Fabulous Entertainment says steganography is a security improvement—er, not so fast. I don’t know how they are using it, but hopefully they are not just embedding private information in the images without any encryption.
A web page of top 20 songs by play count:
$ sqlite3 ~/.kde/share/apps/amarok/collection.db << END | tidy .mode html select statistics.playcounter, artist.name, tags.title from statistics, tags, artist where statistics.url = tags.url and statistics.deviceid = tags.deviceid and artist.id = tags.artist order by statistics.playcounter desc limit 20; END
So the headline is misleading, but this is a start.
The [typeface is called] FE-Mittelschrift, with FE meaning it is Fälschungs-Erschwert, i.e. difficult to forge
The idea is that the letters and digits look different enough to make it difficult to adjust a license plate with tape or paint. Spiekermann complains that without a consistent look to the typeface, criminals could easily invent their own letterforms, which would fit in as well—or as poorly—as the real ones. Then a commenter writes:
A security expert I show this to points out that the purpose of the change is not for humans, but for automated number-plate scanners.
Right, law enforcement shouldn’t rely on officers correctly identifying typographic details on thousands of plates. Why is a human-readable plate still the only way cars are identified, though? A barcode, which includes a checksum, can’t easily be forged, and an RFID tag can be read more easily and doesn’t have to be mounted on the outside of a car, where it is easy to steal. Granted, RFID has somewhat scary privacy implications, but we can at least have beautifully set license plates with discrete (invisible ink?) barcodes.
After some months of inactivity on my Python steganography project, the Daily Python URL featured Stepic, traffic to this site jumped way up, and Stepic got a bunch of attention on the Web and in my mailbox. A rundown of the interesting tidbits:
- Scott Kitterman wanted to package Stepic for Debian and Ubuntu. I released the insignificantly-updated 0.2.1 a few days ago, which mostly just fixed the build/release process so that the license was included with the source code tarball.
- As I had mentioned, Greg Piñero converted Stepic to a web utility.
- Prompted by the web utility’s memory constraint, I’ve modified Stepic to (sometimes) use less memory, by adding the ability to modify an image in-place.
This lower-memory code is Stepic 0.3.
decodebehave as before.
- A new
encode_inplacefunction is available, which modifies a image instead of generating a new one.
- Stepic can encode and decode pixel sequences without using PIL. If PIL is missing, these functions will still be available. Ex:
>>> list(stepic.encode_imdata([(1, 2, 3), (4, 5, 6), (7, 8, 9), (10, 11, 12)], 'a')) [(0, 3, 3), (4, 4, 6), (6, 9, 9)] >>> ''.join(stepic.decode_imdata([(0, 3, 3), (4, 4, 6), (6, 9, 9)])) 'a'
Steganographer class is deprecated. Just use the functions; no classes are needed. It's still there, but it will be removed eventually.
Stepic 0.3 can be downloaded from its project page.
What happened was, I got an email from a fellow named Greg Piñero saying that he made a web interface to Stepic. I liked it, but was more impressed with the site he hosted the utility on: Utility Mill is a sort of wiki for little web utilities. You make a utility by creating some input fields through the Utility Mill web application, then write Python code to do something. It’s as simple as webifying a utility can be: if you have a text input called
NAME, your code just uses that variable and
# Hello World for Utility Mill print 'Hello', NAME
I soon realized that Greg not only made the utility, he also created the website. We exchanged emails about security (it seems he has it pretty well figured out), bugs and features, and possible business models.
Also, Utility Mill’s limited-memory environment kicked me to make some improvements to Stepic that I’ve been meaning to make for a little while. (A release with these changes is forthcoming.)
Here’s my Utility Mill profile: lenny.
I’ve been writing birthday limericks for friends’ Facebook profiles, and decided it’s high time I made some money from my work.
Here’s one I just came up with about myself:
Desperate, Lenny wanted more
So he opened a lim’rick store
He’s not even funny
He’d make better money
If he would just become a whore
I’m not really desperate for money, but you get the idea. For more examples of my limericks, see the ones I wrote a year and a half ago about the professors I had that semester. You may also see more of my limericks on Facebook if you are a friend of my friends.
If you choose to pay less than $1.25, I will round down to the nearest $0.25 and write as many lines as quarters you pay. If you pay more than $1.25, I will still write a standard 5-line limerick—the rest will be considered a tip. In other words:
The subject is your choice. Please fill in the fields below indicating
- Who, and what event or trait of theirs, I should write about
- More information about that person.
Note that limericks tend to be humorous and raunchy, so don’t do something stupid like choosing a death for the event.
If you are dissatisfied with the limerick, please email me to arrange a return. If you have not yet used the poem, you may return it for a full refund, minus any Paypal fees I might have incurred (probably none). If you are unsatisfied with an individual line, please email me for a rewrite or refund.
I might also issue a refund if I’m too busy to write.
For your money you get exclusive license to the poem for personal use or for publication, but not copyright. I may publish the poem, or I may choose not to. If you would rather I not post it, just say so.
The poem will be delivered over email, Facebook, IM, whatever. Probably email.
What a deal!
It sure is, Jimmy. Get ‘em while they’re cheap.
I’ll probably become famous, so expect your purchase to appreciate nicely if you don’t use it.
Is this a joke?
Yes, but it’s also real.
Though installing audio and video codecs has become easier in recent Ubuntu releases, there is no straightforward way to watch copy-protected DVDs (all big titles in the US). Because of legal problems, Ubuntu cannot provide the necessary DVD decryption package, but does provides a package that includes a script that downloads the DVD decryption package.
Here’s a demo video (also available as an AVI file):
These are the lines to copy and paste into a terminal:
sudo /usr/share/doc/libdvdread3/install-css.sh sudo aptitude install vlc gconftool-2 -t bool -s /desktop/gnome/volume_manager/autoplay_dvd true gconftool-2 -t string -s /desktop/gnome/volume_manager/autoplay_dvd_command "vlc %m" #
There you have it, DVD on Linux.