francescomecca.eu/_site/page2/index.html
2017-03-17 20:54:44 +01:00

540 lines
25 KiB
HTML

<!DOCTYPE html>
<html lang="en-us">
<head>
<link href="http://gmpg.org/xfn/11" rel="profile">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<!-- Enable responsiveness on mobile devices-->
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1">
<title>
Caught in the Net &middot; La rete ti cattura ma libera il pensiero
</title>
<!-- CSS -->
<link rel="stylesheet" href="/public/css/poole.css">
<link rel="stylesheet" href="/public/css/syntax.css">
<link rel="stylesheet" href="/public/css/hyde.css">
<!-- Icons -->
<link rel="apple-touch-icon-precomposed" sizes="144x144" href="/public/apple-touch-icon-144-precomposed.png">
<link rel="shortcut icon" href="/public/favicon.ico">
<!-- RSS -->
<link rel="alternate" type="application/rss+xml" title="RSS" href="/atom.xml">
</head>
<body class="theme-base-09">
<div class="sidebar">
<div class="container sidebar-sticky">
<div class="sidebar-about">
<h1>
<a href="/">
Caught in the Net
</a>
</h1>
<p class="lead"></p>
</div>
<nav class="sidebar-nav">
<a class="sidebar-nav-item" href="/">Home</a>
<a class="sidebar-nav-item" href="/about/">About</a>
<a class="sidebar-nav-item" href="/archive/">Archive</a>
<a class="sidebar-nav-item" href="/contattami/">Contact me</a>
<a class="sidebar-nav-item" href="/feed.xml">RSS</a>
<a class="sidebar-nav-item" href="http://francescomecca.eu:3000/explore/repos">Personal Git</a>
<a class="sidebar-nav-item" href="https://github.com/FraMecca">Github</a>
<span class="sidebar-nav-item" href="" >Powered by Jekyll and Hyde</span>
</nav>
<p>&copy; 2017. CC BY-SA 4.0 International </p>
</div>
</div>
<h3 class="masthead-title">
<a href="/" title="Home">Caught in the Net</a>
</h3>
<div class="content container">
<div class="posts">
<div class="post">
<h1 class="post-title">
<a href="/pescewanda/2016/07/06/IM-services/">
Phone messaging apps comparison
</a>
</h1>
<span class="post-date">06 Jul 2016</span>
<p>I made this chart for a presentation at the <a href="https://cyber.law.harvard.edu/">Berkman Klein Center</a></p>
<table><thead>
<tr>
<th></th>
<th style="text-align: center">Whatsapp</th>
<th style="text-align: center">Telegram</th>
<th style="text-align: right">Signal</th>
</tr>
</thead><tbody>
<tr>
<td>Source code</td>
<td style="text-align: center">closed source</td>
<td style="text-align: center">open source</td>
<td style="text-align: right">open source</td>
</tr>
<tr>
<td>Api</td>
<td style="text-align: center">none</td>
<td style="text-align: center">various</td>
<td style="text-align: right">library</td>
</tr>
<tr>
<td>Encription protocol</td>
<td style="text-align: center">state of the art</td>
<td style="text-align: center">self made</td>
<td style="text-align: right">state of the art</td>
</tr>
<tr>
<td>Contact list location</td>
<td style="text-align: center">cloud</td>
<td style="text-align: center">cloud</td>
<td style="text-align: right">cloud, encrypted</td>
</tr>
<tr>
<td>Forward Secrecy</td>
<td style="text-align: center">yes</td>
<td style="text-align: center">yes</td>
<td style="text-align: right">yes</td>
</tr>
<tr>
<td>Database</td>
<td style="text-align: center">phone storage</td>
<td style="text-align: center">cloud</td>
<td style="text-align: right">phone storage</td>
</tr>
<tr>
<td>Backup capability</td>
<td style="text-align: center">Icloud or Gcloud</td>
<td style="text-align: center">builtin</td>
<td style="text-align: right">none</td>
</tr>
<tr>
<td>Revenue</td>
<td style="text-align: center">ads (Facebook)</td>
<td style="text-align: center">donation based</td>
<td style="text-align: right">donation based</td>
</tr>
<tr>
<td>Federation</td>
<td style="text-align: center">no</td>
<td style="text-align: center">no</td>
<td style="text-align: right">no</td>
</tr>
<tr>
<td>Alternative download location</td>
<td style="text-align: center">website</td>
<td style="text-align: center">F-Droid</td>
<td style="text-align: right">none</td>
</tr>
<tr>
<td>Uses third party services</td>
<td style="text-align: center">no</td>
<td style="text-align: center">no</td>
<td style="text-align: right">Google Cloud Messaging</td>
</tr>
<tr>
<td>Servers location</td>
<td style="text-align: center">US</td>
<td style="text-align: center">Russia</td>
<td style="text-align: right">US</td>
</tr>
<tr>
<td>Tied to mobile number</td>
<td style="text-align: center">yes</td>
<td style="text-align: center">yes, but nickname available</td>
<td style="text-align: right">yes</td>
</tr>
<tr>
<td>Desktop client</td>
<td style="text-align: center">no</td>
<td style="text-align: center">yes</td>
<td style="text-align: right">no</td>
</tr>
</tbody></table>
</div>
<div class="post">
<h1 class="post-title">
<a href="/pescewanda/2016/07/05/arduino_keyboard/">
Arduino Uno as HID keyboard
</a>
</h1>
<span class="post-date">05 Jul 2016</span>
<p>Turin is the hometown of Arduino. I have been at the <a href="http://fablabtorino.org/">fablab</a> multiple times but I had to come all the way to America to get my hands on a simple Arduino Uno.</p>
<p>For 60$ I bought a cheap (but still good!) mechanical keyboard by Qisan, a clone of the Arduino Uno and a USB host shield.</p>
<p>Given that is 3 years since I have been using a dvorak layout and it&#39;s a pain to change layout on every machine that you have to use.
You can imagine that given this three pieces of hardware together I put together an hardware key mapper for the keyboard.</p>
<p>I have never had experience with Arduino before but it was not that difficult to make it do simple things like blinking the led or send signal through to a serial monitor.</p>
<p>It took me half an hour to wear down all my excitement: the USB Host Shield library broke all the compatibility with the similar project I found wandering online.</p>
<p>In particular <a href="http://hunt.net.nz/users/darran/">this blog</a> has the most precious information and the guy wrote a HID driver that allows the Uno to be seen as a HID device.</p>
<p>It was a noob error but I didn&#39;t checked the various arduino alternatives and I discovered late that just a few have the HID capabilities that would make this work easier. I should have bought and Arduino Due or Leonardo maybe.</p>
<p>Also, the various guides about flashing with a dfu tool are specific to older models of the Uno and it took me some time to figure the name of the new components so that I could flash a new firmware.</p>
<h2 id="a-small-journey-in-the-arduino-world">A small journey in the Arduino world</h2>
<p>It feels pretentious to write a little guide for this kind of work, given also the fact that I have roughly 10 hours of experience with the Arduino. But the other resources are really outdated so I hope this piece can be useful to someone out there.</p>
<p>All the files I have used today are on <a href="http://francescomecca.eu:3000/pesceWanda/arduino_HID_keyboard">my repos</a> and I included also an outdated version of the USB Host Shield library that I used.</p>
<p>The original code from this <a href="http://hunt.net.nz/users/darran/weblog/c6f35/Arduino_USB_Keyboard_Passthrough.html">blog post</a> works like a charm but just as a simple passthrough.</p>
<p>It was not difficult at all to examine the code:
during each loop of the iteration a char array gets read from the shield and if it is contains information Arduino with the Serial.Write method send the data to the host.</p>
<p>The buffer array is a simple array of length 8 and the first two positions are reserved. In particular the first one represent the various modifier keys.</p>
<p>The dvorak layout has the same pairs as the US layout but eventually I got used to having the &#39;@&#39; where at the same place of &#39;Q&#39; (qwerty) and &#39;&quot;&#39; over the &#39;2&#39;.
Also, I am an avid vim user (I should thank Simone Basso for that) and I swapped some keys on the new 65 keys keyboard.
The modifier bit at the beginning of the array came in handy for my code.</p>
<p>An hardware key remapper is a simple but long switch C statement but I decided to consider also the modifier bit: in this way certain keys like the Window (UGH!) key is mapped to a different layer of keys.
I got all the codes for the HID events <a href="http://www.freebsddiary.org/APC/usb_hid_usages.php">here</a>.</p>
<p>The process of flashing the code on the Uno goes like this:</p>
<ul>
<li>write the looping code;</li>
<li>push it to the Arduino using the IDE;</li>
<li>shortcircuit the board so that it goes in DFU mode;</li>
<li>flash the .hex HID firmware;</li>
<li>try your code;</li>
<li>repeat until it&#39;s right.</li>
</ul>
<p><img src="/wp-content/uploads/2016/IMG_20160706_011304.jpg" alt="Everything fits in one picture"></p>
<h2 id="flashing-the-firmware">Flashing the firmware</h2>
<p>The firmware is in my repo but I got it from (here)[<a href="http://hunt.net.nz/users/darran/weblog/a6d52/Arduino_UNO_Keyboard_HID_version_02.html">http://hunt.net.nz/users/darran/weblog/a6d52/Arduino_UNO_Keyboard_HID_version_02.html</a>].
The tool I used to flash it is dfu-programmer (version 0.62).
Every time you want to flash a new firmware the Arduino must be put in DFU mode (you can see the difference with lsusb).
To do that simply create a shortcircuit using a small metal wire on the two pins near the reset button and a led will blink.
This <a href="https://www.youtube.com/watch?v=E8XyRwXQr8Q">video</a> shows the method briefly (no real need for a jumper).
The commands are the following and there is no risk to brick the Uno:</p>
<div class="highlight"><pre><code class="language-" data-lang="">dfu-programmer atmega16u2 erase
dfu-programmer atmega16u2 flash Arduino-keyboard-0.2.hex
dfu-programmer atmega16u2 reset
</code></pre></div>
<p>After each flashing the device needs to be disconnected once. Of course you can flash the original firmware back. It is included in my repo or on the official ones.</p>
<p><img src="/wp-content/uploads/2016/IMG_20160706_011143.jpg" alt="Arduino and the shield"></p>
<p>That&#39;s it, as you can see is not difficult at all. The worst part is gathering the various info that are left dormant in blogs or forums.</p>
</div>
<div class="post">
<h1 class="post-title">
<a href="/pescewanda/2016/05/16/lifehacks2/">
Lifehacks (2)
</a>
</h1>
<span class="post-date">16 May 2016</span>
<ul>
<li><p>If you&#39;re at a party and you don&#39;t know anyone, make it a point to meet the host and introduce yourself. The host can introduce you to other guys/girls and it scores you points.</p></li>
<li><p>Never buy high-end cables, and never buy cables at retail. Cables have higher profit margins than almost everything except extended warranties. Despite what the marketing and sales people will tell you, there is no difference. Need a computer cable? Order it from a wholesaler online. That USB cable that your printer requires will cost you $25 at Staples and $1.50 at Newegg.</p></li>
<li><p>Never quote an entire post unless it&#39;s shorter than the one you write in response.</p></li>
<li><p>Don&#39;t eat food after 6pm.</p></li>
<li><p>In college, always check the library to see if the teacher is using a test bank.</p></li>
</ul>
</div>
<div class="post">
<h1 class="post-title">
<a href="/pescewanda/2016/05/15/genetic-alg/">
Interpolation using a genetic algorithm
</a>
</h1>
<span class="post-date">15 May 2016</span>
<p>This weekend I was in Milan to get a visa and I had the opportunity to work with a friend, Michele, on genetic algorithms.
It was the first time I dig up in such field and it was very exciting.
In this post I want to explain some bits of our work.</p>
<h2 id="a-brief-introduction-to-ga">A brief introduction to GA</h2>
<p>A genetic algorithm is a search/optimization algorithm that uses an heuristic approach to reduce the search space and evolve gradually to a solution.</p>
<h4 id="population">Population</h4>
<p>It is an algorithm that has its root in the theory of natural selectioni by Charles Darwin.
The main components of a GA are:</p>
<ul>
<li>the population, that concentrate all the available solutions at a given time;</li>
<li>the fitness function, that gives an approximation of the quality of the solution codified by a given member of the population.</li>
</ul>
<p>In a GA the first thing to do is to generate a population.</p>
<p>A population is a group of objects with given attributes, usually a string, and they contains in some form the solution (usually inside a string); the first population is randomly generated and contains a big number of solutions, but not every solution (this is not a bruteforce approach).</p>
<p>After this step the fitness functions evaluates the quality of every solution that a given member carries: the evaluation should be considered from a bottom up point of view.</p>
<h4 id="reproduction">Reproduction</h4>
<p>Now, as in Darwin&#39;s theory of evolution, the member of the population are going to &quot;reproduce&quot;: two members are going to be coupled to generate a new member of the second generation and every child member will contain a solution that is the product of the original genes of their parent members.</p>
<p>This time the reproduction of the population into a second one is not entirely random. The fitness function gives us an approximation of the quality of every gene that a member carries and by the rule of the &quot;survival by the fittest&quot; the probability that a member is going to reproduce with another one is proportional to the quality of its genes.</p>
<p>When we have a second generation of members we can recur on our GA and generate a third generation. From this point we can recur until we converge to a solution that is common to every member, or at least that is suited to our needs.</p>
<h4 id="mutation">Mutation</h4>
<p>Actually, in some cases, a mutation function can be added, so that, like in real world, some times the genes are &quot;scrambled&quot; indipendently from the fitness function.</p>
<p>There is more to a GA, for example we could talk about possible ways of storing the genes inside a member or when to use mutation, anyway I want to stop here and continue with an analysis of my problem.</p>
<h2 id="interpolating-a-function-using-a-ga">Interpolating a function using a GA</h2>
<p>Me and Michele decided to spend some time developing a little python script to explore GA capabilities and we decided to interpolate some points on a cartesian plane.</p>
<p>Our program, that is available <a href="http://francescomecca.eu:3000/pesceWanda/interpol_genetica">here</a> uses a class to define the various members of the population and a string for the genes, a class as well for the points on the plane.</p>
<p>The fitness function is not as precise as it should be because this is only a proof of concept:</p>
<figure class="highlight"><pre><code class="language-python" data-lang="python"><span class="n">mutationProbability</span> <span class="o">=</span> <span class="mf">0.1</span>
<span class="n">rangeLimit</span> <span class="o">=</span> <span class="mi">5</span>
<span class="k">def</span> <span class="nf">fitness</span><span class="p">(</span><span class="n">item</span><span class="p">,</span> <span class="n">pointList</span><span class="p">,</span> <span class="n">n</span><span class="p">):</span>
<span class="n">value</span> <span class="o">=</span> <span class="mi">0</span>
<span class="k">for</span> <span class="n">p</span> <span class="ow">in</span> <span class="n">pointList</span><span class="p">:</span>
<span class="n">y</span> <span class="o">=</span> <span class="mi">0</span>
<span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nb">range</span><span class="p">(</span><span class="n">n</span><span class="p">):</span>
<span class="n">y</span> <span class="o">+=</span> <span class="n">item</span><span class="o">.</span><span class="n">gene</span><span class="p">[</span><span class="n">i</span><span class="p">]</span> <span class="o">*</span> <span class="nb">pow</span><span class="p">(</span><span class="n">p</span><span class="o">.</span><span class="n">x</span><span class="p">,</span> <span class="n">i</span><span class="p">)</span>
<span class="n">result</span> <span class="o">=</span> <span class="mi">1</span> <span class="o">-</span> <span class="p">(</span><span class="nb">abs</span> <span class="p">(</span><span class="n">p</span><span class="o">.</span><span class="n">y</span> <span class="o">-</span> <span class="n">y</span><span class="p">)</span> <span class="o">/</span> <span class="n">rangeLimit</span><span class="p">)</span>
<span class="k">if</span> <span class="n">result</span> <span class="o">&lt;</span> <span class="mi">0</span><span class="p">:</span>
<span class="n">result</span> <span class="o">=</span> <span class="mi">0</span>
<span class="n">value</span> <span class="o">+=</span> <span class="n">result</span>
<span class="k">return</span> <span class="n">value</span> <span class="o">/</span> <span class="n">n</span></code></pre></figure>
<p>item is just a member of the population, poinList is the list of points and n is the number of points (n - 1 is the grade of the function).</p>
<div class="highlight"><pre><code class="language-" data-lang="">for i in range(n):
y += item.gene[i] * pow(p.x, i)
</code></pre></div>
<p>this piece of code gives us the value of the function encoded in the genes in the points of pointList;</p>
<div class="highlight"><pre><code class="language-" data-lang="">result = 1 - (abs (p.y - y) / rangeLimit)
if result &lt; 0:
result = 0
</code></pre></div>
<p>while here the script stores 1 - the previous result because if the GA has yield a good result there should be distance = 0 from the function evaluated and the points; If this is the case, the fitness function should attribute the highest possible reproduction probability for that member.
At the end the fitness function returns the total value over the number of points evaluated.</p>
<p>As you can see this fitness function is by no means an optimal one. The reproduction probability is higher for functions that crosses some points and are really distant from others rather than for functions that are closer to every point but crosses none.
Anyway for simple cases the GA yields good results, as an example for points (0 0), (1 4), (2 9) one of the member with the highest reproduction probability has this function in its genes:</p>
<div class="highlight"><pre><code class="language-" data-lang="">-0.0487839869993989 * x^0 + 4.600339125358671 * x^1 + -0.2780958075230644 * x^2
</code></pre></div>
<p>that crosses this points: (0 -0.0488), (1 4.2735), (2 8.0395) given 80 iterations, initial population of 600 members and a two digit approximation.</p>
<p>For a more precise computation a higher population size and a really high number of iterations should be used.</p>
</div>
<div class="post">
<h1 class="post-title">
<a href="/pescewanda/2016/05/03/satoshisignature/">
Why Wright's proof is a fake
</a>
</h1>
<span class="post-date">03 May 2016</span>
<p>I explained in my previous <a href="http://francescomecca.eu/pescewanda/2016/04/17/wright-nakamoto/">post</a> (in italian) that the signature that Wright provided as a public proof is in fact invalid.
I want to explain briefly how you could check this claim.
The key in Wright&#39;s <a href="http://www.drcraigwright.net/jean-paul-sartre-signing-significance/">post</a> is this:</p>
<div class="highlight"><pre><code class="language-" data-lang="">------------------------- Signature File -------------------------
MEUCIQDBKn1Uly8m0UyzETObUSL4wYdBfd4ejvtoQfVcNCIK4AIgZmMsXNQWHvo6KDd2Tu6euEl1
3VTC3ihl6XUlhcU+fM4=
------------------------- End Signature --------------------------
</code></pre></div>
<p>Now we can use some bash utilities:</p>
<ul>
<li>base64, that translates encoded ASCII text;</li>
<li>hexdump, that displays hexadecimal contents from the input;</li>
<li>cut, used to remove the binary part of the input;</li>
<li>tr, used to delete spaces and carriage return from the input;</li>
</ul>
<div class="highlight"><pre><code class="language-" data-lang="">base64 -d &lt;&lt;&lt;'MEUCIQDBKn1Uly8m0UyzETObUSL4wYdBfd4ejvtoQfVcNCIK4AIgZmMsXNQWHvo6KDd2Tu6euEl13VTC3ihl6XUlhcU+fM4=' | hexdump -C| cut -b 11-60| tr -d ' \n'
3045022100c12a7d54972f26d14cb311339b5122f8c187417dde1e8efb6841f55c34220ae0022066632c5cd4161efa3a2837764eee9eb84975dd54c2de2865e9752585c53e7cce
</code></pre></div>
<p>Let&#39;s analyze the command one by one:</p>
<ul>
<li><code>base64 -d</code> decodes the redirected string, the output is some gibberish characters so I won&#39;t display them here;</li>
<li><code>hexdump -C</code> is used with a pipe to convert to hexadecimal:</li>
</ul>
<div class="highlight"><pre><code class="language-" data-lang="">00000000 30 45 02 21 00 c1 2a 7d 54 97 2f 26 d1 4c b3 11 |0E.!..*}T./&amp;.L..|
00000010 33 9b 51 22 f8 c1 87 41 7d de 1e 8e fb 68 41 f5 |3.Q"...A}....hA.|
00000020 5c 34 22 0a e0 02 20 66 63 2c 5c d4 16 1e fa 3a |\4"... fc,\....:|
00000030 28 37 76 4e ee 9e b8 49 75 dd 54 c2 de 28 65 e9 |(7vN...Iu.T..(e.|
00000040 75 25 85 c5 3e 7c ce |u%..&gt;|.|
</code></pre></div>
<ul>
<li>cut -b 11-60 displays only the characters from column 11 to 60:</li>
</ul>
<div class="highlight"><pre><code class="language-" data-lang="">30 45 02 21 00 c1 2a 7d 54 97 2f 26 d1 4c b3 11
33 9b 51 22 f8 c1 87 41 7d de 1e 8e fb 68 41 f5
5c 34 22 0a e0 02 20 66 63 2c 5c d4 16 1e fa 3a
28 37 76 4e ee 9e b8 49 75 dd 54 c2 de 28 65 e9
75 25 85 c5 3e 7c ce
</code></pre></div>
<ul>
<li><code>tr -d &#39; \n&#39;</code> is used to delete spaces and carriage returns from the output so that is shown in one line and it gives us the final result:</li>
</ul>
<div class="highlight"><pre><code class="language-" data-lang="">3045022100c12a7d54972f26d14cb311339b5122f8c187417dde1e8efb6841f55c34220ae0022066632c5cd4161efa3a2837764eee9eb84975dd54c2de2865e9752585c53e7cce
</code></pre></div>
<p>If you noticed, there is also another cleartext string at the beginning of Wright&#39;s post:</p>
<div class="highlight"><pre><code class="language-" data-lang="">$ base64 -d &lt;&lt;&lt;'IFdyaWdodCwgaXQgaXMgbm90IHRoZSBzYW1lIGFzIGlmIEkgc2lnbiBDcmFpZyBXcmlnaHQsIFNhdG9zaGkuCgo='
Wright, it is not the same as if I sign Craig Wright, Satoshi.
</code></pre></div>
<p>Now let&#39;s head to blockchain.info.
Blockchain.info has a little <a href="https://blockchain.info/decode-tx">utility</a> to get hexadecimal informations out of a transaction on the blockchain, so let&#39;s use it to get the related info about this transaction:</p>
<p><a href="https://blockchain.info/tx/828ef3b079f9c23829c56fe86e85b4a69d9e06e5b54ea597eef5fb3ffef509fe">tx/828ef3b079f9c23829c56fe86e85b4a69d9e06e5b54ea597eef5fb3ffef509fe</a>
<a href="https://blockchain.info/tx/828ef3b079f9c23829c56fe86e85b4a69d9e06e5b54ea597eef5fb3ffef509fe?format=hex">tx/828ef3b079f9... in hexadecimal</a></p>
<p>As you can see the entire output of the first bash command, that is
<code>
3045022100c12a7d54972f26d14cb311339b5122f8c187417dde1e8efb6841f55c34220ae0022066632c5cd4161efa3a2837764eee9eb84975dd54c2de2865e9752585c53e7cce
</code>
is contained in:
<code>
&quot;script&quot;:&quot;483045022100c12a7d54972f26d14cb311339b5122f8c187417dde1e8efb6841f55c34220ae0022066632c5cd4161efa3a2837764eee9eb84975dd54c2de2865e9752585c53e7cce01&quot;
</code>
except for the 48 at the beginning and the 01 at the end.</p>
<p>That is a signature hash:
this <a href="https://en.bitcoin.it/wiki/List_of_address_prefixes">page</a> explains that the 48 is just a decimal prefix given to uncompressed transactions, and the 01 at the end is just a SIGHASH_ALL <a href="https://bitcoin.org/en/glossary/signature-hash">code</a> that flags the end of the signature.</p>
<h2 id="so-is-it-a-fake">So, is it a fake?</h2>
<p>Yes, indeed.
At the end, I ask, why would you choose anything else than the easiest and most conclusive way to prove something?</p>
<p><img src="/wp-content/uploads/2016/satosh.jpg" alt="Wright &quot;signs&quot; the blockchain"></p>
</div>
</div>
<div class="pagination">
<a class="pagination-item older" href="/page3">Older</a>
<a class="pagination-item newer" href="/">Newer</a>
</div>
</div>
<!--<link rel="alternate" type="application/rss+xml" title="Francesco Mecca RSS" href="/feed.xml">-->
</body>
</html>