Tuesday, February 22, 2005

How did Jamul get its name?

With a half-hour of googling, I could find very little information on the web about the origins of the name "Jamul". I did locate this site: Silvas in Old Town San Diego, which makes the assertion that Jamul is derived from "hamull", a Kumeyaay word that means "greens used for food". The site says further that the Kumeyaay named places according to what they saw at that place. They make no citations about sources for this information (though there are citations for other things, and a bibliography), so I have no way to judge its accuracy.

As I was doing this research, I happened across a paper posted on the San Diego Historical Society site about a piece of Jamulian history I'd never heard of: the Jamul Portland Cement Works. It's a fascinating read if you're interested in the small details of local history. But a search of the San Diego Historical Society's site led to an even more interesting article about the Jamul Massacre of 1837. I had no idea any such thing had occurred here!

SHA-1 broken

Bruce Schneier reports (on his excellent "Schneier on Security " blog) that SHA-1 has been broken. Many of you have never heard of SHA-1, so a brief explanation is in order: SHA-1 is the most commonly used "cryptographic hash" — a specialized software or hardware function that is used as a kind of building block for many kinds of cryptographic systems. For example, the certificates that your web browser decodes (to let you use secure web sites) depend on cryptographic hashes.

Bruce's posting is an interesting read, and contains a pointer to a short paper by the three Chinese scientists who actually did the breaking. As Bruce points out, the sky is not falling:

For the average Internet user, this news is not a cause for panic. No one is going to be breaking digital signatures or reading encrypted messages anytime soon. The electronic world is no less secure after these announcements than it was before.

But there's an old saying inside the NSA: "Attacks always get better; they never get worse." Just as this week's attack builds on other papers describing attacks against simplified versions of SHA-1, SHA-0, MD4, and MD5, other researchers will build on this result. The attack against SHA-1 will continue to improve, as others read about it and develop faster tricks, optimizations, etc. And Moore's Law will continue to march forward, making even the existing attack faster and more affordable.

Jon Callas, PGP's CTO, put it best: "It's time to walk, but not run, to the fire exits. You don't see smoke, but the fire alarms have gone off."

The bar in the (forever) ongoing war between the cryptographers and the cryptanalysts just got raised a bit higher. It reminds me a bit of an earlier technological battle that I participated in, between the copy protection vendors and the folks (like me) who found ways around their clever tricks. Whatever the underlying technology, physics, and mathematics, there always seem to be either mistakes made or unexpected vulnerabilities uncovered that allow the "other side" room to exploit. But there is a huge difference with the cryptographic systems: the world generally (cryptanalysts aside) takes the efficacy of cryptographic systems for granted as they're used every day for secure web browsing, digital signatures, and the like. These systems protect transactions involving immense sums (in aggregate, I mean), and they protect the privacy of all of us — even if you don't use the Internet, information about you is all over it.

So this was for me a somewhat discomfiting news report. The good news, I suppose, is that the team who first managed to break SHA-1 (at least I hope they were the first!) is more interested in publishing their results than they are in exploiting them. Let's hope that's a continuing phenomenon in the cryptographic wars...

Tornadoes in San Diego County?!

What's next? Locusts? Frogs? Volcanic eruptions? From the National Weather Service:

Bulletin - Eas Activation Requested Tornado Warning National Weather Service San Diego CA 248 PM PST Tue Feb 22 2005

The National Weather Service In San Diego Has Issued A

* Tornado Warning For... Orange County In Southwest California This Includes The Cities Of... Westminster... Tustin Foothills... Tustin... Stanton... Santa Ana... San Juan Capistrano... San Clemente... Placentia... Orange... Newport Beach... Mission Viejo... Laguna Niguel... Laguna Hills... Laguna Beach... Irvine... Huntington Beach... Garden Grove... Fullerton... Fountain Valley... El Toro... Dana Point... Costa Mesa... Anaheim Extreme Northwestern San Diego County In Southwest California This Includes The City Of Oceanside... San Onofre

* Until 345 PM PST

* At 247 PM PST... National Weather Service Doppler Radar Indicated A Severe Thunderstorm Capable Of Producing A Tornado 8 Miles South Of Dana Point... Moving North At 25 Mph. Spotters Have Indicated Funnel Clouds And Waterspouts With This Area Of Storms Which Will Likely Move Onshore Over The Next 45 Minutes To An Hour.

* The Tornado Is Expected To Be Near... Newport Beach By 300 PM PST Dana Point By 305 PM PST San Juan Capistrano By 310 PM PST San Onofre... And San Clemente By 315 PM PST

The Safest Place To Be During A Tornado Is In A Basement. Get Under A Workbench Or Other Piece Of Sturdy Furniture. If No Basement Is Available... Seek Shelter On The Lowest Floor Of The Building In An Interior Hallway Or Room Such As A Closet. Use Blankets Or Pillows To Cover Your Body And Always Stay Away From Windows.

If In Mobile Homes Or Vehicles... Evacuate Them And Get Inside A Substantial Shelter. If No Shelter Is Available... Lie Flat In The Nearest Ditch Or Other Low Spot And Cover Your Head With Your Hands.

Lat... Lon 3371 11810 3317 11737 3337 11740 3347 11753 3369 11747 3393 11791

Eleven inches!

Woke up this morning (again!) to the sound of gentle rain falling. Looked at the rain gauge, and...we've now had just over 11 inches for the year-to-date. And it's still raining, and the weather service is predicting two to four inches more for this storm.

Debi and I took a short drive through our valley late yesterday afternoon, just to see what the rainfall's effects had been. Every dirt road (and there are lots of them out here) has erosion gullies on it, and streamlets running through or along them. A friend's property that normally has a dry streambed running through it now has a raging stream, eroding away the banks and falls at a visible rate. And the creek running through Lawson Valley is at levels we've never seen in our six+ years living out here. In some places, culverts under driveways have been overwhelmed, and the creek is flowing over the driveway as if it were a ford. Where the main road traverses the creek, so far the bridges and culverts aren't threatened — but you can see how they might be if we got even more rain! If that should happen, we have an alternate way out of the valley, up a four-wheel drive road that doesn't cross any streams. We normally think of that road as our "fire escape" — but it may turn out to have other uses...