPU, 512MB RAM and excellent hardware controls. It started off as a Kickstarter project and is one of the few that really delivered. On top of running emulators at awesome speeds and reliability, there’s a community developing native open source games for it, as well as applications.

I’ve been able to emulate a ton of retro games (here’s what’s on my microSD card) at amazing speeds and reliability. The quality of the gameplay on this device is simply beautiful. I’ve carried it with me all day for the past two weeks.

The engineers behind it made some very wise decisions: by going with a 320x240 screen, they emulate the pixel precision of retro gaming. The UI/UX uniformity of the underlying OS accentuates the excellence of the emulators, and the battery life is stellar. The screen is super bright and the little thing even has HDMI output.

You should buy one.

CNNCTFR f

CNNCTFR is a JavaScript Connect Four AI I’ve been working on as a simple project in my spare time. It’s an exceedingly simple project, but is somewhat notable due to:

  1. Its aesthetic,
  2. The fact that the AI has a personality and speaks with pure JavaScript speech synthesis,
  3. It’s pretty good at winning.

I haven’t formally posted it anywhere before (except on Twitter a while back.) Give it a go.

-