I will close 2006 with a summary of my game development course I taught at Tufts University earlier in the year. You may be wondering why I taught the course considering my background is primarily in computer security and privacy. As I wrote in the beginning of the year, students in my previous computer security, privacy, and politics course expressed interest in more technical content including programming. Moreover, the Tufts Experimental College asked students what courses they would like to see in the future, and many said a course on game development. What better way to expose students to computer programming and the different facets of Computer Science than game development.

I taught the class using Java. I had a little over twenty students in my class. A number of students had strong computer programming background, while others never did any programming before. I lectured on a number of standard game development topics including user interfaces, 2D graphics, game testing, texture mapping, animation, sound, and 3D graphics. Teaching the course in Java had its strengths and drawbacks. In short:

Strengths:

• Rich 2D graphics and UI widgets (e.g. Swing) all part of the standard development kit
• The “write once, run everywhere” paradigm worked well

Weaknesses:

• The bugs in Java 3D and Java sound
• Extremely deep library with obsolete and deprecated classes

Students and I didn’t observe any glaring performance issues in Java, contrary to popular belief. I also didn’t find the notion that Java “is too high-level” to be necessarily true, considering depth of the Java Sound API and support for input devices including joysticks.

The most important aspect of my course was creating games, and did that. I created five teams, each creating a different 2D game. Each team had technical and non-technical students. It would not be right if there was a team of all programmers and another team of students with no programming experience. I asked each team to submit a proposal for a game, and once approved, a design document for the game. For your pleasure, several of the games are available for download:

BattleBlocks - An arcade style game somewhere between breakout and space invaders. Available for download on SourceForge.net (JAR file).

Flauncy Space Cows - Presented by Maniacally Obese Penguins, a nifty Asteroids clone. Design document for the game is also available. Build and run the game from source.

Startrain Chronicles - Based on, and extensive modifications, to Professor Andrew Davison’s “JumpingJack” (a sidescroller), presented in his book Killer Game Programming in Java. Build and run the game from source.

The production of games was a major accomplishment in my class. The accomplishment was reflected on my course evaluations: students were pleased that they had the opportunity to implement a 2D game, and the skills that they learned (the design, programming, and teamwork skills) were valuable. Some students wished that there was more programming involved in the course, while others wished that there was less programming in the course. In addition, several students wished that there were more discussions on the gaming business and on game engines. I enjoyed teaching the course, but it was no walk-in-the-park. Is Java relevant for game development? I think it is a great language for implementing 2D games. Several students even told me to just focus on 2D games if I do teach this course again in Java. Students and I struggled with Java 3D. For 3D games and using game engines, I feel that C++ is by far more suitable.

I cannot thank and commend my students enough for their incredible work, and for a tremendous course. So I close 2006. Back to teaching computer security and privacy in 2007.

This week on the Perl 6 mailing lists

“Grrr, otta profefreed my onw righting occashionaly.”

– Larry Wall’s commit message for r13508–one typo correction of many

David A. Wheeler released yesterday an article entitled “Commercial” is not the opposite of Free-Libre / Open Source Software (FLOSS) (thanks to LWN for the pointer). As is typical of David’s writing, it’s full of insight and information about why these terms are not in opposition and why the confusion of the terms is dangerous.

On the Perl Foundation’s weblog, Jim Brandt asks what do you want from a TPF-sponsored hackathon? (This is useful information for other groups too; see Steve Holden’s Organizing a Sprint for more ideas.)

Installing free software on Windows can be unnecessarily difficult; that’s a significant barrier to attracting more developers for free software (especially those with Windows experience). I’m pleased to see that Alberto Ruiz has created an all-in-one PyGTK installer for Python and GTK development on Windows.

Plenty of projects need similar tools. Good work, Alberto!

This week on the Perl 6 mailing lists

“Short answer: absolutely.

“Long answer: emphatically not.”

– Larry Wall, in ‘RAII in Perl6/Parrot’

It was a remarkable moment when that staunch pillar of American media, Time Magazine, chose the entire population as Person of the Year. While Time raises a shrine to grassroots news and culture—including explicit obeisance to the YouTube amateur video phenomenon, musical mash-ups (with no hand-wringing over copyright infringement), and the Wikipedia smorgasbord—the editor complemented their precedent-shattering announcement with a brave claim that they regarded the information horde as an enhancement rather than a challenge to their journalistic profession.

User contributions may help to bulk up every business that depends on information, but they also force the painful exercise of new muscles. At the same time, these contributions are creating a new kind of economic value that may require a different way of measuring corporate assets.

I noticed a new feature in an enterprise security package offered by GTB Technologies. This package protects companies from employees or other people on internal networks who send out content marked by the company as sensitive: trade secrets, sales data, customer contact information, and so on.

What makes this package different from most is that it can check content even if it’s encrypted. Essentially, companies can have their security cake and eat it too. They can allow widespread encryption to protect against snoopers inside and outside, while preventing employees from using that encryption to sneak company secrets out port 25 or even something as immediate as IM.

And GTB claims they can do this while adding only 3 milliseconds to each transaction.

Have you wanted to start playing with Perl 6 but find yourself wondering what to write? I use Pugs, a Perl 6 implementation being written in Haskell and have been tremendously enjoying Perl 6. Like many, I’m impatient, but the work on Perl 6 has been progressing quite well and I’m quite keen to see the alpha. However, if you’re like me, you probably do better with a new language by actually writing something in it. Well, not only do I have something for you to write, you can actually help out the Perl 6 effort!

Recently I stumbled across 99 Problems in Lisp, which was in turn apparently borrowed from 99 Problems in Prolog. I’ve started 99 Problems in Perl 6.

There are some really cool new features in 0.7.3 such as custom tab completers, better alias support, job control… Here is a list of new features. And downloads are here.

For anyone unfamiliar with IPython, check out the home page. The nutshell description of IPython (from the IPython site) is

• An enhanced Python shell designed for efficient interactive work. It includes many enhancements over the default Python shell, including the ability for controlling interactively all major GUI toolkits in a non-blocking manner.
• A library to build customized interactive environments using Python as the basic language (but with the possibility of having extended or alternate syntaxes).
• A system for interactive distributed and parallel computing (this is part of IPython’s new development).

Language redesign is difficult, isn’t it? Once you start challenging base assumptions, you find that a lot of your previous conclusions are shaky, and good luck reigning in blue-sky ideas!

See you in 2007… or 2008… or 2009.

Best wishes,
a Perl 6 hacker

Guido, the BDFL for the Python language recently posted concerns about the Python 3000 release schedule. It seems that the discussions are “more about radical redesign of the language than about the relatively modest tweaks that [Guido] had in mind when [he] started the project.” His post showed a considerable amount of wisdom in balancing the needed (and desired) changes with getting things done. In any project, you can spend an infinite amount of time thinking and re-thinking the design, but at some point, you have to decide to get it done even if there are improvements that you could have made.

The results of the post were 1) Guido committed to try to set the tone on the Python 3000 Dev list to focus primarily on the work that needs to get done. 2) He offered to create a Python 4000 list on which people can discuss more radical changes to the language. 3) Guido mentioned some specific items for Python 3000 which he could use some help on. If you’re so inclined, read the post I’ve linked to and see if there’s an area where you can lend a hand.

I will be teaching Security, Privacy, and Politics in the Computer Age again this spring semester at Tufts University through the Experimental College. I had great success the first time I taught the course. This time, I am reshuffling the syllabus with several major changes:

• New sections for 2007:
• Social Engineering
• Databases and Data Security
• Risk Management and Policy Framework
• Software Insecurity
• Secure Software Development
• Regulatory Compliance
• Digital Investigations and Forensics
• Ethics
• Deeper discussion of privacy

Also, students will be placed in groups to design two “secure” products, which will be 25% of the final grade.

As usual, all news, lectures notes, resources, and selected students’ works will be online on the course website.

This week on the Perl 6 mailing lists

“With the little sense of smell I have left, this smells like INTERCAL’s ‘COME FROM’ statement to me…”

– Larry Wall, who has a cold, in ’supertyping’

This morning, Guido announced the creation of a refactoring tool for Python. In the link I’ve posted above, Guido mentioned that this could serve as a tool which could facilitate migrating code from Python 2.x to 3.0.

The gist of the tool is that it generates a parse tree of a piece of code. It then starts looking for nodes in the tree which match some pattern. When it finds matching nodes, it applies matching rules to matching nodes and “grafts” the resulting transformed node back into the parse tree.

I have just downloaded the source code for the refactoring tool, so I haven’t gotten my hands dirty with the code just yet, but it looks interesting and promising. Guido’s purpose in announcing the tool was to invite people to try it and give him a hand if you’re so inclined. So, go download it and put it through its paces.

Wikipedia says that Walt Disney died 40 years ago today, 15 December 1966.

Tell me again how extending the copyright on Steamboat Willie (released in 1928) is going to encourage him to create more artistic works? Walt’s been awfully quiet for a while now….

SpamAssassin hero Justin Mason has posted a summary of opinions against challenge-response mail systems. I particularly like the pyschopathic challenge-response system user in the comments who defends blowback by arguing that it only affects a few innocent users.

Sorry, folks. CR fails my one question certification test for mail filter authors, and that’s why it’s not just bad and wrong, but profoundly antisocial–just like spam itself.

Parrot’s first ever Bug Day is this Saturday, 16 December 2006. The core Parrot developers will be in #parrot on irc.perl.org all day to:

• Review tickets in the Parrot RT queue
• Answer questions from newcomers
• Fix bugs
• Add features
• Improve the documentation or tests or…
• Recruit and encourage new developers

If you’re curious about Parrot, please join us. You don’t have to be an expert programmer. If you can follow the build instructions (or report where they fail for you), manage a source code checkout, and work an IRC client, you’re plenty qualified. There are plenty of ways to get involved in almost any capacity you can conceive.

I recently needed to filter and process some Atom feeds. I know enough XML that I could process them with my own SAX filter, but this seemed like a better opportunity to use the XML::Atom module. Fortunately, it was very easy.

Recently I was pointed to a blog entry announcing the retirement of Stefan Esser from the PHP Security Response Team. Stefan, amongst other things, developed Suhosin, a PHP security tool. His retirement announcement was extremely disturbing and is worth reading.

Disclaimer: I have programmed in both Ruby and Python, but not enough to be familiar with their conventions, so the following could be a serious misunderstanding on my part.

Any Python or Ruby programmers out there able to explain why these languages default to integer math?

$ python -c 'print 7/2'
3

$ ruby -e 'puts 7/2'
3

This week on the Perl 6 mailing lists

“Your faithful Dynamic Environmentalist”

– closing signature of Bob Rogers in ‘RFC: Proposal for dynamic binding’

Quite a few months have passed since my last post, as cryptography-related endeavors, and family matters, most importantly, have occupied about all of my time that’s available for occupying. As far as cryptovirology research is concerned, results are coming together, and what began as a single paper a couple of years ago, has branched off into separate avenues of design philosophy. One particular branch deals with the development of a cryptovirus that is efficiency-oriented, with an emphasis on speed and reasonable security trade-offs. The original cryptoviral information extortion attack, by Dr. Adam L. Young and Dr. Moti M. Yung, was built on public-key cryptography and an on-board random number generator, with the latter proving to be the bottleneck, responsible for consuming over half of the time the attack takes (i.e., roughly 11 seconds). A couple of years ago, I looked into stripping these two components and playing around with different security trade-offs. Roughly speaking, what I ended up with is a structure that uses a symmetric block cipher and block cipher-based MAC, to satisfy confidentiality and integrity requirements, while sending the keys in - yes, you’re reading correctly - plaintext.

The reasoning behind this is practical. The cryptovirus needs a carrier. All that is necessary is for the carrier to drop the cryptovirus onto the host, and for the cryptovirus to perform its operations. If the carrier is fast and discreet enough in getting the cryptovirus to the host, this should compensate for the plaintext keys that are riding shotgun with the cryptovirus. We’ve ditched asymmetric cryptography, and already regain over half of the attack’s operational time, by generating key material beforehand, so we’re already looking at an attack that takes less than half the time of the original. By using fast implementations of AES, we can achieve a completely standardized approach, complete with tight security bounds. As of now, I’ve chosen AES in CTR mode, which is IND-CPA secure, as well as CMAC-AES, which is a SUF-CMA MAC; if used in the Encrypt-then-Authenticate composition, this renders IND-CCA2 security and achieves INT-CTXT, for some constructions of this attack. The key to understanding all of these acronyms will grace the end of this post. The important thing to know here is that I’ve just described the basic setup for a cryptovirus that is just as stout as any good, defensive system that uses the same cryptography.

For those who aren’t familiar with the idea of a cryptoviral information extortion attack, here’s how it goes. We have an adversary and victim. The adversary desires some resource that the victim has; we’ll call this “H.” (I’m following the naming convention of the original attack by Dr. Adam L. Young and Dr. Moti M. Yung.) To get this resource, he’ll need some leverage, so he designs the cryptovirus to look for some critical data on the host victim; we’ll call this, “D.” When the cryptovirus finds D, it encrypts it, using AES in CTR mode, overwriting the original. When it finds H, it computes a MAC on it, using CMAC-AES. (This implies that the cryptovirus houses two symmetric keys: one for encryption and one for authentication.) At this point, both keys have been overwritten in RAM, and the cryptovirus instructs the victim to send H, along with the corresponding MAC, to the adversary. Upon receiving this from the victim, the adversary will compute a MAC on H using the authentication key (remember, the keys are precomputed, so he has a copy) and CMAC-AES. If the MAC he computes matches the MAC that accompanied H, then H is valid. Otherwise, the victim tried to send some bogus substitute, H’. Because the victim hasn’t any knowledge of the authentication key, he can’t compute a valid MAC on a bogus file to send in place of H.

Theoretically, if the victim cooperates, the adversary sends the encryption key used to encrypt D, such that the victim can decrypt it, thus restoring the critical data. The problem here is that the trust model is based on a relationship between a victim and adversary. Traditionally, we look at channels between Alice and Bob, where trust is implied. However, there is no balance of trust between a victim and adversary. I’ve addressed this issue, theoretically, with an arbitrated, game-theoretic protocol (i.e., a trusted third party, who treats the exchange, between the victim and adversary, in terms of a non-zero-sum or zero-sum game.) I’ll leave this for another rainy day, though. Now that you have the contextual gist of the attack, I’ll pose my questions.

For those of you in charge of policies for handling adversarial attacks, how would you go about handling a cryptoviral information extortion attack? The obvious defense is a good back-up, of course. However, it seems plausible that with enough a priori information of the system (i.e., insider attack), a cryptovirus could be tailored to attack prior to a scheduled back-up. For information that is archived in relatively short time intervals, perhaps the cryptovirus’ fast execution time can increase the viability of this tailored approach. After all, we’re looking at seconds.

Some might be quick to respond, “You should just ignore the adversary and never give him what he wants.” Failed attempts at cryptoviral information extortion attacks have been reported, where the “H” that the adversary demands is in the form of a monetary payment. If this demand will cost more than the data, being held for ransom, is worth, then sure, that’s a good argument for ignoring it. However, what about when this isn’t the case, and it’d be worth it to pay the ransom? Others might retort, “But what if the adversary doesn’t follow through with his end of the bargain?” Theoretically, it’s in the best interest of the adversary to play fairly. Keep in mind that attacks are often reported and publicized. If the media reports reflect the adversary as someone who never pays up, future victims are less likely to take the risk. However, if the reports reflect an adversary who always holds up his end of the bargain, future victims may give in, if statistics show them that there’s a promise of hope in recovering their data. Again, this is just one theory.

Oh, and here’s some alleviation from the acronym jungle you had to venture through, to get to this point:

• AES = Advanced Encryption Standard (I know, I know; y’all probably know this one.)
• MAC = Message Authentication Code
• CTR = Counter Mode
• CMAC = Cipher-based Message Authentication Code
• IND-CPA = Indistinguishability under Chosen-Plaintext Attack
• IND-CCA2 = Indistinguishability under Adaptive Chosen-Ciphertext Attack
• INT-CTXT = Integrity of Ciphertexts
• SUF-CMA = Strong Unforgeability under Chosen-Message Attack

If you want a friendlier treatment of introductory cryptoviral extortion, that even a kid might enjoy reading, I’ve written some things about it here. Pardon all the thinking-out-loud, but now that I’ve laid out the fundamental context, it’ll be much easier to get to the point with future research. Until then, have a good one and stay warm, if it’s winter where you are. It’s downright cold, here in the South, tonight. Almost 10 degrees. Here’s hoping that this research is as fruitful as my fireplace is toasty.

Perl fans rejoice. This year we have two advent calendars. The Perl Advent Calendar reviews one fantastic CPAN module every day until Christmas. (We’ll also send you a book of your choice if you contribute a review.) Similarly, the Catalyst Advent Calendar gives one tip or trick every day for using the Catalyst web framework.

It’s been three months since PHP Versions in the Wild. What does Nexen report about PHP version adoption statistics for November?

I was impressed with the size of the <XML2006> conference (a name that must have been chosen by a designer, not by anyone who has to write Web pages), which took place in Boston this week. Rooms were overflowing for many topics, indicating that several large industries and government bodies have settled on XML for document storage and automated text manipulation. Microsoft Office still seems the editor of choice for most people writing and editing documents. The poor XML output of Office is a major irritant.

Blessed are the toolmakers, writes Piers Cawley. I agree.

In Can’t Someone Else Write/Deploy It?, I pointed to Tony Stubblebine’s first exploration of Salesforce.com’s new API. He’s updated his series with a second article, Using the Salesforce.com API.

Don’t fret; there’s more Perl this time. In particular, it takes only a little bit of glue to connect the comment engine of your weblog software to your database of prospective contacts. I can think of several interesting projects from there, starting with graphing your range of influence….

A newly unveiled company named Kryptiva is trying to meet all the important requirements for securing email. Many companies have offered encryption, digital signatures, and proofs of delivery for electronic mail. But up to now, according to Kryptiva founder and CEO Karim Yaghmour, each design has embodied an important flaw that reduces either usability or security. (Karim is the author of Building Embedded Linux Systems, which I edited. Kryptiva is proprietary software.)

The winners of the Sysadmin of the Year contest were announced this morning. Do you ever hug your system administrator, or do you go to him or her just when you have something to complain about? Well, if your sysadmin is an extraordinary figure, you may have a chance to show your appreciation in a future contest, because it seems this contest has satisfied the expectations of the key sponsor, Splunk.

I profiled Splunk earlier this year, praising their contemporary approach to solving system admiinistration problems by linking and providing data mining tools for large quantities of data, and for incorporating end-user feedback into the solution sets. Although this contest gained them some new potential marketing contacts, it was a contribution to the field, endorsed by a wide range of companies you can find on the contest’s home page.

Winners included an administrator who stayed in a burning building long enough to rescue his company’s data (thus saving not only the business but the key information of their customers), someone so popular at his web hosting service that 700 individuals submitted separate endorsements, and other worthy professionals.

This week on the Perl 6 mailing lists

“… On the sixth day of Christmas my true love sent to me,
Six versions of Perl,
FIVE LANGUAGES COMPILING!
Four bytes of bytecode,
Three POST nodes,
Two ASTs,
And a Partridge with a parse tree.”

– Jonathan Worthington, ‘Naming PAST-pm compiler tool chain’

Fritz Mehner’s amazingly useful perl-support Vim plugin supports Perl::Critic. (Okay, it’s done so for a year, but he just mailed me to make sure that I knew.) Fantastic!

See the perl-support Vim plugin screenshots or the perl-support Vim plugin help file for more information.

Thanks, Fritz!