How To1 comment
06
Nov 09

Organizing your CD Collection: Jewel Cases Suck

I <3 CDs. I might be a member of the iPod generation, but I still think there’s something wonderfully visceral about playing a physical piece of media. I love watching a record spin on a turntable and would love to be a complete vinyl convert, but I just don’t have the space or patience to maintain a record collection.

CDs are great–the problem is with the jewel cases they’re stored in.


They break, easily

A sign of how loved a CD is, is whether the case is broken. There are four sad sad places a jewel case might break, and especially considering that jewel cases are getting flimsier (anecdotal observation from my shopping for used CDs–the older CDs had more durable jewel cases), keeping cases in good condition is a losing proposition.

Jewel Cases break

They’re bulky

Having a decent collection of CDs takes up a lot of premium bookshelf space. Even clever solutions like this can’t hide that a lot of space is needed to store CDs in their jewel cases.

Jewel Cases take up a lot of space

I’ve stacked five jewel cases and their corresponding CDs and liner notes next to each other. The actual content (CDs and liner notes) take up maybe half the space the jewel cases do. A jewel case is about .4 inches wide, so you can fit maybe 30 CDs in 1 foot of space if you arrange them like you do books–standing up and in a row. This can be a problem especially if you’re using a regular bookshelf–there’s probably a lot of space behind each CD that you don’t have ready access to. I also don’t like the alternative.

CDs in Stacks

Stacking CDs flat is one solution, but it makes random access to a particular CD less than optimal. To make a CS analogy, although stacking CDs would be more efficient in space, it creates a Last In First Out scenario where all the best CDs are at the top and where all the less-listened-to CDs are at the bottom. Everything but the top CDs are harder to access. To me, this is not an optimal solution since one of the points of having a sizable CD collection is rediscovering music while browsing. This Stack structure would discourage that. The traditional way, is more appealing to me since you can randomly access any of the CDs easily.

Storing CDs in their original jewel is inefficient. There are a few other CD organization strategies, including CD books, slim cases, and sleeves. I cleaned up my CD collection over the summer and am pretty happy with the results–the only thing is that I had to use several resources to compile the necessary information to do so. I thought it might be nice to organize the information that I found in a series of posts.

TalkNo comments
15
Oct 09

Privacy on the Internet: An Exercise in Futility?

Sometimes it seems like that. A week ago, Balachander Krishnamurthy came to Princeton and exposed even more reasons why we shouldn’t think anything we do on the Internet is private. He released a paper in August that shows how information in Online Social Networks (OSN, like Facebook, Livejournal) can leak personally identifiable information (PII) to third parties. What’s unnerving about his findings is that they mostly cover areas that people cannot take active measures to protect themselves, like Request-URIs.

The takeaway message: if you put the information on the Internet somewhere (like your real name on your Facebook profile), don’t be surprised if another party can link that information back to you. Most of this is out of your control and is based on how these websites and webapps are coded and designed. Opaque agreements between social networks and advertising companies are extremely unhelpful to end users in finding how their information is dealt with.

The quicker takeaway message: Don’t put anything on the Internet that you’re not okay with everyone knowing. This might include passing on participating in social networks for the truly paranoid.

ResearchNo comments
06
Oct 09

Binary Level Metadata in Microsoft Word

The breakdown is this: give me a relatively recent Microsoft Word Document (.doc) and I can tell you what word processor last edited it.

I studied information leakage. There are a plethora of examples of cases where information that wasn’t supposed to be revealed, was. One could argue that it’s the user’s fault for not correctly sanitizing their documents, but I blame WYSIWYG editors. Back in the day of pen and paper, if someone wanted to redact information from a document she was releasing, all she had to do was take a black market and cross it out. For extra security, she could make a photocopy of the original and only release the photocopy. WYSIWYG editors try to imitate paper in that the document being edited is in theory the one being published, but especially with redacting information, there’s a failure to communicate to the user what’s actually going on. In a WYSIWYG editor, one can’t just put a black box over information to redact it. The same goes for putting a black background on text. The problem: the information is still there.

The stories about information being incorrectly redacted are more high profile and glamorous, but metadata leakage can also be embarrassing. Metadata can be thought of as data about data. When you create a file, the program that created it stores some identifying information–for example title, author, date of creation. It stores data about the data you just made. I talked earlier about how technology can be seen as like magic and just working. Again, the problem is if one thinks of technology this way, privacy and security are never questioned. In this project I examined Microsoft Word Documents–one of the most common file formats for editing and publishing text documents. Word stores metadata and in a world increasingly worried about metadata, Microsoft offers advice on how to sanitize documents of metadata. While clicking around Microsoft’s help pages, I came across the following snippet:

“Some metadata is readily accessible through the user interface of each Office program. Other metadata is only accessible through extraordinary means, such as opening a document in a low-level, binary file editor.”

Extraordinary means? Thus I set forth tying to determine whether this Computer Science undergraduate could find the metadata Microsoft referred to using “extraordinary means” (also known as the Unix tools strings and octal dump).

What I found was quite fun. Microsoft Word Documents (of the .doc variety–.docx is an entirely different beast) differ enough on the binary/octal level differ enough so that I can identify Word files created by Microsoft Office 2003, 2004, 2007, 2008, OpenOffice, and Google Docs. A quick tip on identifying Office version: Microsoft always releases the Windows version the year before the Mac version. Thus Office 2003 and 2007 are the Windows versions and Office 2004 and 2008 are the Mac versions. There are major differences in structure between Windows and Mac Office-produced Word documents and definitely differences between each version. Microsoft Office is a minor nightmare from a backwards compatibility standpoint, so I don’t blame Microsoft for having convoluted file formats (fun fact: Word documents alternate between UTF-8 and UTF-16 encoding). It turns out that when one version of Office (say 2004) opens and saves a Word file created by another version of Office (say 2003), the file structure will be converted from 2003 to 2004. It is possible to create an operating system neutral word processor though: I couldn’t tell the difference between OpenOffice Word files created on Windows computers or Macs. It goes without saying that OpenOffice and Google Docs produced Word files that look very different on a binary level from the Microsoft ones.

I recognize that looking at Word documents at this close of a level is beyond most Word users’ abilities or desires, but I’m also surprised how easy it was to find differences in the file formats. Microsoft Word stores unintended metadata about what word processor you used to last edit a document. This is troubling since Microsoft has tools that are supposed to strip metadata from documents, but this just goes to show that metadata is embedded deep into documents. I’m guessing that one of the reasons Word moved to a .docx format was because .doc was becoming too cumbersome to deal with. It’s very possible that .docx is operating system and Office version neutral. I definitely don’t think that Microsoft was sloppy in creating the .doc format, I just believe that in most moderately complicated file formats constructed in an environment where privacy isn’t paramount, there will be traces of hidden metadata.

This was one of the two projects I did at Princeton. The other, on RFID security, can be found here.

Research3 comments
30
Sep 09

RFID and Smart Card Privacy and Security Concerns


Arthur Clarke once proclaimed that “any sufficiently advanced technology is indistinguishable from magic.”  Even as a Computer Science student, I find myself identifying with this idea. Because I’ve studied more on the software side, I tend to think of hardware as vaguely magical black boxes. When dealing with magic, things are supposed to “just work” and we don’t question why because it’s all mysterious. The problem with this thinking is that even if a technology works, it might not work well or have been implemented correctly, especially in terms of security.

RFID is a magical technology–it’s commonly used enough so that people will know what it is, but not well-known enough for people to understand what it is. If you’re unfamiliar with RFID, it’s the chip that can be found inside of some credit cards that forms the basis of “tap and go” payment. RFID tags can also be found in many transportation system cards, like the CharlieCard (Boston) or the SmarTrip (D.C.). RFID tags can store information (like how much money is on your card) and they communicate through radio frequency waves. The radio waves are why RFID can probably work through your wallet but doesn’t if you wrap it in aluminum foil. At Princeton, our student ids (”Prox” cards) have RFID tags inside them and students can use them to access buildings. They add an extra layer of building security.

Princeton’s security is based on our Prox cards, so I wanted to know how secure they were. I used an off-the-shelf RFID reader (an Omnikey CardMan 5321, around $100) and open source software (RFIDIOt, free) to see what I could get out of the RFID cards I had, including a Princeton Prox card, a CharlieCard, and a Princeton Public Library card. Luckily (or unluckily for me), the Princeton Prox card was an HID iCLASS card, which I found in my literature study to be one of the more secure cards on the market. HID claims that it built in anti-cloning (copying a card) physical devices into the card.

However, I discovered that hotlisting attacks were very possible with all three cards I had. Hotlisting is an attack that involves tracking an individual through a unique identifier (UID), a number that was unique to that card. Each of the cards had a UID that I could read with my unauthorized reader, and since it was a unique number, I could link it directly to that card. Because each card is linked strongly with one individual, I could then track individuals if I had a point of reference where I could confirm their identity and read the UID off their card. Reading a card’s RFID tag is very unobtrusive, especially when the cards are commonly used. All it would take is brushing up against an individual’s wallet, and I would have the number. This means that if I wanted to track an individual’s movements, all I would have to do is place a number of RFID readers in key locations, and obtain someone’s UID. Since I could read the UID of all the cards I tested and considering the ubiquity of cards with RFID tags, I believe that most people are trackable. RFID tags are also being found in items other than cards, such as library books and EZ Pass or related electronic toll payment systems. As more cards add RFID tags, this will become a bigger issue. Whenever you carry your card, you are followable.

This was one of two research projects I completed during my junior year at Princeton. Here is my other project on hidden metadata in Microsoft Word Documents.

Technology Policy / WritingNo comments
29
Aug 09

CDT Blog Posts


As a continued act of record keeping, here are the blog posts I did for the Center for Democracy and Technology on their PolicyBeta blog during my internship.  I had a great time there and learned a lot about Internet/Security/Privacy policy and how government really works.  I worked on several projects at CDT, some of which resulted in blog posts.  One of my projects was writing the “CRS Report of the Week” posts.  CRS is the Congressional Research Service, the “Congressional Thinktank” that does policy reports for Congressmembers.  They produce CRS Reports, which explain current legislative issues.  CRS Reports aren’t directly available to the public, which is interesting since CRS is tax-payer funded to the tune of $100 million a year.  CDT runs a project called Open CRS which liberates CRS Reports found in the wild.  I wrote CRS Report of Week blog posts to illustrate how useful CRS Reports were.  They provide great introductions to topics and are often surprisingly timely.  Read one if you want to understand an issue.  I also worked on the Browser Privacy Report and PASS ID.

CRS Report of the Week Projects I Worked on

The photo is the Farragut West Metro Station, next to which CDT is located and where I got off every day.

Technology Policy / Writing1 comment
29
Aug 09

WWS 586F Class Blog Posts


As a matter of record keeping and curiosity, here are the blog posts I wrote for the seminar on Information Technology and Public Policy that I took at the Woodrow Wilson School. Many of them, especially the ones on the Facebook Terms of Service and the Kindle 2, are now outdated due to events in the past months, but others are still relevant. 4 and 9 are topics that still stand today–4 is on how Computer Science education (especially at lower levels) could be improved and 9 discusses some of the tragedies that occur with what are normally positive traits of the Internet: the ability to disseminate information quickly, to keep sources anonymous, and to retain information for an indefinite amount of time.

  1. Facebook wants to own your life [February 22nd, 2009]
  2. The Kindle 2’s Correct Copyright Claims (and the Authors Guild’s Incorrect Ones) [February 28th, 2009]*
  3. Blurring Google Earth [March 7th, 2009]
  4. Computers in Our World [March 28th, 2009]
  5. TVGuardian Will Protect Us All [April 4th, 2009]
  6. The Kindle 2: A New Hope (for the disabled) [April 11th, 2009]
  7. eBooks and mp3s [April 18th, 2009]
  8. Protecting Children from the Indescribable Filth of YouTube [April 25th, 2009]
  9. Grief From Griefers [May 2nd, 2009]

*Tim Lee (the tech libertarian) was in my class! He approved of this post.

TalkNo comments
28
Aug 09

Hi there!

Since WordPress’s default title for a new post is “Hello World!“–the title that I probably would have chosen–I felt the need to change it.  This is my obligatory explanatory post for why I’m adding my noise to the chaos of the Internet.  I figure, I like to write and sometimes spend time researching information that’s not organized that I think could be helpful to someone else.  Essentially, because I can.  This is a personal project and might even be a little fun and educational.

I have “blogged” twice before, once for class (WWS 586F: Information Technology and Public Policy instructed by the singularly awesome Ed Felten) and once for my internship at the Center for Democracy and Technology (CDT).  Both experiences taught me two lessons:

  1. blogging is easy
  2. blogging is hard

Blogging is easy because it’s informal.  The audience isn’t going through my grammar participle by participle and there doesn’t need to be a formal structure.  It can be written in a conversational tone.

Blogging is hard because I’m putting myself out there.  My scariest classes at Princeton by far were my Creative Writing classes.  It was nerve-wracking for me to go to workshops and have ten other students and one (likely published and highly acclaimed) professor examine my writing paragraph by paragraph and critique it.  Computer Science is interesting because for the most part, people in the field are detached from their audience.  A programmer hardly sees their actual uses and computers talk, not people.  Writing is inherently intimate and revealing of the writer.  Not only is blogging as a form of writing revealing, it’s also putting that revealing information on the Internet for anyone to see and likely stored in some computer forever.

Both previous blogging adventures had clear goals in mind.  This one does not.  This is probably a mistake.  However, it’s my mistake, and my mistake it’ll be.  This will be interesting.