Categories
Technology and Internet

Pixels Camp v3

Like I did in previous years/versions, this year I participated again on Pixels.camp, a kind of conference plus hackathon. For those who aren’t aware, it is one of the biggest (if not the biggest) technology event in Portugal (from a technical perspective not counting with the Web Summit).

So, as I did in previous editions, I’m gonna leave here a small list with the nicest talks I was able to attend.

Lockpicking versus IT security

This one was super interesting, Walter Belgers showed the audience a set of problems in make locks and compared those mistakes with the ones regularly done by software developers.

Al least for me the more impressive parts of the whole presentation were the demonstrations of the flaws on regular (and high security) locks.

Talk description here.


Containers 101

“Everybody” uses containers nowadays, on this talk the speaker took a step back and went through the history and the major details behind this technology. Then he shows how you could implement a part of it yourself using common Linux features and tools.

Talk description here.


Static and dynamic analysis of events for threat detection

This one was a nice overview about Siemens infrastructure for threat detection, their approaches and used tools. It was also possible to understand some of the obstacles and challenges a company must address to protect a global infrastructure.

Talk description here.


Protecting Crypto exchanges from a new wave of man-in-the-browser attacks

This presentation used the theme of protecting crypto-currency exchanges but gave lots of good hints on how to improve security of any website or web application. The second half of the talk focused on a kind of attack called man-in-the-browser and focused on a demonstration of it. In my opinion, this last part was weaker and I left with the impression it lacked details about the most crucial part of the attack while spending a lot of time on less important stuff.

Talk description here.

Categories
Personal Portugal Technology and Internet

Pixels Camp 2016

A few weeks ago took place in Lisbon the first edition of Pixels Camp (aka Codebits 2.0), an event that I try to attend whenever it happens (see previous posts about it). It is the biggest technology focused event/conference in Portugal with a number of attendees close to 1000.

This year the venue changed to LX Factory, even though the place is really cool, it is not as well located as the previous venue, at least to people who don’t live in Lisbon and arrive to the airport. The venue was well decorated and with a cool atmosphere, giving you the feeling that it was the place to be. However, this year there was less room for the teams working on the projects and not everybody was able to get a table/spot (it appeared to me that the venue was a little bit smaller than the previous one).

From the dozens of great talks that were given on the 4 stages of the event, many of whose I was not able to see since I was competing in the 48h programming competition, bellow are two that I really liked:

Chrome Dev Tools Masterclass

IPFS, The Interplanetary Filesystem

If you have some curiosity you may find the remaining on their youtube channel.

All this is great but the main activity of Pixels Camp is the 48h programing competition and this year we had another great batch of cools projects being developed (total of 60, if I remember correctly).

As usual I entered the contest, this time with the fellow Whitesmithians, Rui and Pedro. We chose to develop a GPS based game, you know, since it seemed to be a popular thing this summer and we though the medium still has great potential to do really entertaining stuff.

The idea already had a few years but never had been implemented and at its core was quite simple. It took some ideas from the classic game “pong” and adapted it to be played in a fun way while navigating through a real world area.

We called it PonGO and essentially the users must agree on a playing field, such as city block, a city or even bigger areas, then they connect their phones and the ball starts rolling. The players have to move around with their phones (which they use to see the map and track everyone’s position) trying to catch the ball and throw it to the other side of the map. The player that is able to do it more times wins the game. Here is sketch we did while discussing the project:

Initial Sketch
Initial Sketch

As you can see in the above image, that would be on the phone’s screen, the player (in yellow) reached close enough to the ball so it can play it, now he has to change the direction to one of the opposite sides (marked as green). The other players (in blue), will have to run to catch the ball before it gets out. Spread across the map you can see some power ups that give users special capabilities.

That’s it, it might seem easy but doing it in less that 48h is not. We ended with a working version of the game but the power ups were not implemented due to time constrains. Here are some screenshots of the final result(we used the map view instead of the satellite view so it might look a little different):

In game screenshotsIn game action

 

 

 

 

 

 

 

 

 

The code itself is a mess (it was an hackathon what were you expecting) and can be found here and here.

At the end, it was a great event as usual and I would also like to congratulate some of my coworkers at Whitesmith that took home the 7th place in the competition. Next year I hope to be there again (and you should too).

Categories
Technology and Internet

An heavy chat application

Following up the quote I pointed some time ago in an entry entitled “Bloat”, I will let here one good example. I know Slack it is a great application and it has some complex features, yet I don’t see any reason for any chat program to steal almost 900 Megabytes of my computer’s memory.

slack memoryNote: I know the version I am using is still in beta but c’mon guys that’s too much.

Categories
Technology and Internet

“Bloat”

Last week I’ve read a great post entitled “Web Design: The First 100 Years“, it is a long one but definitely worth reading. I will just leave here a quote (3 short paragraphs) because it puts into words something that already crossed my mind multiple times.

“A further symptom of our exponential hangover is bloat. As soon as a system shows signs of performance, developers will add enough abstraction to make it borderline unusable. Software forever remains at the limits of what people will put up with. Developers and designers together create overweight systems in hopes that the hardware will catch up in time and cover their mistakes.

We complained for years that browsers couldn’t do layout and javascript consistently. As soon as that got fixed, we got busy writing libraries that reimplemented the browser within itself, only slower.

It’s 2014, and consider one hot blogging site, Medium. On a late-model computer it takes me ten seconds for a Medium page (which is literally a formatted text file) to load and render. This experience was faster in the sixties.” Maciej Cegłowski

Categories
Random Bits

Folding@Home

Recently I’ve started “folding” again, to give a small contribution to science and research on important topics such as Alzeimer’s disease among others (as the above video shows). After 2 previous failed attempts (the old computer could not handle it), I’m currently on my longest streak and have just completed the first 100 work units. I know that many people would like to contribute to a project like this but simply don’t know of its existence. So sharing is important.

With almost 15 years, the project continues to thrive and the performance of the overall system continues to grow, mostly pushed by the advances of technology, because the participation, as Wikipedia shows, is far from its peak of 450k processors in 2011. During its existence the team responsible for the project was able to publish 118 scientific papers, based on the results obtained by the collaborative work done by all personal computers that joined the network. It is a visible amount of work that is certainly important in humanity’s continuous fight against these diseases.

The project maintains a leaderboard with stats of its users and teams, making it somewhat fun to see your performance and to compare with others (Portuguese fellows come on and join the team). Contributing is relatively easy and cheap, so i challenge you to start. If you have interest to know what kind of work is being done at the moment throughout the network, the project publishes that information in their website.

To make it easier to see your progress without having to open other programs or websites, I’ve made a simple plasmoid to give you that information.

fah-plasmoid screenshot
Screenshot of the current version of fah-plasmoid

So if you are a KDE4 user (one version for Plasma 5 is coming out of the oven soon) you can get it here. It isn’t complete yet, since I’ve done it quickly while learning about KDE development, but it is usable.

Categories
Technology and Internet

Lenovo and men in the middle

Another week, another scandal. The general public might pass by without noticing the recent news about Lenovo computers but the tech community in the Internet is incredulous. What we witnessed was serious and a betrayal of the customer confidence, so in this post I will try to briefly cover everything that I’ve read about the issue and point out how this affects who bought a Lenovo computer in the last 6 months.

What happened

Basically the computers were sold with a piece of very intrusive ad-ware (that could be called malware since it is not that different). This software supposedly stands in the middle of every Internet connection that the computer makes (even secure ones) and tries to inspect its contents and inject advertisement on the websites that the users visits [source] [prof].

On the technical level, this software was able to avoid the securities measures and alerts implemented by browsers by issuing a self-signed root certificate that was added to the list of Trusted Certificate Authorities. This way it was able to trick the browser into thinking that it was connecting to the valid website, issuing certificates when needed, when instead it was talking with the ad-ware (SuperFish) and the secure connection was instead being made by it [source].

What are the consequences

Besides users being spied and secure connection being compromised (for example.with bank websites) by the hardware vendor, like many as already stated, this leaves a huge security hole that can be exploited by people with bad intentions. [source]

In fact as we can see in this tweet, once this issue was uncovered people started digging into the subject and already uncovered the private key, with gives the anyone the ability to sign certificates, tricking the affected users into believing they are visiting the correct website when in reality they are on a malicious one. According with some articles it was relatively easy and the password is the same for every machine.  [source]

What can be done

Thankfully, given the enormous pressure on the Internet and media attention, the company tried some excuses and provided some tools to remove the software. But … there is always a but, the less alert users might not know they are vulnerable and it seems the certificate problem is still persisting (probably the worst issue). Fortunately Microsoft stepped in and its windows defender tool that comes bundled with the operating system will automatically clear the software and reset all certificates. [source]

For the most suspicious users, some people created tools to check if the machines are still vulnerable (here and here).

Summing up, this serves as a reminder to be careful with the software that you install in your computer. If possible, when acquiring a new machine, the first step is to clean the disc and install everything yourself, i recommend using a Linux based operating system.

P.S.: Digging into the root of the issue and knowing who crafted the problematic software.

Categories
Technology and Internet

On buying new hardware

When I was buying my laptop some years ago, I wished I knew of a website with a database of hardware that works well with free software. Specially with any operating system based on Linux, so I wouldn’t get into too much trouble to get everything working. Instead I ended up purchasing a machine that came with Windows and a bunch of hardware that depended on proprietary drivers to work well. It took ages to get every feature to work as it should on my chosen distribution.

Recently I discovered h-node, a website created by the free software foundation (FSF) together with Debain GNU/Linux which tries to:

… aim at the construction of a hardware database in order to identify what devices work with a fully free operating system.

Since not everyone uses Windows or Mac OSX, I hope this might be helpful to those reading this blog. As for me, next time I need to buy something I already know where to start my research.

Categories
Personal

Open to new project ideas

Categories
Old Posts

Leap

Just found out about the existence of this device, at OMG Ubuntu, 5 minutes ago. This is one case where internet’s common expression “Shut up and take my money” fits very well. Seems to be amazing and is affordable.

Can’t wait to put my hands on one of this toys together with one Raspberry Pi. More info at http://leapmotion.com/ .

Categories
Old Posts

Almost 9 zeros

Take a picture, add some pre-made effects and share. Now just wait for people to leave comments on your “work”. These were the steps that i made till i reach this photo:

instagram

The biggest tech news in the last few days was around this simple process and the application that is behind it. It’s called “Instagram” and Facebook just paid more than 900 million dollars for it (more than The New York Times current market value, according to some websites).

I already knew the service but never had tried because it was only available for the iphone. Recently with the launch of the android version and all the buzz around the deal with facebook, i decided to try the app and see if it worth all that noise around it.

The greatest weakness that i see on the service is that it doesn’t have a web interface, so basically all the network only functions within the mobile app, which is very limiting. People are comparing this application with Youtube, saying it is the same thing for photos, but Youtube works everywhere (almost all platforms) and Instagram doesn’t.

Besides that and in a overall view, the app is addicting, has a nice design and you learn fast despite the icons and menus aren’t obvious at first (on the android version). I found myself watching photos and more photos that i didn’t even care about, and that is a good sign.

In conclusion, i am from the opinion that it was a nice move from facebook to buy Instagram but it was very (very) overvalued, since there are lots of other great ways to share photos on the web.

Time will tell if it was well spent money or not.