|
|
 |
 |
|
| |
Welcome to the personal website of Jonathan Zdziarski
(Formerly Nuclear Elephant)
I am...
- A research scientist and occasional hacker
- An author and occasional theologian
- Inventor on several US patent applications
- Inventor of DSPAM and other language classification technology
- A pretty good bass guitarist
- Lots of other things
Recent Appearances:
- February 25: Gartner Mobile Summit, Chicago [ slides ]
- May 26-30: Mobile Forensics World, Chicago
|
| Featured Book |
 |
| In Stores Now! |
|
 |
September 28, 2009: iPhone Forensics Update
Just a brief update on the state of my forensics research on the iPhone.
- I have responded to some questions about my imaging methods. These are
posted at http://www.iphoneinsecurity.com. My latest techniques are much less intrusive than the old ones, and
O'Reilly Media is in the process of putting together a new book to outline
these, as well as the techniques for the iPhone 3G[s]. You can learn more about
them from the article.
- For those of you who don't know, I've made a suite of automated (scripted)
tools available to active duty law enforcement at no charge. These scripted
tools perform the methods with a few commands in Terminal, as opposed to
the much longer manual techniques. The tools do not contain any copyrighted
software by Apple, but operate on the same firmware files iTunes uses.
If you are active duty law enforcement (and don't work for some communist state
or enemy of our government - sorry China), you may contact me for access.
- Currently, all firmware versions (1.0 - 3.1) for all three devices
(iPhone, iPhone 3G, iPhone 3G[s]) have functioning forensic recovery
techniques (and subsequent tools). Likewise, the same types of personal
information leaks that the iPhone has been vulnerable to for years are also
present in the latest versions of firmware, making it problematic for
enterprises looking to store confidential information on such devices. It seems
as though, rather than fix inherent design flaws in the operating system,
that Apple has opted to simply try and lock up the boot chain. As a result,
even future firmware updates will likely have these same data leaks and
vulnerabilities, only
swept a little further under the carpet each time.
- My latest WebCast with O'Reilly Media can be found here, demonstratiing iPhone forensics on an iPhone 3G[s] running firmware 3.1.
|
 |
August 9, 2009: A Proposed Medical Privacy Act And Why We Need One
http://zdziarski.com/papers/medicalprivacy.html
After chatting with some of my local state reps about my concern over a
national healthcare "database", cataloging every American's medical history and
the violation of privacy this constitutes, I got some positive feedback and a
request to send them an idea of what I had in mind. Here is my first
attempt at such a bill, and an explanation of why every state should be
considering adopting one.
|
|
July 21, 2009: iPhone [in]Security: The New Source For Law Enforcement Tools and Research
http://www.iphoneinsecurity.com
Law enforcement agencies have the toughest challenge in mobile forensics:
not only do they have to get data off the phone of a pedophile, rapist, or
murderer, but they have to do it in a forensically sound manner that can
be reproduced and explained in a court of law. I have submitted all of my
latest research and automated tools to iPhone [in]Security where law enforcement
agencies can receive special access. A contact address also exists to request
access. In addition to the restricted content, many public articles
and announcements are also posted by law enforcement officers and other experts in the field, so head on over and check it out.
|
|
July 5, 2009: Good iPhone Forensics Whitepaper
Andrew Hoog, Chief Investigative Officer at Via Forensics, put together a good summation of the available forensics
techniques for recovering data from the iPhone. This paper is a few months old,
so it doesn't cover my latest USB method (which is much faster and easier),
but he does cite my original method from the book, along with some other
useful methods. Depending on what kind of information you want to get,
there are different techniques you can use. Andrew has informed me this paper
will be updated shortly so keep an eye out for a new edition.
|
 |
July 2, 2009: Is Jailbreaking a Security Threat? Really?
Someone sent me a copy of this MacWorld article in which Charlie Miller makes the claim that jailbreaking is a threat to ecurity (I left off the 's' because apparently they stole it for the new iPhone).
Does Charlie really believe that DRM is healthy for a computer system? It
seems that having disclosed the SMS vulnerability, he should know more than
most that application signing provides more copyright control than it does
actual security. Ironically, most exploits such as SMS and Safari exploits
have the potential to affect every single iPhone user with a vulnerable
version of firmware - whether it's jailbroken or not.
Lets talk about jailbreaking and security for a minute, shall we? Ironically,
and much to Miller's chagrin, the jailbreak community has been responsible
for fixing more security problems with the iPhone than it has caused.
As early as ... [ more ]
|
May 31, 2009: iPhone: What We Learned at MFW '09
With all of the gray matter at MFW '09, it was no surprise that a little
collaboration led to some new discoveries about iPhone forensics. A few
examiners who attended my workshop made some interesting observations and
the overall excitement around iPhone forensics motivated me to do some of my
own research as well. Here's what we learned:
I had previously believed since the iPhone's geo-tags left out
the number of seconds, that the GPS coordinates were only approximations
and not exact. I have been using exifprobe to pull out the tags, but Jordan
Moreau found that Apple's preview application had integrated geotag support
(go to the inspector and click the info tab). After watching preview load
the exact GPS location, I had a closer look at the exif tags and realized that
Apple does in fact provide a much closer set of coordinates than I
once thought. In the exif tags, add the number of degrees to the minutes
field divided by 60. Given:
JPEG.APP1.Ifd0.Gps.Latitude = 42,57.45,0
JPEG.APP1.Ifd0.Gps.Longitude = 71,32.9,0
The GPS coordinates can be parsed using the following simple formula:
57.45 / 60 = 0.9575 + 42 = 42.9575
32.9 / 60 = 0.54833 + 71 = 71.54833
In this example, the photo was taken at 42.9575,-71.54833 (NW), which is within
a few meters of the actual location it was snapped.
The method for returning an iPhone back to pre-examination condition was
previously to delete the forensic agent from the device using a script.
Adrian O'Leary from the Metro Police UK came up with a much better
idea: simply re-run stage 1. Stage 1 repairs the Apple operating firmware by
putting it back to its factory state from Apple. This will keep all of your
user content intact just as deleting the agent would, but will remove all
traces of your entry into the device. Alternatively, you might build a
"post-exam" stage using Pwnage, removing a number of patches from the
Pwnage bundle manifest.
At the conference there was a strong demand to see recovery performed
over USB, so I started looking into coding up something using the usbmux
protocol. Once I had a proprietary working prototype, I realized someone else recently developed a usbmux proxy
which maps TCP ports on the desktop to TCP ports on the iPhone. This allows
you to connect to the SSH port via USB and conduct your recovery without
needing WiFi. You can find st3fan's usbmux-proxy tool here. When recovering over USB, you won't
need to configure Wi-Fi on the device, meaning you won't need to bypass the device's passcode or re-enable a disabled iPhone to recover the raw image.
While at the conference, I spent a night looking over a detective's
homocide case to try and find some new evidence from an iPhone. We came
across a remnant of old call data records (normally stored in SQLite). Since
the data was so old, we couldn't mount the database, so I devised a simple
method to reverse-engineer the raw storage back to a set of phone numbers and
Unix timestamps. On a test device running the same firmware version, mount
the same type of database (e.g. call history) and insert control data whose
values you can account for. I used 123456789 and 987654321. Now hex-edit
the database and you'll be able to see what format SQLite uses to store those
records. In this case, it turned out that the Unix timestamp was found in
the four bytes following the phone number.
There's much more, and I've worked many changes (including verbiage changes)
into what will eventually be the next edition of my iPhone Forensics book.
I'm making this technical review draft available to sworn law enforcement
officers and examiners working full time for these agencies. Email me from
your LE account and I'll add you to my mailing list.
|
|
March 30, 2009: Origins of Government by Thomas Paine
"SOME writers have so confounded society with government, as to leave little or no distinction between them; whereas they are not only different, but have different origins. Society is produced by our wants, and government by our wickedness; the former promotes our happiness positively by uniting our affections, the latter negatively by restraining our vices. The one encourages intercourse, the other creates distinctions. The first is a patron, the last a punisher.
Society in every state is a blessing, but government even in its best state is but a necessary evil in its worst state an intolerable one; for when we suffer, or are exposed to the same miseries by a government, which we might expect in a country without government, our calamities is heightened by reflecting that we furnish the means by which we suffer! Government, like dress, is the badge of lost innocence; the palaces of kings are built on the ruins of the bowers of paradise. For were the impulses of conscience clear, uniform, and irresistibly obeyed, man would need no other lawgiver; but that not being the case, he finds it necessary to surrender up a part of his property to furnish means for the protection of the rest; and this he is induced to do by the same prudence which in every other case advises him out of two evils to choose the least. Wherefore, security being the true design and end of government, it unanswerably follows that whatever form thereof appears most likely to ensure it to us, with the least expense and greatest benefit, is preferable to all others."
Thomas Paine
Common Sense
|
 |
March 23, 2009: iErase: Zero Free Space: Now Available
http://www.zdziarski.com/projects/ierase/
After a ridiculously long three long months of waiting, iErase: Zero Free Space
is finally available in the App Store. Buy it now in the iTunes
App Store.
The first and only app for the 99.9% of us law abiding citizens who deserve better privacy.
Want to make sure a deleted confidential email or embarrassing photo is purged forever from your iPhone, but don't want to go through the inconvenience of wiping the entire device? Simply deleting a file doesn't guarantee it's gone for good. Protect your deleted data from being recovered by hacking tools and prying eyes, or in the event your iPhone is stolen.
iErase is a simple utility for zeroing out the free space on your iPhone without performing a full reset of your content and settings. The tool does not delete any live files, but uses the same method that Mac OS X uses to zero free space: it creates a large temporary file, which writes zeroes over the free space where deleted files can still reside. On the iPhone, this occurs within the application's sandbox, but because all applications share the same free space, the entire iPhone user partition is cleansed, forever purging deleted photos, email, voicemail, and other deleted files - without having to reset all your content and settings.
|
.
 |
March 10, 2009: AMBER Alerts and Missing Kids application for iPhone
http://www.zdziarski.com/projects/amberalert/
The National Center for Missing and Exploited Children and I have been building a revolutionary new tool.
The
iPhone AMBER Alert System is now
available in the App Store FREE and not only provides up-to-the-minute detailed information on all AMBER Alerts, but revolutionizes the way that sightings are processed. By using the iPhone's
GPS, we're able to feed this data into a GIS system and build any number of
geoanalytical models to identify multiple credible
sightings within a given radius. This information is relayed directly to
the NCMEC hotline where it is processed and disseminated to the appropriate
law enforcement agency. The first version of AMBER Alert sends this data
through email, but a private API is in the works, opening the door for taking
photographs of sightings for visual confirmation and further improving response times. All of this is made
available, of course, at no cost, and is a free download.
Original Open Letter to Apple, Inc. and Steve Jobs
|
|
February 26, 2009: Writing on the Wall; Will Apple Abandon Developers and the Traditional Consumer?
http://www.zdziarski.com/papers/apple.html
Recent events have suggested that the writing is on the wall for Apple to abandon their consumer and independent developer audiences, and begin focusing more on lower quality volume marketing into specific demographics, and on relationships that only benefit the company in large ways. I predict that Apple is headed in the direction of distancing themselves from both consumers and developers in exchange for the benefits that come from the volume sales generated by less expensive equipment sold into "big box" cookie-cutter markets.
|
 |
February 13, 2009: Jailbreaking is Copyright Violation? Really?
http://www.zdziarski.com/papers/opposition.html
Apple recently filed an opposition to an EFF proposal regarding copyright laws that would make jailbreaking more acceptable on
a legal level. I've added my response to Apple's claims in blue, and hope to explain why Apple's claim that jailbreaking is
(or should be) illegal is nothing but a reality distortion field. To summarize Apple's entire argument, it seems that they
believe people should not be allowed to access the iPhone because it could only possibly used for piracy. The fact is, people
have been accessing their iPhone just like it were a desktop computer since before the SDK was ever announced, and have used
it for many legitimate uses from unlocking to software development and law enforcement forensics. This is the inherent danger
in allowing a hardware manufacturer to also control the product's software channels. It is my hope that some day the DOJ will
launch an anti-trust investigation to see if it makes sense to break up Apple's hardware iPhone sector from its iTunes App
Store - as the two together make for one considerable monopoly, using a concept that was conceived eight months before
Apple thought about it.
|
|
February 12, 2009: iGlow, The Fun Night Writer App for iPhone
http://www.zdziarski.com/projects/iglow/
Glow is a fun, child-friendly drawing application allowing you to draw in up to seven colors of light. Within a few seconds of drawing anything on the screen, your writing will begin to fade. Choose from red, blue, green, purple, yellow, orange, and white. Just double tap to change color or choose one from the palette. Nothing fancy, just a fun night-time doodling application that will keep your kids busy and happy.
|
 |
February 4, 2009: How AppStore Authors Are Faking Reviews
I've seen at least a few apps in the AppStore lately receive a sudden burst
of a dozen or more 5-star reviews in one day, amidst an onslaught of one and two-star reviews left by real customers. Isn't it strange how dozens of
customers can report serious bugs in an application, only to be met with
a sudden burst of reviews praising a product's eternal greatness? Given that one of these applications
happened to be a competitor of my popular ballistics calculator, I started investigating just how
these app authors might be faking their reviews.
After a little research, I came to the conclusion that iPhone developers can "sock puppet" reviews for themselves and leave up to 50 reviews per version of their
application. This is
because AppStore authors can issue up to 50 promo codes per software version. A
small loophole allows this to be exploited as people who have downloaded software with a promo code can also leave a review. All the author needs to do is sign up 50 new iTunes accounts, and boom - you've got 50 fake reviews. And even
if you don't have a set of virtual credit cards or gifts cards to open iTunes
accounts, you can create 50 fake ones without a credit card.
As a last resort, finding a dozen or two friends with iTunes accounts isn't that difficult these days. Just issue some promo codes, and you've got all the fake
reviews you need!
The moral of the story is this: don't believe everything you read. If you see a product that looks really tacky, those five star reviews might be
bogus. There's a good chance those reviews you're
reading all came in one day, and by the author of the software. The easy fix?
Apple might consider limiting the review feature only for applications the user
has bought and paid for (without a promo code).
code.
|
|
December 12, 2008: Ballistic: The Pro Trajectory Calculator for iPhone
http://ballistic.zdziarski.com
Ballistic is a ballistic trajectory calculator and range companion for the iPhone. Ballistic calculates path, windage, velocity, time, and energy at range increments as low as 5 yards, and can compensate for atmospheric conditions such
as temperature, barometric pressure, humidity, and altitude. It's also much more than a basic trajectory calculator. With a vast library of over 1,000 projectiles, range estimation calculator, and a range log, Ballistic is a complete mobile companion for hunting or at the range.
Ballistic is now listed in the AppStore.
Ironically, I found myself
referencing my own book from
time to time for the right information. It proved an invaluable resource!
|
|
December 11, 2008: Did the Obama Camp Censor Out Difficult Questions?
[ I confirmed this with several people prior to posting, but there's no
guarantee they won't "fix" it once it's noticed that we notice ]
Mr. Obama's website has recently added a new feature called Open Government, allowing website visitors to propose new questions for Mr. Obama and vote for
the ones most relevant to the American people. The latest forum is now closed,
but during its tenure, the website staff appear to have been censoring
visitors' ability to ask certain questions to Mr. Obama, preventing them from being voted on by the software's collaborative scoring system. I've included two
screenshots below, showing that a search for "assault weapons" suspiciously returns zero results, while
a search leaving off the leading "a", e.g. "ssault weapons", brings up several results. This is one of many hot topics, as there is nationwide concern about a
new firearms ban and what its implications would mean to the recent
2nd Amendment SCOTUS case of DC v. Heller. Similar searches, such as "assault"
and "ban", "assault" and "atf", or "assault" and "rifle" seem to also return
empty results unless part of the spelling is removed.
Not so strangely, a search for "gay marriage" returns
plenty of results, so the issue obviously isn't one of multi-word searches. Longer multi-word
queries such as "environmental protection" return results too, so the problem isn't one of query length. This suggests that someone in Obama's transition
team might have hard-coded certain key words to return empty, leaving those
questions to rot at the bottom of the pit. It is uncertain
just how many votes were cast on these questions, and whether they were voted on before this suspicious
behavior started. Clearly when the questions could be found, they were considered good
questions to ask.
Just how much confidence can
we put in an administration that censors the thoughts and concerns of the American people? How closely does this kind of rigging of a public agenda parallel
to the rigging of elections? The answer is, if you can control the media,
you won't need to rig an election. I wonder what other topics are suspiciously
returning no matches? After the Obama administration sought to destroy Joe the Plumber's credibility,
it seems as if the American people are being discouraged in many ways
from asking any serious questions.
|
|
Search for "assault weapons"
(Results are censored) |
Search for "ssault weapons"
(Results are not censored) |
|
|
November 23, 2008: A Case For "Assault Weapons"
Since the election of Barack Obama to the presidency, a consistent stream of chatter has been heard from the legislature, and from the president-elect
himself, pertaining to a permanent assault weapons ban. Mr. Obama's transition website, change.gov, reveals his agenda to include reviving the
failed 1994 "assault weapons ban" to create a permanent ban on semi-automatic firearms that look scary enough to be considered military-grade.
His agenda calls this "common sense" gun legislation.
Since there are already a number of debates on that subject,
I've decided to challenge the liberals on their own turf: lets suggest, for the sake of argument, that they're right: that people should only
have access to firearms practical for home defense. With this in mind, I submit the following documented cases of gang home invasions, many
recent ones, and some involving nearly 30 gang members who have assaulted, murdered, or raped their victims. [ more ]
|
 |
November 21, 2008: The iPhone's New Audio Foundation Framework
Apple's been busy at work adding functionality to the iPhone developer
platform. Version 2.2 of the iPhone SDK was introduced this week, and brought
many great new features. This new version also quietly came with some
goodies for developers. Among these goodies was the introduction of a new
framework for playing and mixing audio: AVFoundation.
Click the link below for a free excerpt from my new book, iPhone SDK Application Development, which covers the new AVFoundation framework and provides a
fully functional book example that plays music and builds a VU meter using
the framework's meter properties.
[ The Audio Foundation Framework | Book Example ]
A Free Excerpt from iPhone SDK Application Development
|
|
October 24 2008: Diebold Testing Day Field Trip
http://www.zdziarski.com/papers/diebold.html
Our town is among the most fortunate to have a moderator with over 39 years of experience conducting our elections. Ryk is a strong believer in transparency in government, and took the initiative to open his voting machine testing for the public to observe, so I decided to go on a little field trip.
|
|
October 10 2008: File Vault's Dirty Little Secrets
http://zdziarski.com/papers/filevault.html
There's a certain amount of spookiness that goes on over Apple's File Vault encryption. As everyone knows, it's very difficult to get into anything that's encrypted without the proper keys. A number of cryptanalytic attacks, as well as a brute forcer (vfcrack), have long since been written for the File Vault, so lets assume for a minute that you already have the key - either by means of a cold-boot attack, court order, surveilling a suspect, using a keyboard logger, or other means. Once you get past this, there's still a lot of ambiguity about just how well your data (and in particular, deleted data) is protected.
This brief how-to explains exactly how you can mount a file vault (with the key) to obtain the raw disk image. It will also illustrate how deleted data can be preserved inside a File Vault, and how a free space wipe does nothing to purge deleted data from inside one. The protection offered by an encrypted volume seems to aggravate other security issues, possibly making your deleted data less secure.
|
|
September 20, 2008: Plugging the iPhone Screenshot Leak
I recently did a forensics webinar about cracking the iPhone's passcode, in which I demonstrated some of the techniques from my latest book. I cited the fact that the iPhone takes
screen grabs every time you push the home button, so that the 3D "zoom" effect
can be processed when the application zooms in and out, when suspending and
resuming applications. Many people asked me if there was a way to disable this
writing to disk, so that screenshots couldn't be recovered forensically. I did
some further digging and found that the screenshots themselves actually get
written to /var/mobile/Library/Caches/Snapshots. If you delete this folder and
symlink it to /dev/null, the screenshots don't get written to disk. The side
effect to this is that when resuming an application, you'll get the default
screen in the zoom-in effect. Once the application resumes, however, you'll have
your application screen back. For example, your mail application will always
zoom to the front as if you had an empty inbox, but will quickly correct itself
once the application resumes. On a jailbroken iPhone, you can disable these
screenshots with the following commands:
# rm -rf /var/mobile/Library/Caches/Snapshots
# ln -s /dev/null /var/mobile/Library/Caches/Snapshots
To return to the default behavior, just delete the symlink and the directory
will get recreated. Mind you, this has no effect on the many other pieces of data stored on the iPhone, and therefore your iPhone will always be at risk for leaking private data, especially to seasoned forensic examiners. To find out what
else your iPhone leaks, you'll have to buy the book :)
|
 |
September 19, 2008: US Air: Now Spamming Customers In-Flight
Everyone has that super-cheap uncle who separates two-ply toilet paper to make
it last longer. US Air apparently hired thousands of super-cheap uncles to put
together their latest panty raid for $1s and $5s of their passengers, and has
made some changes that are cheap enough to embarrass even the in-laws. You'll
notice this even prior to boarding, when you print your boarding pass online and
are prompted to pay an extra $5 or $10 if you'd like any coach seats that are
now considered to be "premium seats"; namely, those by the window, aisle, or
near the middle of the aircraft - yeah, apparently it's considered "premium" to
only have to smell the armpits of one other passenger instead of two.
Once boarded, however, things rapidly travel downhill fast. Thirsty? You'll be
shelling out a couple of bucks for some water or a can of soda - even if your
flight sits on the ground for an extra two hours. And speaking of sitting on
the ground, don't get too comfortable if you get stuck on the tarmac. My last
flight had a full cabin of people dozing off peacefully during an hour long wait to
take off only to be awoken once in flight; the flight attendants turned on
all of the lights in the cabin and began loudly announcing that Bank of
America would like to give us an opportunity to sign up for a new credit card.
That's right - US Air started spamming us in person! After ensuring everyone
was awake to make sure all had the chance to take advantage of this opportunity,
the flight attendants (who think they're TSA agents, judging by their attitude) proceeded to pass out applications for these cards, to which I suggested to
them a better place they could put them. Nickel and diming us for seats
and beverages, then spamming me while I try to sleep - how oblivious to
customer satisfaction is this airline? Sadly, and with much discomfort, I'm
afraid I must recommend to anyone reading this to steer as far away from
US Air as possible; that is, unless you can appreciate cheapness, and like
to have spam read to you in person. Never again for me.
|
 |
July 29, 2008: Read the Greek New Testament in One Year
I've been casually reading biblical Greek for a couple years now, but decided
to finally study the New Testament as a whole. There are 260 chapters in
the NT, which coincides with the number of weekdays in the year, and so my
plan is to take some time each week-night and study a chapter in Greek.
What's involved in studying the Greek? Well there's reading the critical
text (NA27), and studying the vocabulary, but much of the work is in reading
all of the different variations in the footnotes. A friend mentioned that you
really get to appreciate the quality of certain papyrus witnesses when you
do this. Anywho, for anyone interested in exactly how one might study the
New Testament in Greek, you'll need a few simple reading materials:
You may also want to grab a good Bible dictionary, such as Tyndale, which will
show you how many words were used in the context of the church. This will help
balance you out between an un-indoctrinated version and a liturgical version of various words and phrases. It's a lot of work, but you'll notice almost
immediately that reading the New Testament in Greek is kind of like drinking
whiskey. It's very strong and has bite compared to its watered down English
counterpart. It's definitely the only way to know what the NT is really
trying to say, and even at that, requires a lot of background research to
fully understand. Once you start digging in, you'll find yourself reading
other beautiful works such as those of the historian Flavius Josephus, who
adds considerable depth to the convictions of the Jews, and adds further
background to the meaning of various terms, such as "Binding and Loosing". The
journey for understanding really never ends, and that's what makes it so
satisfying.
|
 |
May 29, 2008: Full Disclosure and why Vendors Hate Loathe it
http://zdziarski.com/papers/fulldisclosure.html
In a capitalist society, it is the consumer's responsibility to hold a
corporation accountable. This is not possible if the corporation is
controlling the flow of information. The problem with too many secrets is
that they frequently rub against the notion of privacy. Secrets can be a hindrance to privacy because it leaves the consumer exposed. It sure does benefit the vendor though.
|
|
May 16, 2008: Refurbished iPhone Reveals Customer Data
A few days ago, I posted a discovery in that personal data remains intact
(in deleted portions of the file system) following a full iPhone restore.
As it turns out, Apple themselves may not have been aware of this. Thank goodness,
otherwise identity theft might actually be, like, hard. A detective from the
Oregon State Police, whom I've verified, notified me this afterrnoon that an
out-of-the-box refurbished iPhone he purchased directly from Apple contained
recoverable personal data. This included email, personal photos, and even financial
information that he was able to recover using my forensic toolkit.
Needless to say, the original owner was quite surprised. He informed me that the
device had been returned to Apple under a warranty exchange only a few months ago,
suggesting that Apple has been using an insecure refurbishing process for the past
year. Here are some blurred screenshots of just some of the data recovered: [removed]
|
 |
March 28, 2008: MIT Spam Conference Concludes
The MIT Spam Conference concluded today with some great talks by various
researchers in the field. I was particular sorry that I arrived late to miss
Kathy Liszka's talk on "Neural Networks for Image Spam", as the tail end of
it appeared very good. One thing I did notice that was quite refreshing about
this year's conference was that there were a few fresh faces, like Kathy, who
were very passionate and enthusiastic about the subjects they were talking
about, having an almost child-like giddiness (as in a "candy store" sort of way) zeal for what they were working on. It's very hard to find people who have been in the field who still consider it that exciting, and these are the ones from
whom the best technology typically emerges.
I was also honored with the award for "best overall paper" for the 2008
conference, which is available for download here, and is titled "Reasoning-Based Adaptive Parsing". The presentation
will be available on the conference website shortly. I'm glad people were
so inspired by it. Hopefully, I provided enough of a solid level of technical
content to help people realize that not all enterprise corporations are evil, secretive empires who engage academic conferences with brand whoredom on their mind.
The Spam Conference appears to be turning over a new leaf and returning to the
academic field. Now that they've switched the cameras off and gotten rid of the
press, the conference is beginning to feel like a true classroom experience
once again. The "workshops", which are really round-table type discussions,
were intriguing, and the vendor whoredom was kept to a minimum. In addition
to this, the first day of the conference was in a relatively small classroom,
allowing for a more personal feel. I look forward to seeing how next year's goes - hopefully it
will continue in this direction.
|
|
March 25, 2008: Tales from the Apple Store
Last night marked a unique event in history. The Apple Store in Cambridge MA
allowed me to come in through the front door and deliver a keynote to some 200+ people
as they hosted the Mobile Monday Boston conference. In spite of the sheer
chaos of fitting so many people into such a small store, and the generally
poor acoustics of a mall, what the conference lacked in elegance was quickly
made up for in quality of content. I was invited to speak at the SDK party about
the long hacking history of the iPhone, and made no bones about putting
a stake in the ground as the open source community's claim
to third-party application development as being the first
on the scene, since August 2007. In addition to that, I praised Apple for
such a remarkable device - the first mobile device that, rather than being
some chopped up version of a desktop OS, was a full blown Leopard OS that had
been augmented with additional frameworks and tools for interfacing with
the iPhone's proprietary form factor. I spent a little time highlighting the
big differences between Apple's SDK and the tride-and-true Open Source
SDK, which uses the authentic low-level APIs that Apple's applications have shown to use. It's amazing
to think that the open source community has now estimated approximately two
million iPhones to be running third-party jailbreak software and the community
Installer - that's 40% of the total iPhone market! Apple can only hope for
this same level of penetration into the market, and in fact likely won't get
it unless they also cater to the 1/3rd of the market running unlocked iPhones
on other networks (something the Installer does interoperate with). As I
said last night, the open source community is dominating, but we welcome our
new enterprise friends into iPhone development. It's about time you got here -
it's been a lonely eight months without you!
The iPhone SDK: APIs Apple Didn't Want You to Know About
Jail-Breaking iPhones and Other Tales from the Apple Store
|
|
March 5, 2008: Reasoning-Based Adaptive Language Parsing
http://www.zdziarski.com/papers/parsing.pdf
Language classification typically employs a parser using a static set of parsing rules.
This presents a problem for learning machines needing to parse different languages, many with different structural rules. Hand-written rules can also provide less-than-optimal parsing even for languages they were designed for, as
subcomponents of words can sometimes be more useful. This paper introduces a
technique to adaptievely reprogram a language parser to generate the most
useful possible data, without any prior knowledge of a language or lexicon.
|
|
|
|
